projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge tag 'mm-hotfixes-stable-2025-07-11-16-16' of git://git.kernel.org/pub/scm/linux...
[linux-2.6-block.git] / fs / nfsd / export.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * NFS exporting and validation.
4 *
5 * We maintain a list of clients, each of which has a list of
6 * exports. To export an fs to a given client, you first have
7 * to create the client entry with NFSCTL_ADDCLIENT, which
8 * creates a client control block and adds it to the hash
9 * table. Then, you call NFSCTL_EXPORT for each fs.
10 *
11 *
12 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de>
13 */
14
15#include <linux/slab.h>
16#include <linux/namei.h>
17#include <linux/module.h>
18#include <linux/exportfs.h>
19#include <linux/sunrpc/svc_xprt.h>
20
21#include "nfsd.h"
22#include "nfsfh.h"
23#include "netns.h"
24#include "pnfs.h"
25#include "filecache.h"
26#include "trace.h"
27
28#define NFSDDBG_FACILITY NFSDDBG_EXPORT
29
30/*
31 * We have two caches.
32 * One maps client+vfsmnt+dentry to export options - the export map
33 * The other maps client+filehandle-fragment to export options. - the expkey map
34 *
35 * The export options are actually stored in the first map, and the
36 * second map contains a reference to the entry in the first map.
37 */
38
39#define EXPKEY_HASHBITS 8
40#define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
41#define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
42
43static void expkey_put(struct kref *ref)
44{
45 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
46
47 if (test_bit(CACHE_VALID, &key->h.flags) &&
48 !test_bit(CACHE_NEGATIVE, &key->h.flags))
49 path_put(&key->ek_path);
50 auth_domain_put(key->ek_client);
51 kfree_rcu(key, ek_rcu);
52}
53
54static int expkey_upcall(struct cache_detail *cd, struct cache_head *h)
55{
56 return sunrpc_cache_pipe_upcall(cd, h);
57}
58
59static void expkey_request(struct cache_detail *cd,
60 struct cache_head *h,
61 char **bpp, int *blen)
62{
63 /* client fsidtype \xfsid */
64 struct svc_expkey *ek = container_of(h, struct svc_expkey, h);
65 char type[5];
66
67 qword_add(bpp, blen, ek->ek_client->name);
68 snprintf(type, 5, "%d", ek->ek_fsidtype);
69 qword_add(bpp, blen, type);
70 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype));
71 (*bpp)[-1] = '\n';
72}
73
74static struct svc_expkey *svc_expkey_update(struct cache_detail *cd, struct svc_expkey *new,
75 struct svc_expkey *old);
76static struct svc_expkey *svc_expkey_lookup(struct cache_detail *cd, struct svc_expkey *);
77
78static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen)
79{
80 /* client fsidtype fsid expiry [path] */
81 char *buf;
82 int len;
83 struct auth_domain *dom = NULL;
84 int err;
85 int fsidtype;
86 char *ep;
87 struct svc_expkey key;
88 struct svc_expkey *ek = NULL;
89
90 if (mesg[mlen - 1] != '\n')
91 return -EINVAL;
92 mesg[mlen-1] = 0;
93
94 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
95 err = -ENOMEM;
96 if (!buf)
97 goto out;
98
99 err = -EINVAL;
100 if (qword_get(&mesg, buf, PAGE_SIZE) <= 0)
101 goto out;
102
103 err = -ENOENT;
104 dom = auth_domain_find(buf);
105 if (!dom)
106 goto out;
107 dprintk("found domain %s\n", buf);
108
109 err = -EINVAL;
110 if (qword_get(&mesg, buf, PAGE_SIZE) <= 0)
111 goto out;
112 fsidtype = simple_strtoul(buf, &ep, 10);
113 if (*ep)
114 goto out;
115 dprintk("found fsidtype %d\n", fsidtype);
116 if (key_len(fsidtype)==0) /* invalid type */
117 goto out;
118 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
119 goto out;
120 dprintk("found fsid length %d\n", len);
121 if (len != key_len(fsidtype))
122 goto out;
123
124 /* OK, we seem to have a valid key */
125 key.h.flags = 0;
126 err = get_expiry(&mesg, &key.h.expiry_time);
127 if (err)
128 goto out;
129
130 key.ek_client = dom;
131 key.ek_fsidtype = fsidtype;
132 memcpy(key.ek_fsid, buf, len);
133
134 ek = svc_expkey_lookup(cd, &key);
135 err = -ENOMEM;
136 if (!ek)
137 goto out;
138
139 /* now we want a pathname, or empty meaning NEGATIVE */
140 err = -EINVAL;
141 len = qword_get(&mesg, buf, PAGE_SIZE);
142 if (len < 0)
143 goto out;
144 dprintk("Path seems to be <%s>\n", buf);
145 err = 0;
146 if (len == 0) {
147 set_bit(CACHE_NEGATIVE, &key.h.flags);
148 ek = svc_expkey_update(cd, &key, ek);
149 if (ek)
150 trace_nfsd_expkey_update(ek, NULL);
151 else
152 err = -ENOMEM;
153 } else {
154 err = kern_path(buf, 0, &key.ek_path);
155 if (err)
156 goto out;
157
158 dprintk("Found the path %s\n", buf);
159
160 ek = svc_expkey_update(cd, &key, ek);
161 if (ek)
162 trace_nfsd_expkey_update(ek, buf);
163 else
164 err = -ENOMEM;
165 path_put(&key.ek_path);
166 }
167 cache_flush();
168 out:
169 if (ek)
170 cache_put(&ek->h, cd);
171 if (dom)
172 auth_domain_put(dom);
173 kfree(buf);
174 return err;
175}
176
177static int expkey_show(struct seq_file *m,
178 struct cache_detail *cd,
179 struct cache_head *h)
180{
181 struct svc_expkey *ek ;
182 int i;
183
184 if (h ==NULL) {
185 seq_puts(m, "#domain fsidtype fsid [path]\n");
186 return 0;
187 }
188 ek = container_of(h, struct svc_expkey, h);
189 seq_printf(m, "%s %d 0x", ek->ek_client->name,
190 ek->ek_fsidtype);
191 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++)
192 seq_printf(m, "%08x", ek->ek_fsid[i]);
193 if (test_bit(CACHE_VALID, &h->flags) &&
194 !test_bit(CACHE_NEGATIVE, &h->flags)) {
195 seq_printf(m, " ");
196 seq_path(m, &ek->ek_path, "\\ \t\n");
197 }
198 seq_printf(m, "\n");
199 return 0;
200}
201
202static inline int expkey_match (struct cache_head *a, struct cache_head *b)
203{
204 struct svc_expkey *orig = container_of(a, struct svc_expkey, h);
205 struct svc_expkey *new = container_of(b, struct svc_expkey, h);
206
207 if (orig->ek_fsidtype != new->ek_fsidtype ||
208 orig->ek_client != new->ek_client ||
209 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0)
210 return 0;
211 return 1;
212}
213
214static inline void expkey_init(struct cache_head *cnew,
215 struct cache_head *citem)
216{
217 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
218 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
219
220 kref_get(&item->ek_client->ref);
221 new->ek_client = item->ek_client;
222 new->ek_fsidtype = item->ek_fsidtype;
223
224 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid));
225}
226
227static inline void expkey_update(struct cache_head *cnew,
228 struct cache_head *citem)
229{
230 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
231 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
232
233 new->ek_path = item->ek_path;
234 path_get(&item->ek_path);
235}
236
237static struct cache_head *expkey_alloc(void)
238{
239 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL);
240 if (i)
241 return &i->h;
242 else
243 return NULL;
244}
245
246static void expkey_flush(void)
247{
248 /*
249 * Take the nfsd_mutex here to ensure that the file cache is not
250 * destroyed while we're in the middle of flushing.
251 */
252 mutex_lock(&nfsd_mutex);
253 nfsd_file_cache_purge(current->nsproxy->net_ns);
254 mutex_unlock(&nfsd_mutex);
255}
256
257static const struct cache_detail svc_expkey_cache_template = {
258 .owner = THIS_MODULE,
259 .hash_size = EXPKEY_HASHMAX,
260 .name = "nfsd.fh",
261 .cache_put = expkey_put,
262 .cache_upcall = expkey_upcall,
263 .cache_request = expkey_request,
264 .cache_parse = expkey_parse,
265 .cache_show = expkey_show,
266 .match = expkey_match,
267 .init = expkey_init,
268 .update = expkey_update,
269 .alloc = expkey_alloc,
270 .flush = expkey_flush,
271};
272
273static int
274svc_expkey_hash(struct svc_expkey *item)
275{
276 int hash = item->ek_fsidtype;
277 char * cp = (char*)item->ek_fsid;
278 int len = key_len(item->ek_fsidtype);
279
280 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
281 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS);
282 hash &= EXPKEY_HASHMASK;
283 return hash;
284}
285
286static struct svc_expkey *
287svc_expkey_lookup(struct cache_detail *cd, struct svc_expkey *item)
288{
289 struct cache_head *ch;
290 int hash = svc_expkey_hash(item);
291
292 ch = sunrpc_cache_lookup_rcu(cd, &item->h, hash);
293 if (ch)
294 return container_of(ch, struct svc_expkey, h);
295 else
296 return NULL;
297}
298
299static struct svc_expkey *
300svc_expkey_update(struct cache_detail *cd, struct svc_expkey *new,
301 struct svc_expkey *old)
302{
303 struct cache_head *ch;
304 int hash = svc_expkey_hash(new);
305
306 ch = sunrpc_cache_update(cd, &new->h, &old->h, hash);
307 if (ch)
308 return container_of(ch, struct svc_expkey, h);
309 else
310 return NULL;
311}
312
313
314#define EXPORT_HASHBITS 8
315#define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
316
317static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc)
318{
319 struct nfsd4_fs_location *locations = fsloc->locations;
320 int i;
321
322 if (!locations)
323 return;
324
325 for (i = 0; i < fsloc->locations_count; i++) {
326 kfree(locations[i].path);
327 kfree(locations[i].hosts);
328 }
329
330 kfree(locations);
331 fsloc->locations = NULL;
332}
333
334static int export_stats_init(struct export_stats *stats)
335{
336 stats->start_time = ktime_get_seconds();
337 return percpu_counter_init_many(stats->counter, 0, GFP_KERNEL,
338 EXP_STATS_COUNTERS_NUM);
339}
340
341static void export_stats_reset(struct export_stats *stats)
342{
343 if (stats) {
344 int i;
345
346 for (i = 0; i < EXP_STATS_COUNTERS_NUM; i++)
347 percpu_counter_set(&stats->counter[i], 0);
348 }
349}
350
351static void export_stats_destroy(struct export_stats *stats)
352{
353 if (stats)
354 percpu_counter_destroy_many(stats->counter,
355 EXP_STATS_COUNTERS_NUM);
356}
357
358static void svc_export_release(struct rcu_head *rcu_head)
359{
360 struct svc_export *exp = container_of(rcu_head, struct svc_export,
361 ex_rcu);
362
363 nfsd4_fslocs_free(&exp->ex_fslocs);
364 export_stats_destroy(exp->ex_stats);
365 kfree(exp->ex_stats);
366 kfree(exp->ex_uuid);
367 kfree(exp);
368}
369
370static void svc_export_put(struct kref *ref)
371{
372 struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
373
374 path_put(&exp->ex_path);
375 auth_domain_put(exp->ex_client);
376 call_rcu(&exp->ex_rcu, svc_export_release);
377}
378
379static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h)
380{
381 return sunrpc_cache_pipe_upcall(cd, h);
382}
383
384static void svc_export_request(struct cache_detail *cd,
385 struct cache_head *h,
386 char **bpp, int *blen)
387{
388 /* client path */
389 struct svc_export *exp = container_of(h, struct svc_export, h);
390 char *pth;
391
392 qword_add(bpp, blen, exp->ex_client->name);
393 pth = d_path(&exp->ex_path, *bpp, *blen);
394 if (IS_ERR(pth)) {
395 /* is this correct? */
396 (*bpp)[0] = '\n';
397 return;
398 }
399 qword_add(bpp, blen, pth);
400 (*bpp)[-1] = '\n';
401}
402
403static struct svc_export *svc_export_update(struct svc_export *new,
404 struct svc_export *old);
405static struct svc_export *svc_export_lookup(struct svc_export *);
406
407static int check_export(struct path *path, int *flags, unsigned char *uuid)
408{
409 struct inode *inode = d_inode(path->dentry);
410
411 /*
412 * We currently export only dirs, regular files, and (for v4
413 * pseudoroot) symlinks.
414 */
415 if (!S_ISDIR(inode->i_mode) &&
416 !S_ISLNK(inode->i_mode) &&
417 !S_ISREG(inode->i_mode))
418 return -ENOTDIR;
419
420 /*
421 * Mountd should never pass down a writeable V4ROOT export, but,
422 * just to make sure:
423 */
424 if (*flags & NFSEXP_V4ROOT)
425 *flags |= NFSEXP_READONLY;
426
427 /* There are two requirements on a filesystem to be exportable.
428 * 1: We must be able to identify the filesystem from a number.
429 * either a device number (so FS_REQUIRES_DEV needed)
430 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
431 * 2: We must be able to find an inode from a filehandle.
432 * This means that s_export_op must be set.
433 * 3: We must not currently be on an idmapped mount.
434 */
435 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
436 !(*flags & NFSEXP_FSID) &&
437 uuid == NULL) {
438 dprintk("exp_export: export of non-dev fs without fsid\n");
439 return -EINVAL;
440 }
441
442 if (!exportfs_can_decode_fh(inode->i_sb->s_export_op)) {
443 dprintk("exp_export: export of invalid fs type.\n");
444 return -EINVAL;
445 }
446
447 if (is_idmapped_mnt(path->mnt)) {
448 dprintk("exp_export: export of idmapped mounts not yet supported.\n");
449 return -EINVAL;
450 }
451
452 if (inode->i_sb->s_export_op->flags & EXPORT_OP_NOSUBTREECHK &&
453 !(*flags & NFSEXP_NOSUBTREECHECK)) {
454 dprintk("%s: %s does not support subtree checking!\n",
455 __func__, inode->i_sb->s_type->name);
456 return -EINVAL;
457 }
458 return 0;
459}
460
461#ifdef CONFIG_NFSD_V4
462
463static int
464fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc)
465{
466 int len;
467 int migrated, i, err;
468
469 /* more than one fsloc */
470 if (fsloc->locations)
471 return -EINVAL;
472
473 /* listsize */
474 err = get_uint(mesg, &fsloc->locations_count);
475 if (err)
476 return err;
477 if (fsloc->locations_count > MAX_FS_LOCATIONS)
478 return -EINVAL;
479 if (fsloc->locations_count == 0)
480 return 0;
481
482 fsloc->locations = kcalloc(fsloc->locations_count,
483 sizeof(struct nfsd4_fs_location),
484 GFP_KERNEL);
485 if (!fsloc->locations)
486 return -ENOMEM;
487 for (i=0; i < fsloc->locations_count; i++) {
488 /* colon separated host list */
489 err = -EINVAL;
490 len = qword_get(mesg, buf, PAGE_SIZE);
491 if (len <= 0)
492 goto out_free_all;
493 err = -ENOMEM;
494 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL);
495 if (!fsloc->locations[i].hosts)
496 goto out_free_all;
497 err = -EINVAL;
498 /* slash separated path component list */
499 len = qword_get(mesg, buf, PAGE_SIZE);
500 if (len <= 0)
501 goto out_free_all;
502 err = -ENOMEM;
503 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL);
504 if (!fsloc->locations[i].path)
505 goto out_free_all;
506 }
507 /* migrated */
508 err = get_int(mesg, &migrated);
509 if (err)
510 goto out_free_all;
511 err = -EINVAL;
512 if (migrated < 0 || migrated > 1)
513 goto out_free_all;
514 fsloc->migrated = migrated;
515 return 0;
516out_free_all:
517 nfsd4_fslocs_free(fsloc);
518 return err;
519}
520
521static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
522{
523 struct exp_flavor_info *f;
524 u32 listsize;
525 int err;
526
527 /* more than one secinfo */
528 if (exp->ex_nflavors)
529 return -EINVAL;
530
531 err = get_uint(mesg, &listsize);
532 if (err)
533 return err;
534 if (listsize > MAX_SECINFO_LIST)
535 return -EINVAL;
536
537 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
538 err = get_uint(mesg, &f->pseudoflavor);
539 if (err)
540 return err;
541 /*
542 * XXX: It would be nice to also check whether this
543 * pseudoflavor is supported, so we can discover the
544 * problem at export time instead of when a client fails
545 * to authenticate.
546 */
547 err = get_uint(mesg, &f->flags);
548 if (err)
549 return err;
550 /* Only some flags are allowed to differ between flavors: */
551 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
552 return -EINVAL;
553 }
554 exp->ex_nflavors = listsize;
555 return 0;
556}
557
558#else /* CONFIG_NFSD_V4 */
559static inline int
560fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
561static inline int
562secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
563#endif
564
565static int xprtsec_parse(char **mesg, char *buf, struct svc_export *exp)
566{
567 unsigned int i, mode, listsize;
568 int err;
569
570 err = get_uint(mesg, &listsize);
571 if (err)
572 return err;
573 if (listsize > NFSEXP_XPRTSEC_NUM)
574 return -EINVAL;
575
576 exp->ex_xprtsec_modes = 0;
577 for (i = 0; i < listsize; i++) {
578 err = get_uint(mesg, &mode);
579 if (err)
580 return err;
581 if (mode > NFSEXP_XPRTSEC_MTLS)
582 return -EINVAL;
583 exp->ex_xprtsec_modes |= mode;
584 }
585 return 0;
586}
587
588static inline int
589nfsd_uuid_parse(char **mesg, char *buf, unsigned char **puuid)
590{
591 int len;
592
593 /* more than one uuid */
594 if (*puuid)
595 return -EINVAL;
596
597 /* expect a 16 byte uuid encoded as \xXXXX... */
598 len = qword_get(mesg, buf, PAGE_SIZE);
599 if (len != EX_UUID_LEN)
600 return -EINVAL;
601
602 *puuid = kmemdup(buf, EX_UUID_LEN, GFP_KERNEL);
603 if (*puuid == NULL)
604 return -ENOMEM;
605
606 return 0;
607}
608
609static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
610{
611 /* client path expiry [flags anonuid anongid fsid] */
612 char *buf;
613 int err;
614 struct auth_domain *dom = NULL;
615 struct svc_export exp = {}, *expp;
616 int an_int;
617
618 if (mesg[mlen-1] != '\n')
619 return -EINVAL;
620 mesg[mlen-1] = 0;
621
622 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
623 if (!buf)
624 return -ENOMEM;
625
626 /* client */
627 err = -EINVAL;
628 if (qword_get(&mesg, buf, PAGE_SIZE) <= 0)
629 goto out;
630
631 err = -ENOENT;
632 dom = auth_domain_find(buf);
633 if (!dom)
634 goto out;
635
636 /* path */
637 err = -EINVAL;
638 if (qword_get(&mesg, buf, PAGE_SIZE) <= 0)
639 goto out1;
640
641 err = kern_path(buf, 0, &exp.ex_path);
642 if (err)
643 goto out1;
644
645 exp.ex_client = dom;
646 exp.cd = cd;
647 exp.ex_devid_map = NULL;
648 exp.ex_xprtsec_modes = NFSEXP_XPRTSEC_ALL;
649
650 /* expiry */
651 err = get_expiry(&mesg, &exp.h.expiry_time);
652 if (err)
653 goto out3;
654
655 /* flags */
656 err = get_int(&mesg, &an_int);
657 if (err == -ENOENT) {
658 err = 0;
659 set_bit(CACHE_NEGATIVE, &exp.h.flags);
660 } else {
661 if (err || an_int < 0)
662 goto out3;
663 exp.ex_flags= an_int;
664
665 /* anon uid */
666 err = get_int(&mesg, &an_int);
667 if (err)
668 goto out3;
669 exp.ex_anon_uid= make_kuid(current_user_ns(), an_int);
670
671 /* anon gid */
672 err = get_int(&mesg, &an_int);
673 if (err)
674 goto out3;
675 exp.ex_anon_gid= make_kgid(current_user_ns(), an_int);
676
677 /* fsid */
678 err = get_int(&mesg, &an_int);
679 if (err)
680 goto out3;
681 exp.ex_fsid = an_int;
682
683 while (qword_get(&mesg, buf, PAGE_SIZE) > 0) {
684 if (strcmp(buf, "fsloc") == 0)
685 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs);
686 else if (strcmp(buf, "uuid") == 0)
687 err = nfsd_uuid_parse(&mesg, buf, &exp.ex_uuid);
688 else if (strcmp(buf, "secinfo") == 0)
689 err = secinfo_parse(&mesg, buf, &exp);
690 else if (strcmp(buf, "xprtsec") == 0)
691 err = xprtsec_parse(&mesg, buf, &exp);
692 else
693 /* quietly ignore unknown words and anything
694 * following. Newer user-space can try to set
695 * new values, then see what the result was.
696 */
697 break;
698 if (err)
699 goto out4;
700 }
701
702 err = check_export(&exp.ex_path, &exp.ex_flags, exp.ex_uuid);
703 if (err)
704 goto out4;
705
706 /*
707 * No point caching this if it would immediately expire.
708 * Also, this protects exportfs's dummy export from the
709 * anon_uid/anon_gid checks:
710 */
711 if (exp.h.expiry_time < seconds_since_boot())
712 goto out4;
713 /*
714 * For some reason exportfs has been passing down an
715 * invalid (-1) uid & gid on the "dummy" export which it
716 * uses to test export support. To make sure exportfs
717 * sees errors from check_export we therefore need to
718 * delay these checks till after check_export:
719 */
720 err = -EINVAL;
721 if (!uid_valid(exp.ex_anon_uid))
722 goto out4;
723 if (!gid_valid(exp.ex_anon_gid))
724 goto out4;
725 err = 0;
726
727 nfsd4_setup_layout_type(&exp);
728 }
729
730 expp = svc_export_lookup(&exp);
731 if (!expp) {
732 err = -ENOMEM;
733 goto out4;
734 }
735 expp = svc_export_update(&exp, expp);
736 if (expp) {
737 trace_nfsd_export_update(expp);
738 cache_flush();
739 exp_put(expp);
740 } else
741 err = -ENOMEM;
742out4:
743 nfsd4_fslocs_free(&exp.ex_fslocs);
744 kfree(exp.ex_uuid);
745out3:
746 path_put(&exp.ex_path);
747out1:
748 auth_domain_put(dom);
749out:
750 kfree(buf);
751 return err;
752}
753
754static void exp_flags(struct seq_file *m, int flag, int fsid,
755 kuid_t anonu, kgid_t anong, struct nfsd4_fs_locations *fslocs);
756static void show_secinfo(struct seq_file *m, struct svc_export *exp);
757
758static int is_export_stats_file(struct seq_file *m)
759{
760 /*
761 * The export_stats file uses the same ops as the exports file.
762 * We use the file's name to determine the reported info per export.
763 * There is no rename in nsfdfs, so d_name.name is stable.
764 */
765 return !strcmp(m->file->f_path.dentry->d_name.name, "export_stats");
766}
767
768static int svc_export_show(struct seq_file *m,
769 struct cache_detail *cd,
770 struct cache_head *h)
771{
772 struct svc_export *exp;
773 bool export_stats = is_export_stats_file(m);
774
775 if (h == NULL) {
776 if (export_stats)
777 seq_puts(m, "#path domain start-time\n#\tstats\n");
778 else
779 seq_puts(m, "#path domain(flags)\n");
780 return 0;
781 }
782 exp = container_of(h, struct svc_export, h);
783 seq_path(m, &exp->ex_path, " \t\n\\");
784 seq_putc(m, '\t');
785 seq_escape(m, exp->ex_client->name, " \t\n\\");
786 if (export_stats) {
787 struct percpu_counter *counter = exp->ex_stats->counter;
788
789 seq_printf(m, "\t%lld\n", exp->ex_stats->start_time);
790 seq_printf(m, "\tfh_stale: %lld\n",
791 percpu_counter_sum_positive(&counter[EXP_STATS_FH_STALE]));
792 seq_printf(m, "\tio_read: %lld\n",
793 percpu_counter_sum_positive(&counter[EXP_STATS_IO_READ]));
794 seq_printf(m, "\tio_write: %lld\n",
795 percpu_counter_sum_positive(&counter[EXP_STATS_IO_WRITE]));
796 seq_putc(m, '\n');
797 return 0;
798 }
799 seq_putc(m, '(');
800 if (test_bit(CACHE_VALID, &h->flags) &&
801 !test_bit(CACHE_NEGATIVE, &h->flags)) {
802 exp_flags(m, exp->ex_flags, exp->ex_fsid,
803 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs);
804 if (exp->ex_uuid) {
805 int i;
806 seq_puts(m, ",uuid=");
807 for (i = 0; i < EX_UUID_LEN; i++) {
808 if ((i&3) == 0 && i)
809 seq_putc(m, ':');
810 seq_printf(m, "%02x", exp->ex_uuid[i]);
811 }
812 }
813 show_secinfo(m, exp);
814 }
815 seq_puts(m, ")\n");
816 return 0;
817}
818static int svc_export_match(struct cache_head *a, struct cache_head *b)
819{
820 struct svc_export *orig = container_of(a, struct svc_export, h);
821 struct svc_export *new = container_of(b, struct svc_export, h);
822 return orig->ex_client == new->ex_client &&
823 path_equal(&orig->ex_path, &new->ex_path);
824}
825
826static void svc_export_init(struct cache_head *cnew, struct cache_head *citem)
827{
828 struct svc_export *new = container_of(cnew, struct svc_export, h);
829 struct svc_export *item = container_of(citem, struct svc_export, h);
830
831 kref_get(&item->ex_client->ref);
832 new->ex_client = item->ex_client;
833 new->ex_path = item->ex_path;
834 path_get(&item->ex_path);
835 new->ex_fslocs.locations = NULL;
836 new->ex_fslocs.locations_count = 0;
837 new->ex_fslocs.migrated = 0;
838 new->ex_layout_types = 0;
839 new->ex_uuid = NULL;
840 new->cd = item->cd;
841 export_stats_reset(new->ex_stats);
842}
843
844static void export_update(struct cache_head *cnew, struct cache_head *citem)
845{
846 struct svc_export *new = container_of(cnew, struct svc_export, h);
847 struct svc_export *item = container_of(citem, struct svc_export, h);
848 int i;
849
850 new->ex_flags = item->ex_flags;
851 new->ex_anon_uid = item->ex_anon_uid;
852 new->ex_anon_gid = item->ex_anon_gid;
853 new->ex_fsid = item->ex_fsid;
854 new->ex_devid_map = item->ex_devid_map;
855 item->ex_devid_map = NULL;
856 new->ex_uuid = item->ex_uuid;
857 item->ex_uuid = NULL;
858 new->ex_fslocs.locations = item->ex_fslocs.locations;
859 item->ex_fslocs.locations = NULL;
860 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count;
861 item->ex_fslocs.locations_count = 0;
862 new->ex_fslocs.migrated = item->ex_fslocs.migrated;
863 item->ex_fslocs.migrated = 0;
864 new->ex_layout_types = item->ex_layout_types;
865 new->ex_nflavors = item->ex_nflavors;
866 for (i = 0; i < MAX_SECINFO_LIST; i++) {
867 new->ex_flavors[i] = item->ex_flavors[i];
868 }
869 new->ex_xprtsec_modes = item->ex_xprtsec_modes;
870}
871
872static struct cache_head *svc_export_alloc(void)
873{
874 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL);
875 if (!i)
876 return NULL;
877
878 i->ex_stats = kmalloc(sizeof(*(i->ex_stats)), GFP_KERNEL);
879 if (!i->ex_stats) {
880 kfree(i);
881 return NULL;
882 }
883
884 if (export_stats_init(i->ex_stats)) {
885 kfree(i->ex_stats);
886 kfree(i);
887 return NULL;
888 }
889
890 return &i->h;
891}
892
893static const struct cache_detail svc_export_cache_template = {
894 .owner = THIS_MODULE,
895 .hash_size = EXPORT_HASHMAX,
896 .name = "nfsd.export",
897 .cache_put = svc_export_put,
898 .cache_upcall = svc_export_upcall,
899 .cache_request = svc_export_request,
900 .cache_parse = svc_export_parse,
901 .cache_show = svc_export_show,
902 .match = svc_export_match,
903 .init = svc_export_init,
904 .update = export_update,
905 .alloc = svc_export_alloc,
906};
907
908static int
909svc_export_hash(struct svc_export *exp)
910{
911 int hash;
912
913 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS);
914 hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS);
915 hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS);
916 return hash;
917}
918
919static struct svc_export *
920svc_export_lookup(struct svc_export *exp)
921{
922 struct cache_head *ch;
923 int hash = svc_export_hash(exp);
924
925 ch = sunrpc_cache_lookup_rcu(exp->cd, &exp->h, hash);
926 if (ch)
927 return container_of(ch, struct svc_export, h);
928 else
929 return NULL;
930}
931
932static struct svc_export *
933svc_export_update(struct svc_export *new, struct svc_export *old)
934{
935 struct cache_head *ch;
936 int hash = svc_export_hash(old);
937
938 ch = sunrpc_cache_update(old->cd, &new->h, &old->h, hash);
939 if (ch)
940 return container_of(ch, struct svc_export, h);
941 else
942 return NULL;
943}
944
945
946static struct svc_expkey *
947exp_find_key(struct cache_detail *cd, struct auth_domain *clp, int fsid_type,
948 u32 *fsidv, struct cache_req *reqp)
949{
950 struct svc_expkey key, *ek;
951 int err;
952
953 if (!clp)
954 return ERR_PTR(-ENOENT);
955
956 key.ek_client = clp;
957 key.ek_fsidtype = fsid_type;
958 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
959
960 ek = svc_expkey_lookup(cd, &key);
961 if (ek == NULL)
962 return ERR_PTR(-ENOMEM);
963 err = cache_check(cd, &ek->h, reqp);
964 if (err) {
965 trace_nfsd_exp_find_key(&key, err);
966 return ERR_PTR(err);
967 }
968 return ek;
969}
970
971static struct svc_export *
972exp_get_by_name(struct cache_detail *cd, struct auth_domain *clp,
973 const struct path *path, struct cache_req *reqp)
974{
975 struct svc_export *exp, key;
976 int err;
977
978 if (!clp)
979 return ERR_PTR(-ENOENT);
980
981 key.ex_client = clp;
982 key.ex_path = *path;
983 key.cd = cd;
984
985 exp = svc_export_lookup(&key);
986 if (exp == NULL)
987 return ERR_PTR(-ENOMEM);
988 err = cache_check(cd, &exp->h, reqp);
989 if (err) {
990 trace_nfsd_exp_get_by_name(&key, err);
991 return ERR_PTR(err);
992 }
993 return exp;
994}
995
996/*
997 * Find the export entry for a given dentry.
998 */
999static struct svc_export *
1000exp_parent(struct cache_detail *cd, struct auth_domain *clp, struct path *path)
1001{
1002 struct dentry *saved = dget(path->dentry);
1003 struct svc_export *exp = exp_get_by_name(cd, clp, path, NULL);
1004
1005 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
1006 struct dentry *parent = dget_parent(path->dentry);
1007 dput(path->dentry);
1008 path->dentry = parent;
1009 exp = exp_get_by_name(cd, clp, path, NULL);
1010 }
1011 dput(path->dentry);
1012 path->dentry = saved;
1013 return exp;
1014}
1015
1016
1017
1018/*
1019 * Obtain the root fh on behalf of a client.
1020 * This could be done in user space, but I feel that it adds some safety
1021 * since its harder to fool a kernel module than a user space program.
1022 */
1023int
1024exp_rootfh(struct net *net, struct auth_domain *clp, char *name,
1025 struct knfsd_fh *f, int maxsize)
1026{
1027 struct svc_export *exp;
1028 struct path path;
1029 struct inode *inode;
1030 struct svc_fh fh;
1031 int err;
1032 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1033 struct cache_detail *cd = nn->svc_export_cache;
1034
1035 err = -EPERM;
1036 /* NB: we probably ought to check that it's NUL-terminated */
1037 if (kern_path(name, 0, &path)) {
1038 printk("nfsd: exp_rootfh path not found %s", name);
1039 return err;
1040 }
1041 inode = d_inode(path.dentry);
1042
1043 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1044 name, path.dentry, clp->name,
1045 inode->i_sb->s_id, inode->i_ino);
1046 exp = exp_parent(cd, clp, &path);
1047 if (IS_ERR(exp)) {
1048 err = PTR_ERR(exp);
1049 goto out;
1050 }
1051
1052 /*
1053 * fh must be initialized before calling fh_compose
1054 */
1055 fh_init(&fh, maxsize);
1056 if (fh_compose(&fh, exp, path.dentry, NULL))
1057 err = -EINVAL;
1058 else
1059 err = 0;
1060 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh));
1061 fh_put(&fh);
1062 exp_put(exp);
1063out:
1064 path_put(&path);
1065 return err;
1066}
1067
1068static struct svc_export *exp_find(struct cache_detail *cd,
1069 struct auth_domain *clp, int fsid_type,
1070 u32 *fsidv, struct cache_req *reqp)
1071{
1072 struct svc_export *exp;
1073 struct nfsd_net *nn = net_generic(cd->net, nfsd_net_id);
1074 struct svc_expkey *ek = exp_find_key(nn->svc_expkey_cache, clp, fsid_type, fsidv, reqp);
1075 if (IS_ERR(ek))
1076 return ERR_CAST(ek);
1077
1078 exp = exp_get_by_name(cd, clp, &ek->ek_path, reqp);
1079 cache_put(&ek->h, nn->svc_expkey_cache);
1080
1081 if (IS_ERR(exp))
1082 return ERR_CAST(exp);
1083 return exp;
1084}
1085
1086/**
1087 * check_nfsd_access - check if access to export is allowed.
1088 * @exp: svc_export that is being accessed.
1089 * @rqstp: svc_rqst attempting to access @exp (will be NULL for LOCALIO).
1090 * @may_bypass_gss: reduce strictness of authorization check
1091 *
1092 * Return values:
1093 * %nfs_ok if access is granted, or
1094 * %nfserr_wrongsec if access is denied
1095 */
1096__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp,
1097 bool may_bypass_gss)
1098{
1099 struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors;
1100 struct svc_xprt *xprt;
1101
1102 /*
1103 * If rqstp is NULL, this is a LOCALIO request which will only
1104 * ever use a filehandle/credential pair for which access has
1105 * been affirmed (by ACCESS or OPEN NFS requests) over the
1106 * wire. So there is no need for further checks here.
1107 */
1108 if (!rqstp)
1109 return nfs_ok;
1110
1111 xprt = rqstp->rq_xprt;
1112
1113 if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_NONE) {
1114 if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags))
1115 goto ok;
1116 }
1117 if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_TLS) {
1118 if (test_bit(XPT_TLS_SESSION, &xprt->xpt_flags) &&
1119 !test_bit(XPT_PEER_AUTH, &xprt->xpt_flags))
1120 goto ok;
1121 }
1122 if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_MTLS) {
1123 if (test_bit(XPT_TLS_SESSION, &xprt->xpt_flags) &&
1124 test_bit(XPT_PEER_AUTH, &xprt->xpt_flags))
1125 goto ok;
1126 }
1127 if (!may_bypass_gss)
1128 goto denied;
1129
1130ok:
1131 /* legacy gss-only clients are always OK: */
1132 if (exp->ex_client == rqstp->rq_gssclient)
1133 return nfs_ok;
1134 /* ip-address based client; check sec= export option: */
1135 for (f = exp->ex_flavors; f < end; f++) {
1136 if (f->pseudoflavor == rqstp->rq_cred.cr_flavor)
1137 return nfs_ok;
1138 }
1139 /* defaults in absence of sec= options: */
1140 if (exp->ex_nflavors == 0) {
1141 if (rqstp->rq_cred.cr_flavor == RPC_AUTH_NULL ||
1142 rqstp->rq_cred.cr_flavor == RPC_AUTH_UNIX)
1143 return nfs_ok;
1144 }
1145
1146 /* If the compound op contains a spo_must_allowed op,
1147 * it will be sent with integrity/protection which
1148 * will have to be expressly allowed on mounts that
1149 * don't support it
1150 */
1151
1152 if (nfsd4_spo_must_allow(rqstp))
1153 return nfs_ok;
1154
1155 /* Some calls may be processed without authentication
1156 * on GSS exports. For example NFS2/3 calls on root
1157 * directory, see section 2.3.2 of rfc 2623.
1158 * For "may_bypass_gss" check that export has really
1159 * enabled some flavor with authentication (GSS or any
1160 * other) and also check that the used auth flavor is
1161 * without authentication (none or sys).
1162 */
1163 if (may_bypass_gss && (
1164 rqstp->rq_cred.cr_flavor == RPC_AUTH_NULL ||
1165 rqstp->rq_cred.cr_flavor == RPC_AUTH_UNIX)) {
1166 for (f = exp->ex_flavors; f < end; f++) {
1167 if (f->pseudoflavor >= RPC_AUTH_DES)
1168 return 0;
1169 }
1170 }
1171
1172denied:
1173 return nfserr_wrongsec;
1174}
1175
1176/*
1177 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1178 * auth_unix client) if it's available and has secinfo information;
1179 * otherwise, will try to use rq_gssclient.
1180 *
1181 * Called from functions that handle requests; functions that do work on
1182 * behalf of mountd are passed a single client name to use, and should
1183 * use exp_get_by_name() or exp_find().
1184 */
1185struct svc_export *
1186rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path)
1187{
1188 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1189 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1190 struct cache_detail *cd = nn->svc_export_cache;
1191
1192 if (rqstp->rq_client == NULL)
1193 goto gss;
1194
1195 /* First try the auth_unix client: */
1196 exp = exp_get_by_name(cd, rqstp->rq_client, path, &rqstp->rq_chandle);
1197 if (PTR_ERR(exp) == -ENOENT)
1198 goto gss;
1199 if (IS_ERR(exp))
1200 return exp;
1201 /* If it has secinfo, assume there are no gss/... clients */
1202 if (exp->ex_nflavors > 0)
1203 return exp;
1204gss:
1205 /* Otherwise, try falling back on gss client */
1206 if (rqstp->rq_gssclient == NULL)
1207 return exp;
1208 gssexp = exp_get_by_name(cd, rqstp->rq_gssclient, path, &rqstp->rq_chandle);
1209 if (PTR_ERR(gssexp) == -ENOENT)
1210 return exp;
1211 if (!IS_ERR(exp))
1212 exp_put(exp);
1213 return gssexp;
1214}
1215
1216/**
1217 * rqst_exp_find - Find an svc_export in the context of a rqst or similar
1218 * @reqp: The handle to be used to suspend the request if a cache-upcall is needed
1219 * If NULL, missing in-cache information will result in failure.
1220 * @net: The network namespace in which the request exists
1221 * @cl: default auth_domain to use for looking up the export
1222 * @gsscl: an alternate auth_domain defined using deprecated gss/krb5 format.
1223 * @fsid_type: The type of fsid to look for
1224 * @fsidv: The actual fsid to look up in the context of either client.
1225 *
1226 * Perform a lookup for @cl/@fsidv in the given @net for an export. If
1227 * none found and @gsscl specified, repeat the lookup.
1228 *
1229 * Returns an export, or an error pointer.
1230 */
1231struct svc_export *
1232rqst_exp_find(struct cache_req *reqp, struct net *net,
1233 struct auth_domain *cl, struct auth_domain *gsscl,
1234 int fsid_type, u32 *fsidv)
1235{
1236 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1237 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1238 struct cache_detail *cd = nn->svc_export_cache;
1239
1240 if (!cl)
1241 goto gss;
1242
1243 /* First try the auth_unix client: */
1244 exp = exp_find(cd, cl, fsid_type, fsidv, reqp);
1245 if (PTR_ERR(exp) == -ENOENT)
1246 goto gss;
1247 if (IS_ERR(exp))
1248 return exp;
1249 /* If it has secinfo, assume there are no gss/... clients */
1250 if (exp->ex_nflavors > 0)
1251 return exp;
1252gss:
1253 /* Otherwise, try falling back on gss client */
1254 if (!gsscl)
1255 return exp;
1256 gssexp = exp_find(cd, gsscl, fsid_type, fsidv, reqp);
1257 if (PTR_ERR(gssexp) == -ENOENT)
1258 return exp;
1259 if (!IS_ERR(exp))
1260 exp_put(exp);
1261 return gssexp;
1262}
1263
1264struct svc_export *
1265rqst_exp_parent(struct svc_rqst *rqstp, struct path *path)
1266{
1267 struct dentry *saved = dget(path->dentry);
1268 struct svc_export *exp = rqst_exp_get_by_name(rqstp, path);
1269
1270 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
1271 struct dentry *parent = dget_parent(path->dentry);
1272 dput(path->dentry);
1273 path->dentry = parent;
1274 exp = rqst_exp_get_by_name(rqstp, path);
1275 }
1276 dput(path->dentry);
1277 path->dentry = saved;
1278 return exp;
1279}
1280
1281struct svc_export *rqst_find_fsidzero_export(struct svc_rqst *rqstp)
1282{
1283 u32 fsidv[2];
1284
1285 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
1286
1287 return rqst_exp_find(&rqstp->rq_chandle, SVC_NET(rqstp),
1288 rqstp->rq_client, rqstp->rq_gssclient,
1289 FSID_NUM, fsidv);
1290}
1291
1292/*
1293 * Called when we need the filehandle for the root of the pseudofs,
1294 * for a given NFSv4 client. The root is defined to be the
1295 * export point with fsid==0
1296 */
1297__be32
1298exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1299{
1300 struct svc_export *exp;
1301 __be32 rv;
1302
1303 exp = rqst_find_fsidzero_export(rqstp);
1304 if (IS_ERR(exp))
1305 return nfserrno(PTR_ERR(exp));
1306 rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL);
1307 exp_put(exp);
1308 return rv;
1309}
1310
1311static struct flags {
1312 int flag;
1313 char *name[2];
1314} expflags[] = {
1315 { NFSEXP_READONLY, {"ro", "rw"}},
1316 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1317 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1318 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1319 { NFSEXP_ASYNC, {"async", "sync"}},
1320 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1321 { NFSEXP_NOREADDIRPLUS, {"nordirplus", ""}},
1322 { NFSEXP_NOHIDE, {"nohide", ""}},
1323 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1324 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1325 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1326 { NFSEXP_V4ROOT, {"v4root", ""}},
1327 { NFSEXP_PNFS, {"pnfs", ""}},
1328 { NFSEXP_SECURITY_LABEL, {"security_label", ""}},
1329 { 0, {"", ""}}
1330};
1331
1332static void show_expflags(struct seq_file *m, int flags, int mask)
1333{
1334 struct flags *flg;
1335 int state, first = 0;
1336
1337 for (flg = expflags; flg->flag; flg++) {
1338 if (flg->flag & ~mask)
1339 continue;
1340 state = (flg->flag & flags) ? 0 : 1;
1341 if (*flg->name[state])
1342 seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
1343 }
1344}
1345
1346static void show_secinfo_flags(struct seq_file *m, int flags)
1347{
1348 seq_printf(m, ",");
1349 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
1350}
1351
1352static bool secinfo_flags_equal(int f, int g)
1353{
1354 f &= NFSEXP_SECINFO_FLAGS;
1355 g &= NFSEXP_SECINFO_FLAGS;
1356 return f == g;
1357}
1358
1359static int show_secinfo_run(struct seq_file *m, struct exp_flavor_info **fp, struct exp_flavor_info *end)
1360{
1361 int flags;
1362
1363 flags = (*fp)->flags;
1364 seq_printf(m, ",sec=%d", (*fp)->pseudoflavor);
1365 (*fp)++;
1366 while (*fp != end && secinfo_flags_equal(flags, (*fp)->flags)) {
1367 seq_printf(m, ":%d", (*fp)->pseudoflavor);
1368 (*fp)++;
1369 }
1370 return flags;
1371}
1372
1373static void show_secinfo(struct seq_file *m, struct svc_export *exp)
1374{
1375 struct exp_flavor_info *f;
1376 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1377 int flags;
1378
1379 if (exp->ex_nflavors == 0)
1380 return;
1381 f = exp->ex_flavors;
1382 flags = show_secinfo_run(m, &f, end);
1383 if (!secinfo_flags_equal(flags, exp->ex_flags))
1384 show_secinfo_flags(m, flags);
1385 while (f != end) {
1386 flags = show_secinfo_run(m, &f, end);
1387 show_secinfo_flags(m, flags);
1388 }
1389}
1390
1391static void exp_flags(struct seq_file *m, int flag, int fsid,
1392 kuid_t anonu, kgid_t anong, struct nfsd4_fs_locations *fsloc)
1393{
1394 struct user_namespace *userns = m->file->f_cred->user_ns;
1395
1396 show_expflags(m, flag, NFSEXP_ALLFLAGS);
1397 if (flag & NFSEXP_FSID)
1398 seq_printf(m, ",fsid=%d", fsid);
1399 if (!uid_eq(anonu, make_kuid(userns, (uid_t)-2)) &&
1400 !uid_eq(anonu, make_kuid(userns, 0x10000-2)))
1401 seq_printf(m, ",anonuid=%u", from_kuid_munged(userns, anonu));
1402 if (!gid_eq(anong, make_kgid(userns, (gid_t)-2)) &&
1403 !gid_eq(anong, make_kgid(userns, 0x10000-2)))
1404 seq_printf(m, ",anongid=%u", from_kgid_munged(userns, anong));
1405 if (fsloc && fsloc->locations_count > 0) {
1406 char *loctype = (fsloc->migrated) ? "refer" : "replicas";
1407 int i;
1408
1409 seq_printf(m, ",%s=", loctype);
1410 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
1411 seq_putc(m, '@');
1412 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");
1413 for (i = 1; i < fsloc->locations_count; i++) {
1414 seq_putc(m, ';');
1415 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\");
1416 seq_putc(m, '@');
1417 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\");
1418 }
1419 }
1420}
1421
1422static int e_show(struct seq_file *m, void *p)
1423{
1424 struct cache_head *cp = p;
1425 struct svc_export *exp = container_of(cp, struct svc_export, h);
1426 struct cache_detail *cd = m->private;
1427 bool export_stats = is_export_stats_file(m);
1428
1429 if (p == SEQ_START_TOKEN) {
1430 seq_puts(m, "# Version 1.1\n");
1431 if (export_stats)
1432 seq_puts(m, "# Path Client Start-time\n#\tStats\n");
1433 else
1434 seq_puts(m, "# Path Client(Flags) # IPs\n");
1435 return 0;
1436 }
1437
1438 if (cache_check_rcu(cd, &exp->h, NULL))
1439 return 0;
1440
1441 return svc_export_show(m, cd, cp);
1442}
1443
1444const struct seq_operations nfs_exports_op = {
1445 .start = cache_seq_start_rcu,
1446 .next = cache_seq_next_rcu,
1447 .stop = cache_seq_stop_rcu,
1448 .show = e_show,
1449};
1450
1451/*
1452 * Initialize the exports module.
1453 */
1454int
1455nfsd_export_init(struct net *net)
1456{
1457 int rv;
1458 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1459
1460 dprintk("nfsd: initializing export module (net: %x).\n", net->ns.inum);
1461
1462 nn->svc_export_cache = cache_create_net(&svc_export_cache_template, net);
1463 if (IS_ERR(nn->svc_export_cache))
1464 return PTR_ERR(nn->svc_export_cache);
1465 rv = cache_register_net(nn->svc_export_cache, net);
1466 if (rv)
1467 goto destroy_export_cache;
1468
1469 nn->svc_expkey_cache = cache_create_net(&svc_expkey_cache_template, net);
1470 if (IS_ERR(nn->svc_expkey_cache)) {
1471 rv = PTR_ERR(nn->svc_expkey_cache);
1472 goto unregister_export_cache;
1473 }
1474 rv = cache_register_net(nn->svc_expkey_cache, net);
1475 if (rv)
1476 goto destroy_expkey_cache;
1477 return 0;
1478
1479destroy_expkey_cache:
1480 cache_destroy_net(nn->svc_expkey_cache, net);
1481unregister_export_cache:
1482 cache_unregister_net(nn->svc_export_cache, net);
1483destroy_export_cache:
1484 cache_destroy_net(nn->svc_export_cache, net);
1485 return rv;
1486}
1487
1488/*
1489 * Flush exports table - called when last nfsd thread is killed
1490 */
1491void
1492nfsd_export_flush(struct net *net)
1493{
1494 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1495
1496 cache_purge(nn->svc_expkey_cache);
1497 cache_purge(nn->svc_export_cache);
1498}
1499
1500/*
1501 * Shutdown the exports module.
1502 */
1503void
1504nfsd_export_shutdown(struct net *net)
1505{
1506 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1507
1508 dprintk("nfsd: shutting down export module (net: %x).\n", net->ns.inum);
1509
1510 cache_unregister_net(nn->svc_expkey_cache, net);
1511 cache_unregister_net(nn->svc_export_cache, net);
1512 cache_destroy_net(nn->svc_expkey_cache, net);
1513 cache_destroy_net(nn->svc_export_cache, net);
1514 svcauth_unix_purge(net);
1515
1516 dprintk("nfsd: export shutdown complete (net: %x).\n", net->ns.inum);
1517}
Linux 6.x block layer and io_uring tree(s)