1 /* 2 * Copyright (c) 2001 The Regents of the University of Michigan. 3 * All rights reserved. 4 * 5 * Kendrick Smith <kmsmith@umich.edu> 6 * Andy Adamson <kandros@umich.edu> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 24 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 */ 34 35 #include <linux/file.h> 36 #include <linux/fs.h> 37 #include <linux/slab.h> 38 #include <linux/namei.h> 39 #include <linux/swap.h> 40 #include <linux/pagemap.h> 41 #include <linux/ratelimit.h> 42 #include <linux/sunrpc/svcauth_gss.h> 43 #include <linux/sunrpc/addr.h> 44 #include <linux/jhash.h> 45 #include <linux/string_helpers.h> 46 #include <linux/fsnotify.h> 47 #include <linux/rhashtable.h> 48 #include <linux/nfs_ssc.h> 49 50 #include "xdr4.h" 51 #include "xdr4cb.h" 52 #include "vfs.h" 53 #include "current_stateid.h" 54 55 #include "netns.h" 56 #include "pnfs.h" 57 #include "filecache.h" 58 #include "trace.h" 59 60 #define NFSDDBG_FACILITY NFSDDBG_PROC 61 62 #define all_ones {{ ~0, ~0}, ~0} 63 static const stateid_t one_stateid = { 64 .si_generation = ~0, 65 .si_opaque = all_ones, 66 }; 67 static const stateid_t zero_stateid = { 68 /* all fields zero */ 69 }; 70 static const stateid_t currentstateid = { 71 .si_generation = 1, 72 }; 73 static const stateid_t close_stateid = { 74 .si_generation = 0xffffffffU, 75 }; 76 77 static u64 current_sessionid = 1; 78 79 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t))) 80 #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t))) 81 #define CURRENT_STATEID(stateid) (!memcmp((stateid), ¤tstateid, sizeof(stateid_t))) 82 #define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t))) 83 84 /* forward declarations */ 85 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); 86 static void nfs4_free_ol_stateid(struct nfs4_stid *stid); 87 void nfsd4_end_grace(struct nfsd_net *nn); 88 static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); 89 static void nfsd4_file_hash_remove(struct nfs4_file *fi); 90 static void deleg_reaper(struct nfsd_net *nn); 91 92 /* Locking: */ 93 94 /* 95 * Currently used for the del_recall_lru and file hash table. In an 96 * effort to decrease the scope of the client_mutex, this spinlock may 97 * eventually cover more: 98 */ 99 static DEFINE_SPINLOCK(state_lock); 100 101 enum nfsd4_st_mutex_lock_subclass { 102 OPEN_STATEID_MUTEX = 0, 103 LOCK_STATEID_MUTEX = 1, 104 }; 105 106 /* 107 * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for 108 * the refcount on the open stateid to drop. 109 */ 110 static DECLARE_WAIT_QUEUE_HEAD(close_wq); 111 112 /* 113 * A waitqueue where a writer to clients/#/ctl destroying a client can 114 * wait for cl_rpc_users to drop to 0 and then for the client to be 115 * unhashed. 116 */ 117 static DECLARE_WAIT_QUEUE_HEAD(expiry_wq); 118 119 static struct kmem_cache *client_slab; 120 static struct kmem_cache *openowner_slab; 121 static struct kmem_cache *lockowner_slab; 122 static struct kmem_cache *file_slab; 123 static struct kmem_cache *stateid_slab; 124 static struct kmem_cache *deleg_slab; 125 static struct kmem_cache *odstate_slab; 126 127 static void free_session(struct nfsd4_session *); 128 129 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops; 130 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops; 131 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops; 132 133 static struct workqueue_struct *laundry_wq; 134 nfsd4_create_laundry_wq(void)135 int nfsd4_create_laundry_wq(void) 136 { 137 int rc = 0; 138 139 laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4"); 140 if (laundry_wq == NULL) 141 rc = -ENOMEM; 142 return rc; 143 } 144 nfsd4_destroy_laundry_wq(void)145 void nfsd4_destroy_laundry_wq(void) 146 { 147 destroy_workqueue(laundry_wq); 148 } 149 is_session_dead(struct nfsd4_session * ses)150 static bool is_session_dead(struct nfsd4_session *ses) 151 { 152 return ses->se_flags & NFS4_SESSION_DEAD; 153 } 154 mark_session_dead_locked(struct nfsd4_session * ses,int ref_held_by_me)155 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me) 156 { 157 if (atomic_read(&ses->se_ref) > ref_held_by_me) 158 return nfserr_jukebox; 159 ses->se_flags |= NFS4_SESSION_DEAD; 160 return nfs_ok; 161 } 162 is_client_expired(struct nfs4_client * clp)163 static bool is_client_expired(struct nfs4_client *clp) 164 { 165 return clp->cl_time == 0; 166 } 167 nfsd4_dec_courtesy_client_count(struct nfsd_net * nn,struct nfs4_client * clp)168 static void nfsd4_dec_courtesy_client_count(struct nfsd_net *nn, 169 struct nfs4_client *clp) 170 { 171 if (clp->cl_state != NFSD4_ACTIVE) 172 atomic_add_unless(&nn->nfsd_courtesy_clients, -1, 0); 173 } 174 get_client_locked(struct nfs4_client * clp)175 static __be32 get_client_locked(struct nfs4_client *clp) 176 { 177 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 178 179 lockdep_assert_held(&nn->client_lock); 180 181 if (is_client_expired(clp)) 182 return nfserr_expired; 183 atomic_inc(&clp->cl_rpc_users); 184 nfsd4_dec_courtesy_client_count(nn, clp); 185 clp->cl_state = NFSD4_ACTIVE; 186 return nfs_ok; 187 } 188 189 /* must be called under the client_lock */ 190 static inline void renew_client_locked(struct nfs4_client * clp)191 renew_client_locked(struct nfs4_client *clp) 192 { 193 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 194 195 if (is_client_expired(clp)) { 196 WARN_ON(1); 197 printk("%s: client (clientid %08x/%08x) already expired\n", 198 __func__, 199 clp->cl_clientid.cl_boot, 200 clp->cl_clientid.cl_id); 201 return; 202 } 203 204 list_move_tail(&clp->cl_lru, &nn->client_lru); 205 clp->cl_time = ktime_get_boottime_seconds(); 206 nfsd4_dec_courtesy_client_count(nn, clp); 207 clp->cl_state = NFSD4_ACTIVE; 208 } 209 put_client_renew_locked(struct nfs4_client * clp)210 static void put_client_renew_locked(struct nfs4_client *clp) 211 { 212 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 213 214 lockdep_assert_held(&nn->client_lock); 215 216 if (!atomic_dec_and_test(&clp->cl_rpc_users)) 217 return; 218 if (!is_client_expired(clp)) 219 renew_client_locked(clp); 220 else 221 wake_up_all(&expiry_wq); 222 } 223 put_client_renew(struct nfs4_client * clp)224 static void put_client_renew(struct nfs4_client *clp) 225 { 226 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 227 228 if (!atomic_dec_and_lock(&clp->cl_rpc_users, &nn->client_lock)) 229 return; 230 if (!is_client_expired(clp)) 231 renew_client_locked(clp); 232 else 233 wake_up_all(&expiry_wq); 234 spin_unlock(&nn->client_lock); 235 } 236 nfsd4_get_session_locked(struct nfsd4_session * ses)237 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses) 238 { 239 __be32 status; 240 241 if (is_session_dead(ses)) 242 return nfserr_badsession; 243 status = get_client_locked(ses->se_client); 244 if (status) 245 return status; 246 atomic_inc(&ses->se_ref); 247 return nfs_ok; 248 } 249 nfsd4_put_session_locked(struct nfsd4_session * ses)250 static void nfsd4_put_session_locked(struct nfsd4_session *ses) 251 { 252 struct nfs4_client *clp = ses->se_client; 253 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 254 255 lockdep_assert_held(&nn->client_lock); 256 257 if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses)) 258 free_session(ses); 259 put_client_renew_locked(clp); 260 } 261 nfsd4_put_session(struct nfsd4_session * ses)262 static void nfsd4_put_session(struct nfsd4_session *ses) 263 { 264 struct nfs4_client *clp = ses->se_client; 265 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 266 267 spin_lock(&nn->client_lock); 268 nfsd4_put_session_locked(ses); 269 spin_unlock(&nn->client_lock); 270 } 271 272 static struct nfsd4_blocked_lock * find_blocked_lock(struct nfs4_lockowner * lo,struct knfsd_fh * fh,struct nfsd_net * nn)273 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 274 struct nfsd_net *nn) 275 { 276 struct nfsd4_blocked_lock *cur, *found = NULL; 277 278 spin_lock(&nn->blocked_locks_lock); 279 list_for_each_entry(cur, &lo->lo_blocked, nbl_list) { 280 if (fh_match(fh, &cur->nbl_fh)) { 281 list_del_init(&cur->nbl_list); 282 WARN_ON(list_empty(&cur->nbl_lru)); 283 list_del_init(&cur->nbl_lru); 284 found = cur; 285 break; 286 } 287 } 288 spin_unlock(&nn->blocked_locks_lock); 289 if (found) 290 locks_delete_block(&found->nbl_lock); 291 return found; 292 } 293 294 static struct nfsd4_blocked_lock * find_or_allocate_block(struct nfs4_lockowner * lo,struct knfsd_fh * fh,struct nfsd_net * nn)295 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 296 struct nfsd_net *nn) 297 { 298 struct nfsd4_blocked_lock *nbl; 299 300 nbl = find_blocked_lock(lo, fh, nn); 301 if (!nbl) { 302 nbl = kmalloc(sizeof(*nbl), GFP_KERNEL); 303 if (nbl) { 304 INIT_LIST_HEAD(&nbl->nbl_list); 305 INIT_LIST_HEAD(&nbl->nbl_lru); 306 fh_copy_shallow(&nbl->nbl_fh, fh); 307 locks_init_lock(&nbl->nbl_lock); 308 kref_init(&nbl->nbl_kref); 309 nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client, 310 &nfsd4_cb_notify_lock_ops, 311 NFSPROC4_CLNT_CB_NOTIFY_LOCK); 312 } 313 } 314 return nbl; 315 } 316 317 static void free_nbl(struct kref * kref)318 free_nbl(struct kref *kref) 319 { 320 struct nfsd4_blocked_lock *nbl; 321 322 nbl = container_of(kref, struct nfsd4_blocked_lock, nbl_kref); 323 locks_release_private(&nbl->nbl_lock); 324 kfree(nbl); 325 } 326 327 static void free_blocked_lock(struct nfsd4_blocked_lock * nbl)328 free_blocked_lock(struct nfsd4_blocked_lock *nbl) 329 { 330 locks_delete_block(&nbl->nbl_lock); 331 kref_put(&nbl->nbl_kref, free_nbl); 332 } 333 334 static void remove_blocked_locks(struct nfs4_lockowner * lo)335 remove_blocked_locks(struct nfs4_lockowner *lo) 336 { 337 struct nfs4_client *clp = lo->lo_owner.so_client; 338 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 339 struct nfsd4_blocked_lock *nbl; 340 LIST_HEAD(reaplist); 341 342 /* Dequeue all blocked locks */ 343 spin_lock(&nn->blocked_locks_lock); 344 while (!list_empty(&lo->lo_blocked)) { 345 nbl = list_first_entry(&lo->lo_blocked, 346 struct nfsd4_blocked_lock, 347 nbl_list); 348 list_del_init(&nbl->nbl_list); 349 WARN_ON(list_empty(&nbl->nbl_lru)); 350 list_move(&nbl->nbl_lru, &reaplist); 351 } 352 spin_unlock(&nn->blocked_locks_lock); 353 354 /* Now free them */ 355 while (!list_empty(&reaplist)) { 356 nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock, 357 nbl_lru); 358 list_del_init(&nbl->nbl_lru); 359 free_blocked_lock(nbl); 360 } 361 } 362 363 static void nfsd4_cb_notify_lock_prepare(struct nfsd4_callback * cb)364 nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) 365 { 366 struct nfsd4_blocked_lock *nbl = container_of(cb, 367 struct nfsd4_blocked_lock, nbl_cb); 368 locks_delete_block(&nbl->nbl_lock); 369 } 370 371 static int nfsd4_cb_notify_lock_done(struct nfsd4_callback * cb,struct rpc_task * task)372 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) 373 { 374 trace_nfsd_cb_notify_lock_done(&zero_stateid, task); 375 376 /* 377 * Since this is just an optimization, we don't try very hard if it 378 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and 379 * just quit trying on anything else. 380 */ 381 switch (task->tk_status) { 382 case -NFS4ERR_DELAY: 383 rpc_delay(task, 1 * HZ); 384 return 0; 385 default: 386 return 1; 387 } 388 } 389 390 static void nfsd4_cb_notify_lock_release(struct nfsd4_callback * cb)391 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb) 392 { 393 struct nfsd4_blocked_lock *nbl = container_of(cb, 394 struct nfsd4_blocked_lock, nbl_cb); 395 396 free_blocked_lock(nbl); 397 } 398 399 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { 400 .prepare = nfsd4_cb_notify_lock_prepare, 401 .done = nfsd4_cb_notify_lock_done, 402 .release = nfsd4_cb_notify_lock_release, 403 .opcode = OP_CB_NOTIFY_LOCK, 404 }; 405 406 /* 407 * We store the NONE, READ, WRITE, and BOTH bits separately in the 408 * st_{access,deny}_bmap field of the stateid, in order to track not 409 * only what share bits are currently in force, but also what 410 * combinations of share bits previous opens have used. This allows us 411 * to enforce the recommendation in 412 * https://datatracker.ietf.org/doc/html/rfc7530#section-16.19.4 that 413 * the server return an error if the client attempt to downgrade to a 414 * combination of share bits not explicable by closing some of its 415 * previous opens. 416 * 417 * This enforcement is arguably incomplete, since we don't keep 418 * track of access/deny bit combinations; so, e.g., we allow: 419 * 420 * OPEN allow read, deny write 421 * OPEN allow both, deny none 422 * DOWNGRADE allow read, deny none 423 * 424 * which we should reject. 425 * 426 * But you could also argue that our current code is already overkill, 427 * since it only exists to return NFS4ERR_INVAL on incorrect client 428 * behavior. 429 */ 430 static unsigned int bmap_to_share_mode(unsigned long bmap)431 bmap_to_share_mode(unsigned long bmap) 432 { 433 int i; 434 unsigned int access = 0; 435 436 for (i = 1; i < 4; i++) { 437 if (test_bit(i, &bmap)) 438 access |= i; 439 } 440 return access; 441 } 442 443 /* set share access for a given stateid */ 444 static inline void set_access(u32 access,struct nfs4_ol_stateid * stp)445 set_access(u32 access, struct nfs4_ol_stateid *stp) 446 { 447 unsigned char mask = 1 << access; 448 449 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 450 stp->st_access_bmap |= mask; 451 } 452 453 /* clear share access for a given stateid */ 454 static inline void clear_access(u32 access,struct nfs4_ol_stateid * stp)455 clear_access(u32 access, struct nfs4_ol_stateid *stp) 456 { 457 unsigned char mask = 1 << access; 458 459 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 460 stp->st_access_bmap &= ~mask; 461 } 462 463 /* test whether a given stateid has access */ 464 static inline bool test_access(u32 access,struct nfs4_ol_stateid * stp)465 test_access(u32 access, struct nfs4_ol_stateid *stp) 466 { 467 unsigned char mask = 1 << access; 468 469 return (bool)(stp->st_access_bmap & mask); 470 } 471 472 /* set share deny for a given stateid */ 473 static inline void set_deny(u32 deny,struct nfs4_ol_stateid * stp)474 set_deny(u32 deny, struct nfs4_ol_stateid *stp) 475 { 476 unsigned char mask = 1 << deny; 477 478 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 479 stp->st_deny_bmap |= mask; 480 } 481 482 /* clear share deny for a given stateid */ 483 static inline void clear_deny(u32 deny,struct nfs4_ol_stateid * stp)484 clear_deny(u32 deny, struct nfs4_ol_stateid *stp) 485 { 486 unsigned char mask = 1 << deny; 487 488 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 489 stp->st_deny_bmap &= ~mask; 490 } 491 492 /* test whether a given stateid is denying specific access */ 493 static inline bool test_deny(u32 deny,struct nfs4_ol_stateid * stp)494 test_deny(u32 deny, struct nfs4_ol_stateid *stp) 495 { 496 unsigned char mask = 1 << deny; 497 498 return (bool)(stp->st_deny_bmap & mask); 499 } 500 nfs4_access_to_omode(u32 access)501 static int nfs4_access_to_omode(u32 access) 502 { 503 switch (access & NFS4_SHARE_ACCESS_BOTH) { 504 case NFS4_SHARE_ACCESS_READ: 505 return O_RDONLY; 506 case NFS4_SHARE_ACCESS_WRITE: 507 return O_WRONLY; 508 case NFS4_SHARE_ACCESS_BOTH: 509 return O_RDWR; 510 } 511 WARN_ON_ONCE(1); 512 return O_RDONLY; 513 } 514 515 static inline int access_permit_read(struct nfs4_ol_stateid * stp)516 access_permit_read(struct nfs4_ol_stateid *stp) 517 { 518 return test_access(NFS4_SHARE_ACCESS_READ, stp) || 519 test_access(NFS4_SHARE_ACCESS_BOTH, stp) || 520 test_access(NFS4_SHARE_ACCESS_WRITE, stp); 521 } 522 523 static inline int access_permit_write(struct nfs4_ol_stateid * stp)524 access_permit_write(struct nfs4_ol_stateid *stp) 525 { 526 return test_access(NFS4_SHARE_ACCESS_WRITE, stp) || 527 test_access(NFS4_SHARE_ACCESS_BOTH, stp); 528 } 529 530 static inline struct nfs4_stateowner * nfs4_get_stateowner(struct nfs4_stateowner * sop)531 nfs4_get_stateowner(struct nfs4_stateowner *sop) 532 { 533 atomic_inc(&sop->so_count); 534 return sop; 535 } 536 537 static int same_owner_str(struct nfs4_stateowner * sop,struct xdr_netobj * owner)538 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner) 539 { 540 return (sop->so_owner.len == owner->len) && 541 0 == memcmp(sop->so_owner.data, owner->data, owner->len); 542 } 543 544 static struct nfs4_openowner * find_openstateowner_str(unsigned int hashval,struct nfsd4_open * open,struct nfs4_client * clp)545 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open, 546 struct nfs4_client *clp) 547 { 548 struct nfs4_stateowner *so; 549 550 lockdep_assert_held(&clp->cl_lock); 551 552 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval], 553 so_strhash) { 554 if (!so->so_is_open_owner) 555 continue; 556 if (same_owner_str(so, &open->op_owner)) 557 return openowner(nfs4_get_stateowner(so)); 558 } 559 return NULL; 560 } 561 562 static inline u32 opaque_hashval(const void * ptr,int nbytes)563 opaque_hashval(const void *ptr, int nbytes) 564 { 565 unsigned char *cptr = (unsigned char *) ptr; 566 567 u32 x = 0; 568 while (nbytes--) { 569 x *= 37; 570 x += *cptr++; 571 } 572 return x; 573 } 574 nfsd4_free_file_rcu(struct rcu_head * rcu)575 static void nfsd4_free_file_rcu(struct rcu_head *rcu) 576 { 577 struct nfs4_file *fp = container_of(rcu, struct nfs4_file, fi_rcu); 578 579 kmem_cache_free(file_slab, fp); 580 } 581 582 void put_nfs4_file(struct nfs4_file * fi)583 put_nfs4_file(struct nfs4_file *fi) 584 { 585 if (refcount_dec_and_test(&fi->fi_ref)) { 586 nfsd4_file_hash_remove(fi); 587 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate)); 588 WARN_ON_ONCE(!list_empty(&fi->fi_delegations)); 589 call_rcu(&fi->fi_rcu, nfsd4_free_file_rcu); 590 } 591 } 592 593 static struct nfsd_file * find_writeable_file_locked(struct nfs4_file * f)594 find_writeable_file_locked(struct nfs4_file *f) 595 { 596 struct nfsd_file *ret; 597 598 lockdep_assert_held(&f->fi_lock); 599 600 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 601 if (!ret) 602 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 603 return ret; 604 } 605 606 static struct nfsd_file * find_writeable_file(struct nfs4_file * f)607 find_writeable_file(struct nfs4_file *f) 608 { 609 struct nfsd_file *ret; 610 611 spin_lock(&f->fi_lock); 612 ret = find_writeable_file_locked(f); 613 spin_unlock(&f->fi_lock); 614 615 return ret; 616 } 617 618 static struct nfsd_file * find_readable_file_locked(struct nfs4_file * f)619 find_readable_file_locked(struct nfs4_file *f) 620 { 621 struct nfsd_file *ret; 622 623 lockdep_assert_held(&f->fi_lock); 624 625 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 626 if (!ret) 627 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 628 return ret; 629 } 630 631 static struct nfsd_file * find_readable_file(struct nfs4_file * f)632 find_readable_file(struct nfs4_file *f) 633 { 634 struct nfsd_file *ret; 635 636 spin_lock(&f->fi_lock); 637 ret = find_readable_file_locked(f); 638 spin_unlock(&f->fi_lock); 639 640 return ret; 641 } 642 643 static struct nfsd_file * find_rw_file(struct nfs4_file * f)644 find_rw_file(struct nfs4_file *f) 645 { 646 struct nfsd_file *ret; 647 648 spin_lock(&f->fi_lock); 649 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 650 spin_unlock(&f->fi_lock); 651 652 return ret; 653 } 654 655 struct nfsd_file * find_any_file(struct nfs4_file * f)656 find_any_file(struct nfs4_file *f) 657 { 658 struct nfsd_file *ret; 659 660 if (!f) 661 return NULL; 662 spin_lock(&f->fi_lock); 663 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 664 if (!ret) { 665 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 666 if (!ret) 667 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 668 } 669 spin_unlock(&f->fi_lock); 670 return ret; 671 } 672 find_any_file_locked(struct nfs4_file * f)673 static struct nfsd_file *find_any_file_locked(struct nfs4_file *f) 674 { 675 lockdep_assert_held(&f->fi_lock); 676 677 if (f->fi_fds[O_RDWR]) 678 return f->fi_fds[O_RDWR]; 679 if (f->fi_fds[O_WRONLY]) 680 return f->fi_fds[O_WRONLY]; 681 if (f->fi_fds[O_RDONLY]) 682 return f->fi_fds[O_RDONLY]; 683 return NULL; 684 } 685 686 static atomic_long_t num_delegations; 687 unsigned long max_delegations; 688 689 /* 690 * Open owner state (share locks) 691 */ 692 693 /* hash tables for lock and open owners */ 694 #define OWNER_HASH_BITS 8 695 #define OWNER_HASH_SIZE (1 << OWNER_HASH_BITS) 696 #define OWNER_HASH_MASK (OWNER_HASH_SIZE - 1) 697 ownerstr_hashval(struct xdr_netobj * ownername)698 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername) 699 { 700 unsigned int ret; 701 702 ret = opaque_hashval(ownername->data, ownername->len); 703 return ret & OWNER_HASH_MASK; 704 } 705 706 static struct rhltable nfs4_file_rhltable ____cacheline_aligned_in_smp; 707 708 static const struct rhashtable_params nfs4_file_rhash_params = { 709 .key_len = sizeof_field(struct nfs4_file, fi_inode), 710 .key_offset = offsetof(struct nfs4_file, fi_inode), 711 .head_offset = offsetof(struct nfs4_file, fi_rlist), 712 713 /* 714 * Start with a single page hash table to reduce resizing churn 715 * on light workloads. 716 */ 717 .min_size = 256, 718 .automatic_shrinking = true, 719 }; 720 721 /* 722 * Check if courtesy clients have conflicting access and resolve it if possible 723 * 724 * access: is op_share_access if share_access is true. 725 * Check if access mode, op_share_access, would conflict with 726 * the current deny mode of the file 'fp'. 727 * access: is op_share_deny if share_access is false. 728 * Check if the deny mode, op_share_deny, would conflict with 729 * current access of the file 'fp'. 730 * stp: skip checking this entry. 731 * new_stp: normal open, not open upgrade. 732 * 733 * Function returns: 734 * false - access/deny mode conflict with normal client. 735 * true - no conflict or conflict with courtesy client(s) is resolved. 736 */ 737 static bool nfs4_resolve_deny_conflicts_locked(struct nfs4_file * fp,bool new_stp,struct nfs4_ol_stateid * stp,u32 access,bool share_access)738 nfs4_resolve_deny_conflicts_locked(struct nfs4_file *fp, bool new_stp, 739 struct nfs4_ol_stateid *stp, u32 access, bool share_access) 740 { 741 struct nfs4_ol_stateid *st; 742 bool resolvable = true; 743 unsigned char bmap; 744 struct nfsd_net *nn; 745 struct nfs4_client *clp; 746 747 lockdep_assert_held(&fp->fi_lock); 748 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 749 /* ignore lock stateid */ 750 if (st->st_openstp) 751 continue; 752 if (st == stp && new_stp) 753 continue; 754 /* check file access against deny mode or vice versa */ 755 bmap = share_access ? st->st_deny_bmap : st->st_access_bmap; 756 if (!(access & bmap_to_share_mode(bmap))) 757 continue; 758 clp = st->st_stid.sc_client; 759 if (try_to_expire_client(clp)) 760 continue; 761 resolvable = false; 762 break; 763 } 764 if (resolvable) { 765 clp = stp->st_stid.sc_client; 766 nn = net_generic(clp->net, nfsd_net_id); 767 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 768 } 769 return resolvable; 770 } 771 772 static void __nfs4_file_get_access(struct nfs4_file * fp,u32 access)773 __nfs4_file_get_access(struct nfs4_file *fp, u32 access) 774 { 775 lockdep_assert_held(&fp->fi_lock); 776 777 if (access & NFS4_SHARE_ACCESS_WRITE) 778 atomic_inc(&fp->fi_access[O_WRONLY]); 779 if (access & NFS4_SHARE_ACCESS_READ) 780 atomic_inc(&fp->fi_access[O_RDONLY]); 781 } 782 783 static __be32 nfs4_file_get_access(struct nfs4_file * fp,u32 access)784 nfs4_file_get_access(struct nfs4_file *fp, u32 access) 785 { 786 lockdep_assert_held(&fp->fi_lock); 787 788 /* Does this access mode make sense? */ 789 if (access & ~NFS4_SHARE_ACCESS_BOTH) 790 return nfserr_inval; 791 792 /* Does it conflict with a deny mode already set? */ 793 if ((access & fp->fi_share_deny) != 0) 794 return nfserr_share_denied; 795 796 __nfs4_file_get_access(fp, access); 797 return nfs_ok; 798 } 799 nfs4_file_check_deny(struct nfs4_file * fp,u32 deny)800 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny) 801 { 802 /* Common case is that there is no deny mode. */ 803 if (deny) { 804 /* Does this deny mode make sense? */ 805 if (deny & ~NFS4_SHARE_DENY_BOTH) 806 return nfserr_inval; 807 808 if ((deny & NFS4_SHARE_DENY_READ) && 809 atomic_read(&fp->fi_access[O_RDONLY])) 810 return nfserr_share_denied; 811 812 if ((deny & NFS4_SHARE_DENY_WRITE) && 813 atomic_read(&fp->fi_access[O_WRONLY])) 814 return nfserr_share_denied; 815 } 816 return nfs_ok; 817 } 818 __nfs4_file_put_access(struct nfs4_file * fp,int oflag)819 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) 820 { 821 might_lock(&fp->fi_lock); 822 823 if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) { 824 struct nfsd_file *f1 = NULL; 825 struct nfsd_file *f2 = NULL; 826 827 swap(f1, fp->fi_fds[oflag]); 828 if (atomic_read(&fp->fi_access[1 - oflag]) == 0) 829 swap(f2, fp->fi_fds[O_RDWR]); 830 spin_unlock(&fp->fi_lock); 831 if (f1) 832 nfsd_file_put(f1); 833 if (f2) 834 nfsd_file_put(f2); 835 } 836 } 837 nfs4_file_put_access(struct nfs4_file * fp,u32 access)838 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access) 839 { 840 WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH); 841 842 if (access & NFS4_SHARE_ACCESS_WRITE) 843 __nfs4_file_put_access(fp, O_WRONLY); 844 if (access & NFS4_SHARE_ACCESS_READ) 845 __nfs4_file_put_access(fp, O_RDONLY); 846 } 847 848 /* 849 * Allocate a new open/delegation state counter. This is needed for 850 * pNFS for proper return on close semantics. 851 * 852 * Note that we only allocate it for pNFS-enabled exports, otherwise 853 * all pointers to struct nfs4_clnt_odstate are always NULL. 854 */ 855 static struct nfs4_clnt_odstate * alloc_clnt_odstate(struct nfs4_client * clp)856 alloc_clnt_odstate(struct nfs4_client *clp) 857 { 858 struct nfs4_clnt_odstate *co; 859 860 co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL); 861 if (co) { 862 co->co_client = clp; 863 refcount_set(&co->co_odcount, 1); 864 } 865 return co; 866 } 867 868 static void hash_clnt_odstate_locked(struct nfs4_clnt_odstate * co)869 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co) 870 { 871 struct nfs4_file *fp = co->co_file; 872 873 lockdep_assert_held(&fp->fi_lock); 874 list_add(&co->co_perfile, &fp->fi_clnt_odstate); 875 } 876 877 static inline void get_clnt_odstate(struct nfs4_clnt_odstate * co)878 get_clnt_odstate(struct nfs4_clnt_odstate *co) 879 { 880 if (co) 881 refcount_inc(&co->co_odcount); 882 } 883 884 static void put_clnt_odstate(struct nfs4_clnt_odstate * co)885 put_clnt_odstate(struct nfs4_clnt_odstate *co) 886 { 887 struct nfs4_file *fp; 888 889 if (!co) 890 return; 891 892 fp = co->co_file; 893 if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) { 894 list_del(&co->co_perfile); 895 spin_unlock(&fp->fi_lock); 896 897 nfsd4_return_all_file_layouts(co->co_client, fp); 898 kmem_cache_free(odstate_slab, co); 899 } 900 } 901 902 static struct nfs4_clnt_odstate * find_or_hash_clnt_odstate(struct nfs4_file * fp,struct nfs4_clnt_odstate * new)903 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new) 904 { 905 struct nfs4_clnt_odstate *co; 906 struct nfs4_client *cl; 907 908 if (!new) 909 return NULL; 910 911 cl = new->co_client; 912 913 spin_lock(&fp->fi_lock); 914 list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) { 915 if (co->co_client == cl) { 916 get_clnt_odstate(co); 917 goto out; 918 } 919 } 920 co = new; 921 co->co_file = fp; 922 hash_clnt_odstate_locked(new); 923 out: 924 spin_unlock(&fp->fi_lock); 925 return co; 926 } 927 nfs4_alloc_stid(struct nfs4_client * cl,struct kmem_cache * slab,void (* sc_free)(struct nfs4_stid *))928 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab, 929 void (*sc_free)(struct nfs4_stid *)) 930 { 931 struct nfs4_stid *stid; 932 int new_id; 933 934 stid = kmem_cache_zalloc(slab, GFP_KERNEL); 935 if (!stid) 936 return NULL; 937 938 idr_preload(GFP_KERNEL); 939 spin_lock(&cl->cl_lock); 940 /* Reserving 0 for start of file in nfsdfs "states" file: */ 941 new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 1, 0, GFP_NOWAIT); 942 spin_unlock(&cl->cl_lock); 943 idr_preload_end(); 944 if (new_id < 0) 945 goto out_free; 946 947 stid->sc_free = sc_free; 948 stid->sc_client = cl; 949 stid->sc_stateid.si_opaque.so_id = new_id; 950 stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid; 951 /* Will be incremented before return to client: */ 952 refcount_set(&stid->sc_count, 1); 953 spin_lock_init(&stid->sc_lock); 954 INIT_LIST_HEAD(&stid->sc_cp_list); 955 956 /* 957 * It shouldn't be a problem to reuse an opaque stateid value. 958 * I don't think it is for 4.1. But with 4.0 I worry that, for 959 * example, a stray write retransmission could be accepted by 960 * the server when it should have been rejected. Therefore, 961 * adopt a trick from the sctp code to attempt to maximize the 962 * amount of time until an id is reused, by ensuring they always 963 * "increase" (mod INT_MAX): 964 */ 965 return stid; 966 out_free: 967 kmem_cache_free(slab, stid); 968 return NULL; 969 } 970 971 /* 972 * Create a unique stateid_t to represent each COPY. 973 */ nfs4_init_cp_state(struct nfsd_net * nn,copy_stateid_t * stid,unsigned char cs_type)974 static int nfs4_init_cp_state(struct nfsd_net *nn, copy_stateid_t *stid, 975 unsigned char cs_type) 976 { 977 int new_id; 978 979 stid->cs_stid.si_opaque.so_clid.cl_boot = (u32)nn->boot_time; 980 stid->cs_stid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id; 981 982 idr_preload(GFP_KERNEL); 983 spin_lock(&nn->s2s_cp_lock); 984 new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, stid, 0, 0, GFP_NOWAIT); 985 stid->cs_stid.si_opaque.so_id = new_id; 986 stid->cs_stid.si_generation = 1; 987 spin_unlock(&nn->s2s_cp_lock); 988 idr_preload_end(); 989 if (new_id < 0) 990 return 0; 991 stid->cs_type = cs_type; 992 return 1; 993 } 994 nfs4_init_copy_state(struct nfsd_net * nn,struct nfsd4_copy * copy)995 int nfs4_init_copy_state(struct nfsd_net *nn, struct nfsd4_copy *copy) 996 { 997 return nfs4_init_cp_state(nn, ©->cp_stateid, NFS4_COPY_STID); 998 } 999 nfs4_alloc_init_cpntf_state(struct nfsd_net * nn,struct nfs4_stid * p_stid)1000 struct nfs4_cpntf_state *nfs4_alloc_init_cpntf_state(struct nfsd_net *nn, 1001 struct nfs4_stid *p_stid) 1002 { 1003 struct nfs4_cpntf_state *cps; 1004 1005 cps = kzalloc(sizeof(struct nfs4_cpntf_state), GFP_KERNEL); 1006 if (!cps) 1007 return NULL; 1008 cps->cpntf_time = ktime_get_boottime_seconds(); 1009 refcount_set(&cps->cp_stateid.cs_count, 1); 1010 if (!nfs4_init_cp_state(nn, &cps->cp_stateid, NFS4_COPYNOTIFY_STID)) 1011 goto out_free; 1012 spin_lock(&nn->s2s_cp_lock); 1013 list_add(&cps->cp_list, &p_stid->sc_cp_list); 1014 spin_unlock(&nn->s2s_cp_lock); 1015 return cps; 1016 out_free: 1017 kfree(cps); 1018 return NULL; 1019 } 1020 nfs4_free_copy_state(struct nfsd4_copy * copy)1021 void nfs4_free_copy_state(struct nfsd4_copy *copy) 1022 { 1023 struct nfsd_net *nn; 1024 1025 if (copy->cp_stateid.cs_type != NFS4_COPY_STID) 1026 return; 1027 nn = net_generic(copy->cp_clp->net, nfsd_net_id); 1028 spin_lock(&nn->s2s_cp_lock); 1029 idr_remove(&nn->s2s_cp_stateids, 1030 copy->cp_stateid.cs_stid.si_opaque.so_id); 1031 spin_unlock(&nn->s2s_cp_lock); 1032 } 1033 nfs4_free_cpntf_statelist(struct net * net,struct nfs4_stid * stid)1034 static void nfs4_free_cpntf_statelist(struct net *net, struct nfs4_stid *stid) 1035 { 1036 struct nfs4_cpntf_state *cps; 1037 struct nfsd_net *nn; 1038 1039 nn = net_generic(net, nfsd_net_id); 1040 spin_lock(&nn->s2s_cp_lock); 1041 while (!list_empty(&stid->sc_cp_list)) { 1042 cps = list_first_entry(&stid->sc_cp_list, 1043 struct nfs4_cpntf_state, cp_list); 1044 _free_cpntf_state_locked(nn, cps); 1045 } 1046 spin_unlock(&nn->s2s_cp_lock); 1047 } 1048 nfs4_alloc_open_stateid(struct nfs4_client * clp)1049 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp) 1050 { 1051 struct nfs4_stid *stid; 1052 1053 stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid); 1054 if (!stid) 1055 return NULL; 1056 1057 return openlockstateid(stid); 1058 } 1059 nfs4_free_deleg(struct nfs4_stid * stid)1060 static void nfs4_free_deleg(struct nfs4_stid *stid) 1061 { 1062 struct nfs4_delegation *dp = delegstateid(stid); 1063 1064 WARN_ON_ONCE(!list_empty(&stid->sc_cp_list)); 1065 WARN_ON_ONCE(!list_empty(&dp->dl_perfile)); 1066 WARN_ON_ONCE(!list_empty(&dp->dl_perclnt)); 1067 WARN_ON_ONCE(!list_empty(&dp->dl_recall_lru)); 1068 kmem_cache_free(deleg_slab, stid); 1069 atomic_long_dec(&num_delegations); 1070 } 1071 1072 /* 1073 * When we recall a delegation, we should be careful not to hand it 1074 * out again straight away. 1075 * To ensure this we keep a pair of bloom filters ('new' and 'old') 1076 * in which the filehandles of recalled delegations are "stored". 1077 * If a filehandle appear in either filter, a delegation is blocked. 1078 * When a delegation is recalled, the filehandle is stored in the "new" 1079 * filter. 1080 * Every 30 seconds we swap the filters and clear the "new" one, 1081 * unless both are empty of course. This results in delegations for a 1082 * given filehandle being blocked for between 30 and 60 seconds. 1083 * 1084 * Each filter is 256 bits. We hash the filehandle to 32bit and use the 1085 * low 3 bytes as hash-table indices. 1086 * 1087 * 'blocked_delegations_lock', which is always taken in block_delegations(), 1088 * is used to manage concurrent access. Testing does not need the lock 1089 * except when swapping the two filters. 1090 */ 1091 static DEFINE_SPINLOCK(blocked_delegations_lock); 1092 static struct bloom_pair { 1093 int entries, old_entries; 1094 time64_t swap_time; 1095 int new; /* index into 'set' */ 1096 DECLARE_BITMAP(set[2], 256); 1097 } blocked_delegations; 1098 delegation_blocked(struct knfsd_fh * fh)1099 static int delegation_blocked(struct knfsd_fh *fh) 1100 { 1101 u32 hash; 1102 struct bloom_pair *bd = &blocked_delegations; 1103 1104 if (bd->entries == 0) 1105 return 0; 1106 if (ktime_get_seconds() - bd->swap_time > 30) { 1107 spin_lock(&blocked_delegations_lock); 1108 if (ktime_get_seconds() - bd->swap_time > 30) { 1109 bd->entries -= bd->old_entries; 1110 bd->old_entries = bd->entries; 1111 bd->new = 1-bd->new; 1112 memset(bd->set[bd->new], 0, 1113 sizeof(bd->set[0])); 1114 bd->swap_time = ktime_get_seconds(); 1115 } 1116 spin_unlock(&blocked_delegations_lock); 1117 } 1118 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1119 if (test_bit(hash&255, bd->set[0]) && 1120 test_bit((hash>>8)&255, bd->set[0]) && 1121 test_bit((hash>>16)&255, bd->set[0])) 1122 return 1; 1123 1124 if (test_bit(hash&255, bd->set[1]) && 1125 test_bit((hash>>8)&255, bd->set[1]) && 1126 test_bit((hash>>16)&255, bd->set[1])) 1127 return 1; 1128 1129 return 0; 1130 } 1131 block_delegations(struct knfsd_fh * fh)1132 static void block_delegations(struct knfsd_fh *fh) 1133 { 1134 u32 hash; 1135 struct bloom_pair *bd = &blocked_delegations; 1136 1137 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1138 1139 spin_lock(&blocked_delegations_lock); 1140 __set_bit(hash&255, bd->set[bd->new]); 1141 __set_bit((hash>>8)&255, bd->set[bd->new]); 1142 __set_bit((hash>>16)&255, bd->set[bd->new]); 1143 if (bd->entries == 0) 1144 bd->swap_time = ktime_get_seconds(); 1145 bd->entries += 1; 1146 spin_unlock(&blocked_delegations_lock); 1147 } 1148 1149 static struct nfs4_delegation * alloc_init_deleg(struct nfs4_client * clp,struct nfs4_file * fp,struct nfs4_clnt_odstate * odstate,u32 dl_type)1150 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp, 1151 struct nfs4_clnt_odstate *odstate, u32 dl_type) 1152 { 1153 struct nfs4_delegation *dp; 1154 struct nfs4_stid *stid; 1155 long n; 1156 1157 dprintk("NFSD alloc_init_deleg\n"); 1158 n = atomic_long_inc_return(&num_delegations); 1159 if (n < 0 || n > max_delegations) 1160 goto out_dec; 1161 if (delegation_blocked(&fp->fi_fhandle)) 1162 goto out_dec; 1163 stid = nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg); 1164 if (stid == NULL) 1165 goto out_dec; 1166 dp = delegstateid(stid); 1167 1168 /* 1169 * delegation seqid's are never incremented. The 4.1 special 1170 * meaning of seqid 0 isn't meaningful, really, but let's avoid 1171 * 0 anyway just for consistency and use 1: 1172 */ 1173 dp->dl_stid.sc_stateid.si_generation = 1; 1174 INIT_LIST_HEAD(&dp->dl_perfile); 1175 INIT_LIST_HEAD(&dp->dl_perclnt); 1176 INIT_LIST_HEAD(&dp->dl_recall_lru); 1177 dp->dl_clnt_odstate = odstate; 1178 get_clnt_odstate(odstate); 1179 dp->dl_type = dl_type; 1180 dp->dl_retries = 1; 1181 dp->dl_recalled = false; 1182 nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client, 1183 &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL); 1184 nfsd4_init_cb(&dp->dl_cb_fattr.ncf_getattr, dp->dl_stid.sc_client, 1185 &nfsd4_cb_getattr_ops, NFSPROC4_CLNT_CB_GETATTR); 1186 dp->dl_cb_fattr.ncf_file_modified = false; 1187 dp->dl_cb_fattr.ncf_cb_bmap[0] = FATTR4_WORD0_CHANGE | FATTR4_WORD0_SIZE; 1188 get_nfs4_file(fp); 1189 dp->dl_stid.sc_file = fp; 1190 return dp; 1191 out_dec: 1192 atomic_long_dec(&num_delegations); 1193 return NULL; 1194 } 1195 1196 void nfs4_put_stid(struct nfs4_stid * s)1197 nfs4_put_stid(struct nfs4_stid *s) 1198 { 1199 struct nfs4_file *fp = s->sc_file; 1200 struct nfs4_client *clp = s->sc_client; 1201 1202 might_lock(&clp->cl_lock); 1203 1204 if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) { 1205 wake_up_all(&close_wq); 1206 return; 1207 } 1208 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1209 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1210 atomic_dec(&s->sc_client->cl_admin_revoked); 1211 nfs4_free_cpntf_statelist(clp->net, s); 1212 spin_unlock(&clp->cl_lock); 1213 s->sc_free(s); 1214 if (fp) 1215 put_nfs4_file(fp); 1216 } 1217 1218 void nfs4_inc_and_copy_stateid(stateid_t * dst,struct nfs4_stid * stid)1219 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid) 1220 { 1221 stateid_t *src = &stid->sc_stateid; 1222 1223 spin_lock(&stid->sc_lock); 1224 if (unlikely(++src->si_generation == 0)) 1225 src->si_generation = 1; 1226 memcpy(dst, src, sizeof(*dst)); 1227 spin_unlock(&stid->sc_lock); 1228 } 1229 put_deleg_file(struct nfs4_file * fp)1230 static void put_deleg_file(struct nfs4_file *fp) 1231 { 1232 struct nfsd_file *nf = NULL; 1233 1234 spin_lock(&fp->fi_lock); 1235 if (--fp->fi_delegees == 0) 1236 swap(nf, fp->fi_deleg_file); 1237 spin_unlock(&fp->fi_lock); 1238 1239 if (nf) 1240 nfsd_file_put(nf); 1241 } 1242 nfs4_unlock_deleg_lease(struct nfs4_delegation * dp)1243 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp) 1244 { 1245 struct nfs4_file *fp = dp->dl_stid.sc_file; 1246 struct nfsd_file *nf = fp->fi_deleg_file; 1247 1248 WARN_ON_ONCE(!fp->fi_delegees); 1249 1250 kernel_setlease(nf->nf_file, F_UNLCK, NULL, (void **)&dp); 1251 put_deleg_file(fp); 1252 } 1253 destroy_unhashed_deleg(struct nfs4_delegation * dp)1254 static void destroy_unhashed_deleg(struct nfs4_delegation *dp) 1255 { 1256 put_clnt_odstate(dp->dl_clnt_odstate); 1257 nfs4_unlock_deleg_lease(dp); 1258 nfs4_put_stid(&dp->dl_stid); 1259 } 1260 1261 /** 1262 * nfs4_delegation_exists - Discover if this delegation already exists 1263 * @clp: a pointer to the nfs4_client we're granting a delegation to 1264 * @fp: a pointer to the nfs4_file we're granting a delegation on 1265 * 1266 * Return: 1267 * On success: true iff an existing delegation is found 1268 */ 1269 1270 static bool nfs4_delegation_exists(struct nfs4_client * clp,struct nfs4_file * fp)1271 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp) 1272 { 1273 struct nfs4_delegation *searchdp = NULL; 1274 struct nfs4_client *searchclp = NULL; 1275 1276 lockdep_assert_held(&state_lock); 1277 lockdep_assert_held(&fp->fi_lock); 1278 1279 list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) { 1280 searchclp = searchdp->dl_stid.sc_client; 1281 if (clp == searchclp) { 1282 return true; 1283 } 1284 } 1285 return false; 1286 } 1287 1288 /** 1289 * hash_delegation_locked - Add a delegation to the appropriate lists 1290 * @dp: a pointer to the nfs4_delegation we are adding. 1291 * @fp: a pointer to the nfs4_file we're granting a delegation on 1292 * 1293 * Return: 1294 * On success: NULL if the delegation was successfully hashed. 1295 * 1296 * On error: -EAGAIN if one was previously granted to this 1297 * nfs4_client for this nfs4_file. Delegation is not hashed. 1298 * 1299 */ 1300 1301 static int hash_delegation_locked(struct nfs4_delegation * dp,struct nfs4_file * fp)1302 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp) 1303 { 1304 struct nfs4_client *clp = dp->dl_stid.sc_client; 1305 1306 lockdep_assert_held(&state_lock); 1307 lockdep_assert_held(&fp->fi_lock); 1308 lockdep_assert_held(&clp->cl_lock); 1309 1310 if (nfs4_delegation_exists(clp, fp)) 1311 return -EAGAIN; 1312 refcount_inc(&dp->dl_stid.sc_count); 1313 dp->dl_stid.sc_type = SC_TYPE_DELEG; 1314 list_add(&dp->dl_perfile, &fp->fi_delegations); 1315 list_add(&dp->dl_perclnt, &clp->cl_delegations); 1316 return 0; 1317 } 1318 delegation_hashed(struct nfs4_delegation * dp)1319 static bool delegation_hashed(struct nfs4_delegation *dp) 1320 { 1321 return !(list_empty(&dp->dl_perfile)); 1322 } 1323 1324 static bool unhash_delegation_locked(struct nfs4_delegation * dp,unsigned short statusmask)1325 unhash_delegation_locked(struct nfs4_delegation *dp, unsigned short statusmask) 1326 { 1327 struct nfs4_file *fp = dp->dl_stid.sc_file; 1328 1329 lockdep_assert_held(&state_lock); 1330 1331 if (!delegation_hashed(dp)) 1332 return false; 1333 1334 if (statusmask == SC_STATUS_REVOKED && 1335 dp->dl_stid.sc_client->cl_minorversion == 0) 1336 statusmask = SC_STATUS_CLOSED; 1337 dp->dl_stid.sc_status |= statusmask; 1338 if (statusmask & SC_STATUS_ADMIN_REVOKED) 1339 atomic_inc(&dp->dl_stid.sc_client->cl_admin_revoked); 1340 1341 /* Ensure that deleg break won't try to requeue it */ 1342 ++dp->dl_time; 1343 spin_lock(&fp->fi_lock); 1344 list_del_init(&dp->dl_perclnt); 1345 list_del_init(&dp->dl_recall_lru); 1346 list_del_init(&dp->dl_perfile); 1347 spin_unlock(&fp->fi_lock); 1348 return true; 1349 } 1350 destroy_delegation(struct nfs4_delegation * dp)1351 static void destroy_delegation(struct nfs4_delegation *dp) 1352 { 1353 bool unhashed; 1354 1355 spin_lock(&state_lock); 1356 unhashed = unhash_delegation_locked(dp, SC_STATUS_CLOSED); 1357 spin_unlock(&state_lock); 1358 if (unhashed) 1359 destroy_unhashed_deleg(dp); 1360 } 1361 1362 /** 1363 * revoke_delegation - perform nfs4 delegation structure cleanup 1364 * @dp: pointer to the delegation 1365 * 1366 * This function assumes that it's called either from the administrative 1367 * interface (nfsd4_revoke_states()) that's revoking a specific delegation 1368 * stateid or it's called from a laundromat thread (nfsd4_landromat()) that 1369 * determined that this specific state has expired and needs to be revoked 1370 * (both mark state with the appropriate stid sc_status mode). It is also 1371 * assumed that a reference was taken on the @dp state. 1372 * 1373 * If this function finds that the @dp state is SC_STATUS_FREED it means 1374 * that a FREE_STATEID operation for this stateid has been processed and 1375 * we can proceed to removing it from recalled list. However, if @dp state 1376 * isn't marked SC_STATUS_FREED, it means we need place it on the cl_revoked 1377 * list and wait for the FREE_STATEID to arrive from the client. At the same 1378 * time, we need to mark it as SC_STATUS_FREEABLE to indicate to the 1379 * nfsd4_free_stateid() function that this stateid has already been added 1380 * to the cl_revoked list and that nfsd4_free_stateid() is now responsible 1381 * for removing it from the list. Inspection of where the delegation state 1382 * in the revocation process is protected by the clp->cl_lock. 1383 */ revoke_delegation(struct nfs4_delegation * dp)1384 static void revoke_delegation(struct nfs4_delegation *dp) 1385 { 1386 struct nfs4_client *clp = dp->dl_stid.sc_client; 1387 1388 WARN_ON(!list_empty(&dp->dl_recall_lru)); 1389 WARN_ON_ONCE(!(dp->dl_stid.sc_status & 1390 (SC_STATUS_REVOKED | SC_STATUS_ADMIN_REVOKED))); 1391 1392 trace_nfsd_stid_revoke(&dp->dl_stid); 1393 1394 spin_lock(&clp->cl_lock); 1395 if (dp->dl_stid.sc_status & SC_STATUS_FREED) { 1396 list_del_init(&dp->dl_recall_lru); 1397 goto out; 1398 } 1399 list_add(&dp->dl_recall_lru, &clp->cl_revoked); 1400 dp->dl_stid.sc_status |= SC_STATUS_FREEABLE; 1401 out: 1402 spin_unlock(&clp->cl_lock); 1403 destroy_unhashed_deleg(dp); 1404 } 1405 1406 /* 1407 * SETCLIENTID state 1408 */ 1409 clientid_hashval(u32 id)1410 static unsigned int clientid_hashval(u32 id) 1411 { 1412 return id & CLIENT_HASH_MASK; 1413 } 1414 clientstr_hashval(struct xdr_netobj name)1415 static unsigned int clientstr_hashval(struct xdr_netobj name) 1416 { 1417 return opaque_hashval(name.data, 8) & CLIENT_HASH_MASK; 1418 } 1419 1420 /* 1421 * A stateid that had a deny mode associated with it is being released 1422 * or downgraded. Recalculate the deny mode on the file. 1423 */ 1424 static void recalculate_deny_mode(struct nfs4_file * fp)1425 recalculate_deny_mode(struct nfs4_file *fp) 1426 { 1427 struct nfs4_ol_stateid *stp; 1428 u32 old_deny; 1429 1430 spin_lock(&fp->fi_lock); 1431 old_deny = fp->fi_share_deny; 1432 fp->fi_share_deny = 0; 1433 list_for_each_entry(stp, &fp->fi_stateids, st_perfile) { 1434 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap); 1435 if (fp->fi_share_deny == old_deny) 1436 break; 1437 } 1438 spin_unlock(&fp->fi_lock); 1439 } 1440 1441 static void reset_union_bmap_deny(u32 deny,struct nfs4_ol_stateid * stp)1442 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp) 1443 { 1444 int i; 1445 bool change = false; 1446 1447 for (i = 1; i < 4; i++) { 1448 if ((i & deny) != i) { 1449 change = true; 1450 clear_deny(i, stp); 1451 } 1452 } 1453 1454 /* Recalculate per-file deny mode if there was a change */ 1455 if (change) 1456 recalculate_deny_mode(stp->st_stid.sc_file); 1457 } 1458 1459 /* release all access and file references for a given stateid */ 1460 static void release_all_access(struct nfs4_ol_stateid * stp)1461 release_all_access(struct nfs4_ol_stateid *stp) 1462 { 1463 int i; 1464 struct nfs4_file *fp = stp->st_stid.sc_file; 1465 1466 if (fp && stp->st_deny_bmap != 0) 1467 recalculate_deny_mode(fp); 1468 1469 for (i = 1; i < 4; i++) { 1470 if (test_access(i, stp)) 1471 nfs4_file_put_access(stp->st_stid.sc_file, i); 1472 clear_access(i, stp); 1473 } 1474 } 1475 nfs4_free_stateowner(struct nfs4_stateowner * sop)1476 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop) 1477 { 1478 kfree(sop->so_owner.data); 1479 sop->so_ops->so_free(sop); 1480 } 1481 nfs4_put_stateowner(struct nfs4_stateowner * sop)1482 static void nfs4_put_stateowner(struct nfs4_stateowner *sop) 1483 { 1484 struct nfs4_client *clp = sop->so_client; 1485 1486 might_lock(&clp->cl_lock); 1487 1488 if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock)) 1489 return; 1490 sop->so_ops->so_unhash(sop); 1491 spin_unlock(&clp->cl_lock); 1492 nfs4_free_stateowner(sop); 1493 } 1494 1495 static bool nfs4_ol_stateid_unhashed(const struct nfs4_ol_stateid * stp)1496 nfs4_ol_stateid_unhashed(const struct nfs4_ol_stateid *stp) 1497 { 1498 return list_empty(&stp->st_perfile); 1499 } 1500 unhash_ol_stateid(struct nfs4_ol_stateid * stp)1501 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp) 1502 { 1503 struct nfs4_file *fp = stp->st_stid.sc_file; 1504 1505 lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock); 1506 1507 if (list_empty(&stp->st_perfile)) 1508 return false; 1509 1510 spin_lock(&fp->fi_lock); 1511 list_del_init(&stp->st_perfile); 1512 spin_unlock(&fp->fi_lock); 1513 list_del(&stp->st_perstateowner); 1514 return true; 1515 } 1516 nfs4_free_ol_stateid(struct nfs4_stid * stid)1517 static void nfs4_free_ol_stateid(struct nfs4_stid *stid) 1518 { 1519 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1520 1521 put_clnt_odstate(stp->st_clnt_odstate); 1522 release_all_access(stp); 1523 if (stp->st_stateowner) 1524 nfs4_put_stateowner(stp->st_stateowner); 1525 WARN_ON(!list_empty(&stid->sc_cp_list)); 1526 kmem_cache_free(stateid_slab, stid); 1527 } 1528 nfs4_free_lock_stateid(struct nfs4_stid * stid)1529 static void nfs4_free_lock_stateid(struct nfs4_stid *stid) 1530 { 1531 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1532 struct nfs4_lockowner *lo = lockowner(stp->st_stateowner); 1533 struct nfsd_file *nf; 1534 1535 nf = find_any_file(stp->st_stid.sc_file); 1536 if (nf) { 1537 get_file(nf->nf_file); 1538 filp_close(nf->nf_file, (fl_owner_t)lo); 1539 nfsd_file_put(nf); 1540 } 1541 nfs4_free_ol_stateid(stid); 1542 } 1543 1544 /* 1545 * Put the persistent reference to an already unhashed generic stateid, while 1546 * holding the cl_lock. If it's the last reference, then put it onto the 1547 * reaplist for later destruction. 1548 */ put_ol_stateid_locked(struct nfs4_ol_stateid * stp,struct list_head * reaplist)1549 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp, 1550 struct list_head *reaplist) 1551 { 1552 struct nfs4_stid *s = &stp->st_stid; 1553 struct nfs4_client *clp = s->sc_client; 1554 1555 lockdep_assert_held(&clp->cl_lock); 1556 1557 WARN_ON_ONCE(!list_empty(&stp->st_locks)); 1558 1559 if (!refcount_dec_and_test(&s->sc_count)) { 1560 wake_up_all(&close_wq); 1561 return; 1562 } 1563 1564 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1565 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1566 atomic_dec(&s->sc_client->cl_admin_revoked); 1567 list_add(&stp->st_locks, reaplist); 1568 } 1569 unhash_lock_stateid(struct nfs4_ol_stateid * stp)1570 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp) 1571 { 1572 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1573 1574 if (!unhash_ol_stateid(stp)) 1575 return false; 1576 list_del_init(&stp->st_locks); 1577 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1578 return true; 1579 } 1580 release_lock_stateid(struct nfs4_ol_stateid * stp)1581 static void release_lock_stateid(struct nfs4_ol_stateid *stp) 1582 { 1583 struct nfs4_client *clp = stp->st_stid.sc_client; 1584 bool unhashed; 1585 1586 spin_lock(&clp->cl_lock); 1587 unhashed = unhash_lock_stateid(stp); 1588 spin_unlock(&clp->cl_lock); 1589 if (unhashed) 1590 nfs4_put_stid(&stp->st_stid); 1591 } 1592 unhash_lockowner_locked(struct nfs4_lockowner * lo)1593 static void unhash_lockowner_locked(struct nfs4_lockowner *lo) 1594 { 1595 struct nfs4_client *clp = lo->lo_owner.so_client; 1596 1597 lockdep_assert_held(&clp->cl_lock); 1598 1599 list_del_init(&lo->lo_owner.so_strhash); 1600 } 1601 1602 /* 1603 * Free a list of generic stateids that were collected earlier after being 1604 * fully unhashed. 1605 */ 1606 static void free_ol_stateid_reaplist(struct list_head * reaplist)1607 free_ol_stateid_reaplist(struct list_head *reaplist) 1608 { 1609 struct nfs4_ol_stateid *stp; 1610 struct nfs4_file *fp; 1611 1612 might_sleep(); 1613 1614 while (!list_empty(reaplist)) { 1615 stp = list_first_entry(reaplist, struct nfs4_ol_stateid, 1616 st_locks); 1617 list_del(&stp->st_locks); 1618 fp = stp->st_stid.sc_file; 1619 stp->st_stid.sc_free(&stp->st_stid); 1620 if (fp) 1621 put_nfs4_file(fp); 1622 } 1623 } 1624 release_open_stateid_locks(struct nfs4_ol_stateid * open_stp,struct list_head * reaplist)1625 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp, 1626 struct list_head *reaplist) 1627 { 1628 struct nfs4_ol_stateid *stp; 1629 1630 lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock); 1631 1632 while (!list_empty(&open_stp->st_locks)) { 1633 stp = list_entry(open_stp->st_locks.next, 1634 struct nfs4_ol_stateid, st_locks); 1635 unhash_lock_stateid(stp); 1636 put_ol_stateid_locked(stp, reaplist); 1637 } 1638 } 1639 unhash_open_stateid(struct nfs4_ol_stateid * stp,struct list_head * reaplist)1640 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp, 1641 struct list_head *reaplist) 1642 { 1643 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1644 1645 if (!unhash_ol_stateid(stp)) 1646 return false; 1647 release_open_stateid_locks(stp, reaplist); 1648 return true; 1649 } 1650 release_open_stateid(struct nfs4_ol_stateid * stp)1651 static void release_open_stateid(struct nfs4_ol_stateid *stp) 1652 { 1653 LIST_HEAD(reaplist); 1654 1655 spin_lock(&stp->st_stid.sc_client->cl_lock); 1656 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1657 if (unhash_open_stateid(stp, &reaplist)) 1658 put_ol_stateid_locked(stp, &reaplist); 1659 spin_unlock(&stp->st_stid.sc_client->cl_lock); 1660 free_ol_stateid_reaplist(&reaplist); 1661 } 1662 unhash_openowner_locked(struct nfs4_openowner * oo)1663 static void unhash_openowner_locked(struct nfs4_openowner *oo) 1664 { 1665 struct nfs4_client *clp = oo->oo_owner.so_client; 1666 1667 lockdep_assert_held(&clp->cl_lock); 1668 1669 list_del_init(&oo->oo_owner.so_strhash); 1670 list_del_init(&oo->oo_perclient); 1671 } 1672 release_last_closed_stateid(struct nfs4_openowner * oo)1673 static void release_last_closed_stateid(struct nfs4_openowner *oo) 1674 { 1675 struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net, 1676 nfsd_net_id); 1677 struct nfs4_ol_stateid *s; 1678 1679 spin_lock(&nn->client_lock); 1680 s = oo->oo_last_closed_stid; 1681 if (s) { 1682 list_del_init(&oo->oo_close_lru); 1683 oo->oo_last_closed_stid = NULL; 1684 } 1685 spin_unlock(&nn->client_lock); 1686 if (s) 1687 nfs4_put_stid(&s->st_stid); 1688 } 1689 release_openowner(struct nfs4_openowner * oo)1690 static void release_openowner(struct nfs4_openowner *oo) 1691 { 1692 struct nfs4_ol_stateid *stp; 1693 struct nfs4_client *clp = oo->oo_owner.so_client; 1694 LIST_HEAD(reaplist); 1695 1696 spin_lock(&clp->cl_lock); 1697 unhash_openowner_locked(oo); 1698 while (!list_empty(&oo->oo_owner.so_stateids)) { 1699 stp = list_first_entry(&oo->oo_owner.so_stateids, 1700 struct nfs4_ol_stateid, st_perstateowner); 1701 if (unhash_open_stateid(stp, &reaplist)) 1702 put_ol_stateid_locked(stp, &reaplist); 1703 } 1704 spin_unlock(&clp->cl_lock); 1705 free_ol_stateid_reaplist(&reaplist); 1706 release_last_closed_stateid(oo); 1707 nfs4_put_stateowner(&oo->oo_owner); 1708 } 1709 find_one_sb_stid(struct nfs4_client * clp,struct super_block * sb,unsigned int sc_types)1710 static struct nfs4_stid *find_one_sb_stid(struct nfs4_client *clp, 1711 struct super_block *sb, 1712 unsigned int sc_types) 1713 { 1714 unsigned long id, tmp; 1715 struct nfs4_stid *stid; 1716 1717 spin_lock(&clp->cl_lock); 1718 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id) 1719 if ((stid->sc_type & sc_types) && 1720 stid->sc_status == 0 && 1721 stid->sc_file->fi_inode->i_sb == sb) { 1722 refcount_inc(&stid->sc_count); 1723 break; 1724 } 1725 spin_unlock(&clp->cl_lock); 1726 return stid; 1727 } 1728 1729 /** 1730 * nfsd4_revoke_states - revoke all nfsv4 states associated with given filesystem 1731 * @net: used to identify instance of nfsd (there is one per net namespace) 1732 * @sb: super_block used to identify target filesystem 1733 * 1734 * All nfs4 states (open, lock, delegation, layout) held by the server instance 1735 * and associated with a file on the given filesystem will be revoked resulting 1736 * in any files being closed and so all references from nfsd to the filesystem 1737 * being released. Thus nfsd will no longer prevent the filesystem from being 1738 * unmounted. 1739 * 1740 * The clients which own the states will subsequently being notified that the 1741 * states have been "admin-revoked". 1742 */ nfsd4_revoke_states(struct net * net,struct super_block * sb)1743 void nfsd4_revoke_states(struct net *net, struct super_block *sb) 1744 { 1745 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 1746 unsigned int idhashval; 1747 unsigned int sc_types; 1748 1749 sc_types = SC_TYPE_OPEN | SC_TYPE_LOCK | SC_TYPE_DELEG | SC_TYPE_LAYOUT; 1750 1751 spin_lock(&nn->client_lock); 1752 for (idhashval = 0; idhashval < CLIENT_HASH_MASK; idhashval++) { 1753 struct list_head *head = &nn->conf_id_hashtbl[idhashval]; 1754 struct nfs4_client *clp; 1755 retry: 1756 list_for_each_entry(clp, head, cl_idhash) { 1757 struct nfs4_stid *stid = find_one_sb_stid(clp, sb, 1758 sc_types); 1759 if (stid) { 1760 struct nfs4_ol_stateid *stp; 1761 struct nfs4_delegation *dp; 1762 struct nfs4_layout_stateid *ls; 1763 1764 spin_unlock(&nn->client_lock); 1765 switch (stid->sc_type) { 1766 case SC_TYPE_OPEN: 1767 stp = openlockstateid(stid); 1768 mutex_lock_nested(&stp->st_mutex, 1769 OPEN_STATEID_MUTEX); 1770 1771 spin_lock(&clp->cl_lock); 1772 if (stid->sc_status == 0) { 1773 stid->sc_status |= 1774 SC_STATUS_ADMIN_REVOKED; 1775 atomic_inc(&clp->cl_admin_revoked); 1776 spin_unlock(&clp->cl_lock); 1777 release_all_access(stp); 1778 } else 1779 spin_unlock(&clp->cl_lock); 1780 mutex_unlock(&stp->st_mutex); 1781 break; 1782 case SC_TYPE_LOCK: 1783 stp = openlockstateid(stid); 1784 mutex_lock_nested(&stp->st_mutex, 1785 LOCK_STATEID_MUTEX); 1786 spin_lock(&clp->cl_lock); 1787 if (stid->sc_status == 0) { 1788 struct nfs4_lockowner *lo = 1789 lockowner(stp->st_stateowner); 1790 struct nfsd_file *nf; 1791 1792 stid->sc_status |= 1793 SC_STATUS_ADMIN_REVOKED; 1794 atomic_inc(&clp->cl_admin_revoked); 1795 spin_unlock(&clp->cl_lock); 1796 nf = find_any_file(stp->st_stid.sc_file); 1797 if (nf) { 1798 get_file(nf->nf_file); 1799 filp_close(nf->nf_file, 1800 (fl_owner_t)lo); 1801 nfsd_file_put(nf); 1802 } 1803 release_all_access(stp); 1804 } else 1805 spin_unlock(&clp->cl_lock); 1806 mutex_unlock(&stp->st_mutex); 1807 break; 1808 case SC_TYPE_DELEG: 1809 refcount_inc(&stid->sc_count); 1810 dp = delegstateid(stid); 1811 spin_lock(&state_lock); 1812 if (!unhash_delegation_locked( 1813 dp, SC_STATUS_ADMIN_REVOKED)) 1814 dp = NULL; 1815 spin_unlock(&state_lock); 1816 if (dp) 1817 revoke_delegation(dp); 1818 break; 1819 case SC_TYPE_LAYOUT: 1820 ls = layoutstateid(stid); 1821 nfsd4_close_layout(ls); 1822 break; 1823 } 1824 nfs4_put_stid(stid); 1825 spin_lock(&nn->client_lock); 1826 if (clp->cl_minorversion == 0) 1827 /* Allow cleanup after a lease period. 1828 * store_release ensures cleanup will 1829 * see any newly revoked states if it 1830 * sees the time updated. 1831 */ 1832 nn->nfs40_last_revoke = 1833 ktime_get_boottime_seconds(); 1834 goto retry; 1835 } 1836 } 1837 } 1838 spin_unlock(&nn->client_lock); 1839 } 1840 1841 static inline int hash_sessionid(struct nfs4_sessionid * sessionid)1842 hash_sessionid(struct nfs4_sessionid *sessionid) 1843 { 1844 struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid; 1845 1846 return sid->sequence % SESSION_HASH_SIZE; 1847 } 1848 1849 #ifdef CONFIG_SUNRPC_DEBUG 1850 static inline void dump_sessionid(const char * fn,struct nfs4_sessionid * sessionid)1851 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1852 { 1853 u32 *ptr = (u32 *)(&sessionid->data[0]); 1854 dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]); 1855 } 1856 #else 1857 static inline void dump_sessionid(const char * fn,struct nfs4_sessionid * sessionid)1858 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1859 { 1860 } 1861 #endif 1862 1863 /* 1864 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it 1865 * won't be used for replay. 1866 */ nfsd4_bump_seqid(struct nfsd4_compound_state * cstate,__be32 nfserr)1867 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr) 1868 { 1869 struct nfs4_stateowner *so = cstate->replay_owner; 1870 1871 if (nfserr == nfserr_replay_me) 1872 return; 1873 1874 if (!seqid_mutating_err(ntohl(nfserr))) { 1875 nfsd4_cstate_clear_replay(cstate); 1876 return; 1877 } 1878 if (!so) 1879 return; 1880 if (so->so_is_open_owner) 1881 release_last_closed_stateid(openowner(so)); 1882 so->so_seqid++; 1883 return; 1884 } 1885 1886 static void gen_sessionid(struct nfsd4_session * ses)1887 gen_sessionid(struct nfsd4_session *ses) 1888 { 1889 struct nfs4_client *clp = ses->se_client; 1890 struct nfsd4_sessionid *sid; 1891 1892 sid = (struct nfsd4_sessionid *)ses->se_sessionid.data; 1893 sid->clientid = clp->cl_clientid; 1894 sid->sequence = current_sessionid++; 1895 sid->reserved = 0; 1896 } 1897 1898 /* 1899 * The protocol defines ca_maxresponssize_cached to include the size of 1900 * the rpc header, but all we need to cache is the data starting after 1901 * the end of the initial SEQUENCE operation--the rest we regenerate 1902 * each time. Therefore we can advertise a ca_maxresponssize_cached 1903 * value that is the number of bytes in our cache plus a few additional 1904 * bytes. In order to stay on the safe side, and not promise more than 1905 * we can cache, those additional bytes must be the minimum possible: 24 1906 * bytes of rpc header (xid through accept state, with AUTH_NULL 1907 * verifier), 12 for the compound header (with zero-length tag), and 44 1908 * for the SEQUENCE op response: 1909 */ 1910 #define NFSD_MIN_HDR_SEQ_SZ (24 + 12 + 44) 1911 1912 static void free_session_slots(struct nfsd4_session * ses)1913 free_session_slots(struct nfsd4_session *ses) 1914 { 1915 int i; 1916 1917 for (i = 0; i < ses->se_fchannel.maxreqs; i++) { 1918 free_svc_cred(&ses->se_slots[i]->sl_cred); 1919 kfree(ses->se_slots[i]); 1920 } 1921 } 1922 1923 /* 1924 * We don't actually need to cache the rpc and session headers, so we 1925 * can allocate a little less for each slot: 1926 */ slot_bytes(struct nfsd4_channel_attrs * ca)1927 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca) 1928 { 1929 u32 size; 1930 1931 if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ) 1932 size = 0; 1933 else 1934 size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ; 1935 return size + sizeof(struct nfsd4_slot); 1936 } 1937 1938 /* 1939 * XXX: If we run out of reserved DRC memory we could (up to a point) 1940 * re-negotiate active sessions and reduce their slot usage to make 1941 * room for new connections. For now we just fail the create session. 1942 */ nfsd4_get_drc_mem(struct nfsd4_channel_attrs * ca,struct nfsd_net * nn)1943 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 1944 { 1945 u32 slotsize = slot_bytes(ca); 1946 u32 num = ca->maxreqs; 1947 unsigned long avail, total_avail; 1948 unsigned int scale_factor; 1949 1950 spin_lock(&nfsd_drc_lock); 1951 if (nfsd_drc_max_mem > nfsd_drc_mem_used) 1952 total_avail = nfsd_drc_max_mem - nfsd_drc_mem_used; 1953 else 1954 /* We have handed out more space than we chose in 1955 * set_max_drc() to allow. That isn't really a 1956 * problem as long as that doesn't make us think we 1957 * have lots more due to integer overflow. 1958 */ 1959 total_avail = 0; 1960 avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION, total_avail); 1961 /* 1962 * Never use more than a fraction of the remaining memory, 1963 * unless it's the only way to give this client a slot. 1964 * The chosen fraction is either 1/8 or 1/number of threads, 1965 * whichever is smaller. This ensures there are adequate 1966 * slots to support multiple clients per thread. 1967 * Give the client one slot even if that would require 1968 * over-allocation--it is better than failure. 1969 */ 1970 scale_factor = max_t(unsigned int, 8, nn->nfsd_serv->sv_nrthreads); 1971 1972 avail = clamp_t(unsigned long, avail, slotsize, 1973 total_avail/scale_factor); 1974 num = min_t(int, num, avail / slotsize); 1975 num = max_t(int, num, 1); 1976 nfsd_drc_mem_used += num * slotsize; 1977 spin_unlock(&nfsd_drc_lock); 1978 1979 return num; 1980 } 1981 nfsd4_put_drc_mem(struct nfsd4_channel_attrs * ca)1982 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca) 1983 { 1984 int slotsize = slot_bytes(ca); 1985 1986 spin_lock(&nfsd_drc_lock); 1987 nfsd_drc_mem_used -= slotsize * ca->maxreqs; 1988 spin_unlock(&nfsd_drc_lock); 1989 } 1990 alloc_session(struct nfsd4_channel_attrs * fattrs,struct nfsd4_channel_attrs * battrs)1991 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs, 1992 struct nfsd4_channel_attrs *battrs) 1993 { 1994 int numslots = fattrs->maxreqs; 1995 int slotsize = slot_bytes(fattrs); 1996 struct nfsd4_session *new; 1997 int i; 1998 1999 BUILD_BUG_ON(struct_size(new, se_slots, NFSD_MAX_SLOTS_PER_SESSION) 2000 > PAGE_SIZE); 2001 2002 new = kzalloc(struct_size(new, se_slots, numslots), GFP_KERNEL); 2003 if (!new) 2004 return NULL; 2005 /* allocate each struct nfsd4_slot and data cache in one piece */ 2006 for (i = 0; i < numslots; i++) { 2007 new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL); 2008 if (!new->se_slots[i]) 2009 goto out_free; 2010 } 2011 2012 memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs)); 2013 memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs)); 2014 2015 return new; 2016 out_free: 2017 while (i--) 2018 kfree(new->se_slots[i]); 2019 kfree(new); 2020 return NULL; 2021 } 2022 free_conn(struct nfsd4_conn * c)2023 static void free_conn(struct nfsd4_conn *c) 2024 { 2025 svc_xprt_put(c->cn_xprt); 2026 kfree(c); 2027 } 2028 nfsd4_conn_lost(struct svc_xpt_user * u)2029 static void nfsd4_conn_lost(struct svc_xpt_user *u) 2030 { 2031 struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user); 2032 struct nfs4_client *clp = c->cn_session->se_client; 2033 2034 trace_nfsd_cb_lost(clp); 2035 2036 spin_lock(&clp->cl_lock); 2037 if (!list_empty(&c->cn_persession)) { 2038 list_del(&c->cn_persession); 2039 free_conn(c); 2040 } 2041 nfsd4_probe_callback(clp); 2042 spin_unlock(&clp->cl_lock); 2043 } 2044 alloc_conn(struct svc_rqst * rqstp,u32 flags)2045 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags) 2046 { 2047 struct nfsd4_conn *conn; 2048 2049 conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL); 2050 if (!conn) 2051 return NULL; 2052 svc_xprt_get(rqstp->rq_xprt); 2053 conn->cn_xprt = rqstp->rq_xprt; 2054 conn->cn_flags = flags; 2055 INIT_LIST_HEAD(&conn->cn_xpt_user.list); 2056 return conn; 2057 } 2058 __nfsd4_hash_conn(struct nfsd4_conn * conn,struct nfsd4_session * ses)2059 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2060 { 2061 conn->cn_session = ses; 2062 list_add(&conn->cn_persession, &ses->se_conns); 2063 } 2064 nfsd4_hash_conn(struct nfsd4_conn * conn,struct nfsd4_session * ses)2065 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2066 { 2067 struct nfs4_client *clp = ses->se_client; 2068 2069 spin_lock(&clp->cl_lock); 2070 __nfsd4_hash_conn(conn, ses); 2071 spin_unlock(&clp->cl_lock); 2072 } 2073 nfsd4_register_conn(struct nfsd4_conn * conn)2074 static int nfsd4_register_conn(struct nfsd4_conn *conn) 2075 { 2076 conn->cn_xpt_user.callback = nfsd4_conn_lost; 2077 return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user); 2078 } 2079 nfsd4_init_conn(struct svc_rqst * rqstp,struct nfsd4_conn * conn,struct nfsd4_session * ses)2080 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses) 2081 { 2082 int ret; 2083 2084 nfsd4_hash_conn(conn, ses); 2085 ret = nfsd4_register_conn(conn); 2086 if (ret) 2087 /* oops; xprt is already down: */ 2088 nfsd4_conn_lost(&conn->cn_xpt_user); 2089 /* We may have gained or lost a callback channel: */ 2090 nfsd4_probe_callback_sync(ses->se_client); 2091 } 2092 alloc_conn_from_crses(struct svc_rqst * rqstp,struct nfsd4_create_session * cses)2093 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses) 2094 { 2095 u32 dir = NFS4_CDFC4_FORE; 2096 2097 if (cses->flags & SESSION4_BACK_CHAN) 2098 dir |= NFS4_CDFC4_BACK; 2099 return alloc_conn(rqstp, dir); 2100 } 2101 2102 /* must be called under client_lock */ nfsd4_del_conns(struct nfsd4_session * s)2103 static void nfsd4_del_conns(struct nfsd4_session *s) 2104 { 2105 struct nfs4_client *clp = s->se_client; 2106 struct nfsd4_conn *c; 2107 2108 spin_lock(&clp->cl_lock); 2109 while (!list_empty(&s->se_conns)) { 2110 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession); 2111 list_del_init(&c->cn_persession); 2112 spin_unlock(&clp->cl_lock); 2113 2114 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user); 2115 free_conn(c); 2116 2117 spin_lock(&clp->cl_lock); 2118 } 2119 spin_unlock(&clp->cl_lock); 2120 } 2121 __free_session(struct nfsd4_session * ses)2122 static void __free_session(struct nfsd4_session *ses) 2123 { 2124 free_session_slots(ses); 2125 kfree(ses); 2126 } 2127 free_session(struct nfsd4_session * ses)2128 static void free_session(struct nfsd4_session *ses) 2129 { 2130 nfsd4_del_conns(ses); 2131 nfsd4_put_drc_mem(&ses->se_fchannel); 2132 __free_session(ses); 2133 } 2134 init_session(struct svc_rqst * rqstp,struct nfsd4_session * new,struct nfs4_client * clp,struct nfsd4_create_session * cses)2135 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses) 2136 { 2137 int idx; 2138 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2139 2140 new->se_client = clp; 2141 gen_sessionid(new); 2142 2143 INIT_LIST_HEAD(&new->se_conns); 2144 2145 new->se_cb_seq_nr = 1; 2146 new->se_flags = cses->flags; 2147 new->se_cb_prog = cses->callback_prog; 2148 new->se_cb_sec = cses->cb_sec; 2149 atomic_set(&new->se_ref, 0); 2150 idx = hash_sessionid(&new->se_sessionid); 2151 list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]); 2152 spin_lock(&clp->cl_lock); 2153 list_add(&new->se_perclnt, &clp->cl_sessions); 2154 spin_unlock(&clp->cl_lock); 2155 2156 { 2157 struct sockaddr *sa = svc_addr(rqstp); 2158 /* 2159 * This is a little silly; with sessions there's no real 2160 * use for the callback address. Use the peer address 2161 * as a reasonable default for now, but consider fixing 2162 * the rpc client not to require an address in the 2163 * future: 2164 */ 2165 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa); 2166 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa); 2167 } 2168 } 2169 2170 /* caller must hold client_lock */ 2171 static struct nfsd4_session * __find_in_sessionid_hashtbl(struct nfs4_sessionid * sessionid,struct net * net)2172 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net) 2173 { 2174 struct nfsd4_session *elem; 2175 int idx; 2176 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 2177 2178 lockdep_assert_held(&nn->client_lock); 2179 2180 dump_sessionid(__func__, sessionid); 2181 idx = hash_sessionid(sessionid); 2182 /* Search in the appropriate list */ 2183 list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) { 2184 if (!memcmp(elem->se_sessionid.data, sessionid->data, 2185 NFS4_MAX_SESSIONID_LEN)) { 2186 return elem; 2187 } 2188 } 2189 2190 dprintk("%s: session not found\n", __func__); 2191 return NULL; 2192 } 2193 2194 static struct nfsd4_session * find_in_sessionid_hashtbl(struct nfs4_sessionid * sessionid,struct net * net,__be32 * ret)2195 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net, 2196 __be32 *ret) 2197 { 2198 struct nfsd4_session *session; 2199 __be32 status = nfserr_badsession; 2200 2201 session = __find_in_sessionid_hashtbl(sessionid, net); 2202 if (!session) 2203 goto out; 2204 status = nfsd4_get_session_locked(session); 2205 if (status) 2206 session = NULL; 2207 out: 2208 *ret = status; 2209 return session; 2210 } 2211 2212 /* caller must hold client_lock */ 2213 static void unhash_session(struct nfsd4_session * ses)2214 unhash_session(struct nfsd4_session *ses) 2215 { 2216 struct nfs4_client *clp = ses->se_client; 2217 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2218 2219 lockdep_assert_held(&nn->client_lock); 2220 2221 list_del(&ses->se_hash); 2222 spin_lock(&ses->se_client->cl_lock); 2223 list_del(&ses->se_perclnt); 2224 spin_unlock(&ses->se_client->cl_lock); 2225 } 2226 2227 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */ 2228 static int STALE_CLIENTID(clientid_t * clid,struct nfsd_net * nn)2229 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn) 2230 { 2231 /* 2232 * We're assuming the clid was not given out from a boot 2233 * precisely 2^32 (about 136 years) before this one. That seems 2234 * a safe assumption: 2235 */ 2236 if (clid->cl_boot == (u32)nn->boot_time) 2237 return 0; 2238 trace_nfsd_clid_stale(clid); 2239 return 1; 2240 } 2241 2242 /* 2243 * XXX Should we use a slab cache ? 2244 * This type of memory management is somewhat inefficient, but we use it 2245 * anyway since SETCLIENTID is not a common operation. 2246 */ alloc_client(struct xdr_netobj name,struct nfsd_net * nn)2247 static struct nfs4_client *alloc_client(struct xdr_netobj name, 2248 struct nfsd_net *nn) 2249 { 2250 struct nfs4_client *clp; 2251 int i; 2252 2253 if (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) { 2254 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 2255 return NULL; 2256 } 2257 clp = kmem_cache_zalloc(client_slab, GFP_KERNEL); 2258 if (clp == NULL) 2259 return NULL; 2260 xdr_netobj_dup(&clp->cl_name, &name, GFP_KERNEL); 2261 if (clp->cl_name.data == NULL) 2262 goto err_no_name; 2263 clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE, 2264 sizeof(struct list_head), 2265 GFP_KERNEL); 2266 if (!clp->cl_ownerstr_hashtbl) 2267 goto err_no_hashtbl; 2268 clp->cl_callback_wq = alloc_ordered_workqueue("nfsd4_callbacks", 0); 2269 if (!clp->cl_callback_wq) 2270 goto err_no_callback_wq; 2271 2272 for (i = 0; i < OWNER_HASH_SIZE; i++) 2273 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]); 2274 INIT_LIST_HEAD(&clp->cl_sessions); 2275 idr_init(&clp->cl_stateids); 2276 atomic_set(&clp->cl_rpc_users, 0); 2277 clp->cl_cb_state = NFSD4_CB_UNKNOWN; 2278 clp->cl_state = NFSD4_ACTIVE; 2279 atomic_inc(&nn->nfs4_client_count); 2280 atomic_set(&clp->cl_delegs_in_recall, 0); 2281 INIT_LIST_HEAD(&clp->cl_idhash); 2282 INIT_LIST_HEAD(&clp->cl_openowners); 2283 INIT_LIST_HEAD(&clp->cl_delegations); 2284 INIT_LIST_HEAD(&clp->cl_lru); 2285 INIT_LIST_HEAD(&clp->cl_revoked); 2286 #ifdef CONFIG_NFSD_PNFS 2287 INIT_LIST_HEAD(&clp->cl_lo_states); 2288 #endif 2289 INIT_LIST_HEAD(&clp->async_copies); 2290 spin_lock_init(&clp->async_lock); 2291 spin_lock_init(&clp->cl_lock); 2292 rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table"); 2293 return clp; 2294 err_no_callback_wq: 2295 kfree(clp->cl_ownerstr_hashtbl); 2296 err_no_hashtbl: 2297 kfree(clp->cl_name.data); 2298 err_no_name: 2299 kmem_cache_free(client_slab, clp); 2300 return NULL; 2301 } 2302 __free_client(struct kref * k)2303 static void __free_client(struct kref *k) 2304 { 2305 struct nfsdfs_client *c = container_of(k, struct nfsdfs_client, cl_ref); 2306 struct nfs4_client *clp = container_of(c, struct nfs4_client, cl_nfsdfs); 2307 2308 free_svc_cred(&clp->cl_cred); 2309 destroy_workqueue(clp->cl_callback_wq); 2310 kfree(clp->cl_ownerstr_hashtbl); 2311 kfree(clp->cl_name.data); 2312 kfree(clp->cl_nii_domain.data); 2313 kfree(clp->cl_nii_name.data); 2314 idr_destroy(&clp->cl_stateids); 2315 kfree(clp->cl_ra); 2316 kmem_cache_free(client_slab, clp); 2317 } 2318 drop_client(struct nfs4_client * clp)2319 static void drop_client(struct nfs4_client *clp) 2320 { 2321 kref_put(&clp->cl_nfsdfs.cl_ref, __free_client); 2322 } 2323 2324 static void free_client(struct nfs4_client * clp)2325 free_client(struct nfs4_client *clp) 2326 { 2327 while (!list_empty(&clp->cl_sessions)) { 2328 struct nfsd4_session *ses; 2329 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session, 2330 se_perclnt); 2331 list_del(&ses->se_perclnt); 2332 WARN_ON_ONCE(atomic_read(&ses->se_ref)); 2333 free_session(ses); 2334 } 2335 rpc_destroy_wait_queue(&clp->cl_cb_waitq); 2336 if (clp->cl_nfsd_dentry) { 2337 nfsd_client_rmdir(clp->cl_nfsd_dentry); 2338 clp->cl_nfsd_dentry = NULL; 2339 wake_up_all(&expiry_wq); 2340 } 2341 drop_client(clp); 2342 } 2343 2344 /* must be called under the client_lock */ 2345 static void unhash_client_locked(struct nfs4_client * clp)2346 unhash_client_locked(struct nfs4_client *clp) 2347 { 2348 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2349 struct nfsd4_session *ses; 2350 2351 lockdep_assert_held(&nn->client_lock); 2352 2353 /* Mark the client as expired! */ 2354 clp->cl_time = 0; 2355 /* Make it invisible */ 2356 if (!list_empty(&clp->cl_idhash)) { 2357 list_del_init(&clp->cl_idhash); 2358 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2359 rb_erase(&clp->cl_namenode, &nn->conf_name_tree); 2360 else 2361 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 2362 } 2363 list_del_init(&clp->cl_lru); 2364 spin_lock(&clp->cl_lock); 2365 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) 2366 list_del_init(&ses->se_hash); 2367 spin_unlock(&clp->cl_lock); 2368 } 2369 2370 static void unhash_client(struct nfs4_client * clp)2371 unhash_client(struct nfs4_client *clp) 2372 { 2373 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2374 2375 spin_lock(&nn->client_lock); 2376 unhash_client_locked(clp); 2377 spin_unlock(&nn->client_lock); 2378 } 2379 mark_client_expired_locked(struct nfs4_client * clp)2380 static __be32 mark_client_expired_locked(struct nfs4_client *clp) 2381 { 2382 int users = atomic_read(&clp->cl_rpc_users); 2383 2384 trace_nfsd_mark_client_expired(clp, users); 2385 2386 if (users) 2387 return nfserr_jukebox; 2388 unhash_client_locked(clp); 2389 return nfs_ok; 2390 } 2391 2392 static void __destroy_client(struct nfs4_client * clp)2393 __destroy_client(struct nfs4_client *clp) 2394 { 2395 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2396 int i; 2397 struct nfs4_openowner *oo; 2398 struct nfs4_delegation *dp; 2399 LIST_HEAD(reaplist); 2400 2401 spin_lock(&state_lock); 2402 while (!list_empty(&clp->cl_delegations)) { 2403 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt); 2404 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 2405 list_add(&dp->dl_recall_lru, &reaplist); 2406 } 2407 spin_unlock(&state_lock); 2408 while (!list_empty(&reaplist)) { 2409 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru); 2410 list_del_init(&dp->dl_recall_lru); 2411 destroy_unhashed_deleg(dp); 2412 } 2413 while (!list_empty(&clp->cl_revoked)) { 2414 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru); 2415 list_del_init(&dp->dl_recall_lru); 2416 nfs4_put_stid(&dp->dl_stid); 2417 } 2418 while (!list_empty(&clp->cl_openowners)) { 2419 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient); 2420 nfs4_get_stateowner(&oo->oo_owner); 2421 release_openowner(oo); 2422 } 2423 for (i = 0; i < OWNER_HASH_SIZE; i++) { 2424 struct nfs4_stateowner *so, *tmp; 2425 2426 list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i], 2427 so_strhash) { 2428 /* Should be no openowners at this point */ 2429 WARN_ON_ONCE(so->so_is_open_owner); 2430 remove_blocked_locks(lockowner(so)); 2431 } 2432 } 2433 nfsd4_return_all_client_layouts(clp); 2434 nfsd4_shutdown_copy(clp); 2435 nfsd4_shutdown_callback(clp); 2436 if (clp->cl_cb_conn.cb_xprt) 2437 svc_xprt_put(clp->cl_cb_conn.cb_xprt); 2438 atomic_add_unless(&nn->nfs4_client_count, -1, 0); 2439 nfsd4_dec_courtesy_client_count(nn, clp); 2440 free_client(clp); 2441 wake_up_all(&expiry_wq); 2442 } 2443 2444 static void destroy_client(struct nfs4_client * clp)2445 destroy_client(struct nfs4_client *clp) 2446 { 2447 unhash_client(clp); 2448 __destroy_client(clp); 2449 } 2450 inc_reclaim_complete(struct nfs4_client * clp)2451 static void inc_reclaim_complete(struct nfs4_client *clp) 2452 { 2453 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2454 2455 if (!nn->track_reclaim_completes) 2456 return; 2457 if (!nfsd4_find_reclaim_client(clp->cl_name, nn)) 2458 return; 2459 if (atomic_inc_return(&nn->nr_reclaim_complete) == 2460 nn->reclaim_str_hashtbl_size) { 2461 printk(KERN_INFO "NFSD: all clients done reclaiming, ending NFSv4 grace period (net %x)\n", 2462 clp->net->ns.inum); 2463 nfsd4_end_grace(nn); 2464 } 2465 } 2466 expire_client(struct nfs4_client * clp)2467 static void expire_client(struct nfs4_client *clp) 2468 { 2469 unhash_client(clp); 2470 nfsd4_client_record_remove(clp); 2471 __destroy_client(clp); 2472 } 2473 copy_verf(struct nfs4_client * target,nfs4_verifier * source)2474 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source) 2475 { 2476 memcpy(target->cl_verifier.data, source->data, 2477 sizeof(target->cl_verifier.data)); 2478 } 2479 copy_clid(struct nfs4_client * target,struct nfs4_client * source)2480 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source) 2481 { 2482 target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 2483 target->cl_clientid.cl_id = source->cl_clientid.cl_id; 2484 } 2485 copy_cred(struct svc_cred * target,struct svc_cred * source)2486 static int copy_cred(struct svc_cred *target, struct svc_cred *source) 2487 { 2488 target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL); 2489 target->cr_raw_principal = kstrdup(source->cr_raw_principal, 2490 GFP_KERNEL); 2491 target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL); 2492 if ((source->cr_principal && !target->cr_principal) || 2493 (source->cr_raw_principal && !target->cr_raw_principal) || 2494 (source->cr_targ_princ && !target->cr_targ_princ)) 2495 return -ENOMEM; 2496 2497 target->cr_flavor = source->cr_flavor; 2498 target->cr_uid = source->cr_uid; 2499 target->cr_gid = source->cr_gid; 2500 target->cr_group_info = source->cr_group_info; 2501 get_group_info(target->cr_group_info); 2502 target->cr_gss_mech = source->cr_gss_mech; 2503 if (source->cr_gss_mech) 2504 gss_mech_get(source->cr_gss_mech); 2505 return 0; 2506 } 2507 2508 static int compare_blob(const struct xdr_netobj * o1,const struct xdr_netobj * o2)2509 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2) 2510 { 2511 if (o1->len < o2->len) 2512 return -1; 2513 if (o1->len > o2->len) 2514 return 1; 2515 return memcmp(o1->data, o2->data, o1->len); 2516 } 2517 2518 static int same_verf(nfs4_verifier * v1,nfs4_verifier * v2)2519 same_verf(nfs4_verifier *v1, nfs4_verifier *v2) 2520 { 2521 return 0 == memcmp(v1->data, v2->data, sizeof(v1->data)); 2522 } 2523 2524 static int same_clid(clientid_t * cl1,clientid_t * cl2)2525 same_clid(clientid_t *cl1, clientid_t *cl2) 2526 { 2527 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); 2528 } 2529 groups_equal(struct group_info * g1,struct group_info * g2)2530 static bool groups_equal(struct group_info *g1, struct group_info *g2) 2531 { 2532 int i; 2533 2534 if (g1->ngroups != g2->ngroups) 2535 return false; 2536 for (i=0; i<g1->ngroups; i++) 2537 if (!gid_eq(g1->gid[i], g2->gid[i])) 2538 return false; 2539 return true; 2540 } 2541 2542 /* 2543 * RFC 3530 language requires clid_inuse be returned when the 2544 * "principal" associated with a requests differs from that previously 2545 * used. We use uid, gid's, and gss principal string as our best 2546 * approximation. We also don't want to allow non-gss use of a client 2547 * established using gss: in theory cr_principal should catch that 2548 * change, but in practice cr_principal can be null even in the gss case 2549 * since gssd doesn't always pass down a principal string. 2550 */ is_gss_cred(struct svc_cred * cr)2551 static bool is_gss_cred(struct svc_cred *cr) 2552 { 2553 /* Is cr_flavor one of the gss "pseudoflavors"?: */ 2554 return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR); 2555 } 2556 2557 2558 static bool same_creds(struct svc_cred * cr1,struct svc_cred * cr2)2559 same_creds(struct svc_cred *cr1, struct svc_cred *cr2) 2560 { 2561 if ((is_gss_cred(cr1) != is_gss_cred(cr2)) 2562 || (!uid_eq(cr1->cr_uid, cr2->cr_uid)) 2563 || (!gid_eq(cr1->cr_gid, cr2->cr_gid)) 2564 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) 2565 return false; 2566 /* XXX: check that cr_targ_princ fields match ? */ 2567 if (cr1->cr_principal == cr2->cr_principal) 2568 return true; 2569 if (!cr1->cr_principal || !cr2->cr_principal) 2570 return false; 2571 return 0 == strcmp(cr1->cr_principal, cr2->cr_principal); 2572 } 2573 svc_rqst_integrity_protected(struct svc_rqst * rqstp)2574 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp) 2575 { 2576 struct svc_cred *cr = &rqstp->rq_cred; 2577 u32 service; 2578 2579 if (!cr->cr_gss_mech) 2580 return false; 2581 service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor); 2582 return service == RPC_GSS_SVC_INTEGRITY || 2583 service == RPC_GSS_SVC_PRIVACY; 2584 } 2585 nfsd4_mach_creds_match(struct nfs4_client * cl,struct svc_rqst * rqstp)2586 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp) 2587 { 2588 struct svc_cred *cr = &rqstp->rq_cred; 2589 2590 if (!cl->cl_mach_cred) 2591 return true; 2592 if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech) 2593 return false; 2594 if (!svc_rqst_integrity_protected(rqstp)) 2595 return false; 2596 if (cl->cl_cred.cr_raw_principal) 2597 return 0 == strcmp(cl->cl_cred.cr_raw_principal, 2598 cr->cr_raw_principal); 2599 if (!cr->cr_principal) 2600 return false; 2601 return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal); 2602 } 2603 gen_confirm(struct nfs4_client * clp,struct nfsd_net * nn)2604 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn) 2605 { 2606 __be32 verf[2]; 2607 2608 /* 2609 * This is opaque to client, so no need to byte-swap. Use 2610 * __force to keep sparse happy 2611 */ 2612 verf[0] = (__force __be32)(u32)ktime_get_real_seconds(); 2613 verf[1] = (__force __be32)nn->clverifier_counter++; 2614 memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data)); 2615 } 2616 gen_clid(struct nfs4_client * clp,struct nfsd_net * nn)2617 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn) 2618 { 2619 clp->cl_clientid.cl_boot = (u32)nn->boot_time; 2620 clp->cl_clientid.cl_id = nn->clientid_counter++; 2621 gen_confirm(clp, nn); 2622 } 2623 2624 static struct nfs4_stid * find_stateid_locked(struct nfs4_client * cl,stateid_t * t)2625 find_stateid_locked(struct nfs4_client *cl, stateid_t *t) 2626 { 2627 struct nfs4_stid *ret; 2628 2629 ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id); 2630 if (!ret || !ret->sc_type) 2631 return NULL; 2632 return ret; 2633 } 2634 2635 static struct nfs4_stid * find_stateid_by_type(struct nfs4_client * cl,stateid_t * t,unsigned short typemask,unsigned short ok_states)2636 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, 2637 unsigned short typemask, unsigned short ok_states) 2638 { 2639 struct nfs4_stid *s; 2640 2641 spin_lock(&cl->cl_lock); 2642 s = find_stateid_locked(cl, t); 2643 if (s != NULL) { 2644 if ((s->sc_status & ~ok_states) == 0 && 2645 (typemask & s->sc_type)) 2646 refcount_inc(&s->sc_count); 2647 else 2648 s = NULL; 2649 } 2650 spin_unlock(&cl->cl_lock); 2651 return s; 2652 } 2653 get_nfsdfs_clp(struct inode * inode)2654 static struct nfs4_client *get_nfsdfs_clp(struct inode *inode) 2655 { 2656 struct nfsdfs_client *nc; 2657 nc = get_nfsdfs_client(inode); 2658 if (!nc) 2659 return NULL; 2660 return container_of(nc, struct nfs4_client, cl_nfsdfs); 2661 } 2662 seq_quote_mem(struct seq_file * m,char * data,int len)2663 static void seq_quote_mem(struct seq_file *m, char *data, int len) 2664 { 2665 seq_puts(m, "\""); 2666 seq_escape_mem(m, data, len, ESCAPE_HEX | ESCAPE_NAP | ESCAPE_APPEND, "\"\\"); 2667 seq_puts(m, "\""); 2668 } 2669 cb_state2str(int state)2670 static const char *cb_state2str(int state) 2671 { 2672 switch (state) { 2673 case NFSD4_CB_UP: 2674 return "UP"; 2675 case NFSD4_CB_UNKNOWN: 2676 return "UNKNOWN"; 2677 case NFSD4_CB_DOWN: 2678 return "DOWN"; 2679 case NFSD4_CB_FAULT: 2680 return "FAULT"; 2681 } 2682 return "UNDEFINED"; 2683 } 2684 client_info_show(struct seq_file * m,void * v)2685 static int client_info_show(struct seq_file *m, void *v) 2686 { 2687 struct inode *inode = file_inode(m->file); 2688 struct nfs4_client *clp; 2689 u64 clid; 2690 2691 clp = get_nfsdfs_clp(inode); 2692 if (!clp) 2693 return -ENXIO; 2694 memcpy(&clid, &clp->cl_clientid, sizeof(clid)); 2695 seq_printf(m, "clientid: 0x%llx\n", clid); 2696 seq_printf(m, "address: \"%pISpc\"\n", (struct sockaddr *)&clp->cl_addr); 2697 2698 if (clp->cl_state == NFSD4_COURTESY) 2699 seq_puts(m, "status: courtesy\n"); 2700 else if (clp->cl_state == NFSD4_EXPIRABLE) 2701 seq_puts(m, "status: expirable\n"); 2702 else if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2703 seq_puts(m, "status: confirmed\n"); 2704 else 2705 seq_puts(m, "status: unconfirmed\n"); 2706 seq_printf(m, "seconds from last renew: %lld\n", 2707 ktime_get_boottime_seconds() - clp->cl_time); 2708 seq_puts(m, "name: "); 2709 seq_quote_mem(m, clp->cl_name.data, clp->cl_name.len); 2710 seq_printf(m, "\nminor version: %d\n", clp->cl_minorversion); 2711 if (clp->cl_nii_domain.data) { 2712 seq_puts(m, "Implementation domain: "); 2713 seq_quote_mem(m, clp->cl_nii_domain.data, 2714 clp->cl_nii_domain.len); 2715 seq_puts(m, "\nImplementation name: "); 2716 seq_quote_mem(m, clp->cl_nii_name.data, clp->cl_nii_name.len); 2717 seq_printf(m, "\nImplementation time: [%lld, %ld]\n", 2718 clp->cl_nii_time.tv_sec, clp->cl_nii_time.tv_nsec); 2719 } 2720 seq_printf(m, "callback state: %s\n", cb_state2str(clp->cl_cb_state)); 2721 seq_printf(m, "callback address: \"%pISpc\"\n", &clp->cl_cb_conn.cb_addr); 2722 seq_printf(m, "admin-revoked states: %d\n", 2723 atomic_read(&clp->cl_admin_revoked)); 2724 drop_client(clp); 2725 2726 return 0; 2727 } 2728 2729 DEFINE_SHOW_ATTRIBUTE(client_info); 2730 states_start(struct seq_file * s,loff_t * pos)2731 static void *states_start(struct seq_file *s, loff_t *pos) 2732 __acquires(&clp->cl_lock) 2733 { 2734 struct nfs4_client *clp = s->private; 2735 unsigned long id = *pos; 2736 void *ret; 2737 2738 spin_lock(&clp->cl_lock); 2739 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2740 *pos = id; 2741 return ret; 2742 } 2743 states_next(struct seq_file * s,void * v,loff_t * pos)2744 static void *states_next(struct seq_file *s, void *v, loff_t *pos) 2745 { 2746 struct nfs4_client *clp = s->private; 2747 unsigned long id = *pos; 2748 void *ret; 2749 2750 id = *pos; 2751 id++; 2752 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2753 *pos = id; 2754 return ret; 2755 } 2756 states_stop(struct seq_file * s,void * v)2757 static void states_stop(struct seq_file *s, void *v) 2758 __releases(&clp->cl_lock) 2759 { 2760 struct nfs4_client *clp = s->private; 2761 2762 spin_unlock(&clp->cl_lock); 2763 } 2764 nfs4_show_fname(struct seq_file * s,struct nfsd_file * f)2765 static void nfs4_show_fname(struct seq_file *s, struct nfsd_file *f) 2766 { 2767 seq_printf(s, "filename: \"%pD2\"", f->nf_file); 2768 } 2769 nfs4_show_superblock(struct seq_file * s,struct nfsd_file * f)2770 static void nfs4_show_superblock(struct seq_file *s, struct nfsd_file *f) 2771 { 2772 struct inode *inode = file_inode(f->nf_file); 2773 2774 seq_printf(s, "superblock: \"%02x:%02x:%ld\"", 2775 MAJOR(inode->i_sb->s_dev), 2776 MINOR(inode->i_sb->s_dev), 2777 inode->i_ino); 2778 } 2779 nfs4_show_owner(struct seq_file * s,struct nfs4_stateowner * oo)2780 static void nfs4_show_owner(struct seq_file *s, struct nfs4_stateowner *oo) 2781 { 2782 seq_puts(s, "owner: "); 2783 seq_quote_mem(s, oo->so_owner.data, oo->so_owner.len); 2784 } 2785 nfs4_show_stateid(struct seq_file * s,stateid_t * stid)2786 static void nfs4_show_stateid(struct seq_file *s, stateid_t *stid) 2787 { 2788 seq_printf(s, "0x%.8x", stid->si_generation); 2789 seq_printf(s, "%12phN", &stid->si_opaque); 2790 } 2791 nfs4_show_open(struct seq_file * s,struct nfs4_stid * st)2792 static int nfs4_show_open(struct seq_file *s, struct nfs4_stid *st) 2793 { 2794 struct nfs4_ol_stateid *ols; 2795 struct nfs4_file *nf; 2796 struct nfsd_file *file; 2797 struct nfs4_stateowner *oo; 2798 unsigned int access, deny; 2799 2800 ols = openlockstateid(st); 2801 oo = ols->st_stateowner; 2802 nf = st->sc_file; 2803 2804 seq_puts(s, "- "); 2805 nfs4_show_stateid(s, &st->sc_stateid); 2806 seq_puts(s, ": { type: open, "); 2807 2808 access = bmap_to_share_mode(ols->st_access_bmap); 2809 deny = bmap_to_share_mode(ols->st_deny_bmap); 2810 2811 seq_printf(s, "access: %s%s, ", 2812 access & NFS4_SHARE_ACCESS_READ ? "r" : "-", 2813 access & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 2814 seq_printf(s, "deny: %s%s, ", 2815 deny & NFS4_SHARE_ACCESS_READ ? "r" : "-", 2816 deny & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 2817 2818 if (nf) { 2819 spin_lock(&nf->fi_lock); 2820 file = find_any_file_locked(nf); 2821 if (file) { 2822 nfs4_show_superblock(s, file); 2823 seq_puts(s, ", "); 2824 nfs4_show_fname(s, file); 2825 seq_puts(s, ", "); 2826 } 2827 spin_unlock(&nf->fi_lock); 2828 } else 2829 seq_puts(s, "closed, "); 2830 nfs4_show_owner(s, oo); 2831 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2832 seq_puts(s, ", admin-revoked"); 2833 seq_puts(s, " }\n"); 2834 return 0; 2835 } 2836 nfs4_show_lock(struct seq_file * s,struct nfs4_stid * st)2837 static int nfs4_show_lock(struct seq_file *s, struct nfs4_stid *st) 2838 { 2839 struct nfs4_ol_stateid *ols; 2840 struct nfs4_file *nf; 2841 struct nfsd_file *file; 2842 struct nfs4_stateowner *oo; 2843 2844 ols = openlockstateid(st); 2845 oo = ols->st_stateowner; 2846 nf = st->sc_file; 2847 2848 seq_puts(s, "- "); 2849 nfs4_show_stateid(s, &st->sc_stateid); 2850 seq_puts(s, ": { type: lock, "); 2851 2852 spin_lock(&nf->fi_lock); 2853 file = find_any_file_locked(nf); 2854 if (file) { 2855 /* 2856 * Note: a lock stateid isn't really the same thing as a lock, 2857 * it's the locking state held by one owner on a file, and there 2858 * may be multiple (or no) lock ranges associated with it. 2859 * (Same for the matter is true of open stateids.) 2860 */ 2861 2862 nfs4_show_superblock(s, file); 2863 /* XXX: open stateid? */ 2864 seq_puts(s, ", "); 2865 nfs4_show_fname(s, file); 2866 seq_puts(s, ", "); 2867 } 2868 nfs4_show_owner(s, oo); 2869 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2870 seq_puts(s, ", admin-revoked"); 2871 seq_puts(s, " }\n"); 2872 spin_unlock(&nf->fi_lock); 2873 return 0; 2874 } 2875 nfs4_show_deleg(struct seq_file * s,struct nfs4_stid * st)2876 static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st) 2877 { 2878 struct nfs4_delegation *ds; 2879 struct nfs4_file *nf; 2880 struct nfsd_file *file; 2881 2882 ds = delegstateid(st); 2883 nf = st->sc_file; 2884 2885 seq_puts(s, "- "); 2886 nfs4_show_stateid(s, &st->sc_stateid); 2887 seq_puts(s, ": { type: deleg, "); 2888 2889 seq_printf(s, "access: %s", 2890 ds->dl_type == NFS4_OPEN_DELEGATE_READ ? "r" : "w"); 2891 2892 /* XXX: lease time, whether it's being recalled. */ 2893 2894 spin_lock(&nf->fi_lock); 2895 file = nf->fi_deleg_file; 2896 if (file) { 2897 seq_puts(s, ", "); 2898 nfs4_show_superblock(s, file); 2899 seq_puts(s, ", "); 2900 nfs4_show_fname(s, file); 2901 } 2902 spin_unlock(&nf->fi_lock); 2903 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2904 seq_puts(s, ", admin-revoked"); 2905 seq_puts(s, " }\n"); 2906 return 0; 2907 } 2908 nfs4_show_layout(struct seq_file * s,struct nfs4_stid * st)2909 static int nfs4_show_layout(struct seq_file *s, struct nfs4_stid *st) 2910 { 2911 struct nfs4_layout_stateid *ls; 2912 struct nfsd_file *file; 2913 2914 ls = container_of(st, struct nfs4_layout_stateid, ls_stid); 2915 2916 seq_puts(s, "- "); 2917 nfs4_show_stateid(s, &st->sc_stateid); 2918 seq_puts(s, ": { type: layout"); 2919 2920 /* XXX: What else would be useful? */ 2921 2922 spin_lock(&ls->ls_stid.sc_file->fi_lock); 2923 file = ls->ls_file; 2924 if (file) { 2925 seq_puts(s, ", "); 2926 nfs4_show_superblock(s, file); 2927 seq_puts(s, ", "); 2928 nfs4_show_fname(s, file); 2929 } 2930 spin_unlock(&ls->ls_stid.sc_file->fi_lock); 2931 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 2932 seq_puts(s, ", admin-revoked"); 2933 seq_puts(s, " }\n"); 2934 2935 return 0; 2936 } 2937 states_show(struct seq_file * s,void * v)2938 static int states_show(struct seq_file *s, void *v) 2939 { 2940 struct nfs4_stid *st = v; 2941 2942 switch (st->sc_type) { 2943 case SC_TYPE_OPEN: 2944 return nfs4_show_open(s, st); 2945 case SC_TYPE_LOCK: 2946 return nfs4_show_lock(s, st); 2947 case SC_TYPE_DELEG: 2948 return nfs4_show_deleg(s, st); 2949 case SC_TYPE_LAYOUT: 2950 return nfs4_show_layout(s, st); 2951 default: 2952 return 0; /* XXX: or SEQ_SKIP? */ 2953 } 2954 /* XXX: copy stateids? */ 2955 } 2956 2957 static struct seq_operations states_seq_ops = { 2958 .start = states_start, 2959 .next = states_next, 2960 .stop = states_stop, 2961 .show = states_show 2962 }; 2963 client_states_open(struct inode * inode,struct file * file)2964 static int client_states_open(struct inode *inode, struct file *file) 2965 { 2966 struct seq_file *s; 2967 struct nfs4_client *clp; 2968 int ret; 2969 2970 clp = get_nfsdfs_clp(inode); 2971 if (!clp) 2972 return -ENXIO; 2973 2974 ret = seq_open(file, &states_seq_ops); 2975 if (ret) 2976 return ret; 2977 s = file->private_data; 2978 s->private = clp; 2979 return 0; 2980 } 2981 client_opens_release(struct inode * inode,struct file * file)2982 static int client_opens_release(struct inode *inode, struct file *file) 2983 { 2984 struct seq_file *m = file->private_data; 2985 struct nfs4_client *clp = m->private; 2986 2987 /* XXX: alternatively, we could get/drop in seq start/stop */ 2988 drop_client(clp); 2989 return seq_release(inode, file); 2990 } 2991 2992 static const struct file_operations client_states_fops = { 2993 .open = client_states_open, 2994 .read = seq_read, 2995 .llseek = seq_lseek, 2996 .release = client_opens_release, 2997 }; 2998 2999 /* 3000 * Normally we refuse to destroy clients that are in use, but here the 3001 * administrator is telling us to just do it. We also want to wait 3002 * so the caller has a guarantee that the client's locks are gone by 3003 * the time the write returns: 3004 */ force_expire_client(struct nfs4_client * clp)3005 static void force_expire_client(struct nfs4_client *clp) 3006 { 3007 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3008 bool already_expired; 3009 3010 trace_nfsd_clid_admin_expired(&clp->cl_clientid); 3011 3012 spin_lock(&nn->client_lock); 3013 clp->cl_time = 0; 3014 spin_unlock(&nn->client_lock); 3015 3016 wait_event(expiry_wq, atomic_read(&clp->cl_rpc_users) == 0); 3017 spin_lock(&nn->client_lock); 3018 already_expired = list_empty(&clp->cl_lru); 3019 if (!already_expired) 3020 unhash_client_locked(clp); 3021 spin_unlock(&nn->client_lock); 3022 3023 if (!already_expired) 3024 expire_client(clp); 3025 else 3026 wait_event(expiry_wq, clp->cl_nfsd_dentry == NULL); 3027 } 3028 client_ctl_write(struct file * file,const char __user * buf,size_t size,loff_t * pos)3029 static ssize_t client_ctl_write(struct file *file, const char __user *buf, 3030 size_t size, loff_t *pos) 3031 { 3032 char *data; 3033 struct nfs4_client *clp; 3034 3035 data = simple_transaction_get(file, buf, size); 3036 if (IS_ERR(data)) 3037 return PTR_ERR(data); 3038 if (size != 7 || 0 != memcmp(data, "expire\n", 7)) 3039 return -EINVAL; 3040 clp = get_nfsdfs_clp(file_inode(file)); 3041 if (!clp) 3042 return -ENXIO; 3043 force_expire_client(clp); 3044 drop_client(clp); 3045 return 7; 3046 } 3047 3048 static const struct file_operations client_ctl_fops = { 3049 .write = client_ctl_write, 3050 .release = simple_transaction_release, 3051 }; 3052 3053 static const struct tree_descr client_files[] = { 3054 [0] = {"info", &client_info_fops, S_IRUSR}, 3055 [1] = {"states", &client_states_fops, S_IRUSR}, 3056 [2] = {"ctl", &client_ctl_fops, S_IWUSR}, 3057 [3] = {""}, 3058 }; 3059 3060 static int nfsd4_cb_recall_any_done(struct nfsd4_callback * cb,struct rpc_task * task)3061 nfsd4_cb_recall_any_done(struct nfsd4_callback *cb, 3062 struct rpc_task *task) 3063 { 3064 trace_nfsd_cb_recall_any_done(cb, task); 3065 switch (task->tk_status) { 3066 case -NFS4ERR_DELAY: 3067 rpc_delay(task, 2 * HZ); 3068 return 0; 3069 default: 3070 return 1; 3071 } 3072 } 3073 3074 static void nfsd4_cb_recall_any_release(struct nfsd4_callback * cb)3075 nfsd4_cb_recall_any_release(struct nfsd4_callback *cb) 3076 { 3077 struct nfs4_client *clp = cb->cb_clp; 3078 3079 clear_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags); 3080 drop_client(clp); 3081 } 3082 3083 static int nfsd4_cb_getattr_done(struct nfsd4_callback * cb,struct rpc_task * task)3084 nfsd4_cb_getattr_done(struct nfsd4_callback *cb, struct rpc_task *task) 3085 { 3086 struct nfs4_cb_fattr *ncf = 3087 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3088 struct nfs4_delegation *dp = 3089 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3090 3091 trace_nfsd_cb_getattr_done(&dp->dl_stid.sc_stateid, task); 3092 ncf->ncf_cb_status = task->tk_status; 3093 switch (task->tk_status) { 3094 case -NFS4ERR_DELAY: 3095 rpc_delay(task, 2 * HZ); 3096 return 0; 3097 default: 3098 return 1; 3099 } 3100 } 3101 3102 static void nfsd4_cb_getattr_release(struct nfsd4_callback * cb)3103 nfsd4_cb_getattr_release(struct nfsd4_callback *cb) 3104 { 3105 struct nfs4_cb_fattr *ncf = 3106 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3107 struct nfs4_delegation *dp = 3108 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3109 3110 clear_and_wake_up_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags); 3111 nfs4_put_stid(&dp->dl_stid); 3112 } 3113 3114 static const struct nfsd4_callback_ops nfsd4_cb_recall_any_ops = { 3115 .done = nfsd4_cb_recall_any_done, 3116 .release = nfsd4_cb_recall_any_release, 3117 .opcode = OP_CB_RECALL_ANY, 3118 }; 3119 3120 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops = { 3121 .done = nfsd4_cb_getattr_done, 3122 .release = nfsd4_cb_getattr_release, 3123 .opcode = OP_CB_GETATTR, 3124 }; 3125 nfs4_cb_getattr(struct nfs4_cb_fattr * ncf)3126 static void nfs4_cb_getattr(struct nfs4_cb_fattr *ncf) 3127 { 3128 struct nfs4_delegation *dp = 3129 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3130 3131 if (test_and_set_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags)) 3132 return; 3133 /* set to proper status when nfsd4_cb_getattr_done runs */ 3134 ncf->ncf_cb_status = NFS4ERR_IO; 3135 3136 refcount_inc(&dp->dl_stid.sc_count); 3137 nfsd4_run_cb(&ncf->ncf_getattr); 3138 } 3139 create_client(struct xdr_netobj name,struct svc_rqst * rqstp,nfs4_verifier * verf)3140 static struct nfs4_client *create_client(struct xdr_netobj name, 3141 struct svc_rqst *rqstp, nfs4_verifier *verf) 3142 { 3143 struct nfs4_client *clp; 3144 struct sockaddr *sa = svc_addr(rqstp); 3145 int ret; 3146 struct net *net = SVC_NET(rqstp); 3147 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 3148 struct dentry *dentries[ARRAY_SIZE(client_files)]; 3149 3150 clp = alloc_client(name, nn); 3151 if (clp == NULL) 3152 return NULL; 3153 3154 ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred); 3155 if (ret) { 3156 free_client(clp); 3157 return NULL; 3158 } 3159 gen_clid(clp, nn); 3160 kref_init(&clp->cl_nfsdfs.cl_ref); 3161 nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL); 3162 clp->cl_time = ktime_get_boottime_seconds(); 3163 clear_bit(0, &clp->cl_cb_slot_busy); 3164 copy_verf(clp, verf); 3165 memcpy(&clp->cl_addr, sa, sizeof(struct sockaddr_storage)); 3166 clp->cl_cb_session = NULL; 3167 clp->net = net; 3168 clp->cl_nfsd_dentry = nfsd_client_mkdir( 3169 nn, &clp->cl_nfsdfs, 3170 clp->cl_clientid.cl_id - nn->clientid_base, 3171 client_files, dentries); 3172 clp->cl_nfsd_info_dentry = dentries[0]; 3173 if (!clp->cl_nfsd_dentry) { 3174 free_client(clp); 3175 return NULL; 3176 } 3177 clp->cl_ra = kzalloc(sizeof(*clp->cl_ra), GFP_KERNEL); 3178 if (!clp->cl_ra) { 3179 free_client(clp); 3180 return NULL; 3181 } 3182 clp->cl_ra_time = 0; 3183 nfsd4_init_cb(&clp->cl_ra->ra_cb, clp, &nfsd4_cb_recall_any_ops, 3184 NFSPROC4_CLNT_CB_RECALL_ANY); 3185 return clp; 3186 } 3187 3188 static void add_clp_to_name_tree(struct nfs4_client * new_clp,struct rb_root * root)3189 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root) 3190 { 3191 struct rb_node **new = &(root->rb_node), *parent = NULL; 3192 struct nfs4_client *clp; 3193 3194 while (*new) { 3195 clp = rb_entry(*new, struct nfs4_client, cl_namenode); 3196 parent = *new; 3197 3198 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0) 3199 new = &((*new)->rb_left); 3200 else 3201 new = &((*new)->rb_right); 3202 } 3203 3204 rb_link_node(&new_clp->cl_namenode, parent, new); 3205 rb_insert_color(&new_clp->cl_namenode, root); 3206 } 3207 3208 static struct nfs4_client * find_clp_in_name_tree(struct xdr_netobj * name,struct rb_root * root)3209 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root) 3210 { 3211 int cmp; 3212 struct rb_node *node = root->rb_node; 3213 struct nfs4_client *clp; 3214 3215 while (node) { 3216 clp = rb_entry(node, struct nfs4_client, cl_namenode); 3217 cmp = compare_blob(&clp->cl_name, name); 3218 if (cmp > 0) 3219 node = node->rb_left; 3220 else if (cmp < 0) 3221 node = node->rb_right; 3222 else 3223 return clp; 3224 } 3225 return NULL; 3226 } 3227 3228 static void add_to_unconfirmed(struct nfs4_client * clp)3229 add_to_unconfirmed(struct nfs4_client *clp) 3230 { 3231 unsigned int idhashval; 3232 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3233 3234 lockdep_assert_held(&nn->client_lock); 3235 3236 clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3237 add_clp_to_name_tree(clp, &nn->unconf_name_tree); 3238 idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3239 list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]); 3240 renew_client_locked(clp); 3241 } 3242 3243 static void move_to_confirmed(struct nfs4_client * clp)3244 move_to_confirmed(struct nfs4_client *clp) 3245 { 3246 unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3247 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3248 3249 lockdep_assert_held(&nn->client_lock); 3250 3251 list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]); 3252 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 3253 add_clp_to_name_tree(clp, &nn->conf_name_tree); 3254 set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3255 trace_nfsd_clid_confirmed(&clp->cl_clientid); 3256 renew_client_locked(clp); 3257 } 3258 3259 static struct nfs4_client * find_client_in_id_table(struct list_head * tbl,clientid_t * clid,bool sessions)3260 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions) 3261 { 3262 struct nfs4_client *clp; 3263 unsigned int idhashval = clientid_hashval(clid->cl_id); 3264 3265 list_for_each_entry(clp, &tbl[idhashval], cl_idhash) { 3266 if (same_clid(&clp->cl_clientid, clid)) { 3267 if ((bool)clp->cl_minorversion != sessions) 3268 return NULL; 3269 renew_client_locked(clp); 3270 return clp; 3271 } 3272 } 3273 return NULL; 3274 } 3275 3276 static struct nfs4_client * find_confirmed_client(clientid_t * clid,bool sessions,struct nfsd_net * nn)3277 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3278 { 3279 struct list_head *tbl = nn->conf_id_hashtbl; 3280 3281 lockdep_assert_held(&nn->client_lock); 3282 return find_client_in_id_table(tbl, clid, sessions); 3283 } 3284 3285 static struct nfs4_client * find_unconfirmed_client(clientid_t * clid,bool sessions,struct nfsd_net * nn)3286 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3287 { 3288 struct list_head *tbl = nn->unconf_id_hashtbl; 3289 3290 lockdep_assert_held(&nn->client_lock); 3291 return find_client_in_id_table(tbl, clid, sessions); 3292 } 3293 clp_used_exchangeid(struct nfs4_client * clp)3294 static bool clp_used_exchangeid(struct nfs4_client *clp) 3295 { 3296 return clp->cl_exchange_flags != 0; 3297 } 3298 3299 static struct nfs4_client * find_confirmed_client_by_name(struct xdr_netobj * name,struct nfsd_net * nn)3300 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3301 { 3302 lockdep_assert_held(&nn->client_lock); 3303 return find_clp_in_name_tree(name, &nn->conf_name_tree); 3304 } 3305 3306 static struct nfs4_client * find_unconfirmed_client_by_name(struct xdr_netobj * name,struct nfsd_net * nn)3307 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3308 { 3309 lockdep_assert_held(&nn->client_lock); 3310 return find_clp_in_name_tree(name, &nn->unconf_name_tree); 3311 } 3312 3313 static void gen_callback(struct nfs4_client * clp,struct nfsd4_setclientid * se,struct svc_rqst * rqstp)3314 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp) 3315 { 3316 struct nfs4_cb_conn *conn = &clp->cl_cb_conn; 3317 struct sockaddr *sa = svc_addr(rqstp); 3318 u32 scopeid = rpc_get_scope_id(sa); 3319 unsigned short expected_family; 3320 3321 /* Currently, we only support tcp and tcp6 for the callback channel */ 3322 if (se->se_callback_netid_len == 3 && 3323 !memcmp(se->se_callback_netid_val, "tcp", 3)) 3324 expected_family = AF_INET; 3325 else if (se->se_callback_netid_len == 4 && 3326 !memcmp(se->se_callback_netid_val, "tcp6", 4)) 3327 expected_family = AF_INET6; 3328 else 3329 goto out_err; 3330 3331 conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val, 3332 se->se_callback_addr_len, 3333 (struct sockaddr *)&conn->cb_addr, 3334 sizeof(conn->cb_addr)); 3335 3336 if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family) 3337 goto out_err; 3338 3339 if (conn->cb_addr.ss_family == AF_INET6) 3340 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid; 3341 3342 conn->cb_prog = se->se_callback_prog; 3343 conn->cb_ident = se->se_callback_ident; 3344 memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen); 3345 trace_nfsd_cb_args(clp, conn); 3346 return; 3347 out_err: 3348 conn->cb_addr.ss_family = AF_UNSPEC; 3349 conn->cb_addrlen = 0; 3350 trace_nfsd_cb_nodelegs(clp); 3351 return; 3352 } 3353 3354 /* 3355 * Cache a reply. nfsd4_check_resp_size() has bounded the cache size. 3356 */ 3357 static void nfsd4_store_cache_entry(struct nfsd4_compoundres * resp)3358 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) 3359 { 3360 struct xdr_buf *buf = resp->xdr->buf; 3361 struct nfsd4_slot *slot = resp->cstate.slot; 3362 unsigned int base; 3363 3364 dprintk("--> %s slot %p\n", __func__, slot); 3365 3366 slot->sl_flags |= NFSD4_SLOT_INITIALIZED; 3367 slot->sl_opcnt = resp->opcnt; 3368 slot->sl_status = resp->cstate.status; 3369 free_svc_cred(&slot->sl_cred); 3370 copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred); 3371 3372 if (!nfsd4_cache_this(resp)) { 3373 slot->sl_flags &= ~NFSD4_SLOT_CACHED; 3374 return; 3375 } 3376 slot->sl_flags |= NFSD4_SLOT_CACHED; 3377 3378 base = resp->cstate.data_offset; 3379 slot->sl_datalen = buf->len - base; 3380 if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen)) 3381 WARN(1, "%s: sessions DRC could not cache compound\n", 3382 __func__); 3383 return; 3384 } 3385 3386 /* 3387 * Encode the replay sequence operation from the slot values. 3388 * If cachethis is FALSE encode the uncached rep error on the next 3389 * operation which sets resp->p and increments resp->opcnt for 3390 * nfs4svc_encode_compoundres. 3391 * 3392 */ 3393 static __be32 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs * args,struct nfsd4_compoundres * resp)3394 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args, 3395 struct nfsd4_compoundres *resp) 3396 { 3397 struct nfsd4_op *op; 3398 struct nfsd4_slot *slot = resp->cstate.slot; 3399 3400 /* Encode the replayed sequence operation */ 3401 op = &args->ops[resp->opcnt - 1]; 3402 nfsd4_encode_operation(resp, op); 3403 3404 if (slot->sl_flags & NFSD4_SLOT_CACHED) 3405 return op->status; 3406 if (args->opcnt == 1) { 3407 /* 3408 * The original operation wasn't a solo sequence--we 3409 * always cache those--so this retry must not match the 3410 * original: 3411 */ 3412 op->status = nfserr_seq_false_retry; 3413 } else { 3414 op = &args->ops[resp->opcnt++]; 3415 op->status = nfserr_retry_uncached_rep; 3416 nfsd4_encode_operation(resp, op); 3417 } 3418 return op->status; 3419 } 3420 3421 /* 3422 * The sequence operation is not cached because we can use the slot and 3423 * session values. 3424 */ 3425 static __be32 nfsd4_replay_cache_entry(struct nfsd4_compoundres * resp,struct nfsd4_sequence * seq)3426 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp, 3427 struct nfsd4_sequence *seq) 3428 { 3429 struct nfsd4_slot *slot = resp->cstate.slot; 3430 struct xdr_stream *xdr = resp->xdr; 3431 __be32 *p; 3432 __be32 status; 3433 3434 dprintk("--> %s slot %p\n", __func__, slot); 3435 3436 status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp); 3437 if (status) 3438 return status; 3439 3440 p = xdr_reserve_space(xdr, slot->sl_datalen); 3441 if (!p) { 3442 WARN_ON_ONCE(1); 3443 return nfserr_serverfault; 3444 } 3445 xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen); 3446 xdr_commit_encode(xdr); 3447 3448 resp->opcnt = slot->sl_opcnt; 3449 return slot->sl_status; 3450 } 3451 3452 /* 3453 * Set the exchange_id flags returned by the server. 3454 */ 3455 static void nfsd4_set_ex_flags(struct nfs4_client * new,struct nfsd4_exchange_id * clid)3456 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid) 3457 { 3458 #ifdef CONFIG_NFSD_PNFS 3459 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS; 3460 #else 3461 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS; 3462 #endif 3463 3464 /* Referrals are supported, Migration is not. */ 3465 new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER; 3466 3467 /* set the wire flags to return to client. */ 3468 clid->flags = new->cl_exchange_flags; 3469 } 3470 client_has_openowners(struct nfs4_client * clp)3471 static bool client_has_openowners(struct nfs4_client *clp) 3472 { 3473 struct nfs4_openowner *oo; 3474 3475 list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) { 3476 if (!list_empty(&oo->oo_owner.so_stateids)) 3477 return true; 3478 } 3479 return false; 3480 } 3481 client_has_state(struct nfs4_client * clp)3482 static bool client_has_state(struct nfs4_client *clp) 3483 { 3484 return client_has_openowners(clp) 3485 #ifdef CONFIG_NFSD_PNFS 3486 || !list_empty(&clp->cl_lo_states) 3487 #endif 3488 || !list_empty(&clp->cl_delegations) 3489 || !list_empty(&clp->cl_sessions) 3490 || !list_empty(&clp->async_copies); 3491 } 3492 copy_impl_id(struct nfs4_client * clp,struct nfsd4_exchange_id * exid)3493 static __be32 copy_impl_id(struct nfs4_client *clp, 3494 struct nfsd4_exchange_id *exid) 3495 { 3496 if (!exid->nii_domain.data) 3497 return 0; 3498 xdr_netobj_dup(&clp->cl_nii_domain, &exid->nii_domain, GFP_KERNEL); 3499 if (!clp->cl_nii_domain.data) 3500 return nfserr_jukebox; 3501 xdr_netobj_dup(&clp->cl_nii_name, &exid->nii_name, GFP_KERNEL); 3502 if (!clp->cl_nii_name.data) 3503 return nfserr_jukebox; 3504 clp->cl_nii_time = exid->nii_time; 3505 return 0; 3506 } 3507 3508 __be32 nfsd4_exchange_id(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)3509 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 3510 union nfsd4_op_u *u) 3511 { 3512 struct nfsd4_exchange_id *exid = &u->exchange_id; 3513 struct nfs4_client *conf, *new; 3514 struct nfs4_client *unconf = NULL; 3515 __be32 status; 3516 char addr_str[INET6_ADDRSTRLEN]; 3517 nfs4_verifier verf = exid->verifier; 3518 struct sockaddr *sa = svc_addr(rqstp); 3519 bool update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A; 3520 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3521 3522 rpc_ntop(sa, addr_str, sizeof(addr_str)); 3523 dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p " 3524 "ip_addr=%s flags %x, spa_how %u\n", 3525 __func__, rqstp, exid, exid->clname.len, exid->clname.data, 3526 addr_str, exid->flags, exid->spa_how); 3527 3528 if (exid->flags & ~EXCHGID4_FLAG_MASK_A) 3529 return nfserr_inval; 3530 3531 new = create_client(exid->clname, rqstp, &verf); 3532 if (new == NULL) 3533 return nfserr_jukebox; 3534 status = copy_impl_id(new, exid); 3535 if (status) 3536 goto out_nolock; 3537 3538 switch (exid->spa_how) { 3539 case SP4_MACH_CRED: 3540 exid->spo_must_enforce[0] = 0; 3541 exid->spo_must_enforce[1] = ( 3542 1 << (OP_BIND_CONN_TO_SESSION - 32) | 3543 1 << (OP_EXCHANGE_ID - 32) | 3544 1 << (OP_CREATE_SESSION - 32) | 3545 1 << (OP_DESTROY_SESSION - 32) | 3546 1 << (OP_DESTROY_CLIENTID - 32)); 3547 3548 exid->spo_must_allow[0] &= (1 << (OP_CLOSE) | 3549 1 << (OP_OPEN_DOWNGRADE) | 3550 1 << (OP_LOCKU) | 3551 1 << (OP_DELEGRETURN)); 3552 3553 exid->spo_must_allow[1] &= ( 3554 1 << (OP_TEST_STATEID - 32) | 3555 1 << (OP_FREE_STATEID - 32)); 3556 if (!svc_rqst_integrity_protected(rqstp)) { 3557 status = nfserr_inval; 3558 goto out_nolock; 3559 } 3560 /* 3561 * Sometimes userspace doesn't give us a principal. 3562 * Which is a bug, really. Anyway, we can't enforce 3563 * MACH_CRED in that case, better to give up now: 3564 */ 3565 if (!new->cl_cred.cr_principal && 3566 !new->cl_cred.cr_raw_principal) { 3567 status = nfserr_serverfault; 3568 goto out_nolock; 3569 } 3570 new->cl_mach_cred = true; 3571 break; 3572 case SP4_NONE: 3573 break; 3574 default: /* checked by xdr code */ 3575 WARN_ON_ONCE(1); 3576 fallthrough; 3577 case SP4_SSV: 3578 status = nfserr_encr_alg_unsupp; 3579 goto out_nolock; 3580 } 3581 3582 /* Cases below refer to rfc 5661 section 18.35.4: */ 3583 spin_lock(&nn->client_lock); 3584 conf = find_confirmed_client_by_name(&exid->clname, nn); 3585 if (conf) { 3586 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred); 3587 bool verfs_match = same_verf(&verf, &conf->cl_verifier); 3588 3589 if (update) { 3590 if (!clp_used_exchangeid(conf)) { /* buggy client */ 3591 status = nfserr_inval; 3592 goto out; 3593 } 3594 if (!nfsd4_mach_creds_match(conf, rqstp)) { 3595 status = nfserr_wrong_cred; 3596 goto out; 3597 } 3598 if (!creds_match) { /* case 9 */ 3599 status = nfserr_perm; 3600 goto out; 3601 } 3602 if (!verfs_match) { /* case 8 */ 3603 status = nfserr_not_same; 3604 goto out; 3605 } 3606 /* case 6 */ 3607 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R; 3608 trace_nfsd_clid_confirmed_r(conf); 3609 goto out_copy; 3610 } 3611 if (!creds_match) { /* case 3 */ 3612 if (client_has_state(conf)) { 3613 status = nfserr_clid_inuse; 3614 trace_nfsd_clid_cred_mismatch(conf, rqstp); 3615 goto out; 3616 } 3617 goto out_new; 3618 } 3619 if (verfs_match) { /* case 2 */ 3620 conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R; 3621 trace_nfsd_clid_confirmed_r(conf); 3622 goto out_copy; 3623 } 3624 /* case 5, client reboot */ 3625 trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf); 3626 conf = NULL; 3627 goto out_new; 3628 } 3629 3630 if (update) { /* case 7 */ 3631 status = nfserr_noent; 3632 goto out; 3633 } 3634 3635 unconf = find_unconfirmed_client_by_name(&exid->clname, nn); 3636 if (unconf) /* case 4, possible retry or client restart */ 3637 unhash_client_locked(unconf); 3638 3639 /* case 1, new owner ID */ 3640 trace_nfsd_clid_fresh(new); 3641 3642 out_new: 3643 if (conf) { 3644 status = mark_client_expired_locked(conf); 3645 if (status) 3646 goto out; 3647 trace_nfsd_clid_replaced(&conf->cl_clientid); 3648 } 3649 new->cl_minorversion = cstate->minorversion; 3650 new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0]; 3651 new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1]; 3652 3653 /* Contrived initial CREATE_SESSION response */ 3654 new->cl_cs_slot.sl_status = nfserr_seq_misordered; 3655 3656 add_to_unconfirmed(new); 3657 swap(new, conf); 3658 out_copy: 3659 exid->clientid.cl_boot = conf->cl_clientid.cl_boot; 3660 exid->clientid.cl_id = conf->cl_clientid.cl_id; 3661 3662 exid->seqid = conf->cl_cs_slot.sl_seqid + 1; 3663 nfsd4_set_ex_flags(conf, exid); 3664 3665 dprintk("nfsd4_exchange_id seqid %d flags %x\n", 3666 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags); 3667 status = nfs_ok; 3668 3669 out: 3670 spin_unlock(&nn->client_lock); 3671 out_nolock: 3672 if (new) 3673 expire_client(new); 3674 if (unconf) { 3675 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 3676 expire_client(unconf); 3677 } 3678 return status; 3679 } 3680 check_slot_seqid(u32 seqid,u32 slot_seqid,bool slot_inuse)3681 static __be32 check_slot_seqid(u32 seqid, u32 slot_seqid, bool slot_inuse) 3682 { 3683 /* The slot is in use, and no response has been sent. */ 3684 if (slot_inuse) { 3685 if (seqid == slot_seqid) 3686 return nfserr_jukebox; 3687 else 3688 return nfserr_seq_misordered; 3689 } 3690 /* Note unsigned 32-bit arithmetic handles wraparound: */ 3691 if (likely(seqid == slot_seqid + 1)) 3692 return nfs_ok; 3693 if (seqid == slot_seqid) 3694 return nfserr_replay_cache; 3695 return nfserr_seq_misordered; 3696 } 3697 3698 /* 3699 * Cache the create session result into the create session single DRC 3700 * slot cache by saving the xdr structure. sl_seqid has been set. 3701 * Do this for solo or embedded create session operations. 3702 */ 3703 static void nfsd4_cache_create_session(struct nfsd4_create_session * cr_ses,struct nfsd4_clid_slot * slot,__be32 nfserr)3704 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses, 3705 struct nfsd4_clid_slot *slot, __be32 nfserr) 3706 { 3707 slot->sl_status = nfserr; 3708 memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses)); 3709 } 3710 3711 static __be32 nfsd4_replay_create_session(struct nfsd4_create_session * cr_ses,struct nfsd4_clid_slot * slot)3712 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses, 3713 struct nfsd4_clid_slot *slot) 3714 { 3715 memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses)); 3716 return slot->sl_status; 3717 } 3718 3719 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\ 3720 2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \ 3721 1 + /* MIN tag is length with zero, only length */ \ 3722 3 + /* version, opcount, opcode */ \ 3723 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 3724 /* seqid, slotID, slotID, cache */ \ 3725 4 ) * sizeof(__be32)) 3726 3727 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\ 3728 2 + /* verifier: AUTH_NULL, length 0 */\ 3729 1 + /* status */ \ 3730 1 + /* MIN tag is length with zero, only length */ \ 3731 3 + /* opcount, opcode, opstatus*/ \ 3732 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 3733 /* seqid, slotID, slotID, slotID, status */ \ 3734 5 ) * sizeof(__be32)) 3735 check_forechannel_attrs(struct nfsd4_channel_attrs * ca,struct nfsd_net * nn)3736 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 3737 { 3738 u32 maxrpc = nn->nfsd_serv->sv_max_mesg; 3739 3740 if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ) 3741 return nfserr_toosmall; 3742 if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ) 3743 return nfserr_toosmall; 3744 ca->headerpadsz = 0; 3745 ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc); 3746 ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc); 3747 ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND); 3748 ca->maxresp_cached = min_t(u32, ca->maxresp_cached, 3749 NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ); 3750 ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION); 3751 /* 3752 * Note decreasing slot size below client's request may make it 3753 * difficult for client to function correctly, whereas 3754 * decreasing the number of slots will (just?) affect 3755 * performance. When short on memory we therefore prefer to 3756 * decrease number of slots instead of their size. Clients that 3757 * request larger slots than they need will get poor results: 3758 * Note that we always allow at least one slot, because our 3759 * accounting is soft and provides no guarantees either way. 3760 */ 3761 ca->maxreqs = nfsd4_get_drc_mem(ca, nn); 3762 3763 return nfs_ok; 3764 } 3765 3766 /* 3767 * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now. 3768 * These are based on similar macros in linux/sunrpc/msg_prot.h . 3769 */ 3770 #define RPC_MAX_HEADER_WITH_AUTH_SYS \ 3771 (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK)) 3772 3773 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \ 3774 (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK)) 3775 3776 #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \ 3777 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32)) 3778 #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \ 3779 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \ 3780 sizeof(__be32)) 3781 check_backchannel_attrs(struct nfsd4_channel_attrs * ca)3782 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) 3783 { 3784 ca->headerpadsz = 0; 3785 3786 if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ) 3787 return nfserr_toosmall; 3788 if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ) 3789 return nfserr_toosmall; 3790 ca->maxresp_cached = 0; 3791 if (ca->maxops < 2) 3792 return nfserr_toosmall; 3793 3794 return nfs_ok; 3795 } 3796 nfsd4_check_cb_sec(struct nfsd4_cb_sec * cbs)3797 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs) 3798 { 3799 switch (cbs->flavor) { 3800 case RPC_AUTH_NULL: 3801 case RPC_AUTH_UNIX: 3802 return nfs_ok; 3803 default: 3804 /* 3805 * GSS case: the spec doesn't allow us to return this 3806 * error. But it also doesn't allow us not to support 3807 * GSS. 3808 * I'd rather this fail hard than return some error the 3809 * client might think it can already handle: 3810 */ 3811 return nfserr_encr_alg_unsupp; 3812 } 3813 } 3814 3815 __be32 nfsd4_create_session(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)3816 nfsd4_create_session(struct svc_rqst *rqstp, 3817 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 3818 { 3819 struct nfsd4_create_session *cr_ses = &u->create_session; 3820 struct sockaddr *sa = svc_addr(rqstp); 3821 struct nfs4_client *conf, *unconf; 3822 struct nfsd4_clid_slot *cs_slot; 3823 struct nfs4_client *old = NULL; 3824 struct nfsd4_session *new; 3825 struct nfsd4_conn *conn; 3826 __be32 status = 0; 3827 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3828 3829 if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) 3830 return nfserr_inval; 3831 status = nfsd4_check_cb_sec(&cr_ses->cb_sec); 3832 if (status) 3833 return status; 3834 status = check_forechannel_attrs(&cr_ses->fore_channel, nn); 3835 if (status) 3836 return status; 3837 status = check_backchannel_attrs(&cr_ses->back_channel); 3838 if (status) 3839 goto out_release_drc_mem; 3840 status = nfserr_jukebox; 3841 new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel); 3842 if (!new) 3843 goto out_release_drc_mem; 3844 conn = alloc_conn_from_crses(rqstp, cr_ses); 3845 if (!conn) 3846 goto out_free_session; 3847 3848 spin_lock(&nn->client_lock); 3849 3850 /* RFC 8881 Section 18.36.4 Phase 1: Client record look-up. */ 3851 unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn); 3852 conf = find_confirmed_client(&cr_ses->clientid, true, nn); 3853 if (!conf && !unconf) { 3854 status = nfserr_stale_clientid; 3855 goto out_free_conn; 3856 } 3857 3858 /* RFC 8881 Section 18.36.4 Phase 2: Sequence ID processing. */ 3859 if (conf) { 3860 cs_slot = &conf->cl_cs_slot; 3861 trace_nfsd_slot_seqid_conf(conf, cr_ses); 3862 } else { 3863 cs_slot = &unconf->cl_cs_slot; 3864 trace_nfsd_slot_seqid_unconf(unconf, cr_ses); 3865 } 3866 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0); 3867 switch (status) { 3868 case nfs_ok: 3869 cs_slot->sl_seqid++; 3870 cr_ses->seqid = cs_slot->sl_seqid; 3871 break; 3872 case nfserr_replay_cache: 3873 status = nfsd4_replay_create_session(cr_ses, cs_slot); 3874 fallthrough; 3875 case nfserr_jukebox: 3876 /* The server MUST NOT cache NFS4ERR_DELAY */ 3877 goto out_free_conn; 3878 default: 3879 goto out_cache_error; 3880 } 3881 3882 /* RFC 8881 Section 18.36.4 Phase 3: Client ID confirmation. */ 3883 if (conf) { 3884 status = nfserr_wrong_cred; 3885 if (!nfsd4_mach_creds_match(conf, rqstp)) 3886 goto out_cache_error; 3887 } else { 3888 status = nfserr_clid_inuse; 3889 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) || 3890 !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) { 3891 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 3892 goto out_cache_error; 3893 } 3894 status = nfserr_wrong_cred; 3895 if (!nfsd4_mach_creds_match(unconf, rqstp)) 3896 goto out_cache_error; 3897 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 3898 if (old) { 3899 status = mark_client_expired_locked(old); 3900 if (status) 3901 goto out_expired_error; 3902 trace_nfsd_clid_replaced(&old->cl_clientid); 3903 } 3904 move_to_confirmed(unconf); 3905 conf = unconf; 3906 } 3907 3908 /* RFC 8881 Section 18.36.4 Phase 4: Session creation. */ 3909 status = nfs_ok; 3910 /* Persistent sessions are not supported */ 3911 cr_ses->flags &= ~SESSION4_PERSIST; 3912 /* Upshifting from TCP to RDMA is not supported */ 3913 cr_ses->flags &= ~SESSION4_RDMA; 3914 3915 init_session(rqstp, new, conf, cr_ses); 3916 nfsd4_get_session_locked(new); 3917 3918 memcpy(cr_ses->sessionid.data, new->se_sessionid.data, 3919 NFS4_MAX_SESSIONID_LEN); 3920 3921 /* cache solo and embedded create sessions under the client_lock */ 3922 nfsd4_cache_create_session(cr_ses, cs_slot, status); 3923 spin_unlock(&nn->client_lock); 3924 if (conf == unconf) 3925 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 3926 /* init connection and backchannel */ 3927 nfsd4_init_conn(rqstp, conn, new); 3928 nfsd4_put_session(new); 3929 if (old) 3930 expire_client(old); 3931 return status; 3932 3933 out_expired_error: 3934 old = NULL; 3935 /* 3936 * Revert the slot seq_nr change so the server will process 3937 * the client's resend instead of returning a cached response. 3938 */ 3939 if (status == nfserr_jukebox) { 3940 cs_slot->sl_seqid--; 3941 cr_ses->seqid = cs_slot->sl_seqid; 3942 goto out_free_conn; 3943 } 3944 out_cache_error: 3945 nfsd4_cache_create_session(cr_ses, cs_slot, status); 3946 out_free_conn: 3947 spin_unlock(&nn->client_lock); 3948 free_conn(conn); 3949 if (old) 3950 expire_client(old); 3951 out_free_session: 3952 __free_session(new); 3953 out_release_drc_mem: 3954 nfsd4_put_drc_mem(&cr_ses->fore_channel); 3955 return status; 3956 } 3957 nfsd4_map_bcts_dir(u32 * dir)3958 static __be32 nfsd4_map_bcts_dir(u32 *dir) 3959 { 3960 switch (*dir) { 3961 case NFS4_CDFC4_FORE: 3962 case NFS4_CDFC4_BACK: 3963 return nfs_ok; 3964 case NFS4_CDFC4_FORE_OR_BOTH: 3965 case NFS4_CDFC4_BACK_OR_BOTH: 3966 *dir = NFS4_CDFC4_BOTH; 3967 return nfs_ok; 3968 } 3969 return nfserr_inval; 3970 } 3971 nfsd4_backchannel_ctl(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)3972 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, 3973 struct nfsd4_compound_state *cstate, 3974 union nfsd4_op_u *u) 3975 { 3976 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl; 3977 struct nfsd4_session *session = cstate->session; 3978 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3979 __be32 status; 3980 3981 status = nfsd4_check_cb_sec(&bc->bc_cb_sec); 3982 if (status) 3983 return status; 3984 spin_lock(&nn->client_lock); 3985 session->se_cb_prog = bc->bc_cb_program; 3986 session->se_cb_sec = bc->bc_cb_sec; 3987 spin_unlock(&nn->client_lock); 3988 3989 nfsd4_probe_callback(session->se_client); 3990 3991 return nfs_ok; 3992 } 3993 __nfsd4_find_conn(struct svc_xprt * xpt,struct nfsd4_session * s)3994 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s) 3995 { 3996 struct nfsd4_conn *c; 3997 3998 list_for_each_entry(c, &s->se_conns, cn_persession) { 3999 if (c->cn_xprt == xpt) { 4000 return c; 4001 } 4002 } 4003 return NULL; 4004 } 4005 nfsd4_match_existing_connection(struct svc_rqst * rqst,struct nfsd4_session * session,u32 req,struct nfsd4_conn ** conn)4006 static __be32 nfsd4_match_existing_connection(struct svc_rqst *rqst, 4007 struct nfsd4_session *session, u32 req, struct nfsd4_conn **conn) 4008 { 4009 struct nfs4_client *clp = session->se_client; 4010 struct svc_xprt *xpt = rqst->rq_xprt; 4011 struct nfsd4_conn *c; 4012 __be32 status; 4013 4014 /* Following the last paragraph of RFC 5661 Section 18.34.3: */ 4015 spin_lock(&clp->cl_lock); 4016 c = __nfsd4_find_conn(xpt, session); 4017 if (!c) 4018 status = nfserr_noent; 4019 else if (req == c->cn_flags) 4020 status = nfs_ok; 4021 else if (req == NFS4_CDFC4_FORE_OR_BOTH && 4022 c->cn_flags != NFS4_CDFC4_BACK) 4023 status = nfs_ok; 4024 else if (req == NFS4_CDFC4_BACK_OR_BOTH && 4025 c->cn_flags != NFS4_CDFC4_FORE) 4026 status = nfs_ok; 4027 else 4028 status = nfserr_inval; 4029 spin_unlock(&clp->cl_lock); 4030 if (status == nfs_ok && conn) 4031 *conn = c; 4032 return status; 4033 } 4034 nfsd4_bind_conn_to_session(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4035 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, 4036 struct nfsd4_compound_state *cstate, 4037 union nfsd4_op_u *u) 4038 { 4039 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 4040 __be32 status; 4041 struct nfsd4_conn *conn; 4042 struct nfsd4_session *session; 4043 struct net *net = SVC_NET(rqstp); 4044 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4045 4046 if (!nfsd4_last_compound_op(rqstp)) 4047 return nfserr_not_only_op; 4048 spin_lock(&nn->client_lock); 4049 session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status); 4050 spin_unlock(&nn->client_lock); 4051 if (!session) 4052 goto out_no_session; 4053 status = nfserr_wrong_cred; 4054 if (!nfsd4_mach_creds_match(session->se_client, rqstp)) 4055 goto out; 4056 status = nfsd4_match_existing_connection(rqstp, session, 4057 bcts->dir, &conn); 4058 if (status == nfs_ok) { 4059 if (bcts->dir == NFS4_CDFC4_FORE_OR_BOTH || 4060 bcts->dir == NFS4_CDFC4_BACK) 4061 conn->cn_flags |= NFS4_CDFC4_BACK; 4062 nfsd4_probe_callback(session->se_client); 4063 goto out; 4064 } 4065 if (status == nfserr_inval) 4066 goto out; 4067 status = nfsd4_map_bcts_dir(&bcts->dir); 4068 if (status) 4069 goto out; 4070 conn = alloc_conn(rqstp, bcts->dir); 4071 status = nfserr_jukebox; 4072 if (!conn) 4073 goto out; 4074 nfsd4_init_conn(rqstp, conn, session); 4075 status = nfs_ok; 4076 out: 4077 nfsd4_put_session(session); 4078 out_no_session: 4079 return status; 4080 } 4081 nfsd4_compound_in_session(struct nfsd4_compound_state * cstate,struct nfs4_sessionid * sid)4082 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid) 4083 { 4084 if (!cstate->session) 4085 return false; 4086 return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid)); 4087 } 4088 4089 __be32 nfsd4_destroy_session(struct svc_rqst * r,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4090 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate, 4091 union nfsd4_op_u *u) 4092 { 4093 struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid; 4094 struct nfsd4_session *ses; 4095 __be32 status; 4096 int ref_held_by_me = 0; 4097 struct net *net = SVC_NET(r); 4098 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4099 4100 status = nfserr_not_only_op; 4101 if (nfsd4_compound_in_session(cstate, sessionid)) { 4102 if (!nfsd4_last_compound_op(r)) 4103 goto out; 4104 ref_held_by_me++; 4105 } 4106 dump_sessionid(__func__, sessionid); 4107 spin_lock(&nn->client_lock); 4108 ses = find_in_sessionid_hashtbl(sessionid, net, &status); 4109 if (!ses) 4110 goto out_client_lock; 4111 status = nfserr_wrong_cred; 4112 if (!nfsd4_mach_creds_match(ses->se_client, r)) 4113 goto out_put_session; 4114 status = mark_session_dead_locked(ses, 1 + ref_held_by_me); 4115 if (status) 4116 goto out_put_session; 4117 unhash_session(ses); 4118 spin_unlock(&nn->client_lock); 4119 4120 nfsd4_probe_callback_sync(ses->se_client); 4121 4122 spin_lock(&nn->client_lock); 4123 status = nfs_ok; 4124 out_put_session: 4125 nfsd4_put_session_locked(ses); 4126 out_client_lock: 4127 spin_unlock(&nn->client_lock); 4128 out: 4129 return status; 4130 } 4131 nfsd4_sequence_check_conn(struct nfsd4_conn * new,struct nfsd4_session * ses)4132 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses) 4133 { 4134 struct nfs4_client *clp = ses->se_client; 4135 struct nfsd4_conn *c; 4136 __be32 status = nfs_ok; 4137 int ret; 4138 4139 spin_lock(&clp->cl_lock); 4140 c = __nfsd4_find_conn(new->cn_xprt, ses); 4141 if (c) 4142 goto out_free; 4143 status = nfserr_conn_not_bound_to_session; 4144 if (clp->cl_mach_cred) 4145 goto out_free; 4146 __nfsd4_hash_conn(new, ses); 4147 spin_unlock(&clp->cl_lock); 4148 ret = nfsd4_register_conn(new); 4149 if (ret) 4150 /* oops; xprt is already down: */ 4151 nfsd4_conn_lost(&new->cn_xpt_user); 4152 return nfs_ok; 4153 out_free: 4154 spin_unlock(&clp->cl_lock); 4155 free_conn(new); 4156 return status; 4157 } 4158 nfsd4_session_too_many_ops(struct svc_rqst * rqstp,struct nfsd4_session * session)4159 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session) 4160 { 4161 struct nfsd4_compoundargs *args = rqstp->rq_argp; 4162 4163 return args->opcnt > session->se_fchannel.maxops; 4164 } 4165 nfsd4_request_too_big(struct svc_rqst * rqstp,struct nfsd4_session * session)4166 static bool nfsd4_request_too_big(struct svc_rqst *rqstp, 4167 struct nfsd4_session *session) 4168 { 4169 struct xdr_buf *xb = &rqstp->rq_arg; 4170 4171 return xb->len > session->se_fchannel.maxreq_sz; 4172 } 4173 replay_matches_cache(struct svc_rqst * rqstp,struct nfsd4_sequence * seq,struct nfsd4_slot * slot)4174 static bool replay_matches_cache(struct svc_rqst *rqstp, 4175 struct nfsd4_sequence *seq, struct nfsd4_slot *slot) 4176 { 4177 struct nfsd4_compoundargs *argp = rqstp->rq_argp; 4178 4179 if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) != 4180 (bool)seq->cachethis) 4181 return false; 4182 /* 4183 * If there's an error then the reply can have fewer ops than 4184 * the call. 4185 */ 4186 if (slot->sl_opcnt < argp->opcnt && !slot->sl_status) 4187 return false; 4188 /* 4189 * But if we cached a reply with *more* ops than the call you're 4190 * sending us now, then this new call is clearly not really a 4191 * replay of the old one: 4192 */ 4193 if (slot->sl_opcnt > argp->opcnt) 4194 return false; 4195 /* This is the only check explicitly called by spec: */ 4196 if (!same_creds(&rqstp->rq_cred, &slot->sl_cred)) 4197 return false; 4198 /* 4199 * There may be more comparisons we could actually do, but the 4200 * spec doesn't require us to catch every case where the calls 4201 * don't match (that would require caching the call as well as 4202 * the reply), so we don't bother. 4203 */ 4204 return true; 4205 } 4206 4207 __be32 nfsd4_sequence(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4208 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4209 union nfsd4_op_u *u) 4210 { 4211 struct nfsd4_sequence *seq = &u->sequence; 4212 struct nfsd4_compoundres *resp = rqstp->rq_resp; 4213 struct xdr_stream *xdr = resp->xdr; 4214 struct nfsd4_session *session; 4215 struct nfs4_client *clp; 4216 struct nfsd4_slot *slot; 4217 struct nfsd4_conn *conn; 4218 __be32 status; 4219 int buflen; 4220 struct net *net = SVC_NET(rqstp); 4221 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4222 4223 if (resp->opcnt != 1) 4224 return nfserr_sequence_pos; 4225 4226 /* 4227 * Will be either used or freed by nfsd4_sequence_check_conn 4228 * below. 4229 */ 4230 conn = alloc_conn(rqstp, NFS4_CDFC4_FORE); 4231 if (!conn) 4232 return nfserr_jukebox; 4233 4234 spin_lock(&nn->client_lock); 4235 session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status); 4236 if (!session) 4237 goto out_no_session; 4238 clp = session->se_client; 4239 4240 status = nfserr_too_many_ops; 4241 if (nfsd4_session_too_many_ops(rqstp, session)) 4242 goto out_put_session; 4243 4244 status = nfserr_req_too_big; 4245 if (nfsd4_request_too_big(rqstp, session)) 4246 goto out_put_session; 4247 4248 status = nfserr_badslot; 4249 if (seq->slotid >= session->se_fchannel.maxreqs) 4250 goto out_put_session; 4251 4252 slot = session->se_slots[seq->slotid]; 4253 dprintk("%s: slotid %d\n", __func__, seq->slotid); 4254 4255 /* We do not negotiate the number of slots yet, so set the 4256 * maxslots to the session maxreqs which is used to encode 4257 * sr_highest_slotid and the sr_target_slot id to maxslots */ 4258 seq->maxslots = session->se_fchannel.maxreqs; 4259 4260 trace_nfsd_slot_seqid_sequence(clp, seq, slot); 4261 status = check_slot_seqid(seq->seqid, slot->sl_seqid, 4262 slot->sl_flags & NFSD4_SLOT_INUSE); 4263 if (status == nfserr_replay_cache) { 4264 status = nfserr_seq_misordered; 4265 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED)) 4266 goto out_put_session; 4267 status = nfserr_seq_false_retry; 4268 if (!replay_matches_cache(rqstp, seq, slot)) 4269 goto out_put_session; 4270 cstate->slot = slot; 4271 cstate->session = session; 4272 cstate->clp = clp; 4273 /* Return the cached reply status and set cstate->status 4274 * for nfsd4_proc_compound processing */ 4275 status = nfsd4_replay_cache_entry(resp, seq); 4276 cstate->status = nfserr_replay_cache; 4277 goto out; 4278 } 4279 if (status) 4280 goto out_put_session; 4281 4282 status = nfsd4_sequence_check_conn(conn, session); 4283 conn = NULL; 4284 if (status) 4285 goto out_put_session; 4286 4287 buflen = (seq->cachethis) ? 4288 session->se_fchannel.maxresp_cached : 4289 session->se_fchannel.maxresp_sz; 4290 status = (seq->cachethis) ? nfserr_rep_too_big_to_cache : 4291 nfserr_rep_too_big; 4292 if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack)) 4293 goto out_put_session; 4294 svc_reserve(rqstp, buflen); 4295 4296 status = nfs_ok; 4297 /* Success! bump slot seqid */ 4298 slot->sl_seqid = seq->seqid; 4299 slot->sl_flags |= NFSD4_SLOT_INUSE; 4300 if (seq->cachethis) 4301 slot->sl_flags |= NFSD4_SLOT_CACHETHIS; 4302 else 4303 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS; 4304 4305 cstate->slot = slot; 4306 cstate->session = session; 4307 cstate->clp = clp; 4308 4309 out: 4310 switch (clp->cl_cb_state) { 4311 case NFSD4_CB_DOWN: 4312 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 4313 break; 4314 case NFSD4_CB_FAULT: 4315 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 4316 break; 4317 default: 4318 seq->status_flags = 0; 4319 } 4320 if (!list_empty(&clp->cl_revoked)) 4321 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 4322 if (atomic_read(&clp->cl_admin_revoked)) 4323 seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED; 4324 trace_nfsd_seq4_status(rqstp, seq); 4325 out_no_session: 4326 if (conn) 4327 free_conn(conn); 4328 spin_unlock(&nn->client_lock); 4329 return status; 4330 out_put_session: 4331 nfsd4_put_session_locked(session); 4332 goto out_no_session; 4333 } 4334 4335 void nfsd4_sequence_done(struct nfsd4_compoundres * resp)4336 nfsd4_sequence_done(struct nfsd4_compoundres *resp) 4337 { 4338 struct nfsd4_compound_state *cs = &resp->cstate; 4339 4340 if (nfsd4_has_session(cs)) { 4341 if (cs->status != nfserr_replay_cache) { 4342 nfsd4_store_cache_entry(resp); 4343 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE; 4344 } 4345 /* Drop session reference that was taken in nfsd4_sequence() */ 4346 nfsd4_put_session(cs->session); 4347 } else if (cs->clp) 4348 put_client_renew(cs->clp); 4349 } 4350 4351 __be32 nfsd4_destroy_clientid(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4352 nfsd4_destroy_clientid(struct svc_rqst *rqstp, 4353 struct nfsd4_compound_state *cstate, 4354 union nfsd4_op_u *u) 4355 { 4356 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid; 4357 struct nfs4_client *conf, *unconf; 4358 struct nfs4_client *clp = NULL; 4359 __be32 status = 0; 4360 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4361 4362 spin_lock(&nn->client_lock); 4363 unconf = find_unconfirmed_client(&dc->clientid, true, nn); 4364 conf = find_confirmed_client(&dc->clientid, true, nn); 4365 WARN_ON_ONCE(conf && unconf); 4366 4367 if (conf) { 4368 if (client_has_state(conf)) { 4369 status = nfserr_clientid_busy; 4370 goto out; 4371 } 4372 status = mark_client_expired_locked(conf); 4373 if (status) 4374 goto out; 4375 clp = conf; 4376 } else if (unconf) 4377 clp = unconf; 4378 else { 4379 status = nfserr_stale_clientid; 4380 goto out; 4381 } 4382 if (!nfsd4_mach_creds_match(clp, rqstp)) { 4383 clp = NULL; 4384 status = nfserr_wrong_cred; 4385 goto out; 4386 } 4387 trace_nfsd_clid_destroyed(&clp->cl_clientid); 4388 unhash_client_locked(clp); 4389 out: 4390 spin_unlock(&nn->client_lock); 4391 if (clp) 4392 expire_client(clp); 4393 return status; 4394 } 4395 4396 __be32 nfsd4_reclaim_complete(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4397 nfsd4_reclaim_complete(struct svc_rqst *rqstp, 4398 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 4399 { 4400 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete; 4401 struct nfs4_client *clp = cstate->clp; 4402 __be32 status = 0; 4403 4404 if (rc->rca_one_fs) { 4405 if (!cstate->current_fh.fh_dentry) 4406 return nfserr_nofilehandle; 4407 /* 4408 * We don't take advantage of the rca_one_fs case. 4409 * That's OK, it's optional, we can safely ignore it. 4410 */ 4411 return nfs_ok; 4412 } 4413 4414 status = nfserr_complete_already; 4415 if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 4416 goto out; 4417 4418 status = nfserr_stale_clientid; 4419 if (is_client_expired(clp)) 4420 /* 4421 * The following error isn't really legal. 4422 * But we only get here if the client just explicitly 4423 * destroyed the client. Surely it no longer cares what 4424 * error it gets back on an operation for the dead 4425 * client. 4426 */ 4427 goto out; 4428 4429 status = nfs_ok; 4430 trace_nfsd_clid_reclaim_complete(&clp->cl_clientid); 4431 nfsd4_client_record_create(clp); 4432 inc_reclaim_complete(clp); 4433 out: 4434 return status; 4435 } 4436 4437 __be32 nfsd4_setclientid(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4438 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4439 union nfsd4_op_u *u) 4440 { 4441 struct nfsd4_setclientid *setclid = &u->setclientid; 4442 struct xdr_netobj clname = setclid->se_name; 4443 nfs4_verifier clverifier = setclid->se_verf; 4444 struct nfs4_client *conf, *new; 4445 struct nfs4_client *unconf = NULL; 4446 __be32 status; 4447 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4448 4449 new = create_client(clname, rqstp, &clverifier); 4450 if (new == NULL) 4451 return nfserr_jukebox; 4452 spin_lock(&nn->client_lock); 4453 conf = find_confirmed_client_by_name(&clname, nn); 4454 if (conf && client_has_state(conf)) { 4455 status = nfserr_clid_inuse; 4456 if (clp_used_exchangeid(conf)) 4457 goto out; 4458 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4459 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4460 goto out; 4461 } 4462 } 4463 unconf = find_unconfirmed_client_by_name(&clname, nn); 4464 if (unconf) 4465 unhash_client_locked(unconf); 4466 if (conf) { 4467 if (same_verf(&conf->cl_verifier, &clverifier)) { 4468 copy_clid(new, conf); 4469 gen_confirm(new, nn); 4470 } else 4471 trace_nfsd_clid_verf_mismatch(conf, rqstp, 4472 &clverifier); 4473 } else 4474 trace_nfsd_clid_fresh(new); 4475 new->cl_minorversion = 0; 4476 gen_callback(new, setclid, rqstp); 4477 add_to_unconfirmed(new); 4478 setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot; 4479 setclid->se_clientid.cl_id = new->cl_clientid.cl_id; 4480 memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data)); 4481 new = NULL; 4482 status = nfs_ok; 4483 out: 4484 spin_unlock(&nn->client_lock); 4485 if (new) 4486 free_client(new); 4487 if (unconf) { 4488 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 4489 expire_client(unconf); 4490 } 4491 return status; 4492 } 4493 4494 __be32 nfsd4_setclientid_confirm(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)4495 nfsd4_setclientid_confirm(struct svc_rqst *rqstp, 4496 struct nfsd4_compound_state *cstate, 4497 union nfsd4_op_u *u) 4498 { 4499 struct nfsd4_setclientid_confirm *setclientid_confirm = 4500 &u->setclientid_confirm; 4501 struct nfs4_client *conf, *unconf; 4502 struct nfs4_client *old = NULL; 4503 nfs4_verifier confirm = setclientid_confirm->sc_confirm; 4504 clientid_t * clid = &setclientid_confirm->sc_clientid; 4505 __be32 status; 4506 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4507 4508 if (STALE_CLIENTID(clid, nn)) 4509 return nfserr_stale_clientid; 4510 4511 spin_lock(&nn->client_lock); 4512 conf = find_confirmed_client(clid, false, nn); 4513 unconf = find_unconfirmed_client(clid, false, nn); 4514 /* 4515 * We try hard to give out unique clientid's, so if we get an 4516 * attempt to confirm the same clientid with a different cred, 4517 * the client may be buggy; this should never happen. 4518 * 4519 * Nevertheless, RFC 7530 recommends INUSE for this case: 4520 */ 4521 status = nfserr_clid_inuse; 4522 if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred)) { 4523 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 4524 goto out; 4525 } 4526 if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4527 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4528 goto out; 4529 } 4530 if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) { 4531 if (conf && same_verf(&confirm, &conf->cl_confirm)) { 4532 status = nfs_ok; 4533 } else 4534 status = nfserr_stale_clientid; 4535 goto out; 4536 } 4537 status = nfs_ok; 4538 if (conf) { 4539 old = unconf; 4540 unhash_client_locked(old); 4541 nfsd4_change_callback(conf, &unconf->cl_cb_conn); 4542 } else { 4543 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 4544 if (old) { 4545 status = nfserr_clid_inuse; 4546 if (client_has_state(old) 4547 && !same_creds(&unconf->cl_cred, 4548 &old->cl_cred)) { 4549 old = NULL; 4550 goto out; 4551 } 4552 status = mark_client_expired_locked(old); 4553 if (status) { 4554 old = NULL; 4555 goto out; 4556 } 4557 trace_nfsd_clid_replaced(&old->cl_clientid); 4558 } 4559 move_to_confirmed(unconf); 4560 conf = unconf; 4561 } 4562 get_client_locked(conf); 4563 spin_unlock(&nn->client_lock); 4564 if (conf == unconf) 4565 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 4566 nfsd4_probe_callback(conf); 4567 spin_lock(&nn->client_lock); 4568 put_client_renew_locked(conf); 4569 out: 4570 spin_unlock(&nn->client_lock); 4571 if (old) 4572 expire_client(old); 4573 return status; 4574 } 4575 nfsd4_alloc_file(void)4576 static struct nfs4_file *nfsd4_alloc_file(void) 4577 { 4578 return kmem_cache_alloc(file_slab, GFP_KERNEL); 4579 } 4580 4581 /* OPEN Share state helper functions */ 4582 nfsd4_file_init(const struct svc_fh * fh,struct nfs4_file * fp)4583 static void nfsd4_file_init(const struct svc_fh *fh, struct nfs4_file *fp) 4584 { 4585 refcount_set(&fp->fi_ref, 1); 4586 spin_lock_init(&fp->fi_lock); 4587 INIT_LIST_HEAD(&fp->fi_stateids); 4588 INIT_LIST_HEAD(&fp->fi_delegations); 4589 INIT_LIST_HEAD(&fp->fi_clnt_odstate); 4590 fh_copy_shallow(&fp->fi_fhandle, &fh->fh_handle); 4591 fp->fi_deleg_file = NULL; 4592 fp->fi_had_conflict = false; 4593 fp->fi_share_deny = 0; 4594 memset(fp->fi_fds, 0, sizeof(fp->fi_fds)); 4595 memset(fp->fi_access, 0, sizeof(fp->fi_access)); 4596 fp->fi_aliased = false; 4597 fp->fi_inode = d_inode(fh->fh_dentry); 4598 #ifdef CONFIG_NFSD_PNFS 4599 INIT_LIST_HEAD(&fp->fi_lo_states); 4600 atomic_set(&fp->fi_lo_recalls, 0); 4601 #endif 4602 } 4603 4604 void nfsd4_free_slabs(void)4605 nfsd4_free_slabs(void) 4606 { 4607 kmem_cache_destroy(client_slab); 4608 kmem_cache_destroy(openowner_slab); 4609 kmem_cache_destroy(lockowner_slab); 4610 kmem_cache_destroy(file_slab); 4611 kmem_cache_destroy(stateid_slab); 4612 kmem_cache_destroy(deleg_slab); 4613 kmem_cache_destroy(odstate_slab); 4614 } 4615 4616 int nfsd4_init_slabs(void)4617 nfsd4_init_slabs(void) 4618 { 4619 client_slab = KMEM_CACHE(nfs4_client, 0); 4620 if (client_slab == NULL) 4621 goto out; 4622 openowner_slab = KMEM_CACHE(nfs4_openowner, 0); 4623 if (openowner_slab == NULL) 4624 goto out_free_client_slab; 4625 lockowner_slab = KMEM_CACHE(nfs4_lockowner, 0); 4626 if (lockowner_slab == NULL) 4627 goto out_free_openowner_slab; 4628 file_slab = KMEM_CACHE(nfs4_file, 0); 4629 if (file_slab == NULL) 4630 goto out_free_lockowner_slab; 4631 stateid_slab = KMEM_CACHE(nfs4_ol_stateid, 0); 4632 if (stateid_slab == NULL) 4633 goto out_free_file_slab; 4634 deleg_slab = KMEM_CACHE(nfs4_delegation, 0); 4635 if (deleg_slab == NULL) 4636 goto out_free_stateid_slab; 4637 odstate_slab = KMEM_CACHE(nfs4_clnt_odstate, 0); 4638 if (odstate_slab == NULL) 4639 goto out_free_deleg_slab; 4640 return 0; 4641 4642 out_free_deleg_slab: 4643 kmem_cache_destroy(deleg_slab); 4644 out_free_stateid_slab: 4645 kmem_cache_destroy(stateid_slab); 4646 out_free_file_slab: 4647 kmem_cache_destroy(file_slab); 4648 out_free_lockowner_slab: 4649 kmem_cache_destroy(lockowner_slab); 4650 out_free_openowner_slab: 4651 kmem_cache_destroy(openowner_slab); 4652 out_free_client_slab: 4653 kmem_cache_destroy(client_slab); 4654 out: 4655 return -ENOMEM; 4656 } 4657 4658 static unsigned long nfsd4_state_shrinker_count(struct shrinker * shrink,struct shrink_control * sc)4659 nfsd4_state_shrinker_count(struct shrinker *shrink, struct shrink_control *sc) 4660 { 4661 int count; 4662 struct nfsd_net *nn = shrink->private_data; 4663 4664 count = atomic_read(&nn->nfsd_courtesy_clients); 4665 if (!count) 4666 count = atomic_long_read(&num_delegations); 4667 if (count) 4668 queue_work(laundry_wq, &nn->nfsd_shrinker_work); 4669 return (unsigned long)count; 4670 } 4671 4672 static unsigned long nfsd4_state_shrinker_scan(struct shrinker * shrink,struct shrink_control * sc)4673 nfsd4_state_shrinker_scan(struct shrinker *shrink, struct shrink_control *sc) 4674 { 4675 return SHRINK_STOP; 4676 } 4677 4678 void nfsd4_init_leases_net(struct nfsd_net * nn)4679 nfsd4_init_leases_net(struct nfsd_net *nn) 4680 { 4681 struct sysinfo si; 4682 u64 max_clients; 4683 4684 nn->nfsd4_lease = 90; /* default lease time */ 4685 nn->nfsd4_grace = 90; 4686 nn->somebody_reclaimed = false; 4687 nn->track_reclaim_completes = false; 4688 nn->clverifier_counter = get_random_u32(); 4689 nn->clientid_base = get_random_u32(); 4690 nn->clientid_counter = nn->clientid_base + 1; 4691 nn->s2s_cp_cl_id = nn->clientid_counter++; 4692 4693 atomic_set(&nn->nfs4_client_count, 0); 4694 si_meminfo(&si); 4695 max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024); 4696 max_clients *= NFS4_CLIENTS_PER_GB; 4697 nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB); 4698 4699 atomic_set(&nn->nfsd_courtesy_clients, 0); 4700 } 4701 4702 enum rp_lock { 4703 RP_UNLOCKED, 4704 RP_LOCKED, 4705 RP_UNHASHED, 4706 }; 4707 init_nfs4_replay(struct nfs4_replay * rp)4708 static void init_nfs4_replay(struct nfs4_replay *rp) 4709 { 4710 rp->rp_status = nfserr_serverfault; 4711 rp->rp_buflen = 0; 4712 rp->rp_buf = rp->rp_ibuf; 4713 atomic_set(&rp->rp_locked, RP_UNLOCKED); 4714 } 4715 nfsd4_cstate_assign_replay(struct nfsd4_compound_state * cstate,struct nfs4_stateowner * so)4716 static int nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate, 4717 struct nfs4_stateowner *so) 4718 { 4719 if (!nfsd4_has_session(cstate)) { 4720 wait_var_event(&so->so_replay.rp_locked, 4721 atomic_cmpxchg(&so->so_replay.rp_locked, 4722 RP_UNLOCKED, RP_LOCKED) != RP_LOCKED); 4723 if (atomic_read(&so->so_replay.rp_locked) == RP_UNHASHED) 4724 return -EAGAIN; 4725 cstate->replay_owner = nfs4_get_stateowner(so); 4726 } 4727 return 0; 4728 } 4729 nfsd4_cstate_clear_replay(struct nfsd4_compound_state * cstate)4730 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate) 4731 { 4732 struct nfs4_stateowner *so = cstate->replay_owner; 4733 4734 if (so != NULL) { 4735 cstate->replay_owner = NULL; 4736 atomic_set(&so->so_replay.rp_locked, RP_UNLOCKED); 4737 smp_mb__after_atomic(); 4738 wake_up_var(&so->so_replay.rp_locked); 4739 nfs4_put_stateowner(so); 4740 } 4741 } 4742 alloc_stateowner(struct kmem_cache * slab,struct xdr_netobj * owner,struct nfs4_client * clp)4743 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp) 4744 { 4745 struct nfs4_stateowner *sop; 4746 4747 sop = kmem_cache_alloc(slab, GFP_KERNEL); 4748 if (!sop) 4749 return NULL; 4750 4751 xdr_netobj_dup(&sop->so_owner, owner, GFP_KERNEL); 4752 if (!sop->so_owner.data) { 4753 kmem_cache_free(slab, sop); 4754 return NULL; 4755 } 4756 4757 INIT_LIST_HEAD(&sop->so_stateids); 4758 sop->so_client = clp; 4759 init_nfs4_replay(&sop->so_replay); 4760 atomic_set(&sop->so_count, 1); 4761 return sop; 4762 } 4763 hash_openowner(struct nfs4_openowner * oo,struct nfs4_client * clp,unsigned int strhashval)4764 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval) 4765 { 4766 lockdep_assert_held(&clp->cl_lock); 4767 4768 list_add(&oo->oo_owner.so_strhash, 4769 &clp->cl_ownerstr_hashtbl[strhashval]); 4770 list_add(&oo->oo_perclient, &clp->cl_openowners); 4771 } 4772 nfs4_unhash_openowner(struct nfs4_stateowner * so)4773 static void nfs4_unhash_openowner(struct nfs4_stateowner *so) 4774 { 4775 unhash_openowner_locked(openowner(so)); 4776 } 4777 nfs4_free_openowner(struct nfs4_stateowner * so)4778 static void nfs4_free_openowner(struct nfs4_stateowner *so) 4779 { 4780 struct nfs4_openowner *oo = openowner(so); 4781 4782 kmem_cache_free(openowner_slab, oo); 4783 } 4784 4785 static const struct nfs4_stateowner_operations openowner_ops = { 4786 .so_unhash = nfs4_unhash_openowner, 4787 .so_free = nfs4_free_openowner, 4788 }; 4789 4790 static struct nfs4_ol_stateid * nfsd4_find_existing_open(struct nfs4_file * fp,struct nfsd4_open * open)4791 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 4792 { 4793 struct nfs4_ol_stateid *local, *ret = NULL; 4794 struct nfs4_openowner *oo = open->op_openowner; 4795 4796 lockdep_assert_held(&fp->fi_lock); 4797 4798 list_for_each_entry(local, &fp->fi_stateids, st_perfile) { 4799 /* ignore lock owners */ 4800 if (local->st_stateowner->so_is_open_owner == 0) 4801 continue; 4802 if (local->st_stateowner != &oo->oo_owner) 4803 continue; 4804 if (local->st_stid.sc_type == SC_TYPE_OPEN && 4805 !local->st_stid.sc_status) { 4806 ret = local; 4807 refcount_inc(&ret->st_stid.sc_count); 4808 break; 4809 } 4810 } 4811 return ret; 4812 } 4813 nfsd4_drop_revoked_stid(struct nfs4_stid * s)4814 static void nfsd4_drop_revoked_stid(struct nfs4_stid *s) 4815 __releases(&s->sc_client->cl_lock) 4816 { 4817 struct nfs4_client *cl = s->sc_client; 4818 LIST_HEAD(reaplist); 4819 struct nfs4_ol_stateid *stp; 4820 struct nfs4_delegation *dp; 4821 bool unhashed; 4822 4823 switch (s->sc_type) { 4824 case SC_TYPE_OPEN: 4825 stp = openlockstateid(s); 4826 if (unhash_open_stateid(stp, &reaplist)) 4827 put_ol_stateid_locked(stp, &reaplist); 4828 spin_unlock(&cl->cl_lock); 4829 free_ol_stateid_reaplist(&reaplist); 4830 break; 4831 case SC_TYPE_LOCK: 4832 stp = openlockstateid(s); 4833 unhashed = unhash_lock_stateid(stp); 4834 spin_unlock(&cl->cl_lock); 4835 if (unhashed) 4836 nfs4_put_stid(s); 4837 break; 4838 case SC_TYPE_DELEG: 4839 dp = delegstateid(s); 4840 list_del_init(&dp->dl_recall_lru); 4841 spin_unlock(&cl->cl_lock); 4842 nfs4_put_stid(s); 4843 break; 4844 default: 4845 spin_unlock(&cl->cl_lock); 4846 } 4847 } 4848 nfsd40_drop_revoked_stid(struct nfs4_client * cl,stateid_t * stid)4849 static void nfsd40_drop_revoked_stid(struct nfs4_client *cl, 4850 stateid_t *stid) 4851 { 4852 /* NFSv4.0 has no way for the client to tell the server 4853 * that it can forget an admin-revoked stateid. 4854 * So we keep it around until the first time that the 4855 * client uses it, and drop it the first time 4856 * nfserr_admin_revoked is returned. 4857 * For v4.1 and later we wait until explicitly told 4858 * to free the stateid. 4859 */ 4860 if (cl->cl_minorversion == 0) { 4861 struct nfs4_stid *st; 4862 4863 spin_lock(&cl->cl_lock); 4864 st = find_stateid_locked(cl, stid); 4865 if (st) 4866 nfsd4_drop_revoked_stid(st); 4867 else 4868 spin_unlock(&cl->cl_lock); 4869 } 4870 } 4871 4872 static __be32 nfsd4_verify_open_stid(struct nfs4_stid * s)4873 nfsd4_verify_open_stid(struct nfs4_stid *s) 4874 { 4875 __be32 ret = nfs_ok; 4876 4877 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 4878 ret = nfserr_admin_revoked; 4879 else if (s->sc_status & SC_STATUS_REVOKED) 4880 ret = nfserr_deleg_revoked; 4881 else if (s->sc_status & SC_STATUS_CLOSED) 4882 ret = nfserr_bad_stateid; 4883 return ret; 4884 } 4885 4886 /* Lock the stateid st_mutex, and deal with races with CLOSE */ 4887 static __be32 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid * stp)4888 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp) 4889 { 4890 __be32 ret; 4891 4892 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX); 4893 ret = nfsd4_verify_open_stid(&stp->st_stid); 4894 if (ret == nfserr_admin_revoked) 4895 nfsd40_drop_revoked_stid(stp->st_stid.sc_client, 4896 &stp->st_stid.sc_stateid); 4897 4898 if (ret != nfs_ok) 4899 mutex_unlock(&stp->st_mutex); 4900 return ret; 4901 } 4902 4903 static struct nfs4_ol_stateid * nfsd4_find_and_lock_existing_open(struct nfs4_file * fp,struct nfsd4_open * open)4904 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 4905 { 4906 struct nfs4_ol_stateid *stp; 4907 for (;;) { 4908 spin_lock(&fp->fi_lock); 4909 stp = nfsd4_find_existing_open(fp, open); 4910 spin_unlock(&fp->fi_lock); 4911 if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok) 4912 break; 4913 nfs4_put_stid(&stp->st_stid); 4914 } 4915 return stp; 4916 } 4917 4918 static struct nfs4_openowner * find_or_alloc_open_stateowner(unsigned int strhashval,struct nfsd4_open * open,struct nfsd4_compound_state * cstate)4919 find_or_alloc_open_stateowner(unsigned int strhashval, struct nfsd4_open *open, 4920 struct nfsd4_compound_state *cstate) 4921 { 4922 struct nfs4_client *clp = cstate->clp; 4923 struct nfs4_openowner *oo, *new = NULL; 4924 4925 retry: 4926 spin_lock(&clp->cl_lock); 4927 oo = find_openstateowner_str(strhashval, open, clp); 4928 if (!oo && new) { 4929 hash_openowner(new, clp, strhashval); 4930 spin_unlock(&clp->cl_lock); 4931 return new; 4932 } 4933 spin_unlock(&clp->cl_lock); 4934 4935 if (oo && !(oo->oo_flags & NFS4_OO_CONFIRMED)) { 4936 /* Replace unconfirmed owners without checking for replay. */ 4937 release_openowner(oo); 4938 oo = NULL; 4939 } 4940 if (oo) { 4941 if (new) 4942 nfs4_free_stateowner(&new->oo_owner); 4943 return oo; 4944 } 4945 4946 new = alloc_stateowner(openowner_slab, &open->op_owner, clp); 4947 if (!new) 4948 return NULL; 4949 new->oo_owner.so_ops = &openowner_ops; 4950 new->oo_owner.so_is_open_owner = 1; 4951 new->oo_owner.so_seqid = open->op_seqid; 4952 new->oo_flags = 0; 4953 if (nfsd4_has_session(cstate)) 4954 new->oo_flags |= NFS4_OO_CONFIRMED; 4955 new->oo_time = 0; 4956 new->oo_last_closed_stid = NULL; 4957 INIT_LIST_HEAD(&new->oo_close_lru); 4958 goto retry; 4959 } 4960 4961 static struct nfs4_ol_stateid * init_open_stateid(struct nfs4_file * fp,struct nfsd4_open * open)4962 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open) 4963 { 4964 4965 struct nfs4_openowner *oo = open->op_openowner; 4966 struct nfs4_ol_stateid *retstp = NULL; 4967 struct nfs4_ol_stateid *stp; 4968 4969 stp = open->op_stp; 4970 /* We are moving these outside of the spinlocks to avoid the warnings */ 4971 mutex_init(&stp->st_mutex); 4972 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 4973 4974 retry: 4975 spin_lock(&oo->oo_owner.so_client->cl_lock); 4976 spin_lock(&fp->fi_lock); 4977 4978 retstp = nfsd4_find_existing_open(fp, open); 4979 if (retstp) 4980 goto out_unlock; 4981 4982 open->op_stp = NULL; 4983 refcount_inc(&stp->st_stid.sc_count); 4984 stp->st_stid.sc_type = SC_TYPE_OPEN; 4985 INIT_LIST_HEAD(&stp->st_locks); 4986 stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner); 4987 get_nfs4_file(fp); 4988 stp->st_stid.sc_file = fp; 4989 stp->st_access_bmap = 0; 4990 stp->st_deny_bmap = 0; 4991 stp->st_openstp = NULL; 4992 list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids); 4993 list_add(&stp->st_perfile, &fp->fi_stateids); 4994 4995 out_unlock: 4996 spin_unlock(&fp->fi_lock); 4997 spin_unlock(&oo->oo_owner.so_client->cl_lock); 4998 if (retstp) { 4999 /* Handle races with CLOSE */ 5000 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 5001 nfs4_put_stid(&retstp->st_stid); 5002 goto retry; 5003 } 5004 /* To keep mutex tracking happy */ 5005 mutex_unlock(&stp->st_mutex); 5006 stp = retstp; 5007 } 5008 return stp; 5009 } 5010 5011 /* 5012 * In the 4.0 case we need to keep the owners around a little while to handle 5013 * CLOSE replay. We still do need to release any file access that is held by 5014 * them before returning however. 5015 */ 5016 static void move_to_close_lru(struct nfs4_ol_stateid * s,struct net * net)5017 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net) 5018 { 5019 struct nfs4_ol_stateid *last; 5020 struct nfs4_openowner *oo = openowner(s->st_stateowner); 5021 struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net, 5022 nfsd_net_id); 5023 5024 dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo); 5025 5026 /* 5027 * We know that we hold one reference via nfsd4_close, and another 5028 * "persistent" reference for the client. If the refcount is higher 5029 * than 2, then there are still calls in progress that are using this 5030 * stateid. We can't put the sc_file reference until they are finished. 5031 * Wait for the refcount to drop to 2. Since it has been unhashed, 5032 * there should be no danger of the refcount going back up again at 5033 * this point. 5034 * Some threads with a reference might be waiting for rp_locked, 5035 * so tell them to stop waiting. 5036 */ 5037 atomic_set(&oo->oo_owner.so_replay.rp_locked, RP_UNHASHED); 5038 smp_mb__after_atomic(); 5039 wake_up_var(&oo->oo_owner.so_replay.rp_locked); 5040 wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2); 5041 5042 release_all_access(s); 5043 if (s->st_stid.sc_file) { 5044 put_nfs4_file(s->st_stid.sc_file); 5045 s->st_stid.sc_file = NULL; 5046 } 5047 5048 spin_lock(&nn->client_lock); 5049 last = oo->oo_last_closed_stid; 5050 oo->oo_last_closed_stid = s; 5051 list_move_tail(&oo->oo_close_lru, &nn->close_lru); 5052 oo->oo_time = ktime_get_boottime_seconds(); 5053 spin_unlock(&nn->client_lock); 5054 if (last) 5055 nfs4_put_stid(&last->st_stid); 5056 } 5057 5058 static noinline_for_stack struct nfs4_file * nfsd4_file_hash_lookup(const struct svc_fh * fhp)5059 nfsd4_file_hash_lookup(const struct svc_fh *fhp) 5060 { 5061 struct inode *inode = d_inode(fhp->fh_dentry); 5062 struct rhlist_head *tmp, *list; 5063 struct nfs4_file *fi; 5064 5065 rcu_read_lock(); 5066 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5067 nfs4_file_rhash_params); 5068 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5069 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5070 if (refcount_inc_not_zero(&fi->fi_ref)) { 5071 rcu_read_unlock(); 5072 return fi; 5073 } 5074 } 5075 } 5076 rcu_read_unlock(); 5077 return NULL; 5078 } 5079 5080 /* 5081 * On hash insertion, identify entries with the same inode but 5082 * distinct filehandles. They will all be on the list returned 5083 * by rhltable_lookup(). 5084 * 5085 * inode->i_lock prevents racing insertions from adding an entry 5086 * for the same inode/fhp pair twice. 5087 */ 5088 static noinline_for_stack struct nfs4_file * nfsd4_file_hash_insert(struct nfs4_file * new,const struct svc_fh * fhp)5089 nfsd4_file_hash_insert(struct nfs4_file *new, const struct svc_fh *fhp) 5090 { 5091 struct inode *inode = d_inode(fhp->fh_dentry); 5092 struct rhlist_head *tmp, *list; 5093 struct nfs4_file *ret = NULL; 5094 bool alias_found = false; 5095 struct nfs4_file *fi; 5096 int err; 5097 5098 rcu_read_lock(); 5099 spin_lock(&inode->i_lock); 5100 5101 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5102 nfs4_file_rhash_params); 5103 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5104 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5105 if (refcount_inc_not_zero(&fi->fi_ref)) 5106 ret = fi; 5107 } else 5108 fi->fi_aliased = alias_found = true; 5109 } 5110 if (ret) 5111 goto out_unlock; 5112 5113 nfsd4_file_init(fhp, new); 5114 err = rhltable_insert(&nfs4_file_rhltable, &new->fi_rlist, 5115 nfs4_file_rhash_params); 5116 if (err) 5117 goto out_unlock; 5118 5119 new->fi_aliased = alias_found; 5120 ret = new; 5121 5122 out_unlock: 5123 spin_unlock(&inode->i_lock); 5124 rcu_read_unlock(); 5125 return ret; 5126 } 5127 nfsd4_file_hash_remove(struct nfs4_file * fi)5128 static noinline_for_stack void nfsd4_file_hash_remove(struct nfs4_file *fi) 5129 { 5130 rhltable_remove(&nfs4_file_rhltable, &fi->fi_rlist, 5131 nfs4_file_rhash_params); 5132 } 5133 5134 /* 5135 * Called to check deny when READ with all zero stateid or 5136 * WRITE with all zero or all one stateid 5137 */ 5138 static __be32 nfs4_share_conflict(struct svc_fh * current_fh,unsigned int deny_type)5139 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type) 5140 { 5141 struct nfs4_file *fp; 5142 __be32 ret = nfs_ok; 5143 5144 fp = nfsd4_file_hash_lookup(current_fh); 5145 if (!fp) 5146 return ret; 5147 5148 /* Check for conflicting share reservations */ 5149 spin_lock(&fp->fi_lock); 5150 if (fp->fi_share_deny & deny_type) 5151 ret = nfserr_locked; 5152 spin_unlock(&fp->fi_lock); 5153 put_nfs4_file(fp); 5154 return ret; 5155 } 5156 nfsd4_deleg_present(const struct inode * inode)5157 static bool nfsd4_deleg_present(const struct inode *inode) 5158 { 5159 struct file_lock_context *ctx = locks_inode_context(inode); 5160 5161 return ctx && !list_empty_careful(&ctx->flc_lease); 5162 } 5163 5164 /** 5165 * nfsd_wait_for_delegreturn - wait for delegations to be returned 5166 * @rqstp: the RPC transaction being executed 5167 * @inode: in-core inode of the file being waited for 5168 * 5169 * The timeout prevents deadlock if all nfsd threads happen to be 5170 * tied up waiting for returning delegations. 5171 * 5172 * Return values: 5173 * %true: delegation was returned 5174 * %false: timed out waiting for delegreturn 5175 */ nfsd_wait_for_delegreturn(struct svc_rqst * rqstp,struct inode * inode)5176 bool nfsd_wait_for_delegreturn(struct svc_rqst *rqstp, struct inode *inode) 5177 { 5178 long __maybe_unused timeo; 5179 5180 timeo = wait_var_event_timeout(inode, !nfsd4_deleg_present(inode), 5181 NFSD_DELEGRETURN_TIMEOUT); 5182 trace_nfsd_delegret_wakeup(rqstp, inode, timeo); 5183 return timeo > 0; 5184 } 5185 nfsd4_cb_recall_prepare(struct nfsd4_callback * cb)5186 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb) 5187 { 5188 struct nfs4_delegation *dp = cb_to_delegation(cb); 5189 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 5190 nfsd_net_id); 5191 5192 block_delegations(&dp->dl_stid.sc_file->fi_fhandle); 5193 5194 /* 5195 * We can't do this in nfsd_break_deleg_cb because it is 5196 * already holding inode->i_lock. 5197 * 5198 * If the dl_time != 0, then we know that it has already been 5199 * queued for a lease break. Don't queue it again. 5200 */ 5201 spin_lock(&state_lock); 5202 if (delegation_hashed(dp) && dp->dl_time == 0) { 5203 dp->dl_time = ktime_get_boottime_seconds(); 5204 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru); 5205 } 5206 spin_unlock(&state_lock); 5207 } 5208 nfsd4_cb_recall_done(struct nfsd4_callback * cb,struct rpc_task * task)5209 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb, 5210 struct rpc_task *task) 5211 { 5212 struct nfs4_delegation *dp = cb_to_delegation(cb); 5213 5214 trace_nfsd_cb_recall_done(&dp->dl_stid.sc_stateid, task); 5215 5216 if (dp->dl_stid.sc_status) 5217 /* CLOSED or REVOKED */ 5218 return 1; 5219 5220 switch (task->tk_status) { 5221 case 0: 5222 return 1; 5223 case -NFS4ERR_DELAY: 5224 rpc_delay(task, 2 * HZ); 5225 return 0; 5226 case -EBADHANDLE: 5227 case -NFS4ERR_BAD_STATEID: 5228 /* 5229 * Race: client probably got cb_recall before open reply 5230 * granting delegation. 5231 */ 5232 if (dp->dl_retries--) { 5233 rpc_delay(task, 2 * HZ); 5234 return 0; 5235 } 5236 fallthrough; 5237 default: 5238 return 1; 5239 } 5240 } 5241 nfsd4_cb_recall_release(struct nfsd4_callback * cb)5242 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb) 5243 { 5244 struct nfs4_delegation *dp = cb_to_delegation(cb); 5245 5246 nfs4_put_stid(&dp->dl_stid); 5247 } 5248 5249 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = { 5250 .prepare = nfsd4_cb_recall_prepare, 5251 .done = nfsd4_cb_recall_done, 5252 .release = nfsd4_cb_recall_release, 5253 .opcode = OP_CB_RECALL, 5254 }; 5255 nfsd_break_one_deleg(struct nfs4_delegation * dp)5256 static void nfsd_break_one_deleg(struct nfs4_delegation *dp) 5257 { 5258 /* 5259 * We're assuming the state code never drops its reference 5260 * without first removing the lease. Since we're in this lease 5261 * callback (and since the lease code is serialized by the 5262 * flc_lock) we know the server hasn't removed the lease yet, and 5263 * we know it's safe to take a reference. 5264 */ 5265 refcount_inc(&dp->dl_stid.sc_count); 5266 WARN_ON_ONCE(!nfsd4_run_cb(&dp->dl_recall)); 5267 } 5268 5269 /* Called from break_lease() with flc_lock held. */ 5270 static bool nfsd_break_deleg_cb(struct file_lease * fl)5271 nfsd_break_deleg_cb(struct file_lease *fl) 5272 { 5273 struct nfs4_delegation *dp = (struct nfs4_delegation *) fl->c.flc_owner; 5274 struct nfs4_file *fp = dp->dl_stid.sc_file; 5275 struct nfs4_client *clp = dp->dl_stid.sc_client; 5276 struct nfsd_net *nn; 5277 5278 trace_nfsd_cb_recall(&dp->dl_stid); 5279 5280 dp->dl_recalled = true; 5281 atomic_inc(&clp->cl_delegs_in_recall); 5282 if (try_to_expire_client(clp)) { 5283 nn = net_generic(clp->net, nfsd_net_id); 5284 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 5285 } 5286 5287 /* 5288 * We don't want the locks code to timeout the lease for us; 5289 * we'll remove it ourself if a delegation isn't returned 5290 * in time: 5291 */ 5292 fl->fl_break_time = 0; 5293 5294 fp->fi_had_conflict = true; 5295 nfsd_break_one_deleg(dp); 5296 return false; 5297 } 5298 5299 /** 5300 * nfsd_breaker_owns_lease - Check if lease conflict was resolved 5301 * @fl: Lock state to check 5302 * 5303 * Return values: 5304 * %true: Lease conflict was resolved 5305 * %false: Lease conflict was not resolved. 5306 */ nfsd_breaker_owns_lease(struct file_lease * fl)5307 static bool nfsd_breaker_owns_lease(struct file_lease *fl) 5308 { 5309 struct nfs4_delegation *dl = fl->c.flc_owner; 5310 struct svc_rqst *rqst; 5311 struct nfs4_client *clp; 5312 5313 rqst = nfsd_current_rqst(); 5314 if (!nfsd_v4client(rqst)) 5315 return false; 5316 clp = *(rqst->rq_lease_breaker); 5317 return dl->dl_stid.sc_client == clp; 5318 } 5319 5320 static int nfsd_change_deleg_cb(struct file_lease * onlist,int arg,struct list_head * dispose)5321 nfsd_change_deleg_cb(struct file_lease *onlist, int arg, 5322 struct list_head *dispose) 5323 { 5324 struct nfs4_delegation *dp = (struct nfs4_delegation *) onlist->c.flc_owner; 5325 struct nfs4_client *clp = dp->dl_stid.sc_client; 5326 5327 if (arg & F_UNLCK) { 5328 if (dp->dl_recalled) 5329 atomic_dec(&clp->cl_delegs_in_recall); 5330 return lease_modify(onlist, arg, dispose); 5331 } else 5332 return -EAGAIN; 5333 } 5334 5335 static const struct lease_manager_operations nfsd_lease_mng_ops = { 5336 .lm_breaker_owns_lease = nfsd_breaker_owns_lease, 5337 .lm_break = nfsd_break_deleg_cb, 5338 .lm_change = nfsd_change_deleg_cb, 5339 }; 5340 nfsd4_check_seqid(struct nfsd4_compound_state * cstate,struct nfs4_stateowner * so,u32 seqid)5341 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid) 5342 { 5343 if (nfsd4_has_session(cstate)) 5344 return nfs_ok; 5345 if (seqid == so->so_seqid - 1) 5346 return nfserr_replay_me; 5347 if (seqid == so->so_seqid) 5348 return nfs_ok; 5349 return nfserr_bad_seqid; 5350 } 5351 lookup_clientid(clientid_t * clid,bool sessions,struct nfsd_net * nn)5352 static struct nfs4_client *lookup_clientid(clientid_t *clid, bool sessions, 5353 struct nfsd_net *nn) 5354 { 5355 struct nfs4_client *found; 5356 5357 spin_lock(&nn->client_lock); 5358 found = find_confirmed_client(clid, sessions, nn); 5359 if (found) 5360 atomic_inc(&found->cl_rpc_users); 5361 spin_unlock(&nn->client_lock); 5362 return found; 5363 } 5364 set_client(clientid_t * clid,struct nfsd4_compound_state * cstate,struct nfsd_net * nn)5365 static __be32 set_client(clientid_t *clid, 5366 struct nfsd4_compound_state *cstate, 5367 struct nfsd_net *nn) 5368 { 5369 if (cstate->clp) { 5370 if (!same_clid(&cstate->clp->cl_clientid, clid)) 5371 return nfserr_stale_clientid; 5372 return nfs_ok; 5373 } 5374 if (STALE_CLIENTID(clid, nn)) 5375 return nfserr_stale_clientid; 5376 /* 5377 * We're in the 4.0 case (otherwise the SEQUENCE op would have 5378 * set cstate->clp), so session = false: 5379 */ 5380 cstate->clp = lookup_clientid(clid, false, nn); 5381 if (!cstate->clp) 5382 return nfserr_expired; 5383 return nfs_ok; 5384 } 5385 5386 __be32 nfsd4_process_open1(struct nfsd4_compound_state * cstate,struct nfsd4_open * open,struct nfsd_net * nn)5387 nfsd4_process_open1(struct nfsd4_compound_state *cstate, 5388 struct nfsd4_open *open, struct nfsd_net *nn) 5389 { 5390 clientid_t *clientid = &open->op_clientid; 5391 struct nfs4_client *clp = NULL; 5392 unsigned int strhashval; 5393 struct nfs4_openowner *oo = NULL; 5394 __be32 status; 5395 5396 /* 5397 * In case we need it later, after we've already created the 5398 * file and don't want to risk a further failure: 5399 */ 5400 open->op_file = nfsd4_alloc_file(); 5401 if (open->op_file == NULL) 5402 return nfserr_jukebox; 5403 5404 status = set_client(clientid, cstate, nn); 5405 if (status) 5406 return status; 5407 clp = cstate->clp; 5408 5409 strhashval = ownerstr_hashval(&open->op_owner); 5410 retry: 5411 oo = find_or_alloc_open_stateowner(strhashval, open, cstate); 5412 open->op_openowner = oo; 5413 if (!oo) 5414 return nfserr_jukebox; 5415 if (nfsd4_cstate_assign_replay(cstate, &oo->oo_owner) == -EAGAIN) { 5416 nfs4_put_stateowner(&oo->oo_owner); 5417 goto retry; 5418 } 5419 status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); 5420 if (status) 5421 return status; 5422 5423 open->op_stp = nfs4_alloc_open_stateid(clp); 5424 if (!open->op_stp) 5425 return nfserr_jukebox; 5426 5427 if (nfsd4_has_session(cstate) && 5428 (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) { 5429 open->op_odstate = alloc_clnt_odstate(clp); 5430 if (!open->op_odstate) 5431 return nfserr_jukebox; 5432 } 5433 5434 return nfs_ok; 5435 } 5436 5437 static inline __be32 nfs4_check_delegmode(struct nfs4_delegation * dp,int flags)5438 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags) 5439 { 5440 if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ)) 5441 return nfserr_openmode; 5442 else 5443 return nfs_ok; 5444 } 5445 share_access_to_flags(u32 share_access)5446 static int share_access_to_flags(u32 share_access) 5447 { 5448 return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE; 5449 } 5450 find_deleg_stateid(struct nfs4_client * cl,stateid_t * s)5451 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, 5452 stateid_t *s) 5453 { 5454 struct nfs4_stid *ret; 5455 5456 ret = find_stateid_by_type(cl, s, SC_TYPE_DELEG, SC_STATUS_REVOKED); 5457 if (!ret) 5458 return NULL; 5459 return delegstateid(ret); 5460 } 5461 nfsd4_is_deleg_cur(struct nfsd4_open * open)5462 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open) 5463 { 5464 return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR || 5465 open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH; 5466 } 5467 5468 static __be32 nfs4_check_deleg(struct nfs4_client * cl,struct nfsd4_open * open,struct nfs4_delegation ** dp)5469 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open, 5470 struct nfs4_delegation **dp) 5471 { 5472 int flags; 5473 __be32 status = nfserr_bad_stateid; 5474 struct nfs4_delegation *deleg; 5475 5476 deleg = find_deleg_stateid(cl, &open->op_delegate_stateid); 5477 if (deleg == NULL) 5478 goto out; 5479 if (deleg->dl_stid.sc_status & SC_STATUS_ADMIN_REVOKED) { 5480 nfs4_put_stid(&deleg->dl_stid); 5481 status = nfserr_admin_revoked; 5482 goto out; 5483 } 5484 if (deleg->dl_stid.sc_status & SC_STATUS_REVOKED) { 5485 nfs4_put_stid(&deleg->dl_stid); 5486 nfsd40_drop_revoked_stid(cl, &open->op_delegate_stateid); 5487 status = nfserr_deleg_revoked; 5488 goto out; 5489 } 5490 flags = share_access_to_flags(open->op_share_access); 5491 status = nfs4_check_delegmode(deleg, flags); 5492 if (status) { 5493 nfs4_put_stid(&deleg->dl_stid); 5494 goto out; 5495 } 5496 *dp = deleg; 5497 out: 5498 if (!nfsd4_is_deleg_cur(open)) 5499 return nfs_ok; 5500 if (status) 5501 return status; 5502 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 5503 return nfs_ok; 5504 } 5505 nfs4_access_to_access(u32 nfs4_access)5506 static inline int nfs4_access_to_access(u32 nfs4_access) 5507 { 5508 int flags = 0; 5509 5510 if (nfs4_access & NFS4_SHARE_ACCESS_READ) 5511 flags |= NFSD_MAY_READ; 5512 if (nfs4_access & NFS4_SHARE_ACCESS_WRITE) 5513 flags |= NFSD_MAY_WRITE; 5514 return flags; 5515 } 5516 5517 static inline __be32 nfsd4_truncate(struct svc_rqst * rqstp,struct svc_fh * fh,struct nfsd4_open * open)5518 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh, 5519 struct nfsd4_open *open) 5520 { 5521 struct iattr iattr = { 5522 .ia_valid = ATTR_SIZE, 5523 .ia_size = 0, 5524 }; 5525 struct nfsd_attrs attrs = { 5526 .na_iattr = &iattr, 5527 }; 5528 if (!open->op_truncate) 5529 return 0; 5530 if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE)) 5531 return nfserr_inval; 5532 return nfsd_setattr(rqstp, fh, &attrs, NULL); 5533 } 5534 nfs4_get_vfs_file(struct svc_rqst * rqstp,struct nfs4_file * fp,struct svc_fh * cur_fh,struct nfs4_ol_stateid * stp,struct nfsd4_open * open,bool new_stp)5535 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp, 5536 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5537 struct nfsd4_open *open, bool new_stp) 5538 { 5539 struct nfsd_file *nf = NULL; 5540 __be32 status; 5541 int oflag = nfs4_access_to_omode(open->op_share_access); 5542 int access = nfs4_access_to_access(open->op_share_access); 5543 unsigned char old_access_bmap, old_deny_bmap; 5544 5545 spin_lock(&fp->fi_lock); 5546 5547 /* 5548 * Are we trying to set a deny mode that would conflict with 5549 * current access? 5550 */ 5551 status = nfs4_file_check_deny(fp, open->op_share_deny); 5552 if (status != nfs_ok) { 5553 if (status != nfserr_share_denied) { 5554 spin_unlock(&fp->fi_lock); 5555 goto out; 5556 } 5557 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5558 stp, open->op_share_deny, false)) 5559 status = nfserr_jukebox; 5560 spin_unlock(&fp->fi_lock); 5561 goto out; 5562 } 5563 5564 /* set access to the file */ 5565 status = nfs4_file_get_access(fp, open->op_share_access); 5566 if (status != nfs_ok) { 5567 if (status != nfserr_share_denied) { 5568 spin_unlock(&fp->fi_lock); 5569 goto out; 5570 } 5571 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5572 stp, open->op_share_access, true)) 5573 status = nfserr_jukebox; 5574 spin_unlock(&fp->fi_lock); 5575 goto out; 5576 } 5577 5578 /* Set access bits in stateid */ 5579 old_access_bmap = stp->st_access_bmap; 5580 set_access(open->op_share_access, stp); 5581 5582 /* Set new deny mask */ 5583 old_deny_bmap = stp->st_deny_bmap; 5584 set_deny(open->op_share_deny, stp); 5585 fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 5586 5587 if (!fp->fi_fds[oflag]) { 5588 spin_unlock(&fp->fi_lock); 5589 5590 status = nfsd_file_acquire_opened(rqstp, cur_fh, access, 5591 open->op_filp, &nf); 5592 if (status != nfs_ok) 5593 goto out_put_access; 5594 5595 spin_lock(&fp->fi_lock); 5596 if (!fp->fi_fds[oflag]) { 5597 fp->fi_fds[oflag] = nf; 5598 nf = NULL; 5599 } 5600 } 5601 spin_unlock(&fp->fi_lock); 5602 if (nf) 5603 nfsd_file_put(nf); 5604 5605 status = nfserrno(nfsd_open_break_lease(cur_fh->fh_dentry->d_inode, 5606 access)); 5607 if (status) 5608 goto out_put_access; 5609 5610 status = nfsd4_truncate(rqstp, cur_fh, open); 5611 if (status) 5612 goto out_put_access; 5613 out: 5614 return status; 5615 out_put_access: 5616 stp->st_access_bmap = old_access_bmap; 5617 nfs4_file_put_access(fp, open->op_share_access); 5618 reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp); 5619 goto out; 5620 } 5621 5622 static __be32 nfs4_upgrade_open(struct svc_rqst * rqstp,struct nfs4_file * fp,struct svc_fh * cur_fh,struct nfs4_ol_stateid * stp,struct nfsd4_open * open)5623 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, 5624 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5625 struct nfsd4_open *open) 5626 { 5627 __be32 status; 5628 unsigned char old_deny_bmap = stp->st_deny_bmap; 5629 5630 if (!test_access(open->op_share_access, stp)) 5631 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open, false); 5632 5633 /* test and set deny mode */ 5634 spin_lock(&fp->fi_lock); 5635 status = nfs4_file_check_deny(fp, open->op_share_deny); 5636 switch (status) { 5637 case nfs_ok: 5638 set_deny(open->op_share_deny, stp); 5639 fp->fi_share_deny |= 5640 (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 5641 break; 5642 case nfserr_share_denied: 5643 if (nfs4_resolve_deny_conflicts_locked(fp, false, 5644 stp, open->op_share_deny, false)) 5645 status = nfserr_jukebox; 5646 break; 5647 } 5648 spin_unlock(&fp->fi_lock); 5649 5650 if (status != nfs_ok) 5651 return status; 5652 5653 status = nfsd4_truncate(rqstp, cur_fh, open); 5654 if (status != nfs_ok) 5655 reset_union_bmap_deny(old_deny_bmap, stp); 5656 return status; 5657 } 5658 5659 /* Should we give out recallable state?: */ nfsd4_cb_channel_good(struct nfs4_client * clp)5660 static bool nfsd4_cb_channel_good(struct nfs4_client *clp) 5661 { 5662 if (clp->cl_cb_state == NFSD4_CB_UP) 5663 return true; 5664 /* 5665 * In the sessions case, since we don't have to establish a 5666 * separate connection for callbacks, we assume it's OK 5667 * until we hear otherwise: 5668 */ 5669 return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN; 5670 } 5671 nfs4_alloc_init_lease(struct nfs4_delegation * dp,int flag)5672 static struct file_lease *nfs4_alloc_init_lease(struct nfs4_delegation *dp, 5673 int flag) 5674 { 5675 struct file_lease *fl; 5676 5677 fl = locks_alloc_lease(); 5678 if (!fl) 5679 return NULL; 5680 fl->fl_lmops = &nfsd_lease_mng_ops; 5681 fl->c.flc_flags = FL_DELEG; 5682 fl->c.flc_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK; 5683 fl->c.flc_owner = (fl_owner_t)dp; 5684 fl->c.flc_pid = current->tgid; 5685 fl->c.flc_file = dp->dl_stid.sc_file->fi_deleg_file->nf_file; 5686 return fl; 5687 } 5688 nfsd4_check_conflicting_opens(struct nfs4_client * clp,struct nfs4_file * fp)5689 static int nfsd4_check_conflicting_opens(struct nfs4_client *clp, 5690 struct nfs4_file *fp) 5691 { 5692 struct nfs4_ol_stateid *st; 5693 struct file *f = fp->fi_deleg_file->nf_file; 5694 struct inode *ino = file_inode(f); 5695 int writes; 5696 5697 writes = atomic_read(&ino->i_writecount); 5698 if (!writes) 5699 return 0; 5700 /* 5701 * There could be multiple filehandles (hence multiple 5702 * nfs4_files) referencing this file, but that's not too 5703 * common; let's just give up in that case rather than 5704 * trying to go look up all the clients using that other 5705 * nfs4_file as well: 5706 */ 5707 if (fp->fi_aliased) 5708 return -EAGAIN; 5709 /* 5710 * If there's a close in progress, make sure that we see it 5711 * clear any fi_fds[] entries before we see it decrement 5712 * i_writecount: 5713 */ 5714 smp_mb__after_atomic(); 5715 5716 if (fp->fi_fds[O_WRONLY]) 5717 writes--; 5718 if (fp->fi_fds[O_RDWR]) 5719 writes--; 5720 if (writes > 0) 5721 return -EAGAIN; /* There may be non-NFSv4 writers */ 5722 /* 5723 * It's possible there are non-NFSv4 write opens in progress, 5724 * but if they haven't incremented i_writecount yet then they 5725 * also haven't called break lease yet; so, they'll break this 5726 * lease soon enough. So, all that's left to check for is NFSv4 5727 * opens: 5728 */ 5729 spin_lock(&fp->fi_lock); 5730 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 5731 if (st->st_openstp == NULL /* it's an open */ && 5732 access_permit_write(st) && 5733 st->st_stid.sc_client != clp) { 5734 spin_unlock(&fp->fi_lock); 5735 return -EAGAIN; 5736 } 5737 } 5738 spin_unlock(&fp->fi_lock); 5739 /* 5740 * There's a small chance that we could be racing with another 5741 * NFSv4 open. However, any open that hasn't added itself to 5742 * the fi_stateids list also hasn't called break_lease yet; so, 5743 * they'll break this lease soon enough. 5744 */ 5745 return 0; 5746 } 5747 5748 /* 5749 * It's possible that between opening the dentry and setting the delegation, 5750 * that it has been renamed or unlinked. Redo the lookup to verify that this 5751 * hasn't happened. 5752 */ 5753 static int nfsd4_verify_deleg_dentry(struct nfsd4_open * open,struct nfs4_file * fp,struct svc_fh * parent)5754 nfsd4_verify_deleg_dentry(struct nfsd4_open *open, struct nfs4_file *fp, 5755 struct svc_fh *parent) 5756 { 5757 struct svc_export *exp; 5758 struct dentry *child; 5759 __be32 err; 5760 5761 err = nfsd_lookup_dentry(open->op_rqstp, parent, 5762 open->op_fname, open->op_fnamelen, 5763 &exp, &child); 5764 5765 if (err) 5766 return -EAGAIN; 5767 5768 exp_put(exp); 5769 dput(child); 5770 if (child != file_dentry(fp->fi_deleg_file->nf_file)) 5771 return -EAGAIN; 5772 5773 return 0; 5774 } 5775 5776 /* 5777 * We avoid breaking delegations held by a client due to its own activity, but 5778 * clearing setuid/setgid bits on a write is an implicit activity and the client 5779 * may not notice and continue using the old mode. Avoid giving out a delegation 5780 * on setuid/setgid files when the client is requesting an open for write. 5781 */ 5782 static int nfsd4_verify_setuid_write(struct nfsd4_open * open,struct nfsd_file * nf)5783 nfsd4_verify_setuid_write(struct nfsd4_open *open, struct nfsd_file *nf) 5784 { 5785 struct inode *inode = file_inode(nf->nf_file); 5786 5787 if ((open->op_share_access & NFS4_SHARE_ACCESS_WRITE) && 5788 (inode->i_mode & (S_ISUID|S_ISGID))) 5789 return -EAGAIN; 5790 return 0; 5791 } 5792 5793 static struct nfs4_delegation * nfs4_set_delegation(struct nfsd4_open * open,struct nfs4_ol_stateid * stp,struct svc_fh * parent)5794 nfs4_set_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp, 5795 struct svc_fh *parent) 5796 { 5797 int status = 0; 5798 struct nfs4_client *clp = stp->st_stid.sc_client; 5799 struct nfs4_file *fp = stp->st_stid.sc_file; 5800 struct nfs4_clnt_odstate *odstate = stp->st_clnt_odstate; 5801 struct nfs4_delegation *dp; 5802 struct nfsd_file *nf = NULL; 5803 struct file_lease *fl; 5804 u32 dl_type; 5805 5806 /* 5807 * The fi_had_conflict and nfs_get_existing_delegation checks 5808 * here are just optimizations; we'll need to recheck them at 5809 * the end: 5810 */ 5811 if (fp->fi_had_conflict) 5812 return ERR_PTR(-EAGAIN); 5813 5814 /* 5815 * Try for a write delegation first. RFC8881 section 10.4 says: 5816 * 5817 * "An OPEN_DELEGATE_WRITE delegation allows the client to handle, 5818 * on its own, all opens." 5819 * 5820 * Furthermore the client can use a write delegation for most READ 5821 * operations as well, so we require a O_RDWR file here. 5822 * 5823 * Offer a write delegation in the case of a BOTH open, and ensure 5824 * we get the O_RDWR descriptor. 5825 */ 5826 if ((open->op_share_access & NFS4_SHARE_ACCESS_BOTH) == NFS4_SHARE_ACCESS_BOTH) { 5827 nf = find_rw_file(fp); 5828 dl_type = NFS4_OPEN_DELEGATE_WRITE; 5829 } 5830 5831 /* 5832 * If the file is being opened O_RDONLY or we couldn't get a O_RDWR 5833 * file for some reason, then try for a read delegation instead. 5834 */ 5835 if (!nf && (open->op_share_access & NFS4_SHARE_ACCESS_READ)) { 5836 nf = find_readable_file(fp); 5837 dl_type = NFS4_OPEN_DELEGATE_READ; 5838 } 5839 5840 if (!nf) 5841 return ERR_PTR(-EAGAIN); 5842 5843 spin_lock(&state_lock); 5844 spin_lock(&fp->fi_lock); 5845 if (nfs4_delegation_exists(clp, fp)) 5846 status = -EAGAIN; 5847 else if (nfsd4_verify_setuid_write(open, nf)) 5848 status = -EAGAIN; 5849 else if (!fp->fi_deleg_file) { 5850 fp->fi_deleg_file = nf; 5851 /* increment early to prevent fi_deleg_file from being 5852 * cleared */ 5853 fp->fi_delegees = 1; 5854 nf = NULL; 5855 } else 5856 fp->fi_delegees++; 5857 spin_unlock(&fp->fi_lock); 5858 spin_unlock(&state_lock); 5859 if (nf) 5860 nfsd_file_put(nf); 5861 if (status) 5862 return ERR_PTR(status); 5863 5864 status = -ENOMEM; 5865 dp = alloc_init_deleg(clp, fp, odstate, dl_type); 5866 if (!dp) 5867 goto out_delegees; 5868 5869 fl = nfs4_alloc_init_lease(dp, dl_type); 5870 if (!fl) 5871 goto out_clnt_odstate; 5872 5873 status = kernel_setlease(fp->fi_deleg_file->nf_file, 5874 fl->c.flc_type, &fl, NULL); 5875 if (fl) 5876 locks_free_lease(fl); 5877 if (status) 5878 goto out_clnt_odstate; 5879 5880 if (parent) { 5881 status = nfsd4_verify_deleg_dentry(open, fp, parent); 5882 if (status) 5883 goto out_unlock; 5884 } 5885 5886 status = nfsd4_check_conflicting_opens(clp, fp); 5887 if (status) 5888 goto out_unlock; 5889 5890 /* 5891 * Now that the deleg is set, check again to ensure that nothing 5892 * raced in and changed the mode while we weren't looking. 5893 */ 5894 status = nfsd4_verify_setuid_write(open, fp->fi_deleg_file); 5895 if (status) 5896 goto out_unlock; 5897 5898 status = -EAGAIN; 5899 if (fp->fi_had_conflict) 5900 goto out_unlock; 5901 5902 spin_lock(&state_lock); 5903 spin_lock(&clp->cl_lock); 5904 spin_lock(&fp->fi_lock); 5905 status = hash_delegation_locked(dp, fp); 5906 spin_unlock(&fp->fi_lock); 5907 spin_unlock(&clp->cl_lock); 5908 spin_unlock(&state_lock); 5909 5910 if (status) 5911 goto out_unlock; 5912 5913 return dp; 5914 out_unlock: 5915 kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp); 5916 out_clnt_odstate: 5917 put_clnt_odstate(dp->dl_clnt_odstate); 5918 nfs4_put_stid(&dp->dl_stid); 5919 out_delegees: 5920 put_deleg_file(fp); 5921 return ERR_PTR(status); 5922 } 5923 nfsd4_open_deleg_none_ext(struct nfsd4_open * open,int status)5924 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status) 5925 { 5926 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 5927 if (status == -EAGAIN) 5928 open->op_why_no_deleg = WND4_CONTENTION; 5929 else { 5930 open->op_why_no_deleg = WND4_RESOURCE; 5931 switch (open->op_deleg_want) { 5932 case NFS4_SHARE_WANT_READ_DELEG: 5933 case NFS4_SHARE_WANT_WRITE_DELEG: 5934 case NFS4_SHARE_WANT_ANY_DELEG: 5935 break; 5936 case NFS4_SHARE_WANT_CANCEL: 5937 open->op_why_no_deleg = WND4_CANCELLED; 5938 break; 5939 case NFS4_SHARE_WANT_NO_DELEG: 5940 WARN_ON_ONCE(1); 5941 } 5942 } 5943 } 5944 5945 static bool nfs4_delegation_stat(struct nfs4_delegation * dp,struct svc_fh * currentfh,struct kstat * stat)5946 nfs4_delegation_stat(struct nfs4_delegation *dp, struct svc_fh *currentfh, 5947 struct kstat *stat) 5948 { 5949 struct nfsd_file *nf = find_rw_file(dp->dl_stid.sc_file); 5950 struct path path; 5951 int rc; 5952 5953 if (!nf) 5954 return false; 5955 5956 path.mnt = currentfh->fh_export->ex_path.mnt; 5957 path.dentry = file_dentry(nf->nf_file); 5958 5959 rc = vfs_getattr(&path, stat, 5960 (STATX_SIZE | STATX_CTIME | STATX_CHANGE_COOKIE), 5961 AT_STATX_SYNC_AS_STAT); 5962 5963 nfsd_file_put(nf); 5964 return rc == 0; 5965 } 5966 5967 /* 5968 * The Linux NFS server does not offer write delegations to NFSv4.0 5969 * clients in order to avoid conflicts between write delegations and 5970 * GETATTRs requesting CHANGE or SIZE attributes. 5971 * 5972 * With NFSv4.1 and later minorversions, the SEQUENCE operation that 5973 * begins each COMPOUND contains a client ID. Delegation recall can 5974 * be avoided when the server recognizes the client sending a 5975 * GETATTR also holds write delegation it conflicts with. 5976 * 5977 * However, the NFSv4.0 protocol does not enable a server to 5978 * determine that a GETATTR originated from the client holding the 5979 * conflicting delegation versus coming from some other client. Per 5980 * RFC 7530 Section 16.7.5, the server must recall or send a 5981 * CB_GETATTR even when the GETATTR originates from the client that 5982 * holds the conflicting delegation. 5983 * 5984 * An NFSv4.0 client can trigger a pathological situation if it 5985 * always sends a DELEGRETURN preceded by a conflicting GETATTR in 5986 * the same COMPOUND. COMPOUND execution will always stop at the 5987 * GETATTR and the DELEGRETURN will never get executed. The server 5988 * eventually revokes the delegation, which can result in loss of 5989 * open or lock state. 5990 */ 5991 static void nfs4_open_delegation(struct nfsd4_open * open,struct nfs4_ol_stateid * stp,struct svc_fh * currentfh)5992 nfs4_open_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp, 5993 struct svc_fh *currentfh) 5994 { 5995 struct nfs4_delegation *dp; 5996 struct nfs4_openowner *oo = openowner(stp->st_stateowner); 5997 struct nfs4_client *clp = stp->st_stid.sc_client; 5998 struct svc_fh *parent = NULL; 5999 int cb_up; 6000 int status = 0; 6001 struct kstat stat; 6002 6003 cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client); 6004 open->op_recall = false; 6005 switch (open->op_claim_type) { 6006 case NFS4_OPEN_CLAIM_PREVIOUS: 6007 if (!cb_up) 6008 open->op_recall = true; 6009 break; 6010 case NFS4_OPEN_CLAIM_NULL: 6011 parent = currentfh; 6012 fallthrough; 6013 case NFS4_OPEN_CLAIM_FH: 6014 /* 6015 * Let's not give out any delegations till everyone's 6016 * had the chance to reclaim theirs, *and* until 6017 * NLM locks have all been reclaimed: 6018 */ 6019 if (locks_in_grace(clp->net)) 6020 goto out_no_deleg; 6021 if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED)) 6022 goto out_no_deleg; 6023 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE && 6024 !clp->cl_minorversion) 6025 goto out_no_deleg; 6026 break; 6027 default: 6028 goto out_no_deleg; 6029 } 6030 dp = nfs4_set_delegation(open, stp, parent); 6031 if (IS_ERR(dp)) 6032 goto out_no_deleg; 6033 6034 memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid)); 6035 6036 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) { 6037 if (!nfs4_delegation_stat(dp, currentfh, &stat)) { 6038 nfs4_put_stid(&dp->dl_stid); 6039 destroy_delegation(dp); 6040 goto out_no_deleg; 6041 } 6042 open->op_delegate_type = NFS4_OPEN_DELEGATE_WRITE; 6043 dp->dl_cb_fattr.ncf_cur_fsize = stat.size; 6044 dp->dl_cb_fattr.ncf_initial_cinfo = 6045 nfsd4_change_attribute(&stat, d_inode(currentfh->fh_dentry)); 6046 trace_nfsd_deleg_write(&dp->dl_stid.sc_stateid); 6047 } else { 6048 open->op_delegate_type = NFS4_OPEN_DELEGATE_READ; 6049 trace_nfsd_deleg_read(&dp->dl_stid.sc_stateid); 6050 } 6051 nfs4_put_stid(&dp->dl_stid); 6052 return; 6053 out_no_deleg: 6054 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE; 6055 if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS && 6056 open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) { 6057 dprintk("NFSD: WARNING: refusing delegation reclaim\n"); 6058 open->op_recall = true; 6059 } 6060 6061 /* 4.1 client asking for a delegation? */ 6062 if (open->op_deleg_want) 6063 nfsd4_open_deleg_none_ext(open, status); 6064 return; 6065 } 6066 nfsd4_deleg_xgrade_none_ext(struct nfsd4_open * open,struct nfs4_delegation * dp)6067 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open, 6068 struct nfs4_delegation *dp) 6069 { 6070 if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG && 6071 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 6072 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6073 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE; 6074 } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG && 6075 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 6076 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6077 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE; 6078 } 6079 /* Otherwise the client must be confused wanting a delegation 6080 * it already has, therefore we don't return 6081 * NFS4_OPEN_DELEGATE_NONE_EXT and reason. 6082 */ 6083 } 6084 6085 /** 6086 * nfsd4_process_open2 - finish open processing 6087 * @rqstp: the RPC transaction being executed 6088 * @current_fh: NFSv4 COMPOUND's current filehandle 6089 * @open: OPEN arguments 6090 * 6091 * If successful, (1) truncate the file if open->op_truncate was 6092 * set, (2) set open->op_stateid, (3) set open->op_delegation. 6093 * 6094 * Returns %nfs_ok on success; otherwise an nfs4stat value in 6095 * network byte order is returned. 6096 */ 6097 __be32 nfsd4_process_open2(struct svc_rqst * rqstp,struct svc_fh * current_fh,struct nfsd4_open * open)6098 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) 6099 { 6100 struct nfsd4_compoundres *resp = rqstp->rq_resp; 6101 struct nfs4_client *cl = open->op_openowner->oo_owner.so_client; 6102 struct nfs4_file *fp = NULL; 6103 struct nfs4_ol_stateid *stp = NULL; 6104 struct nfs4_delegation *dp = NULL; 6105 __be32 status; 6106 bool new_stp = false; 6107 6108 /* 6109 * Lookup file; if found, lookup stateid and check open request, 6110 * and check for delegations in the process of being recalled. 6111 * If not found, create the nfs4_file struct 6112 */ 6113 fp = nfsd4_file_hash_insert(open->op_file, current_fh); 6114 if (unlikely(!fp)) 6115 return nfserr_jukebox; 6116 if (fp != open->op_file) { 6117 status = nfs4_check_deleg(cl, open, &dp); 6118 if (status) 6119 goto out; 6120 stp = nfsd4_find_and_lock_existing_open(fp, open); 6121 } else { 6122 open->op_file = NULL; 6123 status = nfserr_bad_stateid; 6124 if (nfsd4_is_deleg_cur(open)) 6125 goto out; 6126 } 6127 6128 if (!stp) { 6129 stp = init_open_stateid(fp, open); 6130 if (!open->op_stp) 6131 new_stp = true; 6132 } 6133 6134 /* 6135 * OPEN the file, or upgrade an existing OPEN. 6136 * If truncate fails, the OPEN fails. 6137 * 6138 * stp is already locked. 6139 */ 6140 if (!new_stp) { 6141 /* Stateid was found, this is an OPEN upgrade */ 6142 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); 6143 if (status) { 6144 mutex_unlock(&stp->st_mutex); 6145 goto out; 6146 } 6147 } else { 6148 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open, true); 6149 if (status) { 6150 release_open_stateid(stp); 6151 mutex_unlock(&stp->st_mutex); 6152 goto out; 6153 } 6154 6155 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp, 6156 open->op_odstate); 6157 if (stp->st_clnt_odstate == open->op_odstate) 6158 open->op_odstate = NULL; 6159 } 6160 6161 nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid); 6162 mutex_unlock(&stp->st_mutex); 6163 6164 if (nfsd4_has_session(&resp->cstate)) { 6165 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) { 6166 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 6167 open->op_why_no_deleg = WND4_NOT_WANTED; 6168 goto nodeleg; 6169 } 6170 } 6171 6172 /* 6173 * Attempt to hand out a delegation. No error return, because the 6174 * OPEN succeeds even if we fail. 6175 */ 6176 nfs4_open_delegation(open, stp, &resp->cstate.current_fh); 6177 nodeleg: 6178 status = nfs_ok; 6179 trace_nfsd_open(&stp->st_stid.sc_stateid); 6180 out: 6181 /* 4.1 client trying to upgrade/downgrade delegation? */ 6182 if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp && 6183 open->op_deleg_want) 6184 nfsd4_deleg_xgrade_none_ext(open, dp); 6185 6186 if (fp) 6187 put_nfs4_file(fp); 6188 if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS) 6189 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 6190 /* 6191 * To finish the open response, we just need to set the rflags. 6192 */ 6193 open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX; 6194 if (nfsd4_has_session(&resp->cstate)) 6195 open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK; 6196 else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED)) 6197 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM; 6198 6199 if (dp) 6200 nfs4_put_stid(&dp->dl_stid); 6201 if (stp) 6202 nfs4_put_stid(&stp->st_stid); 6203 6204 return status; 6205 } 6206 nfsd4_cleanup_open_state(struct nfsd4_compound_state * cstate,struct nfsd4_open * open)6207 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, 6208 struct nfsd4_open *open) 6209 { 6210 if (open->op_openowner) 6211 nfs4_put_stateowner(&open->op_openowner->oo_owner); 6212 if (open->op_file) 6213 kmem_cache_free(file_slab, open->op_file); 6214 if (open->op_stp) 6215 nfs4_put_stid(&open->op_stp->st_stid); 6216 if (open->op_odstate) 6217 kmem_cache_free(odstate_slab, open->op_odstate); 6218 } 6219 6220 __be32 nfsd4_renew(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)6221 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 6222 union nfsd4_op_u *u) 6223 { 6224 clientid_t *clid = &u->renew; 6225 struct nfs4_client *clp; 6226 __be32 status; 6227 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6228 6229 trace_nfsd_clid_renew(clid); 6230 status = set_client(clid, cstate, nn); 6231 if (status) 6232 return status; 6233 clp = cstate->clp; 6234 if (!list_empty(&clp->cl_delegations) 6235 && clp->cl_cb_state != NFSD4_CB_UP) 6236 return nfserr_cb_path_down; 6237 return nfs_ok; 6238 } 6239 6240 void nfsd4_end_grace(struct nfsd_net * nn)6241 nfsd4_end_grace(struct nfsd_net *nn) 6242 { 6243 /* do nothing if grace period already ended */ 6244 if (nn->grace_ended) 6245 return; 6246 6247 trace_nfsd_grace_complete(nn); 6248 nn->grace_ended = true; 6249 /* 6250 * If the server goes down again right now, an NFSv4 6251 * client will still be allowed to reclaim after it comes back up, 6252 * even if it hasn't yet had a chance to reclaim state this time. 6253 * 6254 */ 6255 nfsd4_record_grace_done(nn); 6256 /* 6257 * At this point, NFSv4 clients can still reclaim. But if the 6258 * server crashes, any that have not yet reclaimed will be out 6259 * of luck on the next boot. 6260 * 6261 * (NFSv4.1+ clients are considered to have reclaimed once they 6262 * call RECLAIM_COMPLETE. NFSv4.0 clients are considered to 6263 * have reclaimed after their first OPEN.) 6264 */ 6265 locks_end_grace(&nn->nfsd4_manager); 6266 /* 6267 * At this point, and once lockd and/or any other containers 6268 * exit their grace period, further reclaims will fail and 6269 * regular locking can resume. 6270 */ 6271 } 6272 6273 /* 6274 * If we've waited a lease period but there are still clients trying to 6275 * reclaim, wait a little longer to give them a chance to finish. 6276 */ clients_still_reclaiming(struct nfsd_net * nn)6277 static bool clients_still_reclaiming(struct nfsd_net *nn) 6278 { 6279 time64_t double_grace_period_end = nn->boot_time + 6280 2 * nn->nfsd4_lease; 6281 6282 if (nn->track_reclaim_completes && 6283 atomic_read(&nn->nr_reclaim_complete) == 6284 nn->reclaim_str_hashtbl_size) 6285 return false; 6286 if (!nn->somebody_reclaimed) 6287 return false; 6288 nn->somebody_reclaimed = false; 6289 /* 6290 * If we've given them *two* lease times to reclaim, and they're 6291 * still not done, give up: 6292 */ 6293 if (ktime_get_boottime_seconds() > double_grace_period_end) 6294 return false; 6295 return true; 6296 } 6297 6298 struct laundry_time { 6299 time64_t cutoff; 6300 time64_t new_timeo; 6301 }; 6302 state_expired(struct laundry_time * lt,time64_t last_refresh)6303 static bool state_expired(struct laundry_time *lt, time64_t last_refresh) 6304 { 6305 time64_t time_remaining; 6306 6307 if (last_refresh < lt->cutoff) 6308 return true; 6309 time_remaining = last_refresh - lt->cutoff; 6310 lt->new_timeo = min(lt->new_timeo, time_remaining); 6311 return false; 6312 } 6313 6314 #ifdef CONFIG_NFSD_V4_2_INTER_SSC nfsd4_ssc_init_umount_work(struct nfsd_net * nn)6315 void nfsd4_ssc_init_umount_work(struct nfsd_net *nn) 6316 { 6317 spin_lock_init(&nn->nfsd_ssc_lock); 6318 INIT_LIST_HEAD(&nn->nfsd_ssc_mount_list); 6319 init_waitqueue_head(&nn->nfsd_ssc_waitq); 6320 } 6321 6322 /* 6323 * This is called when nfsd is being shutdown, after all inter_ssc 6324 * cleanup were done, to destroy the ssc delayed unmount list. 6325 */ nfsd4_ssc_shutdown_umount(struct nfsd_net * nn)6326 static void nfsd4_ssc_shutdown_umount(struct nfsd_net *nn) 6327 { 6328 struct nfsd4_ssc_umount_item *ni = NULL; 6329 struct nfsd4_ssc_umount_item *tmp; 6330 6331 spin_lock(&nn->nfsd_ssc_lock); 6332 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6333 list_del(&ni->nsui_list); 6334 spin_unlock(&nn->nfsd_ssc_lock); 6335 mntput(ni->nsui_vfsmount); 6336 kfree(ni); 6337 spin_lock(&nn->nfsd_ssc_lock); 6338 } 6339 spin_unlock(&nn->nfsd_ssc_lock); 6340 } 6341 nfsd4_ssc_expire_umount(struct nfsd_net * nn)6342 static void nfsd4_ssc_expire_umount(struct nfsd_net *nn) 6343 { 6344 bool do_wakeup = false; 6345 struct nfsd4_ssc_umount_item *ni = NULL; 6346 struct nfsd4_ssc_umount_item *tmp; 6347 6348 spin_lock(&nn->nfsd_ssc_lock); 6349 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6350 if (time_after(jiffies, ni->nsui_expire)) { 6351 if (refcount_read(&ni->nsui_refcnt) > 1) 6352 continue; 6353 6354 /* mark being unmount */ 6355 ni->nsui_busy = true; 6356 spin_unlock(&nn->nfsd_ssc_lock); 6357 mntput(ni->nsui_vfsmount); 6358 spin_lock(&nn->nfsd_ssc_lock); 6359 6360 /* waiters need to start from begin of list */ 6361 list_del(&ni->nsui_list); 6362 kfree(ni); 6363 6364 /* wakeup ssc_connect waiters */ 6365 do_wakeup = true; 6366 continue; 6367 } 6368 break; 6369 } 6370 if (do_wakeup) 6371 wake_up_all(&nn->nfsd_ssc_waitq); 6372 spin_unlock(&nn->nfsd_ssc_lock); 6373 } 6374 #endif 6375 6376 /* Check if any lock belonging to this lockowner has any blockers */ 6377 static bool nfs4_lockowner_has_blockers(struct nfs4_lockowner * lo)6378 nfs4_lockowner_has_blockers(struct nfs4_lockowner *lo) 6379 { 6380 struct file_lock_context *ctx; 6381 struct nfs4_ol_stateid *stp; 6382 struct nfs4_file *nf; 6383 6384 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 6385 nf = stp->st_stid.sc_file; 6386 ctx = locks_inode_context(nf->fi_inode); 6387 if (!ctx) 6388 continue; 6389 if (locks_owner_has_blockers(ctx, lo)) 6390 return true; 6391 } 6392 return false; 6393 } 6394 6395 static bool nfs4_anylock_blockers(struct nfs4_client * clp)6396 nfs4_anylock_blockers(struct nfs4_client *clp) 6397 { 6398 int i; 6399 struct nfs4_stateowner *so; 6400 struct nfs4_lockowner *lo; 6401 6402 if (atomic_read(&clp->cl_delegs_in_recall)) 6403 return true; 6404 spin_lock(&clp->cl_lock); 6405 for (i = 0; i < OWNER_HASH_SIZE; i++) { 6406 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[i], 6407 so_strhash) { 6408 if (so->so_is_open_owner) 6409 continue; 6410 lo = lockowner(so); 6411 if (nfs4_lockowner_has_blockers(lo)) { 6412 spin_unlock(&clp->cl_lock); 6413 return true; 6414 } 6415 } 6416 } 6417 spin_unlock(&clp->cl_lock); 6418 return false; 6419 } 6420 6421 static void nfs4_get_client_reaplist(struct nfsd_net * nn,struct list_head * reaplist,struct laundry_time * lt)6422 nfs4_get_client_reaplist(struct nfsd_net *nn, struct list_head *reaplist, 6423 struct laundry_time *lt) 6424 { 6425 unsigned int maxreap, reapcnt = 0; 6426 struct list_head *pos, *next; 6427 struct nfs4_client *clp; 6428 6429 maxreap = (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) ? 6430 NFSD_CLIENT_MAX_TRIM_PER_RUN : 0; 6431 INIT_LIST_HEAD(reaplist); 6432 spin_lock(&nn->client_lock); 6433 list_for_each_safe(pos, next, &nn->client_lru) { 6434 clp = list_entry(pos, struct nfs4_client, cl_lru); 6435 if (clp->cl_state == NFSD4_EXPIRABLE) 6436 goto exp_client; 6437 if (!state_expired(lt, clp->cl_time)) 6438 break; 6439 if (!atomic_read(&clp->cl_rpc_users)) { 6440 if (clp->cl_state == NFSD4_ACTIVE) 6441 atomic_inc(&nn->nfsd_courtesy_clients); 6442 clp->cl_state = NFSD4_COURTESY; 6443 } 6444 if (!client_has_state(clp)) 6445 goto exp_client; 6446 if (!nfs4_anylock_blockers(clp)) 6447 if (reapcnt >= maxreap) 6448 continue; 6449 exp_client: 6450 if (!mark_client_expired_locked(clp)) { 6451 list_add(&clp->cl_lru, reaplist); 6452 reapcnt++; 6453 } 6454 } 6455 spin_unlock(&nn->client_lock); 6456 } 6457 6458 static void nfs4_get_courtesy_client_reaplist(struct nfsd_net * nn,struct list_head * reaplist)6459 nfs4_get_courtesy_client_reaplist(struct nfsd_net *nn, 6460 struct list_head *reaplist) 6461 { 6462 unsigned int maxreap = 0, reapcnt = 0; 6463 struct list_head *pos, *next; 6464 struct nfs4_client *clp; 6465 6466 maxreap = NFSD_CLIENT_MAX_TRIM_PER_RUN; 6467 INIT_LIST_HEAD(reaplist); 6468 6469 spin_lock(&nn->client_lock); 6470 list_for_each_safe(pos, next, &nn->client_lru) { 6471 clp = list_entry(pos, struct nfs4_client, cl_lru); 6472 if (clp->cl_state == NFSD4_ACTIVE) 6473 break; 6474 if (reapcnt >= maxreap) 6475 break; 6476 if (!mark_client_expired_locked(clp)) { 6477 list_add(&clp->cl_lru, reaplist); 6478 reapcnt++; 6479 } 6480 } 6481 spin_unlock(&nn->client_lock); 6482 } 6483 6484 static void nfs4_process_client_reaplist(struct list_head * reaplist)6485 nfs4_process_client_reaplist(struct list_head *reaplist) 6486 { 6487 struct list_head *pos, *next; 6488 struct nfs4_client *clp; 6489 6490 list_for_each_safe(pos, next, reaplist) { 6491 clp = list_entry(pos, struct nfs4_client, cl_lru); 6492 trace_nfsd_clid_purged(&clp->cl_clientid); 6493 list_del_init(&clp->cl_lru); 6494 expire_client(clp); 6495 } 6496 } 6497 nfs40_clean_admin_revoked(struct nfsd_net * nn,struct laundry_time * lt)6498 static void nfs40_clean_admin_revoked(struct nfsd_net *nn, 6499 struct laundry_time *lt) 6500 { 6501 struct nfs4_client *clp; 6502 6503 spin_lock(&nn->client_lock); 6504 if (nn->nfs40_last_revoke == 0 || 6505 nn->nfs40_last_revoke > lt->cutoff) { 6506 spin_unlock(&nn->client_lock); 6507 return; 6508 } 6509 nn->nfs40_last_revoke = 0; 6510 6511 retry: 6512 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6513 unsigned long id, tmp; 6514 struct nfs4_stid *stid; 6515 6516 if (atomic_read(&clp->cl_admin_revoked) == 0) 6517 continue; 6518 6519 spin_lock(&clp->cl_lock); 6520 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id) 6521 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 6522 refcount_inc(&stid->sc_count); 6523 spin_unlock(&nn->client_lock); 6524 /* this function drops ->cl_lock */ 6525 nfsd4_drop_revoked_stid(stid); 6526 nfs4_put_stid(stid); 6527 spin_lock(&nn->client_lock); 6528 goto retry; 6529 } 6530 spin_unlock(&clp->cl_lock); 6531 } 6532 spin_unlock(&nn->client_lock); 6533 } 6534 6535 static time64_t nfs4_laundromat(struct nfsd_net * nn)6536 nfs4_laundromat(struct nfsd_net *nn) 6537 { 6538 struct nfs4_openowner *oo; 6539 struct nfs4_delegation *dp; 6540 struct nfs4_ol_stateid *stp; 6541 struct nfsd4_blocked_lock *nbl; 6542 struct list_head *pos, *next, reaplist; 6543 struct laundry_time lt = { 6544 .cutoff = ktime_get_boottime_seconds() - nn->nfsd4_lease, 6545 .new_timeo = nn->nfsd4_lease 6546 }; 6547 struct nfs4_cpntf_state *cps; 6548 copy_stateid_t *cps_t; 6549 int i; 6550 6551 if (clients_still_reclaiming(nn)) { 6552 lt.new_timeo = 0; 6553 goto out; 6554 } 6555 nfsd4_end_grace(nn); 6556 6557 spin_lock(&nn->s2s_cp_lock); 6558 idr_for_each_entry(&nn->s2s_cp_stateids, cps_t, i) { 6559 cps = container_of(cps_t, struct nfs4_cpntf_state, cp_stateid); 6560 if (cps->cp_stateid.cs_type == NFS4_COPYNOTIFY_STID && 6561 state_expired(<, cps->cpntf_time)) 6562 _free_cpntf_state_locked(nn, cps); 6563 } 6564 spin_unlock(&nn->s2s_cp_lock); 6565 nfs4_get_client_reaplist(nn, &reaplist, <); 6566 nfs4_process_client_reaplist(&reaplist); 6567 6568 nfs40_clean_admin_revoked(nn, <); 6569 6570 spin_lock(&state_lock); 6571 list_for_each_safe(pos, next, &nn->del_recall_lru) { 6572 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 6573 if (!state_expired(<, dp->dl_time)) 6574 break; 6575 refcount_inc(&dp->dl_stid.sc_count); 6576 unhash_delegation_locked(dp, SC_STATUS_REVOKED); 6577 list_add(&dp->dl_recall_lru, &reaplist); 6578 } 6579 spin_unlock(&state_lock); 6580 while (!list_empty(&reaplist)) { 6581 dp = list_first_entry(&reaplist, struct nfs4_delegation, 6582 dl_recall_lru); 6583 list_del_init(&dp->dl_recall_lru); 6584 revoke_delegation(dp); 6585 } 6586 6587 spin_lock(&nn->client_lock); 6588 while (!list_empty(&nn->close_lru)) { 6589 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner, 6590 oo_close_lru); 6591 if (!state_expired(<, oo->oo_time)) 6592 break; 6593 list_del_init(&oo->oo_close_lru); 6594 stp = oo->oo_last_closed_stid; 6595 oo->oo_last_closed_stid = NULL; 6596 spin_unlock(&nn->client_lock); 6597 nfs4_put_stid(&stp->st_stid); 6598 spin_lock(&nn->client_lock); 6599 } 6600 spin_unlock(&nn->client_lock); 6601 6602 /* 6603 * It's possible for a client to try and acquire an already held lock 6604 * that is being held for a long time, and then lose interest in it. 6605 * So, we clean out any un-revisited request after a lease period 6606 * under the assumption that the client is no longer interested. 6607 * 6608 * RFC5661, sec. 9.6 states that the client must not rely on getting 6609 * notifications and must continue to poll for locks, even when the 6610 * server supports them. Thus this shouldn't lead to clients blocking 6611 * indefinitely once the lock does become free. 6612 */ 6613 BUG_ON(!list_empty(&reaplist)); 6614 spin_lock(&nn->blocked_locks_lock); 6615 while (!list_empty(&nn->blocked_locks_lru)) { 6616 nbl = list_first_entry(&nn->blocked_locks_lru, 6617 struct nfsd4_blocked_lock, nbl_lru); 6618 if (!state_expired(<, nbl->nbl_time)) 6619 break; 6620 list_move(&nbl->nbl_lru, &reaplist); 6621 list_del_init(&nbl->nbl_list); 6622 } 6623 spin_unlock(&nn->blocked_locks_lock); 6624 6625 while (!list_empty(&reaplist)) { 6626 nbl = list_first_entry(&reaplist, 6627 struct nfsd4_blocked_lock, nbl_lru); 6628 list_del_init(&nbl->nbl_lru); 6629 free_blocked_lock(nbl); 6630 } 6631 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 6632 /* service the server-to-server copy delayed unmount list */ 6633 nfsd4_ssc_expire_umount(nn); 6634 #endif 6635 if (atomic_long_read(&num_delegations) >= max_delegations) 6636 deleg_reaper(nn); 6637 out: 6638 return max_t(time64_t, lt.new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT); 6639 } 6640 6641 static void laundromat_main(struct work_struct *); 6642 6643 static void laundromat_main(struct work_struct * laundry)6644 laundromat_main(struct work_struct *laundry) 6645 { 6646 time64_t t; 6647 struct delayed_work *dwork = to_delayed_work(laundry); 6648 struct nfsd_net *nn = container_of(dwork, struct nfsd_net, 6649 laundromat_work); 6650 6651 t = nfs4_laundromat(nn); 6652 queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ); 6653 } 6654 6655 static void courtesy_client_reaper(struct nfsd_net * nn)6656 courtesy_client_reaper(struct nfsd_net *nn) 6657 { 6658 struct list_head reaplist; 6659 6660 nfs4_get_courtesy_client_reaplist(nn, &reaplist); 6661 nfs4_process_client_reaplist(&reaplist); 6662 } 6663 6664 static void deleg_reaper(struct nfsd_net * nn)6665 deleg_reaper(struct nfsd_net *nn) 6666 { 6667 struct list_head *pos, *next; 6668 struct nfs4_client *clp; 6669 LIST_HEAD(cblist); 6670 6671 spin_lock(&nn->client_lock); 6672 list_for_each_safe(pos, next, &nn->client_lru) { 6673 clp = list_entry(pos, struct nfs4_client, cl_lru); 6674 if (clp->cl_state != NFSD4_ACTIVE || 6675 list_empty(&clp->cl_delegations) || 6676 atomic_read(&clp->cl_delegs_in_recall) || 6677 test_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags) || 6678 (ktime_get_boottime_seconds() - 6679 clp->cl_ra_time < 5)) { 6680 continue; 6681 } 6682 list_add(&clp->cl_ra_cblist, &cblist); 6683 6684 /* release in nfsd4_cb_recall_any_release */ 6685 kref_get(&clp->cl_nfsdfs.cl_ref); 6686 set_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags); 6687 clp->cl_ra_time = ktime_get_boottime_seconds(); 6688 } 6689 spin_unlock(&nn->client_lock); 6690 6691 while (!list_empty(&cblist)) { 6692 clp = list_first_entry(&cblist, struct nfs4_client, 6693 cl_ra_cblist); 6694 list_del_init(&clp->cl_ra_cblist); 6695 clp->cl_ra->ra_keep = 0; 6696 clp->cl_ra->ra_bmval[0] = BIT(RCA4_TYPE_MASK_RDATA_DLG) | 6697 BIT(RCA4_TYPE_MASK_WDATA_DLG); 6698 trace_nfsd_cb_recall_any(clp->cl_ra); 6699 nfsd4_run_cb(&clp->cl_ra->ra_cb); 6700 } 6701 } 6702 6703 static void nfsd4_state_shrinker_worker(struct work_struct * work)6704 nfsd4_state_shrinker_worker(struct work_struct *work) 6705 { 6706 struct nfsd_net *nn = container_of(work, struct nfsd_net, 6707 nfsd_shrinker_work); 6708 6709 courtesy_client_reaper(nn); 6710 deleg_reaper(nn); 6711 } 6712 nfs4_check_fh(struct svc_fh * fhp,struct nfs4_stid * stp)6713 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp) 6714 { 6715 if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle)) 6716 return nfserr_bad_stateid; 6717 return nfs_ok; 6718 } 6719 6720 static nfs4_check_openmode(struct nfs4_ol_stateid * stp,int flags)6721 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags) 6722 { 6723 __be32 status = nfserr_openmode; 6724 6725 /* For lock stateid's, we test the parent open, not the lock: */ 6726 if (stp->st_openstp) 6727 stp = stp->st_openstp; 6728 if ((flags & WR_STATE) && !access_permit_write(stp)) 6729 goto out; 6730 if ((flags & RD_STATE) && !access_permit_read(stp)) 6731 goto out; 6732 status = nfs_ok; 6733 out: 6734 return status; 6735 } 6736 6737 static inline __be32 check_special_stateids(struct net * net,svc_fh * current_fh,stateid_t * stateid,int flags)6738 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags) 6739 { 6740 if (ONE_STATEID(stateid) && (flags & RD_STATE)) 6741 return nfs_ok; 6742 else if (opens_in_grace(net)) { 6743 /* Answer in remaining cases depends on existence of 6744 * conflicting state; so we must wait out the grace period. */ 6745 return nfserr_grace; 6746 } else if (flags & WR_STATE) 6747 return nfs4_share_conflict(current_fh, 6748 NFS4_SHARE_DENY_WRITE); 6749 else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */ 6750 return nfs4_share_conflict(current_fh, 6751 NFS4_SHARE_DENY_READ); 6752 } 6753 check_stateid_generation(stateid_t * in,stateid_t * ref,bool has_session)6754 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session) 6755 { 6756 /* 6757 * When sessions are used the stateid generation number is ignored 6758 * when it is zero. 6759 */ 6760 if (has_session && in->si_generation == 0) 6761 return nfs_ok; 6762 6763 if (in->si_generation == ref->si_generation) 6764 return nfs_ok; 6765 6766 /* If the client sends us a stateid from the future, it's buggy: */ 6767 if (nfsd4_stateid_generation_after(in, ref)) 6768 return nfserr_bad_stateid; 6769 /* 6770 * However, we could see a stateid from the past, even from a 6771 * non-buggy client. For example, if the client sends a lock 6772 * while some IO is outstanding, the lock may bump si_generation 6773 * while the IO is still in flight. The client could avoid that 6774 * situation by waiting for responses on all the IO requests, 6775 * but better performance may result in retrying IO that 6776 * receives an old_stateid error if requests are rarely 6777 * reordered in flight: 6778 */ 6779 return nfserr_old_stateid; 6780 } 6781 nfsd4_stid_check_stateid_generation(stateid_t * in,struct nfs4_stid * s,bool has_session)6782 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session) 6783 { 6784 __be32 ret; 6785 6786 spin_lock(&s->sc_lock); 6787 ret = nfsd4_verify_open_stid(s); 6788 if (ret == nfs_ok) 6789 ret = check_stateid_generation(in, &s->sc_stateid, has_session); 6790 spin_unlock(&s->sc_lock); 6791 if (ret == nfserr_admin_revoked) 6792 nfsd40_drop_revoked_stid(s->sc_client, 6793 &s->sc_stateid); 6794 return ret; 6795 } 6796 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid * ols)6797 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols) 6798 { 6799 if (ols->st_stateowner->so_is_open_owner && 6800 !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED)) 6801 return nfserr_bad_stateid; 6802 return nfs_ok; 6803 } 6804 nfsd4_validate_stateid(struct nfs4_client * cl,stateid_t * stateid)6805 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) 6806 { 6807 struct nfs4_stid *s; 6808 __be32 status = nfserr_bad_stateid; 6809 6810 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 6811 CLOSE_STATEID(stateid)) 6812 return status; 6813 spin_lock(&cl->cl_lock); 6814 s = find_stateid_locked(cl, stateid); 6815 if (!s) 6816 goto out_unlock; 6817 status = nfsd4_stid_check_stateid_generation(stateid, s, 1); 6818 if (status) 6819 goto out_unlock; 6820 status = nfsd4_verify_open_stid(s); 6821 if (status) 6822 goto out_unlock; 6823 6824 switch (s->sc_type) { 6825 case SC_TYPE_DELEG: 6826 status = nfs_ok; 6827 break; 6828 case SC_TYPE_OPEN: 6829 case SC_TYPE_LOCK: 6830 status = nfsd4_check_openowner_confirmed(openlockstateid(s)); 6831 break; 6832 default: 6833 printk("unknown stateid type %x\n", s->sc_type); 6834 status = nfserr_bad_stateid; 6835 } 6836 out_unlock: 6837 spin_unlock(&cl->cl_lock); 6838 if (status == nfserr_admin_revoked) 6839 nfsd40_drop_revoked_stid(cl, stateid); 6840 return status; 6841 } 6842 6843 __be32 nfsd4_lookup_stateid(struct nfsd4_compound_state * cstate,stateid_t * stateid,unsigned short typemask,unsigned short statusmask,struct nfs4_stid ** s,struct nfsd_net * nn)6844 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, 6845 stateid_t *stateid, 6846 unsigned short typemask, unsigned short statusmask, 6847 struct nfs4_stid **s, struct nfsd_net *nn) 6848 { 6849 __be32 status; 6850 struct nfs4_stid *stid; 6851 bool return_revoked = false; 6852 6853 /* 6854 * only return revoked delegations if explicitly asked. 6855 * otherwise we report revoked or bad_stateid status. 6856 */ 6857 if (statusmask & SC_STATUS_REVOKED) 6858 return_revoked = true; 6859 if (typemask & SC_TYPE_DELEG) 6860 /* Always allow REVOKED for DELEG so we can 6861 * retturn the appropriate error. 6862 */ 6863 statusmask |= SC_STATUS_REVOKED; 6864 6865 statusmask |= SC_STATUS_ADMIN_REVOKED; 6866 6867 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 6868 CLOSE_STATEID(stateid)) 6869 return nfserr_bad_stateid; 6870 status = set_client(&stateid->si_opaque.so_clid, cstate, nn); 6871 if (status == nfserr_stale_clientid) { 6872 if (cstate->session) 6873 return nfserr_bad_stateid; 6874 return nfserr_stale_stateid; 6875 } 6876 if (status) 6877 return status; 6878 stid = find_stateid_by_type(cstate->clp, stateid, typemask, statusmask); 6879 if (!stid) 6880 return nfserr_bad_stateid; 6881 if ((stid->sc_status & SC_STATUS_REVOKED) && !return_revoked) { 6882 nfs4_put_stid(stid); 6883 return nfserr_deleg_revoked; 6884 } 6885 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 6886 nfsd40_drop_revoked_stid(cstate->clp, stateid); 6887 nfs4_put_stid(stid); 6888 return nfserr_admin_revoked; 6889 } 6890 *s = stid; 6891 return nfs_ok; 6892 } 6893 6894 static struct nfsd_file * nfs4_find_file(struct nfs4_stid * s,int flags)6895 nfs4_find_file(struct nfs4_stid *s, int flags) 6896 { 6897 struct nfsd_file *ret = NULL; 6898 6899 if (!s || s->sc_status) 6900 return NULL; 6901 6902 switch (s->sc_type) { 6903 case SC_TYPE_DELEG: 6904 spin_lock(&s->sc_file->fi_lock); 6905 ret = nfsd_file_get(s->sc_file->fi_deleg_file); 6906 spin_unlock(&s->sc_file->fi_lock); 6907 break; 6908 case SC_TYPE_OPEN: 6909 case SC_TYPE_LOCK: 6910 if (flags & RD_STATE) 6911 ret = find_readable_file(s->sc_file); 6912 else 6913 ret = find_writeable_file(s->sc_file); 6914 } 6915 6916 return ret; 6917 } 6918 6919 static __be32 nfs4_check_olstateid(struct nfs4_ol_stateid * ols,int flags)6920 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags) 6921 { 6922 __be32 status; 6923 6924 status = nfsd4_check_openowner_confirmed(ols); 6925 if (status) 6926 return status; 6927 return nfs4_check_openmode(ols, flags); 6928 } 6929 6930 static __be32 nfs4_check_file(struct svc_rqst * rqstp,struct svc_fh * fhp,struct nfs4_stid * s,struct nfsd_file ** nfp,int flags)6931 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s, 6932 struct nfsd_file **nfp, int flags) 6933 { 6934 int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE; 6935 struct nfsd_file *nf; 6936 __be32 status; 6937 6938 nf = nfs4_find_file(s, flags); 6939 if (nf) { 6940 status = nfsd_permission(&rqstp->rq_cred, 6941 fhp->fh_export, fhp->fh_dentry, 6942 acc | NFSD_MAY_OWNER_OVERRIDE); 6943 if (status) { 6944 nfsd_file_put(nf); 6945 goto out; 6946 } 6947 } else { 6948 status = nfsd_file_acquire(rqstp, fhp, acc, &nf); 6949 if (status) 6950 return status; 6951 } 6952 *nfp = nf; 6953 out: 6954 return status; 6955 } 6956 static void _free_cpntf_state_locked(struct nfsd_net * nn,struct nfs4_cpntf_state * cps)6957 _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 6958 { 6959 WARN_ON_ONCE(cps->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID); 6960 if (!refcount_dec_and_test(&cps->cp_stateid.cs_count)) 6961 return; 6962 list_del(&cps->cp_list); 6963 idr_remove(&nn->s2s_cp_stateids, 6964 cps->cp_stateid.cs_stid.si_opaque.so_id); 6965 kfree(cps); 6966 } 6967 /* 6968 * A READ from an inter server to server COPY will have a 6969 * copy stateid. Look up the copy notify stateid from the 6970 * idr structure and take a reference on it. 6971 */ manage_cpntf_state(struct nfsd_net * nn,stateid_t * st,struct nfs4_client * clp,struct nfs4_cpntf_state ** cps)6972 __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st, 6973 struct nfs4_client *clp, 6974 struct nfs4_cpntf_state **cps) 6975 { 6976 copy_stateid_t *cps_t; 6977 struct nfs4_cpntf_state *state = NULL; 6978 6979 if (st->si_opaque.so_clid.cl_id != nn->s2s_cp_cl_id) 6980 return nfserr_bad_stateid; 6981 spin_lock(&nn->s2s_cp_lock); 6982 cps_t = idr_find(&nn->s2s_cp_stateids, st->si_opaque.so_id); 6983 if (cps_t) { 6984 state = container_of(cps_t, struct nfs4_cpntf_state, 6985 cp_stateid); 6986 if (state->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID) { 6987 state = NULL; 6988 goto unlock; 6989 } 6990 if (!clp) 6991 refcount_inc(&state->cp_stateid.cs_count); 6992 else 6993 _free_cpntf_state_locked(nn, state); 6994 } 6995 unlock: 6996 spin_unlock(&nn->s2s_cp_lock); 6997 if (!state) 6998 return nfserr_bad_stateid; 6999 if (!clp) 7000 *cps = state; 7001 return 0; 7002 } 7003 find_cpntf_state(struct nfsd_net * nn,stateid_t * st,struct nfs4_stid ** stid)7004 static __be32 find_cpntf_state(struct nfsd_net *nn, stateid_t *st, 7005 struct nfs4_stid **stid) 7006 { 7007 __be32 status; 7008 struct nfs4_cpntf_state *cps = NULL; 7009 struct nfs4_client *found; 7010 7011 status = manage_cpntf_state(nn, st, NULL, &cps); 7012 if (status) 7013 return status; 7014 7015 cps->cpntf_time = ktime_get_boottime_seconds(); 7016 7017 status = nfserr_expired; 7018 found = lookup_clientid(&cps->cp_p_clid, true, nn); 7019 if (!found) 7020 goto out; 7021 7022 *stid = find_stateid_by_type(found, &cps->cp_p_stateid, 7023 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7024 0); 7025 if (*stid) 7026 status = nfs_ok; 7027 else 7028 status = nfserr_bad_stateid; 7029 7030 put_client_renew(found); 7031 out: 7032 nfs4_put_cpntf_state(nn, cps); 7033 return status; 7034 } 7035 nfs4_put_cpntf_state(struct nfsd_net * nn,struct nfs4_cpntf_state * cps)7036 void nfs4_put_cpntf_state(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 7037 { 7038 spin_lock(&nn->s2s_cp_lock); 7039 _free_cpntf_state_locked(nn, cps); 7040 spin_unlock(&nn->s2s_cp_lock); 7041 } 7042 7043 /** 7044 * nfs4_preprocess_stateid_op - find and prep stateid for an operation 7045 * @rqstp: incoming request from client 7046 * @cstate: current compound state 7047 * @fhp: filehandle associated with requested stateid 7048 * @stateid: stateid (provided by client) 7049 * @flags: flags describing type of operation to be done 7050 * @nfp: optional nfsd_file return pointer (may be NULL) 7051 * @cstid: optional returned nfs4_stid pointer (may be NULL) 7052 * 7053 * Given info from the client, look up a nfs4_stid for the operation. On 7054 * success, it returns a reference to the nfs4_stid and/or the nfsd_file 7055 * associated with it. 7056 */ 7057 __be32 nfs4_preprocess_stateid_op(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,struct svc_fh * fhp,stateid_t * stateid,int flags,struct nfsd_file ** nfp,struct nfs4_stid ** cstid)7058 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp, 7059 struct nfsd4_compound_state *cstate, struct svc_fh *fhp, 7060 stateid_t *stateid, int flags, struct nfsd_file **nfp, 7061 struct nfs4_stid **cstid) 7062 { 7063 struct net *net = SVC_NET(rqstp); 7064 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7065 struct nfs4_stid *s = NULL; 7066 __be32 status; 7067 7068 if (nfp) 7069 *nfp = NULL; 7070 7071 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) { 7072 status = check_special_stateids(net, fhp, stateid, flags); 7073 goto done; 7074 } 7075 7076 status = nfsd4_lookup_stateid(cstate, stateid, 7077 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7078 0, &s, nn); 7079 if (status == nfserr_bad_stateid) 7080 status = find_cpntf_state(nn, stateid, &s); 7081 if (status) 7082 return status; 7083 status = nfsd4_stid_check_stateid_generation(stateid, s, 7084 nfsd4_has_session(cstate)); 7085 if (status) 7086 goto out; 7087 7088 switch (s->sc_type) { 7089 case SC_TYPE_DELEG: 7090 status = nfs4_check_delegmode(delegstateid(s), flags); 7091 break; 7092 case SC_TYPE_OPEN: 7093 case SC_TYPE_LOCK: 7094 status = nfs4_check_olstateid(openlockstateid(s), flags); 7095 break; 7096 } 7097 if (status) 7098 goto out; 7099 status = nfs4_check_fh(fhp, s); 7100 7101 done: 7102 if (status == nfs_ok && nfp) 7103 status = nfs4_check_file(rqstp, fhp, s, nfp, flags); 7104 out: 7105 if (s) { 7106 if (!status && cstid) 7107 *cstid = s; 7108 else 7109 nfs4_put_stid(s); 7110 } 7111 return status; 7112 } 7113 7114 /* 7115 * Test if the stateid is valid 7116 */ 7117 __be32 nfsd4_test_stateid(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7118 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7119 union nfsd4_op_u *u) 7120 { 7121 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 7122 struct nfsd4_test_stateid_id *stateid; 7123 struct nfs4_client *cl = cstate->clp; 7124 7125 list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list) 7126 stateid->ts_id_status = 7127 nfsd4_validate_stateid(cl, &stateid->ts_id_stateid); 7128 7129 return nfs_ok; 7130 } 7131 7132 static __be32 nfsd4_free_lock_stateid(stateid_t * stateid,struct nfs4_stid * s)7133 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s) 7134 { 7135 struct nfs4_ol_stateid *stp = openlockstateid(s); 7136 __be32 ret; 7137 7138 ret = nfsd4_lock_ol_stateid(stp); 7139 if (ret) 7140 goto out_put_stid; 7141 7142 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7143 if (ret) 7144 goto out; 7145 7146 ret = nfserr_locks_held; 7147 if (check_for_locks(stp->st_stid.sc_file, 7148 lockowner(stp->st_stateowner))) 7149 goto out; 7150 7151 release_lock_stateid(stp); 7152 ret = nfs_ok; 7153 7154 out: 7155 mutex_unlock(&stp->st_mutex); 7156 out_put_stid: 7157 nfs4_put_stid(s); 7158 return ret; 7159 } 7160 7161 __be32 nfsd4_free_stateid(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7162 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7163 union nfsd4_op_u *u) 7164 { 7165 struct nfsd4_free_stateid *free_stateid = &u->free_stateid; 7166 stateid_t *stateid = &free_stateid->fr_stateid; 7167 struct nfs4_stid *s; 7168 struct nfs4_delegation *dp; 7169 struct nfs4_client *cl = cstate->clp; 7170 __be32 ret = nfserr_bad_stateid; 7171 7172 spin_lock(&cl->cl_lock); 7173 s = find_stateid_locked(cl, stateid); 7174 if (!s || s->sc_status & SC_STATUS_CLOSED) 7175 goto out_unlock; 7176 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) { 7177 nfsd4_drop_revoked_stid(s); 7178 ret = nfs_ok; 7179 goto out; 7180 } 7181 spin_lock(&s->sc_lock); 7182 switch (s->sc_type) { 7183 case SC_TYPE_DELEG: 7184 if (s->sc_status & SC_STATUS_REVOKED) { 7185 s->sc_status |= SC_STATUS_CLOSED; 7186 spin_unlock(&s->sc_lock); 7187 dp = delegstateid(s); 7188 if (s->sc_status & SC_STATUS_FREEABLE) 7189 list_del_init(&dp->dl_recall_lru); 7190 s->sc_status |= SC_STATUS_FREED; 7191 spin_unlock(&cl->cl_lock); 7192 nfs4_put_stid(s); 7193 ret = nfs_ok; 7194 goto out; 7195 } 7196 ret = nfserr_locks_held; 7197 break; 7198 case SC_TYPE_OPEN: 7199 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7200 if (ret) 7201 break; 7202 ret = nfserr_locks_held; 7203 break; 7204 case SC_TYPE_LOCK: 7205 spin_unlock(&s->sc_lock); 7206 refcount_inc(&s->sc_count); 7207 spin_unlock(&cl->cl_lock); 7208 ret = nfsd4_free_lock_stateid(stateid, s); 7209 goto out; 7210 } 7211 spin_unlock(&s->sc_lock); 7212 out_unlock: 7213 spin_unlock(&cl->cl_lock); 7214 out: 7215 return ret; 7216 } 7217 7218 static inline int setlkflg(int type)7219 setlkflg (int type) 7220 { 7221 return (type == NFS4_READW_LT || type == NFS4_READ_LT) ? 7222 RD_STATE : WR_STATE; 7223 } 7224 nfs4_seqid_op_checks(struct nfsd4_compound_state * cstate,stateid_t * stateid,u32 seqid,struct nfs4_ol_stateid * stp)7225 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp) 7226 { 7227 struct svc_fh *current_fh = &cstate->current_fh; 7228 struct nfs4_stateowner *sop = stp->st_stateowner; 7229 __be32 status; 7230 7231 status = nfsd4_check_seqid(cstate, sop, seqid); 7232 if (status) 7233 return status; 7234 status = nfsd4_lock_ol_stateid(stp); 7235 if (status != nfs_ok) 7236 return status; 7237 status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate)); 7238 if (status == nfs_ok) 7239 status = nfs4_check_fh(current_fh, &stp->st_stid); 7240 if (status != nfs_ok) 7241 mutex_unlock(&stp->st_mutex); 7242 return status; 7243 } 7244 7245 /** 7246 * nfs4_preprocess_seqid_op - find and prep an ol_stateid for a seqid-morphing op 7247 * @cstate: compund state 7248 * @seqid: seqid (provided by client) 7249 * @stateid: stateid (provided by client) 7250 * @typemask: mask of allowable types for this operation 7251 * @statusmask: mask of allowed states: 0 or STID_CLOSED 7252 * @stpp: return pointer for the stateid found 7253 * @nn: net namespace for request 7254 * 7255 * Given a stateid+seqid from a client, look up an nfs4_ol_stateid and 7256 * return it in @stpp. On a nfs_ok return, the returned stateid will 7257 * have its st_mutex locked. 7258 */ 7259 static __be32 nfs4_preprocess_seqid_op(struct nfsd4_compound_state * cstate,u32 seqid,stateid_t * stateid,unsigned short typemask,unsigned short statusmask,struct nfs4_ol_stateid ** stpp,struct nfsd_net * nn)7260 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7261 stateid_t *stateid, 7262 unsigned short typemask, unsigned short statusmask, 7263 struct nfs4_ol_stateid **stpp, 7264 struct nfsd_net *nn) 7265 { 7266 __be32 status; 7267 struct nfs4_stid *s; 7268 struct nfs4_ol_stateid *stp = NULL; 7269 7270 trace_nfsd_preprocess(seqid, stateid); 7271 7272 *stpp = NULL; 7273 retry: 7274 status = nfsd4_lookup_stateid(cstate, stateid, 7275 typemask, statusmask, &s, nn); 7276 if (status) 7277 return status; 7278 stp = openlockstateid(s); 7279 if (nfsd4_cstate_assign_replay(cstate, stp->st_stateowner) == -EAGAIN) { 7280 nfs4_put_stateowner(stp->st_stateowner); 7281 goto retry; 7282 } 7283 7284 status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp); 7285 if (!status) 7286 *stpp = stp; 7287 else 7288 nfs4_put_stid(&stp->st_stid); 7289 return status; 7290 } 7291 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state * cstate,u32 seqid,stateid_t * stateid,struct nfs4_ol_stateid ** stpp,struct nfsd_net * nn)7292 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7293 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn) 7294 { 7295 __be32 status; 7296 struct nfs4_openowner *oo; 7297 struct nfs4_ol_stateid *stp; 7298 7299 status = nfs4_preprocess_seqid_op(cstate, seqid, stateid, 7300 SC_TYPE_OPEN, 0, &stp, nn); 7301 if (status) 7302 return status; 7303 oo = openowner(stp->st_stateowner); 7304 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { 7305 mutex_unlock(&stp->st_mutex); 7306 nfs4_put_stid(&stp->st_stid); 7307 return nfserr_bad_stateid; 7308 } 7309 *stpp = stp; 7310 return nfs_ok; 7311 } 7312 7313 __be32 nfsd4_open_confirm(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7314 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7315 union nfsd4_op_u *u) 7316 { 7317 struct nfsd4_open_confirm *oc = &u->open_confirm; 7318 __be32 status; 7319 struct nfs4_openowner *oo; 7320 struct nfs4_ol_stateid *stp; 7321 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7322 7323 dprintk("NFSD: nfsd4_open_confirm on file %pd\n", 7324 cstate->current_fh.fh_dentry); 7325 7326 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 7327 if (status) 7328 return status; 7329 7330 status = nfs4_preprocess_seqid_op(cstate, 7331 oc->oc_seqid, &oc->oc_req_stateid, 7332 SC_TYPE_OPEN, 0, &stp, nn); 7333 if (status) 7334 goto out; 7335 oo = openowner(stp->st_stateowner); 7336 status = nfserr_bad_stateid; 7337 if (oo->oo_flags & NFS4_OO_CONFIRMED) { 7338 mutex_unlock(&stp->st_mutex); 7339 goto put_stateid; 7340 } 7341 oo->oo_flags |= NFS4_OO_CONFIRMED; 7342 nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid); 7343 mutex_unlock(&stp->st_mutex); 7344 trace_nfsd_open_confirm(oc->oc_seqid, &stp->st_stid.sc_stateid); 7345 nfsd4_client_record_create(oo->oo_owner.so_client); 7346 status = nfs_ok; 7347 put_stateid: 7348 nfs4_put_stid(&stp->st_stid); 7349 out: 7350 nfsd4_bump_seqid(cstate, status); 7351 return status; 7352 } 7353 nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid * stp,u32 access)7354 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access) 7355 { 7356 if (!test_access(access, stp)) 7357 return; 7358 nfs4_file_put_access(stp->st_stid.sc_file, access); 7359 clear_access(access, stp); 7360 } 7361 nfs4_stateid_downgrade(struct nfs4_ol_stateid * stp,u32 to_access)7362 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access) 7363 { 7364 switch (to_access) { 7365 case NFS4_SHARE_ACCESS_READ: 7366 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE); 7367 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7368 break; 7369 case NFS4_SHARE_ACCESS_WRITE: 7370 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ); 7371 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7372 break; 7373 case NFS4_SHARE_ACCESS_BOTH: 7374 break; 7375 default: 7376 WARN_ON_ONCE(1); 7377 } 7378 } 7379 7380 __be32 nfsd4_open_downgrade(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7381 nfsd4_open_downgrade(struct svc_rqst *rqstp, 7382 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 7383 { 7384 struct nfsd4_open_downgrade *od = &u->open_downgrade; 7385 __be32 status; 7386 struct nfs4_ol_stateid *stp; 7387 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7388 7389 dprintk("NFSD: nfsd4_open_downgrade on file %pd\n", 7390 cstate->current_fh.fh_dentry); 7391 7392 /* We don't yet support WANT bits: */ 7393 if (od->od_deleg_want) 7394 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__, 7395 od->od_deleg_want); 7396 7397 status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid, 7398 &od->od_stateid, &stp, nn); 7399 if (status) 7400 goto out; 7401 status = nfserr_inval; 7402 if (!test_access(od->od_share_access, stp)) { 7403 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n", 7404 stp->st_access_bmap, od->od_share_access); 7405 goto put_stateid; 7406 } 7407 if (!test_deny(od->od_share_deny, stp)) { 7408 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n", 7409 stp->st_deny_bmap, od->od_share_deny); 7410 goto put_stateid; 7411 } 7412 nfs4_stateid_downgrade(stp, od->od_share_access); 7413 reset_union_bmap_deny(od->od_share_deny, stp); 7414 nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid); 7415 status = nfs_ok; 7416 put_stateid: 7417 mutex_unlock(&stp->st_mutex); 7418 nfs4_put_stid(&stp->st_stid); 7419 out: 7420 nfsd4_bump_seqid(cstate, status); 7421 return status; 7422 } 7423 nfsd4_close_open_stateid(struct nfs4_ol_stateid * s)7424 static bool nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) 7425 { 7426 struct nfs4_client *clp = s->st_stid.sc_client; 7427 bool unhashed; 7428 LIST_HEAD(reaplist); 7429 struct nfs4_ol_stateid *stp; 7430 7431 spin_lock(&clp->cl_lock); 7432 unhashed = unhash_open_stateid(s, &reaplist); 7433 7434 if (clp->cl_minorversion) { 7435 if (unhashed) 7436 put_ol_stateid_locked(s, &reaplist); 7437 spin_unlock(&clp->cl_lock); 7438 list_for_each_entry(stp, &reaplist, st_locks) 7439 nfs4_free_cpntf_statelist(clp->net, &stp->st_stid); 7440 free_ol_stateid_reaplist(&reaplist); 7441 return false; 7442 } else { 7443 spin_unlock(&clp->cl_lock); 7444 free_ol_stateid_reaplist(&reaplist); 7445 return unhashed; 7446 } 7447 } 7448 7449 /* 7450 * nfs4_unlock_state() called after encode 7451 */ 7452 __be32 nfsd4_close(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7453 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7454 union nfsd4_op_u *u) 7455 { 7456 struct nfsd4_close *close = &u->close; 7457 __be32 status; 7458 struct nfs4_ol_stateid *stp; 7459 struct net *net = SVC_NET(rqstp); 7460 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7461 bool need_move_to_close_list; 7462 7463 dprintk("NFSD: nfsd4_close on file %pd\n", 7464 cstate->current_fh.fh_dentry); 7465 7466 status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid, 7467 &close->cl_stateid, 7468 SC_TYPE_OPEN, SC_STATUS_CLOSED, 7469 &stp, nn); 7470 nfsd4_bump_seqid(cstate, status); 7471 if (status) 7472 goto out; 7473 7474 spin_lock(&stp->st_stid.sc_client->cl_lock); 7475 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 7476 spin_unlock(&stp->st_stid.sc_client->cl_lock); 7477 7478 /* 7479 * Technically we don't _really_ have to increment or copy it, since 7480 * it should just be gone after this operation and we clobber the 7481 * copied value below, but we continue to do so here just to ensure 7482 * that racing ops see that there was a state change. 7483 */ 7484 nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid); 7485 7486 need_move_to_close_list = nfsd4_close_open_stateid(stp); 7487 mutex_unlock(&stp->st_mutex); 7488 if (need_move_to_close_list) 7489 move_to_close_lru(stp, net); 7490 7491 /* v4.1+ suggests that we send a special stateid in here, since the 7492 * clients should just ignore this anyway. Since this is not useful 7493 * for v4.0 clients either, we set it to the special close_stateid 7494 * universally. 7495 * 7496 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5 7497 */ 7498 memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid)); 7499 7500 /* put reference from nfs4_preprocess_seqid_op */ 7501 nfs4_put_stid(&stp->st_stid); 7502 out: 7503 return status; 7504 } 7505 7506 __be32 nfsd4_delegreturn(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7507 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7508 union nfsd4_op_u *u) 7509 { 7510 struct nfsd4_delegreturn *dr = &u->delegreturn; 7511 struct nfs4_delegation *dp; 7512 stateid_t *stateid = &dr->dr_stateid; 7513 struct nfs4_stid *s; 7514 __be32 status; 7515 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7516 7517 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 7518 return status; 7519 7520 status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG, 7521 SC_STATUS_REVOKED | SC_STATUS_FREEABLE, 7522 &s, nn); 7523 if (status) 7524 goto out; 7525 dp = delegstateid(s); 7526 status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate)); 7527 if (status) 7528 goto put_stateid; 7529 7530 trace_nfsd_deleg_return(stateid); 7531 destroy_delegation(dp); 7532 smp_mb__after_atomic(); 7533 wake_up_var(d_inode(cstate->current_fh.fh_dentry)); 7534 put_stateid: 7535 nfs4_put_stid(&dp->dl_stid); 7536 out: 7537 return status; 7538 } 7539 7540 /* last octet in a range */ 7541 static inline u64 last_byte_offset(u64 start,u64 len)7542 last_byte_offset(u64 start, u64 len) 7543 { 7544 u64 end; 7545 7546 WARN_ON_ONCE(!len); 7547 end = start + len; 7548 return end > start ? end - 1: NFS4_MAX_UINT64; 7549 } 7550 7551 /* 7552 * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that 7553 * we can't properly handle lock requests that go beyond the (2^63 - 1)-th 7554 * byte, because of sign extension problems. Since NFSv4 calls for 64-bit 7555 * locking, this prevents us from being completely protocol-compliant. The 7556 * real solution to this problem is to start using unsigned file offsets in 7557 * the VFS, but this is a very deep change! 7558 */ 7559 static inline void nfs4_transform_lock_offset(struct file_lock * lock)7560 nfs4_transform_lock_offset(struct file_lock *lock) 7561 { 7562 if (lock->fl_start < 0) 7563 lock->fl_start = OFFSET_MAX; 7564 if (lock->fl_end < 0) 7565 lock->fl_end = OFFSET_MAX; 7566 } 7567 7568 static fl_owner_t nfsd4_lm_get_owner(fl_owner_t owner)7569 nfsd4_lm_get_owner(fl_owner_t owner) 7570 { 7571 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 7572 7573 nfs4_get_stateowner(&lo->lo_owner); 7574 return owner; 7575 } 7576 7577 static void nfsd4_lm_put_owner(fl_owner_t owner)7578 nfsd4_lm_put_owner(fl_owner_t owner) 7579 { 7580 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 7581 7582 if (lo) 7583 nfs4_put_stateowner(&lo->lo_owner); 7584 } 7585 7586 /* return pointer to struct nfs4_client if client is expirable */ 7587 static bool nfsd4_lm_lock_expirable(struct file_lock * cfl)7588 nfsd4_lm_lock_expirable(struct file_lock *cfl) 7589 { 7590 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) cfl->c.flc_owner; 7591 struct nfs4_client *clp = lo->lo_owner.so_client; 7592 struct nfsd_net *nn; 7593 7594 if (try_to_expire_client(clp)) { 7595 nn = net_generic(clp->net, nfsd_net_id); 7596 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 7597 return true; 7598 } 7599 return false; 7600 } 7601 7602 /* schedule laundromat to run immediately and wait for it to complete */ 7603 static void nfsd4_lm_expire_lock(void)7604 nfsd4_lm_expire_lock(void) 7605 { 7606 flush_workqueue(laundry_wq); 7607 } 7608 7609 static void nfsd4_lm_notify(struct file_lock * fl)7610 nfsd4_lm_notify(struct file_lock *fl) 7611 { 7612 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) fl->c.flc_owner; 7613 struct net *net = lo->lo_owner.so_client->net; 7614 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7615 struct nfsd4_blocked_lock *nbl = container_of(fl, 7616 struct nfsd4_blocked_lock, nbl_lock); 7617 bool queue = false; 7618 7619 /* An empty list means that something else is going to be using it */ 7620 spin_lock(&nn->blocked_locks_lock); 7621 if (!list_empty(&nbl->nbl_list)) { 7622 list_del_init(&nbl->nbl_list); 7623 list_del_init(&nbl->nbl_lru); 7624 queue = true; 7625 } 7626 spin_unlock(&nn->blocked_locks_lock); 7627 7628 if (queue) { 7629 trace_nfsd_cb_notify_lock(lo, nbl); 7630 nfsd4_run_cb(&nbl->nbl_cb); 7631 } 7632 } 7633 7634 static const struct lock_manager_operations nfsd_posix_mng_ops = { 7635 .lm_mod_owner = THIS_MODULE, 7636 .lm_notify = nfsd4_lm_notify, 7637 .lm_get_owner = nfsd4_lm_get_owner, 7638 .lm_put_owner = nfsd4_lm_put_owner, 7639 .lm_lock_expirable = nfsd4_lm_lock_expirable, 7640 .lm_expire_lock = nfsd4_lm_expire_lock, 7641 }; 7642 7643 static inline void nfs4_set_lock_denied(struct file_lock * fl,struct nfsd4_lock_denied * deny)7644 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny) 7645 { 7646 struct nfs4_lockowner *lo; 7647 7648 if (fl->fl_lmops == &nfsd_posix_mng_ops) { 7649 lo = (struct nfs4_lockowner *) fl->c.flc_owner; 7650 xdr_netobj_dup(&deny->ld_owner, &lo->lo_owner.so_owner, 7651 GFP_KERNEL); 7652 if (!deny->ld_owner.data) 7653 /* We just don't care that much */ 7654 goto nevermind; 7655 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid; 7656 } else { 7657 nevermind: 7658 deny->ld_owner.len = 0; 7659 deny->ld_owner.data = NULL; 7660 deny->ld_clientid.cl_boot = 0; 7661 deny->ld_clientid.cl_id = 0; 7662 } 7663 deny->ld_start = fl->fl_start; 7664 deny->ld_length = NFS4_MAX_UINT64; 7665 if (fl->fl_end != NFS4_MAX_UINT64) 7666 deny->ld_length = fl->fl_end - fl->fl_start + 1; 7667 deny->ld_type = NFS4_READ_LT; 7668 if (fl->c.flc_type != F_RDLCK) 7669 deny->ld_type = NFS4_WRITE_LT; 7670 } 7671 7672 static struct nfs4_lockowner * find_lockowner_str_locked(struct nfs4_client * clp,struct xdr_netobj * owner)7673 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner) 7674 { 7675 unsigned int strhashval = ownerstr_hashval(owner); 7676 struct nfs4_stateowner *so; 7677 7678 lockdep_assert_held(&clp->cl_lock); 7679 7680 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval], 7681 so_strhash) { 7682 if (so->so_is_open_owner) 7683 continue; 7684 if (same_owner_str(so, owner)) 7685 return lockowner(nfs4_get_stateowner(so)); 7686 } 7687 return NULL; 7688 } 7689 7690 static struct nfs4_lockowner * find_lockowner_str(struct nfs4_client * clp,struct xdr_netobj * owner)7691 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner) 7692 { 7693 struct nfs4_lockowner *lo; 7694 7695 spin_lock(&clp->cl_lock); 7696 lo = find_lockowner_str_locked(clp, owner); 7697 spin_unlock(&clp->cl_lock); 7698 return lo; 7699 } 7700 nfs4_unhash_lockowner(struct nfs4_stateowner * sop)7701 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop) 7702 { 7703 unhash_lockowner_locked(lockowner(sop)); 7704 } 7705 nfs4_free_lockowner(struct nfs4_stateowner * sop)7706 static void nfs4_free_lockowner(struct nfs4_stateowner *sop) 7707 { 7708 struct nfs4_lockowner *lo = lockowner(sop); 7709 7710 kmem_cache_free(lockowner_slab, lo); 7711 } 7712 7713 static const struct nfs4_stateowner_operations lockowner_ops = { 7714 .so_unhash = nfs4_unhash_lockowner, 7715 .so_free = nfs4_free_lockowner, 7716 }; 7717 7718 /* 7719 * Alloc a lock owner structure. 7720 * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 7721 * occurred. 7722 * 7723 * strhashval = ownerstr_hashval 7724 */ 7725 static struct nfs4_lockowner * alloc_init_lock_stateowner(unsigned int strhashval,struct nfs4_client * clp,struct nfs4_ol_stateid * open_stp,struct nfsd4_lock * lock)7726 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, 7727 struct nfs4_ol_stateid *open_stp, 7728 struct nfsd4_lock *lock) 7729 { 7730 struct nfs4_lockowner *lo, *ret; 7731 7732 lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp); 7733 if (!lo) 7734 return NULL; 7735 INIT_LIST_HEAD(&lo->lo_blocked); 7736 INIT_LIST_HEAD(&lo->lo_owner.so_stateids); 7737 lo->lo_owner.so_is_open_owner = 0; 7738 lo->lo_owner.so_seqid = lock->lk_new_lock_seqid; 7739 lo->lo_owner.so_ops = &lockowner_ops; 7740 spin_lock(&clp->cl_lock); 7741 ret = find_lockowner_str_locked(clp, &lock->lk_new_owner); 7742 if (ret == NULL) { 7743 list_add(&lo->lo_owner.so_strhash, 7744 &clp->cl_ownerstr_hashtbl[strhashval]); 7745 ret = lo; 7746 } else 7747 nfs4_free_stateowner(&lo->lo_owner); 7748 7749 spin_unlock(&clp->cl_lock); 7750 return ret; 7751 } 7752 7753 static struct nfs4_ol_stateid * find_lock_stateid(const struct nfs4_lockowner * lo,const struct nfs4_ol_stateid * ost)7754 find_lock_stateid(const struct nfs4_lockowner *lo, 7755 const struct nfs4_ol_stateid *ost) 7756 { 7757 struct nfs4_ol_stateid *lst; 7758 7759 lockdep_assert_held(&ost->st_stid.sc_client->cl_lock); 7760 7761 /* If ost is not hashed, ost->st_locks will not be valid */ 7762 if (!nfs4_ol_stateid_unhashed(ost)) 7763 list_for_each_entry(lst, &ost->st_locks, st_locks) { 7764 if (lst->st_stateowner == &lo->lo_owner) { 7765 refcount_inc(&lst->st_stid.sc_count); 7766 return lst; 7767 } 7768 } 7769 return NULL; 7770 } 7771 7772 static struct nfs4_ol_stateid * init_lock_stateid(struct nfs4_ol_stateid * stp,struct nfs4_lockowner * lo,struct nfs4_file * fp,struct inode * inode,struct nfs4_ol_stateid * open_stp)7773 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo, 7774 struct nfs4_file *fp, struct inode *inode, 7775 struct nfs4_ol_stateid *open_stp) 7776 { 7777 struct nfs4_client *clp = lo->lo_owner.so_client; 7778 struct nfs4_ol_stateid *retstp; 7779 7780 mutex_init(&stp->st_mutex); 7781 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 7782 retry: 7783 spin_lock(&clp->cl_lock); 7784 if (nfs4_ol_stateid_unhashed(open_stp)) 7785 goto out_close; 7786 retstp = find_lock_stateid(lo, open_stp); 7787 if (retstp) 7788 goto out_found; 7789 refcount_inc(&stp->st_stid.sc_count); 7790 stp->st_stid.sc_type = SC_TYPE_LOCK; 7791 stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner); 7792 get_nfs4_file(fp); 7793 stp->st_stid.sc_file = fp; 7794 stp->st_access_bmap = 0; 7795 stp->st_deny_bmap = open_stp->st_deny_bmap; 7796 stp->st_openstp = open_stp; 7797 spin_lock(&fp->fi_lock); 7798 list_add(&stp->st_locks, &open_stp->st_locks); 7799 list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids); 7800 list_add(&stp->st_perfile, &fp->fi_stateids); 7801 spin_unlock(&fp->fi_lock); 7802 spin_unlock(&clp->cl_lock); 7803 return stp; 7804 out_found: 7805 spin_unlock(&clp->cl_lock); 7806 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 7807 nfs4_put_stid(&retstp->st_stid); 7808 goto retry; 7809 } 7810 /* To keep mutex tracking happy */ 7811 mutex_unlock(&stp->st_mutex); 7812 return retstp; 7813 out_close: 7814 spin_unlock(&clp->cl_lock); 7815 mutex_unlock(&stp->st_mutex); 7816 return NULL; 7817 } 7818 7819 static struct nfs4_ol_stateid * find_or_create_lock_stateid(struct nfs4_lockowner * lo,struct nfs4_file * fi,struct inode * inode,struct nfs4_ol_stateid * ost,bool * new)7820 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi, 7821 struct inode *inode, struct nfs4_ol_stateid *ost, 7822 bool *new) 7823 { 7824 struct nfs4_stid *ns = NULL; 7825 struct nfs4_ol_stateid *lst; 7826 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 7827 struct nfs4_client *clp = oo->oo_owner.so_client; 7828 7829 *new = false; 7830 spin_lock(&clp->cl_lock); 7831 lst = find_lock_stateid(lo, ost); 7832 spin_unlock(&clp->cl_lock); 7833 if (lst != NULL) { 7834 if (nfsd4_lock_ol_stateid(lst) == nfs_ok) 7835 goto out; 7836 nfs4_put_stid(&lst->st_stid); 7837 } 7838 ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid); 7839 if (ns == NULL) 7840 return NULL; 7841 7842 lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost); 7843 if (lst == openlockstateid(ns)) 7844 *new = true; 7845 else 7846 nfs4_put_stid(ns); 7847 out: 7848 return lst; 7849 } 7850 7851 static int check_lock_length(u64 offset,u64 length)7852 check_lock_length(u64 offset, u64 length) 7853 { 7854 return ((length == 0) || ((length != NFS4_MAX_UINT64) && 7855 (length > ~offset))); 7856 } 7857 get_lock_access(struct nfs4_ol_stateid * lock_stp,u32 access)7858 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access) 7859 { 7860 struct nfs4_file *fp = lock_stp->st_stid.sc_file; 7861 7862 lockdep_assert_held(&fp->fi_lock); 7863 7864 if (test_access(access, lock_stp)) 7865 return; 7866 __nfs4_file_get_access(fp, access); 7867 set_access(access, lock_stp); 7868 } 7869 7870 static __be32 lookup_or_create_lock_state(struct nfsd4_compound_state * cstate,struct nfs4_ol_stateid * ost,struct nfsd4_lock * lock,struct nfs4_ol_stateid ** plst,bool * new)7871 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, 7872 struct nfs4_ol_stateid *ost, 7873 struct nfsd4_lock *lock, 7874 struct nfs4_ol_stateid **plst, bool *new) 7875 { 7876 __be32 status; 7877 struct nfs4_file *fi = ost->st_stid.sc_file; 7878 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 7879 struct nfs4_client *cl = oo->oo_owner.so_client; 7880 struct inode *inode = d_inode(cstate->current_fh.fh_dentry); 7881 struct nfs4_lockowner *lo; 7882 struct nfs4_ol_stateid *lst; 7883 unsigned int strhashval; 7884 7885 lo = find_lockowner_str(cl, &lock->lk_new_owner); 7886 if (!lo) { 7887 strhashval = ownerstr_hashval(&lock->lk_new_owner); 7888 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock); 7889 if (lo == NULL) 7890 return nfserr_jukebox; 7891 } else { 7892 /* with an existing lockowner, seqids must be the same */ 7893 status = nfserr_bad_seqid; 7894 if (!cstate->minorversion && 7895 lock->lk_new_lock_seqid != lo->lo_owner.so_seqid) 7896 goto out; 7897 } 7898 7899 lst = find_or_create_lock_stateid(lo, fi, inode, ost, new); 7900 if (lst == NULL) { 7901 status = nfserr_jukebox; 7902 goto out; 7903 } 7904 7905 status = nfs_ok; 7906 *plst = lst; 7907 out: 7908 nfs4_put_stateowner(&lo->lo_owner); 7909 return status; 7910 } 7911 7912 /* 7913 * LOCK operation 7914 */ 7915 __be32 nfsd4_lock(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)7916 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7917 union nfsd4_op_u *u) 7918 { 7919 struct nfsd4_lock *lock = &u->lock; 7920 struct nfs4_openowner *open_sop = NULL; 7921 struct nfs4_lockowner *lock_sop = NULL; 7922 struct nfs4_ol_stateid *lock_stp = NULL; 7923 struct nfs4_ol_stateid *open_stp = NULL; 7924 struct nfs4_file *fp; 7925 struct nfsd_file *nf = NULL; 7926 struct nfsd4_blocked_lock *nbl = NULL; 7927 struct file_lock *file_lock = NULL; 7928 struct file_lock *conflock = NULL; 7929 struct super_block *sb; 7930 __be32 status = 0; 7931 int lkflg; 7932 int err; 7933 bool new = false; 7934 unsigned char type; 7935 unsigned int flags = FL_POSIX; 7936 struct net *net = SVC_NET(rqstp); 7937 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7938 7939 dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", 7940 (long long) lock->lk_offset, 7941 (long long) lock->lk_length); 7942 7943 if (check_lock_length(lock->lk_offset, lock->lk_length)) 7944 return nfserr_inval; 7945 7946 if ((status = fh_verify(rqstp, &cstate->current_fh, 7947 S_IFREG, NFSD_MAY_LOCK))) { 7948 dprintk("NFSD: nfsd4_lock: permission denied!\n"); 7949 return status; 7950 } 7951 sb = cstate->current_fh.fh_dentry->d_sb; 7952 7953 if (lock->lk_is_new) { 7954 if (nfsd4_has_session(cstate)) 7955 /* See rfc 5661 18.10.3: given clientid is ignored: */ 7956 memcpy(&lock->lk_new_clientid, 7957 &cstate->clp->cl_clientid, 7958 sizeof(clientid_t)); 7959 7960 /* validate and update open stateid and open seqid */ 7961 status = nfs4_preprocess_confirmed_seqid_op(cstate, 7962 lock->lk_new_open_seqid, 7963 &lock->lk_new_open_stateid, 7964 &open_stp, nn); 7965 if (status) 7966 goto out; 7967 mutex_unlock(&open_stp->st_mutex); 7968 open_sop = openowner(open_stp->st_stateowner); 7969 status = nfserr_bad_stateid; 7970 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid, 7971 &lock->lk_new_clientid)) 7972 goto out; 7973 status = lookup_or_create_lock_state(cstate, open_stp, lock, 7974 &lock_stp, &new); 7975 } else { 7976 status = nfs4_preprocess_seqid_op(cstate, 7977 lock->lk_old_lock_seqid, 7978 &lock->lk_old_lock_stateid, 7979 SC_TYPE_LOCK, 0, &lock_stp, 7980 nn); 7981 } 7982 if (status) 7983 goto out; 7984 lock_sop = lockowner(lock_stp->st_stateowner); 7985 7986 lkflg = setlkflg(lock->lk_type); 7987 status = nfs4_check_openmode(lock_stp, lkflg); 7988 if (status) 7989 goto out; 7990 7991 status = nfserr_grace; 7992 if (locks_in_grace(net) && !lock->lk_reclaim) 7993 goto out; 7994 status = nfserr_no_grace; 7995 if (!locks_in_grace(net) && lock->lk_reclaim) 7996 goto out; 7997 7998 if (lock->lk_reclaim) 7999 flags |= FL_RECLAIM; 8000 8001 fp = lock_stp->st_stid.sc_file; 8002 switch (lock->lk_type) { 8003 case NFS4_READW_LT: 8004 if (nfsd4_has_session(cstate) || 8005 exportfs_lock_op_is_async(sb->s_export_op)) 8006 flags |= FL_SLEEP; 8007 fallthrough; 8008 case NFS4_READ_LT: 8009 spin_lock(&fp->fi_lock); 8010 nf = find_readable_file_locked(fp); 8011 if (nf) 8012 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ); 8013 spin_unlock(&fp->fi_lock); 8014 type = F_RDLCK; 8015 break; 8016 case NFS4_WRITEW_LT: 8017 if (nfsd4_has_session(cstate) || 8018 exportfs_lock_op_is_async(sb->s_export_op)) 8019 flags |= FL_SLEEP; 8020 fallthrough; 8021 case NFS4_WRITE_LT: 8022 spin_lock(&fp->fi_lock); 8023 nf = find_writeable_file_locked(fp); 8024 if (nf) 8025 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE); 8026 spin_unlock(&fp->fi_lock); 8027 type = F_WRLCK; 8028 break; 8029 default: 8030 status = nfserr_inval; 8031 goto out; 8032 } 8033 8034 if (!nf) { 8035 status = nfserr_openmode; 8036 goto out; 8037 } 8038 8039 /* 8040 * Most filesystems with their own ->lock operations will block 8041 * the nfsd thread waiting to acquire the lock. That leads to 8042 * deadlocks (we don't want every nfsd thread tied up waiting 8043 * for file locks), so don't attempt blocking lock notifications 8044 * on those filesystems: 8045 */ 8046 if (!exportfs_lock_op_is_async(sb->s_export_op)) 8047 flags &= ~FL_SLEEP; 8048 8049 nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); 8050 if (!nbl) { 8051 dprintk("NFSD: %s: unable to allocate block!\n", __func__); 8052 status = nfserr_jukebox; 8053 goto out; 8054 } 8055 8056 file_lock = &nbl->nbl_lock; 8057 file_lock->c.flc_type = type; 8058 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner)); 8059 file_lock->c.flc_pid = current->tgid; 8060 file_lock->c.flc_file = nf->nf_file; 8061 file_lock->c.flc_flags = flags; 8062 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8063 file_lock->fl_start = lock->lk_offset; 8064 file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length); 8065 nfs4_transform_lock_offset(file_lock); 8066 8067 conflock = locks_alloc_lock(); 8068 if (!conflock) { 8069 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8070 status = nfserr_jukebox; 8071 goto out; 8072 } 8073 8074 if (flags & FL_SLEEP) { 8075 nbl->nbl_time = ktime_get_boottime_seconds(); 8076 spin_lock(&nn->blocked_locks_lock); 8077 list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); 8078 list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); 8079 kref_get(&nbl->nbl_kref); 8080 spin_unlock(&nn->blocked_locks_lock); 8081 } 8082 8083 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, conflock); 8084 switch (err) { 8085 case 0: /* success! */ 8086 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid); 8087 status = 0; 8088 if (lock->lk_reclaim) 8089 nn->somebody_reclaimed = true; 8090 break; 8091 case FILE_LOCK_DEFERRED: 8092 kref_put(&nbl->nbl_kref, free_nbl); 8093 nbl = NULL; 8094 fallthrough; 8095 case -EAGAIN: /* conflock holds conflicting lock */ 8096 status = nfserr_denied; 8097 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n"); 8098 nfs4_set_lock_denied(conflock, &lock->lk_denied); 8099 break; 8100 case -EDEADLK: 8101 status = nfserr_deadlock; 8102 break; 8103 default: 8104 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err); 8105 status = nfserrno(err); 8106 break; 8107 } 8108 out: 8109 if (nbl) { 8110 /* dequeue it if we queued it before */ 8111 if (flags & FL_SLEEP) { 8112 spin_lock(&nn->blocked_locks_lock); 8113 if (!list_empty(&nbl->nbl_list) && 8114 !list_empty(&nbl->nbl_lru)) { 8115 list_del_init(&nbl->nbl_list); 8116 list_del_init(&nbl->nbl_lru); 8117 kref_put(&nbl->nbl_kref, free_nbl); 8118 } 8119 /* nbl can use one of lists to be linked to reaplist */ 8120 spin_unlock(&nn->blocked_locks_lock); 8121 } 8122 free_blocked_lock(nbl); 8123 } 8124 if (nf) 8125 nfsd_file_put(nf); 8126 if (lock_stp) { 8127 /* Bump seqid manually if the 4.0 replay owner is openowner */ 8128 if (cstate->replay_owner && 8129 cstate->replay_owner != &lock_sop->lo_owner && 8130 seqid_mutating_err(ntohl(status))) 8131 lock_sop->lo_owner.so_seqid++; 8132 8133 /* 8134 * If this is a new, never-before-used stateid, and we are 8135 * returning an error, then just go ahead and release it. 8136 */ 8137 if (status && new) 8138 release_lock_stateid(lock_stp); 8139 8140 mutex_unlock(&lock_stp->st_mutex); 8141 8142 nfs4_put_stid(&lock_stp->st_stid); 8143 } 8144 if (open_stp) 8145 nfs4_put_stid(&open_stp->st_stid); 8146 nfsd4_bump_seqid(cstate, status); 8147 if (conflock) 8148 locks_free_lock(conflock); 8149 return status; 8150 } 8151 nfsd4_lock_release(union nfsd4_op_u * u)8152 void nfsd4_lock_release(union nfsd4_op_u *u) 8153 { 8154 struct nfsd4_lock *lock = &u->lock; 8155 struct nfsd4_lock_denied *deny = &lock->lk_denied; 8156 8157 kfree(deny->ld_owner.data); 8158 } 8159 8160 /* 8161 * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN, 8162 * so we do a temporary open here just to get an open file to pass to 8163 * vfs_test_lock. 8164 */ nfsd_test_lock(struct svc_rqst * rqstp,struct svc_fh * fhp,struct file_lock * lock)8165 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock) 8166 { 8167 struct nfsd_file *nf; 8168 struct inode *inode; 8169 __be32 err; 8170 8171 err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); 8172 if (err) 8173 return err; 8174 inode = fhp->fh_dentry->d_inode; 8175 inode_lock(inode); /* to block new leases till after test_lock: */ 8176 err = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 8177 if (err) 8178 goto out; 8179 lock->c.flc_file = nf->nf_file; 8180 err = nfserrno(vfs_test_lock(nf->nf_file, lock)); 8181 lock->c.flc_file = NULL; 8182 out: 8183 inode_unlock(inode); 8184 nfsd_file_put(nf); 8185 return err; 8186 } 8187 8188 /* 8189 * LOCKT operation 8190 */ 8191 __be32 nfsd4_lockt(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8192 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8193 union nfsd4_op_u *u) 8194 { 8195 struct nfsd4_lockt *lockt = &u->lockt; 8196 struct file_lock *file_lock = NULL; 8197 struct nfs4_lockowner *lo = NULL; 8198 __be32 status; 8199 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8200 8201 if (locks_in_grace(SVC_NET(rqstp))) 8202 return nfserr_grace; 8203 8204 if (check_lock_length(lockt->lt_offset, lockt->lt_length)) 8205 return nfserr_inval; 8206 8207 if (!nfsd4_has_session(cstate)) { 8208 status = set_client(&lockt->lt_clientid, cstate, nn); 8209 if (status) 8210 goto out; 8211 } 8212 8213 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 8214 goto out; 8215 8216 file_lock = locks_alloc_lock(); 8217 if (!file_lock) { 8218 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8219 status = nfserr_jukebox; 8220 goto out; 8221 } 8222 8223 switch (lockt->lt_type) { 8224 case NFS4_READ_LT: 8225 case NFS4_READW_LT: 8226 file_lock->c.flc_type = F_RDLCK; 8227 break; 8228 case NFS4_WRITE_LT: 8229 case NFS4_WRITEW_LT: 8230 file_lock->c.flc_type = F_WRLCK; 8231 break; 8232 default: 8233 dprintk("NFSD: nfs4_lockt: bad lock type!\n"); 8234 status = nfserr_inval; 8235 goto out; 8236 } 8237 8238 lo = find_lockowner_str(cstate->clp, &lockt->lt_owner); 8239 if (lo) 8240 file_lock->c.flc_owner = (fl_owner_t)lo; 8241 file_lock->c.flc_pid = current->tgid; 8242 file_lock->c.flc_flags = FL_POSIX; 8243 8244 file_lock->fl_start = lockt->lt_offset; 8245 file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length); 8246 8247 nfs4_transform_lock_offset(file_lock); 8248 8249 status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock); 8250 if (status) 8251 goto out; 8252 8253 if (file_lock->c.flc_type != F_UNLCK) { 8254 status = nfserr_denied; 8255 nfs4_set_lock_denied(file_lock, &lockt->lt_denied); 8256 } 8257 out: 8258 if (lo) 8259 nfs4_put_stateowner(&lo->lo_owner); 8260 if (file_lock) 8261 locks_free_lock(file_lock); 8262 return status; 8263 } 8264 nfsd4_lockt_release(union nfsd4_op_u * u)8265 void nfsd4_lockt_release(union nfsd4_op_u *u) 8266 { 8267 struct nfsd4_lockt *lockt = &u->lockt; 8268 struct nfsd4_lock_denied *deny = &lockt->lt_denied; 8269 8270 kfree(deny->ld_owner.data); 8271 } 8272 8273 __be32 nfsd4_locku(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8274 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8275 union nfsd4_op_u *u) 8276 { 8277 struct nfsd4_locku *locku = &u->locku; 8278 struct nfs4_ol_stateid *stp; 8279 struct nfsd_file *nf = NULL; 8280 struct file_lock *file_lock = NULL; 8281 __be32 status; 8282 int err; 8283 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8284 8285 dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n", 8286 (long long) locku->lu_offset, 8287 (long long) locku->lu_length); 8288 8289 if (check_lock_length(locku->lu_offset, locku->lu_length)) 8290 return nfserr_inval; 8291 8292 status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid, 8293 &locku->lu_stateid, SC_TYPE_LOCK, 0, 8294 &stp, nn); 8295 if (status) 8296 goto out; 8297 nf = find_any_file(stp->st_stid.sc_file); 8298 if (!nf) { 8299 status = nfserr_lock_range; 8300 goto put_stateid; 8301 } 8302 file_lock = locks_alloc_lock(); 8303 if (!file_lock) { 8304 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8305 status = nfserr_jukebox; 8306 goto put_file; 8307 } 8308 8309 file_lock->c.flc_type = F_UNLCK; 8310 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner)); 8311 file_lock->c.flc_pid = current->tgid; 8312 file_lock->c.flc_file = nf->nf_file; 8313 file_lock->c.flc_flags = FL_POSIX; 8314 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8315 file_lock->fl_start = locku->lu_offset; 8316 8317 file_lock->fl_end = last_byte_offset(locku->lu_offset, 8318 locku->lu_length); 8319 nfs4_transform_lock_offset(file_lock); 8320 8321 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, NULL); 8322 if (err) { 8323 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n"); 8324 goto out_nfserr; 8325 } 8326 nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid); 8327 put_file: 8328 nfsd_file_put(nf); 8329 put_stateid: 8330 mutex_unlock(&stp->st_mutex); 8331 nfs4_put_stid(&stp->st_stid); 8332 out: 8333 nfsd4_bump_seqid(cstate, status); 8334 if (file_lock) 8335 locks_free_lock(file_lock); 8336 return status; 8337 8338 out_nfserr: 8339 status = nfserrno(err); 8340 goto put_file; 8341 } 8342 8343 /* 8344 * returns 8345 * true: locks held by lockowner 8346 * false: no locks held by lockowner 8347 */ 8348 static bool check_for_locks(struct nfs4_file * fp,struct nfs4_lockowner * lowner)8349 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner) 8350 { 8351 struct file_lock *fl; 8352 int status = false; 8353 struct nfsd_file *nf; 8354 struct inode *inode; 8355 struct file_lock_context *flctx; 8356 8357 spin_lock(&fp->fi_lock); 8358 nf = find_any_file_locked(fp); 8359 if (!nf) { 8360 /* Any valid lock stateid should have some sort of access */ 8361 WARN_ON_ONCE(1); 8362 goto out; 8363 } 8364 8365 inode = file_inode(nf->nf_file); 8366 flctx = locks_inode_context(inode); 8367 8368 if (flctx && !list_empty_careful(&flctx->flc_posix)) { 8369 spin_lock(&flctx->flc_lock); 8370 for_each_file_lock(fl, &flctx->flc_posix) { 8371 if (fl->c.flc_owner == (fl_owner_t)lowner) { 8372 status = true; 8373 break; 8374 } 8375 } 8376 spin_unlock(&flctx->flc_lock); 8377 } 8378 out: 8379 spin_unlock(&fp->fi_lock); 8380 return status; 8381 } 8382 8383 /** 8384 * nfsd4_release_lockowner - process NFSv4.0 RELEASE_LOCKOWNER operations 8385 * @rqstp: RPC transaction 8386 * @cstate: NFSv4 COMPOUND state 8387 * @u: RELEASE_LOCKOWNER arguments 8388 * 8389 * Check if there are any locks still held and if not, free the lockowner 8390 * and any lock state that is owned. 8391 * 8392 * Return values: 8393 * %nfs_ok: lockowner released or not found 8394 * %nfserr_locks_held: lockowner still in use 8395 * %nfserr_stale_clientid: clientid no longer active 8396 * %nfserr_expired: clientid not recognized 8397 */ 8398 __be32 nfsd4_release_lockowner(struct svc_rqst * rqstp,struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8399 nfsd4_release_lockowner(struct svc_rqst *rqstp, 8400 struct nfsd4_compound_state *cstate, 8401 union nfsd4_op_u *u) 8402 { 8403 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner; 8404 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8405 clientid_t *clid = &rlockowner->rl_clientid; 8406 struct nfs4_ol_stateid *stp; 8407 struct nfs4_lockowner *lo; 8408 struct nfs4_client *clp; 8409 LIST_HEAD(reaplist); 8410 __be32 status; 8411 8412 dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n", 8413 clid->cl_boot, clid->cl_id); 8414 8415 status = set_client(clid, cstate, nn); 8416 if (status) 8417 return status; 8418 clp = cstate->clp; 8419 8420 spin_lock(&clp->cl_lock); 8421 lo = find_lockowner_str_locked(clp, &rlockowner->rl_owner); 8422 if (!lo) { 8423 spin_unlock(&clp->cl_lock); 8424 return nfs_ok; 8425 } 8426 8427 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 8428 if (check_for_locks(stp->st_stid.sc_file, lo)) { 8429 spin_unlock(&clp->cl_lock); 8430 nfs4_put_stateowner(&lo->lo_owner); 8431 return nfserr_locks_held; 8432 } 8433 } 8434 unhash_lockowner_locked(lo); 8435 while (!list_empty(&lo->lo_owner.so_stateids)) { 8436 stp = list_first_entry(&lo->lo_owner.so_stateids, 8437 struct nfs4_ol_stateid, 8438 st_perstateowner); 8439 unhash_lock_stateid(stp); 8440 put_ol_stateid_locked(stp, &reaplist); 8441 } 8442 spin_unlock(&clp->cl_lock); 8443 8444 free_ol_stateid_reaplist(&reaplist); 8445 remove_blocked_locks(lo); 8446 nfs4_put_stateowner(&lo->lo_owner); 8447 return nfs_ok; 8448 } 8449 8450 static inline struct nfs4_client_reclaim * alloc_reclaim(void)8451 alloc_reclaim(void) 8452 { 8453 return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL); 8454 } 8455 8456 bool nfs4_has_reclaimed_state(struct xdr_netobj name,struct nfsd_net * nn)8457 nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn) 8458 { 8459 struct nfs4_client_reclaim *crp; 8460 8461 crp = nfsd4_find_reclaim_client(name, nn); 8462 return (crp && crp->cr_clp); 8463 } 8464 8465 /* 8466 * failure => all reset bets are off, nfserr_no_grace... 8467 * 8468 * The caller is responsible for freeing name.data if NULL is returned (it 8469 * will be freed in nfs4_remove_reclaim_record in the normal case). 8470 */ 8471 struct nfs4_client_reclaim * nfs4_client_to_reclaim(struct xdr_netobj name,struct xdr_netobj princhash,struct nfsd_net * nn)8472 nfs4_client_to_reclaim(struct xdr_netobj name, struct xdr_netobj princhash, 8473 struct nfsd_net *nn) 8474 { 8475 unsigned int strhashval; 8476 struct nfs4_client_reclaim *crp; 8477 8478 crp = alloc_reclaim(); 8479 if (crp) { 8480 strhashval = clientstr_hashval(name); 8481 INIT_LIST_HEAD(&crp->cr_strhash); 8482 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]); 8483 crp->cr_name.data = name.data; 8484 crp->cr_name.len = name.len; 8485 crp->cr_princhash.data = princhash.data; 8486 crp->cr_princhash.len = princhash.len; 8487 crp->cr_clp = NULL; 8488 nn->reclaim_str_hashtbl_size++; 8489 } 8490 return crp; 8491 } 8492 8493 void nfs4_remove_reclaim_record(struct nfs4_client_reclaim * crp,struct nfsd_net * nn)8494 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn) 8495 { 8496 list_del(&crp->cr_strhash); 8497 kfree(crp->cr_name.data); 8498 kfree(crp->cr_princhash.data); 8499 kfree(crp); 8500 nn->reclaim_str_hashtbl_size--; 8501 } 8502 8503 void nfs4_release_reclaim(struct nfsd_net * nn)8504 nfs4_release_reclaim(struct nfsd_net *nn) 8505 { 8506 struct nfs4_client_reclaim *crp = NULL; 8507 int i; 8508 8509 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8510 while (!list_empty(&nn->reclaim_str_hashtbl[i])) { 8511 crp = list_entry(nn->reclaim_str_hashtbl[i].next, 8512 struct nfs4_client_reclaim, cr_strhash); 8513 nfs4_remove_reclaim_record(crp, nn); 8514 } 8515 } 8516 WARN_ON_ONCE(nn->reclaim_str_hashtbl_size); 8517 } 8518 8519 /* 8520 * called from OPEN, CLAIM_PREVIOUS with a new clientid. */ 8521 struct nfs4_client_reclaim * nfsd4_find_reclaim_client(struct xdr_netobj name,struct nfsd_net * nn)8522 nfsd4_find_reclaim_client(struct xdr_netobj name, struct nfsd_net *nn) 8523 { 8524 unsigned int strhashval; 8525 struct nfs4_client_reclaim *crp = NULL; 8526 8527 strhashval = clientstr_hashval(name); 8528 list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) { 8529 if (compare_blob(&crp->cr_name, &name) == 0) { 8530 return crp; 8531 } 8532 } 8533 return NULL; 8534 } 8535 8536 __be32 nfs4_check_open_reclaim(struct nfs4_client * clp)8537 nfs4_check_open_reclaim(struct nfs4_client *clp) 8538 { 8539 if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 8540 return nfserr_no_grace; 8541 8542 if (nfsd4_client_record_check(clp)) 8543 return nfserr_reclaim_bad; 8544 8545 return nfs_ok; 8546 } 8547 8548 /* 8549 * Since the lifetime of a delegation isn't limited to that of an open, a 8550 * client may quite reasonably hang on to a delegation as long as it has 8551 * the inode cached. This becomes an obvious problem the first time a 8552 * client's inode cache approaches the size of the server's total memory. 8553 * 8554 * For now we avoid this problem by imposing a hard limit on the number 8555 * of delegations, which varies according to the server's memory size. 8556 */ 8557 static void set_max_delegations(void)8558 set_max_delegations(void) 8559 { 8560 /* 8561 * Allow at most 4 delegations per megabyte of RAM. Quick 8562 * estimates suggest that in the worst case (where every delegation 8563 * is for a different inode), a delegation could take about 1.5K, 8564 * giving a worst case usage of about 6% of memory. 8565 */ 8566 max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT); 8567 } 8568 nfs4_state_create_net(struct net * net)8569 static int nfs4_state_create_net(struct net *net) 8570 { 8571 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8572 int i; 8573 8574 nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 8575 sizeof(struct list_head), 8576 GFP_KERNEL); 8577 if (!nn->conf_id_hashtbl) 8578 goto err; 8579 nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 8580 sizeof(struct list_head), 8581 GFP_KERNEL); 8582 if (!nn->unconf_id_hashtbl) 8583 goto err_unconf_id; 8584 nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE, 8585 sizeof(struct list_head), 8586 GFP_KERNEL); 8587 if (!nn->sessionid_hashtbl) 8588 goto err_sessionid; 8589 8590 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8591 INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]); 8592 INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]); 8593 } 8594 for (i = 0; i < SESSION_HASH_SIZE; i++) 8595 INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]); 8596 nn->conf_name_tree = RB_ROOT; 8597 nn->unconf_name_tree = RB_ROOT; 8598 nn->boot_time = ktime_get_real_seconds(); 8599 nn->grace_ended = false; 8600 nn->nfsd4_manager.block_opens = true; 8601 INIT_LIST_HEAD(&nn->nfsd4_manager.list); 8602 INIT_LIST_HEAD(&nn->client_lru); 8603 INIT_LIST_HEAD(&nn->close_lru); 8604 INIT_LIST_HEAD(&nn->del_recall_lru); 8605 spin_lock_init(&nn->client_lock); 8606 spin_lock_init(&nn->s2s_cp_lock); 8607 idr_init(&nn->s2s_cp_stateids); 8608 atomic_set(&nn->pending_async_copies, 0); 8609 8610 spin_lock_init(&nn->blocked_locks_lock); 8611 INIT_LIST_HEAD(&nn->blocked_locks_lru); 8612 8613 INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main); 8614 INIT_WORK(&nn->nfsd_shrinker_work, nfsd4_state_shrinker_worker); 8615 get_net(net); 8616 8617 nn->nfsd_client_shrinker = shrinker_alloc(0, "nfsd-client"); 8618 if (!nn->nfsd_client_shrinker) 8619 goto err_shrinker; 8620 8621 nn->nfsd_client_shrinker->scan_objects = nfsd4_state_shrinker_scan; 8622 nn->nfsd_client_shrinker->count_objects = nfsd4_state_shrinker_count; 8623 nn->nfsd_client_shrinker->private_data = nn; 8624 8625 shrinker_register(nn->nfsd_client_shrinker); 8626 8627 return 0; 8628 8629 err_shrinker: 8630 put_net(net); 8631 kfree(nn->sessionid_hashtbl); 8632 err_sessionid: 8633 kfree(nn->unconf_id_hashtbl); 8634 err_unconf_id: 8635 kfree(nn->conf_id_hashtbl); 8636 err: 8637 return -ENOMEM; 8638 } 8639 8640 static void nfs4_state_destroy_net(struct net * net)8641 nfs4_state_destroy_net(struct net *net) 8642 { 8643 int i; 8644 struct nfs4_client *clp = NULL; 8645 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8646 8647 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8648 while (!list_empty(&nn->conf_id_hashtbl[i])) { 8649 clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 8650 destroy_client(clp); 8651 } 8652 } 8653 8654 WARN_ON(!list_empty(&nn->blocked_locks_lru)); 8655 8656 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 8657 while (!list_empty(&nn->unconf_id_hashtbl[i])) { 8658 clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 8659 destroy_client(clp); 8660 } 8661 } 8662 8663 kfree(nn->sessionid_hashtbl); 8664 kfree(nn->unconf_id_hashtbl); 8665 kfree(nn->conf_id_hashtbl); 8666 put_net(net); 8667 } 8668 8669 int nfs4_state_start_net(struct net * net)8670 nfs4_state_start_net(struct net *net) 8671 { 8672 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8673 int ret; 8674 8675 ret = nfs4_state_create_net(net); 8676 if (ret) 8677 return ret; 8678 locks_start_grace(net, &nn->nfsd4_manager); 8679 nfsd4_client_tracking_init(net); 8680 if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) 8681 goto skip_grace; 8682 printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", 8683 nn->nfsd4_grace, net->ns.inum); 8684 trace_nfsd_grace_start(nn); 8685 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ); 8686 return 0; 8687 8688 skip_grace: 8689 printk(KERN_INFO "NFSD: no clients to reclaim, skipping NFSv4 grace period (net %x)\n", 8690 net->ns.inum); 8691 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_lease * HZ); 8692 nfsd4_end_grace(nn); 8693 return 0; 8694 } 8695 8696 /* initialization to perform when the nfsd service is started: */ 8697 8698 int nfs4_state_start(void)8699 nfs4_state_start(void) 8700 { 8701 int ret; 8702 8703 ret = rhltable_init(&nfs4_file_rhltable, &nfs4_file_rhash_params); 8704 if (ret) 8705 return ret; 8706 8707 set_max_delegations(); 8708 return 0; 8709 } 8710 8711 void nfs4_state_shutdown_net(struct net * net)8712 nfs4_state_shutdown_net(struct net *net) 8713 { 8714 struct nfs4_delegation *dp = NULL; 8715 struct list_head *pos, *next, reaplist; 8716 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8717 8718 shrinker_free(nn->nfsd_client_shrinker); 8719 cancel_work_sync(&nn->nfsd_shrinker_work); 8720 cancel_delayed_work_sync(&nn->laundromat_work); 8721 locks_end_grace(&nn->nfsd4_manager); 8722 8723 INIT_LIST_HEAD(&reaplist); 8724 spin_lock(&state_lock); 8725 list_for_each_safe(pos, next, &nn->del_recall_lru) { 8726 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 8727 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 8728 list_add(&dp->dl_recall_lru, &reaplist); 8729 } 8730 spin_unlock(&state_lock); 8731 list_for_each_safe(pos, next, &reaplist) { 8732 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 8733 list_del_init(&dp->dl_recall_lru); 8734 destroy_unhashed_deleg(dp); 8735 } 8736 8737 nfsd4_client_tracking_exit(net); 8738 nfs4_state_destroy_net(net); 8739 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 8740 nfsd4_ssc_shutdown_umount(nn); 8741 #endif 8742 } 8743 8744 void nfs4_state_shutdown(void)8745 nfs4_state_shutdown(void) 8746 { 8747 rhltable_destroy(&nfs4_file_rhltable); 8748 } 8749 8750 static void get_stateid(struct nfsd4_compound_state * cstate,stateid_t * stateid)8751 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 8752 { 8753 if (HAS_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG) && 8754 CURRENT_STATEID(stateid)) 8755 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t)); 8756 } 8757 8758 static void put_stateid(struct nfsd4_compound_state * cstate,stateid_t * stateid)8759 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 8760 { 8761 if (cstate->minorversion) { 8762 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t)); 8763 SET_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 8764 } 8765 } 8766 8767 void clear_current_stateid(struct nfsd4_compound_state * cstate)8768 clear_current_stateid(struct nfsd4_compound_state *cstate) 8769 { 8770 CLEAR_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 8771 } 8772 8773 /* 8774 * functions to set current state id 8775 */ 8776 void nfsd4_set_opendowngradestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8777 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, 8778 union nfsd4_op_u *u) 8779 { 8780 put_stateid(cstate, &u->open_downgrade.od_stateid); 8781 } 8782 8783 void nfsd4_set_openstateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8784 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, 8785 union nfsd4_op_u *u) 8786 { 8787 put_stateid(cstate, &u->open.op_stateid); 8788 } 8789 8790 void nfsd4_set_closestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8791 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, 8792 union nfsd4_op_u *u) 8793 { 8794 put_stateid(cstate, &u->close.cl_stateid); 8795 } 8796 8797 void nfsd4_set_lockstateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8798 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, 8799 union nfsd4_op_u *u) 8800 { 8801 put_stateid(cstate, &u->lock.lk_resp_stateid); 8802 } 8803 8804 /* 8805 * functions to consume current state id 8806 */ 8807 8808 void nfsd4_get_opendowngradestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8809 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, 8810 union nfsd4_op_u *u) 8811 { 8812 get_stateid(cstate, &u->open_downgrade.od_stateid); 8813 } 8814 8815 void nfsd4_get_delegreturnstateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8816 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, 8817 union nfsd4_op_u *u) 8818 { 8819 get_stateid(cstate, &u->delegreturn.dr_stateid); 8820 } 8821 8822 void nfsd4_get_freestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8823 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, 8824 union nfsd4_op_u *u) 8825 { 8826 get_stateid(cstate, &u->free_stateid.fr_stateid); 8827 } 8828 8829 void nfsd4_get_setattrstateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8830 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, 8831 union nfsd4_op_u *u) 8832 { 8833 get_stateid(cstate, &u->setattr.sa_stateid); 8834 } 8835 8836 void nfsd4_get_closestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8837 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, 8838 union nfsd4_op_u *u) 8839 { 8840 get_stateid(cstate, &u->close.cl_stateid); 8841 } 8842 8843 void nfsd4_get_lockustateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8844 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, 8845 union nfsd4_op_u *u) 8846 { 8847 get_stateid(cstate, &u->locku.lu_stateid); 8848 } 8849 8850 void nfsd4_get_readstateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8851 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, 8852 union nfsd4_op_u *u) 8853 { 8854 get_stateid(cstate, &u->read.rd_stateid); 8855 } 8856 8857 void nfsd4_get_writestateid(struct nfsd4_compound_state * cstate,union nfsd4_op_u * u)8858 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, 8859 union nfsd4_op_u *u) 8860 { 8861 get_stateid(cstate, &u->write.wr_stateid); 8862 } 8863 8864 /** 8865 * nfsd4_deleg_getattr_conflict - Recall if GETATTR causes conflict 8866 * @rqstp: RPC transaction context 8867 * @dentry: dentry of inode to be checked for a conflict 8868 * @modified: return true if file was modified 8869 * @size: new size of file if modified is true 8870 * 8871 * This function is called when there is a conflict between a write 8872 * delegation and a change/size GETATTR from another client. The server 8873 * must either use the CB_GETATTR to get the current values of the 8874 * attributes from the client that holds the delegation or recall the 8875 * delegation before replying to the GETATTR. See RFC 8881 section 8876 * 18.7.4. 8877 * 8878 * Returns 0 if there is no conflict; otherwise an nfs_stat 8879 * code is returned. 8880 */ 8881 __be32 nfsd4_deleg_getattr_conflict(struct svc_rqst * rqstp,struct dentry * dentry,bool * modified,u64 * size)8882 nfsd4_deleg_getattr_conflict(struct svc_rqst *rqstp, struct dentry *dentry, 8883 bool *modified, u64 *size) 8884 { 8885 __be32 status; 8886 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8887 struct file_lock_context *ctx; 8888 struct nfs4_delegation *dp = NULL; 8889 struct file_lease *fl; 8890 struct iattr attrs; 8891 struct nfs4_cb_fattr *ncf; 8892 struct inode *inode = d_inode(dentry); 8893 8894 *modified = false; 8895 ctx = locks_inode_context(inode); 8896 if (!ctx) 8897 return 0; 8898 8899 #define NON_NFSD_LEASE ((void *)1) 8900 8901 spin_lock(&ctx->flc_lock); 8902 for_each_file_lock(fl, &ctx->flc_lease) { 8903 if (fl->c.flc_flags == FL_LAYOUT) 8904 continue; 8905 if (fl->c.flc_type == F_WRLCK) { 8906 if (fl->fl_lmops == &nfsd_lease_mng_ops) 8907 dp = fl->c.flc_owner; 8908 else 8909 dp = NON_NFSD_LEASE; 8910 } 8911 break; 8912 } 8913 if (dp == NULL || dp == NON_NFSD_LEASE || 8914 dp->dl_recall.cb_clp == *(rqstp->rq_lease_breaker)) { 8915 spin_unlock(&ctx->flc_lock); 8916 if (dp == NON_NFSD_LEASE) { 8917 status = nfserrno(nfsd_open_break_lease(inode, 8918 NFSD_MAY_READ)); 8919 if (status != nfserr_jukebox || 8920 !nfsd_wait_for_delegreturn(rqstp, inode)) 8921 return status; 8922 } 8923 return 0; 8924 } 8925 8926 nfsd_stats_wdeleg_getattr_inc(nn); 8927 refcount_inc(&dp->dl_stid.sc_count); 8928 ncf = &dp->dl_cb_fattr; 8929 nfs4_cb_getattr(&dp->dl_cb_fattr); 8930 spin_unlock(&ctx->flc_lock); 8931 8932 wait_on_bit_timeout(&ncf->ncf_cb_flags, CB_GETATTR_BUSY, 8933 TASK_INTERRUPTIBLE, NFSD_CB_GETATTR_TIMEOUT); 8934 if (ncf->ncf_cb_status) { 8935 /* Recall delegation only if client didn't respond */ 8936 status = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 8937 if (status != nfserr_jukebox || 8938 !nfsd_wait_for_delegreturn(rqstp, inode)) 8939 goto out_status; 8940 } 8941 if (!ncf->ncf_file_modified && 8942 (ncf->ncf_initial_cinfo != ncf->ncf_cb_change || 8943 ncf->ncf_cur_fsize != ncf->ncf_cb_fsize)) 8944 ncf->ncf_file_modified = true; 8945 if (ncf->ncf_file_modified) { 8946 int err; 8947 8948 /* 8949 * Per section 10.4.3 of RFC 8881, the server would 8950 * not update the file's metadata with the client's 8951 * modified size 8952 */ 8953 attrs.ia_mtime = attrs.ia_ctime = current_time(inode); 8954 attrs.ia_valid = ATTR_MTIME | ATTR_CTIME | ATTR_DELEG; 8955 inode_lock(inode); 8956 err = notify_change(&nop_mnt_idmap, dentry, &attrs, NULL); 8957 inode_unlock(inode); 8958 if (err) { 8959 status = nfserrno(err); 8960 goto out_status; 8961 } 8962 ncf->ncf_cur_fsize = ncf->ncf_cb_fsize; 8963 *size = ncf->ncf_cur_fsize; 8964 *modified = true; 8965 } 8966 status = 0; 8967 out_status: 8968 nfs4_put_stid(&dp->dl_stid); 8969 return status; 8970 } 8971