projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'pci-v6.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
[linux-block.git] / fs / nfsd / nfsfh.c
CommitLineData
b2441318 1// SPDX-License-Identifier: GPL-2.0
1da177e4 2/*
1da177e4
LT		 3 * NFS server file handle treatment.
4 *
5 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
6 * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org>
7 * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999
8 * ... and again Southern-Winter 2001 to support export_operations
9 */
10
a5694255 11#include <linux/exportfs.h>
1da177e4 12
32c1eb0c 13#include <linux/sunrpc/svcauth_gss.h>
9a74af21 14#include "nfsd.h"
0a3adade 15#include "vfs.h"
2e8138a2 16#include "auth.h"
f01274a9 17#include "trace.h"
1da177e4
LT		 18
19#define NFSDDBG_FACILITY NFSDDBG_FH
1da177e4
LT		 20
21
1da177e4
LT		 22/*
23 * our acceptability function.
24 * if NOSUBTREECHECK, accept anything
25 * if not, require that we can walk up to exp->ex_dentry
26 * doing some checks on the 'x' bits
27 */
28static int nfsd_acceptable(void *expv, struct dentry *dentry)
29{
30 struct svc_export *exp = expv;
31 int rv;
32 struct dentry *tdentry;
33 struct dentry *parent;
34
35 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
36 return 1;
37
38 tdentry = dget(dentry);
54775491 39 while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) {
1da177e4
LT		 40 /* make sure parents give x permission to user */
41 int err;
42 parent = dget_parent(tdentry);
4609e1f1 43 err = inode_permission(&nop_mnt_idmap,
47291baa 44 d_inode(parent), MAY_EXEC);
1da177e4
LT		 45 if (err < 0) {
46 dput(parent);
47 break;
48 }
49 dput(tdentry);
50 tdentry = parent;
51 }
54775491 52 if (tdentry != exp->ex_path.dentry)
97e47fa1 53 dprintk("nfsd_acceptable failed at %p %pd\n", tdentry, tdentry);
54775491 54 rv = (tdentry == exp->ex_path.dentry);
1da177e4
LT		 55 dput(tdentry);
56 return rv;
57}
58
59/* Type check. The correct error return for type mismatches does not seem to be
60 * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a
61 * comment in the NFSv3 spec says this is incorrect (implementation notes for
62 * the write call).
63 */
83b11340 64static inline __be32
438f81e0 65nfsd_mode_check(struct dentry *dentry, umode_t requested)
1da177e4 66{
e75b23f9 67 umode_t mode = d_inode(dentry)->i_mode & S_IFMT;
e10f9e14
BF		 68
69 if (requested == 0) /* the caller doesn't care */
70 return nfs_ok;
e75b23f9
BF		 71 if (mode == requested) {
72 if (mode == S_IFDIR && !d_can_lookup(dentry)) {
73 WARN_ON_ONCE(1);
74 return nfserr_notdir;
75 }
e10f9e14 76 return nfs_ok;
e75b23f9 77 }
438f81e0
N		 78 if (mode == S_IFLNK) {
79 if (requested == S_IFDIR)
80 return nfserr_symlink_not_dir;
e10f9e14 81 return nfserr_symlink;
438f81e0 82 }
e10f9e14
BF		 83 if (requested == S_IFDIR)
84 return nfserr_notdir;
85 if (mode == S_IFDIR)
86 return nfserr_isdir;
438f81e0 87 return nfserr_wrong_type;
1da177e4
LT		 88}
89
b0d87dbd
N		 90static bool nfsd_originating_port_ok(struct svc_rqst *rqstp,
91 struct svc_cred *cred,
92 struct svc_export *exp)
9d7ed135 93{
b0d87dbd 94 if (nfsexp_flags(cred, exp) & NFSEXP_INSECURE_PORT)
9d7ed135
BF		 95 return true;
96 /* We don't require gss requests to use low ports: */
b0d87dbd 97 if (cred->cr_flavor >= RPC_AUTH_GSS)
9d7ed135
BF		 98 return true;
99 return test_bit(RQ_SECURE, &rqstp->rq_flags);
100}
101
6fa02839 102static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
b0d87dbd 103 struct svc_cred *cred,
6fa02839
BF		 104 struct svc_export *exp)
105{
106 /* Check if the request originated from a secure port. */
b0d87dbd 107 if (rqstp && !nfsd_originating_port_ok(rqstp, cred, exp)) {
5216a8e7 108 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
a48fd0f9
KM		 109 dprintk("nfsd: request from insecure port %s!\n",
110 svc_print_addr(rqstp, buf, sizeof(buf)));
6fa02839
BF		 111 return nfserr_perm;
112 }
113
114 /* Set user creds for this exportpoint */
b0d87dbd 115 return nfserrno(nfsd_setuser(cred, exp));
6fa02839
BF		 116}
117
ef7f6c49
N		 118static inline __be32 check_pseudo_root(struct dentry *dentry,
119 struct svc_export *exp)
03a816b4
SD		 120{
121 if (!(exp->ex_flags & NFSEXP_V4ROOT))
122 return nfs_ok;
03a816b4
SD		 123 /*
124 * We're exposing only the directories and symlinks that have to be
125 * traversed on the way to real exports:
126 */
e36cb0b8
DH		 127 if (unlikely(!d_is_dir(dentry) &&
128 !d_is_symlink(dentry)))
03a816b4
SD		 129 return nfserr_stale;
130 /*
131 * A pseudoroot export gives permission to access only one
132 * single directory; the kernel has to make another upcall
133 * before granting access to anything else under it:
134 */
135 if (unlikely(dentry != exp->ex_path.dentry))
136 return nfserr_stale;
137 return nfs_ok;
138}
139
03550fac
BF		 140/*
141 * Use the given filehandle to look up the corresponding export and
142 * dentry. On success, the results are used to set fh_export and
143 * fh_dentry.
144 */
5e66d2d9
N		 145static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
146 struct svc_cred *cred,
147 struct auth_domain *client,
148 struct auth_domain *gssclient,
149 struct svc_fh *fhp)
03550fac
BF		 150{
151 struct knfsd_fh *fh = &fhp->fh_handle;
c645a883 152 struct fid *fid = NULL;
03550fac
BF		 153 struct svc_export *exp;
154 struct dentry *dentry;
155 int fileid_type;
156 int data_left = fh->fh_size/4;
c645a883 157 int len;
03550fac
BF		 158 __be32 error;
159
1459ad57
N		 160 error = nfserr_badhandle;
161 if (fh->fh_size == 0)
03550fac
BF		 162 return nfserr_nofilehandle;
163
c645a883
N		 164 if (fh->fh_version != 1)
165 return error;
166
167 if (--data_left < 0)
168 return error;
169 if (fh->fh_auth_type != 0)
170 return error;
171 len = key_len(fh->fh_fsid_type) / 4;
172 if (len == 0)
173 return error;
174 if (fh->fh_fsid_type == FSID_MAJOR_MINOR) {
175 /* deprecated, convert to type 3 */
176 len = key_len(FSID_ENCODE_DEV)/4;
177 fh->fh_fsid_type = FSID_ENCODE_DEV;
178 /*
179 * struct knfsd_fh uses host-endian fields, which are
180 * sometimes used to hold net-endian values. This
181 * confuses sparse, so we must use __force here to
182 * keep it from complaining.
183 */
184 fh->fh_fsid[0] = new_encode_dev(MKDEV(ntohl((__force __be32)fh->fh_fsid[0]),
185 ntohl((__force __be32)fh->fh_fsid[1])));
186 fh->fh_fsid[1] = fh->fh_fsid[2];
03550fac 187 }
c645a883
N		 188 data_left -= len;
189 if (data_left < 0)
190 return error;
5e66d2d9
N		 191 exp = rqst_exp_find(rqstp ? &rqstp->rq_chandle : NULL,
192 net, client, gssclient,
c55aeef7 193 fh->fh_fsid_type, fh->fh_fsid);
c645a883 194 fid = (struct fid *)(fh->fh_fsid + len);
03550fac
BF		 195
196 error = nfserr_stale;
f01274a9
TM		 197 if (IS_ERR(exp)) {
198 trace_nfsd_set_fh_dentry_badexport(rqstp, fhp, PTR_ERR(exp));
199
200 if (PTR_ERR(exp) == -ENOENT)
201 return error;
03550fac 202
03550fac 203 return nfserrno(PTR_ERR(exp));
f01274a9 204 }
03550fac 205
496d6c32
NB		 206 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
207 /* Elevate privileges so that the lack of 'r' or 'x'
208 * permission on some parent directory will
209 * not stop exportfs_decode_fh from being able
210 * to reconnect a directory into the dentry cache.
211 * The same problem can affect "SUBTREECHECK" exports,
212 * but as nfsd_acceptable depends on correct
213 * access control settings being in effect, we cannot
214 * fix that case easily.
215 */
d84f4f99 216 struct cred *new = prepare_creds();
027bc41a
KM		 217 if (!new) {
218 error = nfserrno(-ENOMEM);
219 goto out;
220 }
d84f4f99
DH		 221 new->cap_effective =
222 cap_raise_nfsd_set(new->cap_effective,
223 new->cap_permitted);
81be9a8a 224 put_cred(override_creds(new));
496d6c32 225 } else {
5e66d2d9 226 error = nfsd_setuser_and_check_port(rqstp, cred, exp);
496d6c32
NB		 227 if (error)
228 goto out;
229 }
03550fac
BF		 230
231 /*
232 * Look up the dentry using the NFS file handle.
233 */
1459ad57 234 error = nfserr_badhandle;
03550fac 235
c645a883 236 fileid_type = fh->fh_fileid_type;
03550fac
BF		 237
238 if (fileid_type == FILEID_ROOT)
239 dentry = dget(exp->ex_path.dentry);
240 else {
2e19d10c 241 dentry = exportfs_decode_fh_raw(exp->ex_path.mnt, fid,
620c266f 242 data_left, fileid_type, 0,
2e19d10c
TM		 243 nfsd_acceptable, exp);
244 if (IS_ERR_OR_NULL(dentry)) {
f01274a9
TM		 245 trace_nfsd_set_fh_dentry_badhandle(rqstp, fhp,
246 dentry ? PTR_ERR(dentry) : -ESTALE);
2e19d10c
TM		 247 switch (PTR_ERR(dentry)) {
248 case -ENOMEM:
249 case -ETIMEDOUT:
250 break;
251 default:
252 dentry = ERR_PTR(-ESTALE);
253 }
254 }
03550fac
BF		 255 }
256 if (dentry == NULL)
257 goto out;
258 if (IS_ERR(dentry)) {
259 if (PTR_ERR(dentry) != -EINVAL)
260 error = nfserrno(PTR_ERR(dentry));
261 goto out;
262 }
263
e36cb0b8 264 if (d_is_dir(dentry) &&
03550fac 265 (dentry->d_flags & DCACHE_DISCONNECTED)) {
97e47fa1
AV		 266 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %pd2\n",
267 dentry);
03550fac
BF		 268 }
269
270 fhp->fh_dentry = dentry;
271 fhp->fh_export = exp;
daab110e 272
7c0b07b4
CL		 273 switch (fhp->fh_maxsize) {
274 case NFS4_FHSIZE:
716a8bc7
TM		 275 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR)
276 fhp->fh_no_atomic_attr = true;
c689bdd3 277 fhp->fh_64bit_cookies = true;
716a8bc7 278 break;
7c0b07b4 279 case NFS3_FHSIZE:
daab110e
JL		 280 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOWCC)
281 fhp->fh_no_wcc = true;
c689bdd3 282 fhp->fh_64bit_cookies = true;
ef7f6c49
N		 283 if (exp->ex_flags & NFSEXP_V4ROOT)
284 goto out;
daab110e 285 break;
7c0b07b4 286 case NFS_FHSIZE:
daab110e 287 fhp->fh_no_wcc = true;
c689bdd3
N		 288 if (EX_WGATHER(exp))
289 fhp->fh_use_wgather = true;
ef7f6c49
N		 290 if (exp->ex_flags & NFSEXP_V4ROOT)
291 goto out;
daab110e
JL		 292 }
293
03550fac
BF		 294 return 0;
295out:
296 exp_put(exp);
297 return error;
298}
299
b3d47676 300/**
5e66d2d9
N		 301 * __fh_verify - filehandle lookup and access checking
302 * @rqstp: RPC transaction context, or NULL
303 * @net: net namespace in which to perform the export lookup
304 * @cred: RPC user credential
305 * @client: RPC auth domain
306 * @gssclient: RPC GSS auth domain, or NULL
b3d47676
BF		 307 * @fhp: filehandle to be verified
308 * @type: expected type of object pointed to by filehandle
309 * @access: type of access needed to object
310 *
5e66d2d9 311 * See fh_verify() for further descriptions of @fhp, @type, and @access.
1da177e4 312 */
5e66d2d9
N		 313static __be32
314__fh_verify(struct svc_rqst *rqstp,
315 struct net *net, struct svc_cred *cred,
316 struct auth_domain *client,
317 struct auth_domain *gssclient,
318 struct svc_fh *fhp, umode_t type, int access)
1da177e4 319{
5e66d2d9 320 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
20ad856e 321 struct svc_export *exp = NULL;
bb4f07f2 322 bool may_bypass_gss = false;
1da177e4 323 struct dentry *dentry;
03550fac 324 __be32 error;
1da177e4 325
1da177e4 326 if (!fhp->fh_dentry) {
5e66d2d9
N		 327 error = nfsd_set_fh_dentry(rqstp, net, cred, client,
328 gssclient, fhp);
d1bbf14f
N		 329 if (error)
330 goto out;
1da177e4 331 }
864f0f61
BF		 332 dentry = fhp->fh_dentry;
333 exp = fhp->fh_export;
05138288
CL		 334
335 trace_nfsd_fh_verify(rqstp, fhp, type, access);
336
864f0f61
BF		 337 /*
338 * We still have to do all these permission checks, even when
339 * fh_dentry is already set:
340 * - fh_verify may be called multiple times with different
341 * "access" arguments (e.g. nfsd_proc_create calls
342 * fh_verify(...,NFSD_MAY_EXEC) first, then later (in
343 * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE).
344 * - in the NFSv4 case, the filehandle may have been filled
345 * in by fh_compose, and given a dentry, but further
346 * compound operations performed with that filehandle
347 * still need permissions checks. In the worst case, a
348 * mountpoint crossing may have changed the export
349 * options, and we may now need to use a different uid
350 * (for example, if different id-squashing options are in
351 * effect on the new filesystem).
352 */
ef7f6c49 353 error = check_pseudo_root(dentry, exp);
03a816b4
SD		 354 if (error)
355 goto out;
356
5e66d2d9 357 error = nfsd_setuser_and_check_port(rqstp, cred, exp);
864f0f61
BF		 358 if (error)
359 goto out;
7fc90ec9 360
438f81e0 361 error = nfsd_mode_check(dentry, type);
1da177e4
LT		 362 if (error)
363 goto out;
364
4cc9b9f2
N		 365 if ((access & NFSD_MAY_NLM) && (exp->ex_flags & NFSEXP_NOAUTHNLM))
366 /* NLM is allowed to fully bypass authentication */
367 goto out;
368
bb4f07f2
PR		 369 if (access & NFSD_MAY_BYPASS_GSS)
370 may_bypass_gss = true;
04716e66
BF		 371 /*
372 * Clients may expect to be able to use auth_sys during mount,
373 * even if they use gss for everything else; see section 2.3.2
374 * of rfc 2623.
375 */
376 if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT
377 && exp->ex_path.dentry == dentry)
bb4f07f2 378 may_bypass_gss = true;
04716e66 379
bb4f07f2 380 error = check_nfsd_access(exp, rqstp, may_bypass_gss);
04716e66
BF		 381 if (error)
382 goto out;
d9d6b74e
OK		 383 /* During LOCALIO call to fh_verify will be called with a NULL rqstp */
384 if (rqstp)
385 svc_xprt_set_valid(rqstp->rq_xprt);
eccbbc7c 386
1da177e4 387 /* Finally, check access permissions. */
5e66d2d9 388 error = nfsd_permission(cred, exp, dentry, access);
1da177e4 389out:
93c128e7 390 trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error);
1da177e4 391 if (error == nfserr_stale)
4b148854 392 nfsd_stats_fh_stale_inc(nn, exp);
1da177e4
LT		 393 return error;
394}
395
c63f0e48
N		 396/**
397 * fh_verify_local - filehandle lookup and access checking
398 * @net: net namespace in which to perform the export lookup
399 * @cred: RPC user credential
400 * @client: RPC auth domain
401 * @fhp: filehandle to be verified
402 * @type: expected type of object pointed to by filehandle
403 * @access: type of access needed to object
404 *
405 * This API can be used by callers who do not have an RPC
406 * transaction context (ie are not running in an nfsd thread).
407 *
408 * See fh_verify() for further descriptions of @fhp, @type, and @access.
409 */
410__be32
411fh_verify_local(struct net *net, struct svc_cred *cred,
412 struct auth_domain *client, struct svc_fh *fhp,
413 umode_t type, int access)
414{
415 return __fh_verify(NULL, net, cred, client, NULL,
416 fhp, type, access);
417}
418
5e66d2d9
N		 419/**
420 * fh_verify - filehandle lookup and access checking
421 * @rqstp: pointer to current rpc request
422 * @fhp: filehandle to be verified
423 * @type: expected type of object pointed to by filehandle
424 * @access: type of access needed to object
425 *
426 * Look up a dentry from the on-the-wire filehandle, check the client's
427 * access to the export, and set the current task's credentials.
428 *
429 * Regardless of success or failure of fh_verify(), fh_put() should be
430 * called on @fhp when the caller is finished with the filehandle.
431 *
432 * fh_verify() may be called multiple times on a given filehandle, for
433 * example, when processing an NFSv4 compound. The first call will look
434 * up a dentry using the on-the-wire filehandle. Subsequent calls will
435 * skip the lookup and just perform the other checks and possibly change
436 * the current task's credentials.
437 *
438 * @type specifies the type of object expected using one of the S_IF*
439 * constants defined in include/linux/stat.h. The caller may use zero
440 * to indicate that it doesn't care, or a negative integer to indicate
441 * that it expects something not of the given type.
442 *
443 * @access is formed from the NFSD_MAY_* constants defined in
444 * fs/nfsd/vfs.h.
445 */
446__be32
447fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
448{
449 return __fh_verify(rqstp, SVC_NET(rqstp), &rqstp->rq_cred,
450 rqstp->rq_client, rqstp->rq_gssclient,
451 fhp, type, access);
452}
1da177e4
LT		 453
454/*
455 * Compose a file handle for an NFS reply.
456 *
457 * Note that when first composed, the dentry may not yet have
458 * an inode. In this case a call to fh_update should be made
459 * before the fh goes out on the wire ...
460 */
6e91ea2b
CH		 461static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
462 struct dentry *dentry)
1da177e4 463{
54775491 464 if (dentry != exp->ex_path.dentry) {
6e91ea2b 465 struct fid *fid = (struct fid *)
5409e46f 466 (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1);
6e91ea2b 467 int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
b5287827
AG		 468 int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 :
469 EXPORT_FH_CONNECTABLE;
7cdafe6c
AG		 470 int fileid_type =
471 exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);
1da177e4 472
6e91ea2b 473 fhp->fh_handle.fh_fileid_type =
7cdafe6c 474 fileid_type > 0 ? fileid_type : FILEID_INVALID;
6e91ea2b
CH		 475 fhp->fh_handle.fh_size += maxsize * 4;
476 } else {
477 fhp->fh_handle.fh_fileid_type = FILEID_ROOT;
478 }
1da177e4
LT		 479}
480
8e498751
BF		 481static bool is_root_export(struct svc_export *exp)
482{
483 return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root;
484}
485
486static struct super_block *exp_sb(struct svc_export *exp)
487{
fc64005c 488 return exp->ex_path.dentry->d_sb;
8e498751
BF		 489}
490
491static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp)
492{
493 switch (fsid_type) {
494 case FSID_DEV:
495 if (!old_valid_dev(exp_sb(exp)->s_dev))
a677a783 496 return false;
df561f66 497 fallthrough;
8e498751
BF		 498 case FSID_MAJOR_MINOR:
499 case FSID_ENCODE_DEV:
500 return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV;
501 case FSID_NUM:
502 return exp->ex_flags & NFSEXP_FSID;
503 case FSID_UUID8:
504 case FSID_UUID16:
505 if (!is_root_export(exp))
a677a783 506 return false;
df561f66 507 fallthrough;
8e498751
BF		 508 case FSID_UUID4_INUM:
509 case FSID_UUID16_INUM:
510 return exp->ex_uuid != NULL;
511 }
a677a783 512 return true;
8e498751
BF		 513}
514
1da177e4 515
bc6c53d5
BF		 516static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh)
517{
b41eeef1 518 u8 version;
bc6c53d5
BF		 519 u8 fsid_type;
520retry:
b41eeef1 521 version = 1;
7e405364 522 if (ref_fh && ref_fh->fh_export == exp) {
982aedfd 523 version = ref_fh->fh_handle.fh_version;
b41eeef1
N		 524 fsid_type = ref_fh->fh_handle.fh_fsid_type;
525
b41eeef1
N		 526 ref_fh = NULL;
527
528 switch (version) {
529 case 0xca:
af6a4e28 530 fsid_type = FSID_DEV;
b41eeef1
N		 531 break;
532 case 1:
533 break;
534 default:
535 goto retry;
536 }
537
8e498751
BF		 538 /*
539 * As the fsid -> filesystem mapping was guided by
540 * user-space, there is no guarantee that the filesystem
541 * actually supports that fsid type. If it doesn't we
542 * loop around again without ref_fh set.
982aedfd 543 */
8e498751
BF		 544 if (!fsid_type_ok_for_exp(fsid_type, exp))
545 goto retry;
30fa8c01
SD		 546 } else if (exp->ex_flags & NFSEXP_FSID) {
547 fsid_type = FSID_NUM;
af6a4e28
N		 548 } else if (exp->ex_uuid) {
549 if (fhp->fh_maxsize >= 64) {
8e498751 550 if (is_root_export(exp))
af6a4e28
N		 551 fsid_type = FSID_UUID16;
552 else
553 fsid_type = FSID_UUID16_INUM;
554 } else {
8e498751 555 if (is_root_export(exp))
af6a4e28
N		 556 fsid_type = FSID_UUID8;
557 else
558 fsid_type = FSID_UUID4_INUM;
559 }
bc6c53d5 560 } else if (!old_valid_dev(exp_sb(exp)->s_dev))
1da177e4 561 /* for newer device numbers, we must use a newer fsid format */
af6a4e28 562 fsid_type = FSID_ENCODE_DEV;
982aedfd 563 else
af6a4e28 564 fsid_type = FSID_DEV;
bc6c53d5
BF		 565 fhp->fh_handle.fh_version = version;
566 if (version)
567 fhp->fh_handle.fh_fsid_type = fsid_type;
568}
569
570__be32
571fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
572 struct svc_fh *ref_fh)
573{
574 /* ref_fh is a reference file handle.
575 * if it is non-null and for the same filesystem, then we should compose
576 * a filehandle which is of the same version, where possible.
bc6c53d5
BF		 577 */
578
2b0143b5 579 struct inode * inode = d_inode(dentry);
bc6c53d5
BF		 580 dev_t ex_dev = exp_sb(exp)->s_dev;
581
97e47fa1 582 dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
bc6c53d5 583 MAJOR(ex_dev), MINOR(ex_dev),
2b0143b5 584 (long) d_inode(exp->ex_path.dentry)->i_ino,
97e47fa1 585 dentry,
bc6c53d5
BF		 586 (inode ? inode->i_ino : 0));
587
588 /* Choose filehandle version and fsid type based on
589 * the reference filehandle (if it is in the same export)
590 * or the export options.
591 */
d28c442f 592 set_version_and_fsid_type(fhp, exp, ref_fh);
1da177e4 593
daab110e
JL		 594 /* If we have a ref_fh, then copy the fh_no_wcc setting from it. */
595 fhp->fh_no_wcc = ref_fh ? ref_fh->fh_no_wcc : false;
596
1da177e4
LT		 597 if (ref_fh == fhp)
598 fh_put(ref_fh);
599
dd8dd403 600 if (fhp->fh_dentry) {
97e47fa1
AV		 601 printk(KERN_ERR "fh_compose: fh %pd2 not initialized!\n",
602 dentry);
1da177e4
LT		 603 }
604 if (fhp->fh_maxsize < NFS_FHSIZE)
97e47fa1 605 printk(KERN_ERR "fh_compose: called with maxsize %d! %pd2\n",
982aedfd 606 fhp->fh_maxsize,
97e47fa1 607 dentry);
1da177e4
LT		 608
609 fhp->fh_dentry = dget(dentry); /* our internal copy */
bf18f163 610 fhp->fh_export = exp_get(exp);
1da177e4 611
c645a883
N		 612 fhp->fh_handle.fh_size =
613 key_len(fhp->fh_handle.fh_fsid_type) + 4;
614 fhp->fh_handle.fh_auth_type = 0;
615
616 mk_fsid(fhp->fh_handle.fh_fsid_type,
617 fhp->fh_handle.fh_fsid,
618 ex_dev,
619 d_inode(exp->ex_path.dentry)->i_ino,
620 exp->ex_fsid, exp->ex_uuid);
621
622 if (inode)
623 _fh_update(fhp, exp, dentry);
624 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {
625 fh_put(fhp);
e221c45d 626 return nfserr_stale;
1da177e4
LT		 627 }
628
1da177e4
LT		 629 return 0;
630}
631
632/*
633 * Update file handle information after changing a dentry.
634 * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create
635 */
83b11340 636__be32
1da177e4
LT		 637fh_update(struct svc_fh *fhp)
638{
639 struct dentry *dentry;
982aedfd 640
1da177e4
LT		 641 if (!fhp->fh_dentry)
642 goto out_bad;
643
644 dentry = fhp->fh_dentry;
2b0143b5 645 if (d_really_is_negative(dentry))
1da177e4 646 goto out_negative;
c645a883
N		 647 if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT)
648 return 0;
6e91ea2b 649
c645a883
N		 650 _fh_update(fhp, fhp->fh_export, dentry);
651 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID)
e221c45d 652 return nfserr_stale;
1da177e4 653 return 0;
1da177e4
LT		 654out_bad:
655 printk(KERN_ERR "fh_update: fh not verified!\n");
49e73720 656 return nfserr_serverfault;
1da177e4 657out_negative:
97e47fa1
AV		 658 printk(KERN_ERR "fh_update: %pd2 still negative!\n",
659 dentry);
49e73720 660 return nfserr_serverfault;
1da177e4
LT		 661}
662
fcb5e3fa
CL		 663/**
664 * fh_fill_pre_attrs - Fill in pre-op attributes
665 * @fhp: file handle to be updated
666 *
667 */
a332018a 668__be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp)
fcb5e3fa
CL		 669{
670 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
fcb5e3fa
CL		 671 struct kstat stat;
672 __be32 err;
673
674 if (fhp->fh_no_wcc || fhp->fh_pre_saved)
a332018a 675 return nfs_ok;
fcb5e3fa 676
fcb5e3fa 677 err = fh_getattr(fhp, &stat);
518f375c 678 if (err)
a332018a 679 return err;
518f375c 680
fcb5e3fa 681 if (v4)
f67eef8d 682 fhp->fh_pre_change = nfsd4_change_attribute(&stat);
fcb5e3fa
CL		 683
684 fhp->fh_pre_mtime = stat.mtime;
685 fhp->fh_pre_ctime = stat.ctime;
686 fhp->fh_pre_size = stat.size;
687 fhp->fh_pre_saved = true;
a332018a 688 return nfs_ok;
fcb5e3fa
CL		 689}
690
691/**
692 * fh_fill_post_attrs - Fill in post-op attributes
693 * @fhp: file handle to be updated
694 *
695 */
a332018a 696__be32 fh_fill_post_attrs(struct svc_fh *fhp)
fcb5e3fa
CL		 697{
698 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
fcb5e3fa
CL		 699 __be32 err;
700
701 if (fhp->fh_no_wcc)
a332018a 702 return nfs_ok;
fcb5e3fa
CL		 703
704 if (fhp->fh_post_saved)
705 printk("nfsd: inode locked twice during operation.\n");
706
707 err = fh_getattr(fhp, &fhp->fh_post_attr);
518f375c 708 if (err)
a332018a 709 return err;
518f375c
JL		 710
711 fhp->fh_post_saved = true;
fcb5e3fa
CL		 712 if (v4)
713 fhp->fh_post_change =
f67eef8d 714 nfsd4_change_attribute(&fhp->fh_post_attr);
a332018a 715 return nfs_ok;
fcb5e3fa
CL		 716}
717
19d008b4
N		 718/**
719 * fh_fill_both_attrs - Fill pre-op and post-op attributes
720 * @fhp: file handle to be updated
721 *
722 * This is used when the directory wasn't changed, but wcc attributes
723 * are needed anyway.
724 */
a332018a 725__be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp)
19d008b4 726{
a332018a
JL		 727 __be32 err;
728
729 err = fh_fill_post_attrs(fhp);
730 if (err)
731 return err;
732
19d008b4
N		 733 fhp->fh_pre_change = fhp->fh_post_change;
734 fhp->fh_pre_mtime = fhp->fh_post_attr.mtime;
735 fhp->fh_pre_ctime = fhp->fh_post_attr.ctime;
736 fhp->fh_pre_size = fhp->fh_post_attr.size;
737 fhp->fh_pre_saved = true;
a332018a 738 return nfs_ok;
19d008b4
N		 739}
740
1da177e4
LT		 741/*
742 * Release a file handle.
743 */
744void
745fh_put(struct svc_fh *fhp)
746{
747 struct dentry * dentry = fhp->fh_dentry;
748 struct svc_export * exp = fhp->fh_export;
749 if (dentry) {
1da177e4
LT		 750 fhp->fh_dentry = NULL;
751 dput(dentry);
fcb5e3fa 752 fh_clear_pre_post_attrs(fhp);
1da177e4 753 }
4a55c101 754 fh_drop_write(fhp);
1da177e4 755 if (exp) {
a09581f2 756 exp_put(exp);
1da177e4
LT		 757 fhp->fh_export = NULL;
758 }
daab110e 759 fhp->fh_no_wcc = false;
1da177e4
LT		 760 return;
761}
762
763/*
764 * Shorthand for dprintk()'s
765 */
766char * SVCFH_fmt(struct svc_fh *fhp)
767{
768 struct knfsd_fh *fh = &fhp->fh_handle;
d8b26071 769 static char buf[2+1+1+64*3+1];
1da177e4 770
da4f777e 771 if (fh->fh_size > 64)
d8b26071
N		 772 return "bad-fh";
773 sprintf(buf, "%d: %*ph", fh->fh_size, fh->fh_size, fh->fh_raw);
1da177e4
LT		 774 return buf;
775}
af6a4e28 776
2c42f804 777enum fsid_source fsid_source(const struct svc_fh *fhp)
af6a4e28
N		 778{
779 if (fhp->fh_handle.fh_version != 1)
780 return FSIDSOURCE_DEV;
781 switch(fhp->fh_handle.fh_fsid_type) {
782 case FSID_DEV:
783 case FSID_ENCODE_DEV:
784 case FSID_MAJOR_MINOR:
8e498751 785 if (exp_sb(fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV)
b8da0d1c
NB		 786 return FSIDSOURCE_DEV;
787 break;
af6a4e28 788 case FSID_NUM:
af6a4e28
N		 789 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
790 return FSIDSOURCE_FSID;
b8da0d1c
NB		 791 break;
792 default:
793 break;
af6a4e28 794 }
b8da0d1c
NB		 795 /* either a UUID type filehandle, or the filehandle doesn't
796 * match the export.
797 */
798 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
799 return FSIDSOURCE_FSID;
800 if (fhp->fh_export->ex_uuid)
801 return FSIDSOURCE_UUID;
802 return FSIDSOURCE_DEV;
af6a4e28 803}
3139b1d7 804
f67eef8d
JL		 805/**
806 * nfsd4_change_attribute - Generate an NFSv4 change_attribute value
807 * @stat: inode attributes
808 *
809 * Caller must fill in @stat before calling, typically by invoking
810 * vfs_getattr() with STATX_MODE, STATX_CTIME, and STATX_CHANGE_COOKIE.
811 * Returns an unsigned 64-bit changeid4 value (RFC 8881 Section 3.2).
812 *
638e3e7d
JL		 813 * We could use i_version alone as the change attribute. However, i_version
814 * can go backwards on a regular file after an unclean shutdown. On its own
815 * that doesn't necessarily cause a problem, but if i_version goes backwards
816 * and then is incremented again it could reuse a value that was previously
817 * used before boot, and a client who queried the two values might incorrectly
818 * assume nothing changed.
819 *
820 * By using both ctime and the i_version counter we guarantee that as long as
821 * time doesn't go backwards we never reuse an old value. If the filesystem
822 * advertises STATX_ATTR_CHANGE_MONOTONIC, then this mitigation is not
823 * needed.
3139b1d7 824 *
638e3e7d
JL		 825 * We only need to do this for regular files as well. For directories, we
826 * assume that the new change attr is always logged to stable storage in some
827 * fashion before the results can be seen.
3139b1d7 828 */
f67eef8d 829u64 nfsd4_change_attribute(const struct kstat *stat)
3139b1d7 830{
638e3e7d
JL		 831 u64 chattr;
832
638e3e7d
JL		 833 if (stat->result_mask & STATX_CHANGE_COOKIE) {
834 chattr = stat->change_cookie;
f67eef8d 835 if (S_ISREG(stat->mode) &&
638e3e7d
JL		 836 !(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) {
837 chattr += (u64)stat->ctime.tv_sec << 30;
838 chattr += stat->ctime.tv_nsec;
839 }
840 } else {
841 chattr = time_to_chattr(&stat->ctime);
842 }
843 return chattr;
3139b1d7 844}
Linux 6.x block layer and io_uring tree(s)