1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NFS server file handle treatment. 4 * 5 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> 6 * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org> 7 * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999 8 * ... and again Southern-Winter 2001 to support export_operations 9 */ 10 11 #include <linux/exportfs.h> 12 13 #include <linux/sunrpc/svcauth_gss.h> 14 #include "nfsd.h" 15 #include "vfs.h" 16 #include "auth.h" 17 #include "trace.h" 18 19 #define NFSDDBG_FACILITY NFSDDBG_FH 20 21 22 /* 23 * our acceptability function. 24 * if NOSUBTREECHECK, accept anything 25 * if not, require that we can walk up to exp->ex_dentry 26 * doing some checks on the 'x' bits 27 */ 28 static int nfsd_acceptable(void *expv, struct dentry *dentry) 29 { 30 struct svc_export *exp = expv; 31 int rv; 32 struct dentry *tdentry; 33 struct dentry *parent; 34 35 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) 36 return 1; 37 38 tdentry = dget(dentry); 39 while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) { 40 /* make sure parents give x permission to user */ 41 int err; 42 parent = dget_parent(tdentry); 43 err = inode_permission(&nop_mnt_idmap, 44 d_inode(parent), MAY_EXEC); 45 if (err < 0) { 46 dput(parent); 47 break; 48 } 49 dput(tdentry); 50 tdentry = parent; 51 } 52 if (tdentry != exp->ex_path.dentry) 53 dprintk("nfsd_acceptable failed at %p %pd\n", tdentry, tdentry); 54 rv = (tdentry == exp->ex_path.dentry); 55 dput(tdentry); 56 return rv; 57 } 58 59 /* Type check. The correct error return for type mismatches does not seem to be 60 * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a 61 * comment in the NFSv3 spec says this is incorrect (implementation notes for 62 * the write call). 63 */ 64 static inline __be32 65 nfsd_mode_check(struct dentry *dentry, umode_t requested) 66 { 67 umode_t mode = d_inode(dentry)->i_mode & S_IFMT; 68 69 if (requested == 0) /* the caller doesn't care */ 70 return nfs_ok; 71 if (mode == requested) { 72 if (mode == S_IFDIR && !d_can_lookup(dentry)) { 73 WARN_ON_ONCE(1); 74 return nfserr_notdir; 75 } 76 return nfs_ok; 77 } 78 if (mode == S_IFLNK) { 79 if (requested == S_IFDIR) 80 return nfserr_symlink_not_dir; 81 return nfserr_symlink; 82 } 83 if (requested == S_IFDIR) 84 return nfserr_notdir; 85 if (mode == S_IFDIR) 86 return nfserr_isdir; 87 return nfserr_wrong_type; 88 } 89 90 static bool nfsd_originating_port_ok(struct svc_rqst *rqstp, 91 struct svc_cred *cred, 92 struct svc_export *exp) 93 { 94 if (nfsexp_flags(cred, exp) & NFSEXP_INSECURE_PORT) 95 return true; 96 /* We don't require gss requests to use low ports: */ 97 if (cred->cr_flavor >= RPC_AUTH_GSS) 98 return true; 99 return test_bit(RQ_SECURE, &rqstp->rq_flags); 100 } 101 102 static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, 103 struct svc_cred *cred, 104 struct svc_export *exp) 105 { 106 /* Check if the request originated from a secure port. */ 107 if (rqstp && !nfsd_originating_port_ok(rqstp, cred, exp)) { 108 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); 109 dprintk("nfsd: request from insecure port %s!\n", 110 svc_print_addr(rqstp, buf, sizeof(buf))); 111 return nfserr_perm; 112 } 113 114 /* Set user creds for this exportpoint */ 115 return nfserrno(nfsd_setuser(cred, exp)); 116 } 117 118 static inline __be32 check_pseudo_root(struct dentry *dentry, 119 struct svc_export *exp) 120 { 121 if (!(exp->ex_flags & NFSEXP_V4ROOT)) 122 return nfs_ok; 123 /* 124 * We're exposing only the directories and symlinks that have to be 125 * traversed on the way to real exports: 126 */ 127 if (unlikely(!d_is_dir(dentry) && 128 !d_is_symlink(dentry))) 129 return nfserr_stale; 130 /* 131 * A pseudoroot export gives permission to access only one 132 * single directory; the kernel has to make another upcall 133 * before granting access to anything else under it: 134 */ 135 if (unlikely(dentry != exp->ex_path.dentry)) 136 return nfserr_stale; 137 return nfs_ok; 138 } 139 140 /* 141 * Use the given filehandle to look up the corresponding export and 142 * dentry. On success, the results are used to set fh_export and 143 * fh_dentry. 144 */ 145 static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, 146 struct svc_cred *cred, 147 struct auth_domain *client, 148 struct auth_domain *gssclient, 149 struct svc_fh *fhp) 150 { 151 struct knfsd_fh *fh = &fhp->fh_handle; 152 struct fid *fid = NULL; 153 struct svc_export *exp; 154 struct dentry *dentry; 155 int fileid_type; 156 int data_left = fh->fh_size/4; 157 int len; 158 __be32 error; 159 160 error = nfserr_badhandle; 161 if (fh->fh_size == 0) 162 return nfserr_nofilehandle; 163 164 if (fh->fh_version != 1) 165 return error; 166 167 if (--data_left < 0) 168 return error; 169 if (fh->fh_auth_type != 0) 170 return error; 171 len = key_len(fh->fh_fsid_type) / 4; 172 if (len == 0) 173 return error; 174 if (fh->fh_fsid_type == FSID_MAJOR_MINOR) { 175 /* deprecated, convert to type 3 */ 176 len = key_len(FSID_ENCODE_DEV)/4; 177 fh->fh_fsid_type = FSID_ENCODE_DEV; 178 /* 179 * struct knfsd_fh uses host-endian fields, which are 180 * sometimes used to hold net-endian values. This 181 * confuses sparse, so we must use __force here to 182 * keep it from complaining. 183 */ 184 fh->fh_fsid[0] = new_encode_dev(MKDEV(ntohl((__force __be32)fh->fh_fsid[0]), 185 ntohl((__force __be32)fh->fh_fsid[1]))); 186 fh->fh_fsid[1] = fh->fh_fsid[2]; 187 } 188 data_left -= len; 189 if (data_left < 0) 190 return error; 191 exp = rqst_exp_find(rqstp ? &rqstp->rq_chandle : NULL, 192 net, client, gssclient, 193 fh->fh_fsid_type, fh->fh_fsid); 194 fid = (struct fid *)(fh->fh_fsid + len); 195 196 error = nfserr_stale; 197 if (IS_ERR(exp)) { 198 trace_nfsd_set_fh_dentry_badexport(rqstp, fhp, PTR_ERR(exp)); 199 200 if (PTR_ERR(exp) == -ENOENT) 201 return error; 202 203 return nfserrno(PTR_ERR(exp)); 204 } 205 206 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) { 207 /* Elevate privileges so that the lack of 'r' or 'x' 208 * permission on some parent directory will 209 * not stop exportfs_decode_fh from being able 210 * to reconnect a directory into the dentry cache. 211 * The same problem can affect "SUBTREECHECK" exports, 212 * but as nfsd_acceptable depends on correct 213 * access control settings being in effect, we cannot 214 * fix that case easily. 215 */ 216 struct cred *new = prepare_creds(); 217 if (!new) { 218 error = nfserrno(-ENOMEM); 219 goto out; 220 } 221 new->cap_effective = 222 cap_raise_nfsd_set(new->cap_effective, 223 new->cap_permitted); 224 put_cred(override_creds(new)); 225 put_cred(new); 226 } else { 227 error = nfsd_setuser_and_check_port(rqstp, cred, exp); 228 if (error) 229 goto out; 230 } 231 232 /* 233 * Look up the dentry using the NFS file handle. 234 */ 235 error = nfserr_badhandle; 236 237 fileid_type = fh->fh_fileid_type; 238 239 if (fileid_type == FILEID_ROOT) 240 dentry = dget(exp->ex_path.dentry); 241 else { 242 dentry = exportfs_decode_fh_raw(exp->ex_path.mnt, fid, 243 data_left, fileid_type, 0, 244 nfsd_acceptable, exp); 245 if (IS_ERR_OR_NULL(dentry)) { 246 trace_nfsd_set_fh_dentry_badhandle(rqstp, fhp, 247 dentry ? PTR_ERR(dentry) : -ESTALE); 248 switch (PTR_ERR(dentry)) { 249 case -ENOMEM: 250 case -ETIMEDOUT: 251 break; 252 default: 253 dentry = ERR_PTR(-ESTALE); 254 } 255 } 256 } 257 if (dentry == NULL) 258 goto out; 259 if (IS_ERR(dentry)) { 260 if (PTR_ERR(dentry) != -EINVAL) 261 error = nfserrno(PTR_ERR(dentry)); 262 goto out; 263 } 264 265 if (d_is_dir(dentry) && 266 (dentry->d_flags & DCACHE_DISCONNECTED)) { 267 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %pd2\n", 268 dentry); 269 } 270 271 fhp->fh_dentry = dentry; 272 fhp->fh_export = exp; 273 274 switch (fhp->fh_maxsize) { 275 case NFS4_FHSIZE: 276 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR) 277 fhp->fh_no_atomic_attr = true; 278 fhp->fh_64bit_cookies = true; 279 break; 280 case NFS3_FHSIZE: 281 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOWCC) 282 fhp->fh_no_wcc = true; 283 fhp->fh_64bit_cookies = true; 284 if (exp->ex_flags & NFSEXP_V4ROOT) 285 goto out; 286 break; 287 case NFS_FHSIZE: 288 fhp->fh_no_wcc = true; 289 if (EX_WGATHER(exp)) 290 fhp->fh_use_wgather = true; 291 if (exp->ex_flags & NFSEXP_V4ROOT) 292 goto out; 293 } 294 295 return 0; 296 out: 297 exp_put(exp); 298 return error; 299 } 300 301 /** 302 * __fh_verify - filehandle lookup and access checking 303 * @rqstp: RPC transaction context, or NULL 304 * @net: net namespace in which to perform the export lookup 305 * @cred: RPC user credential 306 * @client: RPC auth domain 307 * @gssclient: RPC GSS auth domain, or NULL 308 * @fhp: filehandle to be verified 309 * @type: expected type of object pointed to by filehandle 310 * @access: type of access needed to object 311 * 312 * See fh_verify() for further descriptions of @fhp, @type, and @access. 313 */ 314 static __be32 315 __fh_verify(struct svc_rqst *rqstp, 316 struct net *net, struct svc_cred *cred, 317 struct auth_domain *client, 318 struct auth_domain *gssclient, 319 struct svc_fh *fhp, umode_t type, int access) 320 { 321 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 322 struct svc_export *exp = NULL; 323 struct dentry *dentry; 324 __be32 error; 325 326 if (!fhp->fh_dentry) { 327 error = nfsd_set_fh_dentry(rqstp, net, cred, client, 328 gssclient, fhp); 329 if (error) 330 goto out; 331 } 332 dentry = fhp->fh_dentry; 333 exp = fhp->fh_export; 334 335 trace_nfsd_fh_verify(rqstp, fhp, type, access); 336 337 /* 338 * We still have to do all these permission checks, even when 339 * fh_dentry is already set: 340 * - fh_verify may be called multiple times with different 341 * "access" arguments (e.g. nfsd_proc_create calls 342 * fh_verify(...,NFSD_MAY_EXEC) first, then later (in 343 * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE). 344 * - in the NFSv4 case, the filehandle may have been filled 345 * in by fh_compose, and given a dentry, but further 346 * compound operations performed with that filehandle 347 * still need permissions checks. In the worst case, a 348 * mountpoint crossing may have changed the export 349 * options, and we may now need to use a different uid 350 * (for example, if different id-squashing options are in 351 * effect on the new filesystem). 352 */ 353 error = check_pseudo_root(dentry, exp); 354 if (error) 355 goto out; 356 357 error = nfsd_setuser_and_check_port(rqstp, cred, exp); 358 if (error) 359 goto out; 360 361 error = nfsd_mode_check(dentry, type); 362 if (error) 363 goto out; 364 365 /* 366 * pseudoflavor restrictions are not enforced on NLM, 367 * which clients virtually always use auth_sys for, 368 * even while using RPCSEC_GSS for NFS. 369 */ 370 if (access & NFSD_MAY_LOCK || access & NFSD_MAY_BYPASS_GSS) 371 goto skip_pseudoflavor_check; 372 /* 373 * Clients may expect to be able to use auth_sys during mount, 374 * even if they use gss for everything else; see section 2.3.2 375 * of rfc 2623. 376 */ 377 if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT 378 && exp->ex_path.dentry == dentry) 379 goto skip_pseudoflavor_check; 380 381 error = check_nfsd_access(exp, rqstp); 382 if (error) 383 goto out; 384 385 skip_pseudoflavor_check: 386 /* Finally, check access permissions. */ 387 error = nfsd_permission(cred, exp, dentry, access); 388 out: 389 trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error); 390 if (error == nfserr_stale) 391 nfsd_stats_fh_stale_inc(nn, exp); 392 return error; 393 } 394 395 /** 396 * fh_verify_local - filehandle lookup and access checking 397 * @net: net namespace in which to perform the export lookup 398 * @cred: RPC user credential 399 * @client: RPC auth domain 400 * @fhp: filehandle to be verified 401 * @type: expected type of object pointed to by filehandle 402 * @access: type of access needed to object 403 * 404 * This API can be used by callers who do not have an RPC 405 * transaction context (ie are not running in an nfsd thread). 406 * 407 * See fh_verify() for further descriptions of @fhp, @type, and @access. 408 */ 409 __be32 410 fh_verify_local(struct net *net, struct svc_cred *cred, 411 struct auth_domain *client, struct svc_fh *fhp, 412 umode_t type, int access) 413 { 414 return __fh_verify(NULL, net, cred, client, NULL, 415 fhp, type, access); 416 } 417 418 /** 419 * fh_verify - filehandle lookup and access checking 420 * @rqstp: pointer to current rpc request 421 * @fhp: filehandle to be verified 422 * @type: expected type of object pointed to by filehandle 423 * @access: type of access needed to object 424 * 425 * Look up a dentry from the on-the-wire filehandle, check the client's 426 * access to the export, and set the current task's credentials. 427 * 428 * Regardless of success or failure of fh_verify(), fh_put() should be 429 * called on @fhp when the caller is finished with the filehandle. 430 * 431 * fh_verify() may be called multiple times on a given filehandle, for 432 * example, when processing an NFSv4 compound. The first call will look 433 * up a dentry using the on-the-wire filehandle. Subsequent calls will 434 * skip the lookup and just perform the other checks and possibly change 435 * the current task's credentials. 436 * 437 * @type specifies the type of object expected using one of the S_IF* 438 * constants defined in include/linux/stat.h. The caller may use zero 439 * to indicate that it doesn't care, or a negative integer to indicate 440 * that it expects something not of the given type. 441 * 442 * @access is formed from the NFSD_MAY_* constants defined in 443 * fs/nfsd/vfs.h. 444 */ 445 __be32 446 fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) 447 { 448 return __fh_verify(rqstp, SVC_NET(rqstp), &rqstp->rq_cred, 449 rqstp->rq_client, rqstp->rq_gssclient, 450 fhp, type, access); 451 } 452 453 /* 454 * Compose a file handle for an NFS reply. 455 * 456 * Note that when first composed, the dentry may not yet have 457 * an inode. In this case a call to fh_update should be made 458 * before the fh goes out on the wire ... 459 */ 460 static void _fh_update(struct svc_fh *fhp, struct svc_export *exp, 461 struct dentry *dentry) 462 { 463 if (dentry != exp->ex_path.dentry) { 464 struct fid *fid = (struct fid *) 465 (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1); 466 int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4; 467 int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 : 468 EXPORT_FH_CONNECTABLE; 469 int fileid_type = 470 exportfs_encode_fh(dentry, fid, &maxsize, fh_flags); 471 472 fhp->fh_handle.fh_fileid_type = 473 fileid_type > 0 ? fileid_type : FILEID_INVALID; 474 fhp->fh_handle.fh_size += maxsize * 4; 475 } else { 476 fhp->fh_handle.fh_fileid_type = FILEID_ROOT; 477 } 478 } 479 480 static bool is_root_export(struct svc_export *exp) 481 { 482 return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root; 483 } 484 485 static struct super_block *exp_sb(struct svc_export *exp) 486 { 487 return exp->ex_path.dentry->d_sb; 488 } 489 490 static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp) 491 { 492 switch (fsid_type) { 493 case FSID_DEV: 494 if (!old_valid_dev(exp_sb(exp)->s_dev)) 495 return false; 496 fallthrough; 497 case FSID_MAJOR_MINOR: 498 case FSID_ENCODE_DEV: 499 return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV; 500 case FSID_NUM: 501 return exp->ex_flags & NFSEXP_FSID; 502 case FSID_UUID8: 503 case FSID_UUID16: 504 if (!is_root_export(exp)) 505 return false; 506 fallthrough; 507 case FSID_UUID4_INUM: 508 case FSID_UUID16_INUM: 509 return exp->ex_uuid != NULL; 510 } 511 return true; 512 } 513 514 515 static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh) 516 { 517 u8 version; 518 u8 fsid_type; 519 retry: 520 version = 1; 521 if (ref_fh && ref_fh->fh_export == exp) { 522 version = ref_fh->fh_handle.fh_version; 523 fsid_type = ref_fh->fh_handle.fh_fsid_type; 524 525 ref_fh = NULL; 526 527 switch (version) { 528 case 0xca: 529 fsid_type = FSID_DEV; 530 break; 531 case 1: 532 break; 533 default: 534 goto retry; 535 } 536 537 /* 538 * As the fsid -> filesystem mapping was guided by 539 * user-space, there is no guarantee that the filesystem 540 * actually supports that fsid type. If it doesn't we 541 * loop around again without ref_fh set. 542 */ 543 if (!fsid_type_ok_for_exp(fsid_type, exp)) 544 goto retry; 545 } else if (exp->ex_flags & NFSEXP_FSID) { 546 fsid_type = FSID_NUM; 547 } else if (exp->ex_uuid) { 548 if (fhp->fh_maxsize >= 64) { 549 if (is_root_export(exp)) 550 fsid_type = FSID_UUID16; 551 else 552 fsid_type = FSID_UUID16_INUM; 553 } else { 554 if (is_root_export(exp)) 555 fsid_type = FSID_UUID8; 556 else 557 fsid_type = FSID_UUID4_INUM; 558 } 559 } else if (!old_valid_dev(exp_sb(exp)->s_dev)) 560 /* for newer device numbers, we must use a newer fsid format */ 561 fsid_type = FSID_ENCODE_DEV; 562 else 563 fsid_type = FSID_DEV; 564 fhp->fh_handle.fh_version = version; 565 if (version) 566 fhp->fh_handle.fh_fsid_type = fsid_type; 567 } 568 569 __be32 570 fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry, 571 struct svc_fh *ref_fh) 572 { 573 /* ref_fh is a reference file handle. 574 * if it is non-null and for the same filesystem, then we should compose 575 * a filehandle which is of the same version, where possible. 576 */ 577 578 struct inode * inode = d_inode(dentry); 579 dev_t ex_dev = exp_sb(exp)->s_dev; 580 581 dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n", 582 MAJOR(ex_dev), MINOR(ex_dev), 583 (long) d_inode(exp->ex_path.dentry)->i_ino, 584 dentry, 585 (inode ? inode->i_ino : 0)); 586 587 /* Choose filehandle version and fsid type based on 588 * the reference filehandle (if it is in the same export) 589 * or the export options. 590 */ 591 set_version_and_fsid_type(fhp, exp, ref_fh); 592 593 /* If we have a ref_fh, then copy the fh_no_wcc setting from it. */ 594 fhp->fh_no_wcc = ref_fh ? ref_fh->fh_no_wcc : false; 595 596 if (ref_fh == fhp) 597 fh_put(ref_fh); 598 599 if (fhp->fh_dentry) { 600 printk(KERN_ERR "fh_compose: fh %pd2 not initialized!\n", 601 dentry); 602 } 603 if (fhp->fh_maxsize < NFS_FHSIZE) 604 printk(KERN_ERR "fh_compose: called with maxsize %d! %pd2\n", 605 fhp->fh_maxsize, 606 dentry); 607 608 fhp->fh_dentry = dget(dentry); /* our internal copy */ 609 fhp->fh_export = exp_get(exp); 610 611 fhp->fh_handle.fh_size = 612 key_len(fhp->fh_handle.fh_fsid_type) + 4; 613 fhp->fh_handle.fh_auth_type = 0; 614 615 mk_fsid(fhp->fh_handle.fh_fsid_type, 616 fhp->fh_handle.fh_fsid, 617 ex_dev, 618 d_inode(exp->ex_path.dentry)->i_ino, 619 exp->ex_fsid, exp->ex_uuid); 620 621 if (inode) 622 _fh_update(fhp, exp, dentry); 623 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) { 624 fh_put(fhp); 625 return nfserr_stale; 626 } 627 628 return 0; 629 } 630 631 /* 632 * Update file handle information after changing a dentry. 633 * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create 634 */ 635 __be32 636 fh_update(struct svc_fh *fhp) 637 { 638 struct dentry *dentry; 639 640 if (!fhp->fh_dentry) 641 goto out_bad; 642 643 dentry = fhp->fh_dentry; 644 if (d_really_is_negative(dentry)) 645 goto out_negative; 646 if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT) 647 return 0; 648 649 _fh_update(fhp, fhp->fh_export, dentry); 650 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) 651 return nfserr_stale; 652 return 0; 653 out_bad: 654 printk(KERN_ERR "fh_update: fh not verified!\n"); 655 return nfserr_serverfault; 656 out_negative: 657 printk(KERN_ERR "fh_update: %pd2 still negative!\n", 658 dentry); 659 return nfserr_serverfault; 660 } 661 662 /** 663 * fh_fill_pre_attrs - Fill in pre-op attributes 664 * @fhp: file handle to be updated 665 * 666 */ 667 __be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp) 668 { 669 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE); 670 struct inode *inode; 671 struct kstat stat; 672 __be32 err; 673 674 if (fhp->fh_no_wcc || fhp->fh_pre_saved) 675 return nfs_ok; 676 677 inode = d_inode(fhp->fh_dentry); 678 err = fh_getattr(fhp, &stat); 679 if (err) 680 return err; 681 682 if (v4) 683 fhp->fh_pre_change = nfsd4_change_attribute(&stat, inode); 684 685 fhp->fh_pre_mtime = stat.mtime; 686 fhp->fh_pre_ctime = stat.ctime; 687 fhp->fh_pre_size = stat.size; 688 fhp->fh_pre_saved = true; 689 return nfs_ok; 690 } 691 692 /** 693 * fh_fill_post_attrs - Fill in post-op attributes 694 * @fhp: file handle to be updated 695 * 696 */ 697 __be32 fh_fill_post_attrs(struct svc_fh *fhp) 698 { 699 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE); 700 struct inode *inode = d_inode(fhp->fh_dentry); 701 __be32 err; 702 703 if (fhp->fh_no_wcc) 704 return nfs_ok; 705 706 if (fhp->fh_post_saved) 707 printk("nfsd: inode locked twice during operation.\n"); 708 709 err = fh_getattr(fhp, &fhp->fh_post_attr); 710 if (err) 711 return err; 712 713 fhp->fh_post_saved = true; 714 if (v4) 715 fhp->fh_post_change = 716 nfsd4_change_attribute(&fhp->fh_post_attr, inode); 717 return nfs_ok; 718 } 719 720 /** 721 * fh_fill_both_attrs - Fill pre-op and post-op attributes 722 * @fhp: file handle to be updated 723 * 724 * This is used when the directory wasn't changed, but wcc attributes 725 * are needed anyway. 726 */ 727 __be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp) 728 { 729 __be32 err; 730 731 err = fh_fill_post_attrs(fhp); 732 if (err) 733 return err; 734 735 fhp->fh_pre_change = fhp->fh_post_change; 736 fhp->fh_pre_mtime = fhp->fh_post_attr.mtime; 737 fhp->fh_pre_ctime = fhp->fh_post_attr.ctime; 738 fhp->fh_pre_size = fhp->fh_post_attr.size; 739 fhp->fh_pre_saved = true; 740 return nfs_ok; 741 } 742 743 /* 744 * Release a file handle. 745 */ 746 void 747 fh_put(struct svc_fh *fhp) 748 { 749 struct dentry * dentry = fhp->fh_dentry; 750 struct svc_export * exp = fhp->fh_export; 751 if (dentry) { 752 fhp->fh_dentry = NULL; 753 dput(dentry); 754 fh_clear_pre_post_attrs(fhp); 755 } 756 fh_drop_write(fhp); 757 if (exp) { 758 exp_put(exp); 759 fhp->fh_export = NULL; 760 } 761 fhp->fh_no_wcc = false; 762 return; 763 } 764 765 /* 766 * Shorthand for dprintk()'s 767 */ 768 char * SVCFH_fmt(struct svc_fh *fhp) 769 { 770 struct knfsd_fh *fh = &fhp->fh_handle; 771 static char buf[2+1+1+64*3+1]; 772 773 if (fh->fh_size < 0 || fh->fh_size> 64) 774 return "bad-fh"; 775 sprintf(buf, "%d: %*ph", fh->fh_size, fh->fh_size, fh->fh_raw); 776 return buf; 777 } 778 779 enum fsid_source fsid_source(const struct svc_fh *fhp) 780 { 781 if (fhp->fh_handle.fh_version != 1) 782 return FSIDSOURCE_DEV; 783 switch(fhp->fh_handle.fh_fsid_type) { 784 case FSID_DEV: 785 case FSID_ENCODE_DEV: 786 case FSID_MAJOR_MINOR: 787 if (exp_sb(fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV) 788 return FSIDSOURCE_DEV; 789 break; 790 case FSID_NUM: 791 if (fhp->fh_export->ex_flags & NFSEXP_FSID) 792 return FSIDSOURCE_FSID; 793 break; 794 default: 795 break; 796 } 797 /* either a UUID type filehandle, or the filehandle doesn't 798 * match the export. 799 */ 800 if (fhp->fh_export->ex_flags & NFSEXP_FSID) 801 return FSIDSOURCE_FSID; 802 if (fhp->fh_export->ex_uuid) 803 return FSIDSOURCE_UUID; 804 return FSIDSOURCE_DEV; 805 } 806 807 /* 808 * We could use i_version alone as the change attribute. However, i_version 809 * can go backwards on a regular file after an unclean shutdown. On its own 810 * that doesn't necessarily cause a problem, but if i_version goes backwards 811 * and then is incremented again it could reuse a value that was previously 812 * used before boot, and a client who queried the two values might incorrectly 813 * assume nothing changed. 814 * 815 * By using both ctime and the i_version counter we guarantee that as long as 816 * time doesn't go backwards we never reuse an old value. If the filesystem 817 * advertises STATX_ATTR_CHANGE_MONOTONIC, then this mitigation is not 818 * needed. 819 * 820 * We only need to do this for regular files as well. For directories, we 821 * assume that the new change attr is always logged to stable storage in some 822 * fashion before the results can be seen. 823 */ 824 u64 nfsd4_change_attribute(const struct kstat *stat, const struct inode *inode) 825 { 826 u64 chattr; 827 828 if (stat->result_mask & STATX_CHANGE_COOKIE) { 829 chattr = stat->change_cookie; 830 if (S_ISREG(inode->i_mode) && 831 !(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) { 832 chattr += (u64)stat->ctime.tv_sec << 30; 833 chattr += stat->ctime.tv_nsec; 834 } 835 } else { 836 chattr = time_to_chattr(&stat->ctime); 837 } 838 return chattr; 839 } 840