xref: /openbmc/linux/fs/nfsd/nfs4state.c (revision e6e8c82b)
1 /*
2 *  Copyright (c) 2001 The Regents of the University of Michigan.
3 *  All rights reserved.
4 *
5 *  Kendrick Smith <kmsmith@umich.edu>
6 *  Andy Adamson <kandros@umich.edu>
7 *
8 *  Redistribution and use in source and binary forms, with or without
9 *  modification, are permitted provided that the following conditions
10 *  are met:
11 *
12 *  1. Redistributions of source code must retain the above copyright
13 *     notice, this list of conditions and the following disclaimer.
14 *  2. Redistributions in binary form must reproduce the above copyright
15 *     notice, this list of conditions and the following disclaimer in the
16 *     documentation and/or other materials provided with the distribution.
17 *  3. Neither the name of the University nor the names of its
18 *     contributors may be used to endorse or promote products derived
19 *     from this software without specific prior written permission.
20 *
21 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
34 
35 #include <linux/file.h>
36 #include <linux/fs.h>
37 #include <linux/slab.h>
38 #include <linux/namei.h>
39 #include <linux/swap.h>
40 #include <linux/pagemap.h>
41 #include <linux/ratelimit.h>
42 #include <linux/sunrpc/svcauth_gss.h>
43 #include <linux/sunrpc/addr.h>
44 #include <linux/jhash.h>
45 #include "xdr4.h"
46 #include "xdr4cb.h"
47 #include "vfs.h"
48 #include "current_stateid.h"
49 
50 #include "netns.h"
51 #include "pnfs.h"
52 
53 #define NFSDDBG_FACILITY                NFSDDBG_PROC
54 
55 #define all_ones {{~0,~0},~0}
56 static const stateid_t one_stateid = {
57 	.si_generation = ~0,
58 	.si_opaque = all_ones,
59 };
60 static const stateid_t zero_stateid = {
61 	/* all fields zero */
62 };
63 static const stateid_t currentstateid = {
64 	.si_generation = 1,
65 };
66 static const stateid_t close_stateid = {
67 	.si_generation = 0xffffffffU,
68 };
69 
70 static u64 current_sessionid = 1;
71 
72 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
73 #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
74 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
75 #define CLOSE_STATEID(stateid)  (!memcmp((stateid), &close_stateid, sizeof(stateid_t)))
76 
77 /* forward declarations */
78 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
79 static void nfs4_free_ol_stateid(struct nfs4_stid *stid);
80 
81 /* Locking: */
82 
83 /*
84  * Currently used for the del_recall_lru and file hash table.  In an
85  * effort to decrease the scope of the client_mutex, this spinlock may
86  * eventually cover more:
87  */
88 static DEFINE_SPINLOCK(state_lock);
89 
90 enum nfsd4_st_mutex_lock_subclass {
91 	OPEN_STATEID_MUTEX = 0,
92 	LOCK_STATEID_MUTEX = 1,
93 };
94 
95 /*
96  * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for
97  * the refcount on the open stateid to drop.
98  */
99 static DECLARE_WAIT_QUEUE_HEAD(close_wq);
100 
101 static struct kmem_cache *client_slab;
102 static struct kmem_cache *openowner_slab;
103 static struct kmem_cache *lockowner_slab;
104 static struct kmem_cache *file_slab;
105 static struct kmem_cache *stateid_slab;
106 static struct kmem_cache *deleg_slab;
107 static struct kmem_cache *odstate_slab;
108 
109 static void free_session(struct nfsd4_session *);
110 
111 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops;
112 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops;
113 
114 static bool is_session_dead(struct nfsd4_session *ses)
115 {
116 	return ses->se_flags & NFS4_SESSION_DEAD;
117 }
118 
119 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)
120 {
121 	if (atomic_read(&ses->se_ref) > ref_held_by_me)
122 		return nfserr_jukebox;
123 	ses->se_flags |= NFS4_SESSION_DEAD;
124 	return nfs_ok;
125 }
126 
127 static bool is_client_expired(struct nfs4_client *clp)
128 {
129 	return clp->cl_time == 0;
130 }
131 
132 static __be32 get_client_locked(struct nfs4_client *clp)
133 {
134 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
135 
136 	lockdep_assert_held(&nn->client_lock);
137 
138 	if (is_client_expired(clp))
139 		return nfserr_expired;
140 	atomic_inc(&clp->cl_refcount);
141 	return nfs_ok;
142 }
143 
144 /* must be called under the client_lock */
145 static inline void
146 renew_client_locked(struct nfs4_client *clp)
147 {
148 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
149 
150 	if (is_client_expired(clp)) {
151 		WARN_ON(1);
152 		printk("%s: client (clientid %08x/%08x) already expired\n",
153 			__func__,
154 			clp->cl_clientid.cl_boot,
155 			clp->cl_clientid.cl_id);
156 		return;
157 	}
158 
159 	dprintk("renewing client (clientid %08x/%08x)\n",
160 			clp->cl_clientid.cl_boot,
161 			clp->cl_clientid.cl_id);
162 	list_move_tail(&clp->cl_lru, &nn->client_lru);
163 	clp->cl_time = get_seconds();
164 }
165 
166 static void put_client_renew_locked(struct nfs4_client *clp)
167 {
168 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
169 
170 	lockdep_assert_held(&nn->client_lock);
171 
172 	if (!atomic_dec_and_test(&clp->cl_refcount))
173 		return;
174 	if (!is_client_expired(clp))
175 		renew_client_locked(clp);
176 }
177 
178 static void put_client_renew(struct nfs4_client *clp)
179 {
180 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
181 
182 	if (!atomic_dec_and_lock(&clp->cl_refcount, &nn->client_lock))
183 		return;
184 	if (!is_client_expired(clp))
185 		renew_client_locked(clp);
186 	spin_unlock(&nn->client_lock);
187 }
188 
189 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses)
190 {
191 	__be32 status;
192 
193 	if (is_session_dead(ses))
194 		return nfserr_badsession;
195 	status = get_client_locked(ses->se_client);
196 	if (status)
197 		return status;
198 	atomic_inc(&ses->se_ref);
199 	return nfs_ok;
200 }
201 
202 static void nfsd4_put_session_locked(struct nfsd4_session *ses)
203 {
204 	struct nfs4_client *clp = ses->se_client;
205 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
206 
207 	lockdep_assert_held(&nn->client_lock);
208 
209 	if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))
210 		free_session(ses);
211 	put_client_renew_locked(clp);
212 }
213 
214 static void nfsd4_put_session(struct nfsd4_session *ses)
215 {
216 	struct nfs4_client *clp = ses->se_client;
217 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
218 
219 	spin_lock(&nn->client_lock);
220 	nfsd4_put_session_locked(ses);
221 	spin_unlock(&nn->client_lock);
222 }
223 
224 static struct nfsd4_blocked_lock *
225 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
226 			struct nfsd_net *nn)
227 {
228 	struct nfsd4_blocked_lock *cur, *found = NULL;
229 
230 	spin_lock(&nn->blocked_locks_lock);
231 	list_for_each_entry(cur, &lo->lo_blocked, nbl_list) {
232 		if (fh_match(fh, &cur->nbl_fh)) {
233 			list_del_init(&cur->nbl_list);
234 			list_del_init(&cur->nbl_lru);
235 			found = cur;
236 			break;
237 		}
238 	}
239 	spin_unlock(&nn->blocked_locks_lock);
240 	if (found)
241 		locks_delete_block(&found->nbl_lock);
242 	return found;
243 }
244 
245 static struct nfsd4_blocked_lock *
246 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
247 			struct nfsd_net *nn)
248 {
249 	struct nfsd4_blocked_lock *nbl;
250 
251 	nbl = find_blocked_lock(lo, fh, nn);
252 	if (!nbl) {
253 		nbl= kmalloc(sizeof(*nbl), GFP_KERNEL);
254 		if (nbl) {
255 			fh_copy_shallow(&nbl->nbl_fh, fh);
256 			locks_init_lock(&nbl->nbl_lock);
257 			nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client,
258 					&nfsd4_cb_notify_lock_ops,
259 					NFSPROC4_CLNT_CB_NOTIFY_LOCK);
260 		}
261 	}
262 	return nbl;
263 }
264 
265 static void
266 free_blocked_lock(struct nfsd4_blocked_lock *nbl)
267 {
268 	locks_release_private(&nbl->nbl_lock);
269 	kfree(nbl);
270 }
271 
272 static void
273 remove_blocked_locks(struct nfs4_lockowner *lo)
274 {
275 	struct nfs4_client *clp = lo->lo_owner.so_client;
276 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
277 	struct nfsd4_blocked_lock *nbl;
278 	LIST_HEAD(reaplist);
279 
280 	/* Dequeue all blocked locks */
281 	spin_lock(&nn->blocked_locks_lock);
282 	while (!list_empty(&lo->lo_blocked)) {
283 		nbl = list_first_entry(&lo->lo_blocked,
284 					struct nfsd4_blocked_lock,
285 					nbl_list);
286 		list_del_init(&nbl->nbl_list);
287 		list_move(&nbl->nbl_lru, &reaplist);
288 	}
289 	spin_unlock(&nn->blocked_locks_lock);
290 
291 	/* Now free them */
292 	while (!list_empty(&reaplist)) {
293 		nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock,
294 					nbl_lru);
295 		list_del_init(&nbl->nbl_lru);
296 		locks_delete_block(&nbl->nbl_lock);
297 		free_blocked_lock(nbl);
298 	}
299 }
300 
301 static int
302 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task)
303 {
304 	/*
305 	 * Since this is just an optimization, we don't try very hard if it
306 	 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and
307 	 * just quit trying on anything else.
308 	 */
309 	switch (task->tk_status) {
310 	case -NFS4ERR_DELAY:
311 		rpc_delay(task, 1 * HZ);
312 		return 0;
313 	default:
314 		return 1;
315 	}
316 }
317 
318 static void
319 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb)
320 {
321 	struct nfsd4_blocked_lock	*nbl = container_of(cb,
322 						struct nfsd4_blocked_lock, nbl_cb);
323 
324 	free_blocked_lock(nbl);
325 }
326 
327 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = {
328 	.done		= nfsd4_cb_notify_lock_done,
329 	.release	= nfsd4_cb_notify_lock_release,
330 };
331 
332 static inline struct nfs4_stateowner *
333 nfs4_get_stateowner(struct nfs4_stateowner *sop)
334 {
335 	atomic_inc(&sop->so_count);
336 	return sop;
337 }
338 
339 static int
340 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner)
341 {
342 	return (sop->so_owner.len == owner->len) &&
343 		0 == memcmp(sop->so_owner.data, owner->data, owner->len);
344 }
345 
346 static struct nfs4_openowner *
347 find_openstateowner_str_locked(unsigned int hashval, struct nfsd4_open *open,
348 			struct nfs4_client *clp)
349 {
350 	struct nfs4_stateowner *so;
351 
352 	lockdep_assert_held(&clp->cl_lock);
353 
354 	list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval],
355 			    so_strhash) {
356 		if (!so->so_is_open_owner)
357 			continue;
358 		if (same_owner_str(so, &open->op_owner))
359 			return openowner(nfs4_get_stateowner(so));
360 	}
361 	return NULL;
362 }
363 
364 static struct nfs4_openowner *
365 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open,
366 			struct nfs4_client *clp)
367 {
368 	struct nfs4_openowner *oo;
369 
370 	spin_lock(&clp->cl_lock);
371 	oo = find_openstateowner_str_locked(hashval, open, clp);
372 	spin_unlock(&clp->cl_lock);
373 	return oo;
374 }
375 
376 static inline u32
377 opaque_hashval(const void *ptr, int nbytes)
378 {
379 	unsigned char *cptr = (unsigned char *) ptr;
380 
381 	u32 x = 0;
382 	while (nbytes--) {
383 		x *= 37;
384 		x += *cptr++;
385 	}
386 	return x;
387 }
388 
389 static void nfsd4_free_file_rcu(struct rcu_head *rcu)
390 {
391 	struct nfs4_file *fp = container_of(rcu, struct nfs4_file, fi_rcu);
392 
393 	kmem_cache_free(file_slab, fp);
394 }
395 
396 void
397 put_nfs4_file(struct nfs4_file *fi)
398 {
399 	might_lock(&state_lock);
400 
401 	if (refcount_dec_and_lock(&fi->fi_ref, &state_lock)) {
402 		hlist_del_rcu(&fi->fi_hash);
403 		spin_unlock(&state_lock);
404 		WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate));
405 		WARN_ON_ONCE(!list_empty(&fi->fi_delegations));
406 		call_rcu(&fi->fi_rcu, nfsd4_free_file_rcu);
407 	}
408 }
409 
410 static struct file *
411 __nfs4_get_fd(struct nfs4_file *f, int oflag)
412 {
413 	if (f->fi_fds[oflag])
414 		return get_file(f->fi_fds[oflag]);
415 	return NULL;
416 }
417 
418 static struct file *
419 find_writeable_file_locked(struct nfs4_file *f)
420 {
421 	struct file *ret;
422 
423 	lockdep_assert_held(&f->fi_lock);
424 
425 	ret = __nfs4_get_fd(f, O_WRONLY);
426 	if (!ret)
427 		ret = __nfs4_get_fd(f, O_RDWR);
428 	return ret;
429 }
430 
431 static struct file *
432 find_writeable_file(struct nfs4_file *f)
433 {
434 	struct file *ret;
435 
436 	spin_lock(&f->fi_lock);
437 	ret = find_writeable_file_locked(f);
438 	spin_unlock(&f->fi_lock);
439 
440 	return ret;
441 }
442 
443 static struct file *find_readable_file_locked(struct nfs4_file *f)
444 {
445 	struct file *ret;
446 
447 	lockdep_assert_held(&f->fi_lock);
448 
449 	ret = __nfs4_get_fd(f, O_RDONLY);
450 	if (!ret)
451 		ret = __nfs4_get_fd(f, O_RDWR);
452 	return ret;
453 }
454 
455 static struct file *
456 find_readable_file(struct nfs4_file *f)
457 {
458 	struct file *ret;
459 
460 	spin_lock(&f->fi_lock);
461 	ret = find_readable_file_locked(f);
462 	spin_unlock(&f->fi_lock);
463 
464 	return ret;
465 }
466 
467 struct file *
468 find_any_file(struct nfs4_file *f)
469 {
470 	struct file *ret;
471 
472 	spin_lock(&f->fi_lock);
473 	ret = __nfs4_get_fd(f, O_RDWR);
474 	if (!ret) {
475 		ret = __nfs4_get_fd(f, O_WRONLY);
476 		if (!ret)
477 			ret = __nfs4_get_fd(f, O_RDONLY);
478 	}
479 	spin_unlock(&f->fi_lock);
480 	return ret;
481 }
482 
483 static atomic_long_t num_delegations;
484 unsigned long max_delegations;
485 
486 /*
487  * Open owner state (share locks)
488  */
489 
490 /* hash tables for lock and open owners */
491 #define OWNER_HASH_BITS              8
492 #define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
493 #define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)
494 
495 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername)
496 {
497 	unsigned int ret;
498 
499 	ret = opaque_hashval(ownername->data, ownername->len);
500 	return ret & OWNER_HASH_MASK;
501 }
502 
503 /* hash table for nfs4_file */
504 #define FILE_HASH_BITS                   8
505 #define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)
506 
507 static unsigned int nfsd_fh_hashval(struct knfsd_fh *fh)
508 {
509 	return jhash2(fh->fh_base.fh_pad, XDR_QUADLEN(fh->fh_size), 0);
510 }
511 
512 static unsigned int file_hashval(struct knfsd_fh *fh)
513 {
514 	return nfsd_fh_hashval(fh) & (FILE_HASH_SIZE - 1);
515 }
516 
517 static struct hlist_head file_hashtbl[FILE_HASH_SIZE];
518 
519 static void
520 __nfs4_file_get_access(struct nfs4_file *fp, u32 access)
521 {
522 	lockdep_assert_held(&fp->fi_lock);
523 
524 	if (access & NFS4_SHARE_ACCESS_WRITE)
525 		atomic_inc(&fp->fi_access[O_WRONLY]);
526 	if (access & NFS4_SHARE_ACCESS_READ)
527 		atomic_inc(&fp->fi_access[O_RDONLY]);
528 }
529 
530 static __be32
531 nfs4_file_get_access(struct nfs4_file *fp, u32 access)
532 {
533 	lockdep_assert_held(&fp->fi_lock);
534 
535 	/* Does this access mode make sense? */
536 	if (access & ~NFS4_SHARE_ACCESS_BOTH)
537 		return nfserr_inval;
538 
539 	/* Does it conflict with a deny mode already set? */
540 	if ((access & fp->fi_share_deny) != 0)
541 		return nfserr_share_denied;
542 
543 	__nfs4_file_get_access(fp, access);
544 	return nfs_ok;
545 }
546 
547 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny)
548 {
549 	/* Common case is that there is no deny mode. */
550 	if (deny) {
551 		/* Does this deny mode make sense? */
552 		if (deny & ~NFS4_SHARE_DENY_BOTH)
553 			return nfserr_inval;
554 
555 		if ((deny & NFS4_SHARE_DENY_READ) &&
556 		    atomic_read(&fp->fi_access[O_RDONLY]))
557 			return nfserr_share_denied;
558 
559 		if ((deny & NFS4_SHARE_DENY_WRITE) &&
560 		    atomic_read(&fp->fi_access[O_WRONLY]))
561 			return nfserr_share_denied;
562 	}
563 	return nfs_ok;
564 }
565 
566 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
567 {
568 	might_lock(&fp->fi_lock);
569 
570 	if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) {
571 		struct file *f1 = NULL;
572 		struct file *f2 = NULL;
573 
574 		swap(f1, fp->fi_fds[oflag]);
575 		if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
576 			swap(f2, fp->fi_fds[O_RDWR]);
577 		spin_unlock(&fp->fi_lock);
578 		if (f1)
579 			fput(f1);
580 		if (f2)
581 			fput(f2);
582 	}
583 }
584 
585 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access)
586 {
587 	WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH);
588 
589 	if (access & NFS4_SHARE_ACCESS_WRITE)
590 		__nfs4_file_put_access(fp, O_WRONLY);
591 	if (access & NFS4_SHARE_ACCESS_READ)
592 		__nfs4_file_put_access(fp, O_RDONLY);
593 }
594 
595 /*
596  * Allocate a new open/delegation state counter. This is needed for
597  * pNFS for proper return on close semantics.
598  *
599  * Note that we only allocate it for pNFS-enabled exports, otherwise
600  * all pointers to struct nfs4_clnt_odstate are always NULL.
601  */
602 static struct nfs4_clnt_odstate *
603 alloc_clnt_odstate(struct nfs4_client *clp)
604 {
605 	struct nfs4_clnt_odstate *co;
606 
607 	co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL);
608 	if (co) {
609 		co->co_client = clp;
610 		refcount_set(&co->co_odcount, 1);
611 	}
612 	return co;
613 }
614 
615 static void
616 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co)
617 {
618 	struct nfs4_file *fp = co->co_file;
619 
620 	lockdep_assert_held(&fp->fi_lock);
621 	list_add(&co->co_perfile, &fp->fi_clnt_odstate);
622 }
623 
624 static inline void
625 get_clnt_odstate(struct nfs4_clnt_odstate *co)
626 {
627 	if (co)
628 		refcount_inc(&co->co_odcount);
629 }
630 
631 static void
632 put_clnt_odstate(struct nfs4_clnt_odstate *co)
633 {
634 	struct nfs4_file *fp;
635 
636 	if (!co)
637 		return;
638 
639 	fp = co->co_file;
640 	if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) {
641 		list_del(&co->co_perfile);
642 		spin_unlock(&fp->fi_lock);
643 
644 		nfsd4_return_all_file_layouts(co->co_client, fp);
645 		kmem_cache_free(odstate_slab, co);
646 	}
647 }
648 
649 static struct nfs4_clnt_odstate *
650 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new)
651 {
652 	struct nfs4_clnt_odstate *co;
653 	struct nfs4_client *cl;
654 
655 	if (!new)
656 		return NULL;
657 
658 	cl = new->co_client;
659 
660 	spin_lock(&fp->fi_lock);
661 	list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) {
662 		if (co->co_client == cl) {
663 			get_clnt_odstate(co);
664 			goto out;
665 		}
666 	}
667 	co = new;
668 	co->co_file = fp;
669 	hash_clnt_odstate_locked(new);
670 out:
671 	spin_unlock(&fp->fi_lock);
672 	return co;
673 }
674 
675 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab,
676 				  void (*sc_free)(struct nfs4_stid *))
677 {
678 	struct nfs4_stid *stid;
679 	int new_id;
680 
681 	stid = kmem_cache_zalloc(slab, GFP_KERNEL);
682 	if (!stid)
683 		return NULL;
684 
685 	idr_preload(GFP_KERNEL);
686 	spin_lock(&cl->cl_lock);
687 	new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 0, 0, GFP_NOWAIT);
688 	spin_unlock(&cl->cl_lock);
689 	idr_preload_end();
690 	if (new_id < 0)
691 		goto out_free;
692 
693 	stid->sc_free = sc_free;
694 	stid->sc_client = cl;
695 	stid->sc_stateid.si_opaque.so_id = new_id;
696 	stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid;
697 	/* Will be incremented before return to client: */
698 	refcount_set(&stid->sc_count, 1);
699 	spin_lock_init(&stid->sc_lock);
700 
701 	/*
702 	 * It shouldn't be a problem to reuse an opaque stateid value.
703 	 * I don't think it is for 4.1.  But with 4.0 I worry that, for
704 	 * example, a stray write retransmission could be accepted by
705 	 * the server when it should have been rejected.  Therefore,
706 	 * adopt a trick from the sctp code to attempt to maximize the
707 	 * amount of time until an id is reused, by ensuring they always
708 	 * "increase" (mod INT_MAX):
709 	 */
710 	return stid;
711 out_free:
712 	kmem_cache_free(slab, stid);
713 	return NULL;
714 }
715 
716 /*
717  * Create a unique stateid_t to represent each COPY.
718  */
719 int nfs4_init_cp_state(struct nfsd_net *nn, struct nfsd4_copy *copy)
720 {
721 	int new_id;
722 
723 	idr_preload(GFP_KERNEL);
724 	spin_lock(&nn->s2s_cp_lock);
725 	new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, copy, 0, 0, GFP_NOWAIT);
726 	spin_unlock(&nn->s2s_cp_lock);
727 	idr_preload_end();
728 	if (new_id < 0)
729 		return 0;
730 	copy->cp_stateid.si_opaque.so_id = new_id;
731 	copy->cp_stateid.si_opaque.so_clid.cl_boot = nn->boot_time;
732 	copy->cp_stateid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id;
733 	return 1;
734 }
735 
736 void nfs4_free_cp_state(struct nfsd4_copy *copy)
737 {
738 	struct nfsd_net *nn;
739 
740 	nn = net_generic(copy->cp_clp->net, nfsd_net_id);
741 	spin_lock(&nn->s2s_cp_lock);
742 	idr_remove(&nn->s2s_cp_stateids, copy->cp_stateid.si_opaque.so_id);
743 	spin_unlock(&nn->s2s_cp_lock);
744 }
745 
746 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp)
747 {
748 	struct nfs4_stid *stid;
749 
750 	stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid);
751 	if (!stid)
752 		return NULL;
753 
754 	return openlockstateid(stid);
755 }
756 
757 static void nfs4_free_deleg(struct nfs4_stid *stid)
758 {
759 	kmem_cache_free(deleg_slab, stid);
760 	atomic_long_dec(&num_delegations);
761 }
762 
763 /*
764  * When we recall a delegation, we should be careful not to hand it
765  * out again straight away.
766  * To ensure this we keep a pair of bloom filters ('new' and 'old')
767  * in which the filehandles of recalled delegations are "stored".
768  * If a filehandle appear in either filter, a delegation is blocked.
769  * When a delegation is recalled, the filehandle is stored in the "new"
770  * filter.
771  * Every 30 seconds we swap the filters and clear the "new" one,
772  * unless both are empty of course.
773  *
774  * Each filter is 256 bits.  We hash the filehandle to 32bit and use the
775  * low 3 bytes as hash-table indices.
776  *
777  * 'blocked_delegations_lock', which is always taken in block_delegations(),
778  * is used to manage concurrent access.  Testing does not need the lock
779  * except when swapping the two filters.
780  */
781 static DEFINE_SPINLOCK(blocked_delegations_lock);
782 static struct bloom_pair {
783 	int	entries, old_entries;
784 	time_t	swap_time;
785 	int	new; /* index into 'set' */
786 	DECLARE_BITMAP(set[2], 256);
787 } blocked_delegations;
788 
789 static int delegation_blocked(struct knfsd_fh *fh)
790 {
791 	u32 hash;
792 	struct bloom_pair *bd = &blocked_delegations;
793 
794 	if (bd->entries == 0)
795 		return 0;
796 	if (seconds_since_boot() - bd->swap_time > 30) {
797 		spin_lock(&blocked_delegations_lock);
798 		if (seconds_since_boot() - bd->swap_time > 30) {
799 			bd->entries -= bd->old_entries;
800 			bd->old_entries = bd->entries;
801 			memset(bd->set[bd->new], 0,
802 			       sizeof(bd->set[0]));
803 			bd->new = 1-bd->new;
804 			bd->swap_time = seconds_since_boot();
805 		}
806 		spin_unlock(&blocked_delegations_lock);
807 	}
808 	hash = jhash(&fh->fh_base, fh->fh_size, 0);
809 	if (test_bit(hash&255, bd->set[0]) &&
810 	    test_bit((hash>>8)&255, bd->set[0]) &&
811 	    test_bit((hash>>16)&255, bd->set[0]))
812 		return 1;
813 
814 	if (test_bit(hash&255, bd->set[1]) &&
815 	    test_bit((hash>>8)&255, bd->set[1]) &&
816 	    test_bit((hash>>16)&255, bd->set[1]))
817 		return 1;
818 
819 	return 0;
820 }
821 
822 static void block_delegations(struct knfsd_fh *fh)
823 {
824 	u32 hash;
825 	struct bloom_pair *bd = &blocked_delegations;
826 
827 	hash = jhash(&fh->fh_base, fh->fh_size, 0);
828 
829 	spin_lock(&blocked_delegations_lock);
830 	__set_bit(hash&255, bd->set[bd->new]);
831 	__set_bit((hash>>8)&255, bd->set[bd->new]);
832 	__set_bit((hash>>16)&255, bd->set[bd->new]);
833 	if (bd->entries == 0)
834 		bd->swap_time = seconds_since_boot();
835 	bd->entries += 1;
836 	spin_unlock(&blocked_delegations_lock);
837 }
838 
839 static struct nfs4_delegation *
840 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp,
841 		 struct svc_fh *current_fh,
842 		 struct nfs4_clnt_odstate *odstate)
843 {
844 	struct nfs4_delegation *dp;
845 	long n;
846 
847 	dprintk("NFSD alloc_init_deleg\n");
848 	n = atomic_long_inc_return(&num_delegations);
849 	if (n < 0 || n > max_delegations)
850 		goto out_dec;
851 	if (delegation_blocked(&current_fh->fh_handle))
852 		goto out_dec;
853 	dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg));
854 	if (dp == NULL)
855 		goto out_dec;
856 
857 	/*
858 	 * delegation seqid's are never incremented.  The 4.1 special
859 	 * meaning of seqid 0 isn't meaningful, really, but let's avoid
860 	 * 0 anyway just for consistency and use 1:
861 	 */
862 	dp->dl_stid.sc_stateid.si_generation = 1;
863 	INIT_LIST_HEAD(&dp->dl_perfile);
864 	INIT_LIST_HEAD(&dp->dl_perclnt);
865 	INIT_LIST_HEAD(&dp->dl_recall_lru);
866 	dp->dl_clnt_odstate = odstate;
867 	get_clnt_odstate(odstate);
868 	dp->dl_type = NFS4_OPEN_DELEGATE_READ;
869 	dp->dl_retries = 1;
870 	nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client,
871 		      &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL);
872 	get_nfs4_file(fp);
873 	dp->dl_stid.sc_file = fp;
874 	return dp;
875 out_dec:
876 	atomic_long_dec(&num_delegations);
877 	return NULL;
878 }
879 
880 void
881 nfs4_put_stid(struct nfs4_stid *s)
882 {
883 	struct nfs4_file *fp = s->sc_file;
884 	struct nfs4_client *clp = s->sc_client;
885 
886 	might_lock(&clp->cl_lock);
887 
888 	if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) {
889 		wake_up_all(&close_wq);
890 		return;
891 	}
892 	idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
893 	spin_unlock(&clp->cl_lock);
894 	s->sc_free(s);
895 	if (fp)
896 		put_nfs4_file(fp);
897 }
898 
899 void
900 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid)
901 {
902 	stateid_t *src = &stid->sc_stateid;
903 
904 	spin_lock(&stid->sc_lock);
905 	if (unlikely(++src->si_generation == 0))
906 		src->si_generation = 1;
907 	memcpy(dst, src, sizeof(*dst));
908 	spin_unlock(&stid->sc_lock);
909 }
910 
911 static void put_deleg_file(struct nfs4_file *fp)
912 {
913 	struct file *filp = NULL;
914 
915 	spin_lock(&fp->fi_lock);
916 	if (--fp->fi_delegees == 0)
917 		swap(filp, fp->fi_deleg_file);
918 	spin_unlock(&fp->fi_lock);
919 
920 	if (filp)
921 		fput(filp);
922 }
923 
924 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp)
925 {
926 	struct nfs4_file *fp = dp->dl_stid.sc_file;
927 	struct file *filp = fp->fi_deleg_file;
928 
929 	WARN_ON_ONCE(!fp->fi_delegees);
930 
931 	vfs_setlease(filp, F_UNLCK, NULL, (void **)&dp);
932 	put_deleg_file(fp);
933 }
934 
935 static void destroy_unhashed_deleg(struct nfs4_delegation *dp)
936 {
937 	put_clnt_odstate(dp->dl_clnt_odstate);
938 	nfs4_unlock_deleg_lease(dp);
939 	nfs4_put_stid(&dp->dl_stid);
940 }
941 
942 void nfs4_unhash_stid(struct nfs4_stid *s)
943 {
944 	s->sc_type = 0;
945 }
946 
947 /**
948  * nfs4_delegation_exists - Discover if this delegation already exists
949  * @clp:     a pointer to the nfs4_client we're granting a delegation to
950  * @fp:      a pointer to the nfs4_file we're granting a delegation on
951  *
952  * Return:
953  *      On success: true iff an existing delegation is found
954  */
955 
956 static bool
957 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp)
958 {
959 	struct nfs4_delegation *searchdp = NULL;
960 	struct nfs4_client *searchclp = NULL;
961 
962 	lockdep_assert_held(&state_lock);
963 	lockdep_assert_held(&fp->fi_lock);
964 
965 	list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) {
966 		searchclp = searchdp->dl_stid.sc_client;
967 		if (clp == searchclp) {
968 			return true;
969 		}
970 	}
971 	return false;
972 }
973 
974 /**
975  * hash_delegation_locked - Add a delegation to the appropriate lists
976  * @dp:     a pointer to the nfs4_delegation we are adding.
977  * @fp:     a pointer to the nfs4_file we're granting a delegation on
978  *
979  * Return:
980  *      On success: NULL if the delegation was successfully hashed.
981  *
982  *      On error: -EAGAIN if one was previously granted to this
983  *                 nfs4_client for this nfs4_file. Delegation is not hashed.
984  *
985  */
986 
987 static int
988 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp)
989 {
990 	struct nfs4_client *clp = dp->dl_stid.sc_client;
991 
992 	lockdep_assert_held(&state_lock);
993 	lockdep_assert_held(&fp->fi_lock);
994 
995 	if (nfs4_delegation_exists(clp, fp))
996 		return -EAGAIN;
997 	refcount_inc(&dp->dl_stid.sc_count);
998 	dp->dl_stid.sc_type = NFS4_DELEG_STID;
999 	list_add(&dp->dl_perfile, &fp->fi_delegations);
1000 	list_add(&dp->dl_perclnt, &clp->cl_delegations);
1001 	return 0;
1002 }
1003 
1004 static bool
1005 unhash_delegation_locked(struct nfs4_delegation *dp)
1006 {
1007 	struct nfs4_file *fp = dp->dl_stid.sc_file;
1008 
1009 	lockdep_assert_held(&state_lock);
1010 
1011 	if (list_empty(&dp->dl_perfile))
1012 		return false;
1013 
1014 	dp->dl_stid.sc_type = NFS4_CLOSED_DELEG_STID;
1015 	/* Ensure that deleg break won't try to requeue it */
1016 	++dp->dl_time;
1017 	spin_lock(&fp->fi_lock);
1018 	list_del_init(&dp->dl_perclnt);
1019 	list_del_init(&dp->dl_recall_lru);
1020 	list_del_init(&dp->dl_perfile);
1021 	spin_unlock(&fp->fi_lock);
1022 	return true;
1023 }
1024 
1025 static void destroy_delegation(struct nfs4_delegation *dp)
1026 {
1027 	bool unhashed;
1028 
1029 	spin_lock(&state_lock);
1030 	unhashed = unhash_delegation_locked(dp);
1031 	spin_unlock(&state_lock);
1032 	if (unhashed)
1033 		destroy_unhashed_deleg(dp);
1034 }
1035 
1036 static void revoke_delegation(struct nfs4_delegation *dp)
1037 {
1038 	struct nfs4_client *clp = dp->dl_stid.sc_client;
1039 
1040 	WARN_ON(!list_empty(&dp->dl_recall_lru));
1041 
1042 	if (clp->cl_minorversion) {
1043 		dp->dl_stid.sc_type = NFS4_REVOKED_DELEG_STID;
1044 		refcount_inc(&dp->dl_stid.sc_count);
1045 		spin_lock(&clp->cl_lock);
1046 		list_add(&dp->dl_recall_lru, &clp->cl_revoked);
1047 		spin_unlock(&clp->cl_lock);
1048 	}
1049 	destroy_unhashed_deleg(dp);
1050 }
1051 
1052 /*
1053  * SETCLIENTID state
1054  */
1055 
1056 static unsigned int clientid_hashval(u32 id)
1057 {
1058 	return id & CLIENT_HASH_MASK;
1059 }
1060 
1061 static unsigned int clientstr_hashval(const char *name)
1062 {
1063 	return opaque_hashval(name, 8) & CLIENT_HASH_MASK;
1064 }
1065 
1066 /*
1067  * We store the NONE, READ, WRITE, and BOTH bits separately in the
1068  * st_{access,deny}_bmap field of the stateid, in order to track not
1069  * only what share bits are currently in force, but also what
1070  * combinations of share bits previous opens have used.  This allows us
1071  * to enforce the recommendation of rfc 3530 14.2.19 that the server
1072  * return an error if the client attempt to downgrade to a combination
1073  * of share bits not explicable by closing some of its previous opens.
1074  *
1075  * XXX: This enforcement is actually incomplete, since we don't keep
1076  * track of access/deny bit combinations; so, e.g., we allow:
1077  *
1078  *	OPEN allow read, deny write
1079  *	OPEN allow both, deny none
1080  *	DOWNGRADE allow read, deny none
1081  *
1082  * which we should reject.
1083  */
1084 static unsigned int
1085 bmap_to_share_mode(unsigned long bmap) {
1086 	int i;
1087 	unsigned int access = 0;
1088 
1089 	for (i = 1; i < 4; i++) {
1090 		if (test_bit(i, &bmap))
1091 			access |= i;
1092 	}
1093 	return access;
1094 }
1095 
1096 /* set share access for a given stateid */
1097 static inline void
1098 set_access(u32 access, struct nfs4_ol_stateid *stp)
1099 {
1100 	unsigned char mask = 1 << access;
1101 
1102 	WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
1103 	stp->st_access_bmap |= mask;
1104 }
1105 
1106 /* clear share access for a given stateid */
1107 static inline void
1108 clear_access(u32 access, struct nfs4_ol_stateid *stp)
1109 {
1110 	unsigned char mask = 1 << access;
1111 
1112 	WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
1113 	stp->st_access_bmap &= ~mask;
1114 }
1115 
1116 /* test whether a given stateid has access */
1117 static inline bool
1118 test_access(u32 access, struct nfs4_ol_stateid *stp)
1119 {
1120 	unsigned char mask = 1 << access;
1121 
1122 	return (bool)(stp->st_access_bmap & mask);
1123 }
1124 
1125 /* set share deny for a given stateid */
1126 static inline void
1127 set_deny(u32 deny, struct nfs4_ol_stateid *stp)
1128 {
1129 	unsigned char mask = 1 << deny;
1130 
1131 	WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
1132 	stp->st_deny_bmap |= mask;
1133 }
1134 
1135 /* clear share deny for a given stateid */
1136 static inline void
1137 clear_deny(u32 deny, struct nfs4_ol_stateid *stp)
1138 {
1139 	unsigned char mask = 1 << deny;
1140 
1141 	WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
1142 	stp->st_deny_bmap &= ~mask;
1143 }
1144 
1145 /* test whether a given stateid is denying specific access */
1146 static inline bool
1147 test_deny(u32 deny, struct nfs4_ol_stateid *stp)
1148 {
1149 	unsigned char mask = 1 << deny;
1150 
1151 	return (bool)(stp->st_deny_bmap & mask);
1152 }
1153 
1154 static int nfs4_access_to_omode(u32 access)
1155 {
1156 	switch (access & NFS4_SHARE_ACCESS_BOTH) {
1157 	case NFS4_SHARE_ACCESS_READ:
1158 		return O_RDONLY;
1159 	case NFS4_SHARE_ACCESS_WRITE:
1160 		return O_WRONLY;
1161 	case NFS4_SHARE_ACCESS_BOTH:
1162 		return O_RDWR;
1163 	}
1164 	WARN_ON_ONCE(1);
1165 	return O_RDONLY;
1166 }
1167 
1168 /*
1169  * A stateid that had a deny mode associated with it is being released
1170  * or downgraded. Recalculate the deny mode on the file.
1171  */
1172 static void
1173 recalculate_deny_mode(struct nfs4_file *fp)
1174 {
1175 	struct nfs4_ol_stateid *stp;
1176 
1177 	spin_lock(&fp->fi_lock);
1178 	fp->fi_share_deny = 0;
1179 	list_for_each_entry(stp, &fp->fi_stateids, st_perfile)
1180 		fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap);
1181 	spin_unlock(&fp->fi_lock);
1182 }
1183 
1184 static void
1185 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp)
1186 {
1187 	int i;
1188 	bool change = false;
1189 
1190 	for (i = 1; i < 4; i++) {
1191 		if ((i & deny) != i) {
1192 			change = true;
1193 			clear_deny(i, stp);
1194 		}
1195 	}
1196 
1197 	/* Recalculate per-file deny mode if there was a change */
1198 	if (change)
1199 		recalculate_deny_mode(stp->st_stid.sc_file);
1200 }
1201 
1202 /* release all access and file references for a given stateid */
1203 static void
1204 release_all_access(struct nfs4_ol_stateid *stp)
1205 {
1206 	int i;
1207 	struct nfs4_file *fp = stp->st_stid.sc_file;
1208 
1209 	if (fp && stp->st_deny_bmap != 0)
1210 		recalculate_deny_mode(fp);
1211 
1212 	for (i = 1; i < 4; i++) {
1213 		if (test_access(i, stp))
1214 			nfs4_file_put_access(stp->st_stid.sc_file, i);
1215 		clear_access(i, stp);
1216 	}
1217 }
1218 
1219 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop)
1220 {
1221 	kfree(sop->so_owner.data);
1222 	sop->so_ops->so_free(sop);
1223 }
1224 
1225 static void nfs4_put_stateowner(struct nfs4_stateowner *sop)
1226 {
1227 	struct nfs4_client *clp = sop->so_client;
1228 
1229 	might_lock(&clp->cl_lock);
1230 
1231 	if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock))
1232 		return;
1233 	sop->so_ops->so_unhash(sop);
1234 	spin_unlock(&clp->cl_lock);
1235 	nfs4_free_stateowner(sop);
1236 }
1237 
1238 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp)
1239 {
1240 	struct nfs4_file *fp = stp->st_stid.sc_file;
1241 
1242 	lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock);
1243 
1244 	if (list_empty(&stp->st_perfile))
1245 		return false;
1246 
1247 	spin_lock(&fp->fi_lock);
1248 	list_del_init(&stp->st_perfile);
1249 	spin_unlock(&fp->fi_lock);
1250 	list_del(&stp->st_perstateowner);
1251 	return true;
1252 }
1253 
1254 static void nfs4_free_ol_stateid(struct nfs4_stid *stid)
1255 {
1256 	struct nfs4_ol_stateid *stp = openlockstateid(stid);
1257 
1258 	put_clnt_odstate(stp->st_clnt_odstate);
1259 	release_all_access(stp);
1260 	if (stp->st_stateowner)
1261 		nfs4_put_stateowner(stp->st_stateowner);
1262 	kmem_cache_free(stateid_slab, stid);
1263 }
1264 
1265 static void nfs4_free_lock_stateid(struct nfs4_stid *stid)
1266 {
1267 	struct nfs4_ol_stateid *stp = openlockstateid(stid);
1268 	struct nfs4_lockowner *lo = lockowner(stp->st_stateowner);
1269 	struct file *file;
1270 
1271 	file = find_any_file(stp->st_stid.sc_file);
1272 	if (file)
1273 		filp_close(file, (fl_owner_t)lo);
1274 	nfs4_free_ol_stateid(stid);
1275 }
1276 
1277 /*
1278  * Put the persistent reference to an already unhashed generic stateid, while
1279  * holding the cl_lock. If it's the last reference, then put it onto the
1280  * reaplist for later destruction.
1281  */
1282 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp,
1283 				       struct list_head *reaplist)
1284 {
1285 	struct nfs4_stid *s = &stp->st_stid;
1286 	struct nfs4_client *clp = s->sc_client;
1287 
1288 	lockdep_assert_held(&clp->cl_lock);
1289 
1290 	WARN_ON_ONCE(!list_empty(&stp->st_locks));
1291 
1292 	if (!refcount_dec_and_test(&s->sc_count)) {
1293 		wake_up_all(&close_wq);
1294 		return;
1295 	}
1296 
1297 	idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
1298 	list_add(&stp->st_locks, reaplist);
1299 }
1300 
1301 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp)
1302 {
1303 	lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
1304 
1305 	list_del_init(&stp->st_locks);
1306 	nfs4_unhash_stid(&stp->st_stid);
1307 	return unhash_ol_stateid(stp);
1308 }
1309 
1310 static void release_lock_stateid(struct nfs4_ol_stateid *stp)
1311 {
1312 	struct nfs4_client *clp = stp->st_stid.sc_client;
1313 	bool unhashed;
1314 
1315 	spin_lock(&clp->cl_lock);
1316 	unhashed = unhash_lock_stateid(stp);
1317 	spin_unlock(&clp->cl_lock);
1318 	if (unhashed)
1319 		nfs4_put_stid(&stp->st_stid);
1320 }
1321 
1322 static void unhash_lockowner_locked(struct nfs4_lockowner *lo)
1323 {
1324 	struct nfs4_client *clp = lo->lo_owner.so_client;
1325 
1326 	lockdep_assert_held(&clp->cl_lock);
1327 
1328 	list_del_init(&lo->lo_owner.so_strhash);
1329 }
1330 
1331 /*
1332  * Free a list of generic stateids that were collected earlier after being
1333  * fully unhashed.
1334  */
1335 static void
1336 free_ol_stateid_reaplist(struct list_head *reaplist)
1337 {
1338 	struct nfs4_ol_stateid *stp;
1339 	struct nfs4_file *fp;
1340 
1341 	might_sleep();
1342 
1343 	while (!list_empty(reaplist)) {
1344 		stp = list_first_entry(reaplist, struct nfs4_ol_stateid,
1345 				       st_locks);
1346 		list_del(&stp->st_locks);
1347 		fp = stp->st_stid.sc_file;
1348 		stp->st_stid.sc_free(&stp->st_stid);
1349 		if (fp)
1350 			put_nfs4_file(fp);
1351 	}
1352 }
1353 
1354 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp,
1355 				       struct list_head *reaplist)
1356 {
1357 	struct nfs4_ol_stateid *stp;
1358 
1359 	lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock);
1360 
1361 	while (!list_empty(&open_stp->st_locks)) {
1362 		stp = list_entry(open_stp->st_locks.next,
1363 				struct nfs4_ol_stateid, st_locks);
1364 		WARN_ON(!unhash_lock_stateid(stp));
1365 		put_ol_stateid_locked(stp, reaplist);
1366 	}
1367 }
1368 
1369 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp,
1370 				struct list_head *reaplist)
1371 {
1372 	bool unhashed;
1373 
1374 	lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
1375 
1376 	unhashed = unhash_ol_stateid(stp);
1377 	release_open_stateid_locks(stp, reaplist);
1378 	return unhashed;
1379 }
1380 
1381 static void release_open_stateid(struct nfs4_ol_stateid *stp)
1382 {
1383 	LIST_HEAD(reaplist);
1384 
1385 	spin_lock(&stp->st_stid.sc_client->cl_lock);
1386 	if (unhash_open_stateid(stp, &reaplist))
1387 		put_ol_stateid_locked(stp, &reaplist);
1388 	spin_unlock(&stp->st_stid.sc_client->cl_lock);
1389 	free_ol_stateid_reaplist(&reaplist);
1390 }
1391 
1392 static void unhash_openowner_locked(struct nfs4_openowner *oo)
1393 {
1394 	struct nfs4_client *clp = oo->oo_owner.so_client;
1395 
1396 	lockdep_assert_held(&clp->cl_lock);
1397 
1398 	list_del_init(&oo->oo_owner.so_strhash);
1399 	list_del_init(&oo->oo_perclient);
1400 }
1401 
1402 static void release_last_closed_stateid(struct nfs4_openowner *oo)
1403 {
1404 	struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net,
1405 					  nfsd_net_id);
1406 	struct nfs4_ol_stateid *s;
1407 
1408 	spin_lock(&nn->client_lock);
1409 	s = oo->oo_last_closed_stid;
1410 	if (s) {
1411 		list_del_init(&oo->oo_close_lru);
1412 		oo->oo_last_closed_stid = NULL;
1413 	}
1414 	spin_unlock(&nn->client_lock);
1415 	if (s)
1416 		nfs4_put_stid(&s->st_stid);
1417 }
1418 
1419 static void release_openowner(struct nfs4_openowner *oo)
1420 {
1421 	struct nfs4_ol_stateid *stp;
1422 	struct nfs4_client *clp = oo->oo_owner.so_client;
1423 	struct list_head reaplist;
1424 
1425 	INIT_LIST_HEAD(&reaplist);
1426 
1427 	spin_lock(&clp->cl_lock);
1428 	unhash_openowner_locked(oo);
1429 	while (!list_empty(&oo->oo_owner.so_stateids)) {
1430 		stp = list_first_entry(&oo->oo_owner.so_stateids,
1431 				struct nfs4_ol_stateid, st_perstateowner);
1432 		if (unhash_open_stateid(stp, &reaplist))
1433 			put_ol_stateid_locked(stp, &reaplist);
1434 	}
1435 	spin_unlock(&clp->cl_lock);
1436 	free_ol_stateid_reaplist(&reaplist);
1437 	release_last_closed_stateid(oo);
1438 	nfs4_put_stateowner(&oo->oo_owner);
1439 }
1440 
1441 static inline int
1442 hash_sessionid(struct nfs4_sessionid *sessionid)
1443 {
1444 	struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
1445 
1446 	return sid->sequence % SESSION_HASH_SIZE;
1447 }
1448 
1449 #ifdef CONFIG_SUNRPC_DEBUG
1450 static inline void
1451 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1452 {
1453 	u32 *ptr = (u32 *)(&sessionid->data[0]);
1454 	dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
1455 }
1456 #else
1457 static inline void
1458 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1459 {
1460 }
1461 #endif
1462 
1463 /*
1464  * Bump the seqid on cstate->replay_owner, and clear replay_owner if it
1465  * won't be used for replay.
1466  */
1467 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr)
1468 {
1469 	struct nfs4_stateowner *so = cstate->replay_owner;
1470 
1471 	if (nfserr == nfserr_replay_me)
1472 		return;
1473 
1474 	if (!seqid_mutating_err(ntohl(nfserr))) {
1475 		nfsd4_cstate_clear_replay(cstate);
1476 		return;
1477 	}
1478 	if (!so)
1479 		return;
1480 	if (so->so_is_open_owner)
1481 		release_last_closed_stateid(openowner(so));
1482 	so->so_seqid++;
1483 	return;
1484 }
1485 
1486 static void
1487 gen_sessionid(struct nfsd4_session *ses)
1488 {
1489 	struct nfs4_client *clp = ses->se_client;
1490 	struct nfsd4_sessionid *sid;
1491 
1492 	sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
1493 	sid->clientid = clp->cl_clientid;
1494 	sid->sequence = current_sessionid++;
1495 	sid->reserved = 0;
1496 }
1497 
1498 /*
1499  * The protocol defines ca_maxresponssize_cached to include the size of
1500  * the rpc header, but all we need to cache is the data starting after
1501  * the end of the initial SEQUENCE operation--the rest we regenerate
1502  * each time.  Therefore we can advertise a ca_maxresponssize_cached
1503  * value that is the number of bytes in our cache plus a few additional
1504  * bytes.  In order to stay on the safe side, and not promise more than
1505  * we can cache, those additional bytes must be the minimum possible: 24
1506  * bytes of rpc header (xid through accept state, with AUTH_NULL
1507  * verifier), 12 for the compound header (with zero-length tag), and 44
1508  * for the SEQUENCE op response:
1509  */
1510 #define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)
1511 
1512 static void
1513 free_session_slots(struct nfsd4_session *ses)
1514 {
1515 	int i;
1516 
1517 	for (i = 0; i < ses->se_fchannel.maxreqs; i++) {
1518 		free_svc_cred(&ses->se_slots[i]->sl_cred);
1519 		kfree(ses->se_slots[i]);
1520 	}
1521 }
1522 
1523 /*
1524  * We don't actually need to cache the rpc and session headers, so we
1525  * can allocate a little less for each slot:
1526  */
1527 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca)
1528 {
1529 	u32 size;
1530 
1531 	if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ)
1532 		size = 0;
1533 	else
1534 		size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
1535 	return size + sizeof(struct nfsd4_slot);
1536 }
1537 
1538 /*
1539  * XXX: If we run out of reserved DRC memory we could (up to a point)
1540  * re-negotiate active sessions and reduce their slot usage to make
1541  * room for new connections. For now we just fail the create session.
1542  */
1543 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca)
1544 {
1545 	u32 slotsize = slot_bytes(ca);
1546 	u32 num = ca->maxreqs;
1547 	int avail;
1548 
1549 	spin_lock(&nfsd_drc_lock);
1550 	avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION,
1551 		    nfsd_drc_max_mem - nfsd_drc_mem_used);
1552 	/*
1553 	 * Never use more than a third of the remaining memory,
1554 	 * unless it's the only way to give this client a slot:
1555 	 */
1556 	avail = clamp_t(int, avail, slotsize, avail/3);
1557 	num = min_t(int, num, avail / slotsize);
1558 	nfsd_drc_mem_used += num * slotsize;
1559 	spin_unlock(&nfsd_drc_lock);
1560 
1561 	return num;
1562 }
1563 
1564 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca)
1565 {
1566 	int slotsize = slot_bytes(ca);
1567 
1568 	spin_lock(&nfsd_drc_lock);
1569 	nfsd_drc_mem_used -= slotsize * ca->maxreqs;
1570 	spin_unlock(&nfsd_drc_lock);
1571 }
1572 
1573 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs,
1574 					   struct nfsd4_channel_attrs *battrs)
1575 {
1576 	int numslots = fattrs->maxreqs;
1577 	int slotsize = slot_bytes(fattrs);
1578 	struct nfsd4_session *new;
1579 	int mem, i;
1580 
1581 	BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
1582 			+ sizeof(struct nfsd4_session) > PAGE_SIZE);
1583 	mem = numslots * sizeof(struct nfsd4_slot *);
1584 
1585 	new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
1586 	if (!new)
1587 		return NULL;
1588 	/* allocate each struct nfsd4_slot and data cache in one piece */
1589 	for (i = 0; i < numslots; i++) {
1590 		new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL);
1591 		if (!new->se_slots[i])
1592 			goto out_free;
1593 	}
1594 
1595 	memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs));
1596 	memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs));
1597 
1598 	return new;
1599 out_free:
1600 	while (i--)
1601 		kfree(new->se_slots[i]);
1602 	kfree(new);
1603 	return NULL;
1604 }
1605 
1606 static void free_conn(struct nfsd4_conn *c)
1607 {
1608 	svc_xprt_put(c->cn_xprt);
1609 	kfree(c);
1610 }
1611 
1612 static void nfsd4_conn_lost(struct svc_xpt_user *u)
1613 {
1614 	struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
1615 	struct nfs4_client *clp = c->cn_session->se_client;
1616 
1617 	spin_lock(&clp->cl_lock);
1618 	if (!list_empty(&c->cn_persession)) {
1619 		list_del(&c->cn_persession);
1620 		free_conn(c);
1621 	}
1622 	nfsd4_probe_callback(clp);
1623 	spin_unlock(&clp->cl_lock);
1624 }
1625 
1626 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
1627 {
1628 	struct nfsd4_conn *conn;
1629 
1630 	conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
1631 	if (!conn)
1632 		return NULL;
1633 	svc_xprt_get(rqstp->rq_xprt);
1634 	conn->cn_xprt = rqstp->rq_xprt;
1635 	conn->cn_flags = flags;
1636 	INIT_LIST_HEAD(&conn->cn_xpt_user.list);
1637 	return conn;
1638 }
1639 
1640 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
1641 {
1642 	conn->cn_session = ses;
1643 	list_add(&conn->cn_persession, &ses->se_conns);
1644 }
1645 
1646 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
1647 {
1648 	struct nfs4_client *clp = ses->se_client;
1649 
1650 	spin_lock(&clp->cl_lock);
1651 	__nfsd4_hash_conn(conn, ses);
1652 	spin_unlock(&clp->cl_lock);
1653 }
1654 
1655 static int nfsd4_register_conn(struct nfsd4_conn *conn)
1656 {
1657 	conn->cn_xpt_user.callback = nfsd4_conn_lost;
1658 	return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
1659 }
1660 
1661 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses)
1662 {
1663 	int ret;
1664 
1665 	nfsd4_hash_conn(conn, ses);
1666 	ret = nfsd4_register_conn(conn);
1667 	if (ret)
1668 		/* oops; xprt is already down: */
1669 		nfsd4_conn_lost(&conn->cn_xpt_user);
1670 	/* We may have gained or lost a callback channel: */
1671 	nfsd4_probe_callback_sync(ses->se_client);
1672 }
1673 
1674 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses)
1675 {
1676 	u32 dir = NFS4_CDFC4_FORE;
1677 
1678 	if (cses->flags & SESSION4_BACK_CHAN)
1679 		dir |= NFS4_CDFC4_BACK;
1680 	return alloc_conn(rqstp, dir);
1681 }
1682 
1683 /* must be called under client_lock */
1684 static void nfsd4_del_conns(struct nfsd4_session *s)
1685 {
1686 	struct nfs4_client *clp = s->se_client;
1687 	struct nfsd4_conn *c;
1688 
1689 	spin_lock(&clp->cl_lock);
1690 	while (!list_empty(&s->se_conns)) {
1691 		c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
1692 		list_del_init(&c->cn_persession);
1693 		spin_unlock(&clp->cl_lock);
1694 
1695 		unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
1696 		free_conn(c);
1697 
1698 		spin_lock(&clp->cl_lock);
1699 	}
1700 	spin_unlock(&clp->cl_lock);
1701 }
1702 
1703 static void __free_session(struct nfsd4_session *ses)
1704 {
1705 	free_session_slots(ses);
1706 	kfree(ses);
1707 }
1708 
1709 static void free_session(struct nfsd4_session *ses)
1710 {
1711 	nfsd4_del_conns(ses);
1712 	nfsd4_put_drc_mem(&ses->se_fchannel);
1713 	__free_session(ses);
1714 }
1715 
1716 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses)
1717 {
1718 	int idx;
1719 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1720 
1721 	new->se_client = clp;
1722 	gen_sessionid(new);
1723 
1724 	INIT_LIST_HEAD(&new->se_conns);
1725 
1726 	new->se_cb_seq_nr = 1;
1727 	new->se_flags = cses->flags;
1728 	new->se_cb_prog = cses->callback_prog;
1729 	new->se_cb_sec = cses->cb_sec;
1730 	atomic_set(&new->se_ref, 0);
1731 	idx = hash_sessionid(&new->se_sessionid);
1732 	list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]);
1733 	spin_lock(&clp->cl_lock);
1734 	list_add(&new->se_perclnt, &clp->cl_sessions);
1735 	spin_unlock(&clp->cl_lock);
1736 
1737 	{
1738 		struct sockaddr *sa = svc_addr(rqstp);
1739 		/*
1740 		 * This is a little silly; with sessions there's no real
1741 		 * use for the callback address.  Use the peer address
1742 		 * as a reasonable default for now, but consider fixing
1743 		 * the rpc client not to require an address in the
1744 		 * future:
1745 		 */
1746 		rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
1747 		clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
1748 	}
1749 }
1750 
1751 /* caller must hold client_lock */
1752 static struct nfsd4_session *
1753 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net)
1754 {
1755 	struct nfsd4_session *elem;
1756 	int idx;
1757 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1758 
1759 	lockdep_assert_held(&nn->client_lock);
1760 
1761 	dump_sessionid(__func__, sessionid);
1762 	idx = hash_sessionid(sessionid);
1763 	/* Search in the appropriate list */
1764 	list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) {
1765 		if (!memcmp(elem->se_sessionid.data, sessionid->data,
1766 			    NFS4_MAX_SESSIONID_LEN)) {
1767 			return elem;
1768 		}
1769 	}
1770 
1771 	dprintk("%s: session not found\n", __func__);
1772 	return NULL;
1773 }
1774 
1775 static struct nfsd4_session *
1776 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net,
1777 		__be32 *ret)
1778 {
1779 	struct nfsd4_session *session;
1780 	__be32 status = nfserr_badsession;
1781 
1782 	session = __find_in_sessionid_hashtbl(sessionid, net);
1783 	if (!session)
1784 		goto out;
1785 	status = nfsd4_get_session_locked(session);
1786 	if (status)
1787 		session = NULL;
1788 out:
1789 	*ret = status;
1790 	return session;
1791 }
1792 
1793 /* caller must hold client_lock */
1794 static void
1795 unhash_session(struct nfsd4_session *ses)
1796 {
1797 	struct nfs4_client *clp = ses->se_client;
1798 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1799 
1800 	lockdep_assert_held(&nn->client_lock);
1801 
1802 	list_del(&ses->se_hash);
1803 	spin_lock(&ses->se_client->cl_lock);
1804 	list_del(&ses->se_perclnt);
1805 	spin_unlock(&ses->se_client->cl_lock);
1806 }
1807 
1808 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
1809 static int
1810 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn)
1811 {
1812 	/*
1813 	 * We're assuming the clid was not given out from a boot
1814 	 * precisely 2^32 (about 136 years) before this one.  That seems
1815 	 * a safe assumption:
1816 	 */
1817 	if (clid->cl_boot == (u32)nn->boot_time)
1818 		return 0;
1819 	dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
1820 		clid->cl_boot, clid->cl_id, nn->boot_time);
1821 	return 1;
1822 }
1823 
1824 /*
1825  * XXX Should we use a slab cache ?
1826  * This type of memory management is somewhat inefficient, but we use it
1827  * anyway since SETCLIENTID is not a common operation.
1828  */
1829 static struct nfs4_client *alloc_client(struct xdr_netobj name)
1830 {
1831 	struct nfs4_client *clp;
1832 	int i;
1833 
1834 	clp = kmem_cache_zalloc(client_slab, GFP_KERNEL);
1835 	if (clp == NULL)
1836 		return NULL;
1837 	clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
1838 	if (clp->cl_name.data == NULL)
1839 		goto err_no_name;
1840 	clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE,
1841 						 sizeof(struct list_head),
1842 						 GFP_KERNEL);
1843 	if (!clp->cl_ownerstr_hashtbl)
1844 		goto err_no_hashtbl;
1845 	for (i = 0; i < OWNER_HASH_SIZE; i++)
1846 		INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]);
1847 	clp->cl_name.len = name.len;
1848 	INIT_LIST_HEAD(&clp->cl_sessions);
1849 	idr_init(&clp->cl_stateids);
1850 	atomic_set(&clp->cl_refcount, 0);
1851 	clp->cl_cb_state = NFSD4_CB_UNKNOWN;
1852 	INIT_LIST_HEAD(&clp->cl_idhash);
1853 	INIT_LIST_HEAD(&clp->cl_openowners);
1854 	INIT_LIST_HEAD(&clp->cl_delegations);
1855 	INIT_LIST_HEAD(&clp->cl_lru);
1856 	INIT_LIST_HEAD(&clp->cl_revoked);
1857 #ifdef CONFIG_NFSD_PNFS
1858 	INIT_LIST_HEAD(&clp->cl_lo_states);
1859 #endif
1860 	INIT_LIST_HEAD(&clp->async_copies);
1861 	spin_lock_init(&clp->async_lock);
1862 	spin_lock_init(&clp->cl_lock);
1863 	rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
1864 	return clp;
1865 err_no_hashtbl:
1866 	kfree(clp->cl_name.data);
1867 err_no_name:
1868 	kmem_cache_free(client_slab, clp);
1869 	return NULL;
1870 }
1871 
1872 static void
1873 free_client(struct nfs4_client *clp)
1874 {
1875 	while (!list_empty(&clp->cl_sessions)) {
1876 		struct nfsd4_session *ses;
1877 		ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
1878 				se_perclnt);
1879 		list_del(&ses->se_perclnt);
1880 		WARN_ON_ONCE(atomic_read(&ses->se_ref));
1881 		free_session(ses);
1882 	}
1883 	rpc_destroy_wait_queue(&clp->cl_cb_waitq);
1884 	free_svc_cred(&clp->cl_cred);
1885 	kfree(clp->cl_ownerstr_hashtbl);
1886 	kfree(clp->cl_name.data);
1887 	idr_destroy(&clp->cl_stateids);
1888 	kmem_cache_free(client_slab, clp);
1889 }
1890 
1891 /* must be called under the client_lock */
1892 static void
1893 unhash_client_locked(struct nfs4_client *clp)
1894 {
1895 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1896 	struct nfsd4_session *ses;
1897 
1898 	lockdep_assert_held(&nn->client_lock);
1899 
1900 	/* Mark the client as expired! */
1901 	clp->cl_time = 0;
1902 	/* Make it invisible */
1903 	if (!list_empty(&clp->cl_idhash)) {
1904 		list_del_init(&clp->cl_idhash);
1905 		if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
1906 			rb_erase(&clp->cl_namenode, &nn->conf_name_tree);
1907 		else
1908 			rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
1909 	}
1910 	list_del_init(&clp->cl_lru);
1911 	spin_lock(&clp->cl_lock);
1912 	list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
1913 		list_del_init(&ses->se_hash);
1914 	spin_unlock(&clp->cl_lock);
1915 }
1916 
1917 static void
1918 unhash_client(struct nfs4_client *clp)
1919 {
1920 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1921 
1922 	spin_lock(&nn->client_lock);
1923 	unhash_client_locked(clp);
1924 	spin_unlock(&nn->client_lock);
1925 }
1926 
1927 static __be32 mark_client_expired_locked(struct nfs4_client *clp)
1928 {
1929 	if (atomic_read(&clp->cl_refcount))
1930 		return nfserr_jukebox;
1931 	unhash_client_locked(clp);
1932 	return nfs_ok;
1933 }
1934 
1935 static void
1936 __destroy_client(struct nfs4_client *clp)
1937 {
1938 	int i;
1939 	struct nfs4_openowner *oo;
1940 	struct nfs4_delegation *dp;
1941 	struct list_head reaplist;
1942 
1943 	INIT_LIST_HEAD(&reaplist);
1944 	spin_lock(&state_lock);
1945 	while (!list_empty(&clp->cl_delegations)) {
1946 		dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
1947 		WARN_ON(!unhash_delegation_locked(dp));
1948 		list_add(&dp->dl_recall_lru, &reaplist);
1949 	}
1950 	spin_unlock(&state_lock);
1951 	while (!list_empty(&reaplist)) {
1952 		dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
1953 		list_del_init(&dp->dl_recall_lru);
1954 		destroy_unhashed_deleg(dp);
1955 	}
1956 	while (!list_empty(&clp->cl_revoked)) {
1957 		dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru);
1958 		list_del_init(&dp->dl_recall_lru);
1959 		nfs4_put_stid(&dp->dl_stid);
1960 	}
1961 	while (!list_empty(&clp->cl_openowners)) {
1962 		oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
1963 		nfs4_get_stateowner(&oo->oo_owner);
1964 		release_openowner(oo);
1965 	}
1966 	for (i = 0; i < OWNER_HASH_SIZE; i++) {
1967 		struct nfs4_stateowner *so, *tmp;
1968 
1969 		list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i],
1970 					 so_strhash) {
1971 			/* Should be no openowners at this point */
1972 			WARN_ON_ONCE(so->so_is_open_owner);
1973 			remove_blocked_locks(lockowner(so));
1974 		}
1975 	}
1976 	nfsd4_return_all_client_layouts(clp);
1977 	nfsd4_shutdown_copy(clp);
1978 	nfsd4_shutdown_callback(clp);
1979 	if (clp->cl_cb_conn.cb_xprt)
1980 		svc_xprt_put(clp->cl_cb_conn.cb_xprt);
1981 	free_client(clp);
1982 }
1983 
1984 static void
1985 destroy_client(struct nfs4_client *clp)
1986 {
1987 	unhash_client(clp);
1988 	__destroy_client(clp);
1989 }
1990 
1991 static void expire_client(struct nfs4_client *clp)
1992 {
1993 	unhash_client(clp);
1994 	nfsd4_client_record_remove(clp);
1995 	__destroy_client(clp);
1996 }
1997 
1998 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
1999 {
2000 	memcpy(target->cl_verifier.data, source->data,
2001 			sizeof(target->cl_verifier.data));
2002 }
2003 
2004 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
2005 {
2006 	target->cl_clientid.cl_boot = source->cl_clientid.cl_boot;
2007 	target->cl_clientid.cl_id = source->cl_clientid.cl_id;
2008 }
2009 
2010 static int copy_cred(struct svc_cred *target, struct svc_cred *source)
2011 {
2012 	target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL);
2013 	target->cr_raw_principal = kstrdup(source->cr_raw_principal,
2014 								GFP_KERNEL);
2015 	target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL);
2016 	if ((source->cr_principal && !target->cr_principal) ||
2017 	    (source->cr_raw_principal && !target->cr_raw_principal) ||
2018 	    (source->cr_targ_princ && !target->cr_targ_princ))
2019 		return -ENOMEM;
2020 
2021 	target->cr_flavor = source->cr_flavor;
2022 	target->cr_uid = source->cr_uid;
2023 	target->cr_gid = source->cr_gid;
2024 	target->cr_group_info = source->cr_group_info;
2025 	get_group_info(target->cr_group_info);
2026 	target->cr_gss_mech = source->cr_gss_mech;
2027 	if (source->cr_gss_mech)
2028 		gss_mech_get(source->cr_gss_mech);
2029 	return 0;
2030 }
2031 
2032 static int
2033 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2)
2034 {
2035 	if (o1->len < o2->len)
2036 		return -1;
2037 	if (o1->len > o2->len)
2038 		return 1;
2039 	return memcmp(o1->data, o2->data, o1->len);
2040 }
2041 
2042 static int same_name(const char *n1, const char *n2)
2043 {
2044 	return 0 == memcmp(n1, n2, HEXDIR_LEN);
2045 }
2046 
2047 static int
2048 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
2049 {
2050 	return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
2051 }
2052 
2053 static int
2054 same_clid(clientid_t *cl1, clientid_t *cl2)
2055 {
2056 	return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
2057 }
2058 
2059 static bool groups_equal(struct group_info *g1, struct group_info *g2)
2060 {
2061 	int i;
2062 
2063 	if (g1->ngroups != g2->ngroups)
2064 		return false;
2065 	for (i=0; i<g1->ngroups; i++)
2066 		if (!gid_eq(g1->gid[i], g2->gid[i]))
2067 			return false;
2068 	return true;
2069 }
2070 
2071 /*
2072  * RFC 3530 language requires clid_inuse be returned when the
2073  * "principal" associated with a requests differs from that previously
2074  * used.  We use uid, gid's, and gss principal string as our best
2075  * approximation.  We also don't want to allow non-gss use of a client
2076  * established using gss: in theory cr_principal should catch that
2077  * change, but in practice cr_principal can be null even in the gss case
2078  * since gssd doesn't always pass down a principal string.
2079  */
2080 static bool is_gss_cred(struct svc_cred *cr)
2081 {
2082 	/* Is cr_flavor one of the gss "pseudoflavors"?: */
2083 	return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
2084 }
2085 
2086 
2087 static bool
2088 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
2089 {
2090 	if ((is_gss_cred(cr1) != is_gss_cred(cr2))
2091 		|| (!uid_eq(cr1->cr_uid, cr2->cr_uid))
2092 		|| (!gid_eq(cr1->cr_gid, cr2->cr_gid))
2093 		|| !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
2094 		return false;
2095 	/* XXX: check that cr_targ_princ fields match ? */
2096 	if (cr1->cr_principal == cr2->cr_principal)
2097 		return true;
2098 	if (!cr1->cr_principal || !cr2->cr_principal)
2099 		return false;
2100 	return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);
2101 }
2102 
2103 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)
2104 {
2105 	struct svc_cred *cr = &rqstp->rq_cred;
2106 	u32 service;
2107 
2108 	if (!cr->cr_gss_mech)
2109 		return false;
2110 	service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);
2111 	return service == RPC_GSS_SVC_INTEGRITY ||
2112 	       service == RPC_GSS_SVC_PRIVACY;
2113 }
2114 
2115 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)
2116 {
2117 	struct svc_cred *cr = &rqstp->rq_cred;
2118 
2119 	if (!cl->cl_mach_cred)
2120 		return true;
2121 	if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)
2122 		return false;
2123 	if (!svc_rqst_integrity_protected(rqstp))
2124 		return false;
2125 	if (cl->cl_cred.cr_raw_principal)
2126 		return 0 == strcmp(cl->cl_cred.cr_raw_principal,
2127 						cr->cr_raw_principal);
2128 	if (!cr->cr_principal)
2129 		return false;
2130 	return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);
2131 }
2132 
2133 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn)
2134 {
2135 	__be32 verf[2];
2136 
2137 	/*
2138 	 * This is opaque to client, so no need to byte-swap. Use
2139 	 * __force to keep sparse happy
2140 	 */
2141 	verf[0] = (__force __be32)get_seconds();
2142 	verf[1] = (__force __be32)nn->clverifier_counter++;
2143 	memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
2144 }
2145 
2146 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)
2147 {
2148 	clp->cl_clientid.cl_boot = nn->boot_time;
2149 	clp->cl_clientid.cl_id = nn->clientid_counter++;
2150 	gen_confirm(clp, nn);
2151 }
2152 
2153 static struct nfs4_stid *
2154 find_stateid_locked(struct nfs4_client *cl, stateid_t *t)
2155 {
2156 	struct nfs4_stid *ret;
2157 
2158 	ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id);
2159 	if (!ret || !ret->sc_type)
2160 		return NULL;
2161 	return ret;
2162 }
2163 
2164 static struct nfs4_stid *
2165 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
2166 {
2167 	struct nfs4_stid *s;
2168 
2169 	spin_lock(&cl->cl_lock);
2170 	s = find_stateid_locked(cl, t);
2171 	if (s != NULL) {
2172 		if (typemask & s->sc_type)
2173 			refcount_inc(&s->sc_count);
2174 		else
2175 			s = NULL;
2176 	}
2177 	spin_unlock(&cl->cl_lock);
2178 	return s;
2179 }
2180 
2181 static struct nfs4_client *create_client(struct xdr_netobj name,
2182 		struct svc_rqst *rqstp, nfs4_verifier *verf)
2183 {
2184 	struct nfs4_client *clp;
2185 	struct sockaddr *sa = svc_addr(rqstp);
2186 	int ret;
2187 	struct net *net = SVC_NET(rqstp);
2188 
2189 	clp = alloc_client(name);
2190 	if (clp == NULL)
2191 		return NULL;
2192 
2193 	ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred);
2194 	if (ret) {
2195 		free_client(clp);
2196 		return NULL;
2197 	}
2198 	nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL);
2199 	clp->cl_time = get_seconds();
2200 	clear_bit(0, &clp->cl_cb_slot_busy);
2201 	copy_verf(clp, verf);
2202 	rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
2203 	clp->cl_cb_session = NULL;
2204 	clp->net = net;
2205 	return clp;
2206 }
2207 
2208 static void
2209 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root)
2210 {
2211 	struct rb_node **new = &(root->rb_node), *parent = NULL;
2212 	struct nfs4_client *clp;
2213 
2214 	while (*new) {
2215 		clp = rb_entry(*new, struct nfs4_client, cl_namenode);
2216 		parent = *new;
2217 
2218 		if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0)
2219 			new = &((*new)->rb_left);
2220 		else
2221 			new = &((*new)->rb_right);
2222 	}
2223 
2224 	rb_link_node(&new_clp->cl_namenode, parent, new);
2225 	rb_insert_color(&new_clp->cl_namenode, root);
2226 }
2227 
2228 static struct nfs4_client *
2229 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root)
2230 {
2231 	int cmp;
2232 	struct rb_node *node = root->rb_node;
2233 	struct nfs4_client *clp;
2234 
2235 	while (node) {
2236 		clp = rb_entry(node, struct nfs4_client, cl_namenode);
2237 		cmp = compare_blob(&clp->cl_name, name);
2238 		if (cmp > 0)
2239 			node = node->rb_left;
2240 		else if (cmp < 0)
2241 			node = node->rb_right;
2242 		else
2243 			return clp;
2244 	}
2245 	return NULL;
2246 }
2247 
2248 static void
2249 add_to_unconfirmed(struct nfs4_client *clp)
2250 {
2251 	unsigned int idhashval;
2252 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2253 
2254 	lockdep_assert_held(&nn->client_lock);
2255 
2256 	clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
2257 	add_clp_to_name_tree(clp, &nn->unconf_name_tree);
2258 	idhashval = clientid_hashval(clp->cl_clientid.cl_id);
2259 	list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]);
2260 	renew_client_locked(clp);
2261 }
2262 
2263 static void
2264 move_to_confirmed(struct nfs4_client *clp)
2265 {
2266 	unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
2267 	struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2268 
2269 	lockdep_assert_held(&nn->client_lock);
2270 
2271 	dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
2272 	list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]);
2273 	rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
2274 	add_clp_to_name_tree(clp, &nn->conf_name_tree);
2275 	set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
2276 	renew_client_locked(clp);
2277 }
2278 
2279 static struct nfs4_client *
2280 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions)
2281 {
2282 	struct nfs4_client *clp;
2283 	unsigned int idhashval = clientid_hashval(clid->cl_id);
2284 
2285 	list_for_each_entry(clp, &tbl[idhashval], cl_idhash) {
2286 		if (same_clid(&clp->cl_clientid, clid)) {
2287 			if ((bool)clp->cl_minorversion != sessions)
2288 				return NULL;
2289 			renew_client_locked(clp);
2290 			return clp;
2291 		}
2292 	}
2293 	return NULL;
2294 }
2295 
2296 static struct nfs4_client *
2297 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
2298 {
2299 	struct list_head *tbl = nn->conf_id_hashtbl;
2300 
2301 	lockdep_assert_held(&nn->client_lock);
2302 	return find_client_in_id_table(tbl, clid, sessions);
2303 }
2304 
2305 static struct nfs4_client *
2306 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
2307 {
2308 	struct list_head *tbl = nn->unconf_id_hashtbl;
2309 
2310 	lockdep_assert_held(&nn->client_lock);
2311 	return find_client_in_id_table(tbl, clid, sessions);
2312 }
2313 
2314 static bool clp_used_exchangeid(struct nfs4_client *clp)
2315 {
2316 	return clp->cl_exchange_flags != 0;
2317 }
2318 
2319 static struct nfs4_client *
2320 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
2321 {
2322 	lockdep_assert_held(&nn->client_lock);
2323 	return find_clp_in_name_tree(name, &nn->conf_name_tree);
2324 }
2325 
2326 static struct nfs4_client *
2327 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
2328 {
2329 	lockdep_assert_held(&nn->client_lock);
2330 	return find_clp_in_name_tree(name, &nn->unconf_name_tree);
2331 }
2332 
2333 static void
2334 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
2335 {
2336 	struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
2337 	struct sockaddr	*sa = svc_addr(rqstp);
2338 	u32 scopeid = rpc_get_scope_id(sa);
2339 	unsigned short expected_family;
2340 
2341 	/* Currently, we only support tcp and tcp6 for the callback channel */
2342 	if (se->se_callback_netid_len == 3 &&
2343 	    !memcmp(se->se_callback_netid_val, "tcp", 3))
2344 		expected_family = AF_INET;
2345 	else if (se->se_callback_netid_len == 4 &&
2346 		 !memcmp(se->se_callback_netid_val, "tcp6", 4))
2347 		expected_family = AF_INET6;
2348 	else
2349 		goto out_err;
2350 
2351 	conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val,
2352 					    se->se_callback_addr_len,
2353 					    (struct sockaddr *)&conn->cb_addr,
2354 					    sizeof(conn->cb_addr));
2355 
2356 	if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
2357 		goto out_err;
2358 
2359 	if (conn->cb_addr.ss_family == AF_INET6)
2360 		((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
2361 
2362 	conn->cb_prog = se->se_callback_prog;
2363 	conn->cb_ident = se->se_callback_ident;
2364 	memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
2365 	return;
2366 out_err:
2367 	conn->cb_addr.ss_family = AF_UNSPEC;
2368 	conn->cb_addrlen = 0;
2369 	dprintk("NFSD: this client (clientid %08x/%08x) "
2370 		"will not receive delegations\n",
2371 		clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);
2372 
2373 	return;
2374 }
2375 
2376 /*
2377  * Cache a reply. nfsd4_check_resp_size() has bounded the cache size.
2378  */
2379 static void
2380 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
2381 {
2382 	struct xdr_buf *buf = resp->xdr.buf;
2383 	struct nfsd4_slot *slot = resp->cstate.slot;
2384 	unsigned int base;
2385 
2386 	dprintk("--> %s slot %p\n", __func__, slot);
2387 
2388 	slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
2389 	slot->sl_opcnt = resp->opcnt;
2390 	slot->sl_status = resp->cstate.status;
2391 	free_svc_cred(&slot->sl_cred);
2392 	copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred);
2393 
2394 	if (!nfsd4_cache_this(resp)) {
2395 		slot->sl_flags &= ~NFSD4_SLOT_CACHED;
2396 		return;
2397 	}
2398 	slot->sl_flags |= NFSD4_SLOT_CACHED;
2399 
2400 	base = resp->cstate.data_offset;
2401 	slot->sl_datalen = buf->len - base;
2402 	if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen))
2403 		WARN(1, "%s: sessions DRC could not cache compound\n",
2404 		     __func__);
2405 	return;
2406 }
2407 
2408 /*
2409  * Encode the replay sequence operation from the slot values.
2410  * If cachethis is FALSE encode the uncached rep error on the next
2411  * operation which sets resp->p and increments resp->opcnt for
2412  * nfs4svc_encode_compoundres.
2413  *
2414  */
2415 static __be32
2416 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
2417 			  struct nfsd4_compoundres *resp)
2418 {
2419 	struct nfsd4_op *op;
2420 	struct nfsd4_slot *slot = resp->cstate.slot;
2421 
2422 	/* Encode the replayed sequence operation */
2423 	op = &args->ops[resp->opcnt - 1];
2424 	nfsd4_encode_operation(resp, op);
2425 
2426 	if (slot->sl_flags & NFSD4_SLOT_CACHED)
2427 		return op->status;
2428 	if (args->opcnt == 1) {
2429 		/*
2430 		 * The original operation wasn't a solo sequence--we
2431 		 * always cache those--so this retry must not match the
2432 		 * original:
2433 		 */
2434 		op->status = nfserr_seq_false_retry;
2435 	} else {
2436 		op = &args->ops[resp->opcnt++];
2437 		op->status = nfserr_retry_uncached_rep;
2438 		nfsd4_encode_operation(resp, op);
2439 	}
2440 	return op->status;
2441 }
2442 
2443 /*
2444  * The sequence operation is not cached because we can use the slot and
2445  * session values.
2446  */
2447 static __be32
2448 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
2449 			 struct nfsd4_sequence *seq)
2450 {
2451 	struct nfsd4_slot *slot = resp->cstate.slot;
2452 	struct xdr_stream *xdr = &resp->xdr;
2453 	__be32 *p;
2454 	__be32 status;
2455 
2456 	dprintk("--> %s slot %p\n", __func__, slot);
2457 
2458 	status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
2459 	if (status)
2460 		return status;
2461 
2462 	p = xdr_reserve_space(xdr, slot->sl_datalen);
2463 	if (!p) {
2464 		WARN_ON_ONCE(1);
2465 		return nfserr_serverfault;
2466 	}
2467 	xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen);
2468 	xdr_commit_encode(xdr);
2469 
2470 	resp->opcnt = slot->sl_opcnt;
2471 	return slot->sl_status;
2472 }
2473 
2474 /*
2475  * Set the exchange_id flags returned by the server.
2476  */
2477 static void
2478 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
2479 {
2480 #ifdef CONFIG_NFSD_PNFS
2481 	new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS;
2482 #else
2483 	new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
2484 #endif
2485 
2486 	/* Referrals are supported, Migration is not. */
2487 	new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
2488 
2489 	/* set the wire flags to return to client. */
2490 	clid->flags = new->cl_exchange_flags;
2491 }
2492 
2493 static bool client_has_openowners(struct nfs4_client *clp)
2494 {
2495 	struct nfs4_openowner *oo;
2496 
2497 	list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) {
2498 		if (!list_empty(&oo->oo_owner.so_stateids))
2499 			return true;
2500 	}
2501 	return false;
2502 }
2503 
2504 static bool client_has_state(struct nfs4_client *clp)
2505 {
2506 	return client_has_openowners(clp)
2507 #ifdef CONFIG_NFSD_PNFS
2508 		|| !list_empty(&clp->cl_lo_states)
2509 #endif
2510 		|| !list_empty(&clp->cl_delegations)
2511 		|| !list_empty(&clp->cl_sessions)
2512 		|| !list_empty(&clp->async_copies);
2513 }
2514 
2515 __be32
2516 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
2517 		union nfsd4_op_u *u)
2518 {
2519 	struct nfsd4_exchange_id *exid = &u->exchange_id;
2520 	struct nfs4_client *conf, *new;
2521 	struct nfs4_client *unconf = NULL;
2522 	__be32 status;
2523 	char			addr_str[INET6_ADDRSTRLEN];
2524 	nfs4_verifier		verf = exid->verifier;
2525 	struct sockaddr		*sa = svc_addr(rqstp);
2526 	bool	update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A;
2527 	struct nfsd_net		*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2528 
2529 	rpc_ntop(sa, addr_str, sizeof(addr_str));
2530 	dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
2531 		"ip_addr=%s flags %x, spa_how %d\n",
2532 		__func__, rqstp, exid, exid->clname.len, exid->clname.data,
2533 		addr_str, exid->flags, exid->spa_how);
2534 
2535 	if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
2536 		return nfserr_inval;
2537 
2538 	new = create_client(exid->clname, rqstp, &verf);
2539 	if (new == NULL)
2540 		return nfserr_jukebox;
2541 
2542 	switch (exid->spa_how) {
2543 	case SP4_MACH_CRED:
2544 		exid->spo_must_enforce[0] = 0;
2545 		exid->spo_must_enforce[1] = (
2546 			1 << (OP_BIND_CONN_TO_SESSION - 32) |
2547 			1 << (OP_EXCHANGE_ID - 32) |
2548 			1 << (OP_CREATE_SESSION - 32) |
2549 			1 << (OP_DESTROY_SESSION - 32) |
2550 			1 << (OP_DESTROY_CLIENTID - 32));
2551 
2552 		exid->spo_must_allow[0] &= (1 << (OP_CLOSE) |
2553 					1 << (OP_OPEN_DOWNGRADE) |
2554 					1 << (OP_LOCKU) |
2555 					1 << (OP_DELEGRETURN));
2556 
2557 		exid->spo_must_allow[1] &= (
2558 					1 << (OP_TEST_STATEID - 32) |
2559 					1 << (OP_FREE_STATEID - 32));
2560 		if (!svc_rqst_integrity_protected(rqstp)) {
2561 			status = nfserr_inval;
2562 			goto out_nolock;
2563 		}
2564 		/*
2565 		 * Sometimes userspace doesn't give us a principal.
2566 		 * Which is a bug, really.  Anyway, we can't enforce
2567 		 * MACH_CRED in that case, better to give up now:
2568 		 */
2569 		if (!new->cl_cred.cr_principal &&
2570 					!new->cl_cred.cr_raw_principal) {
2571 			status = nfserr_serverfault;
2572 			goto out_nolock;
2573 		}
2574 		new->cl_mach_cred = true;
2575 	case SP4_NONE:
2576 		break;
2577 	default:				/* checked by xdr code */
2578 		WARN_ON_ONCE(1);
2579 	case SP4_SSV:
2580 		status = nfserr_encr_alg_unsupp;
2581 		goto out_nolock;
2582 	}
2583 
2584 	/* Cases below refer to rfc 5661 section 18.35.4: */
2585 	spin_lock(&nn->client_lock);
2586 	conf = find_confirmed_client_by_name(&exid->clname, nn);
2587 	if (conf) {
2588 		bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred);
2589 		bool verfs_match = same_verf(&verf, &conf->cl_verifier);
2590 
2591 		if (update) {
2592 			if (!clp_used_exchangeid(conf)) { /* buggy client */
2593 				status = nfserr_inval;
2594 				goto out;
2595 			}
2596 			if (!nfsd4_mach_creds_match(conf, rqstp)) {
2597 				status = nfserr_wrong_cred;
2598 				goto out;
2599 			}
2600 			if (!creds_match) { /* case 9 */
2601 				status = nfserr_perm;
2602 				goto out;
2603 			}
2604 			if (!verfs_match) { /* case 8 */
2605 				status = nfserr_not_same;
2606 				goto out;
2607 			}
2608 			/* case 6 */
2609 			exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
2610 			goto out_copy;
2611 		}
2612 		if (!creds_match) { /* case 3 */
2613 			if (client_has_state(conf)) {
2614 				status = nfserr_clid_inuse;
2615 				goto out;
2616 			}
2617 			goto out_new;
2618 		}
2619 		if (verfs_match) { /* case 2 */
2620 			conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R;
2621 			goto out_copy;
2622 		}
2623 		/* case 5, client reboot */
2624 		conf = NULL;
2625 		goto out_new;
2626 	}
2627 
2628 	if (update) { /* case 7 */
2629 		status = nfserr_noent;
2630 		goto out;
2631 	}
2632 
2633 	unconf  = find_unconfirmed_client_by_name(&exid->clname, nn);
2634 	if (unconf) /* case 4, possible retry or client restart */
2635 		unhash_client_locked(unconf);
2636 
2637 	/* case 1 (normal case) */
2638 out_new:
2639 	if (conf) {
2640 		status = mark_client_expired_locked(conf);
2641 		if (status)
2642 			goto out;
2643 	}
2644 	new->cl_minorversion = cstate->minorversion;
2645 	new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0];
2646 	new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1];
2647 
2648 	gen_clid(new, nn);
2649 	add_to_unconfirmed(new);
2650 	swap(new, conf);
2651 out_copy:
2652 	exid->clientid.cl_boot = conf->cl_clientid.cl_boot;
2653 	exid->clientid.cl_id = conf->cl_clientid.cl_id;
2654 
2655 	exid->seqid = conf->cl_cs_slot.sl_seqid + 1;
2656 	nfsd4_set_ex_flags(conf, exid);
2657 
2658 	dprintk("nfsd4_exchange_id seqid %d flags %x\n",
2659 		conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags);
2660 	status = nfs_ok;
2661 
2662 out:
2663 	spin_unlock(&nn->client_lock);
2664 out_nolock:
2665 	if (new)
2666 		expire_client(new);
2667 	if (unconf)
2668 		expire_client(unconf);
2669 	return status;
2670 }
2671 
2672 static __be32
2673 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
2674 {
2675 	dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
2676 		slot_seqid);
2677 
2678 	/* The slot is in use, and no response has been sent. */
2679 	if (slot_inuse) {
2680 		if (seqid == slot_seqid)
2681 			return nfserr_jukebox;
2682 		else
2683 			return nfserr_seq_misordered;
2684 	}
2685 	/* Note unsigned 32-bit arithmetic handles wraparound: */
2686 	if (likely(seqid == slot_seqid + 1))
2687 		return nfs_ok;
2688 	if (seqid == slot_seqid)
2689 		return nfserr_replay_cache;
2690 	return nfserr_seq_misordered;
2691 }
2692 
2693 /*
2694  * Cache the create session result into the create session single DRC
2695  * slot cache by saving the xdr structure. sl_seqid has been set.
2696  * Do this for solo or embedded create session operations.
2697  */
2698 static void
2699 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
2700 			   struct nfsd4_clid_slot *slot, __be32 nfserr)
2701 {
2702 	slot->sl_status = nfserr;
2703 	memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
2704 }
2705 
2706 static __be32
2707 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
2708 			    struct nfsd4_clid_slot *slot)
2709 {
2710 	memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
2711 	return slot->sl_status;
2712 }
2713 
2714 #define NFSD_MIN_REQ_HDR_SEQ_SZ	((\
2715 			2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
2716 			1 +	/* MIN tag is length with zero, only length */ \
2717 			3 +	/* version, opcount, opcode */ \
2718 			XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
2719 				/* seqid, slotID, slotID, cache */ \
2720 			4 ) * sizeof(__be32))
2721 
2722 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
2723 			2 +	/* verifier: AUTH_NULL, length 0 */\
2724 			1 +	/* status */ \
2725 			1 +	/* MIN tag is length with zero, only length */ \
2726 			3 +	/* opcount, opcode, opstatus*/ \
2727 			XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
2728 				/* seqid, slotID, slotID, slotID, status */ \
2729 			5 ) * sizeof(__be32))
2730 
2731 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
2732 {
2733 	u32 maxrpc = nn->nfsd_serv->sv_max_mesg;
2734 
2735 	if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ)
2736 		return nfserr_toosmall;
2737 	if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ)
2738 		return nfserr_toosmall;
2739 	ca->headerpadsz = 0;
2740 	ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc);
2741 	ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc);
2742 	ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND);
2743 	ca->maxresp_cached = min_t(u32, ca->maxresp_cached,
2744 			NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ);
2745 	ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION);
2746 	/*
2747 	 * Note decreasing slot size below client's request may make it
2748 	 * difficult for client to function correctly, whereas
2749 	 * decreasing the number of slots will (just?) affect
2750 	 * performance.  When short on memory we therefore prefer to
2751 	 * decrease number of slots instead of their size.  Clients that
2752 	 * request larger slots than they need will get poor results:
2753 	 */
2754 	ca->maxreqs = nfsd4_get_drc_mem(ca);
2755 	if (!ca->maxreqs)
2756 		return nfserr_jukebox;
2757 
2758 	return nfs_ok;
2759 }
2760 
2761 /*
2762  * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now.
2763  * These are based on similar macros in linux/sunrpc/msg_prot.h .
2764  */
2765 #define RPC_MAX_HEADER_WITH_AUTH_SYS \
2766 	(RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK))
2767 
2768 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \
2769 	(RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK))
2770 
2771 #define NFSD_CB_MAX_REQ_SZ	((NFS4_enc_cb_recall_sz + \
2772 				 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32))
2773 #define NFSD_CB_MAX_RESP_SZ	((NFS4_dec_cb_recall_sz + \
2774 				 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \
2775 				 sizeof(__be32))
2776 
2777 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
2778 {
2779 	ca->headerpadsz = 0;
2780 
2781 	if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
2782 		return nfserr_toosmall;
2783 	if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
2784 		return nfserr_toosmall;
2785 	ca->maxresp_cached = 0;
2786 	if (ca->maxops < 2)
2787 		return nfserr_toosmall;
2788 
2789 	return nfs_ok;
2790 }
2791 
2792 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
2793 {
2794 	switch (cbs->flavor) {
2795 	case RPC_AUTH_NULL:
2796 	case RPC_AUTH_UNIX:
2797 		return nfs_ok;
2798 	default:
2799 		/*
2800 		 * GSS case: the spec doesn't allow us to return this
2801 		 * error.  But it also doesn't allow us not to support
2802 		 * GSS.
2803 		 * I'd rather this fail hard than return some error the
2804 		 * client might think it can already handle:
2805 		 */
2806 		return nfserr_encr_alg_unsupp;
2807 	}
2808 }
2809 
2810 __be32
2811 nfsd4_create_session(struct svc_rqst *rqstp,
2812 		struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
2813 {
2814 	struct nfsd4_create_session *cr_ses = &u->create_session;
2815 	struct sockaddr *sa = svc_addr(rqstp);
2816 	struct nfs4_client *conf, *unconf;
2817 	struct nfs4_client *old = NULL;
2818 	struct nfsd4_session *new;
2819 	struct nfsd4_conn *conn;
2820 	struct nfsd4_clid_slot *cs_slot = NULL;
2821 	__be32 status = 0;
2822 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2823 
2824 	if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
2825 		return nfserr_inval;
2826 	status = nfsd4_check_cb_sec(&cr_ses->cb_sec);
2827 	if (status)
2828 		return status;
2829 	status = check_forechannel_attrs(&cr_ses->fore_channel, nn);
2830 	if (status)
2831 		return status;
2832 	status = check_backchannel_attrs(&cr_ses->back_channel);
2833 	if (status)
2834 		goto out_release_drc_mem;
2835 	status = nfserr_jukebox;
2836 	new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel);
2837 	if (!new)
2838 		goto out_release_drc_mem;
2839 	conn = alloc_conn_from_crses(rqstp, cr_ses);
2840 	if (!conn)
2841 		goto out_free_session;
2842 
2843 	spin_lock(&nn->client_lock);
2844 	unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn);
2845 	conf = find_confirmed_client(&cr_ses->clientid, true, nn);
2846 	WARN_ON_ONCE(conf && unconf);
2847 
2848 	if (conf) {
2849 		status = nfserr_wrong_cred;
2850 		if (!nfsd4_mach_creds_match(conf, rqstp))
2851 			goto out_free_conn;
2852 		cs_slot = &conf->cl_cs_slot;
2853 		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
2854 		if (status) {
2855 			if (status == nfserr_replay_cache)
2856 				status = nfsd4_replay_create_session(cr_ses, cs_slot);
2857 			goto out_free_conn;
2858 		}
2859 	} else if (unconf) {
2860 		if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
2861 		    !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
2862 			status = nfserr_clid_inuse;
2863 			goto out_free_conn;
2864 		}
2865 		status = nfserr_wrong_cred;
2866 		if (!nfsd4_mach_creds_match(unconf, rqstp))
2867 			goto out_free_conn;
2868 		cs_slot = &unconf->cl_cs_slot;
2869 		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
2870 		if (status) {
2871 			/* an unconfirmed replay returns misordered */
2872 			status = nfserr_seq_misordered;
2873 			goto out_free_conn;
2874 		}
2875 		old = find_confirmed_client_by_name(&unconf->cl_name, nn);
2876 		if (old) {
2877 			status = mark_client_expired_locked(old);
2878 			if (status) {
2879 				old = NULL;
2880 				goto out_free_conn;
2881 			}
2882 		}
2883 		move_to_confirmed(unconf);
2884 		conf = unconf;
2885 	} else {
2886 		status = nfserr_stale_clientid;
2887 		goto out_free_conn;
2888 	}
2889 	status = nfs_ok;
2890 	/* Persistent sessions are not supported */
2891 	cr_ses->flags &= ~SESSION4_PERSIST;
2892 	/* Upshifting from TCP to RDMA is not supported */
2893 	cr_ses->flags &= ~SESSION4_RDMA;
2894 
2895 	init_session(rqstp, new, conf, cr_ses);
2896 	nfsd4_get_session_locked(new);
2897 
2898 	memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
2899 	       NFS4_MAX_SESSIONID_LEN);
2900 	cs_slot->sl_seqid++;
2901 	cr_ses->seqid = cs_slot->sl_seqid;
2902 
2903 	/* cache solo and embedded create sessions under the client_lock */
2904 	nfsd4_cache_create_session(cr_ses, cs_slot, status);
2905 	spin_unlock(&nn->client_lock);
2906 	/* init connection and backchannel */
2907 	nfsd4_init_conn(rqstp, conn, new);
2908 	nfsd4_put_session(new);
2909 	if (old)
2910 		expire_client(old);
2911 	return status;
2912 out_free_conn:
2913 	spin_unlock(&nn->client_lock);
2914 	free_conn(conn);
2915 	if (old)
2916 		expire_client(old);
2917 out_free_session:
2918 	__free_session(new);
2919 out_release_drc_mem:
2920 	nfsd4_put_drc_mem(&cr_ses->fore_channel);
2921 	return status;
2922 }
2923 
2924 static __be32 nfsd4_map_bcts_dir(u32 *dir)
2925 {
2926 	switch (*dir) {
2927 	case NFS4_CDFC4_FORE:
2928 	case NFS4_CDFC4_BACK:
2929 		return nfs_ok;
2930 	case NFS4_CDFC4_FORE_OR_BOTH:
2931 	case NFS4_CDFC4_BACK_OR_BOTH:
2932 		*dir = NFS4_CDFC4_BOTH;
2933 		return nfs_ok;
2934 	};
2935 	return nfserr_inval;
2936 }
2937 
2938 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp,
2939 		struct nfsd4_compound_state *cstate,
2940 		union nfsd4_op_u *u)
2941 {
2942 	struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl;
2943 	struct nfsd4_session *session = cstate->session;
2944 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2945 	__be32 status;
2946 
2947 	status = nfsd4_check_cb_sec(&bc->bc_cb_sec);
2948 	if (status)
2949 		return status;
2950 	spin_lock(&nn->client_lock);
2951 	session->se_cb_prog = bc->bc_cb_program;
2952 	session->se_cb_sec = bc->bc_cb_sec;
2953 	spin_unlock(&nn->client_lock);
2954 
2955 	nfsd4_probe_callback(session->se_client);
2956 
2957 	return nfs_ok;
2958 }
2959 
2960 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
2961 		     struct nfsd4_compound_state *cstate,
2962 		     union nfsd4_op_u *u)
2963 {
2964 	struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session;
2965 	__be32 status;
2966 	struct nfsd4_conn *conn;
2967 	struct nfsd4_session *session;
2968 	struct net *net = SVC_NET(rqstp);
2969 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2970 
2971 	if (!nfsd4_last_compound_op(rqstp))
2972 		return nfserr_not_only_op;
2973 	spin_lock(&nn->client_lock);
2974 	session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status);
2975 	spin_unlock(&nn->client_lock);
2976 	if (!session)
2977 		goto out_no_session;
2978 	status = nfserr_wrong_cred;
2979 	if (!nfsd4_mach_creds_match(session->se_client, rqstp))
2980 		goto out;
2981 	status = nfsd4_map_bcts_dir(&bcts->dir);
2982 	if (status)
2983 		goto out;
2984 	conn = alloc_conn(rqstp, bcts->dir);
2985 	status = nfserr_jukebox;
2986 	if (!conn)
2987 		goto out;
2988 	nfsd4_init_conn(rqstp, conn, session);
2989 	status = nfs_ok;
2990 out:
2991 	nfsd4_put_session(session);
2992 out_no_session:
2993 	return status;
2994 }
2995 
2996 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid)
2997 {
2998 	if (!cstate->session)
2999 		return false;
3000 	return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid));
3001 }
3002 
3003 __be32
3004 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate,
3005 		union nfsd4_op_u *u)
3006 {
3007 	struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid;
3008 	struct nfsd4_session *ses;
3009 	__be32 status;
3010 	int ref_held_by_me = 0;
3011 	struct net *net = SVC_NET(r);
3012 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
3013 
3014 	status = nfserr_not_only_op;
3015 	if (nfsd4_compound_in_session(cstate, sessionid)) {
3016 		if (!nfsd4_last_compound_op(r))
3017 			goto out;
3018 		ref_held_by_me++;
3019 	}
3020 	dump_sessionid(__func__, sessionid);
3021 	spin_lock(&nn->client_lock);
3022 	ses = find_in_sessionid_hashtbl(sessionid, net, &status);
3023 	if (!ses)
3024 		goto out_client_lock;
3025 	status = nfserr_wrong_cred;
3026 	if (!nfsd4_mach_creds_match(ses->se_client, r))
3027 		goto out_put_session;
3028 	status = mark_session_dead_locked(ses, 1 + ref_held_by_me);
3029 	if (status)
3030 		goto out_put_session;
3031 	unhash_session(ses);
3032 	spin_unlock(&nn->client_lock);
3033 
3034 	nfsd4_probe_callback_sync(ses->se_client);
3035 
3036 	spin_lock(&nn->client_lock);
3037 	status = nfs_ok;
3038 out_put_session:
3039 	nfsd4_put_session_locked(ses);
3040 out_client_lock:
3041 	spin_unlock(&nn->client_lock);
3042 out:
3043 	return status;
3044 }
3045 
3046 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
3047 {
3048 	struct nfsd4_conn *c;
3049 
3050 	list_for_each_entry(c, &s->se_conns, cn_persession) {
3051 		if (c->cn_xprt == xpt) {
3052 			return c;
3053 		}
3054 	}
3055 	return NULL;
3056 }
3057 
3058 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
3059 {
3060 	struct nfs4_client *clp = ses->se_client;
3061 	struct nfsd4_conn *c;
3062 	__be32 status = nfs_ok;
3063 	int ret;
3064 
3065 	spin_lock(&clp->cl_lock);
3066 	c = __nfsd4_find_conn(new->cn_xprt, ses);
3067 	if (c)
3068 		goto out_free;
3069 	status = nfserr_conn_not_bound_to_session;
3070 	if (clp->cl_mach_cred)
3071 		goto out_free;
3072 	__nfsd4_hash_conn(new, ses);
3073 	spin_unlock(&clp->cl_lock);
3074 	ret = nfsd4_register_conn(new);
3075 	if (ret)
3076 		/* oops; xprt is already down: */
3077 		nfsd4_conn_lost(&new->cn_xpt_user);
3078 	return nfs_ok;
3079 out_free:
3080 	spin_unlock(&clp->cl_lock);
3081 	free_conn(new);
3082 	return status;
3083 }
3084 
3085 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
3086 {
3087 	struct nfsd4_compoundargs *args = rqstp->rq_argp;
3088 
3089 	return args->opcnt > session->se_fchannel.maxops;
3090 }
3091 
3092 static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
3093 				  struct nfsd4_session *session)
3094 {
3095 	struct xdr_buf *xb = &rqstp->rq_arg;
3096 
3097 	return xb->len > session->se_fchannel.maxreq_sz;
3098 }
3099 
3100 static bool replay_matches_cache(struct svc_rqst *rqstp,
3101 		 struct nfsd4_sequence *seq, struct nfsd4_slot *slot)
3102 {
3103 	struct nfsd4_compoundargs *argp = rqstp->rq_argp;
3104 
3105 	if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) !=
3106 	    (bool)seq->cachethis)
3107 		return false;
3108 	/*
3109 	 * If there's an error than the reply can have fewer ops than
3110 	 * the call.  But if we cached a reply with *more* ops than the
3111 	 * call you're sending us now, then this new call is clearly not
3112 	 * really a replay of the old one:
3113 	 */
3114 	if (slot->sl_opcnt < argp->opcnt)
3115 		return false;
3116 	/* This is the only check explicitly called by spec: */
3117 	if (!same_creds(&rqstp->rq_cred, &slot->sl_cred))
3118 		return false;
3119 	/*
3120 	 * There may be more comparisons we could actually do, but the
3121 	 * spec doesn't require us to catch every case where the calls
3122 	 * don't match (that would require caching the call as well as
3123 	 * the reply), so we don't bother.
3124 	 */
3125 	return true;
3126 }
3127 
3128 __be32
3129 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3130 		union nfsd4_op_u *u)
3131 {
3132 	struct nfsd4_sequence *seq = &u->sequence;
3133 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
3134 	struct xdr_stream *xdr = &resp->xdr;
3135 	struct nfsd4_session *session;
3136 	struct nfs4_client *clp;
3137 	struct nfsd4_slot *slot;
3138 	struct nfsd4_conn *conn;
3139 	__be32 status;
3140 	int buflen;
3141 	struct net *net = SVC_NET(rqstp);
3142 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
3143 
3144 	if (resp->opcnt != 1)
3145 		return nfserr_sequence_pos;
3146 
3147 	/*
3148 	 * Will be either used or freed by nfsd4_sequence_check_conn
3149 	 * below.
3150 	 */
3151 	conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
3152 	if (!conn)
3153 		return nfserr_jukebox;
3154 
3155 	spin_lock(&nn->client_lock);
3156 	session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status);
3157 	if (!session)
3158 		goto out_no_session;
3159 	clp = session->se_client;
3160 
3161 	status = nfserr_too_many_ops;
3162 	if (nfsd4_session_too_many_ops(rqstp, session))
3163 		goto out_put_session;
3164 
3165 	status = nfserr_req_too_big;
3166 	if (nfsd4_request_too_big(rqstp, session))
3167 		goto out_put_session;
3168 
3169 	status = nfserr_badslot;
3170 	if (seq->slotid >= session->se_fchannel.maxreqs)
3171 		goto out_put_session;
3172 
3173 	slot = session->se_slots[seq->slotid];
3174 	dprintk("%s: slotid %d\n", __func__, seq->slotid);
3175 
3176 	/* We do not negotiate the number of slots yet, so set the
3177 	 * maxslots to the session maxreqs which is used to encode
3178 	 * sr_highest_slotid and the sr_target_slot id to maxslots */
3179 	seq->maxslots = session->se_fchannel.maxreqs;
3180 
3181 	status = check_slot_seqid(seq->seqid, slot->sl_seqid,
3182 					slot->sl_flags & NFSD4_SLOT_INUSE);
3183 	if (status == nfserr_replay_cache) {
3184 		status = nfserr_seq_misordered;
3185 		if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
3186 			goto out_put_session;
3187 		status = nfserr_seq_false_retry;
3188 		if (!replay_matches_cache(rqstp, seq, slot))
3189 			goto out_put_session;
3190 		cstate->slot = slot;
3191 		cstate->session = session;
3192 		cstate->clp = clp;
3193 		/* Return the cached reply status and set cstate->status
3194 		 * for nfsd4_proc_compound processing */
3195 		status = nfsd4_replay_cache_entry(resp, seq);
3196 		cstate->status = nfserr_replay_cache;
3197 		goto out;
3198 	}
3199 	if (status)
3200 		goto out_put_session;
3201 
3202 	status = nfsd4_sequence_check_conn(conn, session);
3203 	conn = NULL;
3204 	if (status)
3205 		goto out_put_session;
3206 
3207 	buflen = (seq->cachethis) ?
3208 			session->se_fchannel.maxresp_cached :
3209 			session->se_fchannel.maxresp_sz;
3210 	status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
3211 				    nfserr_rep_too_big;
3212 	if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
3213 		goto out_put_session;
3214 	svc_reserve(rqstp, buflen);
3215 
3216 	status = nfs_ok;
3217 	/* Success! bump slot seqid */
3218 	slot->sl_seqid = seq->seqid;
3219 	slot->sl_flags |= NFSD4_SLOT_INUSE;
3220 	if (seq->cachethis)
3221 		slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
3222 	else
3223 		slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;
3224 
3225 	cstate->slot = slot;
3226 	cstate->session = session;
3227 	cstate->clp = clp;
3228 
3229 out:
3230 	switch (clp->cl_cb_state) {
3231 	case NFSD4_CB_DOWN:
3232 		seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
3233 		break;
3234 	case NFSD4_CB_FAULT:
3235 		seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
3236 		break;
3237 	default:
3238 		seq->status_flags = 0;
3239 	}
3240 	if (!list_empty(&clp->cl_revoked))
3241 		seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED;
3242 out_no_session:
3243 	if (conn)
3244 		free_conn(conn);
3245 	spin_unlock(&nn->client_lock);
3246 	return status;
3247 out_put_session:
3248 	nfsd4_put_session_locked(session);
3249 	goto out_no_session;
3250 }
3251 
3252 void
3253 nfsd4_sequence_done(struct nfsd4_compoundres *resp)
3254 {
3255 	struct nfsd4_compound_state *cs = &resp->cstate;
3256 
3257 	if (nfsd4_has_session(cs)) {
3258 		if (cs->status != nfserr_replay_cache) {
3259 			nfsd4_store_cache_entry(resp);
3260 			cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
3261 		}
3262 		/* Drop session reference that was taken in nfsd4_sequence() */
3263 		nfsd4_put_session(cs->session);
3264 	} else if (cs->clp)
3265 		put_client_renew(cs->clp);
3266 }
3267 
3268 __be32
3269 nfsd4_destroy_clientid(struct svc_rqst *rqstp,
3270 		struct nfsd4_compound_state *cstate,
3271 		union nfsd4_op_u *u)
3272 {
3273 	struct nfsd4_destroy_clientid *dc = &u->destroy_clientid;
3274 	struct nfs4_client *conf, *unconf;
3275 	struct nfs4_client *clp = NULL;
3276 	__be32 status = 0;
3277 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3278 
3279 	spin_lock(&nn->client_lock);
3280 	unconf = find_unconfirmed_client(&dc->clientid, true, nn);
3281 	conf = find_confirmed_client(&dc->clientid, true, nn);
3282 	WARN_ON_ONCE(conf && unconf);
3283 
3284 	if (conf) {
3285 		if (client_has_state(conf)) {
3286 			status = nfserr_clientid_busy;
3287 			goto out;
3288 		}
3289 		status = mark_client_expired_locked(conf);
3290 		if (status)
3291 			goto out;
3292 		clp = conf;
3293 	} else if (unconf)
3294 		clp = unconf;
3295 	else {
3296 		status = nfserr_stale_clientid;
3297 		goto out;
3298 	}
3299 	if (!nfsd4_mach_creds_match(clp, rqstp)) {
3300 		clp = NULL;
3301 		status = nfserr_wrong_cred;
3302 		goto out;
3303 	}
3304 	unhash_client_locked(clp);
3305 out:
3306 	spin_unlock(&nn->client_lock);
3307 	if (clp)
3308 		expire_client(clp);
3309 	return status;
3310 }
3311 
3312 __be32
3313 nfsd4_reclaim_complete(struct svc_rqst *rqstp,
3314 		struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
3315 {
3316 	struct nfsd4_reclaim_complete *rc = &u->reclaim_complete;
3317 	__be32 status = 0;
3318 
3319 	if (rc->rca_one_fs) {
3320 		if (!cstate->current_fh.fh_dentry)
3321 			return nfserr_nofilehandle;
3322 		/*
3323 		 * We don't take advantage of the rca_one_fs case.
3324 		 * That's OK, it's optional, we can safely ignore it.
3325 		 */
3326 		return nfs_ok;
3327 	}
3328 
3329 	status = nfserr_complete_already;
3330 	if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
3331 			     &cstate->session->se_client->cl_flags))
3332 		goto out;
3333 
3334 	status = nfserr_stale_clientid;
3335 	if (is_client_expired(cstate->session->se_client))
3336 		/*
3337 		 * The following error isn't really legal.
3338 		 * But we only get here if the client just explicitly
3339 		 * destroyed the client.  Surely it no longer cares what
3340 		 * error it gets back on an operation for the dead
3341 		 * client.
3342 		 */
3343 		goto out;
3344 
3345 	status = nfs_ok;
3346 	nfsd4_client_record_create(cstate->session->se_client);
3347 out:
3348 	return status;
3349 }
3350 
3351 __be32
3352 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3353 		  union nfsd4_op_u *u)
3354 {
3355 	struct nfsd4_setclientid *setclid = &u->setclientid;
3356 	struct xdr_netobj 	clname = setclid->se_name;
3357 	nfs4_verifier		clverifier = setclid->se_verf;
3358 	struct nfs4_client	*conf, *new;
3359 	struct nfs4_client	*unconf = NULL;
3360 	__be32 			status;
3361 	struct nfsd_net		*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3362 
3363 	new = create_client(clname, rqstp, &clverifier);
3364 	if (new == NULL)
3365 		return nfserr_jukebox;
3366 	/* Cases below refer to rfc 3530 section 14.2.33: */
3367 	spin_lock(&nn->client_lock);
3368 	conf = find_confirmed_client_by_name(&clname, nn);
3369 	if (conf && client_has_state(conf)) {
3370 		/* case 0: */
3371 		status = nfserr_clid_inuse;
3372 		if (clp_used_exchangeid(conf))
3373 			goto out;
3374 		if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
3375 			char addr_str[INET6_ADDRSTRLEN];
3376 			rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
3377 				 sizeof(addr_str));
3378 			dprintk("NFSD: setclientid: string in use by client "
3379 				"at %s\n", addr_str);
3380 			goto out;
3381 		}
3382 	}
3383 	unconf = find_unconfirmed_client_by_name(&clname, nn);
3384 	if (unconf)
3385 		unhash_client_locked(unconf);
3386 	if (conf && same_verf(&conf->cl_verifier, &clverifier)) {
3387 		/* case 1: probable callback update */
3388 		copy_clid(new, conf);
3389 		gen_confirm(new, nn);
3390 	} else /* case 4 (new client) or cases 2, 3 (client reboot): */
3391 		gen_clid(new, nn);
3392 	new->cl_minorversion = 0;
3393 	gen_callback(new, setclid, rqstp);
3394 	add_to_unconfirmed(new);
3395 	setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
3396 	setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
3397 	memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
3398 	new = NULL;
3399 	status = nfs_ok;
3400 out:
3401 	spin_unlock(&nn->client_lock);
3402 	if (new)
3403 		free_client(new);
3404 	if (unconf)
3405 		expire_client(unconf);
3406 	return status;
3407 }
3408 
3409 
3410 __be32
3411 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
3412 			struct nfsd4_compound_state *cstate,
3413 			union nfsd4_op_u *u)
3414 {
3415 	struct nfsd4_setclientid_confirm *setclientid_confirm =
3416 			&u->setclientid_confirm;
3417 	struct nfs4_client *conf, *unconf;
3418 	struct nfs4_client *old = NULL;
3419 	nfs4_verifier confirm = setclientid_confirm->sc_confirm;
3420 	clientid_t * clid = &setclientid_confirm->sc_clientid;
3421 	__be32 status;
3422 	struct nfsd_net	*nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3423 
3424 	if (STALE_CLIENTID(clid, nn))
3425 		return nfserr_stale_clientid;
3426 
3427 	spin_lock(&nn->client_lock);
3428 	conf = find_confirmed_client(clid, false, nn);
3429 	unconf = find_unconfirmed_client(clid, false, nn);
3430 	/*
3431 	 * We try hard to give out unique clientid's, so if we get an
3432 	 * attempt to confirm the same clientid with a different cred,
3433 	 * the client may be buggy; this should never happen.
3434 	 *
3435 	 * Nevertheless, RFC 7530 recommends INUSE for this case:
3436 	 */
3437 	status = nfserr_clid_inuse;
3438 	if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred))
3439 		goto out;
3440 	if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred))
3441 		goto out;
3442 	/* cases below refer to rfc 3530 section 14.2.34: */
3443 	if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
3444 		if (conf && same_verf(&confirm, &conf->cl_confirm)) {
3445 			/* case 2: probable retransmit */
3446 			status = nfs_ok;
3447 		} else /* case 4: client hasn't noticed we rebooted yet? */
3448 			status = nfserr_stale_clientid;
3449 		goto out;
3450 	}
3451 	status = nfs_ok;
3452 	if (conf) { /* case 1: callback update */
3453 		old = unconf;
3454 		unhash_client_locked(old);
3455 		nfsd4_change_callback(conf, &unconf->cl_cb_conn);
3456 	} else { /* case 3: normal case; new or rebooted client */
3457 		old = find_confirmed_client_by_name(&unconf->cl_name, nn);
3458 		if (old) {
3459 			status = nfserr_clid_inuse;
3460 			if (client_has_state(old)
3461 					&& !same_creds(&unconf->cl_cred,
3462 							&old->cl_cred))
3463 				goto out;
3464 			status = mark_client_expired_locked(old);
3465 			if (status) {
3466 				old = NULL;
3467 				goto out;
3468 			}
3469 		}
3470 		move_to_confirmed(unconf);
3471 		conf = unconf;
3472 	}
3473 	get_client_locked(conf);
3474 	spin_unlock(&nn->client_lock);
3475 	nfsd4_probe_callback(conf);
3476 	spin_lock(&nn->client_lock);
3477 	put_client_renew_locked(conf);
3478 out:
3479 	spin_unlock(&nn->client_lock);
3480 	if (old)
3481 		expire_client(old);
3482 	return status;
3483 }
3484 
3485 static struct nfs4_file *nfsd4_alloc_file(void)
3486 {
3487 	return kmem_cache_alloc(file_slab, GFP_KERNEL);
3488 }
3489 
3490 /* OPEN Share state helper functions */
3491 static void nfsd4_init_file(struct knfsd_fh *fh, unsigned int hashval,
3492 				struct nfs4_file *fp)
3493 {
3494 	lockdep_assert_held(&state_lock);
3495 
3496 	refcount_set(&fp->fi_ref, 1);
3497 	spin_lock_init(&fp->fi_lock);
3498 	INIT_LIST_HEAD(&fp->fi_stateids);
3499 	INIT_LIST_HEAD(&fp->fi_delegations);
3500 	INIT_LIST_HEAD(&fp->fi_clnt_odstate);
3501 	fh_copy_shallow(&fp->fi_fhandle, fh);
3502 	fp->fi_deleg_file = NULL;
3503 	fp->fi_had_conflict = false;
3504 	fp->fi_share_deny = 0;
3505 	memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
3506 	memset(fp->fi_access, 0, sizeof(fp->fi_access));
3507 #ifdef CONFIG_NFSD_PNFS
3508 	INIT_LIST_HEAD(&fp->fi_lo_states);
3509 	atomic_set(&fp->fi_lo_recalls, 0);
3510 #endif
3511 	hlist_add_head_rcu(&fp->fi_hash, &file_hashtbl[hashval]);
3512 }
3513 
3514 void
3515 nfsd4_free_slabs(void)
3516 {
3517 	kmem_cache_destroy(client_slab);
3518 	kmem_cache_destroy(openowner_slab);
3519 	kmem_cache_destroy(lockowner_slab);
3520 	kmem_cache_destroy(file_slab);
3521 	kmem_cache_destroy(stateid_slab);
3522 	kmem_cache_destroy(deleg_slab);
3523 	kmem_cache_destroy(odstate_slab);
3524 }
3525 
3526 int
3527 nfsd4_init_slabs(void)
3528 {
3529 	client_slab = kmem_cache_create("nfsd4_clients",
3530 			sizeof(struct nfs4_client), 0, 0, NULL);
3531 	if (client_slab == NULL)
3532 		goto out;
3533 	openowner_slab = kmem_cache_create("nfsd4_openowners",
3534 			sizeof(struct nfs4_openowner), 0, 0, NULL);
3535 	if (openowner_slab == NULL)
3536 		goto out_free_client_slab;
3537 	lockowner_slab = kmem_cache_create("nfsd4_lockowners",
3538 			sizeof(struct nfs4_lockowner), 0, 0, NULL);
3539 	if (lockowner_slab == NULL)
3540 		goto out_free_openowner_slab;
3541 	file_slab = kmem_cache_create("nfsd4_files",
3542 			sizeof(struct nfs4_file), 0, 0, NULL);
3543 	if (file_slab == NULL)
3544 		goto out_free_lockowner_slab;
3545 	stateid_slab = kmem_cache_create("nfsd4_stateids",
3546 			sizeof(struct nfs4_ol_stateid), 0, 0, NULL);
3547 	if (stateid_slab == NULL)
3548 		goto out_free_file_slab;
3549 	deleg_slab = kmem_cache_create("nfsd4_delegations",
3550 			sizeof(struct nfs4_delegation), 0, 0, NULL);
3551 	if (deleg_slab == NULL)
3552 		goto out_free_stateid_slab;
3553 	odstate_slab = kmem_cache_create("nfsd4_odstate",
3554 			sizeof(struct nfs4_clnt_odstate), 0, 0, NULL);
3555 	if (odstate_slab == NULL)
3556 		goto out_free_deleg_slab;
3557 	return 0;
3558 
3559 out_free_deleg_slab:
3560 	kmem_cache_destroy(deleg_slab);
3561 out_free_stateid_slab:
3562 	kmem_cache_destroy(stateid_slab);
3563 out_free_file_slab:
3564 	kmem_cache_destroy(file_slab);
3565 out_free_lockowner_slab:
3566 	kmem_cache_destroy(lockowner_slab);
3567 out_free_openowner_slab:
3568 	kmem_cache_destroy(openowner_slab);
3569 out_free_client_slab:
3570 	kmem_cache_destroy(client_slab);
3571 out:
3572 	dprintk("nfsd4: out of memory while initializing nfsv4\n");
3573 	return -ENOMEM;
3574 }
3575 
3576 static void init_nfs4_replay(struct nfs4_replay *rp)
3577 {
3578 	rp->rp_status = nfserr_serverfault;
3579 	rp->rp_buflen = 0;
3580 	rp->rp_buf = rp->rp_ibuf;
3581 	mutex_init(&rp->rp_mutex);
3582 }
3583 
3584 static void nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate,
3585 		struct nfs4_stateowner *so)
3586 {
3587 	if (!nfsd4_has_session(cstate)) {
3588 		mutex_lock(&so->so_replay.rp_mutex);
3589 		cstate->replay_owner = nfs4_get_stateowner(so);
3590 	}
3591 }
3592 
3593 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate)
3594 {
3595 	struct nfs4_stateowner *so = cstate->replay_owner;
3596 
3597 	if (so != NULL) {
3598 		cstate->replay_owner = NULL;
3599 		mutex_unlock(&so->so_replay.rp_mutex);
3600 		nfs4_put_stateowner(so);
3601 	}
3602 }
3603 
3604 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
3605 {
3606 	struct nfs4_stateowner *sop;
3607 
3608 	sop = kmem_cache_alloc(slab, GFP_KERNEL);
3609 	if (!sop)
3610 		return NULL;
3611 
3612 	sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL);
3613 	if (!sop->so_owner.data) {
3614 		kmem_cache_free(slab, sop);
3615 		return NULL;
3616 	}
3617 	sop->so_owner.len = owner->len;
3618 
3619 	INIT_LIST_HEAD(&sop->so_stateids);
3620 	sop->so_client = clp;
3621 	init_nfs4_replay(&sop->so_replay);
3622 	atomic_set(&sop->so_count, 1);
3623 	return sop;
3624 }
3625 
3626 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
3627 {
3628 	lockdep_assert_held(&clp->cl_lock);
3629 
3630 	list_add(&oo->oo_owner.so_strhash,
3631 		 &clp->cl_ownerstr_hashtbl[strhashval]);
3632 	list_add(&oo->oo_perclient, &clp->cl_openowners);
3633 }
3634 
3635 static void nfs4_unhash_openowner(struct nfs4_stateowner *so)
3636 {
3637 	unhash_openowner_locked(openowner(so));
3638 }
3639 
3640 static void nfs4_free_openowner(struct nfs4_stateowner *so)
3641 {
3642 	struct nfs4_openowner *oo = openowner(so);
3643 
3644 	kmem_cache_free(openowner_slab, oo);
3645 }
3646 
3647 static const struct nfs4_stateowner_operations openowner_ops = {
3648 	.so_unhash =	nfs4_unhash_openowner,
3649 	.so_free =	nfs4_free_openowner,
3650 };
3651 
3652 static struct nfs4_ol_stateid *
3653 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
3654 {
3655 	struct nfs4_ol_stateid *local, *ret = NULL;
3656 	struct nfs4_openowner *oo = open->op_openowner;
3657 
3658 	lockdep_assert_held(&fp->fi_lock);
3659 
3660 	list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
3661 		/* ignore lock owners */
3662 		if (local->st_stateowner->so_is_open_owner == 0)
3663 			continue;
3664 		if (local->st_stateowner != &oo->oo_owner)
3665 			continue;
3666 		if (local->st_stid.sc_type == NFS4_OPEN_STID) {
3667 			ret = local;
3668 			refcount_inc(&ret->st_stid.sc_count);
3669 			break;
3670 		}
3671 	}
3672 	return ret;
3673 }
3674 
3675 static __be32
3676 nfsd4_verify_open_stid(struct nfs4_stid *s)
3677 {
3678 	__be32 ret = nfs_ok;
3679 
3680 	switch (s->sc_type) {
3681 	default:
3682 		break;
3683 	case 0:
3684 	case NFS4_CLOSED_STID:
3685 	case NFS4_CLOSED_DELEG_STID:
3686 		ret = nfserr_bad_stateid;
3687 		break;
3688 	case NFS4_REVOKED_DELEG_STID:
3689 		ret = nfserr_deleg_revoked;
3690 	}
3691 	return ret;
3692 }
3693 
3694 /* Lock the stateid st_mutex, and deal with races with CLOSE */
3695 static __be32
3696 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp)
3697 {
3698 	__be32 ret;
3699 
3700 	mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX);
3701 	ret = nfsd4_verify_open_stid(&stp->st_stid);
3702 	if (ret != nfs_ok)
3703 		mutex_unlock(&stp->st_mutex);
3704 	return ret;
3705 }
3706 
3707 static struct nfs4_ol_stateid *
3708 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
3709 {
3710 	struct nfs4_ol_stateid *stp;
3711 	for (;;) {
3712 		spin_lock(&fp->fi_lock);
3713 		stp = nfsd4_find_existing_open(fp, open);
3714 		spin_unlock(&fp->fi_lock);
3715 		if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok)
3716 			break;
3717 		nfs4_put_stid(&stp->st_stid);
3718 	}
3719 	return stp;
3720 }
3721 
3722 static struct nfs4_openowner *
3723 alloc_init_open_stateowner(unsigned int strhashval, struct nfsd4_open *open,
3724 			   struct nfsd4_compound_state *cstate)
3725 {
3726 	struct nfs4_client *clp = cstate->clp;
3727 	struct nfs4_openowner *oo, *ret;
3728 
3729 	oo = alloc_stateowner(openowner_slab, &open->op_owner, clp);
3730 	if (!oo)
3731 		return NULL;
3732 	oo->oo_owner.so_ops = &openowner_ops;
3733 	oo->oo_owner.so_is_open_owner = 1;
3734 	oo->oo_owner.so_seqid = open->op_seqid;
3735 	oo->oo_flags = 0;
3736 	if (nfsd4_has_session(cstate))
3737 		oo->oo_flags |= NFS4_OO_CONFIRMED;
3738 	oo->oo_time = 0;
3739 	oo->oo_last_closed_stid = NULL;
3740 	INIT_LIST_HEAD(&oo->oo_close_lru);
3741 	spin_lock(&clp->cl_lock);
3742 	ret = find_openstateowner_str_locked(strhashval, open, clp);
3743 	if (ret == NULL) {
3744 		hash_openowner(oo, clp, strhashval);
3745 		ret = oo;
3746 	} else
3747 		nfs4_free_stateowner(&oo->oo_owner);
3748 
3749 	spin_unlock(&clp->cl_lock);
3750 	return ret;
3751 }
3752 
3753 static struct nfs4_ol_stateid *
3754 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open)
3755 {
3756 
3757 	struct nfs4_openowner *oo = open->op_openowner;
3758 	struct nfs4_ol_stateid *retstp = NULL;
3759 	struct nfs4_ol_stateid *stp;
3760 
3761 	stp = open->op_stp;
3762 	/* We are moving these outside of the spinlocks to avoid the warnings */
3763 	mutex_init(&stp->st_mutex);
3764 	mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX);
3765 
3766 retry:
3767 	spin_lock(&oo->oo_owner.so_client->cl_lock);
3768 	spin_lock(&fp->fi_lock);
3769 
3770 	retstp = nfsd4_find_existing_open(fp, open);
3771 	if (retstp)
3772 		goto out_unlock;
3773 
3774 	open->op_stp = NULL;
3775 	refcount_inc(&stp->st_stid.sc_count);
3776 	stp->st_stid.sc_type = NFS4_OPEN_STID;
3777 	INIT_LIST_HEAD(&stp->st_locks);
3778 	stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner);
3779 	get_nfs4_file(fp);
3780 	stp->st_stid.sc_file = fp;
3781 	stp->st_access_bmap = 0;
3782 	stp->st_deny_bmap = 0;
3783 	stp->st_openstp = NULL;
3784 	list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
3785 	list_add(&stp->st_perfile, &fp->fi_stateids);
3786 
3787 out_unlock:
3788 	spin_unlock(&fp->fi_lock);
3789 	spin_unlock(&oo->oo_owner.so_client->cl_lock);
3790 	if (retstp) {
3791 		/* Handle races with CLOSE */
3792 		if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) {
3793 			nfs4_put_stid(&retstp->st_stid);
3794 			goto retry;
3795 		}
3796 		/* To keep mutex tracking happy */
3797 		mutex_unlock(&stp->st_mutex);
3798 		stp = retstp;
3799 	}
3800 	return stp;
3801 }
3802 
3803 /*
3804  * In the 4.0 case we need to keep the owners around a little while to handle
3805  * CLOSE replay. We still do need to release any file access that is held by
3806  * them before returning however.
3807  */
3808 static void
3809 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net)
3810 {
3811 	struct nfs4_ol_stateid *last;
3812 	struct nfs4_openowner *oo = openowner(s->st_stateowner);
3813 	struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net,
3814 						nfsd_net_id);
3815 
3816 	dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);
3817 
3818 	/*
3819 	 * We know that we hold one reference via nfsd4_close, and another
3820 	 * "persistent" reference for the client. If the refcount is higher
3821 	 * than 2, then there are still calls in progress that are using this
3822 	 * stateid. We can't put the sc_file reference until they are finished.
3823 	 * Wait for the refcount to drop to 2. Since it has been unhashed,
3824 	 * there should be no danger of the refcount going back up again at
3825 	 * this point.
3826 	 */
3827 	wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2);
3828 
3829 	release_all_access(s);
3830 	if (s->st_stid.sc_file) {
3831 		put_nfs4_file(s->st_stid.sc_file);
3832 		s->st_stid.sc_file = NULL;
3833 	}
3834 
3835 	spin_lock(&nn->client_lock);
3836 	last = oo->oo_last_closed_stid;
3837 	oo->oo_last_closed_stid = s;
3838 	list_move_tail(&oo->oo_close_lru, &nn->close_lru);
3839 	oo->oo_time = get_seconds();
3840 	spin_unlock(&nn->client_lock);
3841 	if (last)
3842 		nfs4_put_stid(&last->st_stid);
3843 }
3844 
3845 /* search file_hashtbl[] for file */
3846 static struct nfs4_file *
3847 find_file_locked(struct knfsd_fh *fh, unsigned int hashval)
3848 {
3849 	struct nfs4_file *fp;
3850 
3851 	hlist_for_each_entry_rcu(fp, &file_hashtbl[hashval], fi_hash) {
3852 		if (fh_match(&fp->fi_fhandle, fh)) {
3853 			if (refcount_inc_not_zero(&fp->fi_ref))
3854 				return fp;
3855 		}
3856 	}
3857 	return NULL;
3858 }
3859 
3860 struct nfs4_file *
3861 find_file(struct knfsd_fh *fh)
3862 {
3863 	struct nfs4_file *fp;
3864 	unsigned int hashval = file_hashval(fh);
3865 
3866 	rcu_read_lock();
3867 	fp = find_file_locked(fh, hashval);
3868 	rcu_read_unlock();
3869 	return fp;
3870 }
3871 
3872 static struct nfs4_file *
3873 find_or_add_file(struct nfs4_file *new, struct knfsd_fh *fh)
3874 {
3875 	struct nfs4_file *fp;
3876 	unsigned int hashval = file_hashval(fh);
3877 
3878 	rcu_read_lock();
3879 	fp = find_file_locked(fh, hashval);
3880 	rcu_read_unlock();
3881 	if (fp)
3882 		return fp;
3883 
3884 	spin_lock(&state_lock);
3885 	fp = find_file_locked(fh, hashval);
3886 	if (likely(fp == NULL)) {
3887 		nfsd4_init_file(fh, hashval, new);
3888 		fp = new;
3889 	}
3890 	spin_unlock(&state_lock);
3891 
3892 	return fp;
3893 }
3894 
3895 /*
3896  * Called to check deny when READ with all zero stateid or
3897  * WRITE with all zero or all one stateid
3898  */
3899 static __be32
3900 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
3901 {
3902 	struct nfs4_file *fp;
3903 	__be32 ret = nfs_ok;
3904 
3905 	fp = find_file(&current_fh->fh_handle);
3906 	if (!fp)
3907 		return ret;
3908 	/* Check for conflicting share reservations */
3909 	spin_lock(&fp->fi_lock);
3910 	if (fp->fi_share_deny & deny_type)
3911 		ret = nfserr_locked;
3912 	spin_unlock(&fp->fi_lock);
3913 	put_nfs4_file(fp);
3914 	return ret;
3915 }
3916 
3917 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb)
3918 {
3919 	struct nfs4_delegation *dp = cb_to_delegation(cb);
3920 	struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net,
3921 					  nfsd_net_id);
3922 
3923 	block_delegations(&dp->dl_stid.sc_file->fi_fhandle);
3924 
3925 	/*
3926 	 * We can't do this in nfsd_break_deleg_cb because it is
3927 	 * already holding inode->i_lock.
3928 	 *
3929 	 * If the dl_time != 0, then we know that it has already been
3930 	 * queued for a lease break. Don't queue it again.
3931 	 */
3932 	spin_lock(&state_lock);
3933 	if (dp->dl_time == 0) {
3934 		dp->dl_time = get_seconds();
3935 		list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru);
3936 	}
3937 	spin_unlock(&state_lock);
3938 }
3939 
3940 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb,
3941 		struct rpc_task *task)
3942 {
3943 	struct nfs4_delegation *dp = cb_to_delegation(cb);
3944 
3945 	if (dp->dl_stid.sc_type == NFS4_CLOSED_DELEG_STID)
3946 	        return 1;
3947 
3948 	switch (task->tk_status) {
3949 	case 0:
3950 		return 1;
3951 	case -EBADHANDLE:
3952 	case -NFS4ERR_BAD_STATEID:
3953 		/*
3954 		 * Race: client probably got cb_recall before open reply
3955 		 * granting delegation.
3956 		 */
3957 		if (dp->dl_retries--) {
3958 			rpc_delay(task, 2 * HZ);
3959 			return 0;
3960 		}
3961 		/*FALLTHRU*/
3962 	default:
3963 		return -1;
3964 	}
3965 }
3966 
3967 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb)
3968 {
3969 	struct nfs4_delegation *dp = cb_to_delegation(cb);
3970 
3971 	nfs4_put_stid(&dp->dl_stid);
3972 }
3973 
3974 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = {
3975 	.prepare	= nfsd4_cb_recall_prepare,
3976 	.done		= nfsd4_cb_recall_done,
3977 	.release	= nfsd4_cb_recall_release,
3978 };
3979 
3980 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
3981 {
3982 	/*
3983 	 * We're assuming the state code never drops its reference
3984 	 * without first removing the lease.  Since we're in this lease
3985 	 * callback (and since the lease code is serialized by the
3986 	 * i_lock) we know the server hasn't removed the lease yet, and
3987 	 * we know it's safe to take a reference.
3988 	 */
3989 	refcount_inc(&dp->dl_stid.sc_count);
3990 	nfsd4_run_cb(&dp->dl_recall);
3991 }
3992 
3993 /* Called from break_lease() with i_lock held. */
3994 static bool
3995 nfsd_break_deleg_cb(struct file_lock *fl)
3996 {
3997 	bool ret = false;
3998 	struct nfs4_delegation *dp = (struct nfs4_delegation *)fl->fl_owner;
3999 	struct nfs4_file *fp = dp->dl_stid.sc_file;
4000 
4001 	/*
4002 	 * We don't want the locks code to timeout the lease for us;
4003 	 * we'll remove it ourself if a delegation isn't returned
4004 	 * in time:
4005 	 */
4006 	fl->fl_break_time = 0;
4007 
4008 	spin_lock(&fp->fi_lock);
4009 	fp->fi_had_conflict = true;
4010 	nfsd_break_one_deleg(dp);
4011 	spin_unlock(&fp->fi_lock);
4012 	return ret;
4013 }
4014 
4015 static int
4016 nfsd_change_deleg_cb(struct file_lock *onlist, int arg,
4017 		     struct list_head *dispose)
4018 {
4019 	if (arg & F_UNLCK)
4020 		return lease_modify(onlist, arg, dispose);
4021 	else
4022 		return -EAGAIN;
4023 }
4024 
4025 static const struct lock_manager_operations nfsd_lease_mng_ops = {
4026 	.lm_break = nfsd_break_deleg_cb,
4027 	.lm_change = nfsd_change_deleg_cb,
4028 };
4029 
4030 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
4031 {
4032 	if (nfsd4_has_session(cstate))
4033 		return nfs_ok;
4034 	if (seqid == so->so_seqid - 1)
4035 		return nfserr_replay_me;
4036 	if (seqid == so->so_seqid)
4037 		return nfs_ok;
4038 	return nfserr_bad_seqid;
4039 }
4040 
4041 static __be32 lookup_clientid(clientid_t *clid,
4042 		struct nfsd4_compound_state *cstate,
4043 		struct nfsd_net *nn)
4044 {
4045 	struct nfs4_client *found;
4046 
4047 	if (cstate->clp) {
4048 		found = cstate->clp;
4049 		if (!same_clid(&found->cl_clientid, clid))
4050 			return nfserr_stale_clientid;
4051 		return nfs_ok;
4052 	}
4053 
4054 	if (STALE_CLIENTID(clid, nn))
4055 		return nfserr_stale_clientid;
4056 
4057 	/*
4058 	 * For v4.1+ we get the client in the SEQUENCE op. If we don't have one
4059 	 * cached already then we know this is for is for v4.0 and "sessions"
4060 	 * will be false.
4061 	 */
4062 	WARN_ON_ONCE(cstate->session);
4063 	spin_lock(&nn->client_lock);
4064 	found = find_confirmed_client(clid, false, nn);
4065 	if (!found) {
4066 		spin_unlock(&nn->client_lock);
4067 		return nfserr_expired;
4068 	}
4069 	atomic_inc(&found->cl_refcount);
4070 	spin_unlock(&nn->client_lock);
4071 
4072 	/* Cache the nfs4_client in cstate! */
4073 	cstate->clp = found;
4074 	return nfs_ok;
4075 }
4076 
4077 __be32
4078 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
4079 		    struct nfsd4_open *open, struct nfsd_net *nn)
4080 {
4081 	clientid_t *clientid = &open->op_clientid;
4082 	struct nfs4_client *clp = NULL;
4083 	unsigned int strhashval;
4084 	struct nfs4_openowner *oo = NULL;
4085 	__be32 status;
4086 
4087 	if (STALE_CLIENTID(&open->op_clientid, nn))
4088 		return nfserr_stale_clientid;
4089 	/*
4090 	 * In case we need it later, after we've already created the
4091 	 * file and don't want to risk a further failure:
4092 	 */
4093 	open->op_file = nfsd4_alloc_file();
4094 	if (open->op_file == NULL)
4095 		return nfserr_jukebox;
4096 
4097 	status = lookup_clientid(clientid, cstate, nn);
4098 	if (status)
4099 		return status;
4100 	clp = cstate->clp;
4101 
4102 	strhashval = ownerstr_hashval(&open->op_owner);
4103 	oo = find_openstateowner_str(strhashval, open, clp);
4104 	open->op_openowner = oo;
4105 	if (!oo) {
4106 		goto new_owner;
4107 	}
4108 	if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
4109 		/* Replace unconfirmed owners without checking for replay. */
4110 		release_openowner(oo);
4111 		open->op_openowner = NULL;
4112 		goto new_owner;
4113 	}
4114 	status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
4115 	if (status)
4116 		return status;
4117 	goto alloc_stateid;
4118 new_owner:
4119 	oo = alloc_init_open_stateowner(strhashval, open, cstate);
4120 	if (oo == NULL)
4121 		return nfserr_jukebox;
4122 	open->op_openowner = oo;
4123 alloc_stateid:
4124 	open->op_stp = nfs4_alloc_open_stateid(clp);
4125 	if (!open->op_stp)
4126 		return nfserr_jukebox;
4127 
4128 	if (nfsd4_has_session(cstate) &&
4129 	    (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) {
4130 		open->op_odstate = alloc_clnt_odstate(clp);
4131 		if (!open->op_odstate)
4132 			return nfserr_jukebox;
4133 	}
4134 
4135 	return nfs_ok;
4136 }
4137 
4138 static inline __be32
4139 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
4140 {
4141 	if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
4142 		return nfserr_openmode;
4143 	else
4144 		return nfs_ok;
4145 }
4146 
4147 static int share_access_to_flags(u32 share_access)
4148 {
4149 	return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
4150 }
4151 
4152 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s)
4153 {
4154 	struct nfs4_stid *ret;
4155 
4156 	ret = find_stateid_by_type(cl, s,
4157 				NFS4_DELEG_STID|NFS4_REVOKED_DELEG_STID);
4158 	if (!ret)
4159 		return NULL;
4160 	return delegstateid(ret);
4161 }
4162 
4163 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
4164 {
4165 	return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
4166 	       open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
4167 }
4168 
4169 static __be32
4170 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open,
4171 		struct nfs4_delegation **dp)
4172 {
4173 	int flags;
4174 	__be32 status = nfserr_bad_stateid;
4175 	struct nfs4_delegation *deleg;
4176 
4177 	deleg = find_deleg_stateid(cl, &open->op_delegate_stateid);
4178 	if (deleg == NULL)
4179 		goto out;
4180 	if (deleg->dl_stid.sc_type == NFS4_REVOKED_DELEG_STID) {
4181 		nfs4_put_stid(&deleg->dl_stid);
4182 		if (cl->cl_minorversion)
4183 			status = nfserr_deleg_revoked;
4184 		goto out;
4185 	}
4186 	flags = share_access_to_flags(open->op_share_access);
4187 	status = nfs4_check_delegmode(deleg, flags);
4188 	if (status) {
4189 		nfs4_put_stid(&deleg->dl_stid);
4190 		goto out;
4191 	}
4192 	*dp = deleg;
4193 out:
4194 	if (!nfsd4_is_deleg_cur(open))
4195 		return nfs_ok;
4196 	if (status)
4197 		return status;
4198 	open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
4199 	return nfs_ok;
4200 }
4201 
4202 static inline int nfs4_access_to_access(u32 nfs4_access)
4203 {
4204 	int flags = 0;
4205 
4206 	if (nfs4_access & NFS4_SHARE_ACCESS_READ)
4207 		flags |= NFSD_MAY_READ;
4208 	if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
4209 		flags |= NFSD_MAY_WRITE;
4210 	return flags;
4211 }
4212 
4213 static inline __be32
4214 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
4215 		struct nfsd4_open *open)
4216 {
4217 	struct iattr iattr = {
4218 		.ia_valid = ATTR_SIZE,
4219 		.ia_size = 0,
4220 	};
4221 	if (!open->op_truncate)
4222 		return 0;
4223 	if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
4224 		return nfserr_inval;
4225 	return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
4226 }
4227 
4228 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
4229 		struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp,
4230 		struct nfsd4_open *open)
4231 {
4232 	struct file *filp = NULL;
4233 	__be32 status;
4234 	int oflag = nfs4_access_to_omode(open->op_share_access);
4235 	int access = nfs4_access_to_access(open->op_share_access);
4236 	unsigned char old_access_bmap, old_deny_bmap;
4237 
4238 	spin_lock(&fp->fi_lock);
4239 
4240 	/*
4241 	 * Are we trying to set a deny mode that would conflict with
4242 	 * current access?
4243 	 */
4244 	status = nfs4_file_check_deny(fp, open->op_share_deny);
4245 	if (status != nfs_ok) {
4246 		spin_unlock(&fp->fi_lock);
4247 		goto out;
4248 	}
4249 
4250 	/* set access to the file */
4251 	status = nfs4_file_get_access(fp, open->op_share_access);
4252 	if (status != nfs_ok) {
4253 		spin_unlock(&fp->fi_lock);
4254 		goto out;
4255 	}
4256 
4257 	/* Set access bits in stateid */
4258 	old_access_bmap = stp->st_access_bmap;
4259 	set_access(open->op_share_access, stp);
4260 
4261 	/* Set new deny mask */
4262 	old_deny_bmap = stp->st_deny_bmap;
4263 	set_deny(open->op_share_deny, stp);
4264 	fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH);
4265 
4266 	if (!fp->fi_fds[oflag]) {
4267 		spin_unlock(&fp->fi_lock);
4268 		status = nfsd_open(rqstp, cur_fh, S_IFREG, access, &filp);
4269 		if (status)
4270 			goto out_put_access;
4271 		spin_lock(&fp->fi_lock);
4272 		if (!fp->fi_fds[oflag]) {
4273 			fp->fi_fds[oflag] = filp;
4274 			filp = NULL;
4275 		}
4276 	}
4277 	spin_unlock(&fp->fi_lock);
4278 	if (filp)
4279 		fput(filp);
4280 
4281 	status = nfsd4_truncate(rqstp, cur_fh, open);
4282 	if (status)
4283 		goto out_put_access;
4284 out:
4285 	return status;
4286 out_put_access:
4287 	stp->st_access_bmap = old_access_bmap;
4288 	nfs4_file_put_access(fp, open->op_share_access);
4289 	reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp);
4290 	goto out;
4291 }
4292 
4293 static __be32
4294 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
4295 {
4296 	__be32 status;
4297 	unsigned char old_deny_bmap = stp->st_deny_bmap;
4298 
4299 	if (!test_access(open->op_share_access, stp))
4300 		return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open);
4301 
4302 	/* test and set deny mode */
4303 	spin_lock(&fp->fi_lock);
4304 	status = nfs4_file_check_deny(fp, open->op_share_deny);
4305 	if (status == nfs_ok) {
4306 		set_deny(open->op_share_deny, stp);
4307 		fp->fi_share_deny |=
4308 				(open->op_share_deny & NFS4_SHARE_DENY_BOTH);
4309 	}
4310 	spin_unlock(&fp->fi_lock);
4311 
4312 	if (status != nfs_ok)
4313 		return status;
4314 
4315 	status = nfsd4_truncate(rqstp, cur_fh, open);
4316 	if (status != nfs_ok)
4317 		reset_union_bmap_deny(old_deny_bmap, stp);
4318 	return status;
4319 }
4320 
4321 /* Should we give out recallable state?: */
4322 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
4323 {
4324 	if (clp->cl_cb_state == NFSD4_CB_UP)
4325 		return true;
4326 	/*
4327 	 * In the sessions case, since we don't have to establish a
4328 	 * separate connection for callbacks, we assume it's OK
4329 	 * until we hear otherwise:
4330 	 */
4331 	return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
4332 }
4333 
4334 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_delegation *dp,
4335 						int flag)
4336 {
4337 	struct file_lock *fl;
4338 
4339 	fl = locks_alloc_lock();
4340 	if (!fl)
4341 		return NULL;
4342 	fl->fl_lmops = &nfsd_lease_mng_ops;
4343 	fl->fl_flags = FL_DELEG;
4344 	fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
4345 	fl->fl_end = OFFSET_MAX;
4346 	fl->fl_owner = (fl_owner_t)dp;
4347 	fl->fl_pid = current->tgid;
4348 	fl->fl_file = dp->dl_stid.sc_file->fi_deleg_file;
4349 	return fl;
4350 }
4351 
4352 static struct nfs4_delegation *
4353 nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh,
4354 		    struct nfs4_file *fp, struct nfs4_clnt_odstate *odstate)
4355 {
4356 	int status = 0;
4357 	struct nfs4_delegation *dp;
4358 	struct file *filp;
4359 	struct file_lock *fl;
4360 
4361 	/*
4362 	 * The fi_had_conflict and nfs_get_existing_delegation checks
4363 	 * here are just optimizations; we'll need to recheck them at
4364 	 * the end:
4365 	 */
4366 	if (fp->fi_had_conflict)
4367 		return ERR_PTR(-EAGAIN);
4368 
4369 	filp = find_readable_file(fp);
4370 	if (!filp) {
4371 		/* We should always have a readable file here */
4372 		WARN_ON_ONCE(1);
4373 		return ERR_PTR(-EBADF);
4374 	}
4375 	spin_lock(&state_lock);
4376 	spin_lock(&fp->fi_lock);
4377 	if (nfs4_delegation_exists(clp, fp))
4378 		status = -EAGAIN;
4379 	else if (!fp->fi_deleg_file) {
4380 		fp->fi_deleg_file = filp;
4381 		/* increment early to prevent fi_deleg_file from being
4382 		 * cleared */
4383 		fp->fi_delegees = 1;
4384 		filp = NULL;
4385 	} else
4386 		fp->fi_delegees++;
4387 	spin_unlock(&fp->fi_lock);
4388 	spin_unlock(&state_lock);
4389 	if (filp)
4390 		fput(filp);
4391 	if (status)
4392 		return ERR_PTR(status);
4393 
4394 	status = -ENOMEM;
4395 	dp = alloc_init_deleg(clp, fp, fh, odstate);
4396 	if (!dp)
4397 		goto out_delegees;
4398 
4399 	fl = nfs4_alloc_init_lease(dp, NFS4_OPEN_DELEGATE_READ);
4400 	if (!fl)
4401 		goto out_clnt_odstate;
4402 
4403 	status = vfs_setlease(fp->fi_deleg_file, fl->fl_type, &fl, NULL);
4404 	if (fl)
4405 		locks_free_lock(fl);
4406 	if (status)
4407 		goto out_clnt_odstate;
4408 
4409 	spin_lock(&state_lock);
4410 	spin_lock(&fp->fi_lock);
4411 	if (fp->fi_had_conflict)
4412 		status = -EAGAIN;
4413 	else
4414 		status = hash_delegation_locked(dp, fp);
4415 	spin_unlock(&fp->fi_lock);
4416 	spin_unlock(&state_lock);
4417 
4418 	if (status)
4419 		goto out_unlock;
4420 
4421 	return dp;
4422 out_unlock:
4423 	vfs_setlease(fp->fi_deleg_file, F_UNLCK, NULL, (void **)&dp);
4424 out_clnt_odstate:
4425 	put_clnt_odstate(dp->dl_clnt_odstate);
4426 	nfs4_put_stid(&dp->dl_stid);
4427 out_delegees:
4428 	put_deleg_file(fp);
4429 	return ERR_PTR(status);
4430 }
4431 
4432 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status)
4433 {
4434 	open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4435 	if (status == -EAGAIN)
4436 		open->op_why_no_deleg = WND4_CONTENTION;
4437 	else {
4438 		open->op_why_no_deleg = WND4_RESOURCE;
4439 		switch (open->op_deleg_want) {
4440 		case NFS4_SHARE_WANT_READ_DELEG:
4441 		case NFS4_SHARE_WANT_WRITE_DELEG:
4442 		case NFS4_SHARE_WANT_ANY_DELEG:
4443 			break;
4444 		case NFS4_SHARE_WANT_CANCEL:
4445 			open->op_why_no_deleg = WND4_CANCELLED;
4446 			break;
4447 		case NFS4_SHARE_WANT_NO_DELEG:
4448 			WARN_ON_ONCE(1);
4449 		}
4450 	}
4451 }
4452 
4453 /*
4454  * Attempt to hand out a delegation.
4455  *
4456  * Note we don't support write delegations, and won't until the vfs has
4457  * proper support for them.
4458  */
4459 static void
4460 nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open,
4461 			struct nfs4_ol_stateid *stp)
4462 {
4463 	struct nfs4_delegation *dp;
4464 	struct nfs4_openowner *oo = openowner(stp->st_stateowner);
4465 	struct nfs4_client *clp = stp->st_stid.sc_client;
4466 	int cb_up;
4467 	int status = 0;
4468 
4469 	cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);
4470 	open->op_recall = 0;
4471 	switch (open->op_claim_type) {
4472 		case NFS4_OPEN_CLAIM_PREVIOUS:
4473 			if (!cb_up)
4474 				open->op_recall = 1;
4475 			if (open->op_delegate_type != NFS4_OPEN_DELEGATE_READ)
4476 				goto out_no_deleg;
4477 			break;
4478 		case NFS4_OPEN_CLAIM_NULL:
4479 		case NFS4_OPEN_CLAIM_FH:
4480 			/*
4481 			 * Let's not give out any delegations till everyone's
4482 			 * had the chance to reclaim theirs, *and* until
4483 			 * NLM locks have all been reclaimed:
4484 			 */
4485 			if (locks_in_grace(clp->net))
4486 				goto out_no_deleg;
4487 			if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))
4488 				goto out_no_deleg;
4489 			/*
4490 			 * Also, if the file was opened for write or
4491 			 * create, there's a good chance the client's
4492 			 * about to write to it, resulting in an
4493 			 * immediate recall (since we don't support
4494 			 * write delegations):
4495 			 */
4496 			if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
4497 				goto out_no_deleg;
4498 			if (open->op_create == NFS4_OPEN_CREATE)
4499 				goto out_no_deleg;
4500 			break;
4501 		default:
4502 			goto out_no_deleg;
4503 	}
4504 	dp = nfs4_set_delegation(clp, fh, stp->st_stid.sc_file, stp->st_clnt_odstate);
4505 	if (IS_ERR(dp))
4506 		goto out_no_deleg;
4507 
4508 	memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid));
4509 
4510 	dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",
4511 		STATEID_VAL(&dp->dl_stid.sc_stateid));
4512 	open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;
4513 	nfs4_put_stid(&dp->dl_stid);
4514 	return;
4515 out_no_deleg:
4516 	open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE;
4517 	if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&
4518 	    open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) {
4519 		dprintk("NFSD: WARNING: refusing delegation reclaim\n");
4520 		open->op_recall = 1;
4521 	}
4522 
4523 	/* 4.1 client asking for a delegation? */
4524 	if (open->op_deleg_want)
4525 		nfsd4_open_deleg_none_ext(open, status);
4526 	return;
4527 }
4528 
4529 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,
4530 					struct nfs4_delegation *dp)
4531 {
4532 	if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG &&
4533 	    dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
4534 		open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4535 		open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE;
4536 	} else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG &&
4537 		   dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
4538 		open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4539 		open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE;
4540 	}
4541 	/* Otherwise the client must be confused wanting a delegation
4542 	 * it already has, therefore we don't return
4543 	 * NFS4_OPEN_DELEGATE_NONE_EXT and reason.
4544 	 */
4545 }
4546 
4547 __be32
4548 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
4549 {
4550 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
4551 	struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
4552 	struct nfs4_file *fp = NULL;
4553 	struct nfs4_ol_stateid *stp = NULL;
4554 	struct nfs4_delegation *dp = NULL;
4555 	__be32 status;
4556 	bool new_stp = false;
4557 
4558 	/*
4559 	 * Lookup file; if found, lookup stateid and check open request,
4560 	 * and check for delegations in the process of being recalled.
4561 	 * If not found, create the nfs4_file struct
4562 	 */
4563 	fp = find_or_add_file(open->op_file, &current_fh->fh_handle);
4564 	if (fp != open->op_file) {
4565 		status = nfs4_check_deleg(cl, open, &dp);
4566 		if (status)
4567 			goto out;
4568 		stp = nfsd4_find_and_lock_existing_open(fp, open);
4569 	} else {
4570 		open->op_file = NULL;
4571 		status = nfserr_bad_stateid;
4572 		if (nfsd4_is_deleg_cur(open))
4573 			goto out;
4574 	}
4575 
4576 	if (!stp) {
4577 		stp = init_open_stateid(fp, open);
4578 		if (!open->op_stp)
4579 			new_stp = true;
4580 	}
4581 
4582 	/*
4583 	 * OPEN the file, or upgrade an existing OPEN.
4584 	 * If truncate fails, the OPEN fails.
4585 	 *
4586 	 * stp is already locked.
4587 	 */
4588 	if (!new_stp) {
4589 		/* Stateid was found, this is an OPEN upgrade */
4590 		status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
4591 		if (status) {
4592 			mutex_unlock(&stp->st_mutex);
4593 			goto out;
4594 		}
4595 	} else {
4596 		status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
4597 		if (status) {
4598 			stp->st_stid.sc_type = NFS4_CLOSED_STID;
4599 			release_open_stateid(stp);
4600 			mutex_unlock(&stp->st_mutex);
4601 			goto out;
4602 		}
4603 
4604 		stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp,
4605 							open->op_odstate);
4606 		if (stp->st_clnt_odstate == open->op_odstate)
4607 			open->op_odstate = NULL;
4608 	}
4609 
4610 	nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
4611 	mutex_unlock(&stp->st_mutex);
4612 
4613 	if (nfsd4_has_session(&resp->cstate)) {
4614 		if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
4615 			open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4616 			open->op_why_no_deleg = WND4_NOT_WANTED;
4617 			goto nodeleg;
4618 		}
4619 	}
4620 
4621 	/*
4622 	* Attempt to hand out a delegation. No error return, because the
4623 	* OPEN succeeds even if we fail.
4624 	*/
4625 	nfs4_open_delegation(current_fh, open, stp);
4626 nodeleg:
4627 	status = nfs_ok;
4628 
4629 	dprintk("%s: stateid=" STATEID_FMT "\n", __func__,
4630 		STATEID_VAL(&stp->st_stid.sc_stateid));
4631 out:
4632 	/* 4.1 client trying to upgrade/downgrade delegation? */
4633 	if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp &&
4634 	    open->op_deleg_want)
4635 		nfsd4_deleg_xgrade_none_ext(open, dp);
4636 
4637 	if (fp)
4638 		put_nfs4_file(fp);
4639 	if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
4640 		open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
4641 	/*
4642 	* To finish the open response, we just need to set the rflags.
4643 	*/
4644 	open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
4645 	if (nfsd4_has_session(&resp->cstate))
4646 		open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK;
4647 	else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED))
4648 		open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
4649 
4650 	if (dp)
4651 		nfs4_put_stid(&dp->dl_stid);
4652 	if (stp)
4653 		nfs4_put_stid(&stp->st_stid);
4654 
4655 	return status;
4656 }
4657 
4658 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
4659 			      struct nfsd4_open *open)
4660 {
4661 	if (open->op_openowner) {
4662 		struct nfs4_stateowner *so = &open->op_openowner->oo_owner;
4663 
4664 		nfsd4_cstate_assign_replay(cstate, so);
4665 		nfs4_put_stateowner(so);
4666 	}
4667 	if (open->op_file)
4668 		kmem_cache_free(file_slab, open->op_file);
4669 	if (open->op_stp)
4670 		nfs4_put_stid(&open->op_stp->st_stid);
4671 	if (open->op_odstate)
4672 		kmem_cache_free(odstate_slab, open->op_odstate);
4673 }
4674 
4675 __be32
4676 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4677 	    union nfsd4_op_u *u)
4678 {
4679 	clientid_t *clid = &u->renew;
4680 	struct nfs4_client *clp;
4681 	__be32 status;
4682 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4683 
4684 	dprintk("process_renew(%08x/%08x): starting\n",
4685 			clid->cl_boot, clid->cl_id);
4686 	status = lookup_clientid(clid, cstate, nn);
4687 	if (status)
4688 		goto out;
4689 	clp = cstate->clp;
4690 	status = nfserr_cb_path_down;
4691 	if (!list_empty(&clp->cl_delegations)
4692 			&& clp->cl_cb_state != NFSD4_CB_UP)
4693 		goto out;
4694 	status = nfs_ok;
4695 out:
4696 	return status;
4697 }
4698 
4699 void
4700 nfsd4_end_grace(struct nfsd_net *nn)
4701 {
4702 	/* do nothing if grace period already ended */
4703 	if (nn->grace_ended)
4704 		return;
4705 
4706 	dprintk("NFSD: end of grace period\n");
4707 	nn->grace_ended = true;
4708 	/*
4709 	 * If the server goes down again right now, an NFSv4
4710 	 * client will still be allowed to reclaim after it comes back up,
4711 	 * even if it hasn't yet had a chance to reclaim state this time.
4712 	 *
4713 	 */
4714 	nfsd4_record_grace_done(nn);
4715 	/*
4716 	 * At this point, NFSv4 clients can still reclaim.  But if the
4717 	 * server crashes, any that have not yet reclaimed will be out
4718 	 * of luck on the next boot.
4719 	 *
4720 	 * (NFSv4.1+ clients are considered to have reclaimed once they
4721 	 * call RECLAIM_COMPLETE.  NFSv4.0 clients are considered to
4722 	 * have reclaimed after their first OPEN.)
4723 	 */
4724 	locks_end_grace(&nn->nfsd4_manager);
4725 	/*
4726 	 * At this point, and once lockd and/or any other containers
4727 	 * exit their grace period, further reclaims will fail and
4728 	 * regular locking can resume.
4729 	 */
4730 }
4731 
4732 /*
4733  * If we've waited a lease period but there are still clients trying to
4734  * reclaim, wait a little longer to give them a chance to finish.
4735  */
4736 static bool clients_still_reclaiming(struct nfsd_net *nn)
4737 {
4738 	unsigned long now = get_seconds();
4739 	unsigned long double_grace_period_end = nn->boot_time +
4740 						2 * nn->nfsd4_lease;
4741 
4742 	if (!nn->somebody_reclaimed)
4743 		return false;
4744 	nn->somebody_reclaimed = false;
4745 	/*
4746 	 * If we've given them *two* lease times to reclaim, and they're
4747 	 * still not done, give up:
4748 	 */
4749 	if (time_after(now, double_grace_period_end))
4750 		return false;
4751 	return true;
4752 }
4753 
4754 static time_t
4755 nfs4_laundromat(struct nfsd_net *nn)
4756 {
4757 	struct nfs4_client *clp;
4758 	struct nfs4_openowner *oo;
4759 	struct nfs4_delegation *dp;
4760 	struct nfs4_ol_stateid *stp;
4761 	struct nfsd4_blocked_lock *nbl;
4762 	struct list_head *pos, *next, reaplist;
4763 	time_t cutoff = get_seconds() - nn->nfsd4_lease;
4764 	time_t t, new_timeo = nn->nfsd4_lease;
4765 
4766 	dprintk("NFSD: laundromat service - starting\n");
4767 
4768 	if (clients_still_reclaiming(nn)) {
4769 		new_timeo = 0;
4770 		goto out;
4771 	}
4772 	nfsd4_end_grace(nn);
4773 	INIT_LIST_HEAD(&reaplist);
4774 	spin_lock(&nn->client_lock);
4775 	list_for_each_safe(pos, next, &nn->client_lru) {
4776 		clp = list_entry(pos, struct nfs4_client, cl_lru);
4777 		if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) {
4778 			t = clp->cl_time - cutoff;
4779 			new_timeo = min(new_timeo, t);
4780 			break;
4781 		}
4782 		if (mark_client_expired_locked(clp)) {
4783 			dprintk("NFSD: client in use (clientid %08x)\n",
4784 				clp->cl_clientid.cl_id);
4785 			continue;
4786 		}
4787 		list_add(&clp->cl_lru, &reaplist);
4788 	}
4789 	spin_unlock(&nn->client_lock);
4790 	list_for_each_safe(pos, next, &reaplist) {
4791 		clp = list_entry(pos, struct nfs4_client, cl_lru);
4792 		dprintk("NFSD: purging unused client (clientid %08x)\n",
4793 			clp->cl_clientid.cl_id);
4794 		list_del_init(&clp->cl_lru);
4795 		expire_client(clp);
4796 	}
4797 	spin_lock(&state_lock);
4798 	list_for_each_safe(pos, next, &nn->del_recall_lru) {
4799 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4800 		if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) {
4801 			t = dp->dl_time - cutoff;
4802 			new_timeo = min(new_timeo, t);
4803 			break;
4804 		}
4805 		WARN_ON(!unhash_delegation_locked(dp));
4806 		list_add(&dp->dl_recall_lru, &reaplist);
4807 	}
4808 	spin_unlock(&state_lock);
4809 	while (!list_empty(&reaplist)) {
4810 		dp = list_first_entry(&reaplist, struct nfs4_delegation,
4811 					dl_recall_lru);
4812 		list_del_init(&dp->dl_recall_lru);
4813 		revoke_delegation(dp);
4814 	}
4815 
4816 	spin_lock(&nn->client_lock);
4817 	while (!list_empty(&nn->close_lru)) {
4818 		oo = list_first_entry(&nn->close_lru, struct nfs4_openowner,
4819 					oo_close_lru);
4820 		if (time_after((unsigned long)oo->oo_time,
4821 			       (unsigned long)cutoff)) {
4822 			t = oo->oo_time - cutoff;
4823 			new_timeo = min(new_timeo, t);
4824 			break;
4825 		}
4826 		list_del_init(&oo->oo_close_lru);
4827 		stp = oo->oo_last_closed_stid;
4828 		oo->oo_last_closed_stid = NULL;
4829 		spin_unlock(&nn->client_lock);
4830 		nfs4_put_stid(&stp->st_stid);
4831 		spin_lock(&nn->client_lock);
4832 	}
4833 	spin_unlock(&nn->client_lock);
4834 
4835 	/*
4836 	 * It's possible for a client to try and acquire an already held lock
4837 	 * that is being held for a long time, and then lose interest in it.
4838 	 * So, we clean out any un-revisited request after a lease period
4839 	 * under the assumption that the client is no longer interested.
4840 	 *
4841 	 * RFC5661, sec. 9.6 states that the client must not rely on getting
4842 	 * notifications and must continue to poll for locks, even when the
4843 	 * server supports them. Thus this shouldn't lead to clients blocking
4844 	 * indefinitely once the lock does become free.
4845 	 */
4846 	BUG_ON(!list_empty(&reaplist));
4847 	spin_lock(&nn->blocked_locks_lock);
4848 	while (!list_empty(&nn->blocked_locks_lru)) {
4849 		nbl = list_first_entry(&nn->blocked_locks_lru,
4850 					struct nfsd4_blocked_lock, nbl_lru);
4851 		if (time_after((unsigned long)nbl->nbl_time,
4852 			       (unsigned long)cutoff)) {
4853 			t = nbl->nbl_time - cutoff;
4854 			new_timeo = min(new_timeo, t);
4855 			break;
4856 		}
4857 		list_move(&nbl->nbl_lru, &reaplist);
4858 		list_del_init(&nbl->nbl_list);
4859 	}
4860 	spin_unlock(&nn->blocked_locks_lock);
4861 
4862 	while (!list_empty(&reaplist)) {
4863 		nbl = list_first_entry(&reaplist,
4864 					struct nfsd4_blocked_lock, nbl_lru);
4865 		list_del_init(&nbl->nbl_lru);
4866 		locks_delete_block(&nbl->nbl_lock);
4867 		free_blocked_lock(nbl);
4868 	}
4869 out:
4870 	new_timeo = max_t(time_t, new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT);
4871 	return new_timeo;
4872 }
4873 
4874 static struct workqueue_struct *laundry_wq;
4875 static void laundromat_main(struct work_struct *);
4876 
4877 static void
4878 laundromat_main(struct work_struct *laundry)
4879 {
4880 	time_t t;
4881 	struct delayed_work *dwork = to_delayed_work(laundry);
4882 	struct nfsd_net *nn = container_of(dwork, struct nfsd_net,
4883 					   laundromat_work);
4884 
4885 	t = nfs4_laundromat(nn);
4886 	dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t);
4887 	queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
4888 }
4889 
4890 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
4891 {
4892 	if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
4893 		return nfserr_bad_stateid;
4894 	return nfs_ok;
4895 }
4896 
4897 static inline int
4898 access_permit_read(struct nfs4_ol_stateid *stp)
4899 {
4900 	return test_access(NFS4_SHARE_ACCESS_READ, stp) ||
4901 		test_access(NFS4_SHARE_ACCESS_BOTH, stp) ||
4902 		test_access(NFS4_SHARE_ACCESS_WRITE, stp);
4903 }
4904 
4905 static inline int
4906 access_permit_write(struct nfs4_ol_stateid *stp)
4907 {
4908 	return test_access(NFS4_SHARE_ACCESS_WRITE, stp) ||
4909 		test_access(NFS4_SHARE_ACCESS_BOTH, stp);
4910 }
4911 
4912 static
4913 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags)
4914 {
4915         __be32 status = nfserr_openmode;
4916 
4917 	/* For lock stateid's, we test the parent open, not the lock: */
4918 	if (stp->st_openstp)
4919 		stp = stp->st_openstp;
4920 	if ((flags & WR_STATE) && !access_permit_write(stp))
4921                 goto out;
4922 	if ((flags & RD_STATE) && !access_permit_read(stp))
4923                 goto out;
4924 	status = nfs_ok;
4925 out:
4926 	return status;
4927 }
4928 
4929 static inline __be32
4930 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags)
4931 {
4932 	if (ONE_STATEID(stateid) && (flags & RD_STATE))
4933 		return nfs_ok;
4934 	else if (opens_in_grace(net)) {
4935 		/* Answer in remaining cases depends on existence of
4936 		 * conflicting state; so we must wait out the grace period. */
4937 		return nfserr_grace;
4938 	} else if (flags & WR_STATE)
4939 		return nfs4_share_conflict(current_fh,
4940 				NFS4_SHARE_DENY_WRITE);
4941 	else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
4942 		return nfs4_share_conflict(current_fh,
4943 				NFS4_SHARE_DENY_READ);
4944 }
4945 
4946 /*
4947  * Allow READ/WRITE during grace period on recovered state only for files
4948  * that are not able to provide mandatory locking.
4949  */
4950 static inline int
4951 grace_disallows_io(struct net *net, struct inode *inode)
4952 {
4953 	return opens_in_grace(net) && mandatory_lock(inode);
4954 }
4955 
4956 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)
4957 {
4958 	/*
4959 	 * When sessions are used the stateid generation number is ignored
4960 	 * when it is zero.
4961 	 */
4962 	if (has_session && in->si_generation == 0)
4963 		return nfs_ok;
4964 
4965 	if (in->si_generation == ref->si_generation)
4966 		return nfs_ok;
4967 
4968 	/* If the client sends us a stateid from the future, it's buggy: */
4969 	if (nfsd4_stateid_generation_after(in, ref))
4970 		return nfserr_bad_stateid;
4971 	/*
4972 	 * However, we could see a stateid from the past, even from a
4973 	 * non-buggy client.  For example, if the client sends a lock
4974 	 * while some IO is outstanding, the lock may bump si_generation
4975 	 * while the IO is still in flight.  The client could avoid that
4976 	 * situation by waiting for responses on all the IO requests,
4977 	 * but better performance may result in retrying IO that
4978 	 * receives an old_stateid error if requests are rarely
4979 	 * reordered in flight:
4980 	 */
4981 	return nfserr_old_stateid;
4982 }
4983 
4984 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session)
4985 {
4986 	__be32 ret;
4987 
4988 	spin_lock(&s->sc_lock);
4989 	ret = nfsd4_verify_open_stid(s);
4990 	if (ret == nfs_ok)
4991 		ret = check_stateid_generation(in, &s->sc_stateid, has_session);
4992 	spin_unlock(&s->sc_lock);
4993 	return ret;
4994 }
4995 
4996 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols)
4997 {
4998 	if (ols->st_stateowner->so_is_open_owner &&
4999 	    !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
5000 		return nfserr_bad_stateid;
5001 	return nfs_ok;
5002 }
5003 
5004 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
5005 {
5006 	struct nfs4_stid *s;
5007 	__be32 status = nfserr_bad_stateid;
5008 
5009 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
5010 		CLOSE_STATEID(stateid))
5011 		return status;
5012 	/* Client debugging aid. */
5013 	if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
5014 		char addr_str[INET6_ADDRSTRLEN];
5015 		rpc_ntop((struct sockaddr *)&cl->cl_addr, addr_str,
5016 				 sizeof(addr_str));
5017 		pr_warn_ratelimited("NFSD: client %s testing state ID "
5018 					"with incorrect client ID\n", addr_str);
5019 		return status;
5020 	}
5021 	spin_lock(&cl->cl_lock);
5022 	s = find_stateid_locked(cl, stateid);
5023 	if (!s)
5024 		goto out_unlock;
5025 	status = nfsd4_stid_check_stateid_generation(stateid, s, 1);
5026 	if (status)
5027 		goto out_unlock;
5028 	switch (s->sc_type) {
5029 	case NFS4_DELEG_STID:
5030 		status = nfs_ok;
5031 		break;
5032 	case NFS4_REVOKED_DELEG_STID:
5033 		status = nfserr_deleg_revoked;
5034 		break;
5035 	case NFS4_OPEN_STID:
5036 	case NFS4_LOCK_STID:
5037 		status = nfsd4_check_openowner_confirmed(openlockstateid(s));
5038 		break;
5039 	default:
5040 		printk("unknown stateid type %x\n", s->sc_type);
5041 		/* Fallthrough */
5042 	case NFS4_CLOSED_STID:
5043 	case NFS4_CLOSED_DELEG_STID:
5044 		status = nfserr_bad_stateid;
5045 	}
5046 out_unlock:
5047 	spin_unlock(&cl->cl_lock);
5048 	return status;
5049 }
5050 
5051 __be32
5052 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate,
5053 		     stateid_t *stateid, unsigned char typemask,
5054 		     struct nfs4_stid **s, struct nfsd_net *nn)
5055 {
5056 	__be32 status;
5057 	bool return_revoked = false;
5058 
5059 	/*
5060 	 *  only return revoked delegations if explicitly asked.
5061 	 *  otherwise we report revoked or bad_stateid status.
5062 	 */
5063 	if (typemask & NFS4_REVOKED_DELEG_STID)
5064 		return_revoked = true;
5065 	else if (typemask & NFS4_DELEG_STID)
5066 		typemask |= NFS4_REVOKED_DELEG_STID;
5067 
5068 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
5069 		CLOSE_STATEID(stateid))
5070 		return nfserr_bad_stateid;
5071 	status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn);
5072 	if (status == nfserr_stale_clientid) {
5073 		if (cstate->session)
5074 			return nfserr_bad_stateid;
5075 		return nfserr_stale_stateid;
5076 	}
5077 	if (status)
5078 		return status;
5079 	*s = find_stateid_by_type(cstate->clp, stateid, typemask);
5080 	if (!*s)
5081 		return nfserr_bad_stateid;
5082 	if (((*s)->sc_type == NFS4_REVOKED_DELEG_STID) && !return_revoked) {
5083 		nfs4_put_stid(*s);
5084 		if (cstate->minorversion)
5085 			return nfserr_deleg_revoked;
5086 		return nfserr_bad_stateid;
5087 	}
5088 	return nfs_ok;
5089 }
5090 
5091 static struct file *
5092 nfs4_find_file(struct nfs4_stid *s, int flags)
5093 {
5094 	if (!s)
5095 		return NULL;
5096 
5097 	switch (s->sc_type) {
5098 	case NFS4_DELEG_STID:
5099 		if (WARN_ON_ONCE(!s->sc_file->fi_deleg_file))
5100 			return NULL;
5101 		return get_file(s->sc_file->fi_deleg_file);
5102 	case NFS4_OPEN_STID:
5103 	case NFS4_LOCK_STID:
5104 		if (flags & RD_STATE)
5105 			return find_readable_file(s->sc_file);
5106 		else
5107 			return find_writeable_file(s->sc_file);
5108 		break;
5109 	}
5110 
5111 	return NULL;
5112 }
5113 
5114 static __be32
5115 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags)
5116 {
5117 	__be32 status;
5118 
5119 	status = nfsd4_check_openowner_confirmed(ols);
5120 	if (status)
5121 		return status;
5122 	return nfs4_check_openmode(ols, flags);
5123 }
5124 
5125 static __be32
5126 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s,
5127 		struct file **filpp, bool *tmp_file, int flags)
5128 {
5129 	int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE;
5130 	struct file *file;
5131 	__be32 status;
5132 
5133 	file = nfs4_find_file(s, flags);
5134 	if (file) {
5135 		status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
5136 				acc | NFSD_MAY_OWNER_OVERRIDE);
5137 		if (status) {
5138 			fput(file);
5139 			return status;
5140 		}
5141 
5142 		*filpp = file;
5143 	} else {
5144 		status = nfsd_open(rqstp, fhp, S_IFREG, acc, filpp);
5145 		if (status)
5146 			return status;
5147 
5148 		if (tmp_file)
5149 			*tmp_file = true;
5150 	}
5151 
5152 	return 0;
5153 }
5154 
5155 /*
5156  * Checks for stateid operations
5157  */
5158 __be32
5159 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
5160 		struct nfsd4_compound_state *cstate, struct svc_fh *fhp,
5161 		stateid_t *stateid, int flags, struct file **filpp, bool *tmp_file)
5162 {
5163 	struct inode *ino = d_inode(fhp->fh_dentry);
5164 	struct net *net = SVC_NET(rqstp);
5165 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5166 	struct nfs4_stid *s = NULL;
5167 	__be32 status;
5168 
5169 	if (filpp)
5170 		*filpp = NULL;
5171 	if (tmp_file)
5172 		*tmp_file = false;
5173 
5174 	if (grace_disallows_io(net, ino))
5175 		return nfserr_grace;
5176 
5177 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) {
5178 		status = check_special_stateids(net, fhp, stateid, flags);
5179 		goto done;
5180 	}
5181 
5182 	status = nfsd4_lookup_stateid(cstate, stateid,
5183 				NFS4_DELEG_STID|NFS4_OPEN_STID|NFS4_LOCK_STID,
5184 				&s, nn);
5185 	if (status)
5186 		return status;
5187 	status = nfsd4_stid_check_stateid_generation(stateid, s,
5188 			nfsd4_has_session(cstate));
5189 	if (status)
5190 		goto out;
5191 
5192 	switch (s->sc_type) {
5193 	case NFS4_DELEG_STID:
5194 		status = nfs4_check_delegmode(delegstateid(s), flags);
5195 		break;
5196 	case NFS4_OPEN_STID:
5197 	case NFS4_LOCK_STID:
5198 		status = nfs4_check_olstateid(openlockstateid(s), flags);
5199 		break;
5200 	default:
5201 		status = nfserr_bad_stateid;
5202 		break;
5203 	}
5204 	if (status)
5205 		goto out;
5206 	status = nfs4_check_fh(fhp, s);
5207 
5208 done:
5209 	if (!status && filpp)
5210 		status = nfs4_check_file(rqstp, fhp, s, filpp, tmp_file, flags);
5211 out:
5212 	if (s)
5213 		nfs4_put_stid(s);
5214 	return status;
5215 }
5216 
5217 /*
5218  * Test if the stateid is valid
5219  */
5220 __be32
5221 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5222 		   union nfsd4_op_u *u)
5223 {
5224 	struct nfsd4_test_stateid *test_stateid = &u->test_stateid;
5225 	struct nfsd4_test_stateid_id *stateid;
5226 	struct nfs4_client *cl = cstate->session->se_client;
5227 
5228 	list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list)
5229 		stateid->ts_id_status =
5230 			nfsd4_validate_stateid(cl, &stateid->ts_id_stateid);
5231 
5232 	return nfs_ok;
5233 }
5234 
5235 static __be32
5236 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s)
5237 {
5238 	struct nfs4_ol_stateid *stp = openlockstateid(s);
5239 	__be32 ret;
5240 
5241 	ret = nfsd4_lock_ol_stateid(stp);
5242 	if (ret)
5243 		goto out_put_stid;
5244 
5245 	ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
5246 	if (ret)
5247 		goto out;
5248 
5249 	ret = nfserr_locks_held;
5250 	if (check_for_locks(stp->st_stid.sc_file,
5251 			    lockowner(stp->st_stateowner)))
5252 		goto out;
5253 
5254 	release_lock_stateid(stp);
5255 	ret = nfs_ok;
5256 
5257 out:
5258 	mutex_unlock(&stp->st_mutex);
5259 out_put_stid:
5260 	nfs4_put_stid(s);
5261 	return ret;
5262 }
5263 
5264 __be32
5265 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5266 		   union nfsd4_op_u *u)
5267 {
5268 	struct nfsd4_free_stateid *free_stateid = &u->free_stateid;
5269 	stateid_t *stateid = &free_stateid->fr_stateid;
5270 	struct nfs4_stid *s;
5271 	struct nfs4_delegation *dp;
5272 	struct nfs4_client *cl = cstate->session->se_client;
5273 	__be32 ret = nfserr_bad_stateid;
5274 
5275 	spin_lock(&cl->cl_lock);
5276 	s = find_stateid_locked(cl, stateid);
5277 	if (!s)
5278 		goto out_unlock;
5279 	spin_lock(&s->sc_lock);
5280 	switch (s->sc_type) {
5281 	case NFS4_DELEG_STID:
5282 		ret = nfserr_locks_held;
5283 		break;
5284 	case NFS4_OPEN_STID:
5285 		ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
5286 		if (ret)
5287 			break;
5288 		ret = nfserr_locks_held;
5289 		break;
5290 	case NFS4_LOCK_STID:
5291 		spin_unlock(&s->sc_lock);
5292 		refcount_inc(&s->sc_count);
5293 		spin_unlock(&cl->cl_lock);
5294 		ret = nfsd4_free_lock_stateid(stateid, s);
5295 		goto out;
5296 	case NFS4_REVOKED_DELEG_STID:
5297 		spin_unlock(&s->sc_lock);
5298 		dp = delegstateid(s);
5299 		list_del_init(&dp->dl_recall_lru);
5300 		spin_unlock(&cl->cl_lock);
5301 		nfs4_put_stid(s);
5302 		ret = nfs_ok;
5303 		goto out;
5304 	/* Default falls through and returns nfserr_bad_stateid */
5305 	}
5306 	spin_unlock(&s->sc_lock);
5307 out_unlock:
5308 	spin_unlock(&cl->cl_lock);
5309 out:
5310 	return ret;
5311 }
5312 
5313 static inline int
5314 setlkflg (int type)
5315 {
5316 	return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
5317 		RD_STATE : WR_STATE;
5318 }
5319 
5320 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp)
5321 {
5322 	struct svc_fh *current_fh = &cstate->current_fh;
5323 	struct nfs4_stateowner *sop = stp->st_stateowner;
5324 	__be32 status;
5325 
5326 	status = nfsd4_check_seqid(cstate, sop, seqid);
5327 	if (status)
5328 		return status;
5329 	status = nfsd4_lock_ol_stateid(stp);
5330 	if (status != nfs_ok)
5331 		return status;
5332 	status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
5333 	if (status == nfs_ok)
5334 		status = nfs4_check_fh(current_fh, &stp->st_stid);
5335 	if (status != nfs_ok)
5336 		mutex_unlock(&stp->st_mutex);
5337 	return status;
5338 }
5339 
5340 /*
5341  * Checks for sequence id mutating operations.
5342  */
5343 static __be32
5344 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
5345 			 stateid_t *stateid, char typemask,
5346 			 struct nfs4_ol_stateid **stpp,
5347 			 struct nfsd_net *nn)
5348 {
5349 	__be32 status;
5350 	struct nfs4_stid *s;
5351 	struct nfs4_ol_stateid *stp = NULL;
5352 
5353 	dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__,
5354 		seqid, STATEID_VAL(stateid));
5355 
5356 	*stpp = NULL;
5357 	status = nfsd4_lookup_stateid(cstate, stateid, typemask, &s, nn);
5358 	if (status)
5359 		return status;
5360 	stp = openlockstateid(s);
5361 	nfsd4_cstate_assign_replay(cstate, stp->st_stateowner);
5362 
5363 	status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp);
5364 	if (!status)
5365 		*stpp = stp;
5366 	else
5367 		nfs4_put_stid(&stp->st_stid);
5368 	return status;
5369 }
5370 
5371 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
5372 						 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn)
5373 {
5374 	__be32 status;
5375 	struct nfs4_openowner *oo;
5376 	struct nfs4_ol_stateid *stp;
5377 
5378 	status = nfs4_preprocess_seqid_op(cstate, seqid, stateid,
5379 						NFS4_OPEN_STID, &stp, nn);
5380 	if (status)
5381 		return status;
5382 	oo = openowner(stp->st_stateowner);
5383 	if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
5384 		mutex_unlock(&stp->st_mutex);
5385 		nfs4_put_stid(&stp->st_stid);
5386 		return nfserr_bad_stateid;
5387 	}
5388 	*stpp = stp;
5389 	return nfs_ok;
5390 }
5391 
5392 __be32
5393 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5394 		   union nfsd4_op_u *u)
5395 {
5396 	struct nfsd4_open_confirm *oc = &u->open_confirm;
5397 	__be32 status;
5398 	struct nfs4_openowner *oo;
5399 	struct nfs4_ol_stateid *stp;
5400 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5401 
5402 	dprintk("NFSD: nfsd4_open_confirm on file %pd\n",
5403 			cstate->current_fh.fh_dentry);
5404 
5405 	status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
5406 	if (status)
5407 		return status;
5408 
5409 	status = nfs4_preprocess_seqid_op(cstate,
5410 					oc->oc_seqid, &oc->oc_req_stateid,
5411 					NFS4_OPEN_STID, &stp, nn);
5412 	if (status)
5413 		goto out;
5414 	oo = openowner(stp->st_stateowner);
5415 	status = nfserr_bad_stateid;
5416 	if (oo->oo_flags & NFS4_OO_CONFIRMED) {
5417 		mutex_unlock(&stp->st_mutex);
5418 		goto put_stateid;
5419 	}
5420 	oo->oo_flags |= NFS4_OO_CONFIRMED;
5421 	nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid);
5422 	mutex_unlock(&stp->st_mutex);
5423 	dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
5424 		__func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid));
5425 
5426 	nfsd4_client_record_create(oo->oo_owner.so_client);
5427 	status = nfs_ok;
5428 put_stateid:
5429 	nfs4_put_stid(&stp->st_stid);
5430 out:
5431 	nfsd4_bump_seqid(cstate, status);
5432 	return status;
5433 }
5434 
5435 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access)
5436 {
5437 	if (!test_access(access, stp))
5438 		return;
5439 	nfs4_file_put_access(stp->st_stid.sc_file, access);
5440 	clear_access(access, stp);
5441 }
5442 
5443 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access)
5444 {
5445 	switch (to_access) {
5446 	case NFS4_SHARE_ACCESS_READ:
5447 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE);
5448 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
5449 		break;
5450 	case NFS4_SHARE_ACCESS_WRITE:
5451 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ);
5452 		nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
5453 		break;
5454 	case NFS4_SHARE_ACCESS_BOTH:
5455 		break;
5456 	default:
5457 		WARN_ON_ONCE(1);
5458 	}
5459 }
5460 
5461 __be32
5462 nfsd4_open_downgrade(struct svc_rqst *rqstp,
5463 		     struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
5464 {
5465 	struct nfsd4_open_downgrade *od = &u->open_downgrade;
5466 	__be32 status;
5467 	struct nfs4_ol_stateid *stp;
5468 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5469 
5470 	dprintk("NFSD: nfsd4_open_downgrade on file %pd\n",
5471 			cstate->current_fh.fh_dentry);
5472 
5473 	/* We don't yet support WANT bits: */
5474 	if (od->od_deleg_want)
5475 		dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__,
5476 			od->od_deleg_want);
5477 
5478 	status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid,
5479 					&od->od_stateid, &stp, nn);
5480 	if (status)
5481 		goto out;
5482 	status = nfserr_inval;
5483 	if (!test_access(od->od_share_access, stp)) {
5484 		dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n",
5485 			stp->st_access_bmap, od->od_share_access);
5486 		goto put_stateid;
5487 	}
5488 	if (!test_deny(od->od_share_deny, stp)) {
5489 		dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n",
5490 			stp->st_deny_bmap, od->od_share_deny);
5491 		goto put_stateid;
5492 	}
5493 	nfs4_stateid_downgrade(stp, od->od_share_access);
5494 	reset_union_bmap_deny(od->od_share_deny, stp);
5495 	nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid);
5496 	status = nfs_ok;
5497 put_stateid:
5498 	mutex_unlock(&stp->st_mutex);
5499 	nfs4_put_stid(&stp->st_stid);
5500 out:
5501 	nfsd4_bump_seqid(cstate, status);
5502 	return status;
5503 }
5504 
5505 static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
5506 {
5507 	struct nfs4_client *clp = s->st_stid.sc_client;
5508 	bool unhashed;
5509 	LIST_HEAD(reaplist);
5510 
5511 	spin_lock(&clp->cl_lock);
5512 	unhashed = unhash_open_stateid(s, &reaplist);
5513 
5514 	if (clp->cl_minorversion) {
5515 		if (unhashed)
5516 			put_ol_stateid_locked(s, &reaplist);
5517 		spin_unlock(&clp->cl_lock);
5518 		free_ol_stateid_reaplist(&reaplist);
5519 	} else {
5520 		spin_unlock(&clp->cl_lock);
5521 		free_ol_stateid_reaplist(&reaplist);
5522 		if (unhashed)
5523 			move_to_close_lru(s, clp->net);
5524 	}
5525 }
5526 
5527 /*
5528  * nfs4_unlock_state() called after encode
5529  */
5530 __be32
5531 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5532 		union nfsd4_op_u *u)
5533 {
5534 	struct nfsd4_close *close = &u->close;
5535 	__be32 status;
5536 	struct nfs4_ol_stateid *stp;
5537 	struct net *net = SVC_NET(rqstp);
5538 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5539 
5540 	dprintk("NFSD: nfsd4_close on file %pd\n",
5541 			cstate->current_fh.fh_dentry);
5542 
5543 	status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid,
5544 					&close->cl_stateid,
5545 					NFS4_OPEN_STID|NFS4_CLOSED_STID,
5546 					&stp, nn);
5547 	nfsd4_bump_seqid(cstate, status);
5548 	if (status)
5549 		goto out;
5550 
5551 	stp->st_stid.sc_type = NFS4_CLOSED_STID;
5552 
5553 	/*
5554 	 * Technically we don't _really_ have to increment or copy it, since
5555 	 * it should just be gone after this operation and we clobber the
5556 	 * copied value below, but we continue to do so here just to ensure
5557 	 * that racing ops see that there was a state change.
5558 	 */
5559 	nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid);
5560 
5561 	nfsd4_close_open_stateid(stp);
5562 	mutex_unlock(&stp->st_mutex);
5563 
5564 	/* v4.1+ suggests that we send a special stateid in here, since the
5565 	 * clients should just ignore this anyway. Since this is not useful
5566 	 * for v4.0 clients either, we set it to the special close_stateid
5567 	 * universally.
5568 	 *
5569 	 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5
5570 	 */
5571 	memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid));
5572 
5573 	/* put reference from nfs4_preprocess_seqid_op */
5574 	nfs4_put_stid(&stp->st_stid);
5575 out:
5576 	return status;
5577 }
5578 
5579 __be32
5580 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5581 		  union nfsd4_op_u *u)
5582 {
5583 	struct nfsd4_delegreturn *dr = &u->delegreturn;
5584 	struct nfs4_delegation *dp;
5585 	stateid_t *stateid = &dr->dr_stateid;
5586 	struct nfs4_stid *s;
5587 	__be32 status;
5588 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5589 
5590 	if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
5591 		return status;
5592 
5593 	status = nfsd4_lookup_stateid(cstate, stateid, NFS4_DELEG_STID, &s, nn);
5594 	if (status)
5595 		goto out;
5596 	dp = delegstateid(s);
5597 	status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate));
5598 	if (status)
5599 		goto put_stateid;
5600 
5601 	destroy_delegation(dp);
5602 put_stateid:
5603 	nfs4_put_stid(&dp->dl_stid);
5604 out:
5605 	return status;
5606 }
5607 
5608 static inline u64
5609 end_offset(u64 start, u64 len)
5610 {
5611 	u64 end;
5612 
5613 	end = start + len;
5614 	return end >= start ? end: NFS4_MAX_UINT64;
5615 }
5616 
5617 /* last octet in a range */
5618 static inline u64
5619 last_byte_offset(u64 start, u64 len)
5620 {
5621 	u64 end;
5622 
5623 	WARN_ON_ONCE(!len);
5624 	end = start + len;
5625 	return end > start ? end - 1: NFS4_MAX_UINT64;
5626 }
5627 
5628 /*
5629  * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
5630  * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
5631  * byte, because of sign extension problems.  Since NFSv4 calls for 64-bit
5632  * locking, this prevents us from being completely protocol-compliant.  The
5633  * real solution to this problem is to start using unsigned file offsets in
5634  * the VFS, but this is a very deep change!
5635  */
5636 static inline void
5637 nfs4_transform_lock_offset(struct file_lock *lock)
5638 {
5639 	if (lock->fl_start < 0)
5640 		lock->fl_start = OFFSET_MAX;
5641 	if (lock->fl_end < 0)
5642 		lock->fl_end = OFFSET_MAX;
5643 }
5644 
5645 static fl_owner_t
5646 nfsd4_fl_get_owner(fl_owner_t owner)
5647 {
5648 	struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
5649 
5650 	nfs4_get_stateowner(&lo->lo_owner);
5651 	return owner;
5652 }
5653 
5654 static void
5655 nfsd4_fl_put_owner(fl_owner_t owner)
5656 {
5657 	struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
5658 
5659 	if (lo)
5660 		nfs4_put_stateowner(&lo->lo_owner);
5661 }
5662 
5663 static void
5664 nfsd4_lm_notify(struct file_lock *fl)
5665 {
5666 	struct nfs4_lockowner		*lo = (struct nfs4_lockowner *)fl->fl_owner;
5667 	struct net			*net = lo->lo_owner.so_client->net;
5668 	struct nfsd_net			*nn = net_generic(net, nfsd_net_id);
5669 	struct nfsd4_blocked_lock	*nbl = container_of(fl,
5670 						struct nfsd4_blocked_lock, nbl_lock);
5671 	bool queue = false;
5672 
5673 	/* An empty list means that something else is going to be using it */
5674 	spin_lock(&nn->blocked_locks_lock);
5675 	if (!list_empty(&nbl->nbl_list)) {
5676 		list_del_init(&nbl->nbl_list);
5677 		list_del_init(&nbl->nbl_lru);
5678 		queue = true;
5679 	}
5680 	spin_unlock(&nn->blocked_locks_lock);
5681 
5682 	if (queue)
5683 		nfsd4_run_cb(&nbl->nbl_cb);
5684 }
5685 
5686 static const struct lock_manager_operations nfsd_posix_mng_ops  = {
5687 	.lm_notify = nfsd4_lm_notify,
5688 	.lm_get_owner = nfsd4_fl_get_owner,
5689 	.lm_put_owner = nfsd4_fl_put_owner,
5690 };
5691 
5692 static inline void
5693 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
5694 {
5695 	struct nfs4_lockowner *lo;
5696 
5697 	if (fl->fl_lmops == &nfsd_posix_mng_ops) {
5698 		lo = (struct nfs4_lockowner *) fl->fl_owner;
5699 		deny->ld_owner.data = kmemdup(lo->lo_owner.so_owner.data,
5700 					lo->lo_owner.so_owner.len, GFP_KERNEL);
5701 		if (!deny->ld_owner.data)
5702 			/* We just don't care that much */
5703 			goto nevermind;
5704 		deny->ld_owner.len = lo->lo_owner.so_owner.len;
5705 		deny->ld_clientid = lo->lo_owner.so_client->cl_clientid;
5706 	} else {
5707 nevermind:
5708 		deny->ld_owner.len = 0;
5709 		deny->ld_owner.data = NULL;
5710 		deny->ld_clientid.cl_boot = 0;
5711 		deny->ld_clientid.cl_id = 0;
5712 	}
5713 	deny->ld_start = fl->fl_start;
5714 	deny->ld_length = NFS4_MAX_UINT64;
5715 	if (fl->fl_end != NFS4_MAX_UINT64)
5716 		deny->ld_length = fl->fl_end - fl->fl_start + 1;
5717 	deny->ld_type = NFS4_READ_LT;
5718 	if (fl->fl_type != F_RDLCK)
5719 		deny->ld_type = NFS4_WRITE_LT;
5720 }
5721 
5722 static struct nfs4_lockowner *
5723 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner)
5724 {
5725 	unsigned int strhashval = ownerstr_hashval(owner);
5726 	struct nfs4_stateowner *so;
5727 
5728 	lockdep_assert_held(&clp->cl_lock);
5729 
5730 	list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval],
5731 			    so_strhash) {
5732 		if (so->so_is_open_owner)
5733 			continue;
5734 		if (same_owner_str(so, owner))
5735 			return lockowner(nfs4_get_stateowner(so));
5736 	}
5737 	return NULL;
5738 }
5739 
5740 static struct nfs4_lockowner *
5741 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner)
5742 {
5743 	struct nfs4_lockowner *lo;
5744 
5745 	spin_lock(&clp->cl_lock);
5746 	lo = find_lockowner_str_locked(clp, owner);
5747 	spin_unlock(&clp->cl_lock);
5748 	return lo;
5749 }
5750 
5751 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop)
5752 {
5753 	unhash_lockowner_locked(lockowner(sop));
5754 }
5755 
5756 static void nfs4_free_lockowner(struct nfs4_stateowner *sop)
5757 {
5758 	struct nfs4_lockowner *lo = lockowner(sop);
5759 
5760 	kmem_cache_free(lockowner_slab, lo);
5761 }
5762 
5763 static const struct nfs4_stateowner_operations lockowner_ops = {
5764 	.so_unhash =	nfs4_unhash_lockowner,
5765 	.so_free =	nfs4_free_lockowner,
5766 };
5767 
5768 /*
5769  * Alloc a lock owner structure.
5770  * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has
5771  * occurred.
5772  *
5773  * strhashval = ownerstr_hashval
5774  */
5775 static struct nfs4_lockowner *
5776 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp,
5777 			   struct nfs4_ol_stateid *open_stp,
5778 			   struct nfsd4_lock *lock)
5779 {
5780 	struct nfs4_lockowner *lo, *ret;
5781 
5782 	lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp);
5783 	if (!lo)
5784 		return NULL;
5785 	INIT_LIST_HEAD(&lo->lo_blocked);
5786 	INIT_LIST_HEAD(&lo->lo_owner.so_stateids);
5787 	lo->lo_owner.so_is_open_owner = 0;
5788 	lo->lo_owner.so_seqid = lock->lk_new_lock_seqid;
5789 	lo->lo_owner.so_ops = &lockowner_ops;
5790 	spin_lock(&clp->cl_lock);
5791 	ret = find_lockowner_str_locked(clp, &lock->lk_new_owner);
5792 	if (ret == NULL) {
5793 		list_add(&lo->lo_owner.so_strhash,
5794 			 &clp->cl_ownerstr_hashtbl[strhashval]);
5795 		ret = lo;
5796 	} else
5797 		nfs4_free_stateowner(&lo->lo_owner);
5798 
5799 	spin_unlock(&clp->cl_lock);
5800 	return ret;
5801 }
5802 
5803 static struct nfs4_ol_stateid *
5804 find_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fp)
5805 {
5806 	struct nfs4_ol_stateid *lst;
5807 	struct nfs4_client *clp = lo->lo_owner.so_client;
5808 
5809 	lockdep_assert_held(&clp->cl_lock);
5810 
5811 	list_for_each_entry(lst, &lo->lo_owner.so_stateids, st_perstateowner) {
5812 		if (lst->st_stid.sc_type != NFS4_LOCK_STID)
5813 			continue;
5814 		if (lst->st_stid.sc_file == fp) {
5815 			refcount_inc(&lst->st_stid.sc_count);
5816 			return lst;
5817 		}
5818 	}
5819 	return NULL;
5820 }
5821 
5822 static struct nfs4_ol_stateid *
5823 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo,
5824 		  struct nfs4_file *fp, struct inode *inode,
5825 		  struct nfs4_ol_stateid *open_stp)
5826 {
5827 	struct nfs4_client *clp = lo->lo_owner.so_client;
5828 	struct nfs4_ol_stateid *retstp;
5829 
5830 	mutex_init(&stp->st_mutex);
5831 	mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX);
5832 retry:
5833 	spin_lock(&clp->cl_lock);
5834 	spin_lock(&fp->fi_lock);
5835 	retstp = find_lock_stateid(lo, fp);
5836 	if (retstp)
5837 		goto out_unlock;
5838 
5839 	refcount_inc(&stp->st_stid.sc_count);
5840 	stp->st_stid.sc_type = NFS4_LOCK_STID;
5841 	stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner);
5842 	get_nfs4_file(fp);
5843 	stp->st_stid.sc_file = fp;
5844 	stp->st_access_bmap = 0;
5845 	stp->st_deny_bmap = open_stp->st_deny_bmap;
5846 	stp->st_openstp = open_stp;
5847 	list_add(&stp->st_locks, &open_stp->st_locks);
5848 	list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
5849 	list_add(&stp->st_perfile, &fp->fi_stateids);
5850 out_unlock:
5851 	spin_unlock(&fp->fi_lock);
5852 	spin_unlock(&clp->cl_lock);
5853 	if (retstp) {
5854 		if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) {
5855 			nfs4_put_stid(&retstp->st_stid);
5856 			goto retry;
5857 		}
5858 		/* To keep mutex tracking happy */
5859 		mutex_unlock(&stp->st_mutex);
5860 		stp = retstp;
5861 	}
5862 	return stp;
5863 }
5864 
5865 static struct nfs4_ol_stateid *
5866 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi,
5867 			    struct inode *inode, struct nfs4_ol_stateid *ost,
5868 			    bool *new)
5869 {
5870 	struct nfs4_stid *ns = NULL;
5871 	struct nfs4_ol_stateid *lst;
5872 	struct nfs4_openowner *oo = openowner(ost->st_stateowner);
5873 	struct nfs4_client *clp = oo->oo_owner.so_client;
5874 
5875 	*new = false;
5876 	spin_lock(&clp->cl_lock);
5877 	lst = find_lock_stateid(lo, fi);
5878 	spin_unlock(&clp->cl_lock);
5879 	if (lst != NULL) {
5880 		if (nfsd4_lock_ol_stateid(lst) == nfs_ok)
5881 			goto out;
5882 		nfs4_put_stid(&lst->st_stid);
5883 	}
5884 	ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid);
5885 	if (ns == NULL)
5886 		return NULL;
5887 
5888 	lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost);
5889 	if (lst == openlockstateid(ns))
5890 		*new = true;
5891 	else
5892 		nfs4_put_stid(ns);
5893 out:
5894 	return lst;
5895 }
5896 
5897 static int
5898 check_lock_length(u64 offset, u64 length)
5899 {
5900 	return ((length == 0) || ((length != NFS4_MAX_UINT64) &&
5901 		(length > ~offset)));
5902 }
5903 
5904 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access)
5905 {
5906 	struct nfs4_file *fp = lock_stp->st_stid.sc_file;
5907 
5908 	lockdep_assert_held(&fp->fi_lock);
5909 
5910 	if (test_access(access, lock_stp))
5911 		return;
5912 	__nfs4_file_get_access(fp, access);
5913 	set_access(access, lock_stp);
5914 }
5915 
5916 static __be32
5917 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
5918 			    struct nfs4_ol_stateid *ost,
5919 			    struct nfsd4_lock *lock,
5920 			    struct nfs4_ol_stateid **plst, bool *new)
5921 {
5922 	__be32 status;
5923 	struct nfs4_file *fi = ost->st_stid.sc_file;
5924 	struct nfs4_openowner *oo = openowner(ost->st_stateowner);
5925 	struct nfs4_client *cl = oo->oo_owner.so_client;
5926 	struct inode *inode = d_inode(cstate->current_fh.fh_dentry);
5927 	struct nfs4_lockowner *lo;
5928 	struct nfs4_ol_stateid *lst;
5929 	unsigned int strhashval;
5930 
5931 	lo = find_lockowner_str(cl, &lock->lk_new_owner);
5932 	if (!lo) {
5933 		strhashval = ownerstr_hashval(&lock->lk_new_owner);
5934 		lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock);
5935 		if (lo == NULL)
5936 			return nfserr_jukebox;
5937 	} else {
5938 		/* with an existing lockowner, seqids must be the same */
5939 		status = nfserr_bad_seqid;
5940 		if (!cstate->minorversion &&
5941 		    lock->lk_new_lock_seqid != lo->lo_owner.so_seqid)
5942 			goto out;
5943 	}
5944 
5945 	lst = find_or_create_lock_stateid(lo, fi, inode, ost, new);
5946 	if (lst == NULL) {
5947 		status = nfserr_jukebox;
5948 		goto out;
5949 	}
5950 
5951 	status = nfs_ok;
5952 	*plst = lst;
5953 out:
5954 	nfs4_put_stateowner(&lo->lo_owner);
5955 	return status;
5956 }
5957 
5958 /*
5959  *  LOCK operation
5960  */
5961 __be32
5962 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5963 	   union nfsd4_op_u *u)
5964 {
5965 	struct nfsd4_lock *lock = &u->lock;
5966 	struct nfs4_openowner *open_sop = NULL;
5967 	struct nfs4_lockowner *lock_sop = NULL;
5968 	struct nfs4_ol_stateid *lock_stp = NULL;
5969 	struct nfs4_ol_stateid *open_stp = NULL;
5970 	struct nfs4_file *fp;
5971 	struct file *filp = NULL;
5972 	struct nfsd4_blocked_lock *nbl = NULL;
5973 	struct file_lock *file_lock = NULL;
5974 	struct file_lock *conflock = NULL;
5975 	__be32 status = 0;
5976 	int lkflg;
5977 	int err;
5978 	bool new = false;
5979 	unsigned char fl_type;
5980 	unsigned int fl_flags = FL_POSIX;
5981 	struct net *net = SVC_NET(rqstp);
5982 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5983 
5984 	dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
5985 		(long long) lock->lk_offset,
5986 		(long long) lock->lk_length);
5987 
5988 	if (check_lock_length(lock->lk_offset, lock->lk_length))
5989 		 return nfserr_inval;
5990 
5991 	if ((status = fh_verify(rqstp, &cstate->current_fh,
5992 				S_IFREG, NFSD_MAY_LOCK))) {
5993 		dprintk("NFSD: nfsd4_lock: permission denied!\n");
5994 		return status;
5995 	}
5996 
5997 	if (lock->lk_is_new) {
5998 		if (nfsd4_has_session(cstate))
5999 			/* See rfc 5661 18.10.3: given clientid is ignored: */
6000 			memcpy(&lock->lk_new_clientid,
6001 				&cstate->session->se_client->cl_clientid,
6002 				sizeof(clientid_t));
6003 
6004 		status = nfserr_stale_clientid;
6005 		if (STALE_CLIENTID(&lock->lk_new_clientid, nn))
6006 			goto out;
6007 
6008 		/* validate and update open stateid and open seqid */
6009 		status = nfs4_preprocess_confirmed_seqid_op(cstate,
6010 				        lock->lk_new_open_seqid,
6011 		                        &lock->lk_new_open_stateid,
6012 					&open_stp, nn);
6013 		if (status)
6014 			goto out;
6015 		mutex_unlock(&open_stp->st_mutex);
6016 		open_sop = openowner(open_stp->st_stateowner);
6017 		status = nfserr_bad_stateid;
6018 		if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
6019 						&lock->lk_new_clientid))
6020 			goto out;
6021 		status = lookup_or_create_lock_state(cstate, open_stp, lock,
6022 							&lock_stp, &new);
6023 	} else {
6024 		status = nfs4_preprocess_seqid_op(cstate,
6025 				       lock->lk_old_lock_seqid,
6026 				       &lock->lk_old_lock_stateid,
6027 				       NFS4_LOCK_STID, &lock_stp, nn);
6028 	}
6029 	if (status)
6030 		goto out;
6031 	lock_sop = lockowner(lock_stp->st_stateowner);
6032 
6033 	lkflg = setlkflg(lock->lk_type);
6034 	status = nfs4_check_openmode(lock_stp, lkflg);
6035 	if (status)
6036 		goto out;
6037 
6038 	status = nfserr_grace;
6039 	if (locks_in_grace(net) && !lock->lk_reclaim)
6040 		goto out;
6041 	status = nfserr_no_grace;
6042 	if (!locks_in_grace(net) && lock->lk_reclaim)
6043 		goto out;
6044 
6045 	fp = lock_stp->st_stid.sc_file;
6046 	switch (lock->lk_type) {
6047 		case NFS4_READW_LT:
6048 			if (nfsd4_has_session(cstate))
6049 				fl_flags |= FL_SLEEP;
6050 			/* Fallthrough */
6051 		case NFS4_READ_LT:
6052 			spin_lock(&fp->fi_lock);
6053 			filp = find_readable_file_locked(fp);
6054 			if (filp)
6055 				get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
6056 			spin_unlock(&fp->fi_lock);
6057 			fl_type = F_RDLCK;
6058 			break;
6059 		case NFS4_WRITEW_LT:
6060 			if (nfsd4_has_session(cstate))
6061 				fl_flags |= FL_SLEEP;
6062 			/* Fallthrough */
6063 		case NFS4_WRITE_LT:
6064 			spin_lock(&fp->fi_lock);
6065 			filp = find_writeable_file_locked(fp);
6066 			if (filp)
6067 				get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
6068 			spin_unlock(&fp->fi_lock);
6069 			fl_type = F_WRLCK;
6070 			break;
6071 		default:
6072 			status = nfserr_inval;
6073 		goto out;
6074 	}
6075 
6076 	if (!filp) {
6077 		status = nfserr_openmode;
6078 		goto out;
6079 	}
6080 
6081 	nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn);
6082 	if (!nbl) {
6083 		dprintk("NFSD: %s: unable to allocate block!\n", __func__);
6084 		status = nfserr_jukebox;
6085 		goto out;
6086 	}
6087 
6088 	file_lock = &nbl->nbl_lock;
6089 	file_lock->fl_type = fl_type;
6090 	file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner));
6091 	file_lock->fl_pid = current->tgid;
6092 	file_lock->fl_file = filp;
6093 	file_lock->fl_flags = fl_flags;
6094 	file_lock->fl_lmops = &nfsd_posix_mng_ops;
6095 	file_lock->fl_start = lock->lk_offset;
6096 	file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
6097 	nfs4_transform_lock_offset(file_lock);
6098 
6099 	conflock = locks_alloc_lock();
6100 	if (!conflock) {
6101 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
6102 		status = nfserr_jukebox;
6103 		goto out;
6104 	}
6105 
6106 	if (fl_flags & FL_SLEEP) {
6107 		nbl->nbl_time = jiffies;
6108 		spin_lock(&nn->blocked_locks_lock);
6109 		list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
6110 		list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
6111 		spin_unlock(&nn->blocked_locks_lock);
6112 	}
6113 
6114 	err = vfs_lock_file(filp, F_SETLK, file_lock, conflock);
6115 	switch (err) {
6116 	case 0: /* success! */
6117 		nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid);
6118 		status = 0;
6119 		if (lock->lk_reclaim)
6120 			nn->somebody_reclaimed = true;
6121 		break;
6122 	case FILE_LOCK_DEFERRED:
6123 		nbl = NULL;
6124 		/* Fallthrough */
6125 	case -EAGAIN:		/* conflock holds conflicting lock */
6126 		status = nfserr_denied;
6127 		dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
6128 		nfs4_set_lock_denied(conflock, &lock->lk_denied);
6129 		break;
6130 	case -EDEADLK:
6131 		status = nfserr_deadlock;
6132 		break;
6133 	default:
6134 		dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
6135 		status = nfserrno(err);
6136 		break;
6137 	}
6138 out:
6139 	if (nbl) {
6140 		/* dequeue it if we queued it before */
6141 		if (fl_flags & FL_SLEEP) {
6142 			spin_lock(&nn->blocked_locks_lock);
6143 			list_del_init(&nbl->nbl_list);
6144 			list_del_init(&nbl->nbl_lru);
6145 			spin_unlock(&nn->blocked_locks_lock);
6146 		}
6147 		free_blocked_lock(nbl);
6148 	}
6149 	if (filp)
6150 		fput(filp);
6151 	if (lock_stp) {
6152 		/* Bump seqid manually if the 4.0 replay owner is openowner */
6153 		if (cstate->replay_owner &&
6154 		    cstate->replay_owner != &lock_sop->lo_owner &&
6155 		    seqid_mutating_err(ntohl(status)))
6156 			lock_sop->lo_owner.so_seqid++;
6157 
6158 		/*
6159 		 * If this is a new, never-before-used stateid, and we are
6160 		 * returning an error, then just go ahead and release it.
6161 		 */
6162 		if (status && new)
6163 			release_lock_stateid(lock_stp);
6164 
6165 		mutex_unlock(&lock_stp->st_mutex);
6166 
6167 		nfs4_put_stid(&lock_stp->st_stid);
6168 	}
6169 	if (open_stp)
6170 		nfs4_put_stid(&open_stp->st_stid);
6171 	nfsd4_bump_seqid(cstate, status);
6172 	if (conflock)
6173 		locks_free_lock(conflock);
6174 	return status;
6175 }
6176 
6177 /*
6178  * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
6179  * so we do a temporary open here just to get an open file to pass to
6180  * vfs_test_lock.  (Arguably perhaps test_lock should be done with an
6181  * inode operation.)
6182  */
6183 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
6184 {
6185 	struct file *file;
6186 	__be32 err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file);
6187 	if (!err) {
6188 		err = nfserrno(vfs_test_lock(file, lock));
6189 		fput(file);
6190 	}
6191 	return err;
6192 }
6193 
6194 /*
6195  * LOCKT operation
6196  */
6197 __be32
6198 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
6199 	    union nfsd4_op_u *u)
6200 {
6201 	struct nfsd4_lockt *lockt = &u->lockt;
6202 	struct file_lock *file_lock = NULL;
6203 	struct nfs4_lockowner *lo = NULL;
6204 	__be32 status;
6205 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
6206 
6207 	if (locks_in_grace(SVC_NET(rqstp)))
6208 		return nfserr_grace;
6209 
6210 	if (check_lock_length(lockt->lt_offset, lockt->lt_length))
6211 		 return nfserr_inval;
6212 
6213 	if (!nfsd4_has_session(cstate)) {
6214 		status = lookup_clientid(&lockt->lt_clientid, cstate, nn);
6215 		if (status)
6216 			goto out;
6217 	}
6218 
6219 	if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
6220 		goto out;
6221 
6222 	file_lock = locks_alloc_lock();
6223 	if (!file_lock) {
6224 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
6225 		status = nfserr_jukebox;
6226 		goto out;
6227 	}
6228 
6229 	switch (lockt->lt_type) {
6230 		case NFS4_READ_LT:
6231 		case NFS4_READW_LT:
6232 			file_lock->fl_type = F_RDLCK;
6233 			break;
6234 		case NFS4_WRITE_LT:
6235 		case NFS4_WRITEW_LT:
6236 			file_lock->fl_type = F_WRLCK;
6237 			break;
6238 		default:
6239 			dprintk("NFSD: nfs4_lockt: bad lock type!\n");
6240 			status = nfserr_inval;
6241 			goto out;
6242 	}
6243 
6244 	lo = find_lockowner_str(cstate->clp, &lockt->lt_owner);
6245 	if (lo)
6246 		file_lock->fl_owner = (fl_owner_t)lo;
6247 	file_lock->fl_pid = current->tgid;
6248 	file_lock->fl_flags = FL_POSIX;
6249 
6250 	file_lock->fl_start = lockt->lt_offset;
6251 	file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
6252 
6253 	nfs4_transform_lock_offset(file_lock);
6254 
6255 	status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock);
6256 	if (status)
6257 		goto out;
6258 
6259 	if (file_lock->fl_type != F_UNLCK) {
6260 		status = nfserr_denied;
6261 		nfs4_set_lock_denied(file_lock, &lockt->lt_denied);
6262 	}
6263 out:
6264 	if (lo)
6265 		nfs4_put_stateowner(&lo->lo_owner);
6266 	if (file_lock)
6267 		locks_free_lock(file_lock);
6268 	return status;
6269 }
6270 
6271 __be32
6272 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
6273 	    union nfsd4_op_u *u)
6274 {
6275 	struct nfsd4_locku *locku = &u->locku;
6276 	struct nfs4_ol_stateid *stp;
6277 	struct file *filp = NULL;
6278 	struct file_lock *file_lock = NULL;
6279 	__be32 status;
6280 	int err;
6281 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
6282 
6283 	dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
6284 		(long long) locku->lu_offset,
6285 		(long long) locku->lu_length);
6286 
6287 	if (check_lock_length(locku->lu_offset, locku->lu_length))
6288 		 return nfserr_inval;
6289 
6290 	status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid,
6291 					&locku->lu_stateid, NFS4_LOCK_STID,
6292 					&stp, nn);
6293 	if (status)
6294 		goto out;
6295 	filp = find_any_file(stp->st_stid.sc_file);
6296 	if (!filp) {
6297 		status = nfserr_lock_range;
6298 		goto put_stateid;
6299 	}
6300 	file_lock = locks_alloc_lock();
6301 	if (!file_lock) {
6302 		dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
6303 		status = nfserr_jukebox;
6304 		goto fput;
6305 	}
6306 
6307 	file_lock->fl_type = F_UNLCK;
6308 	file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner));
6309 	file_lock->fl_pid = current->tgid;
6310 	file_lock->fl_file = filp;
6311 	file_lock->fl_flags = FL_POSIX;
6312 	file_lock->fl_lmops = &nfsd_posix_mng_ops;
6313 	file_lock->fl_start = locku->lu_offset;
6314 
6315 	file_lock->fl_end = last_byte_offset(locku->lu_offset,
6316 						locku->lu_length);
6317 	nfs4_transform_lock_offset(file_lock);
6318 
6319 	err = vfs_lock_file(filp, F_SETLK, file_lock, NULL);
6320 	if (err) {
6321 		dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
6322 		goto out_nfserr;
6323 	}
6324 	nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid);
6325 fput:
6326 	fput(filp);
6327 put_stateid:
6328 	mutex_unlock(&stp->st_mutex);
6329 	nfs4_put_stid(&stp->st_stid);
6330 out:
6331 	nfsd4_bump_seqid(cstate, status);
6332 	if (file_lock)
6333 		locks_free_lock(file_lock);
6334 	return status;
6335 
6336 out_nfserr:
6337 	status = nfserrno(err);
6338 	goto fput;
6339 }
6340 
6341 /*
6342  * returns
6343  * 	true:  locks held by lockowner
6344  * 	false: no locks held by lockowner
6345  */
6346 static bool
6347 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
6348 {
6349 	struct file_lock *fl;
6350 	int status = false;
6351 	struct file *filp = find_any_file(fp);
6352 	struct inode *inode;
6353 	struct file_lock_context *flctx;
6354 
6355 	if (!filp) {
6356 		/* Any valid lock stateid should have some sort of access */
6357 		WARN_ON_ONCE(1);
6358 		return status;
6359 	}
6360 
6361 	inode = locks_inode(filp);
6362 	flctx = inode->i_flctx;
6363 
6364 	if (flctx && !list_empty_careful(&flctx->flc_posix)) {
6365 		spin_lock(&flctx->flc_lock);
6366 		list_for_each_entry(fl, &flctx->flc_posix, fl_list) {
6367 			if (fl->fl_owner == (fl_owner_t)lowner) {
6368 				status = true;
6369 				break;
6370 			}
6371 		}
6372 		spin_unlock(&flctx->flc_lock);
6373 	}
6374 	fput(filp);
6375 	return status;
6376 }
6377 
6378 __be32
6379 nfsd4_release_lockowner(struct svc_rqst *rqstp,
6380 			struct nfsd4_compound_state *cstate,
6381 			union nfsd4_op_u *u)
6382 {
6383 	struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner;
6384 	clientid_t *clid = &rlockowner->rl_clientid;
6385 	struct nfs4_stateowner *sop;
6386 	struct nfs4_lockowner *lo = NULL;
6387 	struct nfs4_ol_stateid *stp;
6388 	struct xdr_netobj *owner = &rlockowner->rl_owner;
6389 	unsigned int hashval = ownerstr_hashval(owner);
6390 	__be32 status;
6391 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
6392 	struct nfs4_client *clp;
6393 	LIST_HEAD (reaplist);
6394 
6395 	dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
6396 		clid->cl_boot, clid->cl_id);
6397 
6398 	status = lookup_clientid(clid, cstate, nn);
6399 	if (status)
6400 		return status;
6401 
6402 	clp = cstate->clp;
6403 	/* Find the matching lock stateowner */
6404 	spin_lock(&clp->cl_lock);
6405 	list_for_each_entry(sop, &clp->cl_ownerstr_hashtbl[hashval],
6406 			    so_strhash) {
6407 
6408 		if (sop->so_is_open_owner || !same_owner_str(sop, owner))
6409 			continue;
6410 
6411 		/* see if there are still any locks associated with it */
6412 		lo = lockowner(sop);
6413 		list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) {
6414 			if (check_for_locks(stp->st_stid.sc_file, lo)) {
6415 				status = nfserr_locks_held;
6416 				spin_unlock(&clp->cl_lock);
6417 				return status;
6418 			}
6419 		}
6420 
6421 		nfs4_get_stateowner(sop);
6422 		break;
6423 	}
6424 	if (!lo) {
6425 		spin_unlock(&clp->cl_lock);
6426 		return status;
6427 	}
6428 
6429 	unhash_lockowner_locked(lo);
6430 	while (!list_empty(&lo->lo_owner.so_stateids)) {
6431 		stp = list_first_entry(&lo->lo_owner.so_stateids,
6432 				       struct nfs4_ol_stateid,
6433 				       st_perstateowner);
6434 		WARN_ON(!unhash_lock_stateid(stp));
6435 		put_ol_stateid_locked(stp, &reaplist);
6436 	}
6437 	spin_unlock(&clp->cl_lock);
6438 	free_ol_stateid_reaplist(&reaplist);
6439 	remove_blocked_locks(lo);
6440 	nfs4_put_stateowner(&lo->lo_owner);
6441 
6442 	return status;
6443 }
6444 
6445 static inline struct nfs4_client_reclaim *
6446 alloc_reclaim(void)
6447 {
6448 	return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
6449 }
6450 
6451 bool
6452 nfs4_has_reclaimed_state(const char *name, struct nfsd_net *nn)
6453 {
6454 	struct nfs4_client_reclaim *crp;
6455 
6456 	crp = nfsd4_find_reclaim_client(name, nn);
6457 	return (crp && crp->cr_clp);
6458 }
6459 
6460 /*
6461  * failure => all reset bets are off, nfserr_no_grace...
6462  */
6463 struct nfs4_client_reclaim *
6464 nfs4_client_to_reclaim(const char *name, struct nfsd_net *nn)
6465 {
6466 	unsigned int strhashval;
6467 	struct nfs4_client_reclaim *crp;
6468 
6469 	dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name);
6470 	crp = alloc_reclaim();
6471 	if (crp) {
6472 		strhashval = clientstr_hashval(name);
6473 		INIT_LIST_HEAD(&crp->cr_strhash);
6474 		list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]);
6475 		memcpy(crp->cr_recdir, name, HEXDIR_LEN);
6476 		crp->cr_clp = NULL;
6477 		nn->reclaim_str_hashtbl_size++;
6478 	}
6479 	return crp;
6480 }
6481 
6482 void
6483 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn)
6484 {
6485 	list_del(&crp->cr_strhash);
6486 	kfree(crp);
6487 	nn->reclaim_str_hashtbl_size--;
6488 }
6489 
6490 void
6491 nfs4_release_reclaim(struct nfsd_net *nn)
6492 {
6493 	struct nfs4_client_reclaim *crp = NULL;
6494 	int i;
6495 
6496 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
6497 		while (!list_empty(&nn->reclaim_str_hashtbl[i])) {
6498 			crp = list_entry(nn->reclaim_str_hashtbl[i].next,
6499 			                struct nfs4_client_reclaim, cr_strhash);
6500 			nfs4_remove_reclaim_record(crp, nn);
6501 		}
6502 	}
6503 	WARN_ON_ONCE(nn->reclaim_str_hashtbl_size);
6504 }
6505 
6506 /*
6507  * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
6508 struct nfs4_client_reclaim *
6509 nfsd4_find_reclaim_client(const char *recdir, struct nfsd_net *nn)
6510 {
6511 	unsigned int strhashval;
6512 	struct nfs4_client_reclaim *crp = NULL;
6513 
6514 	dprintk("NFSD: nfs4_find_reclaim_client for recdir %s\n", recdir);
6515 
6516 	strhashval = clientstr_hashval(recdir);
6517 	list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) {
6518 		if (same_name(crp->cr_recdir, recdir)) {
6519 			return crp;
6520 		}
6521 	}
6522 	return NULL;
6523 }
6524 
6525 /*
6526 * Called from OPEN. Look for clientid in reclaim list.
6527 */
6528 __be32
6529 nfs4_check_open_reclaim(clientid_t *clid,
6530 		struct nfsd4_compound_state *cstate,
6531 		struct nfsd_net *nn)
6532 {
6533 	__be32 status;
6534 
6535 	/* find clientid in conf_id_hashtbl */
6536 	status = lookup_clientid(clid, cstate, nn);
6537 	if (status)
6538 		return nfserr_reclaim_bad;
6539 
6540 	if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &cstate->clp->cl_flags))
6541 		return nfserr_no_grace;
6542 
6543 	if (nfsd4_client_record_check(cstate->clp))
6544 		return nfserr_reclaim_bad;
6545 
6546 	return nfs_ok;
6547 }
6548 
6549 #ifdef CONFIG_NFSD_FAULT_INJECTION
6550 static inline void
6551 put_client(struct nfs4_client *clp)
6552 {
6553 	atomic_dec(&clp->cl_refcount);
6554 }
6555 
6556 static struct nfs4_client *
6557 nfsd_find_client(struct sockaddr_storage *addr, size_t addr_size)
6558 {
6559 	struct nfs4_client *clp;
6560 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6561 					  nfsd_net_id);
6562 
6563 	if (!nfsd_netns_ready(nn))
6564 		return NULL;
6565 
6566 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6567 		if (memcmp(&clp->cl_addr, addr, addr_size) == 0)
6568 			return clp;
6569 	}
6570 	return NULL;
6571 }
6572 
6573 u64
6574 nfsd_inject_print_clients(void)
6575 {
6576 	struct nfs4_client *clp;
6577 	u64 count = 0;
6578 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6579 					  nfsd_net_id);
6580 	char buf[INET6_ADDRSTRLEN];
6581 
6582 	if (!nfsd_netns_ready(nn))
6583 		return 0;
6584 
6585 	spin_lock(&nn->client_lock);
6586 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6587 		rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
6588 		pr_info("NFS Client: %s\n", buf);
6589 		++count;
6590 	}
6591 	spin_unlock(&nn->client_lock);
6592 
6593 	return count;
6594 }
6595 
6596 u64
6597 nfsd_inject_forget_client(struct sockaddr_storage *addr, size_t addr_size)
6598 {
6599 	u64 count = 0;
6600 	struct nfs4_client *clp;
6601 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6602 					  nfsd_net_id);
6603 
6604 	if (!nfsd_netns_ready(nn))
6605 		return count;
6606 
6607 	spin_lock(&nn->client_lock);
6608 	clp = nfsd_find_client(addr, addr_size);
6609 	if (clp) {
6610 		if (mark_client_expired_locked(clp) == nfs_ok)
6611 			++count;
6612 		else
6613 			clp = NULL;
6614 	}
6615 	spin_unlock(&nn->client_lock);
6616 
6617 	if (clp)
6618 		expire_client(clp);
6619 
6620 	return count;
6621 }
6622 
6623 u64
6624 nfsd_inject_forget_clients(u64 max)
6625 {
6626 	u64 count = 0;
6627 	struct nfs4_client *clp, *next;
6628 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6629 						nfsd_net_id);
6630 	LIST_HEAD(reaplist);
6631 
6632 	if (!nfsd_netns_ready(nn))
6633 		return count;
6634 
6635 	spin_lock(&nn->client_lock);
6636 	list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) {
6637 		if (mark_client_expired_locked(clp) == nfs_ok) {
6638 			list_add(&clp->cl_lru, &reaplist);
6639 			if (max != 0 && ++count >= max)
6640 				break;
6641 		}
6642 	}
6643 	spin_unlock(&nn->client_lock);
6644 
6645 	list_for_each_entry_safe(clp, next, &reaplist, cl_lru)
6646 		expire_client(clp);
6647 
6648 	return count;
6649 }
6650 
6651 static void nfsd_print_count(struct nfs4_client *clp, unsigned int count,
6652 			     const char *type)
6653 {
6654 	char buf[INET6_ADDRSTRLEN];
6655 	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
6656 	printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type);
6657 }
6658 
6659 static void
6660 nfsd_inject_add_lock_to_list(struct nfs4_ol_stateid *lst,
6661 			     struct list_head *collect)
6662 {
6663 	struct nfs4_client *clp = lst->st_stid.sc_client;
6664 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6665 					  nfsd_net_id);
6666 
6667 	if (!collect)
6668 		return;
6669 
6670 	lockdep_assert_held(&nn->client_lock);
6671 	atomic_inc(&clp->cl_refcount);
6672 	list_add(&lst->st_locks, collect);
6673 }
6674 
6675 static u64 nfsd_foreach_client_lock(struct nfs4_client *clp, u64 max,
6676 				    struct list_head *collect,
6677 				    bool (*func)(struct nfs4_ol_stateid *))
6678 {
6679 	struct nfs4_openowner *oop;
6680 	struct nfs4_ol_stateid *stp, *st_next;
6681 	struct nfs4_ol_stateid *lst, *lst_next;
6682 	u64 count = 0;
6683 
6684 	spin_lock(&clp->cl_lock);
6685 	list_for_each_entry(oop, &clp->cl_openowners, oo_perclient) {
6686 		list_for_each_entry_safe(stp, st_next,
6687 				&oop->oo_owner.so_stateids, st_perstateowner) {
6688 			list_for_each_entry_safe(lst, lst_next,
6689 					&stp->st_locks, st_locks) {
6690 				if (func) {
6691 					if (func(lst))
6692 						nfsd_inject_add_lock_to_list(lst,
6693 									collect);
6694 				}
6695 				++count;
6696 				/*
6697 				 * Despite the fact that these functions deal
6698 				 * with 64-bit integers for "count", we must
6699 				 * ensure that it doesn't blow up the
6700 				 * clp->cl_refcount. Throw a warning if we
6701 				 * start to approach INT_MAX here.
6702 				 */
6703 				WARN_ON_ONCE(count == (INT_MAX / 2));
6704 				if (count == max)
6705 					goto out;
6706 			}
6707 		}
6708 	}
6709 out:
6710 	spin_unlock(&clp->cl_lock);
6711 
6712 	return count;
6713 }
6714 
6715 static u64
6716 nfsd_collect_client_locks(struct nfs4_client *clp, struct list_head *collect,
6717 			  u64 max)
6718 {
6719 	return nfsd_foreach_client_lock(clp, max, collect, unhash_lock_stateid);
6720 }
6721 
6722 static u64
6723 nfsd_print_client_locks(struct nfs4_client *clp)
6724 {
6725 	u64 count = nfsd_foreach_client_lock(clp, 0, NULL, NULL);
6726 	nfsd_print_count(clp, count, "locked files");
6727 	return count;
6728 }
6729 
6730 u64
6731 nfsd_inject_print_locks(void)
6732 {
6733 	struct nfs4_client *clp;
6734 	u64 count = 0;
6735 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6736 						nfsd_net_id);
6737 
6738 	if (!nfsd_netns_ready(nn))
6739 		return 0;
6740 
6741 	spin_lock(&nn->client_lock);
6742 	list_for_each_entry(clp, &nn->client_lru, cl_lru)
6743 		count += nfsd_print_client_locks(clp);
6744 	spin_unlock(&nn->client_lock);
6745 
6746 	return count;
6747 }
6748 
6749 static void
6750 nfsd_reap_locks(struct list_head *reaplist)
6751 {
6752 	struct nfs4_client *clp;
6753 	struct nfs4_ol_stateid *stp, *next;
6754 
6755 	list_for_each_entry_safe(stp, next, reaplist, st_locks) {
6756 		list_del_init(&stp->st_locks);
6757 		clp = stp->st_stid.sc_client;
6758 		nfs4_put_stid(&stp->st_stid);
6759 		put_client(clp);
6760 	}
6761 }
6762 
6763 u64
6764 nfsd_inject_forget_client_locks(struct sockaddr_storage *addr, size_t addr_size)
6765 {
6766 	unsigned int count = 0;
6767 	struct nfs4_client *clp;
6768 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6769 						nfsd_net_id);
6770 	LIST_HEAD(reaplist);
6771 
6772 	if (!nfsd_netns_ready(nn))
6773 		return count;
6774 
6775 	spin_lock(&nn->client_lock);
6776 	clp = nfsd_find_client(addr, addr_size);
6777 	if (clp)
6778 		count = nfsd_collect_client_locks(clp, &reaplist, 0);
6779 	spin_unlock(&nn->client_lock);
6780 	nfsd_reap_locks(&reaplist);
6781 	return count;
6782 }
6783 
6784 u64
6785 nfsd_inject_forget_locks(u64 max)
6786 {
6787 	u64 count = 0;
6788 	struct nfs4_client *clp;
6789 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6790 						nfsd_net_id);
6791 	LIST_HEAD(reaplist);
6792 
6793 	if (!nfsd_netns_ready(nn))
6794 		return count;
6795 
6796 	spin_lock(&nn->client_lock);
6797 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6798 		count += nfsd_collect_client_locks(clp, &reaplist, max - count);
6799 		if (max != 0 && count >= max)
6800 			break;
6801 	}
6802 	spin_unlock(&nn->client_lock);
6803 	nfsd_reap_locks(&reaplist);
6804 	return count;
6805 }
6806 
6807 static u64
6808 nfsd_foreach_client_openowner(struct nfs4_client *clp, u64 max,
6809 			      struct list_head *collect,
6810 			      void (*func)(struct nfs4_openowner *))
6811 {
6812 	struct nfs4_openowner *oop, *next;
6813 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6814 						nfsd_net_id);
6815 	u64 count = 0;
6816 
6817 	lockdep_assert_held(&nn->client_lock);
6818 
6819 	spin_lock(&clp->cl_lock);
6820 	list_for_each_entry_safe(oop, next, &clp->cl_openowners, oo_perclient) {
6821 		if (func) {
6822 			func(oop);
6823 			if (collect) {
6824 				atomic_inc(&clp->cl_refcount);
6825 				list_add(&oop->oo_perclient, collect);
6826 			}
6827 		}
6828 		++count;
6829 		/*
6830 		 * Despite the fact that these functions deal with
6831 		 * 64-bit integers for "count", we must ensure that
6832 		 * it doesn't blow up the clp->cl_refcount. Throw a
6833 		 * warning if we start to approach INT_MAX here.
6834 		 */
6835 		WARN_ON_ONCE(count == (INT_MAX / 2));
6836 		if (count == max)
6837 			break;
6838 	}
6839 	spin_unlock(&clp->cl_lock);
6840 
6841 	return count;
6842 }
6843 
6844 static u64
6845 nfsd_print_client_openowners(struct nfs4_client *clp)
6846 {
6847 	u64 count = nfsd_foreach_client_openowner(clp, 0, NULL, NULL);
6848 
6849 	nfsd_print_count(clp, count, "openowners");
6850 	return count;
6851 }
6852 
6853 static u64
6854 nfsd_collect_client_openowners(struct nfs4_client *clp,
6855 			       struct list_head *collect, u64 max)
6856 {
6857 	return nfsd_foreach_client_openowner(clp, max, collect,
6858 						unhash_openowner_locked);
6859 }
6860 
6861 u64
6862 nfsd_inject_print_openowners(void)
6863 {
6864 	struct nfs4_client *clp;
6865 	u64 count = 0;
6866 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6867 						nfsd_net_id);
6868 
6869 	if (!nfsd_netns_ready(nn))
6870 		return 0;
6871 
6872 	spin_lock(&nn->client_lock);
6873 	list_for_each_entry(clp, &nn->client_lru, cl_lru)
6874 		count += nfsd_print_client_openowners(clp);
6875 	spin_unlock(&nn->client_lock);
6876 
6877 	return count;
6878 }
6879 
6880 static void
6881 nfsd_reap_openowners(struct list_head *reaplist)
6882 {
6883 	struct nfs4_client *clp;
6884 	struct nfs4_openowner *oop, *next;
6885 
6886 	list_for_each_entry_safe(oop, next, reaplist, oo_perclient) {
6887 		list_del_init(&oop->oo_perclient);
6888 		clp = oop->oo_owner.so_client;
6889 		release_openowner(oop);
6890 		put_client(clp);
6891 	}
6892 }
6893 
6894 u64
6895 nfsd_inject_forget_client_openowners(struct sockaddr_storage *addr,
6896 				     size_t addr_size)
6897 {
6898 	unsigned int count = 0;
6899 	struct nfs4_client *clp;
6900 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6901 						nfsd_net_id);
6902 	LIST_HEAD(reaplist);
6903 
6904 	if (!nfsd_netns_ready(nn))
6905 		return count;
6906 
6907 	spin_lock(&nn->client_lock);
6908 	clp = nfsd_find_client(addr, addr_size);
6909 	if (clp)
6910 		count = nfsd_collect_client_openowners(clp, &reaplist, 0);
6911 	spin_unlock(&nn->client_lock);
6912 	nfsd_reap_openowners(&reaplist);
6913 	return count;
6914 }
6915 
6916 u64
6917 nfsd_inject_forget_openowners(u64 max)
6918 {
6919 	u64 count = 0;
6920 	struct nfs4_client *clp;
6921 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6922 						nfsd_net_id);
6923 	LIST_HEAD(reaplist);
6924 
6925 	if (!nfsd_netns_ready(nn))
6926 		return count;
6927 
6928 	spin_lock(&nn->client_lock);
6929 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6930 		count += nfsd_collect_client_openowners(clp, &reaplist,
6931 							max - count);
6932 		if (max != 0 && count >= max)
6933 			break;
6934 	}
6935 	spin_unlock(&nn->client_lock);
6936 	nfsd_reap_openowners(&reaplist);
6937 	return count;
6938 }
6939 
6940 static u64 nfsd_find_all_delegations(struct nfs4_client *clp, u64 max,
6941 				     struct list_head *victims)
6942 {
6943 	struct nfs4_delegation *dp, *next;
6944 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6945 						nfsd_net_id);
6946 	u64 count = 0;
6947 
6948 	lockdep_assert_held(&nn->client_lock);
6949 
6950 	spin_lock(&state_lock);
6951 	list_for_each_entry_safe(dp, next, &clp->cl_delegations, dl_perclnt) {
6952 		if (victims) {
6953 			/*
6954 			 * It's not safe to mess with delegations that have a
6955 			 * non-zero dl_time. They might have already been broken
6956 			 * and could be processed by the laundromat outside of
6957 			 * the state_lock. Just leave them be.
6958 			 */
6959 			if (dp->dl_time != 0)
6960 				continue;
6961 
6962 			atomic_inc(&clp->cl_refcount);
6963 			WARN_ON(!unhash_delegation_locked(dp));
6964 			list_add(&dp->dl_recall_lru, victims);
6965 		}
6966 		++count;
6967 		/*
6968 		 * Despite the fact that these functions deal with
6969 		 * 64-bit integers for "count", we must ensure that
6970 		 * it doesn't blow up the clp->cl_refcount. Throw a
6971 		 * warning if we start to approach INT_MAX here.
6972 		 */
6973 		WARN_ON_ONCE(count == (INT_MAX / 2));
6974 		if (count == max)
6975 			break;
6976 	}
6977 	spin_unlock(&state_lock);
6978 	return count;
6979 }
6980 
6981 static u64
6982 nfsd_print_client_delegations(struct nfs4_client *clp)
6983 {
6984 	u64 count = nfsd_find_all_delegations(clp, 0, NULL);
6985 
6986 	nfsd_print_count(clp, count, "delegations");
6987 	return count;
6988 }
6989 
6990 u64
6991 nfsd_inject_print_delegations(void)
6992 {
6993 	struct nfs4_client *clp;
6994 	u64 count = 0;
6995 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6996 						nfsd_net_id);
6997 
6998 	if (!nfsd_netns_ready(nn))
6999 		return 0;
7000 
7001 	spin_lock(&nn->client_lock);
7002 	list_for_each_entry(clp, &nn->client_lru, cl_lru)
7003 		count += nfsd_print_client_delegations(clp);
7004 	spin_unlock(&nn->client_lock);
7005 
7006 	return count;
7007 }
7008 
7009 static void
7010 nfsd_forget_delegations(struct list_head *reaplist)
7011 {
7012 	struct nfs4_client *clp;
7013 	struct nfs4_delegation *dp, *next;
7014 
7015 	list_for_each_entry_safe(dp, next, reaplist, dl_recall_lru) {
7016 		list_del_init(&dp->dl_recall_lru);
7017 		clp = dp->dl_stid.sc_client;
7018 		revoke_delegation(dp);
7019 		put_client(clp);
7020 	}
7021 }
7022 
7023 u64
7024 nfsd_inject_forget_client_delegations(struct sockaddr_storage *addr,
7025 				      size_t addr_size)
7026 {
7027 	u64 count = 0;
7028 	struct nfs4_client *clp;
7029 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
7030 						nfsd_net_id);
7031 	LIST_HEAD(reaplist);
7032 
7033 	if (!nfsd_netns_ready(nn))
7034 		return count;
7035 
7036 	spin_lock(&nn->client_lock);
7037 	clp = nfsd_find_client(addr, addr_size);
7038 	if (clp)
7039 		count = nfsd_find_all_delegations(clp, 0, &reaplist);
7040 	spin_unlock(&nn->client_lock);
7041 
7042 	nfsd_forget_delegations(&reaplist);
7043 	return count;
7044 }
7045 
7046 u64
7047 nfsd_inject_forget_delegations(u64 max)
7048 {
7049 	u64 count = 0;
7050 	struct nfs4_client *clp;
7051 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
7052 						nfsd_net_id);
7053 	LIST_HEAD(reaplist);
7054 
7055 	if (!nfsd_netns_ready(nn))
7056 		return count;
7057 
7058 	spin_lock(&nn->client_lock);
7059 	list_for_each_entry(clp, &nn->client_lru, cl_lru) {
7060 		count += nfsd_find_all_delegations(clp, max - count, &reaplist);
7061 		if (max != 0 && count >= max)
7062 			break;
7063 	}
7064 	spin_unlock(&nn->client_lock);
7065 	nfsd_forget_delegations(&reaplist);
7066 	return count;
7067 }
7068 
7069 static void
7070 nfsd_recall_delegations(struct list_head *reaplist)
7071 {
7072 	struct nfs4_client *clp;
7073 	struct nfs4_delegation *dp, *next;
7074 
7075 	list_for_each_entry_safe(dp, next, reaplist, dl_recall_lru) {
7076 		list_del_init(&dp->dl_recall_lru);
7077 		clp = dp->dl_stid.sc_client;
7078 		/*
7079 		 * We skipped all entries that had a zero dl_time before,
7080 		 * so we can now reset the dl_time back to 0. If a delegation
7081 		 * break comes in now, then it won't make any difference since
7082 		 * we're recalling it either way.
7083 		 */
7084 		spin_lock(&state_lock);
7085 		dp->dl_time = 0;
7086 		spin_unlock(&state_lock);
7087 		nfsd_break_one_deleg(dp);
7088 		put_client(clp);
7089 	}
7090 }
7091 
7092 u64
7093 nfsd_inject_recall_client_delegations(struct sockaddr_storage *addr,
7094 				      size_t addr_size)
7095 {
7096 	u64 count = 0;
7097 	struct nfs4_client *clp;
7098 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
7099 						nfsd_net_id);
7100 	LIST_HEAD(reaplist);
7101 
7102 	if (!nfsd_netns_ready(nn))
7103 		return count;
7104 
7105 	spin_lock(&nn->client_lock);
7106 	clp = nfsd_find_client(addr, addr_size);
7107 	if (clp)
7108 		count = nfsd_find_all_delegations(clp, 0, &reaplist);
7109 	spin_unlock(&nn->client_lock);
7110 
7111 	nfsd_recall_delegations(&reaplist);
7112 	return count;
7113 }
7114 
7115 u64
7116 nfsd_inject_recall_delegations(u64 max)
7117 {
7118 	u64 count = 0;
7119 	struct nfs4_client *clp, *next;
7120 	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
7121 						nfsd_net_id);
7122 	LIST_HEAD(reaplist);
7123 
7124 	if (!nfsd_netns_ready(nn))
7125 		return count;
7126 
7127 	spin_lock(&nn->client_lock);
7128 	list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) {
7129 		count += nfsd_find_all_delegations(clp, max - count, &reaplist);
7130 		if (max != 0 && ++count >= max)
7131 			break;
7132 	}
7133 	spin_unlock(&nn->client_lock);
7134 	nfsd_recall_delegations(&reaplist);
7135 	return count;
7136 }
7137 #endif /* CONFIG_NFSD_FAULT_INJECTION */
7138 
7139 /*
7140  * Since the lifetime of a delegation isn't limited to that of an open, a
7141  * client may quite reasonably hang on to a delegation as long as it has
7142  * the inode cached.  This becomes an obvious problem the first time a
7143  * client's inode cache approaches the size of the server's total memory.
7144  *
7145  * For now we avoid this problem by imposing a hard limit on the number
7146  * of delegations, which varies according to the server's memory size.
7147  */
7148 static void
7149 set_max_delegations(void)
7150 {
7151 	/*
7152 	 * Allow at most 4 delegations per megabyte of RAM.  Quick
7153 	 * estimates suggest that in the worst case (where every delegation
7154 	 * is for a different inode), a delegation could take about 1.5K,
7155 	 * giving a worst case usage of about 6% of memory.
7156 	 */
7157 	max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT);
7158 }
7159 
7160 static int nfs4_state_create_net(struct net *net)
7161 {
7162 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7163 	int i;
7164 
7165 	nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
7166 					    sizeof(struct list_head),
7167 					    GFP_KERNEL);
7168 	if (!nn->conf_id_hashtbl)
7169 		goto err;
7170 	nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
7171 					      sizeof(struct list_head),
7172 					      GFP_KERNEL);
7173 	if (!nn->unconf_id_hashtbl)
7174 		goto err_unconf_id;
7175 	nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE,
7176 					      sizeof(struct list_head),
7177 					      GFP_KERNEL);
7178 	if (!nn->sessionid_hashtbl)
7179 		goto err_sessionid;
7180 
7181 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
7182 		INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]);
7183 		INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]);
7184 	}
7185 	for (i = 0; i < SESSION_HASH_SIZE; i++)
7186 		INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]);
7187 	nn->conf_name_tree = RB_ROOT;
7188 	nn->unconf_name_tree = RB_ROOT;
7189 	nn->boot_time = get_seconds();
7190 	nn->grace_ended = false;
7191 	nn->nfsd4_manager.block_opens = true;
7192 	INIT_LIST_HEAD(&nn->nfsd4_manager.list);
7193 	INIT_LIST_HEAD(&nn->client_lru);
7194 	INIT_LIST_HEAD(&nn->close_lru);
7195 	INIT_LIST_HEAD(&nn->del_recall_lru);
7196 	spin_lock_init(&nn->client_lock);
7197 	spin_lock_init(&nn->s2s_cp_lock);
7198 	idr_init(&nn->s2s_cp_stateids);
7199 
7200 	spin_lock_init(&nn->blocked_locks_lock);
7201 	INIT_LIST_HEAD(&nn->blocked_locks_lru);
7202 
7203 	INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main);
7204 	get_net(net);
7205 
7206 	return 0;
7207 
7208 err_sessionid:
7209 	kfree(nn->unconf_id_hashtbl);
7210 err_unconf_id:
7211 	kfree(nn->conf_id_hashtbl);
7212 err:
7213 	return -ENOMEM;
7214 }
7215 
7216 static void
7217 nfs4_state_destroy_net(struct net *net)
7218 {
7219 	int i;
7220 	struct nfs4_client *clp = NULL;
7221 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7222 
7223 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
7224 		while (!list_empty(&nn->conf_id_hashtbl[i])) {
7225 			clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
7226 			destroy_client(clp);
7227 		}
7228 	}
7229 
7230 	WARN_ON(!list_empty(&nn->blocked_locks_lru));
7231 
7232 	for (i = 0; i < CLIENT_HASH_SIZE; i++) {
7233 		while (!list_empty(&nn->unconf_id_hashtbl[i])) {
7234 			clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
7235 			destroy_client(clp);
7236 		}
7237 	}
7238 
7239 	kfree(nn->sessionid_hashtbl);
7240 	kfree(nn->unconf_id_hashtbl);
7241 	kfree(nn->conf_id_hashtbl);
7242 	put_net(net);
7243 }
7244 
7245 int
7246 nfs4_state_start_net(struct net *net)
7247 {
7248 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7249 	int ret;
7250 
7251 	ret = nfs4_state_create_net(net);
7252 	if (ret)
7253 		return ret;
7254 	locks_start_grace(net, &nn->nfsd4_manager);
7255 	nfsd4_client_tracking_init(net);
7256 	printk(KERN_INFO "NFSD: starting %ld-second grace period (net %x)\n",
7257 	       nn->nfsd4_grace, net->ns.inum);
7258 	queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ);
7259 	return 0;
7260 }
7261 
7262 /* initialization to perform when the nfsd service is started: */
7263 
7264 int
7265 nfs4_state_start(void)
7266 {
7267 	int ret;
7268 
7269 	laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4");
7270 	if (laundry_wq == NULL) {
7271 		ret = -ENOMEM;
7272 		goto out;
7273 	}
7274 	ret = nfsd4_create_callback_queue();
7275 	if (ret)
7276 		goto out_free_laundry;
7277 
7278 	set_max_delegations();
7279 	return 0;
7280 
7281 out_free_laundry:
7282 	destroy_workqueue(laundry_wq);
7283 out:
7284 	return ret;
7285 }
7286 
7287 void
7288 nfs4_state_shutdown_net(struct net *net)
7289 {
7290 	struct nfs4_delegation *dp = NULL;
7291 	struct list_head *pos, *next, reaplist;
7292 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7293 
7294 	cancel_delayed_work_sync(&nn->laundromat_work);
7295 	locks_end_grace(&nn->nfsd4_manager);
7296 
7297 	INIT_LIST_HEAD(&reaplist);
7298 	spin_lock(&state_lock);
7299 	list_for_each_safe(pos, next, &nn->del_recall_lru) {
7300 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
7301 		WARN_ON(!unhash_delegation_locked(dp));
7302 		list_add(&dp->dl_recall_lru, &reaplist);
7303 	}
7304 	spin_unlock(&state_lock);
7305 	list_for_each_safe(pos, next, &reaplist) {
7306 		dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
7307 		list_del_init(&dp->dl_recall_lru);
7308 		destroy_unhashed_deleg(dp);
7309 	}
7310 
7311 	nfsd4_client_tracking_exit(net);
7312 	nfs4_state_destroy_net(net);
7313 }
7314 
7315 void
7316 nfs4_state_shutdown(void)
7317 {
7318 	destroy_workqueue(laundry_wq);
7319 	nfsd4_destroy_callback_queue();
7320 }
7321 
7322 static void
7323 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
7324 {
7325 	if (HAS_STATE_ID(cstate, CURRENT_STATE_ID_FLAG) && CURRENT_STATEID(stateid))
7326 		memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t));
7327 }
7328 
7329 static void
7330 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
7331 {
7332 	if (cstate->minorversion) {
7333 		memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t));
7334 		SET_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
7335 	}
7336 }
7337 
7338 void
7339 clear_current_stateid(struct nfsd4_compound_state *cstate)
7340 {
7341 	CLEAR_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
7342 }
7343 
7344 /*
7345  * functions to set current state id
7346  */
7347 void
7348 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate,
7349 		union nfsd4_op_u *u)
7350 {
7351 	put_stateid(cstate, &u->open_downgrade.od_stateid);
7352 }
7353 
7354 void
7355 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate,
7356 		union nfsd4_op_u *u)
7357 {
7358 	put_stateid(cstate, &u->open.op_stateid);
7359 }
7360 
7361 void
7362 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate,
7363 		union nfsd4_op_u *u)
7364 {
7365 	put_stateid(cstate, &u->close.cl_stateid);
7366 }
7367 
7368 void
7369 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate,
7370 		union nfsd4_op_u *u)
7371 {
7372 	put_stateid(cstate, &u->lock.lk_resp_stateid);
7373 }
7374 
7375 /*
7376  * functions to consume current state id
7377  */
7378 
7379 void
7380 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate,
7381 		union nfsd4_op_u *u)
7382 {
7383 	get_stateid(cstate, &u->open_downgrade.od_stateid);
7384 }
7385 
7386 void
7387 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate,
7388 		union nfsd4_op_u *u)
7389 {
7390 	get_stateid(cstate, &u->delegreturn.dr_stateid);
7391 }
7392 
7393 void
7394 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate,
7395 		union nfsd4_op_u *u)
7396 {
7397 	get_stateid(cstate, &u->free_stateid.fr_stateid);
7398 }
7399 
7400 void
7401 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate,
7402 		union nfsd4_op_u *u)
7403 {
7404 	get_stateid(cstate, &u->setattr.sa_stateid);
7405 }
7406 
7407 void
7408 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate,
7409 		union nfsd4_op_u *u)
7410 {
7411 	get_stateid(cstate, &u->close.cl_stateid);
7412 }
7413 
7414 void
7415 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate,
7416 		union nfsd4_op_u *u)
7417 {
7418 	get_stateid(cstate, &u->locku.lu_stateid);
7419 }
7420 
7421 void
7422 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate,
7423 		union nfsd4_op_u *u)
7424 {
7425 	get_stateid(cstate, &u->read.rd_stateid);
7426 }
7427 
7428 void
7429 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate,
7430 		union nfsd4_op_u *u)
7431 {
7432 	get_stateid(cstate, &u->write.wr_stateid);
7433 }
7434