1 /* 2 * Copyright (C) Neil Brown 2002 3 * Copyright (C) Christoph Hellwig 2007 4 * 5 * This file contains the code mapping from inodes to NFS file handles, 6 * and for mapping back from file handles to dentries. 7 * 8 * For details on why we do all the strange and hairy things in here 9 * take a look at Documentation/filesystems/nfs/Exporting. 10 */ 11 #include <linux/exportfs.h> 12 #include <linux/fs.h> 13 #include <linux/file.h> 14 #include <linux/module.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/sched.h> 18 19 #define dprintk(fmt, args...) do{}while(0) 20 21 22 static int get_name(const struct path *path, char *name, struct dentry *child); 23 24 25 static int exportfs_get_name(struct vfsmount *mnt, struct dentry *dir, 26 char *name, struct dentry *child) 27 { 28 const struct export_operations *nop = dir->d_sb->s_export_op; 29 struct path path = {.mnt = mnt, .dentry = dir}; 30 31 if (nop->get_name) 32 return nop->get_name(dir, name, child); 33 else 34 return get_name(&path, name, child); 35 } 36 37 /* 38 * Check if the dentry or any of it's aliases is acceptable. 39 */ 40 static struct dentry * 41 find_acceptable_alias(struct dentry *result, 42 int (*acceptable)(void *context, struct dentry *dentry), 43 void *context) 44 { 45 struct dentry *dentry, *toput = NULL; 46 struct inode *inode; 47 48 if (acceptable(context, result)) 49 return result; 50 51 inode = result->d_inode; 52 spin_lock(&inode->i_lock); 53 hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { 54 dget(dentry); 55 spin_unlock(&inode->i_lock); 56 if (toput) 57 dput(toput); 58 if (dentry != result && acceptable(context, dentry)) { 59 dput(result); 60 return dentry; 61 } 62 spin_lock(&inode->i_lock); 63 toput = dentry; 64 } 65 spin_unlock(&inode->i_lock); 66 67 if (toput) 68 dput(toput); 69 return NULL; 70 } 71 72 static bool dentry_connected(struct dentry *dentry) 73 { 74 dget(dentry); 75 while (dentry->d_flags & DCACHE_DISCONNECTED) { 76 struct dentry *parent = dget_parent(dentry); 77 78 dput(dentry); 79 if (IS_ROOT(dentry)) { 80 dput(parent); 81 return false; 82 } 83 dentry = parent; 84 } 85 dput(dentry); 86 return true; 87 } 88 89 static void clear_disconnected(struct dentry *dentry) 90 { 91 dget(dentry); 92 while (dentry->d_flags & DCACHE_DISCONNECTED) { 93 struct dentry *parent = dget_parent(dentry); 94 95 WARN_ON_ONCE(IS_ROOT(dentry)); 96 97 spin_lock(&dentry->d_lock); 98 dentry->d_flags &= ~DCACHE_DISCONNECTED; 99 spin_unlock(&dentry->d_lock); 100 101 dput(dentry); 102 dentry = parent; 103 } 104 dput(dentry); 105 } 106 107 /* 108 * Reconnect a directory dentry with its parent. 109 * 110 * This can return a dentry, or NULL, or an error. 111 * 112 * In the first case the returned dentry is the parent of the given 113 * dentry, and may itself need to be reconnected to its parent. 114 * 115 * In the NULL case, a concurrent VFS operation has either renamed or 116 * removed this directory. The concurrent operation has reconnected our 117 * dentry, so we no longer need to. 118 */ 119 static struct dentry *reconnect_one(struct vfsmount *mnt, 120 struct dentry *dentry, char *nbuf) 121 { 122 struct dentry *parent; 123 struct dentry *tmp; 124 int err; 125 126 parent = ERR_PTR(-EACCES); 127 inode_lock(dentry->d_inode); 128 if (mnt->mnt_sb->s_export_op->get_parent) 129 parent = mnt->mnt_sb->s_export_op->get_parent(dentry); 130 inode_unlock(dentry->d_inode); 131 132 if (IS_ERR(parent)) { 133 dprintk("%s: get_parent of %ld failed, err %d\n", 134 __func__, dentry->d_inode->i_ino, PTR_ERR(parent)); 135 return parent; 136 } 137 138 dprintk("%s: find name of %lu in %lu\n", __func__, 139 dentry->d_inode->i_ino, parent->d_inode->i_ino); 140 err = exportfs_get_name(mnt, parent, nbuf, dentry); 141 if (err == -ENOENT) 142 goto out_reconnected; 143 if (err) 144 goto out_err; 145 dprintk("%s: found name: %s\n", __func__, nbuf); 146 tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); 147 if (IS_ERR(tmp)) { 148 dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); 149 goto out_err; 150 } 151 if (tmp != dentry) { 152 /* 153 * Somebody has renamed it since exportfs_get_name(); 154 * great, since it could've only been renamed if it 155 * got looked up and thus connected, and it would 156 * remain connected afterwards. We are done. 157 */ 158 dput(tmp); 159 goto out_reconnected; 160 } 161 dput(tmp); 162 if (IS_ROOT(dentry)) { 163 err = -ESTALE; 164 goto out_err; 165 } 166 return parent; 167 168 out_err: 169 dput(parent); 170 return ERR_PTR(err); 171 out_reconnected: 172 dput(parent); 173 /* 174 * Someone must have renamed our entry into another parent, in 175 * which case it has been reconnected by the rename. 176 * 177 * Or someone removed it entirely, in which case filehandle 178 * lookup will succeed but the directory is now IS_DEAD and 179 * subsequent operations on it will fail. 180 * 181 * Alternatively, maybe there was no race at all, and the 182 * filesystem is just corrupt and gave us a parent that doesn't 183 * actually contain any entry pointing to this inode. So, 184 * double check that this worked and return -ESTALE if not: 185 */ 186 if (!dentry_connected(dentry)) 187 return ERR_PTR(-ESTALE); 188 return NULL; 189 } 190 191 /* 192 * Make sure target_dir is fully connected to the dentry tree. 193 * 194 * On successful return, DCACHE_DISCONNECTED will be cleared on 195 * target_dir, and target_dir->d_parent->...->d_parent will reach the 196 * root of the filesystem. 197 * 198 * Whenever DCACHE_DISCONNECTED is unset, target_dir is fully connected. 199 * But the converse is not true: target_dir may have DCACHE_DISCONNECTED 200 * set but already be connected. In that case we'll verify the 201 * connection to root and then clear the flag. 202 * 203 * Note that target_dir could be removed by a concurrent operation. In 204 * that case reconnect_path may still succeed with target_dir fully 205 * connected, but further operations using the filehandle will fail when 206 * necessary (due to S_DEAD being set on the directory). 207 */ 208 static int 209 reconnect_path(struct vfsmount *mnt, struct dentry *target_dir, char *nbuf) 210 { 211 struct dentry *dentry, *parent; 212 213 dentry = dget(target_dir); 214 215 while (dentry->d_flags & DCACHE_DISCONNECTED) { 216 BUG_ON(dentry == mnt->mnt_sb->s_root); 217 218 if (IS_ROOT(dentry)) 219 parent = reconnect_one(mnt, dentry, nbuf); 220 else 221 parent = dget_parent(dentry); 222 223 if (!parent) 224 break; 225 dput(dentry); 226 if (IS_ERR(parent)) 227 return PTR_ERR(parent); 228 dentry = parent; 229 } 230 dput(dentry); 231 clear_disconnected(target_dir); 232 return 0; 233 } 234 235 struct getdents_callback { 236 struct dir_context ctx; 237 char *name; /* name that was found. It already points to a 238 buffer NAME_MAX+1 is size */ 239 u64 ino; /* the inum we are looking for */ 240 int found; /* inode matched? */ 241 int sequence; /* sequence counter */ 242 }; 243 244 /* 245 * A rather strange filldir function to capture 246 * the name matching the specified inode number. 247 */ 248 static int filldir_one(struct dir_context *ctx, const char *name, int len, 249 loff_t pos, u64 ino, unsigned int d_type) 250 { 251 struct getdents_callback *buf = 252 container_of(ctx, struct getdents_callback, ctx); 253 int result = 0; 254 255 buf->sequence++; 256 if (buf->ino == ino && len <= NAME_MAX) { 257 memcpy(buf->name, name, len); 258 buf->name[len] = '\0'; 259 buf->found = 1; 260 result = -1; 261 } 262 return result; 263 } 264 265 /** 266 * get_name - default export_operations->get_name function 267 * @path: the directory in which to find a name 268 * @name: a pointer to a %NAME_MAX+1 char buffer to store the name 269 * @child: the dentry for the child directory. 270 * 271 * calls readdir on the parent until it finds an entry with 272 * the same inode number as the child, and returns that. 273 */ 274 static int get_name(const struct path *path, char *name, struct dentry *child) 275 { 276 const struct cred *cred = current_cred(); 277 struct inode *dir = path->dentry->d_inode; 278 int error; 279 struct file *file; 280 struct kstat stat; 281 struct path child_path = { 282 .mnt = path->mnt, 283 .dentry = child, 284 }; 285 struct getdents_callback buffer = { 286 .ctx.actor = filldir_one, 287 .name = name, 288 }; 289 290 error = -ENOTDIR; 291 if (!dir || !S_ISDIR(dir->i_mode)) 292 goto out; 293 error = -EINVAL; 294 if (!dir->i_fop) 295 goto out; 296 /* 297 * inode->i_ino is unsigned long, kstat->ino is u64, so the 298 * former would be insufficient on 32-bit hosts when the 299 * filesystem supports 64-bit inode numbers. So we need to 300 * actually call ->getattr, not just read i_ino: 301 */ 302 error = vfs_getattr_nosec(&child_path, &stat); 303 if (error) 304 return error; 305 buffer.ino = stat.ino; 306 /* 307 * Open the directory ... 308 */ 309 file = dentry_open(path, O_RDONLY, cred); 310 error = PTR_ERR(file); 311 if (IS_ERR(file)) 312 goto out; 313 314 error = -EINVAL; 315 if (!file->f_op->iterate && !file->f_op->iterate_shared) 316 goto out_close; 317 318 buffer.sequence = 0; 319 while (1) { 320 int old_seq = buffer.sequence; 321 322 error = iterate_dir(file, &buffer.ctx); 323 if (buffer.found) { 324 error = 0; 325 break; 326 } 327 328 if (error < 0) 329 break; 330 331 error = -ENOENT; 332 if (old_seq == buffer.sequence) 333 break; 334 } 335 336 out_close: 337 fput(file); 338 out: 339 return error; 340 } 341 342 /** 343 * export_encode_fh - default export_operations->encode_fh function 344 * @inode: the object to encode 345 * @fid: where to store the file handle fragment 346 * @max_len: maximum length to store there 347 * @parent: parent directory inode, if wanted 348 * 349 * This default encode_fh function assumes that the 32 inode number 350 * is suitable for locating an inode, and that the generation number 351 * can be used to check that it is still valid. It places them in the 352 * filehandle fragment where export_decode_fh expects to find them. 353 */ 354 static int export_encode_fh(struct inode *inode, struct fid *fid, 355 int *max_len, struct inode *parent) 356 { 357 int len = *max_len; 358 int type = FILEID_INO32_GEN; 359 360 if (parent && (len < 4)) { 361 *max_len = 4; 362 return FILEID_INVALID; 363 } else if (len < 2) { 364 *max_len = 2; 365 return FILEID_INVALID; 366 } 367 368 len = 2; 369 fid->i32.ino = inode->i_ino; 370 fid->i32.gen = inode->i_generation; 371 if (parent) { 372 fid->i32.parent_ino = parent->i_ino; 373 fid->i32.parent_gen = parent->i_generation; 374 len = 4; 375 type = FILEID_INO32_GEN_PARENT; 376 } 377 *max_len = len; 378 return type; 379 } 380 381 int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, 382 int *max_len, struct inode *parent) 383 { 384 const struct export_operations *nop = inode->i_sb->s_export_op; 385 386 if (nop && nop->encode_fh) 387 return nop->encode_fh(inode, fid->raw, max_len, parent); 388 389 return export_encode_fh(inode, fid, max_len, parent); 390 } 391 EXPORT_SYMBOL_GPL(exportfs_encode_inode_fh); 392 393 int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, int *max_len, 394 int connectable) 395 { 396 int error; 397 struct dentry *p = NULL; 398 struct inode *inode = dentry->d_inode, *parent = NULL; 399 400 if (connectable && !S_ISDIR(inode->i_mode)) { 401 p = dget_parent(dentry); 402 /* 403 * note that while p might've ceased to be our parent already, 404 * it's still pinned by and still positive. 405 */ 406 parent = p->d_inode; 407 } 408 409 error = exportfs_encode_inode_fh(inode, fid, max_len, parent); 410 dput(p); 411 412 return error; 413 } 414 EXPORT_SYMBOL_GPL(exportfs_encode_fh); 415 416 struct dentry *exportfs_decode_fh(struct vfsmount *mnt, struct fid *fid, 417 int fh_len, int fileid_type, 418 int (*acceptable)(void *, struct dentry *), void *context) 419 { 420 const struct export_operations *nop = mnt->mnt_sb->s_export_op; 421 struct dentry *result, *alias; 422 char nbuf[NAME_MAX+1]; 423 int err; 424 425 /* 426 * Try to get any dentry for the given file handle from the filesystem. 427 */ 428 if (!nop || !nop->fh_to_dentry) 429 return ERR_PTR(-ESTALE); 430 result = nop->fh_to_dentry(mnt->mnt_sb, fid, fh_len, fileid_type); 431 if (PTR_ERR(result) == -ENOMEM) 432 return ERR_CAST(result); 433 if (IS_ERR_OR_NULL(result)) 434 return ERR_PTR(-ESTALE); 435 436 if (d_is_dir(result)) { 437 /* 438 * This request is for a directory. 439 * 440 * On the positive side there is only one dentry for each 441 * directory inode. On the negative side this implies that we 442 * to ensure our dentry is connected all the way up to the 443 * filesystem root. 444 */ 445 if (result->d_flags & DCACHE_DISCONNECTED) { 446 err = reconnect_path(mnt, result, nbuf); 447 if (err) 448 goto err_result; 449 } 450 451 if (!acceptable(context, result)) { 452 err = -EACCES; 453 goto err_result; 454 } 455 456 return result; 457 } else { 458 /* 459 * It's not a directory. Life is a little more complicated. 460 */ 461 struct dentry *target_dir, *nresult; 462 463 /* 464 * See if either the dentry we just got from the filesystem 465 * or any alias for it is acceptable. This is always true 466 * if this filesystem is exported without the subtreecheck 467 * option. If the filesystem is exported with the subtree 468 * check option there's a fair chance we need to look at 469 * the parent directory in the file handle and make sure 470 * it's connected to the filesystem root. 471 */ 472 alias = find_acceptable_alias(result, acceptable, context); 473 if (alias) 474 return alias; 475 476 /* 477 * Try to extract a dentry for the parent directory from the 478 * file handle. If this fails we'll have to give up. 479 */ 480 err = -ESTALE; 481 if (!nop->fh_to_parent) 482 goto err_result; 483 484 target_dir = nop->fh_to_parent(mnt->mnt_sb, fid, 485 fh_len, fileid_type); 486 if (!target_dir) 487 goto err_result; 488 err = PTR_ERR(target_dir); 489 if (IS_ERR(target_dir)) 490 goto err_result; 491 492 /* 493 * And as usual we need to make sure the parent directory is 494 * connected to the filesystem root. The VFS really doesn't 495 * like disconnected directories.. 496 */ 497 err = reconnect_path(mnt, target_dir, nbuf); 498 if (err) { 499 dput(target_dir); 500 goto err_result; 501 } 502 503 /* 504 * Now that we've got both a well-connected parent and a 505 * dentry for the inode we're after, make sure that our 506 * inode is actually connected to the parent. 507 */ 508 err = exportfs_get_name(mnt, target_dir, nbuf, result); 509 if (!err) { 510 inode_lock(target_dir->d_inode); 511 nresult = lookup_one_len(nbuf, target_dir, 512 strlen(nbuf)); 513 inode_unlock(target_dir->d_inode); 514 if (!IS_ERR(nresult)) { 515 if (nresult->d_inode) { 516 dput(result); 517 result = nresult; 518 } else 519 dput(nresult); 520 } 521 } 522 523 /* 524 * At this point we are done with the parent, but it's pinned 525 * by the child dentry anyway. 526 */ 527 dput(target_dir); 528 529 /* 530 * And finally make sure the dentry is actually acceptable 531 * to NFSD. 532 */ 533 alias = find_acceptable_alias(result, acceptable, context); 534 if (!alias) { 535 err = -EACCES; 536 goto err_result; 537 } 538 539 return alias; 540 } 541 542 err_result: 543 dput(result); 544 if (err != -ENOMEM) 545 err = -ESTALE; 546 return ERR_PTR(err); 547 } 548 EXPORT_SYMBOL_GPL(exportfs_decode_fh); 549 550 MODULE_LICENSE("GPL"); 551