1 /* 2 * Copyright (c) 2001 The Regents of the University of Michigan. 3 * All rights reserved. 4 * 5 * Kendrick Smith <kmsmith@umich.edu> 6 * Andy Adamson <kandros@umich.edu> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 24 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 */ 34 35 #include <linux/file.h> 36 #include <linux/fs.h> 37 #include <linux/slab.h> 38 #include <linux/namei.h> 39 #include <linux/swap.h> 40 #include <linux/pagemap.h> 41 #include <linux/ratelimit.h> 42 #include <linux/sunrpc/svcauth_gss.h> 43 #include <linux/sunrpc/addr.h> 44 #include <linux/jhash.h> 45 #include <linux/string_helpers.h> 46 #include <linux/fsnotify.h> 47 #include <linux/rhashtable.h> 48 #include <linux/nfs_ssc.h> 49 50 #include "xdr4.h" 51 #include "xdr4cb.h" 52 #include "vfs.h" 53 #include "current_stateid.h" 54 55 #include "netns.h" 56 #include "pnfs.h" 57 #include "filecache.h" 58 #include "trace.h" 59 60 #define NFSDDBG_FACILITY NFSDDBG_PROC 61 62 #define all_ones {{ ~0, ~0}, ~0} 63 static const stateid_t one_stateid = { 64 .si_generation = ~0, 65 .si_opaque = all_ones, 66 }; 67 static const stateid_t zero_stateid = { 68 /* all fields zero */ 69 }; 70 static const stateid_t currentstateid = { 71 .si_generation = 1, 72 }; 73 static const stateid_t close_stateid = { 74 .si_generation = 0xffffffffU, 75 }; 76 77 static u64 current_sessionid = 1; 78 79 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t))) 80 #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t))) 81 #define CURRENT_STATEID(stateid) (!memcmp((stateid), ¤tstateid, sizeof(stateid_t))) 82 #define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t))) 83 84 /* forward declarations */ 85 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); 86 static void nfs4_free_ol_stateid(struct nfs4_stid *stid); 87 void nfsd4_end_grace(struct nfsd_net *nn); 88 static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); 89 static void nfsd4_file_hash_remove(struct nfs4_file *fi); 90 static void deleg_reaper(struct nfsd_net *nn); 91 92 /* Locking: */ 93 94 /* 95 * Currently used for the del_recall_lru and file hash table. In an 96 * effort to decrease the scope of the client_mutex, this spinlock may 97 * eventually cover more: 98 */ 99 static DEFINE_SPINLOCK(state_lock); 100 101 enum nfsd4_st_mutex_lock_subclass { 102 OPEN_STATEID_MUTEX = 0, 103 LOCK_STATEID_MUTEX = 1, 104 }; 105 106 /* 107 * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for 108 * the refcount on the open stateid to drop. 109 */ 110 static DECLARE_WAIT_QUEUE_HEAD(close_wq); 111 112 /* 113 * A waitqueue where a writer to clients/#/ctl destroying a client can 114 * wait for cl_rpc_users to drop to 0 and then for the client to be 115 * unhashed. 116 */ 117 static DECLARE_WAIT_QUEUE_HEAD(expiry_wq); 118 119 static struct kmem_cache *client_slab; 120 static struct kmem_cache *openowner_slab; 121 static struct kmem_cache *lockowner_slab; 122 static struct kmem_cache *file_slab; 123 static struct kmem_cache *stateid_slab; 124 static struct kmem_cache *deleg_slab; 125 static struct kmem_cache *odstate_slab; 126 127 static void free_session(struct nfsd4_session *); 128 129 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops; 130 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops; 131 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops; 132 133 static struct workqueue_struct *laundry_wq; 134 135 int nfsd4_create_laundry_wq(void) 136 { 137 int rc = 0; 138 139 laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4"); 140 if (laundry_wq == NULL) 141 rc = -ENOMEM; 142 return rc; 143 } 144 145 void nfsd4_destroy_laundry_wq(void) 146 { 147 destroy_workqueue(laundry_wq); 148 } 149 150 static bool is_session_dead(struct nfsd4_session *ses) 151 { 152 return ses->se_flags & NFS4_SESSION_DEAD; 153 } 154 155 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me) 156 { 157 if (atomic_read(&ses->se_ref) > ref_held_by_me) 158 return nfserr_jukebox; 159 ses->se_flags |= NFS4_SESSION_DEAD; 160 return nfs_ok; 161 } 162 163 static bool is_client_expired(struct nfs4_client *clp) 164 { 165 return clp->cl_time == 0; 166 } 167 168 static void nfsd4_dec_courtesy_client_count(struct nfsd_net *nn, 169 struct nfs4_client *clp) 170 { 171 if (clp->cl_state != NFSD4_ACTIVE) 172 atomic_add_unless(&nn->nfsd_courtesy_clients, -1, 0); 173 } 174 175 static __be32 get_client_locked(struct nfs4_client *clp) 176 { 177 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 178 179 lockdep_assert_held(&nn->client_lock); 180 181 if (is_client_expired(clp)) 182 return nfserr_expired; 183 atomic_inc(&clp->cl_rpc_users); 184 nfsd4_dec_courtesy_client_count(nn, clp); 185 clp->cl_state = NFSD4_ACTIVE; 186 return nfs_ok; 187 } 188 189 /* must be called under the client_lock */ 190 static inline void 191 renew_client_locked(struct nfs4_client *clp) 192 { 193 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 194 195 if (is_client_expired(clp)) { 196 WARN_ON(1); 197 printk("%s: client (clientid %08x/%08x) already expired\n", 198 __func__, 199 clp->cl_clientid.cl_boot, 200 clp->cl_clientid.cl_id); 201 return; 202 } 203 204 list_move_tail(&clp->cl_lru, &nn->client_lru); 205 clp->cl_time = ktime_get_boottime_seconds(); 206 nfsd4_dec_courtesy_client_count(nn, clp); 207 clp->cl_state = NFSD4_ACTIVE; 208 } 209 210 static void put_client_renew_locked(struct nfs4_client *clp) 211 { 212 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 213 214 lockdep_assert_held(&nn->client_lock); 215 216 if (!atomic_dec_and_test(&clp->cl_rpc_users)) 217 return; 218 if (!is_client_expired(clp)) 219 renew_client_locked(clp); 220 else 221 wake_up_all(&expiry_wq); 222 } 223 224 static void put_client_renew(struct nfs4_client *clp) 225 { 226 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 227 228 if (!atomic_dec_and_lock(&clp->cl_rpc_users, &nn->client_lock)) 229 return; 230 if (!is_client_expired(clp)) 231 renew_client_locked(clp); 232 else 233 wake_up_all(&expiry_wq); 234 spin_unlock(&nn->client_lock); 235 } 236 237 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses) 238 { 239 __be32 status; 240 241 if (is_session_dead(ses)) 242 return nfserr_badsession; 243 status = get_client_locked(ses->se_client); 244 if (status) 245 return status; 246 atomic_inc(&ses->se_ref); 247 return nfs_ok; 248 } 249 250 static void nfsd4_put_session_locked(struct nfsd4_session *ses) 251 { 252 struct nfs4_client *clp = ses->se_client; 253 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 254 255 lockdep_assert_held(&nn->client_lock); 256 257 if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses)) 258 free_session(ses); 259 put_client_renew_locked(clp); 260 } 261 262 static void nfsd4_put_session(struct nfsd4_session *ses) 263 { 264 struct nfs4_client *clp = ses->se_client; 265 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 266 267 spin_lock(&nn->client_lock); 268 nfsd4_put_session_locked(ses); 269 spin_unlock(&nn->client_lock); 270 } 271 272 static struct nfsd4_blocked_lock * 273 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 274 struct nfsd_net *nn) 275 { 276 struct nfsd4_blocked_lock *cur, *found = NULL; 277 278 spin_lock(&nn->blocked_locks_lock); 279 list_for_each_entry(cur, &lo->lo_blocked, nbl_list) { 280 if (fh_match(fh, &cur->nbl_fh)) { 281 list_del_init(&cur->nbl_list); 282 WARN_ON(list_empty(&cur->nbl_lru)); 283 list_del_init(&cur->nbl_lru); 284 found = cur; 285 break; 286 } 287 } 288 spin_unlock(&nn->blocked_locks_lock); 289 if (found) 290 locks_delete_block(&found->nbl_lock); 291 return found; 292 } 293 294 static struct nfsd4_blocked_lock * 295 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 296 struct nfsd_net *nn) 297 { 298 struct nfsd4_blocked_lock *nbl; 299 300 nbl = find_blocked_lock(lo, fh, nn); 301 if (!nbl) { 302 nbl = kmalloc(sizeof(*nbl), GFP_KERNEL); 303 if (nbl) { 304 INIT_LIST_HEAD(&nbl->nbl_list); 305 INIT_LIST_HEAD(&nbl->nbl_lru); 306 fh_copy_shallow(&nbl->nbl_fh, fh); 307 locks_init_lock(&nbl->nbl_lock); 308 kref_init(&nbl->nbl_kref); 309 nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client, 310 &nfsd4_cb_notify_lock_ops, 311 NFSPROC4_CLNT_CB_NOTIFY_LOCK); 312 } 313 } 314 return nbl; 315 } 316 317 static void 318 free_nbl(struct kref *kref) 319 { 320 struct nfsd4_blocked_lock *nbl; 321 322 nbl = container_of(kref, struct nfsd4_blocked_lock, nbl_kref); 323 locks_release_private(&nbl->nbl_lock); 324 kfree(nbl); 325 } 326 327 static void 328 free_blocked_lock(struct nfsd4_blocked_lock *nbl) 329 { 330 locks_delete_block(&nbl->nbl_lock); 331 kref_put(&nbl->nbl_kref, free_nbl); 332 } 333 334 static void 335 remove_blocked_locks(struct nfs4_lockowner *lo) 336 { 337 struct nfs4_client *clp = lo->lo_owner.so_client; 338 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 339 struct nfsd4_blocked_lock *nbl; 340 LIST_HEAD(reaplist); 341 342 /* Dequeue all blocked locks */ 343 spin_lock(&nn->blocked_locks_lock); 344 while (!list_empty(&lo->lo_blocked)) { 345 nbl = list_first_entry(&lo->lo_blocked, 346 struct nfsd4_blocked_lock, 347 nbl_list); 348 list_del_init(&nbl->nbl_list); 349 WARN_ON(list_empty(&nbl->nbl_lru)); 350 list_move(&nbl->nbl_lru, &reaplist); 351 } 352 spin_unlock(&nn->blocked_locks_lock); 353 354 /* Now free them */ 355 while (!list_empty(&reaplist)) { 356 nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock, 357 nbl_lru); 358 list_del_init(&nbl->nbl_lru); 359 free_blocked_lock(nbl); 360 } 361 } 362 363 static void 364 nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) 365 { 366 struct nfsd4_blocked_lock *nbl = container_of(cb, 367 struct nfsd4_blocked_lock, nbl_cb); 368 locks_delete_block(&nbl->nbl_lock); 369 } 370 371 static int 372 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) 373 { 374 trace_nfsd_cb_notify_lock_done(&zero_stateid, task); 375 376 /* 377 * Since this is just an optimization, we don't try very hard if it 378 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and 379 * just quit trying on anything else. 380 */ 381 switch (task->tk_status) { 382 case -NFS4ERR_DELAY: 383 rpc_delay(task, 1 * HZ); 384 return 0; 385 default: 386 return 1; 387 } 388 } 389 390 static void 391 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb) 392 { 393 struct nfsd4_blocked_lock *nbl = container_of(cb, 394 struct nfsd4_blocked_lock, nbl_cb); 395 396 free_blocked_lock(nbl); 397 } 398 399 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { 400 .prepare = nfsd4_cb_notify_lock_prepare, 401 .done = nfsd4_cb_notify_lock_done, 402 .release = nfsd4_cb_notify_lock_release, 403 .opcode = OP_CB_NOTIFY_LOCK, 404 }; 405 406 /* 407 * We store the NONE, READ, WRITE, and BOTH bits separately in the 408 * st_{access,deny}_bmap field of the stateid, in order to track not 409 * only what share bits are currently in force, but also what 410 * combinations of share bits previous opens have used. This allows us 411 * to enforce the recommendation in 412 * https://datatracker.ietf.org/doc/html/rfc7530#section-16.19.4 that 413 * the server return an error if the client attempt to downgrade to a 414 * combination of share bits not explicable by closing some of its 415 * previous opens. 416 * 417 * This enforcement is arguably incomplete, since we don't keep 418 * track of access/deny bit combinations; so, e.g., we allow: 419 * 420 * OPEN allow read, deny write 421 * OPEN allow both, deny none 422 * DOWNGRADE allow read, deny none 423 * 424 * which we should reject. 425 * 426 * But you could also argue that our current code is already overkill, 427 * since it only exists to return NFS4ERR_INVAL on incorrect client 428 * behavior. 429 */ 430 static unsigned int 431 bmap_to_share_mode(unsigned long bmap) 432 { 433 int i; 434 unsigned int access = 0; 435 436 for (i = 1; i < 4; i++) { 437 if (test_bit(i, &bmap)) 438 access |= i; 439 } 440 return access; 441 } 442 443 /* set share access for a given stateid */ 444 static inline void 445 set_access(u32 access, struct nfs4_ol_stateid *stp) 446 { 447 unsigned char mask = 1 << access; 448 449 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 450 stp->st_access_bmap |= mask; 451 } 452 453 /* clear share access for a given stateid */ 454 static inline void 455 clear_access(u32 access, struct nfs4_ol_stateid *stp) 456 { 457 unsigned char mask = 1 << access; 458 459 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 460 stp->st_access_bmap &= ~mask; 461 } 462 463 /* test whether a given stateid has access */ 464 static inline bool 465 test_access(u32 access, struct nfs4_ol_stateid *stp) 466 { 467 unsigned char mask = 1 << access; 468 469 return (bool)(stp->st_access_bmap & mask); 470 } 471 472 /* set share deny for a given stateid */ 473 static inline void 474 set_deny(u32 deny, struct nfs4_ol_stateid *stp) 475 { 476 unsigned char mask = 1 << deny; 477 478 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 479 stp->st_deny_bmap |= mask; 480 } 481 482 /* clear share deny for a given stateid */ 483 static inline void 484 clear_deny(u32 deny, struct nfs4_ol_stateid *stp) 485 { 486 unsigned char mask = 1 << deny; 487 488 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 489 stp->st_deny_bmap &= ~mask; 490 } 491 492 /* test whether a given stateid is denying specific access */ 493 static inline bool 494 test_deny(u32 deny, struct nfs4_ol_stateid *stp) 495 { 496 unsigned char mask = 1 << deny; 497 498 return (bool)(stp->st_deny_bmap & mask); 499 } 500 501 static int nfs4_access_to_omode(u32 access) 502 { 503 switch (access & NFS4_SHARE_ACCESS_BOTH) { 504 case NFS4_SHARE_ACCESS_READ: 505 return O_RDONLY; 506 case NFS4_SHARE_ACCESS_WRITE: 507 return O_WRONLY; 508 case NFS4_SHARE_ACCESS_BOTH: 509 return O_RDWR; 510 } 511 WARN_ON_ONCE(1); 512 return O_RDONLY; 513 } 514 515 static inline int 516 access_permit_read(struct nfs4_ol_stateid *stp) 517 { 518 return test_access(NFS4_SHARE_ACCESS_READ, stp) || 519 test_access(NFS4_SHARE_ACCESS_BOTH, stp) || 520 test_access(NFS4_SHARE_ACCESS_WRITE, stp); 521 } 522 523 static inline int 524 access_permit_write(struct nfs4_ol_stateid *stp) 525 { 526 return test_access(NFS4_SHARE_ACCESS_WRITE, stp) || 527 test_access(NFS4_SHARE_ACCESS_BOTH, stp); 528 } 529 530 static inline struct nfs4_stateowner * 531 nfs4_get_stateowner(struct nfs4_stateowner *sop) 532 { 533 atomic_inc(&sop->so_count); 534 return sop; 535 } 536 537 static int 538 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner) 539 { 540 return (sop->so_owner.len == owner->len) && 541 0 == memcmp(sop->so_owner.data, owner->data, owner->len); 542 } 543 544 static struct nfs4_openowner * 545 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open, 546 struct nfs4_client *clp) 547 { 548 struct nfs4_stateowner *so; 549 550 lockdep_assert_held(&clp->cl_lock); 551 552 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval], 553 so_strhash) { 554 if (!so->so_is_open_owner) 555 continue; 556 if (same_owner_str(so, &open->op_owner)) 557 return openowner(nfs4_get_stateowner(so)); 558 } 559 return NULL; 560 } 561 562 static inline u32 563 opaque_hashval(const void *ptr, int nbytes) 564 { 565 unsigned char *cptr = (unsigned char *) ptr; 566 567 u32 x = 0; 568 while (nbytes--) { 569 x *= 37; 570 x += *cptr++; 571 } 572 return x; 573 } 574 575 void 576 put_nfs4_file(struct nfs4_file *fi) 577 { 578 if (refcount_dec_and_test(&fi->fi_ref)) { 579 nfsd4_file_hash_remove(fi); 580 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate)); 581 WARN_ON_ONCE(!list_empty(&fi->fi_delegations)); 582 kfree_rcu(fi, fi_rcu); 583 } 584 } 585 586 static struct nfsd_file * 587 find_writeable_file_locked(struct nfs4_file *f) 588 { 589 struct nfsd_file *ret; 590 591 lockdep_assert_held(&f->fi_lock); 592 593 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 594 if (!ret) 595 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 596 return ret; 597 } 598 599 static struct nfsd_file * 600 find_writeable_file(struct nfs4_file *f) 601 { 602 struct nfsd_file *ret; 603 604 spin_lock(&f->fi_lock); 605 ret = find_writeable_file_locked(f); 606 spin_unlock(&f->fi_lock); 607 608 return ret; 609 } 610 611 static struct nfsd_file * 612 find_readable_file_locked(struct nfs4_file *f) 613 { 614 struct nfsd_file *ret; 615 616 lockdep_assert_held(&f->fi_lock); 617 618 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 619 if (!ret) 620 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 621 return ret; 622 } 623 624 static struct nfsd_file * 625 find_readable_file(struct nfs4_file *f) 626 { 627 struct nfsd_file *ret; 628 629 spin_lock(&f->fi_lock); 630 ret = find_readable_file_locked(f); 631 spin_unlock(&f->fi_lock); 632 633 return ret; 634 } 635 636 static struct nfsd_file * 637 find_rw_file(struct nfs4_file *f) 638 { 639 struct nfsd_file *ret; 640 641 spin_lock(&f->fi_lock); 642 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 643 spin_unlock(&f->fi_lock); 644 645 return ret; 646 } 647 648 struct nfsd_file * 649 find_any_file(struct nfs4_file *f) 650 { 651 struct nfsd_file *ret; 652 653 if (!f) 654 return NULL; 655 spin_lock(&f->fi_lock); 656 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 657 if (!ret) { 658 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 659 if (!ret) 660 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 661 } 662 spin_unlock(&f->fi_lock); 663 return ret; 664 } 665 666 static struct nfsd_file *find_any_file_locked(struct nfs4_file *f) 667 { 668 lockdep_assert_held(&f->fi_lock); 669 670 if (f->fi_fds[O_RDWR]) 671 return f->fi_fds[O_RDWR]; 672 if (f->fi_fds[O_WRONLY]) 673 return f->fi_fds[O_WRONLY]; 674 if (f->fi_fds[O_RDONLY]) 675 return f->fi_fds[O_RDONLY]; 676 return NULL; 677 } 678 679 static atomic_long_t num_delegations; 680 unsigned long max_delegations; 681 682 /* 683 * Open owner state (share locks) 684 */ 685 686 /* hash tables for lock and open owners */ 687 #define OWNER_HASH_BITS 8 688 #define OWNER_HASH_SIZE (1 << OWNER_HASH_BITS) 689 #define OWNER_HASH_MASK (OWNER_HASH_SIZE - 1) 690 691 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername) 692 { 693 unsigned int ret; 694 695 ret = opaque_hashval(ownername->data, ownername->len); 696 return ret & OWNER_HASH_MASK; 697 } 698 699 static struct rhltable nfs4_file_rhltable ____cacheline_aligned_in_smp; 700 701 static const struct rhashtable_params nfs4_file_rhash_params = { 702 .key_len = sizeof_field(struct nfs4_file, fi_inode), 703 .key_offset = offsetof(struct nfs4_file, fi_inode), 704 .head_offset = offsetof(struct nfs4_file, fi_rlist), 705 706 /* 707 * Start with a single page hash table to reduce resizing churn 708 * on light workloads. 709 */ 710 .min_size = 256, 711 .automatic_shrinking = true, 712 }; 713 714 /* 715 * Check if courtesy clients have conflicting access and resolve it if possible 716 * 717 * access: is op_share_access if share_access is true. 718 * Check if access mode, op_share_access, would conflict with 719 * the current deny mode of the file 'fp'. 720 * access: is op_share_deny if share_access is false. 721 * Check if the deny mode, op_share_deny, would conflict with 722 * current access of the file 'fp'. 723 * stp: skip checking this entry. 724 * new_stp: normal open, not open upgrade. 725 * 726 * Function returns: 727 * false - access/deny mode conflict with normal client. 728 * true - no conflict or conflict with courtesy client(s) is resolved. 729 */ 730 static bool 731 nfs4_resolve_deny_conflicts_locked(struct nfs4_file *fp, bool new_stp, 732 struct nfs4_ol_stateid *stp, u32 access, bool share_access) 733 { 734 struct nfs4_ol_stateid *st; 735 bool resolvable = true; 736 unsigned char bmap; 737 struct nfsd_net *nn; 738 struct nfs4_client *clp; 739 740 lockdep_assert_held(&fp->fi_lock); 741 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 742 /* ignore lock stateid */ 743 if (st->st_openstp) 744 continue; 745 if (st == stp && new_stp) 746 continue; 747 /* check file access against deny mode or vice versa */ 748 bmap = share_access ? st->st_deny_bmap : st->st_access_bmap; 749 if (!(access & bmap_to_share_mode(bmap))) 750 continue; 751 clp = st->st_stid.sc_client; 752 if (try_to_expire_client(clp)) 753 continue; 754 resolvable = false; 755 break; 756 } 757 if (resolvable) { 758 clp = stp->st_stid.sc_client; 759 nn = net_generic(clp->net, nfsd_net_id); 760 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 761 } 762 return resolvable; 763 } 764 765 static void 766 __nfs4_file_get_access(struct nfs4_file *fp, u32 access) 767 { 768 lockdep_assert_held(&fp->fi_lock); 769 770 if (access & NFS4_SHARE_ACCESS_WRITE) 771 atomic_inc(&fp->fi_access[O_WRONLY]); 772 if (access & NFS4_SHARE_ACCESS_READ) 773 atomic_inc(&fp->fi_access[O_RDONLY]); 774 } 775 776 static __be32 777 nfs4_file_get_access(struct nfs4_file *fp, u32 access) 778 { 779 lockdep_assert_held(&fp->fi_lock); 780 781 /* Does this access mode make sense? */ 782 if (access & ~NFS4_SHARE_ACCESS_BOTH) 783 return nfserr_inval; 784 785 /* Does it conflict with a deny mode already set? */ 786 if ((access & fp->fi_share_deny) != 0) 787 return nfserr_share_denied; 788 789 __nfs4_file_get_access(fp, access); 790 return nfs_ok; 791 } 792 793 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny) 794 { 795 /* Common case is that there is no deny mode. */ 796 if (deny) { 797 /* Does this deny mode make sense? */ 798 if (deny & ~NFS4_SHARE_DENY_BOTH) 799 return nfserr_inval; 800 801 if ((deny & NFS4_SHARE_DENY_READ) && 802 atomic_read(&fp->fi_access[O_RDONLY])) 803 return nfserr_share_denied; 804 805 if ((deny & NFS4_SHARE_DENY_WRITE) && 806 atomic_read(&fp->fi_access[O_WRONLY])) 807 return nfserr_share_denied; 808 } 809 return nfs_ok; 810 } 811 812 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) 813 { 814 might_lock(&fp->fi_lock); 815 816 if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) { 817 struct nfsd_file *f1 = NULL; 818 struct nfsd_file *f2 = NULL; 819 820 swap(f1, fp->fi_fds[oflag]); 821 if (atomic_read(&fp->fi_access[1 - oflag]) == 0) 822 swap(f2, fp->fi_fds[O_RDWR]); 823 spin_unlock(&fp->fi_lock); 824 if (f1) 825 nfsd_file_put(f1); 826 if (f2) 827 nfsd_file_put(f2); 828 } 829 } 830 831 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access) 832 { 833 WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH); 834 835 if (access & NFS4_SHARE_ACCESS_WRITE) 836 __nfs4_file_put_access(fp, O_WRONLY); 837 if (access & NFS4_SHARE_ACCESS_READ) 838 __nfs4_file_put_access(fp, O_RDONLY); 839 } 840 841 /* 842 * Allocate a new open/delegation state counter. This is needed for 843 * pNFS for proper return on close semantics. 844 * 845 * Note that we only allocate it for pNFS-enabled exports, otherwise 846 * all pointers to struct nfs4_clnt_odstate are always NULL. 847 */ 848 static struct nfs4_clnt_odstate * 849 alloc_clnt_odstate(struct nfs4_client *clp) 850 { 851 struct nfs4_clnt_odstate *co; 852 853 co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL); 854 if (co) { 855 co->co_client = clp; 856 refcount_set(&co->co_odcount, 1); 857 } 858 return co; 859 } 860 861 static void 862 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co) 863 { 864 struct nfs4_file *fp = co->co_file; 865 866 lockdep_assert_held(&fp->fi_lock); 867 list_add(&co->co_perfile, &fp->fi_clnt_odstate); 868 } 869 870 static inline void 871 get_clnt_odstate(struct nfs4_clnt_odstate *co) 872 { 873 if (co) 874 refcount_inc(&co->co_odcount); 875 } 876 877 static void 878 put_clnt_odstate(struct nfs4_clnt_odstate *co) 879 { 880 struct nfs4_file *fp; 881 882 if (!co) 883 return; 884 885 fp = co->co_file; 886 if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) { 887 list_del(&co->co_perfile); 888 spin_unlock(&fp->fi_lock); 889 890 nfsd4_return_all_file_layouts(co->co_client, fp); 891 kmem_cache_free(odstate_slab, co); 892 } 893 } 894 895 static struct nfs4_clnt_odstate * 896 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new) 897 { 898 struct nfs4_clnt_odstate *co; 899 struct nfs4_client *cl; 900 901 if (!new) 902 return NULL; 903 904 cl = new->co_client; 905 906 spin_lock(&fp->fi_lock); 907 list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) { 908 if (co->co_client == cl) { 909 get_clnt_odstate(co); 910 goto out; 911 } 912 } 913 co = new; 914 co->co_file = fp; 915 hash_clnt_odstate_locked(new); 916 out: 917 spin_unlock(&fp->fi_lock); 918 return co; 919 } 920 921 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab, 922 void (*sc_free)(struct nfs4_stid *)) 923 { 924 struct nfs4_stid *stid; 925 int new_id; 926 927 stid = kmem_cache_zalloc(slab, GFP_KERNEL); 928 if (!stid) 929 return NULL; 930 931 idr_preload(GFP_KERNEL); 932 spin_lock(&cl->cl_lock); 933 /* Reserving 0 for start of file in nfsdfs "states" file: */ 934 new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 1, 0, GFP_NOWAIT); 935 spin_unlock(&cl->cl_lock); 936 idr_preload_end(); 937 if (new_id < 0) 938 goto out_free; 939 940 stid->sc_free = sc_free; 941 stid->sc_client = cl; 942 stid->sc_stateid.si_opaque.so_id = new_id; 943 stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid; 944 /* Will be incremented before return to client: */ 945 refcount_set(&stid->sc_count, 1); 946 spin_lock_init(&stid->sc_lock); 947 INIT_LIST_HEAD(&stid->sc_cp_list); 948 949 /* 950 * It shouldn't be a problem to reuse an opaque stateid value. 951 * I don't think it is for 4.1. But with 4.0 I worry that, for 952 * example, a stray write retransmission could be accepted by 953 * the server when it should have been rejected. Therefore, 954 * adopt a trick from the sctp code to attempt to maximize the 955 * amount of time until an id is reused, by ensuring they always 956 * "increase" (mod INT_MAX): 957 */ 958 return stid; 959 out_free: 960 kmem_cache_free(slab, stid); 961 return NULL; 962 } 963 964 /* 965 * Create a unique stateid_t to represent each COPY. 966 */ 967 static int nfs4_init_cp_state(struct nfsd_net *nn, copy_stateid_t *stid, 968 unsigned char cs_type) 969 { 970 int new_id; 971 972 stid->cs_stid.si_opaque.so_clid.cl_boot = (u32)nn->boot_time; 973 stid->cs_stid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id; 974 975 idr_preload(GFP_KERNEL); 976 spin_lock(&nn->s2s_cp_lock); 977 new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, stid, 0, 0, GFP_NOWAIT); 978 stid->cs_stid.si_opaque.so_id = new_id; 979 stid->cs_stid.si_generation = 1; 980 spin_unlock(&nn->s2s_cp_lock); 981 idr_preload_end(); 982 if (new_id < 0) 983 return 0; 984 stid->cs_type = cs_type; 985 return 1; 986 } 987 988 int nfs4_init_copy_state(struct nfsd_net *nn, struct nfsd4_copy *copy) 989 { 990 return nfs4_init_cp_state(nn, ©->cp_stateid, NFS4_COPY_STID); 991 } 992 993 struct nfs4_cpntf_state *nfs4_alloc_init_cpntf_state(struct nfsd_net *nn, 994 struct nfs4_stid *p_stid) 995 { 996 struct nfs4_cpntf_state *cps; 997 998 cps = kzalloc(sizeof(struct nfs4_cpntf_state), GFP_KERNEL); 999 if (!cps) 1000 return NULL; 1001 cps->cpntf_time = ktime_get_boottime_seconds(); 1002 refcount_set(&cps->cp_stateid.cs_count, 1); 1003 if (!nfs4_init_cp_state(nn, &cps->cp_stateid, NFS4_COPYNOTIFY_STID)) 1004 goto out_free; 1005 spin_lock(&nn->s2s_cp_lock); 1006 list_add(&cps->cp_list, &p_stid->sc_cp_list); 1007 spin_unlock(&nn->s2s_cp_lock); 1008 return cps; 1009 out_free: 1010 kfree(cps); 1011 return NULL; 1012 } 1013 1014 void nfs4_free_copy_state(struct nfsd4_copy *copy) 1015 { 1016 struct nfsd_net *nn; 1017 1018 if (copy->cp_stateid.cs_type != NFS4_COPY_STID) 1019 return; 1020 nn = net_generic(copy->cp_clp->net, nfsd_net_id); 1021 spin_lock(&nn->s2s_cp_lock); 1022 idr_remove(&nn->s2s_cp_stateids, 1023 copy->cp_stateid.cs_stid.si_opaque.so_id); 1024 spin_unlock(&nn->s2s_cp_lock); 1025 } 1026 1027 static void nfs4_free_cpntf_statelist(struct net *net, struct nfs4_stid *stid) 1028 { 1029 struct nfs4_cpntf_state *cps; 1030 struct nfsd_net *nn; 1031 1032 nn = net_generic(net, nfsd_net_id); 1033 spin_lock(&nn->s2s_cp_lock); 1034 while (!list_empty(&stid->sc_cp_list)) { 1035 cps = list_first_entry(&stid->sc_cp_list, 1036 struct nfs4_cpntf_state, cp_list); 1037 _free_cpntf_state_locked(nn, cps); 1038 } 1039 spin_unlock(&nn->s2s_cp_lock); 1040 } 1041 1042 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp) 1043 { 1044 struct nfs4_stid *stid; 1045 1046 stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid); 1047 if (!stid) 1048 return NULL; 1049 1050 return openlockstateid(stid); 1051 } 1052 1053 static void nfs4_free_deleg(struct nfs4_stid *stid) 1054 { 1055 struct nfs4_delegation *dp = delegstateid(stid); 1056 1057 WARN_ON_ONCE(!list_empty(&stid->sc_cp_list)); 1058 WARN_ON_ONCE(!list_empty(&dp->dl_perfile)); 1059 WARN_ON_ONCE(!list_empty(&dp->dl_perclnt)); 1060 WARN_ON_ONCE(!list_empty(&dp->dl_recall_lru)); 1061 kmem_cache_free(deleg_slab, stid); 1062 atomic_long_dec(&num_delegations); 1063 } 1064 1065 /* 1066 * When we recall a delegation, we should be careful not to hand it 1067 * out again straight away. 1068 * To ensure this we keep a pair of bloom filters ('new' and 'old') 1069 * in which the filehandles of recalled delegations are "stored". 1070 * If a filehandle appear in either filter, a delegation is blocked. 1071 * When a delegation is recalled, the filehandle is stored in the "new" 1072 * filter. 1073 * Every 30 seconds we swap the filters and clear the "new" one, 1074 * unless both are empty of course. This results in delegations for a 1075 * given filehandle being blocked for between 30 and 60 seconds. 1076 * 1077 * Each filter is 256 bits. We hash the filehandle to 32bit and use the 1078 * low 3 bytes as hash-table indices. 1079 * 1080 * 'blocked_delegations_lock', which is always taken in block_delegations(), 1081 * is used to manage concurrent access. Testing does not need the lock 1082 * except when swapping the two filters. 1083 */ 1084 static DEFINE_SPINLOCK(blocked_delegations_lock); 1085 static struct bloom_pair { 1086 int entries, old_entries; 1087 time64_t swap_time; 1088 int new; /* index into 'set' */ 1089 DECLARE_BITMAP(set[2], 256); 1090 } blocked_delegations; 1091 1092 static int delegation_blocked(struct knfsd_fh *fh) 1093 { 1094 u32 hash; 1095 struct bloom_pair *bd = &blocked_delegations; 1096 1097 if (bd->entries == 0) 1098 return 0; 1099 if (ktime_get_seconds() - bd->swap_time > 30) { 1100 spin_lock(&blocked_delegations_lock); 1101 if (ktime_get_seconds() - bd->swap_time > 30) { 1102 bd->entries -= bd->old_entries; 1103 bd->old_entries = bd->entries; 1104 bd->new = 1-bd->new; 1105 memset(bd->set[bd->new], 0, 1106 sizeof(bd->set[0])); 1107 bd->swap_time = ktime_get_seconds(); 1108 } 1109 spin_unlock(&blocked_delegations_lock); 1110 } 1111 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1112 if (test_bit(hash&255, bd->set[0]) && 1113 test_bit((hash>>8)&255, bd->set[0]) && 1114 test_bit((hash>>16)&255, bd->set[0])) 1115 return 1; 1116 1117 if (test_bit(hash&255, bd->set[1]) && 1118 test_bit((hash>>8)&255, bd->set[1]) && 1119 test_bit((hash>>16)&255, bd->set[1])) 1120 return 1; 1121 1122 return 0; 1123 } 1124 1125 static void block_delegations(struct knfsd_fh *fh) 1126 { 1127 u32 hash; 1128 struct bloom_pair *bd = &blocked_delegations; 1129 1130 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1131 1132 spin_lock(&blocked_delegations_lock); 1133 __set_bit(hash&255, bd->set[bd->new]); 1134 __set_bit((hash>>8)&255, bd->set[bd->new]); 1135 __set_bit((hash>>16)&255, bd->set[bd->new]); 1136 if (bd->entries == 0) 1137 bd->swap_time = ktime_get_seconds(); 1138 bd->entries += 1; 1139 spin_unlock(&blocked_delegations_lock); 1140 } 1141 1142 static struct nfs4_delegation * 1143 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp, 1144 struct nfs4_clnt_odstate *odstate, u32 dl_type) 1145 { 1146 struct nfs4_delegation *dp; 1147 struct nfs4_stid *stid; 1148 long n; 1149 1150 dprintk("NFSD alloc_init_deleg\n"); 1151 n = atomic_long_inc_return(&num_delegations); 1152 if (n < 0 || n > max_delegations) 1153 goto out_dec; 1154 if (delegation_blocked(&fp->fi_fhandle)) 1155 goto out_dec; 1156 stid = nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg); 1157 if (stid == NULL) 1158 goto out_dec; 1159 dp = delegstateid(stid); 1160 1161 /* 1162 * delegation seqid's are never incremented. The 4.1 special 1163 * meaning of seqid 0 isn't meaningful, really, but let's avoid 1164 * 0 anyway just for consistency and use 1: 1165 */ 1166 dp->dl_stid.sc_stateid.si_generation = 1; 1167 INIT_LIST_HEAD(&dp->dl_perfile); 1168 INIT_LIST_HEAD(&dp->dl_perclnt); 1169 INIT_LIST_HEAD(&dp->dl_recall_lru); 1170 dp->dl_clnt_odstate = odstate; 1171 get_clnt_odstate(odstate); 1172 dp->dl_type = dl_type; 1173 dp->dl_retries = 1; 1174 dp->dl_recalled = false; 1175 nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client, 1176 &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL); 1177 nfsd4_init_cb(&dp->dl_cb_fattr.ncf_getattr, dp->dl_stid.sc_client, 1178 &nfsd4_cb_getattr_ops, NFSPROC4_CLNT_CB_GETATTR); 1179 dp->dl_cb_fattr.ncf_file_modified = false; 1180 get_nfs4_file(fp); 1181 dp->dl_stid.sc_file = fp; 1182 return dp; 1183 out_dec: 1184 atomic_long_dec(&num_delegations); 1185 return NULL; 1186 } 1187 1188 void 1189 nfs4_put_stid(struct nfs4_stid *s) 1190 { 1191 struct nfs4_file *fp = s->sc_file; 1192 struct nfs4_client *clp = s->sc_client; 1193 1194 might_lock(&clp->cl_lock); 1195 1196 if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) { 1197 wake_up_all(&close_wq); 1198 return; 1199 } 1200 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1201 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1202 atomic_dec(&s->sc_client->cl_admin_revoked); 1203 nfs4_free_cpntf_statelist(clp->net, s); 1204 spin_unlock(&clp->cl_lock); 1205 s->sc_free(s); 1206 if (fp) 1207 put_nfs4_file(fp); 1208 } 1209 1210 void 1211 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid) 1212 { 1213 stateid_t *src = &stid->sc_stateid; 1214 1215 spin_lock(&stid->sc_lock); 1216 if (unlikely(++src->si_generation == 0)) 1217 src->si_generation = 1; 1218 memcpy(dst, src, sizeof(*dst)); 1219 spin_unlock(&stid->sc_lock); 1220 } 1221 1222 static void put_deleg_file(struct nfs4_file *fp) 1223 { 1224 struct nfsd_file *nf = NULL; 1225 1226 spin_lock(&fp->fi_lock); 1227 if (--fp->fi_delegees == 0) 1228 swap(nf, fp->fi_deleg_file); 1229 spin_unlock(&fp->fi_lock); 1230 1231 if (nf) 1232 nfsd_file_put(nf); 1233 } 1234 1235 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp) 1236 { 1237 struct nfs4_file *fp = dp->dl_stid.sc_file; 1238 struct nfsd_file *nf = fp->fi_deleg_file; 1239 1240 WARN_ON_ONCE(!fp->fi_delegees); 1241 1242 kernel_setlease(nf->nf_file, F_UNLCK, NULL, (void **)&dp); 1243 put_deleg_file(fp); 1244 } 1245 1246 static void destroy_unhashed_deleg(struct nfs4_delegation *dp) 1247 { 1248 put_clnt_odstate(dp->dl_clnt_odstate); 1249 nfs4_unlock_deleg_lease(dp); 1250 nfs4_put_stid(&dp->dl_stid); 1251 } 1252 1253 /** 1254 * nfs4_delegation_exists - Discover if this delegation already exists 1255 * @clp: a pointer to the nfs4_client we're granting a delegation to 1256 * @fp: a pointer to the nfs4_file we're granting a delegation on 1257 * 1258 * Return: 1259 * On success: true iff an existing delegation is found 1260 */ 1261 1262 static bool 1263 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp) 1264 { 1265 struct nfs4_delegation *searchdp = NULL; 1266 struct nfs4_client *searchclp = NULL; 1267 1268 lockdep_assert_held(&state_lock); 1269 lockdep_assert_held(&fp->fi_lock); 1270 1271 list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) { 1272 searchclp = searchdp->dl_stid.sc_client; 1273 if (clp == searchclp) { 1274 return true; 1275 } 1276 } 1277 return false; 1278 } 1279 1280 /** 1281 * hash_delegation_locked - Add a delegation to the appropriate lists 1282 * @dp: a pointer to the nfs4_delegation we are adding. 1283 * @fp: a pointer to the nfs4_file we're granting a delegation on 1284 * 1285 * Return: 1286 * On success: NULL if the delegation was successfully hashed. 1287 * 1288 * On error: -EAGAIN if one was previously granted to this 1289 * nfs4_client for this nfs4_file. Delegation is not hashed. 1290 * 1291 */ 1292 1293 static int 1294 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp) 1295 { 1296 struct nfs4_client *clp = dp->dl_stid.sc_client; 1297 1298 lockdep_assert_held(&state_lock); 1299 lockdep_assert_held(&fp->fi_lock); 1300 lockdep_assert_held(&clp->cl_lock); 1301 1302 if (nfs4_delegation_exists(clp, fp)) 1303 return -EAGAIN; 1304 refcount_inc(&dp->dl_stid.sc_count); 1305 dp->dl_stid.sc_type = SC_TYPE_DELEG; 1306 list_add(&dp->dl_perfile, &fp->fi_delegations); 1307 list_add(&dp->dl_perclnt, &clp->cl_delegations); 1308 return 0; 1309 } 1310 1311 static bool delegation_hashed(struct nfs4_delegation *dp) 1312 { 1313 return !(list_empty(&dp->dl_perfile)); 1314 } 1315 1316 static bool 1317 unhash_delegation_locked(struct nfs4_delegation *dp, unsigned short statusmask) 1318 { 1319 struct nfs4_file *fp = dp->dl_stid.sc_file; 1320 1321 lockdep_assert_held(&state_lock); 1322 1323 if (!delegation_hashed(dp)) 1324 return false; 1325 1326 if (statusmask == SC_STATUS_REVOKED && 1327 dp->dl_stid.sc_client->cl_minorversion == 0) 1328 statusmask = SC_STATUS_CLOSED; 1329 dp->dl_stid.sc_status |= statusmask; 1330 if (statusmask & SC_STATUS_ADMIN_REVOKED) 1331 atomic_inc(&dp->dl_stid.sc_client->cl_admin_revoked); 1332 1333 /* Ensure that deleg break won't try to requeue it */ 1334 ++dp->dl_time; 1335 spin_lock(&fp->fi_lock); 1336 list_del_init(&dp->dl_perclnt); 1337 list_del_init(&dp->dl_recall_lru); 1338 list_del_init(&dp->dl_perfile); 1339 spin_unlock(&fp->fi_lock); 1340 return true; 1341 } 1342 1343 static void destroy_delegation(struct nfs4_delegation *dp) 1344 { 1345 bool unhashed; 1346 1347 spin_lock(&state_lock); 1348 unhashed = unhash_delegation_locked(dp, SC_STATUS_CLOSED); 1349 spin_unlock(&state_lock); 1350 if (unhashed) 1351 destroy_unhashed_deleg(dp); 1352 } 1353 1354 /** 1355 * revoke_delegation - perform nfs4 delegation structure cleanup 1356 * @dp: pointer to the delegation 1357 * 1358 * This function assumes that it's called either from the administrative 1359 * interface (nfsd4_revoke_states()) that's revoking a specific delegation 1360 * stateid or it's called from a laundromat thread (nfsd4_landromat()) that 1361 * determined that this specific state has expired and needs to be revoked 1362 * (both mark state with the appropriate stid sc_status mode). It is also 1363 * assumed that a reference was taken on the @dp state. 1364 * 1365 * If this function finds that the @dp state is SC_STATUS_FREED it means 1366 * that a FREE_STATEID operation for this stateid has been processed and 1367 * we can proceed to removing it from recalled list. However, if @dp state 1368 * isn't marked SC_STATUS_FREED, it means we need place it on the cl_revoked 1369 * list and wait for the FREE_STATEID to arrive from the client. At the same 1370 * time, we need to mark it as SC_STATUS_FREEABLE to indicate to the 1371 * nfsd4_free_stateid() function that this stateid has already been added 1372 * to the cl_revoked list and that nfsd4_free_stateid() is now responsible 1373 * for removing it from the list. Inspection of where the delegation state 1374 * in the revocation process is protected by the clp->cl_lock. 1375 */ 1376 static void revoke_delegation(struct nfs4_delegation *dp) 1377 { 1378 struct nfs4_client *clp = dp->dl_stid.sc_client; 1379 1380 WARN_ON(!list_empty(&dp->dl_recall_lru)); 1381 WARN_ON_ONCE(!(dp->dl_stid.sc_status & 1382 (SC_STATUS_REVOKED | SC_STATUS_ADMIN_REVOKED))); 1383 1384 trace_nfsd_stid_revoke(&dp->dl_stid); 1385 1386 spin_lock(&clp->cl_lock); 1387 if (dp->dl_stid.sc_status & SC_STATUS_FREED) { 1388 list_del_init(&dp->dl_recall_lru); 1389 goto out; 1390 } 1391 list_add(&dp->dl_recall_lru, &clp->cl_revoked); 1392 dp->dl_stid.sc_status |= SC_STATUS_FREEABLE; 1393 out: 1394 spin_unlock(&clp->cl_lock); 1395 destroy_unhashed_deleg(dp); 1396 } 1397 1398 /* 1399 * SETCLIENTID state 1400 */ 1401 1402 static unsigned int clientid_hashval(u32 id) 1403 { 1404 return id & CLIENT_HASH_MASK; 1405 } 1406 1407 static unsigned int clientstr_hashval(struct xdr_netobj name) 1408 { 1409 return opaque_hashval(name.data, 8) & CLIENT_HASH_MASK; 1410 } 1411 1412 /* 1413 * A stateid that had a deny mode associated with it is being released 1414 * or downgraded. Recalculate the deny mode on the file. 1415 */ 1416 static void 1417 recalculate_deny_mode(struct nfs4_file *fp) 1418 { 1419 struct nfs4_ol_stateid *stp; 1420 u32 old_deny; 1421 1422 spin_lock(&fp->fi_lock); 1423 old_deny = fp->fi_share_deny; 1424 fp->fi_share_deny = 0; 1425 list_for_each_entry(stp, &fp->fi_stateids, st_perfile) { 1426 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap); 1427 if (fp->fi_share_deny == old_deny) 1428 break; 1429 } 1430 spin_unlock(&fp->fi_lock); 1431 } 1432 1433 static void 1434 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp) 1435 { 1436 int i; 1437 bool change = false; 1438 1439 for (i = 1; i < 4; i++) { 1440 if ((i & deny) != i) { 1441 change = true; 1442 clear_deny(i, stp); 1443 } 1444 } 1445 1446 /* Recalculate per-file deny mode if there was a change */ 1447 if (change) 1448 recalculate_deny_mode(stp->st_stid.sc_file); 1449 } 1450 1451 /* release all access and file references for a given stateid */ 1452 static void 1453 release_all_access(struct nfs4_ol_stateid *stp) 1454 { 1455 int i; 1456 struct nfs4_file *fp = stp->st_stid.sc_file; 1457 1458 if (fp && stp->st_deny_bmap != 0) 1459 recalculate_deny_mode(fp); 1460 1461 for (i = 1; i < 4; i++) { 1462 if (test_access(i, stp)) 1463 nfs4_file_put_access(stp->st_stid.sc_file, i); 1464 clear_access(i, stp); 1465 } 1466 } 1467 1468 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop) 1469 { 1470 kfree(sop->so_owner.data); 1471 sop->so_ops->so_free(sop); 1472 } 1473 1474 static void nfs4_put_stateowner(struct nfs4_stateowner *sop) 1475 { 1476 struct nfs4_client *clp = sop->so_client; 1477 1478 might_lock(&clp->cl_lock); 1479 1480 if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock)) 1481 return; 1482 sop->so_ops->so_unhash(sop); 1483 spin_unlock(&clp->cl_lock); 1484 nfs4_free_stateowner(sop); 1485 } 1486 1487 static bool 1488 nfs4_ol_stateid_unhashed(const struct nfs4_ol_stateid *stp) 1489 { 1490 return list_empty(&stp->st_perfile); 1491 } 1492 1493 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp) 1494 { 1495 struct nfs4_file *fp = stp->st_stid.sc_file; 1496 1497 lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock); 1498 1499 if (list_empty(&stp->st_perfile)) 1500 return false; 1501 1502 spin_lock(&fp->fi_lock); 1503 list_del_init(&stp->st_perfile); 1504 spin_unlock(&fp->fi_lock); 1505 list_del(&stp->st_perstateowner); 1506 return true; 1507 } 1508 1509 static void nfs4_free_ol_stateid(struct nfs4_stid *stid) 1510 { 1511 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1512 1513 put_clnt_odstate(stp->st_clnt_odstate); 1514 release_all_access(stp); 1515 if (stp->st_stateowner) 1516 nfs4_put_stateowner(stp->st_stateowner); 1517 WARN_ON(!list_empty(&stid->sc_cp_list)); 1518 kmem_cache_free(stateid_slab, stid); 1519 } 1520 1521 static void nfs4_free_lock_stateid(struct nfs4_stid *stid) 1522 { 1523 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1524 struct nfs4_lockowner *lo = lockowner(stp->st_stateowner); 1525 struct nfsd_file *nf; 1526 1527 nf = find_any_file(stp->st_stid.sc_file); 1528 if (nf) { 1529 get_file(nf->nf_file); 1530 filp_close(nf->nf_file, (fl_owner_t)lo); 1531 nfsd_file_put(nf); 1532 } 1533 nfs4_free_ol_stateid(stid); 1534 } 1535 1536 /* 1537 * Put the persistent reference to an already unhashed generic stateid, while 1538 * holding the cl_lock. If it's the last reference, then put it onto the 1539 * reaplist for later destruction. 1540 */ 1541 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp, 1542 struct list_head *reaplist) 1543 { 1544 struct nfs4_stid *s = &stp->st_stid; 1545 struct nfs4_client *clp = s->sc_client; 1546 1547 lockdep_assert_held(&clp->cl_lock); 1548 1549 WARN_ON_ONCE(!list_empty(&stp->st_locks)); 1550 1551 if (!refcount_dec_and_test(&s->sc_count)) { 1552 wake_up_all(&close_wq); 1553 return; 1554 } 1555 1556 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1557 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1558 atomic_dec(&s->sc_client->cl_admin_revoked); 1559 list_add(&stp->st_locks, reaplist); 1560 } 1561 1562 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp) 1563 { 1564 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1565 1566 if (!unhash_ol_stateid(stp)) 1567 return false; 1568 list_del_init(&stp->st_locks); 1569 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1570 return true; 1571 } 1572 1573 static void release_lock_stateid(struct nfs4_ol_stateid *stp) 1574 { 1575 struct nfs4_client *clp = stp->st_stid.sc_client; 1576 bool unhashed; 1577 1578 spin_lock(&clp->cl_lock); 1579 unhashed = unhash_lock_stateid(stp); 1580 spin_unlock(&clp->cl_lock); 1581 if (unhashed) 1582 nfs4_put_stid(&stp->st_stid); 1583 } 1584 1585 static void unhash_lockowner_locked(struct nfs4_lockowner *lo) 1586 { 1587 struct nfs4_client *clp = lo->lo_owner.so_client; 1588 1589 lockdep_assert_held(&clp->cl_lock); 1590 1591 list_del_init(&lo->lo_owner.so_strhash); 1592 } 1593 1594 /* 1595 * Free a list of generic stateids that were collected earlier after being 1596 * fully unhashed. 1597 */ 1598 static void 1599 free_ol_stateid_reaplist(struct list_head *reaplist) 1600 { 1601 struct nfs4_ol_stateid *stp; 1602 struct nfs4_file *fp; 1603 1604 might_sleep(); 1605 1606 while (!list_empty(reaplist)) { 1607 stp = list_first_entry(reaplist, struct nfs4_ol_stateid, 1608 st_locks); 1609 list_del(&stp->st_locks); 1610 fp = stp->st_stid.sc_file; 1611 stp->st_stid.sc_free(&stp->st_stid); 1612 if (fp) 1613 put_nfs4_file(fp); 1614 } 1615 } 1616 1617 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp, 1618 struct list_head *reaplist) 1619 { 1620 struct nfs4_ol_stateid *stp; 1621 1622 lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock); 1623 1624 while (!list_empty(&open_stp->st_locks)) { 1625 stp = list_entry(open_stp->st_locks.next, 1626 struct nfs4_ol_stateid, st_locks); 1627 unhash_lock_stateid(stp); 1628 put_ol_stateid_locked(stp, reaplist); 1629 } 1630 } 1631 1632 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp, 1633 struct list_head *reaplist) 1634 { 1635 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1636 1637 if (!unhash_ol_stateid(stp)) 1638 return false; 1639 release_open_stateid_locks(stp, reaplist); 1640 return true; 1641 } 1642 1643 static void release_open_stateid(struct nfs4_ol_stateid *stp) 1644 { 1645 LIST_HEAD(reaplist); 1646 1647 spin_lock(&stp->st_stid.sc_client->cl_lock); 1648 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1649 if (unhash_open_stateid(stp, &reaplist)) 1650 put_ol_stateid_locked(stp, &reaplist); 1651 spin_unlock(&stp->st_stid.sc_client->cl_lock); 1652 free_ol_stateid_reaplist(&reaplist); 1653 } 1654 1655 static void unhash_openowner_locked(struct nfs4_openowner *oo) 1656 { 1657 struct nfs4_client *clp = oo->oo_owner.so_client; 1658 1659 lockdep_assert_held(&clp->cl_lock); 1660 1661 list_del_init(&oo->oo_owner.so_strhash); 1662 list_del_init(&oo->oo_perclient); 1663 } 1664 1665 static void release_last_closed_stateid(struct nfs4_openowner *oo) 1666 { 1667 struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net, 1668 nfsd_net_id); 1669 struct nfs4_ol_stateid *s; 1670 1671 spin_lock(&nn->client_lock); 1672 s = oo->oo_last_closed_stid; 1673 if (s) { 1674 list_del_init(&oo->oo_close_lru); 1675 oo->oo_last_closed_stid = NULL; 1676 } 1677 spin_unlock(&nn->client_lock); 1678 if (s) 1679 nfs4_put_stid(&s->st_stid); 1680 } 1681 1682 static void release_openowner(struct nfs4_openowner *oo) 1683 { 1684 struct nfs4_ol_stateid *stp; 1685 struct nfs4_client *clp = oo->oo_owner.so_client; 1686 LIST_HEAD(reaplist); 1687 1688 spin_lock(&clp->cl_lock); 1689 unhash_openowner_locked(oo); 1690 while (!list_empty(&oo->oo_owner.so_stateids)) { 1691 stp = list_first_entry(&oo->oo_owner.so_stateids, 1692 struct nfs4_ol_stateid, st_perstateowner); 1693 if (unhash_open_stateid(stp, &reaplist)) 1694 put_ol_stateid_locked(stp, &reaplist); 1695 } 1696 spin_unlock(&clp->cl_lock); 1697 free_ol_stateid_reaplist(&reaplist); 1698 release_last_closed_stateid(oo); 1699 nfs4_put_stateowner(&oo->oo_owner); 1700 } 1701 1702 static struct nfs4_stid *find_one_sb_stid(struct nfs4_client *clp, 1703 struct super_block *sb, 1704 unsigned int sc_types) 1705 { 1706 unsigned long id, tmp; 1707 struct nfs4_stid *stid; 1708 1709 spin_lock(&clp->cl_lock); 1710 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id) 1711 if ((stid->sc_type & sc_types) && 1712 stid->sc_status == 0 && 1713 stid->sc_file->fi_inode->i_sb == sb) { 1714 refcount_inc(&stid->sc_count); 1715 break; 1716 } 1717 spin_unlock(&clp->cl_lock); 1718 return stid; 1719 } 1720 1721 /** 1722 * nfsd4_revoke_states - revoke all nfsv4 states associated with given filesystem 1723 * @net: used to identify instance of nfsd (there is one per net namespace) 1724 * @sb: super_block used to identify target filesystem 1725 * 1726 * All nfs4 states (open, lock, delegation, layout) held by the server instance 1727 * and associated with a file on the given filesystem will be revoked resulting 1728 * in any files being closed and so all references from nfsd to the filesystem 1729 * being released. Thus nfsd will no longer prevent the filesystem from being 1730 * unmounted. 1731 * 1732 * The clients which own the states will subsequently being notified that the 1733 * states have been "admin-revoked". 1734 */ 1735 void nfsd4_revoke_states(struct net *net, struct super_block *sb) 1736 { 1737 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 1738 unsigned int idhashval; 1739 unsigned int sc_types; 1740 1741 sc_types = SC_TYPE_OPEN | SC_TYPE_LOCK | SC_TYPE_DELEG | SC_TYPE_LAYOUT; 1742 1743 spin_lock(&nn->client_lock); 1744 for (idhashval = 0; idhashval < CLIENT_HASH_MASK; idhashval++) { 1745 struct list_head *head = &nn->conf_id_hashtbl[idhashval]; 1746 struct nfs4_client *clp; 1747 retry: 1748 list_for_each_entry(clp, head, cl_idhash) { 1749 struct nfs4_stid *stid = find_one_sb_stid(clp, sb, 1750 sc_types); 1751 if (stid) { 1752 struct nfs4_ol_stateid *stp; 1753 struct nfs4_delegation *dp; 1754 struct nfs4_layout_stateid *ls; 1755 1756 spin_unlock(&nn->client_lock); 1757 switch (stid->sc_type) { 1758 case SC_TYPE_OPEN: 1759 stp = openlockstateid(stid); 1760 mutex_lock_nested(&stp->st_mutex, 1761 OPEN_STATEID_MUTEX); 1762 1763 spin_lock(&clp->cl_lock); 1764 if (stid->sc_status == 0) { 1765 stid->sc_status |= 1766 SC_STATUS_ADMIN_REVOKED; 1767 atomic_inc(&clp->cl_admin_revoked); 1768 spin_unlock(&clp->cl_lock); 1769 release_all_access(stp); 1770 } else 1771 spin_unlock(&clp->cl_lock); 1772 mutex_unlock(&stp->st_mutex); 1773 break; 1774 case SC_TYPE_LOCK: 1775 stp = openlockstateid(stid); 1776 mutex_lock_nested(&stp->st_mutex, 1777 LOCK_STATEID_MUTEX); 1778 spin_lock(&clp->cl_lock); 1779 if (stid->sc_status == 0) { 1780 struct nfs4_lockowner *lo = 1781 lockowner(stp->st_stateowner); 1782 struct nfsd_file *nf; 1783 1784 stid->sc_status |= 1785 SC_STATUS_ADMIN_REVOKED; 1786 atomic_inc(&clp->cl_admin_revoked); 1787 spin_unlock(&clp->cl_lock); 1788 nf = find_any_file(stp->st_stid.sc_file); 1789 if (nf) { 1790 get_file(nf->nf_file); 1791 filp_close(nf->nf_file, 1792 (fl_owner_t)lo); 1793 nfsd_file_put(nf); 1794 } 1795 release_all_access(stp); 1796 } else 1797 spin_unlock(&clp->cl_lock); 1798 mutex_unlock(&stp->st_mutex); 1799 break; 1800 case SC_TYPE_DELEG: 1801 refcount_inc(&stid->sc_count); 1802 dp = delegstateid(stid); 1803 spin_lock(&state_lock); 1804 if (!unhash_delegation_locked( 1805 dp, SC_STATUS_ADMIN_REVOKED)) 1806 dp = NULL; 1807 spin_unlock(&state_lock); 1808 if (dp) 1809 revoke_delegation(dp); 1810 break; 1811 case SC_TYPE_LAYOUT: 1812 ls = layoutstateid(stid); 1813 nfsd4_close_layout(ls); 1814 break; 1815 } 1816 nfs4_put_stid(stid); 1817 spin_lock(&nn->client_lock); 1818 if (clp->cl_minorversion == 0) 1819 /* Allow cleanup after a lease period. 1820 * store_release ensures cleanup will 1821 * see any newly revoked states if it 1822 * sees the time updated. 1823 */ 1824 nn->nfs40_last_revoke = 1825 ktime_get_boottime_seconds(); 1826 goto retry; 1827 } 1828 } 1829 } 1830 spin_unlock(&nn->client_lock); 1831 } 1832 1833 static inline int 1834 hash_sessionid(struct nfs4_sessionid *sessionid) 1835 { 1836 struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid; 1837 1838 return sid->sequence % SESSION_HASH_SIZE; 1839 } 1840 1841 #ifdef CONFIG_SUNRPC_DEBUG 1842 static inline void 1843 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1844 { 1845 u32 *ptr = (u32 *)(&sessionid->data[0]); 1846 dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]); 1847 } 1848 #else 1849 static inline void 1850 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1851 { 1852 } 1853 #endif 1854 1855 /* 1856 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it 1857 * won't be used for replay. 1858 */ 1859 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr) 1860 { 1861 struct nfs4_stateowner *so = cstate->replay_owner; 1862 1863 if (nfserr == nfserr_replay_me) 1864 return; 1865 1866 if (!seqid_mutating_err(ntohl(nfserr))) { 1867 nfsd4_cstate_clear_replay(cstate); 1868 return; 1869 } 1870 if (!so) 1871 return; 1872 if (so->so_is_open_owner) 1873 release_last_closed_stateid(openowner(so)); 1874 so->so_seqid++; 1875 return; 1876 } 1877 1878 static void 1879 gen_sessionid(struct nfsd4_session *ses) 1880 { 1881 struct nfs4_client *clp = ses->se_client; 1882 struct nfsd4_sessionid *sid; 1883 1884 sid = (struct nfsd4_sessionid *)ses->se_sessionid.data; 1885 sid->clientid = clp->cl_clientid; 1886 sid->sequence = current_sessionid++; 1887 sid->reserved = 0; 1888 } 1889 1890 /* 1891 * The protocol defines ca_maxresponssize_cached to include the size of 1892 * the rpc header, but all we need to cache is the data starting after 1893 * the end of the initial SEQUENCE operation--the rest we regenerate 1894 * each time. Therefore we can advertise a ca_maxresponssize_cached 1895 * value that is the number of bytes in our cache plus a few additional 1896 * bytes. In order to stay on the safe side, and not promise more than 1897 * we can cache, those additional bytes must be the minimum possible: 24 1898 * bytes of rpc header (xid through accept state, with AUTH_NULL 1899 * verifier), 12 for the compound header (with zero-length tag), and 44 1900 * for the SEQUENCE op response: 1901 */ 1902 #define NFSD_MIN_HDR_SEQ_SZ (24 + 12 + 44) 1903 1904 static void 1905 free_session_slots(struct nfsd4_session *ses) 1906 { 1907 int i; 1908 1909 for (i = 0; i < ses->se_fchannel.maxreqs; i++) { 1910 free_svc_cred(&ses->se_slots[i]->sl_cred); 1911 kfree(ses->se_slots[i]); 1912 } 1913 } 1914 1915 /* 1916 * We don't actually need to cache the rpc and session headers, so we 1917 * can allocate a little less for each slot: 1918 */ 1919 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca) 1920 { 1921 u32 size; 1922 1923 if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ) 1924 size = 0; 1925 else 1926 size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ; 1927 return size + sizeof(struct nfsd4_slot); 1928 } 1929 1930 /* 1931 * XXX: If we run out of reserved DRC memory we could (up to a point) 1932 * re-negotiate active sessions and reduce their slot usage to make 1933 * room for new connections. For now we just fail the create session. 1934 */ 1935 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 1936 { 1937 u32 slotsize = slot_bytes(ca); 1938 u32 num = ca->maxreqs; 1939 unsigned long avail, total_avail; 1940 unsigned int scale_factor; 1941 1942 spin_lock(&nfsd_drc_lock); 1943 if (nfsd_drc_max_mem > nfsd_drc_mem_used) 1944 total_avail = nfsd_drc_max_mem - nfsd_drc_mem_used; 1945 else 1946 /* We have handed out more space than we chose in 1947 * set_max_drc() to allow. That isn't really a 1948 * problem as long as that doesn't make us think we 1949 * have lots more due to integer overflow. 1950 */ 1951 total_avail = 0; 1952 avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION, total_avail); 1953 /* 1954 * Never use more than a fraction of the remaining memory, 1955 * unless it's the only way to give this client a slot. 1956 * The chosen fraction is either 1/8 or 1/number of threads, 1957 * whichever is smaller. This ensures there are adequate 1958 * slots to support multiple clients per thread. 1959 * Give the client one slot even if that would require 1960 * over-allocation--it is better than failure. 1961 */ 1962 scale_factor = max_t(unsigned int, 8, nn->nfsd_serv->sv_nrthreads); 1963 1964 avail = clamp_t(unsigned long, avail, slotsize, 1965 total_avail/scale_factor); 1966 num = min_t(int, num, avail / slotsize); 1967 num = max_t(int, num, 1); 1968 nfsd_drc_mem_used += num * slotsize; 1969 spin_unlock(&nfsd_drc_lock); 1970 1971 return num; 1972 } 1973 1974 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca) 1975 { 1976 int slotsize = slot_bytes(ca); 1977 1978 spin_lock(&nfsd_drc_lock); 1979 nfsd_drc_mem_used -= slotsize * ca->maxreqs; 1980 spin_unlock(&nfsd_drc_lock); 1981 } 1982 1983 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs, 1984 struct nfsd4_channel_attrs *battrs) 1985 { 1986 int numslots = fattrs->maxreqs; 1987 int slotsize = slot_bytes(fattrs); 1988 struct nfsd4_session *new; 1989 int i; 1990 1991 BUILD_BUG_ON(struct_size(new, se_slots, NFSD_MAX_SLOTS_PER_SESSION) 1992 > PAGE_SIZE); 1993 1994 new = kzalloc(struct_size(new, se_slots, numslots), GFP_KERNEL); 1995 if (!new) 1996 return NULL; 1997 /* allocate each struct nfsd4_slot and data cache in one piece */ 1998 for (i = 0; i < numslots; i++) { 1999 new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL); 2000 if (!new->se_slots[i]) 2001 goto out_free; 2002 } 2003 2004 memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs)); 2005 memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs)); 2006 2007 return new; 2008 out_free: 2009 while (i--) 2010 kfree(new->se_slots[i]); 2011 kfree(new); 2012 return NULL; 2013 } 2014 2015 static void free_conn(struct nfsd4_conn *c) 2016 { 2017 svc_xprt_put(c->cn_xprt); 2018 kfree(c); 2019 } 2020 2021 static void nfsd4_conn_lost(struct svc_xpt_user *u) 2022 { 2023 struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user); 2024 struct nfs4_client *clp = c->cn_session->se_client; 2025 2026 trace_nfsd_cb_lost(clp); 2027 2028 spin_lock(&clp->cl_lock); 2029 if (!list_empty(&c->cn_persession)) { 2030 list_del(&c->cn_persession); 2031 free_conn(c); 2032 } 2033 nfsd4_probe_callback(clp); 2034 spin_unlock(&clp->cl_lock); 2035 } 2036 2037 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags) 2038 { 2039 struct nfsd4_conn *conn; 2040 2041 conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL); 2042 if (!conn) 2043 return NULL; 2044 svc_xprt_get(rqstp->rq_xprt); 2045 conn->cn_xprt = rqstp->rq_xprt; 2046 conn->cn_flags = flags; 2047 INIT_LIST_HEAD(&conn->cn_xpt_user.list); 2048 return conn; 2049 } 2050 2051 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2052 { 2053 conn->cn_session = ses; 2054 list_add(&conn->cn_persession, &ses->se_conns); 2055 } 2056 2057 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2058 { 2059 struct nfs4_client *clp = ses->se_client; 2060 2061 spin_lock(&clp->cl_lock); 2062 __nfsd4_hash_conn(conn, ses); 2063 spin_unlock(&clp->cl_lock); 2064 } 2065 2066 static int nfsd4_register_conn(struct nfsd4_conn *conn) 2067 { 2068 conn->cn_xpt_user.callback = nfsd4_conn_lost; 2069 return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user); 2070 } 2071 2072 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses) 2073 { 2074 int ret; 2075 2076 nfsd4_hash_conn(conn, ses); 2077 ret = nfsd4_register_conn(conn); 2078 if (ret) 2079 /* oops; xprt is already down: */ 2080 nfsd4_conn_lost(&conn->cn_xpt_user); 2081 /* We may have gained or lost a callback channel: */ 2082 nfsd4_probe_callback_sync(ses->se_client); 2083 } 2084 2085 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses) 2086 { 2087 u32 dir = NFS4_CDFC4_FORE; 2088 2089 if (cses->flags & SESSION4_BACK_CHAN) 2090 dir |= NFS4_CDFC4_BACK; 2091 return alloc_conn(rqstp, dir); 2092 } 2093 2094 /* must be called under client_lock */ 2095 static void nfsd4_del_conns(struct nfsd4_session *s) 2096 { 2097 struct nfs4_client *clp = s->se_client; 2098 struct nfsd4_conn *c; 2099 2100 spin_lock(&clp->cl_lock); 2101 while (!list_empty(&s->se_conns)) { 2102 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession); 2103 list_del_init(&c->cn_persession); 2104 spin_unlock(&clp->cl_lock); 2105 2106 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user); 2107 free_conn(c); 2108 2109 spin_lock(&clp->cl_lock); 2110 } 2111 spin_unlock(&clp->cl_lock); 2112 } 2113 2114 static void __free_session(struct nfsd4_session *ses) 2115 { 2116 free_session_slots(ses); 2117 kfree(ses); 2118 } 2119 2120 static void free_session(struct nfsd4_session *ses) 2121 { 2122 nfsd4_del_conns(ses); 2123 nfsd4_put_drc_mem(&ses->se_fchannel); 2124 __free_session(ses); 2125 } 2126 2127 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses) 2128 { 2129 int idx; 2130 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2131 2132 new->se_client = clp; 2133 gen_sessionid(new); 2134 2135 INIT_LIST_HEAD(&new->se_conns); 2136 2137 new->se_cb_seq_nr = 1; 2138 new->se_flags = cses->flags; 2139 new->se_cb_prog = cses->callback_prog; 2140 new->se_cb_sec = cses->cb_sec; 2141 atomic_set(&new->se_ref, 0); 2142 idx = hash_sessionid(&new->se_sessionid); 2143 list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]); 2144 spin_lock(&clp->cl_lock); 2145 list_add(&new->se_perclnt, &clp->cl_sessions); 2146 spin_unlock(&clp->cl_lock); 2147 2148 { 2149 struct sockaddr *sa = svc_addr(rqstp); 2150 /* 2151 * This is a little silly; with sessions there's no real 2152 * use for the callback address. Use the peer address 2153 * as a reasonable default for now, but consider fixing 2154 * the rpc client not to require an address in the 2155 * future: 2156 */ 2157 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa); 2158 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa); 2159 } 2160 } 2161 2162 /* caller must hold client_lock */ 2163 static struct nfsd4_session * 2164 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net) 2165 { 2166 struct nfsd4_session *elem; 2167 int idx; 2168 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 2169 2170 lockdep_assert_held(&nn->client_lock); 2171 2172 dump_sessionid(__func__, sessionid); 2173 idx = hash_sessionid(sessionid); 2174 /* Search in the appropriate list */ 2175 list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) { 2176 if (!memcmp(elem->se_sessionid.data, sessionid->data, 2177 NFS4_MAX_SESSIONID_LEN)) { 2178 return elem; 2179 } 2180 } 2181 2182 dprintk("%s: session not found\n", __func__); 2183 return NULL; 2184 } 2185 2186 static struct nfsd4_session * 2187 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net, 2188 __be32 *ret) 2189 { 2190 struct nfsd4_session *session; 2191 __be32 status = nfserr_badsession; 2192 2193 session = __find_in_sessionid_hashtbl(sessionid, net); 2194 if (!session) 2195 goto out; 2196 status = nfsd4_get_session_locked(session); 2197 if (status) 2198 session = NULL; 2199 out: 2200 *ret = status; 2201 return session; 2202 } 2203 2204 /* caller must hold client_lock */ 2205 static void 2206 unhash_session(struct nfsd4_session *ses) 2207 { 2208 struct nfs4_client *clp = ses->se_client; 2209 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2210 2211 lockdep_assert_held(&nn->client_lock); 2212 2213 list_del(&ses->se_hash); 2214 spin_lock(&ses->se_client->cl_lock); 2215 list_del(&ses->se_perclnt); 2216 spin_unlock(&ses->se_client->cl_lock); 2217 } 2218 2219 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */ 2220 static int 2221 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn) 2222 { 2223 /* 2224 * We're assuming the clid was not given out from a boot 2225 * precisely 2^32 (about 136 years) before this one. That seems 2226 * a safe assumption: 2227 */ 2228 if (clid->cl_boot == (u32)nn->boot_time) 2229 return 0; 2230 trace_nfsd_clid_stale(clid); 2231 return 1; 2232 } 2233 2234 /* 2235 * XXX Should we use a slab cache ? 2236 * This type of memory management is somewhat inefficient, but we use it 2237 * anyway since SETCLIENTID is not a common operation. 2238 */ 2239 static struct nfs4_client *alloc_client(struct xdr_netobj name, 2240 struct nfsd_net *nn) 2241 { 2242 struct nfs4_client *clp; 2243 int i; 2244 2245 if (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) { 2246 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 2247 return NULL; 2248 } 2249 clp = kmem_cache_zalloc(client_slab, GFP_KERNEL); 2250 if (clp == NULL) 2251 return NULL; 2252 xdr_netobj_dup(&clp->cl_name, &name, GFP_KERNEL); 2253 if (clp->cl_name.data == NULL) 2254 goto err_no_name; 2255 clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE, 2256 sizeof(struct list_head), 2257 GFP_KERNEL); 2258 if (!clp->cl_ownerstr_hashtbl) 2259 goto err_no_hashtbl; 2260 clp->cl_callback_wq = alloc_ordered_workqueue("nfsd4_callbacks", 0); 2261 if (!clp->cl_callback_wq) 2262 goto err_no_callback_wq; 2263 2264 for (i = 0; i < OWNER_HASH_SIZE; i++) 2265 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]); 2266 INIT_LIST_HEAD(&clp->cl_sessions); 2267 idr_init(&clp->cl_stateids); 2268 atomic_set(&clp->cl_rpc_users, 0); 2269 clp->cl_cb_state = NFSD4_CB_UNKNOWN; 2270 clp->cl_state = NFSD4_ACTIVE; 2271 atomic_inc(&nn->nfs4_client_count); 2272 atomic_set(&clp->cl_delegs_in_recall, 0); 2273 INIT_LIST_HEAD(&clp->cl_idhash); 2274 INIT_LIST_HEAD(&clp->cl_openowners); 2275 INIT_LIST_HEAD(&clp->cl_delegations); 2276 INIT_LIST_HEAD(&clp->cl_lru); 2277 INIT_LIST_HEAD(&clp->cl_revoked); 2278 #ifdef CONFIG_NFSD_PNFS 2279 INIT_LIST_HEAD(&clp->cl_lo_states); 2280 #endif 2281 INIT_LIST_HEAD(&clp->async_copies); 2282 spin_lock_init(&clp->async_lock); 2283 spin_lock_init(&clp->cl_lock); 2284 rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table"); 2285 return clp; 2286 err_no_callback_wq: 2287 kfree(clp->cl_ownerstr_hashtbl); 2288 err_no_hashtbl: 2289 kfree(clp->cl_name.data); 2290 err_no_name: 2291 kmem_cache_free(client_slab, clp); 2292 return NULL; 2293 } 2294 2295 static void __free_client(struct kref *k) 2296 { 2297 struct nfsdfs_client *c = container_of(k, struct nfsdfs_client, cl_ref); 2298 struct nfs4_client *clp = container_of(c, struct nfs4_client, cl_nfsdfs); 2299 2300 free_svc_cred(&clp->cl_cred); 2301 destroy_workqueue(clp->cl_callback_wq); 2302 kfree(clp->cl_ownerstr_hashtbl); 2303 kfree(clp->cl_name.data); 2304 kfree(clp->cl_nii_domain.data); 2305 kfree(clp->cl_nii_name.data); 2306 idr_destroy(&clp->cl_stateids); 2307 kfree(clp->cl_ra); 2308 kmem_cache_free(client_slab, clp); 2309 } 2310 2311 static void drop_client(struct nfs4_client *clp) 2312 { 2313 kref_put(&clp->cl_nfsdfs.cl_ref, __free_client); 2314 } 2315 2316 static void 2317 free_client(struct nfs4_client *clp) 2318 { 2319 while (!list_empty(&clp->cl_sessions)) { 2320 struct nfsd4_session *ses; 2321 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session, 2322 se_perclnt); 2323 list_del(&ses->se_perclnt); 2324 WARN_ON_ONCE(atomic_read(&ses->se_ref)); 2325 free_session(ses); 2326 } 2327 rpc_destroy_wait_queue(&clp->cl_cb_waitq); 2328 if (clp->cl_nfsd_dentry) { 2329 nfsd_client_rmdir(clp->cl_nfsd_dentry); 2330 clp->cl_nfsd_dentry = NULL; 2331 wake_up_all(&expiry_wq); 2332 } 2333 drop_client(clp); 2334 } 2335 2336 /* must be called under the client_lock */ 2337 static void 2338 unhash_client_locked(struct nfs4_client *clp) 2339 { 2340 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2341 struct nfsd4_session *ses; 2342 2343 lockdep_assert_held(&nn->client_lock); 2344 2345 /* Mark the client as expired! */ 2346 clp->cl_time = 0; 2347 /* Make it invisible */ 2348 if (!list_empty(&clp->cl_idhash)) { 2349 list_del_init(&clp->cl_idhash); 2350 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2351 rb_erase(&clp->cl_namenode, &nn->conf_name_tree); 2352 else 2353 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 2354 } 2355 list_del_init(&clp->cl_lru); 2356 spin_lock(&clp->cl_lock); 2357 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) 2358 list_del_init(&ses->se_hash); 2359 spin_unlock(&clp->cl_lock); 2360 } 2361 2362 static void 2363 unhash_client(struct nfs4_client *clp) 2364 { 2365 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2366 2367 spin_lock(&nn->client_lock); 2368 unhash_client_locked(clp); 2369 spin_unlock(&nn->client_lock); 2370 } 2371 2372 static __be32 mark_client_expired_locked(struct nfs4_client *clp) 2373 { 2374 int users = atomic_read(&clp->cl_rpc_users); 2375 2376 trace_nfsd_mark_client_expired(clp, users); 2377 2378 if (users) 2379 return nfserr_jukebox; 2380 unhash_client_locked(clp); 2381 return nfs_ok; 2382 } 2383 2384 static void 2385 __destroy_client(struct nfs4_client *clp) 2386 { 2387 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2388 int i; 2389 struct nfs4_openowner *oo; 2390 struct nfs4_delegation *dp; 2391 LIST_HEAD(reaplist); 2392 2393 spin_lock(&state_lock); 2394 while (!list_empty(&clp->cl_delegations)) { 2395 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt); 2396 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 2397 list_add(&dp->dl_recall_lru, &reaplist); 2398 } 2399 spin_unlock(&state_lock); 2400 while (!list_empty(&reaplist)) { 2401 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru); 2402 list_del_init(&dp->dl_recall_lru); 2403 destroy_unhashed_deleg(dp); 2404 } 2405 while (!list_empty(&clp->cl_revoked)) { 2406 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru); 2407 list_del_init(&dp->dl_recall_lru); 2408 nfs4_put_stid(&dp->dl_stid); 2409 } 2410 while (!list_empty(&clp->cl_openowners)) { 2411 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient); 2412 nfs4_get_stateowner(&oo->oo_owner); 2413 release_openowner(oo); 2414 } 2415 for (i = 0; i < OWNER_HASH_SIZE; i++) { 2416 struct nfs4_stateowner *so, *tmp; 2417 2418 list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i], 2419 so_strhash) { 2420 /* Should be no openowners at this point */ 2421 WARN_ON_ONCE(so->so_is_open_owner); 2422 remove_blocked_locks(lockowner(so)); 2423 } 2424 } 2425 nfsd4_return_all_client_layouts(clp); 2426 nfsd4_shutdown_copy(clp); 2427 nfsd4_shutdown_callback(clp); 2428 if (clp->cl_cb_conn.cb_xprt) 2429 svc_xprt_put(clp->cl_cb_conn.cb_xprt); 2430 atomic_add_unless(&nn->nfs4_client_count, -1, 0); 2431 nfsd4_dec_courtesy_client_count(nn, clp); 2432 free_client(clp); 2433 wake_up_all(&expiry_wq); 2434 } 2435 2436 static void 2437 destroy_client(struct nfs4_client *clp) 2438 { 2439 unhash_client(clp); 2440 __destroy_client(clp); 2441 } 2442 2443 static void inc_reclaim_complete(struct nfs4_client *clp) 2444 { 2445 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2446 2447 if (!nn->track_reclaim_completes) 2448 return; 2449 if (!nfsd4_find_reclaim_client(clp->cl_name, nn)) 2450 return; 2451 if (atomic_inc_return(&nn->nr_reclaim_complete) == 2452 nn->reclaim_str_hashtbl_size) { 2453 printk(KERN_INFO "NFSD: all clients done reclaiming, ending NFSv4 grace period (net %x)\n", 2454 clp->net->ns.inum); 2455 nfsd4_end_grace(nn); 2456 } 2457 } 2458 2459 static void expire_client(struct nfs4_client *clp) 2460 { 2461 unhash_client(clp); 2462 nfsd4_client_record_remove(clp); 2463 __destroy_client(clp); 2464 } 2465 2466 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source) 2467 { 2468 memcpy(target->cl_verifier.data, source->data, 2469 sizeof(target->cl_verifier.data)); 2470 } 2471 2472 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source) 2473 { 2474 target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 2475 target->cl_clientid.cl_id = source->cl_clientid.cl_id; 2476 } 2477 2478 static int copy_cred(struct svc_cred *target, struct svc_cred *source) 2479 { 2480 target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL); 2481 target->cr_raw_principal = kstrdup(source->cr_raw_principal, 2482 GFP_KERNEL); 2483 target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL); 2484 if ((source->cr_principal && !target->cr_principal) || 2485 (source->cr_raw_principal && !target->cr_raw_principal) || 2486 (source->cr_targ_princ && !target->cr_targ_princ)) 2487 return -ENOMEM; 2488 2489 target->cr_flavor = source->cr_flavor; 2490 target->cr_uid = source->cr_uid; 2491 target->cr_gid = source->cr_gid; 2492 target->cr_group_info = source->cr_group_info; 2493 get_group_info(target->cr_group_info); 2494 target->cr_gss_mech = source->cr_gss_mech; 2495 if (source->cr_gss_mech) 2496 gss_mech_get(source->cr_gss_mech); 2497 return 0; 2498 } 2499 2500 static int 2501 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2) 2502 { 2503 if (o1->len < o2->len) 2504 return -1; 2505 if (o1->len > o2->len) 2506 return 1; 2507 return memcmp(o1->data, o2->data, o1->len); 2508 } 2509 2510 static int 2511 same_verf(nfs4_verifier *v1, nfs4_verifier *v2) 2512 { 2513 return 0 == memcmp(v1->data, v2->data, sizeof(v1->data)); 2514 } 2515 2516 static int 2517 same_clid(clientid_t *cl1, clientid_t *cl2) 2518 { 2519 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); 2520 } 2521 2522 static bool groups_equal(struct group_info *g1, struct group_info *g2) 2523 { 2524 int i; 2525 2526 if (g1->ngroups != g2->ngroups) 2527 return false; 2528 for (i=0; i<g1->ngroups; i++) 2529 if (!gid_eq(g1->gid[i], g2->gid[i])) 2530 return false; 2531 return true; 2532 } 2533 2534 /* 2535 * RFC 3530 language requires clid_inuse be returned when the 2536 * "principal" associated with a requests differs from that previously 2537 * used. We use uid, gid's, and gss principal string as our best 2538 * approximation. We also don't want to allow non-gss use of a client 2539 * established using gss: in theory cr_principal should catch that 2540 * change, but in practice cr_principal can be null even in the gss case 2541 * since gssd doesn't always pass down a principal string. 2542 */ 2543 static bool is_gss_cred(struct svc_cred *cr) 2544 { 2545 /* Is cr_flavor one of the gss "pseudoflavors"?: */ 2546 return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR); 2547 } 2548 2549 2550 static bool 2551 same_creds(struct svc_cred *cr1, struct svc_cred *cr2) 2552 { 2553 if ((is_gss_cred(cr1) != is_gss_cred(cr2)) 2554 || (!uid_eq(cr1->cr_uid, cr2->cr_uid)) 2555 || (!gid_eq(cr1->cr_gid, cr2->cr_gid)) 2556 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) 2557 return false; 2558 /* XXX: check that cr_targ_princ fields match ? */ 2559 if (cr1->cr_principal == cr2->cr_principal) 2560 return true; 2561 if (!cr1->cr_principal || !cr2->cr_principal) 2562 return false; 2563 return 0 == strcmp(cr1->cr_principal, cr2->cr_principal); 2564 } 2565 2566 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp) 2567 { 2568 struct svc_cred *cr = &rqstp->rq_cred; 2569 u32 service; 2570 2571 if (!cr->cr_gss_mech) 2572 return false; 2573 service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor); 2574 return service == RPC_GSS_SVC_INTEGRITY || 2575 service == RPC_GSS_SVC_PRIVACY; 2576 } 2577 2578 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp) 2579 { 2580 struct svc_cred *cr = &rqstp->rq_cred; 2581 2582 if (!cl->cl_mach_cred) 2583 return true; 2584 if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech) 2585 return false; 2586 if (!svc_rqst_integrity_protected(rqstp)) 2587 return false; 2588 if (cl->cl_cred.cr_raw_principal) 2589 return 0 == strcmp(cl->cl_cred.cr_raw_principal, 2590 cr->cr_raw_principal); 2591 if (!cr->cr_principal) 2592 return false; 2593 return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal); 2594 } 2595 2596 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn) 2597 { 2598 __be32 verf[2]; 2599 2600 /* 2601 * This is opaque to client, so no need to byte-swap. Use 2602 * __force to keep sparse happy 2603 */ 2604 verf[0] = (__force __be32)(u32)ktime_get_real_seconds(); 2605 verf[1] = (__force __be32)nn->clverifier_counter++; 2606 memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data)); 2607 } 2608 2609 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn) 2610 { 2611 clp->cl_clientid.cl_boot = (u32)nn->boot_time; 2612 clp->cl_clientid.cl_id = nn->clientid_counter++; 2613 gen_confirm(clp, nn); 2614 } 2615 2616 static struct nfs4_stid * 2617 find_stateid_locked(struct nfs4_client *cl, stateid_t *t) 2618 { 2619 struct nfs4_stid *ret; 2620 2621 ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id); 2622 if (!ret || !ret->sc_type) 2623 return NULL; 2624 return ret; 2625 } 2626 2627 static struct nfs4_stid * 2628 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, 2629 unsigned short typemask, unsigned short ok_states) 2630 { 2631 struct nfs4_stid *s; 2632 2633 spin_lock(&cl->cl_lock); 2634 s = find_stateid_locked(cl, t); 2635 if (s != NULL) { 2636 if ((s->sc_status & ~ok_states) == 0 && 2637 (typemask & s->sc_type)) 2638 refcount_inc(&s->sc_count); 2639 else 2640 s = NULL; 2641 } 2642 spin_unlock(&cl->cl_lock); 2643 return s; 2644 } 2645 2646 static struct nfs4_client *get_nfsdfs_clp(struct inode *inode) 2647 { 2648 struct nfsdfs_client *nc; 2649 nc = get_nfsdfs_client(inode); 2650 if (!nc) 2651 return NULL; 2652 return container_of(nc, struct nfs4_client, cl_nfsdfs); 2653 } 2654 2655 static void seq_quote_mem(struct seq_file *m, char *data, int len) 2656 { 2657 seq_puts(m, "\""); 2658 seq_escape_mem(m, data, len, ESCAPE_HEX | ESCAPE_NAP | ESCAPE_APPEND, "\"\\"); 2659 seq_puts(m, "\""); 2660 } 2661 2662 static const char *cb_state2str(int state) 2663 { 2664 switch (state) { 2665 case NFSD4_CB_UP: 2666 return "UP"; 2667 case NFSD4_CB_UNKNOWN: 2668 return "UNKNOWN"; 2669 case NFSD4_CB_DOWN: 2670 return "DOWN"; 2671 case NFSD4_CB_FAULT: 2672 return "FAULT"; 2673 } 2674 return "UNDEFINED"; 2675 } 2676 2677 static int client_info_show(struct seq_file *m, void *v) 2678 { 2679 struct inode *inode = file_inode(m->file); 2680 struct nfs4_client *clp; 2681 u64 clid; 2682 2683 clp = get_nfsdfs_clp(inode); 2684 if (!clp) 2685 return -ENXIO; 2686 memcpy(&clid, &clp->cl_clientid, sizeof(clid)); 2687 seq_printf(m, "clientid: 0x%llx\n", clid); 2688 seq_printf(m, "address: \"%pISpc\"\n", (struct sockaddr *)&clp->cl_addr); 2689 2690 if (clp->cl_state == NFSD4_COURTESY) 2691 seq_puts(m, "status: courtesy\n"); 2692 else if (clp->cl_state == NFSD4_EXPIRABLE) 2693 seq_puts(m, "status: expirable\n"); 2694 else if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2695 seq_puts(m, "status: confirmed\n"); 2696 else 2697 seq_puts(m, "status: unconfirmed\n"); 2698 seq_printf(m, "seconds from last renew: %lld\n", 2699 ktime_get_boottime_seconds() - clp->cl_time); 2700 seq_puts(m, "name: "); 2701 seq_quote_mem(m, clp->cl_name.data, clp->cl_name.len); 2702 seq_printf(m, "\nminor version: %d\n", clp->cl_minorversion); 2703 if (clp->cl_nii_domain.data) { 2704 seq_puts(m, "Implementation domain: "); 2705 seq_quote_mem(m, clp->cl_nii_domain.data, 2706 clp->cl_nii_domain.len); 2707 seq_puts(m, "\nImplementation name: "); 2708 seq_quote_mem(m, clp->cl_nii_name.data, clp->cl_nii_name.len); 2709 seq_printf(m, "\nImplementation time: [%lld, %ld]\n", 2710 clp->cl_nii_time.tv_sec, clp->cl_nii_time.tv_nsec); 2711 } 2712 seq_printf(m, "callback state: %s\n", cb_state2str(clp->cl_cb_state)); 2713 seq_printf(m, "callback address: \"%pISpc\"\n", &clp->cl_cb_conn.cb_addr); 2714 seq_printf(m, "admin-revoked states: %d\n", 2715 atomic_read(&clp->cl_admin_revoked)); 2716 drop_client(clp); 2717 2718 return 0; 2719 } 2720 2721 DEFINE_SHOW_ATTRIBUTE(client_info); 2722 2723 static void *states_start(struct seq_file *s, loff_t *pos) 2724 __acquires(&clp->cl_lock) 2725 { 2726 struct nfs4_client *clp = s->private; 2727 unsigned long id = *pos; 2728 void *ret; 2729 2730 spin_lock(&clp->cl_lock); 2731 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2732 *pos = id; 2733 return ret; 2734 } 2735 2736 static void *states_next(struct seq_file *s, void *v, loff_t *pos) 2737 { 2738 struct nfs4_client *clp = s->private; 2739 unsigned long id = *pos; 2740 void *ret; 2741 2742 id = *pos; 2743 id++; 2744 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2745 *pos = id; 2746 return ret; 2747 } 2748 2749 static void states_stop(struct seq_file *s, void *v) 2750 __releases(&clp->cl_lock) 2751 { 2752 struct nfs4_client *clp = s->private; 2753 2754 spin_unlock(&clp->cl_lock); 2755 } 2756 2757 static void nfs4_show_fname(struct seq_file *s, struct nfsd_file *f) 2758 { 2759 seq_printf(s, "filename: \"%pD2\"", f->nf_file); 2760 } 2761 2762 static void nfs4_show_superblock(struct seq_file *s, struct nfsd_file *f) 2763 { 2764 struct inode *inode = file_inode(f->nf_file); 2765 2766 seq_printf(s, "superblock: \"%02x:%02x:%ld\"", 2767 MAJOR(inode->i_sb->s_dev), 2768 MINOR(inode->i_sb->s_dev), 2769 inode->i_ino); 2770 } 2771 2772 static void nfs4_show_owner(struct seq_file *s, struct nfs4_stateowner *oo) 2773 { 2774 seq_puts(s, "owner: "); 2775 seq_quote_mem(s, oo->so_owner.data, oo->so_owner.len); 2776 } 2777 2778 static void nfs4_show_stateid(struct seq_file *s, stateid_t *stid) 2779 { 2780 seq_printf(s, "0x%.8x", stid->si_generation); 2781 seq_printf(s, "%12phN", &stid->si_opaque); 2782 } 2783 2784 static int nfs4_show_open(struct seq_file *s, struct nfs4_stid *st) 2785 { 2786 struct nfs4_ol_stateid *ols; 2787 struct nfs4_file *nf; 2788 struct nfsd_file *file; 2789 struct nfs4_stateowner *oo; 2790 unsigned int access, deny; 2791 2792 ols = openlockstateid(st); 2793 oo = ols->st_stateowner; 2794 nf = st->sc_file; 2795 2796 seq_puts(s, "- "); 2797 nfs4_show_stateid(s, &st->sc_stateid); 2798 seq_puts(s, ": { type: open, "); 2799 2800 access = bmap_to_share_mode(ols->st_access_bmap); 2801 deny = bmap_to_share_mode(ols->st_deny_bmap); 2802 2803 seq_printf(s, "access: %s%s, ", 2804 access & NFS4_SHARE_ACCESS_READ ? "r" : "-", 2805 access & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 2806 seq_printf(s, "deny: %s%s, ", 2807 deny & NFS4_SHARE_ACCESS_READ ? "r" : "-", 2808 deny & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 2809 2810 if (nf) { 2811 spin_lock(&nf->fi_lock); 2812 file = find_any_file_locked(nf); 2813 if (file) { 2814 nfs4_show_superblock(s, file); 2815 seq_puts(s, ", "); 2816 nfs4_show_fname(s, file); 2817 seq_puts(s, ", "); 2818 } 2819 spin_unlock(&nf->fi_lock); 2820 } else 2821 seq_puts(s, "closed, "); 2822 nfs4_show_owner(s, oo); 2823 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2824 seq_puts(s, ", admin-revoked"); 2825 seq_puts(s, " }\n"); 2826 return 0; 2827 } 2828 2829 static int nfs4_show_lock(struct seq_file *s, struct nfs4_stid *st) 2830 { 2831 struct nfs4_ol_stateid *ols; 2832 struct nfs4_file *nf; 2833 struct nfsd_file *file; 2834 struct nfs4_stateowner *oo; 2835 2836 ols = openlockstateid(st); 2837 oo = ols->st_stateowner; 2838 nf = st->sc_file; 2839 2840 seq_puts(s, "- "); 2841 nfs4_show_stateid(s, &st->sc_stateid); 2842 seq_puts(s, ": { type: lock, "); 2843 2844 spin_lock(&nf->fi_lock); 2845 file = find_any_file_locked(nf); 2846 if (file) { 2847 /* 2848 * Note: a lock stateid isn't really the same thing as a lock, 2849 * it's the locking state held by one owner on a file, and there 2850 * may be multiple (or no) lock ranges associated with it. 2851 * (Same for the matter is true of open stateids.) 2852 */ 2853 2854 nfs4_show_superblock(s, file); 2855 /* XXX: open stateid? */ 2856 seq_puts(s, ", "); 2857 nfs4_show_fname(s, file); 2858 seq_puts(s, ", "); 2859 } 2860 nfs4_show_owner(s, oo); 2861 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2862 seq_puts(s, ", admin-revoked"); 2863 seq_puts(s, " }\n"); 2864 spin_unlock(&nf->fi_lock); 2865 return 0; 2866 } 2867 2868 static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st) 2869 { 2870 struct nfs4_delegation *ds; 2871 struct nfs4_file *nf; 2872 struct nfsd_file *file; 2873 2874 ds = delegstateid(st); 2875 nf = st->sc_file; 2876 2877 seq_puts(s, "- "); 2878 nfs4_show_stateid(s, &st->sc_stateid); 2879 seq_puts(s, ": { type: deleg, "); 2880 2881 seq_printf(s, "access: %s", 2882 ds->dl_type == NFS4_OPEN_DELEGATE_READ ? "r" : "w"); 2883 2884 /* XXX: lease time, whether it's being recalled. */ 2885 2886 spin_lock(&nf->fi_lock); 2887 file = nf->fi_deleg_file; 2888 if (file) { 2889 seq_puts(s, ", "); 2890 nfs4_show_superblock(s, file); 2891 seq_puts(s, ", "); 2892 nfs4_show_fname(s, file); 2893 } 2894 spin_unlock(&nf->fi_lock); 2895 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2896 seq_puts(s, ", admin-revoked"); 2897 seq_puts(s, " }\n"); 2898 return 0; 2899 } 2900 2901 static int nfs4_show_layout(struct seq_file *s, struct nfs4_stid *st) 2902 { 2903 struct nfs4_layout_stateid *ls; 2904 struct nfsd_file *file; 2905 2906 ls = container_of(st, struct nfs4_layout_stateid, ls_stid); 2907 2908 seq_puts(s, "- "); 2909 nfs4_show_stateid(s, &st->sc_stateid); 2910 seq_puts(s, ": { type: layout"); 2911 2912 /* XXX: What else would be useful? */ 2913 2914 spin_lock(&ls->ls_stid.sc_file->fi_lock); 2915 file = ls->ls_file; 2916 if (file) { 2917 seq_puts(s, ", "); 2918 nfs4_show_superblock(s, file); 2919 seq_puts(s, ", "); 2920 nfs4_show_fname(s, file); 2921 } 2922 spin_unlock(&ls->ls_stid.sc_file->fi_lock); 2923 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2924 seq_puts(s, ", admin-revoked"); 2925 seq_puts(s, " }\n"); 2926 2927 return 0; 2928 } 2929 2930 static int states_show(struct seq_file *s, void *v) 2931 { 2932 struct nfs4_stid *st = v; 2933 2934 switch (st->sc_type) { 2935 case SC_TYPE_OPEN: 2936 return nfs4_show_open(s, st); 2937 case SC_TYPE_LOCK: 2938 return nfs4_show_lock(s, st); 2939 case SC_TYPE_DELEG: 2940 return nfs4_show_deleg(s, st); 2941 case SC_TYPE_LAYOUT: 2942 return nfs4_show_layout(s, st); 2943 default: 2944 return 0; /* XXX: or SEQ_SKIP? */ 2945 } 2946 /* XXX: copy stateids? */ 2947 } 2948 2949 static struct seq_operations states_seq_ops = { 2950 .start = states_start, 2951 .next = states_next, 2952 .stop = states_stop, 2953 .show = states_show 2954 }; 2955 2956 static int client_states_open(struct inode *inode, struct file *file) 2957 { 2958 struct seq_file *s; 2959 struct nfs4_client *clp; 2960 int ret; 2961 2962 clp = get_nfsdfs_clp(inode); 2963 if (!clp) 2964 return -ENXIO; 2965 2966 ret = seq_open(file, &states_seq_ops); 2967 if (ret) 2968 return ret; 2969 s = file->private_data; 2970 s->private = clp; 2971 return 0; 2972 } 2973 2974 static int client_opens_release(struct inode *inode, struct file *file) 2975 { 2976 struct seq_file *m = file->private_data; 2977 struct nfs4_client *clp = m->private; 2978 2979 /* XXX: alternatively, we could get/drop in seq start/stop */ 2980 drop_client(clp); 2981 return seq_release(inode, file); 2982 } 2983 2984 static const struct file_operations client_states_fops = { 2985 .open = client_states_open, 2986 .read = seq_read, 2987 .llseek = seq_lseek, 2988 .release = client_opens_release, 2989 }; 2990 2991 /* 2992 * Normally we refuse to destroy clients that are in use, but here the 2993 * administrator is telling us to just do it. We also want to wait 2994 * so the caller has a guarantee that the client's locks are gone by 2995 * the time the write returns: 2996 */ 2997 static void force_expire_client(struct nfs4_client *clp) 2998 { 2999 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3000 bool already_expired; 3001 3002 trace_nfsd_clid_admin_expired(&clp->cl_clientid); 3003 3004 spin_lock(&nn->client_lock); 3005 clp->cl_time = 0; 3006 spin_unlock(&nn->client_lock); 3007 3008 wait_event(expiry_wq, atomic_read(&clp->cl_rpc_users) == 0); 3009 spin_lock(&nn->client_lock); 3010 already_expired = list_empty(&clp->cl_lru); 3011 if (!already_expired) 3012 unhash_client_locked(clp); 3013 spin_unlock(&nn->client_lock); 3014 3015 if (!already_expired) 3016 expire_client(clp); 3017 else 3018 wait_event(expiry_wq, clp->cl_nfsd_dentry == NULL); 3019 } 3020 3021 static ssize_t client_ctl_write(struct file *file, const char __user *buf, 3022 size_t size, loff_t *pos) 3023 { 3024 char *data; 3025 struct nfs4_client *clp; 3026 3027 data = simple_transaction_get(file, buf, size); 3028 if (IS_ERR(data)) 3029 return PTR_ERR(data); 3030 if (size != 7 || 0 != memcmp(data, "expire\n", 7)) 3031 return -EINVAL; 3032 clp = get_nfsdfs_clp(file_inode(file)); 3033 if (!clp) 3034 return -ENXIO; 3035 force_expire_client(clp); 3036 drop_client(clp); 3037 return 7; 3038 } 3039 3040 static const struct file_operations client_ctl_fops = { 3041 .write = client_ctl_write, 3042 .release = simple_transaction_release, 3043 }; 3044 3045 static const struct tree_descr client_files[] = { 3046 [0] = {"info", &client_info_fops, S_IRUSR}, 3047 [1] = {"states", &client_states_fops, S_IRUSR}, 3048 [2] = {"ctl", &client_ctl_fops, S_IWUSR}, 3049 [3] = {""}, 3050 }; 3051 3052 static int 3053 nfsd4_cb_recall_any_done(struct nfsd4_callback *cb, 3054 struct rpc_task *task) 3055 { 3056 trace_nfsd_cb_recall_any_done(cb, task); 3057 switch (task->tk_status) { 3058 case -NFS4ERR_DELAY: 3059 rpc_delay(task, 2 * HZ); 3060 return 0; 3061 default: 3062 return 1; 3063 } 3064 } 3065 3066 static void 3067 nfsd4_cb_recall_any_release(struct nfsd4_callback *cb) 3068 { 3069 struct nfs4_client *clp = cb->cb_clp; 3070 3071 clear_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags); 3072 drop_client(clp); 3073 } 3074 3075 static int 3076 nfsd4_cb_getattr_done(struct nfsd4_callback *cb, struct rpc_task *task) 3077 { 3078 struct nfs4_cb_fattr *ncf = 3079 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3080 struct nfs4_delegation *dp = 3081 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3082 3083 trace_nfsd_cb_getattr_done(&dp->dl_stid.sc_stateid, task); 3084 ncf->ncf_cb_status = task->tk_status; 3085 switch (task->tk_status) { 3086 case -NFS4ERR_DELAY: 3087 rpc_delay(task, 2 * HZ); 3088 return 0; 3089 default: 3090 return 1; 3091 } 3092 } 3093 3094 static void 3095 nfsd4_cb_getattr_release(struct nfsd4_callback *cb) 3096 { 3097 struct nfs4_cb_fattr *ncf = 3098 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3099 struct nfs4_delegation *dp = 3100 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3101 3102 clear_and_wake_up_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags); 3103 nfs4_put_stid(&dp->dl_stid); 3104 } 3105 3106 static const struct nfsd4_callback_ops nfsd4_cb_recall_any_ops = { 3107 .done = nfsd4_cb_recall_any_done, 3108 .release = nfsd4_cb_recall_any_release, 3109 .opcode = OP_CB_RECALL_ANY, 3110 }; 3111 3112 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops = { 3113 .done = nfsd4_cb_getattr_done, 3114 .release = nfsd4_cb_getattr_release, 3115 .opcode = OP_CB_GETATTR, 3116 }; 3117 3118 static void nfs4_cb_getattr(struct nfs4_cb_fattr *ncf) 3119 { 3120 struct nfs4_delegation *dp = 3121 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3122 3123 if (test_and_set_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags)) 3124 return; 3125 /* set to proper status when nfsd4_cb_getattr_done runs */ 3126 ncf->ncf_cb_status = NFS4ERR_IO; 3127 3128 refcount_inc(&dp->dl_stid.sc_count); 3129 nfsd4_run_cb(&ncf->ncf_getattr); 3130 } 3131 3132 static struct nfs4_client *create_client(struct xdr_netobj name, 3133 struct svc_rqst *rqstp, nfs4_verifier *verf) 3134 { 3135 struct nfs4_client *clp; 3136 struct sockaddr *sa = svc_addr(rqstp); 3137 int ret; 3138 struct net *net = SVC_NET(rqstp); 3139 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 3140 struct dentry *dentries[ARRAY_SIZE(client_files)]; 3141 3142 clp = alloc_client(name, nn); 3143 if (clp == NULL) 3144 return NULL; 3145 3146 ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred); 3147 if (ret) { 3148 free_client(clp); 3149 return NULL; 3150 } 3151 gen_clid(clp, nn); 3152 kref_init(&clp->cl_nfsdfs.cl_ref); 3153 nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL); 3154 clp->cl_time = ktime_get_boottime_seconds(); 3155 clear_bit(0, &clp->cl_cb_slot_busy); 3156 copy_verf(clp, verf); 3157 memcpy(&clp->cl_addr, sa, sizeof(struct sockaddr_storage)); 3158 clp->cl_cb_session = NULL; 3159 clp->net = net; 3160 clp->cl_nfsd_dentry = nfsd_client_mkdir( 3161 nn, &clp->cl_nfsdfs, 3162 clp->cl_clientid.cl_id - nn->clientid_base, 3163 client_files, dentries); 3164 clp->cl_nfsd_info_dentry = dentries[0]; 3165 if (!clp->cl_nfsd_dentry) { 3166 free_client(clp); 3167 return NULL; 3168 } 3169 clp->cl_ra = kzalloc(sizeof(*clp->cl_ra), GFP_KERNEL); 3170 if (!clp->cl_ra) { 3171 free_client(clp); 3172 return NULL; 3173 } 3174 clp->cl_ra_time = 0; 3175 nfsd4_init_cb(&clp->cl_ra->ra_cb, clp, &nfsd4_cb_recall_any_ops, 3176 NFSPROC4_CLNT_CB_RECALL_ANY); 3177 return clp; 3178 } 3179 3180 static void 3181 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root) 3182 { 3183 struct rb_node **new = &(root->rb_node), *parent = NULL; 3184 struct nfs4_client *clp; 3185 3186 while (*new) { 3187 clp = rb_entry(*new, struct nfs4_client, cl_namenode); 3188 parent = *new; 3189 3190 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0) 3191 new = &((*new)->rb_left); 3192 else 3193 new = &((*new)->rb_right); 3194 } 3195 3196 rb_link_node(&new_clp->cl_namenode, parent, new); 3197 rb_insert_color(&new_clp->cl_namenode, root); 3198 } 3199 3200 static struct nfs4_client * 3201 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root) 3202 { 3203 int cmp; 3204 struct rb_node *node = root->rb_node; 3205 struct nfs4_client *clp; 3206 3207 while (node) { 3208 clp = rb_entry(node, struct nfs4_client, cl_namenode); 3209 cmp = compare_blob(&clp->cl_name, name); 3210 if (cmp > 0) 3211 node = node->rb_left; 3212 else if (cmp < 0) 3213 node = node->rb_right; 3214 else 3215 return clp; 3216 } 3217 return NULL; 3218 } 3219 3220 static void 3221 add_to_unconfirmed(struct nfs4_client *clp) 3222 { 3223 unsigned int idhashval; 3224 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3225 3226 lockdep_assert_held(&nn->client_lock); 3227 3228 clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3229 add_clp_to_name_tree(clp, &nn->unconf_name_tree); 3230 idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3231 list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]); 3232 renew_client_locked(clp); 3233 } 3234 3235 static void 3236 move_to_confirmed(struct nfs4_client *clp) 3237 { 3238 unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3239 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3240 3241 lockdep_assert_held(&nn->client_lock); 3242 3243 list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]); 3244 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 3245 add_clp_to_name_tree(clp, &nn->conf_name_tree); 3246 set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3247 trace_nfsd_clid_confirmed(&clp->cl_clientid); 3248 renew_client_locked(clp); 3249 } 3250 3251 static struct nfs4_client * 3252 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions) 3253 { 3254 struct nfs4_client *clp; 3255 unsigned int idhashval = clientid_hashval(clid->cl_id); 3256 3257 list_for_each_entry(clp, &tbl[idhashval], cl_idhash) { 3258 if (same_clid(&clp->cl_clientid, clid)) { 3259 if ((bool)clp->cl_minorversion != sessions) 3260 return NULL; 3261 renew_client_locked(clp); 3262 return clp; 3263 } 3264 } 3265 return NULL; 3266 } 3267 3268 static struct nfs4_client * 3269 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3270 { 3271 struct list_head *tbl = nn->conf_id_hashtbl; 3272 3273 lockdep_assert_held(&nn->client_lock); 3274 return find_client_in_id_table(tbl, clid, sessions); 3275 } 3276 3277 static struct nfs4_client * 3278 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3279 { 3280 struct list_head *tbl = nn->unconf_id_hashtbl; 3281 3282 lockdep_assert_held(&nn->client_lock); 3283 return find_client_in_id_table(tbl, clid, sessions); 3284 } 3285 3286 static bool clp_used_exchangeid(struct nfs4_client *clp) 3287 { 3288 return clp->cl_exchange_flags != 0; 3289 } 3290 3291 static struct nfs4_client * 3292 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3293 { 3294 lockdep_assert_held(&nn->client_lock); 3295 return find_clp_in_name_tree(name, &nn->conf_name_tree); 3296 } 3297 3298 static struct nfs4_client * 3299 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3300 { 3301 lockdep_assert_held(&nn->client_lock); 3302 return find_clp_in_name_tree(name, &nn->unconf_name_tree); 3303 } 3304 3305 static void 3306 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp) 3307 { 3308 struct nfs4_cb_conn *conn = &clp->cl_cb_conn; 3309 struct sockaddr *sa = svc_addr(rqstp); 3310 u32 scopeid = rpc_get_scope_id(sa); 3311 unsigned short expected_family; 3312 3313 /* Currently, we only support tcp and tcp6 for the callback channel */ 3314 if (se->se_callback_netid_len == 3 && 3315 !memcmp(se->se_callback_netid_val, "tcp", 3)) 3316 expected_family = AF_INET; 3317 else if (se->se_callback_netid_len == 4 && 3318 !memcmp(se->se_callback_netid_val, "tcp6", 4)) 3319 expected_family = AF_INET6; 3320 else 3321 goto out_err; 3322 3323 conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val, 3324 se->se_callback_addr_len, 3325 (struct sockaddr *)&conn->cb_addr, 3326 sizeof(conn->cb_addr)); 3327 3328 if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family) 3329 goto out_err; 3330 3331 if (conn->cb_addr.ss_family == AF_INET6) 3332 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid; 3333 3334 conn->cb_prog = se->se_callback_prog; 3335 conn->cb_ident = se->se_callback_ident; 3336 memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen); 3337 trace_nfsd_cb_args(clp, conn); 3338 return; 3339 out_err: 3340 conn->cb_addr.ss_family = AF_UNSPEC; 3341 conn->cb_addrlen = 0; 3342 trace_nfsd_cb_nodelegs(clp); 3343 return; 3344 } 3345 3346 /* 3347 * Cache a reply. nfsd4_check_resp_size() has bounded the cache size. 3348 */ 3349 static void 3350 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) 3351 { 3352 struct xdr_buf *buf = resp->xdr->buf; 3353 struct nfsd4_slot *slot = resp->cstate.slot; 3354 unsigned int base; 3355 3356 dprintk("--> %s slot %p\n", __func__, slot); 3357 3358 slot->sl_flags |= NFSD4_SLOT_INITIALIZED; 3359 slot->sl_opcnt = resp->opcnt; 3360 slot->sl_status = resp->cstate.status; 3361 free_svc_cred(&slot->sl_cred); 3362 copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred); 3363 3364 if (!nfsd4_cache_this(resp)) { 3365 slot->sl_flags &= ~NFSD4_SLOT_CACHED; 3366 return; 3367 } 3368 slot->sl_flags |= NFSD4_SLOT_CACHED; 3369 3370 base = resp->cstate.data_offset; 3371 slot->sl_datalen = buf->len - base; 3372 if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen)) 3373 WARN(1, "%s: sessions DRC could not cache compound\n", 3374 __func__); 3375 return; 3376 } 3377 3378 /* 3379 * Encode the replay sequence operation from the slot values. 3380 * If cachethis is FALSE encode the uncached rep error on the next 3381 * operation which sets resp->p and increments resp->opcnt for 3382 * nfs4svc_encode_compoundres. 3383 * 3384 */ 3385 static __be32 3386 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args, 3387 struct nfsd4_compoundres *resp) 3388 { 3389 struct nfsd4_op *op; 3390 struct nfsd4_slot *slot = resp->cstate.slot; 3391 3392 /* Encode the replayed sequence operation */ 3393 op = &args->ops[resp->opcnt - 1]; 3394 nfsd4_encode_operation(resp, op); 3395 3396 if (slot->sl_flags & NFSD4_SLOT_CACHED) 3397 return op->status; 3398 if (args->opcnt == 1) { 3399 /* 3400 * The original operation wasn't a solo sequence--we 3401 * always cache those--so this retry must not match the 3402 * original: 3403 */ 3404 op->status = nfserr_seq_false_retry; 3405 } else { 3406 op = &args->ops[resp->opcnt++]; 3407 op->status = nfserr_retry_uncached_rep; 3408 nfsd4_encode_operation(resp, op); 3409 } 3410 return op->status; 3411 } 3412 3413 /* 3414 * The sequence operation is not cached because we can use the slot and 3415 * session values. 3416 */ 3417 static __be32 3418 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp, 3419 struct nfsd4_sequence *seq) 3420 { 3421 struct nfsd4_slot *slot = resp->cstate.slot; 3422 struct xdr_stream *xdr = resp->xdr; 3423 __be32 *p; 3424 __be32 status; 3425 3426 dprintk("--> %s slot %p\n", __func__, slot); 3427 3428 status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp); 3429 if (status) 3430 return status; 3431 3432 p = xdr_reserve_space(xdr, slot->sl_datalen); 3433 if (!p) { 3434 WARN_ON_ONCE(1); 3435 return nfserr_serverfault; 3436 } 3437 xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen); 3438 xdr_commit_encode(xdr); 3439 3440 resp->opcnt = slot->sl_opcnt; 3441 return slot->sl_status; 3442 } 3443 3444 /* 3445 * Set the exchange_id flags returned by the server. 3446 */ 3447 static void 3448 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid) 3449 { 3450 #ifdef CONFIG_NFSD_PNFS 3451 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS; 3452 #else 3453 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS; 3454 #endif 3455 3456 /* Referrals are supported, Migration is not. */ 3457 new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER; 3458 3459 /* set the wire flags to return to client. */ 3460 clid->flags = new->cl_exchange_flags; 3461 } 3462 3463 static bool client_has_openowners(struct nfs4_client *clp) 3464 { 3465 struct nfs4_openowner *oo; 3466 3467 list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) { 3468 if (!list_empty(&oo->oo_owner.so_stateids)) 3469 return true; 3470 } 3471 return false; 3472 } 3473 3474 static bool client_has_state(struct nfs4_client *clp) 3475 { 3476 return client_has_openowners(clp) 3477 #ifdef CONFIG_NFSD_PNFS 3478 || !list_empty(&clp->cl_lo_states) 3479 #endif 3480 || !list_empty(&clp->cl_delegations) 3481 || !list_empty(&clp->cl_sessions) 3482 || !list_empty(&clp->async_copies); 3483 } 3484 3485 static __be32 copy_impl_id(struct nfs4_client *clp, 3486 struct nfsd4_exchange_id *exid) 3487 { 3488 if (!exid->nii_domain.data) 3489 return 0; 3490 xdr_netobj_dup(&clp->cl_nii_domain, &exid->nii_domain, GFP_KERNEL); 3491 if (!clp->cl_nii_domain.data) 3492 return nfserr_jukebox; 3493 xdr_netobj_dup(&clp->cl_nii_name, &exid->nii_name, GFP_KERNEL); 3494 if (!clp->cl_nii_name.data) 3495 return nfserr_jukebox; 3496 clp->cl_nii_time = exid->nii_time; 3497 return 0; 3498 } 3499 3500 __be32 3501 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 3502 union nfsd4_op_u *u) 3503 { 3504 struct nfsd4_exchange_id *exid = &u->exchange_id; 3505 struct nfs4_client *conf, *new; 3506 struct nfs4_client *unconf = NULL; 3507 __be32 status; 3508 char addr_str[INET6_ADDRSTRLEN]; 3509 nfs4_verifier verf = exid->verifier; 3510 struct sockaddr *sa = svc_addr(rqstp); 3511 bool update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A; 3512 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3513 3514 rpc_ntop(sa, addr_str, sizeof(addr_str)); 3515 dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p " 3516 "ip_addr=%s flags %x, spa_how %u\n", 3517 __func__, rqstp, exid, exid->clname.len, exid->clname.data, 3518 addr_str, exid->flags, exid->spa_how); 3519 3520 exid->server_impl_name = kasprintf(GFP_KERNEL, "%s %s %s %s", 3521 utsname()->sysname, utsname()->release, 3522 utsname()->version, utsname()->machine); 3523 if (!exid->server_impl_name) 3524 return nfserr_jukebox; 3525 3526 if (exid->flags & ~EXCHGID4_FLAG_MASK_A) 3527 return nfserr_inval; 3528 3529 new = create_client(exid->clname, rqstp, &verf); 3530 if (new == NULL) 3531 return nfserr_jukebox; 3532 status = copy_impl_id(new, exid); 3533 if (status) 3534 goto out_nolock; 3535 3536 switch (exid->spa_how) { 3537 case SP4_MACH_CRED: 3538 exid->spo_must_enforce[0] = 0; 3539 exid->spo_must_enforce[1] = ( 3540 1 << (OP_BIND_CONN_TO_SESSION - 32) | 3541 1 << (OP_EXCHANGE_ID - 32) | 3542 1 << (OP_CREATE_SESSION - 32) | 3543 1 << (OP_DESTROY_SESSION - 32) | 3544 1 << (OP_DESTROY_CLIENTID - 32)); 3545 3546 exid->spo_must_allow[0] &= (1 << (OP_CLOSE) | 3547 1 << (OP_OPEN_DOWNGRADE) | 3548 1 << (OP_LOCKU) | 3549 1 << (OP_DELEGRETURN)); 3550 3551 exid->spo_must_allow[1] &= ( 3552 1 << (OP_TEST_STATEID - 32) | 3553 1 << (OP_FREE_STATEID - 32)); 3554 if (!svc_rqst_integrity_protected(rqstp)) { 3555 status = nfserr_inval; 3556 goto out_nolock; 3557 } 3558 /* 3559 * Sometimes userspace doesn't give us a principal. 3560 * Which is a bug, really. Anyway, we can't enforce 3561 * MACH_CRED in that case, better to give up now: 3562 */ 3563 if (!new->cl_cred.cr_principal && 3564 !new->cl_cred.cr_raw_principal) { 3565 status = nfserr_serverfault; 3566 goto out_nolock; 3567 } 3568 new->cl_mach_cred = true; 3569 break; 3570 case SP4_NONE: 3571 break; 3572 default: /* checked by xdr code */ 3573 WARN_ON_ONCE(1); 3574 fallthrough; 3575 case SP4_SSV: 3576 status = nfserr_encr_alg_unsupp; 3577 goto out_nolock; 3578 } 3579 3580 /* Cases below refer to rfc 5661 section 18.35.4: */ 3581 spin_lock(&nn->client_lock); 3582 conf = find_confirmed_client_by_name(&exid->clname, nn); 3583 if (conf) { 3584 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred); 3585 bool verfs_match = same_verf(&verf, &conf->cl_verifier); 3586 3587 if (update) { 3588 if (!clp_used_exchangeid(conf)) { /* buggy client */ 3589 status = nfserr_inval; 3590 goto out; 3591 } 3592 if (!nfsd4_mach_creds_match(conf, rqstp)) { 3593 status = nfserr_wrong_cred; 3594 goto out; 3595 } 3596 if (!creds_match) { /* case 9 */ 3597 status = nfserr_perm; 3598 goto out; 3599 } 3600 if (!verfs_match) { /* case 8 */ 3601 status = nfserr_not_same; 3602 goto out; 3603 } 3604 /* case 6 */ 3605 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R; 3606 trace_nfsd_clid_confirmed_r(conf); 3607 goto out_copy; 3608 } 3609 if (!creds_match) { /* case 3 */ 3610 if (client_has_state(conf)) { 3611 status = nfserr_clid_inuse; 3612 trace_nfsd_clid_cred_mismatch(conf, rqstp); 3613 goto out; 3614 } 3615 goto out_new; 3616 } 3617 if (verfs_match) { /* case 2 */ 3618 conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R; 3619 trace_nfsd_clid_confirmed_r(conf); 3620 goto out_copy; 3621 } 3622 /* case 5, client reboot */ 3623 trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf); 3624 conf = NULL; 3625 goto out_new; 3626 } 3627 3628 if (update) { /* case 7 */ 3629 status = nfserr_noent; 3630 goto out; 3631 } 3632 3633 unconf = find_unconfirmed_client_by_name(&exid->clname, nn); 3634 if (unconf) /* case 4, possible retry or client restart */ 3635 unhash_client_locked(unconf); 3636 3637 /* case 1, new owner ID */ 3638 trace_nfsd_clid_fresh(new); 3639 3640 out_new: 3641 if (conf) { 3642 status = mark_client_expired_locked(conf); 3643 if (status) 3644 goto out; 3645 trace_nfsd_clid_replaced(&conf->cl_clientid); 3646 } 3647 new->cl_minorversion = cstate->minorversion; 3648 new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0]; 3649 new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1]; 3650 3651 /* Contrived initial CREATE_SESSION response */ 3652 new->cl_cs_slot.sl_status = nfserr_seq_misordered; 3653 3654 add_to_unconfirmed(new); 3655 swap(new, conf); 3656 out_copy: 3657 exid->clientid.cl_boot = conf->cl_clientid.cl_boot; 3658 exid->clientid.cl_id = conf->cl_clientid.cl_id; 3659 3660 exid->seqid = conf->cl_cs_slot.sl_seqid + 1; 3661 nfsd4_set_ex_flags(conf, exid); 3662 3663 exid->nii_domain.len = sizeof("kernel.org") - 1; 3664 exid->nii_domain.data = "kernel.org"; 3665 3666 /* 3667 * Note that RFC 8881 places no length limit on 3668 * nii_name, but this implementation permits no 3669 * more than NFS4_OPAQUE_LIMIT bytes. 3670 */ 3671 exid->nii_name.len = strlen(exid->server_impl_name); 3672 if (exid->nii_name.len > NFS4_OPAQUE_LIMIT) 3673 exid->nii_name.len = NFS4_OPAQUE_LIMIT; 3674 exid->nii_name.data = exid->server_impl_name; 3675 3676 /* just send zeros - the date is in nii_name */ 3677 exid->nii_time.tv_sec = 0; 3678 exid->nii_time.tv_nsec = 0; 3679 3680 dprintk("nfsd4_exchange_id seqid %d flags %x\n", 3681 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags); 3682 status = nfs_ok; 3683 3684 out: 3685 spin_unlock(&nn->client_lock); 3686 out_nolock: 3687 if (new) 3688 expire_client(new); 3689 if (unconf) { 3690 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 3691 expire_client(unconf); 3692 } 3693 return status; 3694 } 3695 3696 void 3697 nfsd4_exchange_id_release(union nfsd4_op_u *u) 3698 { 3699 struct nfsd4_exchange_id *exid = &u->exchange_id; 3700 3701 kfree(exid->server_impl_name); 3702 } 3703 3704 static __be32 check_slot_seqid(u32 seqid, u32 slot_seqid, bool slot_inuse) 3705 { 3706 /* The slot is in use, and no response has been sent. */ 3707 if (slot_inuse) { 3708 if (seqid == slot_seqid) 3709 return nfserr_jukebox; 3710 else 3711 return nfserr_seq_misordered; 3712 } 3713 /* Note unsigned 32-bit arithmetic handles wraparound: */ 3714 if (likely(seqid == slot_seqid + 1)) 3715 return nfs_ok; 3716 if (seqid == slot_seqid) 3717 return nfserr_replay_cache; 3718 return nfserr_seq_misordered; 3719 } 3720 3721 /* 3722 * Cache the create session result into the create session single DRC 3723 * slot cache by saving the xdr structure. sl_seqid has been set. 3724 * Do this for solo or embedded create session operations. 3725 */ 3726 static void 3727 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses, 3728 struct nfsd4_clid_slot *slot, __be32 nfserr) 3729 { 3730 slot->sl_status = nfserr; 3731 memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses)); 3732 } 3733 3734 static __be32 3735 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses, 3736 struct nfsd4_clid_slot *slot) 3737 { 3738 memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses)); 3739 return slot->sl_status; 3740 } 3741 3742 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\ 3743 2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \ 3744 1 + /* MIN tag is length with zero, only length */ \ 3745 3 + /* version, opcount, opcode */ \ 3746 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 3747 /* seqid, slotID, slotID, cache */ \ 3748 4 ) * sizeof(__be32)) 3749 3750 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\ 3751 2 + /* verifier: AUTH_NULL, length 0 */\ 3752 1 + /* status */ \ 3753 1 + /* MIN tag is length with zero, only length */ \ 3754 3 + /* opcount, opcode, opstatus*/ \ 3755 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 3756 /* seqid, slotID, slotID, slotID, status */ \ 3757 5 ) * sizeof(__be32)) 3758 3759 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 3760 { 3761 u32 maxrpc = nn->nfsd_serv->sv_max_mesg; 3762 3763 if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ) 3764 return nfserr_toosmall; 3765 if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ) 3766 return nfserr_toosmall; 3767 ca->headerpadsz = 0; 3768 ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc); 3769 ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc); 3770 ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND); 3771 ca->maxresp_cached = min_t(u32, ca->maxresp_cached, 3772 NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ); 3773 ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION); 3774 /* 3775 * Note decreasing slot size below client's request may make it 3776 * difficult for client to function correctly, whereas 3777 * decreasing the number of slots will (just?) affect 3778 * performance. When short on memory we therefore prefer to 3779 * decrease number of slots instead of their size. Clients that 3780 * request larger slots than they need will get poor results: 3781 * Note that we always allow at least one slot, because our 3782 * accounting is soft and provides no guarantees either way. 3783 */ 3784 ca->maxreqs = nfsd4_get_drc_mem(ca, nn); 3785 3786 return nfs_ok; 3787 } 3788 3789 /* 3790 * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now. 3791 * These are based on similar macros in linux/sunrpc/msg_prot.h . 3792 */ 3793 #define RPC_MAX_HEADER_WITH_AUTH_SYS \ 3794 (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK)) 3795 3796 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \ 3797 (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK)) 3798 3799 #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \ 3800 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32)) 3801 #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \ 3802 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \ 3803 sizeof(__be32)) 3804 3805 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) 3806 { 3807 ca->headerpadsz = 0; 3808 3809 if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ) 3810 return nfserr_toosmall; 3811 if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ) 3812 return nfserr_toosmall; 3813 ca->maxresp_cached = 0; 3814 if (ca->maxops < 2) 3815 return nfserr_toosmall; 3816 3817 return nfs_ok; 3818 } 3819 3820 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs) 3821 { 3822 switch (cbs->flavor) { 3823 case RPC_AUTH_NULL: 3824 case RPC_AUTH_UNIX: 3825 return nfs_ok; 3826 default: 3827 /* 3828 * GSS case: the spec doesn't allow us to return this 3829 * error. But it also doesn't allow us not to support 3830 * GSS. 3831 * I'd rather this fail hard than return some error the 3832 * client might think it can already handle: 3833 */ 3834 return nfserr_encr_alg_unsupp; 3835 } 3836 } 3837 3838 __be32 3839 nfsd4_create_session(struct svc_rqst *rqstp, 3840 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 3841 { 3842 struct nfsd4_create_session *cr_ses = &u->create_session; 3843 struct sockaddr *sa = svc_addr(rqstp); 3844 struct nfs4_client *conf, *unconf; 3845 struct nfsd4_clid_slot *cs_slot; 3846 struct nfs4_client *old = NULL; 3847 struct nfsd4_session *new; 3848 struct nfsd4_conn *conn; 3849 __be32 status = 0; 3850 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3851 3852 if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) 3853 return nfserr_inval; 3854 status = nfsd4_check_cb_sec(&cr_ses->cb_sec); 3855 if (status) 3856 return status; 3857 status = check_forechannel_attrs(&cr_ses->fore_channel, nn); 3858 if (status) 3859 return status; 3860 status = check_backchannel_attrs(&cr_ses->back_channel); 3861 if (status) 3862 goto out_release_drc_mem; 3863 status = nfserr_jukebox; 3864 new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel); 3865 if (!new) 3866 goto out_release_drc_mem; 3867 conn = alloc_conn_from_crses(rqstp, cr_ses); 3868 if (!conn) 3869 goto out_free_session; 3870 3871 spin_lock(&nn->client_lock); 3872 3873 /* RFC 8881 Section 18.36.4 Phase 1: Client record look-up. */ 3874 unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn); 3875 conf = find_confirmed_client(&cr_ses->clientid, true, nn); 3876 if (!conf && !unconf) { 3877 status = nfserr_stale_clientid; 3878 goto out_free_conn; 3879 } 3880 3881 /* RFC 8881 Section 18.36.4 Phase 2: Sequence ID processing. */ 3882 if (conf) { 3883 cs_slot = &conf->cl_cs_slot; 3884 trace_nfsd_slot_seqid_conf(conf, cr_ses); 3885 } else { 3886 cs_slot = &unconf->cl_cs_slot; 3887 trace_nfsd_slot_seqid_unconf(unconf, cr_ses); 3888 } 3889 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0); 3890 switch (status) { 3891 case nfs_ok: 3892 cs_slot->sl_seqid++; 3893 cr_ses->seqid = cs_slot->sl_seqid; 3894 break; 3895 case nfserr_replay_cache: 3896 status = nfsd4_replay_create_session(cr_ses, cs_slot); 3897 fallthrough; 3898 case nfserr_jukebox: 3899 /* The server MUST NOT cache NFS4ERR_DELAY */ 3900 goto out_free_conn; 3901 default: 3902 goto out_cache_error; 3903 } 3904 3905 /* RFC 8881 Section 18.36.4 Phase 3: Client ID confirmation. */ 3906 if (conf) { 3907 status = nfserr_wrong_cred; 3908 if (!nfsd4_mach_creds_match(conf, rqstp)) 3909 goto out_cache_error; 3910 } else { 3911 status = nfserr_clid_inuse; 3912 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) || 3913 !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) { 3914 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 3915 goto out_cache_error; 3916 } 3917 status = nfserr_wrong_cred; 3918 if (!nfsd4_mach_creds_match(unconf, rqstp)) 3919 goto out_cache_error; 3920 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 3921 if (old) { 3922 status = mark_client_expired_locked(old); 3923 if (status) 3924 goto out_expired_error; 3925 trace_nfsd_clid_replaced(&old->cl_clientid); 3926 } 3927 move_to_confirmed(unconf); 3928 conf = unconf; 3929 } 3930 3931 /* RFC 8881 Section 18.36.4 Phase 4: Session creation. */ 3932 status = nfs_ok; 3933 /* Persistent sessions are not supported */ 3934 cr_ses->flags &= ~SESSION4_PERSIST; 3935 /* Upshifting from TCP to RDMA is not supported */ 3936 cr_ses->flags &= ~SESSION4_RDMA; 3937 3938 init_session(rqstp, new, conf, cr_ses); 3939 nfsd4_get_session_locked(new); 3940 3941 memcpy(cr_ses->sessionid.data, new->se_sessionid.data, 3942 NFS4_MAX_SESSIONID_LEN); 3943 3944 /* cache solo and embedded create sessions under the client_lock */ 3945 nfsd4_cache_create_session(cr_ses, cs_slot, status); 3946 spin_unlock(&nn->client_lock); 3947 if (conf == unconf) 3948 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 3949 /* init connection and backchannel */ 3950 nfsd4_init_conn(rqstp, conn, new); 3951 nfsd4_put_session(new); 3952 if (old) 3953 expire_client(old); 3954 return status; 3955 3956 out_expired_error: 3957 /* 3958 * Revert the slot seq_nr change so the server will process 3959 * the client's resend instead of returning a cached response. 3960 */ 3961 if (status == nfserr_jukebox) { 3962 cs_slot->sl_seqid--; 3963 cr_ses->seqid = cs_slot->sl_seqid; 3964 goto out_free_conn; 3965 } 3966 out_cache_error: 3967 nfsd4_cache_create_session(cr_ses, cs_slot, status); 3968 out_free_conn: 3969 spin_unlock(&nn->client_lock); 3970 free_conn(conn); 3971 out_free_session: 3972 __free_session(new); 3973 out_release_drc_mem: 3974 nfsd4_put_drc_mem(&cr_ses->fore_channel); 3975 return status; 3976 } 3977 3978 static __be32 nfsd4_map_bcts_dir(u32 *dir) 3979 { 3980 switch (*dir) { 3981 case NFS4_CDFC4_FORE: 3982 case NFS4_CDFC4_BACK: 3983 return nfs_ok; 3984 case NFS4_CDFC4_FORE_OR_BOTH: 3985 case NFS4_CDFC4_BACK_OR_BOTH: 3986 *dir = NFS4_CDFC4_BOTH; 3987 return nfs_ok; 3988 } 3989 return nfserr_inval; 3990 } 3991 3992 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, 3993 struct nfsd4_compound_state *cstate, 3994 union nfsd4_op_u *u) 3995 { 3996 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl; 3997 struct nfsd4_session *session = cstate->session; 3998 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3999 __be32 status; 4000 4001 status = nfsd4_check_cb_sec(&bc->bc_cb_sec); 4002 if (status) 4003 return status; 4004 spin_lock(&nn->client_lock); 4005 session->se_cb_prog = bc->bc_cb_program; 4006 session->se_cb_sec = bc->bc_cb_sec; 4007 spin_unlock(&nn->client_lock); 4008 4009 nfsd4_probe_callback(session->se_client); 4010 4011 return nfs_ok; 4012 } 4013 4014 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s) 4015 { 4016 struct nfsd4_conn *c; 4017 4018 list_for_each_entry(c, &s->se_conns, cn_persession) { 4019 if (c->cn_xprt == xpt) { 4020 return c; 4021 } 4022 } 4023 return NULL; 4024 } 4025 4026 static __be32 nfsd4_match_existing_connection(struct svc_rqst *rqst, 4027 struct nfsd4_session *session, u32 req, struct nfsd4_conn **conn) 4028 { 4029 struct nfs4_client *clp = session->se_client; 4030 struct svc_xprt *xpt = rqst->rq_xprt; 4031 struct nfsd4_conn *c; 4032 __be32 status; 4033 4034 /* Following the last paragraph of RFC 5661 Section 18.34.3: */ 4035 spin_lock(&clp->cl_lock); 4036 c = __nfsd4_find_conn(xpt, session); 4037 if (!c) 4038 status = nfserr_noent; 4039 else if (req == c->cn_flags) 4040 status = nfs_ok; 4041 else if (req == NFS4_CDFC4_FORE_OR_BOTH && 4042 c->cn_flags != NFS4_CDFC4_BACK) 4043 status = nfs_ok; 4044 else if (req == NFS4_CDFC4_BACK_OR_BOTH && 4045 c->cn_flags != NFS4_CDFC4_FORE) 4046 status = nfs_ok; 4047 else 4048 status = nfserr_inval; 4049 spin_unlock(&clp->cl_lock); 4050 if (status == nfs_ok && conn) 4051 *conn = c; 4052 return status; 4053 } 4054 4055 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, 4056 struct nfsd4_compound_state *cstate, 4057 union nfsd4_op_u *u) 4058 { 4059 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 4060 __be32 status; 4061 struct nfsd4_conn *conn; 4062 struct nfsd4_session *session; 4063 struct net *net = SVC_NET(rqstp); 4064 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4065 4066 if (!nfsd4_last_compound_op(rqstp)) 4067 return nfserr_not_only_op; 4068 spin_lock(&nn->client_lock); 4069 session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status); 4070 spin_unlock(&nn->client_lock); 4071 if (!session) 4072 goto out_no_session; 4073 status = nfserr_wrong_cred; 4074 if (!nfsd4_mach_creds_match(session->se_client, rqstp)) 4075 goto out; 4076 status = nfsd4_match_existing_connection(rqstp, session, 4077 bcts->dir, &conn); 4078 if (status == nfs_ok) { 4079 if (bcts->dir == NFS4_CDFC4_FORE_OR_BOTH || 4080 bcts->dir == NFS4_CDFC4_BACK) 4081 conn->cn_flags |= NFS4_CDFC4_BACK; 4082 nfsd4_probe_callback(session->se_client); 4083 goto out; 4084 } 4085 if (status == nfserr_inval) 4086 goto out; 4087 status = nfsd4_map_bcts_dir(&bcts->dir); 4088 if (status) 4089 goto out; 4090 conn = alloc_conn(rqstp, bcts->dir); 4091 status = nfserr_jukebox; 4092 if (!conn) 4093 goto out; 4094 nfsd4_init_conn(rqstp, conn, session); 4095 status = nfs_ok; 4096 out: 4097 nfsd4_put_session(session); 4098 out_no_session: 4099 return status; 4100 } 4101 4102 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid) 4103 { 4104 if (!cstate->session) 4105 return false; 4106 return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid)); 4107 } 4108 4109 __be32 4110 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate, 4111 union nfsd4_op_u *u) 4112 { 4113 struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid; 4114 struct nfsd4_session *ses; 4115 __be32 status; 4116 int ref_held_by_me = 0; 4117 struct net *net = SVC_NET(r); 4118 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4119 4120 status = nfserr_not_only_op; 4121 if (nfsd4_compound_in_session(cstate, sessionid)) { 4122 if (!nfsd4_last_compound_op(r)) 4123 goto out; 4124 ref_held_by_me++; 4125 } 4126 dump_sessionid(__func__, sessionid); 4127 spin_lock(&nn->client_lock); 4128 ses = find_in_sessionid_hashtbl(sessionid, net, &status); 4129 if (!ses) 4130 goto out_client_lock; 4131 status = nfserr_wrong_cred; 4132 if (!nfsd4_mach_creds_match(ses->se_client, r)) 4133 goto out_put_session; 4134 status = mark_session_dead_locked(ses, 1 + ref_held_by_me); 4135 if (status) 4136 goto out_put_session; 4137 unhash_session(ses); 4138 spin_unlock(&nn->client_lock); 4139 4140 nfsd4_probe_callback_sync(ses->se_client); 4141 4142 spin_lock(&nn->client_lock); 4143 status = nfs_ok; 4144 out_put_session: 4145 nfsd4_put_session_locked(ses); 4146 out_client_lock: 4147 spin_unlock(&nn->client_lock); 4148 out: 4149 return status; 4150 } 4151 4152 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses) 4153 { 4154 struct nfs4_client *clp = ses->se_client; 4155 struct nfsd4_conn *c; 4156 __be32 status = nfs_ok; 4157 int ret; 4158 4159 spin_lock(&clp->cl_lock); 4160 c = __nfsd4_find_conn(new->cn_xprt, ses); 4161 if (c) 4162 goto out_free; 4163 status = nfserr_conn_not_bound_to_session; 4164 if (clp->cl_mach_cred) 4165 goto out_free; 4166 __nfsd4_hash_conn(new, ses); 4167 spin_unlock(&clp->cl_lock); 4168 ret = nfsd4_register_conn(new); 4169 if (ret) 4170 /* oops; xprt is already down: */ 4171 nfsd4_conn_lost(&new->cn_xpt_user); 4172 return nfs_ok; 4173 out_free: 4174 spin_unlock(&clp->cl_lock); 4175 free_conn(new); 4176 return status; 4177 } 4178 4179 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session) 4180 { 4181 struct nfsd4_compoundargs *args = rqstp->rq_argp; 4182 4183 return args->opcnt > session->se_fchannel.maxops; 4184 } 4185 4186 static bool nfsd4_request_too_big(struct svc_rqst *rqstp, 4187 struct nfsd4_session *session) 4188 { 4189 struct xdr_buf *xb = &rqstp->rq_arg; 4190 4191 return xb->len > session->se_fchannel.maxreq_sz; 4192 } 4193 4194 static bool replay_matches_cache(struct svc_rqst *rqstp, 4195 struct nfsd4_sequence *seq, struct nfsd4_slot *slot) 4196 { 4197 struct nfsd4_compoundargs *argp = rqstp->rq_argp; 4198 4199 if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) != 4200 (bool)seq->cachethis) 4201 return false; 4202 /* 4203 * If there's an error then the reply can have fewer ops than 4204 * the call. 4205 */ 4206 if (slot->sl_opcnt < argp->opcnt && !slot->sl_status) 4207 return false; 4208 /* 4209 * But if we cached a reply with *more* ops than the call you're 4210 * sending us now, then this new call is clearly not really a 4211 * replay of the old one: 4212 */ 4213 if (slot->sl_opcnt > argp->opcnt) 4214 return false; 4215 /* This is the only check explicitly called by spec: */ 4216 if (!same_creds(&rqstp->rq_cred, &slot->sl_cred)) 4217 return false; 4218 /* 4219 * There may be more comparisons we could actually do, but the 4220 * spec doesn't require us to catch every case where the calls 4221 * don't match (that would require caching the call as well as 4222 * the reply), so we don't bother. 4223 */ 4224 return true; 4225 } 4226 4227 __be32 4228 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4229 union nfsd4_op_u *u) 4230 { 4231 struct nfsd4_sequence *seq = &u->sequence; 4232 struct nfsd4_compoundres *resp = rqstp->rq_resp; 4233 struct xdr_stream *xdr = resp->xdr; 4234 struct nfsd4_session *session; 4235 struct nfs4_client *clp; 4236 struct nfsd4_slot *slot; 4237 struct nfsd4_conn *conn; 4238 __be32 status; 4239 int buflen; 4240 struct net *net = SVC_NET(rqstp); 4241 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4242 4243 if (resp->opcnt != 1) 4244 return nfserr_sequence_pos; 4245 4246 /* 4247 * Will be either used or freed by nfsd4_sequence_check_conn 4248 * below. 4249 */ 4250 conn = alloc_conn(rqstp, NFS4_CDFC4_FORE); 4251 if (!conn) 4252 return nfserr_jukebox; 4253 4254 spin_lock(&nn->client_lock); 4255 session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status); 4256 if (!session) 4257 goto out_no_session; 4258 clp = session->se_client; 4259 4260 status = nfserr_too_many_ops; 4261 if (nfsd4_session_too_many_ops(rqstp, session)) 4262 goto out_put_session; 4263 4264 status = nfserr_req_too_big; 4265 if (nfsd4_request_too_big(rqstp, session)) 4266 goto out_put_session; 4267 4268 status = nfserr_badslot; 4269 if (seq->slotid >= session->se_fchannel.maxreqs) 4270 goto out_put_session; 4271 4272 slot = session->se_slots[seq->slotid]; 4273 dprintk("%s: slotid %d\n", __func__, seq->slotid); 4274 4275 /* We do not negotiate the number of slots yet, so set the 4276 * maxslots to the session maxreqs which is used to encode 4277 * sr_highest_slotid and the sr_target_slot id to maxslots */ 4278 seq->maxslots = session->se_fchannel.maxreqs; 4279 4280 trace_nfsd_slot_seqid_sequence(clp, seq, slot); 4281 status = check_slot_seqid(seq->seqid, slot->sl_seqid, 4282 slot->sl_flags & NFSD4_SLOT_INUSE); 4283 if (status == nfserr_replay_cache) { 4284 status = nfserr_seq_misordered; 4285 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED)) 4286 goto out_put_session; 4287 status = nfserr_seq_false_retry; 4288 if (!replay_matches_cache(rqstp, seq, slot)) 4289 goto out_put_session; 4290 cstate->slot = slot; 4291 cstate->session = session; 4292 cstate->clp = clp; 4293 /* Return the cached reply status and set cstate->status 4294 * for nfsd4_proc_compound processing */ 4295 status = nfsd4_replay_cache_entry(resp, seq); 4296 cstate->status = nfserr_replay_cache; 4297 goto out; 4298 } 4299 if (status) 4300 goto out_put_session; 4301 4302 status = nfsd4_sequence_check_conn(conn, session); 4303 conn = NULL; 4304 if (status) 4305 goto out_put_session; 4306 4307 buflen = (seq->cachethis) ? 4308 session->se_fchannel.maxresp_cached : 4309 session->se_fchannel.maxresp_sz; 4310 status = (seq->cachethis) ? nfserr_rep_too_big_to_cache : 4311 nfserr_rep_too_big; 4312 if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack)) 4313 goto out_put_session; 4314 svc_reserve(rqstp, buflen); 4315 4316 status = nfs_ok; 4317 /* Success! bump slot seqid */ 4318 slot->sl_seqid = seq->seqid; 4319 slot->sl_flags |= NFSD4_SLOT_INUSE; 4320 if (seq->cachethis) 4321 slot->sl_flags |= NFSD4_SLOT_CACHETHIS; 4322 else 4323 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS; 4324 4325 cstate->slot = slot; 4326 cstate->session = session; 4327 cstate->clp = clp; 4328 4329 out: 4330 switch (clp->cl_cb_state) { 4331 case NFSD4_CB_DOWN: 4332 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 4333 break; 4334 case NFSD4_CB_FAULT: 4335 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 4336 break; 4337 default: 4338 seq->status_flags = 0; 4339 } 4340 if (!list_empty(&clp->cl_revoked)) 4341 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 4342 if (atomic_read(&clp->cl_admin_revoked)) 4343 seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED; 4344 trace_nfsd_seq4_status(rqstp, seq); 4345 out_no_session: 4346 if (conn) 4347 free_conn(conn); 4348 spin_unlock(&nn->client_lock); 4349 return status; 4350 out_put_session: 4351 nfsd4_put_session_locked(session); 4352 goto out_no_session; 4353 } 4354 4355 void 4356 nfsd4_sequence_done(struct nfsd4_compoundres *resp) 4357 { 4358 struct nfsd4_compound_state *cs = &resp->cstate; 4359 4360 if (nfsd4_has_session(cs)) { 4361 if (cs->status != nfserr_replay_cache) { 4362 nfsd4_store_cache_entry(resp); 4363 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE; 4364 } 4365 /* Drop session reference that was taken in nfsd4_sequence() */ 4366 nfsd4_put_session(cs->session); 4367 } else if (cs->clp) 4368 put_client_renew(cs->clp); 4369 } 4370 4371 __be32 4372 nfsd4_destroy_clientid(struct svc_rqst *rqstp, 4373 struct nfsd4_compound_state *cstate, 4374 union nfsd4_op_u *u) 4375 { 4376 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid; 4377 struct nfs4_client *conf, *unconf; 4378 struct nfs4_client *clp = NULL; 4379 __be32 status = 0; 4380 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4381 4382 spin_lock(&nn->client_lock); 4383 unconf = find_unconfirmed_client(&dc->clientid, true, nn); 4384 conf = find_confirmed_client(&dc->clientid, true, nn); 4385 WARN_ON_ONCE(conf && unconf); 4386 4387 if (conf) { 4388 if (client_has_state(conf)) { 4389 status = nfserr_clientid_busy; 4390 goto out; 4391 } 4392 status = mark_client_expired_locked(conf); 4393 if (status) 4394 goto out; 4395 clp = conf; 4396 } else if (unconf) 4397 clp = unconf; 4398 else { 4399 status = nfserr_stale_clientid; 4400 goto out; 4401 } 4402 if (!nfsd4_mach_creds_match(clp, rqstp)) { 4403 clp = NULL; 4404 status = nfserr_wrong_cred; 4405 goto out; 4406 } 4407 trace_nfsd_clid_destroyed(&clp->cl_clientid); 4408 unhash_client_locked(clp); 4409 out: 4410 spin_unlock(&nn->client_lock); 4411 if (clp) 4412 expire_client(clp); 4413 return status; 4414 } 4415 4416 __be32 4417 nfsd4_reclaim_complete(struct svc_rqst *rqstp, 4418 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 4419 { 4420 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete; 4421 struct nfs4_client *clp = cstate->clp; 4422 __be32 status = 0; 4423 4424 if (rc->rca_one_fs) { 4425 if (!cstate->current_fh.fh_dentry) 4426 return nfserr_nofilehandle; 4427 /* 4428 * We don't take advantage of the rca_one_fs case. 4429 * That's OK, it's optional, we can safely ignore it. 4430 */ 4431 return nfs_ok; 4432 } 4433 4434 status = nfserr_complete_already; 4435 if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 4436 goto out; 4437 4438 status = nfserr_stale_clientid; 4439 if (is_client_expired(clp)) 4440 /* 4441 * The following error isn't really legal. 4442 * But we only get here if the client just explicitly 4443 * destroyed the client. Surely it no longer cares what 4444 * error it gets back on an operation for the dead 4445 * client. 4446 */ 4447 goto out; 4448 4449 status = nfs_ok; 4450 trace_nfsd_clid_reclaim_complete(&clp->cl_clientid); 4451 nfsd4_client_record_create(clp); 4452 inc_reclaim_complete(clp); 4453 out: 4454 return status; 4455 } 4456 4457 __be32 4458 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4459 union nfsd4_op_u *u) 4460 { 4461 struct nfsd4_setclientid *setclid = &u->setclientid; 4462 struct xdr_netobj clname = setclid->se_name; 4463 nfs4_verifier clverifier = setclid->se_verf; 4464 struct nfs4_client *conf, *new; 4465 struct nfs4_client *unconf = NULL; 4466 __be32 status; 4467 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4468 4469 new = create_client(clname, rqstp, &clverifier); 4470 if (new == NULL) 4471 return nfserr_jukebox; 4472 spin_lock(&nn->client_lock); 4473 conf = find_confirmed_client_by_name(&clname, nn); 4474 if (conf && client_has_state(conf)) { 4475 status = nfserr_clid_inuse; 4476 if (clp_used_exchangeid(conf)) 4477 goto out; 4478 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4479 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4480 goto out; 4481 } 4482 } 4483 unconf = find_unconfirmed_client_by_name(&clname, nn); 4484 if (unconf) 4485 unhash_client_locked(unconf); 4486 if (conf) { 4487 if (same_verf(&conf->cl_verifier, &clverifier)) { 4488 copy_clid(new, conf); 4489 gen_confirm(new, nn); 4490 } else 4491 trace_nfsd_clid_verf_mismatch(conf, rqstp, 4492 &clverifier); 4493 } else 4494 trace_nfsd_clid_fresh(new); 4495 new->cl_minorversion = 0; 4496 gen_callback(new, setclid, rqstp); 4497 add_to_unconfirmed(new); 4498 setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot; 4499 setclid->se_clientid.cl_id = new->cl_clientid.cl_id; 4500 memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data)); 4501 new = NULL; 4502 status = nfs_ok; 4503 out: 4504 spin_unlock(&nn->client_lock); 4505 if (new) 4506 free_client(new); 4507 if (unconf) { 4508 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 4509 expire_client(unconf); 4510 } 4511 return status; 4512 } 4513 4514 __be32 4515 nfsd4_setclientid_confirm(struct svc_rqst *rqstp, 4516 struct nfsd4_compound_state *cstate, 4517 union nfsd4_op_u *u) 4518 { 4519 struct nfsd4_setclientid_confirm *setclientid_confirm = 4520 &u->setclientid_confirm; 4521 struct nfs4_client *conf, *unconf; 4522 struct nfs4_client *old = NULL; 4523 nfs4_verifier confirm = setclientid_confirm->sc_confirm; 4524 clientid_t * clid = &setclientid_confirm->sc_clientid; 4525 __be32 status; 4526 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4527 4528 if (STALE_CLIENTID(clid, nn)) 4529 return nfserr_stale_clientid; 4530 4531 spin_lock(&nn->client_lock); 4532 conf = find_confirmed_client(clid, false, nn); 4533 unconf = find_unconfirmed_client(clid, false, nn); 4534 /* 4535 * We try hard to give out unique clientid's, so if we get an 4536 * attempt to confirm the same clientid with a different cred, 4537 * the client may be buggy; this should never happen. 4538 * 4539 * Nevertheless, RFC 7530 recommends INUSE for this case: 4540 */ 4541 status = nfserr_clid_inuse; 4542 if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred)) { 4543 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 4544 goto out; 4545 } 4546 if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4547 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4548 goto out; 4549 } 4550 if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) { 4551 if (conf && same_verf(&confirm, &conf->cl_confirm)) { 4552 status = nfs_ok; 4553 } else 4554 status = nfserr_stale_clientid; 4555 goto out; 4556 } 4557 status = nfs_ok; 4558 if (conf) { 4559 old = unconf; 4560 unhash_client_locked(old); 4561 nfsd4_change_callback(conf, &unconf->cl_cb_conn); 4562 } else { 4563 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 4564 if (old) { 4565 status = nfserr_clid_inuse; 4566 if (client_has_state(old) 4567 && !same_creds(&unconf->cl_cred, 4568 &old->cl_cred)) { 4569 old = NULL; 4570 goto out; 4571 } 4572 status = mark_client_expired_locked(old); 4573 if (status) { 4574 old = NULL; 4575 goto out; 4576 } 4577 trace_nfsd_clid_replaced(&old->cl_clientid); 4578 } 4579 move_to_confirmed(unconf); 4580 conf = unconf; 4581 } 4582 get_client_locked(conf); 4583 spin_unlock(&nn->client_lock); 4584 if (conf == unconf) 4585 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 4586 nfsd4_probe_callback(conf); 4587 spin_lock(&nn->client_lock); 4588 put_client_renew_locked(conf); 4589 out: 4590 spin_unlock(&nn->client_lock); 4591 if (old) 4592 expire_client(old); 4593 return status; 4594 } 4595 4596 static struct nfs4_file *nfsd4_alloc_file(void) 4597 { 4598 return kmem_cache_alloc(file_slab, GFP_KERNEL); 4599 } 4600 4601 /* OPEN Share state helper functions */ 4602 4603 static void nfsd4_file_init(const struct svc_fh *fh, struct nfs4_file *fp) 4604 { 4605 refcount_set(&fp->fi_ref, 1); 4606 spin_lock_init(&fp->fi_lock); 4607 INIT_LIST_HEAD(&fp->fi_stateids); 4608 INIT_LIST_HEAD(&fp->fi_delegations); 4609 INIT_LIST_HEAD(&fp->fi_clnt_odstate); 4610 fh_copy_shallow(&fp->fi_fhandle, &fh->fh_handle); 4611 fp->fi_deleg_file = NULL; 4612 fp->fi_had_conflict = false; 4613 fp->fi_share_deny = 0; 4614 memset(fp->fi_fds, 0, sizeof(fp->fi_fds)); 4615 memset(fp->fi_access, 0, sizeof(fp->fi_access)); 4616 fp->fi_aliased = false; 4617 fp->fi_inode = d_inode(fh->fh_dentry); 4618 #ifdef CONFIG_NFSD_PNFS 4619 INIT_LIST_HEAD(&fp->fi_lo_states); 4620 atomic_set(&fp->fi_lo_recalls, 0); 4621 #endif 4622 } 4623 4624 void 4625 nfsd4_free_slabs(void) 4626 { 4627 kmem_cache_destroy(client_slab); 4628 kmem_cache_destroy(openowner_slab); 4629 kmem_cache_destroy(lockowner_slab); 4630 kmem_cache_destroy(file_slab); 4631 kmem_cache_destroy(stateid_slab); 4632 kmem_cache_destroy(deleg_slab); 4633 kmem_cache_destroy(odstate_slab); 4634 } 4635 4636 int 4637 nfsd4_init_slabs(void) 4638 { 4639 client_slab = KMEM_CACHE(nfs4_client, 0); 4640 if (client_slab == NULL) 4641 goto out; 4642 openowner_slab = KMEM_CACHE(nfs4_openowner, 0); 4643 if (openowner_slab == NULL) 4644 goto out_free_client_slab; 4645 lockowner_slab = KMEM_CACHE(nfs4_lockowner, 0); 4646 if (lockowner_slab == NULL) 4647 goto out_free_openowner_slab; 4648 file_slab = KMEM_CACHE(nfs4_file, 0); 4649 if (file_slab == NULL) 4650 goto out_free_lockowner_slab; 4651 stateid_slab = KMEM_CACHE(nfs4_ol_stateid, 0); 4652 if (stateid_slab == NULL) 4653 goto out_free_file_slab; 4654 deleg_slab = KMEM_CACHE(nfs4_delegation, 0); 4655 if (deleg_slab == NULL) 4656 goto out_free_stateid_slab; 4657 odstate_slab = KMEM_CACHE(nfs4_clnt_odstate, 0); 4658 if (odstate_slab == NULL) 4659 goto out_free_deleg_slab; 4660 return 0; 4661 4662 out_free_deleg_slab: 4663 kmem_cache_destroy(deleg_slab); 4664 out_free_stateid_slab: 4665 kmem_cache_destroy(stateid_slab); 4666 out_free_file_slab: 4667 kmem_cache_destroy(file_slab); 4668 out_free_lockowner_slab: 4669 kmem_cache_destroy(lockowner_slab); 4670 out_free_openowner_slab: 4671 kmem_cache_destroy(openowner_slab); 4672 out_free_client_slab: 4673 kmem_cache_destroy(client_slab); 4674 out: 4675 return -ENOMEM; 4676 } 4677 4678 static unsigned long 4679 nfsd4_state_shrinker_count(struct shrinker *shrink, struct shrink_control *sc) 4680 { 4681 int count; 4682 struct nfsd_net *nn = shrink->private_data; 4683 4684 count = atomic_read(&nn->nfsd_courtesy_clients); 4685 if (!count) 4686 count = atomic_long_read(&num_delegations); 4687 if (count) 4688 queue_work(laundry_wq, &nn->nfsd_shrinker_work); 4689 return (unsigned long)count; 4690 } 4691 4692 static unsigned long 4693 nfsd4_state_shrinker_scan(struct shrinker *shrink, struct shrink_control *sc) 4694 { 4695 return SHRINK_STOP; 4696 } 4697 4698 void 4699 nfsd4_init_leases_net(struct nfsd_net *nn) 4700 { 4701 struct sysinfo si; 4702 u64 max_clients; 4703 4704 nn->nfsd4_lease = 90; /* default lease time */ 4705 nn->nfsd4_grace = 90; 4706 nn->somebody_reclaimed = false; 4707 nn->track_reclaim_completes = false; 4708 nn->clverifier_counter = get_random_u32(); 4709 nn->clientid_base = get_random_u32(); 4710 nn->clientid_counter = nn->clientid_base + 1; 4711 nn->s2s_cp_cl_id = nn->clientid_counter++; 4712 4713 atomic_set(&nn->nfs4_client_count, 0); 4714 si_meminfo(&si); 4715 max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024); 4716 max_clients *= NFS4_CLIENTS_PER_GB; 4717 nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB); 4718 4719 atomic_set(&nn->nfsd_courtesy_clients, 0); 4720 } 4721 4722 enum rp_lock { 4723 RP_UNLOCKED, 4724 RP_LOCKED, 4725 RP_UNHASHED, 4726 }; 4727 4728 static void init_nfs4_replay(struct nfs4_replay *rp) 4729 { 4730 rp->rp_status = nfserr_serverfault; 4731 rp->rp_buflen = 0; 4732 rp->rp_buf = rp->rp_ibuf; 4733 atomic_set(&rp->rp_locked, RP_UNLOCKED); 4734 } 4735 4736 static int nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate, 4737 struct nfs4_stateowner *so) 4738 { 4739 if (!nfsd4_has_session(cstate)) { 4740 wait_var_event(&so->so_replay.rp_locked, 4741 atomic_cmpxchg(&so->so_replay.rp_locked, 4742 RP_UNLOCKED, RP_LOCKED) != RP_LOCKED); 4743 if (atomic_read(&so->so_replay.rp_locked) == RP_UNHASHED) 4744 return -EAGAIN; 4745 cstate->replay_owner = nfs4_get_stateowner(so); 4746 } 4747 return 0; 4748 } 4749 4750 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate) 4751 { 4752 struct nfs4_stateowner *so = cstate->replay_owner; 4753 4754 if (so != NULL) { 4755 cstate->replay_owner = NULL; 4756 atomic_set(&so->so_replay.rp_locked, RP_UNLOCKED); 4757 smp_mb__after_atomic(); 4758 wake_up_var(&so->so_replay.rp_locked); 4759 nfs4_put_stateowner(so); 4760 } 4761 } 4762 4763 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp) 4764 { 4765 struct nfs4_stateowner *sop; 4766 4767 sop = kmem_cache_alloc(slab, GFP_KERNEL); 4768 if (!sop) 4769 return NULL; 4770 4771 xdr_netobj_dup(&sop->so_owner, owner, GFP_KERNEL); 4772 if (!sop->so_owner.data) { 4773 kmem_cache_free(slab, sop); 4774 return NULL; 4775 } 4776 4777 INIT_LIST_HEAD(&sop->so_stateids); 4778 sop->so_client = clp; 4779 init_nfs4_replay(&sop->so_replay); 4780 atomic_set(&sop->so_count, 1); 4781 return sop; 4782 } 4783 4784 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval) 4785 { 4786 lockdep_assert_held(&clp->cl_lock); 4787 4788 list_add(&oo->oo_owner.so_strhash, 4789 &clp->cl_ownerstr_hashtbl[strhashval]); 4790 list_add(&oo->oo_perclient, &clp->cl_openowners); 4791 } 4792 4793 static void nfs4_unhash_openowner(struct nfs4_stateowner *so) 4794 { 4795 unhash_openowner_locked(openowner(so)); 4796 } 4797 4798 static void nfs4_free_openowner(struct nfs4_stateowner *so) 4799 { 4800 struct nfs4_openowner *oo = openowner(so); 4801 4802 kmem_cache_free(openowner_slab, oo); 4803 } 4804 4805 static const struct nfs4_stateowner_operations openowner_ops = { 4806 .so_unhash = nfs4_unhash_openowner, 4807 .so_free = nfs4_free_openowner, 4808 }; 4809 4810 static struct nfs4_ol_stateid * 4811 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 4812 { 4813 struct nfs4_ol_stateid *local, *ret = NULL; 4814 struct nfs4_openowner *oo = open->op_openowner; 4815 4816 lockdep_assert_held(&fp->fi_lock); 4817 4818 list_for_each_entry(local, &fp->fi_stateids, st_perfile) { 4819 /* ignore lock owners */ 4820 if (local->st_stateowner->so_is_open_owner == 0) 4821 continue; 4822 if (local->st_stateowner != &oo->oo_owner) 4823 continue; 4824 if (local->st_stid.sc_type == SC_TYPE_OPEN && 4825 !local->st_stid.sc_status) { 4826 ret = local; 4827 refcount_inc(&ret->st_stid.sc_count); 4828 break; 4829 } 4830 } 4831 return ret; 4832 } 4833 4834 static void nfsd4_drop_revoked_stid(struct nfs4_stid *s) 4835 __releases(&s->sc_client->cl_lock) 4836 { 4837 struct nfs4_client *cl = s->sc_client; 4838 LIST_HEAD(reaplist); 4839 struct nfs4_ol_stateid *stp; 4840 struct nfs4_delegation *dp; 4841 bool unhashed; 4842 4843 switch (s->sc_type) { 4844 case SC_TYPE_OPEN: 4845 stp = openlockstateid(s); 4846 if (unhash_open_stateid(stp, &reaplist)) 4847 put_ol_stateid_locked(stp, &reaplist); 4848 spin_unlock(&cl->cl_lock); 4849 free_ol_stateid_reaplist(&reaplist); 4850 break; 4851 case SC_TYPE_LOCK: 4852 stp = openlockstateid(s); 4853 unhashed = unhash_lock_stateid(stp); 4854 spin_unlock(&cl->cl_lock); 4855 if (unhashed) 4856 nfs4_put_stid(s); 4857 break; 4858 case SC_TYPE_DELEG: 4859 dp = delegstateid(s); 4860 list_del_init(&dp->dl_recall_lru); 4861 spin_unlock(&cl->cl_lock); 4862 nfs4_put_stid(s); 4863 break; 4864 default: 4865 spin_unlock(&cl->cl_lock); 4866 } 4867 } 4868 4869 static void nfsd40_drop_revoked_stid(struct nfs4_client *cl, 4870 stateid_t *stid) 4871 { 4872 /* NFSv4.0 has no way for the client to tell the server 4873 * that it can forget an admin-revoked stateid. 4874 * So we keep it around until the first time that the 4875 * client uses it, and drop it the first time 4876 * nfserr_admin_revoked is returned. 4877 * For v4.1 and later we wait until explicitly told 4878 * to free the stateid. 4879 */ 4880 if (cl->cl_minorversion == 0) { 4881 struct nfs4_stid *st; 4882 4883 spin_lock(&cl->cl_lock); 4884 st = find_stateid_locked(cl, stid); 4885 if (st) 4886 nfsd4_drop_revoked_stid(st); 4887 else 4888 spin_unlock(&cl->cl_lock); 4889 } 4890 } 4891 4892 static __be32 4893 nfsd4_verify_open_stid(struct nfs4_stid *s) 4894 { 4895 __be32 ret = nfs_ok; 4896 4897 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 4898 ret = nfserr_admin_revoked; 4899 else if (s->sc_status & SC_STATUS_REVOKED) 4900 ret = nfserr_deleg_revoked; 4901 else if (s->sc_status & SC_STATUS_CLOSED) 4902 ret = nfserr_bad_stateid; 4903 return ret; 4904 } 4905 4906 /* Lock the stateid st_mutex, and deal with races with CLOSE */ 4907 static __be32 4908 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp) 4909 { 4910 __be32 ret; 4911 4912 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX); 4913 ret = nfsd4_verify_open_stid(&stp->st_stid); 4914 if (ret == nfserr_admin_revoked) 4915 nfsd40_drop_revoked_stid(stp->st_stid.sc_client, 4916 &stp->st_stid.sc_stateid); 4917 4918 if (ret != nfs_ok) 4919 mutex_unlock(&stp->st_mutex); 4920 return ret; 4921 } 4922 4923 static struct nfs4_ol_stateid * 4924 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 4925 { 4926 struct nfs4_ol_stateid *stp; 4927 for (;;) { 4928 spin_lock(&fp->fi_lock); 4929 stp = nfsd4_find_existing_open(fp, open); 4930 spin_unlock(&fp->fi_lock); 4931 if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok) 4932 break; 4933 nfs4_put_stid(&stp->st_stid); 4934 } 4935 return stp; 4936 } 4937 4938 static struct nfs4_openowner * 4939 find_or_alloc_open_stateowner(unsigned int strhashval, struct nfsd4_open *open, 4940 struct nfsd4_compound_state *cstate) 4941 { 4942 struct nfs4_client *clp = cstate->clp; 4943 struct nfs4_openowner *oo, *new = NULL; 4944 4945 retry: 4946 spin_lock(&clp->cl_lock); 4947 oo = find_openstateowner_str(strhashval, open, clp); 4948 if (!oo && new) { 4949 hash_openowner(new, clp, strhashval); 4950 spin_unlock(&clp->cl_lock); 4951 return new; 4952 } 4953 spin_unlock(&clp->cl_lock); 4954 4955 if (oo && !(oo->oo_flags & NFS4_OO_CONFIRMED)) { 4956 /* Replace unconfirmed owners without checking for replay. */ 4957 release_openowner(oo); 4958 oo = NULL; 4959 } 4960 if (oo) { 4961 if (new) 4962 nfs4_free_stateowner(&new->oo_owner); 4963 return oo; 4964 } 4965 4966 new = alloc_stateowner(openowner_slab, &open->op_owner, clp); 4967 if (!new) 4968 return NULL; 4969 new->oo_owner.so_ops = &openowner_ops; 4970 new->oo_owner.so_is_open_owner = 1; 4971 new->oo_owner.so_seqid = open->op_seqid; 4972 new->oo_flags = 0; 4973 if (nfsd4_has_session(cstate)) 4974 new->oo_flags |= NFS4_OO_CONFIRMED; 4975 new->oo_time = 0; 4976 new->oo_last_closed_stid = NULL; 4977 INIT_LIST_HEAD(&new->oo_close_lru); 4978 goto retry; 4979 } 4980 4981 static struct nfs4_ol_stateid * 4982 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open) 4983 { 4984 4985 struct nfs4_openowner *oo = open->op_openowner; 4986 struct nfs4_ol_stateid *retstp = NULL; 4987 struct nfs4_ol_stateid *stp; 4988 4989 stp = open->op_stp; 4990 /* We are moving these outside of the spinlocks to avoid the warnings */ 4991 mutex_init(&stp->st_mutex); 4992 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 4993 4994 retry: 4995 spin_lock(&oo->oo_owner.so_client->cl_lock); 4996 spin_lock(&fp->fi_lock); 4997 4998 retstp = nfsd4_find_existing_open(fp, open); 4999 if (retstp) 5000 goto out_unlock; 5001 5002 open->op_stp = NULL; 5003 refcount_inc(&stp->st_stid.sc_count); 5004 stp->st_stid.sc_type = SC_TYPE_OPEN; 5005 INIT_LIST_HEAD(&stp->st_locks); 5006 stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner); 5007 get_nfs4_file(fp); 5008 stp->st_stid.sc_file = fp; 5009 stp->st_access_bmap = 0; 5010 stp->st_deny_bmap = 0; 5011 stp->st_openstp = NULL; 5012 list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids); 5013 list_add(&stp->st_perfile, &fp->fi_stateids); 5014 5015 out_unlock: 5016 spin_unlock(&fp->fi_lock); 5017 spin_unlock(&oo->oo_owner.so_client->cl_lock); 5018 if (retstp) { 5019 /* Handle races with CLOSE */ 5020 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 5021 nfs4_put_stid(&retstp->st_stid); 5022 goto retry; 5023 } 5024 /* To keep mutex tracking happy */ 5025 mutex_unlock(&stp->st_mutex); 5026 stp = retstp; 5027 } 5028 return stp; 5029 } 5030 5031 /* 5032 * In the 4.0 case we need to keep the owners around a little while to handle 5033 * CLOSE replay. We still do need to release any file access that is held by 5034 * them before returning however. 5035 */ 5036 static void 5037 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net) 5038 { 5039 struct nfs4_ol_stateid *last; 5040 struct nfs4_openowner *oo = openowner(s->st_stateowner); 5041 struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net, 5042 nfsd_net_id); 5043 5044 dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo); 5045 5046 /* 5047 * We know that we hold one reference via nfsd4_close, and another 5048 * "persistent" reference for the client. If the refcount is higher 5049 * than 2, then there are still calls in progress that are using this 5050 * stateid. We can't put the sc_file reference until they are finished. 5051 * Wait for the refcount to drop to 2. Since it has been unhashed, 5052 * there should be no danger of the refcount going back up again at 5053 * this point. 5054 * Some threads with a reference might be waiting for rp_locked, 5055 * so tell them to stop waiting. 5056 */ 5057 atomic_set(&oo->oo_owner.so_replay.rp_locked, RP_UNHASHED); 5058 smp_mb__after_atomic(); 5059 wake_up_var(&oo->oo_owner.so_replay.rp_locked); 5060 wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2); 5061 5062 release_all_access(s); 5063 if (s->st_stid.sc_file) { 5064 put_nfs4_file(s->st_stid.sc_file); 5065 s->st_stid.sc_file = NULL; 5066 } 5067 5068 spin_lock(&nn->client_lock); 5069 last = oo->oo_last_closed_stid; 5070 oo->oo_last_closed_stid = s; 5071 list_move_tail(&oo->oo_close_lru, &nn->close_lru); 5072 oo->oo_time = ktime_get_boottime_seconds(); 5073 spin_unlock(&nn->client_lock); 5074 if (last) 5075 nfs4_put_stid(&last->st_stid); 5076 } 5077 5078 static noinline_for_stack struct nfs4_file * 5079 nfsd4_file_hash_lookup(const struct svc_fh *fhp) 5080 { 5081 struct inode *inode = d_inode(fhp->fh_dentry); 5082 struct rhlist_head *tmp, *list; 5083 struct nfs4_file *fi; 5084 5085 rcu_read_lock(); 5086 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5087 nfs4_file_rhash_params); 5088 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5089 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5090 if (refcount_inc_not_zero(&fi->fi_ref)) { 5091 rcu_read_unlock(); 5092 return fi; 5093 } 5094 } 5095 } 5096 rcu_read_unlock(); 5097 return NULL; 5098 } 5099 5100 /* 5101 * On hash insertion, identify entries with the same inode but 5102 * distinct filehandles. They will all be on the list returned 5103 * by rhltable_lookup(). 5104 * 5105 * inode->i_lock prevents racing insertions from adding an entry 5106 * for the same inode/fhp pair twice. 5107 */ 5108 static noinline_for_stack struct nfs4_file * 5109 nfsd4_file_hash_insert(struct nfs4_file *new, const struct svc_fh *fhp) 5110 { 5111 struct inode *inode = d_inode(fhp->fh_dentry); 5112 struct rhlist_head *tmp, *list; 5113 struct nfs4_file *ret = NULL; 5114 bool alias_found = false; 5115 struct nfs4_file *fi; 5116 int err; 5117 5118 rcu_read_lock(); 5119 spin_lock(&inode->i_lock); 5120 5121 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5122 nfs4_file_rhash_params); 5123 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5124 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5125 if (refcount_inc_not_zero(&fi->fi_ref)) 5126 ret = fi; 5127 } else 5128 fi->fi_aliased = alias_found = true; 5129 } 5130 if (ret) 5131 goto out_unlock; 5132 5133 nfsd4_file_init(fhp, new); 5134 err = rhltable_insert(&nfs4_file_rhltable, &new->fi_rlist, 5135 nfs4_file_rhash_params); 5136 if (err) 5137 goto out_unlock; 5138 5139 new->fi_aliased = alias_found; 5140 ret = new; 5141 5142 out_unlock: 5143 spin_unlock(&inode->i_lock); 5144 rcu_read_unlock(); 5145 return ret; 5146 } 5147 5148 static noinline_for_stack void nfsd4_file_hash_remove(struct nfs4_file *fi) 5149 { 5150 rhltable_remove(&nfs4_file_rhltable, &fi->fi_rlist, 5151 nfs4_file_rhash_params); 5152 } 5153 5154 /* 5155 * Called to check deny when READ with all zero stateid or 5156 * WRITE with all zero or all one stateid 5157 */ 5158 static __be32 5159 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type) 5160 { 5161 struct nfs4_file *fp; 5162 __be32 ret = nfs_ok; 5163 5164 fp = nfsd4_file_hash_lookup(current_fh); 5165 if (!fp) 5166 return ret; 5167 5168 /* Check for conflicting share reservations */ 5169 spin_lock(&fp->fi_lock); 5170 if (fp->fi_share_deny & deny_type) 5171 ret = nfserr_locked; 5172 spin_unlock(&fp->fi_lock); 5173 put_nfs4_file(fp); 5174 return ret; 5175 } 5176 5177 static bool nfsd4_deleg_present(const struct inode *inode) 5178 { 5179 struct file_lock_context *ctx = locks_inode_context(inode); 5180 5181 return ctx && !list_empty_careful(&ctx->flc_lease); 5182 } 5183 5184 /** 5185 * nfsd_wait_for_delegreturn - wait for delegations to be returned 5186 * @rqstp: the RPC transaction being executed 5187 * @inode: in-core inode of the file being waited for 5188 * 5189 * The timeout prevents deadlock if all nfsd threads happen to be 5190 * tied up waiting for returning delegations. 5191 * 5192 * Return values: 5193 * %true: delegation was returned 5194 * %false: timed out waiting for delegreturn 5195 */ 5196 bool nfsd_wait_for_delegreturn(struct svc_rqst *rqstp, struct inode *inode) 5197 { 5198 long __maybe_unused timeo; 5199 5200 timeo = wait_var_event_timeout(inode, !nfsd4_deleg_present(inode), 5201 NFSD_DELEGRETURN_TIMEOUT); 5202 trace_nfsd_delegret_wakeup(rqstp, inode, timeo); 5203 return timeo > 0; 5204 } 5205 5206 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb) 5207 { 5208 struct nfs4_delegation *dp = cb_to_delegation(cb); 5209 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 5210 nfsd_net_id); 5211 5212 block_delegations(&dp->dl_stid.sc_file->fi_fhandle); 5213 5214 /* 5215 * We can't do this in nfsd_break_deleg_cb because it is 5216 * already holding inode->i_lock. 5217 * 5218 * If the dl_time != 0, then we know that it has already been 5219 * queued for a lease break. Don't queue it again. 5220 */ 5221 spin_lock(&state_lock); 5222 if (delegation_hashed(dp) && dp->dl_time == 0) { 5223 dp->dl_time = ktime_get_boottime_seconds(); 5224 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru); 5225 } 5226 spin_unlock(&state_lock); 5227 } 5228 5229 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb, 5230 struct rpc_task *task) 5231 { 5232 struct nfs4_delegation *dp = cb_to_delegation(cb); 5233 5234 trace_nfsd_cb_recall_done(&dp->dl_stid.sc_stateid, task); 5235 5236 if (dp->dl_stid.sc_status) 5237 /* CLOSED or REVOKED */ 5238 return 1; 5239 5240 switch (task->tk_status) { 5241 case 0: 5242 return 1; 5243 case -NFS4ERR_DELAY: 5244 rpc_delay(task, 2 * HZ); 5245 return 0; 5246 case -EBADHANDLE: 5247 case -NFS4ERR_BAD_STATEID: 5248 /* 5249 * Race: client probably got cb_recall before open reply 5250 * granting delegation. 5251 */ 5252 if (dp->dl_retries--) { 5253 rpc_delay(task, 2 * HZ); 5254 return 0; 5255 } 5256 fallthrough; 5257 default: 5258 return 1; 5259 } 5260 } 5261 5262 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb) 5263 { 5264 struct nfs4_delegation *dp = cb_to_delegation(cb); 5265 5266 nfs4_put_stid(&dp->dl_stid); 5267 } 5268 5269 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = { 5270 .prepare = nfsd4_cb_recall_prepare, 5271 .done = nfsd4_cb_recall_done, 5272 .release = nfsd4_cb_recall_release, 5273 .opcode = OP_CB_RECALL, 5274 }; 5275 5276 static void nfsd_break_one_deleg(struct nfs4_delegation *dp) 5277 { 5278 /* 5279 * We're assuming the state code never drops its reference 5280 * without first removing the lease. Since we're in this lease 5281 * callback (and since the lease code is serialized by the 5282 * flc_lock) we know the server hasn't removed the lease yet, and 5283 * we know it's safe to take a reference. 5284 */ 5285 refcount_inc(&dp->dl_stid.sc_count); 5286 WARN_ON_ONCE(!nfsd4_run_cb(&dp->dl_recall)); 5287 } 5288 5289 /* Called from break_lease() with flc_lock held. */ 5290 static bool 5291 nfsd_break_deleg_cb(struct file_lease *fl) 5292 { 5293 struct nfs4_delegation *dp = (struct nfs4_delegation *) fl->c.flc_owner; 5294 struct nfs4_file *fp = dp->dl_stid.sc_file; 5295 struct nfs4_client *clp = dp->dl_stid.sc_client; 5296 struct nfsd_net *nn; 5297 5298 trace_nfsd_cb_recall(&dp->dl_stid); 5299 5300 dp->dl_recalled = true; 5301 atomic_inc(&clp->cl_delegs_in_recall); 5302 if (try_to_expire_client(clp)) { 5303 nn = net_generic(clp->net, nfsd_net_id); 5304 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 5305 } 5306 5307 /* 5308 * We don't want the locks code to timeout the lease for us; 5309 * we'll remove it ourself if a delegation isn't returned 5310 * in time: 5311 */ 5312 fl->fl_break_time = 0; 5313 5314 fp->fi_had_conflict = true; 5315 nfsd_break_one_deleg(dp); 5316 return false; 5317 } 5318 5319 /** 5320 * nfsd_breaker_owns_lease - Check if lease conflict was resolved 5321 * @fl: Lock state to check 5322 * 5323 * Return values: 5324 * %true: Lease conflict was resolved 5325 * %false: Lease conflict was not resolved. 5326 */ 5327 static bool nfsd_breaker_owns_lease(struct file_lease *fl) 5328 { 5329 struct nfs4_delegation *dl = fl->c.flc_owner; 5330 struct svc_rqst *rqst; 5331 struct nfs4_client *clp; 5332 5333 rqst = nfsd_current_rqst(); 5334 if (!nfsd_v4client(rqst)) 5335 return false; 5336 clp = *(rqst->rq_lease_breaker); 5337 return dl->dl_stid.sc_client == clp; 5338 } 5339 5340 static int 5341 nfsd_change_deleg_cb(struct file_lease *onlist, int arg, 5342 struct list_head *dispose) 5343 { 5344 struct nfs4_delegation *dp = (struct nfs4_delegation *) onlist->c.flc_owner; 5345 struct nfs4_client *clp = dp->dl_stid.sc_client; 5346 5347 if (arg & F_UNLCK) { 5348 if (dp->dl_recalled) 5349 atomic_dec(&clp->cl_delegs_in_recall); 5350 return lease_modify(onlist, arg, dispose); 5351 } else 5352 return -EAGAIN; 5353 } 5354 5355 static const struct lease_manager_operations nfsd_lease_mng_ops = { 5356 .lm_breaker_owns_lease = nfsd_breaker_owns_lease, 5357 .lm_break = nfsd_break_deleg_cb, 5358 .lm_change = nfsd_change_deleg_cb, 5359 }; 5360 5361 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid) 5362 { 5363 if (nfsd4_has_session(cstate)) 5364 return nfs_ok; 5365 if (seqid == so->so_seqid - 1) 5366 return nfserr_replay_me; 5367 if (seqid == so->so_seqid) 5368 return nfs_ok; 5369 return nfserr_bad_seqid; 5370 } 5371 5372 static struct nfs4_client *lookup_clientid(clientid_t *clid, bool sessions, 5373 struct nfsd_net *nn) 5374 { 5375 struct nfs4_client *found; 5376 5377 spin_lock(&nn->client_lock); 5378 found = find_confirmed_client(clid, sessions, nn); 5379 if (found) 5380 atomic_inc(&found->cl_rpc_users); 5381 spin_unlock(&nn->client_lock); 5382 return found; 5383 } 5384 5385 static __be32 set_client(clientid_t *clid, 5386 struct nfsd4_compound_state *cstate, 5387 struct nfsd_net *nn) 5388 { 5389 if (cstate->clp) { 5390 if (!same_clid(&cstate->clp->cl_clientid, clid)) 5391 return nfserr_stale_clientid; 5392 return nfs_ok; 5393 } 5394 if (STALE_CLIENTID(clid, nn)) 5395 return nfserr_stale_clientid; 5396 /* 5397 * We're in the 4.0 case (otherwise the SEQUENCE op would have 5398 * set cstate->clp), so session = false: 5399 */ 5400 cstate->clp = lookup_clientid(clid, false, nn); 5401 if (!cstate->clp) 5402 return nfserr_expired; 5403 return nfs_ok; 5404 } 5405 5406 __be32 5407 nfsd4_process_open1(struct nfsd4_compound_state *cstate, 5408 struct nfsd4_open *open, struct nfsd_net *nn) 5409 { 5410 clientid_t *clientid = &open->op_clientid; 5411 struct nfs4_client *clp = NULL; 5412 unsigned int strhashval; 5413 struct nfs4_openowner *oo = NULL; 5414 __be32 status; 5415 5416 /* 5417 * In case we need it later, after we've already created the 5418 * file and don't want to risk a further failure: 5419 */ 5420 open->op_file = nfsd4_alloc_file(); 5421 if (open->op_file == NULL) 5422 return nfserr_jukebox; 5423 5424 status = set_client(clientid, cstate, nn); 5425 if (status) 5426 return status; 5427 clp = cstate->clp; 5428 5429 strhashval = ownerstr_hashval(&open->op_owner); 5430 retry: 5431 oo = find_or_alloc_open_stateowner(strhashval, open, cstate); 5432 open->op_openowner = oo; 5433 if (!oo) 5434 return nfserr_jukebox; 5435 if (nfsd4_cstate_assign_replay(cstate, &oo->oo_owner) == -EAGAIN) { 5436 nfs4_put_stateowner(&oo->oo_owner); 5437 goto retry; 5438 } 5439 status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); 5440 if (status) 5441 return status; 5442 5443 open->op_stp = nfs4_alloc_open_stateid(clp); 5444 if (!open->op_stp) 5445 return nfserr_jukebox; 5446 5447 if (nfsd4_has_session(cstate) && 5448 (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) { 5449 open->op_odstate = alloc_clnt_odstate(clp); 5450 if (!open->op_odstate) 5451 return nfserr_jukebox; 5452 } 5453 5454 return nfs_ok; 5455 } 5456 5457 static inline __be32 5458 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags) 5459 { 5460 if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ)) 5461 return nfserr_openmode; 5462 else 5463 return nfs_ok; 5464 } 5465 5466 static int share_access_to_flags(u32 share_access) 5467 { 5468 return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE; 5469 } 5470 5471 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, 5472 stateid_t *s) 5473 { 5474 struct nfs4_stid *ret; 5475 5476 ret = find_stateid_by_type(cl, s, SC_TYPE_DELEG, SC_STATUS_REVOKED); 5477 if (!ret) 5478 return NULL; 5479 return delegstateid(ret); 5480 } 5481 5482 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open) 5483 { 5484 return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR || 5485 open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH; 5486 } 5487 5488 static __be32 5489 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open, 5490 struct nfs4_delegation **dp) 5491 { 5492 int flags; 5493 __be32 status = nfserr_bad_stateid; 5494 struct nfs4_delegation *deleg; 5495 5496 deleg = find_deleg_stateid(cl, &open->op_delegate_stateid); 5497 if (deleg == NULL) 5498 goto out; 5499 if (deleg->dl_stid.sc_status & SC_STATUS_ADMIN_REVOKED) { 5500 nfs4_put_stid(&deleg->dl_stid); 5501 status = nfserr_admin_revoked; 5502 goto out; 5503 } 5504 if (deleg->dl_stid.sc_status & SC_STATUS_REVOKED) { 5505 nfs4_put_stid(&deleg->dl_stid); 5506 nfsd40_drop_revoked_stid(cl, &open->op_delegate_stateid); 5507 status = nfserr_deleg_revoked; 5508 goto out; 5509 } 5510 flags = share_access_to_flags(open->op_share_access); 5511 status = nfs4_check_delegmode(deleg, flags); 5512 if (status) { 5513 nfs4_put_stid(&deleg->dl_stid); 5514 goto out; 5515 } 5516 *dp = deleg; 5517 out: 5518 if (!nfsd4_is_deleg_cur(open)) 5519 return nfs_ok; 5520 if (status) 5521 return status; 5522 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 5523 return nfs_ok; 5524 } 5525 5526 static inline int nfs4_access_to_access(u32 nfs4_access) 5527 { 5528 int flags = 0; 5529 5530 if (nfs4_access & NFS4_SHARE_ACCESS_READ) 5531 flags |= NFSD_MAY_READ; 5532 if (nfs4_access & NFS4_SHARE_ACCESS_WRITE) 5533 flags |= NFSD_MAY_WRITE; 5534 return flags; 5535 } 5536 5537 static inline __be32 5538 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh, 5539 struct nfsd4_open *open) 5540 { 5541 struct iattr iattr = { 5542 .ia_valid = ATTR_SIZE, 5543 .ia_size = 0, 5544 }; 5545 struct nfsd_attrs attrs = { 5546 .na_iattr = &iattr, 5547 }; 5548 if (!open->op_truncate) 5549 return 0; 5550 if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE)) 5551 return nfserr_inval; 5552 return nfsd_setattr(rqstp, fh, &attrs, NULL); 5553 } 5554 5555 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp, 5556 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5557 struct nfsd4_open *open, bool new_stp) 5558 { 5559 struct nfsd_file *nf = NULL; 5560 __be32 status; 5561 int oflag = nfs4_access_to_omode(open->op_share_access); 5562 int access = nfs4_access_to_access(open->op_share_access); 5563 unsigned char old_access_bmap, old_deny_bmap; 5564 5565 spin_lock(&fp->fi_lock); 5566 5567 /* 5568 * Are we trying to set a deny mode that would conflict with 5569 * current access? 5570 */ 5571 status = nfs4_file_check_deny(fp, open->op_share_deny); 5572 if (status != nfs_ok) { 5573 if (status != nfserr_share_denied) { 5574 spin_unlock(&fp->fi_lock); 5575 goto out; 5576 } 5577 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5578 stp, open->op_share_deny, false)) 5579 status = nfserr_jukebox; 5580 spin_unlock(&fp->fi_lock); 5581 goto out; 5582 } 5583 5584 /* set access to the file */ 5585 status = nfs4_file_get_access(fp, open->op_share_access); 5586 if (status != nfs_ok) { 5587 if (status != nfserr_share_denied) { 5588 spin_unlock(&fp->fi_lock); 5589 goto out; 5590 } 5591 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5592 stp, open->op_share_access, true)) 5593 status = nfserr_jukebox; 5594 spin_unlock(&fp->fi_lock); 5595 goto out; 5596 } 5597 5598 /* Set access bits in stateid */ 5599 old_access_bmap = stp->st_access_bmap; 5600 set_access(open->op_share_access, stp); 5601 5602 /* Set new deny mask */ 5603 old_deny_bmap = stp->st_deny_bmap; 5604 set_deny(open->op_share_deny, stp); 5605 fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 5606 5607 if (!fp->fi_fds[oflag]) { 5608 spin_unlock(&fp->fi_lock); 5609 5610 status = nfsd_file_acquire_opened(rqstp, cur_fh, access, 5611 open->op_filp, &nf); 5612 if (status != nfs_ok) 5613 goto out_put_access; 5614 5615 spin_lock(&fp->fi_lock); 5616 if (!fp->fi_fds[oflag]) { 5617 fp->fi_fds[oflag] = nf; 5618 nf = NULL; 5619 } 5620 } 5621 spin_unlock(&fp->fi_lock); 5622 if (nf) 5623 nfsd_file_put(nf); 5624 5625 status = nfserrno(nfsd_open_break_lease(cur_fh->fh_dentry->d_inode, 5626 access)); 5627 if (status) 5628 goto out_put_access; 5629 5630 status = nfsd4_truncate(rqstp, cur_fh, open); 5631 if (status) 5632 goto out_put_access; 5633 out: 5634 return status; 5635 out_put_access: 5636 stp->st_access_bmap = old_access_bmap; 5637 nfs4_file_put_access(fp, open->op_share_access); 5638 reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp); 5639 goto out; 5640 } 5641 5642 static __be32 5643 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, 5644 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5645 struct nfsd4_open *open) 5646 { 5647 __be32 status; 5648 unsigned char old_deny_bmap = stp->st_deny_bmap; 5649 5650 if (!test_access(open->op_share_access, stp)) 5651 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open, false); 5652 5653 /* test and set deny mode */ 5654 spin_lock(&fp->fi_lock); 5655 status = nfs4_file_check_deny(fp, open->op_share_deny); 5656 switch (status) { 5657 case nfs_ok: 5658 set_deny(open->op_share_deny, stp); 5659 fp->fi_share_deny |= 5660 (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 5661 break; 5662 case nfserr_share_denied: 5663 if (nfs4_resolve_deny_conflicts_locked(fp, false, 5664 stp, open->op_share_deny, false)) 5665 status = nfserr_jukebox; 5666 break; 5667 } 5668 spin_unlock(&fp->fi_lock); 5669 5670 if (status != nfs_ok) 5671 return status; 5672 5673 status = nfsd4_truncate(rqstp, cur_fh, open); 5674 if (status != nfs_ok) 5675 reset_union_bmap_deny(old_deny_bmap, stp); 5676 return status; 5677 } 5678 5679 /* Should we give out recallable state?: */ 5680 static bool nfsd4_cb_channel_good(struct nfs4_client *clp) 5681 { 5682 if (clp->cl_cb_state == NFSD4_CB_UP) 5683 return true; 5684 /* 5685 * In the sessions case, since we don't have to establish a 5686 * separate connection for callbacks, we assume it's OK 5687 * until we hear otherwise: 5688 */ 5689 return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN; 5690 } 5691 5692 static struct file_lease *nfs4_alloc_init_lease(struct nfs4_delegation *dp, 5693 int flag) 5694 { 5695 struct file_lease *fl; 5696 5697 fl = locks_alloc_lease(); 5698 if (!fl) 5699 return NULL; 5700 fl->fl_lmops = &nfsd_lease_mng_ops; 5701 fl->c.flc_flags = FL_DELEG; 5702 fl->c.flc_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK; 5703 fl->c.flc_owner = (fl_owner_t)dp; 5704 fl->c.flc_pid = current->tgid; 5705 fl->c.flc_file = dp->dl_stid.sc_file->fi_deleg_file->nf_file; 5706 return fl; 5707 } 5708 5709 static int nfsd4_check_conflicting_opens(struct nfs4_client *clp, 5710 struct nfs4_file *fp) 5711 { 5712 struct nfs4_ol_stateid *st; 5713 struct file *f = fp->fi_deleg_file->nf_file; 5714 struct inode *ino = file_inode(f); 5715 int writes; 5716 5717 writes = atomic_read(&ino->i_writecount); 5718 if (!writes) 5719 return 0; 5720 /* 5721 * There could be multiple filehandles (hence multiple 5722 * nfs4_files) referencing this file, but that's not too 5723 * common; let's just give up in that case rather than 5724 * trying to go look up all the clients using that other 5725 * nfs4_file as well: 5726 */ 5727 if (fp->fi_aliased) 5728 return -EAGAIN; 5729 /* 5730 * If there's a close in progress, make sure that we see it 5731 * clear any fi_fds[] entries before we see it decrement 5732 * i_writecount: 5733 */ 5734 smp_mb__after_atomic(); 5735 5736 if (fp->fi_fds[O_WRONLY]) 5737 writes--; 5738 if (fp->fi_fds[O_RDWR]) 5739 writes--; 5740 if (writes > 0) 5741 return -EAGAIN; /* There may be non-NFSv4 writers */ 5742 /* 5743 * It's possible there are non-NFSv4 write opens in progress, 5744 * but if they haven't incremented i_writecount yet then they 5745 * also haven't called break lease yet; so, they'll break this 5746 * lease soon enough. So, all that's left to check for is NFSv4 5747 * opens: 5748 */ 5749 spin_lock(&fp->fi_lock); 5750 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 5751 if (st->st_openstp == NULL /* it's an open */ && 5752 access_permit_write(st) && 5753 st->st_stid.sc_client != clp) { 5754 spin_unlock(&fp->fi_lock); 5755 return -EAGAIN; 5756 } 5757 } 5758 spin_unlock(&fp->fi_lock); 5759 /* 5760 * There's a small chance that we could be racing with another 5761 * NFSv4 open. However, any open that hasn't added itself to 5762 * the fi_stateids list also hasn't called break_lease yet; so, 5763 * they'll break this lease soon enough. 5764 */ 5765 return 0; 5766 } 5767 5768 /* 5769 * It's possible that between opening the dentry and setting the delegation, 5770 * that it has been renamed or unlinked. Redo the lookup to verify that this 5771 * hasn't happened. 5772 */ 5773 static int 5774 nfsd4_verify_deleg_dentry(struct nfsd4_open *open, struct nfs4_file *fp, 5775 struct svc_fh *parent) 5776 { 5777 struct svc_export *exp; 5778 struct dentry *child; 5779 __be32 err; 5780 5781 err = nfsd_lookup_dentry(open->op_rqstp, parent, 5782 open->op_fname, open->op_fnamelen, 5783 &exp, &child); 5784 5785 if (err) 5786 return -EAGAIN; 5787 5788 exp_put(exp); 5789 dput(child); 5790 if (child != file_dentry(fp->fi_deleg_file->nf_file)) 5791 return -EAGAIN; 5792 5793 return 0; 5794 } 5795 5796 /* 5797 * We avoid breaking delegations held by a client due to its own activity, but 5798 * clearing setuid/setgid bits on a write is an implicit activity and the client 5799 * may not notice and continue using the old mode. Avoid giving out a delegation 5800 * on setuid/setgid files when the client is requesting an open for write. 5801 */ 5802 static int 5803 nfsd4_verify_setuid_write(struct nfsd4_open *open, struct nfsd_file *nf) 5804 { 5805 struct inode *inode = file_inode(nf->nf_file); 5806 5807 if ((open->op_share_access & NFS4_SHARE_ACCESS_WRITE) && 5808 (inode->i_mode & (S_ISUID|S_ISGID))) 5809 return -EAGAIN; 5810 return 0; 5811 } 5812 5813 static struct nfs4_delegation * 5814 nfs4_set_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp, 5815 struct svc_fh *parent) 5816 { 5817 int status = 0; 5818 struct nfs4_client *clp = stp->st_stid.sc_client; 5819 struct nfs4_file *fp = stp->st_stid.sc_file; 5820 struct nfs4_clnt_odstate *odstate = stp->st_clnt_odstate; 5821 struct nfs4_delegation *dp; 5822 struct nfsd_file *nf = NULL; 5823 struct file_lease *fl; 5824 u32 dl_type; 5825 5826 /* 5827 * The fi_had_conflict and nfs_get_existing_delegation checks 5828 * here are just optimizations; we'll need to recheck them at 5829 * the end: 5830 */ 5831 if (fp->fi_had_conflict) 5832 return ERR_PTR(-EAGAIN); 5833 5834 /* 5835 * Try for a write delegation first. RFC8881 section 10.4 says: 5836 * 5837 * "An OPEN_DELEGATE_WRITE delegation allows the client to handle, 5838 * on its own, all opens." 5839 * 5840 * Furthermore the client can use a write delegation for most READ 5841 * operations as well, so we require a O_RDWR file here. 5842 * 5843 * Offer a write delegation in the case of a BOTH open, and ensure 5844 * we get the O_RDWR descriptor. 5845 */ 5846 if ((open->op_share_access & NFS4_SHARE_ACCESS_BOTH) == NFS4_SHARE_ACCESS_BOTH) { 5847 nf = find_rw_file(fp); 5848 dl_type = NFS4_OPEN_DELEGATE_WRITE; 5849 } 5850 5851 /* 5852 * If the file is being opened O_RDONLY or we couldn't get a O_RDWR 5853 * file for some reason, then try for a read delegation instead. 5854 */ 5855 if (!nf && (open->op_share_access & NFS4_SHARE_ACCESS_READ)) { 5856 nf = find_readable_file(fp); 5857 dl_type = NFS4_OPEN_DELEGATE_READ; 5858 } 5859 5860 if (!nf) 5861 return ERR_PTR(-EAGAIN); 5862 5863 spin_lock(&state_lock); 5864 spin_lock(&fp->fi_lock); 5865 if (nfs4_delegation_exists(clp, fp)) 5866 status = -EAGAIN; 5867 else if (nfsd4_verify_setuid_write(open, nf)) 5868 status = -EAGAIN; 5869 else if (!fp->fi_deleg_file) { 5870 fp->fi_deleg_file = nf; 5871 /* increment early to prevent fi_deleg_file from being 5872 * cleared */ 5873 fp->fi_delegees = 1; 5874 nf = NULL; 5875 } else 5876 fp->fi_delegees++; 5877 spin_unlock(&fp->fi_lock); 5878 spin_unlock(&state_lock); 5879 if (nf) 5880 nfsd_file_put(nf); 5881 if (status) 5882 return ERR_PTR(status); 5883 5884 status = -ENOMEM; 5885 dp = alloc_init_deleg(clp, fp, odstate, dl_type); 5886 if (!dp) 5887 goto out_delegees; 5888 5889 fl = nfs4_alloc_init_lease(dp, dl_type); 5890 if (!fl) 5891 goto out_clnt_odstate; 5892 5893 status = kernel_setlease(fp->fi_deleg_file->nf_file, 5894 fl->c.flc_type, &fl, NULL); 5895 if (fl) 5896 locks_free_lease(fl); 5897 if (status) 5898 goto out_clnt_odstate; 5899 5900 if (parent) { 5901 status = nfsd4_verify_deleg_dentry(open, fp, parent); 5902 if (status) 5903 goto out_unlock; 5904 } 5905 5906 status = nfsd4_check_conflicting_opens(clp, fp); 5907 if (status) 5908 goto out_unlock; 5909 5910 /* 5911 * Now that the deleg is set, check again to ensure that nothing 5912 * raced in and changed the mode while we weren't looking. 5913 */ 5914 status = nfsd4_verify_setuid_write(open, fp->fi_deleg_file); 5915 if (status) 5916 goto out_unlock; 5917 5918 status = -EAGAIN; 5919 if (fp->fi_had_conflict) 5920 goto out_unlock; 5921 5922 spin_lock(&state_lock); 5923 spin_lock(&clp->cl_lock); 5924 spin_lock(&fp->fi_lock); 5925 status = hash_delegation_locked(dp, fp); 5926 spin_unlock(&fp->fi_lock); 5927 spin_unlock(&clp->cl_lock); 5928 spin_unlock(&state_lock); 5929 5930 if (status) 5931 goto out_unlock; 5932 5933 return dp; 5934 out_unlock: 5935 kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp); 5936 out_clnt_odstate: 5937 put_clnt_odstate(dp->dl_clnt_odstate); 5938 nfs4_put_stid(&dp->dl_stid); 5939 out_delegees: 5940 put_deleg_file(fp); 5941 return ERR_PTR(status); 5942 } 5943 5944 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status) 5945 { 5946 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 5947 if (status == -EAGAIN) 5948 open->op_why_no_deleg = WND4_CONTENTION; 5949 else { 5950 open->op_why_no_deleg = WND4_RESOURCE; 5951 switch (open->op_deleg_want) { 5952 case NFS4_SHARE_WANT_READ_DELEG: 5953 case NFS4_SHARE_WANT_WRITE_DELEG: 5954 case NFS4_SHARE_WANT_ANY_DELEG: 5955 break; 5956 case NFS4_SHARE_WANT_CANCEL: 5957 open->op_why_no_deleg = WND4_CANCELLED; 5958 break; 5959 case NFS4_SHARE_WANT_NO_DELEG: 5960 WARN_ON_ONCE(1); 5961 } 5962 } 5963 } 5964 5965 static bool 5966 nfs4_delegation_stat(struct nfs4_delegation *dp, struct svc_fh *currentfh, 5967 struct kstat *stat) 5968 { 5969 struct nfsd_file *nf = find_rw_file(dp->dl_stid.sc_file); 5970 struct path path; 5971 int rc; 5972 5973 if (!nf) 5974 return false; 5975 5976 path.mnt = currentfh->fh_export->ex_path.mnt; 5977 path.dentry = file_dentry(nf->nf_file); 5978 5979 rc = vfs_getattr(&path, stat, 5980 (STATX_MODE | STATX_SIZE | STATX_CTIME | STATX_CHANGE_COOKIE), 5981 AT_STATX_SYNC_AS_STAT); 5982 5983 nfsd_file_put(nf); 5984 return rc == 0; 5985 } 5986 5987 /* 5988 * The Linux NFS server does not offer write delegations to NFSv4.0 5989 * clients in order to avoid conflicts between write delegations and 5990 * GETATTRs requesting CHANGE or SIZE attributes. 5991 * 5992 * With NFSv4.1 and later minorversions, the SEQUENCE operation that 5993 * begins each COMPOUND contains a client ID. Delegation recall can 5994 * be avoided when the server recognizes the client sending a 5995 * GETATTR also holds write delegation it conflicts with. 5996 * 5997 * However, the NFSv4.0 protocol does not enable a server to 5998 * determine that a GETATTR originated from the client holding the 5999 * conflicting delegation versus coming from some other client. Per 6000 * RFC 7530 Section 16.7.5, the server must recall or send a 6001 * CB_GETATTR even when the GETATTR originates from the client that 6002 * holds the conflicting delegation. 6003 * 6004 * An NFSv4.0 client can trigger a pathological situation if it 6005 * always sends a DELEGRETURN preceded by a conflicting GETATTR in 6006 * the same COMPOUND. COMPOUND execution will always stop at the 6007 * GETATTR and the DELEGRETURN will never get executed. The server 6008 * eventually revokes the delegation, which can result in loss of 6009 * open or lock state. 6010 */ 6011 static void 6012 nfs4_open_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp, 6013 struct svc_fh *currentfh) 6014 { 6015 struct nfs4_delegation *dp; 6016 struct nfs4_openowner *oo = openowner(stp->st_stateowner); 6017 struct nfs4_client *clp = stp->st_stid.sc_client; 6018 struct svc_fh *parent = NULL; 6019 int cb_up; 6020 int status = 0; 6021 struct kstat stat; 6022 6023 cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client); 6024 open->op_recall = false; 6025 switch (open->op_claim_type) { 6026 case NFS4_OPEN_CLAIM_PREVIOUS: 6027 if (!cb_up) 6028 open->op_recall = true; 6029 break; 6030 case NFS4_OPEN_CLAIM_NULL: 6031 parent = currentfh; 6032 fallthrough; 6033 case NFS4_OPEN_CLAIM_FH: 6034 /* 6035 * Let's not give out any delegations till everyone's 6036 * had the chance to reclaim theirs, *and* until 6037 * NLM locks have all been reclaimed: 6038 */ 6039 if (locks_in_grace(clp->net)) 6040 goto out_no_deleg; 6041 if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED)) 6042 goto out_no_deleg; 6043 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE && 6044 !clp->cl_minorversion) 6045 goto out_no_deleg; 6046 break; 6047 default: 6048 goto out_no_deleg; 6049 } 6050 dp = nfs4_set_delegation(open, stp, parent); 6051 if (IS_ERR(dp)) 6052 goto out_no_deleg; 6053 6054 memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid)); 6055 6056 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) { 6057 if (!nfs4_delegation_stat(dp, currentfh, &stat)) { 6058 nfs4_put_stid(&dp->dl_stid); 6059 destroy_delegation(dp); 6060 goto out_no_deleg; 6061 } 6062 open->op_delegate_type = NFS4_OPEN_DELEGATE_WRITE; 6063 dp->dl_cb_fattr.ncf_cur_fsize = stat.size; 6064 dp->dl_cb_fattr.ncf_initial_cinfo = nfsd4_change_attribute(&stat); 6065 trace_nfsd_deleg_write(&dp->dl_stid.sc_stateid); 6066 } else { 6067 open->op_delegate_type = NFS4_OPEN_DELEGATE_READ; 6068 trace_nfsd_deleg_read(&dp->dl_stid.sc_stateid); 6069 } 6070 nfs4_put_stid(&dp->dl_stid); 6071 return; 6072 out_no_deleg: 6073 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE; 6074 if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS && 6075 open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) { 6076 dprintk("NFSD: WARNING: refusing delegation reclaim\n"); 6077 open->op_recall = true; 6078 } 6079 6080 /* 4.1 client asking for a delegation? */ 6081 if (open->op_deleg_want) 6082 nfsd4_open_deleg_none_ext(open, status); 6083 return; 6084 } 6085 6086 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open, 6087 struct nfs4_delegation *dp) 6088 { 6089 if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG && 6090 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 6091 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6092 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE; 6093 } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG && 6094 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 6095 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6096 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE; 6097 } 6098 /* Otherwise the client must be confused wanting a delegation 6099 * it already has, therefore we don't return 6100 * NFS4_OPEN_DELEGATE_NONE_EXT and reason. 6101 */ 6102 } 6103 6104 /** 6105 * nfsd4_process_open2 - finish open processing 6106 * @rqstp: the RPC transaction being executed 6107 * @current_fh: NFSv4 COMPOUND's current filehandle 6108 * @open: OPEN arguments 6109 * 6110 * If successful, (1) truncate the file if open->op_truncate was 6111 * set, (2) set open->op_stateid, (3) set open->op_delegation. 6112 * 6113 * Returns %nfs_ok on success; otherwise an nfs4stat value in 6114 * network byte order is returned. 6115 */ 6116 __be32 6117 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) 6118 { 6119 struct nfsd4_compoundres *resp = rqstp->rq_resp; 6120 struct nfs4_client *cl = open->op_openowner->oo_owner.so_client; 6121 struct nfs4_file *fp = NULL; 6122 struct nfs4_ol_stateid *stp = NULL; 6123 struct nfs4_delegation *dp = NULL; 6124 __be32 status; 6125 bool new_stp = false; 6126 6127 /* 6128 * Lookup file; if found, lookup stateid and check open request, 6129 * and check for delegations in the process of being recalled. 6130 * If not found, create the nfs4_file struct 6131 */ 6132 fp = nfsd4_file_hash_insert(open->op_file, current_fh); 6133 if (unlikely(!fp)) 6134 return nfserr_jukebox; 6135 if (fp != open->op_file) { 6136 status = nfs4_check_deleg(cl, open, &dp); 6137 if (status) 6138 goto out; 6139 stp = nfsd4_find_and_lock_existing_open(fp, open); 6140 } else { 6141 open->op_file = NULL; 6142 status = nfserr_bad_stateid; 6143 if (nfsd4_is_deleg_cur(open)) 6144 goto out; 6145 } 6146 6147 if (!stp) { 6148 stp = init_open_stateid(fp, open); 6149 if (!open->op_stp) 6150 new_stp = true; 6151 } 6152 6153 /* 6154 * OPEN the file, or upgrade an existing OPEN. 6155 * If truncate fails, the OPEN fails. 6156 * 6157 * stp is already locked. 6158 */ 6159 if (!new_stp) { 6160 /* Stateid was found, this is an OPEN upgrade */ 6161 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); 6162 if (status) { 6163 mutex_unlock(&stp->st_mutex); 6164 goto out; 6165 } 6166 } else { 6167 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open, true); 6168 if (status) { 6169 release_open_stateid(stp); 6170 mutex_unlock(&stp->st_mutex); 6171 goto out; 6172 } 6173 6174 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp, 6175 open->op_odstate); 6176 if (stp->st_clnt_odstate == open->op_odstate) 6177 open->op_odstate = NULL; 6178 } 6179 6180 nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid); 6181 mutex_unlock(&stp->st_mutex); 6182 6183 if (nfsd4_has_session(&resp->cstate)) { 6184 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) { 6185 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6186 open->op_why_no_deleg = WND4_NOT_WANTED; 6187 goto nodeleg; 6188 } 6189 } 6190 6191 /* 6192 * Attempt to hand out a delegation. No error return, because the 6193 * OPEN succeeds even if we fail. 6194 */ 6195 nfs4_open_delegation(open, stp, &resp->cstate.current_fh); 6196 nodeleg: 6197 status = nfs_ok; 6198 trace_nfsd_open(&stp->st_stid.sc_stateid); 6199 out: 6200 /* 4.1 client trying to upgrade/downgrade delegation? */ 6201 if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp && 6202 open->op_deleg_want) 6203 nfsd4_deleg_xgrade_none_ext(open, dp); 6204 6205 if (fp) 6206 put_nfs4_file(fp); 6207 if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS) 6208 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 6209 /* 6210 * To finish the open response, we just need to set the rflags. 6211 */ 6212 open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX; 6213 if (nfsd4_has_session(&resp->cstate)) 6214 open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK; 6215 else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED)) 6216 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM; 6217 6218 if (dp) 6219 nfs4_put_stid(&dp->dl_stid); 6220 if (stp) 6221 nfs4_put_stid(&stp->st_stid); 6222 6223 return status; 6224 } 6225 6226 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, 6227 struct nfsd4_open *open) 6228 { 6229 if (open->op_openowner) 6230 nfs4_put_stateowner(&open->op_openowner->oo_owner); 6231 if (open->op_file) 6232 kmem_cache_free(file_slab, open->op_file); 6233 if (open->op_stp) 6234 nfs4_put_stid(&open->op_stp->st_stid); 6235 if (open->op_odstate) 6236 kmem_cache_free(odstate_slab, open->op_odstate); 6237 } 6238 6239 __be32 6240 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 6241 union nfsd4_op_u *u) 6242 { 6243 clientid_t *clid = &u->renew; 6244 struct nfs4_client *clp; 6245 __be32 status; 6246 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6247 6248 trace_nfsd_clid_renew(clid); 6249 status = set_client(clid, cstate, nn); 6250 if (status) 6251 return status; 6252 clp = cstate->clp; 6253 if (!list_empty(&clp->cl_delegations) 6254 && clp->cl_cb_state != NFSD4_CB_UP) 6255 return nfserr_cb_path_down; 6256 return nfs_ok; 6257 } 6258 6259 void 6260 nfsd4_end_grace(struct nfsd_net *nn) 6261 { 6262 /* do nothing if grace period already ended */ 6263 if (nn->grace_ended) 6264 return; 6265 6266 trace_nfsd_grace_complete(nn); 6267 nn->grace_ended = true; 6268 /* 6269 * If the server goes down again right now, an NFSv4 6270 * client will still be allowed to reclaim after it comes back up, 6271 * even if it hasn't yet had a chance to reclaim state this time. 6272 * 6273 */ 6274 nfsd4_record_grace_done(nn); 6275 /* 6276 * At this point, NFSv4 clients can still reclaim. But if the 6277 * server crashes, any that have not yet reclaimed will be out 6278 * of luck on the next boot. 6279 * 6280 * (NFSv4.1+ clients are considered to have reclaimed once they 6281 * call RECLAIM_COMPLETE. NFSv4.0 clients are considered to 6282 * have reclaimed after their first OPEN.) 6283 */ 6284 locks_end_grace(&nn->nfsd4_manager); 6285 /* 6286 * At this point, and once lockd and/or any other containers 6287 * exit their grace period, further reclaims will fail and 6288 * regular locking can resume. 6289 */ 6290 } 6291 6292 /* 6293 * If we've waited a lease period but there are still clients trying to 6294 * reclaim, wait a little longer to give them a chance to finish. 6295 */ 6296 static bool clients_still_reclaiming(struct nfsd_net *nn) 6297 { 6298 time64_t double_grace_period_end = nn->boot_time + 6299 2 * nn->nfsd4_lease; 6300 6301 if (nn->track_reclaim_completes && 6302 atomic_read(&nn->nr_reclaim_complete) == 6303 nn->reclaim_str_hashtbl_size) 6304 return false; 6305 if (!nn->somebody_reclaimed) 6306 return false; 6307 nn->somebody_reclaimed = false; 6308 /* 6309 * If we've given them *two* lease times to reclaim, and they're 6310 * still not done, give up: 6311 */ 6312 if (ktime_get_boottime_seconds() > double_grace_period_end) 6313 return false; 6314 return true; 6315 } 6316 6317 struct laundry_time { 6318 time64_t cutoff; 6319 time64_t new_timeo; 6320 }; 6321 6322 static bool state_expired(struct laundry_time *lt, time64_t last_refresh) 6323 { 6324 time64_t time_remaining; 6325 6326 if (last_refresh < lt->cutoff) 6327 return true; 6328 time_remaining = last_refresh - lt->cutoff; 6329 lt->new_timeo = min(lt->new_timeo, time_remaining); 6330 return false; 6331 } 6332 6333 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 6334 void nfsd4_ssc_init_umount_work(struct nfsd_net *nn) 6335 { 6336 spin_lock_init(&nn->nfsd_ssc_lock); 6337 INIT_LIST_HEAD(&nn->nfsd_ssc_mount_list); 6338 init_waitqueue_head(&nn->nfsd_ssc_waitq); 6339 } 6340 6341 /* 6342 * This is called when nfsd is being shutdown, after all inter_ssc 6343 * cleanup were done, to destroy the ssc delayed unmount list. 6344 */ 6345 static void nfsd4_ssc_shutdown_umount(struct nfsd_net *nn) 6346 { 6347 struct nfsd4_ssc_umount_item *ni = NULL; 6348 struct nfsd4_ssc_umount_item *tmp; 6349 6350 spin_lock(&nn->nfsd_ssc_lock); 6351 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6352 list_del(&ni->nsui_list); 6353 spin_unlock(&nn->nfsd_ssc_lock); 6354 mntput(ni->nsui_vfsmount); 6355 kfree(ni); 6356 spin_lock(&nn->nfsd_ssc_lock); 6357 } 6358 spin_unlock(&nn->nfsd_ssc_lock); 6359 } 6360 6361 static void nfsd4_ssc_expire_umount(struct nfsd_net *nn) 6362 { 6363 bool do_wakeup = false; 6364 struct nfsd4_ssc_umount_item *ni = NULL; 6365 struct nfsd4_ssc_umount_item *tmp; 6366 6367 spin_lock(&nn->nfsd_ssc_lock); 6368 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6369 if (time_after(jiffies, ni->nsui_expire)) { 6370 if (refcount_read(&ni->nsui_refcnt) > 1) 6371 continue; 6372 6373 /* mark being unmount */ 6374 ni->nsui_busy = true; 6375 spin_unlock(&nn->nfsd_ssc_lock); 6376 mntput(ni->nsui_vfsmount); 6377 spin_lock(&nn->nfsd_ssc_lock); 6378 6379 /* waiters need to start from begin of list */ 6380 list_del(&ni->nsui_list); 6381 kfree(ni); 6382 6383 /* wakeup ssc_connect waiters */ 6384 do_wakeup = true; 6385 continue; 6386 } 6387 break; 6388 } 6389 if (do_wakeup) 6390 wake_up_all(&nn->nfsd_ssc_waitq); 6391 spin_unlock(&nn->nfsd_ssc_lock); 6392 } 6393 #endif 6394 6395 /* Check if any lock belonging to this lockowner has any blockers */ 6396 static bool 6397 nfs4_lockowner_has_blockers(struct nfs4_lockowner *lo) 6398 { 6399 struct file_lock_context *ctx; 6400 struct nfs4_ol_stateid *stp; 6401 struct nfs4_file *nf; 6402 6403 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 6404 nf = stp->st_stid.sc_file; 6405 ctx = locks_inode_context(nf->fi_inode); 6406 if (!ctx) 6407 continue; 6408 if (locks_owner_has_blockers(ctx, lo)) 6409 return true; 6410 } 6411 return false; 6412 } 6413 6414 static bool 6415 nfs4_anylock_blockers(struct nfs4_client *clp) 6416 { 6417 int i; 6418 struct nfs4_stateowner *so; 6419 struct nfs4_lockowner *lo; 6420 6421 if (atomic_read(&clp->cl_delegs_in_recall)) 6422 return true; 6423 spin_lock(&clp->cl_lock); 6424 for (i = 0; i < OWNER_HASH_SIZE; i++) { 6425 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[i], 6426 so_strhash) { 6427 if (so->so_is_open_owner) 6428 continue; 6429 lo = lockowner(so); 6430 if (nfs4_lockowner_has_blockers(lo)) { 6431 spin_unlock(&clp->cl_lock); 6432 return true; 6433 } 6434 } 6435 } 6436 spin_unlock(&clp->cl_lock); 6437 return false; 6438 } 6439 6440 static void 6441 nfs4_get_client_reaplist(struct nfsd_net *nn, struct list_head *reaplist, 6442 struct laundry_time *lt) 6443 { 6444 unsigned int maxreap, reapcnt = 0; 6445 struct list_head *pos, *next; 6446 struct nfs4_client *clp; 6447 6448 maxreap = (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) ? 6449 NFSD_CLIENT_MAX_TRIM_PER_RUN : 0; 6450 INIT_LIST_HEAD(reaplist); 6451 spin_lock(&nn->client_lock); 6452 list_for_each_safe(pos, next, &nn->client_lru) { 6453 clp = list_entry(pos, struct nfs4_client, cl_lru); 6454 if (clp->cl_state == NFSD4_EXPIRABLE) 6455 goto exp_client; 6456 if (!state_expired(lt, clp->cl_time)) 6457 break; 6458 if (!atomic_read(&clp->cl_rpc_users)) { 6459 if (clp->cl_state == NFSD4_ACTIVE) 6460 atomic_inc(&nn->nfsd_courtesy_clients); 6461 clp->cl_state = NFSD4_COURTESY; 6462 } 6463 if (!client_has_state(clp)) 6464 goto exp_client; 6465 if (!nfs4_anylock_blockers(clp)) 6466 if (reapcnt >= maxreap) 6467 continue; 6468 exp_client: 6469 if (!mark_client_expired_locked(clp)) { 6470 list_add(&clp->cl_lru, reaplist); 6471 reapcnt++; 6472 } 6473 } 6474 spin_unlock(&nn->client_lock); 6475 } 6476 6477 static void 6478 nfs4_get_courtesy_client_reaplist(struct nfsd_net *nn, 6479 struct list_head *reaplist) 6480 { 6481 unsigned int maxreap = 0, reapcnt = 0; 6482 struct list_head *pos, *next; 6483 struct nfs4_client *clp; 6484 6485 maxreap = NFSD_CLIENT_MAX_TRIM_PER_RUN; 6486 INIT_LIST_HEAD(reaplist); 6487 6488 spin_lock(&nn->client_lock); 6489 list_for_each_safe(pos, next, &nn->client_lru) { 6490 clp = list_entry(pos, struct nfs4_client, cl_lru); 6491 if (clp->cl_state == NFSD4_ACTIVE) 6492 break; 6493 if (reapcnt >= maxreap) 6494 break; 6495 if (!mark_client_expired_locked(clp)) { 6496 list_add(&clp->cl_lru, reaplist); 6497 reapcnt++; 6498 } 6499 } 6500 spin_unlock(&nn->client_lock); 6501 } 6502 6503 static void 6504 nfs4_process_client_reaplist(struct list_head *reaplist) 6505 { 6506 struct list_head *pos, *next; 6507 struct nfs4_client *clp; 6508 6509 list_for_each_safe(pos, next, reaplist) { 6510 clp = list_entry(pos, struct nfs4_client, cl_lru); 6511 trace_nfsd_clid_purged(&clp->cl_clientid); 6512 list_del_init(&clp->cl_lru); 6513 expire_client(clp); 6514 } 6515 } 6516 6517 static void nfs40_clean_admin_revoked(struct nfsd_net *nn, 6518 struct laundry_time *lt) 6519 { 6520 struct nfs4_client *clp; 6521 6522 spin_lock(&nn->client_lock); 6523 if (nn->nfs40_last_revoke == 0 || 6524 nn->nfs40_last_revoke > lt->cutoff) { 6525 spin_unlock(&nn->client_lock); 6526 return; 6527 } 6528 nn->nfs40_last_revoke = 0; 6529 6530 retry: 6531 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6532 unsigned long id, tmp; 6533 struct nfs4_stid *stid; 6534 6535 if (atomic_read(&clp->cl_admin_revoked) == 0) 6536 continue; 6537 6538 spin_lock(&clp->cl_lock); 6539 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id) 6540 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 6541 refcount_inc(&stid->sc_count); 6542 spin_unlock(&nn->client_lock); 6543 /* this function drops ->cl_lock */ 6544 nfsd4_drop_revoked_stid(stid); 6545 nfs4_put_stid(stid); 6546 spin_lock(&nn->client_lock); 6547 goto retry; 6548 } 6549 spin_unlock(&clp->cl_lock); 6550 } 6551 spin_unlock(&nn->client_lock); 6552 } 6553 6554 static time64_t 6555 nfs4_laundromat(struct nfsd_net *nn) 6556 { 6557 struct nfs4_openowner *oo; 6558 struct nfs4_delegation *dp; 6559 struct nfs4_ol_stateid *stp; 6560 struct nfsd4_blocked_lock *nbl; 6561 struct list_head *pos, *next, reaplist; 6562 struct laundry_time lt = { 6563 .cutoff = ktime_get_boottime_seconds() - nn->nfsd4_lease, 6564 .new_timeo = nn->nfsd4_lease 6565 }; 6566 struct nfs4_cpntf_state *cps; 6567 copy_stateid_t *cps_t; 6568 int i; 6569 6570 if (clients_still_reclaiming(nn)) { 6571 lt.new_timeo = 0; 6572 goto out; 6573 } 6574 nfsd4_end_grace(nn); 6575 6576 spin_lock(&nn->s2s_cp_lock); 6577 idr_for_each_entry(&nn->s2s_cp_stateids, cps_t, i) { 6578 cps = container_of(cps_t, struct nfs4_cpntf_state, cp_stateid); 6579 if (cps->cp_stateid.cs_type == NFS4_COPYNOTIFY_STID && 6580 state_expired(<, cps->cpntf_time)) 6581 _free_cpntf_state_locked(nn, cps); 6582 } 6583 spin_unlock(&nn->s2s_cp_lock); 6584 nfs4_get_client_reaplist(nn, &reaplist, <); 6585 nfs4_process_client_reaplist(&reaplist); 6586 6587 nfs40_clean_admin_revoked(nn, <); 6588 6589 spin_lock(&state_lock); 6590 list_for_each_safe(pos, next, &nn->del_recall_lru) { 6591 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 6592 if (!state_expired(<, dp->dl_time)) 6593 break; 6594 refcount_inc(&dp->dl_stid.sc_count); 6595 unhash_delegation_locked(dp, SC_STATUS_REVOKED); 6596 list_add(&dp->dl_recall_lru, &reaplist); 6597 } 6598 spin_unlock(&state_lock); 6599 while (!list_empty(&reaplist)) { 6600 dp = list_first_entry(&reaplist, struct nfs4_delegation, 6601 dl_recall_lru); 6602 list_del_init(&dp->dl_recall_lru); 6603 revoke_delegation(dp); 6604 } 6605 6606 spin_lock(&nn->client_lock); 6607 while (!list_empty(&nn->close_lru)) { 6608 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner, 6609 oo_close_lru); 6610 if (!state_expired(<, oo->oo_time)) 6611 break; 6612 list_del_init(&oo->oo_close_lru); 6613 stp = oo->oo_last_closed_stid; 6614 oo->oo_last_closed_stid = NULL; 6615 spin_unlock(&nn->client_lock); 6616 nfs4_put_stid(&stp->st_stid); 6617 spin_lock(&nn->client_lock); 6618 } 6619 spin_unlock(&nn->client_lock); 6620 6621 /* 6622 * It's possible for a client to try and acquire an already held lock 6623 * that is being held for a long time, and then lose interest in it. 6624 * So, we clean out any un-revisited request after a lease period 6625 * under the assumption that the client is no longer interested. 6626 * 6627 * RFC5661, sec. 9.6 states that the client must not rely on getting 6628 * notifications and must continue to poll for locks, even when the 6629 * server supports them. Thus this shouldn't lead to clients blocking 6630 * indefinitely once the lock does become free. 6631 */ 6632 BUG_ON(!list_empty(&reaplist)); 6633 spin_lock(&nn->blocked_locks_lock); 6634 while (!list_empty(&nn->blocked_locks_lru)) { 6635 nbl = list_first_entry(&nn->blocked_locks_lru, 6636 struct nfsd4_blocked_lock, nbl_lru); 6637 if (!state_expired(<, nbl->nbl_time)) 6638 break; 6639 list_move(&nbl->nbl_lru, &reaplist); 6640 list_del_init(&nbl->nbl_list); 6641 } 6642 spin_unlock(&nn->blocked_locks_lock); 6643 6644 while (!list_empty(&reaplist)) { 6645 nbl = list_first_entry(&reaplist, 6646 struct nfsd4_blocked_lock, nbl_lru); 6647 list_del_init(&nbl->nbl_lru); 6648 free_blocked_lock(nbl); 6649 } 6650 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 6651 /* service the server-to-server copy delayed unmount list */ 6652 nfsd4_ssc_expire_umount(nn); 6653 #endif 6654 if (atomic_long_read(&num_delegations) >= max_delegations) 6655 deleg_reaper(nn); 6656 out: 6657 return max_t(time64_t, lt.new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT); 6658 } 6659 6660 static void laundromat_main(struct work_struct *); 6661 6662 static void 6663 laundromat_main(struct work_struct *laundry) 6664 { 6665 time64_t t; 6666 struct delayed_work *dwork = to_delayed_work(laundry); 6667 struct nfsd_net *nn = container_of(dwork, struct nfsd_net, 6668 laundromat_work); 6669 6670 t = nfs4_laundromat(nn); 6671 queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ); 6672 } 6673 6674 static void 6675 courtesy_client_reaper(struct nfsd_net *nn) 6676 { 6677 struct list_head reaplist; 6678 6679 nfs4_get_courtesy_client_reaplist(nn, &reaplist); 6680 nfs4_process_client_reaplist(&reaplist); 6681 } 6682 6683 static void 6684 deleg_reaper(struct nfsd_net *nn) 6685 { 6686 struct list_head *pos, *next; 6687 struct nfs4_client *clp; 6688 LIST_HEAD(cblist); 6689 6690 spin_lock(&nn->client_lock); 6691 list_for_each_safe(pos, next, &nn->client_lru) { 6692 clp = list_entry(pos, struct nfs4_client, cl_lru); 6693 if (clp->cl_state != NFSD4_ACTIVE || 6694 list_empty(&clp->cl_delegations) || 6695 atomic_read(&clp->cl_delegs_in_recall) || 6696 test_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags) || 6697 (ktime_get_boottime_seconds() - 6698 clp->cl_ra_time < 5)) { 6699 continue; 6700 } 6701 list_add(&clp->cl_ra_cblist, &cblist); 6702 6703 /* release in nfsd4_cb_recall_any_release */ 6704 kref_get(&clp->cl_nfsdfs.cl_ref); 6705 set_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags); 6706 clp->cl_ra_time = ktime_get_boottime_seconds(); 6707 } 6708 spin_unlock(&nn->client_lock); 6709 6710 while (!list_empty(&cblist)) { 6711 clp = list_first_entry(&cblist, struct nfs4_client, 6712 cl_ra_cblist); 6713 list_del_init(&clp->cl_ra_cblist); 6714 clp->cl_ra->ra_keep = 0; 6715 clp->cl_ra->ra_bmval[0] = BIT(RCA4_TYPE_MASK_RDATA_DLG) | 6716 BIT(RCA4_TYPE_MASK_WDATA_DLG); 6717 trace_nfsd_cb_recall_any(clp->cl_ra); 6718 nfsd4_run_cb(&clp->cl_ra->ra_cb); 6719 } 6720 } 6721 6722 static void 6723 nfsd4_state_shrinker_worker(struct work_struct *work) 6724 { 6725 struct nfsd_net *nn = container_of(work, struct nfsd_net, 6726 nfsd_shrinker_work); 6727 6728 courtesy_client_reaper(nn); 6729 deleg_reaper(nn); 6730 } 6731 6732 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp) 6733 { 6734 if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle)) 6735 return nfserr_bad_stateid; 6736 return nfs_ok; 6737 } 6738 6739 static 6740 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags) 6741 { 6742 __be32 status = nfserr_openmode; 6743 6744 /* For lock stateid's, we test the parent open, not the lock: */ 6745 if (stp->st_openstp) 6746 stp = stp->st_openstp; 6747 if ((flags & WR_STATE) && !access_permit_write(stp)) 6748 goto out; 6749 if ((flags & RD_STATE) && !access_permit_read(stp)) 6750 goto out; 6751 status = nfs_ok; 6752 out: 6753 return status; 6754 } 6755 6756 static inline __be32 6757 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags) 6758 { 6759 if (ONE_STATEID(stateid) && (flags & RD_STATE)) 6760 return nfs_ok; 6761 else if (opens_in_grace(net)) { 6762 /* Answer in remaining cases depends on existence of 6763 * conflicting state; so we must wait out the grace period. */ 6764 return nfserr_grace; 6765 } else if (flags & WR_STATE) 6766 return nfs4_share_conflict(current_fh, 6767 NFS4_SHARE_DENY_WRITE); 6768 else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */ 6769 return nfs4_share_conflict(current_fh, 6770 NFS4_SHARE_DENY_READ); 6771 } 6772 6773 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session) 6774 { 6775 /* 6776 * When sessions are used the stateid generation number is ignored 6777 * when it is zero. 6778 */ 6779 if (has_session && in->si_generation == 0) 6780 return nfs_ok; 6781 6782 if (in->si_generation == ref->si_generation) 6783 return nfs_ok; 6784 6785 /* If the client sends us a stateid from the future, it's buggy: */ 6786 if (nfsd4_stateid_generation_after(in, ref)) 6787 return nfserr_bad_stateid; 6788 /* 6789 * However, we could see a stateid from the past, even from a 6790 * non-buggy client. For example, if the client sends a lock 6791 * while some IO is outstanding, the lock may bump si_generation 6792 * while the IO is still in flight. The client could avoid that 6793 * situation by waiting for responses on all the IO requests, 6794 * but better performance may result in retrying IO that 6795 * receives an old_stateid error if requests are rarely 6796 * reordered in flight: 6797 */ 6798 return nfserr_old_stateid; 6799 } 6800 6801 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session) 6802 { 6803 __be32 ret; 6804 6805 spin_lock(&s->sc_lock); 6806 ret = nfsd4_verify_open_stid(s); 6807 if (ret == nfs_ok) 6808 ret = check_stateid_generation(in, &s->sc_stateid, has_session); 6809 spin_unlock(&s->sc_lock); 6810 if (ret == nfserr_admin_revoked) 6811 nfsd40_drop_revoked_stid(s->sc_client, 6812 &s->sc_stateid); 6813 return ret; 6814 } 6815 6816 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols) 6817 { 6818 if (ols->st_stateowner->so_is_open_owner && 6819 !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED)) 6820 return nfserr_bad_stateid; 6821 return nfs_ok; 6822 } 6823 6824 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) 6825 { 6826 struct nfs4_stid *s; 6827 __be32 status = nfserr_bad_stateid; 6828 6829 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 6830 CLOSE_STATEID(stateid)) 6831 return status; 6832 spin_lock(&cl->cl_lock); 6833 s = find_stateid_locked(cl, stateid); 6834 if (!s) 6835 goto out_unlock; 6836 status = nfsd4_stid_check_stateid_generation(stateid, s, 1); 6837 if (status) 6838 goto out_unlock; 6839 status = nfsd4_verify_open_stid(s); 6840 if (status) 6841 goto out_unlock; 6842 6843 switch (s->sc_type) { 6844 case SC_TYPE_DELEG: 6845 status = nfs_ok; 6846 break; 6847 case SC_TYPE_OPEN: 6848 case SC_TYPE_LOCK: 6849 status = nfsd4_check_openowner_confirmed(openlockstateid(s)); 6850 break; 6851 default: 6852 printk("unknown stateid type %x\n", s->sc_type); 6853 status = nfserr_bad_stateid; 6854 } 6855 out_unlock: 6856 spin_unlock(&cl->cl_lock); 6857 if (status == nfserr_admin_revoked) 6858 nfsd40_drop_revoked_stid(cl, stateid); 6859 return status; 6860 } 6861 6862 __be32 6863 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, 6864 stateid_t *stateid, 6865 unsigned short typemask, unsigned short statusmask, 6866 struct nfs4_stid **s, struct nfsd_net *nn) 6867 { 6868 __be32 status; 6869 struct nfs4_stid *stid; 6870 bool return_revoked = false; 6871 6872 /* 6873 * only return revoked delegations if explicitly asked. 6874 * otherwise we report revoked or bad_stateid status. 6875 */ 6876 if (statusmask & SC_STATUS_REVOKED) 6877 return_revoked = true; 6878 if (typemask & SC_TYPE_DELEG) 6879 /* Always allow REVOKED for DELEG so we can 6880 * retturn the appropriate error. 6881 */ 6882 statusmask |= SC_STATUS_REVOKED; 6883 6884 statusmask |= SC_STATUS_ADMIN_REVOKED; 6885 6886 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 6887 CLOSE_STATEID(stateid)) 6888 return nfserr_bad_stateid; 6889 status = set_client(&stateid->si_opaque.so_clid, cstate, nn); 6890 if (status == nfserr_stale_clientid) { 6891 if (cstate->session) 6892 return nfserr_bad_stateid; 6893 return nfserr_stale_stateid; 6894 } 6895 if (status) 6896 return status; 6897 stid = find_stateid_by_type(cstate->clp, stateid, typemask, statusmask); 6898 if (!stid) 6899 return nfserr_bad_stateid; 6900 if ((stid->sc_status & SC_STATUS_REVOKED) && !return_revoked) { 6901 nfs4_put_stid(stid); 6902 return nfserr_deleg_revoked; 6903 } 6904 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 6905 nfsd40_drop_revoked_stid(cstate->clp, stateid); 6906 nfs4_put_stid(stid); 6907 return nfserr_admin_revoked; 6908 } 6909 *s = stid; 6910 return nfs_ok; 6911 } 6912 6913 static struct nfsd_file * 6914 nfs4_find_file(struct nfs4_stid *s, int flags) 6915 { 6916 struct nfsd_file *ret = NULL; 6917 6918 if (!s || s->sc_status) 6919 return NULL; 6920 6921 switch (s->sc_type) { 6922 case SC_TYPE_DELEG: 6923 spin_lock(&s->sc_file->fi_lock); 6924 ret = nfsd_file_get(s->sc_file->fi_deleg_file); 6925 spin_unlock(&s->sc_file->fi_lock); 6926 break; 6927 case SC_TYPE_OPEN: 6928 case SC_TYPE_LOCK: 6929 if (flags & RD_STATE) 6930 ret = find_readable_file(s->sc_file); 6931 else 6932 ret = find_writeable_file(s->sc_file); 6933 } 6934 6935 return ret; 6936 } 6937 6938 static __be32 6939 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags) 6940 { 6941 __be32 status; 6942 6943 status = nfsd4_check_openowner_confirmed(ols); 6944 if (status) 6945 return status; 6946 return nfs4_check_openmode(ols, flags); 6947 } 6948 6949 static __be32 6950 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s, 6951 struct nfsd_file **nfp, int flags) 6952 { 6953 int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE; 6954 struct nfsd_file *nf; 6955 __be32 status; 6956 6957 nf = nfs4_find_file(s, flags); 6958 if (nf) { 6959 status = nfsd_permission(&rqstp->rq_cred, 6960 fhp->fh_export, fhp->fh_dentry, 6961 acc | NFSD_MAY_OWNER_OVERRIDE); 6962 if (status) { 6963 nfsd_file_put(nf); 6964 goto out; 6965 } 6966 } else { 6967 status = nfsd_file_acquire(rqstp, fhp, acc, &nf); 6968 if (status) 6969 return status; 6970 } 6971 *nfp = nf; 6972 out: 6973 return status; 6974 } 6975 static void 6976 _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 6977 { 6978 WARN_ON_ONCE(cps->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID); 6979 if (!refcount_dec_and_test(&cps->cp_stateid.cs_count)) 6980 return; 6981 list_del(&cps->cp_list); 6982 idr_remove(&nn->s2s_cp_stateids, 6983 cps->cp_stateid.cs_stid.si_opaque.so_id); 6984 kfree(cps); 6985 } 6986 /* 6987 * A READ from an inter server to server COPY will have a 6988 * copy stateid. Look up the copy notify stateid from the 6989 * idr structure and take a reference on it. 6990 */ 6991 __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st, 6992 struct nfs4_client *clp, 6993 struct nfs4_cpntf_state **cps) 6994 { 6995 copy_stateid_t *cps_t; 6996 struct nfs4_cpntf_state *state = NULL; 6997 6998 if (st->si_opaque.so_clid.cl_id != nn->s2s_cp_cl_id) 6999 return nfserr_bad_stateid; 7000 spin_lock(&nn->s2s_cp_lock); 7001 cps_t = idr_find(&nn->s2s_cp_stateids, st->si_opaque.so_id); 7002 if (cps_t) { 7003 state = container_of(cps_t, struct nfs4_cpntf_state, 7004 cp_stateid); 7005 if (state->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID) { 7006 state = NULL; 7007 goto unlock; 7008 } 7009 if (!clp) 7010 refcount_inc(&state->cp_stateid.cs_count); 7011 else 7012 _free_cpntf_state_locked(nn, state); 7013 } 7014 unlock: 7015 spin_unlock(&nn->s2s_cp_lock); 7016 if (!state) 7017 return nfserr_bad_stateid; 7018 if (!clp) 7019 *cps = state; 7020 return 0; 7021 } 7022 7023 static __be32 find_cpntf_state(struct nfsd_net *nn, stateid_t *st, 7024 struct nfs4_stid **stid) 7025 { 7026 __be32 status; 7027 struct nfs4_cpntf_state *cps = NULL; 7028 struct nfs4_client *found; 7029 7030 status = manage_cpntf_state(nn, st, NULL, &cps); 7031 if (status) 7032 return status; 7033 7034 cps->cpntf_time = ktime_get_boottime_seconds(); 7035 7036 status = nfserr_expired; 7037 found = lookup_clientid(&cps->cp_p_clid, true, nn); 7038 if (!found) 7039 goto out; 7040 7041 *stid = find_stateid_by_type(found, &cps->cp_p_stateid, 7042 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7043 0); 7044 if (*stid) 7045 status = nfs_ok; 7046 else 7047 status = nfserr_bad_stateid; 7048 7049 put_client_renew(found); 7050 out: 7051 nfs4_put_cpntf_state(nn, cps); 7052 return status; 7053 } 7054 7055 void nfs4_put_cpntf_state(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 7056 { 7057 spin_lock(&nn->s2s_cp_lock); 7058 _free_cpntf_state_locked(nn, cps); 7059 spin_unlock(&nn->s2s_cp_lock); 7060 } 7061 7062 /** 7063 * nfs4_preprocess_stateid_op - find and prep stateid for an operation 7064 * @rqstp: incoming request from client 7065 * @cstate: current compound state 7066 * @fhp: filehandle associated with requested stateid 7067 * @stateid: stateid (provided by client) 7068 * @flags: flags describing type of operation to be done 7069 * @nfp: optional nfsd_file return pointer (may be NULL) 7070 * @cstid: optional returned nfs4_stid pointer (may be NULL) 7071 * 7072 * Given info from the client, look up a nfs4_stid for the operation. On 7073 * success, it returns a reference to the nfs4_stid and/or the nfsd_file 7074 * associated with it. 7075 */ 7076 __be32 7077 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp, 7078 struct nfsd4_compound_state *cstate, struct svc_fh *fhp, 7079 stateid_t *stateid, int flags, struct nfsd_file **nfp, 7080 struct nfs4_stid **cstid) 7081 { 7082 struct net *net = SVC_NET(rqstp); 7083 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7084 struct nfs4_stid *s = NULL; 7085 __be32 status; 7086 7087 if (nfp) 7088 *nfp = NULL; 7089 7090 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) { 7091 status = check_special_stateids(net, fhp, stateid, flags); 7092 goto done; 7093 } 7094 7095 status = nfsd4_lookup_stateid(cstate, stateid, 7096 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7097 0, &s, nn); 7098 if (status == nfserr_bad_stateid) 7099 status = find_cpntf_state(nn, stateid, &s); 7100 if (status) 7101 return status; 7102 status = nfsd4_stid_check_stateid_generation(stateid, s, 7103 nfsd4_has_session(cstate)); 7104 if (status) 7105 goto out; 7106 7107 switch (s->sc_type) { 7108 case SC_TYPE_DELEG: 7109 status = nfs4_check_delegmode(delegstateid(s), flags); 7110 break; 7111 case SC_TYPE_OPEN: 7112 case SC_TYPE_LOCK: 7113 status = nfs4_check_olstateid(openlockstateid(s), flags); 7114 break; 7115 } 7116 if (status) 7117 goto out; 7118 status = nfs4_check_fh(fhp, s); 7119 7120 done: 7121 if (status == nfs_ok && nfp) 7122 status = nfs4_check_file(rqstp, fhp, s, nfp, flags); 7123 out: 7124 if (s) { 7125 if (!status && cstid) 7126 *cstid = s; 7127 else 7128 nfs4_put_stid(s); 7129 } 7130 return status; 7131 } 7132 7133 /* 7134 * Test if the stateid is valid 7135 */ 7136 __be32 7137 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7138 union nfsd4_op_u *u) 7139 { 7140 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 7141 struct nfsd4_test_stateid_id *stateid; 7142 struct nfs4_client *cl = cstate->clp; 7143 7144 list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list) 7145 stateid->ts_id_status = 7146 nfsd4_validate_stateid(cl, &stateid->ts_id_stateid); 7147 7148 return nfs_ok; 7149 } 7150 7151 static __be32 7152 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s) 7153 { 7154 struct nfs4_ol_stateid *stp = openlockstateid(s); 7155 __be32 ret; 7156 7157 ret = nfsd4_lock_ol_stateid(stp); 7158 if (ret) 7159 goto out_put_stid; 7160 7161 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7162 if (ret) 7163 goto out; 7164 7165 ret = nfserr_locks_held; 7166 if (check_for_locks(stp->st_stid.sc_file, 7167 lockowner(stp->st_stateowner))) 7168 goto out; 7169 7170 release_lock_stateid(stp); 7171 ret = nfs_ok; 7172 7173 out: 7174 mutex_unlock(&stp->st_mutex); 7175 out_put_stid: 7176 nfs4_put_stid(s); 7177 return ret; 7178 } 7179 7180 __be32 7181 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7182 union nfsd4_op_u *u) 7183 { 7184 struct nfsd4_free_stateid *free_stateid = &u->free_stateid; 7185 stateid_t *stateid = &free_stateid->fr_stateid; 7186 struct nfs4_stid *s; 7187 struct nfs4_delegation *dp; 7188 struct nfs4_client *cl = cstate->clp; 7189 __be32 ret = nfserr_bad_stateid; 7190 7191 spin_lock(&cl->cl_lock); 7192 s = find_stateid_locked(cl, stateid); 7193 if (!s || s->sc_status & SC_STATUS_CLOSED) 7194 goto out_unlock; 7195 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) { 7196 nfsd4_drop_revoked_stid(s); 7197 ret = nfs_ok; 7198 goto out; 7199 } 7200 spin_lock(&s->sc_lock); 7201 switch (s->sc_type) { 7202 case SC_TYPE_DELEG: 7203 if (s->sc_status & SC_STATUS_REVOKED) { 7204 s->sc_status |= SC_STATUS_CLOSED; 7205 spin_unlock(&s->sc_lock); 7206 dp = delegstateid(s); 7207 if (s->sc_status & SC_STATUS_FREEABLE) 7208 list_del_init(&dp->dl_recall_lru); 7209 s->sc_status |= SC_STATUS_FREED; 7210 spin_unlock(&cl->cl_lock); 7211 nfs4_put_stid(s); 7212 ret = nfs_ok; 7213 goto out; 7214 } 7215 ret = nfserr_locks_held; 7216 break; 7217 case SC_TYPE_OPEN: 7218 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7219 if (ret) 7220 break; 7221 ret = nfserr_locks_held; 7222 break; 7223 case SC_TYPE_LOCK: 7224 spin_unlock(&s->sc_lock); 7225 refcount_inc(&s->sc_count); 7226 spin_unlock(&cl->cl_lock); 7227 ret = nfsd4_free_lock_stateid(stateid, s); 7228 goto out; 7229 } 7230 spin_unlock(&s->sc_lock); 7231 out_unlock: 7232 spin_unlock(&cl->cl_lock); 7233 out: 7234 return ret; 7235 } 7236 7237 static inline int 7238 setlkflg (int type) 7239 { 7240 return (type == NFS4_READW_LT || type == NFS4_READ_LT) ? 7241 RD_STATE : WR_STATE; 7242 } 7243 7244 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp) 7245 { 7246 struct svc_fh *current_fh = &cstate->current_fh; 7247 struct nfs4_stateowner *sop = stp->st_stateowner; 7248 __be32 status; 7249 7250 status = nfsd4_check_seqid(cstate, sop, seqid); 7251 if (status) 7252 return status; 7253 status = nfsd4_lock_ol_stateid(stp); 7254 if (status != nfs_ok) 7255 return status; 7256 status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate)); 7257 if (status == nfs_ok) 7258 status = nfs4_check_fh(current_fh, &stp->st_stid); 7259 if (status != nfs_ok) 7260 mutex_unlock(&stp->st_mutex); 7261 return status; 7262 } 7263 7264 /** 7265 * nfs4_preprocess_seqid_op - find and prep an ol_stateid for a seqid-morphing op 7266 * @cstate: compund state 7267 * @seqid: seqid (provided by client) 7268 * @stateid: stateid (provided by client) 7269 * @typemask: mask of allowable types for this operation 7270 * @statusmask: mask of allowed states: 0 or STID_CLOSED 7271 * @stpp: return pointer for the stateid found 7272 * @nn: net namespace for request 7273 * 7274 * Given a stateid+seqid from a client, look up an nfs4_ol_stateid and 7275 * return it in @stpp. On a nfs_ok return, the returned stateid will 7276 * have its st_mutex locked. 7277 */ 7278 static __be32 7279 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7280 stateid_t *stateid, 7281 unsigned short typemask, unsigned short statusmask, 7282 struct nfs4_ol_stateid **stpp, 7283 struct nfsd_net *nn) 7284 { 7285 __be32 status; 7286 struct nfs4_stid *s; 7287 struct nfs4_ol_stateid *stp = NULL; 7288 7289 trace_nfsd_preprocess(seqid, stateid); 7290 7291 *stpp = NULL; 7292 retry: 7293 status = nfsd4_lookup_stateid(cstate, stateid, 7294 typemask, statusmask, &s, nn); 7295 if (status) 7296 return status; 7297 stp = openlockstateid(s); 7298 if (nfsd4_cstate_assign_replay(cstate, stp->st_stateowner) == -EAGAIN) { 7299 nfs4_put_stateowner(stp->st_stateowner); 7300 goto retry; 7301 } 7302 7303 status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp); 7304 if (!status) 7305 *stpp = stp; 7306 else 7307 nfs4_put_stid(&stp->st_stid); 7308 return status; 7309 } 7310 7311 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7312 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn) 7313 { 7314 __be32 status; 7315 struct nfs4_openowner *oo; 7316 struct nfs4_ol_stateid *stp; 7317 7318 status = nfs4_preprocess_seqid_op(cstate, seqid, stateid, 7319 SC_TYPE_OPEN, 0, &stp, nn); 7320 if (status) 7321 return status; 7322 oo = openowner(stp->st_stateowner); 7323 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { 7324 mutex_unlock(&stp->st_mutex); 7325 nfs4_put_stid(&stp->st_stid); 7326 return nfserr_bad_stateid; 7327 } 7328 *stpp = stp; 7329 return nfs_ok; 7330 } 7331 7332 __be32 7333 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7334 union nfsd4_op_u *u) 7335 { 7336 struct nfsd4_open_confirm *oc = &u->open_confirm; 7337 __be32 status; 7338 struct nfs4_openowner *oo; 7339 struct nfs4_ol_stateid *stp; 7340 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7341 7342 dprintk("NFSD: nfsd4_open_confirm on file %pd\n", 7343 cstate->current_fh.fh_dentry); 7344 7345 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 7346 if (status) 7347 return status; 7348 7349 status = nfs4_preprocess_seqid_op(cstate, 7350 oc->oc_seqid, &oc->oc_req_stateid, 7351 SC_TYPE_OPEN, 0, &stp, nn); 7352 if (status) 7353 goto out; 7354 oo = openowner(stp->st_stateowner); 7355 status = nfserr_bad_stateid; 7356 if (oo->oo_flags & NFS4_OO_CONFIRMED) { 7357 mutex_unlock(&stp->st_mutex); 7358 goto put_stateid; 7359 } 7360 oo->oo_flags |= NFS4_OO_CONFIRMED; 7361 nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid); 7362 mutex_unlock(&stp->st_mutex); 7363 trace_nfsd_open_confirm(oc->oc_seqid, &stp->st_stid.sc_stateid); 7364 nfsd4_client_record_create(oo->oo_owner.so_client); 7365 status = nfs_ok; 7366 put_stateid: 7367 nfs4_put_stid(&stp->st_stid); 7368 out: 7369 nfsd4_bump_seqid(cstate, status); 7370 return status; 7371 } 7372 7373 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access) 7374 { 7375 if (!test_access(access, stp)) 7376 return; 7377 nfs4_file_put_access(stp->st_stid.sc_file, access); 7378 clear_access(access, stp); 7379 } 7380 7381 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access) 7382 { 7383 switch (to_access) { 7384 case NFS4_SHARE_ACCESS_READ: 7385 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE); 7386 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7387 break; 7388 case NFS4_SHARE_ACCESS_WRITE: 7389 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ); 7390 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7391 break; 7392 case NFS4_SHARE_ACCESS_BOTH: 7393 break; 7394 default: 7395 WARN_ON_ONCE(1); 7396 } 7397 } 7398 7399 __be32 7400 nfsd4_open_downgrade(struct svc_rqst *rqstp, 7401 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 7402 { 7403 struct nfsd4_open_downgrade *od = &u->open_downgrade; 7404 __be32 status; 7405 struct nfs4_ol_stateid *stp; 7406 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7407 7408 dprintk("NFSD: nfsd4_open_downgrade on file %pd\n", 7409 cstate->current_fh.fh_dentry); 7410 7411 /* We don't yet support WANT bits: */ 7412 if (od->od_deleg_want) 7413 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__, 7414 od->od_deleg_want); 7415 7416 status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid, 7417 &od->od_stateid, &stp, nn); 7418 if (status) 7419 goto out; 7420 status = nfserr_inval; 7421 if (!test_access(od->od_share_access, stp)) { 7422 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n", 7423 stp->st_access_bmap, od->od_share_access); 7424 goto put_stateid; 7425 } 7426 if (!test_deny(od->od_share_deny, stp)) { 7427 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n", 7428 stp->st_deny_bmap, od->od_share_deny); 7429 goto put_stateid; 7430 } 7431 nfs4_stateid_downgrade(stp, od->od_share_access); 7432 reset_union_bmap_deny(od->od_share_deny, stp); 7433 nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid); 7434 status = nfs_ok; 7435 put_stateid: 7436 mutex_unlock(&stp->st_mutex); 7437 nfs4_put_stid(&stp->st_stid); 7438 out: 7439 nfsd4_bump_seqid(cstate, status); 7440 return status; 7441 } 7442 7443 static bool nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) 7444 { 7445 struct nfs4_client *clp = s->st_stid.sc_client; 7446 bool unhashed; 7447 LIST_HEAD(reaplist); 7448 struct nfs4_ol_stateid *stp; 7449 7450 spin_lock(&clp->cl_lock); 7451 unhashed = unhash_open_stateid(s, &reaplist); 7452 7453 if (clp->cl_minorversion) { 7454 if (unhashed) 7455 put_ol_stateid_locked(s, &reaplist); 7456 spin_unlock(&clp->cl_lock); 7457 list_for_each_entry(stp, &reaplist, st_locks) 7458 nfs4_free_cpntf_statelist(clp->net, &stp->st_stid); 7459 free_ol_stateid_reaplist(&reaplist); 7460 return false; 7461 } else { 7462 spin_unlock(&clp->cl_lock); 7463 free_ol_stateid_reaplist(&reaplist); 7464 return unhashed; 7465 } 7466 } 7467 7468 /* 7469 * nfs4_unlock_state() called after encode 7470 */ 7471 __be32 7472 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7473 union nfsd4_op_u *u) 7474 { 7475 struct nfsd4_close *close = &u->close; 7476 __be32 status; 7477 struct nfs4_ol_stateid *stp; 7478 struct net *net = SVC_NET(rqstp); 7479 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7480 bool need_move_to_close_list; 7481 7482 dprintk("NFSD: nfsd4_close on file %pd\n", 7483 cstate->current_fh.fh_dentry); 7484 7485 status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid, 7486 &close->cl_stateid, 7487 SC_TYPE_OPEN, SC_STATUS_CLOSED, 7488 &stp, nn); 7489 nfsd4_bump_seqid(cstate, status); 7490 if (status) 7491 goto out; 7492 7493 spin_lock(&stp->st_stid.sc_client->cl_lock); 7494 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 7495 spin_unlock(&stp->st_stid.sc_client->cl_lock); 7496 7497 /* 7498 * Technically we don't _really_ have to increment or copy it, since 7499 * it should just be gone after this operation and we clobber the 7500 * copied value below, but we continue to do so here just to ensure 7501 * that racing ops see that there was a state change. 7502 */ 7503 nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid); 7504 7505 need_move_to_close_list = nfsd4_close_open_stateid(stp); 7506 mutex_unlock(&stp->st_mutex); 7507 if (need_move_to_close_list) 7508 move_to_close_lru(stp, net); 7509 7510 /* v4.1+ suggests that we send a special stateid in here, since the 7511 * clients should just ignore this anyway. Since this is not useful 7512 * for v4.0 clients either, we set it to the special close_stateid 7513 * universally. 7514 * 7515 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5 7516 */ 7517 memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid)); 7518 7519 /* put reference from nfs4_preprocess_seqid_op */ 7520 nfs4_put_stid(&stp->st_stid); 7521 out: 7522 return status; 7523 } 7524 7525 __be32 7526 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7527 union nfsd4_op_u *u) 7528 { 7529 struct nfsd4_delegreturn *dr = &u->delegreturn; 7530 struct nfs4_delegation *dp; 7531 stateid_t *stateid = &dr->dr_stateid; 7532 struct nfs4_stid *s; 7533 __be32 status; 7534 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7535 7536 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 7537 return status; 7538 7539 status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG, 7540 SC_STATUS_REVOKED | SC_STATUS_FREEABLE, 7541 &s, nn); 7542 if (status) 7543 goto out; 7544 dp = delegstateid(s); 7545 status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate)); 7546 if (status) 7547 goto put_stateid; 7548 7549 trace_nfsd_deleg_return(stateid); 7550 destroy_delegation(dp); 7551 smp_mb__after_atomic(); 7552 wake_up_var(d_inode(cstate->current_fh.fh_dentry)); 7553 put_stateid: 7554 nfs4_put_stid(&dp->dl_stid); 7555 out: 7556 return status; 7557 } 7558 7559 /* last octet in a range */ 7560 static inline u64 7561 last_byte_offset(u64 start, u64 len) 7562 { 7563 u64 end; 7564 7565 WARN_ON_ONCE(!len); 7566 end = start + len; 7567 return end > start ? end - 1: NFS4_MAX_UINT64; 7568 } 7569 7570 /* 7571 * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that 7572 * we can't properly handle lock requests that go beyond the (2^63 - 1)-th 7573 * byte, because of sign extension problems. Since NFSv4 calls for 64-bit 7574 * locking, this prevents us from being completely protocol-compliant. The 7575 * real solution to this problem is to start using unsigned file offsets in 7576 * the VFS, but this is a very deep change! 7577 */ 7578 static inline void 7579 nfs4_transform_lock_offset(struct file_lock *lock) 7580 { 7581 if (lock->fl_start < 0) 7582 lock->fl_start = OFFSET_MAX; 7583 if (lock->fl_end < 0) 7584 lock->fl_end = OFFSET_MAX; 7585 } 7586 7587 static fl_owner_t 7588 nfsd4_lm_get_owner(fl_owner_t owner) 7589 { 7590 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 7591 7592 nfs4_get_stateowner(&lo->lo_owner); 7593 return owner; 7594 } 7595 7596 static void 7597 nfsd4_lm_put_owner(fl_owner_t owner) 7598 { 7599 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 7600 7601 if (lo) 7602 nfs4_put_stateowner(&lo->lo_owner); 7603 } 7604 7605 /* return pointer to struct nfs4_client if client is expirable */ 7606 static bool 7607 nfsd4_lm_lock_expirable(struct file_lock *cfl) 7608 { 7609 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) cfl->c.flc_owner; 7610 struct nfs4_client *clp = lo->lo_owner.so_client; 7611 struct nfsd_net *nn; 7612 7613 if (try_to_expire_client(clp)) { 7614 nn = net_generic(clp->net, nfsd_net_id); 7615 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 7616 return true; 7617 } 7618 return false; 7619 } 7620 7621 /* schedule laundromat to run immediately and wait for it to complete */ 7622 static void 7623 nfsd4_lm_expire_lock(void) 7624 { 7625 flush_workqueue(laundry_wq); 7626 } 7627 7628 static void 7629 nfsd4_lm_notify(struct file_lock *fl) 7630 { 7631 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) fl->c.flc_owner; 7632 struct net *net = lo->lo_owner.so_client->net; 7633 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7634 struct nfsd4_blocked_lock *nbl = container_of(fl, 7635 struct nfsd4_blocked_lock, nbl_lock); 7636 bool queue = false; 7637 7638 /* An empty list means that something else is going to be using it */ 7639 spin_lock(&nn->blocked_locks_lock); 7640 if (!list_empty(&nbl->nbl_list)) { 7641 list_del_init(&nbl->nbl_list); 7642 list_del_init(&nbl->nbl_lru); 7643 queue = true; 7644 } 7645 spin_unlock(&nn->blocked_locks_lock); 7646 7647 if (queue) { 7648 trace_nfsd_cb_notify_lock(lo, nbl); 7649 nfsd4_run_cb(&nbl->nbl_cb); 7650 } 7651 } 7652 7653 static const struct lock_manager_operations nfsd_posix_mng_ops = { 7654 .lm_mod_owner = THIS_MODULE, 7655 .lm_notify = nfsd4_lm_notify, 7656 .lm_get_owner = nfsd4_lm_get_owner, 7657 .lm_put_owner = nfsd4_lm_put_owner, 7658 .lm_lock_expirable = nfsd4_lm_lock_expirable, 7659 .lm_expire_lock = nfsd4_lm_expire_lock, 7660 }; 7661 7662 static inline void 7663 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny) 7664 { 7665 struct nfs4_lockowner *lo; 7666 7667 if (fl->fl_lmops == &nfsd_posix_mng_ops) { 7668 lo = (struct nfs4_lockowner *) fl->c.flc_owner; 7669 xdr_netobj_dup(&deny->ld_owner, &lo->lo_owner.so_owner, 7670 GFP_KERNEL); 7671 if (!deny->ld_owner.data) 7672 /* We just don't care that much */ 7673 goto nevermind; 7674 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid; 7675 } else { 7676 nevermind: 7677 deny->ld_owner.len = 0; 7678 deny->ld_owner.data = NULL; 7679 deny->ld_clientid.cl_boot = 0; 7680 deny->ld_clientid.cl_id = 0; 7681 } 7682 deny->ld_start = fl->fl_start; 7683 deny->ld_length = NFS4_MAX_UINT64; 7684 if (fl->fl_end != NFS4_MAX_UINT64) 7685 deny->ld_length = fl->fl_end - fl->fl_start + 1; 7686 deny->ld_type = NFS4_READ_LT; 7687 if (fl->c.flc_type != F_RDLCK) 7688 deny->ld_type = NFS4_WRITE_LT; 7689 } 7690 7691 static struct nfs4_lockowner * 7692 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner) 7693 { 7694 unsigned int strhashval = ownerstr_hashval(owner); 7695 struct nfs4_stateowner *so; 7696 7697 lockdep_assert_held(&clp->cl_lock); 7698 7699 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval], 7700 so_strhash) { 7701 if (so->so_is_open_owner) 7702 continue; 7703 if (same_owner_str(so, owner)) 7704 return lockowner(nfs4_get_stateowner(so)); 7705 } 7706 return NULL; 7707 } 7708 7709 static struct nfs4_lockowner * 7710 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner) 7711 { 7712 struct nfs4_lockowner *lo; 7713 7714 spin_lock(&clp->cl_lock); 7715 lo = find_lockowner_str_locked(clp, owner); 7716 spin_unlock(&clp->cl_lock); 7717 return lo; 7718 } 7719 7720 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop) 7721 { 7722 unhash_lockowner_locked(lockowner(sop)); 7723 } 7724 7725 static void nfs4_free_lockowner(struct nfs4_stateowner *sop) 7726 { 7727 struct nfs4_lockowner *lo = lockowner(sop); 7728 7729 kmem_cache_free(lockowner_slab, lo); 7730 } 7731 7732 static const struct nfs4_stateowner_operations lockowner_ops = { 7733 .so_unhash = nfs4_unhash_lockowner, 7734 .so_free = nfs4_free_lockowner, 7735 }; 7736 7737 /* 7738 * Alloc a lock owner structure. 7739 * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 7740 * occurred. 7741 * 7742 * strhashval = ownerstr_hashval 7743 */ 7744 static struct nfs4_lockowner * 7745 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, 7746 struct nfs4_ol_stateid *open_stp, 7747 struct nfsd4_lock *lock) 7748 { 7749 struct nfs4_lockowner *lo, *ret; 7750 7751 lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp); 7752 if (!lo) 7753 return NULL; 7754 INIT_LIST_HEAD(&lo->lo_blocked); 7755 INIT_LIST_HEAD(&lo->lo_owner.so_stateids); 7756 lo->lo_owner.so_is_open_owner = 0; 7757 lo->lo_owner.so_seqid = lock->lk_new_lock_seqid; 7758 lo->lo_owner.so_ops = &lockowner_ops; 7759 spin_lock(&clp->cl_lock); 7760 ret = find_lockowner_str_locked(clp, &lock->lk_new_owner); 7761 if (ret == NULL) { 7762 list_add(&lo->lo_owner.so_strhash, 7763 &clp->cl_ownerstr_hashtbl[strhashval]); 7764 ret = lo; 7765 } else 7766 nfs4_free_stateowner(&lo->lo_owner); 7767 7768 spin_unlock(&clp->cl_lock); 7769 return ret; 7770 } 7771 7772 static struct nfs4_ol_stateid * 7773 find_lock_stateid(const struct nfs4_lockowner *lo, 7774 const struct nfs4_ol_stateid *ost) 7775 { 7776 struct nfs4_ol_stateid *lst; 7777 7778 lockdep_assert_held(&ost->st_stid.sc_client->cl_lock); 7779 7780 /* If ost is not hashed, ost->st_locks will not be valid */ 7781 if (!nfs4_ol_stateid_unhashed(ost)) 7782 list_for_each_entry(lst, &ost->st_locks, st_locks) { 7783 if (lst->st_stateowner == &lo->lo_owner) { 7784 refcount_inc(&lst->st_stid.sc_count); 7785 return lst; 7786 } 7787 } 7788 return NULL; 7789 } 7790 7791 static struct nfs4_ol_stateid * 7792 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo, 7793 struct nfs4_file *fp, struct inode *inode, 7794 struct nfs4_ol_stateid *open_stp) 7795 { 7796 struct nfs4_client *clp = lo->lo_owner.so_client; 7797 struct nfs4_ol_stateid *retstp; 7798 7799 mutex_init(&stp->st_mutex); 7800 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 7801 retry: 7802 spin_lock(&clp->cl_lock); 7803 if (nfs4_ol_stateid_unhashed(open_stp)) 7804 goto out_close; 7805 retstp = find_lock_stateid(lo, open_stp); 7806 if (retstp) 7807 goto out_found; 7808 refcount_inc(&stp->st_stid.sc_count); 7809 stp->st_stid.sc_type = SC_TYPE_LOCK; 7810 stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner); 7811 get_nfs4_file(fp); 7812 stp->st_stid.sc_file = fp; 7813 stp->st_access_bmap = 0; 7814 stp->st_deny_bmap = open_stp->st_deny_bmap; 7815 stp->st_openstp = open_stp; 7816 spin_lock(&fp->fi_lock); 7817 list_add(&stp->st_locks, &open_stp->st_locks); 7818 list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids); 7819 list_add(&stp->st_perfile, &fp->fi_stateids); 7820 spin_unlock(&fp->fi_lock); 7821 spin_unlock(&clp->cl_lock); 7822 return stp; 7823 out_found: 7824 spin_unlock(&clp->cl_lock); 7825 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 7826 nfs4_put_stid(&retstp->st_stid); 7827 goto retry; 7828 } 7829 /* To keep mutex tracking happy */ 7830 mutex_unlock(&stp->st_mutex); 7831 return retstp; 7832 out_close: 7833 spin_unlock(&clp->cl_lock); 7834 mutex_unlock(&stp->st_mutex); 7835 return NULL; 7836 } 7837 7838 static struct nfs4_ol_stateid * 7839 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi, 7840 struct inode *inode, struct nfs4_ol_stateid *ost, 7841 bool *new) 7842 { 7843 struct nfs4_stid *ns = NULL; 7844 struct nfs4_ol_stateid *lst; 7845 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 7846 struct nfs4_client *clp = oo->oo_owner.so_client; 7847 7848 *new = false; 7849 spin_lock(&clp->cl_lock); 7850 lst = find_lock_stateid(lo, ost); 7851 spin_unlock(&clp->cl_lock); 7852 if (lst != NULL) { 7853 if (nfsd4_lock_ol_stateid(lst) == nfs_ok) 7854 goto out; 7855 nfs4_put_stid(&lst->st_stid); 7856 } 7857 ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid); 7858 if (ns == NULL) 7859 return NULL; 7860 7861 lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost); 7862 if (lst == openlockstateid(ns)) 7863 *new = true; 7864 else 7865 nfs4_put_stid(ns); 7866 out: 7867 return lst; 7868 } 7869 7870 static int 7871 check_lock_length(u64 offset, u64 length) 7872 { 7873 return ((length == 0) || ((length != NFS4_MAX_UINT64) && 7874 (length > ~offset))); 7875 } 7876 7877 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access) 7878 { 7879 struct nfs4_file *fp = lock_stp->st_stid.sc_file; 7880 7881 lockdep_assert_held(&fp->fi_lock); 7882 7883 if (test_access(access, lock_stp)) 7884 return; 7885 __nfs4_file_get_access(fp, access); 7886 set_access(access, lock_stp); 7887 } 7888 7889 static __be32 7890 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, 7891 struct nfs4_ol_stateid *ost, 7892 struct nfsd4_lock *lock, 7893 struct nfs4_ol_stateid **plst, bool *new) 7894 { 7895 __be32 status; 7896 struct nfs4_file *fi = ost->st_stid.sc_file; 7897 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 7898 struct nfs4_client *cl = oo->oo_owner.so_client; 7899 struct inode *inode = d_inode(cstate->current_fh.fh_dentry); 7900 struct nfs4_lockowner *lo; 7901 struct nfs4_ol_stateid *lst; 7902 unsigned int strhashval; 7903 7904 lo = find_lockowner_str(cl, &lock->lk_new_owner); 7905 if (!lo) { 7906 strhashval = ownerstr_hashval(&lock->lk_new_owner); 7907 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock); 7908 if (lo == NULL) 7909 return nfserr_jukebox; 7910 } else { 7911 /* with an existing lockowner, seqids must be the same */ 7912 status = nfserr_bad_seqid; 7913 if (!cstate->minorversion && 7914 lock->lk_new_lock_seqid != lo->lo_owner.so_seqid) 7915 goto out; 7916 } 7917 7918 lst = find_or_create_lock_stateid(lo, fi, inode, ost, new); 7919 if (lst == NULL) { 7920 status = nfserr_jukebox; 7921 goto out; 7922 } 7923 7924 status = nfs_ok; 7925 *plst = lst; 7926 out: 7927 nfs4_put_stateowner(&lo->lo_owner); 7928 return status; 7929 } 7930 7931 /* 7932 * LOCK operation 7933 */ 7934 __be32 7935 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7936 union nfsd4_op_u *u) 7937 { 7938 struct nfsd4_lock *lock = &u->lock; 7939 struct nfs4_openowner *open_sop = NULL; 7940 struct nfs4_lockowner *lock_sop = NULL; 7941 struct nfs4_ol_stateid *lock_stp = NULL; 7942 struct nfs4_ol_stateid *open_stp = NULL; 7943 struct nfs4_file *fp; 7944 struct nfsd_file *nf = NULL; 7945 struct nfsd4_blocked_lock *nbl = NULL; 7946 struct file_lock *file_lock = NULL; 7947 struct file_lock *conflock = NULL; 7948 struct super_block *sb; 7949 __be32 status = 0; 7950 int lkflg; 7951 int err; 7952 bool new = false; 7953 unsigned char type; 7954 unsigned int flags = FL_POSIX; 7955 struct net *net = SVC_NET(rqstp); 7956 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7957 7958 dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", 7959 (long long) lock->lk_offset, 7960 (long long) lock->lk_length); 7961 7962 if (check_lock_length(lock->lk_offset, lock->lk_length)) 7963 return nfserr_inval; 7964 7965 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 7966 if (status != nfs_ok) 7967 return status; 7968 sb = cstate->current_fh.fh_dentry->d_sb; 7969 7970 if (lock->lk_is_new) { 7971 if (nfsd4_has_session(cstate)) 7972 /* See rfc 5661 18.10.3: given clientid is ignored: */ 7973 memcpy(&lock->lk_new_clientid, 7974 &cstate->clp->cl_clientid, 7975 sizeof(clientid_t)); 7976 7977 /* validate and update open stateid and open seqid */ 7978 status = nfs4_preprocess_confirmed_seqid_op(cstate, 7979 lock->lk_new_open_seqid, 7980 &lock->lk_new_open_stateid, 7981 &open_stp, nn); 7982 if (status) 7983 goto out; 7984 mutex_unlock(&open_stp->st_mutex); 7985 open_sop = openowner(open_stp->st_stateowner); 7986 status = nfserr_bad_stateid; 7987 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid, 7988 &lock->lk_new_clientid)) 7989 goto out; 7990 status = lookup_or_create_lock_state(cstate, open_stp, lock, 7991 &lock_stp, &new); 7992 } else { 7993 status = nfs4_preprocess_seqid_op(cstate, 7994 lock->lk_old_lock_seqid, 7995 &lock->lk_old_lock_stateid, 7996 SC_TYPE_LOCK, 0, &lock_stp, 7997 nn); 7998 } 7999 if (status) 8000 goto out; 8001 lock_sop = lockowner(lock_stp->st_stateowner); 8002 8003 lkflg = setlkflg(lock->lk_type); 8004 status = nfs4_check_openmode(lock_stp, lkflg); 8005 if (status) 8006 goto out; 8007 8008 status = nfserr_grace; 8009 if (locks_in_grace(net) && !lock->lk_reclaim) 8010 goto out; 8011 status = nfserr_no_grace; 8012 if (!locks_in_grace(net) && lock->lk_reclaim) 8013 goto out; 8014 8015 if (lock->lk_reclaim) 8016 flags |= FL_RECLAIM; 8017 8018 fp = lock_stp->st_stid.sc_file; 8019 switch (lock->lk_type) { 8020 case NFS4_READW_LT: 8021 if (nfsd4_has_session(cstate) || 8022 exportfs_lock_op_is_async(sb->s_export_op)) 8023 flags |= FL_SLEEP; 8024 fallthrough; 8025 case NFS4_READ_LT: 8026 spin_lock(&fp->fi_lock); 8027 nf = find_readable_file_locked(fp); 8028 if (nf) 8029 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ); 8030 spin_unlock(&fp->fi_lock); 8031 type = F_RDLCK; 8032 break; 8033 case NFS4_WRITEW_LT: 8034 if (nfsd4_has_session(cstate) || 8035 exportfs_lock_op_is_async(sb->s_export_op)) 8036 flags |= FL_SLEEP; 8037 fallthrough; 8038 case NFS4_WRITE_LT: 8039 spin_lock(&fp->fi_lock); 8040 nf = find_writeable_file_locked(fp); 8041 if (nf) 8042 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE); 8043 spin_unlock(&fp->fi_lock); 8044 type = F_WRLCK; 8045 break; 8046 default: 8047 status = nfserr_inval; 8048 goto out; 8049 } 8050 8051 if (!nf) { 8052 status = nfserr_openmode; 8053 goto out; 8054 } 8055 8056 /* 8057 * Most filesystems with their own ->lock operations will block 8058 * the nfsd thread waiting to acquire the lock. That leads to 8059 * deadlocks (we don't want every nfsd thread tied up waiting 8060 * for file locks), so don't attempt blocking lock notifications 8061 * on those filesystems: 8062 */ 8063 if (!exportfs_lock_op_is_async(sb->s_export_op)) 8064 flags &= ~FL_SLEEP; 8065 8066 nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); 8067 if (!nbl) { 8068 dprintk("NFSD: %s: unable to allocate block!\n", __func__); 8069 status = nfserr_jukebox; 8070 goto out; 8071 } 8072 8073 file_lock = &nbl->nbl_lock; 8074 file_lock->c.flc_type = type; 8075 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner)); 8076 file_lock->c.flc_pid = current->tgid; 8077 file_lock->c.flc_file = nf->nf_file; 8078 file_lock->c.flc_flags = flags; 8079 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8080 file_lock->fl_start = lock->lk_offset; 8081 file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length); 8082 nfs4_transform_lock_offset(file_lock); 8083 8084 conflock = locks_alloc_lock(); 8085 if (!conflock) { 8086 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8087 status = nfserr_jukebox; 8088 goto out; 8089 } 8090 8091 if (flags & FL_SLEEP) { 8092 nbl->nbl_time = ktime_get_boottime_seconds(); 8093 spin_lock(&nn->blocked_locks_lock); 8094 list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); 8095 list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); 8096 kref_get(&nbl->nbl_kref); 8097 spin_unlock(&nn->blocked_locks_lock); 8098 } 8099 8100 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, conflock); 8101 switch (err) { 8102 case 0: /* success! */ 8103 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid); 8104 status = 0; 8105 if (lock->lk_reclaim) 8106 nn->somebody_reclaimed = true; 8107 break; 8108 case FILE_LOCK_DEFERRED: 8109 kref_put(&nbl->nbl_kref, free_nbl); 8110 nbl = NULL; 8111 fallthrough; 8112 case -EAGAIN: /* conflock holds conflicting lock */ 8113 status = nfserr_denied; 8114 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n"); 8115 nfs4_set_lock_denied(conflock, &lock->lk_denied); 8116 break; 8117 case -EDEADLK: 8118 status = nfserr_deadlock; 8119 break; 8120 default: 8121 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err); 8122 status = nfserrno(err); 8123 break; 8124 } 8125 out: 8126 if (nbl) { 8127 /* dequeue it if we queued it before */ 8128 if (flags & FL_SLEEP) { 8129 spin_lock(&nn->blocked_locks_lock); 8130 if (!list_empty(&nbl->nbl_list) && 8131 !list_empty(&nbl->nbl_lru)) { 8132 list_del_init(&nbl->nbl_list); 8133 list_del_init(&nbl->nbl_lru); 8134 kref_put(&nbl->nbl_kref, free_nbl); 8135 } 8136 /* nbl can use one of lists to be linked to reaplist */ 8137 spin_unlock(&nn->blocked_locks_lock); 8138 } 8139 free_blocked_lock(nbl); 8140 } 8141 if (nf) 8142 nfsd_file_put(nf); 8143 if (lock_stp) { 8144 /* Bump seqid manually if the 4.0 replay owner is openowner */ 8145 if (cstate->replay_owner && 8146 cstate->replay_owner != &lock_sop->lo_owner && 8147 seqid_mutating_err(ntohl(status))) 8148 lock_sop->lo_owner.so_seqid++; 8149 8150 /* 8151 * If this is a new, never-before-used stateid, and we are 8152 * returning an error, then just go ahead and release it. 8153 */ 8154 if (status && new) 8155 release_lock_stateid(lock_stp); 8156 8157 mutex_unlock(&lock_stp->st_mutex); 8158 8159 nfs4_put_stid(&lock_stp->st_stid); 8160 } 8161 if (open_stp) 8162 nfs4_put_stid(&open_stp->st_stid); 8163 nfsd4_bump_seqid(cstate, status); 8164 if (conflock) 8165 locks_free_lock(conflock); 8166 return status; 8167 } 8168 8169 void nfsd4_lock_release(union nfsd4_op_u *u) 8170 { 8171 struct nfsd4_lock *lock = &u->lock; 8172 struct nfsd4_lock_denied *deny = &lock->lk_denied; 8173 8174 kfree(deny->ld_owner.data); 8175 } 8176 8177 /* 8178 * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN, 8179 * so we do a temporary open here just to get an open file to pass to 8180 * vfs_test_lock. 8181 */ 8182 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock) 8183 { 8184 struct nfsd_file *nf; 8185 struct inode *inode; 8186 __be32 err; 8187 8188 err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); 8189 if (err) 8190 return err; 8191 inode = fhp->fh_dentry->d_inode; 8192 inode_lock(inode); /* to block new leases till after test_lock: */ 8193 err = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 8194 if (err) 8195 goto out; 8196 lock->c.flc_file = nf->nf_file; 8197 err = nfserrno(vfs_test_lock(nf->nf_file, lock)); 8198 lock->c.flc_file = NULL; 8199 out: 8200 inode_unlock(inode); 8201 nfsd_file_put(nf); 8202 return err; 8203 } 8204 8205 /* 8206 * LOCKT operation 8207 */ 8208 __be32 8209 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8210 union nfsd4_op_u *u) 8211 { 8212 struct nfsd4_lockt *lockt = &u->lockt; 8213 struct file_lock *file_lock = NULL; 8214 struct nfs4_lockowner *lo = NULL; 8215 __be32 status; 8216 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8217 8218 if (locks_in_grace(SVC_NET(rqstp))) 8219 return nfserr_grace; 8220 8221 if (check_lock_length(lockt->lt_offset, lockt->lt_length)) 8222 return nfserr_inval; 8223 8224 if (!nfsd4_has_session(cstate)) { 8225 status = set_client(&lockt->lt_clientid, cstate, nn); 8226 if (status) 8227 goto out; 8228 } 8229 8230 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 8231 goto out; 8232 8233 file_lock = locks_alloc_lock(); 8234 if (!file_lock) { 8235 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8236 status = nfserr_jukebox; 8237 goto out; 8238 } 8239 8240 switch (lockt->lt_type) { 8241 case NFS4_READ_LT: 8242 case NFS4_READW_LT: 8243 file_lock->c.flc_type = F_RDLCK; 8244 break; 8245 case NFS4_WRITE_LT: 8246 case NFS4_WRITEW_LT: 8247 file_lock->c.flc_type = F_WRLCK; 8248 break; 8249 default: 8250 dprintk("NFSD: nfs4_lockt: bad lock type!\n"); 8251 status = nfserr_inval; 8252 goto out; 8253 } 8254 8255 lo = find_lockowner_str(cstate->clp, &lockt->lt_owner); 8256 if (lo) 8257 file_lock->c.flc_owner = (fl_owner_t)lo; 8258 file_lock->c.flc_pid = current->tgid; 8259 file_lock->c.flc_flags = FL_POSIX; 8260 8261 file_lock->fl_start = lockt->lt_offset; 8262 file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length); 8263 8264 nfs4_transform_lock_offset(file_lock); 8265 8266 status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock); 8267 if (status) 8268 goto out; 8269 8270 if (file_lock->c.flc_type != F_UNLCK) { 8271 status = nfserr_denied; 8272 nfs4_set_lock_denied(file_lock, &lockt->lt_denied); 8273 } 8274 out: 8275 if (lo) 8276 nfs4_put_stateowner(&lo->lo_owner); 8277 if (file_lock) 8278 locks_free_lock(file_lock); 8279 return status; 8280 } 8281 8282 void nfsd4_lockt_release(union nfsd4_op_u *u) 8283 { 8284 struct nfsd4_lockt *lockt = &u->lockt; 8285 struct nfsd4_lock_denied *deny = &lockt->lt_denied; 8286 8287 kfree(deny->ld_owner.data); 8288 } 8289 8290 __be32 8291 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8292 union nfsd4_op_u *u) 8293 { 8294 struct nfsd4_locku *locku = &u->locku; 8295 struct nfs4_ol_stateid *stp; 8296 struct nfsd_file *nf = NULL; 8297 struct file_lock *file_lock = NULL; 8298 __be32 status; 8299 int err; 8300 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8301 8302 dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n", 8303 (long long) locku->lu_offset, 8304 (long long) locku->lu_length); 8305 8306 if (check_lock_length(locku->lu_offset, locku->lu_length)) 8307 return nfserr_inval; 8308 8309 status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid, 8310 &locku->lu_stateid, SC_TYPE_LOCK, 0, 8311 &stp, nn); 8312 if (status) 8313 goto out; 8314 nf = find_any_file(stp->st_stid.sc_file); 8315 if (!nf) { 8316 status = nfserr_lock_range; 8317 goto put_stateid; 8318 } 8319 file_lock = locks_alloc_lock(); 8320 if (!file_lock) { 8321 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8322 status = nfserr_jukebox; 8323 goto put_file; 8324 } 8325 8326 file_lock->c.flc_type = F_UNLCK; 8327 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner)); 8328 file_lock->c.flc_pid = current->tgid; 8329 file_lock->c.flc_file = nf->nf_file; 8330 file_lock->c.flc_flags = FL_POSIX; 8331 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8332 file_lock->fl_start = locku->lu_offset; 8333 8334 file_lock->fl_end = last_byte_offset(locku->lu_offset, 8335 locku->lu_length); 8336 nfs4_transform_lock_offset(file_lock); 8337 8338 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, NULL); 8339 if (err) { 8340 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n"); 8341 goto out_nfserr; 8342 } 8343 nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid); 8344 put_file: 8345 nfsd_file_put(nf); 8346 put_stateid: 8347 mutex_unlock(&stp->st_mutex); 8348 nfs4_put_stid(&stp->st_stid); 8349 out: 8350 nfsd4_bump_seqid(cstate, status); 8351 if (file_lock) 8352 locks_free_lock(file_lock); 8353 return status; 8354 8355 out_nfserr: 8356 status = nfserrno(err); 8357 goto put_file; 8358 } 8359 8360 /* 8361 * returns 8362 * true: locks held by lockowner 8363 * false: no locks held by lockowner 8364 */ 8365 static bool 8366 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner) 8367 { 8368 struct file_lock *fl; 8369 int status = false; 8370 struct nfsd_file *nf; 8371 struct inode *inode; 8372 struct file_lock_context *flctx; 8373 8374 spin_lock(&fp->fi_lock); 8375 nf = find_any_file_locked(fp); 8376 if (!nf) { 8377 /* Any valid lock stateid should have some sort of access */ 8378 WARN_ON_ONCE(1); 8379 goto out; 8380 } 8381 8382 inode = file_inode(nf->nf_file); 8383 flctx = locks_inode_context(inode); 8384 8385 if (flctx && !list_empty_careful(&flctx->flc_posix)) { 8386 spin_lock(&flctx->flc_lock); 8387 for_each_file_lock(fl, &flctx->flc_posix) { 8388 if (fl->c.flc_owner == (fl_owner_t)lowner) { 8389 status = true; 8390 break; 8391 } 8392 } 8393 spin_unlock(&flctx->flc_lock); 8394 } 8395 out: 8396 spin_unlock(&fp->fi_lock); 8397 return status; 8398 } 8399 8400 /** 8401 * nfsd4_release_lockowner - process NFSv4.0 RELEASE_LOCKOWNER operations 8402 * @rqstp: RPC transaction 8403 * @cstate: NFSv4 COMPOUND state 8404 * @u: RELEASE_LOCKOWNER arguments 8405 * 8406 * Check if there are any locks still held and if not, free the lockowner 8407 * and any lock state that is owned. 8408 * 8409 * Return values: 8410 * %nfs_ok: lockowner released or not found 8411 * %nfserr_locks_held: lockowner still in use 8412 * %nfserr_stale_clientid: clientid no longer active 8413 * %nfserr_expired: clientid not recognized 8414 */ 8415 __be32 8416 nfsd4_release_lockowner(struct svc_rqst *rqstp, 8417 struct nfsd4_compound_state *cstate, 8418 union nfsd4_op_u *u) 8419 { 8420 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner; 8421 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8422 clientid_t *clid = &rlockowner->rl_clientid; 8423 struct nfs4_ol_stateid *stp; 8424 struct nfs4_lockowner *lo; 8425 struct nfs4_client *clp; 8426 LIST_HEAD(reaplist); 8427 __be32 status; 8428 8429 dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n", 8430 clid->cl_boot, clid->cl_id); 8431 8432 status = set_client(clid, cstate, nn); 8433 if (status) 8434 return status; 8435 clp = cstate->clp; 8436 8437 spin_lock(&clp->cl_lock); 8438 lo = find_lockowner_str_locked(clp, &rlockowner->rl_owner); 8439 if (!lo) { 8440 spin_unlock(&clp->cl_lock); 8441 return nfs_ok; 8442 } 8443 8444 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 8445 if (check_for_locks(stp->st_stid.sc_file, lo)) { 8446 spin_unlock(&clp->cl_lock); 8447 nfs4_put_stateowner(&lo->lo_owner); 8448 return nfserr_locks_held; 8449 } 8450 } 8451 unhash_lockowner_locked(lo); 8452 while (!list_empty(&lo->lo_owner.so_stateids)) { 8453 stp = list_first_entry(&lo->lo_owner.so_stateids, 8454 struct nfs4_ol_stateid, 8455 st_perstateowner); 8456 unhash_lock_stateid(stp); 8457 put_ol_stateid_locked(stp, &reaplist); 8458 } 8459 spin_unlock(&clp->cl_lock); 8460 8461 free_ol_stateid_reaplist(&reaplist); 8462 remove_blocked_locks(lo); 8463 nfs4_put_stateowner(&lo->lo_owner); 8464 return nfs_ok; 8465 } 8466 8467 static inline struct nfs4_client_reclaim * 8468 alloc_reclaim(void) 8469 { 8470 return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL); 8471 } 8472 8473 bool 8474 nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn) 8475 { 8476 struct nfs4_client_reclaim *crp; 8477 8478 crp = nfsd4_find_reclaim_client(name, nn); 8479 return (crp && crp->cr_clp); 8480 } 8481 8482 /* 8483 * failure => all reset bets are off, nfserr_no_grace... 8484 * 8485 * The caller is responsible for freeing name.data if NULL is returned (it 8486 * will be freed in nfs4_remove_reclaim_record in the normal case). 8487 */ 8488 struct nfs4_client_reclaim * 8489 nfs4_client_to_reclaim(struct xdr_netobj name, struct xdr_netobj princhash, 8490 struct nfsd_net *nn) 8491 { 8492 unsigned int strhashval; 8493 struct nfs4_client_reclaim *crp; 8494 8495 crp = alloc_reclaim(); 8496 if (crp) { 8497 strhashval = clientstr_hashval(name); 8498 INIT_LIST_HEAD(&crp->cr_strhash); 8499 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]); 8500 crp->cr_name.data = name.data; 8501 crp->cr_name.len = name.len; 8502 crp->cr_princhash.data = princhash.data; 8503 crp->cr_princhash.len = princhash.len; 8504 crp->cr_clp = NULL; 8505 nn->reclaim_str_hashtbl_size++; 8506 } 8507 return crp; 8508 } 8509 8510 void 8511 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn) 8512 { 8513 list_del(&crp->cr_strhash); 8514 kfree(crp->cr_name.data); 8515 kfree(crp->cr_princhash.data); 8516 kfree(crp); 8517 nn->reclaim_str_hashtbl_size--; 8518 } 8519 8520 void 8521 nfs4_release_reclaim(struct nfsd_net *nn) 8522 { 8523 struct nfs4_client_reclaim *crp = NULL; 8524 int i; 8525 8526 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8527 while (!list_empty(&nn->reclaim_str_hashtbl[i])) { 8528 crp = list_entry(nn->reclaim_str_hashtbl[i].next, 8529 struct nfs4_client_reclaim, cr_strhash); 8530 nfs4_remove_reclaim_record(crp, nn); 8531 } 8532 } 8533 WARN_ON_ONCE(nn->reclaim_str_hashtbl_size); 8534 } 8535 8536 /* 8537 * called from OPEN, CLAIM_PREVIOUS with a new clientid. */ 8538 struct nfs4_client_reclaim * 8539 nfsd4_find_reclaim_client(struct xdr_netobj name, struct nfsd_net *nn) 8540 { 8541 unsigned int strhashval; 8542 struct nfs4_client_reclaim *crp = NULL; 8543 8544 strhashval = clientstr_hashval(name); 8545 list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) { 8546 if (compare_blob(&crp->cr_name, &name) == 0) { 8547 return crp; 8548 } 8549 } 8550 return NULL; 8551 } 8552 8553 __be32 8554 nfs4_check_open_reclaim(struct nfs4_client *clp) 8555 { 8556 if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 8557 return nfserr_no_grace; 8558 8559 if (nfsd4_client_record_check(clp)) 8560 return nfserr_reclaim_bad; 8561 8562 return nfs_ok; 8563 } 8564 8565 /* 8566 * Since the lifetime of a delegation isn't limited to that of an open, a 8567 * client may quite reasonably hang on to a delegation as long as it has 8568 * the inode cached. This becomes an obvious problem the first time a 8569 * client's inode cache approaches the size of the server's total memory. 8570 * 8571 * For now we avoid this problem by imposing a hard limit on the number 8572 * of delegations, which varies according to the server's memory size. 8573 */ 8574 static void 8575 set_max_delegations(void) 8576 { 8577 /* 8578 * Allow at most 4 delegations per megabyte of RAM. Quick 8579 * estimates suggest that in the worst case (where every delegation 8580 * is for a different inode), a delegation could take about 1.5K, 8581 * giving a worst case usage of about 6% of memory. 8582 */ 8583 max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT); 8584 } 8585 8586 static int nfs4_state_create_net(struct net *net) 8587 { 8588 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8589 int i; 8590 8591 nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 8592 sizeof(struct list_head), 8593 GFP_KERNEL); 8594 if (!nn->conf_id_hashtbl) 8595 goto err; 8596 nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 8597 sizeof(struct list_head), 8598 GFP_KERNEL); 8599 if (!nn->unconf_id_hashtbl) 8600 goto err_unconf_id; 8601 nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE, 8602 sizeof(struct list_head), 8603 GFP_KERNEL); 8604 if (!nn->sessionid_hashtbl) 8605 goto err_sessionid; 8606 8607 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8608 INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]); 8609 INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]); 8610 } 8611 for (i = 0; i < SESSION_HASH_SIZE; i++) 8612 INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]); 8613 nn->conf_name_tree = RB_ROOT; 8614 nn->unconf_name_tree = RB_ROOT; 8615 nn->boot_time = ktime_get_real_seconds(); 8616 nn->grace_ended = false; 8617 nn->nfsd4_manager.block_opens = true; 8618 INIT_LIST_HEAD(&nn->nfsd4_manager.list); 8619 INIT_LIST_HEAD(&nn->client_lru); 8620 INIT_LIST_HEAD(&nn->close_lru); 8621 INIT_LIST_HEAD(&nn->del_recall_lru); 8622 spin_lock_init(&nn->client_lock); 8623 spin_lock_init(&nn->s2s_cp_lock); 8624 idr_init(&nn->s2s_cp_stateids); 8625 atomic_set(&nn->pending_async_copies, 0); 8626 8627 spin_lock_init(&nn->blocked_locks_lock); 8628 INIT_LIST_HEAD(&nn->blocked_locks_lru); 8629 8630 INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main); 8631 INIT_WORK(&nn->nfsd_shrinker_work, nfsd4_state_shrinker_worker); 8632 get_net(net); 8633 8634 nn->nfsd_client_shrinker = shrinker_alloc(0, "nfsd-client"); 8635 if (!nn->nfsd_client_shrinker) 8636 goto err_shrinker; 8637 8638 nn->nfsd_client_shrinker->scan_objects = nfsd4_state_shrinker_scan; 8639 nn->nfsd_client_shrinker->count_objects = nfsd4_state_shrinker_count; 8640 nn->nfsd_client_shrinker->private_data = nn; 8641 8642 shrinker_register(nn->nfsd_client_shrinker); 8643 8644 return 0; 8645 8646 err_shrinker: 8647 put_net(net); 8648 kfree(nn->sessionid_hashtbl); 8649 err_sessionid: 8650 kfree(nn->unconf_id_hashtbl); 8651 err_unconf_id: 8652 kfree(nn->conf_id_hashtbl); 8653 err: 8654 return -ENOMEM; 8655 } 8656 8657 static void 8658 nfs4_state_destroy_net(struct net *net) 8659 { 8660 int i; 8661 struct nfs4_client *clp = NULL; 8662 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8663 8664 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8665 while (!list_empty(&nn->conf_id_hashtbl[i])) { 8666 clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 8667 destroy_client(clp); 8668 } 8669 } 8670 8671 WARN_ON(!list_empty(&nn->blocked_locks_lru)); 8672 8673 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8674 while (!list_empty(&nn->unconf_id_hashtbl[i])) { 8675 clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 8676 destroy_client(clp); 8677 } 8678 } 8679 8680 kfree(nn->sessionid_hashtbl); 8681 kfree(nn->unconf_id_hashtbl); 8682 kfree(nn->conf_id_hashtbl); 8683 put_net(net); 8684 } 8685 8686 int 8687 nfs4_state_start_net(struct net *net) 8688 { 8689 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8690 int ret; 8691 8692 ret = nfs4_state_create_net(net); 8693 if (ret) 8694 return ret; 8695 locks_start_grace(net, &nn->nfsd4_manager); 8696 nfsd4_client_tracking_init(net); 8697 if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) 8698 goto skip_grace; 8699 printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", 8700 nn->nfsd4_grace, net->ns.inum); 8701 trace_nfsd_grace_start(nn); 8702 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ); 8703 return 0; 8704 8705 skip_grace: 8706 printk(KERN_INFO "NFSD: no clients to reclaim, skipping NFSv4 grace period (net %x)\n", 8707 net->ns.inum); 8708 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_lease * HZ); 8709 nfsd4_end_grace(nn); 8710 return 0; 8711 } 8712 8713 /* initialization to perform when the nfsd service is started: */ 8714 8715 int 8716 nfs4_state_start(void) 8717 { 8718 int ret; 8719 8720 ret = rhltable_init(&nfs4_file_rhltable, &nfs4_file_rhash_params); 8721 if (ret) 8722 return ret; 8723 8724 set_max_delegations(); 8725 return 0; 8726 } 8727 8728 void 8729 nfs4_state_shutdown_net(struct net *net) 8730 { 8731 struct nfs4_delegation *dp = NULL; 8732 struct list_head *pos, *next, reaplist; 8733 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8734 8735 shrinker_free(nn->nfsd_client_shrinker); 8736 cancel_work_sync(&nn->nfsd_shrinker_work); 8737 cancel_delayed_work_sync(&nn->laundromat_work); 8738 locks_end_grace(&nn->nfsd4_manager); 8739 8740 INIT_LIST_HEAD(&reaplist); 8741 spin_lock(&state_lock); 8742 list_for_each_safe(pos, next, &nn->del_recall_lru) { 8743 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 8744 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 8745 list_add(&dp->dl_recall_lru, &reaplist); 8746 } 8747 spin_unlock(&state_lock); 8748 list_for_each_safe(pos, next, &reaplist) { 8749 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 8750 list_del_init(&dp->dl_recall_lru); 8751 destroy_unhashed_deleg(dp); 8752 } 8753 8754 nfsd4_client_tracking_exit(net); 8755 nfs4_state_destroy_net(net); 8756 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 8757 nfsd4_ssc_shutdown_umount(nn); 8758 #endif 8759 } 8760 8761 void 8762 nfs4_state_shutdown(void) 8763 { 8764 rhltable_destroy(&nfs4_file_rhltable); 8765 } 8766 8767 static void 8768 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 8769 { 8770 if (HAS_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG) && 8771 CURRENT_STATEID(stateid)) 8772 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t)); 8773 } 8774 8775 static void 8776 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 8777 { 8778 if (cstate->minorversion) { 8779 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t)); 8780 SET_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 8781 } 8782 } 8783 8784 void 8785 clear_current_stateid(struct nfsd4_compound_state *cstate) 8786 { 8787 CLEAR_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 8788 } 8789 8790 /* 8791 * functions to set current state id 8792 */ 8793 void 8794 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, 8795 union nfsd4_op_u *u) 8796 { 8797 put_stateid(cstate, &u->open_downgrade.od_stateid); 8798 } 8799 8800 void 8801 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, 8802 union nfsd4_op_u *u) 8803 { 8804 put_stateid(cstate, &u->open.op_stateid); 8805 } 8806 8807 void 8808 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, 8809 union nfsd4_op_u *u) 8810 { 8811 put_stateid(cstate, &u->close.cl_stateid); 8812 } 8813 8814 void 8815 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, 8816 union nfsd4_op_u *u) 8817 { 8818 put_stateid(cstate, &u->lock.lk_resp_stateid); 8819 } 8820 8821 /* 8822 * functions to consume current state id 8823 */ 8824 8825 void 8826 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, 8827 union nfsd4_op_u *u) 8828 { 8829 get_stateid(cstate, &u->open_downgrade.od_stateid); 8830 } 8831 8832 void 8833 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, 8834 union nfsd4_op_u *u) 8835 { 8836 get_stateid(cstate, &u->delegreturn.dr_stateid); 8837 } 8838 8839 void 8840 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, 8841 union nfsd4_op_u *u) 8842 { 8843 get_stateid(cstate, &u->free_stateid.fr_stateid); 8844 } 8845 8846 void 8847 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, 8848 union nfsd4_op_u *u) 8849 { 8850 get_stateid(cstate, &u->setattr.sa_stateid); 8851 } 8852 8853 void 8854 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, 8855 union nfsd4_op_u *u) 8856 { 8857 get_stateid(cstate, &u->close.cl_stateid); 8858 } 8859 8860 void 8861 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, 8862 union nfsd4_op_u *u) 8863 { 8864 get_stateid(cstate, &u->locku.lu_stateid); 8865 } 8866 8867 void 8868 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, 8869 union nfsd4_op_u *u) 8870 { 8871 get_stateid(cstate, &u->read.rd_stateid); 8872 } 8873 8874 void 8875 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, 8876 union nfsd4_op_u *u) 8877 { 8878 get_stateid(cstate, &u->write.wr_stateid); 8879 } 8880 8881 /** 8882 * nfsd4_deleg_getattr_conflict - Recall if GETATTR causes conflict 8883 * @rqstp: RPC transaction context 8884 * @dentry: dentry of inode to be checked for a conflict 8885 * @pdp: returned WRITE delegation, if one was found 8886 * 8887 * This function is called when there is a conflict between a write 8888 * delegation and a change/size GETATTR from another client. The server 8889 * must either use the CB_GETATTR to get the current values of the 8890 * attributes from the client that holds the delegation or recall the 8891 * delegation before replying to the GETATTR. See RFC 8881 section 8892 * 18.7.4. 8893 * 8894 * Returns 0 if there is no conflict; otherwise an nfs_stat 8895 * code is returned. If @pdp is set to a non-NULL value, then the 8896 * caller must put the reference. 8897 */ 8898 __be32 8899 nfsd4_deleg_getattr_conflict(struct svc_rqst *rqstp, struct dentry *dentry, 8900 struct nfs4_delegation **pdp) 8901 { 8902 __be32 status; 8903 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8904 struct file_lock_context *ctx; 8905 struct nfs4_delegation *dp = NULL; 8906 struct file_lease *fl; 8907 struct iattr attrs; 8908 struct nfs4_cb_fattr *ncf; 8909 struct inode *inode = d_inode(dentry); 8910 8911 ctx = locks_inode_context(inode); 8912 if (!ctx) 8913 return nfs_ok; 8914 8915 #define NON_NFSD_LEASE ((void *)1) 8916 8917 spin_lock(&ctx->flc_lock); 8918 for_each_file_lock(fl, &ctx->flc_lease) { 8919 if (fl->c.flc_flags == FL_LAYOUT) 8920 continue; 8921 if (fl->c.flc_type == F_WRLCK) { 8922 if (fl->fl_lmops == &nfsd_lease_mng_ops) 8923 dp = fl->c.flc_owner; 8924 else 8925 dp = NON_NFSD_LEASE; 8926 } 8927 break; 8928 } 8929 if (dp == NULL || dp == NON_NFSD_LEASE || 8930 dp->dl_recall.cb_clp == *(rqstp->rq_lease_breaker)) { 8931 spin_unlock(&ctx->flc_lock); 8932 if (dp == NON_NFSD_LEASE) { 8933 status = nfserrno(nfsd_open_break_lease(inode, 8934 NFSD_MAY_READ)); 8935 if (status != nfserr_jukebox || 8936 !nfsd_wait_for_delegreturn(rqstp, inode)) 8937 return status; 8938 } 8939 return 0; 8940 } 8941 8942 nfsd_stats_wdeleg_getattr_inc(nn); 8943 refcount_inc(&dp->dl_stid.sc_count); 8944 ncf = &dp->dl_cb_fattr; 8945 nfs4_cb_getattr(&dp->dl_cb_fattr); 8946 spin_unlock(&ctx->flc_lock); 8947 8948 wait_on_bit_timeout(&ncf->ncf_cb_flags, CB_GETATTR_BUSY, 8949 TASK_INTERRUPTIBLE, NFSD_CB_GETATTR_TIMEOUT); 8950 if (ncf->ncf_cb_status) { 8951 /* Recall delegation only if client didn't respond */ 8952 status = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 8953 if (status != nfserr_jukebox || 8954 !nfsd_wait_for_delegreturn(rqstp, inode)) 8955 goto out_status; 8956 } 8957 if (!ncf->ncf_file_modified && 8958 (ncf->ncf_initial_cinfo != ncf->ncf_cb_change || 8959 ncf->ncf_cur_fsize != ncf->ncf_cb_fsize)) 8960 ncf->ncf_file_modified = true; 8961 if (ncf->ncf_file_modified) { 8962 int err; 8963 8964 /* 8965 * Per section 10.4.3 of RFC 8881, the server would 8966 * not update the file's metadata with the client's 8967 * modified size 8968 */ 8969 attrs.ia_mtime = attrs.ia_ctime = current_time(inode); 8970 attrs.ia_valid = ATTR_MTIME | ATTR_CTIME | ATTR_DELEG; 8971 inode_lock(inode); 8972 err = notify_change(&nop_mnt_idmap, dentry, &attrs, NULL); 8973 inode_unlock(inode); 8974 if (err) { 8975 status = nfserrno(err); 8976 goto out_status; 8977 } 8978 ncf->ncf_cur_fsize = ncf->ncf_cb_fsize; 8979 *pdp = dp; 8980 return nfs_ok; 8981 } 8982 status = nfs_ok; 8983 out_status: 8984 nfs4_put_stid(&dp->dl_stid); 8985 return status; 8986 } 8987