xref: /openbmc/linux/fs/nfsd/nfs4state.c (revision 206a81c1)
1 /*
2 *  Copyright (c) 2001 The Regents of the University of Michigan.
3 *  All rights reserved.
4 *
5 *  Kendrick Smith <kmsmith@umich.edu>
6 *  Andy Adamson <kandros@umich.edu>
7 *
8 *  Redistribution and use in source and binary forms, with or without
9 *  modification, are permitted provided that the following conditions
10 *  are met:
11 *
12 *  1. Redistributions of source code must retain the above copyright
13 *     notice, this list of conditions and the following disclaimer.
14 *  2. Redistributions in binary form must reproduce the above copyright
15 *     notice, this list of conditions and the following disclaimer in the
16 *     documentation and/or other materials provided with the distribution.
17 *  3. Neither the name of the University nor the names of its
18 *     contributors may be used to endorse or promote products derived
19 *     from this software without specific prior written permission.
20 *
21 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
34 
35 #include <linux/file.h>
36 #include <linux/fs.h>
37 #include <linux/slab.h>
38 #include <linux/namei.h>
39 #include <linux/swap.h>
40 #include <linux/pagemap.h>
41 #include <linux/ratelimit.h>
42 #include <linux/sunrpc/svcauth_gss.h>
43 #include <linux/sunrpc/addr.h>
44 #include "xdr4.h"
45 #include "xdr4cb.h"
46 #include "vfs.h"
47 #include "current_stateid.h"
48 
49 #include "netns.h"
50 
51 #define NFSDDBG_FACILITY                NFSDDBG_PROC
52 
53 #define all_ones {{~0,~0},~0}
54 static const stateid_t one_stateid = {
55 	.si_generation = ~0,
56 	.si_opaque = all_ones,
57 };
58 static const stateid_t zero_stateid = {
59 	/* all fields zero */
60 };
61 static const stateid_t currentstateid = {
62 	.si_generation = 1,
63 };
64 
65 static u64 current_sessionid = 1;
66 
67 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
68 #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
69 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
70 
71 /* forward declarations */
72 static int check_for_locks(struct nfs4_file *filp, struct nfs4_lockowner *lowner);
73 
74 /* Locking: */
75 
76 /* Currently used for almost all code touching nfsv4 state: */
77 static DEFINE_MUTEX(client_mutex);
78 
79 /*
80  * Currently used for the del_recall_lru and file hash table.  In an
81  * effort to decrease the scope of the client_mutex, this spinlock may
82  * eventually cover more:
83  */
84 static DEFINE_SPINLOCK(state_lock);
85 
86 static struct kmem_cache *openowner_slab;
87 static struct kmem_cache *lockowner_slab;
88 static struct kmem_cache *file_slab;
89 static struct kmem_cache *stateid_slab;
90 static struct kmem_cache *deleg_slab;
91 
92 void
93 nfs4_lock_state(void)
94 {
95 	mutex_lock(&client_mutex);
96 }
97 
98 static void free_session(struct nfsd4_session *);
99 
100 static bool is_session_dead(struct nfsd4_session *ses)
101 {
102 	return ses->se_flags & NFS4_SESSION_DEAD;
103 }
104 
105 void nfsd4_put_session(struct nfsd4_session *ses)
106 {
107 	if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))
108 		free_session(ses);
109 }
110 
111 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)
112 {
113 	if (atomic_read(&ses->se_ref) > ref_held_by_me)
114 		return nfserr_jukebox;
115 	ses->se_flags |= NFS4_SESSION_DEAD;
116 	return nfs_ok;
117 }
118 
119 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses)
120 {
121 	if (is_session_dead(ses))
122 		return nfserr_badsession;
123 	atomic_inc(&ses->se_ref);
124 	return nfs_ok;
125 }
126 
127 void
128 nfs4_unlock_state(void)
129 {
130 	mutex_unlock(&client_mutex);
131 }
132 
133 static bool is_client_expired(struct nfs4_client *clp)
134 {
135 	return clp->cl_time == 0;
136 }
137 
138 static __be32 mark_client_expired_locked(struct nfs4_client *clp)
139 {
140 	if (atomic_read(&clp->cl_refcount))
141 		return nfserr_jukebox;
142 	clp->cl_time = 0;
143 	return nfs_ok;
144 }
145 
146 static __be32 mark_client_expired(struct nfs4_client *clp)
147 {
148 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
149 	__be32 ret;
150 
151 	spin_lock(&nn->client_lock);
152 	ret = mark_client_expired_locked(clp);
153 	spin_unlock(&nn->client_lock);
154 	return ret;
155 }
156 
157 static __be32 get_client_locked(struct nfs4_client *clp)
158 {
159 	if (is_client_expired(clp))
160 		return nfserr_expired;
161 	atomic_inc(&clp->cl_refcount);
162 	return nfs_ok;
163 }
164 
165 /* must be called under the client_lock */
166 static inline void
167 renew_client_locked(struct nfs4_client *clp)
168 {
169 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
170 
171 	if (is_client_expired(clp)) {
172 		WARN_ON(1);
173 		printk("%s: client (clientid %08x/%08x) already expired\n",
174 			__func__,
175 			clp->cl_clientid.cl_boot,
176 			clp->cl_clientid.cl_id);
177 		return;
178 	}
179 
180 	dprintk("renewing client (clientid %08x/%08x)\n",
181 			clp->cl_clientid.cl_boot,
182 			clp->cl_clientid.cl_id);
183 	list_move_tail(&clp->cl_lru, &nn->client_lru);
184 	clp->cl_time = get_seconds();
185 }
186 
187 static inline void
188 renew_client(struct nfs4_client *clp)
189 {
190 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
191 
192 	spin_lock(&nn->client_lock);
193 	renew_client_locked(clp);
194 	spin_unlock(&nn->client_lock);
195 }
196 
197 static void put_client_renew_locked(struct nfs4_client *clp)
198 {
199 	if (!atomic_dec_and_test(&clp->cl_refcount))
200 		return;
201 	if (!is_client_expired(clp))
202 		renew_client_locked(clp);
203 }
204 
205 void put_client_renew(struct nfs4_client *clp)
206 {
207 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
208 
209 	if (!atomic_dec_and_lock(&clp->cl_refcount, &nn->client_lock))
210 		return;
211 	if (!is_client_expired(clp))
212 		renew_client_locked(clp);
213 	spin_unlock(&nn->client_lock);
214 }
215 
216 
217 static inline u32
218 opaque_hashval(const void *ptr, int nbytes)
219 {
220 	unsigned char *cptr = (unsigned char *) ptr;
221 
222 	u32 x = 0;
223 	while (nbytes--) {
224 		x *= 37;
225 		x += *cptr++;
226 	}
227 	return x;
228 }
229 
230 static void nfsd4_free_file(struct nfs4_file *f)
231 {
232 	kmem_cache_free(file_slab, f);
233 }
234 
235 static inline void
236 put_nfs4_file(struct nfs4_file *fi)
237 {
238 	if (atomic_dec_and_lock(&fi->fi_ref, &state_lock)) {
239 		hlist_del(&fi->fi_hash);
240 		spin_unlock(&state_lock);
241 		iput(fi->fi_inode);
242 		nfsd4_free_file(fi);
243 	}
244 }
245 
246 static inline void
247 get_nfs4_file(struct nfs4_file *fi)
248 {
249 	atomic_inc(&fi->fi_ref);
250 }
251 
252 static int num_delegations;
253 unsigned long max_delegations;
254 
255 /*
256  * Open owner state (share locks)
257  */
258 
259 /* hash tables for lock and open owners */
260 #define OWNER_HASH_BITS              8
261 #define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
262 #define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)
263 
264 static unsigned int ownerstr_hashval(u32 clientid, struct xdr_netobj *ownername)
265 {
266 	unsigned int ret;
267 
268 	ret = opaque_hashval(ownername->data, ownername->len);
269 	ret += clientid;
270 	return ret & OWNER_HASH_MASK;
271 }
272 
273 /* hash table for nfs4_file */
274 #define FILE_HASH_BITS                   8
275 #define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)
276 
277 static unsigned int file_hashval(struct inode *ino)
278 {
279 	/* XXX: why are we hashing on inode pointer, anyway? */
280 	return hash_ptr(ino, FILE_HASH_BITS);
281 }
282 
283 static struct hlist_head file_hashtbl[FILE_HASH_SIZE];
284 
285 static void __nfs4_file_get_access(struct nfs4_file *fp, int oflag)
286 {
287 	WARN_ON_ONCE(!(fp->fi_fds[oflag] || fp->fi_fds[O_RDWR]));
288 	atomic_inc(&fp->fi_access[oflag]);
289 }
290 
291 static void nfs4_file_get_access(struct nfs4_file *fp, int oflag)
292 {
293 	if (oflag == O_RDWR) {
294 		__nfs4_file_get_access(fp, O_RDONLY);
295 		__nfs4_file_get_access(fp, O_WRONLY);
296 	} else
297 		__nfs4_file_get_access(fp, oflag);
298 }
299 
300 static void nfs4_file_put_fd(struct nfs4_file *fp, int oflag)
301 {
302 	if (fp->fi_fds[oflag]) {
303 		fput(fp->fi_fds[oflag]);
304 		fp->fi_fds[oflag] = NULL;
305 	}
306 }
307 
308 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
309 {
310 	if (atomic_dec_and_test(&fp->fi_access[oflag])) {
311 		nfs4_file_put_fd(fp, oflag);
312 		if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
313 			nfs4_file_put_fd(fp, O_RDWR);
314 	}
315 }
316 
317 static void nfs4_file_put_access(struct nfs4_file *fp, int oflag)
318 {
319 	if (oflag == O_RDWR) {
320 		__nfs4_file_put_access(fp, O_RDONLY);
321 		__nfs4_file_put_access(fp, O_WRONLY);
322 	} else
323 		__nfs4_file_put_access(fp, oflag);
324 }
325 
326 static struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct
327 kmem_cache *slab)
328 {
329 	struct idr *stateids = &cl->cl_stateids;
330 	struct nfs4_stid *stid;
331 	int new_id;
332 
333 	stid = kmem_cache_alloc(slab, GFP_KERNEL);
334 	if (!stid)
335 		return NULL;
336 
337 	new_id = idr_alloc_cyclic(stateids, stid, 0, 0, GFP_KERNEL);
338 	if (new_id < 0)
339 		goto out_free;
340 	stid->sc_client = cl;
341 	stid->sc_type = 0;
342 	stid->sc_stateid.si_opaque.so_id = new_id;
343 	stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid;
344 	/* Will be incremented before return to client: */
345 	stid->sc_stateid.si_generation = 0;
346 
347 	/*
348 	 * It shouldn't be a problem to reuse an opaque stateid value.
349 	 * I don't think it is for 4.1.  But with 4.0 I worry that, for
350 	 * example, a stray write retransmission could be accepted by
351 	 * the server when it should have been rejected.  Therefore,
352 	 * adopt a trick from the sctp code to attempt to maximize the
353 	 * amount of time until an id is reused, by ensuring they always
354 	 * "increase" (mod INT_MAX):
355 	 */
356 	return stid;
357 out_free:
358 	kmem_cache_free(slab, stid);
359 	return NULL;
360 }
361 
362 static struct nfs4_ol_stateid * nfs4_alloc_stateid(struct nfs4_client *clp)
363 {
364 	return openlockstateid(nfs4_alloc_stid(clp, stateid_slab));
365 }
366 
367 static struct nfs4_delegation *
368 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_ol_stateid *stp, struct svc_fh *current_fh)
369 {
370 	struct nfs4_delegation *dp;
371 
372 	dprintk("NFSD alloc_init_deleg\n");
373 	if (num_delegations > max_delegations)
374 		return NULL;
375 	dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab));
376 	if (dp == NULL)
377 		return dp;
378 	/*
379 	 * delegation seqid's are never incremented.  The 4.1 special
380 	 * meaning of seqid 0 isn't meaningful, really, but let's avoid
381 	 * 0 anyway just for consistency and use 1:
382 	 */
383 	dp->dl_stid.sc_stateid.si_generation = 1;
384 	num_delegations++;
385 	INIT_LIST_HEAD(&dp->dl_perfile);
386 	INIT_LIST_HEAD(&dp->dl_perclnt);
387 	INIT_LIST_HEAD(&dp->dl_recall_lru);
388 	dp->dl_file = NULL;
389 	dp->dl_type = NFS4_OPEN_DELEGATE_READ;
390 	fh_copy_shallow(&dp->dl_fh, &current_fh->fh_handle);
391 	dp->dl_time = 0;
392 	atomic_set(&dp->dl_count, 1);
393 	nfsd4_init_callback(&dp->dl_recall);
394 	return dp;
395 }
396 
397 static void remove_stid(struct nfs4_stid *s)
398 {
399 	struct idr *stateids = &s->sc_client->cl_stateids;
400 
401 	idr_remove(stateids, s->sc_stateid.si_opaque.so_id);
402 }
403 
404 static void nfs4_free_stid(struct kmem_cache *slab, struct nfs4_stid *s)
405 {
406 	kmem_cache_free(slab, s);
407 }
408 
409 void
410 nfs4_put_delegation(struct nfs4_delegation *dp)
411 {
412 	if (atomic_dec_and_test(&dp->dl_count)) {
413 		nfs4_free_stid(deleg_slab, &dp->dl_stid);
414 		num_delegations--;
415 	}
416 }
417 
418 static void nfs4_put_deleg_lease(struct nfs4_file *fp)
419 {
420 	if (!fp->fi_lease)
421 		return;
422 	if (atomic_dec_and_test(&fp->fi_delegees)) {
423 		vfs_setlease(fp->fi_deleg_file, F_UNLCK, &fp->fi_lease);
424 		fp->fi_lease = NULL;
425 		fput(fp->fi_deleg_file);
426 		fp->fi_deleg_file = NULL;
427 	}
428 }
429 
430 static void unhash_stid(struct nfs4_stid *s)
431 {
432 	s->sc_type = 0;
433 }
434 
435 static void
436 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp)
437 {
438 	lockdep_assert_held(&state_lock);
439 
440 	dp->dl_stid.sc_type = NFS4_DELEG_STID;
441 	list_add(&dp->dl_perfile, &fp->fi_delegations);
442 	list_add(&dp->dl_perclnt, &dp->dl_stid.sc_client->cl_delegations);
443 }
444 
445 /* Called under the state lock. */
446 static void
447 unhash_delegation(struct nfs4_delegation *dp)
448 {
449 	spin_lock(&state_lock);
450 	list_del_init(&dp->dl_perclnt);
451 	list_del_init(&dp->dl_perfile);
452 	list_del_init(&dp->dl_recall_lru);
453 	spin_unlock(&state_lock);
454 	if (dp->dl_file) {
455 		nfs4_put_deleg_lease(dp->dl_file);
456 		put_nfs4_file(dp->dl_file);
457 		dp->dl_file = NULL;
458 	}
459 }
460 
461 
462 
463 static void destroy_revoked_delegation(struct nfs4_delegation *dp)
464 {
465 	list_del_init(&dp->dl_recall_lru);
466 	remove_stid(&dp->dl_stid);
467 	nfs4_put_delegation(dp);
468 }
469 
470 static void destroy_delegation(struct nfs4_delegation *dp)
471 {
472 	unhash_delegation(dp);
473 	remove_stid(&dp->dl_stid);
474 	nfs4_put_delegation(dp);
475 }
476 
477 static void revoke_delegation(struct nfs4_delegation *dp)
478 {
479 	struct nfs4_client *clp = dp->dl_stid.sc_client;
480 
481 	if (clp->cl_minorversion == 0)
482 		destroy_delegation(dp);
483 	else {
484 		unhash_delegation(dp);
485 		dp->dl_stid.sc_type = NFS4_REVOKED_DELEG_STID;
486 		list_add(&dp->dl_recall_lru, &clp->cl_revoked);
487 	}
488 }
489 
490 /*
491  * SETCLIENTID state
492  */
493 
494 static unsigned int clientid_hashval(u32 id)
495 {
496 	return id & CLIENT_HASH_MASK;
497 }
498 
499 static unsigned int clientstr_hashval(const char *name)
500 {
501 	return opaque_hashval(name, 8) & CLIENT_HASH_MASK;
502 }
503 
504 /*
505  * We store the NONE, READ, WRITE, and BOTH bits separately in the
506  * st_{access,deny}_bmap field of the stateid, in order to track not
507  * only what share bits are currently in force, but also what
508  * combinations of share bits previous opens have used.  This allows us
509  * to enforce the recommendation of rfc 3530 14.2.19 that the server
510  * return an error if the client attempt to downgrade to a combination
511  * of share bits not explicable by closing some of its previous opens.
512  *
513  * XXX: This enforcement is actually incomplete, since we don't keep
514  * track of access/deny bit combinations; so, e.g., we allow:
515  *
516  *	OPEN allow read, deny write
517  *	OPEN allow both, deny none
518  *	DOWNGRADE allow read, deny none
519  *
520  * which we should reject.
521  */
522 static unsigned int
523 bmap_to_share_mode(unsigned long bmap) {
524 	int i;
525 	unsigned int access = 0;
526 
527 	for (i = 1; i < 4; i++) {
528 		if (test_bit(i, &bmap))
529 			access |= i;
530 	}
531 	return access;
532 }
533 
534 static bool
535 test_share(struct nfs4_ol_stateid *stp, struct nfsd4_open *open) {
536 	unsigned int access, deny;
537 
538 	access = bmap_to_share_mode(stp->st_access_bmap);
539 	deny = bmap_to_share_mode(stp->st_deny_bmap);
540 	if ((access & open->op_share_deny) || (deny & open->op_share_access))
541 		return false;
542 	return true;
543 }
544 
545 /* set share access for a given stateid */
546 static inline void
547 set_access(u32 access, struct nfs4_ol_stateid *stp)
548 {
549 	__set_bit(access, &stp->st_access_bmap);
550 }
551 
552 /* clear share access for a given stateid */
553 static inline void
554 clear_access(u32 access, struct nfs4_ol_stateid *stp)
555 {
556 	__clear_bit(access, &stp->st_access_bmap);
557 }
558 
559 /* test whether a given stateid has access */
560 static inline bool
561 test_access(u32 access, struct nfs4_ol_stateid *stp)
562 {
563 	return test_bit(access, &stp->st_access_bmap);
564 }
565 
566 /* set share deny for a given stateid */
567 static inline void
568 set_deny(u32 access, struct nfs4_ol_stateid *stp)
569 {
570 	__set_bit(access, &stp->st_deny_bmap);
571 }
572 
573 /* clear share deny for a given stateid */
574 static inline void
575 clear_deny(u32 access, struct nfs4_ol_stateid *stp)
576 {
577 	__clear_bit(access, &stp->st_deny_bmap);
578 }
579 
580 /* test whether a given stateid is denying specific access */
581 static inline bool
582 test_deny(u32 access, struct nfs4_ol_stateid *stp)
583 {
584 	return test_bit(access, &stp->st_deny_bmap);
585 }
586 
587 static int nfs4_access_to_omode(u32 access)
588 {
589 	switch (access & NFS4_SHARE_ACCESS_BOTH) {
590 	case NFS4_SHARE_ACCESS_READ:
591 		return O_RDONLY;
592 	case NFS4_SHARE_ACCESS_WRITE:
593 		return O_WRONLY;
594 	case NFS4_SHARE_ACCESS_BOTH:
595 		return O_RDWR;
596 	}
597 	WARN_ON_ONCE(1);
598 	return O_RDONLY;
599 }
600 
601 /* release all access and file references for a given stateid */
602 static void
603 release_all_access(struct nfs4_ol_stateid *stp)
604 {
605 	int i;
606 
607 	for (i = 1; i < 4; i++) {
608 		if (test_access(i, stp))
609 			nfs4_file_put_access(stp->st_file,
610 					     nfs4_access_to_omode(i));
611 		clear_access(i, stp);
612 	}
613 }
614 
615 static void unhash_generic_stateid(struct nfs4_ol_stateid *stp)
616 {
617 	list_del(&stp->st_perfile);
618 	list_del(&stp->st_perstateowner);
619 }
620 
621 static void close_generic_stateid(struct nfs4_ol_stateid *stp)
622 {
623 	release_all_access(stp);
624 	put_nfs4_file(stp->st_file);
625 	stp->st_file = NULL;
626 }
627 
628 static void free_generic_stateid(struct nfs4_ol_stateid *stp)
629 {
630 	remove_stid(&stp->st_stid);
631 	nfs4_free_stid(stateid_slab, &stp->st_stid);
632 }
633 
634 static void release_lock_stateid(struct nfs4_ol_stateid *stp)
635 {
636 	struct file *file;
637 
638 	unhash_generic_stateid(stp);
639 	unhash_stid(&stp->st_stid);
640 	file = find_any_file(stp->st_file);
641 	if (file)
642 		locks_remove_posix(file, (fl_owner_t)lockowner(stp->st_stateowner));
643 	close_generic_stateid(stp);
644 	free_generic_stateid(stp);
645 }
646 
647 static void unhash_lockowner(struct nfs4_lockowner *lo)
648 {
649 	struct nfs4_ol_stateid *stp;
650 
651 	list_del(&lo->lo_owner.so_strhash);
652 	list_del(&lo->lo_perstateid);
653 	list_del(&lo->lo_owner_ino_hash);
654 	while (!list_empty(&lo->lo_owner.so_stateids)) {
655 		stp = list_first_entry(&lo->lo_owner.so_stateids,
656 				struct nfs4_ol_stateid, st_perstateowner);
657 		release_lock_stateid(stp);
658 	}
659 }
660 
661 static void nfs4_free_lockowner(struct nfs4_lockowner *lo)
662 {
663 	kfree(lo->lo_owner.so_owner.data);
664 	kmem_cache_free(lockowner_slab, lo);
665 }
666 
667 static void release_lockowner(struct nfs4_lockowner *lo)
668 {
669 	unhash_lockowner(lo);
670 	nfs4_free_lockowner(lo);
671 }
672 
673 static void
674 release_stateid_lockowners(struct nfs4_ol_stateid *open_stp)
675 {
676 	struct nfs4_lockowner *lo;
677 
678 	while (!list_empty(&open_stp->st_lockowners)) {
679 		lo = list_entry(open_stp->st_lockowners.next,
680 				struct nfs4_lockowner, lo_perstateid);
681 		release_lockowner(lo);
682 	}
683 }
684 
685 static void unhash_open_stateid(struct nfs4_ol_stateid *stp)
686 {
687 	unhash_generic_stateid(stp);
688 	release_stateid_lockowners(stp);
689 	close_generic_stateid(stp);
690 }
691 
692 static void release_open_stateid(struct nfs4_ol_stateid *stp)
693 {
694 	unhash_open_stateid(stp);
695 	free_generic_stateid(stp);
696 }
697 
698 static void unhash_openowner(struct nfs4_openowner *oo)
699 {
700 	struct nfs4_ol_stateid *stp;
701 
702 	list_del(&oo->oo_owner.so_strhash);
703 	list_del(&oo->oo_perclient);
704 	while (!list_empty(&oo->oo_owner.so_stateids)) {
705 		stp = list_first_entry(&oo->oo_owner.so_stateids,
706 				struct nfs4_ol_stateid, st_perstateowner);
707 		release_open_stateid(stp);
708 	}
709 }
710 
711 static void release_last_closed_stateid(struct nfs4_openowner *oo)
712 {
713 	struct nfs4_ol_stateid *s = oo->oo_last_closed_stid;
714 
715 	if (s) {
716 		free_generic_stateid(s);
717 		oo->oo_last_closed_stid = NULL;
718 	}
719 }
720 
721 static void nfs4_free_openowner(struct nfs4_openowner *oo)
722 {
723 	kfree(oo->oo_owner.so_owner.data);
724 	kmem_cache_free(openowner_slab, oo);
725 }
726 
727 static void release_openowner(struct nfs4_openowner *oo)
728 {
729 	unhash_openowner(oo);
730 	list_del(&oo->oo_close_lru);
731 	release_last_closed_stateid(oo);
732 	nfs4_free_openowner(oo);
733 }
734 
735 static inline int
736 hash_sessionid(struct nfs4_sessionid *sessionid)
737 {
738 	struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
739 
740 	return sid->sequence % SESSION_HASH_SIZE;
741 }
742 
743 #ifdef NFSD_DEBUG
744 static inline void
745 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
746 {
747 	u32 *ptr = (u32 *)(&sessionid->data[0]);
748 	dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
749 }
750 #else
751 static inline void
752 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
753 {
754 }
755 #endif
756 
757 /*
758  * Bump the seqid on cstate->replay_owner, and clear replay_owner if it
759  * won't be used for replay.
760  */
761 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr)
762 {
763 	struct nfs4_stateowner *so = cstate->replay_owner;
764 
765 	if (nfserr == nfserr_replay_me)
766 		return;
767 
768 	if (!seqid_mutating_err(ntohl(nfserr))) {
769 		cstate->replay_owner = NULL;
770 		return;
771 	}
772 	if (!so)
773 		return;
774 	if (so->so_is_open_owner)
775 		release_last_closed_stateid(openowner(so));
776 	so->so_seqid++;
777 	return;
778 }
779 
780 static void
781 gen_sessionid(struct nfsd4_session *ses)
782 {
783 	struct nfs4_client *clp = ses->se_client;
784 	struct nfsd4_sessionid *sid;
785 
786 	sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
787 	sid->clientid = clp->cl_clientid;
788 	sid->sequence = current_sessionid++;
789 	sid->reserved = 0;
790 }
791 
792 /*
793  * The protocol defines ca_maxresponssize_cached to include the size of
794  * the rpc header, but all we need to cache is the data starting after
795  * the end of the initial SEQUENCE operation--the rest we regenerate
796  * each time.  Therefore we can advertise a ca_maxresponssize_cached
797  * value that is the number of bytes in our cache plus a few additional
798  * bytes.  In order to stay on the safe side, and not promise more than
799  * we can cache, those additional bytes must be the minimum possible: 24
800  * bytes of rpc header (xid through accept state, with AUTH_NULL
801  * verifier), 12 for the compound header (with zero-length tag), and 44
802  * for the SEQUENCE op response:
803  */
804 #define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)
805 
806 static void
807 free_session_slots(struct nfsd4_session *ses)
808 {
809 	int i;
810 
811 	for (i = 0; i < ses->se_fchannel.maxreqs; i++)
812 		kfree(ses->se_slots[i]);
813 }
814 
815 /*
816  * We don't actually need to cache the rpc and session headers, so we
817  * can allocate a little less for each slot:
818  */
819 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca)
820 {
821 	u32 size;
822 
823 	if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ)
824 		size = 0;
825 	else
826 		size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
827 	return size + sizeof(struct nfsd4_slot);
828 }
829 
830 /*
831  * XXX: If we run out of reserved DRC memory we could (up to a point)
832  * re-negotiate active sessions and reduce their slot usage to make
833  * room for new connections. For now we just fail the create session.
834  */
835 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca)
836 {
837 	u32 slotsize = slot_bytes(ca);
838 	u32 num = ca->maxreqs;
839 	int avail;
840 
841 	spin_lock(&nfsd_drc_lock);
842 	avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION,
843 		    nfsd_drc_max_mem - nfsd_drc_mem_used);
844 	num = min_t(int, num, avail / slotsize);
845 	nfsd_drc_mem_used += num * slotsize;
846 	spin_unlock(&nfsd_drc_lock);
847 
848 	return num;
849 }
850 
851 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca)
852 {
853 	int slotsize = slot_bytes(ca);
854 
855 	spin_lock(&nfsd_drc_lock);
856 	nfsd_drc_mem_used -= slotsize * ca->maxreqs;
857 	spin_unlock(&nfsd_drc_lock);
858 }
859 
860 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs,
861 					   struct nfsd4_channel_attrs *battrs)
862 {
863 	int numslots = fattrs->maxreqs;
864 	int slotsize = slot_bytes(fattrs);
865 	struct nfsd4_session *new;
866 	int mem, i;
867 
868 	BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
869 			+ sizeof(struct nfsd4_session) > PAGE_SIZE);
870 	mem = numslots * sizeof(struct nfsd4_slot *);
871 
872 	new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
873 	if (!new)
874 		return NULL;
875 	/* allocate each struct nfsd4_slot and data cache in one piece */
876 	for (i = 0; i < numslots; i++) {
877 		new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL);
878 		if (!new->se_slots[i])
879 			goto out_free;
880 	}
881 
882 	memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs));
883 	memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs));
884 
885 	return new;
886 out_free:
887 	while (i--)
888 		kfree(new->se_slots[i]);
889 	kfree(new);
890 	return NULL;
891 }
892 
893 static void free_conn(struct nfsd4_conn *c)
894 {
895 	svc_xprt_put(c->cn_xprt);
896 	kfree(c);
897 }
898 
899 static void nfsd4_conn_lost(struct svc_xpt_user *u)
900 {
901 	struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
902 	struct nfs4_client *clp = c->cn_session->se_client;
903 
904 	spin_lock(&clp->cl_lock);
905 	if (!list_empty(&c->cn_persession)) {
906 		list_del(&c->cn_persession);
907 		free_conn(c);
908 	}
909 	nfsd4_probe_callback(clp);
910 	spin_unlock(&clp->cl_lock);
911 }
912 
913 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
914 {
915 	struct nfsd4_conn *conn;
916 
917 	conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
918 	if (!conn)
919 		return NULL;
920 	svc_xprt_get(rqstp->rq_xprt);
921 	conn->cn_xprt = rqstp->rq_xprt;
922 	conn->cn_flags = flags;
923 	INIT_LIST_HEAD(&conn->cn_xpt_user.list);
924 	return conn;
925 }
926 
927 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
928 {
929 	conn->cn_session = ses;
930 	list_add(&conn->cn_persession, &ses->se_conns);
931 }
932 
933 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
934 {
935 	struct nfs4_client *clp = ses->se_client;
936 
937 	spin_lock(&clp->cl_lock);
938 	__nfsd4_hash_conn(conn, ses);
939 	spin_unlock(&clp->cl_lock);
940 }
941 
942 static int nfsd4_register_conn(struct nfsd4_conn *conn)
943 {
944 	conn->cn_xpt_user.callback = nfsd4_conn_lost;
945 	return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
946 }
947 
948 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses)
949 {
950 	int ret;
951 
952 	nfsd4_hash_conn(conn, ses);
953 	ret = nfsd4_register_conn(conn);
954 	if (ret)
955 		/* oops; xprt is already down: */
956 		nfsd4_conn_lost(&conn->cn_xpt_user);
957 	if (conn->cn_flags & NFS4_CDFC4_BACK) {
958 		/* callback channel may be back up */
959 		nfsd4_probe_callback(ses->se_client);
960 	}
961 }
962 
963 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses)
964 {
965 	u32 dir = NFS4_CDFC4_FORE;
966 
967 	if (cses->flags & SESSION4_BACK_CHAN)
968 		dir |= NFS4_CDFC4_BACK;
969 	return alloc_conn(rqstp, dir);
970 }
971 
972 /* must be called under client_lock */
973 static void nfsd4_del_conns(struct nfsd4_session *s)
974 {
975 	struct nfs4_client *clp = s->se_client;
976 	struct nfsd4_conn *c;
977 
978 	spin_lock(&clp->cl_lock);
979 	while (!list_empty(&s->se_conns)) {
980 		c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
981 		list_del_init(&c->cn_persession);
982 		spin_unlock(&clp->cl_lock);
983 
984 		unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
985 		free_conn(c);
986 
987 		spin_lock(&clp->cl_lock);
988 	}
989 	spin_unlock(&clp->cl_lock);
990 }
991 
992 static void __free_session(struct nfsd4_session *ses)
993 {
994 	free_session_slots(ses);
995 	kfree(ses);
996 }
997 
998 static void free_session(struct nfsd4_session *ses)
999 {
1000 	struct nfsd_net *nn = net_generic(ses->se_client->net, nfsd_net_id);
1001 
1002 	lockdep_assert_held(&nn->client_lock);
1003 	nfsd4_del_conns(ses);
1004 	nfsd4_put_drc_mem(&ses->se_fchannel);
1005 	__free_session(ses);
1006 }
1007 
1008 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses)
1009 {
1010 	int idx;
1011 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1012 
1013 	new->se_client = clp;
1014 	gen_sessionid(new);
1015 
1016 	INIT_LIST_HEAD(&new->se_conns);
1017 
1018 	new->se_cb_seq_nr = 1;
1019 	new->se_flags = cses->flags;
1020 	new->se_cb_prog = cses->callback_prog;
1021 	new->se_cb_sec = cses->cb_sec;
1022 	atomic_set(&new->se_ref, 0);
1023 	idx = hash_sessionid(&new->se_sessionid);
1024 	spin_lock(&nn->client_lock);
1025 	list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]);
1026 	spin_lock(&clp->cl_lock);
1027 	list_add(&new->se_perclnt, &clp->cl_sessions);
1028 	spin_unlock(&clp->cl_lock);
1029 	spin_unlock(&nn->client_lock);
1030 
1031 	if (cses->flags & SESSION4_BACK_CHAN) {
1032 		struct sockaddr *sa = svc_addr(rqstp);
1033 		/*
1034 		 * This is a little silly; with sessions there's no real
1035 		 * use for the callback address.  Use the peer address
1036 		 * as a reasonable default for now, but consider fixing
1037 		 * the rpc client not to require an address in the
1038 		 * future:
1039 		 */
1040 		rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
1041 		clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
1042 	}
1043 }
1044 
1045 /* caller must hold client_lock */
1046 static struct nfsd4_session *
1047 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net)
1048 {
1049 	struct nfsd4_session *elem;
1050 	int idx;
1051 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1052 
1053 	dump_sessionid(__func__, sessionid);
1054 	idx = hash_sessionid(sessionid);
1055 	/* Search in the appropriate list */
1056 	list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) {
1057 		if (!memcmp(elem->se_sessionid.data, sessionid->data,
1058 			    NFS4_MAX_SESSIONID_LEN)) {
1059 			return elem;
1060 		}
1061 	}
1062 
1063 	dprintk("%s: session not found\n", __func__);
1064 	return NULL;
1065 }
1066 
1067 /* caller must hold client_lock */
1068 static void
1069 unhash_session(struct nfsd4_session *ses)
1070 {
1071 	list_del(&ses->se_hash);
1072 	spin_lock(&ses->se_client->cl_lock);
1073 	list_del(&ses->se_perclnt);
1074 	spin_unlock(&ses->se_client->cl_lock);
1075 }
1076 
1077 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
1078 static int
1079 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn)
1080 {
1081 	if (clid->cl_boot == nn->boot_time)
1082 		return 0;
1083 	dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
1084 		clid->cl_boot, clid->cl_id, nn->boot_time);
1085 	return 1;
1086 }
1087 
1088 /*
1089  * XXX Should we use a slab cache ?
1090  * This type of memory management is somewhat inefficient, but we use it
1091  * anyway since SETCLIENTID is not a common operation.
1092  */
1093 static struct nfs4_client *alloc_client(struct xdr_netobj name)
1094 {
1095 	struct nfs4_client *clp;
1096 
1097 	clp = kzalloc(sizeof(struct nfs4_client), GFP_KERNEL);
1098 	if (clp == NULL)
1099 		return NULL;
1100 	clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
1101 	if (clp->cl_name.data == NULL) {
1102 		kfree(clp);
1103 		return NULL;
1104 	}
1105 	clp->cl_name.len = name.len;
1106 	INIT_LIST_HEAD(&clp->cl_sessions);
1107 	idr_init(&clp->cl_stateids);
1108 	atomic_set(&clp->cl_refcount, 0);
1109 	clp->cl_cb_state = NFSD4_CB_UNKNOWN;
1110 	INIT_LIST_HEAD(&clp->cl_idhash);
1111 	INIT_LIST_HEAD(&clp->cl_openowners);
1112 	INIT_LIST_HEAD(&clp->cl_delegations);
1113 	INIT_LIST_HEAD(&clp->cl_lru);
1114 	INIT_LIST_HEAD(&clp->cl_callbacks);
1115 	INIT_LIST_HEAD(&clp->cl_revoked);
1116 	spin_lock_init(&clp->cl_lock);
1117 	rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
1118 	return clp;
1119 }
1120 
1121 static void
1122 free_client(struct nfs4_client *clp)
1123 {
1124 	struct nfsd_net __maybe_unused *nn = net_generic(clp->net, nfsd_net_id);
1125 
1126 	lockdep_assert_held(&nn->client_lock);
1127 	while (!list_empty(&clp->cl_sessions)) {
1128 		struct nfsd4_session *ses;
1129 		ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
1130 				se_perclnt);
1131 		list_del(&ses->se_perclnt);
1132 		WARN_ON_ONCE(atomic_read(&ses->se_ref));
1133 		free_session(ses);
1134 	}
1135 	rpc_destroy_wait_queue(&clp->cl_cb_waitq);
1136 	free_svc_cred(&clp->cl_cred);
1137 	kfree(clp->cl_name.data);
1138 	idr_destroy(&clp->cl_stateids);
1139 	kfree(clp);
1140 }
1141 
1142 /* must be called under the client_lock */
1143 static inline void
1144 unhash_client_locked(struct nfs4_client *clp)
1145 {
1146 	struct nfsd4_session *ses;
1147 
1148 	list_del(&clp->cl_lru);
1149 	spin_lock(&clp->cl_lock);
1150 	list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
1151 		list_del_init(&ses->se_hash);
1152 	spin_unlock(&clp->cl_lock);
1153 }
1154 
1155 static void
1156 destroy_client(struct nfs4_client *clp)
1157 {
1158 	struct nfs4_openowner *oo;
1159 	struct nfs4_delegation *dp;
1160 	struct list_head reaplist;
1161 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1162 
1163 	INIT_LIST_HEAD(&reaplist);
1164 	spin_lock(&state_lock);
1165 	while (!list_empty(&clp->cl_delegations)) {
1166 		dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
1167 		list_del_init(&dp->dl_perclnt);
1168 		list_move(&dp->dl_recall_lru, &reaplist);
1169 	}
1170 	spin_unlock(&state_lock);
1171 	while (!list_empty(&reaplist)) {
1172 		dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
1173 		destroy_delegation(dp);
1174 	}
1175 	list_splice_init(&clp->cl_revoked, &reaplist);
1176 	while (!list_empty(&reaplist)) {
1177 		dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
1178 		destroy_revoked_delegation(dp);
1179 	}
1180 	while (!list_empty(&clp->cl_openowners)) {
1181 		oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
1182 		release_openowner(oo);
1183 	}
1184 	nfsd4_shutdown_callback(clp);
1185 	if (clp->cl_cb_conn.cb_xprt)
1186 		svc_xprt_put(clp->cl_cb_conn.cb_xprt);
1187 	list_del(&clp->cl_idhash);
1188 	if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
1189 		rb_erase(&clp->cl_namenode, &nn->conf_name_tree);
1190 	else
1191 		rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
1192 	spin_lock(&nn->client_lock);
1193 	unhash_client_locked(clp);
1194 	WARN_ON_ONCE(atomic_read(&clp->cl_refcount));
1195 	free_client(clp);
1196 	spin_unlock(&nn->client_lock);
1197 }
1198 
1199 static void expire_client(struct nfs4_client *clp)
1200 {
1201 	nfsd4_client_record_remove(clp);
1202 	destroy_client(clp);
1203 }
1204 
1205 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
1206 {
1207 	memcpy(target->cl_verifier.data, source->data,
1208 			sizeof(target->cl_verifier.data));
1209 }
1210 
1211 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
1212 {
1213 	target->cl_clientid.cl_boot = source->cl_clientid.cl_boot;
1214 	target->cl_clientid.cl_id = source->cl_clientid.cl_id;
1215 }
1216 
1217 static int copy_cred(struct svc_cred *target, struct svc_cred *source)
1218 {
1219 	if (source->cr_principal) {
1220 		target->cr_principal =
1221 				kstrdup(source->cr_principal, GFP_KERNEL);
1222 		if (target->cr_principal == NULL)
1223 			return -ENOMEM;
1224 	} else
1225 		target->cr_principal = NULL;
1226 	target->cr_flavor = source->cr_flavor;
1227 	target->cr_uid = source->cr_uid;
1228 	target->cr_gid = source->cr_gid;
1229 	target->cr_group_info = source->cr_group_info;
1230 	get_group_info(target->cr_group_info);
1231 	target->cr_gss_mech = source->cr_gss_mech;
1232 	if (source->cr_gss_mech)
1233 		gss_mech_get(source->cr_gss_mech);
1234 	return 0;
1235 }
1236 
1237 static long long
1238 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2)
1239 {
1240 	long long res;
1241 
1242 	res = o1->len - o2->len;
1243 	if (res)
1244 		return res;
1245 	return (long long)memcmp(o1->data, o2->data, o1->len);
1246 }
1247 
1248 static int same_name(const char *n1, const char *n2)
1249 {
1250 	return 0 == memcmp(n1, n2, HEXDIR_LEN);
1251 }
1252 
1253 static int
1254 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
1255 {
1256 	return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
1257 }
1258 
1259 static int
1260 same_clid(clientid_t *cl1, clientid_t *cl2)
1261 {
1262 	return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
1263 }
1264 
1265 static bool groups_equal(struct group_info *g1, struct group_info *g2)
1266 {
1267 	int i;
1268 
1269 	if (g1->ngroups != g2->ngroups)
1270 		return false;
1271 	for (i=0; i<g1->ngroups; i++)
1272 		if (!gid_eq(GROUP_AT(g1, i), GROUP_AT(g2, i)))
1273 			return false;
1274 	return true;
1275 }
1276 
1277 /*
1278  * RFC 3530 language requires clid_inuse be returned when the
1279  * "principal" associated with a requests differs from that previously
1280  * used.  We use uid, gid's, and gss principal string as our best
1281  * approximation.  We also don't want to allow non-gss use of a client
1282  * established using gss: in theory cr_principal should catch that
1283  * change, but in practice cr_principal can be null even in the gss case
1284  * since gssd doesn't always pass down a principal string.
1285  */
1286 static bool is_gss_cred(struct svc_cred *cr)
1287 {
1288 	/* Is cr_flavor one of the gss "pseudoflavors"?: */
1289 	return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
1290 }
1291 
1292 
1293 static bool
1294 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
1295 {
1296 	if ((is_gss_cred(cr1) != is_gss_cred(cr2))
1297 		|| (!uid_eq(cr1->cr_uid, cr2->cr_uid))
1298 		|| (!gid_eq(cr1->cr_gid, cr2->cr_gid))
1299 		|| !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
1300 		return false;
1301 	if (cr1->cr_principal == cr2->cr_principal)
1302 		return true;
1303 	if (!cr1->cr_principal || !cr2->cr_principal)
1304 		return false;
1305 	return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);
1306 }
1307 
1308 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)
1309 {
1310 	struct svc_cred *cr = &rqstp->rq_cred;
1311 	u32 service;
1312 
1313 	if (!cr->cr_gss_mech)
1314 		return false;
1315 	service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);
1316 	return service == RPC_GSS_SVC_INTEGRITY ||
1317 	       service == RPC_GSS_SVC_PRIVACY;
1318 }
1319 
1320 static bool mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)
1321 {
1322 	struct svc_cred *cr = &rqstp->rq_cred;
1323 
1324 	if (!cl->cl_mach_cred)
1325 		return true;
1326 	if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)
1327 		return false;
1328 	if (!svc_rqst_integrity_protected(rqstp))
1329 		return false;
1330 	if (!cr->cr_principal)
1331 		return false;
1332 	return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);
1333 }
1334 
1335 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)
1336 {
1337 	static u32 current_clientid = 1;
1338 
1339 	clp->cl_clientid.cl_boot = nn->boot_time;
1340 	clp->cl_clientid.cl_id = current_clientid++;
1341 }
1342 
1343 static void gen_confirm(struct nfs4_client *clp)
1344 {
1345 	__be32 verf[2];
1346 	static u32 i;
1347 
1348 	verf[0] = (__be32)get_seconds();
1349 	verf[1] = (__be32)i++;
1350 	memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
1351 }
1352 
1353 static struct nfs4_stid *find_stateid(struct nfs4_client *cl, stateid_t *t)
1354 {
1355 	struct nfs4_stid *ret;
1356 
1357 	ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id);
1358 	if (!ret || !ret->sc_type)
1359 		return NULL;
1360 	return ret;
1361 }
1362 
1363 static struct nfs4_stid *find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
1364 {
1365 	struct nfs4_stid *s;
1366 
1367 	s = find_stateid(cl, t);
1368 	if (!s)
1369 		return NULL;
1370 	if (typemask & s->sc_type)
1371 		return s;
1372 	return NULL;
1373 }
1374 
1375 static struct nfs4_client *create_client(struct xdr_netobj name,
1376 		struct svc_rqst *rqstp, nfs4_verifier *verf)
1377 {
1378 	struct nfs4_client *clp;
1379 	struct sockaddr *sa = svc_addr(rqstp);
1380 	int ret;
1381 	struct net *net = SVC_NET(rqstp);
1382 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1383 
1384 	clp = alloc_client(name);
1385 	if (clp == NULL)
1386 		return NULL;
1387 
1388 	ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred);
1389 	if (ret) {
1390 		spin_lock(&nn->client_lock);
1391 		free_client(clp);
1392 		spin_unlock(&nn->client_lock);
1393 		return NULL;
1394 	}
1395 	nfsd4_init_callback(&clp->cl_cb_null);
1396 	clp->cl_time = get_seconds();
1397 	clear_bit(0, &clp->cl_cb_slot_busy);
1398 	copy_verf(clp, verf);
1399 	rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
1400 	gen_confirm(clp);
1401 	clp->cl_cb_session = NULL;
1402 	clp->net = net;
1403 	return clp;
1404 }
1405 
1406 static void
1407 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root)
1408 {
1409 	struct rb_node **new = &(root->rb_node), *parent = NULL;
1410 	struct nfs4_client *clp;
1411 
1412 	while (*new) {
1413 		clp = rb_entry(*new, struct nfs4_client, cl_namenode);
1414 		parent = *new;
1415 
1416 		if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0)
1417 			new = &((*new)->rb_left);
1418 		else
1419 			new = &((*new)->rb_right);
1420 	}
1421 
1422 	rb_link_node(&new_clp->cl_namenode, parent, new);
1423 	rb_insert_color(&new_clp->cl_namenode, root);
1424 }
1425 
1426 static struct nfs4_client *
1427 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root)
1428 {
1429 	long long cmp;
1430 	struct rb_node *node = root->rb_node;
1431 	struct nfs4_client *clp;
1432 
1433 	while (node) {
1434 		clp = rb_entry(node, struct nfs4_client, cl_namenode);
1435 		cmp = compare_blob(&clp->cl_name, name);
1436 		if (cmp > 0)
1437 			node = node->rb_left;
1438 		else if (cmp < 0)
1439 			node = node->rb_right;
1440 		else
1441 			return clp;
1442 	}
1443 	return NULL;
1444 }
1445 
1446 static void
1447 add_to_unconfirmed(struct nfs4_client *clp)
1448 {
1449 	unsigned int idhashval;
1450 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1451 
1452 	clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
1453 	add_clp_to_name_tree(clp, &nn->unconf_name_tree);
1454 	idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1455 	list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]);
1456 	renew_client(clp);
1457 }
1458 
1459 static void
1460 move_to_confirmed(struct nfs4_client *clp)
1461 {
1462 	unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1463 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1464 
1465 	dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
1466 	list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]);
1467 	rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
1468 	add_clp_to_name_tree(clp, &nn->conf_name_tree);
1469 	set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
1470 	renew_client(clp);
1471 }
1472 
1473 static struct nfs4_client *
1474 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions)
1475 {
1476 	struct nfs4_client *clp;
1477 	unsigned int idhashval = clientid_hashval(clid->cl_id);
1478 
1479 	list_for_each_entry(clp, &tbl[idhashval], cl_idhash) {
1480 		if (same_clid(&clp->cl_clientid, clid)) {
1481 			if ((bool)clp->cl_minorversion != sessions)
1482 				return NULL;
1483 			renew_client(clp);
1484 			return clp;
1485 		}
1486 	}
1487 	return NULL;
1488 }
1489 
1490 static struct nfs4_client *
1491 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
1492 {
1493 	struct list_head *tbl = nn->conf_id_hashtbl;
1494 
1495 	return find_client_in_id_table(tbl, clid, sessions);
1496 }
1497 
1498 static struct nfs4_client *
1499 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
1500 {
1501 	struct list_head *tbl = nn->unconf_id_hashtbl;
1502 
1503 	return find_client_in_id_table(tbl, clid, sessions);
1504 }
1505 
1506 static bool clp_used_exchangeid(struct nfs4_client *clp)
1507 {
1508 	return clp->cl_exchange_flags != 0;
1509 }
1510 
1511 static struct nfs4_client *
1512 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
1513 {
1514 	return find_clp_in_name_tree(name, &nn->conf_name_tree);
1515 }
1516 
1517 static struct nfs4_client *
1518 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
1519 {
1520 	return find_clp_in_name_tree(name, &nn->unconf_name_tree);
1521 }
1522 
1523 static void
1524 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
1525 {
1526 	struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
1527 	struct sockaddr	*sa = svc_addr(rqstp);
1528 	u32 scopeid = rpc_get_scope_id(sa);
1529 	unsigned short expected_family;
1530 
1531 	/* Currently, we only support tcp and tcp6 for the callback channel */
1532 	if (se->se_callback_netid_len == 3 &&
1533 	    !memcmp(se->se_callback_netid_val, "tcp", 3))
1534 		expected_family = AF_INET;
1535 	else if (se->se_callback_netid_len == 4 &&
1536 		 !memcmp(se->se_callback_netid_val, "tcp6", 4))
1537 		expected_family = AF_INET6;
1538 	else
1539 		goto out_err;
1540 
1541 	conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val,
1542 					    se->se_callback_addr_len,
1543 					    (struct sockaddr *)&conn->cb_addr,
1544 					    sizeof(conn->cb_addr));
1545 
1546 	if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
1547 		goto out_err;
1548 
1549 	if (conn->cb_addr.ss_family == AF_INET6)
1550 		((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
1551 
1552 	conn->cb_prog = se->se_callback_prog;
1553 	conn->cb_ident = se->se_callback_ident;
1554 	memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
1555 	return;
1556 out_err:
1557 	conn->cb_addr.ss_family = AF_UNSPEC;
1558 	conn->cb_addrlen = 0;
1559 	dprintk(KERN_INFO "NFSD: this client (clientid %08x/%08x) "
1560 		"will not receive delegations\n",
1561 		clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);
1562 
1563 	return;
1564 }
1565 
1566 /*
1567  * Cache a reply. nfsd4_check_resp_size() has bounded the cache size.
1568  */
1569 void
1570 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
1571 {
1572 	struct xdr_buf *buf = resp->xdr.buf;
1573 	struct nfsd4_slot *slot = resp->cstate.slot;
1574 	unsigned int base;
1575 
1576 	dprintk("--> %s slot %p\n", __func__, slot);
1577 
1578 	slot->sl_opcnt = resp->opcnt;
1579 	slot->sl_status = resp->cstate.status;
1580 
1581 	slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
1582 	if (nfsd4_not_cached(resp)) {
1583 		slot->sl_datalen = 0;
1584 		return;
1585 	}
1586 	base = resp->cstate.data_offset;
1587 	slot->sl_datalen = buf->len - base;
1588 	if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen))
1589 		WARN("%s: sessions DRC could not cache compound\n", __func__);
1590 	return;
1591 }
1592 
1593 /*
1594  * Encode the replay sequence operation from the slot values.
1595  * If cachethis is FALSE encode the uncached rep error on the next
1596  * operation which sets resp->p and increments resp->opcnt for
1597  * nfs4svc_encode_compoundres.
1598  *
1599  */
1600 static __be32
1601 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
1602 			  struct nfsd4_compoundres *resp)
1603 {
1604 	struct nfsd4_op *op;
1605 	struct nfsd4_slot *slot = resp->cstate.slot;
1606 
1607 	/* Encode the replayed sequence operation */
1608 	op = &args->ops[resp->opcnt - 1];
1609 	nfsd4_encode_operation(resp, op);
1610 
1611 	/* Return nfserr_retry_uncached_rep in next operation. */
1612 	if (args->opcnt > 1 && !(slot->sl_flags & NFSD4_SLOT_CACHETHIS)) {
1613 		op = &args->ops[resp->opcnt++];
1614 		op->status = nfserr_retry_uncached_rep;
1615 		nfsd4_encode_operation(resp, op);
1616 	}
1617 	return op->status;
1618 }
1619 
1620 /*
1621  * The sequence operation is not cached because we can use the slot and
1622  * session values.
1623  */
1624 static __be32
1625 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
1626 			 struct nfsd4_sequence *seq)
1627 {
1628 	struct nfsd4_slot *slot = resp->cstate.slot;
1629 	struct xdr_stream *xdr = &resp->xdr;
1630 	__be32 *p;
1631 	__be32 status;
1632 
1633 	dprintk("--> %s slot %p\n", __func__, slot);
1634 
1635 	status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
1636 	if (status)
1637 		return status;
1638 
1639 	p = xdr_reserve_space(xdr, slot->sl_datalen);
1640 	if (!p) {
1641 		WARN_ON_ONCE(1);
1642 		return nfserr_serverfault;
1643 	}
1644 	xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen);
1645 	xdr_commit_encode(xdr);
1646 
1647 	resp->opcnt = slot->sl_opcnt;
1648 	return slot->sl_status;
1649 }
1650 
1651 /*
1652  * Set the exchange_id flags returned by the server.
1653  */
1654 static void
1655 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
1656 {
1657 	/* pNFS is not supported */
1658 	new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
1659 
1660 	/* Referrals are supported, Migration is not. */
1661 	new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
1662 
1663 	/* set the wire flags to return to client. */
1664 	clid->flags = new->cl_exchange_flags;
1665 }
1666 
1667 static bool client_has_state(struct nfs4_client *clp)
1668 {
1669 	/*
1670 	 * Note clp->cl_openowners check isn't quite right: there's no
1671 	 * need to count owners without stateid's.
1672 	 *
1673 	 * Also note we should probably be using this in 4.0 case too.
1674 	 */
1675 	return !list_empty(&clp->cl_openowners)
1676 		|| !list_empty(&clp->cl_delegations)
1677 		|| !list_empty(&clp->cl_sessions);
1678 }
1679 
1680 __be32
1681 nfsd4_exchange_id(struct svc_rqst *rqstp,
1682 		  struct nfsd4_compound_state *cstate,
1683 		  struct nfsd4_exchange_id *exid)
1684 {
1685 	struct nfs4_client *unconf, *conf, *new;
1686 	__be32 status;
1687 	char			addr_str[INET6_ADDRSTRLEN];
1688 	nfs4_verifier		verf = exid->verifier;
1689 	struct sockaddr		*sa = svc_addr(rqstp);
1690 	bool	update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A;
1691 	struct nfsd_net		*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1692 
1693 	rpc_ntop(sa, addr_str, sizeof(addr_str));
1694 	dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
1695 		"ip_addr=%s flags %x, spa_how %d\n",
1696 		__func__, rqstp, exid, exid->clname.len, exid->clname.data,
1697 		addr_str, exid->flags, exid->spa_how);
1698 
1699 	if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
1700 		return nfserr_inval;
1701 
1702 	switch (exid->spa_how) {
1703 	case SP4_MACH_CRED:
1704 		if (!svc_rqst_integrity_protected(rqstp))
1705 			return nfserr_inval;
1706 	case SP4_NONE:
1707 		break;
1708 	default:				/* checked by xdr code */
1709 		WARN_ON_ONCE(1);
1710 	case SP4_SSV:
1711 		return nfserr_encr_alg_unsupp;
1712 	}
1713 
1714 	/* Cases below refer to rfc 5661 section 18.35.4: */
1715 	nfs4_lock_state();
1716 	conf = find_confirmed_client_by_name(&exid->clname, nn);
1717 	if (conf) {
1718 		bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred);
1719 		bool verfs_match = same_verf(&verf, &conf->cl_verifier);
1720 
1721 		if (update) {
1722 			if (!clp_used_exchangeid(conf)) { /* buggy client */
1723 				status = nfserr_inval;
1724 				goto out;
1725 			}
1726 			if (!mach_creds_match(conf, rqstp)) {
1727 				status = nfserr_wrong_cred;
1728 				goto out;
1729 			}
1730 			if (!creds_match) { /* case 9 */
1731 				status = nfserr_perm;
1732 				goto out;
1733 			}
1734 			if (!verfs_match) { /* case 8 */
1735 				status = nfserr_not_same;
1736 				goto out;
1737 			}
1738 			/* case 6 */
1739 			exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
1740 			new = conf;
1741 			goto out_copy;
1742 		}
1743 		if (!creds_match) { /* case 3 */
1744 			if (client_has_state(conf)) {
1745 				status = nfserr_clid_inuse;
1746 				goto out;
1747 			}
1748 			expire_client(conf);
1749 			goto out_new;
1750 		}
1751 		if (verfs_match) { /* case 2 */
1752 			conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R;
1753 			new = conf;
1754 			goto out_copy;
1755 		}
1756 		/* case 5, client reboot */
1757 		goto out_new;
1758 	}
1759 
1760 	if (update) { /* case 7 */
1761 		status = nfserr_noent;
1762 		goto out;
1763 	}
1764 
1765 	unconf  = find_unconfirmed_client_by_name(&exid->clname, nn);
1766 	if (unconf) /* case 4, possible retry or client restart */
1767 		expire_client(unconf);
1768 
1769 	/* case 1 (normal case) */
1770 out_new:
1771 	new = create_client(exid->clname, rqstp, &verf);
1772 	if (new == NULL) {
1773 		status = nfserr_jukebox;
1774 		goto out;
1775 	}
1776 	new->cl_minorversion = cstate->minorversion;
1777 	new->cl_mach_cred = (exid->spa_how == SP4_MACH_CRED);
1778 
1779 	gen_clid(new, nn);
1780 	add_to_unconfirmed(new);
1781 out_copy:
1782 	exid->clientid.cl_boot = new->cl_clientid.cl_boot;
1783 	exid->clientid.cl_id = new->cl_clientid.cl_id;
1784 
1785 	exid->seqid = new->cl_cs_slot.sl_seqid + 1;
1786 	nfsd4_set_ex_flags(new, exid);
1787 
1788 	dprintk("nfsd4_exchange_id seqid %d flags %x\n",
1789 		new->cl_cs_slot.sl_seqid, new->cl_exchange_flags);
1790 	status = nfs_ok;
1791 
1792 out:
1793 	nfs4_unlock_state();
1794 	return status;
1795 }
1796 
1797 static __be32
1798 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
1799 {
1800 	dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
1801 		slot_seqid);
1802 
1803 	/* The slot is in use, and no response has been sent. */
1804 	if (slot_inuse) {
1805 		if (seqid == slot_seqid)
1806 			return nfserr_jukebox;
1807 		else
1808 			return nfserr_seq_misordered;
1809 	}
1810 	/* Note unsigned 32-bit arithmetic handles wraparound: */
1811 	if (likely(seqid == slot_seqid + 1))
1812 		return nfs_ok;
1813 	if (seqid == slot_seqid)
1814 		return nfserr_replay_cache;
1815 	return nfserr_seq_misordered;
1816 }
1817 
1818 /*
1819  * Cache the create session result into the create session single DRC
1820  * slot cache by saving the xdr structure. sl_seqid has been set.
1821  * Do this for solo or embedded create session operations.
1822  */
1823 static void
1824 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
1825 			   struct nfsd4_clid_slot *slot, __be32 nfserr)
1826 {
1827 	slot->sl_status = nfserr;
1828 	memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
1829 }
1830 
1831 static __be32
1832 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
1833 			    struct nfsd4_clid_slot *slot)
1834 {
1835 	memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
1836 	return slot->sl_status;
1837 }
1838 
1839 #define NFSD_MIN_REQ_HDR_SEQ_SZ	((\
1840 			2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
1841 			1 +	/* MIN tag is length with zero, only length */ \
1842 			3 +	/* version, opcount, opcode */ \
1843 			XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
1844 				/* seqid, slotID, slotID, cache */ \
1845 			4 ) * sizeof(__be32))
1846 
1847 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
1848 			2 +	/* verifier: AUTH_NULL, length 0 */\
1849 			1 +	/* status */ \
1850 			1 +	/* MIN tag is length with zero, only length */ \
1851 			3 +	/* opcount, opcode, opstatus*/ \
1852 			XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
1853 				/* seqid, slotID, slotID, slotID, status */ \
1854 			5 ) * sizeof(__be32))
1855 
1856 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
1857 {
1858 	u32 maxrpc = nn->nfsd_serv->sv_max_mesg;
1859 
1860 	if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ)
1861 		return nfserr_toosmall;
1862 	if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ)
1863 		return nfserr_toosmall;
1864 	ca->headerpadsz = 0;
1865 	ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc);
1866 	ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc);
1867 	ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND);
1868 	ca->maxresp_cached = min_t(u32, ca->maxresp_cached,
1869 			NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ);
1870 	ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION);
1871 	/*
1872 	 * Note decreasing slot size below client's request may make it
1873 	 * difficult for client to function correctly, whereas
1874 	 * decreasing the number of slots will (just?) affect
1875 	 * performance.  When short on memory we therefore prefer to
1876 	 * decrease number of slots instead of their size.  Clients that
1877 	 * request larger slots than they need will get poor results:
1878 	 */
1879 	ca->maxreqs = nfsd4_get_drc_mem(ca);
1880 	if (!ca->maxreqs)
1881 		return nfserr_jukebox;
1882 
1883 	return nfs_ok;
1884 }
1885 
1886 #define NFSD_CB_MAX_REQ_SZ	((NFS4_enc_cb_recall_sz + \
1887 				 RPC_MAX_HEADER_WITH_AUTH) * sizeof(__be32))
1888 #define NFSD_CB_MAX_RESP_SZ	((NFS4_dec_cb_recall_sz + \
1889 				 RPC_MAX_REPHEADER_WITH_AUTH) * sizeof(__be32))
1890 
1891 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
1892 {
1893 	ca->headerpadsz = 0;
1894 
1895 	/*
1896 	 * These RPC_MAX_HEADER macros are overkill, especially since we
1897 	 * don't even do gss on the backchannel yet.  But this is still
1898 	 * less than 1k.  Tighten up this estimate in the unlikely event
1899 	 * it turns out to be a problem for some client:
1900 	 */
1901 	if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
1902 		return nfserr_toosmall;
1903 	if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
1904 		return nfserr_toosmall;
1905 	ca->maxresp_cached = 0;
1906 	if (ca->maxops < 2)
1907 		return nfserr_toosmall;
1908 
1909 	return nfs_ok;
1910 }
1911 
1912 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
1913 {
1914 	switch (cbs->flavor) {
1915 	case RPC_AUTH_NULL:
1916 	case RPC_AUTH_UNIX:
1917 		return nfs_ok;
1918 	default:
1919 		/*
1920 		 * GSS case: the spec doesn't allow us to return this
1921 		 * error.  But it also doesn't allow us not to support
1922 		 * GSS.
1923 		 * I'd rather this fail hard than return some error the
1924 		 * client might think it can already handle:
1925 		 */
1926 		return nfserr_encr_alg_unsupp;
1927 	}
1928 }
1929 
1930 __be32
1931 nfsd4_create_session(struct svc_rqst *rqstp,
1932 		     struct nfsd4_compound_state *cstate,
1933 		     struct nfsd4_create_session *cr_ses)
1934 {
1935 	struct sockaddr *sa = svc_addr(rqstp);
1936 	struct nfs4_client *conf, *unconf;
1937 	struct nfsd4_session *new;
1938 	struct nfsd4_conn *conn;
1939 	struct nfsd4_clid_slot *cs_slot = NULL;
1940 	__be32 status = 0;
1941 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1942 
1943 	if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
1944 		return nfserr_inval;
1945 	status = nfsd4_check_cb_sec(&cr_ses->cb_sec);
1946 	if (status)
1947 		return status;
1948 	status = check_forechannel_attrs(&cr_ses->fore_channel, nn);
1949 	if (status)
1950 		return status;
1951 	status = check_backchannel_attrs(&cr_ses->back_channel);
1952 	if (status)
1953 		goto out_release_drc_mem;
1954 	status = nfserr_jukebox;
1955 	new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel);
1956 	if (!new)
1957 		goto out_release_drc_mem;
1958 	conn = alloc_conn_from_crses(rqstp, cr_ses);
1959 	if (!conn)
1960 		goto out_free_session;
1961 
1962 	nfs4_lock_state();
1963 	unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn);
1964 	conf = find_confirmed_client(&cr_ses->clientid, true, nn);
1965 	WARN_ON_ONCE(conf && unconf);
1966 
1967 	if (conf) {
1968 		status = nfserr_wrong_cred;
1969 		if (!mach_creds_match(conf, rqstp))
1970 			goto out_free_conn;
1971 		cs_slot = &conf->cl_cs_slot;
1972 		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1973 		if (status == nfserr_replay_cache) {
1974 			status = nfsd4_replay_create_session(cr_ses, cs_slot);
1975 			goto out_free_conn;
1976 		} else if (cr_ses->seqid != cs_slot->sl_seqid + 1) {
1977 			status = nfserr_seq_misordered;
1978 			goto out_free_conn;
1979 		}
1980 	} else if (unconf) {
1981 		struct nfs4_client *old;
1982 		if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
1983 		    !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
1984 			status = nfserr_clid_inuse;
1985 			goto out_free_conn;
1986 		}
1987 		status = nfserr_wrong_cred;
1988 		if (!mach_creds_match(unconf, rqstp))
1989 			goto out_free_conn;
1990 		cs_slot = &unconf->cl_cs_slot;
1991 		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1992 		if (status) {
1993 			/* an unconfirmed replay returns misordered */
1994 			status = nfserr_seq_misordered;
1995 			goto out_free_conn;
1996 		}
1997 		old = find_confirmed_client_by_name(&unconf->cl_name, nn);
1998 		if (old) {
1999 			status = mark_client_expired(old);
2000 			if (status)
2001 				goto out_free_conn;
2002 			expire_client(old);
2003 		}
2004 		move_to_confirmed(unconf);
2005 		conf = unconf;
2006 	} else {
2007 		status = nfserr_stale_clientid;
2008 		goto out_free_conn;
2009 	}
2010 	status = nfs_ok;
2011 	/*
2012 	 * We do not support RDMA or persistent sessions
2013 	 */
2014 	cr_ses->flags &= ~SESSION4_PERSIST;
2015 	cr_ses->flags &= ~SESSION4_RDMA;
2016 
2017 	init_session(rqstp, new, conf, cr_ses);
2018 	nfsd4_init_conn(rqstp, conn, new);
2019 
2020 	memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
2021 	       NFS4_MAX_SESSIONID_LEN);
2022 	cs_slot->sl_seqid++;
2023 	cr_ses->seqid = cs_slot->sl_seqid;
2024 
2025 	/* cache solo and embedded create sessions under the state lock */
2026 	nfsd4_cache_create_session(cr_ses, cs_slot, status);
2027 	nfs4_unlock_state();
2028 	return status;
2029 out_free_conn:
2030 	nfs4_unlock_state();
2031 	free_conn(conn);
2032 out_free_session:
2033 	__free_session(new);
2034 out_release_drc_mem:
2035 	nfsd4_put_drc_mem(&cr_ses->fore_channel);
2036 	return status;
2037 }
2038 
2039 static __be32 nfsd4_map_bcts_dir(u32 *dir)
2040 {
2041 	switch (*dir) {
2042 	case NFS4_CDFC4_FORE:
2043 	case NFS4_CDFC4_BACK:
2044 		return nfs_ok;
2045 	case NFS4_CDFC4_FORE_OR_BOTH:
2046 	case NFS4_CDFC4_BACK_OR_BOTH:
2047 		*dir = NFS4_CDFC4_BOTH;
2048 		return nfs_ok;
2049 	};
2050 	return nfserr_inval;
2051 }
2052 
2053 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_backchannel_ctl *bc)
2054 {
2055 	struct nfsd4_session *session = cstate->session;
2056 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2057 	__be32 status;
2058 
2059 	status = nfsd4_check_cb_sec(&bc->bc_cb_sec);
2060 	if (status)
2061 		return status;
2062 	spin_lock(&nn->client_lock);
2063 	session->se_cb_prog = bc->bc_cb_program;
2064 	session->se_cb_sec = bc->bc_cb_sec;
2065 	spin_unlock(&nn->client_lock);
2066 
2067 	nfsd4_probe_callback(session->se_client);
2068 
2069 	return nfs_ok;
2070 }
2071 
2072 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
2073 		     struct nfsd4_compound_state *cstate,
2074 		     struct nfsd4_bind_conn_to_session *bcts)
2075 {
2076 	__be32 status;
2077 	struct nfsd4_conn *conn;
2078 	struct nfsd4_session *session;
2079 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2080 
2081 	if (!nfsd4_last_compound_op(rqstp))
2082 		return nfserr_not_only_op;
2083 	nfs4_lock_state();
2084 	spin_lock(&nn->client_lock);
2085 	session = find_in_sessionid_hashtbl(&bcts->sessionid, SVC_NET(rqstp));
2086 	spin_unlock(&nn->client_lock);
2087 	status = nfserr_badsession;
2088 	if (!session)
2089 		goto out;
2090 	status = nfserr_wrong_cred;
2091 	if (!mach_creds_match(session->se_client, rqstp))
2092 		goto out;
2093 	status = nfsd4_map_bcts_dir(&bcts->dir);
2094 	if (status)
2095 		goto out;
2096 	conn = alloc_conn(rqstp, bcts->dir);
2097 	status = nfserr_jukebox;
2098 	if (!conn)
2099 		goto out;
2100 	nfsd4_init_conn(rqstp, conn, session);
2101 	status = nfs_ok;
2102 out:
2103 	nfs4_unlock_state();
2104 	return status;
2105 }
2106 
2107 static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
2108 {
2109 	if (!session)
2110 		return 0;
2111 	return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
2112 }
2113 
2114 __be32
2115 nfsd4_destroy_session(struct svc_rqst *r,
2116 		      struct nfsd4_compound_state *cstate,
2117 		      struct nfsd4_destroy_session *sessionid)
2118 {
2119 	struct nfsd4_session *ses;
2120 	__be32 status;
2121 	int ref_held_by_me = 0;
2122 	struct nfsd_net *nn = net_generic(SVC_NET(r), nfsd_net_id);
2123 
2124 	nfs4_lock_state();
2125 	status = nfserr_not_only_op;
2126 	if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
2127 		if (!nfsd4_last_compound_op(r))
2128 			goto out;
2129 		ref_held_by_me++;
2130 	}
2131 	dump_sessionid(__func__, &sessionid->sessionid);
2132 	spin_lock(&nn->client_lock);
2133 	ses = find_in_sessionid_hashtbl(&sessionid->sessionid, SVC_NET(r));
2134 	status = nfserr_badsession;
2135 	if (!ses)
2136 		goto out_client_lock;
2137 	status = nfserr_wrong_cred;
2138 	if (!mach_creds_match(ses->se_client, r))
2139 		goto out_client_lock;
2140 	nfsd4_get_session_locked(ses);
2141 	status = mark_session_dead_locked(ses, 1 + ref_held_by_me);
2142 	if (status)
2143 		goto out_put_session;
2144 	unhash_session(ses);
2145 	spin_unlock(&nn->client_lock);
2146 
2147 	nfsd4_probe_callback_sync(ses->se_client);
2148 
2149 	spin_lock(&nn->client_lock);
2150 	status = nfs_ok;
2151 out_put_session:
2152 	nfsd4_put_session(ses);
2153 out_client_lock:
2154 	spin_unlock(&nn->client_lock);
2155 out:
2156 	nfs4_unlock_state();
2157 	return status;
2158 }
2159 
2160 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
2161 {
2162 	struct nfsd4_conn *c;
2163 
2164 	list_for_each_entry(c, &s->se_conns, cn_persession) {
2165 		if (c->cn_xprt == xpt) {
2166 			return c;
2167 		}
2168 	}
2169 	return NULL;
2170 }
2171 
2172 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
2173 {
2174 	struct nfs4_client *clp = ses->se_client;
2175 	struct nfsd4_conn *c;
2176 	__be32 status = nfs_ok;
2177 	int ret;
2178 
2179 	spin_lock(&clp->cl_lock);
2180 	c = __nfsd4_find_conn(new->cn_xprt, ses);
2181 	if (c)
2182 		goto out_free;
2183 	status = nfserr_conn_not_bound_to_session;
2184 	if (clp->cl_mach_cred)
2185 		goto out_free;
2186 	__nfsd4_hash_conn(new, ses);
2187 	spin_unlock(&clp->cl_lock);
2188 	ret = nfsd4_register_conn(new);
2189 	if (ret)
2190 		/* oops; xprt is already down: */
2191 		nfsd4_conn_lost(&new->cn_xpt_user);
2192 	return nfs_ok;
2193 out_free:
2194 	spin_unlock(&clp->cl_lock);
2195 	free_conn(new);
2196 	return status;
2197 }
2198 
2199 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
2200 {
2201 	struct nfsd4_compoundargs *args = rqstp->rq_argp;
2202 
2203 	return args->opcnt > session->se_fchannel.maxops;
2204 }
2205 
2206 static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
2207 				  struct nfsd4_session *session)
2208 {
2209 	struct xdr_buf *xb = &rqstp->rq_arg;
2210 
2211 	return xb->len > session->se_fchannel.maxreq_sz;
2212 }
2213 
2214 __be32
2215 nfsd4_sequence(struct svc_rqst *rqstp,
2216 	       struct nfsd4_compound_state *cstate,
2217 	       struct nfsd4_sequence *seq)
2218 {
2219 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
2220 	struct xdr_stream *xdr = &resp->xdr;
2221 	struct nfsd4_session *session;
2222 	struct nfs4_client *clp;
2223 	struct nfsd4_slot *slot;
2224 	struct nfsd4_conn *conn;
2225 	__be32 status;
2226 	int buflen;
2227 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2228 
2229 	if (resp->opcnt != 1)
2230 		return nfserr_sequence_pos;
2231 
2232 	/*
2233 	 * Will be either used or freed by nfsd4_sequence_check_conn
2234 	 * below.
2235 	 */
2236 	conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
2237 	if (!conn)
2238 		return nfserr_jukebox;
2239 
2240 	spin_lock(&nn->client_lock);
2241 	status = nfserr_badsession;
2242 	session = find_in_sessionid_hashtbl(&seq->sessionid, SVC_NET(rqstp));
2243 	if (!session)
2244 		goto out_no_session;
2245 	clp = session->se_client;
2246 	status = get_client_locked(clp);
2247 	if (status)
2248 		goto out_no_session;
2249 	status = nfsd4_get_session_locked(session);
2250 	if (status)
2251 		goto out_put_client;
2252 
2253 	status = nfserr_too_many_ops;
2254 	if (nfsd4_session_too_many_ops(rqstp, session))
2255 		goto out_put_session;
2256 
2257 	status = nfserr_req_too_big;
2258 	if (nfsd4_request_too_big(rqstp, session))
2259 		goto out_put_session;
2260 
2261 	status = nfserr_badslot;
2262 	if (seq->slotid >= session->se_fchannel.maxreqs)
2263 		goto out_put_session;
2264 
2265 	slot = session->se_slots[seq->slotid];
2266 	dprintk("%s: slotid %d\n", __func__, seq->slotid);
2267 
2268 	/* We do not negotiate the number of slots yet, so set the
2269 	 * maxslots to the session maxreqs which is used to encode
2270 	 * sr_highest_slotid and the sr_target_slot id to maxslots */
2271 	seq->maxslots = session->se_fchannel.maxreqs;
2272 
2273 	status = check_slot_seqid(seq->seqid, slot->sl_seqid,
2274 					slot->sl_flags & NFSD4_SLOT_INUSE);
2275 	if (status == nfserr_replay_cache) {
2276 		status = nfserr_seq_misordered;
2277 		if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
2278 			goto out_put_session;
2279 		cstate->slot = slot;
2280 		cstate->session = session;
2281 		/* Return the cached reply status and set cstate->status
2282 		 * for nfsd4_proc_compound processing */
2283 		status = nfsd4_replay_cache_entry(resp, seq);
2284 		cstate->status = nfserr_replay_cache;
2285 		goto out;
2286 	}
2287 	if (status)
2288 		goto out_put_session;
2289 
2290 	status = nfsd4_sequence_check_conn(conn, session);
2291 	conn = NULL;
2292 	if (status)
2293 		goto out_put_session;
2294 
2295 	buflen = (seq->cachethis) ?
2296 			session->se_fchannel.maxresp_cached :
2297 			session->se_fchannel.maxresp_sz;
2298 	status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
2299 				    nfserr_rep_too_big;
2300 	if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
2301 		goto out_put_session;
2302 	svc_reserve(rqstp, buflen);
2303 
2304 	status = nfs_ok;
2305 	/* Success! bump slot seqid */
2306 	slot->sl_seqid = seq->seqid;
2307 	slot->sl_flags |= NFSD4_SLOT_INUSE;
2308 	if (seq->cachethis)
2309 		slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
2310 	else
2311 		slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;
2312 
2313 	cstate->slot = slot;
2314 	cstate->session = session;
2315 
2316 out:
2317 	switch (clp->cl_cb_state) {
2318 	case NFSD4_CB_DOWN:
2319 		seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
2320 		break;
2321 	case NFSD4_CB_FAULT:
2322 		seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
2323 		break;
2324 	default:
2325 		seq->status_flags = 0;
2326 	}
2327 	if (!list_empty(&clp->cl_revoked))
2328 		seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED;
2329 out_no_session:
2330 	if (conn)
2331 		free_conn(conn);
2332 	spin_unlock(&nn->client_lock);
2333 	return status;
2334 out_put_session:
2335 	nfsd4_put_session(session);
2336 out_put_client:
2337 	put_client_renew_locked(clp);
2338 	goto out_no_session;
2339 }
2340 
2341 __be32
2342 nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_destroy_clientid *dc)
2343 {
2344 	struct nfs4_client *conf, *unconf, *clp;
2345 	__be32 status = 0;
2346 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2347 
2348 	nfs4_lock_state();
2349 	unconf = find_unconfirmed_client(&dc->clientid, true, nn);
2350 	conf = find_confirmed_client(&dc->clientid, true, nn);
2351 	WARN_ON_ONCE(conf && unconf);
2352 
2353 	if (conf) {
2354 		clp = conf;
2355 
2356 		if (client_has_state(conf)) {
2357 			status = nfserr_clientid_busy;
2358 			goto out;
2359 		}
2360 	} else if (unconf)
2361 		clp = unconf;
2362 	else {
2363 		status = nfserr_stale_clientid;
2364 		goto out;
2365 	}
2366 	if (!mach_creds_match(clp, rqstp)) {
2367 		status = nfserr_wrong_cred;
2368 		goto out;
2369 	}
2370 	expire_client(clp);
2371 out:
2372 	nfs4_unlock_state();
2373 	return status;
2374 }
2375 
2376 __be32
2377 nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
2378 {
2379 	__be32 status = 0;
2380 
2381 	if (rc->rca_one_fs) {
2382 		if (!cstate->current_fh.fh_dentry)
2383 			return nfserr_nofilehandle;
2384 		/*
2385 		 * We don't take advantage of the rca_one_fs case.
2386 		 * That's OK, it's optional, we can safely ignore it.
2387 		 */
2388 		 return nfs_ok;
2389 	}
2390 
2391 	nfs4_lock_state();
2392 	status = nfserr_complete_already;
2393 	if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
2394 			     &cstate->session->se_client->cl_flags))
2395 		goto out;
2396 
2397 	status = nfserr_stale_clientid;
2398 	if (is_client_expired(cstate->session->se_client))
2399 		/*
2400 		 * The following error isn't really legal.
2401 		 * But we only get here if the client just explicitly
2402 		 * destroyed the client.  Surely it no longer cares what
2403 		 * error it gets back on an operation for the dead
2404 		 * client.
2405 		 */
2406 		goto out;
2407 
2408 	status = nfs_ok;
2409 	nfsd4_client_record_create(cstate->session->se_client);
2410 out:
2411 	nfs4_unlock_state();
2412 	return status;
2413 }
2414 
2415 __be32
2416 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
2417 		  struct nfsd4_setclientid *setclid)
2418 {
2419 	struct xdr_netobj 	clname = setclid->se_name;
2420 	nfs4_verifier		clverifier = setclid->se_verf;
2421 	struct nfs4_client	*conf, *unconf, *new;
2422 	__be32 			status;
2423 	struct nfsd_net		*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2424 
2425 	/* Cases below refer to rfc 3530 section 14.2.33: */
2426 	nfs4_lock_state();
2427 	conf = find_confirmed_client_by_name(&clname, nn);
2428 	if (conf) {
2429 		/* case 0: */
2430 		status = nfserr_clid_inuse;
2431 		if (clp_used_exchangeid(conf))
2432 			goto out;
2433 		if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
2434 			char addr_str[INET6_ADDRSTRLEN];
2435 			rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
2436 				 sizeof(addr_str));
2437 			dprintk("NFSD: setclientid: string in use by client "
2438 				"at %s\n", addr_str);
2439 			goto out;
2440 		}
2441 	}
2442 	unconf = find_unconfirmed_client_by_name(&clname, nn);
2443 	if (unconf)
2444 		expire_client(unconf);
2445 	status = nfserr_jukebox;
2446 	new = create_client(clname, rqstp, &clverifier);
2447 	if (new == NULL)
2448 		goto out;
2449 	if (conf && same_verf(&conf->cl_verifier, &clverifier))
2450 		/* case 1: probable callback update */
2451 		copy_clid(new, conf);
2452 	else /* case 4 (new client) or cases 2, 3 (client reboot): */
2453 		gen_clid(new, nn);
2454 	new->cl_minorversion = 0;
2455 	gen_callback(new, setclid, rqstp);
2456 	add_to_unconfirmed(new);
2457 	setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
2458 	setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
2459 	memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
2460 	status = nfs_ok;
2461 out:
2462 	nfs4_unlock_state();
2463 	return status;
2464 }
2465 
2466 
2467 __be32
2468 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
2469 			 struct nfsd4_compound_state *cstate,
2470 			 struct nfsd4_setclientid_confirm *setclientid_confirm)
2471 {
2472 	struct nfs4_client *conf, *unconf;
2473 	nfs4_verifier confirm = setclientid_confirm->sc_confirm;
2474 	clientid_t * clid = &setclientid_confirm->sc_clientid;
2475 	__be32 status;
2476 	struct nfsd_net	*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2477 
2478 	if (STALE_CLIENTID(clid, nn))
2479 		return nfserr_stale_clientid;
2480 	nfs4_lock_state();
2481 
2482 	conf = find_confirmed_client(clid, false, nn);
2483 	unconf = find_unconfirmed_client(clid, false, nn);
2484 	/*
2485 	 * We try hard to give out unique clientid's, so if we get an
2486 	 * attempt to confirm the same clientid with a different cred,
2487 	 * there's a bug somewhere.  Let's charitably assume it's our
2488 	 * bug.
2489 	 */
2490 	status = nfserr_serverfault;
2491 	if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred))
2492 		goto out;
2493 	if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred))
2494 		goto out;
2495 	/* cases below refer to rfc 3530 section 14.2.34: */
2496 	if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
2497 		if (conf && !unconf) /* case 2: probable retransmit */
2498 			status = nfs_ok;
2499 		else /* case 4: client hasn't noticed we rebooted yet? */
2500 			status = nfserr_stale_clientid;
2501 		goto out;
2502 	}
2503 	status = nfs_ok;
2504 	if (conf) { /* case 1: callback update */
2505 		nfsd4_change_callback(conf, &unconf->cl_cb_conn);
2506 		nfsd4_probe_callback(conf);
2507 		expire_client(unconf);
2508 	} else { /* case 3: normal case; new or rebooted client */
2509 		conf = find_confirmed_client_by_name(&unconf->cl_name, nn);
2510 		if (conf) {
2511 			status = mark_client_expired(conf);
2512 			if (status)
2513 				goto out;
2514 			expire_client(conf);
2515 		}
2516 		move_to_confirmed(unconf);
2517 		nfsd4_probe_callback(unconf);
2518 	}
2519 out:
2520 	nfs4_unlock_state();
2521 	return status;
2522 }
2523 
2524 static struct nfs4_file *nfsd4_alloc_file(void)
2525 {
2526 	return kmem_cache_alloc(file_slab, GFP_KERNEL);
2527 }
2528 
2529 /* OPEN Share state helper functions */
2530 static void nfsd4_init_file(struct nfs4_file *fp, struct inode *ino)
2531 {
2532 	unsigned int hashval = file_hashval(ino);
2533 
2534 	atomic_set(&fp->fi_ref, 1);
2535 	INIT_LIST_HEAD(&fp->fi_stateids);
2536 	INIT_LIST_HEAD(&fp->fi_delegations);
2537 	fp->fi_inode = igrab(ino);
2538 	fp->fi_had_conflict = false;
2539 	fp->fi_lease = NULL;
2540 	memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
2541 	memset(fp->fi_access, 0, sizeof(fp->fi_access));
2542 	spin_lock(&state_lock);
2543 	hlist_add_head(&fp->fi_hash, &file_hashtbl[hashval]);
2544 	spin_unlock(&state_lock);
2545 }
2546 
2547 void
2548 nfsd4_free_slabs(void)
2549 {
2550 	kmem_cache_destroy(openowner_slab);
2551 	kmem_cache_destroy(lockowner_slab);
2552 	kmem_cache_destroy(file_slab);
2553 	kmem_cache_destroy(stateid_slab);
2554 	kmem_cache_destroy(deleg_slab);
2555 }
2556 
2557 int
2558 nfsd4_init_slabs(void)
2559 {
2560 	openowner_slab = kmem_cache_create("nfsd4_openowners",
2561 			sizeof(struct nfs4_openowner), 0, 0, NULL);
2562 	if (openowner_slab == NULL)
2563 		goto out;
2564 	lockowner_slab = kmem_cache_create("nfsd4_lockowners",
2565 			sizeof(struct nfs4_lockowner), 0, 0, NULL);
2566 	if (lockowner_slab == NULL)
2567 		goto out_free_openowner_slab;
2568 	file_slab = kmem_cache_create("nfsd4_files",
2569 			sizeof(struct nfs4_file), 0, 0, NULL);
2570 	if (file_slab == NULL)
2571 		goto out_free_lockowner_slab;
2572 	stateid_slab = kmem_cache_create("nfsd4_stateids",
2573 			sizeof(struct nfs4_ol_stateid), 0, 0, NULL);
2574 	if (stateid_slab == NULL)
2575 		goto out_free_file_slab;
2576 	deleg_slab = kmem_cache_create("nfsd4_delegations",
2577 			sizeof(struct nfs4_delegation), 0, 0, NULL);
2578 	if (deleg_slab == NULL)
2579 		goto out_free_stateid_slab;
2580 	return 0;
2581 
2582 out_free_stateid_slab:
2583 	kmem_cache_destroy(stateid_slab);
2584 out_free_file_slab:
2585 	kmem_cache_destroy(file_slab);
2586 out_free_lockowner_slab:
2587 	kmem_cache_destroy(lockowner_slab);
2588 out_free_openowner_slab:
2589 	kmem_cache_destroy(openowner_slab);
2590 out:
2591 	dprintk("nfsd4: out of memory while initializing nfsv4\n");
2592 	return -ENOMEM;
2593 }
2594 
2595 static void init_nfs4_replay(struct nfs4_replay *rp)
2596 {
2597 	rp->rp_status = nfserr_serverfault;
2598 	rp->rp_buflen = 0;
2599 	rp->rp_buf = rp->rp_ibuf;
2600 }
2601 
2602 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
2603 {
2604 	struct nfs4_stateowner *sop;
2605 
2606 	sop = kmem_cache_alloc(slab, GFP_KERNEL);
2607 	if (!sop)
2608 		return NULL;
2609 
2610 	sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL);
2611 	if (!sop->so_owner.data) {
2612 		kmem_cache_free(slab, sop);
2613 		return NULL;
2614 	}
2615 	sop->so_owner.len = owner->len;
2616 
2617 	INIT_LIST_HEAD(&sop->so_stateids);
2618 	sop->so_client = clp;
2619 	init_nfs4_replay(&sop->so_replay);
2620 	return sop;
2621 }
2622 
2623 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
2624 {
2625 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2626 
2627 	list_add(&oo->oo_owner.so_strhash, &nn->ownerstr_hashtbl[strhashval]);
2628 	list_add(&oo->oo_perclient, &clp->cl_openowners);
2629 }
2630 
2631 static struct nfs4_openowner *
2632 alloc_init_open_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfsd4_open *open) {
2633 	struct nfs4_openowner *oo;
2634 
2635 	oo = alloc_stateowner(openowner_slab, &open->op_owner, clp);
2636 	if (!oo)
2637 		return NULL;
2638 	oo->oo_owner.so_is_open_owner = 1;
2639 	oo->oo_owner.so_seqid = open->op_seqid;
2640 	oo->oo_flags = NFS4_OO_NEW;
2641 	oo->oo_time = 0;
2642 	oo->oo_last_closed_stid = NULL;
2643 	INIT_LIST_HEAD(&oo->oo_close_lru);
2644 	hash_openowner(oo, clp, strhashval);
2645 	return oo;
2646 }
2647 
2648 static void init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp, struct nfsd4_open *open) {
2649 	struct nfs4_openowner *oo = open->op_openowner;
2650 
2651 	stp->st_stid.sc_type = NFS4_OPEN_STID;
2652 	INIT_LIST_HEAD(&stp->st_lockowners);
2653 	list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
2654 	list_add(&stp->st_perfile, &fp->fi_stateids);
2655 	stp->st_stateowner = &oo->oo_owner;
2656 	get_nfs4_file(fp);
2657 	stp->st_file = fp;
2658 	stp->st_access_bmap = 0;
2659 	stp->st_deny_bmap = 0;
2660 	set_access(open->op_share_access, stp);
2661 	set_deny(open->op_share_deny, stp);
2662 	stp->st_openstp = NULL;
2663 }
2664 
2665 static void
2666 move_to_close_lru(struct nfs4_openowner *oo, struct net *net)
2667 {
2668 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2669 
2670 	dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);
2671 
2672 	list_move_tail(&oo->oo_close_lru, &nn->close_lru);
2673 	oo->oo_time = get_seconds();
2674 }
2675 
2676 static int
2677 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner,
2678 							clientid_t *clid)
2679 {
2680 	return (sop->so_owner.len == owner->len) &&
2681 		0 == memcmp(sop->so_owner.data, owner->data, owner->len) &&
2682 		(sop->so_client->cl_clientid.cl_id == clid->cl_id);
2683 }
2684 
2685 static struct nfs4_openowner *
2686 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open,
2687 			bool sessions, struct nfsd_net *nn)
2688 {
2689 	struct nfs4_stateowner *so;
2690 	struct nfs4_openowner *oo;
2691 	struct nfs4_client *clp;
2692 
2693 	list_for_each_entry(so, &nn->ownerstr_hashtbl[hashval], so_strhash) {
2694 		if (!so->so_is_open_owner)
2695 			continue;
2696 		if (same_owner_str(so, &open->op_owner, &open->op_clientid)) {
2697 			oo = openowner(so);
2698 			clp = oo->oo_owner.so_client;
2699 			if ((bool)clp->cl_minorversion != sessions)
2700 				return NULL;
2701 			renew_client(oo->oo_owner.so_client);
2702 			return oo;
2703 		}
2704 	}
2705 	return NULL;
2706 }
2707 
2708 /* search file_hashtbl[] for file */
2709 static struct nfs4_file *
2710 find_file(struct inode *ino)
2711 {
2712 	unsigned int hashval = file_hashval(ino);
2713 	struct nfs4_file *fp;
2714 
2715 	spin_lock(&state_lock);
2716 	hlist_for_each_entry(fp, &file_hashtbl[hashval], fi_hash) {
2717 		if (fp->fi_inode == ino) {
2718 			get_nfs4_file(fp);
2719 			spin_unlock(&state_lock);
2720 			return fp;
2721 		}
2722 	}
2723 	spin_unlock(&state_lock);
2724 	return NULL;
2725 }
2726 
2727 /*
2728  * Called to check deny when READ with all zero stateid or
2729  * WRITE with all zero or all one stateid
2730  */
2731 static __be32
2732 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
2733 {
2734 	struct inode *ino = current_fh->fh_dentry->d_inode;
2735 	struct nfs4_file *fp;
2736 	struct nfs4_ol_stateid *stp;
2737 	__be32 ret;
2738 
2739 	fp = find_file(ino);
2740 	if (!fp)
2741 		return nfs_ok;
2742 	ret = nfserr_locked;
2743 	/* Search for conflicting share reservations */
2744 	list_for_each_entry(stp, &fp->fi_stateids, st_perfile) {
2745 		if (test_deny(deny_type, stp) ||
2746 		    test_deny(NFS4_SHARE_DENY_BOTH, stp))
2747 			goto out;
2748 	}
2749 	ret = nfs_ok;
2750 out:
2751 	put_nfs4_file(fp);
2752 	return ret;
2753 }
2754 
2755 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
2756 {
2757 	struct nfs4_client *clp = dp->dl_stid.sc_client;
2758 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2759 
2760 	lockdep_assert_held(&state_lock);
2761 	/* We're assuming the state code never drops its reference
2762 	 * without first removing the lease.  Since we're in this lease
2763 	 * callback (and since the lease code is serialized by the kernel
2764 	 * lock) we know the server hasn't removed the lease yet, we know
2765 	 * it's safe to take a reference: */
2766 	atomic_inc(&dp->dl_count);
2767 
2768 	list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru);
2769 
2770 	/* Only place dl_time is set; protected by i_lock: */
2771 	dp->dl_time = get_seconds();
2772 
2773 	nfsd4_cb_recall(dp);
2774 }
2775 
2776 /* Called from break_lease() with i_lock held. */
2777 static void nfsd_break_deleg_cb(struct file_lock *fl)
2778 {
2779 	struct nfs4_file *fp = (struct nfs4_file *)fl->fl_owner;
2780 	struct nfs4_delegation *dp;
2781 
2782 	if (!fp) {
2783 		WARN(1, "(%p)->fl_owner NULL\n", fl);
2784 		return;
2785 	}
2786 	if (fp->fi_had_conflict) {
2787 		WARN(1, "duplicate break on %p\n", fp);
2788 		return;
2789 	}
2790 	/*
2791 	 * We don't want the locks code to timeout the lease for us;
2792 	 * we'll remove it ourself if a delegation isn't returned
2793 	 * in time:
2794 	 */
2795 	fl->fl_break_time = 0;
2796 
2797 	spin_lock(&state_lock);
2798 	fp->fi_had_conflict = true;
2799 	list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
2800 		nfsd_break_one_deleg(dp);
2801 	spin_unlock(&state_lock);
2802 }
2803 
2804 static
2805 int nfsd_change_deleg_cb(struct file_lock **onlist, int arg)
2806 {
2807 	if (arg & F_UNLCK)
2808 		return lease_modify(onlist, arg);
2809 	else
2810 		return -EAGAIN;
2811 }
2812 
2813 static const struct lock_manager_operations nfsd_lease_mng_ops = {
2814 	.lm_break = nfsd_break_deleg_cb,
2815 	.lm_change = nfsd_change_deleg_cb,
2816 };
2817 
2818 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
2819 {
2820 	if (nfsd4_has_session(cstate))
2821 		return nfs_ok;
2822 	if (seqid == so->so_seqid - 1)
2823 		return nfserr_replay_me;
2824 	if (seqid == so->so_seqid)
2825 		return nfs_ok;
2826 	return nfserr_bad_seqid;
2827 }
2828 
2829 __be32
2830 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
2831 		    struct nfsd4_open *open, struct nfsd_net *nn)
2832 {
2833 	clientid_t *clientid = &open->op_clientid;
2834 	struct nfs4_client *clp = NULL;
2835 	unsigned int strhashval;
2836 	struct nfs4_openowner *oo = NULL;
2837 	__be32 status;
2838 
2839 	if (STALE_CLIENTID(&open->op_clientid, nn))
2840 		return nfserr_stale_clientid;
2841 	/*
2842 	 * In case we need it later, after we've already created the
2843 	 * file and don't want to risk a further failure:
2844 	 */
2845 	open->op_file = nfsd4_alloc_file();
2846 	if (open->op_file == NULL)
2847 		return nfserr_jukebox;
2848 
2849 	strhashval = ownerstr_hashval(clientid->cl_id, &open->op_owner);
2850 	oo = find_openstateowner_str(strhashval, open, cstate->minorversion, nn);
2851 	open->op_openowner = oo;
2852 	if (!oo) {
2853 		clp = find_confirmed_client(clientid, cstate->minorversion,
2854 					    nn);
2855 		if (clp == NULL)
2856 			return nfserr_expired;
2857 		goto new_owner;
2858 	}
2859 	if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
2860 		/* Replace unconfirmed owners without checking for replay. */
2861 		clp = oo->oo_owner.so_client;
2862 		release_openowner(oo);
2863 		open->op_openowner = NULL;
2864 		goto new_owner;
2865 	}
2866 	status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
2867 	if (status)
2868 		return status;
2869 	clp = oo->oo_owner.so_client;
2870 	goto alloc_stateid;
2871 new_owner:
2872 	oo = alloc_init_open_stateowner(strhashval, clp, open);
2873 	if (oo == NULL)
2874 		return nfserr_jukebox;
2875 	open->op_openowner = oo;
2876 alloc_stateid:
2877 	open->op_stp = nfs4_alloc_stateid(clp);
2878 	if (!open->op_stp)
2879 		return nfserr_jukebox;
2880 	return nfs_ok;
2881 }
2882 
2883 static inline __be32
2884 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
2885 {
2886 	if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
2887 		return nfserr_openmode;
2888 	else
2889 		return nfs_ok;
2890 }
2891 
2892 static int share_access_to_flags(u32 share_access)
2893 {
2894 	return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
2895 }
2896 
2897 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s)
2898 {
2899 	struct nfs4_stid *ret;
2900 
2901 	ret = find_stateid_by_type(cl, s, NFS4_DELEG_STID);
2902 	if (!ret)
2903 		return NULL;
2904 	return delegstateid(ret);
2905 }
2906 
2907 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
2908 {
2909 	return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
2910 	       open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
2911 }
2912 
2913 static __be32
2914 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open,
2915 		struct nfs4_delegation **dp)
2916 {
2917 	int flags;
2918 	__be32 status = nfserr_bad_stateid;
2919 
2920 	*dp = find_deleg_stateid(cl, &open->op_delegate_stateid);
2921 	if (*dp == NULL)
2922 		goto out;
2923 	flags = share_access_to_flags(open->op_share_access);
2924 	status = nfs4_check_delegmode(*dp, flags);
2925 	if (status)
2926 		*dp = NULL;
2927 out:
2928 	if (!nfsd4_is_deleg_cur(open))
2929 		return nfs_ok;
2930 	if (status)
2931 		return status;
2932 	open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
2933 	return nfs_ok;
2934 }
2935 
2936 static __be32
2937 nfs4_check_open(struct nfs4_file *fp, struct nfsd4_open *open, struct nfs4_ol_stateid **stpp)
2938 {
2939 	struct nfs4_ol_stateid *local;
2940 	struct nfs4_openowner *oo = open->op_openowner;
2941 
2942 	list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
2943 		/* ignore lock owners */
2944 		if (local->st_stateowner->so_is_open_owner == 0)
2945 			continue;
2946 		/* remember if we have seen this open owner */
2947 		if (local->st_stateowner == &oo->oo_owner)
2948 			*stpp = local;
2949 		/* check for conflicting share reservations */
2950 		if (!test_share(local, open))
2951 			return nfserr_share_denied;
2952 	}
2953 	return nfs_ok;
2954 }
2955 
2956 static inline int nfs4_access_to_access(u32 nfs4_access)
2957 {
2958 	int flags = 0;
2959 
2960 	if (nfs4_access & NFS4_SHARE_ACCESS_READ)
2961 		flags |= NFSD_MAY_READ;
2962 	if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
2963 		flags |= NFSD_MAY_WRITE;
2964 	return flags;
2965 }
2966 
2967 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
2968 		struct svc_fh *cur_fh, struct nfsd4_open *open)
2969 {
2970 	__be32 status;
2971 	int oflag = nfs4_access_to_omode(open->op_share_access);
2972 	int access = nfs4_access_to_access(open->op_share_access);
2973 
2974 	if (!fp->fi_fds[oflag]) {
2975 		status = nfsd_open(rqstp, cur_fh, S_IFREG, access,
2976 			&fp->fi_fds[oflag]);
2977 		if (status)
2978 			return status;
2979 	}
2980 	nfs4_file_get_access(fp, oflag);
2981 
2982 	return nfs_ok;
2983 }
2984 
2985 static inline __be32
2986 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
2987 		struct nfsd4_open *open)
2988 {
2989 	struct iattr iattr = {
2990 		.ia_valid = ATTR_SIZE,
2991 		.ia_size = 0,
2992 	};
2993 	if (!open->op_truncate)
2994 		return 0;
2995 	if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
2996 		return nfserr_inval;
2997 	return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
2998 }
2999 
3000 static __be32
3001 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
3002 {
3003 	u32 op_share_access = open->op_share_access;
3004 	bool new_access;
3005 	__be32 status;
3006 
3007 	new_access = !test_access(op_share_access, stp);
3008 	if (new_access) {
3009 		status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open);
3010 		if (status)
3011 			return status;
3012 	}
3013 	status = nfsd4_truncate(rqstp, cur_fh, open);
3014 	if (status) {
3015 		if (new_access) {
3016 			int oflag = nfs4_access_to_omode(op_share_access);
3017 			nfs4_file_put_access(fp, oflag);
3018 		}
3019 		return status;
3020 	}
3021 	/* remember the open */
3022 	set_access(op_share_access, stp);
3023 	set_deny(open->op_share_deny, stp);
3024 
3025 	return nfs_ok;
3026 }
3027 
3028 
3029 static void
3030 nfs4_set_claim_prev(struct nfsd4_open *open, bool has_session)
3031 {
3032 	open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
3033 }
3034 
3035 /* Should we give out recallable state?: */
3036 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
3037 {
3038 	if (clp->cl_cb_state == NFSD4_CB_UP)
3039 		return true;
3040 	/*
3041 	 * In the sessions case, since we don't have to establish a
3042 	 * separate connection for callbacks, we assume it's OK
3043 	 * until we hear otherwise:
3044 	 */
3045 	return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
3046 }
3047 
3048 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_delegation *dp, int flag)
3049 {
3050 	struct file_lock *fl;
3051 
3052 	fl = locks_alloc_lock();
3053 	if (!fl)
3054 		return NULL;
3055 	locks_init_lock(fl);
3056 	fl->fl_lmops = &nfsd_lease_mng_ops;
3057 	fl->fl_flags = FL_DELEG;
3058 	fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
3059 	fl->fl_end = OFFSET_MAX;
3060 	fl->fl_owner = (fl_owner_t)(dp->dl_file);
3061 	fl->fl_pid = current->tgid;
3062 	return fl;
3063 }
3064 
3065 static int nfs4_setlease(struct nfs4_delegation *dp)
3066 {
3067 	struct nfs4_file *fp = dp->dl_file;
3068 	struct file_lock *fl;
3069 	int status;
3070 
3071 	fl = nfs4_alloc_init_lease(dp, NFS4_OPEN_DELEGATE_READ);
3072 	if (!fl)
3073 		return -ENOMEM;
3074 	fl->fl_file = find_readable_file(fp);
3075 	status = vfs_setlease(fl->fl_file, fl->fl_type, &fl);
3076 	if (status)
3077 		goto out_free;
3078 	fp->fi_lease = fl;
3079 	fp->fi_deleg_file = get_file(fl->fl_file);
3080 	atomic_set(&fp->fi_delegees, 1);
3081 	spin_lock(&state_lock);
3082 	hash_delegation_locked(dp, fp);
3083 	spin_unlock(&state_lock);
3084 	return 0;
3085 out_free:
3086 	locks_free_lock(fl);
3087 	return status;
3088 }
3089 
3090 static int nfs4_set_delegation(struct nfs4_delegation *dp, struct nfs4_file *fp)
3091 {
3092 	if (fp->fi_had_conflict)
3093 		return -EAGAIN;
3094 	get_nfs4_file(fp);
3095 	dp->dl_file = fp;
3096 	if (!fp->fi_lease)
3097 		return nfs4_setlease(dp);
3098 	spin_lock(&state_lock);
3099 	atomic_inc(&fp->fi_delegees);
3100 	if (fp->fi_had_conflict) {
3101 		spin_unlock(&state_lock);
3102 		return -EAGAIN;
3103 	}
3104 	hash_delegation_locked(dp, fp);
3105 	spin_unlock(&state_lock);
3106 	return 0;
3107 }
3108 
3109 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status)
3110 {
3111 	open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
3112 	if (status == -EAGAIN)
3113 		open->op_why_no_deleg = WND4_CONTENTION;
3114 	else {
3115 		open->op_why_no_deleg = WND4_RESOURCE;
3116 		switch (open->op_deleg_want) {
3117 		case NFS4_SHARE_WANT_READ_DELEG:
3118 		case NFS4_SHARE_WANT_WRITE_DELEG:
3119 		case NFS4_SHARE_WANT_ANY_DELEG:
3120 			break;
3121 		case NFS4_SHARE_WANT_CANCEL:
3122 			open->op_why_no_deleg = WND4_CANCELLED;
3123 			break;
3124 		case NFS4_SHARE_WANT_NO_DELEG:
3125 			WARN_ON_ONCE(1);
3126 		}
3127 	}
3128 }
3129 
3130 /*
3131  * Attempt to hand out a delegation.
3132  *
3133  * Note we don't support write delegations, and won't until the vfs has
3134  * proper support for them.
3135  */
3136 static void
3137 nfs4_open_delegation(struct net *net, struct svc_fh *fh,
3138 		     struct nfsd4_open *open, struct nfs4_ol_stateid *stp)
3139 {
3140 	struct nfs4_delegation *dp;
3141 	struct nfs4_openowner *oo = container_of(stp->st_stateowner, struct nfs4_openowner, oo_owner);
3142 	int cb_up;
3143 	int status = 0;
3144 
3145 	cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);
3146 	open->op_recall = 0;
3147 	switch (open->op_claim_type) {
3148 		case NFS4_OPEN_CLAIM_PREVIOUS:
3149 			if (!cb_up)
3150 				open->op_recall = 1;
3151 			if (open->op_delegate_type != NFS4_OPEN_DELEGATE_READ)
3152 				goto out_no_deleg;
3153 			break;
3154 		case NFS4_OPEN_CLAIM_NULL:
3155 		case NFS4_OPEN_CLAIM_FH:
3156 			/*
3157 			 * Let's not give out any delegations till everyone's
3158 			 * had the chance to reclaim theirs....
3159 			 */
3160 			if (locks_in_grace(net))
3161 				goto out_no_deleg;
3162 			if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))
3163 				goto out_no_deleg;
3164 			/*
3165 			 * Also, if the file was opened for write or
3166 			 * create, there's a good chance the client's
3167 			 * about to write to it, resulting in an
3168 			 * immediate recall (since we don't support
3169 			 * write delegations):
3170 			 */
3171 			if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
3172 				goto out_no_deleg;
3173 			if (open->op_create == NFS4_OPEN_CREATE)
3174 				goto out_no_deleg;
3175 			break;
3176 		default:
3177 			goto out_no_deleg;
3178 	}
3179 	dp = alloc_init_deleg(oo->oo_owner.so_client, stp, fh);
3180 	if (dp == NULL)
3181 		goto out_no_deleg;
3182 	status = nfs4_set_delegation(dp, stp->st_file);
3183 	if (status)
3184 		goto out_free;
3185 
3186 	memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid));
3187 
3188 	dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",
3189 		STATEID_VAL(&dp->dl_stid.sc_stateid));
3190 	open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;
3191 	return;
3192 out_free:
3193 	destroy_delegation(dp);
3194 out_no_deleg:
3195 	open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE;
3196 	if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&
3197 	    open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) {
3198 		dprintk("NFSD: WARNING: refusing delegation reclaim\n");
3199 		open->op_recall = 1;
3200 	}
3201 
3202 	/* 4.1 client asking for a delegation? */
3203 	if (open->op_deleg_want)
3204 		nfsd4_open_deleg_none_ext(open, status);
3205 	return;
3206 }
3207 
3208 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,
3209 					struct nfs4_delegation *dp)
3210 {
3211 	if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG &&
3212 	    dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
3213 		open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
3214 		open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE;
3215 	} else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG &&
3216 		   dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
3217 		open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
3218 		open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE;
3219 	}
3220 	/* Otherwise the client must be confused wanting a delegation
3221 	 * it already has, therefore we don't return
3222 	 * NFS4_OPEN_DELEGATE_NONE_EXT and reason.
3223 	 */
3224 }
3225 
3226 /*
3227  * called with nfs4_lock_state() held.
3228  */
3229 __be32
3230 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
3231 {
3232 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
3233 	struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
3234 	struct nfs4_file *fp = NULL;
3235 	struct inode *ino = current_fh->fh_dentry->d_inode;
3236 	struct nfs4_ol_stateid *stp = NULL;
3237 	struct nfs4_delegation *dp = NULL;
3238 	__be32 status;
3239 
3240 	/*
3241 	 * Lookup file; if found, lookup stateid and check open request,
3242 	 * and check for delegations in the process of being recalled.
3243 	 * If not found, create the nfs4_file struct
3244 	 */
3245 	fp = find_file(ino);
3246 	if (fp) {
3247 		if ((status = nfs4_check_open(fp, open, &stp)))
3248 			goto out;
3249 		status = nfs4_check_deleg(cl, open, &dp);
3250 		if (status)
3251 			goto out;
3252 	} else {
3253 		status = nfserr_bad_stateid;
3254 		if (nfsd4_is_deleg_cur(open))
3255 			goto out;
3256 		status = nfserr_jukebox;
3257 		fp = open->op_file;
3258 		open->op_file = NULL;
3259 		nfsd4_init_file(fp, ino);
3260 	}
3261 
3262 	/*
3263 	 * OPEN the file, or upgrade an existing OPEN.
3264 	 * If truncate fails, the OPEN fails.
3265 	 */
3266 	if (stp) {
3267 		/* Stateid was found, this is an OPEN upgrade */
3268 		status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
3269 		if (status)
3270 			goto out;
3271 	} else {
3272 		status = nfs4_get_vfs_file(rqstp, fp, current_fh, open);
3273 		if (status)
3274 			goto out;
3275 		status = nfsd4_truncate(rqstp, current_fh, open);
3276 		if (status)
3277 			goto out;
3278 		stp = open->op_stp;
3279 		open->op_stp = NULL;
3280 		init_open_stateid(stp, fp, open);
3281 	}
3282 	update_stateid(&stp->st_stid.sc_stateid);
3283 	memcpy(&open->op_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3284 
3285 	if (nfsd4_has_session(&resp->cstate)) {
3286 		open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
3287 
3288 		if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
3289 			open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
3290 			open->op_why_no_deleg = WND4_NOT_WANTED;
3291 			goto nodeleg;
3292 		}
3293 	}
3294 
3295 	/*
3296 	* Attempt to hand out a delegation. No error return, because the
3297 	* OPEN succeeds even if we fail.
3298 	*/
3299 	nfs4_open_delegation(SVC_NET(rqstp), current_fh, open, stp);
3300 nodeleg:
3301 	status = nfs_ok;
3302 
3303 	dprintk("%s: stateid=" STATEID_FMT "\n", __func__,
3304 		STATEID_VAL(&stp->st_stid.sc_stateid));
3305 out:
3306 	/* 4.1 client trying to upgrade/downgrade delegation? */
3307 	if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp &&
3308 	    open->op_deleg_want)
3309 		nfsd4_deleg_xgrade_none_ext(open, dp);
3310 
3311 	if (fp)
3312 		put_nfs4_file(fp);
3313 	if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
3314 		nfs4_set_claim_prev(open, nfsd4_has_session(&resp->cstate));
3315 	/*
3316 	* To finish the open response, we just need to set the rflags.
3317 	*/
3318 	open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
3319 	if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED) &&
3320 	    !nfsd4_has_session(&resp->cstate))
3321 		open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
3322 
3323 	return status;
3324 }
3325 
3326 void nfsd4_cleanup_open_state(struct nfsd4_open *open, __be32 status)
3327 {
3328 	if (open->op_openowner) {
3329 		struct nfs4_openowner *oo = open->op_openowner;
3330 
3331 		if (!list_empty(&oo->oo_owner.so_stateids))
3332 			list_del_init(&oo->oo_close_lru);
3333 		if (oo->oo_flags & NFS4_OO_NEW) {
3334 			if (status) {
3335 				release_openowner(oo);
3336 				open->op_openowner = NULL;
3337 			} else
3338 				oo->oo_flags &= ~NFS4_OO_NEW;
3339 		}
3340 	}
3341 	if (open->op_file)
3342 		nfsd4_free_file(open->op_file);
3343 	if (open->op_stp)
3344 		free_generic_stateid(open->op_stp);
3345 }
3346 
3347 static __be32 lookup_clientid(clientid_t *clid, bool session, struct nfsd_net *nn, struct nfs4_client **clp)
3348 {
3349 	struct nfs4_client *found;
3350 
3351 	if (STALE_CLIENTID(clid, nn))
3352 		return nfserr_stale_clientid;
3353 	found = find_confirmed_client(clid, session, nn);
3354 	if (clp)
3355 		*clp = found;
3356 	return found ? nfs_ok : nfserr_expired;
3357 }
3358 
3359 __be32
3360 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3361 	    clientid_t *clid)
3362 {
3363 	struct nfs4_client *clp;
3364 	__be32 status;
3365 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3366 
3367 	nfs4_lock_state();
3368 	dprintk("process_renew(%08x/%08x): starting\n",
3369 			clid->cl_boot, clid->cl_id);
3370 	status = lookup_clientid(clid, cstate->minorversion, nn, &clp);
3371 	if (status)
3372 		goto out;
3373 	status = nfserr_cb_path_down;
3374 	if (!list_empty(&clp->cl_delegations)
3375 			&& clp->cl_cb_state != NFSD4_CB_UP)
3376 		goto out;
3377 	status = nfs_ok;
3378 out:
3379 	nfs4_unlock_state();
3380 	return status;
3381 }
3382 
3383 static void
3384 nfsd4_end_grace(struct nfsd_net *nn)
3385 {
3386 	/* do nothing if grace period already ended */
3387 	if (nn->grace_ended)
3388 		return;
3389 
3390 	dprintk("NFSD: end of grace period\n");
3391 	nn->grace_ended = true;
3392 	nfsd4_record_grace_done(nn, nn->boot_time);
3393 	locks_end_grace(&nn->nfsd4_manager);
3394 	/*
3395 	 * Now that every NFSv4 client has had the chance to recover and
3396 	 * to see the (possibly new, possibly shorter) lease time, we
3397 	 * can safely set the next grace time to the current lease time:
3398 	 */
3399 	nn->nfsd4_grace = nn->nfsd4_lease;
3400 }
3401 
3402 static time_t
3403 nfs4_laundromat(struct nfsd_net *nn)
3404 {
3405 	struct nfs4_client *clp;
3406 	struct nfs4_openowner *oo;
3407 	struct nfs4_delegation *dp;
3408 	struct list_head *pos, *next, reaplist;
3409 	time_t cutoff = get_seconds() - nn->nfsd4_lease;
3410 	time_t t, new_timeo = nn->nfsd4_lease;
3411 
3412 	nfs4_lock_state();
3413 
3414 	dprintk("NFSD: laundromat service - starting\n");
3415 	nfsd4_end_grace(nn);
3416 	INIT_LIST_HEAD(&reaplist);
3417 	spin_lock(&nn->client_lock);
3418 	list_for_each_safe(pos, next, &nn->client_lru) {
3419 		clp = list_entry(pos, struct nfs4_client, cl_lru);
3420 		if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) {
3421 			t = clp->cl_time - cutoff;
3422 			new_timeo = min(new_timeo, t);
3423 			break;
3424 		}
3425 		if (mark_client_expired_locked(clp)) {
3426 			dprintk("NFSD: client in use (clientid %08x)\n",
3427 				clp->cl_clientid.cl_id);
3428 			continue;
3429 		}
3430 		list_move(&clp->cl_lru, &reaplist);
3431 	}
3432 	spin_unlock(&nn->client_lock);
3433 	list_for_each_safe(pos, next, &reaplist) {
3434 		clp = list_entry(pos, struct nfs4_client, cl_lru);
3435 		dprintk("NFSD: purging unused client (clientid %08x)\n",
3436 			clp->cl_clientid.cl_id);
3437 		expire_client(clp);
3438 	}
3439 	spin_lock(&state_lock);
3440 	list_for_each_safe(pos, next, &nn->del_recall_lru) {
3441 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
3442 		if (net_generic(dp->dl_stid.sc_client->net, nfsd_net_id) != nn)
3443 			continue;
3444 		if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) {
3445 			t = dp->dl_time - cutoff;
3446 			new_timeo = min(new_timeo, t);
3447 			break;
3448 		}
3449 		list_move(&dp->dl_recall_lru, &reaplist);
3450 	}
3451 	spin_unlock(&state_lock);
3452 	list_for_each_safe(pos, next, &reaplist) {
3453 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
3454 		revoke_delegation(dp);
3455 	}
3456 	list_for_each_safe(pos, next, &nn->close_lru) {
3457 		oo = container_of(pos, struct nfs4_openowner, oo_close_lru);
3458 		if (time_after((unsigned long)oo->oo_time, (unsigned long)cutoff)) {
3459 			t = oo->oo_time - cutoff;
3460 			new_timeo = min(new_timeo, t);
3461 			break;
3462 		}
3463 		release_openowner(oo);
3464 	}
3465 	new_timeo = max_t(time_t, new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT);
3466 	nfs4_unlock_state();
3467 	return new_timeo;
3468 }
3469 
3470 static struct workqueue_struct *laundry_wq;
3471 static void laundromat_main(struct work_struct *);
3472 
3473 static void
3474 laundromat_main(struct work_struct *laundry)
3475 {
3476 	time_t t;
3477 	struct delayed_work *dwork = container_of(laundry, struct delayed_work,
3478 						  work);
3479 	struct nfsd_net *nn = container_of(dwork, struct nfsd_net,
3480 					   laundromat_work);
3481 
3482 	t = nfs4_laundromat(nn);
3483 	dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t);
3484 	queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
3485 }
3486 
3487 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_ol_stateid *stp)
3488 {
3489 	if (fhp->fh_dentry->d_inode != stp->st_file->fi_inode)
3490 		return nfserr_bad_stateid;
3491 	return nfs_ok;
3492 }
3493 
3494 static inline int
3495 access_permit_read(struct nfs4_ol_stateid *stp)
3496 {
3497 	return test_access(NFS4_SHARE_ACCESS_READ, stp) ||
3498 		test_access(NFS4_SHARE_ACCESS_BOTH, stp) ||
3499 		test_access(NFS4_SHARE_ACCESS_WRITE, stp);
3500 }
3501 
3502 static inline int
3503 access_permit_write(struct nfs4_ol_stateid *stp)
3504 {
3505 	return test_access(NFS4_SHARE_ACCESS_WRITE, stp) ||
3506 		test_access(NFS4_SHARE_ACCESS_BOTH, stp);
3507 }
3508 
3509 static
3510 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags)
3511 {
3512         __be32 status = nfserr_openmode;
3513 
3514 	/* For lock stateid's, we test the parent open, not the lock: */
3515 	if (stp->st_openstp)
3516 		stp = stp->st_openstp;
3517 	if ((flags & WR_STATE) && !access_permit_write(stp))
3518                 goto out;
3519 	if ((flags & RD_STATE) && !access_permit_read(stp))
3520                 goto out;
3521 	status = nfs_ok;
3522 out:
3523 	return status;
3524 }
3525 
3526 static inline __be32
3527 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags)
3528 {
3529 	if (ONE_STATEID(stateid) && (flags & RD_STATE))
3530 		return nfs_ok;
3531 	else if (locks_in_grace(net)) {
3532 		/* Answer in remaining cases depends on existence of
3533 		 * conflicting state; so we must wait out the grace period. */
3534 		return nfserr_grace;
3535 	} else if (flags & WR_STATE)
3536 		return nfs4_share_conflict(current_fh,
3537 				NFS4_SHARE_DENY_WRITE);
3538 	else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
3539 		return nfs4_share_conflict(current_fh,
3540 				NFS4_SHARE_DENY_READ);
3541 }
3542 
3543 /*
3544  * Allow READ/WRITE during grace period on recovered state only for files
3545  * that are not able to provide mandatory locking.
3546  */
3547 static inline int
3548 grace_disallows_io(struct net *net, struct inode *inode)
3549 {
3550 	return locks_in_grace(net) && mandatory_lock(inode);
3551 }
3552 
3553 /* Returns true iff a is later than b: */
3554 static bool stateid_generation_after(stateid_t *a, stateid_t *b)
3555 {
3556 	return (s32)(a->si_generation - b->si_generation) > 0;
3557 }
3558 
3559 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)
3560 {
3561 	/*
3562 	 * When sessions are used the stateid generation number is ignored
3563 	 * when it is zero.
3564 	 */
3565 	if (has_session && in->si_generation == 0)
3566 		return nfs_ok;
3567 
3568 	if (in->si_generation == ref->si_generation)
3569 		return nfs_ok;
3570 
3571 	/* If the client sends us a stateid from the future, it's buggy: */
3572 	if (stateid_generation_after(in, ref))
3573 		return nfserr_bad_stateid;
3574 	/*
3575 	 * However, we could see a stateid from the past, even from a
3576 	 * non-buggy client.  For example, if the client sends a lock
3577 	 * while some IO is outstanding, the lock may bump si_generation
3578 	 * while the IO is still in flight.  The client could avoid that
3579 	 * situation by waiting for responses on all the IO requests,
3580 	 * but better performance may result in retrying IO that
3581 	 * receives an old_stateid error if requests are rarely
3582 	 * reordered in flight:
3583 	 */
3584 	return nfserr_old_stateid;
3585 }
3586 
3587 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
3588 {
3589 	struct nfs4_stid *s;
3590 	struct nfs4_ol_stateid *ols;
3591 	__be32 status;
3592 
3593 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3594 		return nfserr_bad_stateid;
3595 	/* Client debugging aid. */
3596 	if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
3597 		char addr_str[INET6_ADDRSTRLEN];
3598 		rpc_ntop((struct sockaddr *)&cl->cl_addr, addr_str,
3599 				 sizeof(addr_str));
3600 		pr_warn_ratelimited("NFSD: client %s testing state ID "
3601 					"with incorrect client ID\n", addr_str);
3602 		return nfserr_bad_stateid;
3603 	}
3604 	s = find_stateid(cl, stateid);
3605 	if (!s)
3606 		return nfserr_bad_stateid;
3607 	status = check_stateid_generation(stateid, &s->sc_stateid, 1);
3608 	if (status)
3609 		return status;
3610 	switch (s->sc_type) {
3611 	case NFS4_DELEG_STID:
3612 		return nfs_ok;
3613 	case NFS4_REVOKED_DELEG_STID:
3614 		return nfserr_deleg_revoked;
3615 	case NFS4_OPEN_STID:
3616 	case NFS4_LOCK_STID:
3617 		ols = openlockstateid(s);
3618 		if (ols->st_stateowner->so_is_open_owner
3619 	    			&& !(openowner(ols->st_stateowner)->oo_flags
3620 						& NFS4_OO_CONFIRMED))
3621 			return nfserr_bad_stateid;
3622 		return nfs_ok;
3623 	default:
3624 		printk("unknown stateid type %x\n", s->sc_type);
3625 	case NFS4_CLOSED_STID:
3626 		return nfserr_bad_stateid;
3627 	}
3628 }
3629 
3630 static __be32 nfsd4_lookup_stateid(stateid_t *stateid, unsigned char typemask,
3631 				   struct nfs4_stid **s, bool sessions,
3632 				   struct nfsd_net *nn)
3633 {
3634 	struct nfs4_client *cl;
3635 	__be32 status;
3636 
3637 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3638 		return nfserr_bad_stateid;
3639 	status = lookup_clientid(&stateid->si_opaque.so_clid, sessions,
3640 							nn, &cl);
3641 	if (status == nfserr_stale_clientid) {
3642 		if (sessions)
3643 			return nfserr_bad_stateid;
3644 		return nfserr_stale_stateid;
3645 	}
3646 	if (status)
3647 		return status;
3648 	*s = find_stateid_by_type(cl, stateid, typemask);
3649 	if (!*s)
3650 		return nfserr_bad_stateid;
3651 	return nfs_ok;
3652 }
3653 
3654 /*
3655 * Checks for stateid operations
3656 */
3657 __be32
3658 nfs4_preprocess_stateid_op(struct net *net, struct nfsd4_compound_state *cstate,
3659 			   stateid_t *stateid, int flags, struct file **filpp)
3660 {
3661 	struct nfs4_stid *s;
3662 	struct nfs4_ol_stateid *stp = NULL;
3663 	struct nfs4_delegation *dp = NULL;
3664 	struct svc_fh *current_fh = &cstate->current_fh;
3665 	struct inode *ino = current_fh->fh_dentry->d_inode;
3666 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
3667 	struct file *file = NULL;
3668 	__be32 status;
3669 
3670 	if (filpp)
3671 		*filpp = NULL;
3672 
3673 	if (grace_disallows_io(net, ino))
3674 		return nfserr_grace;
3675 
3676 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3677 		return check_special_stateids(net, current_fh, stateid, flags);
3678 
3679 	nfs4_lock_state();
3680 
3681 	status = nfsd4_lookup_stateid(stateid, NFS4_DELEG_STID|NFS4_OPEN_STID|NFS4_LOCK_STID,
3682 				      &s, cstate->minorversion, nn);
3683 	if (status)
3684 		goto out;
3685 	status = check_stateid_generation(stateid, &s->sc_stateid, nfsd4_has_session(cstate));
3686 	if (status)
3687 		goto out;
3688 	switch (s->sc_type) {
3689 	case NFS4_DELEG_STID:
3690 		dp = delegstateid(s);
3691 		status = nfs4_check_delegmode(dp, flags);
3692 		if (status)
3693 			goto out;
3694 		if (filpp) {
3695 			file = dp->dl_file->fi_deleg_file;
3696 			if (!file) {
3697 				WARN_ON_ONCE(1);
3698 				status = nfserr_serverfault;
3699 				goto out;
3700 			}
3701 		}
3702 		break;
3703 	case NFS4_OPEN_STID:
3704 	case NFS4_LOCK_STID:
3705 		stp = openlockstateid(s);
3706 		status = nfs4_check_fh(current_fh, stp);
3707 		if (status)
3708 			goto out;
3709 		if (stp->st_stateowner->so_is_open_owner
3710 		    && !(openowner(stp->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
3711 			goto out;
3712 		status = nfs4_check_openmode(stp, flags);
3713 		if (status)
3714 			goto out;
3715 		if (filpp) {
3716 			if (flags & RD_STATE)
3717 				file = find_readable_file(stp->st_file);
3718 			else
3719 				file = find_writeable_file(stp->st_file);
3720 		}
3721 		break;
3722 	default:
3723 		status = nfserr_bad_stateid;
3724 		goto out;
3725 	}
3726 	status = nfs_ok;
3727 	if (file)
3728 		*filpp = get_file(file);
3729 out:
3730 	nfs4_unlock_state();
3731 	return status;
3732 }
3733 
3734 static __be32
3735 nfsd4_free_lock_stateid(struct nfs4_ol_stateid *stp)
3736 {
3737 	struct nfs4_lockowner *lo = lockowner(stp->st_stateowner);
3738 
3739 	if (check_for_locks(stp->st_file, lo))
3740 		return nfserr_locks_held;
3741 	/*
3742 	 * Currently there's a 1-1 lock stateid<->lockowner
3743 	 * correspondance, and we have to delete the lockowner when we
3744 	 * delete the lock stateid:
3745 	 */
3746 	release_lockowner(lo);
3747 	return nfs_ok;
3748 }
3749 
3750 /*
3751  * Test if the stateid is valid
3752  */
3753 __be32
3754 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3755 		   struct nfsd4_test_stateid *test_stateid)
3756 {
3757 	struct nfsd4_test_stateid_id *stateid;
3758 	struct nfs4_client *cl = cstate->session->se_client;
3759 
3760 	nfs4_lock_state();
3761 	list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list)
3762 		stateid->ts_id_status =
3763 			nfsd4_validate_stateid(cl, &stateid->ts_id_stateid);
3764 	nfs4_unlock_state();
3765 
3766 	return nfs_ok;
3767 }
3768 
3769 __be32
3770 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3771 		   struct nfsd4_free_stateid *free_stateid)
3772 {
3773 	stateid_t *stateid = &free_stateid->fr_stateid;
3774 	struct nfs4_stid *s;
3775 	struct nfs4_delegation *dp;
3776 	struct nfs4_client *cl = cstate->session->se_client;
3777 	__be32 ret = nfserr_bad_stateid;
3778 
3779 	nfs4_lock_state();
3780 	s = find_stateid(cl, stateid);
3781 	if (!s)
3782 		goto out;
3783 	switch (s->sc_type) {
3784 	case NFS4_DELEG_STID:
3785 		ret = nfserr_locks_held;
3786 		goto out;
3787 	case NFS4_OPEN_STID:
3788 	case NFS4_LOCK_STID:
3789 		ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
3790 		if (ret)
3791 			goto out;
3792 		if (s->sc_type == NFS4_LOCK_STID)
3793 			ret = nfsd4_free_lock_stateid(openlockstateid(s));
3794 		else
3795 			ret = nfserr_locks_held;
3796 		break;
3797 	case NFS4_REVOKED_DELEG_STID:
3798 		dp = delegstateid(s);
3799 		destroy_revoked_delegation(dp);
3800 		ret = nfs_ok;
3801 		break;
3802 	default:
3803 		ret = nfserr_bad_stateid;
3804 	}
3805 out:
3806 	nfs4_unlock_state();
3807 	return ret;
3808 }
3809 
3810 static inline int
3811 setlkflg (int type)
3812 {
3813 	return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
3814 		RD_STATE : WR_STATE;
3815 }
3816 
3817 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp)
3818 {
3819 	struct svc_fh *current_fh = &cstate->current_fh;
3820 	struct nfs4_stateowner *sop = stp->st_stateowner;
3821 	__be32 status;
3822 
3823 	status = nfsd4_check_seqid(cstate, sop, seqid);
3824 	if (status)
3825 		return status;
3826 	if (stp->st_stid.sc_type == NFS4_CLOSED_STID
3827 		|| stp->st_stid.sc_type == NFS4_REVOKED_DELEG_STID)
3828 		/*
3829 		 * "Closed" stateid's exist *only* to return
3830 		 * nfserr_replay_me from the previous step, and
3831 		 * revoked delegations are kept only for free_stateid.
3832 		 */
3833 		return nfserr_bad_stateid;
3834 	status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
3835 	if (status)
3836 		return status;
3837 	return nfs4_check_fh(current_fh, stp);
3838 }
3839 
3840 /*
3841  * Checks for sequence id mutating operations.
3842  */
3843 static __be32
3844 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
3845 			 stateid_t *stateid, char typemask,
3846 			 struct nfs4_ol_stateid **stpp,
3847 			 struct nfsd_net *nn)
3848 {
3849 	__be32 status;
3850 	struct nfs4_stid *s;
3851 
3852 	dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__,
3853 		seqid, STATEID_VAL(stateid));
3854 
3855 	*stpp = NULL;
3856 	status = nfsd4_lookup_stateid(stateid, typemask, &s,
3857 				      cstate->minorversion, nn);
3858 	if (status)
3859 		return status;
3860 	*stpp = openlockstateid(s);
3861 	if (!nfsd4_has_session(cstate))
3862 		cstate->replay_owner = (*stpp)->st_stateowner;
3863 
3864 	return nfs4_seqid_op_checks(cstate, stateid, seqid, *stpp);
3865 }
3866 
3867 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
3868 						 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn)
3869 {
3870 	__be32 status;
3871 	struct nfs4_openowner *oo;
3872 
3873 	status = nfs4_preprocess_seqid_op(cstate, seqid, stateid,
3874 						NFS4_OPEN_STID, stpp, nn);
3875 	if (status)
3876 		return status;
3877 	oo = openowner((*stpp)->st_stateowner);
3878 	if (!(oo->oo_flags & NFS4_OO_CONFIRMED))
3879 		return nfserr_bad_stateid;
3880 	return nfs_ok;
3881 }
3882 
3883 __be32
3884 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3885 		   struct nfsd4_open_confirm *oc)
3886 {
3887 	__be32 status;
3888 	struct nfs4_openowner *oo;
3889 	struct nfs4_ol_stateid *stp;
3890 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3891 
3892 	dprintk("NFSD: nfsd4_open_confirm on file %pd\n",
3893 			cstate->current_fh.fh_dentry);
3894 
3895 	status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
3896 	if (status)
3897 		return status;
3898 
3899 	nfs4_lock_state();
3900 
3901 	status = nfs4_preprocess_seqid_op(cstate,
3902 					oc->oc_seqid, &oc->oc_req_stateid,
3903 					NFS4_OPEN_STID, &stp, nn);
3904 	if (status)
3905 		goto out;
3906 	oo = openowner(stp->st_stateowner);
3907 	status = nfserr_bad_stateid;
3908 	if (oo->oo_flags & NFS4_OO_CONFIRMED)
3909 		goto out;
3910 	oo->oo_flags |= NFS4_OO_CONFIRMED;
3911 	update_stateid(&stp->st_stid.sc_stateid);
3912 	memcpy(&oc->oc_resp_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3913 	dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
3914 		__func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid));
3915 
3916 	nfsd4_client_record_create(oo->oo_owner.so_client);
3917 	status = nfs_ok;
3918 out:
3919 	nfsd4_bump_seqid(cstate, status);
3920 	if (!cstate->replay_owner)
3921 		nfs4_unlock_state();
3922 	return status;
3923 }
3924 
3925 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access)
3926 {
3927 	if (!test_access(access, stp))
3928 		return;
3929 	nfs4_file_put_access(stp->st_file, nfs4_access_to_omode(access));
3930 	clear_access(access, stp);
3931 }
3932 
3933 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access)
3934 {
3935 	switch (to_access) {
3936 	case NFS4_SHARE_ACCESS_READ:
3937 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE);
3938 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
3939 		break;
3940 	case NFS4_SHARE_ACCESS_WRITE:
3941 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ);
3942 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
3943 		break;
3944 	case NFS4_SHARE_ACCESS_BOTH:
3945 		break;
3946 	default:
3947 		WARN_ON_ONCE(1);
3948 	}
3949 }
3950 
3951 static void
3952 reset_union_bmap_deny(unsigned long deny, struct nfs4_ol_stateid *stp)
3953 {
3954 	int i;
3955 	for (i = 0; i < 4; i++) {
3956 		if ((i & deny) != i)
3957 			clear_deny(i, stp);
3958 	}
3959 }
3960 
3961 __be32
3962 nfsd4_open_downgrade(struct svc_rqst *rqstp,
3963 		     struct nfsd4_compound_state *cstate,
3964 		     struct nfsd4_open_downgrade *od)
3965 {
3966 	__be32 status;
3967 	struct nfs4_ol_stateid *stp;
3968 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3969 
3970 	dprintk("NFSD: nfsd4_open_downgrade on file %pd\n",
3971 			cstate->current_fh.fh_dentry);
3972 
3973 	/* We don't yet support WANT bits: */
3974 	if (od->od_deleg_want)
3975 		dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__,
3976 			od->od_deleg_want);
3977 
3978 	nfs4_lock_state();
3979 	status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid,
3980 					&od->od_stateid, &stp, nn);
3981 	if (status)
3982 		goto out;
3983 	status = nfserr_inval;
3984 	if (!test_access(od->od_share_access, stp)) {
3985 		dprintk("NFSD: access not a subset current bitmap: 0x%lx, input access=%08x\n",
3986 			stp->st_access_bmap, od->od_share_access);
3987 		goto out;
3988 	}
3989 	if (!test_deny(od->od_share_deny, stp)) {
3990 		dprintk("NFSD:deny not a subset current bitmap: 0x%lx, input deny=%08x\n",
3991 			stp->st_deny_bmap, od->od_share_deny);
3992 		goto out;
3993 	}
3994 	nfs4_stateid_downgrade(stp, od->od_share_access);
3995 
3996 	reset_union_bmap_deny(od->od_share_deny, stp);
3997 
3998 	update_stateid(&stp->st_stid.sc_stateid);
3999 	memcpy(&od->od_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
4000 	status = nfs_ok;
4001 out:
4002 	nfsd4_bump_seqid(cstate, status);
4003 	if (!cstate->replay_owner)
4004 		nfs4_unlock_state();
4005 	return status;
4006 }
4007 
4008 static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
4009 {
4010 	unhash_open_stateid(s);
4011 	s->st_stid.sc_type = NFS4_CLOSED_STID;
4012 }
4013 
4014 /*
4015  * nfs4_unlock_state() called after encode
4016  */
4017 __be32
4018 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4019 	    struct nfsd4_close *close)
4020 {
4021 	__be32 status;
4022 	struct nfs4_openowner *oo;
4023 	struct nfs4_ol_stateid *stp;
4024 	struct net *net = SVC_NET(rqstp);
4025 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4026 
4027 	dprintk("NFSD: nfsd4_close on file %pd\n",
4028 			cstate->current_fh.fh_dentry);
4029 
4030 	nfs4_lock_state();
4031 	status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid,
4032 					&close->cl_stateid,
4033 					NFS4_OPEN_STID|NFS4_CLOSED_STID,
4034 					&stp, nn);
4035 	nfsd4_bump_seqid(cstate, status);
4036 	if (status)
4037 		goto out;
4038 	oo = openowner(stp->st_stateowner);
4039 	update_stateid(&stp->st_stid.sc_stateid);
4040 	memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
4041 
4042 	nfsd4_close_open_stateid(stp);
4043 
4044 	if (cstate->minorversion)
4045 		free_generic_stateid(stp);
4046 	else
4047 		oo->oo_last_closed_stid = stp;
4048 
4049 	if (list_empty(&oo->oo_owner.so_stateids)) {
4050 		if (cstate->minorversion)
4051 			release_openowner(oo);
4052 		else {
4053 			/*
4054 			 * In the 4.0 case we need to keep the owners around a
4055 			 * little while to handle CLOSE replay.
4056 			 */
4057 			move_to_close_lru(oo, SVC_NET(rqstp));
4058 		}
4059 	}
4060 out:
4061 	if (!cstate->replay_owner)
4062 		nfs4_unlock_state();
4063 	return status;
4064 }
4065 
4066 __be32
4067 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4068 		  struct nfsd4_delegreturn *dr)
4069 {
4070 	struct nfs4_delegation *dp;
4071 	stateid_t *stateid = &dr->dr_stateid;
4072 	struct nfs4_stid *s;
4073 	__be32 status;
4074 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4075 
4076 	if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
4077 		return status;
4078 
4079 	nfs4_lock_state();
4080 	status = nfsd4_lookup_stateid(stateid, NFS4_DELEG_STID, &s,
4081 				      cstate->minorversion, nn);
4082 	if (status)
4083 		goto out;
4084 	dp = delegstateid(s);
4085 	status = check_stateid_generation(stateid, &dp->dl_stid.sc_stateid, nfsd4_has_session(cstate));
4086 	if (status)
4087 		goto out;
4088 
4089 	destroy_delegation(dp);
4090 out:
4091 	nfs4_unlock_state();
4092 
4093 	return status;
4094 }
4095 
4096 
4097 #define LOFF_OVERFLOW(start, len)      ((u64)(len) > ~(u64)(start))
4098 
4099 #define LOCKOWNER_INO_HASH_MASK (LOCKOWNER_INO_HASH_SIZE - 1)
4100 
4101 static inline u64
4102 end_offset(u64 start, u64 len)
4103 {
4104 	u64 end;
4105 
4106 	end = start + len;
4107 	return end >= start ? end: NFS4_MAX_UINT64;
4108 }
4109 
4110 /* last octet in a range */
4111 static inline u64
4112 last_byte_offset(u64 start, u64 len)
4113 {
4114 	u64 end;
4115 
4116 	WARN_ON_ONCE(!len);
4117 	end = start + len;
4118 	return end > start ? end - 1: NFS4_MAX_UINT64;
4119 }
4120 
4121 static unsigned int lockowner_ino_hashval(struct inode *inode, u32 cl_id, struct xdr_netobj *ownername)
4122 {
4123 	return (file_hashval(inode) + cl_id
4124 			+ opaque_hashval(ownername->data, ownername->len))
4125 		& LOCKOWNER_INO_HASH_MASK;
4126 }
4127 
4128 /*
4129  * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
4130  * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
4131  * byte, because of sign extension problems.  Since NFSv4 calls for 64-bit
4132  * locking, this prevents us from being completely protocol-compliant.  The
4133  * real solution to this problem is to start using unsigned file offsets in
4134  * the VFS, but this is a very deep change!
4135  */
4136 static inline void
4137 nfs4_transform_lock_offset(struct file_lock *lock)
4138 {
4139 	if (lock->fl_start < 0)
4140 		lock->fl_start = OFFSET_MAX;
4141 	if (lock->fl_end < 0)
4142 		lock->fl_end = OFFSET_MAX;
4143 }
4144 
4145 /* Hack!: For now, we're defining this just so we can use a pointer to it
4146  * as a unique cookie to identify our (NFSv4's) posix locks. */
4147 static const struct lock_manager_operations nfsd_posix_mng_ops  = {
4148 };
4149 
4150 static inline void
4151 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
4152 {
4153 	struct nfs4_lockowner *lo;
4154 
4155 	if (fl->fl_lmops == &nfsd_posix_mng_ops) {
4156 		lo = (struct nfs4_lockowner *) fl->fl_owner;
4157 		deny->ld_owner.data = kmemdup(lo->lo_owner.so_owner.data,
4158 					lo->lo_owner.so_owner.len, GFP_KERNEL);
4159 		if (!deny->ld_owner.data)
4160 			/* We just don't care that much */
4161 			goto nevermind;
4162 		deny->ld_owner.len = lo->lo_owner.so_owner.len;
4163 		deny->ld_clientid = lo->lo_owner.so_client->cl_clientid;
4164 	} else {
4165 nevermind:
4166 		deny->ld_owner.len = 0;
4167 		deny->ld_owner.data = NULL;
4168 		deny->ld_clientid.cl_boot = 0;
4169 		deny->ld_clientid.cl_id = 0;
4170 	}
4171 	deny->ld_start = fl->fl_start;
4172 	deny->ld_length = NFS4_MAX_UINT64;
4173 	if (fl->fl_end != NFS4_MAX_UINT64)
4174 		deny->ld_length = fl->fl_end - fl->fl_start + 1;
4175 	deny->ld_type = NFS4_READ_LT;
4176 	if (fl->fl_type != F_RDLCK)
4177 		deny->ld_type = NFS4_WRITE_LT;
4178 }
4179 
4180 static bool same_lockowner_ino(struct nfs4_lockowner *lo, struct inode *inode, clientid_t *clid, struct xdr_netobj *owner)
4181 {
4182 	struct nfs4_ol_stateid *lst;
4183 
4184 	if (!same_owner_str(&lo->lo_owner, owner, clid))
4185 		return false;
4186 	if (list_empty(&lo->lo_owner.so_stateids)) {
4187 		WARN_ON_ONCE(1);
4188 		return false;
4189 	}
4190 	lst = list_first_entry(&lo->lo_owner.so_stateids,
4191 			       struct nfs4_ol_stateid, st_perstateowner);
4192 	return lst->st_file->fi_inode == inode;
4193 }
4194 
4195 static struct nfs4_lockowner *
4196 find_lockowner_str(struct inode *inode, clientid_t *clid,
4197 		   struct xdr_netobj *owner, struct nfsd_net *nn)
4198 {
4199 	unsigned int hashval = lockowner_ino_hashval(inode, clid->cl_id, owner);
4200 	struct nfs4_lockowner *lo;
4201 
4202 	list_for_each_entry(lo, &nn->lockowner_ino_hashtbl[hashval], lo_owner_ino_hash) {
4203 		if (same_lockowner_ino(lo, inode, clid, owner))
4204 			return lo;
4205 	}
4206 	return NULL;
4207 }
4208 
4209 static void hash_lockowner(struct nfs4_lockowner *lo, unsigned int strhashval, struct nfs4_client *clp, struct nfs4_ol_stateid *open_stp)
4210 {
4211 	struct inode *inode = open_stp->st_file->fi_inode;
4212 	unsigned int inohash = lockowner_ino_hashval(inode,
4213 			clp->cl_clientid.cl_id, &lo->lo_owner.so_owner);
4214 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
4215 
4216 	list_add(&lo->lo_owner.so_strhash, &nn->ownerstr_hashtbl[strhashval]);
4217 	list_add(&lo->lo_owner_ino_hash, &nn->lockowner_ino_hashtbl[inohash]);
4218 	list_add(&lo->lo_perstateid, &open_stp->st_lockowners);
4219 }
4220 
4221 /*
4222  * Alloc a lock owner structure.
4223  * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has
4224  * occurred.
4225  *
4226  * strhashval = ownerstr_hashval
4227  */
4228 
4229 static struct nfs4_lockowner *
4230 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfs4_ol_stateid *open_stp, struct nfsd4_lock *lock) {
4231 	struct nfs4_lockowner *lo;
4232 
4233 	lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp);
4234 	if (!lo)
4235 		return NULL;
4236 	INIT_LIST_HEAD(&lo->lo_owner.so_stateids);
4237 	lo->lo_owner.so_is_open_owner = 0;
4238 	/* It is the openowner seqid that will be incremented in encode in the
4239 	 * case of new lockowners; so increment the lock seqid manually: */
4240 	lo->lo_owner.so_seqid = lock->lk_new_lock_seqid + 1;
4241 	hash_lockowner(lo, strhashval, clp, open_stp);
4242 	return lo;
4243 }
4244 
4245 static struct nfs4_ol_stateid *
4246 alloc_init_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fp, struct nfs4_ol_stateid *open_stp)
4247 {
4248 	struct nfs4_ol_stateid *stp;
4249 	struct nfs4_client *clp = lo->lo_owner.so_client;
4250 
4251 	stp = nfs4_alloc_stateid(clp);
4252 	if (stp == NULL)
4253 		return NULL;
4254 	stp->st_stid.sc_type = NFS4_LOCK_STID;
4255 	list_add(&stp->st_perfile, &fp->fi_stateids);
4256 	list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
4257 	stp->st_stateowner = &lo->lo_owner;
4258 	get_nfs4_file(fp);
4259 	stp->st_file = fp;
4260 	stp->st_access_bmap = 0;
4261 	stp->st_deny_bmap = open_stp->st_deny_bmap;
4262 	stp->st_openstp = open_stp;
4263 	return stp;
4264 }
4265 
4266 static int
4267 check_lock_length(u64 offset, u64 length)
4268 {
4269 	return ((length == 0)  || ((length != NFS4_MAX_UINT64) &&
4270 	     LOFF_OVERFLOW(offset, length)));
4271 }
4272 
4273 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access)
4274 {
4275 	struct nfs4_file *fp = lock_stp->st_file;
4276 	int oflag = nfs4_access_to_omode(access);
4277 
4278 	if (test_access(access, lock_stp))
4279 		return;
4280 	nfs4_file_get_access(fp, oflag);
4281 	set_access(access, lock_stp);
4282 }
4283 
4284 static __be32 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, struct nfs4_ol_stateid *ost, struct nfsd4_lock *lock, struct nfs4_ol_stateid **lst, bool *new)
4285 {
4286 	struct nfs4_file *fi = ost->st_file;
4287 	struct nfs4_openowner *oo = openowner(ost->st_stateowner);
4288 	struct nfs4_client *cl = oo->oo_owner.so_client;
4289 	struct nfs4_lockowner *lo;
4290 	unsigned int strhashval;
4291 	struct nfsd_net *nn = net_generic(cl->net, nfsd_net_id);
4292 
4293 	lo = find_lockowner_str(fi->fi_inode, &cl->cl_clientid,
4294 				&lock->v.new.owner, nn);
4295 	if (lo) {
4296 		if (!cstate->minorversion)
4297 			return nfserr_bad_seqid;
4298 		/* XXX: a lockowner always has exactly one stateid: */
4299 		*lst = list_first_entry(&lo->lo_owner.so_stateids,
4300 				struct nfs4_ol_stateid, st_perstateowner);
4301 		return nfs_ok;
4302 	}
4303 	strhashval = ownerstr_hashval(cl->cl_clientid.cl_id,
4304 			&lock->v.new.owner);
4305 	lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock);
4306 	if (lo == NULL)
4307 		return nfserr_jukebox;
4308 	*lst = alloc_init_lock_stateid(lo, fi, ost);
4309 	if (*lst == NULL) {
4310 		release_lockowner(lo);
4311 		return nfserr_jukebox;
4312 	}
4313 	*new = true;
4314 	return nfs_ok;
4315 }
4316 
4317 /*
4318  *  LOCK operation
4319  */
4320 __be32
4321 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4322 	   struct nfsd4_lock *lock)
4323 {
4324 	struct nfs4_openowner *open_sop = NULL;
4325 	struct nfs4_lockowner *lock_sop = NULL;
4326 	struct nfs4_ol_stateid *lock_stp;
4327 	struct file *filp = NULL;
4328 	struct file_lock *file_lock = NULL;
4329 	struct file_lock *conflock = NULL;
4330 	__be32 status = 0;
4331 	bool new_state = false;
4332 	int lkflg;
4333 	int err;
4334 	struct net *net = SVC_NET(rqstp);
4335 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4336 
4337 	dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
4338 		(long long) lock->lk_offset,
4339 		(long long) lock->lk_length);
4340 
4341 	if (check_lock_length(lock->lk_offset, lock->lk_length))
4342 		 return nfserr_inval;
4343 
4344 	if ((status = fh_verify(rqstp, &cstate->current_fh,
4345 				S_IFREG, NFSD_MAY_LOCK))) {
4346 		dprintk("NFSD: nfsd4_lock: permission denied!\n");
4347 		return status;
4348 	}
4349 
4350 	nfs4_lock_state();
4351 
4352 	if (lock->lk_is_new) {
4353 		struct nfs4_ol_stateid *open_stp = NULL;
4354 
4355 		if (nfsd4_has_session(cstate))
4356 			/* See rfc 5661 18.10.3: given clientid is ignored: */
4357 			memcpy(&lock->v.new.clientid,
4358 				&cstate->session->se_client->cl_clientid,
4359 				sizeof(clientid_t));
4360 
4361 		status = nfserr_stale_clientid;
4362 		if (STALE_CLIENTID(&lock->lk_new_clientid, nn))
4363 			goto out;
4364 
4365 		/* validate and update open stateid and open seqid */
4366 		status = nfs4_preprocess_confirmed_seqid_op(cstate,
4367 				        lock->lk_new_open_seqid,
4368 		                        &lock->lk_new_open_stateid,
4369 					&open_stp, nn);
4370 		if (status)
4371 			goto out;
4372 		open_sop = openowner(open_stp->st_stateowner);
4373 		status = nfserr_bad_stateid;
4374 		if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
4375 						&lock->v.new.clientid))
4376 			goto out;
4377 		status = lookup_or_create_lock_state(cstate, open_stp, lock,
4378 							&lock_stp, &new_state);
4379 	} else
4380 		status = nfs4_preprocess_seqid_op(cstate,
4381 				       lock->lk_old_lock_seqid,
4382 				       &lock->lk_old_lock_stateid,
4383 				       NFS4_LOCK_STID, &lock_stp, nn);
4384 	if (status)
4385 		goto out;
4386 	lock_sop = lockowner(lock_stp->st_stateowner);
4387 
4388 	lkflg = setlkflg(lock->lk_type);
4389 	status = nfs4_check_openmode(lock_stp, lkflg);
4390 	if (status)
4391 		goto out;
4392 
4393 	status = nfserr_grace;
4394 	if (locks_in_grace(net) && !lock->lk_reclaim)
4395 		goto out;
4396 	status = nfserr_no_grace;
4397 	if (!locks_in_grace(net) && lock->lk_reclaim)
4398 		goto out;
4399 
4400 	file_lock = locks_alloc_lock();
4401 	if (!file_lock) {
4402 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
4403 		status = nfserr_jukebox;
4404 		goto out;
4405 	}
4406 
4407 	locks_init_lock(file_lock);
4408 	switch (lock->lk_type) {
4409 		case NFS4_READ_LT:
4410 		case NFS4_READW_LT:
4411 			filp = find_readable_file(lock_stp->st_file);
4412 			if (filp)
4413 				get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
4414 			file_lock->fl_type = F_RDLCK;
4415 			break;
4416 		case NFS4_WRITE_LT:
4417 		case NFS4_WRITEW_LT:
4418 			filp = find_writeable_file(lock_stp->st_file);
4419 			if (filp)
4420 				get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
4421 			file_lock->fl_type = F_WRLCK;
4422 			break;
4423 		default:
4424 			status = nfserr_inval;
4425 		goto out;
4426 	}
4427 	if (!filp) {
4428 		status = nfserr_openmode;
4429 		goto out;
4430 	}
4431 	file_lock->fl_owner = (fl_owner_t)lock_sop;
4432 	file_lock->fl_pid = current->tgid;
4433 	file_lock->fl_file = filp;
4434 	file_lock->fl_flags = FL_POSIX;
4435 	file_lock->fl_lmops = &nfsd_posix_mng_ops;
4436 	file_lock->fl_start = lock->lk_offset;
4437 	file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
4438 	nfs4_transform_lock_offset(file_lock);
4439 
4440 	conflock = locks_alloc_lock();
4441 	if (!conflock) {
4442 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
4443 		status = nfserr_jukebox;
4444 		goto out;
4445 	}
4446 
4447 	err = vfs_lock_file(filp, F_SETLK, file_lock, conflock);
4448 	switch (-err) {
4449 	case 0: /* success! */
4450 		update_stateid(&lock_stp->st_stid.sc_stateid);
4451 		memcpy(&lock->lk_resp_stateid, &lock_stp->st_stid.sc_stateid,
4452 				sizeof(stateid_t));
4453 		status = 0;
4454 		break;
4455 	case (EAGAIN):		/* conflock holds conflicting lock */
4456 		status = nfserr_denied;
4457 		dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
4458 		nfs4_set_lock_denied(conflock, &lock->lk_denied);
4459 		break;
4460 	case (EDEADLK):
4461 		status = nfserr_deadlock;
4462 		break;
4463 	default:
4464 		dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
4465 		status = nfserrno(err);
4466 		break;
4467 	}
4468 out:
4469 	if (status && new_state)
4470 		release_lockowner(lock_sop);
4471 	nfsd4_bump_seqid(cstate, status);
4472 	if (!cstate->replay_owner)
4473 		nfs4_unlock_state();
4474 	if (file_lock)
4475 		locks_free_lock(file_lock);
4476 	if (conflock)
4477 		locks_free_lock(conflock);
4478 	return status;
4479 }
4480 
4481 /*
4482  * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
4483  * so we do a temporary open here just to get an open file to pass to
4484  * vfs_test_lock.  (Arguably perhaps test_lock should be done with an
4485  * inode operation.)
4486  */
4487 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
4488 {
4489 	struct file *file;
4490 	__be32 err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file);
4491 	if (!err) {
4492 		err = nfserrno(vfs_test_lock(file, lock));
4493 		nfsd_close(file);
4494 	}
4495 	return err;
4496 }
4497 
4498 /*
4499  * LOCKT operation
4500  */
4501 __be32
4502 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4503 	    struct nfsd4_lockt *lockt)
4504 {
4505 	struct inode *inode;
4506 	struct file_lock *file_lock = NULL;
4507 	struct nfs4_lockowner *lo;
4508 	__be32 status;
4509 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4510 
4511 	if (locks_in_grace(SVC_NET(rqstp)))
4512 		return nfserr_grace;
4513 
4514 	if (check_lock_length(lockt->lt_offset, lockt->lt_length))
4515 		 return nfserr_inval;
4516 
4517 	nfs4_lock_state();
4518 
4519 	if (!nfsd4_has_session(cstate)) {
4520 		status = lookup_clientid(&lockt->lt_clientid, false, nn, NULL);
4521 		if (status)
4522 			goto out;
4523 	}
4524 
4525 	if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
4526 		goto out;
4527 
4528 	inode = cstate->current_fh.fh_dentry->d_inode;
4529 	file_lock = locks_alloc_lock();
4530 	if (!file_lock) {
4531 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
4532 		status = nfserr_jukebox;
4533 		goto out;
4534 	}
4535 	locks_init_lock(file_lock);
4536 	switch (lockt->lt_type) {
4537 		case NFS4_READ_LT:
4538 		case NFS4_READW_LT:
4539 			file_lock->fl_type = F_RDLCK;
4540 		break;
4541 		case NFS4_WRITE_LT:
4542 		case NFS4_WRITEW_LT:
4543 			file_lock->fl_type = F_WRLCK;
4544 		break;
4545 		default:
4546 			dprintk("NFSD: nfs4_lockt: bad lock type!\n");
4547 			status = nfserr_inval;
4548 		goto out;
4549 	}
4550 
4551 	lo = find_lockowner_str(inode, &lockt->lt_clientid, &lockt->lt_owner, nn);
4552 	if (lo)
4553 		file_lock->fl_owner = (fl_owner_t)lo;
4554 	file_lock->fl_pid = current->tgid;
4555 	file_lock->fl_flags = FL_POSIX;
4556 
4557 	file_lock->fl_start = lockt->lt_offset;
4558 	file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
4559 
4560 	nfs4_transform_lock_offset(file_lock);
4561 
4562 	status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock);
4563 	if (status)
4564 		goto out;
4565 
4566 	if (file_lock->fl_type != F_UNLCK) {
4567 		status = nfserr_denied;
4568 		nfs4_set_lock_denied(file_lock, &lockt->lt_denied);
4569 	}
4570 out:
4571 	nfs4_unlock_state();
4572 	if (file_lock)
4573 		locks_free_lock(file_lock);
4574 	return status;
4575 }
4576 
4577 __be32
4578 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4579 	    struct nfsd4_locku *locku)
4580 {
4581 	struct nfs4_ol_stateid *stp;
4582 	struct file *filp = NULL;
4583 	struct file_lock *file_lock = NULL;
4584 	__be32 status;
4585 	int err;
4586 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4587 
4588 	dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
4589 		(long long) locku->lu_offset,
4590 		(long long) locku->lu_length);
4591 
4592 	if (check_lock_length(locku->lu_offset, locku->lu_length))
4593 		 return nfserr_inval;
4594 
4595 	nfs4_lock_state();
4596 
4597 	status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid,
4598 					&locku->lu_stateid, NFS4_LOCK_STID,
4599 					&stp, nn);
4600 	if (status)
4601 		goto out;
4602 	filp = find_any_file(stp->st_file);
4603 	if (!filp) {
4604 		status = nfserr_lock_range;
4605 		goto out;
4606 	}
4607 	file_lock = locks_alloc_lock();
4608 	if (!file_lock) {
4609 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
4610 		status = nfserr_jukebox;
4611 		goto out;
4612 	}
4613 	locks_init_lock(file_lock);
4614 	file_lock->fl_type = F_UNLCK;
4615 	file_lock->fl_owner = (fl_owner_t)lockowner(stp->st_stateowner);
4616 	file_lock->fl_pid = current->tgid;
4617 	file_lock->fl_file = filp;
4618 	file_lock->fl_flags = FL_POSIX;
4619 	file_lock->fl_lmops = &nfsd_posix_mng_ops;
4620 	file_lock->fl_start = locku->lu_offset;
4621 
4622 	file_lock->fl_end = last_byte_offset(locku->lu_offset,
4623 						locku->lu_length);
4624 	nfs4_transform_lock_offset(file_lock);
4625 
4626 	err = vfs_lock_file(filp, F_SETLK, file_lock, NULL);
4627 	if (err) {
4628 		dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
4629 		goto out_nfserr;
4630 	}
4631 	update_stateid(&stp->st_stid.sc_stateid);
4632 	memcpy(&locku->lu_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
4633 
4634 out:
4635 	nfsd4_bump_seqid(cstate, status);
4636 	if (!cstate->replay_owner)
4637 		nfs4_unlock_state();
4638 	if (file_lock)
4639 		locks_free_lock(file_lock);
4640 	return status;
4641 
4642 out_nfserr:
4643 	status = nfserrno(err);
4644 	goto out;
4645 }
4646 
4647 /*
4648  * returns
4649  * 	1: locks held by lockowner
4650  * 	0: no locks held by lockowner
4651  */
4652 static int
4653 check_for_locks(struct nfs4_file *filp, struct nfs4_lockowner *lowner)
4654 {
4655 	struct file_lock **flpp;
4656 	struct inode *inode = filp->fi_inode;
4657 	int status = 0;
4658 
4659 	spin_lock(&inode->i_lock);
4660 	for (flpp = &inode->i_flock; *flpp != NULL; flpp = &(*flpp)->fl_next) {
4661 		if ((*flpp)->fl_owner == (fl_owner_t)lowner) {
4662 			status = 1;
4663 			goto out;
4664 		}
4665 	}
4666 out:
4667 	spin_unlock(&inode->i_lock);
4668 	return status;
4669 }
4670 
4671 __be32
4672 nfsd4_release_lockowner(struct svc_rqst *rqstp,
4673 			struct nfsd4_compound_state *cstate,
4674 			struct nfsd4_release_lockowner *rlockowner)
4675 {
4676 	clientid_t *clid = &rlockowner->rl_clientid;
4677 	struct nfs4_stateowner *sop;
4678 	struct nfs4_lockowner *lo;
4679 	struct nfs4_ol_stateid *stp;
4680 	struct xdr_netobj *owner = &rlockowner->rl_owner;
4681 	struct list_head matches;
4682 	unsigned int hashval = ownerstr_hashval(clid->cl_id, owner);
4683 	__be32 status;
4684 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4685 
4686 	dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
4687 		clid->cl_boot, clid->cl_id);
4688 
4689 	nfs4_lock_state();
4690 
4691 	status = lookup_clientid(clid, cstate->minorversion, nn, NULL);
4692 	if (status)
4693 		goto out;
4694 
4695 	status = nfserr_locks_held;
4696 	INIT_LIST_HEAD(&matches);
4697 
4698 	list_for_each_entry(sop, &nn->ownerstr_hashtbl[hashval], so_strhash) {
4699 		if (sop->so_is_open_owner)
4700 			continue;
4701 		if (!same_owner_str(sop, owner, clid))
4702 			continue;
4703 		list_for_each_entry(stp, &sop->so_stateids,
4704 				st_perstateowner) {
4705 			lo = lockowner(sop);
4706 			if (check_for_locks(stp->st_file, lo))
4707 				goto out;
4708 			list_add(&lo->lo_list, &matches);
4709 		}
4710 	}
4711 	/* Clients probably won't expect us to return with some (but not all)
4712 	 * of the lockowner state released; so don't release any until all
4713 	 * have been checked. */
4714 	status = nfs_ok;
4715 	while (!list_empty(&matches)) {
4716 		lo = list_entry(matches.next, struct nfs4_lockowner,
4717 								lo_list);
4718 		/* unhash_stateowner deletes so_perclient only
4719 		 * for openowners. */
4720 		list_del(&lo->lo_list);
4721 		release_lockowner(lo);
4722 	}
4723 out:
4724 	nfs4_unlock_state();
4725 	return status;
4726 }
4727 
4728 static inline struct nfs4_client_reclaim *
4729 alloc_reclaim(void)
4730 {
4731 	return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
4732 }
4733 
4734 bool
4735 nfs4_has_reclaimed_state(const char *name, struct nfsd_net *nn)
4736 {
4737 	struct nfs4_client_reclaim *crp;
4738 
4739 	crp = nfsd4_find_reclaim_client(name, nn);
4740 	return (crp && crp->cr_clp);
4741 }
4742 
4743 /*
4744  * failure => all reset bets are off, nfserr_no_grace...
4745  */
4746 struct nfs4_client_reclaim *
4747 nfs4_client_to_reclaim(const char *name, struct nfsd_net *nn)
4748 {
4749 	unsigned int strhashval;
4750 	struct nfs4_client_reclaim *crp;
4751 
4752 	dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name);
4753 	crp = alloc_reclaim();
4754 	if (crp) {
4755 		strhashval = clientstr_hashval(name);
4756 		INIT_LIST_HEAD(&crp->cr_strhash);
4757 		list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]);
4758 		memcpy(crp->cr_recdir, name, HEXDIR_LEN);
4759 		crp->cr_clp = NULL;
4760 		nn->reclaim_str_hashtbl_size++;
4761 	}
4762 	return crp;
4763 }
4764 
4765 void
4766 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn)
4767 {
4768 	list_del(&crp->cr_strhash);
4769 	kfree(crp);
4770 	nn->reclaim_str_hashtbl_size--;
4771 }
4772 
4773 void
4774 nfs4_release_reclaim(struct nfsd_net *nn)
4775 {
4776 	struct nfs4_client_reclaim *crp = NULL;
4777 	int i;
4778 
4779 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4780 		while (!list_empty(&nn->reclaim_str_hashtbl[i])) {
4781 			crp = list_entry(nn->reclaim_str_hashtbl[i].next,
4782 			                struct nfs4_client_reclaim, cr_strhash);
4783 			nfs4_remove_reclaim_record(crp, nn);
4784 		}
4785 	}
4786 	WARN_ON_ONCE(nn->reclaim_str_hashtbl_size);
4787 }
4788 
4789 /*
4790  * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
4791 struct nfs4_client_reclaim *
4792 nfsd4_find_reclaim_client(const char *recdir, struct nfsd_net *nn)
4793 {
4794 	unsigned int strhashval;
4795 	struct nfs4_client_reclaim *crp = NULL;
4796 
4797 	dprintk("NFSD: nfs4_find_reclaim_client for recdir %s\n", recdir);
4798 
4799 	strhashval = clientstr_hashval(recdir);
4800 	list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) {
4801 		if (same_name(crp->cr_recdir, recdir)) {
4802 			return crp;
4803 		}
4804 	}
4805 	return NULL;
4806 }
4807 
4808 /*
4809 * Called from OPEN. Look for clientid in reclaim list.
4810 */
4811 __be32
4812 nfs4_check_open_reclaim(clientid_t *clid, bool sessions, struct nfsd_net *nn)
4813 {
4814 	struct nfs4_client *clp;
4815 
4816 	/* find clientid in conf_id_hashtbl */
4817 	clp = find_confirmed_client(clid, sessions, nn);
4818 	if (clp == NULL)
4819 		return nfserr_reclaim_bad;
4820 
4821 	return nfsd4_client_record_check(clp) ? nfserr_reclaim_bad : nfs_ok;
4822 }
4823 
4824 #ifdef CONFIG_NFSD_FAULT_INJECTION
4825 
4826 u64 nfsd_forget_client(struct nfs4_client *clp, u64 max)
4827 {
4828 	if (mark_client_expired(clp))
4829 		return 0;
4830 	expire_client(clp);
4831 	return 1;
4832 }
4833 
4834 u64 nfsd_print_client(struct nfs4_client *clp, u64 num)
4835 {
4836 	char buf[INET6_ADDRSTRLEN];
4837 	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
4838 	printk(KERN_INFO "NFS Client: %s\n", buf);
4839 	return 1;
4840 }
4841 
4842 static void nfsd_print_count(struct nfs4_client *clp, unsigned int count,
4843 			     const char *type)
4844 {
4845 	char buf[INET6_ADDRSTRLEN];
4846 	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
4847 	printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type);
4848 }
4849 
4850 static u64 nfsd_foreach_client_lock(struct nfs4_client *clp, u64 max, void (*func)(struct nfs4_lockowner *))
4851 {
4852 	struct nfs4_openowner *oop;
4853 	struct nfs4_lockowner *lop, *lo_next;
4854 	struct nfs4_ol_stateid *stp, *st_next;
4855 	u64 count = 0;
4856 
4857 	list_for_each_entry(oop, &clp->cl_openowners, oo_perclient) {
4858 		list_for_each_entry_safe(stp, st_next, &oop->oo_owner.so_stateids, st_perstateowner) {
4859 			list_for_each_entry_safe(lop, lo_next, &stp->st_lockowners, lo_perstateid) {
4860 				if (func)
4861 					func(lop);
4862 				if (++count == max)
4863 					return count;
4864 			}
4865 		}
4866 	}
4867 
4868 	return count;
4869 }
4870 
4871 u64 nfsd_forget_client_locks(struct nfs4_client *clp, u64 max)
4872 {
4873 	return nfsd_foreach_client_lock(clp, max, release_lockowner);
4874 }
4875 
4876 u64 nfsd_print_client_locks(struct nfs4_client *clp, u64 max)
4877 {
4878 	u64 count = nfsd_foreach_client_lock(clp, max, NULL);
4879 	nfsd_print_count(clp, count, "locked files");
4880 	return count;
4881 }
4882 
4883 static u64 nfsd_foreach_client_open(struct nfs4_client *clp, u64 max, void (*func)(struct nfs4_openowner *))
4884 {
4885 	struct nfs4_openowner *oop, *next;
4886 	u64 count = 0;
4887 
4888 	list_for_each_entry_safe(oop, next, &clp->cl_openowners, oo_perclient) {
4889 		if (func)
4890 			func(oop);
4891 		if (++count == max)
4892 			break;
4893 	}
4894 
4895 	return count;
4896 }
4897 
4898 u64 nfsd_forget_client_openowners(struct nfs4_client *clp, u64 max)
4899 {
4900 	return nfsd_foreach_client_open(clp, max, release_openowner);
4901 }
4902 
4903 u64 nfsd_print_client_openowners(struct nfs4_client *clp, u64 max)
4904 {
4905 	u64 count = nfsd_foreach_client_open(clp, max, NULL);
4906 	nfsd_print_count(clp, count, "open files");
4907 	return count;
4908 }
4909 
4910 static u64 nfsd_find_all_delegations(struct nfs4_client *clp, u64 max,
4911 				     struct list_head *victims)
4912 {
4913 	struct nfs4_delegation *dp, *next;
4914 	u64 count = 0;
4915 
4916 	lockdep_assert_held(&state_lock);
4917 	list_for_each_entry_safe(dp, next, &clp->cl_delegations, dl_perclnt) {
4918 		if (victims)
4919 			list_move(&dp->dl_recall_lru, victims);
4920 		if (++count == max)
4921 			break;
4922 	}
4923 	return count;
4924 }
4925 
4926 u64 nfsd_forget_client_delegations(struct nfs4_client *clp, u64 max)
4927 {
4928 	struct nfs4_delegation *dp, *next;
4929 	LIST_HEAD(victims);
4930 	u64 count;
4931 
4932 	spin_lock(&state_lock);
4933 	count = nfsd_find_all_delegations(clp, max, &victims);
4934 	spin_unlock(&state_lock);
4935 
4936 	list_for_each_entry_safe(dp, next, &victims, dl_recall_lru)
4937 		revoke_delegation(dp);
4938 
4939 	return count;
4940 }
4941 
4942 u64 nfsd_recall_client_delegations(struct nfs4_client *clp, u64 max)
4943 {
4944 	struct nfs4_delegation *dp, *next;
4945 	LIST_HEAD(victims);
4946 	u64 count;
4947 
4948 	spin_lock(&state_lock);
4949 	count = nfsd_find_all_delegations(clp, max, &victims);
4950 	list_for_each_entry_safe(dp, next, &victims, dl_recall_lru)
4951 		nfsd_break_one_deleg(dp);
4952 	spin_unlock(&state_lock);
4953 
4954 	return count;
4955 }
4956 
4957 u64 nfsd_print_client_delegations(struct nfs4_client *clp, u64 max)
4958 {
4959 	u64 count = 0;
4960 
4961 	spin_lock(&state_lock);
4962 	count = nfsd_find_all_delegations(clp, max, NULL);
4963 	spin_unlock(&state_lock);
4964 
4965 	nfsd_print_count(clp, count, "delegations");
4966 	return count;
4967 }
4968 
4969 u64 nfsd_for_n_state(u64 max, u64 (*func)(struct nfs4_client *, u64))
4970 {
4971 	struct nfs4_client *clp, *next;
4972 	u64 count = 0;
4973 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, nfsd_net_id);
4974 
4975 	if (!nfsd_netns_ready(nn))
4976 		return 0;
4977 
4978 	list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) {
4979 		count += func(clp, max - count);
4980 		if ((max != 0) && (count >= max))
4981 			break;
4982 	}
4983 
4984 	return count;
4985 }
4986 
4987 struct nfs4_client *nfsd_find_client(struct sockaddr_storage *addr, size_t addr_size)
4988 {
4989 	struct nfs4_client *clp;
4990 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, nfsd_net_id);
4991 
4992 	if (!nfsd_netns_ready(nn))
4993 		return NULL;
4994 
4995 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
4996 		if (memcmp(&clp->cl_addr, addr, addr_size) == 0)
4997 			return clp;
4998 	}
4999 	return NULL;
5000 }
5001 
5002 #endif /* CONFIG_NFSD_FAULT_INJECTION */
5003 
5004 /*
5005  * Since the lifetime of a delegation isn't limited to that of an open, a
5006  * client may quite reasonably hang on to a delegation as long as it has
5007  * the inode cached.  This becomes an obvious problem the first time a
5008  * client's inode cache approaches the size of the server's total memory.
5009  *
5010  * For now we avoid this problem by imposing a hard limit on the number
5011  * of delegations, which varies according to the server's memory size.
5012  */
5013 static void
5014 set_max_delegations(void)
5015 {
5016 	/*
5017 	 * Allow at most 4 delegations per megabyte of RAM.  Quick
5018 	 * estimates suggest that in the worst case (where every delegation
5019 	 * is for a different inode), a delegation could take about 1.5K,
5020 	 * giving a worst case usage of about 6% of memory.
5021 	 */
5022 	max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT);
5023 }
5024 
5025 static int nfs4_state_create_net(struct net *net)
5026 {
5027 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5028 	int i;
5029 
5030 	nn->conf_id_hashtbl = kmalloc(sizeof(struct list_head) *
5031 			CLIENT_HASH_SIZE, GFP_KERNEL);
5032 	if (!nn->conf_id_hashtbl)
5033 		goto err;
5034 	nn->unconf_id_hashtbl = kmalloc(sizeof(struct list_head) *
5035 			CLIENT_HASH_SIZE, GFP_KERNEL);
5036 	if (!nn->unconf_id_hashtbl)
5037 		goto err_unconf_id;
5038 	nn->ownerstr_hashtbl = kmalloc(sizeof(struct list_head) *
5039 			OWNER_HASH_SIZE, GFP_KERNEL);
5040 	if (!nn->ownerstr_hashtbl)
5041 		goto err_ownerstr;
5042 	nn->lockowner_ino_hashtbl = kmalloc(sizeof(struct list_head) *
5043 			LOCKOWNER_INO_HASH_SIZE, GFP_KERNEL);
5044 	if (!nn->lockowner_ino_hashtbl)
5045 		goto err_lockowner_ino;
5046 	nn->sessionid_hashtbl = kmalloc(sizeof(struct list_head) *
5047 			SESSION_HASH_SIZE, GFP_KERNEL);
5048 	if (!nn->sessionid_hashtbl)
5049 		goto err_sessionid;
5050 
5051 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
5052 		INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]);
5053 		INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]);
5054 	}
5055 	for (i = 0; i < OWNER_HASH_SIZE; i++)
5056 		INIT_LIST_HEAD(&nn->ownerstr_hashtbl[i]);
5057 	for (i = 0; i < LOCKOWNER_INO_HASH_SIZE; i++)
5058 		INIT_LIST_HEAD(&nn->lockowner_ino_hashtbl[i]);
5059 	for (i = 0; i < SESSION_HASH_SIZE; i++)
5060 		INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]);
5061 	nn->conf_name_tree = RB_ROOT;
5062 	nn->unconf_name_tree = RB_ROOT;
5063 	INIT_LIST_HEAD(&nn->client_lru);
5064 	INIT_LIST_HEAD(&nn->close_lru);
5065 	INIT_LIST_HEAD(&nn->del_recall_lru);
5066 	spin_lock_init(&nn->client_lock);
5067 
5068 	INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main);
5069 	get_net(net);
5070 
5071 	return 0;
5072 
5073 err_sessionid:
5074 	kfree(nn->lockowner_ino_hashtbl);
5075 err_lockowner_ino:
5076 	kfree(nn->ownerstr_hashtbl);
5077 err_ownerstr:
5078 	kfree(nn->unconf_id_hashtbl);
5079 err_unconf_id:
5080 	kfree(nn->conf_id_hashtbl);
5081 err:
5082 	return -ENOMEM;
5083 }
5084 
5085 static void
5086 nfs4_state_destroy_net(struct net *net)
5087 {
5088 	int i;
5089 	struct nfs4_client *clp = NULL;
5090 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5091 
5092 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
5093 		while (!list_empty(&nn->conf_id_hashtbl[i])) {
5094 			clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
5095 			destroy_client(clp);
5096 		}
5097 	}
5098 
5099 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
5100 		while (!list_empty(&nn->unconf_id_hashtbl[i])) {
5101 			clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
5102 			destroy_client(clp);
5103 		}
5104 	}
5105 
5106 	kfree(nn->sessionid_hashtbl);
5107 	kfree(nn->lockowner_ino_hashtbl);
5108 	kfree(nn->ownerstr_hashtbl);
5109 	kfree(nn->unconf_id_hashtbl);
5110 	kfree(nn->conf_id_hashtbl);
5111 	put_net(net);
5112 }
5113 
5114 int
5115 nfs4_state_start_net(struct net *net)
5116 {
5117 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5118 	int ret;
5119 
5120 	ret = nfs4_state_create_net(net);
5121 	if (ret)
5122 		return ret;
5123 	nfsd4_client_tracking_init(net);
5124 	nn->boot_time = get_seconds();
5125 	locks_start_grace(net, &nn->nfsd4_manager);
5126 	nn->grace_ended = false;
5127 	printk(KERN_INFO "NFSD: starting %ld-second grace period (net %p)\n",
5128 	       nn->nfsd4_grace, net);
5129 	queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ);
5130 	return 0;
5131 }
5132 
5133 /* initialization to perform when the nfsd service is started: */
5134 
5135 int
5136 nfs4_state_start(void)
5137 {
5138 	int ret;
5139 
5140 	ret = set_callback_cred();
5141 	if (ret)
5142 		return -ENOMEM;
5143 	laundry_wq = create_singlethread_workqueue("nfsd4");
5144 	if (laundry_wq == NULL) {
5145 		ret = -ENOMEM;
5146 		goto out_recovery;
5147 	}
5148 	ret = nfsd4_create_callback_queue();
5149 	if (ret)
5150 		goto out_free_laundry;
5151 
5152 	set_max_delegations();
5153 
5154 	return 0;
5155 
5156 out_free_laundry:
5157 	destroy_workqueue(laundry_wq);
5158 out_recovery:
5159 	return ret;
5160 }
5161 
5162 void
5163 nfs4_state_shutdown_net(struct net *net)
5164 {
5165 	struct nfs4_delegation *dp = NULL;
5166 	struct list_head *pos, *next, reaplist;
5167 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5168 
5169 	cancel_delayed_work_sync(&nn->laundromat_work);
5170 	locks_end_grace(&nn->nfsd4_manager);
5171 
5172 	nfs4_lock_state();
5173 	INIT_LIST_HEAD(&reaplist);
5174 	spin_lock(&state_lock);
5175 	list_for_each_safe(pos, next, &nn->del_recall_lru) {
5176 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
5177 		list_move(&dp->dl_recall_lru, &reaplist);
5178 	}
5179 	spin_unlock(&state_lock);
5180 	list_for_each_safe(pos, next, &reaplist) {
5181 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
5182 		destroy_delegation(dp);
5183 	}
5184 
5185 	nfsd4_client_tracking_exit(net);
5186 	nfs4_state_destroy_net(net);
5187 	nfs4_unlock_state();
5188 }
5189 
5190 void
5191 nfs4_state_shutdown(void)
5192 {
5193 	destroy_workqueue(laundry_wq);
5194 	nfsd4_destroy_callback_queue();
5195 }
5196 
5197 static void
5198 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
5199 {
5200 	if (HAS_STATE_ID(cstate, CURRENT_STATE_ID_FLAG) && CURRENT_STATEID(stateid))
5201 		memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t));
5202 }
5203 
5204 static void
5205 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
5206 {
5207 	if (cstate->minorversion) {
5208 		memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t));
5209 		SET_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
5210 	}
5211 }
5212 
5213 void
5214 clear_current_stateid(struct nfsd4_compound_state *cstate)
5215 {
5216 	CLEAR_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
5217 }
5218 
5219 /*
5220  * functions to set current state id
5221  */
5222 void
5223 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
5224 {
5225 	put_stateid(cstate, &odp->od_stateid);
5226 }
5227 
5228 void
5229 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, struct nfsd4_open *open)
5230 {
5231 	put_stateid(cstate, &open->op_stateid);
5232 }
5233 
5234 void
5235 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
5236 {
5237 	put_stateid(cstate, &close->cl_stateid);
5238 }
5239 
5240 void
5241 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lock)
5242 {
5243 	put_stateid(cstate, &lock->lk_resp_stateid);
5244 }
5245 
5246 /*
5247  * functions to consume current state id
5248  */
5249 
5250 void
5251 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
5252 {
5253 	get_stateid(cstate, &odp->od_stateid);
5254 }
5255 
5256 void
5257 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, struct nfsd4_delegreturn *drp)
5258 {
5259 	get_stateid(cstate, &drp->dr_stateid);
5260 }
5261 
5262 void
5263 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, struct nfsd4_free_stateid *fsp)
5264 {
5265 	get_stateid(cstate, &fsp->fr_stateid);
5266 }
5267 
5268 void
5269 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, struct nfsd4_setattr *setattr)
5270 {
5271 	get_stateid(cstate, &setattr->sa_stateid);
5272 }
5273 
5274 void
5275 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
5276 {
5277 	get_stateid(cstate, &close->cl_stateid);
5278 }
5279 
5280 void
5281 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, struct nfsd4_locku *locku)
5282 {
5283 	get_stateid(cstate, &locku->lu_stateid);
5284 }
5285 
5286 void
5287 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, struct nfsd4_read *read)
5288 {
5289 	get_stateid(cstate, &read->rd_stateid);
5290 }
5291 
5292 void
5293 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, struct nfsd4_write *write)
5294 {
5295 	get_stateid(cstate, &write->wr_stateid);
5296 }
5297