Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 | 2 | /* |
1da177e4 LT |
3 | * File operations used by nfsd. Some of these have been ripped from |
4 | * other parts of the kernel because they weren't exported, others | |
5 | * are partial duplicates with added or changed functionality. | |
6 | * | |
7 | * Note that several functions dget() the dentry upon which they want | |
8 | * to act, most notably those that create directory entries. Response | |
9 | * dentry's are dput()'d if necessary in the release callback. | |
10 | * So if you notice code paths that apparently fail to dput() the | |
11 | * dentry, don't worry--they have been taken care of. | |
12 | * | |
13 | * Copyright (C) 1995-1999 Olaf Kirch <okir@monad.swb.de> | |
14 | * Zerocpy NFS support (C) 2002 Hirokazu Takahashi <taka@valinux.co.jp> | |
15 | */ | |
16 | ||
1da177e4 LT |
17 | #include <linux/fs.h> |
18 | #include <linux/file.h> | |
d6b29d7c | 19 | #include <linux/splice.h> |
95d871f0 | 20 | #include <linux/falloc.h> |
1da177e4 | 21 | #include <linux/fcntl.h> |
1da177e4 | 22 | #include <linux/namei.h> |
1da177e4 | 23 | #include <linux/delay.h> |
0eeca283 | 24 | #include <linux/fsnotify.h> |
1da177e4 | 25 | #include <linux/posix_acl_xattr.h> |
1da177e4 | 26 | #include <linux/xattr.h> |
9a74af21 BH |
27 | #include <linux/jhash.h> |
28 | #include <linux/ima.h> | |
cbcc268b | 29 | #include <linux/pagemap.h> |
5a0e3ad6 | 30 | #include <linux/slab.h> |
7c0f6ba6 | 31 | #include <linux/uaccess.h> |
f501912a BM |
32 | #include <linux/exportfs.h> |
33 | #include <linux/writeback.h> | |
18032ca0 | 34 | #include <linux/security.h> |
9a74af21 | 35 | |
9a74af21 | 36 | #include "xdr3.h" |
9a74af21 | 37 | |
5be196e5 | 38 | #ifdef CONFIG_NFSD_V4 |
ffa0160a | 39 | #include "../internal.h" |
2ca72e17 BF |
40 | #include "acl.h" |
41 | #include "idmap.h" | |
a2f4c3fa | 42 | #include "xdr4.h" |
1da177e4 LT |
43 | #endif /* CONFIG_NFSD_V4 */ |
44 | ||
9a74af21 BH |
45 | #include "nfsd.h" |
46 | #include "vfs.h" | |
b4935239 | 47 | #include "filecache.h" |
6e8b50d1 | 48 | #include "trace.h" |
1da177e4 LT |
49 | |
50 | #define NFSDDBG_FACILITY NFSDDBG_FILEOP | |
1da177e4 | 51 | |
1da177e4 LT |
52 | /* |
53 | * Called from nfsd_lookup and encode_dirent. Check if we have crossed | |
54 | * a mount point. | |
e0bb89ef | 55 | * Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged, |
1da177e4 LT |
56 | * or nfs_ok having possibly changed *dpp and *expp |
57 | */ | |
58 | int | |
59 | nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp, | |
60 | struct svc_export **expp) | |
61 | { | |
62 | struct svc_export *exp = *expp, *exp2 = NULL; | |
63 | struct dentry *dentry = *dpp; | |
91c9fa8f AV |
64 | struct path path = {.mnt = mntget(exp->ex_path.mnt), |
65 | .dentry = dget(dentry)}; | |
6264d69d | 66 | int err = 0; |
1da177e4 | 67 | |
7cc90cc3 | 68 | err = follow_down(&path); |
cc53ce53 DH |
69 | if (err < 0) |
70 | goto out; | |
99bbf6ec N |
71 | if (path.mnt == exp->ex_path.mnt && path.dentry == dentry && |
72 | nfsd_mountpoint(dentry, exp) == 2) { | |
73 | /* This is only a mountpoint in some other namespace */ | |
74 | path_put(&path); | |
75 | goto out; | |
76 | } | |
1da177e4 | 77 | |
91c9fa8f | 78 | exp2 = rqst_exp_get_by_name(rqstp, &path); |
1da177e4 | 79 | if (IS_ERR(exp2)) { |
3b6cee7b BF |
80 | err = PTR_ERR(exp2); |
81 | /* | |
82 | * We normally allow NFS clients to continue | |
83 | * "underneath" a mountpoint that is not exported. | |
84 | * The exception is V4ROOT, where no traversal is ever | |
85 | * allowed without an explicit export of the new | |
86 | * directory. | |
87 | */ | |
88 | if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT)) | |
89 | err = 0; | |
91c9fa8f | 90 | path_put(&path); |
1da177e4 LT |
91 | goto out; |
92 | } | |
3c394dda SD |
93 | if (nfsd_v4client(rqstp) || |
94 | (exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) { | |
1da177e4 | 95 | /* successfully crossed mount point */ |
1644ccc8 | 96 | /* |
91c9fa8f AV |
97 | * This is subtle: path.dentry is *not* on path.mnt |
98 | * at this point. The only reason we are safe is that | |
99 | * original mnt is pinned down by exp, so we should | |
100 | * put path *before* putting exp | |
1644ccc8 | 101 | */ |
91c9fa8f AV |
102 | *dpp = path.dentry; |
103 | path.dentry = dentry; | |
1644ccc8 | 104 | *expp = exp2; |
91c9fa8f | 105 | exp2 = exp; |
1da177e4 | 106 | } |
91c9fa8f AV |
107 | path_put(&path); |
108 | exp_put(exp2); | |
1da177e4 LT |
109 | out: |
110 | return err; | |
111 | } | |
112 | ||
289ede45 BF |
113 | static void follow_to_parent(struct path *path) |
114 | { | |
115 | struct dentry *dp; | |
116 | ||
117 | while (path->dentry == path->mnt->mnt_root && follow_up(path)) | |
118 | ; | |
119 | dp = dget_parent(path->dentry); | |
120 | dput(path->dentry); | |
121 | path->dentry = dp; | |
122 | } | |
123 | ||
124 | static int nfsd_lookup_parent(struct svc_rqst *rqstp, struct dentry *dparent, struct svc_export **exp, struct dentry **dentryp) | |
125 | { | |
126 | struct svc_export *exp2; | |
127 | struct path path = {.mnt = mntget((*exp)->ex_path.mnt), | |
128 | .dentry = dget(dparent)}; | |
129 | ||
130 | follow_to_parent(&path); | |
131 | ||
132 | exp2 = rqst_exp_parent(rqstp, &path); | |
133 | if (PTR_ERR(exp2) == -ENOENT) { | |
134 | *dentryp = dget(dparent); | |
135 | } else if (IS_ERR(exp2)) { | |
136 | path_put(&path); | |
137 | return PTR_ERR(exp2); | |
138 | } else { | |
139 | *dentryp = dget(path.dentry); | |
140 | exp_put(*exp); | |
141 | *exp = exp2; | |
142 | } | |
143 | path_put(&path); | |
144 | return 0; | |
145 | } | |
146 | ||
82ead7fe BF |
147 | /* |
148 | * For nfsd purposes, we treat V4ROOT exports as though there was an | |
149 | * export at *every* directory. | |
99bbf6ec N |
150 | * We return: |
151 | * '1' if this dentry *must* be an export point, | |
152 | * '2' if it might be, if there is really a mount here, and | |
153 | * '0' if there is no chance of an export point here. | |
82ead7fe | 154 | */ |
3227fa41 | 155 | int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp) |
82ead7fe | 156 | { |
99bbf6ec N |
157 | if (!d_inode(dentry)) |
158 | return 0; | |
159 | if (exp->ex_flags & NFSEXP_V4ROOT) | |
82ead7fe | 160 | return 1; |
11fcee02 TM |
161 | if (nfsd4_is_junction(dentry)) |
162 | return 1; | |
99bbf6ec N |
163 | if (d_mountpoint(dentry)) |
164 | /* | |
165 | * Might only be a mountpoint in a different namespace, | |
166 | * but we need to check. | |
167 | */ | |
168 | return 2; | |
169 | return 0; | |
82ead7fe BF |
170 | } |
171 | ||
6264d69d | 172 | __be32 |
6c0a654d | 173 | nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, |
5a022fc8 | 174 | const char *name, unsigned int len, |
6c0a654d | 175 | struct svc_export **exp_ret, struct dentry **dentry_ret) |
1da177e4 LT |
176 | { |
177 | struct svc_export *exp; | |
178 | struct dentry *dparent; | |
179 | struct dentry *dentry; | |
6264d69d | 180 | int host_err; |
1da177e4 LT |
181 | |
182 | dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name); | |
183 | ||
1da177e4 | 184 | dparent = fhp->fh_dentry; |
bf18f163 | 185 | exp = exp_get(fhp->fh_export); |
1da177e4 | 186 | |
1da177e4 LT |
187 | /* Lookup the name, but don't follow links */ |
188 | if (isdotent(name, len)) { | |
189 | if (len==1) | |
190 | dentry = dget(dparent); | |
54775491 | 191 | else if (dparent != exp->ex_path.dentry) |
1da177e4 | 192 | dentry = dget_parent(dparent); |
fed83811 | 193 | else if (!EX_NOHIDE(exp) && !nfsd_v4client(rqstp)) |
1da177e4 LT |
194 | dentry = dget(dparent); /* .. == . just like at / */ |
195 | else { | |
196 | /* checking mountpoint crossing is very different when stepping up */ | |
289ede45 BF |
197 | host_err = nfsd_lookup_parent(rqstp, dparent, &exp, &dentry); |
198 | if (host_err) | |
1da177e4 | 199 | goto out_nfserr; |
1da177e4 LT |
200 | } |
201 | } else { | |
4335723e BF |
202 | /* |
203 | * In the nfsd4_open() case, this may be held across | |
204 | * subsequent open and delegation acquisition which may | |
205 | * need to take the child's i_mutex: | |
206 | */ | |
207 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1da177e4 | 208 | dentry = lookup_one_len(name, dparent, len); |
6264d69d | 209 | host_err = PTR_ERR(dentry); |
1da177e4 LT |
210 | if (IS_ERR(dentry)) |
211 | goto out_nfserr; | |
82ead7fe | 212 | if (nfsd_mountpoint(dentry, exp)) { |
bbddca8e N |
213 | /* |
214 | * We don't need the i_mutex after all. It's | |
215 | * still possible we could open this (regular | |
216 | * files can be mountpoints too), but the | |
217 | * i_mutex is just there to prevent renames of | |
218 | * something that we might be about to delegate, | |
219 | * and a mountpoint won't be renamed: | |
220 | */ | |
221 | fh_unlock(fhp); | |
6264d69d | 222 | if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) { |
1da177e4 LT |
223 | dput(dentry); |
224 | goto out_nfserr; | |
225 | } | |
226 | } | |
227 | } | |
6c0a654d BF |
228 | *dentry_ret = dentry; |
229 | *exp_ret = exp; | |
230 | return 0; | |
231 | ||
232 | out_nfserr: | |
233 | exp_put(exp); | |
234 | return nfserrno(host_err); | |
235 | } | |
236 | ||
237 | /* | |
238 | * Look up one component of a pathname. | |
239 | * N.B. After this call _both_ fhp and resfh need an fh_put | |
240 | * | |
241 | * If the lookup would cross a mountpoint, and the mounted filesystem | |
242 | * is exported to the client with NFSEXP_NOHIDE, then the lookup is | |
243 | * accepted as it stands and the mounted directory is | |
244 | * returned. Otherwise the covered directory is returned. | |
245 | * NOTE: this mountpoint crossing is not supported properly by all | |
246 | * clients and is explicitly disallowed for NFSv3 | |
ef5825e3 | 247 | * NeilBrown <neilb@cse.unsw.edu.au> |
6c0a654d BF |
248 | */ |
249 | __be32 | |
250 | nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name, | |
5a022fc8 | 251 | unsigned int len, struct svc_fh *resfh) |
6c0a654d BF |
252 | { |
253 | struct svc_export *exp; | |
254 | struct dentry *dentry; | |
255 | __be32 err; | |
256 | ||
29a78a3e BF |
257 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); |
258 | if (err) | |
259 | return err; | |
6c0a654d BF |
260 | err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry); |
261 | if (err) | |
262 | return err; | |
32c1eb0c AA |
263 | err = check_nfsd_access(exp, rqstp); |
264 | if (err) | |
265 | goto out; | |
1da177e4 LT |
266 | /* |
267 | * Note: we compose the file handle now, but as the | |
268 | * dentry may be negative, it may need to be updated. | |
269 | */ | |
270 | err = fh_compose(resfh, exp, dentry, fhp); | |
2b0143b5 | 271 | if (!err && d_really_is_negative(dentry)) |
1da177e4 | 272 | err = nfserr_noent; |
32c1eb0c | 273 | out: |
1da177e4 | 274 | dput(dentry); |
1da177e4 LT |
275 | exp_put(exp); |
276 | return err; | |
1da177e4 LT |
277 | } |
278 | ||
f501912a BM |
279 | /* |
280 | * Commit metadata changes to stable storage. | |
281 | */ | |
282 | static int | |
57f64034 | 283 | commit_inode_metadata(struct inode *inode) |
f501912a | 284 | { |
f501912a | 285 | const struct export_operations *export_ops = inode->i_sb->s_export_op; |
f501912a | 286 | |
c3765016 CH |
287 | if (export_ops->commit_metadata) |
288 | return export_ops->commit_metadata(inode); | |
289 | return sync_inode_metadata(inode, 1); | |
f501912a | 290 | } |
6c0a654d | 291 | |
57f64034 TM |
292 | static int |
293 | commit_metadata(struct svc_fh *fhp) | |
294 | { | |
295 | struct inode *inode = d_inode(fhp->fh_dentry); | |
296 | ||
297 | if (!EX_ISSYNC(fhp->fh_export)) | |
298 | return 0; | |
299 | return commit_inode_metadata(inode); | |
300 | } | |
301 | ||
1da177e4 | 302 | /* |
818e5a22 CH |
303 | * Go over the attributes and take care of the small differences between |
304 | * NFS semantics and what Linux expects. | |
1da177e4 | 305 | */ |
818e5a22 CH |
306 | static void |
307 | nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) | |
1da177e4 | 308 | { |
ca456252 | 309 | /* sanitize the mode change */ |
1da177e4 LT |
310 | if (iap->ia_valid & ATTR_MODE) { |
311 | iap->ia_mode &= S_IALLUGO; | |
dee3209d | 312 | iap->ia_mode |= (inode->i_mode & ~S_IALLUGO); |
ca456252 JL |
313 | } |
314 | ||
315 | /* Revoke setuid/setgid on chown */ | |
0953e620 | 316 | if (!S_ISDIR(inode->i_mode) && |
c4fa6d7c | 317 | ((iap->ia_valid & ATTR_UID) || (iap->ia_valid & ATTR_GID))) { |
ca456252 JL |
318 | iap->ia_valid |= ATTR_KILL_PRIV; |
319 | if (iap->ia_valid & ATTR_MODE) { | |
320 | /* we're setting mode too, just clear the s*id bits */ | |
8a0ce7d9 | 321 | iap->ia_mode &= ~S_ISUID; |
ca456252 JL |
322 | if (iap->ia_mode & S_IXGRP) |
323 | iap->ia_mode &= ~S_ISGID; | |
324 | } else { | |
325 | /* set ATTR_KILL_* bits and let VFS handle it */ | |
326 | iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); | |
8a0ce7d9 | 327 | } |
1da177e4 | 328 | } |
818e5a22 CH |
329 | } |
330 | ||
0839ffb8 BF |
331 | static __be32 |
332 | nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
333 | struct iattr *iap) | |
334 | { | |
335 | struct inode *inode = d_inode(fhp->fh_dentry); | |
0839ffb8 BF |
336 | |
337 | if (iap->ia_size < inode->i_size) { | |
338 | __be32 err; | |
339 | ||
340 | err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, | |
341 | NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); | |
342 | if (err) | |
343 | return err; | |
344 | } | |
f7e33bdb | 345 | return nfserrno(get_write_access(inode)); |
0839ffb8 BF |
346 | } |
347 | ||
818e5a22 CH |
348 | /* |
349 | * Set various file attributes. After this call fhp needs an fh_put. | |
350 | */ | |
351 | __be32 | |
352 | nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, | |
2a1aa489 | 353 | int check_guard, time64_t guardtime) |
818e5a22 CH |
354 | { |
355 | struct dentry *dentry; | |
356 | struct inode *inode; | |
357 | int accmode = NFSD_MAY_SATTR; | |
358 | umode_t ftype = 0; | |
359 | __be32 err; | |
360 | int host_err; | |
9f67f189 | 361 | bool get_write_count; |
758e99fe | 362 | bool size_change = (iap->ia_valid & ATTR_SIZE); |
818e5a22 | 363 | |
255fbca6 | 364 | if (iap->ia_valid & ATTR_SIZE) { |
818e5a22 | 365 | accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; |
818e5a22 | 366 | ftype = S_IFREG; |
255fbca6 | 367 | } |
368 | ||
369 | /* | |
370 | * If utimes(2) and friends are called with times not NULL, we should | |
371 | * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission | |
e977cc83 | 372 | * will return EACCES, when the caller's effective UID does not match |
255fbca6 | 373 | * the owner of the file, and the caller is not privileged. In this |
374 | * situation, we should return EPERM(notify_change will return this). | |
375 | */ | |
376 | if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { | |
377 | accmode |= NFSD_MAY_OWNER_OVERRIDE; | |
378 | if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) | |
379 | accmode |= NFSD_MAY_WRITE; | |
380 | } | |
818e5a22 | 381 | |
9f67f189 BF |
382 | /* Callers that do fh_verify should do the fh_want_write: */ |
383 | get_write_count = !fhp->fh_dentry; | |
384 | ||
818e5a22 CH |
385 | /* Get inode */ |
386 | err = fh_verify(rqstp, fhp, ftype, accmode); | |
387 | if (err) | |
758e99fe | 388 | return err; |
9f67f189 BF |
389 | if (get_write_count) { |
390 | host_err = fh_want_write(fhp); | |
391 | if (host_err) | |
758e99fe | 392 | goto out; |
9f67f189 | 393 | } |
818e5a22 CH |
394 | |
395 | dentry = fhp->fh_dentry; | |
2b0143b5 | 396 | inode = d_inode(dentry); |
818e5a22 CH |
397 | |
398 | /* Ignore any mode updates on symlinks */ | |
399 | if (S_ISLNK(inode->i_mode)) | |
400 | iap->ia_valid &= ~ATTR_MODE; | |
401 | ||
402 | if (!iap->ia_valid) | |
758e99fe | 403 | return 0; |
1da177e4 | 404 | |
818e5a22 CH |
405 | nfsd_sanitize_attrs(inode, iap); |
406 | ||
758e99fe CH |
407 | if (check_guard && guardtime != inode->i_ctime.tv_sec) |
408 | return nfserr_notsync; | |
409 | ||
818e5a22 CH |
410 | /* |
411 | * The size case is special, it changes the file in addition to the | |
783112f7 CH |
412 | * attributes, and file systems don't expect it to be mixed with |
413 | * "random" attribute changes. We thus split out the size change | |
414 | * into a separate call to ->setattr, and do the rest as a separate | |
415 | * setattr call. | |
818e5a22 | 416 | */ |
758e99fe | 417 | if (size_change) { |
0839ffb8 BF |
418 | err = nfsd_get_write_access(rqstp, fhp, iap); |
419 | if (err) | |
758e99fe | 420 | return err; |
783112f7 | 421 | } |
f0c63124 | 422 | |
783112f7 CH |
423 | fh_lock(fhp); |
424 | if (size_change) { | |
f0c63124 | 425 | /* |
0839ffb8 BF |
426 | * RFC5661, Section 18.30.4: |
427 | * Changing the size of a file with SETATTR indirectly | |
428 | * changes the time_modify and change attributes. | |
429 | * | |
430 | * (and similar for the older RFCs) | |
f0c63124 | 431 | */ |
783112f7 CH |
432 | struct iattr size_attr = { |
433 | .ia_valid = ATTR_SIZE | ATTR_CTIME | ATTR_MTIME, | |
434 | .ia_size = iap->ia_size, | |
435 | }; | |
436 | ||
e6faac3f CL |
437 | host_err = -EFBIG; |
438 | if (iap->ia_size < 0) | |
439 | goto out_unlock; | |
440 | ||
2f221d6f | 441 | host_err = notify_change(&init_user_ns, dentry, &size_attr, NULL); |
783112f7 CH |
442 | if (host_err) |
443 | goto out_unlock; | |
444 | iap->ia_valid &= ~ATTR_SIZE; | |
445 | ||
446 | /* | |
447 | * Avoid the additional setattr call below if the only other | |
448 | * attribute that the client sends is the mtime, as we update | |
449 | * it as part of the size change above. | |
450 | */ | |
451 | if ((iap->ia_valid & ~ATTR_MTIME) == 0) | |
452 | goto out_unlock; | |
1da177e4 | 453 | } |
987da479 | 454 | |
41f53350 | 455 | iap->ia_valid |= ATTR_CTIME; |
2f221d6f | 456 | host_err = notify_change(&init_user_ns, dentry, iap, NULL); |
987da479 | 457 | |
783112f7 CH |
458 | out_unlock: |
459 | fh_unlock(fhp); | |
0839ffb8 BF |
460 | if (size_change) |
461 | put_write_access(inode); | |
0839ffb8 | 462 | out: |
758e99fe CH |
463 | if (!host_err) |
464 | host_err = commit_metadata(fhp); | |
465 | return nfserrno(host_err); | |
1da177e4 LT |
466 | } |
467 | ||
5be196e5 | 468 | #if defined(CONFIG_NFSD_V4) |
9b4146e8 CL |
469 | /* |
470 | * NFS junction information is stored in an extended attribute. | |
471 | */ | |
472 | #define NFSD_JUNCTION_XATTR_NAME XATTR_TRUSTED_PREFIX "junction.nfs" | |
473 | ||
474 | /** | |
475 | * nfsd4_is_junction - Test if an object could be an NFS junction | |
476 | * | |
477 | * @dentry: object to test | |
478 | * | |
479 | * Returns 1 if "dentry" appears to contain NFS junction information. | |
480 | * Otherwise 0 is returned. | |
481 | */ | |
11fcee02 TM |
482 | int nfsd4_is_junction(struct dentry *dentry) |
483 | { | |
2b0143b5 | 484 | struct inode *inode = d_inode(dentry); |
11fcee02 TM |
485 | |
486 | if (inode == NULL) | |
487 | return 0; | |
488 | if (inode->i_mode & S_IXUGO) | |
489 | return 0; | |
490 | if (!(inode->i_mode & S_ISVTX)) | |
491 | return 0; | |
c7c7a1a1 TA |
492 | if (vfs_getxattr(&init_user_ns, dentry, NFSD_JUNCTION_XATTR_NAME, |
493 | NULL, 0) <= 0) | |
11fcee02 TM |
494 | return 0; |
495 | return 1; | |
496 | } | |
18032ca0 DQ |
497 | #ifdef CONFIG_NFSD_V4_SECURITY_LABEL |
498 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
499 | struct xdr_netobj *label) | |
500 | { | |
501 | __be32 error; | |
502 | int host_error; | |
503 | struct dentry *dentry; | |
504 | ||
505 | error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR); | |
506 | if (error) | |
507 | return error; | |
508 | ||
509 | dentry = fhp->fh_dentry; | |
510 | ||
5955102c | 511 | inode_lock(d_inode(dentry)); |
18032ca0 | 512 | host_error = security_inode_setsecctx(dentry, label->data, label->len); |
5955102c | 513 | inode_unlock(d_inode(dentry)); |
18032ca0 DQ |
514 | return nfserrno(host_error); |
515 | } | |
516 | #else | |
517 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
518 | struct xdr_netobj *label) | |
519 | { | |
520 | return nfserr_notsupp; | |
521 | } | |
522 | #endif | |
523 | ||
a2f4c3fa TM |
524 | static struct nfsd4_compound_state *nfsd4_get_cstate(struct svc_rqst *rqstp) |
525 | { | |
526 | return &((struct nfsd4_compoundres *)rqstp->rq_resp)->cstate; | |
527 | } | |
528 | ||
529 | __be32 nfsd4_clone_file_range(struct svc_rqst *rqstp, | |
530 | struct nfsd_file *nf_src, u64 src_pos, | |
531 | struct nfsd_file *nf_dst, u64 dst_pos, | |
532 | u64 count, bool sync) | |
ffa0160a | 533 | { |
b66ae6dd TM |
534 | struct file *src = nf_src->nf_file; |
535 | struct file *dst = nf_dst->nf_file; | |
555dbf1a | 536 | errseq_t since; |
42ec3d4c | 537 | loff_t cloned; |
1b28d756 | 538 | __be32 ret = 0; |
42ec3d4c | 539 | |
555dbf1a | 540 | since = READ_ONCE(dst->f_wb_err); |
452ce659 | 541 | cloned = vfs_clone_file_range(src, src_pos, dst, dst_pos, count, 0); |
1b28d756 TM |
542 | if (cloned < 0) { |
543 | ret = nfserrno(cloned); | |
544 | goto out_err; | |
545 | } | |
546 | if (count && cloned != count) { | |
547 | ret = nfserrno(-EINVAL); | |
548 | goto out_err; | |
549 | } | |
a25e3726 TM |
550 | if (sync) { |
551 | loff_t dst_end = count ? dst_pos + count - 1 : LLONG_MAX; | |
552 | int status = vfs_fsync_range(dst, dst_pos, dst_end, 0); | |
57f64034 | 553 | |
555dbf1a TM |
554 | if (!status) |
555 | status = filemap_check_wb_err(dst->f_mapping, since); | |
57f64034 TM |
556 | if (!status) |
557 | status = commit_inode_metadata(file_inode(src)); | |
1b28d756 | 558 | if (status < 0) { |
75acacb6 CL |
559 | struct nfsd_net *nn = net_generic(nf_dst->nf_net, |
560 | nfsd_net_id); | |
561 | ||
a2f4c3fa TM |
562 | trace_nfsd_clone_file_range_err(rqstp, |
563 | &nfsd4_get_cstate(rqstp)->save_fh, | |
564 | src_pos, | |
565 | &nfsd4_get_cstate(rqstp)->current_fh, | |
566 | dst_pos, | |
567 | count, status); | |
75acacb6 CL |
568 | nfsd_reset_write_verifier(nn); |
569 | trace_nfsd_writeverf_reset(nn, rqstp, status); | |
1b28d756 TM |
570 | ret = nfserrno(status); |
571 | } | |
a25e3726 | 572 | } |
1b28d756 | 573 | out_err: |
1b28d756 | 574 | return ret; |
ffa0160a CH |
575 | } |
576 | ||
29ae7f9d AS |
577 | ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst, |
578 | u64 dst_pos, u64 count) | |
579 | { | |
868f9f2f | 580 | ssize_t ret; |
29ae7f9d AS |
581 | |
582 | /* | |
583 | * Limit copy to 4MB to prevent indefinitely blocking an nfsd | |
584 | * thread and client rpc slot. The choice of 4MB is somewhat | |
585 | * arbitrary. We might instead base this on r/wsize, or make it | |
586 | * tunable, or use a time instead of a byte limit, or implement | |
587 | * asynchronous copy. In theory a client could also recognize a | |
588 | * limit like this and pipeline multiple COPY requests. | |
589 | */ | |
590 | count = min_t(u64, count, 1 << 22); | |
868f9f2f AG |
591 | ret = vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0); |
592 | ||
593 | if (ret == -EOPNOTSUPP || ret == -EXDEV) | |
594 | ret = generic_copy_file_range(src, src_pos, dst, dst_pos, | |
595 | count, 0); | |
596 | return ret; | |
29ae7f9d AS |
597 | } |
598 | ||
95d871f0 AS |
599 | __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp, |
600 | struct file *file, loff_t offset, loff_t len, | |
601 | int flags) | |
602 | { | |
95d871f0 AS |
603 | int error; |
604 | ||
605 | if (!S_ISREG(file_inode(file)->i_mode)) | |
606 | return nfserr_inval; | |
607 | ||
95d871f0 AS |
608 | error = vfs_fallocate(file, flags, offset, len); |
609 | if (!error) | |
610 | error = commit_metadata(fhp); | |
611 | ||
612 | return nfserrno(error); | |
613 | } | |
6a85d6c7 | 614 | #endif /* defined(CONFIG_NFSD_V4) */ |
1da177e4 | 615 | |
1da177e4 LT |
616 | /* |
617 | * Check server access rights to a file system object | |
618 | */ | |
619 | struct accessmap { | |
620 | u32 access; | |
621 | int how; | |
622 | }; | |
623 | static struct accessmap nfs3_regaccess[] = { | |
8837abca MS |
624 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
625 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
626 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_TRUNC }, | |
627 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE }, | |
1da177e4 | 628 | |
c11d7fd1 FL |
629 | #ifdef CONFIG_NFSD_V4 |
630 | { NFS4_ACCESS_XAREAD, NFSD_MAY_READ }, | |
631 | { NFS4_ACCESS_XAWRITE, NFSD_MAY_WRITE }, | |
632 | { NFS4_ACCESS_XALIST, NFSD_MAY_READ }, | |
633 | #endif | |
634 | ||
1da177e4 LT |
635 | { 0, 0 } |
636 | }; | |
637 | ||
638 | static struct accessmap nfs3_diraccess[] = { | |
8837abca MS |
639 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
640 | { NFS3_ACCESS_LOOKUP, NFSD_MAY_EXEC }, | |
641 | { NFS3_ACCESS_MODIFY, NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC}, | |
642 | { NFS3_ACCESS_EXTEND, NFSD_MAY_EXEC|NFSD_MAY_WRITE }, | |
643 | { NFS3_ACCESS_DELETE, NFSD_MAY_REMOVE }, | |
1da177e4 | 644 | |
c11d7fd1 FL |
645 | #ifdef CONFIG_NFSD_V4 |
646 | { NFS4_ACCESS_XAREAD, NFSD_MAY_READ }, | |
647 | { NFS4_ACCESS_XAWRITE, NFSD_MAY_WRITE }, | |
648 | { NFS4_ACCESS_XALIST, NFSD_MAY_READ }, | |
649 | #endif | |
650 | ||
1da177e4 LT |
651 | { 0, 0 } |
652 | }; | |
653 | ||
654 | static struct accessmap nfs3_anyaccess[] = { | |
655 | /* Some clients - Solaris 2.6 at least, make an access call | |
656 | * to the server to check for access for things like /dev/null | |
657 | * (which really, the server doesn't care about). So | |
658 | * We provide simple access checking for them, looking | |
659 | * mainly at mode bits, and we make sure to ignore read-only | |
660 | * filesystem checks | |
661 | */ | |
8837abca MS |
662 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
663 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
664 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
665 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
1da177e4 LT |
666 | |
667 | { 0, 0 } | |
668 | }; | |
669 | ||
6264d69d | 670 | __be32 |
1da177e4 LT |
671 | nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported) |
672 | { | |
673 | struct accessmap *map; | |
674 | struct svc_export *export; | |
675 | struct dentry *dentry; | |
676 | u32 query, result = 0, sresult = 0; | |
6264d69d | 677 | __be32 error; |
1da177e4 | 678 | |
8837abca | 679 | error = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP); |
1da177e4 LT |
680 | if (error) |
681 | goto out; | |
682 | ||
683 | export = fhp->fh_export; | |
684 | dentry = fhp->fh_dentry; | |
685 | ||
e36cb0b8 | 686 | if (d_is_reg(dentry)) |
1da177e4 | 687 | map = nfs3_regaccess; |
e36cb0b8 | 688 | else if (d_is_dir(dentry)) |
1da177e4 LT |
689 | map = nfs3_diraccess; |
690 | else | |
691 | map = nfs3_anyaccess; | |
692 | ||
693 | ||
694 | query = *access; | |
695 | for (; map->access; map++) { | |
696 | if (map->access & query) { | |
6264d69d | 697 | __be32 err2; |
1da177e4 LT |
698 | |
699 | sresult |= map->access; | |
700 | ||
0ec757df | 701 | err2 = nfsd_permission(rqstp, export, dentry, map->how); |
1da177e4 LT |
702 | switch (err2) { |
703 | case nfs_ok: | |
704 | result |= map->access; | |
705 | break; | |
706 | ||
707 | /* the following error codes just mean the access was not allowed, | |
708 | * rather than an error occurred */ | |
709 | case nfserr_rofs: | |
710 | case nfserr_acces: | |
711 | case nfserr_perm: | |
712 | /* simply don't "or" in the access bit. */ | |
713 | break; | |
714 | default: | |
715 | error = err2; | |
716 | goto out; | |
717 | } | |
718 | } | |
719 | } | |
720 | *access = result; | |
721 | if (supported) | |
722 | *supported = sresult; | |
723 | ||
724 | out: | |
725 | return error; | |
726 | } | |
1da177e4 | 727 | |
65294c1f | 728 | int nfsd_open_break_lease(struct inode *inode, int access) |
105f4622 BF |
729 | { |
730 | unsigned int mode; | |
1da177e4 | 731 | |
105f4622 BF |
732 | if (access & NFSD_MAY_NOT_BREAK_LEASE) |
733 | return 0; | |
734 | mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY; | |
735 | return break_lease(inode, mode | O_NONBLOCK); | |
736 | } | |
1da177e4 LT |
737 | |
738 | /* | |
739 | * Open an existing file or directory. | |
999448a8 BS |
740 | * The may_flags argument indicates the type of open (read/write/lock) |
741 | * and additional flags. | |
1da177e4 LT |
742 | * N.B. After this call fhp needs an fh_put |
743 | */ | |
65294c1f JL |
744 | static __be32 |
745 | __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
999448a8 | 746 | int may_flags, struct file **filp) |
1da177e4 | 747 | { |
765927b2 | 748 | struct path path; |
1da177e4 | 749 | struct inode *inode; |
8519f994 | 750 | struct file *file; |
6264d69d AV |
751 | int flags = O_RDONLY|O_LARGEFILE; |
752 | __be32 err; | |
91885258 | 753 | int host_err = 0; |
1da177e4 | 754 | |
765927b2 AV |
755 | path.mnt = fhp->fh_export->ex_path.mnt; |
756 | path.dentry = fhp->fh_dentry; | |
2b0143b5 | 757 | inode = d_inode(path.dentry); |
1da177e4 | 758 | |
1da177e4 | 759 | err = nfserr_perm; |
999448a8 | 760 | if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE)) |
1da177e4 | 761 | goto out; |
1da177e4 LT |
762 | |
763 | if (!inode->i_fop) | |
764 | goto out; | |
765 | ||
999448a8 | 766 | host_err = nfsd_open_break_lease(inode, may_flags); |
6264d69d | 767 | if (host_err) /* NOMEM or WOULDBLOCK */ |
1da177e4 LT |
768 | goto out_nfserr; |
769 | ||
999448a8 BS |
770 | if (may_flags & NFSD_MAY_WRITE) { |
771 | if (may_flags & NFSD_MAY_READ) | |
9ecb6a08 BF |
772 | flags = O_RDWR|O_LARGEFILE; |
773 | else | |
774 | flags = O_WRONLY|O_LARGEFILE; | |
1da177e4 | 775 | } |
999448a8 | 776 | |
8519f994 KM |
777 | file = dentry_open(&path, flags, current_cred()); |
778 | if (IS_ERR(file)) { | |
779 | host_err = PTR_ERR(file); | |
780 | goto out_nfserr; | |
781 | } | |
782 | ||
6035a27b | 783 | host_err = ima_file_check(file, may_flags); |
8519f994 | 784 | if (host_err) { |
fd891454 | 785 | fput(file); |
8519f994 | 786 | goto out_nfserr; |
06effdbb BS |
787 | } |
788 | ||
8519f994 KM |
789 | if (may_flags & NFSD_MAY_64BIT_COOKIE) |
790 | file->f_mode |= FMODE_64BITHASH; | |
791 | else | |
792 | file->f_mode |= FMODE_32BITHASH; | |
793 | ||
794 | *filp = file; | |
1da177e4 | 795 | out_nfserr: |
6264d69d | 796 | err = nfserrno(host_err); |
1da177e4 | 797 | out: |
65294c1f JL |
798 | return err; |
799 | } | |
800 | ||
801 | __be32 | |
802 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
803 | int may_flags, struct file **filp) | |
804 | { | |
805 | __be32 err; | |
12bcbd40 | 806 | bool retried = false; |
65294c1f JL |
807 | |
808 | validate_process_creds(); | |
809 | /* | |
810 | * If we get here, then the client has already done an "open", | |
811 | * and (hopefully) checked permission - so allow OWNER_OVERRIDE | |
812 | * in case a chmod has now revoked permission. | |
813 | * | |
814 | * Arguably we should also allow the owner override for | |
815 | * directories, but we never have and it doesn't seem to have | |
816 | * caused anyone a problem. If we were to change this, note | |
817 | * also that our filldir callbacks would need a variant of | |
818 | * lookup_one_len that doesn't check permissions. | |
819 | */ | |
820 | if (type == S_IFREG) | |
821 | may_flags |= NFSD_MAY_OWNER_OVERRIDE; | |
12bcbd40 | 822 | retry: |
65294c1f | 823 | err = fh_verify(rqstp, fhp, type, may_flags); |
12bcbd40 | 824 | if (!err) { |
65294c1f | 825 | err = __nfsd_open(rqstp, fhp, type, may_flags, filp); |
12bcbd40 JL |
826 | if (err == nfserr_stale && !retried) { |
827 | retried = true; | |
828 | fh_put(fhp); | |
829 | goto retry; | |
830 | } | |
831 | } | |
65294c1f JL |
832 | validate_process_creds(); |
833 | return err; | |
834 | } | |
835 | ||
f4d84c52 CL |
836 | /** |
837 | * nfsd_open_verified - Open a regular file for the filecache | |
838 | * @rqstp: RPC request | |
839 | * @fhp: NFS filehandle of the file to open | |
840 | * @may_flags: internal permission flags | |
841 | * @filp: OUT: open "struct file *" | |
842 | * | |
843 | * Returns an nfsstat value in network byte order. | |
844 | */ | |
65294c1f | 845 | __be32 |
f4d84c52 CL |
846 | nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, int may_flags, |
847 | struct file **filp) | |
65294c1f JL |
848 | { |
849 | __be32 err; | |
850 | ||
851 | validate_process_creds(); | |
f4d84c52 | 852 | err = __nfsd_open(rqstp, fhp, S_IFREG, may_flags, filp); |
e0e81739 | 853 | validate_process_creds(); |
1da177e4 LT |
854 | return err; |
855 | } | |
856 | ||
1da177e4 | 857 | /* |
cf8208d0 JA |
858 | * Grab and keep cached pages associated with a file in the svc_rqst |
859 | * so that they can be passed to the network sendmsg/sendpage routines | |
860 | * directly. They will be released after the sending has completed. | |
1da177e4 LT |
861 | */ |
862 | static int | |
cf8208d0 JA |
863 | nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, |
864 | struct splice_desc *sd) | |
1da177e4 | 865 | { |
cf8208d0 | 866 | struct svc_rqst *rqstp = sd->u.data; |
1da177e4 | 867 | |
91e23b1c CL |
868 | svc_rqst_replace_page(rqstp, buf->page); |
869 | if (rqstp->rq_res.page_len == 0) | |
cf8208d0 | 870 | rqstp->rq_res.page_base = buf->offset; |
c7e0b781 | 871 | rqstp->rq_res.page_len += sd->len; |
c7e0b781 | 872 | return sd->len; |
1da177e4 LT |
873 | } |
874 | ||
cf8208d0 JA |
875 | static int nfsd_direct_splice_actor(struct pipe_inode_info *pipe, |
876 | struct splice_desc *sd) | |
877 | { | |
878 | return __splice_from_pipe(pipe, sd, nfsd_splice_actor); | |
879 | } | |
880 | ||
83a63072 TM |
881 | static u32 nfsd_eof_on_read(struct file *file, loff_t offset, ssize_t len, |
882 | size_t expected) | |
883 | { | |
884 | if (expected != 0 && len == 0) | |
885 | return 1; | |
886 | if (offset+len >= i_size_read(file_inode(file))) | |
887 | return 1; | |
888 | return 0; | |
889 | } | |
890 | ||
87c5942e CL |
891 | static __be32 nfsd_finish_read(struct svc_rqst *rqstp, struct svc_fh *fhp, |
892 | struct file *file, loff_t offset, | |
83a63072 | 893 | unsigned long *count, u32 *eof, ssize_t host_err) |
1da177e4 | 894 | { |
6264d69d | 895 | if (host_err >= 0) { |
20ad856e | 896 | nfsd_stats_io_read_add(fhp->fh_export, host_err); |
83a63072 | 897 | *eof = nfsd_eof_on_read(file, offset, host_err, *count); |
6264d69d | 898 | *count = host_err; |
2a12a9d7 | 899 | fsnotify_access(file); |
87c5942e | 900 | trace_nfsd_read_io_done(rqstp, fhp, offset, *count); |
dc97618d | 901 | return 0; |
87c5942e CL |
902 | } else { |
903 | trace_nfsd_read_err(rqstp, fhp, offset, host_err); | |
dc97618d | 904 | return nfserrno(host_err); |
87c5942e | 905 | } |
dc97618d BF |
906 | } |
907 | ||
87c5942e | 908 | __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp, |
83a63072 TM |
909 | struct file *file, loff_t offset, unsigned long *count, |
910 | u32 *eof) | |
dc97618d BF |
911 | { |
912 | struct splice_desc sd = { | |
913 | .len = 0, | |
914 | .total_len = *count, | |
915 | .pos = offset, | |
916 | .u.data = rqstp, | |
917 | }; | |
83a63072 | 918 | ssize_t host_err; |
dc97618d | 919 | |
87c5942e | 920 | trace_nfsd_read_splice(rqstp, fhp, offset, *count); |
dc97618d BF |
921 | rqstp->rq_next_page = rqstp->rq_respages + 1; |
922 | host_err = splice_direct_to_actor(file, &sd, nfsd_direct_splice_actor); | |
83a63072 | 923 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); |
dc97618d BF |
924 | } |
925 | ||
87c5942e CL |
926 | __be32 nfsd_readv(struct svc_rqst *rqstp, struct svc_fh *fhp, |
927 | struct file *file, loff_t offset, | |
83a63072 TM |
928 | struct kvec *vec, int vlen, unsigned long *count, |
929 | u32 *eof) | |
dc97618d | 930 | { |
73da852e | 931 | struct iov_iter iter; |
83a63072 TM |
932 | loff_t ppos = offset; |
933 | ssize_t host_err; | |
dc97618d | 934 | |
87c5942e | 935 | trace_nfsd_read_vector(rqstp, fhp, offset, *count); |
aa563d7b | 936 | iov_iter_kvec(&iter, READ, vec, vlen, *count); |
83a63072 TM |
937 | host_err = vfs_iter_read(file, &iter, &ppos, 0); |
938 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); | |
1da177e4 LT |
939 | } |
940 | ||
d911df7b BF |
941 | /* |
942 | * Gathered writes: If another process is currently writing to the file, | |
943 | * there's a high chance this is another nfsd (triggered by a bulk write | |
944 | * from a client's biod). Rather than syncing the file with each write | |
945 | * request, we sleep for 10 msec. | |
946 | * | |
947 | * I don't know if this roughly approximates C. Juszak's idea of | |
948 | * gathered writes, but it's a nice and simple solution (IMHO), and it | |
949 | * seems to work:-) | |
950 | * | |
951 | * Note: we do this only in the NFSv2 case, since v3 and higher have a | |
952 | * better tool (separate unstable writes and commits) for solving this | |
953 | * problem. | |
954 | */ | |
955 | static int wait_for_concurrent_writes(struct file *file) | |
956 | { | |
496ad9aa | 957 | struct inode *inode = file_inode(file); |
d911df7b BF |
958 | static ino_t last_ino; |
959 | static dev_t last_dev; | |
960 | int err = 0; | |
961 | ||
962 | if (atomic_read(&inode->i_writecount) > 1 | |
963 | || (last_ino == inode->i_ino && last_dev == inode->i_sb->s_dev)) { | |
964 | dprintk("nfsd: write defer %d\n", task_pid_nr(current)); | |
965 | msleep(10); | |
966 | dprintk("nfsd: write resume %d\n", task_pid_nr(current)); | |
967 | } | |
968 | ||
969 | if (inode->i_state & I_DIRTY) { | |
970 | dprintk("nfsd: write sync %d\n", task_pid_nr(current)); | |
8018ab05 | 971 | err = vfs_fsync(file, 0); |
d911df7b BF |
972 | } |
973 | last_ino = inode->i_ino; | |
974 | last_dev = inode->i_sb->s_dev; | |
975 | return err; | |
976 | } | |
977 | ||
af90f707 | 978 | __be32 |
16f8f894 | 979 | nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfsd_file *nf, |
1da177e4 | 980 | loff_t offset, struct kvec *vec, int vlen, |
19e0663f TM |
981 | unsigned long *cnt, int stable, |
982 | __be32 *verf) | |
1da177e4 | 983 | { |
fb7622c2 | 984 | struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); |
16f8f894 | 985 | struct file *file = nf->nf_file; |
01cbf385 | 986 | struct super_block *sb = file_inode(file)->i_sb; |
1da177e4 | 987 | struct svc_export *exp; |
73da852e | 988 | struct iov_iter iter; |
555dbf1a | 989 | errseq_t since; |
d890be15 | 990 | __be32 nfserr; |
6264d69d | 991 | int host_err; |
48e03bc5 | 992 | int use_wgather; |
e49dbbf3 | 993 | loff_t pos = offset; |
01cbf385 | 994 | unsigned long exp_op_flags = 0; |
8658452e | 995 | unsigned int pflags = current->flags; |
ddef7ed2 | 996 | rwf_t flags = 0; |
01cbf385 | 997 | bool restore_flags = false; |
8658452e | 998 | |
d890be15 CL |
999 | trace_nfsd_write_opened(rqstp, fhp, offset, *cnt); |
1000 | ||
01cbf385 TM |
1001 | if (sb->s_export_op) |
1002 | exp_op_flags = sb->s_export_op->flags; | |
1003 | ||
1004 | if (test_bit(RQ_LOCAL, &rqstp->rq_flags) && | |
1005 | !(exp_op_flags & EXPORT_OP_REMOTE_FS)) { | |
8658452e | 1006 | /* |
a37b0715 N |
1007 | * We want throttling in balance_dirty_pages() |
1008 | * and shrink_inactive_list() to only consider | |
1009 | * the backingdev we are writing to, so that nfs to | |
8658452e N |
1010 | * localhost doesn't cause nfsd to lock up due to all |
1011 | * the client's dirty pages or its congested queue. | |
1012 | */ | |
a37b0715 | 1013 | current->flags |= PF_LOCAL_THROTTLE; |
01cbf385 TM |
1014 | restore_flags = true; |
1015 | } | |
1da177e4 | 1016 | |
865d50b2 | 1017 | exp = fhp->fh_export; |
48e03bc5 | 1018 | use_wgather = (rqstp->rq_vers == 2) && EX_WGATHER(exp); |
1da177e4 | 1019 | |
1da177e4 | 1020 | if (!EX_ISSYNC(exp)) |
54bbb7d2 | 1021 | stable = NFS_UNSTABLE; |
1da177e4 | 1022 | |
24368aad CH |
1023 | if (stable && !use_wgather) |
1024 | flags |= RWF_SYNC; | |
1025 | ||
aa563d7b | 1026 | iov_iter_kvec(&iter, WRITE, vec, vlen, *cnt); |
555dbf1a | 1027 | since = READ_ONCE(file->f_wb_err); |
33388b3a | 1028 | if (verf) |
3988a578 | 1029 | nfsd_copy_write_verifier(verf, nn); |
33388b3a | 1030 | host_err = vfs_iter_write(file, &iter, &pos, flags); |
7bf94c6b | 1031 | if (host_err < 0) { |
3988a578 | 1032 | nfsd_reset_write_verifier(nn); |
75acacb6 | 1033 | trace_nfsd_writeverf_reset(nn, rqstp, host_err); |
e4636d53 | 1034 | goto out_nfserr; |
7bf94c6b | 1035 | } |
09a80f2a | 1036 | *cnt = host_err; |
20ad856e | 1037 | nfsd_stats_io_write_add(exp, *cnt); |
2a12a9d7 | 1038 | fsnotify_modify(file); |
555dbf1a TM |
1039 | host_err = filemap_check_wb_err(file->f_mapping, since); |
1040 | if (host_err < 0) | |
1041 | goto out_nfserr; | |
1da177e4 | 1042 | |
bbf2f098 | 1043 | if (stable && use_wgather) { |
24368aad | 1044 | host_err = wait_for_concurrent_writes(file); |
75acacb6 | 1045 | if (host_err < 0) { |
3988a578 | 1046 | nfsd_reset_write_verifier(nn); |
75acacb6 CL |
1047 | trace_nfsd_writeverf_reset(nn, rqstp, host_err); |
1048 | } | |
bbf2f098 | 1049 | } |
1da177e4 | 1050 | |
e4636d53 | 1051 | out_nfserr: |
d890be15 CL |
1052 | if (host_err >= 0) { |
1053 | trace_nfsd_write_io_done(rqstp, fhp, offset, *cnt); | |
1054 | nfserr = nfs_ok; | |
1055 | } else { | |
1056 | trace_nfsd_write_err(rqstp, fhp, offset, host_err); | |
1057 | nfserr = nfserrno(host_err); | |
1058 | } | |
01cbf385 | 1059 | if (restore_flags) |
a37b0715 | 1060 | current_restore_flags(pflags, PF_LOCAL_THROTTLE); |
d890be15 | 1061 | return nfserr; |
1da177e4 LT |
1062 | } |
1063 | ||
dc97618d BF |
1064 | /* |
1065 | * Read data from a file. count must contain the requested read count | |
1066 | * on entry. On return, *count contains the number of bytes actually read. | |
1067 | * N.B. After this call fhp needs an fh_put | |
1068 | */ | |
1069 | __be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
83a63072 TM |
1070 | loff_t offset, struct kvec *vec, int vlen, unsigned long *count, |
1071 | u32 *eof) | |
dc97618d | 1072 | { |
48cd7b51 | 1073 | struct nfsd_file *nf; |
dc97618d | 1074 | struct file *file; |
dc97618d BF |
1075 | __be32 err; |
1076 | ||
f394b62b | 1077 | trace_nfsd_read_start(rqstp, fhp, offset, *count); |
48cd7b51 | 1078 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); |
dc97618d BF |
1079 | if (err) |
1080 | return err; | |
1081 | ||
48cd7b51 | 1082 | file = nf->nf_file; |
a4058c5b | 1083 | if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &rqstp->rq_flags)) |
83a63072 | 1084 | err = nfsd_splice_read(rqstp, fhp, file, offset, count, eof); |
a4058c5b | 1085 | else |
83a63072 | 1086 | err = nfsd_readv(rqstp, fhp, file, offset, vec, vlen, count, eof); |
6e8b50d1 | 1087 | |
48cd7b51 | 1088 | nfsd_file_put(nf); |
dc97618d | 1089 | |
f394b62b | 1090 | trace_nfsd_read_done(rqstp, fhp, offset, *count); |
6e8b50d1 | 1091 | |
fa0a2126 BF |
1092 | return err; |
1093 | } | |
1094 | ||
1da177e4 LT |
1095 | /* |
1096 | * Write data to a file. | |
1097 | * The stable flag requests synchronous writes. | |
1098 | * N.B. After this call fhp needs an fh_put | |
1099 | */ | |
6264d69d | 1100 | __be32 |
52e380e0 | 1101 | nfsd_write(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t offset, |
19e0663f TM |
1102 | struct kvec *vec, int vlen, unsigned long *cnt, int stable, |
1103 | __be32 *verf) | |
1da177e4 | 1104 | { |
b4935239 JL |
1105 | struct nfsd_file *nf; |
1106 | __be32 err; | |
1da177e4 | 1107 | |
f394b62b | 1108 | trace_nfsd_write_start(rqstp, fhp, offset, *cnt); |
6e8b50d1 | 1109 | |
b4935239 | 1110 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_WRITE, &nf); |
52e380e0 KM |
1111 | if (err) |
1112 | goto out; | |
1113 | ||
16f8f894 | 1114 | err = nfsd_vfs_write(rqstp, fhp, nf, offset, vec, |
19e0663f | 1115 | vlen, cnt, stable, verf); |
b4935239 | 1116 | nfsd_file_put(nf); |
1da177e4 | 1117 | out: |
f394b62b | 1118 | trace_nfsd_write_done(rqstp, fhp, offset, *cnt); |
1da177e4 LT |
1119 | return err; |
1120 | } | |
1121 | ||
3f965021 CL |
1122 | /** |
1123 | * nfsd_commit - Commit pending writes to stable storage | |
1124 | * @rqstp: RPC request being processed | |
1125 | * @fhp: NFS filehandle | |
1126 | * @offset: raw offset from beginning of file | |
1127 | * @count: raw count of bytes to sync | |
1128 | * @verf: filled in with the server's current write verifier | |
aa696a6f | 1129 | * |
3f965021 CL |
1130 | * Note: we guarantee that data that lies within the range specified |
1131 | * by the 'offset' and 'count' parameters will be synced. The server | |
1132 | * is permitted to sync data that lies outside this range at the | |
1133 | * same time. | |
1da177e4 LT |
1134 | * |
1135 | * Unfortunately we cannot lock the file to make sure we return full WCC | |
1136 | * data to the client, as locking happens lower down in the filesystem. | |
3f965021 CL |
1137 | * |
1138 | * Return values: | |
1139 | * An nfsstat value in network byte order. | |
1da177e4 | 1140 | */ |
6264d69d | 1141 | __be32 |
3f965021 CL |
1142 | nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp, u64 offset, |
1143 | u32 count, __be32 *verf) | |
1da177e4 | 1144 | { |
3f965021 CL |
1145 | u64 maxbytes; |
1146 | loff_t start, end; | |
2c445a0e | 1147 | struct nfsd_net *nn; |
5920afa3 | 1148 | struct nfsd_file *nf; |
3f965021 | 1149 | __be32 err; |
1da177e4 | 1150 | |
5920afa3 JL |
1151 | err = nfsd_file_acquire(rqstp, fhp, |
1152 | NFSD_MAY_WRITE|NFSD_MAY_NOT_BREAK_LEASE, &nf); | |
8837abca | 1153 | if (err) |
aa696a6f | 1154 | goto out; |
3f965021 CL |
1155 | |
1156 | /* | |
1157 | * Convert the client-provided (offset, count) range to a | |
1158 | * (start, end) range. If the client-provided range falls | |
1159 | * outside the maximum file size of the underlying FS, | |
1160 | * clamp the sync range appropriately. | |
1161 | */ | |
1162 | start = 0; | |
1163 | end = LLONG_MAX; | |
1164 | maxbytes = (u64)fhp->fh_dentry->d_sb->s_maxbytes; | |
1165 | if (offset < maxbytes) { | |
1166 | start = offset; | |
1167 | if (count && (offset + count - 1 < maxbytes)) | |
1168 | end = offset + count - 1; | |
1169 | } | |
1170 | ||
2c445a0e | 1171 | nn = net_generic(nf->nf_net, nfsd_net_id); |
1da177e4 | 1172 | if (EX_ISSYNC(fhp->fh_export)) { |
555dbf1a TM |
1173 | errseq_t since = READ_ONCE(nf->nf_file->f_wb_err); |
1174 | int err2; | |
aa696a6f | 1175 | |
3f965021 | 1176 | err2 = vfs_fsync_range(nf->nf_file, start, end, 0); |
bbf2f098 TM |
1177 | switch (err2) { |
1178 | case 0: | |
3988a578 | 1179 | nfsd_copy_write_verifier(verf, nn); |
555dbf1a TM |
1180 | err2 = filemap_check_wb_err(nf->nf_file->f_mapping, |
1181 | since); | |
8a9ffb8c | 1182 | err = nfserrno(err2); |
bbf2f098 TM |
1183 | break; |
1184 | case -EINVAL: | |
1da177e4 | 1185 | err = nfserr_notsupp; |
bbf2f098 TM |
1186 | break; |
1187 | default: | |
3988a578 | 1188 | nfsd_reset_write_verifier(nn); |
75acacb6 | 1189 | trace_nfsd_writeverf_reset(nn, rqstp, err2); |
8a9ffb8c | 1190 | err = nfserrno(err2); |
bbf2f098 | 1191 | } |
524ff1af | 1192 | } else |
3988a578 | 1193 | nfsd_copy_write_verifier(verf, nn); |
1da177e4 | 1194 | |
5920afa3 | 1195 | nfsd_file_put(nf); |
aa696a6f | 1196 | out: |
1da177e4 LT |
1197 | return err; |
1198 | } | |
1da177e4 | 1199 | |
5f46e950 CL |
1200 | /** |
1201 | * nfsd_create_setattr - Set a created file's attributes | |
1202 | * @rqstp: RPC transaction being executed | |
1203 | * @fhp: NFS filehandle of parent directory | |
1204 | * @resfhp: NFS filehandle of new object | |
1205 | * @iap: requested attributes of new object | |
1206 | * | |
1207 | * Returns nfs_ok on success, or an nfsstat in network byte order. | |
1208 | */ | |
1209 | __be32 | |
1210 | nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1211 | struct svc_fh *resfhp, struct iattr *iap) | |
5c002b3b | 1212 | { |
5f46e950 CL |
1213 | __be32 status; |
1214 | ||
5c002b3b | 1215 | /* |
5f46e950 | 1216 | * Mode has already been set by file creation. |
5c002b3b BF |
1217 | */ |
1218 | iap->ia_valid &= ~ATTR_MODE; | |
5f46e950 | 1219 | |
5c002b3b BF |
1220 | /* |
1221 | * Setting uid/gid works only for root. Irix appears to | |
1222 | * send along the gid on create when it tries to implement | |
1223 | * setgid directories via NFS: | |
1224 | */ | |
6fab8779 | 1225 | if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID)) |
5c002b3b | 1226 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); |
5f46e950 CL |
1227 | |
1228 | /* | |
1229 | * Callers expect new file metadata to be committed even | |
1230 | * if the attributes have not changed. | |
1231 | */ | |
5c002b3b | 1232 | if (iap->ia_valid) |
5f46e950 CL |
1233 | status = nfsd_setattr(rqstp, resfhp, iap, 0, (time64_t)0); |
1234 | else | |
1235 | status = nfserrno(commit_metadata(resfhp)); | |
1236 | ||
1237 | /* | |
1238 | * Transactional filesystems had a chance to commit changes | |
1239 | * for both parent and child simultaneously making the | |
1240 | * following commit_metadata a noop in many cases. | |
1241 | */ | |
1242 | if (!status) | |
1243 | status = nfserrno(commit_metadata(fhp)); | |
1244 | ||
1245 | /* | |
1246 | * Update the new filehandle to pick up the new attributes. | |
1247 | */ | |
1248 | if (!status) | |
1249 | status = fh_update(resfhp); | |
1250 | ||
1251 | return status; | |
5c002b3b BF |
1252 | } |
1253 | ||
4ac35c2f | 1254 | /* HPUX client sometimes creates a file in mode 000, and sets size to 0. |
1255 | * setting size to 0 may fail for some specific file systems by the permission | |
1256 | * checking which requires WRITE permission but the mode is 000. | |
1257 | * we ignore the resizing(to 0) on the just new created file, since the size is | |
1258 | * 0 after file created. | |
1259 | * | |
1260 | * call this only after vfs_create() is called. | |
1261 | * */ | |
1262 | static void | |
1263 | nfsd_check_ignore_resizing(struct iattr *iap) | |
1264 | { | |
1265 | if ((iap->ia_valid & ATTR_SIZE) && (iap->ia_size == 0)) | |
1266 | iap->ia_valid &= ~ATTR_SIZE; | |
1267 | } | |
1268 | ||
b44061d0 | 1269 | /* The parent directory should already be locked: */ |
6264d69d | 1270 | __be32 |
b44061d0 | 1271 | nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1da177e4 LT |
1272 | char *fname, int flen, struct iattr *iap, |
1273 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1274 | { | |
2b118859 | 1275 | struct dentry *dentry, *dchild; |
1da177e4 | 1276 | struct inode *dirp; |
6264d69d AV |
1277 | __be32 err; |
1278 | int host_err; | |
1da177e4 | 1279 | |
1da177e4 | 1280 | dentry = fhp->fh_dentry; |
2b0143b5 | 1281 | dirp = d_inode(dentry); |
1da177e4 | 1282 | |
b44061d0 BF |
1283 | dchild = dget(resfhp->fh_dentry); |
1284 | if (!fhp->fh_locked) { | |
1285 | WARN_ONCE(1, "nfsd_create: parent %pd2 not locked!\n", | |
a6a9f18f | 1286 | dentry); |
b44061d0 BF |
1287 | err = nfserr_io; |
1288 | goto out; | |
1da177e4 | 1289 | } |
1da177e4 | 1290 | |
7eed34f1 OD |
1291 | err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE); |
1292 | if (err) | |
1293 | goto out; | |
1294 | ||
1da177e4 LT |
1295 | if (!(iap->ia_valid & ATTR_MODE)) |
1296 | iap->ia_mode = 0; | |
1297 | iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; | |
1298 | ||
22cf8419 BF |
1299 | if (!IS_POSIXACL(dirp)) |
1300 | iap->ia_mode &= ~current_umask(); | |
1301 | ||
088406bc | 1302 | err = 0; |
4a55c101 | 1303 | host_err = 0; |
1da177e4 LT |
1304 | switch (type) { |
1305 | case S_IFREG: | |
6521f891 | 1306 | host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true); |
4ac35c2f | 1307 | if (!host_err) |
1308 | nfsd_check_ignore_resizing(iap); | |
1da177e4 LT |
1309 | break; |
1310 | case S_IFDIR: | |
6521f891 | 1311 | host_err = vfs_mkdir(&init_user_ns, dirp, dchild, iap->ia_mode); |
3819bb0d AV |
1312 | if (!host_err && unlikely(d_unhashed(dchild))) { |
1313 | struct dentry *d; | |
1314 | d = lookup_one_len(dchild->d_name.name, | |
1315 | dchild->d_parent, | |
1316 | dchild->d_name.len); | |
1317 | if (IS_ERR(d)) { | |
1318 | host_err = PTR_ERR(d); | |
1319 | break; | |
1320 | } | |
1321 | if (unlikely(d_is_negative(d))) { | |
1322 | dput(d); | |
1323 | err = nfserr_serverfault; | |
1324 | goto out; | |
1325 | } | |
1326 | dput(resfhp->fh_dentry); | |
1327 | resfhp->fh_dentry = dget(d); | |
1328 | err = fh_update(resfhp); | |
1329 | dput(dchild); | |
1330 | dchild = d; | |
1331 | if (err) | |
1332 | goto out; | |
1333 | } | |
1da177e4 LT |
1334 | break; |
1335 | case S_IFCHR: | |
1336 | case S_IFBLK: | |
1337 | case S_IFIFO: | |
1338 | case S_IFSOCK: | |
6521f891 CB |
1339 | host_err = vfs_mknod(&init_user_ns, dirp, dchild, |
1340 | iap->ia_mode, rdev); | |
1da177e4 | 1341 | break; |
71423274 BF |
1342 | default: |
1343 | printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n", | |
1344 | type); | |
1345 | host_err = -EINVAL; | |
1da177e4 | 1346 | } |
4a55c101 | 1347 | if (host_err < 0) |
1da177e4 LT |
1348 | goto out_nfserr; |
1349 | ||
5f46e950 | 1350 | err = nfsd_create_setattr(rqstp, fhp, resfhp, iap); |
1da177e4 | 1351 | |
1da177e4 | 1352 | out: |
2b118859 | 1353 | dput(dchild); |
1da177e4 LT |
1354 | return err; |
1355 | ||
1356 | out_nfserr: | |
6264d69d | 1357 | err = nfserrno(host_err); |
1da177e4 LT |
1358 | goto out; |
1359 | } | |
1360 | ||
b44061d0 BF |
1361 | /* |
1362 | * Create a filesystem object (regular, directory, special). | |
1363 | * Note that the parent directory is left locked. | |
1364 | * | |
1365 | * N.B. Every call to nfsd_create needs an fh_put for _both_ fhp and resfhp | |
1366 | */ | |
1367 | __be32 | |
1368 | nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1369 | char *fname, int flen, struct iattr *iap, | |
1370 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1371 | { | |
1372 | struct dentry *dentry, *dchild = NULL; | |
b44061d0 BF |
1373 | __be32 err; |
1374 | int host_err; | |
1375 | ||
1376 | if (isdotent(fname, flen)) | |
1377 | return nfserr_exist; | |
1378 | ||
fa08139d | 1379 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_NOP); |
b44061d0 BF |
1380 | if (err) |
1381 | return err; | |
1382 | ||
1383 | dentry = fhp->fh_dentry; | |
b44061d0 BF |
1384 | |
1385 | host_err = fh_want_write(fhp); | |
1386 | if (host_err) | |
1387 | return nfserrno(host_err); | |
1388 | ||
1389 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1390 | dchild = lookup_one_len(fname, dentry, flen); | |
1391 | host_err = PTR_ERR(dchild); | |
1392 | if (IS_ERR(dchild)) | |
1393 | return nfserrno(host_err); | |
1394 | err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); | |
502aa0a5 JB |
1395 | /* |
1396 | * We unconditionally drop our ref to dchild as fh_compose will have | |
1397 | * already grabbed its own ref for it. | |
1398 | */ | |
1399 | dput(dchild); | |
1400 | if (err) | |
b44061d0 | 1401 | return err; |
b44061d0 BF |
1402 | return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type, |
1403 | rdev, resfhp); | |
1404 | } | |
1405 | ||
1da177e4 LT |
1406 | /* |
1407 | * Read a symlink. On entry, *lenp must contain the maximum path length that | |
1408 | * fits into the buffer. On return, it contains the true length. | |
1409 | * N.B. After this call fhp needs an fh_put | |
1410 | */ | |
6264d69d | 1411 | __be32 |
1da177e4 LT |
1412 | nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) |
1413 | { | |
6264d69d | 1414 | __be32 err; |
4d7edbc3 | 1415 | const char *link; |
68ac1234 | 1416 | struct path path; |
4d7edbc3 AV |
1417 | DEFINE_DELAYED_CALL(done); |
1418 | int len; | |
1da177e4 | 1419 | |
8837abca | 1420 | err = fh_verify(rqstp, fhp, S_IFLNK, NFSD_MAY_NOP); |
4d7edbc3 AV |
1421 | if (unlikely(err)) |
1422 | return err; | |
1da177e4 | 1423 | |
68ac1234 AV |
1424 | path.mnt = fhp->fh_export->ex_path.mnt; |
1425 | path.dentry = fhp->fh_dentry; | |
1da177e4 | 1426 | |
4d7edbc3 AV |
1427 | if (unlikely(!d_is_symlink(path.dentry))) |
1428 | return nfserr_inval; | |
1da177e4 | 1429 | |
68ac1234 | 1430 | touch_atime(&path); |
1da177e4 | 1431 | |
4d7edbc3 AV |
1432 | link = vfs_get_link(path.dentry, &done); |
1433 | if (IS_ERR(link)) | |
1434 | return nfserrno(PTR_ERR(link)); | |
1da177e4 | 1435 | |
4d7edbc3 AV |
1436 | len = strlen(link); |
1437 | if (len < *lenp) | |
1438 | *lenp = len; | |
1439 | memcpy(buf, link, *lenp); | |
1440 | do_delayed_call(&done); | |
1441 | return 0; | |
1da177e4 LT |
1442 | } |
1443 | ||
1444 | /* | |
1445 | * Create a symlink and look up its inode | |
1446 | * N.B. After this call _both_ fhp and resfhp need an fh_put | |
1447 | */ | |
6264d69d | 1448 | __be32 |
1da177e4 LT |
1449 | nfsd_symlink(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1450 | char *fname, int flen, | |
52ee0433 | 1451 | char *path, |
1e444f5b | 1452 | struct svc_fh *resfhp) |
1da177e4 LT |
1453 | { |
1454 | struct dentry *dentry, *dnew; | |
6264d69d AV |
1455 | __be32 err, cerr; |
1456 | int host_err; | |
1da177e4 LT |
1457 | |
1458 | err = nfserr_noent; | |
52ee0433 | 1459 | if (!flen || path[0] == '\0') |
1da177e4 LT |
1460 | goto out; |
1461 | err = nfserr_exist; | |
1462 | if (isdotent(fname, flen)) | |
1463 | goto out; | |
1464 | ||
8837abca | 1465 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1466 | if (err) |
1467 | goto out; | |
4a55c101 JK |
1468 | |
1469 | host_err = fh_want_write(fhp); | |
1470 | if (host_err) | |
1471 | goto out_nfserr; | |
1472 | ||
1da177e4 LT |
1473 | fh_lock(fhp); |
1474 | dentry = fhp->fh_dentry; | |
1475 | dnew = lookup_one_len(fname, dentry, flen); | |
6264d69d | 1476 | host_err = PTR_ERR(dnew); |
1da177e4 LT |
1477 | if (IS_ERR(dnew)) |
1478 | goto out_nfserr; | |
1479 | ||
6521f891 | 1480 | host_err = vfs_symlink(&init_user_ns, d_inode(dentry), dnew, path); |
6264d69d | 1481 | err = nfserrno(host_err); |
eeeadbb9 | 1482 | fh_unlock(fhp); |
f501912a BM |
1483 | if (!err) |
1484 | err = nfserrno(commit_metadata(fhp)); | |
1da177e4 | 1485 | |
bad0dcff | 1486 | fh_drop_write(fhp); |
75c3f29d | 1487 | |
1da177e4 LT |
1488 | cerr = fh_compose(resfhp, fhp->fh_export, dnew, fhp); |
1489 | dput(dnew); | |
1490 | if (err==0) err = cerr; | |
1491 | out: | |
1492 | return err; | |
1493 | ||
1494 | out_nfserr: | |
6264d69d | 1495 | err = nfserrno(host_err); |
1da177e4 LT |
1496 | goto out; |
1497 | } | |
1498 | ||
1499 | /* | |
1500 | * Create a hardlink | |
1501 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1502 | */ | |
6264d69d | 1503 | __be32 |
1da177e4 LT |
1504 | nfsd_link(struct svc_rqst *rqstp, struct svc_fh *ffhp, |
1505 | char *name, int len, struct svc_fh *tfhp) | |
1506 | { | |
1507 | struct dentry *ddir, *dnew, *dold; | |
55b13354 | 1508 | struct inode *dirp; |
6264d69d AV |
1509 | __be32 err; |
1510 | int host_err; | |
1da177e4 | 1511 | |
8837abca | 1512 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1513 | if (err) |
1514 | goto out; | |
7d818a7b | 1515 | err = fh_verify(rqstp, tfhp, 0, NFSD_MAY_NOP); |
1da177e4 LT |
1516 | if (err) |
1517 | goto out; | |
7d818a7b | 1518 | err = nfserr_isdir; |
e36cb0b8 | 1519 | if (d_is_dir(tfhp->fh_dentry)) |
7d818a7b | 1520 | goto out; |
1da177e4 LT |
1521 | err = nfserr_perm; |
1522 | if (!len) | |
1523 | goto out; | |
1524 | err = nfserr_exist; | |
1525 | if (isdotent(name, len)) | |
1526 | goto out; | |
1527 | ||
4a55c101 JK |
1528 | host_err = fh_want_write(tfhp); |
1529 | if (host_err) { | |
1530 | err = nfserrno(host_err); | |
1531 | goto out; | |
1532 | } | |
1533 | ||
12fd3520 | 1534 | fh_lock_nested(ffhp, I_MUTEX_PARENT); |
1da177e4 | 1535 | ddir = ffhp->fh_dentry; |
2b0143b5 | 1536 | dirp = d_inode(ddir); |
1da177e4 LT |
1537 | |
1538 | dnew = lookup_one_len(name, ddir, len); | |
6264d69d | 1539 | host_err = PTR_ERR(dnew); |
1da177e4 LT |
1540 | if (IS_ERR(dnew)) |
1541 | goto out_nfserr; | |
1542 | ||
1543 | dold = tfhp->fh_dentry; | |
1da177e4 | 1544 | |
4795bb37 | 1545 | err = nfserr_noent; |
2b0143b5 | 1546 | if (d_really_is_negative(dold)) |
4a55c101 | 1547 | goto out_dput; |
6521f891 | 1548 | host_err = vfs_link(dold, &init_user_ns, dirp, dnew, NULL); |
eeeadbb9 | 1549 | fh_unlock(ffhp); |
6264d69d | 1550 | if (!host_err) { |
f501912a BM |
1551 | err = nfserrno(commit_metadata(ffhp)); |
1552 | if (!err) | |
1553 | err = nfserrno(commit_metadata(tfhp)); | |
1da177e4 | 1554 | } else { |
6264d69d | 1555 | if (host_err == -EXDEV && rqstp->rq_vers == 2) |
1da177e4 LT |
1556 | err = nfserr_acces; |
1557 | else | |
6264d69d | 1558 | err = nfserrno(host_err); |
1da177e4 | 1559 | } |
75c3f29d | 1560 | out_dput: |
1da177e4 | 1561 | dput(dnew); |
270d56e5 DR |
1562 | out_unlock: |
1563 | fh_unlock(ffhp); | |
4a55c101 | 1564 | fh_drop_write(tfhp); |
1da177e4 LT |
1565 | out: |
1566 | return err; | |
1567 | ||
1568 | out_nfserr: | |
6264d69d | 1569 | err = nfserrno(host_err); |
270d56e5 | 1570 | goto out_unlock; |
1da177e4 LT |
1571 | } |
1572 | ||
7775ec57 JL |
1573 | static void |
1574 | nfsd_close_cached_files(struct dentry *dentry) | |
1575 | { | |
1576 | struct inode *inode = d_inode(dentry); | |
1577 | ||
1578 | if (inode && S_ISREG(inode->i_mode)) | |
1579 | nfsd_file_close_inode_sync(inode); | |
1580 | } | |
1581 | ||
1582 | static bool | |
1583 | nfsd_has_cached_files(struct dentry *dentry) | |
1584 | { | |
1585 | bool ret = false; | |
1586 | struct inode *inode = d_inode(dentry); | |
1587 | ||
1588 | if (inode && S_ISREG(inode->i_mode)) | |
1589 | ret = nfsd_file_is_cached(inode); | |
1590 | return ret; | |
1591 | } | |
1592 | ||
1da177e4 LT |
1593 | /* |
1594 | * Rename a file | |
1595 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1596 | */ | |
6264d69d | 1597 | __be32 |
1da177e4 LT |
1598 | nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, |
1599 | struct svc_fh *tfhp, char *tname, int tlen) | |
1600 | { | |
1601 | struct dentry *fdentry, *tdentry, *odentry, *ndentry, *trap; | |
1602 | struct inode *fdir, *tdir; | |
6264d69d AV |
1603 | __be32 err; |
1604 | int host_err; | |
7f84b488 | 1605 | bool close_cached = false; |
1da177e4 | 1606 | |
8837abca | 1607 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_REMOVE); |
1da177e4 LT |
1608 | if (err) |
1609 | goto out; | |
8837abca | 1610 | err = fh_verify(rqstp, tfhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1611 | if (err) |
1612 | goto out; | |
1613 | ||
1614 | fdentry = ffhp->fh_dentry; | |
2b0143b5 | 1615 | fdir = d_inode(fdentry); |
1da177e4 LT |
1616 | |
1617 | tdentry = tfhp->fh_dentry; | |
2b0143b5 | 1618 | tdir = d_inode(tdentry); |
1da177e4 | 1619 | |
1da177e4 LT |
1620 | err = nfserr_perm; |
1621 | if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen)) | |
1622 | goto out; | |
1623 | ||
7775ec57 | 1624 | retry: |
4a55c101 JK |
1625 | host_err = fh_want_write(ffhp); |
1626 | if (host_err) { | |
1627 | err = nfserrno(host_err); | |
1628 | goto out; | |
1629 | } | |
1630 | ||
1da177e4 LT |
1631 | /* cannot use fh_lock as we need deadlock protective ordering |
1632 | * so do it by hand */ | |
1633 | trap = lock_rename(tdentry, fdentry); | |
aaf91ec1 | 1634 | ffhp->fh_locked = tfhp->fh_locked = true; |
fcb5e3fa CL |
1635 | fh_fill_pre_attrs(ffhp); |
1636 | fh_fill_pre_attrs(tfhp); | |
1da177e4 LT |
1637 | |
1638 | odentry = lookup_one_len(fname, fdentry, flen); | |
6264d69d | 1639 | host_err = PTR_ERR(odentry); |
1da177e4 LT |
1640 | if (IS_ERR(odentry)) |
1641 | goto out_nfserr; | |
1642 | ||
6264d69d | 1643 | host_err = -ENOENT; |
2b0143b5 | 1644 | if (d_really_is_negative(odentry)) |
1da177e4 | 1645 | goto out_dput_old; |
6264d69d | 1646 | host_err = -EINVAL; |
1da177e4 LT |
1647 | if (odentry == trap) |
1648 | goto out_dput_old; | |
1649 | ||
1650 | ndentry = lookup_one_len(tname, tdentry, tlen); | |
6264d69d | 1651 | host_err = PTR_ERR(ndentry); |
1da177e4 LT |
1652 | if (IS_ERR(ndentry)) |
1653 | goto out_dput_old; | |
6264d69d | 1654 | host_err = -ENOTEMPTY; |
1da177e4 LT |
1655 | if (ndentry == trap) |
1656 | goto out_dput_new; | |
1657 | ||
9079b1eb DH |
1658 | host_err = -EXDEV; |
1659 | if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt) | |
1660 | goto out_dput_new; | |
aa387d6c BF |
1661 | if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry) |
1662 | goto out_dput_new; | |
9079b1eb | 1663 | |
7f84b488 JL |
1664 | if ((ndentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) && |
1665 | nfsd_has_cached_files(ndentry)) { | |
1666 | close_cached = true; | |
7775ec57 JL |
1667 | goto out_dput_old; |
1668 | } else { | |
9fe61450 | 1669 | struct renamedata rd = { |
6521f891 | 1670 | .old_mnt_userns = &init_user_ns, |
9fe61450 CB |
1671 | .old_dir = fdir, |
1672 | .old_dentry = odentry, | |
6521f891 | 1673 | .new_mnt_userns = &init_user_ns, |
9fe61450 CB |
1674 | .new_dir = tdir, |
1675 | .new_dentry = ndentry, | |
1676 | }; | |
1677 | host_err = vfs_rename(&rd); | |
7775ec57 JL |
1678 | if (!host_err) { |
1679 | host_err = commit_metadata(tfhp); | |
1680 | if (!host_err) | |
1681 | host_err = commit_metadata(ffhp); | |
1682 | } | |
1da177e4 | 1683 | } |
1da177e4 LT |
1684 | out_dput_new: |
1685 | dput(ndentry); | |
1686 | out_dput_old: | |
1687 | dput(odentry); | |
1688 | out_nfserr: | |
6264d69d | 1689 | err = nfserrno(host_err); |
fbb74a34 BF |
1690 | /* |
1691 | * We cannot rely on fh_unlock on the two filehandles, | |
1da177e4 | 1692 | * as that would do the wrong thing if the two directories |
fbb74a34 | 1693 | * were the same, so again we do it by hand. |
1da177e4 | 1694 | */ |
7f84b488 | 1695 | if (!close_cached) { |
fcb5e3fa CL |
1696 | fh_fill_post_attrs(ffhp); |
1697 | fh_fill_post_attrs(tfhp); | |
7775ec57 | 1698 | } |
1da177e4 | 1699 | unlock_rename(tdentry, fdentry); |
aaf91ec1 | 1700 | ffhp->fh_locked = tfhp->fh_locked = false; |
4a55c101 | 1701 | fh_drop_write(ffhp); |
1da177e4 | 1702 | |
7775ec57 JL |
1703 | /* |
1704 | * If the target dentry has cached open files, then we need to try to | |
1705 | * close them prior to doing the rename. Flushing delayed fput | |
1706 | * shouldn't be done with locks held however, so we delay it until this | |
1707 | * point and then reattempt the whole shebang. | |
1708 | */ | |
7f84b488 JL |
1709 | if (close_cached) { |
1710 | close_cached = false; | |
7775ec57 JL |
1711 | nfsd_close_cached_files(ndentry); |
1712 | dput(ndentry); | |
1713 | goto retry; | |
1714 | } | |
1da177e4 LT |
1715 | out: |
1716 | return err; | |
1717 | } | |
1718 | ||
1719 | /* | |
1720 | * Unlink a file or directory | |
1721 | * N.B. After this call fhp needs an fh_put | |
1722 | */ | |
6264d69d | 1723 | __be32 |
1da177e4 LT |
1724 | nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, |
1725 | char *fname, int flen) | |
1726 | { | |
1727 | struct dentry *dentry, *rdentry; | |
1728 | struct inode *dirp; | |
e5d74a2d | 1729 | struct inode *rinode; |
6264d69d AV |
1730 | __be32 err; |
1731 | int host_err; | |
1da177e4 LT |
1732 | |
1733 | err = nfserr_acces; | |
1734 | if (!flen || isdotent(fname, flen)) | |
1735 | goto out; | |
8837abca | 1736 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_REMOVE); |
1da177e4 LT |
1737 | if (err) |
1738 | goto out; | |
1739 | ||
4a55c101 JK |
1740 | host_err = fh_want_write(fhp); |
1741 | if (host_err) | |
1742 | goto out_nfserr; | |
1743 | ||
12fd3520 | 1744 | fh_lock_nested(fhp, I_MUTEX_PARENT); |
1da177e4 | 1745 | dentry = fhp->fh_dentry; |
2b0143b5 | 1746 | dirp = d_inode(dentry); |
1da177e4 LT |
1747 | |
1748 | rdentry = lookup_one_len(fname, dentry, flen); | |
6264d69d | 1749 | host_err = PTR_ERR(rdentry); |
1da177e4 | 1750 | if (IS_ERR(rdentry)) |
0ca0c9d7 | 1751 | goto out_drop_write; |
1da177e4 | 1752 | |
2b0143b5 | 1753 | if (d_really_is_negative(rdentry)) { |
1da177e4 | 1754 | dput(rdentry); |
0ca0c9d7 BF |
1755 | host_err = -ENOENT; |
1756 | goto out_drop_write; | |
1da177e4 | 1757 | } |
e5d74a2d YHH |
1758 | rinode = d_inode(rdentry); |
1759 | ihold(rinode); | |
1da177e4 LT |
1760 | |
1761 | if (!type) | |
2b0143b5 | 1762 | type = d_inode(rdentry)->i_mode & S_IFMT; |
1da177e4 | 1763 | |
7775ec57 | 1764 | if (type != S_IFDIR) { |
7f84b488 JL |
1765 | if (rdentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) |
1766 | nfsd_close_cached_files(rdentry); | |
6521f891 | 1767 | host_err = vfs_unlink(&init_user_ns, dirp, rdentry, NULL); |
7775ec57 | 1768 | } else { |
6521f891 | 1769 | host_err = vfs_rmdir(&init_user_ns, dirp, rdentry); |
7775ec57 JL |
1770 | } |
1771 | ||
eeeadbb9 | 1772 | fh_unlock(fhp); |
f501912a BM |
1773 | if (!host_err) |
1774 | host_err = commit_metadata(fhp); | |
541ce98c | 1775 | dput(rdentry); |
e5d74a2d | 1776 | iput(rinode); /* truncate the inode here */ |
541ce98c | 1777 | |
0ca0c9d7 BF |
1778 | out_drop_write: |
1779 | fh_drop_write(fhp); | |
1da177e4 | 1780 | out_nfserr: |
466e16f0 N |
1781 | if (host_err == -EBUSY) { |
1782 | /* name is mounted-on. There is no perfect | |
1783 | * error status. | |
1784 | */ | |
1785 | if (nfsd_v4client(rqstp)) | |
1786 | err = nfserr_file_open; | |
1787 | else | |
1788 | err = nfserr_acces; | |
1789 | } else { | |
1790 | err = nfserrno(host_err); | |
1791 | } | |
f193fbab YT |
1792 | out: |
1793 | return err; | |
1da177e4 LT |
1794 | } |
1795 | ||
14f7dd63 DW |
1796 | /* |
1797 | * We do this buffering because we must not call back into the file | |
1798 | * system's ->lookup() method from the filldir callback. That may well | |
1799 | * deadlock a number of file systems. | |
1800 | * | |
1801 | * This is based heavily on the implementation of same in XFS. | |
1802 | */ | |
1803 | struct buffered_dirent { | |
1804 | u64 ino; | |
1805 | loff_t offset; | |
1806 | int namlen; | |
1807 | unsigned int d_type; | |
1808 | char name[]; | |
1809 | }; | |
1810 | ||
1811 | struct readdir_data { | |
5c0ba4e0 | 1812 | struct dir_context ctx; |
14f7dd63 DW |
1813 | char *dirent; |
1814 | size_t used; | |
53c9c5c0 | 1815 | int full; |
14f7dd63 DW |
1816 | }; |
1817 | ||
ac7576f4 MS |
1818 | static int nfsd_buffered_filldir(struct dir_context *ctx, const char *name, |
1819 | int namlen, loff_t offset, u64 ino, | |
1820 | unsigned int d_type) | |
14f7dd63 | 1821 | { |
ac7576f4 MS |
1822 | struct readdir_data *buf = |
1823 | container_of(ctx, struct readdir_data, ctx); | |
14f7dd63 DW |
1824 | struct buffered_dirent *de = (void *)(buf->dirent + buf->used); |
1825 | unsigned int reclen; | |
1826 | ||
1827 | reclen = ALIGN(sizeof(struct buffered_dirent) + namlen, sizeof(u64)); | |
53c9c5c0 AV |
1828 | if (buf->used + reclen > PAGE_SIZE) { |
1829 | buf->full = 1; | |
14f7dd63 | 1830 | return -EINVAL; |
53c9c5c0 | 1831 | } |
14f7dd63 DW |
1832 | |
1833 | de->namlen = namlen; | |
1834 | de->offset = offset; | |
1835 | de->ino = ino; | |
1836 | de->d_type = d_type; | |
1837 | memcpy(de->name, name, namlen); | |
1838 | buf->used += reclen; | |
1839 | ||
1840 | return 0; | |
1841 | } | |
1842 | ||
6019ce07 CL |
1843 | static __be32 nfsd_buffered_readdir(struct file *file, struct svc_fh *fhp, |
1844 | nfsd_filldir_t func, struct readdir_cd *cdp, | |
1845 | loff_t *offsetp) | |
2628b766 | 1846 | { |
14f7dd63 | 1847 | struct buffered_dirent *de; |
2628b766 | 1848 | int host_err; |
14f7dd63 DW |
1849 | int size; |
1850 | loff_t offset; | |
ac6614b7 AV |
1851 | struct readdir_data buf = { |
1852 | .ctx.actor = nfsd_buffered_filldir, | |
1853 | .dirent = (void *)__get_free_page(GFP_KERNEL) | |
1854 | }; | |
2628b766 | 1855 | |
14f7dd63 | 1856 | if (!buf.dirent) |
2f9092e1 | 1857 | return nfserrno(-ENOMEM); |
14f7dd63 DW |
1858 | |
1859 | offset = *offsetp; | |
2628b766 | 1860 | |
14f7dd63 DW |
1861 | while (1) { |
1862 | unsigned int reclen; | |
1863 | ||
b726e923 | 1864 | cdp->err = nfserr_eof; /* will be cleared on successful read */ |
14f7dd63 | 1865 | buf.used = 0; |
53c9c5c0 | 1866 | buf.full = 0; |
14f7dd63 | 1867 | |
5c0ba4e0 | 1868 | host_err = iterate_dir(file, &buf.ctx); |
53c9c5c0 AV |
1869 | if (buf.full) |
1870 | host_err = 0; | |
1871 | ||
1872 | if (host_err < 0) | |
14f7dd63 DW |
1873 | break; |
1874 | ||
1875 | size = buf.used; | |
1876 | ||
1877 | if (!size) | |
1878 | break; | |
1879 | ||
14f7dd63 DW |
1880 | de = (struct buffered_dirent *)buf.dirent; |
1881 | while (size > 0) { | |
1882 | offset = de->offset; | |
1883 | ||
1884 | if (func(cdp, de->name, de->namlen, de->offset, | |
1885 | de->ino, de->d_type)) | |
2f9092e1 | 1886 | break; |
14f7dd63 DW |
1887 | |
1888 | if (cdp->err != nfs_ok) | |
2f9092e1 | 1889 | break; |
14f7dd63 | 1890 | |
6019ce07 CL |
1891 | trace_nfsd_dirent(fhp, de->ino, de->name, de->namlen); |
1892 | ||
14f7dd63 DW |
1893 | reclen = ALIGN(sizeof(*de) + de->namlen, |
1894 | sizeof(u64)); | |
1895 | size -= reclen; | |
1896 | de = (struct buffered_dirent *)((char *)de + reclen); | |
1897 | } | |
2f9092e1 DW |
1898 | if (size > 0) /* We bailed out early */ |
1899 | break; | |
1900 | ||
c002a6c7 | 1901 | offset = vfs_llseek(file, 0, SEEK_CUR); |
14f7dd63 DW |
1902 | } |
1903 | ||
14f7dd63 | 1904 | free_page((unsigned long)(buf.dirent)); |
2628b766 DW |
1905 | |
1906 | if (host_err) | |
1907 | return nfserrno(host_err); | |
14f7dd63 DW |
1908 | |
1909 | *offsetp = offset; | |
1910 | return cdp->err; | |
2628b766 DW |
1911 | } |
1912 | ||
1da177e4 LT |
1913 | /* |
1914 | * Read entries from a directory. | |
1915 | * The NFSv3/4 verifier we ignore for now. | |
1916 | */ | |
6264d69d | 1917 | __be32 |
1da177e4 | 1918 | nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp, |
ac7576f4 | 1919 | struct readdir_cd *cdp, nfsd_filldir_t func) |
1da177e4 | 1920 | { |
6264d69d | 1921 | __be32 err; |
1da177e4 LT |
1922 | struct file *file; |
1923 | loff_t offset = *offsetp; | |
06effdbb BS |
1924 | int may_flags = NFSD_MAY_READ; |
1925 | ||
1926 | /* NFSv2 only supports 32 bit cookies */ | |
1927 | if (rqstp->rq_vers > 2) | |
1928 | may_flags |= NFSD_MAY_64BIT_COOKIE; | |
1da177e4 | 1929 | |
06effdbb | 1930 | err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file); |
1da177e4 LT |
1931 | if (err) |
1932 | goto out; | |
1933 | ||
b108fe6b | 1934 | offset = vfs_llseek(file, offset, SEEK_SET); |
1da177e4 LT |
1935 | if (offset < 0) { |
1936 | err = nfserrno((int)offset); | |
1937 | goto out_close; | |
1938 | } | |
1939 | ||
6019ce07 | 1940 | err = nfsd_buffered_readdir(file, fhp, func, cdp, offsetp); |
1da177e4 LT |
1941 | |
1942 | if (err == nfserr_eof || err == nfserr_toosmall) | |
1943 | err = nfs_ok; /* can still be found in ->err */ | |
1944 | out_close: | |
fd891454 | 1945 | fput(file); |
1da177e4 LT |
1946 | out: |
1947 | return err; | |
1948 | } | |
1949 | ||
1950 | /* | |
1951 | * Get file system stats | |
1952 | * N.B. After this call fhp needs an fh_put | |
1953 | */ | |
6264d69d | 1954 | __be32 |
04716e66 | 1955 | nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access) |
1da177e4 | 1956 | { |
ebabe9a9 CH |
1957 | __be32 err; |
1958 | ||
1959 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access); | |
f6360efb TI |
1960 | if (!err) { |
1961 | struct path path = { | |
1962 | .mnt = fhp->fh_export->ex_path.mnt, | |
1963 | .dentry = fhp->fh_dentry, | |
1964 | }; | |
1965 | if (vfs_statfs(&path, stat)) | |
1966 | err = nfserr_io; | |
1967 | } | |
1da177e4 LT |
1968 | return err; |
1969 | } | |
1970 | ||
c7d51402 | 1971 | static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp) |
e22841c6 | 1972 | { |
c7d51402 | 1973 | return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY; |
e22841c6 BF |
1974 | } |
1975 | ||
32119446 FL |
1976 | #ifdef CONFIG_NFSD_V4 |
1977 | /* | |
1978 | * Helper function to translate error numbers. In the case of xattr operations, | |
1979 | * some error codes need to be translated outside of the standard translations. | |
1980 | * | |
1981 | * ENODATA needs to be translated to nfserr_noxattr. | |
1982 | * E2BIG to nfserr_xattr2big. | |
1983 | * | |
1984 | * Additionally, vfs_listxattr can return -ERANGE. This means that the | |
1985 | * file has too many extended attributes to retrieve inside an | |
1986 | * XATTR_LIST_MAX sized buffer. This is a bug in the xattr implementation: | |
1987 | * filesystems will allow the adding of extended attributes until they hit | |
1988 | * their own internal limit. This limit may be larger than XATTR_LIST_MAX. | |
1989 | * So, at that point, the attributes are present and valid, but can't | |
1990 | * be retrieved using listxattr, since the upper level xattr code enforces | |
1991 | * the XATTR_LIST_MAX limit. | |
1992 | * | |
1993 | * This bug means that we need to deal with listxattr returning -ERANGE. The | |
1994 | * best mapping is to return TOOSMALL. | |
1995 | */ | |
1996 | static __be32 | |
1997 | nfsd_xattr_errno(int err) | |
1998 | { | |
1999 | switch (err) { | |
2000 | case -ENODATA: | |
2001 | return nfserr_noxattr; | |
2002 | case -E2BIG: | |
2003 | return nfserr_xattr2big; | |
2004 | case -ERANGE: | |
2005 | return nfserr_toosmall; | |
2006 | } | |
2007 | return nfserrno(err); | |
2008 | } | |
2009 | ||
2010 | /* | |
2011 | * Retrieve the specified user extended attribute. To avoid always | |
2012 | * having to allocate the maximum size (since we are not getting | |
2013 | * a maximum size from the RPC), do a probe + alloc. Hold a reader | |
2014 | * lock on i_rwsem to prevent the extended attribute from changing | |
2015 | * size while we're doing this. | |
2016 | */ | |
2017 | __be32 | |
2018 | nfsd_getxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name, | |
2019 | void **bufp, int *lenp) | |
2020 | { | |
2021 | ssize_t len; | |
2022 | __be32 err; | |
2023 | char *buf; | |
2024 | struct inode *inode; | |
2025 | struct dentry *dentry; | |
2026 | ||
2027 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ); | |
2028 | if (err) | |
2029 | return err; | |
2030 | ||
2031 | err = nfs_ok; | |
2032 | dentry = fhp->fh_dentry; | |
2033 | inode = d_inode(dentry); | |
2034 | ||
2035 | inode_lock_shared(inode); | |
2036 | ||
c7c7a1a1 | 2037 | len = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0); |
32119446 FL |
2038 | |
2039 | /* | |
2040 | * Zero-length attribute, just return. | |
2041 | */ | |
2042 | if (len == 0) { | |
2043 | *bufp = NULL; | |
2044 | *lenp = 0; | |
2045 | goto out; | |
2046 | } | |
2047 | ||
2048 | if (len < 0) { | |
2049 | err = nfsd_xattr_errno(len); | |
2050 | goto out; | |
2051 | } | |
2052 | ||
2053 | if (len > *lenp) { | |
2054 | err = nfserr_toosmall; | |
2055 | goto out; | |
2056 | } | |
2057 | ||
2058 | buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS); | |
2059 | if (buf == NULL) { | |
2060 | err = nfserr_jukebox; | |
2061 | goto out; | |
2062 | } | |
2063 | ||
c7c7a1a1 | 2064 | len = vfs_getxattr(&init_user_ns, dentry, name, buf, len); |
32119446 FL |
2065 | if (len <= 0) { |
2066 | kvfree(buf); | |
2067 | buf = NULL; | |
2068 | err = nfsd_xattr_errno(len); | |
2069 | } | |
2070 | ||
2071 | *lenp = len; | |
2072 | *bufp = buf; | |
2073 | ||
2074 | out: | |
2075 | inode_unlock_shared(inode); | |
2076 | ||
2077 | return err; | |
2078 | } | |
2079 | ||
2080 | /* | |
2081 | * Retrieve the xattr names. Since we can't know how many are | |
2082 | * user extended attributes, we must get all attributes here, | |
2083 | * and have the XDR encode filter out the "user." ones. | |
2084 | * | |
2085 | * While this could always just allocate an XATTR_LIST_MAX | |
2086 | * buffer, that's a waste, so do a probe + allocate. To | |
2087 | * avoid any changes between the probe and allocate, wrap | |
2088 | * this in inode_lock. | |
2089 | */ | |
2090 | __be32 | |
2091 | nfsd_listxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char **bufp, | |
2092 | int *lenp) | |
2093 | { | |
2094 | ssize_t len; | |
2095 | __be32 err; | |
2096 | char *buf; | |
2097 | struct inode *inode; | |
2098 | struct dentry *dentry; | |
2099 | ||
2100 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ); | |
2101 | if (err) | |
2102 | return err; | |
2103 | ||
2104 | dentry = fhp->fh_dentry; | |
2105 | inode = d_inode(dentry); | |
2106 | *lenp = 0; | |
2107 | ||
2108 | inode_lock_shared(inode); | |
2109 | ||
2110 | len = vfs_listxattr(dentry, NULL, 0); | |
2111 | if (len <= 0) { | |
2112 | err = nfsd_xattr_errno(len); | |
2113 | goto out; | |
2114 | } | |
2115 | ||
2116 | if (len > XATTR_LIST_MAX) { | |
2117 | err = nfserr_xattr2big; | |
2118 | goto out; | |
2119 | } | |
2120 | ||
2121 | /* | |
2122 | * We're holding i_rwsem - use GFP_NOFS. | |
2123 | */ | |
2124 | buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS); | |
2125 | if (buf == NULL) { | |
2126 | err = nfserr_jukebox; | |
2127 | goto out; | |
2128 | } | |
2129 | ||
2130 | len = vfs_listxattr(dentry, buf, len); | |
2131 | if (len <= 0) { | |
2132 | kvfree(buf); | |
2133 | err = nfsd_xattr_errno(len); | |
2134 | goto out; | |
2135 | } | |
2136 | ||
2137 | *lenp = len; | |
2138 | *bufp = buf; | |
2139 | ||
2140 | err = nfs_ok; | |
2141 | out: | |
2142 | inode_unlock_shared(inode); | |
2143 | ||
2144 | return err; | |
2145 | } | |
2146 | ||
2147 | /* | |
2148 | * Removexattr and setxattr need to call fh_lock to both lock the inode | |
2149 | * and set the change attribute. Since the top-level vfs_removexattr | |
2150 | * and vfs_setxattr calls already do their own inode_lock calls, call | |
2151 | * the _locked variant. Pass in a NULL pointer for delegated_inode, | |
2152 | * and let the client deal with NFS4ERR_DELAY (same as with e.g. | |
2153 | * setattr and remove). | |
2154 | */ | |
2155 | __be32 | |
2156 | nfsd_removexattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name) | |
2157 | { | |
8237284a CL |
2158 | __be32 err; |
2159 | int ret; | |
32119446 FL |
2160 | |
2161 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE); | |
2162 | if (err) | |
2163 | return err; | |
2164 | ||
2165 | ret = fh_want_write(fhp); | |
2166 | if (ret) | |
2167 | return nfserrno(ret); | |
2168 | ||
2169 | fh_lock(fhp); | |
2170 | ||
c7c7a1a1 TA |
2171 | ret = __vfs_removexattr_locked(&init_user_ns, fhp->fh_dentry, |
2172 | name, NULL); | |
32119446 FL |
2173 | |
2174 | fh_unlock(fhp); | |
2175 | fh_drop_write(fhp); | |
2176 | ||
2177 | return nfsd_xattr_errno(ret); | |
2178 | } | |
2179 | ||
2180 | __be32 | |
2181 | nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name, | |
2182 | void *buf, u32 len, u32 flags) | |
2183 | { | |
8237284a CL |
2184 | __be32 err; |
2185 | int ret; | |
32119446 FL |
2186 | |
2187 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE); | |
2188 | if (err) | |
2189 | return err; | |
2190 | ||
2191 | ret = fh_want_write(fhp); | |
2192 | if (ret) | |
2193 | return nfserrno(ret); | |
2194 | fh_lock(fhp); | |
2195 | ||
c7c7a1a1 TA |
2196 | ret = __vfs_setxattr_locked(&init_user_ns, fhp->fh_dentry, name, buf, |
2197 | len, flags, NULL); | |
32119446 FL |
2198 | |
2199 | fh_unlock(fhp); | |
2200 | fh_drop_write(fhp); | |
2201 | ||
2202 | return nfsd_xattr_errno(ret); | |
2203 | } | |
2204 | #endif | |
2205 | ||
1da177e4 LT |
2206 | /* |
2207 | * Check for a user's access permissions to this inode. | |
2208 | */ | |
6264d69d | 2209 | __be32 |
0ec757df BF |
2210 | nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, |
2211 | struct dentry *dentry, int acc) | |
1da177e4 | 2212 | { |
2b0143b5 | 2213 | struct inode *inode = d_inode(dentry); |
1da177e4 LT |
2214 | int err; |
2215 | ||
aea93397 | 2216 | if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP) |
1da177e4 LT |
2217 | return 0; |
2218 | #if 0 | |
2219 | dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n", | |
2220 | acc, | |
8837abca MS |
2221 | (acc & NFSD_MAY_READ)? " read" : "", |
2222 | (acc & NFSD_MAY_WRITE)? " write" : "", | |
2223 | (acc & NFSD_MAY_EXEC)? " exec" : "", | |
2224 | (acc & NFSD_MAY_SATTR)? " sattr" : "", | |
2225 | (acc & NFSD_MAY_TRUNC)? " trunc" : "", | |
2226 | (acc & NFSD_MAY_LOCK)? " lock" : "", | |
2227 | (acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "", | |
1da177e4 LT |
2228 | inode->i_mode, |
2229 | IS_IMMUTABLE(inode)? " immut" : "", | |
2230 | IS_APPEND(inode)? " append" : "", | |
2c463e95 | 2231 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); |
1da177e4 | 2232 | dprintk(" owner %d/%d user %d/%d\n", |
5cc0a840 | 2233 | inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid()); |
1da177e4 LT |
2234 | #endif |
2235 | ||
2236 | /* Normally we reject any write/sattr etc access on a read-only file | |
2237 | * system. But if it is IRIX doing check on write-access for a | |
2238 | * device special file, we ignore rofs. | |
2239 | */ | |
8837abca MS |
2240 | if (!(acc & NFSD_MAY_LOCAL_ACCESS)) |
2241 | if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) { | |
2c463e95 DH |
2242 | if (exp_rdonly(rqstp, exp) || |
2243 | __mnt_is_readonly(exp->ex_path.mnt)) | |
1da177e4 | 2244 | return nfserr_rofs; |
8837abca | 2245 | if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode)) |
1da177e4 LT |
2246 | return nfserr_perm; |
2247 | } | |
8837abca | 2248 | if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode)) |
1da177e4 LT |
2249 | return nfserr_perm; |
2250 | ||
8837abca | 2251 | if (acc & NFSD_MAY_LOCK) { |
1da177e4 LT |
2252 | /* If we cannot rely on authentication in NLM requests, |
2253 | * just allow locks, otherwise require read permission, or | |
2254 | * ownership | |
2255 | */ | |
2256 | if (exp->ex_flags & NFSEXP_NOAUTHNLM) | |
2257 | return 0; | |
2258 | else | |
8837abca | 2259 | acc = NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE; |
1da177e4 LT |
2260 | } |
2261 | /* | |
2262 | * The file owner always gets access permission for accesses that | |
2263 | * would normally be checked at open time. This is to make | |
2264 | * file access work even when the client has done a fchmod(fd, 0). | |
2265 | * | |
2266 | * However, `cp foo bar' should fail nevertheless when bar is | |
2267 | * readonly. A sensible way to do this might be to reject all | |
2268 | * attempts to truncate a read-only file, because a creat() call | |
2269 | * always implies file truncation. | |
2270 | * ... but this isn't really fair. A process may reasonably call | |
2271 | * ftruncate on an open file descriptor on a file with perm 000. | |
2272 | * We must trust the client to do permission checking - using "ACCESS" | |
2273 | * with NFSv3. | |
2274 | */ | |
8837abca | 2275 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && |
6fab8779 | 2276 | uid_eq(inode->i_uid, current_fsuid())) |
1da177e4 LT |
2277 | return 0; |
2278 | ||
8837abca | 2279 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ |
47291baa CB |
2280 | err = inode_permission(&init_user_ns, inode, |
2281 | acc & (MAY_READ | MAY_WRITE | MAY_EXEC)); | |
1da177e4 LT |
2282 | |
2283 | /* Allow read access to binaries even when mode 111 */ | |
2284 | if (err == -EACCES && S_ISREG(inode->i_mode) && | |
a043226b BF |
2285 | (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) || |
2286 | acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC))) | |
47291baa | 2287 | err = inode_permission(&init_user_ns, inode, MAY_EXEC); |
1da177e4 LT |
2288 | |
2289 | return err? nfserrno(err) : 0; | |
2290 | } |