1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * The NFSD open file cache.
4  *
5  * (c) 2015 - Jeff Layton <jeff.layton@primarydata.com>
6  *
7  * An nfsd_file object is a per-file collection of open state that binds
8  * together:
9  *   - a struct file *
10  *   - a user credential
11  *   - a network namespace
12  *   - a read-ahead context
13  *   - monitoring for writeback errors
14  *
15  * nfsd_file objects are reference-counted. Consumers acquire a new
16  * object via the nfsd_file_acquire API. They manage their interest in
17  * the acquired object, and hence the object's reference count, via
18  * nfsd_file_get and nfsd_file_put. There are two varieties of nfsd_file
19  * object:
20  *
21  *  * non-garbage-collected: When a consumer wants to precisely control
22  *    the lifetime of a file's open state, it acquires a non-garbage-
23  *    collected nfsd_file. The final nfsd_file_put releases the open
24  *    state immediately.
25  *
26  *  * garbage-collected: When a consumer does not control the lifetime
27  *    of open state, it acquires a garbage-collected nfsd_file. The
28  *    final nfsd_file_put allows the open state to linger for a period
29  *    during which it may be re-used.
30  */
31 
32 #include <linux/hash.h>
33 #include <linux/slab.h>
34 #include <linux/file.h>
35 #include <linux/pagemap.h>
36 #include <linux/sched.h>
37 #include <linux/list_lru.h>
38 #include <linux/fsnotify_backend.h>
39 #include <linux/fsnotify.h>
40 #include <linux/seq_file.h>
41 #include <linux/rhashtable.h>
42 
43 #include "vfs.h"
44 #include "nfsd.h"
45 #include "nfsfh.h"
46 #include "netns.h"
47 #include "filecache.h"
48 #include "trace.h"
49 
50 #define NFSD_LAUNDRETTE_DELAY		     (2 * HZ)
51 
52 #define NFSD_FILE_CACHE_UP		     (0)
53 
54 /* We only care about NFSD_MAY_READ/WRITE for this cache */
55 #define NFSD_FILE_MAY_MASK	(NFSD_MAY_READ|NFSD_MAY_WRITE|NFSD_MAY_LOCALIO)
56 
57 static DEFINE_PER_CPU(unsigned long, nfsd_file_cache_hits);
58 static DEFINE_PER_CPU(unsigned long, nfsd_file_acquisitions);
59 static DEFINE_PER_CPU(unsigned long, nfsd_file_allocations);
60 static DEFINE_PER_CPU(unsigned long, nfsd_file_releases);
61 static DEFINE_PER_CPU(unsigned long, nfsd_file_total_age);
62 static DEFINE_PER_CPU(unsigned long, nfsd_file_evictions);
63 
64 struct nfsd_fcache_disposal {
65 	spinlock_t lock;
66 	struct list_head freeme;
67 };
68 
69 static struct kmem_cache		*nfsd_file_slab;
70 static struct kmem_cache		*nfsd_file_mark_slab;
71 static struct list_lru			nfsd_file_lru;
72 static unsigned long			nfsd_file_flags;
73 static struct fsnotify_group		*nfsd_file_fsnotify_group;
74 static struct delayed_work		nfsd_filecache_laundrette;
75 static struct rhltable			nfsd_file_rhltable
76 						____cacheline_aligned_in_smp;
77 
78 static bool
nfsd_match_cred(const struct cred * c1,const struct cred * c2)79 nfsd_match_cred(const struct cred *c1, const struct cred *c2)
80 {
81 	int i;
82 
83 	if (!uid_eq(c1->fsuid, c2->fsuid))
84 		return false;
85 	if (!gid_eq(c1->fsgid, c2->fsgid))
86 		return false;
87 	if (c1->group_info == NULL || c2->group_info == NULL)
88 		return c1->group_info == c2->group_info;
89 	if (c1->group_info->ngroups != c2->group_info->ngroups)
90 		return false;
91 	for (i = 0; i < c1->group_info->ngroups; i++) {
92 		if (!gid_eq(c1->group_info->gid[i], c2->group_info->gid[i]))
93 			return false;
94 	}
95 	return true;
96 }
97 
98 static const struct rhashtable_params nfsd_file_rhash_params = {
99 	.key_len		= sizeof_field(struct nfsd_file, nf_inode),
100 	.key_offset		= offsetof(struct nfsd_file, nf_inode),
101 	.head_offset		= offsetof(struct nfsd_file, nf_rlist),
102 
103 	/*
104 	 * Start with a single page hash table to reduce resizing churn
105 	 * on light workloads.
106 	 */
107 	.min_size		= 256,
108 	.automatic_shrinking	= true,
109 };
110 
111 static void
nfsd_file_schedule_laundrette(void)112 nfsd_file_schedule_laundrette(void)
113 {
114 	if (test_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags))
115 		queue_delayed_work(system_unbound_wq, &nfsd_filecache_laundrette,
116 				   NFSD_LAUNDRETTE_DELAY);
117 }
118 
119 static void
nfsd_file_slab_free(struct rcu_head * rcu)120 nfsd_file_slab_free(struct rcu_head *rcu)
121 {
122 	struct nfsd_file *nf = container_of(rcu, struct nfsd_file, nf_rcu);
123 
124 	put_cred(nf->nf_cred);
125 	kmem_cache_free(nfsd_file_slab, nf);
126 }
127 
128 static void
nfsd_file_mark_free(struct fsnotify_mark * mark)129 nfsd_file_mark_free(struct fsnotify_mark *mark)
130 {
131 	struct nfsd_file_mark *nfm = container_of(mark, struct nfsd_file_mark,
132 						  nfm_mark);
133 
134 	kmem_cache_free(nfsd_file_mark_slab, nfm);
135 }
136 
137 static struct nfsd_file_mark *
nfsd_file_mark_get(struct nfsd_file_mark * nfm)138 nfsd_file_mark_get(struct nfsd_file_mark *nfm)
139 {
140 	if (!refcount_inc_not_zero(&nfm->nfm_ref))
141 		return NULL;
142 	return nfm;
143 }
144 
145 static void
nfsd_file_mark_put(struct nfsd_file_mark * nfm)146 nfsd_file_mark_put(struct nfsd_file_mark *nfm)
147 {
148 	if (refcount_dec_and_test(&nfm->nfm_ref)) {
149 		fsnotify_destroy_mark(&nfm->nfm_mark, nfsd_file_fsnotify_group);
150 		fsnotify_put_mark(&nfm->nfm_mark);
151 	}
152 }
153 
154 static struct nfsd_file_mark *
nfsd_file_mark_find_or_create(struct inode * inode)155 nfsd_file_mark_find_or_create(struct inode *inode)
156 {
157 	int			err;
158 	struct fsnotify_mark	*mark;
159 	struct nfsd_file_mark	*nfm = NULL, *new;
160 
161 	do {
162 		fsnotify_group_lock(nfsd_file_fsnotify_group);
163 		mark = fsnotify_find_inode_mark(inode,
164 						nfsd_file_fsnotify_group);
165 		if (mark) {
166 			nfm = nfsd_file_mark_get(container_of(mark,
167 						 struct nfsd_file_mark,
168 						 nfm_mark));
169 			fsnotify_group_unlock(nfsd_file_fsnotify_group);
170 			if (nfm) {
171 				fsnotify_put_mark(mark);
172 				break;
173 			}
174 			/* Avoid soft lockup race with nfsd_file_mark_put() */
175 			fsnotify_destroy_mark(mark, nfsd_file_fsnotify_group);
176 			fsnotify_put_mark(mark);
177 		} else {
178 			fsnotify_group_unlock(nfsd_file_fsnotify_group);
179 		}
180 
181 		/* allocate a new nfm */
182 		new = kmem_cache_alloc(nfsd_file_mark_slab, GFP_KERNEL);
183 		if (!new)
184 			return NULL;
185 		fsnotify_init_mark(&new->nfm_mark, nfsd_file_fsnotify_group);
186 		new->nfm_mark.mask = FS_ATTRIB|FS_DELETE_SELF;
187 		refcount_set(&new->nfm_ref, 1);
188 
189 		err = fsnotify_add_inode_mark(&new->nfm_mark, inode, 0);
190 
191 		/*
192 		 * If the add was successful, then return the object.
193 		 * Otherwise, we need to put the reference we hold on the
194 		 * nfm_mark. The fsnotify code will take a reference and put
195 		 * it on failure, so we can't just free it directly. It's also
196 		 * not safe to call fsnotify_destroy_mark on it as the
197 		 * mark->group will be NULL. Thus, we can't let the nfm_ref
198 		 * counter drive the destruction at this point.
199 		 */
200 		if (likely(!err))
201 			nfm = new;
202 		else
203 			fsnotify_put_mark(&new->nfm_mark);
204 	} while (unlikely(err == -EEXIST));
205 
206 	return nfm;
207 }
208 
209 static struct nfsd_file *
nfsd_file_alloc(struct net * net,struct inode * inode,unsigned char need,bool want_gc)210 nfsd_file_alloc(struct net *net, struct inode *inode, unsigned char need,
211 		bool want_gc)
212 {
213 	struct nfsd_file *nf;
214 
215 	nf = kmem_cache_alloc(nfsd_file_slab, GFP_KERNEL);
216 	if (unlikely(!nf))
217 		return NULL;
218 
219 	this_cpu_inc(nfsd_file_allocations);
220 	INIT_LIST_HEAD(&nf->nf_lru);
221 	INIT_LIST_HEAD(&nf->nf_gc);
222 	nf->nf_birthtime = ktime_get();
223 	nf->nf_file = NULL;
224 	nf->nf_cred = get_current_cred();
225 	nf->nf_net = net;
226 	nf->nf_flags = want_gc ?
227 		BIT(NFSD_FILE_HASHED) | BIT(NFSD_FILE_PENDING) | BIT(NFSD_FILE_GC) :
228 		BIT(NFSD_FILE_HASHED) | BIT(NFSD_FILE_PENDING);
229 	nf->nf_inode = inode;
230 	refcount_set(&nf->nf_ref, 1);
231 	nf->nf_may = need;
232 	nf->nf_mark = NULL;
233 	return nf;
234 }
235 
236 /**
237  * nfsd_file_check_write_error - check for writeback errors on a file
238  * @nf: nfsd_file to check for writeback errors
239  *
240  * Check whether a nfsd_file has an unseen error. Reset the write
241  * verifier if so.
242  */
243 static void
nfsd_file_check_write_error(struct nfsd_file * nf)244 nfsd_file_check_write_error(struct nfsd_file *nf)
245 {
246 	struct file *file = nf->nf_file;
247 
248 	if ((file->f_mode & FMODE_WRITE) &&
249 	    filemap_check_wb_err(file->f_mapping, READ_ONCE(file->f_wb_err)))
250 		nfsd_reset_write_verifier(net_generic(nf->nf_net, nfsd_net_id));
251 }
252 
253 static void
nfsd_file_hash_remove(struct nfsd_file * nf)254 nfsd_file_hash_remove(struct nfsd_file *nf)
255 {
256 	trace_nfsd_file_unhash(nf);
257 	rhltable_remove(&nfsd_file_rhltable, &nf->nf_rlist,
258 			nfsd_file_rhash_params);
259 }
260 
261 static bool
nfsd_file_unhash(struct nfsd_file * nf)262 nfsd_file_unhash(struct nfsd_file *nf)
263 {
264 	if (test_and_clear_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
265 		nfsd_file_hash_remove(nf);
266 		return true;
267 	}
268 	return false;
269 }
270 
271 static void
nfsd_file_free(struct nfsd_file * nf)272 nfsd_file_free(struct nfsd_file *nf)
273 {
274 	s64 age = ktime_to_ms(ktime_sub(ktime_get(), nf->nf_birthtime));
275 
276 	trace_nfsd_file_free(nf);
277 
278 	this_cpu_inc(nfsd_file_releases);
279 	this_cpu_add(nfsd_file_total_age, age);
280 
281 	nfsd_file_unhash(nf);
282 	if (nf->nf_mark)
283 		nfsd_file_mark_put(nf->nf_mark);
284 	if (nf->nf_file) {
285 		nfsd_file_check_write_error(nf);
286 		nfsd_filp_close(nf->nf_file);
287 	}
288 
289 	/*
290 	 * If this item is still linked via nf_lru, that's a bug.
291 	 * WARN and leak it to preserve system stability.
292 	 */
293 	if (WARN_ON_ONCE(!list_empty(&nf->nf_lru)))
294 		return;
295 
296 	call_rcu(&nf->nf_rcu, nfsd_file_slab_free);
297 }
298 
299 static bool
nfsd_file_check_writeback(struct nfsd_file * nf)300 nfsd_file_check_writeback(struct nfsd_file *nf)
301 {
302 	struct file *file = nf->nf_file;
303 	struct address_space *mapping;
304 
305 	/* File not open for write? */
306 	if (!(file->f_mode & FMODE_WRITE))
307 		return false;
308 
309 	/*
310 	 * Some filesystems (e.g. NFS) flush all dirty data on close.
311 	 * On others, there is no need to wait for writeback.
312 	 */
313 	if (!(file_inode(file)->i_sb->s_export_op->flags & EXPORT_OP_FLUSH_ON_CLOSE))
314 		return false;
315 
316 	mapping = file->f_mapping;
317 	return mapping_tagged(mapping, PAGECACHE_TAG_DIRTY) ||
318 		mapping_tagged(mapping, PAGECACHE_TAG_WRITEBACK);
319 }
320 
321 
nfsd_file_lru_add(struct nfsd_file * nf)322 static bool nfsd_file_lru_add(struct nfsd_file *nf)
323 {
324 	set_bit(NFSD_FILE_REFERENCED, &nf->nf_flags);
325 	if (list_lru_add_obj(&nfsd_file_lru, &nf->nf_lru)) {
326 		trace_nfsd_file_lru_add(nf);
327 		return true;
328 	}
329 	return false;
330 }
331 
nfsd_file_lru_remove(struct nfsd_file * nf)332 static bool nfsd_file_lru_remove(struct nfsd_file *nf)
333 {
334 	if (list_lru_del_obj(&nfsd_file_lru, &nf->nf_lru)) {
335 		trace_nfsd_file_lru_del(nf);
336 		return true;
337 	}
338 	return false;
339 }
340 
341 struct nfsd_file *
nfsd_file_get(struct nfsd_file * nf)342 nfsd_file_get(struct nfsd_file *nf)
343 {
344 	if (nf && refcount_inc_not_zero(&nf->nf_ref))
345 		return nf;
346 	return NULL;
347 }
348 
349 /**
350  * nfsd_file_put - put the reference to a nfsd_file
351  * @nf: nfsd_file of which to put the reference
352  *
353  * Put a reference to a nfsd_file. In the non-GC case, we just put the
354  * reference immediately. In the GC case, if the reference would be
355  * the last one, the put it on the LRU instead to be cleaned up later.
356  */
357 void
nfsd_file_put(struct nfsd_file * nf)358 nfsd_file_put(struct nfsd_file *nf)
359 {
360 	might_sleep();
361 	trace_nfsd_file_put(nf);
362 
363 	if (test_bit(NFSD_FILE_GC, &nf->nf_flags) &&
364 	    test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
365 		/*
366 		 * If this is the last reference (nf_ref == 1), then try to
367 		 * transfer it to the LRU.
368 		 */
369 		if (refcount_dec_not_one(&nf->nf_ref))
370 			return;
371 
372 		/* Try to add it to the LRU.  If that fails, decrement. */
373 		if (nfsd_file_lru_add(nf)) {
374 			/* If it's still hashed, we're done */
375 			if (test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
376 				nfsd_file_schedule_laundrette();
377 				return;
378 			}
379 
380 			/*
381 			 * We're racing with unhashing, so try to remove it from
382 			 * the LRU. If removal fails, then someone else already
383 			 * has our reference.
384 			 */
385 			if (!nfsd_file_lru_remove(nf))
386 				return;
387 		}
388 	}
389 	if (refcount_dec_and_test(&nf->nf_ref))
390 		nfsd_file_free(nf);
391 }
392 
393 /**
394  * nfsd_file_put_local - put the reference to nfsd_file and local nfsd_serv
395  * @nf: nfsd_file of which to put the references
396  *
397  * First put the reference of the nfsd_file and then put the
398  * reference to the associated nn->nfsd_serv.
399  */
400 void
nfsd_file_put_local(struct nfsd_file * nf)401 nfsd_file_put_local(struct nfsd_file *nf) __must_hold(rcu)
402 {
403 	struct net *net = nf->nf_net;
404 
405 	nfsd_file_put(nf);
406 	nfsd_serv_put(net);
407 }
408 
409 /**
410  * nfsd_file_file - get the backing file of an nfsd_file
411  * @nf: nfsd_file of which to access the backing file.
412  *
413  * Return backing file for @nf.
414  */
415 struct file *
nfsd_file_file(struct nfsd_file * nf)416 nfsd_file_file(struct nfsd_file *nf)
417 {
418 	return nf->nf_file;
419 }
420 
421 static void
nfsd_file_dispose_list(struct list_head * dispose)422 nfsd_file_dispose_list(struct list_head *dispose)
423 {
424 	struct nfsd_file *nf;
425 
426 	while (!list_empty(dispose)) {
427 		nf = list_first_entry(dispose, struct nfsd_file, nf_gc);
428 		list_del_init(&nf->nf_gc);
429 		nfsd_file_free(nf);
430 	}
431 }
432 
433 /**
434  * nfsd_file_dispose_list_delayed - move list of dead files to net's freeme list
435  * @dispose: list of nfsd_files to be disposed
436  *
437  * Transfers each file to the "freeme" list for its nfsd_net, to eventually
438  * be disposed of by the per-net garbage collector.
439  */
440 static void
nfsd_file_dispose_list_delayed(struct list_head * dispose)441 nfsd_file_dispose_list_delayed(struct list_head *dispose)
442 {
443 	while(!list_empty(dispose)) {
444 		struct nfsd_file *nf = list_first_entry(dispose,
445 						struct nfsd_file, nf_gc);
446 		struct nfsd_net *nn = net_generic(nf->nf_net, nfsd_net_id);
447 		struct nfsd_fcache_disposal *l = nn->fcache_disposal;
448 
449 		spin_lock(&l->lock);
450 		list_move_tail(&nf->nf_gc, &l->freeme);
451 		spin_unlock(&l->lock);
452 		svc_wake_up(nn->nfsd_serv);
453 	}
454 }
455 
456 /**
457  * nfsd_file_net_dispose - deal with nfsd_files waiting to be disposed.
458  * @nn: nfsd_net in which to find files to be disposed.
459  *
460  * When files held open for nfsv3 are removed from the filecache, whether
461  * due to memory pressure or garbage collection, they are queued to
462  * a per-net-ns queue.  This function completes the disposal, either
463  * directly or by waking another nfsd thread to help with the work.
464  */
nfsd_file_net_dispose(struct nfsd_net * nn)465 void nfsd_file_net_dispose(struct nfsd_net *nn)
466 {
467 	struct nfsd_fcache_disposal *l = nn->fcache_disposal;
468 
469 	if (!list_empty(&l->freeme)) {
470 		LIST_HEAD(dispose);
471 		int i;
472 
473 		spin_lock(&l->lock);
474 		for (i = 0; i < 8 && !list_empty(&l->freeme); i++)
475 			list_move(l->freeme.next, &dispose);
476 		spin_unlock(&l->lock);
477 		if (!list_empty(&l->freeme))
478 			/* Wake up another thread to share the work
479 			 * *before* doing any actual disposing.
480 			 */
481 			svc_wake_up(nn->nfsd_serv);
482 		nfsd_file_dispose_list(&dispose);
483 	}
484 }
485 
486 /**
487  * nfsd_file_lru_cb - Examine an entry on the LRU list
488  * @item: LRU entry to examine
489  * @lru: controlling LRU
490  * @lock: LRU list lock (unused)
491  * @arg: dispose list
492  *
493  * Return values:
494  *   %LRU_REMOVED: @item was removed from the LRU
495  *   %LRU_ROTATE: @item is to be moved to the LRU tail
496  *   %LRU_SKIP: @item cannot be evicted
497  */
498 static enum lru_status
nfsd_file_lru_cb(struct list_head * item,struct list_lru_one * lru,spinlock_t * lock,void * arg)499 nfsd_file_lru_cb(struct list_head *item, struct list_lru_one *lru,
500 		 spinlock_t *lock, void *arg)
501 	__releases(lock)
502 	__acquires(lock)
503 {
504 	struct list_head *head = arg;
505 	struct nfsd_file *nf = list_entry(item, struct nfsd_file, nf_lru);
506 
507 	/* We should only be dealing with GC entries here */
508 	WARN_ON_ONCE(!test_bit(NFSD_FILE_GC, &nf->nf_flags));
509 
510 	/*
511 	 * Don't throw out files that are still undergoing I/O or
512 	 * that have uncleared errors pending.
513 	 */
514 	if (nfsd_file_check_writeback(nf)) {
515 		trace_nfsd_file_gc_writeback(nf);
516 		return LRU_SKIP;
517 	}
518 
519 	/* If it was recently added to the list, skip it */
520 	if (test_and_clear_bit(NFSD_FILE_REFERENCED, &nf->nf_flags)) {
521 		trace_nfsd_file_gc_referenced(nf);
522 		return LRU_ROTATE;
523 	}
524 
525 	/*
526 	 * Put the reference held on behalf of the LRU. If it wasn't the last
527 	 * one, then just remove it from the LRU and ignore it.
528 	 */
529 	if (!refcount_dec_and_test(&nf->nf_ref)) {
530 		trace_nfsd_file_gc_in_use(nf);
531 		list_lru_isolate(lru, &nf->nf_lru);
532 		return LRU_REMOVED;
533 	}
534 
535 	/* Refcount went to zero. Unhash it and queue it to the dispose list */
536 	nfsd_file_unhash(nf);
537 	list_lru_isolate(lru, &nf->nf_lru);
538 	list_add(&nf->nf_gc, head);
539 	this_cpu_inc(nfsd_file_evictions);
540 	trace_nfsd_file_gc_disposed(nf);
541 	return LRU_REMOVED;
542 }
543 
544 static void
nfsd_file_gc(void)545 nfsd_file_gc(void)
546 {
547 	LIST_HEAD(dispose);
548 	unsigned long ret;
549 
550 	ret = list_lru_walk(&nfsd_file_lru, nfsd_file_lru_cb,
551 			    &dispose, list_lru_count(&nfsd_file_lru));
552 	trace_nfsd_file_gc_removed(ret, list_lru_count(&nfsd_file_lru));
553 	nfsd_file_dispose_list_delayed(&dispose);
554 }
555 
556 static void
nfsd_file_gc_worker(struct work_struct * work)557 nfsd_file_gc_worker(struct work_struct *work)
558 {
559 	nfsd_file_gc();
560 	if (list_lru_count(&nfsd_file_lru))
561 		nfsd_file_schedule_laundrette();
562 }
563 
564 static unsigned long
nfsd_file_lru_count(struct shrinker * s,struct shrink_control * sc)565 nfsd_file_lru_count(struct shrinker *s, struct shrink_control *sc)
566 {
567 	return list_lru_count(&nfsd_file_lru);
568 }
569 
570 static unsigned long
nfsd_file_lru_scan(struct shrinker * s,struct shrink_control * sc)571 nfsd_file_lru_scan(struct shrinker *s, struct shrink_control *sc)
572 {
573 	LIST_HEAD(dispose);
574 	unsigned long ret;
575 
576 	ret = list_lru_shrink_walk(&nfsd_file_lru, sc,
577 				   nfsd_file_lru_cb, &dispose);
578 	trace_nfsd_file_shrinker_removed(ret, list_lru_count(&nfsd_file_lru));
579 	nfsd_file_dispose_list_delayed(&dispose);
580 	return ret;
581 }
582 
583 static struct shrinker *nfsd_file_shrinker;
584 
585 /**
586  * nfsd_file_cond_queue - conditionally unhash and queue a nfsd_file
587  * @nf: nfsd_file to attempt to queue
588  * @dispose: private list to queue successfully-put objects
589  *
590  * Unhash an nfsd_file, try to get a reference to it, and then put that
591  * reference. If it's the last reference, queue it to the dispose list.
592  */
593 static void
nfsd_file_cond_queue(struct nfsd_file * nf,struct list_head * dispose)594 nfsd_file_cond_queue(struct nfsd_file *nf, struct list_head *dispose)
595 	__must_hold(RCU)
596 {
597 	int decrement = 1;
598 
599 	/* If we raced with someone else unhashing, ignore it */
600 	if (!nfsd_file_unhash(nf))
601 		return;
602 
603 	/* If we can't get a reference, ignore it */
604 	if (!nfsd_file_get(nf))
605 		return;
606 
607 	/* Extra decrement if we remove from the LRU */
608 	if (nfsd_file_lru_remove(nf))
609 		++decrement;
610 
611 	/* If refcount goes to 0, then put on the dispose list */
612 	if (refcount_sub_and_test(decrement, &nf->nf_ref)) {
613 		list_add(&nf->nf_gc, dispose);
614 		trace_nfsd_file_closing(nf);
615 	}
616 }
617 
618 /**
619  * nfsd_file_queue_for_close: try to close out any open nfsd_files for an inode
620  * @inode:   inode on which to close out nfsd_files
621  * @dispose: list on which to gather nfsd_files to close out
622  *
623  * An nfsd_file represents a struct file being held open on behalf of nfsd.
624  * An open file however can block other activity (such as leases), or cause
625  * undesirable behavior (e.g. spurious silly-renames when reexporting NFS).
626  *
627  * This function is intended to find open nfsd_files when this sort of
628  * conflicting access occurs and then attempt to close those files out.
629  *
630  * Populates the dispose list with entries that have already had their
631  * refcounts go to zero. The actual free of an nfsd_file can be expensive,
632  * so we leave it up to the caller whether it wants to wait or not.
633  */
634 static void
nfsd_file_queue_for_close(struct inode * inode,struct list_head * dispose)635 nfsd_file_queue_for_close(struct inode *inode, struct list_head *dispose)
636 {
637 	struct rhlist_head *tmp, *list;
638 	struct nfsd_file *nf;
639 
640 	rcu_read_lock();
641 	list = rhltable_lookup(&nfsd_file_rhltable, &inode,
642 			       nfsd_file_rhash_params);
643 	rhl_for_each_entry_rcu(nf, tmp, list, nf_rlist) {
644 		if (!test_bit(NFSD_FILE_GC, &nf->nf_flags))
645 			continue;
646 		nfsd_file_cond_queue(nf, dispose);
647 	}
648 	rcu_read_unlock();
649 }
650 
651 /**
652  * nfsd_file_close_inode - attempt a delayed close of a nfsd_file
653  * @inode: inode of the file to attempt to remove
654  *
655  * Close out any open nfsd_files that can be reaped for @inode. The
656  * actual freeing is deferred to the dispose_list_delayed infrastructure.
657  *
658  * This is used by the fsnotify callbacks and setlease notifier.
659  */
660 static void
nfsd_file_close_inode(struct inode * inode)661 nfsd_file_close_inode(struct inode *inode)
662 {
663 	LIST_HEAD(dispose);
664 
665 	nfsd_file_queue_for_close(inode, &dispose);
666 	nfsd_file_dispose_list_delayed(&dispose);
667 }
668 
669 /**
670  * nfsd_file_close_inode_sync - attempt to forcibly close a nfsd_file
671  * @inode: inode of the file to attempt to remove
672  *
673  * Close out any open nfsd_files that can be reaped for @inode. The
674  * nfsd_files are closed out synchronously.
675  *
676  * This is called from nfsd_rename and nfsd_unlink to avoid silly-renames
677  * when reexporting NFS.
678  */
679 void
nfsd_file_close_inode_sync(struct inode * inode)680 nfsd_file_close_inode_sync(struct inode *inode)
681 {
682 	struct nfsd_file *nf;
683 	LIST_HEAD(dispose);
684 
685 	trace_nfsd_file_close(inode);
686 
687 	nfsd_file_queue_for_close(inode, &dispose);
688 	while (!list_empty(&dispose)) {
689 		nf = list_first_entry(&dispose, struct nfsd_file, nf_gc);
690 		list_del_init(&nf->nf_gc);
691 		nfsd_file_free(nf);
692 	}
693 }
694 
695 static int
nfsd_file_lease_notifier_call(struct notifier_block * nb,unsigned long arg,void * data)696 nfsd_file_lease_notifier_call(struct notifier_block *nb, unsigned long arg,
697 			    void *data)
698 {
699 	struct file_lease *fl = data;
700 
701 	/* Only close files for F_SETLEASE leases */
702 	if (fl->c.flc_flags & FL_LEASE)
703 		nfsd_file_close_inode(file_inode(fl->c.flc_file));
704 	return 0;
705 }
706 
707 static struct notifier_block nfsd_file_lease_notifier = {
708 	.notifier_call = nfsd_file_lease_notifier_call,
709 };
710 
711 static int
nfsd_file_fsnotify_handle_event(struct fsnotify_mark * mark,u32 mask,struct inode * inode,struct inode * dir,const struct qstr * name,u32 cookie)712 nfsd_file_fsnotify_handle_event(struct fsnotify_mark *mark, u32 mask,
713 				struct inode *inode, struct inode *dir,
714 				const struct qstr *name, u32 cookie)
715 {
716 	if (WARN_ON_ONCE(!inode))
717 		return 0;
718 
719 	trace_nfsd_file_fsnotify_handle_event(inode, mask);
720 
721 	/* Should be no marks on non-regular files */
722 	if (!S_ISREG(inode->i_mode)) {
723 		WARN_ON_ONCE(1);
724 		return 0;
725 	}
726 
727 	/* don't close files if this was not the last link */
728 	if (mask & FS_ATTRIB) {
729 		if (inode->i_nlink)
730 			return 0;
731 	}
732 
733 	nfsd_file_close_inode(inode);
734 	return 0;
735 }
736 
737 
738 static const struct fsnotify_ops nfsd_file_fsnotify_ops = {
739 	.handle_inode_event = nfsd_file_fsnotify_handle_event,
740 	.free_mark = nfsd_file_mark_free,
741 };
742 
743 int
nfsd_file_cache_init(void)744 nfsd_file_cache_init(void)
745 {
746 	int ret;
747 
748 	lockdep_assert_held(&nfsd_mutex);
749 	if (test_and_set_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags) == 1)
750 		return 0;
751 
752 	ret = rhltable_init(&nfsd_file_rhltable, &nfsd_file_rhash_params);
753 	if (ret)
754 		goto out;
755 
756 	ret = -ENOMEM;
757 	nfsd_file_slab = KMEM_CACHE(nfsd_file, 0);
758 	if (!nfsd_file_slab) {
759 		pr_err("nfsd: unable to create nfsd_file_slab\n");
760 		goto out_err;
761 	}
762 
763 	nfsd_file_mark_slab = KMEM_CACHE(nfsd_file_mark, 0);
764 	if (!nfsd_file_mark_slab) {
765 		pr_err("nfsd: unable to create nfsd_file_mark_slab\n");
766 		goto out_err;
767 	}
768 
769 	ret = list_lru_init(&nfsd_file_lru);
770 	if (ret) {
771 		pr_err("nfsd: failed to init nfsd_file_lru: %d\n", ret);
772 		goto out_err;
773 	}
774 
775 	nfsd_file_shrinker = shrinker_alloc(0, "nfsd-filecache");
776 	if (!nfsd_file_shrinker) {
777 		ret = -ENOMEM;
778 		pr_err("nfsd: failed to allocate nfsd_file_shrinker\n");
779 		goto out_lru;
780 	}
781 
782 	nfsd_file_shrinker->count_objects = nfsd_file_lru_count;
783 	nfsd_file_shrinker->scan_objects = nfsd_file_lru_scan;
784 	nfsd_file_shrinker->seeks = 1;
785 
786 	shrinker_register(nfsd_file_shrinker);
787 
788 	ret = lease_register_notifier(&nfsd_file_lease_notifier);
789 	if (ret) {
790 		pr_err("nfsd: unable to register lease notifier: %d\n", ret);
791 		goto out_shrinker;
792 	}
793 
794 	nfsd_file_fsnotify_group = fsnotify_alloc_group(&nfsd_file_fsnotify_ops,
795 							0);
796 	if (IS_ERR(nfsd_file_fsnotify_group)) {
797 		pr_err("nfsd: unable to create fsnotify group: %ld\n",
798 			PTR_ERR(nfsd_file_fsnotify_group));
799 		ret = PTR_ERR(nfsd_file_fsnotify_group);
800 		nfsd_file_fsnotify_group = NULL;
801 		goto out_notifier;
802 	}
803 
804 	INIT_DELAYED_WORK(&nfsd_filecache_laundrette, nfsd_file_gc_worker);
805 out:
806 	if (ret)
807 		clear_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags);
808 	return ret;
809 out_notifier:
810 	lease_unregister_notifier(&nfsd_file_lease_notifier);
811 out_shrinker:
812 	shrinker_free(nfsd_file_shrinker);
813 out_lru:
814 	list_lru_destroy(&nfsd_file_lru);
815 out_err:
816 	kmem_cache_destroy(nfsd_file_slab);
817 	nfsd_file_slab = NULL;
818 	kmem_cache_destroy(nfsd_file_mark_slab);
819 	nfsd_file_mark_slab = NULL;
820 	rhltable_destroy(&nfsd_file_rhltable);
821 	goto out;
822 }
823 
824 /**
825  * __nfsd_file_cache_purge: clean out the cache for shutdown
826  * @net: net-namespace to shut down the cache (may be NULL)
827  *
828  * Walk the nfsd_file cache and close out any that match @net. If @net is NULL,
829  * then close out everything. Called when an nfsd instance is being shut down,
830  * and when the exports table is flushed.
831  */
832 static void
__nfsd_file_cache_purge(struct net * net)833 __nfsd_file_cache_purge(struct net *net)
834 {
835 	struct rhashtable_iter iter;
836 	struct nfsd_file *nf;
837 	LIST_HEAD(dispose);
838 
839 	rhltable_walk_enter(&nfsd_file_rhltable, &iter);
840 	do {
841 		rhashtable_walk_start(&iter);
842 
843 		nf = rhashtable_walk_next(&iter);
844 		while (!IS_ERR_OR_NULL(nf)) {
845 			if (!net || nf->nf_net == net)
846 				nfsd_file_cond_queue(nf, &dispose);
847 			nf = rhashtable_walk_next(&iter);
848 		}
849 
850 		rhashtable_walk_stop(&iter);
851 	} while (nf == ERR_PTR(-EAGAIN));
852 	rhashtable_walk_exit(&iter);
853 
854 	nfsd_file_dispose_list(&dispose);
855 }
856 
857 static struct nfsd_fcache_disposal *
nfsd_alloc_fcache_disposal(void)858 nfsd_alloc_fcache_disposal(void)
859 {
860 	struct nfsd_fcache_disposal *l;
861 
862 	l = kmalloc(sizeof(*l), GFP_KERNEL);
863 	if (!l)
864 		return NULL;
865 	spin_lock_init(&l->lock);
866 	INIT_LIST_HEAD(&l->freeme);
867 	return l;
868 }
869 
870 static void
nfsd_free_fcache_disposal(struct nfsd_fcache_disposal * l)871 nfsd_free_fcache_disposal(struct nfsd_fcache_disposal *l)
872 {
873 	nfsd_file_dispose_list(&l->freeme);
874 	kfree(l);
875 }
876 
877 static void
nfsd_free_fcache_disposal_net(struct net * net)878 nfsd_free_fcache_disposal_net(struct net *net)
879 {
880 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
881 	struct nfsd_fcache_disposal *l = nn->fcache_disposal;
882 
883 	nfsd_free_fcache_disposal(l);
884 }
885 
886 int
nfsd_file_cache_start_net(struct net * net)887 nfsd_file_cache_start_net(struct net *net)
888 {
889 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
890 
891 	nn->fcache_disposal = nfsd_alloc_fcache_disposal();
892 	return nn->fcache_disposal ? 0 : -ENOMEM;
893 }
894 
895 /**
896  * nfsd_file_cache_purge - Remove all cache items associated with @net
897  * @net: target net namespace
898  *
899  */
900 void
nfsd_file_cache_purge(struct net * net)901 nfsd_file_cache_purge(struct net *net)
902 {
903 	lockdep_assert_held(&nfsd_mutex);
904 	if (test_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags) == 1)
905 		__nfsd_file_cache_purge(net);
906 }
907 
908 void
nfsd_file_cache_shutdown_net(struct net * net)909 nfsd_file_cache_shutdown_net(struct net *net)
910 {
911 	nfsd_file_cache_purge(net);
912 	nfsd_free_fcache_disposal_net(net);
913 }
914 
915 void
nfsd_file_cache_shutdown(void)916 nfsd_file_cache_shutdown(void)
917 {
918 	int i;
919 
920 	lockdep_assert_held(&nfsd_mutex);
921 	if (test_and_clear_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags) == 0)
922 		return;
923 
924 	lease_unregister_notifier(&nfsd_file_lease_notifier);
925 	shrinker_free(nfsd_file_shrinker);
926 	/*
927 	 * make sure all callers of nfsd_file_lru_cb are done before
928 	 * calling nfsd_file_cache_purge
929 	 */
930 	cancel_delayed_work_sync(&nfsd_filecache_laundrette);
931 	__nfsd_file_cache_purge(NULL);
932 	list_lru_destroy(&nfsd_file_lru);
933 	rcu_barrier();
934 	fsnotify_put_group(nfsd_file_fsnotify_group);
935 	nfsd_file_fsnotify_group = NULL;
936 	kmem_cache_destroy(nfsd_file_slab);
937 	nfsd_file_slab = NULL;
938 	fsnotify_wait_marks_destroyed();
939 	kmem_cache_destroy(nfsd_file_mark_slab);
940 	nfsd_file_mark_slab = NULL;
941 	rhltable_destroy(&nfsd_file_rhltable);
942 
943 	for_each_possible_cpu(i) {
944 		per_cpu(nfsd_file_cache_hits, i) = 0;
945 		per_cpu(nfsd_file_acquisitions, i) = 0;
946 		per_cpu(nfsd_file_allocations, i) = 0;
947 		per_cpu(nfsd_file_releases, i) = 0;
948 		per_cpu(nfsd_file_total_age, i) = 0;
949 		per_cpu(nfsd_file_evictions, i) = 0;
950 	}
951 }
952 
953 static struct nfsd_file *
nfsd_file_lookup_locked(const struct net * net,const struct cred * cred,struct inode * inode,unsigned char need,bool want_gc)954 nfsd_file_lookup_locked(const struct net *net, const struct cred *cred,
955 			struct inode *inode, unsigned char need,
956 			bool want_gc)
957 {
958 	struct rhlist_head *tmp, *list;
959 	struct nfsd_file *nf;
960 
961 	list = rhltable_lookup(&nfsd_file_rhltable, &inode,
962 			       nfsd_file_rhash_params);
963 	rhl_for_each_entry_rcu(nf, tmp, list, nf_rlist) {
964 		if (nf->nf_may != need)
965 			continue;
966 		if (nf->nf_net != net)
967 			continue;
968 		if (!nfsd_match_cred(nf->nf_cred, cred))
969 			continue;
970 		if (test_bit(NFSD_FILE_GC, &nf->nf_flags) != want_gc)
971 			continue;
972 		if (test_bit(NFSD_FILE_HASHED, &nf->nf_flags) == 0)
973 			continue;
974 
975 		if (!nfsd_file_get(nf))
976 			continue;
977 		return nf;
978 	}
979 	return NULL;
980 }
981 
982 /**
983  * nfsd_file_is_cached - are there any cached open files for this inode?
984  * @inode: inode to check
985  *
986  * The lookup matches inodes in all net namespaces and is atomic wrt
987  * nfsd_file_acquire().
988  *
989  * Return values:
990  *   %true: filecache contains at least one file matching this inode
991  *   %false: filecache contains no files matching this inode
992  */
993 bool
nfsd_file_is_cached(struct inode * inode)994 nfsd_file_is_cached(struct inode *inode)
995 {
996 	struct rhlist_head *tmp, *list;
997 	struct nfsd_file *nf;
998 	bool ret = false;
999 
1000 	rcu_read_lock();
1001 	list = rhltable_lookup(&nfsd_file_rhltable, &inode,
1002 			       nfsd_file_rhash_params);
1003 	rhl_for_each_entry_rcu(nf, tmp, list, nf_rlist)
1004 		if (test_bit(NFSD_FILE_GC, &nf->nf_flags)) {
1005 			ret = true;
1006 			break;
1007 		}
1008 	rcu_read_unlock();
1009 
1010 	trace_nfsd_file_is_cached(inode, (int)ret);
1011 	return ret;
1012 }
1013 
1014 static __be32
nfsd_file_do_acquire(struct svc_rqst * rqstp,struct net * net,struct svc_cred * cred,struct auth_domain * client,struct svc_fh * fhp,unsigned int may_flags,struct file * file,struct nfsd_file ** pnf,bool want_gc)1015 nfsd_file_do_acquire(struct svc_rqst *rqstp, struct net *net,
1016 		     struct svc_cred *cred,
1017 		     struct auth_domain *client,
1018 		     struct svc_fh *fhp,
1019 		     unsigned int may_flags, struct file *file,
1020 		     struct nfsd_file **pnf, bool want_gc)
1021 {
1022 	unsigned char need = may_flags & NFSD_FILE_MAY_MASK;
1023 	struct nfsd_file *new, *nf;
1024 	bool stale_retry = true;
1025 	bool open_retry = true;
1026 	struct inode *inode;
1027 	__be32 status;
1028 	int ret;
1029 
1030 retry:
1031 	if (rqstp) {
1032 		status = fh_verify(rqstp, fhp, S_IFREG,
1033 				   may_flags|NFSD_MAY_OWNER_OVERRIDE);
1034 	} else {
1035 		status = fh_verify_local(net, cred, client, fhp, S_IFREG,
1036 					 may_flags|NFSD_MAY_OWNER_OVERRIDE);
1037 	}
1038 	if (status != nfs_ok)
1039 		return status;
1040 	inode = d_inode(fhp->fh_dentry);
1041 
1042 	rcu_read_lock();
1043 	nf = nfsd_file_lookup_locked(net, current_cred(), inode, need, want_gc);
1044 	rcu_read_unlock();
1045 
1046 	if (nf) {
1047 		/*
1048 		 * If the nf is on the LRU then it holds an extra reference
1049 		 * that must be put if it's removed. It had better not be
1050 		 * the last one however, since we should hold another.
1051 		 */
1052 		if (nfsd_file_lru_remove(nf))
1053 			WARN_ON_ONCE(refcount_dec_and_test(&nf->nf_ref));
1054 		goto wait_for_construction;
1055 	}
1056 
1057 	new = nfsd_file_alloc(net, inode, need, want_gc);
1058 	if (!new) {
1059 		status = nfserr_jukebox;
1060 		goto out;
1061 	}
1062 
1063 	rcu_read_lock();
1064 	spin_lock(&inode->i_lock);
1065 	nf = nfsd_file_lookup_locked(net, current_cred(), inode, need, want_gc);
1066 	if (unlikely(nf)) {
1067 		spin_unlock(&inode->i_lock);
1068 		rcu_read_unlock();
1069 		nfsd_file_free(new);
1070 		goto wait_for_construction;
1071 	}
1072 	nf = new;
1073 	ret = rhltable_insert(&nfsd_file_rhltable, &nf->nf_rlist,
1074 			      nfsd_file_rhash_params);
1075 	spin_unlock(&inode->i_lock);
1076 	rcu_read_unlock();
1077 	if (likely(ret == 0))
1078 		goto open_file;
1079 
1080 	trace_nfsd_file_insert_err(rqstp, inode, may_flags, ret);
1081 	status = nfserr_jukebox;
1082 	goto construction_err;
1083 
1084 wait_for_construction:
1085 	wait_on_bit(&nf->nf_flags, NFSD_FILE_PENDING, TASK_UNINTERRUPTIBLE);
1086 
1087 	/* Did construction of this file fail? */
1088 	if (!test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
1089 		trace_nfsd_file_cons_err(rqstp, inode, may_flags, nf);
1090 		if (!open_retry) {
1091 			status = nfserr_jukebox;
1092 			goto construction_err;
1093 		}
1094 		nfsd_file_put(nf);
1095 		open_retry = false;
1096 		fh_put(fhp);
1097 		goto retry;
1098 	}
1099 	this_cpu_inc(nfsd_file_cache_hits);
1100 
1101 	status = nfserrno(nfsd_open_break_lease(file_inode(nf->nf_file), may_flags));
1102 	if (status != nfs_ok) {
1103 		nfsd_file_put(nf);
1104 		nf = NULL;
1105 	}
1106 
1107 out:
1108 	if (status == nfs_ok) {
1109 		this_cpu_inc(nfsd_file_acquisitions);
1110 		nfsd_file_check_write_error(nf);
1111 		*pnf = nf;
1112 	}
1113 	trace_nfsd_file_acquire(rqstp, inode, may_flags, nf, status);
1114 	return status;
1115 
1116 open_file:
1117 	trace_nfsd_file_alloc(nf);
1118 	nf->nf_mark = nfsd_file_mark_find_or_create(inode);
1119 	if (nf->nf_mark) {
1120 		if (file) {
1121 			get_file(file);
1122 			nf->nf_file = file;
1123 			status = nfs_ok;
1124 			trace_nfsd_file_opened(nf, status);
1125 		} else {
1126 			ret = nfsd_open_verified(rqstp, fhp, may_flags,
1127 						 &nf->nf_file);
1128 			if (ret == -EOPENSTALE && stale_retry) {
1129 				stale_retry = false;
1130 				nfsd_file_unhash(nf);
1131 				clear_and_wake_up_bit(NFSD_FILE_PENDING,
1132 						      &nf->nf_flags);
1133 				if (refcount_dec_and_test(&nf->nf_ref))
1134 					nfsd_file_free(nf);
1135 				nf = NULL;
1136 				fh_put(fhp);
1137 				goto retry;
1138 			}
1139 			status = nfserrno(ret);
1140 			trace_nfsd_file_open(nf, status);
1141 		}
1142 	} else
1143 		status = nfserr_jukebox;
1144 	/*
1145 	 * If construction failed, or we raced with a call to unlink()
1146 	 * then unhash.
1147 	 */
1148 	if (status != nfs_ok || inode->i_nlink == 0)
1149 		nfsd_file_unhash(nf);
1150 	clear_and_wake_up_bit(NFSD_FILE_PENDING, &nf->nf_flags);
1151 	if (status == nfs_ok)
1152 		goto out;
1153 
1154 construction_err:
1155 	if (refcount_dec_and_test(&nf->nf_ref))
1156 		nfsd_file_free(nf);
1157 	nf = NULL;
1158 	goto out;
1159 }
1160 
1161 /**
1162  * nfsd_file_acquire_gc - Get a struct nfsd_file with an open file
1163  * @rqstp: the RPC transaction being executed
1164  * @fhp: the NFS filehandle of the file to be opened
1165  * @may_flags: NFSD_MAY_ settings for the file
1166  * @pnf: OUT: new or found "struct nfsd_file" object
1167  *
1168  * The nfsd_file object returned by this API is reference-counted
1169  * and garbage-collected. The object is retained for a few
1170  * seconds after the final nfsd_file_put() in case the caller
1171  * wants to re-use it.
1172  *
1173  * Return values:
1174  *   %nfs_ok - @pnf points to an nfsd_file with its reference
1175  *   count boosted.
1176  *
1177  * On error, an nfsstat value in network byte order is returned.
1178  */
1179 __be32
nfsd_file_acquire_gc(struct svc_rqst * rqstp,struct svc_fh * fhp,unsigned int may_flags,struct nfsd_file ** pnf)1180 nfsd_file_acquire_gc(struct svc_rqst *rqstp, struct svc_fh *fhp,
1181 		     unsigned int may_flags, struct nfsd_file **pnf)
1182 {
1183 	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
1184 				    fhp, may_flags, NULL, pnf, true);
1185 }
1186 
1187 /**
1188  * nfsd_file_acquire - Get a struct nfsd_file with an open file
1189  * @rqstp: the RPC transaction being executed
1190  * @fhp: the NFS filehandle of the file to be opened
1191  * @may_flags: NFSD_MAY_ settings for the file
1192  * @pnf: OUT: new or found "struct nfsd_file" object
1193  *
1194  * The nfsd_file_object returned by this API is reference-counted
1195  * but not garbage-collected. The object is unhashed after the
1196  * final nfsd_file_put().
1197  *
1198  * Return values:
1199  *   %nfs_ok - @pnf points to an nfsd_file with its reference
1200  *   count boosted.
1201  *
1202  * On error, an nfsstat value in network byte order is returned.
1203  */
1204 __be32
nfsd_file_acquire(struct svc_rqst * rqstp,struct svc_fh * fhp,unsigned int may_flags,struct nfsd_file ** pnf)1205 nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
1206 		  unsigned int may_flags, struct nfsd_file **pnf)
1207 {
1208 	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
1209 				    fhp, may_flags, NULL, pnf, false);
1210 }
1211 
1212 /**
1213  * nfsd_file_acquire_local - Get a struct nfsd_file with an open file for localio
1214  * @net: The network namespace in which to perform a lookup
1215  * @cred: the user credential with which to validate access
1216  * @client: the auth_domain for LOCALIO lookup
1217  * @fhp: the NFS filehandle of the file to be opened
1218  * @may_flags: NFSD_MAY_ settings for the file
1219  * @pnf: OUT: new or found "struct nfsd_file" object
1220  *
1221  * This file lookup interface provide access to a file given the
1222  * filehandle and credential.  No connection-based authorisation
1223  * is performed and in that way it is quite different to other
1224  * file access mediated by nfsd.  It allows a kernel module such as the NFS
1225  * client to reach across network and filesystem namespaces to access
1226  * a file.  The security implications of this should be carefully
1227  * considered before use.
1228  *
1229  * The nfsd_file object returned by this API is reference-counted
1230  * and garbage-collected. The object is retained for a few
1231  * seconds after the final nfsd_file_put() in case the caller
1232  * wants to re-use it.
1233  *
1234  * Return values:
1235  *   %nfs_ok - @pnf points to an nfsd_file with its reference
1236  *   count boosted.
1237  *
1238  * On error, an nfsstat value in network byte order is returned.
1239  */
1240 __be32
nfsd_file_acquire_local(struct net * net,struct svc_cred * cred,struct auth_domain * client,struct svc_fh * fhp,unsigned int may_flags,struct nfsd_file ** pnf)1241 nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
1242 			struct auth_domain *client, struct svc_fh *fhp,
1243 			unsigned int may_flags, struct nfsd_file **pnf)
1244 {
1245 	/*
1246 	 * Save creds before calling nfsd_file_do_acquire() (which calls
1247 	 * nfsd_setuser). Important because caller (LOCALIO) is from
1248 	 * client context.
1249 	 */
1250 	const struct cred *save_cred = get_current_cred();
1251 	__be32 beres;
1252 
1253 	beres = nfsd_file_do_acquire(NULL, net, cred, client,
1254 				     fhp, may_flags, NULL, pnf, true);
1255 	revert_creds(save_cred);
1256 	return beres;
1257 }
1258 
1259 /**
1260  * nfsd_file_acquire_opened - Get a struct nfsd_file using existing open file
1261  * @rqstp: the RPC transaction being executed
1262  * @fhp: the NFS filehandle of the file just created
1263  * @may_flags: NFSD_MAY_ settings for the file
1264  * @file: cached, already-open file (may be NULL)
1265  * @pnf: OUT: new or found "struct nfsd_file" object
1266  *
1267  * Acquire a nfsd_file object that is not GC'ed. If one doesn't already exist,
1268  * and @file is non-NULL, use it to instantiate a new nfsd_file instead of
1269  * opening a new one.
1270  *
1271  * Return values:
1272  *   %nfs_ok - @pnf points to an nfsd_file with its reference
1273  *   count boosted.
1274  *
1275  * On error, an nfsstat value in network byte order is returned.
1276  */
1277 __be32
nfsd_file_acquire_opened(struct svc_rqst * rqstp,struct svc_fh * fhp,unsigned int may_flags,struct file * file,struct nfsd_file ** pnf)1278 nfsd_file_acquire_opened(struct svc_rqst *rqstp, struct svc_fh *fhp,
1279 			 unsigned int may_flags, struct file *file,
1280 			 struct nfsd_file **pnf)
1281 {
1282 	return nfsd_file_do_acquire(rqstp, SVC_NET(rqstp), NULL, NULL,
1283 				    fhp, may_flags, file, pnf, false);
1284 }
1285 
1286 /*
1287  * Note that fields may be added, removed or reordered in the future. Programs
1288  * scraping this file for info should test the labels to ensure they're
1289  * getting the correct field.
1290  */
nfsd_file_cache_stats_show(struct seq_file * m,void * v)1291 int nfsd_file_cache_stats_show(struct seq_file *m, void *v)
1292 {
1293 	unsigned long allocations = 0, releases = 0, evictions = 0;
1294 	unsigned long hits = 0, acquisitions = 0;
1295 	unsigned int i, count = 0, buckets = 0;
1296 	unsigned long lru = 0, total_age = 0;
1297 
1298 	/* Serialize with server shutdown */
1299 	mutex_lock(&nfsd_mutex);
1300 	if (test_bit(NFSD_FILE_CACHE_UP, &nfsd_file_flags) == 1) {
1301 		struct bucket_table *tbl;
1302 		struct rhashtable *ht;
1303 
1304 		lru = list_lru_count(&nfsd_file_lru);
1305 
1306 		rcu_read_lock();
1307 		ht = &nfsd_file_rhltable.ht;
1308 		count = atomic_read(&ht->nelems);
1309 		tbl = rht_dereference_rcu(ht->tbl, ht);
1310 		buckets = tbl->size;
1311 		rcu_read_unlock();
1312 	}
1313 	mutex_unlock(&nfsd_mutex);
1314 
1315 	for_each_possible_cpu(i) {
1316 		hits += per_cpu(nfsd_file_cache_hits, i);
1317 		acquisitions += per_cpu(nfsd_file_acquisitions, i);
1318 		allocations += per_cpu(nfsd_file_allocations, i);
1319 		releases += per_cpu(nfsd_file_releases, i);
1320 		total_age += per_cpu(nfsd_file_total_age, i);
1321 		evictions += per_cpu(nfsd_file_evictions, i);
1322 	}
1323 
1324 	seq_printf(m, "total inodes:  %u\n", count);
1325 	seq_printf(m, "hash buckets:  %u\n", buckets);
1326 	seq_printf(m, "lru entries:   %lu\n", lru);
1327 	seq_printf(m, "cache hits:    %lu\n", hits);
1328 	seq_printf(m, "acquisitions:  %lu\n", acquisitions);
1329 	seq_printf(m, "allocations:   %lu\n", allocations);
1330 	seq_printf(m, "releases:      %lu\n", releases);
1331 	seq_printf(m, "evictions:     %lu\n", evictions);
1332 	if (releases)
1333 		seq_printf(m, "mean age (ms): %ld\n", total_age / releases);
1334 	else
1335 		seq_printf(m, "mean age (ms): -\n");
1336 	return 0;
1337 }
1338