1 /* 2 * Copyright (c) 2001 The Regents of the University of Michigan. 3 * All rights reserved. 4 * 5 * Kendrick Smith <kmsmith@umich.edu> 6 * Andy Adamson <kandros@umich.edu> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 24 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 */ 34 35 #include <linux/file.h> 36 #include <linux/fs.h> 37 #include <linux/slab.h> 38 #include <linux/namei.h> 39 #include <linux/swap.h> 40 #include <linux/pagemap.h> 41 #include <linux/ratelimit.h> 42 #include <linux/sunrpc/svcauth_gss.h> 43 #include <linux/sunrpc/addr.h> 44 #include <linux/jhash.h> 45 #include "xdr4.h" 46 #include "xdr4cb.h" 47 #include "vfs.h" 48 #include "current_stateid.h" 49 50 #include "netns.h" 51 #include "pnfs.h" 52 53 #define NFSDDBG_FACILITY NFSDDBG_PROC 54 55 #define all_ones {{~0,~0},~0} 56 static const stateid_t one_stateid = { 57 .si_generation = ~0, 58 .si_opaque = all_ones, 59 }; 60 static const stateid_t zero_stateid = { 61 /* all fields zero */ 62 }; 63 static const stateid_t currentstateid = { 64 .si_generation = 1, 65 }; 66 static const stateid_t close_stateid = { 67 .si_generation = 0xffffffffU, 68 }; 69 70 static u64 current_sessionid = 1; 71 72 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t))) 73 #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t))) 74 #define CURRENT_STATEID(stateid) (!memcmp((stateid), ¤tstateid, sizeof(stateid_t))) 75 #define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t))) 76 77 /* forward declarations */ 78 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); 79 static void nfs4_free_ol_stateid(struct nfs4_stid *stid); 80 81 /* Locking: */ 82 83 /* 84 * Currently used for the del_recall_lru and file hash table. In an 85 * effort to decrease the scope of the client_mutex, this spinlock may 86 * eventually cover more: 87 */ 88 static DEFINE_SPINLOCK(state_lock); 89 90 enum nfsd4_st_mutex_lock_subclass { 91 OPEN_STATEID_MUTEX = 0, 92 LOCK_STATEID_MUTEX = 1, 93 }; 94 95 /* 96 * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for 97 * the refcount on the open stateid to drop. 98 */ 99 static DECLARE_WAIT_QUEUE_HEAD(close_wq); 100 101 static struct kmem_cache *client_slab; 102 static struct kmem_cache *openowner_slab; 103 static struct kmem_cache *lockowner_slab; 104 static struct kmem_cache *file_slab; 105 static struct kmem_cache *stateid_slab; 106 static struct kmem_cache *deleg_slab; 107 static struct kmem_cache *odstate_slab; 108 109 static void free_session(struct nfsd4_session *); 110 111 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops; 112 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops; 113 114 static bool is_session_dead(struct nfsd4_session *ses) 115 { 116 return ses->se_flags & NFS4_SESSION_DEAD; 117 } 118 119 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me) 120 { 121 if (atomic_read(&ses->se_ref) > ref_held_by_me) 122 return nfserr_jukebox; 123 ses->se_flags |= NFS4_SESSION_DEAD; 124 return nfs_ok; 125 } 126 127 static bool is_client_expired(struct nfs4_client *clp) 128 { 129 return clp->cl_time == 0; 130 } 131 132 static __be32 get_client_locked(struct nfs4_client *clp) 133 { 134 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 135 136 lockdep_assert_held(&nn->client_lock); 137 138 if (is_client_expired(clp)) 139 return nfserr_expired; 140 atomic_inc(&clp->cl_refcount); 141 return nfs_ok; 142 } 143 144 /* must be called under the client_lock */ 145 static inline void 146 renew_client_locked(struct nfs4_client *clp) 147 { 148 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 149 150 if (is_client_expired(clp)) { 151 WARN_ON(1); 152 printk("%s: client (clientid %08x/%08x) already expired\n", 153 __func__, 154 clp->cl_clientid.cl_boot, 155 clp->cl_clientid.cl_id); 156 return; 157 } 158 159 dprintk("renewing client (clientid %08x/%08x)\n", 160 clp->cl_clientid.cl_boot, 161 clp->cl_clientid.cl_id); 162 list_move_tail(&clp->cl_lru, &nn->client_lru); 163 clp->cl_time = get_seconds(); 164 } 165 166 static void put_client_renew_locked(struct nfs4_client *clp) 167 { 168 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 169 170 lockdep_assert_held(&nn->client_lock); 171 172 if (!atomic_dec_and_test(&clp->cl_refcount)) 173 return; 174 if (!is_client_expired(clp)) 175 renew_client_locked(clp); 176 } 177 178 static void put_client_renew(struct nfs4_client *clp) 179 { 180 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 181 182 if (!atomic_dec_and_lock(&clp->cl_refcount, &nn->client_lock)) 183 return; 184 if (!is_client_expired(clp)) 185 renew_client_locked(clp); 186 spin_unlock(&nn->client_lock); 187 } 188 189 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses) 190 { 191 __be32 status; 192 193 if (is_session_dead(ses)) 194 return nfserr_badsession; 195 status = get_client_locked(ses->se_client); 196 if (status) 197 return status; 198 atomic_inc(&ses->se_ref); 199 return nfs_ok; 200 } 201 202 static void nfsd4_put_session_locked(struct nfsd4_session *ses) 203 { 204 struct nfs4_client *clp = ses->se_client; 205 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 206 207 lockdep_assert_held(&nn->client_lock); 208 209 if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses)) 210 free_session(ses); 211 put_client_renew_locked(clp); 212 } 213 214 static void nfsd4_put_session(struct nfsd4_session *ses) 215 { 216 struct nfs4_client *clp = ses->se_client; 217 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 218 219 spin_lock(&nn->client_lock); 220 nfsd4_put_session_locked(ses); 221 spin_unlock(&nn->client_lock); 222 } 223 224 static struct nfsd4_blocked_lock * 225 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 226 struct nfsd_net *nn) 227 { 228 struct nfsd4_blocked_lock *cur, *found = NULL; 229 230 spin_lock(&nn->blocked_locks_lock); 231 list_for_each_entry(cur, &lo->lo_blocked, nbl_list) { 232 if (fh_match(fh, &cur->nbl_fh)) { 233 list_del_init(&cur->nbl_list); 234 list_del_init(&cur->nbl_lru); 235 found = cur; 236 break; 237 } 238 } 239 spin_unlock(&nn->blocked_locks_lock); 240 if (found) 241 locks_delete_block(&found->nbl_lock); 242 return found; 243 } 244 245 static struct nfsd4_blocked_lock * 246 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 247 struct nfsd_net *nn) 248 { 249 struct nfsd4_blocked_lock *nbl; 250 251 nbl = find_blocked_lock(lo, fh, nn); 252 if (!nbl) { 253 nbl= kmalloc(sizeof(*nbl), GFP_KERNEL); 254 if (nbl) { 255 fh_copy_shallow(&nbl->nbl_fh, fh); 256 locks_init_lock(&nbl->nbl_lock); 257 nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client, 258 &nfsd4_cb_notify_lock_ops, 259 NFSPROC4_CLNT_CB_NOTIFY_LOCK); 260 } 261 } 262 return nbl; 263 } 264 265 static void 266 free_blocked_lock(struct nfsd4_blocked_lock *nbl) 267 { 268 locks_release_private(&nbl->nbl_lock); 269 kfree(nbl); 270 } 271 272 static void 273 remove_blocked_locks(struct nfs4_lockowner *lo) 274 { 275 struct nfs4_client *clp = lo->lo_owner.so_client; 276 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 277 struct nfsd4_blocked_lock *nbl; 278 LIST_HEAD(reaplist); 279 280 /* Dequeue all blocked locks */ 281 spin_lock(&nn->blocked_locks_lock); 282 while (!list_empty(&lo->lo_blocked)) { 283 nbl = list_first_entry(&lo->lo_blocked, 284 struct nfsd4_blocked_lock, 285 nbl_list); 286 list_del_init(&nbl->nbl_list); 287 list_move(&nbl->nbl_lru, &reaplist); 288 } 289 spin_unlock(&nn->blocked_locks_lock); 290 291 /* Now free them */ 292 while (!list_empty(&reaplist)) { 293 nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock, 294 nbl_lru); 295 list_del_init(&nbl->nbl_lru); 296 locks_delete_block(&nbl->nbl_lock); 297 free_blocked_lock(nbl); 298 } 299 } 300 301 static int 302 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) 303 { 304 /* 305 * Since this is just an optimization, we don't try very hard if it 306 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and 307 * just quit trying on anything else. 308 */ 309 switch (task->tk_status) { 310 case -NFS4ERR_DELAY: 311 rpc_delay(task, 1 * HZ); 312 return 0; 313 default: 314 return 1; 315 } 316 } 317 318 static void 319 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb) 320 { 321 struct nfsd4_blocked_lock *nbl = container_of(cb, 322 struct nfsd4_blocked_lock, nbl_cb); 323 324 free_blocked_lock(nbl); 325 } 326 327 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { 328 .done = nfsd4_cb_notify_lock_done, 329 .release = nfsd4_cb_notify_lock_release, 330 }; 331 332 static inline struct nfs4_stateowner * 333 nfs4_get_stateowner(struct nfs4_stateowner *sop) 334 { 335 atomic_inc(&sop->so_count); 336 return sop; 337 } 338 339 static int 340 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner) 341 { 342 return (sop->so_owner.len == owner->len) && 343 0 == memcmp(sop->so_owner.data, owner->data, owner->len); 344 } 345 346 static struct nfs4_openowner * 347 find_openstateowner_str_locked(unsigned int hashval, struct nfsd4_open *open, 348 struct nfs4_client *clp) 349 { 350 struct nfs4_stateowner *so; 351 352 lockdep_assert_held(&clp->cl_lock); 353 354 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval], 355 so_strhash) { 356 if (!so->so_is_open_owner) 357 continue; 358 if (same_owner_str(so, &open->op_owner)) 359 return openowner(nfs4_get_stateowner(so)); 360 } 361 return NULL; 362 } 363 364 static struct nfs4_openowner * 365 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open, 366 struct nfs4_client *clp) 367 { 368 struct nfs4_openowner *oo; 369 370 spin_lock(&clp->cl_lock); 371 oo = find_openstateowner_str_locked(hashval, open, clp); 372 spin_unlock(&clp->cl_lock); 373 return oo; 374 } 375 376 static inline u32 377 opaque_hashval(const void *ptr, int nbytes) 378 { 379 unsigned char *cptr = (unsigned char *) ptr; 380 381 u32 x = 0; 382 while (nbytes--) { 383 x *= 37; 384 x += *cptr++; 385 } 386 return x; 387 } 388 389 static void nfsd4_free_file_rcu(struct rcu_head *rcu) 390 { 391 struct nfs4_file *fp = container_of(rcu, struct nfs4_file, fi_rcu); 392 393 kmem_cache_free(file_slab, fp); 394 } 395 396 void 397 put_nfs4_file(struct nfs4_file *fi) 398 { 399 might_lock(&state_lock); 400 401 if (refcount_dec_and_lock(&fi->fi_ref, &state_lock)) { 402 hlist_del_rcu(&fi->fi_hash); 403 spin_unlock(&state_lock); 404 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate)); 405 WARN_ON_ONCE(!list_empty(&fi->fi_delegations)); 406 call_rcu(&fi->fi_rcu, nfsd4_free_file_rcu); 407 } 408 } 409 410 static struct file * 411 __nfs4_get_fd(struct nfs4_file *f, int oflag) 412 { 413 if (f->fi_fds[oflag]) 414 return get_file(f->fi_fds[oflag]); 415 return NULL; 416 } 417 418 static struct file * 419 find_writeable_file_locked(struct nfs4_file *f) 420 { 421 struct file *ret; 422 423 lockdep_assert_held(&f->fi_lock); 424 425 ret = __nfs4_get_fd(f, O_WRONLY); 426 if (!ret) 427 ret = __nfs4_get_fd(f, O_RDWR); 428 return ret; 429 } 430 431 static struct file * 432 find_writeable_file(struct nfs4_file *f) 433 { 434 struct file *ret; 435 436 spin_lock(&f->fi_lock); 437 ret = find_writeable_file_locked(f); 438 spin_unlock(&f->fi_lock); 439 440 return ret; 441 } 442 443 static struct file *find_readable_file_locked(struct nfs4_file *f) 444 { 445 struct file *ret; 446 447 lockdep_assert_held(&f->fi_lock); 448 449 ret = __nfs4_get_fd(f, O_RDONLY); 450 if (!ret) 451 ret = __nfs4_get_fd(f, O_RDWR); 452 return ret; 453 } 454 455 static struct file * 456 find_readable_file(struct nfs4_file *f) 457 { 458 struct file *ret; 459 460 spin_lock(&f->fi_lock); 461 ret = find_readable_file_locked(f); 462 spin_unlock(&f->fi_lock); 463 464 return ret; 465 } 466 467 struct file * 468 find_any_file(struct nfs4_file *f) 469 { 470 struct file *ret; 471 472 spin_lock(&f->fi_lock); 473 ret = __nfs4_get_fd(f, O_RDWR); 474 if (!ret) { 475 ret = __nfs4_get_fd(f, O_WRONLY); 476 if (!ret) 477 ret = __nfs4_get_fd(f, O_RDONLY); 478 } 479 spin_unlock(&f->fi_lock); 480 return ret; 481 } 482 483 static atomic_long_t num_delegations; 484 unsigned long max_delegations; 485 486 /* 487 * Open owner state (share locks) 488 */ 489 490 /* hash tables for lock and open owners */ 491 #define OWNER_HASH_BITS 8 492 #define OWNER_HASH_SIZE (1 << OWNER_HASH_BITS) 493 #define OWNER_HASH_MASK (OWNER_HASH_SIZE - 1) 494 495 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername) 496 { 497 unsigned int ret; 498 499 ret = opaque_hashval(ownername->data, ownername->len); 500 return ret & OWNER_HASH_MASK; 501 } 502 503 /* hash table for nfs4_file */ 504 #define FILE_HASH_BITS 8 505 #define FILE_HASH_SIZE (1 << FILE_HASH_BITS) 506 507 static unsigned int nfsd_fh_hashval(struct knfsd_fh *fh) 508 { 509 return jhash2(fh->fh_base.fh_pad, XDR_QUADLEN(fh->fh_size), 0); 510 } 511 512 static unsigned int file_hashval(struct knfsd_fh *fh) 513 { 514 return nfsd_fh_hashval(fh) & (FILE_HASH_SIZE - 1); 515 } 516 517 static struct hlist_head file_hashtbl[FILE_HASH_SIZE]; 518 519 static void 520 __nfs4_file_get_access(struct nfs4_file *fp, u32 access) 521 { 522 lockdep_assert_held(&fp->fi_lock); 523 524 if (access & NFS4_SHARE_ACCESS_WRITE) 525 atomic_inc(&fp->fi_access[O_WRONLY]); 526 if (access & NFS4_SHARE_ACCESS_READ) 527 atomic_inc(&fp->fi_access[O_RDONLY]); 528 } 529 530 static __be32 531 nfs4_file_get_access(struct nfs4_file *fp, u32 access) 532 { 533 lockdep_assert_held(&fp->fi_lock); 534 535 /* Does this access mode make sense? */ 536 if (access & ~NFS4_SHARE_ACCESS_BOTH) 537 return nfserr_inval; 538 539 /* Does it conflict with a deny mode already set? */ 540 if ((access & fp->fi_share_deny) != 0) 541 return nfserr_share_denied; 542 543 __nfs4_file_get_access(fp, access); 544 return nfs_ok; 545 } 546 547 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny) 548 { 549 /* Common case is that there is no deny mode. */ 550 if (deny) { 551 /* Does this deny mode make sense? */ 552 if (deny & ~NFS4_SHARE_DENY_BOTH) 553 return nfserr_inval; 554 555 if ((deny & NFS4_SHARE_DENY_READ) && 556 atomic_read(&fp->fi_access[O_RDONLY])) 557 return nfserr_share_denied; 558 559 if ((deny & NFS4_SHARE_DENY_WRITE) && 560 atomic_read(&fp->fi_access[O_WRONLY])) 561 return nfserr_share_denied; 562 } 563 return nfs_ok; 564 } 565 566 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) 567 { 568 might_lock(&fp->fi_lock); 569 570 if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) { 571 struct file *f1 = NULL; 572 struct file *f2 = NULL; 573 574 swap(f1, fp->fi_fds[oflag]); 575 if (atomic_read(&fp->fi_access[1 - oflag]) == 0) 576 swap(f2, fp->fi_fds[O_RDWR]); 577 spin_unlock(&fp->fi_lock); 578 if (f1) 579 fput(f1); 580 if (f2) 581 fput(f2); 582 } 583 } 584 585 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access) 586 { 587 WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH); 588 589 if (access & NFS4_SHARE_ACCESS_WRITE) 590 __nfs4_file_put_access(fp, O_WRONLY); 591 if (access & NFS4_SHARE_ACCESS_READ) 592 __nfs4_file_put_access(fp, O_RDONLY); 593 } 594 595 /* 596 * Allocate a new open/delegation state counter. This is needed for 597 * pNFS for proper return on close semantics. 598 * 599 * Note that we only allocate it for pNFS-enabled exports, otherwise 600 * all pointers to struct nfs4_clnt_odstate are always NULL. 601 */ 602 static struct nfs4_clnt_odstate * 603 alloc_clnt_odstate(struct nfs4_client *clp) 604 { 605 struct nfs4_clnt_odstate *co; 606 607 co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL); 608 if (co) { 609 co->co_client = clp; 610 refcount_set(&co->co_odcount, 1); 611 } 612 return co; 613 } 614 615 static void 616 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co) 617 { 618 struct nfs4_file *fp = co->co_file; 619 620 lockdep_assert_held(&fp->fi_lock); 621 list_add(&co->co_perfile, &fp->fi_clnt_odstate); 622 } 623 624 static inline void 625 get_clnt_odstate(struct nfs4_clnt_odstate *co) 626 { 627 if (co) 628 refcount_inc(&co->co_odcount); 629 } 630 631 static void 632 put_clnt_odstate(struct nfs4_clnt_odstate *co) 633 { 634 struct nfs4_file *fp; 635 636 if (!co) 637 return; 638 639 fp = co->co_file; 640 if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) { 641 list_del(&co->co_perfile); 642 spin_unlock(&fp->fi_lock); 643 644 nfsd4_return_all_file_layouts(co->co_client, fp); 645 kmem_cache_free(odstate_slab, co); 646 } 647 } 648 649 static struct nfs4_clnt_odstate * 650 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new) 651 { 652 struct nfs4_clnt_odstate *co; 653 struct nfs4_client *cl; 654 655 if (!new) 656 return NULL; 657 658 cl = new->co_client; 659 660 spin_lock(&fp->fi_lock); 661 list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) { 662 if (co->co_client == cl) { 663 get_clnt_odstate(co); 664 goto out; 665 } 666 } 667 co = new; 668 co->co_file = fp; 669 hash_clnt_odstate_locked(new); 670 out: 671 spin_unlock(&fp->fi_lock); 672 return co; 673 } 674 675 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab, 676 void (*sc_free)(struct nfs4_stid *)) 677 { 678 struct nfs4_stid *stid; 679 int new_id; 680 681 stid = kmem_cache_zalloc(slab, GFP_KERNEL); 682 if (!stid) 683 return NULL; 684 685 idr_preload(GFP_KERNEL); 686 spin_lock(&cl->cl_lock); 687 new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 0, 0, GFP_NOWAIT); 688 spin_unlock(&cl->cl_lock); 689 idr_preload_end(); 690 if (new_id < 0) 691 goto out_free; 692 693 stid->sc_free = sc_free; 694 stid->sc_client = cl; 695 stid->sc_stateid.si_opaque.so_id = new_id; 696 stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid; 697 /* Will be incremented before return to client: */ 698 refcount_set(&stid->sc_count, 1); 699 spin_lock_init(&stid->sc_lock); 700 701 /* 702 * It shouldn't be a problem to reuse an opaque stateid value. 703 * I don't think it is for 4.1. But with 4.0 I worry that, for 704 * example, a stray write retransmission could be accepted by 705 * the server when it should have been rejected. Therefore, 706 * adopt a trick from the sctp code to attempt to maximize the 707 * amount of time until an id is reused, by ensuring they always 708 * "increase" (mod INT_MAX): 709 */ 710 return stid; 711 out_free: 712 kmem_cache_free(slab, stid); 713 return NULL; 714 } 715 716 /* 717 * Create a unique stateid_t to represent each COPY. 718 */ 719 int nfs4_init_cp_state(struct nfsd_net *nn, struct nfsd4_copy *copy) 720 { 721 int new_id; 722 723 idr_preload(GFP_KERNEL); 724 spin_lock(&nn->s2s_cp_lock); 725 new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, copy, 0, 0, GFP_NOWAIT); 726 spin_unlock(&nn->s2s_cp_lock); 727 idr_preload_end(); 728 if (new_id < 0) 729 return 0; 730 copy->cp_stateid.si_opaque.so_id = new_id; 731 copy->cp_stateid.si_opaque.so_clid.cl_boot = nn->boot_time; 732 copy->cp_stateid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id; 733 return 1; 734 } 735 736 void nfs4_free_cp_state(struct nfsd4_copy *copy) 737 { 738 struct nfsd_net *nn; 739 740 nn = net_generic(copy->cp_clp->net, nfsd_net_id); 741 spin_lock(&nn->s2s_cp_lock); 742 idr_remove(&nn->s2s_cp_stateids, copy->cp_stateid.si_opaque.so_id); 743 spin_unlock(&nn->s2s_cp_lock); 744 } 745 746 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp) 747 { 748 struct nfs4_stid *stid; 749 750 stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid); 751 if (!stid) 752 return NULL; 753 754 return openlockstateid(stid); 755 } 756 757 static void nfs4_free_deleg(struct nfs4_stid *stid) 758 { 759 kmem_cache_free(deleg_slab, stid); 760 atomic_long_dec(&num_delegations); 761 } 762 763 /* 764 * When we recall a delegation, we should be careful not to hand it 765 * out again straight away. 766 * To ensure this we keep a pair of bloom filters ('new' and 'old') 767 * in which the filehandles of recalled delegations are "stored". 768 * If a filehandle appear in either filter, a delegation is blocked. 769 * When a delegation is recalled, the filehandle is stored in the "new" 770 * filter. 771 * Every 30 seconds we swap the filters and clear the "new" one, 772 * unless both are empty of course. 773 * 774 * Each filter is 256 bits. We hash the filehandle to 32bit and use the 775 * low 3 bytes as hash-table indices. 776 * 777 * 'blocked_delegations_lock', which is always taken in block_delegations(), 778 * is used to manage concurrent access. Testing does not need the lock 779 * except when swapping the two filters. 780 */ 781 static DEFINE_SPINLOCK(blocked_delegations_lock); 782 static struct bloom_pair { 783 int entries, old_entries; 784 time_t swap_time; 785 int new; /* index into 'set' */ 786 DECLARE_BITMAP(set[2], 256); 787 } blocked_delegations; 788 789 static int delegation_blocked(struct knfsd_fh *fh) 790 { 791 u32 hash; 792 struct bloom_pair *bd = &blocked_delegations; 793 794 if (bd->entries == 0) 795 return 0; 796 if (seconds_since_boot() - bd->swap_time > 30) { 797 spin_lock(&blocked_delegations_lock); 798 if (seconds_since_boot() - bd->swap_time > 30) { 799 bd->entries -= bd->old_entries; 800 bd->old_entries = bd->entries; 801 memset(bd->set[bd->new], 0, 802 sizeof(bd->set[0])); 803 bd->new = 1-bd->new; 804 bd->swap_time = seconds_since_boot(); 805 } 806 spin_unlock(&blocked_delegations_lock); 807 } 808 hash = jhash(&fh->fh_base, fh->fh_size, 0); 809 if (test_bit(hash&255, bd->set[0]) && 810 test_bit((hash>>8)&255, bd->set[0]) && 811 test_bit((hash>>16)&255, bd->set[0])) 812 return 1; 813 814 if (test_bit(hash&255, bd->set[1]) && 815 test_bit((hash>>8)&255, bd->set[1]) && 816 test_bit((hash>>16)&255, bd->set[1])) 817 return 1; 818 819 return 0; 820 } 821 822 static void block_delegations(struct knfsd_fh *fh) 823 { 824 u32 hash; 825 struct bloom_pair *bd = &blocked_delegations; 826 827 hash = jhash(&fh->fh_base, fh->fh_size, 0); 828 829 spin_lock(&blocked_delegations_lock); 830 __set_bit(hash&255, bd->set[bd->new]); 831 __set_bit((hash>>8)&255, bd->set[bd->new]); 832 __set_bit((hash>>16)&255, bd->set[bd->new]); 833 if (bd->entries == 0) 834 bd->swap_time = seconds_since_boot(); 835 bd->entries += 1; 836 spin_unlock(&blocked_delegations_lock); 837 } 838 839 static struct nfs4_delegation * 840 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp, 841 struct svc_fh *current_fh, 842 struct nfs4_clnt_odstate *odstate) 843 { 844 struct nfs4_delegation *dp; 845 long n; 846 847 dprintk("NFSD alloc_init_deleg\n"); 848 n = atomic_long_inc_return(&num_delegations); 849 if (n < 0 || n > max_delegations) 850 goto out_dec; 851 if (delegation_blocked(¤t_fh->fh_handle)) 852 goto out_dec; 853 dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg)); 854 if (dp == NULL) 855 goto out_dec; 856 857 /* 858 * delegation seqid's are never incremented. The 4.1 special 859 * meaning of seqid 0 isn't meaningful, really, but let's avoid 860 * 0 anyway just for consistency and use 1: 861 */ 862 dp->dl_stid.sc_stateid.si_generation = 1; 863 INIT_LIST_HEAD(&dp->dl_perfile); 864 INIT_LIST_HEAD(&dp->dl_perclnt); 865 INIT_LIST_HEAD(&dp->dl_recall_lru); 866 dp->dl_clnt_odstate = odstate; 867 get_clnt_odstate(odstate); 868 dp->dl_type = NFS4_OPEN_DELEGATE_READ; 869 dp->dl_retries = 1; 870 nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client, 871 &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL); 872 get_nfs4_file(fp); 873 dp->dl_stid.sc_file = fp; 874 return dp; 875 out_dec: 876 atomic_long_dec(&num_delegations); 877 return NULL; 878 } 879 880 void 881 nfs4_put_stid(struct nfs4_stid *s) 882 { 883 struct nfs4_file *fp = s->sc_file; 884 struct nfs4_client *clp = s->sc_client; 885 886 might_lock(&clp->cl_lock); 887 888 if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) { 889 wake_up_all(&close_wq); 890 return; 891 } 892 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 893 spin_unlock(&clp->cl_lock); 894 s->sc_free(s); 895 if (fp) 896 put_nfs4_file(fp); 897 } 898 899 void 900 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid) 901 { 902 stateid_t *src = &stid->sc_stateid; 903 904 spin_lock(&stid->sc_lock); 905 if (unlikely(++src->si_generation == 0)) 906 src->si_generation = 1; 907 memcpy(dst, src, sizeof(*dst)); 908 spin_unlock(&stid->sc_lock); 909 } 910 911 static void put_deleg_file(struct nfs4_file *fp) 912 { 913 struct file *filp = NULL; 914 915 spin_lock(&fp->fi_lock); 916 if (--fp->fi_delegees == 0) 917 swap(filp, fp->fi_deleg_file); 918 spin_unlock(&fp->fi_lock); 919 920 if (filp) 921 fput(filp); 922 } 923 924 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp) 925 { 926 struct nfs4_file *fp = dp->dl_stid.sc_file; 927 struct file *filp = fp->fi_deleg_file; 928 929 WARN_ON_ONCE(!fp->fi_delegees); 930 931 vfs_setlease(filp, F_UNLCK, NULL, (void **)&dp); 932 put_deleg_file(fp); 933 } 934 935 static void destroy_unhashed_deleg(struct nfs4_delegation *dp) 936 { 937 put_clnt_odstate(dp->dl_clnt_odstate); 938 nfs4_unlock_deleg_lease(dp); 939 nfs4_put_stid(&dp->dl_stid); 940 } 941 942 void nfs4_unhash_stid(struct nfs4_stid *s) 943 { 944 s->sc_type = 0; 945 } 946 947 /** 948 * nfs4_delegation_exists - Discover if this delegation already exists 949 * @clp: a pointer to the nfs4_client we're granting a delegation to 950 * @fp: a pointer to the nfs4_file we're granting a delegation on 951 * 952 * Return: 953 * On success: true iff an existing delegation is found 954 */ 955 956 static bool 957 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp) 958 { 959 struct nfs4_delegation *searchdp = NULL; 960 struct nfs4_client *searchclp = NULL; 961 962 lockdep_assert_held(&state_lock); 963 lockdep_assert_held(&fp->fi_lock); 964 965 list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) { 966 searchclp = searchdp->dl_stid.sc_client; 967 if (clp == searchclp) { 968 return true; 969 } 970 } 971 return false; 972 } 973 974 /** 975 * hash_delegation_locked - Add a delegation to the appropriate lists 976 * @dp: a pointer to the nfs4_delegation we are adding. 977 * @fp: a pointer to the nfs4_file we're granting a delegation on 978 * 979 * Return: 980 * On success: NULL if the delegation was successfully hashed. 981 * 982 * On error: -EAGAIN if one was previously granted to this 983 * nfs4_client for this nfs4_file. Delegation is not hashed. 984 * 985 */ 986 987 static int 988 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp) 989 { 990 struct nfs4_client *clp = dp->dl_stid.sc_client; 991 992 lockdep_assert_held(&state_lock); 993 lockdep_assert_held(&fp->fi_lock); 994 995 if (nfs4_delegation_exists(clp, fp)) 996 return -EAGAIN; 997 refcount_inc(&dp->dl_stid.sc_count); 998 dp->dl_stid.sc_type = NFS4_DELEG_STID; 999 list_add(&dp->dl_perfile, &fp->fi_delegations); 1000 list_add(&dp->dl_perclnt, &clp->cl_delegations); 1001 return 0; 1002 } 1003 1004 static bool 1005 unhash_delegation_locked(struct nfs4_delegation *dp) 1006 { 1007 struct nfs4_file *fp = dp->dl_stid.sc_file; 1008 1009 lockdep_assert_held(&state_lock); 1010 1011 if (list_empty(&dp->dl_perfile)) 1012 return false; 1013 1014 dp->dl_stid.sc_type = NFS4_CLOSED_DELEG_STID; 1015 /* Ensure that deleg break won't try to requeue it */ 1016 ++dp->dl_time; 1017 spin_lock(&fp->fi_lock); 1018 list_del_init(&dp->dl_perclnt); 1019 list_del_init(&dp->dl_recall_lru); 1020 list_del_init(&dp->dl_perfile); 1021 spin_unlock(&fp->fi_lock); 1022 return true; 1023 } 1024 1025 static void destroy_delegation(struct nfs4_delegation *dp) 1026 { 1027 bool unhashed; 1028 1029 spin_lock(&state_lock); 1030 unhashed = unhash_delegation_locked(dp); 1031 spin_unlock(&state_lock); 1032 if (unhashed) 1033 destroy_unhashed_deleg(dp); 1034 } 1035 1036 static void revoke_delegation(struct nfs4_delegation *dp) 1037 { 1038 struct nfs4_client *clp = dp->dl_stid.sc_client; 1039 1040 WARN_ON(!list_empty(&dp->dl_recall_lru)); 1041 1042 if (clp->cl_minorversion) { 1043 dp->dl_stid.sc_type = NFS4_REVOKED_DELEG_STID; 1044 refcount_inc(&dp->dl_stid.sc_count); 1045 spin_lock(&clp->cl_lock); 1046 list_add(&dp->dl_recall_lru, &clp->cl_revoked); 1047 spin_unlock(&clp->cl_lock); 1048 } 1049 destroy_unhashed_deleg(dp); 1050 } 1051 1052 /* 1053 * SETCLIENTID state 1054 */ 1055 1056 static unsigned int clientid_hashval(u32 id) 1057 { 1058 return id & CLIENT_HASH_MASK; 1059 } 1060 1061 static unsigned int clientstr_hashval(const char *name) 1062 { 1063 return opaque_hashval(name, 8) & CLIENT_HASH_MASK; 1064 } 1065 1066 /* 1067 * We store the NONE, READ, WRITE, and BOTH bits separately in the 1068 * st_{access,deny}_bmap field of the stateid, in order to track not 1069 * only what share bits are currently in force, but also what 1070 * combinations of share bits previous opens have used. This allows us 1071 * to enforce the recommendation of rfc 3530 14.2.19 that the server 1072 * return an error if the client attempt to downgrade to a combination 1073 * of share bits not explicable by closing some of its previous opens. 1074 * 1075 * XXX: This enforcement is actually incomplete, since we don't keep 1076 * track of access/deny bit combinations; so, e.g., we allow: 1077 * 1078 * OPEN allow read, deny write 1079 * OPEN allow both, deny none 1080 * DOWNGRADE allow read, deny none 1081 * 1082 * which we should reject. 1083 */ 1084 static unsigned int 1085 bmap_to_share_mode(unsigned long bmap) { 1086 int i; 1087 unsigned int access = 0; 1088 1089 for (i = 1; i < 4; i++) { 1090 if (test_bit(i, &bmap)) 1091 access |= i; 1092 } 1093 return access; 1094 } 1095 1096 /* set share access for a given stateid */ 1097 static inline void 1098 set_access(u32 access, struct nfs4_ol_stateid *stp) 1099 { 1100 unsigned char mask = 1 << access; 1101 1102 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 1103 stp->st_access_bmap |= mask; 1104 } 1105 1106 /* clear share access for a given stateid */ 1107 static inline void 1108 clear_access(u32 access, struct nfs4_ol_stateid *stp) 1109 { 1110 unsigned char mask = 1 << access; 1111 1112 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 1113 stp->st_access_bmap &= ~mask; 1114 } 1115 1116 /* test whether a given stateid has access */ 1117 static inline bool 1118 test_access(u32 access, struct nfs4_ol_stateid *stp) 1119 { 1120 unsigned char mask = 1 << access; 1121 1122 return (bool)(stp->st_access_bmap & mask); 1123 } 1124 1125 /* set share deny for a given stateid */ 1126 static inline void 1127 set_deny(u32 deny, struct nfs4_ol_stateid *stp) 1128 { 1129 unsigned char mask = 1 << deny; 1130 1131 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 1132 stp->st_deny_bmap |= mask; 1133 } 1134 1135 /* clear share deny for a given stateid */ 1136 static inline void 1137 clear_deny(u32 deny, struct nfs4_ol_stateid *stp) 1138 { 1139 unsigned char mask = 1 << deny; 1140 1141 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 1142 stp->st_deny_bmap &= ~mask; 1143 } 1144 1145 /* test whether a given stateid is denying specific access */ 1146 static inline bool 1147 test_deny(u32 deny, struct nfs4_ol_stateid *stp) 1148 { 1149 unsigned char mask = 1 << deny; 1150 1151 return (bool)(stp->st_deny_bmap & mask); 1152 } 1153 1154 static int nfs4_access_to_omode(u32 access) 1155 { 1156 switch (access & NFS4_SHARE_ACCESS_BOTH) { 1157 case NFS4_SHARE_ACCESS_READ: 1158 return O_RDONLY; 1159 case NFS4_SHARE_ACCESS_WRITE: 1160 return O_WRONLY; 1161 case NFS4_SHARE_ACCESS_BOTH: 1162 return O_RDWR; 1163 } 1164 WARN_ON_ONCE(1); 1165 return O_RDONLY; 1166 } 1167 1168 /* 1169 * A stateid that had a deny mode associated with it is being released 1170 * or downgraded. Recalculate the deny mode on the file. 1171 */ 1172 static void 1173 recalculate_deny_mode(struct nfs4_file *fp) 1174 { 1175 struct nfs4_ol_stateid *stp; 1176 1177 spin_lock(&fp->fi_lock); 1178 fp->fi_share_deny = 0; 1179 list_for_each_entry(stp, &fp->fi_stateids, st_perfile) 1180 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap); 1181 spin_unlock(&fp->fi_lock); 1182 } 1183 1184 static void 1185 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp) 1186 { 1187 int i; 1188 bool change = false; 1189 1190 for (i = 1; i < 4; i++) { 1191 if ((i & deny) != i) { 1192 change = true; 1193 clear_deny(i, stp); 1194 } 1195 } 1196 1197 /* Recalculate per-file deny mode if there was a change */ 1198 if (change) 1199 recalculate_deny_mode(stp->st_stid.sc_file); 1200 } 1201 1202 /* release all access and file references for a given stateid */ 1203 static void 1204 release_all_access(struct nfs4_ol_stateid *stp) 1205 { 1206 int i; 1207 struct nfs4_file *fp = stp->st_stid.sc_file; 1208 1209 if (fp && stp->st_deny_bmap != 0) 1210 recalculate_deny_mode(fp); 1211 1212 for (i = 1; i < 4; i++) { 1213 if (test_access(i, stp)) 1214 nfs4_file_put_access(stp->st_stid.sc_file, i); 1215 clear_access(i, stp); 1216 } 1217 } 1218 1219 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop) 1220 { 1221 kfree(sop->so_owner.data); 1222 sop->so_ops->so_free(sop); 1223 } 1224 1225 static void nfs4_put_stateowner(struct nfs4_stateowner *sop) 1226 { 1227 struct nfs4_client *clp = sop->so_client; 1228 1229 might_lock(&clp->cl_lock); 1230 1231 if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock)) 1232 return; 1233 sop->so_ops->so_unhash(sop); 1234 spin_unlock(&clp->cl_lock); 1235 nfs4_free_stateowner(sop); 1236 } 1237 1238 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp) 1239 { 1240 struct nfs4_file *fp = stp->st_stid.sc_file; 1241 1242 lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock); 1243 1244 if (list_empty(&stp->st_perfile)) 1245 return false; 1246 1247 spin_lock(&fp->fi_lock); 1248 list_del_init(&stp->st_perfile); 1249 spin_unlock(&fp->fi_lock); 1250 list_del(&stp->st_perstateowner); 1251 return true; 1252 } 1253 1254 static void nfs4_free_ol_stateid(struct nfs4_stid *stid) 1255 { 1256 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1257 1258 put_clnt_odstate(stp->st_clnt_odstate); 1259 release_all_access(stp); 1260 if (stp->st_stateowner) 1261 nfs4_put_stateowner(stp->st_stateowner); 1262 kmem_cache_free(stateid_slab, stid); 1263 } 1264 1265 static void nfs4_free_lock_stateid(struct nfs4_stid *stid) 1266 { 1267 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1268 struct nfs4_lockowner *lo = lockowner(stp->st_stateowner); 1269 struct file *file; 1270 1271 file = find_any_file(stp->st_stid.sc_file); 1272 if (file) 1273 filp_close(file, (fl_owner_t)lo); 1274 nfs4_free_ol_stateid(stid); 1275 } 1276 1277 /* 1278 * Put the persistent reference to an already unhashed generic stateid, while 1279 * holding the cl_lock. If it's the last reference, then put it onto the 1280 * reaplist for later destruction. 1281 */ 1282 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp, 1283 struct list_head *reaplist) 1284 { 1285 struct nfs4_stid *s = &stp->st_stid; 1286 struct nfs4_client *clp = s->sc_client; 1287 1288 lockdep_assert_held(&clp->cl_lock); 1289 1290 WARN_ON_ONCE(!list_empty(&stp->st_locks)); 1291 1292 if (!refcount_dec_and_test(&s->sc_count)) { 1293 wake_up_all(&close_wq); 1294 return; 1295 } 1296 1297 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1298 list_add(&stp->st_locks, reaplist); 1299 } 1300 1301 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp) 1302 { 1303 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1304 1305 list_del_init(&stp->st_locks); 1306 nfs4_unhash_stid(&stp->st_stid); 1307 return unhash_ol_stateid(stp); 1308 } 1309 1310 static void release_lock_stateid(struct nfs4_ol_stateid *stp) 1311 { 1312 struct nfs4_client *clp = stp->st_stid.sc_client; 1313 bool unhashed; 1314 1315 spin_lock(&clp->cl_lock); 1316 unhashed = unhash_lock_stateid(stp); 1317 spin_unlock(&clp->cl_lock); 1318 if (unhashed) 1319 nfs4_put_stid(&stp->st_stid); 1320 } 1321 1322 static void unhash_lockowner_locked(struct nfs4_lockowner *lo) 1323 { 1324 struct nfs4_client *clp = lo->lo_owner.so_client; 1325 1326 lockdep_assert_held(&clp->cl_lock); 1327 1328 list_del_init(&lo->lo_owner.so_strhash); 1329 } 1330 1331 /* 1332 * Free a list of generic stateids that were collected earlier after being 1333 * fully unhashed. 1334 */ 1335 static void 1336 free_ol_stateid_reaplist(struct list_head *reaplist) 1337 { 1338 struct nfs4_ol_stateid *stp; 1339 struct nfs4_file *fp; 1340 1341 might_sleep(); 1342 1343 while (!list_empty(reaplist)) { 1344 stp = list_first_entry(reaplist, struct nfs4_ol_stateid, 1345 st_locks); 1346 list_del(&stp->st_locks); 1347 fp = stp->st_stid.sc_file; 1348 stp->st_stid.sc_free(&stp->st_stid); 1349 if (fp) 1350 put_nfs4_file(fp); 1351 } 1352 } 1353 1354 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp, 1355 struct list_head *reaplist) 1356 { 1357 struct nfs4_ol_stateid *stp; 1358 1359 lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock); 1360 1361 while (!list_empty(&open_stp->st_locks)) { 1362 stp = list_entry(open_stp->st_locks.next, 1363 struct nfs4_ol_stateid, st_locks); 1364 WARN_ON(!unhash_lock_stateid(stp)); 1365 put_ol_stateid_locked(stp, reaplist); 1366 } 1367 } 1368 1369 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp, 1370 struct list_head *reaplist) 1371 { 1372 bool unhashed; 1373 1374 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1375 1376 unhashed = unhash_ol_stateid(stp); 1377 release_open_stateid_locks(stp, reaplist); 1378 return unhashed; 1379 } 1380 1381 static void release_open_stateid(struct nfs4_ol_stateid *stp) 1382 { 1383 LIST_HEAD(reaplist); 1384 1385 spin_lock(&stp->st_stid.sc_client->cl_lock); 1386 if (unhash_open_stateid(stp, &reaplist)) 1387 put_ol_stateid_locked(stp, &reaplist); 1388 spin_unlock(&stp->st_stid.sc_client->cl_lock); 1389 free_ol_stateid_reaplist(&reaplist); 1390 } 1391 1392 static void unhash_openowner_locked(struct nfs4_openowner *oo) 1393 { 1394 struct nfs4_client *clp = oo->oo_owner.so_client; 1395 1396 lockdep_assert_held(&clp->cl_lock); 1397 1398 list_del_init(&oo->oo_owner.so_strhash); 1399 list_del_init(&oo->oo_perclient); 1400 } 1401 1402 static void release_last_closed_stateid(struct nfs4_openowner *oo) 1403 { 1404 struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net, 1405 nfsd_net_id); 1406 struct nfs4_ol_stateid *s; 1407 1408 spin_lock(&nn->client_lock); 1409 s = oo->oo_last_closed_stid; 1410 if (s) { 1411 list_del_init(&oo->oo_close_lru); 1412 oo->oo_last_closed_stid = NULL; 1413 } 1414 spin_unlock(&nn->client_lock); 1415 if (s) 1416 nfs4_put_stid(&s->st_stid); 1417 } 1418 1419 static void release_openowner(struct nfs4_openowner *oo) 1420 { 1421 struct nfs4_ol_stateid *stp; 1422 struct nfs4_client *clp = oo->oo_owner.so_client; 1423 struct list_head reaplist; 1424 1425 INIT_LIST_HEAD(&reaplist); 1426 1427 spin_lock(&clp->cl_lock); 1428 unhash_openowner_locked(oo); 1429 while (!list_empty(&oo->oo_owner.so_stateids)) { 1430 stp = list_first_entry(&oo->oo_owner.so_stateids, 1431 struct nfs4_ol_stateid, st_perstateowner); 1432 if (unhash_open_stateid(stp, &reaplist)) 1433 put_ol_stateid_locked(stp, &reaplist); 1434 } 1435 spin_unlock(&clp->cl_lock); 1436 free_ol_stateid_reaplist(&reaplist); 1437 release_last_closed_stateid(oo); 1438 nfs4_put_stateowner(&oo->oo_owner); 1439 } 1440 1441 static inline int 1442 hash_sessionid(struct nfs4_sessionid *sessionid) 1443 { 1444 struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid; 1445 1446 return sid->sequence % SESSION_HASH_SIZE; 1447 } 1448 1449 #ifdef CONFIG_SUNRPC_DEBUG 1450 static inline void 1451 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1452 { 1453 u32 *ptr = (u32 *)(&sessionid->data[0]); 1454 dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]); 1455 } 1456 #else 1457 static inline void 1458 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1459 { 1460 } 1461 #endif 1462 1463 /* 1464 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it 1465 * won't be used for replay. 1466 */ 1467 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr) 1468 { 1469 struct nfs4_stateowner *so = cstate->replay_owner; 1470 1471 if (nfserr == nfserr_replay_me) 1472 return; 1473 1474 if (!seqid_mutating_err(ntohl(nfserr))) { 1475 nfsd4_cstate_clear_replay(cstate); 1476 return; 1477 } 1478 if (!so) 1479 return; 1480 if (so->so_is_open_owner) 1481 release_last_closed_stateid(openowner(so)); 1482 so->so_seqid++; 1483 return; 1484 } 1485 1486 static void 1487 gen_sessionid(struct nfsd4_session *ses) 1488 { 1489 struct nfs4_client *clp = ses->se_client; 1490 struct nfsd4_sessionid *sid; 1491 1492 sid = (struct nfsd4_sessionid *)ses->se_sessionid.data; 1493 sid->clientid = clp->cl_clientid; 1494 sid->sequence = current_sessionid++; 1495 sid->reserved = 0; 1496 } 1497 1498 /* 1499 * The protocol defines ca_maxresponssize_cached to include the size of 1500 * the rpc header, but all we need to cache is the data starting after 1501 * the end of the initial SEQUENCE operation--the rest we regenerate 1502 * each time. Therefore we can advertise a ca_maxresponssize_cached 1503 * value that is the number of bytes in our cache plus a few additional 1504 * bytes. In order to stay on the safe side, and not promise more than 1505 * we can cache, those additional bytes must be the minimum possible: 24 1506 * bytes of rpc header (xid through accept state, with AUTH_NULL 1507 * verifier), 12 for the compound header (with zero-length tag), and 44 1508 * for the SEQUENCE op response: 1509 */ 1510 #define NFSD_MIN_HDR_SEQ_SZ (24 + 12 + 44) 1511 1512 static void 1513 free_session_slots(struct nfsd4_session *ses) 1514 { 1515 int i; 1516 1517 for (i = 0; i < ses->se_fchannel.maxreqs; i++) { 1518 free_svc_cred(&ses->se_slots[i]->sl_cred); 1519 kfree(ses->se_slots[i]); 1520 } 1521 } 1522 1523 /* 1524 * We don't actually need to cache the rpc and session headers, so we 1525 * can allocate a little less for each slot: 1526 */ 1527 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca) 1528 { 1529 u32 size; 1530 1531 if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ) 1532 size = 0; 1533 else 1534 size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ; 1535 return size + sizeof(struct nfsd4_slot); 1536 } 1537 1538 /* 1539 * XXX: If we run out of reserved DRC memory we could (up to a point) 1540 * re-negotiate active sessions and reduce their slot usage to make 1541 * room for new connections. For now we just fail the create session. 1542 */ 1543 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca) 1544 { 1545 u32 slotsize = slot_bytes(ca); 1546 u32 num = ca->maxreqs; 1547 int avail; 1548 1549 spin_lock(&nfsd_drc_lock); 1550 avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION, 1551 nfsd_drc_max_mem - nfsd_drc_mem_used); 1552 /* 1553 * Never use more than a third of the remaining memory, 1554 * unless it's the only way to give this client a slot: 1555 */ 1556 avail = clamp_t(int, avail, slotsize, avail/3); 1557 num = min_t(int, num, avail / slotsize); 1558 nfsd_drc_mem_used += num * slotsize; 1559 spin_unlock(&nfsd_drc_lock); 1560 1561 return num; 1562 } 1563 1564 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca) 1565 { 1566 int slotsize = slot_bytes(ca); 1567 1568 spin_lock(&nfsd_drc_lock); 1569 nfsd_drc_mem_used -= slotsize * ca->maxreqs; 1570 spin_unlock(&nfsd_drc_lock); 1571 } 1572 1573 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs, 1574 struct nfsd4_channel_attrs *battrs) 1575 { 1576 int numslots = fattrs->maxreqs; 1577 int slotsize = slot_bytes(fattrs); 1578 struct nfsd4_session *new; 1579 int mem, i; 1580 1581 BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *) 1582 + sizeof(struct nfsd4_session) > PAGE_SIZE); 1583 mem = numslots * sizeof(struct nfsd4_slot *); 1584 1585 new = kzalloc(sizeof(*new) + mem, GFP_KERNEL); 1586 if (!new) 1587 return NULL; 1588 /* allocate each struct nfsd4_slot and data cache in one piece */ 1589 for (i = 0; i < numslots; i++) { 1590 new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL); 1591 if (!new->se_slots[i]) 1592 goto out_free; 1593 } 1594 1595 memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs)); 1596 memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs)); 1597 1598 return new; 1599 out_free: 1600 while (i--) 1601 kfree(new->se_slots[i]); 1602 kfree(new); 1603 return NULL; 1604 } 1605 1606 static void free_conn(struct nfsd4_conn *c) 1607 { 1608 svc_xprt_put(c->cn_xprt); 1609 kfree(c); 1610 } 1611 1612 static void nfsd4_conn_lost(struct svc_xpt_user *u) 1613 { 1614 struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user); 1615 struct nfs4_client *clp = c->cn_session->se_client; 1616 1617 spin_lock(&clp->cl_lock); 1618 if (!list_empty(&c->cn_persession)) { 1619 list_del(&c->cn_persession); 1620 free_conn(c); 1621 } 1622 nfsd4_probe_callback(clp); 1623 spin_unlock(&clp->cl_lock); 1624 } 1625 1626 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags) 1627 { 1628 struct nfsd4_conn *conn; 1629 1630 conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL); 1631 if (!conn) 1632 return NULL; 1633 svc_xprt_get(rqstp->rq_xprt); 1634 conn->cn_xprt = rqstp->rq_xprt; 1635 conn->cn_flags = flags; 1636 INIT_LIST_HEAD(&conn->cn_xpt_user.list); 1637 return conn; 1638 } 1639 1640 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 1641 { 1642 conn->cn_session = ses; 1643 list_add(&conn->cn_persession, &ses->se_conns); 1644 } 1645 1646 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 1647 { 1648 struct nfs4_client *clp = ses->se_client; 1649 1650 spin_lock(&clp->cl_lock); 1651 __nfsd4_hash_conn(conn, ses); 1652 spin_unlock(&clp->cl_lock); 1653 } 1654 1655 static int nfsd4_register_conn(struct nfsd4_conn *conn) 1656 { 1657 conn->cn_xpt_user.callback = nfsd4_conn_lost; 1658 return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user); 1659 } 1660 1661 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses) 1662 { 1663 int ret; 1664 1665 nfsd4_hash_conn(conn, ses); 1666 ret = nfsd4_register_conn(conn); 1667 if (ret) 1668 /* oops; xprt is already down: */ 1669 nfsd4_conn_lost(&conn->cn_xpt_user); 1670 /* We may have gained or lost a callback channel: */ 1671 nfsd4_probe_callback_sync(ses->se_client); 1672 } 1673 1674 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses) 1675 { 1676 u32 dir = NFS4_CDFC4_FORE; 1677 1678 if (cses->flags & SESSION4_BACK_CHAN) 1679 dir |= NFS4_CDFC4_BACK; 1680 return alloc_conn(rqstp, dir); 1681 } 1682 1683 /* must be called under client_lock */ 1684 static void nfsd4_del_conns(struct nfsd4_session *s) 1685 { 1686 struct nfs4_client *clp = s->se_client; 1687 struct nfsd4_conn *c; 1688 1689 spin_lock(&clp->cl_lock); 1690 while (!list_empty(&s->se_conns)) { 1691 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession); 1692 list_del_init(&c->cn_persession); 1693 spin_unlock(&clp->cl_lock); 1694 1695 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user); 1696 free_conn(c); 1697 1698 spin_lock(&clp->cl_lock); 1699 } 1700 spin_unlock(&clp->cl_lock); 1701 } 1702 1703 static void __free_session(struct nfsd4_session *ses) 1704 { 1705 free_session_slots(ses); 1706 kfree(ses); 1707 } 1708 1709 static void free_session(struct nfsd4_session *ses) 1710 { 1711 nfsd4_del_conns(ses); 1712 nfsd4_put_drc_mem(&ses->se_fchannel); 1713 __free_session(ses); 1714 } 1715 1716 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses) 1717 { 1718 int idx; 1719 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 1720 1721 new->se_client = clp; 1722 gen_sessionid(new); 1723 1724 INIT_LIST_HEAD(&new->se_conns); 1725 1726 new->se_cb_seq_nr = 1; 1727 new->se_flags = cses->flags; 1728 new->se_cb_prog = cses->callback_prog; 1729 new->se_cb_sec = cses->cb_sec; 1730 atomic_set(&new->se_ref, 0); 1731 idx = hash_sessionid(&new->se_sessionid); 1732 list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]); 1733 spin_lock(&clp->cl_lock); 1734 list_add(&new->se_perclnt, &clp->cl_sessions); 1735 spin_unlock(&clp->cl_lock); 1736 1737 { 1738 struct sockaddr *sa = svc_addr(rqstp); 1739 /* 1740 * This is a little silly; with sessions there's no real 1741 * use for the callback address. Use the peer address 1742 * as a reasonable default for now, but consider fixing 1743 * the rpc client not to require an address in the 1744 * future: 1745 */ 1746 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa); 1747 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa); 1748 } 1749 } 1750 1751 /* caller must hold client_lock */ 1752 static struct nfsd4_session * 1753 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net) 1754 { 1755 struct nfsd4_session *elem; 1756 int idx; 1757 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 1758 1759 lockdep_assert_held(&nn->client_lock); 1760 1761 dump_sessionid(__func__, sessionid); 1762 idx = hash_sessionid(sessionid); 1763 /* Search in the appropriate list */ 1764 list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) { 1765 if (!memcmp(elem->se_sessionid.data, sessionid->data, 1766 NFS4_MAX_SESSIONID_LEN)) { 1767 return elem; 1768 } 1769 } 1770 1771 dprintk("%s: session not found\n", __func__); 1772 return NULL; 1773 } 1774 1775 static struct nfsd4_session * 1776 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net, 1777 __be32 *ret) 1778 { 1779 struct nfsd4_session *session; 1780 __be32 status = nfserr_badsession; 1781 1782 session = __find_in_sessionid_hashtbl(sessionid, net); 1783 if (!session) 1784 goto out; 1785 status = nfsd4_get_session_locked(session); 1786 if (status) 1787 session = NULL; 1788 out: 1789 *ret = status; 1790 return session; 1791 } 1792 1793 /* caller must hold client_lock */ 1794 static void 1795 unhash_session(struct nfsd4_session *ses) 1796 { 1797 struct nfs4_client *clp = ses->se_client; 1798 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 1799 1800 lockdep_assert_held(&nn->client_lock); 1801 1802 list_del(&ses->se_hash); 1803 spin_lock(&ses->se_client->cl_lock); 1804 list_del(&ses->se_perclnt); 1805 spin_unlock(&ses->se_client->cl_lock); 1806 } 1807 1808 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */ 1809 static int 1810 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn) 1811 { 1812 /* 1813 * We're assuming the clid was not given out from a boot 1814 * precisely 2^32 (about 136 years) before this one. That seems 1815 * a safe assumption: 1816 */ 1817 if (clid->cl_boot == (u32)nn->boot_time) 1818 return 0; 1819 dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n", 1820 clid->cl_boot, clid->cl_id, nn->boot_time); 1821 return 1; 1822 } 1823 1824 /* 1825 * XXX Should we use a slab cache ? 1826 * This type of memory management is somewhat inefficient, but we use it 1827 * anyway since SETCLIENTID is not a common operation. 1828 */ 1829 static struct nfs4_client *alloc_client(struct xdr_netobj name) 1830 { 1831 struct nfs4_client *clp; 1832 int i; 1833 1834 clp = kmem_cache_zalloc(client_slab, GFP_KERNEL); 1835 if (clp == NULL) 1836 return NULL; 1837 clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL); 1838 if (clp->cl_name.data == NULL) 1839 goto err_no_name; 1840 clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE, 1841 sizeof(struct list_head), 1842 GFP_KERNEL); 1843 if (!clp->cl_ownerstr_hashtbl) 1844 goto err_no_hashtbl; 1845 for (i = 0; i < OWNER_HASH_SIZE; i++) 1846 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]); 1847 clp->cl_name.len = name.len; 1848 INIT_LIST_HEAD(&clp->cl_sessions); 1849 idr_init(&clp->cl_stateids); 1850 atomic_set(&clp->cl_refcount, 0); 1851 clp->cl_cb_state = NFSD4_CB_UNKNOWN; 1852 INIT_LIST_HEAD(&clp->cl_idhash); 1853 INIT_LIST_HEAD(&clp->cl_openowners); 1854 INIT_LIST_HEAD(&clp->cl_delegations); 1855 INIT_LIST_HEAD(&clp->cl_lru); 1856 INIT_LIST_HEAD(&clp->cl_revoked); 1857 #ifdef CONFIG_NFSD_PNFS 1858 INIT_LIST_HEAD(&clp->cl_lo_states); 1859 #endif 1860 INIT_LIST_HEAD(&clp->async_copies); 1861 spin_lock_init(&clp->async_lock); 1862 spin_lock_init(&clp->cl_lock); 1863 rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table"); 1864 return clp; 1865 err_no_hashtbl: 1866 kfree(clp->cl_name.data); 1867 err_no_name: 1868 kmem_cache_free(client_slab, clp); 1869 return NULL; 1870 } 1871 1872 static void 1873 free_client(struct nfs4_client *clp) 1874 { 1875 while (!list_empty(&clp->cl_sessions)) { 1876 struct nfsd4_session *ses; 1877 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session, 1878 se_perclnt); 1879 list_del(&ses->se_perclnt); 1880 WARN_ON_ONCE(atomic_read(&ses->se_ref)); 1881 free_session(ses); 1882 } 1883 rpc_destroy_wait_queue(&clp->cl_cb_waitq); 1884 free_svc_cred(&clp->cl_cred); 1885 kfree(clp->cl_ownerstr_hashtbl); 1886 kfree(clp->cl_name.data); 1887 idr_destroy(&clp->cl_stateids); 1888 kmem_cache_free(client_slab, clp); 1889 } 1890 1891 /* must be called under the client_lock */ 1892 static void 1893 unhash_client_locked(struct nfs4_client *clp) 1894 { 1895 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 1896 struct nfsd4_session *ses; 1897 1898 lockdep_assert_held(&nn->client_lock); 1899 1900 /* Mark the client as expired! */ 1901 clp->cl_time = 0; 1902 /* Make it invisible */ 1903 if (!list_empty(&clp->cl_idhash)) { 1904 list_del_init(&clp->cl_idhash); 1905 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 1906 rb_erase(&clp->cl_namenode, &nn->conf_name_tree); 1907 else 1908 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 1909 } 1910 list_del_init(&clp->cl_lru); 1911 spin_lock(&clp->cl_lock); 1912 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) 1913 list_del_init(&ses->se_hash); 1914 spin_unlock(&clp->cl_lock); 1915 } 1916 1917 static void 1918 unhash_client(struct nfs4_client *clp) 1919 { 1920 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 1921 1922 spin_lock(&nn->client_lock); 1923 unhash_client_locked(clp); 1924 spin_unlock(&nn->client_lock); 1925 } 1926 1927 static __be32 mark_client_expired_locked(struct nfs4_client *clp) 1928 { 1929 if (atomic_read(&clp->cl_refcount)) 1930 return nfserr_jukebox; 1931 unhash_client_locked(clp); 1932 return nfs_ok; 1933 } 1934 1935 static void 1936 __destroy_client(struct nfs4_client *clp) 1937 { 1938 int i; 1939 struct nfs4_openowner *oo; 1940 struct nfs4_delegation *dp; 1941 struct list_head reaplist; 1942 1943 INIT_LIST_HEAD(&reaplist); 1944 spin_lock(&state_lock); 1945 while (!list_empty(&clp->cl_delegations)) { 1946 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt); 1947 WARN_ON(!unhash_delegation_locked(dp)); 1948 list_add(&dp->dl_recall_lru, &reaplist); 1949 } 1950 spin_unlock(&state_lock); 1951 while (!list_empty(&reaplist)) { 1952 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru); 1953 list_del_init(&dp->dl_recall_lru); 1954 destroy_unhashed_deleg(dp); 1955 } 1956 while (!list_empty(&clp->cl_revoked)) { 1957 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru); 1958 list_del_init(&dp->dl_recall_lru); 1959 nfs4_put_stid(&dp->dl_stid); 1960 } 1961 while (!list_empty(&clp->cl_openowners)) { 1962 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient); 1963 nfs4_get_stateowner(&oo->oo_owner); 1964 release_openowner(oo); 1965 } 1966 for (i = 0; i < OWNER_HASH_SIZE; i++) { 1967 struct nfs4_stateowner *so, *tmp; 1968 1969 list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i], 1970 so_strhash) { 1971 /* Should be no openowners at this point */ 1972 WARN_ON_ONCE(so->so_is_open_owner); 1973 remove_blocked_locks(lockowner(so)); 1974 } 1975 } 1976 nfsd4_return_all_client_layouts(clp); 1977 nfsd4_shutdown_copy(clp); 1978 nfsd4_shutdown_callback(clp); 1979 if (clp->cl_cb_conn.cb_xprt) 1980 svc_xprt_put(clp->cl_cb_conn.cb_xprt); 1981 free_client(clp); 1982 } 1983 1984 static void 1985 destroy_client(struct nfs4_client *clp) 1986 { 1987 unhash_client(clp); 1988 __destroy_client(clp); 1989 } 1990 1991 static void expire_client(struct nfs4_client *clp) 1992 { 1993 unhash_client(clp); 1994 nfsd4_client_record_remove(clp); 1995 __destroy_client(clp); 1996 } 1997 1998 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source) 1999 { 2000 memcpy(target->cl_verifier.data, source->data, 2001 sizeof(target->cl_verifier.data)); 2002 } 2003 2004 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source) 2005 { 2006 target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 2007 target->cl_clientid.cl_id = source->cl_clientid.cl_id; 2008 } 2009 2010 static int copy_cred(struct svc_cred *target, struct svc_cred *source) 2011 { 2012 target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL); 2013 target->cr_raw_principal = kstrdup(source->cr_raw_principal, 2014 GFP_KERNEL); 2015 target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL); 2016 if ((source->cr_principal && !target->cr_principal) || 2017 (source->cr_raw_principal && !target->cr_raw_principal) || 2018 (source->cr_targ_princ && !target->cr_targ_princ)) 2019 return -ENOMEM; 2020 2021 target->cr_flavor = source->cr_flavor; 2022 target->cr_uid = source->cr_uid; 2023 target->cr_gid = source->cr_gid; 2024 target->cr_group_info = source->cr_group_info; 2025 get_group_info(target->cr_group_info); 2026 target->cr_gss_mech = source->cr_gss_mech; 2027 if (source->cr_gss_mech) 2028 gss_mech_get(source->cr_gss_mech); 2029 return 0; 2030 } 2031 2032 static int 2033 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2) 2034 { 2035 if (o1->len < o2->len) 2036 return -1; 2037 if (o1->len > o2->len) 2038 return 1; 2039 return memcmp(o1->data, o2->data, o1->len); 2040 } 2041 2042 static int same_name(const char *n1, const char *n2) 2043 { 2044 return 0 == memcmp(n1, n2, HEXDIR_LEN); 2045 } 2046 2047 static int 2048 same_verf(nfs4_verifier *v1, nfs4_verifier *v2) 2049 { 2050 return 0 == memcmp(v1->data, v2->data, sizeof(v1->data)); 2051 } 2052 2053 static int 2054 same_clid(clientid_t *cl1, clientid_t *cl2) 2055 { 2056 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); 2057 } 2058 2059 static bool groups_equal(struct group_info *g1, struct group_info *g2) 2060 { 2061 int i; 2062 2063 if (g1->ngroups != g2->ngroups) 2064 return false; 2065 for (i=0; i<g1->ngroups; i++) 2066 if (!gid_eq(g1->gid[i], g2->gid[i])) 2067 return false; 2068 return true; 2069 } 2070 2071 /* 2072 * RFC 3530 language requires clid_inuse be returned when the 2073 * "principal" associated with a requests differs from that previously 2074 * used. We use uid, gid's, and gss principal string as our best 2075 * approximation. We also don't want to allow non-gss use of a client 2076 * established using gss: in theory cr_principal should catch that 2077 * change, but in practice cr_principal can be null even in the gss case 2078 * since gssd doesn't always pass down a principal string. 2079 */ 2080 static bool is_gss_cred(struct svc_cred *cr) 2081 { 2082 /* Is cr_flavor one of the gss "pseudoflavors"?: */ 2083 return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR); 2084 } 2085 2086 2087 static bool 2088 same_creds(struct svc_cred *cr1, struct svc_cred *cr2) 2089 { 2090 if ((is_gss_cred(cr1) != is_gss_cred(cr2)) 2091 || (!uid_eq(cr1->cr_uid, cr2->cr_uid)) 2092 || (!gid_eq(cr1->cr_gid, cr2->cr_gid)) 2093 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) 2094 return false; 2095 /* XXX: check that cr_targ_princ fields match ? */ 2096 if (cr1->cr_principal == cr2->cr_principal) 2097 return true; 2098 if (!cr1->cr_principal || !cr2->cr_principal) 2099 return false; 2100 return 0 == strcmp(cr1->cr_principal, cr2->cr_principal); 2101 } 2102 2103 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp) 2104 { 2105 struct svc_cred *cr = &rqstp->rq_cred; 2106 u32 service; 2107 2108 if (!cr->cr_gss_mech) 2109 return false; 2110 service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor); 2111 return service == RPC_GSS_SVC_INTEGRITY || 2112 service == RPC_GSS_SVC_PRIVACY; 2113 } 2114 2115 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp) 2116 { 2117 struct svc_cred *cr = &rqstp->rq_cred; 2118 2119 if (!cl->cl_mach_cred) 2120 return true; 2121 if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech) 2122 return false; 2123 if (!svc_rqst_integrity_protected(rqstp)) 2124 return false; 2125 if (cl->cl_cred.cr_raw_principal) 2126 return 0 == strcmp(cl->cl_cred.cr_raw_principal, 2127 cr->cr_raw_principal); 2128 if (!cr->cr_principal) 2129 return false; 2130 return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal); 2131 } 2132 2133 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn) 2134 { 2135 __be32 verf[2]; 2136 2137 /* 2138 * This is opaque to client, so no need to byte-swap. Use 2139 * __force to keep sparse happy 2140 */ 2141 verf[0] = (__force __be32)get_seconds(); 2142 verf[1] = (__force __be32)nn->clverifier_counter++; 2143 memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data)); 2144 } 2145 2146 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn) 2147 { 2148 clp->cl_clientid.cl_boot = nn->boot_time; 2149 clp->cl_clientid.cl_id = nn->clientid_counter++; 2150 gen_confirm(clp, nn); 2151 } 2152 2153 static struct nfs4_stid * 2154 find_stateid_locked(struct nfs4_client *cl, stateid_t *t) 2155 { 2156 struct nfs4_stid *ret; 2157 2158 ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id); 2159 if (!ret || !ret->sc_type) 2160 return NULL; 2161 return ret; 2162 } 2163 2164 static struct nfs4_stid * 2165 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask) 2166 { 2167 struct nfs4_stid *s; 2168 2169 spin_lock(&cl->cl_lock); 2170 s = find_stateid_locked(cl, t); 2171 if (s != NULL) { 2172 if (typemask & s->sc_type) 2173 refcount_inc(&s->sc_count); 2174 else 2175 s = NULL; 2176 } 2177 spin_unlock(&cl->cl_lock); 2178 return s; 2179 } 2180 2181 static struct nfs4_client *create_client(struct xdr_netobj name, 2182 struct svc_rqst *rqstp, nfs4_verifier *verf) 2183 { 2184 struct nfs4_client *clp; 2185 struct sockaddr *sa = svc_addr(rqstp); 2186 int ret; 2187 struct net *net = SVC_NET(rqstp); 2188 2189 clp = alloc_client(name); 2190 if (clp == NULL) 2191 return NULL; 2192 2193 ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred); 2194 if (ret) { 2195 free_client(clp); 2196 return NULL; 2197 } 2198 nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL); 2199 clp->cl_time = get_seconds(); 2200 clear_bit(0, &clp->cl_cb_slot_busy); 2201 copy_verf(clp, verf); 2202 rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa); 2203 clp->cl_cb_session = NULL; 2204 clp->net = net; 2205 return clp; 2206 } 2207 2208 static void 2209 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root) 2210 { 2211 struct rb_node **new = &(root->rb_node), *parent = NULL; 2212 struct nfs4_client *clp; 2213 2214 while (*new) { 2215 clp = rb_entry(*new, struct nfs4_client, cl_namenode); 2216 parent = *new; 2217 2218 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0) 2219 new = &((*new)->rb_left); 2220 else 2221 new = &((*new)->rb_right); 2222 } 2223 2224 rb_link_node(&new_clp->cl_namenode, parent, new); 2225 rb_insert_color(&new_clp->cl_namenode, root); 2226 } 2227 2228 static struct nfs4_client * 2229 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root) 2230 { 2231 int cmp; 2232 struct rb_node *node = root->rb_node; 2233 struct nfs4_client *clp; 2234 2235 while (node) { 2236 clp = rb_entry(node, struct nfs4_client, cl_namenode); 2237 cmp = compare_blob(&clp->cl_name, name); 2238 if (cmp > 0) 2239 node = node->rb_left; 2240 else if (cmp < 0) 2241 node = node->rb_right; 2242 else 2243 return clp; 2244 } 2245 return NULL; 2246 } 2247 2248 static void 2249 add_to_unconfirmed(struct nfs4_client *clp) 2250 { 2251 unsigned int idhashval; 2252 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2253 2254 lockdep_assert_held(&nn->client_lock); 2255 2256 clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 2257 add_clp_to_name_tree(clp, &nn->unconf_name_tree); 2258 idhashval = clientid_hashval(clp->cl_clientid.cl_id); 2259 list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]); 2260 renew_client_locked(clp); 2261 } 2262 2263 static void 2264 move_to_confirmed(struct nfs4_client *clp) 2265 { 2266 unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id); 2267 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2268 2269 lockdep_assert_held(&nn->client_lock); 2270 2271 dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp); 2272 list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]); 2273 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 2274 add_clp_to_name_tree(clp, &nn->conf_name_tree); 2275 set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 2276 renew_client_locked(clp); 2277 } 2278 2279 static struct nfs4_client * 2280 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions) 2281 { 2282 struct nfs4_client *clp; 2283 unsigned int idhashval = clientid_hashval(clid->cl_id); 2284 2285 list_for_each_entry(clp, &tbl[idhashval], cl_idhash) { 2286 if (same_clid(&clp->cl_clientid, clid)) { 2287 if ((bool)clp->cl_minorversion != sessions) 2288 return NULL; 2289 renew_client_locked(clp); 2290 return clp; 2291 } 2292 } 2293 return NULL; 2294 } 2295 2296 static struct nfs4_client * 2297 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 2298 { 2299 struct list_head *tbl = nn->conf_id_hashtbl; 2300 2301 lockdep_assert_held(&nn->client_lock); 2302 return find_client_in_id_table(tbl, clid, sessions); 2303 } 2304 2305 static struct nfs4_client * 2306 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 2307 { 2308 struct list_head *tbl = nn->unconf_id_hashtbl; 2309 2310 lockdep_assert_held(&nn->client_lock); 2311 return find_client_in_id_table(tbl, clid, sessions); 2312 } 2313 2314 static bool clp_used_exchangeid(struct nfs4_client *clp) 2315 { 2316 return clp->cl_exchange_flags != 0; 2317 } 2318 2319 static struct nfs4_client * 2320 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 2321 { 2322 lockdep_assert_held(&nn->client_lock); 2323 return find_clp_in_name_tree(name, &nn->conf_name_tree); 2324 } 2325 2326 static struct nfs4_client * 2327 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 2328 { 2329 lockdep_assert_held(&nn->client_lock); 2330 return find_clp_in_name_tree(name, &nn->unconf_name_tree); 2331 } 2332 2333 static void 2334 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp) 2335 { 2336 struct nfs4_cb_conn *conn = &clp->cl_cb_conn; 2337 struct sockaddr *sa = svc_addr(rqstp); 2338 u32 scopeid = rpc_get_scope_id(sa); 2339 unsigned short expected_family; 2340 2341 /* Currently, we only support tcp and tcp6 for the callback channel */ 2342 if (se->se_callback_netid_len == 3 && 2343 !memcmp(se->se_callback_netid_val, "tcp", 3)) 2344 expected_family = AF_INET; 2345 else if (se->se_callback_netid_len == 4 && 2346 !memcmp(se->se_callback_netid_val, "tcp6", 4)) 2347 expected_family = AF_INET6; 2348 else 2349 goto out_err; 2350 2351 conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val, 2352 se->se_callback_addr_len, 2353 (struct sockaddr *)&conn->cb_addr, 2354 sizeof(conn->cb_addr)); 2355 2356 if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family) 2357 goto out_err; 2358 2359 if (conn->cb_addr.ss_family == AF_INET6) 2360 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid; 2361 2362 conn->cb_prog = se->se_callback_prog; 2363 conn->cb_ident = se->se_callback_ident; 2364 memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen); 2365 return; 2366 out_err: 2367 conn->cb_addr.ss_family = AF_UNSPEC; 2368 conn->cb_addrlen = 0; 2369 dprintk("NFSD: this client (clientid %08x/%08x) " 2370 "will not receive delegations\n", 2371 clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id); 2372 2373 return; 2374 } 2375 2376 /* 2377 * Cache a reply. nfsd4_check_resp_size() has bounded the cache size. 2378 */ 2379 static void 2380 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) 2381 { 2382 struct xdr_buf *buf = resp->xdr.buf; 2383 struct nfsd4_slot *slot = resp->cstate.slot; 2384 unsigned int base; 2385 2386 dprintk("--> %s slot %p\n", __func__, slot); 2387 2388 slot->sl_flags |= NFSD4_SLOT_INITIALIZED; 2389 slot->sl_opcnt = resp->opcnt; 2390 slot->sl_status = resp->cstate.status; 2391 free_svc_cred(&slot->sl_cred); 2392 copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred); 2393 2394 if (!nfsd4_cache_this(resp)) { 2395 slot->sl_flags &= ~NFSD4_SLOT_CACHED; 2396 return; 2397 } 2398 slot->sl_flags |= NFSD4_SLOT_CACHED; 2399 2400 base = resp->cstate.data_offset; 2401 slot->sl_datalen = buf->len - base; 2402 if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen)) 2403 WARN(1, "%s: sessions DRC could not cache compound\n", 2404 __func__); 2405 return; 2406 } 2407 2408 /* 2409 * Encode the replay sequence operation from the slot values. 2410 * If cachethis is FALSE encode the uncached rep error on the next 2411 * operation which sets resp->p and increments resp->opcnt for 2412 * nfs4svc_encode_compoundres. 2413 * 2414 */ 2415 static __be32 2416 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args, 2417 struct nfsd4_compoundres *resp) 2418 { 2419 struct nfsd4_op *op; 2420 struct nfsd4_slot *slot = resp->cstate.slot; 2421 2422 /* Encode the replayed sequence operation */ 2423 op = &args->ops[resp->opcnt - 1]; 2424 nfsd4_encode_operation(resp, op); 2425 2426 if (slot->sl_flags & NFSD4_SLOT_CACHED) 2427 return op->status; 2428 if (args->opcnt == 1) { 2429 /* 2430 * The original operation wasn't a solo sequence--we 2431 * always cache those--so this retry must not match the 2432 * original: 2433 */ 2434 op->status = nfserr_seq_false_retry; 2435 } else { 2436 op = &args->ops[resp->opcnt++]; 2437 op->status = nfserr_retry_uncached_rep; 2438 nfsd4_encode_operation(resp, op); 2439 } 2440 return op->status; 2441 } 2442 2443 /* 2444 * The sequence operation is not cached because we can use the slot and 2445 * session values. 2446 */ 2447 static __be32 2448 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp, 2449 struct nfsd4_sequence *seq) 2450 { 2451 struct nfsd4_slot *slot = resp->cstate.slot; 2452 struct xdr_stream *xdr = &resp->xdr; 2453 __be32 *p; 2454 __be32 status; 2455 2456 dprintk("--> %s slot %p\n", __func__, slot); 2457 2458 status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp); 2459 if (status) 2460 return status; 2461 2462 p = xdr_reserve_space(xdr, slot->sl_datalen); 2463 if (!p) { 2464 WARN_ON_ONCE(1); 2465 return nfserr_serverfault; 2466 } 2467 xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen); 2468 xdr_commit_encode(xdr); 2469 2470 resp->opcnt = slot->sl_opcnt; 2471 return slot->sl_status; 2472 } 2473 2474 /* 2475 * Set the exchange_id flags returned by the server. 2476 */ 2477 static void 2478 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid) 2479 { 2480 #ifdef CONFIG_NFSD_PNFS 2481 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS; 2482 #else 2483 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS; 2484 #endif 2485 2486 /* Referrals are supported, Migration is not. */ 2487 new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER; 2488 2489 /* set the wire flags to return to client. */ 2490 clid->flags = new->cl_exchange_flags; 2491 } 2492 2493 static bool client_has_openowners(struct nfs4_client *clp) 2494 { 2495 struct nfs4_openowner *oo; 2496 2497 list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) { 2498 if (!list_empty(&oo->oo_owner.so_stateids)) 2499 return true; 2500 } 2501 return false; 2502 } 2503 2504 static bool client_has_state(struct nfs4_client *clp) 2505 { 2506 return client_has_openowners(clp) 2507 #ifdef CONFIG_NFSD_PNFS 2508 || !list_empty(&clp->cl_lo_states) 2509 #endif 2510 || !list_empty(&clp->cl_delegations) 2511 || !list_empty(&clp->cl_sessions) 2512 || !list_empty(&clp->async_copies); 2513 } 2514 2515 __be32 2516 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 2517 union nfsd4_op_u *u) 2518 { 2519 struct nfsd4_exchange_id *exid = &u->exchange_id; 2520 struct nfs4_client *conf, *new; 2521 struct nfs4_client *unconf = NULL; 2522 __be32 status; 2523 char addr_str[INET6_ADDRSTRLEN]; 2524 nfs4_verifier verf = exid->verifier; 2525 struct sockaddr *sa = svc_addr(rqstp); 2526 bool update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A; 2527 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2528 2529 rpc_ntop(sa, addr_str, sizeof(addr_str)); 2530 dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p " 2531 "ip_addr=%s flags %x, spa_how %d\n", 2532 __func__, rqstp, exid, exid->clname.len, exid->clname.data, 2533 addr_str, exid->flags, exid->spa_how); 2534 2535 if (exid->flags & ~EXCHGID4_FLAG_MASK_A) 2536 return nfserr_inval; 2537 2538 new = create_client(exid->clname, rqstp, &verf); 2539 if (new == NULL) 2540 return nfserr_jukebox; 2541 2542 switch (exid->spa_how) { 2543 case SP4_MACH_CRED: 2544 exid->spo_must_enforce[0] = 0; 2545 exid->spo_must_enforce[1] = ( 2546 1 << (OP_BIND_CONN_TO_SESSION - 32) | 2547 1 << (OP_EXCHANGE_ID - 32) | 2548 1 << (OP_CREATE_SESSION - 32) | 2549 1 << (OP_DESTROY_SESSION - 32) | 2550 1 << (OP_DESTROY_CLIENTID - 32)); 2551 2552 exid->spo_must_allow[0] &= (1 << (OP_CLOSE) | 2553 1 << (OP_OPEN_DOWNGRADE) | 2554 1 << (OP_LOCKU) | 2555 1 << (OP_DELEGRETURN)); 2556 2557 exid->spo_must_allow[1] &= ( 2558 1 << (OP_TEST_STATEID - 32) | 2559 1 << (OP_FREE_STATEID - 32)); 2560 if (!svc_rqst_integrity_protected(rqstp)) { 2561 status = nfserr_inval; 2562 goto out_nolock; 2563 } 2564 /* 2565 * Sometimes userspace doesn't give us a principal. 2566 * Which is a bug, really. Anyway, we can't enforce 2567 * MACH_CRED in that case, better to give up now: 2568 */ 2569 if (!new->cl_cred.cr_principal && 2570 !new->cl_cred.cr_raw_principal) { 2571 status = nfserr_serverfault; 2572 goto out_nolock; 2573 } 2574 new->cl_mach_cred = true; 2575 case SP4_NONE: 2576 break; 2577 default: /* checked by xdr code */ 2578 WARN_ON_ONCE(1); 2579 case SP4_SSV: 2580 status = nfserr_encr_alg_unsupp; 2581 goto out_nolock; 2582 } 2583 2584 /* Cases below refer to rfc 5661 section 18.35.4: */ 2585 spin_lock(&nn->client_lock); 2586 conf = find_confirmed_client_by_name(&exid->clname, nn); 2587 if (conf) { 2588 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred); 2589 bool verfs_match = same_verf(&verf, &conf->cl_verifier); 2590 2591 if (update) { 2592 if (!clp_used_exchangeid(conf)) { /* buggy client */ 2593 status = nfserr_inval; 2594 goto out; 2595 } 2596 if (!nfsd4_mach_creds_match(conf, rqstp)) { 2597 status = nfserr_wrong_cred; 2598 goto out; 2599 } 2600 if (!creds_match) { /* case 9 */ 2601 status = nfserr_perm; 2602 goto out; 2603 } 2604 if (!verfs_match) { /* case 8 */ 2605 status = nfserr_not_same; 2606 goto out; 2607 } 2608 /* case 6 */ 2609 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R; 2610 goto out_copy; 2611 } 2612 if (!creds_match) { /* case 3 */ 2613 if (client_has_state(conf)) { 2614 status = nfserr_clid_inuse; 2615 goto out; 2616 } 2617 goto out_new; 2618 } 2619 if (verfs_match) { /* case 2 */ 2620 conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R; 2621 goto out_copy; 2622 } 2623 /* case 5, client reboot */ 2624 conf = NULL; 2625 goto out_new; 2626 } 2627 2628 if (update) { /* case 7 */ 2629 status = nfserr_noent; 2630 goto out; 2631 } 2632 2633 unconf = find_unconfirmed_client_by_name(&exid->clname, nn); 2634 if (unconf) /* case 4, possible retry or client restart */ 2635 unhash_client_locked(unconf); 2636 2637 /* case 1 (normal case) */ 2638 out_new: 2639 if (conf) { 2640 status = mark_client_expired_locked(conf); 2641 if (status) 2642 goto out; 2643 } 2644 new->cl_minorversion = cstate->minorversion; 2645 new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0]; 2646 new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1]; 2647 2648 gen_clid(new, nn); 2649 add_to_unconfirmed(new); 2650 swap(new, conf); 2651 out_copy: 2652 exid->clientid.cl_boot = conf->cl_clientid.cl_boot; 2653 exid->clientid.cl_id = conf->cl_clientid.cl_id; 2654 2655 exid->seqid = conf->cl_cs_slot.sl_seqid + 1; 2656 nfsd4_set_ex_flags(conf, exid); 2657 2658 dprintk("nfsd4_exchange_id seqid %d flags %x\n", 2659 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags); 2660 status = nfs_ok; 2661 2662 out: 2663 spin_unlock(&nn->client_lock); 2664 out_nolock: 2665 if (new) 2666 expire_client(new); 2667 if (unconf) 2668 expire_client(unconf); 2669 return status; 2670 } 2671 2672 static __be32 2673 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse) 2674 { 2675 dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid, 2676 slot_seqid); 2677 2678 /* The slot is in use, and no response has been sent. */ 2679 if (slot_inuse) { 2680 if (seqid == slot_seqid) 2681 return nfserr_jukebox; 2682 else 2683 return nfserr_seq_misordered; 2684 } 2685 /* Note unsigned 32-bit arithmetic handles wraparound: */ 2686 if (likely(seqid == slot_seqid + 1)) 2687 return nfs_ok; 2688 if (seqid == slot_seqid) 2689 return nfserr_replay_cache; 2690 return nfserr_seq_misordered; 2691 } 2692 2693 /* 2694 * Cache the create session result into the create session single DRC 2695 * slot cache by saving the xdr structure. sl_seqid has been set. 2696 * Do this for solo or embedded create session operations. 2697 */ 2698 static void 2699 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses, 2700 struct nfsd4_clid_slot *slot, __be32 nfserr) 2701 { 2702 slot->sl_status = nfserr; 2703 memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses)); 2704 } 2705 2706 static __be32 2707 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses, 2708 struct nfsd4_clid_slot *slot) 2709 { 2710 memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses)); 2711 return slot->sl_status; 2712 } 2713 2714 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\ 2715 2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \ 2716 1 + /* MIN tag is length with zero, only length */ \ 2717 3 + /* version, opcount, opcode */ \ 2718 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 2719 /* seqid, slotID, slotID, cache */ \ 2720 4 ) * sizeof(__be32)) 2721 2722 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\ 2723 2 + /* verifier: AUTH_NULL, length 0 */\ 2724 1 + /* status */ \ 2725 1 + /* MIN tag is length with zero, only length */ \ 2726 3 + /* opcount, opcode, opstatus*/ \ 2727 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 2728 /* seqid, slotID, slotID, slotID, status */ \ 2729 5 ) * sizeof(__be32)) 2730 2731 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 2732 { 2733 u32 maxrpc = nn->nfsd_serv->sv_max_mesg; 2734 2735 if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ) 2736 return nfserr_toosmall; 2737 if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ) 2738 return nfserr_toosmall; 2739 ca->headerpadsz = 0; 2740 ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc); 2741 ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc); 2742 ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND); 2743 ca->maxresp_cached = min_t(u32, ca->maxresp_cached, 2744 NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ); 2745 ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION); 2746 /* 2747 * Note decreasing slot size below client's request may make it 2748 * difficult for client to function correctly, whereas 2749 * decreasing the number of slots will (just?) affect 2750 * performance. When short on memory we therefore prefer to 2751 * decrease number of slots instead of their size. Clients that 2752 * request larger slots than they need will get poor results: 2753 */ 2754 ca->maxreqs = nfsd4_get_drc_mem(ca); 2755 if (!ca->maxreqs) 2756 return nfserr_jukebox; 2757 2758 return nfs_ok; 2759 } 2760 2761 /* 2762 * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now. 2763 * These are based on similar macros in linux/sunrpc/msg_prot.h . 2764 */ 2765 #define RPC_MAX_HEADER_WITH_AUTH_SYS \ 2766 (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK)) 2767 2768 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \ 2769 (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK)) 2770 2771 #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \ 2772 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32)) 2773 #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \ 2774 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \ 2775 sizeof(__be32)) 2776 2777 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) 2778 { 2779 ca->headerpadsz = 0; 2780 2781 if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ) 2782 return nfserr_toosmall; 2783 if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ) 2784 return nfserr_toosmall; 2785 ca->maxresp_cached = 0; 2786 if (ca->maxops < 2) 2787 return nfserr_toosmall; 2788 2789 return nfs_ok; 2790 } 2791 2792 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs) 2793 { 2794 switch (cbs->flavor) { 2795 case RPC_AUTH_NULL: 2796 case RPC_AUTH_UNIX: 2797 return nfs_ok; 2798 default: 2799 /* 2800 * GSS case: the spec doesn't allow us to return this 2801 * error. But it also doesn't allow us not to support 2802 * GSS. 2803 * I'd rather this fail hard than return some error the 2804 * client might think it can already handle: 2805 */ 2806 return nfserr_encr_alg_unsupp; 2807 } 2808 } 2809 2810 __be32 2811 nfsd4_create_session(struct svc_rqst *rqstp, 2812 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 2813 { 2814 struct nfsd4_create_session *cr_ses = &u->create_session; 2815 struct sockaddr *sa = svc_addr(rqstp); 2816 struct nfs4_client *conf, *unconf; 2817 struct nfs4_client *old = NULL; 2818 struct nfsd4_session *new; 2819 struct nfsd4_conn *conn; 2820 struct nfsd4_clid_slot *cs_slot = NULL; 2821 __be32 status = 0; 2822 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2823 2824 if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) 2825 return nfserr_inval; 2826 status = nfsd4_check_cb_sec(&cr_ses->cb_sec); 2827 if (status) 2828 return status; 2829 status = check_forechannel_attrs(&cr_ses->fore_channel, nn); 2830 if (status) 2831 return status; 2832 status = check_backchannel_attrs(&cr_ses->back_channel); 2833 if (status) 2834 goto out_release_drc_mem; 2835 status = nfserr_jukebox; 2836 new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel); 2837 if (!new) 2838 goto out_release_drc_mem; 2839 conn = alloc_conn_from_crses(rqstp, cr_ses); 2840 if (!conn) 2841 goto out_free_session; 2842 2843 spin_lock(&nn->client_lock); 2844 unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn); 2845 conf = find_confirmed_client(&cr_ses->clientid, true, nn); 2846 WARN_ON_ONCE(conf && unconf); 2847 2848 if (conf) { 2849 status = nfserr_wrong_cred; 2850 if (!nfsd4_mach_creds_match(conf, rqstp)) 2851 goto out_free_conn; 2852 cs_slot = &conf->cl_cs_slot; 2853 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0); 2854 if (status) { 2855 if (status == nfserr_replay_cache) 2856 status = nfsd4_replay_create_session(cr_ses, cs_slot); 2857 goto out_free_conn; 2858 } 2859 } else if (unconf) { 2860 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) || 2861 !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) { 2862 status = nfserr_clid_inuse; 2863 goto out_free_conn; 2864 } 2865 status = nfserr_wrong_cred; 2866 if (!nfsd4_mach_creds_match(unconf, rqstp)) 2867 goto out_free_conn; 2868 cs_slot = &unconf->cl_cs_slot; 2869 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0); 2870 if (status) { 2871 /* an unconfirmed replay returns misordered */ 2872 status = nfserr_seq_misordered; 2873 goto out_free_conn; 2874 } 2875 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 2876 if (old) { 2877 status = mark_client_expired_locked(old); 2878 if (status) { 2879 old = NULL; 2880 goto out_free_conn; 2881 } 2882 } 2883 move_to_confirmed(unconf); 2884 conf = unconf; 2885 } else { 2886 status = nfserr_stale_clientid; 2887 goto out_free_conn; 2888 } 2889 status = nfs_ok; 2890 /* Persistent sessions are not supported */ 2891 cr_ses->flags &= ~SESSION4_PERSIST; 2892 /* Upshifting from TCP to RDMA is not supported */ 2893 cr_ses->flags &= ~SESSION4_RDMA; 2894 2895 init_session(rqstp, new, conf, cr_ses); 2896 nfsd4_get_session_locked(new); 2897 2898 memcpy(cr_ses->sessionid.data, new->se_sessionid.data, 2899 NFS4_MAX_SESSIONID_LEN); 2900 cs_slot->sl_seqid++; 2901 cr_ses->seqid = cs_slot->sl_seqid; 2902 2903 /* cache solo and embedded create sessions under the client_lock */ 2904 nfsd4_cache_create_session(cr_ses, cs_slot, status); 2905 spin_unlock(&nn->client_lock); 2906 /* init connection and backchannel */ 2907 nfsd4_init_conn(rqstp, conn, new); 2908 nfsd4_put_session(new); 2909 if (old) 2910 expire_client(old); 2911 return status; 2912 out_free_conn: 2913 spin_unlock(&nn->client_lock); 2914 free_conn(conn); 2915 if (old) 2916 expire_client(old); 2917 out_free_session: 2918 __free_session(new); 2919 out_release_drc_mem: 2920 nfsd4_put_drc_mem(&cr_ses->fore_channel); 2921 return status; 2922 } 2923 2924 static __be32 nfsd4_map_bcts_dir(u32 *dir) 2925 { 2926 switch (*dir) { 2927 case NFS4_CDFC4_FORE: 2928 case NFS4_CDFC4_BACK: 2929 return nfs_ok; 2930 case NFS4_CDFC4_FORE_OR_BOTH: 2931 case NFS4_CDFC4_BACK_OR_BOTH: 2932 *dir = NFS4_CDFC4_BOTH; 2933 return nfs_ok; 2934 }; 2935 return nfserr_inval; 2936 } 2937 2938 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, 2939 struct nfsd4_compound_state *cstate, 2940 union nfsd4_op_u *u) 2941 { 2942 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl; 2943 struct nfsd4_session *session = cstate->session; 2944 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2945 __be32 status; 2946 2947 status = nfsd4_check_cb_sec(&bc->bc_cb_sec); 2948 if (status) 2949 return status; 2950 spin_lock(&nn->client_lock); 2951 session->se_cb_prog = bc->bc_cb_program; 2952 session->se_cb_sec = bc->bc_cb_sec; 2953 spin_unlock(&nn->client_lock); 2954 2955 nfsd4_probe_callback(session->se_client); 2956 2957 return nfs_ok; 2958 } 2959 2960 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, 2961 struct nfsd4_compound_state *cstate, 2962 union nfsd4_op_u *u) 2963 { 2964 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 2965 __be32 status; 2966 struct nfsd4_conn *conn; 2967 struct nfsd4_session *session; 2968 struct net *net = SVC_NET(rqstp); 2969 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 2970 2971 if (!nfsd4_last_compound_op(rqstp)) 2972 return nfserr_not_only_op; 2973 spin_lock(&nn->client_lock); 2974 session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status); 2975 spin_unlock(&nn->client_lock); 2976 if (!session) 2977 goto out_no_session; 2978 status = nfserr_wrong_cred; 2979 if (!nfsd4_mach_creds_match(session->se_client, rqstp)) 2980 goto out; 2981 status = nfsd4_map_bcts_dir(&bcts->dir); 2982 if (status) 2983 goto out; 2984 conn = alloc_conn(rqstp, bcts->dir); 2985 status = nfserr_jukebox; 2986 if (!conn) 2987 goto out; 2988 nfsd4_init_conn(rqstp, conn, session); 2989 status = nfs_ok; 2990 out: 2991 nfsd4_put_session(session); 2992 out_no_session: 2993 return status; 2994 } 2995 2996 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid) 2997 { 2998 if (!cstate->session) 2999 return false; 3000 return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid)); 3001 } 3002 3003 __be32 3004 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate, 3005 union nfsd4_op_u *u) 3006 { 3007 struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid; 3008 struct nfsd4_session *ses; 3009 __be32 status; 3010 int ref_held_by_me = 0; 3011 struct net *net = SVC_NET(r); 3012 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 3013 3014 status = nfserr_not_only_op; 3015 if (nfsd4_compound_in_session(cstate, sessionid)) { 3016 if (!nfsd4_last_compound_op(r)) 3017 goto out; 3018 ref_held_by_me++; 3019 } 3020 dump_sessionid(__func__, sessionid); 3021 spin_lock(&nn->client_lock); 3022 ses = find_in_sessionid_hashtbl(sessionid, net, &status); 3023 if (!ses) 3024 goto out_client_lock; 3025 status = nfserr_wrong_cred; 3026 if (!nfsd4_mach_creds_match(ses->se_client, r)) 3027 goto out_put_session; 3028 status = mark_session_dead_locked(ses, 1 + ref_held_by_me); 3029 if (status) 3030 goto out_put_session; 3031 unhash_session(ses); 3032 spin_unlock(&nn->client_lock); 3033 3034 nfsd4_probe_callback_sync(ses->se_client); 3035 3036 spin_lock(&nn->client_lock); 3037 status = nfs_ok; 3038 out_put_session: 3039 nfsd4_put_session_locked(ses); 3040 out_client_lock: 3041 spin_unlock(&nn->client_lock); 3042 out: 3043 return status; 3044 } 3045 3046 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s) 3047 { 3048 struct nfsd4_conn *c; 3049 3050 list_for_each_entry(c, &s->se_conns, cn_persession) { 3051 if (c->cn_xprt == xpt) { 3052 return c; 3053 } 3054 } 3055 return NULL; 3056 } 3057 3058 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses) 3059 { 3060 struct nfs4_client *clp = ses->se_client; 3061 struct nfsd4_conn *c; 3062 __be32 status = nfs_ok; 3063 int ret; 3064 3065 spin_lock(&clp->cl_lock); 3066 c = __nfsd4_find_conn(new->cn_xprt, ses); 3067 if (c) 3068 goto out_free; 3069 status = nfserr_conn_not_bound_to_session; 3070 if (clp->cl_mach_cred) 3071 goto out_free; 3072 __nfsd4_hash_conn(new, ses); 3073 spin_unlock(&clp->cl_lock); 3074 ret = nfsd4_register_conn(new); 3075 if (ret) 3076 /* oops; xprt is already down: */ 3077 nfsd4_conn_lost(&new->cn_xpt_user); 3078 return nfs_ok; 3079 out_free: 3080 spin_unlock(&clp->cl_lock); 3081 free_conn(new); 3082 return status; 3083 } 3084 3085 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session) 3086 { 3087 struct nfsd4_compoundargs *args = rqstp->rq_argp; 3088 3089 return args->opcnt > session->se_fchannel.maxops; 3090 } 3091 3092 static bool nfsd4_request_too_big(struct svc_rqst *rqstp, 3093 struct nfsd4_session *session) 3094 { 3095 struct xdr_buf *xb = &rqstp->rq_arg; 3096 3097 return xb->len > session->se_fchannel.maxreq_sz; 3098 } 3099 3100 static bool replay_matches_cache(struct svc_rqst *rqstp, 3101 struct nfsd4_sequence *seq, struct nfsd4_slot *slot) 3102 { 3103 struct nfsd4_compoundargs *argp = rqstp->rq_argp; 3104 3105 if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) != 3106 (bool)seq->cachethis) 3107 return false; 3108 /* 3109 * If there's an error than the reply can have fewer ops than 3110 * the call. But if we cached a reply with *more* ops than the 3111 * call you're sending us now, then this new call is clearly not 3112 * really a replay of the old one: 3113 */ 3114 if (slot->sl_opcnt < argp->opcnt) 3115 return false; 3116 /* This is the only check explicitly called by spec: */ 3117 if (!same_creds(&rqstp->rq_cred, &slot->sl_cred)) 3118 return false; 3119 /* 3120 * There may be more comparisons we could actually do, but the 3121 * spec doesn't require us to catch every case where the calls 3122 * don't match (that would require caching the call as well as 3123 * the reply), so we don't bother. 3124 */ 3125 return true; 3126 } 3127 3128 __be32 3129 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 3130 union nfsd4_op_u *u) 3131 { 3132 struct nfsd4_sequence *seq = &u->sequence; 3133 struct nfsd4_compoundres *resp = rqstp->rq_resp; 3134 struct xdr_stream *xdr = &resp->xdr; 3135 struct nfsd4_session *session; 3136 struct nfs4_client *clp; 3137 struct nfsd4_slot *slot; 3138 struct nfsd4_conn *conn; 3139 __be32 status; 3140 int buflen; 3141 struct net *net = SVC_NET(rqstp); 3142 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 3143 3144 if (resp->opcnt != 1) 3145 return nfserr_sequence_pos; 3146 3147 /* 3148 * Will be either used or freed by nfsd4_sequence_check_conn 3149 * below. 3150 */ 3151 conn = alloc_conn(rqstp, NFS4_CDFC4_FORE); 3152 if (!conn) 3153 return nfserr_jukebox; 3154 3155 spin_lock(&nn->client_lock); 3156 session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status); 3157 if (!session) 3158 goto out_no_session; 3159 clp = session->se_client; 3160 3161 status = nfserr_too_many_ops; 3162 if (nfsd4_session_too_many_ops(rqstp, session)) 3163 goto out_put_session; 3164 3165 status = nfserr_req_too_big; 3166 if (nfsd4_request_too_big(rqstp, session)) 3167 goto out_put_session; 3168 3169 status = nfserr_badslot; 3170 if (seq->slotid >= session->se_fchannel.maxreqs) 3171 goto out_put_session; 3172 3173 slot = session->se_slots[seq->slotid]; 3174 dprintk("%s: slotid %d\n", __func__, seq->slotid); 3175 3176 /* We do not negotiate the number of slots yet, so set the 3177 * maxslots to the session maxreqs which is used to encode 3178 * sr_highest_slotid and the sr_target_slot id to maxslots */ 3179 seq->maxslots = session->se_fchannel.maxreqs; 3180 3181 status = check_slot_seqid(seq->seqid, slot->sl_seqid, 3182 slot->sl_flags & NFSD4_SLOT_INUSE); 3183 if (status == nfserr_replay_cache) { 3184 status = nfserr_seq_misordered; 3185 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED)) 3186 goto out_put_session; 3187 status = nfserr_seq_false_retry; 3188 if (!replay_matches_cache(rqstp, seq, slot)) 3189 goto out_put_session; 3190 cstate->slot = slot; 3191 cstate->session = session; 3192 cstate->clp = clp; 3193 /* Return the cached reply status and set cstate->status 3194 * for nfsd4_proc_compound processing */ 3195 status = nfsd4_replay_cache_entry(resp, seq); 3196 cstate->status = nfserr_replay_cache; 3197 goto out; 3198 } 3199 if (status) 3200 goto out_put_session; 3201 3202 status = nfsd4_sequence_check_conn(conn, session); 3203 conn = NULL; 3204 if (status) 3205 goto out_put_session; 3206 3207 buflen = (seq->cachethis) ? 3208 session->se_fchannel.maxresp_cached : 3209 session->se_fchannel.maxresp_sz; 3210 status = (seq->cachethis) ? nfserr_rep_too_big_to_cache : 3211 nfserr_rep_too_big; 3212 if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack)) 3213 goto out_put_session; 3214 svc_reserve(rqstp, buflen); 3215 3216 status = nfs_ok; 3217 /* Success! bump slot seqid */ 3218 slot->sl_seqid = seq->seqid; 3219 slot->sl_flags |= NFSD4_SLOT_INUSE; 3220 if (seq->cachethis) 3221 slot->sl_flags |= NFSD4_SLOT_CACHETHIS; 3222 else 3223 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS; 3224 3225 cstate->slot = slot; 3226 cstate->session = session; 3227 cstate->clp = clp; 3228 3229 out: 3230 switch (clp->cl_cb_state) { 3231 case NFSD4_CB_DOWN: 3232 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 3233 break; 3234 case NFSD4_CB_FAULT: 3235 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 3236 break; 3237 default: 3238 seq->status_flags = 0; 3239 } 3240 if (!list_empty(&clp->cl_revoked)) 3241 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 3242 out_no_session: 3243 if (conn) 3244 free_conn(conn); 3245 spin_unlock(&nn->client_lock); 3246 return status; 3247 out_put_session: 3248 nfsd4_put_session_locked(session); 3249 goto out_no_session; 3250 } 3251 3252 void 3253 nfsd4_sequence_done(struct nfsd4_compoundres *resp) 3254 { 3255 struct nfsd4_compound_state *cs = &resp->cstate; 3256 3257 if (nfsd4_has_session(cs)) { 3258 if (cs->status != nfserr_replay_cache) { 3259 nfsd4_store_cache_entry(resp); 3260 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE; 3261 } 3262 /* Drop session reference that was taken in nfsd4_sequence() */ 3263 nfsd4_put_session(cs->session); 3264 } else if (cs->clp) 3265 put_client_renew(cs->clp); 3266 } 3267 3268 __be32 3269 nfsd4_destroy_clientid(struct svc_rqst *rqstp, 3270 struct nfsd4_compound_state *cstate, 3271 union nfsd4_op_u *u) 3272 { 3273 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid; 3274 struct nfs4_client *conf, *unconf; 3275 struct nfs4_client *clp = NULL; 3276 __be32 status = 0; 3277 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3278 3279 spin_lock(&nn->client_lock); 3280 unconf = find_unconfirmed_client(&dc->clientid, true, nn); 3281 conf = find_confirmed_client(&dc->clientid, true, nn); 3282 WARN_ON_ONCE(conf && unconf); 3283 3284 if (conf) { 3285 if (client_has_state(conf)) { 3286 status = nfserr_clientid_busy; 3287 goto out; 3288 } 3289 status = mark_client_expired_locked(conf); 3290 if (status) 3291 goto out; 3292 clp = conf; 3293 } else if (unconf) 3294 clp = unconf; 3295 else { 3296 status = nfserr_stale_clientid; 3297 goto out; 3298 } 3299 if (!nfsd4_mach_creds_match(clp, rqstp)) { 3300 clp = NULL; 3301 status = nfserr_wrong_cred; 3302 goto out; 3303 } 3304 unhash_client_locked(clp); 3305 out: 3306 spin_unlock(&nn->client_lock); 3307 if (clp) 3308 expire_client(clp); 3309 return status; 3310 } 3311 3312 __be32 3313 nfsd4_reclaim_complete(struct svc_rqst *rqstp, 3314 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 3315 { 3316 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete; 3317 __be32 status = 0; 3318 3319 if (rc->rca_one_fs) { 3320 if (!cstate->current_fh.fh_dentry) 3321 return nfserr_nofilehandle; 3322 /* 3323 * We don't take advantage of the rca_one_fs case. 3324 * That's OK, it's optional, we can safely ignore it. 3325 */ 3326 return nfs_ok; 3327 } 3328 3329 status = nfserr_complete_already; 3330 if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, 3331 &cstate->session->se_client->cl_flags)) 3332 goto out; 3333 3334 status = nfserr_stale_clientid; 3335 if (is_client_expired(cstate->session->se_client)) 3336 /* 3337 * The following error isn't really legal. 3338 * But we only get here if the client just explicitly 3339 * destroyed the client. Surely it no longer cares what 3340 * error it gets back on an operation for the dead 3341 * client. 3342 */ 3343 goto out; 3344 3345 status = nfs_ok; 3346 nfsd4_client_record_create(cstate->session->se_client); 3347 out: 3348 return status; 3349 } 3350 3351 __be32 3352 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 3353 union nfsd4_op_u *u) 3354 { 3355 struct nfsd4_setclientid *setclid = &u->setclientid; 3356 struct xdr_netobj clname = setclid->se_name; 3357 nfs4_verifier clverifier = setclid->se_verf; 3358 struct nfs4_client *conf, *new; 3359 struct nfs4_client *unconf = NULL; 3360 __be32 status; 3361 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3362 3363 new = create_client(clname, rqstp, &clverifier); 3364 if (new == NULL) 3365 return nfserr_jukebox; 3366 /* Cases below refer to rfc 3530 section 14.2.33: */ 3367 spin_lock(&nn->client_lock); 3368 conf = find_confirmed_client_by_name(&clname, nn); 3369 if (conf && client_has_state(conf)) { 3370 /* case 0: */ 3371 status = nfserr_clid_inuse; 3372 if (clp_used_exchangeid(conf)) 3373 goto out; 3374 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 3375 char addr_str[INET6_ADDRSTRLEN]; 3376 rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str, 3377 sizeof(addr_str)); 3378 dprintk("NFSD: setclientid: string in use by client " 3379 "at %s\n", addr_str); 3380 goto out; 3381 } 3382 } 3383 unconf = find_unconfirmed_client_by_name(&clname, nn); 3384 if (unconf) 3385 unhash_client_locked(unconf); 3386 if (conf && same_verf(&conf->cl_verifier, &clverifier)) { 3387 /* case 1: probable callback update */ 3388 copy_clid(new, conf); 3389 gen_confirm(new, nn); 3390 } else /* case 4 (new client) or cases 2, 3 (client reboot): */ 3391 gen_clid(new, nn); 3392 new->cl_minorversion = 0; 3393 gen_callback(new, setclid, rqstp); 3394 add_to_unconfirmed(new); 3395 setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot; 3396 setclid->se_clientid.cl_id = new->cl_clientid.cl_id; 3397 memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data)); 3398 new = NULL; 3399 status = nfs_ok; 3400 out: 3401 spin_unlock(&nn->client_lock); 3402 if (new) 3403 free_client(new); 3404 if (unconf) 3405 expire_client(unconf); 3406 return status; 3407 } 3408 3409 3410 __be32 3411 nfsd4_setclientid_confirm(struct svc_rqst *rqstp, 3412 struct nfsd4_compound_state *cstate, 3413 union nfsd4_op_u *u) 3414 { 3415 struct nfsd4_setclientid_confirm *setclientid_confirm = 3416 &u->setclientid_confirm; 3417 struct nfs4_client *conf, *unconf; 3418 struct nfs4_client *old = NULL; 3419 nfs4_verifier confirm = setclientid_confirm->sc_confirm; 3420 clientid_t * clid = &setclientid_confirm->sc_clientid; 3421 __be32 status; 3422 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3423 3424 if (STALE_CLIENTID(clid, nn)) 3425 return nfserr_stale_clientid; 3426 3427 spin_lock(&nn->client_lock); 3428 conf = find_confirmed_client(clid, false, nn); 3429 unconf = find_unconfirmed_client(clid, false, nn); 3430 /* 3431 * We try hard to give out unique clientid's, so if we get an 3432 * attempt to confirm the same clientid with a different cred, 3433 * the client may be buggy; this should never happen. 3434 * 3435 * Nevertheless, RFC 7530 recommends INUSE for this case: 3436 */ 3437 status = nfserr_clid_inuse; 3438 if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred)) 3439 goto out; 3440 if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred)) 3441 goto out; 3442 /* cases below refer to rfc 3530 section 14.2.34: */ 3443 if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) { 3444 if (conf && same_verf(&confirm, &conf->cl_confirm)) { 3445 /* case 2: probable retransmit */ 3446 status = nfs_ok; 3447 } else /* case 4: client hasn't noticed we rebooted yet? */ 3448 status = nfserr_stale_clientid; 3449 goto out; 3450 } 3451 status = nfs_ok; 3452 if (conf) { /* case 1: callback update */ 3453 old = unconf; 3454 unhash_client_locked(old); 3455 nfsd4_change_callback(conf, &unconf->cl_cb_conn); 3456 } else { /* case 3: normal case; new or rebooted client */ 3457 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 3458 if (old) { 3459 status = nfserr_clid_inuse; 3460 if (client_has_state(old) 3461 && !same_creds(&unconf->cl_cred, 3462 &old->cl_cred)) 3463 goto out; 3464 status = mark_client_expired_locked(old); 3465 if (status) { 3466 old = NULL; 3467 goto out; 3468 } 3469 } 3470 move_to_confirmed(unconf); 3471 conf = unconf; 3472 } 3473 get_client_locked(conf); 3474 spin_unlock(&nn->client_lock); 3475 nfsd4_probe_callback(conf); 3476 spin_lock(&nn->client_lock); 3477 put_client_renew_locked(conf); 3478 out: 3479 spin_unlock(&nn->client_lock); 3480 if (old) 3481 expire_client(old); 3482 return status; 3483 } 3484 3485 static struct nfs4_file *nfsd4_alloc_file(void) 3486 { 3487 return kmem_cache_alloc(file_slab, GFP_KERNEL); 3488 } 3489 3490 /* OPEN Share state helper functions */ 3491 static void nfsd4_init_file(struct knfsd_fh *fh, unsigned int hashval, 3492 struct nfs4_file *fp) 3493 { 3494 lockdep_assert_held(&state_lock); 3495 3496 refcount_set(&fp->fi_ref, 1); 3497 spin_lock_init(&fp->fi_lock); 3498 INIT_LIST_HEAD(&fp->fi_stateids); 3499 INIT_LIST_HEAD(&fp->fi_delegations); 3500 INIT_LIST_HEAD(&fp->fi_clnt_odstate); 3501 fh_copy_shallow(&fp->fi_fhandle, fh); 3502 fp->fi_deleg_file = NULL; 3503 fp->fi_had_conflict = false; 3504 fp->fi_share_deny = 0; 3505 memset(fp->fi_fds, 0, sizeof(fp->fi_fds)); 3506 memset(fp->fi_access, 0, sizeof(fp->fi_access)); 3507 #ifdef CONFIG_NFSD_PNFS 3508 INIT_LIST_HEAD(&fp->fi_lo_states); 3509 atomic_set(&fp->fi_lo_recalls, 0); 3510 #endif 3511 hlist_add_head_rcu(&fp->fi_hash, &file_hashtbl[hashval]); 3512 } 3513 3514 void 3515 nfsd4_free_slabs(void) 3516 { 3517 kmem_cache_destroy(client_slab); 3518 kmem_cache_destroy(openowner_slab); 3519 kmem_cache_destroy(lockowner_slab); 3520 kmem_cache_destroy(file_slab); 3521 kmem_cache_destroy(stateid_slab); 3522 kmem_cache_destroy(deleg_slab); 3523 kmem_cache_destroy(odstate_slab); 3524 } 3525 3526 int 3527 nfsd4_init_slabs(void) 3528 { 3529 client_slab = kmem_cache_create("nfsd4_clients", 3530 sizeof(struct nfs4_client), 0, 0, NULL); 3531 if (client_slab == NULL) 3532 goto out; 3533 openowner_slab = kmem_cache_create("nfsd4_openowners", 3534 sizeof(struct nfs4_openowner), 0, 0, NULL); 3535 if (openowner_slab == NULL) 3536 goto out_free_client_slab; 3537 lockowner_slab = kmem_cache_create("nfsd4_lockowners", 3538 sizeof(struct nfs4_lockowner), 0, 0, NULL); 3539 if (lockowner_slab == NULL) 3540 goto out_free_openowner_slab; 3541 file_slab = kmem_cache_create("nfsd4_files", 3542 sizeof(struct nfs4_file), 0, 0, NULL); 3543 if (file_slab == NULL) 3544 goto out_free_lockowner_slab; 3545 stateid_slab = kmem_cache_create("nfsd4_stateids", 3546 sizeof(struct nfs4_ol_stateid), 0, 0, NULL); 3547 if (stateid_slab == NULL) 3548 goto out_free_file_slab; 3549 deleg_slab = kmem_cache_create("nfsd4_delegations", 3550 sizeof(struct nfs4_delegation), 0, 0, NULL); 3551 if (deleg_slab == NULL) 3552 goto out_free_stateid_slab; 3553 odstate_slab = kmem_cache_create("nfsd4_odstate", 3554 sizeof(struct nfs4_clnt_odstate), 0, 0, NULL); 3555 if (odstate_slab == NULL) 3556 goto out_free_deleg_slab; 3557 return 0; 3558 3559 out_free_deleg_slab: 3560 kmem_cache_destroy(deleg_slab); 3561 out_free_stateid_slab: 3562 kmem_cache_destroy(stateid_slab); 3563 out_free_file_slab: 3564 kmem_cache_destroy(file_slab); 3565 out_free_lockowner_slab: 3566 kmem_cache_destroy(lockowner_slab); 3567 out_free_openowner_slab: 3568 kmem_cache_destroy(openowner_slab); 3569 out_free_client_slab: 3570 kmem_cache_destroy(client_slab); 3571 out: 3572 dprintk("nfsd4: out of memory while initializing nfsv4\n"); 3573 return -ENOMEM; 3574 } 3575 3576 static void init_nfs4_replay(struct nfs4_replay *rp) 3577 { 3578 rp->rp_status = nfserr_serverfault; 3579 rp->rp_buflen = 0; 3580 rp->rp_buf = rp->rp_ibuf; 3581 mutex_init(&rp->rp_mutex); 3582 } 3583 3584 static void nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate, 3585 struct nfs4_stateowner *so) 3586 { 3587 if (!nfsd4_has_session(cstate)) { 3588 mutex_lock(&so->so_replay.rp_mutex); 3589 cstate->replay_owner = nfs4_get_stateowner(so); 3590 } 3591 } 3592 3593 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate) 3594 { 3595 struct nfs4_stateowner *so = cstate->replay_owner; 3596 3597 if (so != NULL) { 3598 cstate->replay_owner = NULL; 3599 mutex_unlock(&so->so_replay.rp_mutex); 3600 nfs4_put_stateowner(so); 3601 } 3602 } 3603 3604 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp) 3605 { 3606 struct nfs4_stateowner *sop; 3607 3608 sop = kmem_cache_alloc(slab, GFP_KERNEL); 3609 if (!sop) 3610 return NULL; 3611 3612 sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL); 3613 if (!sop->so_owner.data) { 3614 kmem_cache_free(slab, sop); 3615 return NULL; 3616 } 3617 sop->so_owner.len = owner->len; 3618 3619 INIT_LIST_HEAD(&sop->so_stateids); 3620 sop->so_client = clp; 3621 init_nfs4_replay(&sop->so_replay); 3622 atomic_set(&sop->so_count, 1); 3623 return sop; 3624 } 3625 3626 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval) 3627 { 3628 lockdep_assert_held(&clp->cl_lock); 3629 3630 list_add(&oo->oo_owner.so_strhash, 3631 &clp->cl_ownerstr_hashtbl[strhashval]); 3632 list_add(&oo->oo_perclient, &clp->cl_openowners); 3633 } 3634 3635 static void nfs4_unhash_openowner(struct nfs4_stateowner *so) 3636 { 3637 unhash_openowner_locked(openowner(so)); 3638 } 3639 3640 static void nfs4_free_openowner(struct nfs4_stateowner *so) 3641 { 3642 struct nfs4_openowner *oo = openowner(so); 3643 3644 kmem_cache_free(openowner_slab, oo); 3645 } 3646 3647 static const struct nfs4_stateowner_operations openowner_ops = { 3648 .so_unhash = nfs4_unhash_openowner, 3649 .so_free = nfs4_free_openowner, 3650 }; 3651 3652 static struct nfs4_ol_stateid * 3653 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 3654 { 3655 struct nfs4_ol_stateid *local, *ret = NULL; 3656 struct nfs4_openowner *oo = open->op_openowner; 3657 3658 lockdep_assert_held(&fp->fi_lock); 3659 3660 list_for_each_entry(local, &fp->fi_stateids, st_perfile) { 3661 /* ignore lock owners */ 3662 if (local->st_stateowner->so_is_open_owner == 0) 3663 continue; 3664 if (local->st_stateowner != &oo->oo_owner) 3665 continue; 3666 if (local->st_stid.sc_type == NFS4_OPEN_STID) { 3667 ret = local; 3668 refcount_inc(&ret->st_stid.sc_count); 3669 break; 3670 } 3671 } 3672 return ret; 3673 } 3674 3675 static __be32 3676 nfsd4_verify_open_stid(struct nfs4_stid *s) 3677 { 3678 __be32 ret = nfs_ok; 3679 3680 switch (s->sc_type) { 3681 default: 3682 break; 3683 case 0: 3684 case NFS4_CLOSED_STID: 3685 case NFS4_CLOSED_DELEG_STID: 3686 ret = nfserr_bad_stateid; 3687 break; 3688 case NFS4_REVOKED_DELEG_STID: 3689 ret = nfserr_deleg_revoked; 3690 } 3691 return ret; 3692 } 3693 3694 /* Lock the stateid st_mutex, and deal with races with CLOSE */ 3695 static __be32 3696 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp) 3697 { 3698 __be32 ret; 3699 3700 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX); 3701 ret = nfsd4_verify_open_stid(&stp->st_stid); 3702 if (ret != nfs_ok) 3703 mutex_unlock(&stp->st_mutex); 3704 return ret; 3705 } 3706 3707 static struct nfs4_ol_stateid * 3708 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 3709 { 3710 struct nfs4_ol_stateid *stp; 3711 for (;;) { 3712 spin_lock(&fp->fi_lock); 3713 stp = nfsd4_find_existing_open(fp, open); 3714 spin_unlock(&fp->fi_lock); 3715 if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok) 3716 break; 3717 nfs4_put_stid(&stp->st_stid); 3718 } 3719 return stp; 3720 } 3721 3722 static struct nfs4_openowner * 3723 alloc_init_open_stateowner(unsigned int strhashval, struct nfsd4_open *open, 3724 struct nfsd4_compound_state *cstate) 3725 { 3726 struct nfs4_client *clp = cstate->clp; 3727 struct nfs4_openowner *oo, *ret; 3728 3729 oo = alloc_stateowner(openowner_slab, &open->op_owner, clp); 3730 if (!oo) 3731 return NULL; 3732 oo->oo_owner.so_ops = &openowner_ops; 3733 oo->oo_owner.so_is_open_owner = 1; 3734 oo->oo_owner.so_seqid = open->op_seqid; 3735 oo->oo_flags = 0; 3736 if (nfsd4_has_session(cstate)) 3737 oo->oo_flags |= NFS4_OO_CONFIRMED; 3738 oo->oo_time = 0; 3739 oo->oo_last_closed_stid = NULL; 3740 INIT_LIST_HEAD(&oo->oo_close_lru); 3741 spin_lock(&clp->cl_lock); 3742 ret = find_openstateowner_str_locked(strhashval, open, clp); 3743 if (ret == NULL) { 3744 hash_openowner(oo, clp, strhashval); 3745 ret = oo; 3746 } else 3747 nfs4_free_stateowner(&oo->oo_owner); 3748 3749 spin_unlock(&clp->cl_lock); 3750 return ret; 3751 } 3752 3753 static struct nfs4_ol_stateid * 3754 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open) 3755 { 3756 3757 struct nfs4_openowner *oo = open->op_openowner; 3758 struct nfs4_ol_stateid *retstp = NULL; 3759 struct nfs4_ol_stateid *stp; 3760 3761 stp = open->op_stp; 3762 /* We are moving these outside of the spinlocks to avoid the warnings */ 3763 mutex_init(&stp->st_mutex); 3764 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 3765 3766 retry: 3767 spin_lock(&oo->oo_owner.so_client->cl_lock); 3768 spin_lock(&fp->fi_lock); 3769 3770 retstp = nfsd4_find_existing_open(fp, open); 3771 if (retstp) 3772 goto out_unlock; 3773 3774 open->op_stp = NULL; 3775 refcount_inc(&stp->st_stid.sc_count); 3776 stp->st_stid.sc_type = NFS4_OPEN_STID; 3777 INIT_LIST_HEAD(&stp->st_locks); 3778 stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner); 3779 get_nfs4_file(fp); 3780 stp->st_stid.sc_file = fp; 3781 stp->st_access_bmap = 0; 3782 stp->st_deny_bmap = 0; 3783 stp->st_openstp = NULL; 3784 list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids); 3785 list_add(&stp->st_perfile, &fp->fi_stateids); 3786 3787 out_unlock: 3788 spin_unlock(&fp->fi_lock); 3789 spin_unlock(&oo->oo_owner.so_client->cl_lock); 3790 if (retstp) { 3791 /* Handle races with CLOSE */ 3792 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 3793 nfs4_put_stid(&retstp->st_stid); 3794 goto retry; 3795 } 3796 /* To keep mutex tracking happy */ 3797 mutex_unlock(&stp->st_mutex); 3798 stp = retstp; 3799 } 3800 return stp; 3801 } 3802 3803 /* 3804 * In the 4.0 case we need to keep the owners around a little while to handle 3805 * CLOSE replay. We still do need to release any file access that is held by 3806 * them before returning however. 3807 */ 3808 static void 3809 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net) 3810 { 3811 struct nfs4_ol_stateid *last; 3812 struct nfs4_openowner *oo = openowner(s->st_stateowner); 3813 struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net, 3814 nfsd_net_id); 3815 3816 dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo); 3817 3818 /* 3819 * We know that we hold one reference via nfsd4_close, and another 3820 * "persistent" reference for the client. If the refcount is higher 3821 * than 2, then there are still calls in progress that are using this 3822 * stateid. We can't put the sc_file reference until they are finished. 3823 * Wait for the refcount to drop to 2. Since it has been unhashed, 3824 * there should be no danger of the refcount going back up again at 3825 * this point. 3826 */ 3827 wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2); 3828 3829 release_all_access(s); 3830 if (s->st_stid.sc_file) { 3831 put_nfs4_file(s->st_stid.sc_file); 3832 s->st_stid.sc_file = NULL; 3833 } 3834 3835 spin_lock(&nn->client_lock); 3836 last = oo->oo_last_closed_stid; 3837 oo->oo_last_closed_stid = s; 3838 list_move_tail(&oo->oo_close_lru, &nn->close_lru); 3839 oo->oo_time = get_seconds(); 3840 spin_unlock(&nn->client_lock); 3841 if (last) 3842 nfs4_put_stid(&last->st_stid); 3843 } 3844 3845 /* search file_hashtbl[] for file */ 3846 static struct nfs4_file * 3847 find_file_locked(struct knfsd_fh *fh, unsigned int hashval) 3848 { 3849 struct nfs4_file *fp; 3850 3851 hlist_for_each_entry_rcu(fp, &file_hashtbl[hashval], fi_hash) { 3852 if (fh_match(&fp->fi_fhandle, fh)) { 3853 if (refcount_inc_not_zero(&fp->fi_ref)) 3854 return fp; 3855 } 3856 } 3857 return NULL; 3858 } 3859 3860 struct nfs4_file * 3861 find_file(struct knfsd_fh *fh) 3862 { 3863 struct nfs4_file *fp; 3864 unsigned int hashval = file_hashval(fh); 3865 3866 rcu_read_lock(); 3867 fp = find_file_locked(fh, hashval); 3868 rcu_read_unlock(); 3869 return fp; 3870 } 3871 3872 static struct nfs4_file * 3873 find_or_add_file(struct nfs4_file *new, struct knfsd_fh *fh) 3874 { 3875 struct nfs4_file *fp; 3876 unsigned int hashval = file_hashval(fh); 3877 3878 rcu_read_lock(); 3879 fp = find_file_locked(fh, hashval); 3880 rcu_read_unlock(); 3881 if (fp) 3882 return fp; 3883 3884 spin_lock(&state_lock); 3885 fp = find_file_locked(fh, hashval); 3886 if (likely(fp == NULL)) { 3887 nfsd4_init_file(fh, hashval, new); 3888 fp = new; 3889 } 3890 spin_unlock(&state_lock); 3891 3892 return fp; 3893 } 3894 3895 /* 3896 * Called to check deny when READ with all zero stateid or 3897 * WRITE with all zero or all one stateid 3898 */ 3899 static __be32 3900 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type) 3901 { 3902 struct nfs4_file *fp; 3903 __be32 ret = nfs_ok; 3904 3905 fp = find_file(¤t_fh->fh_handle); 3906 if (!fp) 3907 return ret; 3908 /* Check for conflicting share reservations */ 3909 spin_lock(&fp->fi_lock); 3910 if (fp->fi_share_deny & deny_type) 3911 ret = nfserr_locked; 3912 spin_unlock(&fp->fi_lock); 3913 put_nfs4_file(fp); 3914 return ret; 3915 } 3916 3917 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb) 3918 { 3919 struct nfs4_delegation *dp = cb_to_delegation(cb); 3920 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 3921 nfsd_net_id); 3922 3923 block_delegations(&dp->dl_stid.sc_file->fi_fhandle); 3924 3925 /* 3926 * We can't do this in nfsd_break_deleg_cb because it is 3927 * already holding inode->i_lock. 3928 * 3929 * If the dl_time != 0, then we know that it has already been 3930 * queued for a lease break. Don't queue it again. 3931 */ 3932 spin_lock(&state_lock); 3933 if (dp->dl_time == 0) { 3934 dp->dl_time = get_seconds(); 3935 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru); 3936 } 3937 spin_unlock(&state_lock); 3938 } 3939 3940 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb, 3941 struct rpc_task *task) 3942 { 3943 struct nfs4_delegation *dp = cb_to_delegation(cb); 3944 3945 if (dp->dl_stid.sc_type == NFS4_CLOSED_DELEG_STID) 3946 return 1; 3947 3948 switch (task->tk_status) { 3949 case 0: 3950 return 1; 3951 case -EBADHANDLE: 3952 case -NFS4ERR_BAD_STATEID: 3953 /* 3954 * Race: client probably got cb_recall before open reply 3955 * granting delegation. 3956 */ 3957 if (dp->dl_retries--) { 3958 rpc_delay(task, 2 * HZ); 3959 return 0; 3960 } 3961 /*FALLTHRU*/ 3962 default: 3963 return -1; 3964 } 3965 } 3966 3967 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb) 3968 { 3969 struct nfs4_delegation *dp = cb_to_delegation(cb); 3970 3971 nfs4_put_stid(&dp->dl_stid); 3972 } 3973 3974 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = { 3975 .prepare = nfsd4_cb_recall_prepare, 3976 .done = nfsd4_cb_recall_done, 3977 .release = nfsd4_cb_recall_release, 3978 }; 3979 3980 static void nfsd_break_one_deleg(struct nfs4_delegation *dp) 3981 { 3982 /* 3983 * We're assuming the state code never drops its reference 3984 * without first removing the lease. Since we're in this lease 3985 * callback (and since the lease code is serialized by the 3986 * i_lock) we know the server hasn't removed the lease yet, and 3987 * we know it's safe to take a reference. 3988 */ 3989 refcount_inc(&dp->dl_stid.sc_count); 3990 nfsd4_run_cb(&dp->dl_recall); 3991 } 3992 3993 /* Called from break_lease() with i_lock held. */ 3994 static bool 3995 nfsd_break_deleg_cb(struct file_lock *fl) 3996 { 3997 bool ret = false; 3998 struct nfs4_delegation *dp = (struct nfs4_delegation *)fl->fl_owner; 3999 struct nfs4_file *fp = dp->dl_stid.sc_file; 4000 4001 /* 4002 * We don't want the locks code to timeout the lease for us; 4003 * we'll remove it ourself if a delegation isn't returned 4004 * in time: 4005 */ 4006 fl->fl_break_time = 0; 4007 4008 spin_lock(&fp->fi_lock); 4009 fp->fi_had_conflict = true; 4010 nfsd_break_one_deleg(dp); 4011 spin_unlock(&fp->fi_lock); 4012 return ret; 4013 } 4014 4015 static int 4016 nfsd_change_deleg_cb(struct file_lock *onlist, int arg, 4017 struct list_head *dispose) 4018 { 4019 if (arg & F_UNLCK) 4020 return lease_modify(onlist, arg, dispose); 4021 else 4022 return -EAGAIN; 4023 } 4024 4025 static const struct lock_manager_operations nfsd_lease_mng_ops = { 4026 .lm_break = nfsd_break_deleg_cb, 4027 .lm_change = nfsd_change_deleg_cb, 4028 }; 4029 4030 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid) 4031 { 4032 if (nfsd4_has_session(cstate)) 4033 return nfs_ok; 4034 if (seqid == so->so_seqid - 1) 4035 return nfserr_replay_me; 4036 if (seqid == so->so_seqid) 4037 return nfs_ok; 4038 return nfserr_bad_seqid; 4039 } 4040 4041 static __be32 lookup_clientid(clientid_t *clid, 4042 struct nfsd4_compound_state *cstate, 4043 struct nfsd_net *nn) 4044 { 4045 struct nfs4_client *found; 4046 4047 if (cstate->clp) { 4048 found = cstate->clp; 4049 if (!same_clid(&found->cl_clientid, clid)) 4050 return nfserr_stale_clientid; 4051 return nfs_ok; 4052 } 4053 4054 if (STALE_CLIENTID(clid, nn)) 4055 return nfserr_stale_clientid; 4056 4057 /* 4058 * For v4.1+ we get the client in the SEQUENCE op. If we don't have one 4059 * cached already then we know this is for is for v4.0 and "sessions" 4060 * will be false. 4061 */ 4062 WARN_ON_ONCE(cstate->session); 4063 spin_lock(&nn->client_lock); 4064 found = find_confirmed_client(clid, false, nn); 4065 if (!found) { 4066 spin_unlock(&nn->client_lock); 4067 return nfserr_expired; 4068 } 4069 atomic_inc(&found->cl_refcount); 4070 spin_unlock(&nn->client_lock); 4071 4072 /* Cache the nfs4_client in cstate! */ 4073 cstate->clp = found; 4074 return nfs_ok; 4075 } 4076 4077 __be32 4078 nfsd4_process_open1(struct nfsd4_compound_state *cstate, 4079 struct nfsd4_open *open, struct nfsd_net *nn) 4080 { 4081 clientid_t *clientid = &open->op_clientid; 4082 struct nfs4_client *clp = NULL; 4083 unsigned int strhashval; 4084 struct nfs4_openowner *oo = NULL; 4085 __be32 status; 4086 4087 if (STALE_CLIENTID(&open->op_clientid, nn)) 4088 return nfserr_stale_clientid; 4089 /* 4090 * In case we need it later, after we've already created the 4091 * file and don't want to risk a further failure: 4092 */ 4093 open->op_file = nfsd4_alloc_file(); 4094 if (open->op_file == NULL) 4095 return nfserr_jukebox; 4096 4097 status = lookup_clientid(clientid, cstate, nn); 4098 if (status) 4099 return status; 4100 clp = cstate->clp; 4101 4102 strhashval = ownerstr_hashval(&open->op_owner); 4103 oo = find_openstateowner_str(strhashval, open, clp); 4104 open->op_openowner = oo; 4105 if (!oo) { 4106 goto new_owner; 4107 } 4108 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { 4109 /* Replace unconfirmed owners without checking for replay. */ 4110 release_openowner(oo); 4111 open->op_openowner = NULL; 4112 goto new_owner; 4113 } 4114 status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); 4115 if (status) 4116 return status; 4117 goto alloc_stateid; 4118 new_owner: 4119 oo = alloc_init_open_stateowner(strhashval, open, cstate); 4120 if (oo == NULL) 4121 return nfserr_jukebox; 4122 open->op_openowner = oo; 4123 alloc_stateid: 4124 open->op_stp = nfs4_alloc_open_stateid(clp); 4125 if (!open->op_stp) 4126 return nfserr_jukebox; 4127 4128 if (nfsd4_has_session(cstate) && 4129 (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) { 4130 open->op_odstate = alloc_clnt_odstate(clp); 4131 if (!open->op_odstate) 4132 return nfserr_jukebox; 4133 } 4134 4135 return nfs_ok; 4136 } 4137 4138 static inline __be32 4139 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags) 4140 { 4141 if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ)) 4142 return nfserr_openmode; 4143 else 4144 return nfs_ok; 4145 } 4146 4147 static int share_access_to_flags(u32 share_access) 4148 { 4149 return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE; 4150 } 4151 4152 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s) 4153 { 4154 struct nfs4_stid *ret; 4155 4156 ret = find_stateid_by_type(cl, s, 4157 NFS4_DELEG_STID|NFS4_REVOKED_DELEG_STID); 4158 if (!ret) 4159 return NULL; 4160 return delegstateid(ret); 4161 } 4162 4163 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open) 4164 { 4165 return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR || 4166 open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH; 4167 } 4168 4169 static __be32 4170 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open, 4171 struct nfs4_delegation **dp) 4172 { 4173 int flags; 4174 __be32 status = nfserr_bad_stateid; 4175 struct nfs4_delegation *deleg; 4176 4177 deleg = find_deleg_stateid(cl, &open->op_delegate_stateid); 4178 if (deleg == NULL) 4179 goto out; 4180 if (deleg->dl_stid.sc_type == NFS4_REVOKED_DELEG_STID) { 4181 nfs4_put_stid(&deleg->dl_stid); 4182 if (cl->cl_minorversion) 4183 status = nfserr_deleg_revoked; 4184 goto out; 4185 } 4186 flags = share_access_to_flags(open->op_share_access); 4187 status = nfs4_check_delegmode(deleg, flags); 4188 if (status) { 4189 nfs4_put_stid(&deleg->dl_stid); 4190 goto out; 4191 } 4192 *dp = deleg; 4193 out: 4194 if (!nfsd4_is_deleg_cur(open)) 4195 return nfs_ok; 4196 if (status) 4197 return status; 4198 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 4199 return nfs_ok; 4200 } 4201 4202 static inline int nfs4_access_to_access(u32 nfs4_access) 4203 { 4204 int flags = 0; 4205 4206 if (nfs4_access & NFS4_SHARE_ACCESS_READ) 4207 flags |= NFSD_MAY_READ; 4208 if (nfs4_access & NFS4_SHARE_ACCESS_WRITE) 4209 flags |= NFSD_MAY_WRITE; 4210 return flags; 4211 } 4212 4213 static inline __be32 4214 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh, 4215 struct nfsd4_open *open) 4216 { 4217 struct iattr iattr = { 4218 .ia_valid = ATTR_SIZE, 4219 .ia_size = 0, 4220 }; 4221 if (!open->op_truncate) 4222 return 0; 4223 if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE)) 4224 return nfserr_inval; 4225 return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0); 4226 } 4227 4228 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp, 4229 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 4230 struct nfsd4_open *open) 4231 { 4232 struct file *filp = NULL; 4233 __be32 status; 4234 int oflag = nfs4_access_to_omode(open->op_share_access); 4235 int access = nfs4_access_to_access(open->op_share_access); 4236 unsigned char old_access_bmap, old_deny_bmap; 4237 4238 spin_lock(&fp->fi_lock); 4239 4240 /* 4241 * Are we trying to set a deny mode that would conflict with 4242 * current access? 4243 */ 4244 status = nfs4_file_check_deny(fp, open->op_share_deny); 4245 if (status != nfs_ok) { 4246 spin_unlock(&fp->fi_lock); 4247 goto out; 4248 } 4249 4250 /* set access to the file */ 4251 status = nfs4_file_get_access(fp, open->op_share_access); 4252 if (status != nfs_ok) { 4253 spin_unlock(&fp->fi_lock); 4254 goto out; 4255 } 4256 4257 /* Set access bits in stateid */ 4258 old_access_bmap = stp->st_access_bmap; 4259 set_access(open->op_share_access, stp); 4260 4261 /* Set new deny mask */ 4262 old_deny_bmap = stp->st_deny_bmap; 4263 set_deny(open->op_share_deny, stp); 4264 fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 4265 4266 if (!fp->fi_fds[oflag]) { 4267 spin_unlock(&fp->fi_lock); 4268 status = nfsd_open(rqstp, cur_fh, S_IFREG, access, &filp); 4269 if (status) 4270 goto out_put_access; 4271 spin_lock(&fp->fi_lock); 4272 if (!fp->fi_fds[oflag]) { 4273 fp->fi_fds[oflag] = filp; 4274 filp = NULL; 4275 } 4276 } 4277 spin_unlock(&fp->fi_lock); 4278 if (filp) 4279 fput(filp); 4280 4281 status = nfsd4_truncate(rqstp, cur_fh, open); 4282 if (status) 4283 goto out_put_access; 4284 out: 4285 return status; 4286 out_put_access: 4287 stp->st_access_bmap = old_access_bmap; 4288 nfs4_file_put_access(fp, open->op_share_access); 4289 reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp); 4290 goto out; 4291 } 4292 4293 static __be32 4294 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open) 4295 { 4296 __be32 status; 4297 unsigned char old_deny_bmap = stp->st_deny_bmap; 4298 4299 if (!test_access(open->op_share_access, stp)) 4300 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open); 4301 4302 /* test and set deny mode */ 4303 spin_lock(&fp->fi_lock); 4304 status = nfs4_file_check_deny(fp, open->op_share_deny); 4305 if (status == nfs_ok) { 4306 set_deny(open->op_share_deny, stp); 4307 fp->fi_share_deny |= 4308 (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 4309 } 4310 spin_unlock(&fp->fi_lock); 4311 4312 if (status != nfs_ok) 4313 return status; 4314 4315 status = nfsd4_truncate(rqstp, cur_fh, open); 4316 if (status != nfs_ok) 4317 reset_union_bmap_deny(old_deny_bmap, stp); 4318 return status; 4319 } 4320 4321 /* Should we give out recallable state?: */ 4322 static bool nfsd4_cb_channel_good(struct nfs4_client *clp) 4323 { 4324 if (clp->cl_cb_state == NFSD4_CB_UP) 4325 return true; 4326 /* 4327 * In the sessions case, since we don't have to establish a 4328 * separate connection for callbacks, we assume it's OK 4329 * until we hear otherwise: 4330 */ 4331 return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN; 4332 } 4333 4334 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_delegation *dp, 4335 int flag) 4336 { 4337 struct file_lock *fl; 4338 4339 fl = locks_alloc_lock(); 4340 if (!fl) 4341 return NULL; 4342 fl->fl_lmops = &nfsd_lease_mng_ops; 4343 fl->fl_flags = FL_DELEG; 4344 fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK; 4345 fl->fl_end = OFFSET_MAX; 4346 fl->fl_owner = (fl_owner_t)dp; 4347 fl->fl_pid = current->tgid; 4348 fl->fl_file = dp->dl_stid.sc_file->fi_deleg_file; 4349 return fl; 4350 } 4351 4352 static struct nfs4_delegation * 4353 nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh, 4354 struct nfs4_file *fp, struct nfs4_clnt_odstate *odstate) 4355 { 4356 int status = 0; 4357 struct nfs4_delegation *dp; 4358 struct file *filp; 4359 struct file_lock *fl; 4360 4361 /* 4362 * The fi_had_conflict and nfs_get_existing_delegation checks 4363 * here are just optimizations; we'll need to recheck them at 4364 * the end: 4365 */ 4366 if (fp->fi_had_conflict) 4367 return ERR_PTR(-EAGAIN); 4368 4369 filp = find_readable_file(fp); 4370 if (!filp) { 4371 /* We should always have a readable file here */ 4372 WARN_ON_ONCE(1); 4373 return ERR_PTR(-EBADF); 4374 } 4375 spin_lock(&state_lock); 4376 spin_lock(&fp->fi_lock); 4377 if (nfs4_delegation_exists(clp, fp)) 4378 status = -EAGAIN; 4379 else if (!fp->fi_deleg_file) { 4380 fp->fi_deleg_file = filp; 4381 /* increment early to prevent fi_deleg_file from being 4382 * cleared */ 4383 fp->fi_delegees = 1; 4384 filp = NULL; 4385 } else 4386 fp->fi_delegees++; 4387 spin_unlock(&fp->fi_lock); 4388 spin_unlock(&state_lock); 4389 if (filp) 4390 fput(filp); 4391 if (status) 4392 return ERR_PTR(status); 4393 4394 status = -ENOMEM; 4395 dp = alloc_init_deleg(clp, fp, fh, odstate); 4396 if (!dp) 4397 goto out_delegees; 4398 4399 fl = nfs4_alloc_init_lease(dp, NFS4_OPEN_DELEGATE_READ); 4400 if (!fl) 4401 goto out_clnt_odstate; 4402 4403 status = vfs_setlease(fp->fi_deleg_file, fl->fl_type, &fl, NULL); 4404 if (fl) 4405 locks_free_lock(fl); 4406 if (status) 4407 goto out_clnt_odstate; 4408 4409 spin_lock(&state_lock); 4410 spin_lock(&fp->fi_lock); 4411 if (fp->fi_had_conflict) 4412 status = -EAGAIN; 4413 else 4414 status = hash_delegation_locked(dp, fp); 4415 spin_unlock(&fp->fi_lock); 4416 spin_unlock(&state_lock); 4417 4418 if (status) 4419 goto out_unlock; 4420 4421 return dp; 4422 out_unlock: 4423 vfs_setlease(fp->fi_deleg_file, F_UNLCK, NULL, (void **)&dp); 4424 out_clnt_odstate: 4425 put_clnt_odstate(dp->dl_clnt_odstate); 4426 nfs4_put_stid(&dp->dl_stid); 4427 out_delegees: 4428 put_deleg_file(fp); 4429 return ERR_PTR(status); 4430 } 4431 4432 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status) 4433 { 4434 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 4435 if (status == -EAGAIN) 4436 open->op_why_no_deleg = WND4_CONTENTION; 4437 else { 4438 open->op_why_no_deleg = WND4_RESOURCE; 4439 switch (open->op_deleg_want) { 4440 case NFS4_SHARE_WANT_READ_DELEG: 4441 case NFS4_SHARE_WANT_WRITE_DELEG: 4442 case NFS4_SHARE_WANT_ANY_DELEG: 4443 break; 4444 case NFS4_SHARE_WANT_CANCEL: 4445 open->op_why_no_deleg = WND4_CANCELLED; 4446 break; 4447 case NFS4_SHARE_WANT_NO_DELEG: 4448 WARN_ON_ONCE(1); 4449 } 4450 } 4451 } 4452 4453 /* 4454 * Attempt to hand out a delegation. 4455 * 4456 * Note we don't support write delegations, and won't until the vfs has 4457 * proper support for them. 4458 */ 4459 static void 4460 nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open, 4461 struct nfs4_ol_stateid *stp) 4462 { 4463 struct nfs4_delegation *dp; 4464 struct nfs4_openowner *oo = openowner(stp->st_stateowner); 4465 struct nfs4_client *clp = stp->st_stid.sc_client; 4466 int cb_up; 4467 int status = 0; 4468 4469 cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client); 4470 open->op_recall = 0; 4471 switch (open->op_claim_type) { 4472 case NFS4_OPEN_CLAIM_PREVIOUS: 4473 if (!cb_up) 4474 open->op_recall = 1; 4475 if (open->op_delegate_type != NFS4_OPEN_DELEGATE_READ) 4476 goto out_no_deleg; 4477 break; 4478 case NFS4_OPEN_CLAIM_NULL: 4479 case NFS4_OPEN_CLAIM_FH: 4480 /* 4481 * Let's not give out any delegations till everyone's 4482 * had the chance to reclaim theirs, *and* until 4483 * NLM locks have all been reclaimed: 4484 */ 4485 if (locks_in_grace(clp->net)) 4486 goto out_no_deleg; 4487 if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED)) 4488 goto out_no_deleg; 4489 /* 4490 * Also, if the file was opened for write or 4491 * create, there's a good chance the client's 4492 * about to write to it, resulting in an 4493 * immediate recall (since we don't support 4494 * write delegations): 4495 */ 4496 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) 4497 goto out_no_deleg; 4498 if (open->op_create == NFS4_OPEN_CREATE) 4499 goto out_no_deleg; 4500 break; 4501 default: 4502 goto out_no_deleg; 4503 } 4504 dp = nfs4_set_delegation(clp, fh, stp->st_stid.sc_file, stp->st_clnt_odstate); 4505 if (IS_ERR(dp)) 4506 goto out_no_deleg; 4507 4508 memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid)); 4509 4510 dprintk("NFSD: delegation stateid=" STATEID_FMT "\n", 4511 STATEID_VAL(&dp->dl_stid.sc_stateid)); 4512 open->op_delegate_type = NFS4_OPEN_DELEGATE_READ; 4513 nfs4_put_stid(&dp->dl_stid); 4514 return; 4515 out_no_deleg: 4516 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE; 4517 if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS && 4518 open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) { 4519 dprintk("NFSD: WARNING: refusing delegation reclaim\n"); 4520 open->op_recall = 1; 4521 } 4522 4523 /* 4.1 client asking for a delegation? */ 4524 if (open->op_deleg_want) 4525 nfsd4_open_deleg_none_ext(open, status); 4526 return; 4527 } 4528 4529 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open, 4530 struct nfs4_delegation *dp) 4531 { 4532 if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG && 4533 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 4534 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 4535 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE; 4536 } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG && 4537 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) { 4538 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 4539 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE; 4540 } 4541 /* Otherwise the client must be confused wanting a delegation 4542 * it already has, therefore we don't return 4543 * NFS4_OPEN_DELEGATE_NONE_EXT and reason. 4544 */ 4545 } 4546 4547 __be32 4548 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) 4549 { 4550 struct nfsd4_compoundres *resp = rqstp->rq_resp; 4551 struct nfs4_client *cl = open->op_openowner->oo_owner.so_client; 4552 struct nfs4_file *fp = NULL; 4553 struct nfs4_ol_stateid *stp = NULL; 4554 struct nfs4_delegation *dp = NULL; 4555 __be32 status; 4556 bool new_stp = false; 4557 4558 /* 4559 * Lookup file; if found, lookup stateid and check open request, 4560 * and check for delegations in the process of being recalled. 4561 * If not found, create the nfs4_file struct 4562 */ 4563 fp = find_or_add_file(open->op_file, ¤t_fh->fh_handle); 4564 if (fp != open->op_file) { 4565 status = nfs4_check_deleg(cl, open, &dp); 4566 if (status) 4567 goto out; 4568 stp = nfsd4_find_and_lock_existing_open(fp, open); 4569 } else { 4570 open->op_file = NULL; 4571 status = nfserr_bad_stateid; 4572 if (nfsd4_is_deleg_cur(open)) 4573 goto out; 4574 } 4575 4576 if (!stp) { 4577 stp = init_open_stateid(fp, open); 4578 if (!open->op_stp) 4579 new_stp = true; 4580 } 4581 4582 /* 4583 * OPEN the file, or upgrade an existing OPEN. 4584 * If truncate fails, the OPEN fails. 4585 * 4586 * stp is already locked. 4587 */ 4588 if (!new_stp) { 4589 /* Stateid was found, this is an OPEN upgrade */ 4590 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); 4591 if (status) { 4592 mutex_unlock(&stp->st_mutex); 4593 goto out; 4594 } 4595 } else { 4596 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open); 4597 if (status) { 4598 stp->st_stid.sc_type = NFS4_CLOSED_STID; 4599 release_open_stateid(stp); 4600 mutex_unlock(&stp->st_mutex); 4601 goto out; 4602 } 4603 4604 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp, 4605 open->op_odstate); 4606 if (stp->st_clnt_odstate == open->op_odstate) 4607 open->op_odstate = NULL; 4608 } 4609 4610 nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid); 4611 mutex_unlock(&stp->st_mutex); 4612 4613 if (nfsd4_has_session(&resp->cstate)) { 4614 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) { 4615 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT; 4616 open->op_why_no_deleg = WND4_NOT_WANTED; 4617 goto nodeleg; 4618 } 4619 } 4620 4621 /* 4622 * Attempt to hand out a delegation. No error return, because the 4623 * OPEN succeeds even if we fail. 4624 */ 4625 nfs4_open_delegation(current_fh, open, stp); 4626 nodeleg: 4627 status = nfs_ok; 4628 4629 dprintk("%s: stateid=" STATEID_FMT "\n", __func__, 4630 STATEID_VAL(&stp->st_stid.sc_stateid)); 4631 out: 4632 /* 4.1 client trying to upgrade/downgrade delegation? */ 4633 if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp && 4634 open->op_deleg_want) 4635 nfsd4_deleg_xgrade_none_ext(open, dp); 4636 4637 if (fp) 4638 put_nfs4_file(fp); 4639 if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS) 4640 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 4641 /* 4642 * To finish the open response, we just need to set the rflags. 4643 */ 4644 open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX; 4645 if (nfsd4_has_session(&resp->cstate)) 4646 open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK; 4647 else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED)) 4648 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM; 4649 4650 if (dp) 4651 nfs4_put_stid(&dp->dl_stid); 4652 if (stp) 4653 nfs4_put_stid(&stp->st_stid); 4654 4655 return status; 4656 } 4657 4658 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, 4659 struct nfsd4_open *open) 4660 { 4661 if (open->op_openowner) { 4662 struct nfs4_stateowner *so = &open->op_openowner->oo_owner; 4663 4664 nfsd4_cstate_assign_replay(cstate, so); 4665 nfs4_put_stateowner(so); 4666 } 4667 if (open->op_file) 4668 kmem_cache_free(file_slab, open->op_file); 4669 if (open->op_stp) 4670 nfs4_put_stid(&open->op_stp->st_stid); 4671 if (open->op_odstate) 4672 kmem_cache_free(odstate_slab, open->op_odstate); 4673 } 4674 4675 __be32 4676 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4677 union nfsd4_op_u *u) 4678 { 4679 clientid_t *clid = &u->renew; 4680 struct nfs4_client *clp; 4681 __be32 status; 4682 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4683 4684 dprintk("process_renew(%08x/%08x): starting\n", 4685 clid->cl_boot, clid->cl_id); 4686 status = lookup_clientid(clid, cstate, nn); 4687 if (status) 4688 goto out; 4689 clp = cstate->clp; 4690 status = nfserr_cb_path_down; 4691 if (!list_empty(&clp->cl_delegations) 4692 && clp->cl_cb_state != NFSD4_CB_UP) 4693 goto out; 4694 status = nfs_ok; 4695 out: 4696 return status; 4697 } 4698 4699 void 4700 nfsd4_end_grace(struct nfsd_net *nn) 4701 { 4702 /* do nothing if grace period already ended */ 4703 if (nn->grace_ended) 4704 return; 4705 4706 dprintk("NFSD: end of grace period\n"); 4707 nn->grace_ended = true; 4708 /* 4709 * If the server goes down again right now, an NFSv4 4710 * client will still be allowed to reclaim after it comes back up, 4711 * even if it hasn't yet had a chance to reclaim state this time. 4712 * 4713 */ 4714 nfsd4_record_grace_done(nn); 4715 /* 4716 * At this point, NFSv4 clients can still reclaim. But if the 4717 * server crashes, any that have not yet reclaimed will be out 4718 * of luck on the next boot. 4719 * 4720 * (NFSv4.1+ clients are considered to have reclaimed once they 4721 * call RECLAIM_COMPLETE. NFSv4.0 clients are considered to 4722 * have reclaimed after their first OPEN.) 4723 */ 4724 locks_end_grace(&nn->nfsd4_manager); 4725 /* 4726 * At this point, and once lockd and/or any other containers 4727 * exit their grace period, further reclaims will fail and 4728 * regular locking can resume. 4729 */ 4730 } 4731 4732 /* 4733 * If we've waited a lease period but there are still clients trying to 4734 * reclaim, wait a little longer to give them a chance to finish. 4735 */ 4736 static bool clients_still_reclaiming(struct nfsd_net *nn) 4737 { 4738 unsigned long now = get_seconds(); 4739 unsigned long double_grace_period_end = nn->boot_time + 4740 2 * nn->nfsd4_lease; 4741 4742 if (!nn->somebody_reclaimed) 4743 return false; 4744 nn->somebody_reclaimed = false; 4745 /* 4746 * If we've given them *two* lease times to reclaim, and they're 4747 * still not done, give up: 4748 */ 4749 if (time_after(now, double_grace_period_end)) 4750 return false; 4751 return true; 4752 } 4753 4754 static time_t 4755 nfs4_laundromat(struct nfsd_net *nn) 4756 { 4757 struct nfs4_client *clp; 4758 struct nfs4_openowner *oo; 4759 struct nfs4_delegation *dp; 4760 struct nfs4_ol_stateid *stp; 4761 struct nfsd4_blocked_lock *nbl; 4762 struct list_head *pos, *next, reaplist; 4763 time_t cutoff = get_seconds() - nn->nfsd4_lease; 4764 time_t t, new_timeo = nn->nfsd4_lease; 4765 4766 dprintk("NFSD: laundromat service - starting\n"); 4767 4768 if (clients_still_reclaiming(nn)) { 4769 new_timeo = 0; 4770 goto out; 4771 } 4772 nfsd4_end_grace(nn); 4773 INIT_LIST_HEAD(&reaplist); 4774 spin_lock(&nn->client_lock); 4775 list_for_each_safe(pos, next, &nn->client_lru) { 4776 clp = list_entry(pos, struct nfs4_client, cl_lru); 4777 if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) { 4778 t = clp->cl_time - cutoff; 4779 new_timeo = min(new_timeo, t); 4780 break; 4781 } 4782 if (mark_client_expired_locked(clp)) { 4783 dprintk("NFSD: client in use (clientid %08x)\n", 4784 clp->cl_clientid.cl_id); 4785 continue; 4786 } 4787 list_add(&clp->cl_lru, &reaplist); 4788 } 4789 spin_unlock(&nn->client_lock); 4790 list_for_each_safe(pos, next, &reaplist) { 4791 clp = list_entry(pos, struct nfs4_client, cl_lru); 4792 dprintk("NFSD: purging unused client (clientid %08x)\n", 4793 clp->cl_clientid.cl_id); 4794 list_del_init(&clp->cl_lru); 4795 expire_client(clp); 4796 } 4797 spin_lock(&state_lock); 4798 list_for_each_safe(pos, next, &nn->del_recall_lru) { 4799 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 4800 if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) { 4801 t = dp->dl_time - cutoff; 4802 new_timeo = min(new_timeo, t); 4803 break; 4804 } 4805 WARN_ON(!unhash_delegation_locked(dp)); 4806 list_add(&dp->dl_recall_lru, &reaplist); 4807 } 4808 spin_unlock(&state_lock); 4809 while (!list_empty(&reaplist)) { 4810 dp = list_first_entry(&reaplist, struct nfs4_delegation, 4811 dl_recall_lru); 4812 list_del_init(&dp->dl_recall_lru); 4813 revoke_delegation(dp); 4814 } 4815 4816 spin_lock(&nn->client_lock); 4817 while (!list_empty(&nn->close_lru)) { 4818 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner, 4819 oo_close_lru); 4820 if (time_after((unsigned long)oo->oo_time, 4821 (unsigned long)cutoff)) { 4822 t = oo->oo_time - cutoff; 4823 new_timeo = min(new_timeo, t); 4824 break; 4825 } 4826 list_del_init(&oo->oo_close_lru); 4827 stp = oo->oo_last_closed_stid; 4828 oo->oo_last_closed_stid = NULL; 4829 spin_unlock(&nn->client_lock); 4830 nfs4_put_stid(&stp->st_stid); 4831 spin_lock(&nn->client_lock); 4832 } 4833 spin_unlock(&nn->client_lock); 4834 4835 /* 4836 * It's possible for a client to try and acquire an already held lock 4837 * that is being held for a long time, and then lose interest in it. 4838 * So, we clean out any un-revisited request after a lease period 4839 * under the assumption that the client is no longer interested. 4840 * 4841 * RFC5661, sec. 9.6 states that the client must not rely on getting 4842 * notifications and must continue to poll for locks, even when the 4843 * server supports them. Thus this shouldn't lead to clients blocking 4844 * indefinitely once the lock does become free. 4845 */ 4846 BUG_ON(!list_empty(&reaplist)); 4847 spin_lock(&nn->blocked_locks_lock); 4848 while (!list_empty(&nn->blocked_locks_lru)) { 4849 nbl = list_first_entry(&nn->blocked_locks_lru, 4850 struct nfsd4_blocked_lock, nbl_lru); 4851 if (time_after((unsigned long)nbl->nbl_time, 4852 (unsigned long)cutoff)) { 4853 t = nbl->nbl_time - cutoff; 4854 new_timeo = min(new_timeo, t); 4855 break; 4856 } 4857 list_move(&nbl->nbl_lru, &reaplist); 4858 list_del_init(&nbl->nbl_list); 4859 } 4860 spin_unlock(&nn->blocked_locks_lock); 4861 4862 while (!list_empty(&reaplist)) { 4863 nbl = list_first_entry(&reaplist, 4864 struct nfsd4_blocked_lock, nbl_lru); 4865 list_del_init(&nbl->nbl_lru); 4866 locks_delete_block(&nbl->nbl_lock); 4867 free_blocked_lock(nbl); 4868 } 4869 out: 4870 new_timeo = max_t(time_t, new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT); 4871 return new_timeo; 4872 } 4873 4874 static struct workqueue_struct *laundry_wq; 4875 static void laundromat_main(struct work_struct *); 4876 4877 static void 4878 laundromat_main(struct work_struct *laundry) 4879 { 4880 time_t t; 4881 struct delayed_work *dwork = to_delayed_work(laundry); 4882 struct nfsd_net *nn = container_of(dwork, struct nfsd_net, 4883 laundromat_work); 4884 4885 t = nfs4_laundromat(nn); 4886 dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t); 4887 queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ); 4888 } 4889 4890 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp) 4891 { 4892 if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle)) 4893 return nfserr_bad_stateid; 4894 return nfs_ok; 4895 } 4896 4897 static inline int 4898 access_permit_read(struct nfs4_ol_stateid *stp) 4899 { 4900 return test_access(NFS4_SHARE_ACCESS_READ, stp) || 4901 test_access(NFS4_SHARE_ACCESS_BOTH, stp) || 4902 test_access(NFS4_SHARE_ACCESS_WRITE, stp); 4903 } 4904 4905 static inline int 4906 access_permit_write(struct nfs4_ol_stateid *stp) 4907 { 4908 return test_access(NFS4_SHARE_ACCESS_WRITE, stp) || 4909 test_access(NFS4_SHARE_ACCESS_BOTH, stp); 4910 } 4911 4912 static 4913 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags) 4914 { 4915 __be32 status = nfserr_openmode; 4916 4917 /* For lock stateid's, we test the parent open, not the lock: */ 4918 if (stp->st_openstp) 4919 stp = stp->st_openstp; 4920 if ((flags & WR_STATE) && !access_permit_write(stp)) 4921 goto out; 4922 if ((flags & RD_STATE) && !access_permit_read(stp)) 4923 goto out; 4924 status = nfs_ok; 4925 out: 4926 return status; 4927 } 4928 4929 static inline __be32 4930 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags) 4931 { 4932 if (ONE_STATEID(stateid) && (flags & RD_STATE)) 4933 return nfs_ok; 4934 else if (opens_in_grace(net)) { 4935 /* Answer in remaining cases depends on existence of 4936 * conflicting state; so we must wait out the grace period. */ 4937 return nfserr_grace; 4938 } else if (flags & WR_STATE) 4939 return nfs4_share_conflict(current_fh, 4940 NFS4_SHARE_DENY_WRITE); 4941 else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */ 4942 return nfs4_share_conflict(current_fh, 4943 NFS4_SHARE_DENY_READ); 4944 } 4945 4946 /* 4947 * Allow READ/WRITE during grace period on recovered state only for files 4948 * that are not able to provide mandatory locking. 4949 */ 4950 static inline int 4951 grace_disallows_io(struct net *net, struct inode *inode) 4952 { 4953 return opens_in_grace(net) && mandatory_lock(inode); 4954 } 4955 4956 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session) 4957 { 4958 /* 4959 * When sessions are used the stateid generation number is ignored 4960 * when it is zero. 4961 */ 4962 if (has_session && in->si_generation == 0) 4963 return nfs_ok; 4964 4965 if (in->si_generation == ref->si_generation) 4966 return nfs_ok; 4967 4968 /* If the client sends us a stateid from the future, it's buggy: */ 4969 if (nfsd4_stateid_generation_after(in, ref)) 4970 return nfserr_bad_stateid; 4971 /* 4972 * However, we could see a stateid from the past, even from a 4973 * non-buggy client. For example, if the client sends a lock 4974 * while some IO is outstanding, the lock may bump si_generation 4975 * while the IO is still in flight. The client could avoid that 4976 * situation by waiting for responses on all the IO requests, 4977 * but better performance may result in retrying IO that 4978 * receives an old_stateid error if requests are rarely 4979 * reordered in flight: 4980 */ 4981 return nfserr_old_stateid; 4982 } 4983 4984 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session) 4985 { 4986 __be32 ret; 4987 4988 spin_lock(&s->sc_lock); 4989 ret = nfsd4_verify_open_stid(s); 4990 if (ret == nfs_ok) 4991 ret = check_stateid_generation(in, &s->sc_stateid, has_session); 4992 spin_unlock(&s->sc_lock); 4993 return ret; 4994 } 4995 4996 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols) 4997 { 4998 if (ols->st_stateowner->so_is_open_owner && 4999 !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED)) 5000 return nfserr_bad_stateid; 5001 return nfs_ok; 5002 } 5003 5004 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) 5005 { 5006 struct nfs4_stid *s; 5007 __be32 status = nfserr_bad_stateid; 5008 5009 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 5010 CLOSE_STATEID(stateid)) 5011 return status; 5012 /* Client debugging aid. */ 5013 if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) { 5014 char addr_str[INET6_ADDRSTRLEN]; 5015 rpc_ntop((struct sockaddr *)&cl->cl_addr, addr_str, 5016 sizeof(addr_str)); 5017 pr_warn_ratelimited("NFSD: client %s testing state ID " 5018 "with incorrect client ID\n", addr_str); 5019 return status; 5020 } 5021 spin_lock(&cl->cl_lock); 5022 s = find_stateid_locked(cl, stateid); 5023 if (!s) 5024 goto out_unlock; 5025 status = nfsd4_stid_check_stateid_generation(stateid, s, 1); 5026 if (status) 5027 goto out_unlock; 5028 switch (s->sc_type) { 5029 case NFS4_DELEG_STID: 5030 status = nfs_ok; 5031 break; 5032 case NFS4_REVOKED_DELEG_STID: 5033 status = nfserr_deleg_revoked; 5034 break; 5035 case NFS4_OPEN_STID: 5036 case NFS4_LOCK_STID: 5037 status = nfsd4_check_openowner_confirmed(openlockstateid(s)); 5038 break; 5039 default: 5040 printk("unknown stateid type %x\n", s->sc_type); 5041 /* Fallthrough */ 5042 case NFS4_CLOSED_STID: 5043 case NFS4_CLOSED_DELEG_STID: 5044 status = nfserr_bad_stateid; 5045 } 5046 out_unlock: 5047 spin_unlock(&cl->cl_lock); 5048 return status; 5049 } 5050 5051 __be32 5052 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, 5053 stateid_t *stateid, unsigned char typemask, 5054 struct nfs4_stid **s, struct nfsd_net *nn) 5055 { 5056 __be32 status; 5057 bool return_revoked = false; 5058 5059 /* 5060 * only return revoked delegations if explicitly asked. 5061 * otherwise we report revoked or bad_stateid status. 5062 */ 5063 if (typemask & NFS4_REVOKED_DELEG_STID) 5064 return_revoked = true; 5065 else if (typemask & NFS4_DELEG_STID) 5066 typemask |= NFS4_REVOKED_DELEG_STID; 5067 5068 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 5069 CLOSE_STATEID(stateid)) 5070 return nfserr_bad_stateid; 5071 status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn); 5072 if (status == nfserr_stale_clientid) { 5073 if (cstate->session) 5074 return nfserr_bad_stateid; 5075 return nfserr_stale_stateid; 5076 } 5077 if (status) 5078 return status; 5079 *s = find_stateid_by_type(cstate->clp, stateid, typemask); 5080 if (!*s) 5081 return nfserr_bad_stateid; 5082 if (((*s)->sc_type == NFS4_REVOKED_DELEG_STID) && !return_revoked) { 5083 nfs4_put_stid(*s); 5084 if (cstate->minorversion) 5085 return nfserr_deleg_revoked; 5086 return nfserr_bad_stateid; 5087 } 5088 return nfs_ok; 5089 } 5090 5091 static struct file * 5092 nfs4_find_file(struct nfs4_stid *s, int flags) 5093 { 5094 if (!s) 5095 return NULL; 5096 5097 switch (s->sc_type) { 5098 case NFS4_DELEG_STID: 5099 if (WARN_ON_ONCE(!s->sc_file->fi_deleg_file)) 5100 return NULL; 5101 return get_file(s->sc_file->fi_deleg_file); 5102 case NFS4_OPEN_STID: 5103 case NFS4_LOCK_STID: 5104 if (flags & RD_STATE) 5105 return find_readable_file(s->sc_file); 5106 else 5107 return find_writeable_file(s->sc_file); 5108 break; 5109 } 5110 5111 return NULL; 5112 } 5113 5114 static __be32 5115 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags) 5116 { 5117 __be32 status; 5118 5119 status = nfsd4_check_openowner_confirmed(ols); 5120 if (status) 5121 return status; 5122 return nfs4_check_openmode(ols, flags); 5123 } 5124 5125 static __be32 5126 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s, 5127 struct file **filpp, bool *tmp_file, int flags) 5128 { 5129 int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE; 5130 struct file *file; 5131 __be32 status; 5132 5133 file = nfs4_find_file(s, flags); 5134 if (file) { 5135 status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, 5136 acc | NFSD_MAY_OWNER_OVERRIDE); 5137 if (status) { 5138 fput(file); 5139 return status; 5140 } 5141 5142 *filpp = file; 5143 } else { 5144 status = nfsd_open(rqstp, fhp, S_IFREG, acc, filpp); 5145 if (status) 5146 return status; 5147 5148 if (tmp_file) 5149 *tmp_file = true; 5150 } 5151 5152 return 0; 5153 } 5154 5155 /* 5156 * Checks for stateid operations 5157 */ 5158 __be32 5159 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp, 5160 struct nfsd4_compound_state *cstate, struct svc_fh *fhp, 5161 stateid_t *stateid, int flags, struct file **filpp, bool *tmp_file) 5162 { 5163 struct inode *ino = d_inode(fhp->fh_dentry); 5164 struct net *net = SVC_NET(rqstp); 5165 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 5166 struct nfs4_stid *s = NULL; 5167 __be32 status; 5168 5169 if (filpp) 5170 *filpp = NULL; 5171 if (tmp_file) 5172 *tmp_file = false; 5173 5174 if (grace_disallows_io(net, ino)) 5175 return nfserr_grace; 5176 5177 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) { 5178 status = check_special_stateids(net, fhp, stateid, flags); 5179 goto done; 5180 } 5181 5182 status = nfsd4_lookup_stateid(cstate, stateid, 5183 NFS4_DELEG_STID|NFS4_OPEN_STID|NFS4_LOCK_STID, 5184 &s, nn); 5185 if (status) 5186 return status; 5187 status = nfsd4_stid_check_stateid_generation(stateid, s, 5188 nfsd4_has_session(cstate)); 5189 if (status) 5190 goto out; 5191 5192 switch (s->sc_type) { 5193 case NFS4_DELEG_STID: 5194 status = nfs4_check_delegmode(delegstateid(s), flags); 5195 break; 5196 case NFS4_OPEN_STID: 5197 case NFS4_LOCK_STID: 5198 status = nfs4_check_olstateid(openlockstateid(s), flags); 5199 break; 5200 default: 5201 status = nfserr_bad_stateid; 5202 break; 5203 } 5204 if (status) 5205 goto out; 5206 status = nfs4_check_fh(fhp, s); 5207 5208 done: 5209 if (!status && filpp) 5210 status = nfs4_check_file(rqstp, fhp, s, filpp, tmp_file, flags); 5211 out: 5212 if (s) 5213 nfs4_put_stid(s); 5214 return status; 5215 } 5216 5217 /* 5218 * Test if the stateid is valid 5219 */ 5220 __be32 5221 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5222 union nfsd4_op_u *u) 5223 { 5224 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 5225 struct nfsd4_test_stateid_id *stateid; 5226 struct nfs4_client *cl = cstate->session->se_client; 5227 5228 list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list) 5229 stateid->ts_id_status = 5230 nfsd4_validate_stateid(cl, &stateid->ts_id_stateid); 5231 5232 return nfs_ok; 5233 } 5234 5235 static __be32 5236 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s) 5237 { 5238 struct nfs4_ol_stateid *stp = openlockstateid(s); 5239 __be32 ret; 5240 5241 ret = nfsd4_lock_ol_stateid(stp); 5242 if (ret) 5243 goto out_put_stid; 5244 5245 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 5246 if (ret) 5247 goto out; 5248 5249 ret = nfserr_locks_held; 5250 if (check_for_locks(stp->st_stid.sc_file, 5251 lockowner(stp->st_stateowner))) 5252 goto out; 5253 5254 release_lock_stateid(stp); 5255 ret = nfs_ok; 5256 5257 out: 5258 mutex_unlock(&stp->st_mutex); 5259 out_put_stid: 5260 nfs4_put_stid(s); 5261 return ret; 5262 } 5263 5264 __be32 5265 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5266 union nfsd4_op_u *u) 5267 { 5268 struct nfsd4_free_stateid *free_stateid = &u->free_stateid; 5269 stateid_t *stateid = &free_stateid->fr_stateid; 5270 struct nfs4_stid *s; 5271 struct nfs4_delegation *dp; 5272 struct nfs4_client *cl = cstate->session->se_client; 5273 __be32 ret = nfserr_bad_stateid; 5274 5275 spin_lock(&cl->cl_lock); 5276 s = find_stateid_locked(cl, stateid); 5277 if (!s) 5278 goto out_unlock; 5279 spin_lock(&s->sc_lock); 5280 switch (s->sc_type) { 5281 case NFS4_DELEG_STID: 5282 ret = nfserr_locks_held; 5283 break; 5284 case NFS4_OPEN_STID: 5285 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 5286 if (ret) 5287 break; 5288 ret = nfserr_locks_held; 5289 break; 5290 case NFS4_LOCK_STID: 5291 spin_unlock(&s->sc_lock); 5292 refcount_inc(&s->sc_count); 5293 spin_unlock(&cl->cl_lock); 5294 ret = nfsd4_free_lock_stateid(stateid, s); 5295 goto out; 5296 case NFS4_REVOKED_DELEG_STID: 5297 spin_unlock(&s->sc_lock); 5298 dp = delegstateid(s); 5299 list_del_init(&dp->dl_recall_lru); 5300 spin_unlock(&cl->cl_lock); 5301 nfs4_put_stid(s); 5302 ret = nfs_ok; 5303 goto out; 5304 /* Default falls through and returns nfserr_bad_stateid */ 5305 } 5306 spin_unlock(&s->sc_lock); 5307 out_unlock: 5308 spin_unlock(&cl->cl_lock); 5309 out: 5310 return ret; 5311 } 5312 5313 static inline int 5314 setlkflg (int type) 5315 { 5316 return (type == NFS4_READW_LT || type == NFS4_READ_LT) ? 5317 RD_STATE : WR_STATE; 5318 } 5319 5320 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp) 5321 { 5322 struct svc_fh *current_fh = &cstate->current_fh; 5323 struct nfs4_stateowner *sop = stp->st_stateowner; 5324 __be32 status; 5325 5326 status = nfsd4_check_seqid(cstate, sop, seqid); 5327 if (status) 5328 return status; 5329 status = nfsd4_lock_ol_stateid(stp); 5330 if (status != nfs_ok) 5331 return status; 5332 status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate)); 5333 if (status == nfs_ok) 5334 status = nfs4_check_fh(current_fh, &stp->st_stid); 5335 if (status != nfs_ok) 5336 mutex_unlock(&stp->st_mutex); 5337 return status; 5338 } 5339 5340 /* 5341 * Checks for sequence id mutating operations. 5342 */ 5343 static __be32 5344 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 5345 stateid_t *stateid, char typemask, 5346 struct nfs4_ol_stateid **stpp, 5347 struct nfsd_net *nn) 5348 { 5349 __be32 status; 5350 struct nfs4_stid *s; 5351 struct nfs4_ol_stateid *stp = NULL; 5352 5353 dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__, 5354 seqid, STATEID_VAL(stateid)); 5355 5356 *stpp = NULL; 5357 status = nfsd4_lookup_stateid(cstate, stateid, typemask, &s, nn); 5358 if (status) 5359 return status; 5360 stp = openlockstateid(s); 5361 nfsd4_cstate_assign_replay(cstate, stp->st_stateowner); 5362 5363 status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp); 5364 if (!status) 5365 *stpp = stp; 5366 else 5367 nfs4_put_stid(&stp->st_stid); 5368 return status; 5369 } 5370 5371 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 5372 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn) 5373 { 5374 __be32 status; 5375 struct nfs4_openowner *oo; 5376 struct nfs4_ol_stateid *stp; 5377 5378 status = nfs4_preprocess_seqid_op(cstate, seqid, stateid, 5379 NFS4_OPEN_STID, &stp, nn); 5380 if (status) 5381 return status; 5382 oo = openowner(stp->st_stateowner); 5383 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { 5384 mutex_unlock(&stp->st_mutex); 5385 nfs4_put_stid(&stp->st_stid); 5386 return nfserr_bad_stateid; 5387 } 5388 *stpp = stp; 5389 return nfs_ok; 5390 } 5391 5392 __be32 5393 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5394 union nfsd4_op_u *u) 5395 { 5396 struct nfsd4_open_confirm *oc = &u->open_confirm; 5397 __be32 status; 5398 struct nfs4_openowner *oo; 5399 struct nfs4_ol_stateid *stp; 5400 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 5401 5402 dprintk("NFSD: nfsd4_open_confirm on file %pd\n", 5403 cstate->current_fh.fh_dentry); 5404 5405 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 5406 if (status) 5407 return status; 5408 5409 status = nfs4_preprocess_seqid_op(cstate, 5410 oc->oc_seqid, &oc->oc_req_stateid, 5411 NFS4_OPEN_STID, &stp, nn); 5412 if (status) 5413 goto out; 5414 oo = openowner(stp->st_stateowner); 5415 status = nfserr_bad_stateid; 5416 if (oo->oo_flags & NFS4_OO_CONFIRMED) { 5417 mutex_unlock(&stp->st_mutex); 5418 goto put_stateid; 5419 } 5420 oo->oo_flags |= NFS4_OO_CONFIRMED; 5421 nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid); 5422 mutex_unlock(&stp->st_mutex); 5423 dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n", 5424 __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid)); 5425 5426 nfsd4_client_record_create(oo->oo_owner.so_client); 5427 status = nfs_ok; 5428 put_stateid: 5429 nfs4_put_stid(&stp->st_stid); 5430 out: 5431 nfsd4_bump_seqid(cstate, status); 5432 return status; 5433 } 5434 5435 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access) 5436 { 5437 if (!test_access(access, stp)) 5438 return; 5439 nfs4_file_put_access(stp->st_stid.sc_file, access); 5440 clear_access(access, stp); 5441 } 5442 5443 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access) 5444 { 5445 switch (to_access) { 5446 case NFS4_SHARE_ACCESS_READ: 5447 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE); 5448 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 5449 break; 5450 case NFS4_SHARE_ACCESS_WRITE: 5451 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ); 5452 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 5453 break; 5454 case NFS4_SHARE_ACCESS_BOTH: 5455 break; 5456 default: 5457 WARN_ON_ONCE(1); 5458 } 5459 } 5460 5461 __be32 5462 nfsd4_open_downgrade(struct svc_rqst *rqstp, 5463 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 5464 { 5465 struct nfsd4_open_downgrade *od = &u->open_downgrade; 5466 __be32 status; 5467 struct nfs4_ol_stateid *stp; 5468 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 5469 5470 dprintk("NFSD: nfsd4_open_downgrade on file %pd\n", 5471 cstate->current_fh.fh_dentry); 5472 5473 /* We don't yet support WANT bits: */ 5474 if (od->od_deleg_want) 5475 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__, 5476 od->od_deleg_want); 5477 5478 status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid, 5479 &od->od_stateid, &stp, nn); 5480 if (status) 5481 goto out; 5482 status = nfserr_inval; 5483 if (!test_access(od->od_share_access, stp)) { 5484 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n", 5485 stp->st_access_bmap, od->od_share_access); 5486 goto put_stateid; 5487 } 5488 if (!test_deny(od->od_share_deny, stp)) { 5489 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n", 5490 stp->st_deny_bmap, od->od_share_deny); 5491 goto put_stateid; 5492 } 5493 nfs4_stateid_downgrade(stp, od->od_share_access); 5494 reset_union_bmap_deny(od->od_share_deny, stp); 5495 nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid); 5496 status = nfs_ok; 5497 put_stateid: 5498 mutex_unlock(&stp->st_mutex); 5499 nfs4_put_stid(&stp->st_stid); 5500 out: 5501 nfsd4_bump_seqid(cstate, status); 5502 return status; 5503 } 5504 5505 static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) 5506 { 5507 struct nfs4_client *clp = s->st_stid.sc_client; 5508 bool unhashed; 5509 LIST_HEAD(reaplist); 5510 5511 spin_lock(&clp->cl_lock); 5512 unhashed = unhash_open_stateid(s, &reaplist); 5513 5514 if (clp->cl_minorversion) { 5515 if (unhashed) 5516 put_ol_stateid_locked(s, &reaplist); 5517 spin_unlock(&clp->cl_lock); 5518 free_ol_stateid_reaplist(&reaplist); 5519 } else { 5520 spin_unlock(&clp->cl_lock); 5521 free_ol_stateid_reaplist(&reaplist); 5522 if (unhashed) 5523 move_to_close_lru(s, clp->net); 5524 } 5525 } 5526 5527 /* 5528 * nfs4_unlock_state() called after encode 5529 */ 5530 __be32 5531 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5532 union nfsd4_op_u *u) 5533 { 5534 struct nfsd4_close *close = &u->close; 5535 __be32 status; 5536 struct nfs4_ol_stateid *stp; 5537 struct net *net = SVC_NET(rqstp); 5538 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 5539 5540 dprintk("NFSD: nfsd4_close on file %pd\n", 5541 cstate->current_fh.fh_dentry); 5542 5543 status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid, 5544 &close->cl_stateid, 5545 NFS4_OPEN_STID|NFS4_CLOSED_STID, 5546 &stp, nn); 5547 nfsd4_bump_seqid(cstate, status); 5548 if (status) 5549 goto out; 5550 5551 stp->st_stid.sc_type = NFS4_CLOSED_STID; 5552 5553 /* 5554 * Technically we don't _really_ have to increment or copy it, since 5555 * it should just be gone after this operation and we clobber the 5556 * copied value below, but we continue to do so here just to ensure 5557 * that racing ops see that there was a state change. 5558 */ 5559 nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid); 5560 5561 nfsd4_close_open_stateid(stp); 5562 mutex_unlock(&stp->st_mutex); 5563 5564 /* v4.1+ suggests that we send a special stateid in here, since the 5565 * clients should just ignore this anyway. Since this is not useful 5566 * for v4.0 clients either, we set it to the special close_stateid 5567 * universally. 5568 * 5569 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5 5570 */ 5571 memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid)); 5572 5573 /* put reference from nfs4_preprocess_seqid_op */ 5574 nfs4_put_stid(&stp->st_stid); 5575 out: 5576 return status; 5577 } 5578 5579 __be32 5580 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5581 union nfsd4_op_u *u) 5582 { 5583 struct nfsd4_delegreturn *dr = &u->delegreturn; 5584 struct nfs4_delegation *dp; 5585 stateid_t *stateid = &dr->dr_stateid; 5586 struct nfs4_stid *s; 5587 __be32 status; 5588 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 5589 5590 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 5591 return status; 5592 5593 status = nfsd4_lookup_stateid(cstate, stateid, NFS4_DELEG_STID, &s, nn); 5594 if (status) 5595 goto out; 5596 dp = delegstateid(s); 5597 status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate)); 5598 if (status) 5599 goto put_stateid; 5600 5601 destroy_delegation(dp); 5602 put_stateid: 5603 nfs4_put_stid(&dp->dl_stid); 5604 out: 5605 return status; 5606 } 5607 5608 static inline u64 5609 end_offset(u64 start, u64 len) 5610 { 5611 u64 end; 5612 5613 end = start + len; 5614 return end >= start ? end: NFS4_MAX_UINT64; 5615 } 5616 5617 /* last octet in a range */ 5618 static inline u64 5619 last_byte_offset(u64 start, u64 len) 5620 { 5621 u64 end; 5622 5623 WARN_ON_ONCE(!len); 5624 end = start + len; 5625 return end > start ? end - 1: NFS4_MAX_UINT64; 5626 } 5627 5628 /* 5629 * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that 5630 * we can't properly handle lock requests that go beyond the (2^63 - 1)-th 5631 * byte, because of sign extension problems. Since NFSv4 calls for 64-bit 5632 * locking, this prevents us from being completely protocol-compliant. The 5633 * real solution to this problem is to start using unsigned file offsets in 5634 * the VFS, but this is a very deep change! 5635 */ 5636 static inline void 5637 nfs4_transform_lock_offset(struct file_lock *lock) 5638 { 5639 if (lock->fl_start < 0) 5640 lock->fl_start = OFFSET_MAX; 5641 if (lock->fl_end < 0) 5642 lock->fl_end = OFFSET_MAX; 5643 } 5644 5645 static fl_owner_t 5646 nfsd4_fl_get_owner(fl_owner_t owner) 5647 { 5648 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 5649 5650 nfs4_get_stateowner(&lo->lo_owner); 5651 return owner; 5652 } 5653 5654 static void 5655 nfsd4_fl_put_owner(fl_owner_t owner) 5656 { 5657 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 5658 5659 if (lo) 5660 nfs4_put_stateowner(&lo->lo_owner); 5661 } 5662 5663 static void 5664 nfsd4_lm_notify(struct file_lock *fl) 5665 { 5666 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)fl->fl_owner; 5667 struct net *net = lo->lo_owner.so_client->net; 5668 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 5669 struct nfsd4_blocked_lock *nbl = container_of(fl, 5670 struct nfsd4_blocked_lock, nbl_lock); 5671 bool queue = false; 5672 5673 /* An empty list means that something else is going to be using it */ 5674 spin_lock(&nn->blocked_locks_lock); 5675 if (!list_empty(&nbl->nbl_list)) { 5676 list_del_init(&nbl->nbl_list); 5677 list_del_init(&nbl->nbl_lru); 5678 queue = true; 5679 } 5680 spin_unlock(&nn->blocked_locks_lock); 5681 5682 if (queue) 5683 nfsd4_run_cb(&nbl->nbl_cb); 5684 } 5685 5686 static const struct lock_manager_operations nfsd_posix_mng_ops = { 5687 .lm_notify = nfsd4_lm_notify, 5688 .lm_get_owner = nfsd4_fl_get_owner, 5689 .lm_put_owner = nfsd4_fl_put_owner, 5690 }; 5691 5692 static inline void 5693 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny) 5694 { 5695 struct nfs4_lockowner *lo; 5696 5697 if (fl->fl_lmops == &nfsd_posix_mng_ops) { 5698 lo = (struct nfs4_lockowner *) fl->fl_owner; 5699 deny->ld_owner.data = kmemdup(lo->lo_owner.so_owner.data, 5700 lo->lo_owner.so_owner.len, GFP_KERNEL); 5701 if (!deny->ld_owner.data) 5702 /* We just don't care that much */ 5703 goto nevermind; 5704 deny->ld_owner.len = lo->lo_owner.so_owner.len; 5705 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid; 5706 } else { 5707 nevermind: 5708 deny->ld_owner.len = 0; 5709 deny->ld_owner.data = NULL; 5710 deny->ld_clientid.cl_boot = 0; 5711 deny->ld_clientid.cl_id = 0; 5712 } 5713 deny->ld_start = fl->fl_start; 5714 deny->ld_length = NFS4_MAX_UINT64; 5715 if (fl->fl_end != NFS4_MAX_UINT64) 5716 deny->ld_length = fl->fl_end - fl->fl_start + 1; 5717 deny->ld_type = NFS4_READ_LT; 5718 if (fl->fl_type != F_RDLCK) 5719 deny->ld_type = NFS4_WRITE_LT; 5720 } 5721 5722 static struct nfs4_lockowner * 5723 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner) 5724 { 5725 unsigned int strhashval = ownerstr_hashval(owner); 5726 struct nfs4_stateowner *so; 5727 5728 lockdep_assert_held(&clp->cl_lock); 5729 5730 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval], 5731 so_strhash) { 5732 if (so->so_is_open_owner) 5733 continue; 5734 if (same_owner_str(so, owner)) 5735 return lockowner(nfs4_get_stateowner(so)); 5736 } 5737 return NULL; 5738 } 5739 5740 static struct nfs4_lockowner * 5741 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner) 5742 { 5743 struct nfs4_lockowner *lo; 5744 5745 spin_lock(&clp->cl_lock); 5746 lo = find_lockowner_str_locked(clp, owner); 5747 spin_unlock(&clp->cl_lock); 5748 return lo; 5749 } 5750 5751 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop) 5752 { 5753 unhash_lockowner_locked(lockowner(sop)); 5754 } 5755 5756 static void nfs4_free_lockowner(struct nfs4_stateowner *sop) 5757 { 5758 struct nfs4_lockowner *lo = lockowner(sop); 5759 5760 kmem_cache_free(lockowner_slab, lo); 5761 } 5762 5763 static const struct nfs4_stateowner_operations lockowner_ops = { 5764 .so_unhash = nfs4_unhash_lockowner, 5765 .so_free = nfs4_free_lockowner, 5766 }; 5767 5768 /* 5769 * Alloc a lock owner structure. 5770 * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 5771 * occurred. 5772 * 5773 * strhashval = ownerstr_hashval 5774 */ 5775 static struct nfs4_lockowner * 5776 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, 5777 struct nfs4_ol_stateid *open_stp, 5778 struct nfsd4_lock *lock) 5779 { 5780 struct nfs4_lockowner *lo, *ret; 5781 5782 lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp); 5783 if (!lo) 5784 return NULL; 5785 INIT_LIST_HEAD(&lo->lo_blocked); 5786 INIT_LIST_HEAD(&lo->lo_owner.so_stateids); 5787 lo->lo_owner.so_is_open_owner = 0; 5788 lo->lo_owner.so_seqid = lock->lk_new_lock_seqid; 5789 lo->lo_owner.so_ops = &lockowner_ops; 5790 spin_lock(&clp->cl_lock); 5791 ret = find_lockowner_str_locked(clp, &lock->lk_new_owner); 5792 if (ret == NULL) { 5793 list_add(&lo->lo_owner.so_strhash, 5794 &clp->cl_ownerstr_hashtbl[strhashval]); 5795 ret = lo; 5796 } else 5797 nfs4_free_stateowner(&lo->lo_owner); 5798 5799 spin_unlock(&clp->cl_lock); 5800 return ret; 5801 } 5802 5803 static struct nfs4_ol_stateid * 5804 find_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fp) 5805 { 5806 struct nfs4_ol_stateid *lst; 5807 struct nfs4_client *clp = lo->lo_owner.so_client; 5808 5809 lockdep_assert_held(&clp->cl_lock); 5810 5811 list_for_each_entry(lst, &lo->lo_owner.so_stateids, st_perstateowner) { 5812 if (lst->st_stid.sc_type != NFS4_LOCK_STID) 5813 continue; 5814 if (lst->st_stid.sc_file == fp) { 5815 refcount_inc(&lst->st_stid.sc_count); 5816 return lst; 5817 } 5818 } 5819 return NULL; 5820 } 5821 5822 static struct nfs4_ol_stateid * 5823 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo, 5824 struct nfs4_file *fp, struct inode *inode, 5825 struct nfs4_ol_stateid *open_stp) 5826 { 5827 struct nfs4_client *clp = lo->lo_owner.so_client; 5828 struct nfs4_ol_stateid *retstp; 5829 5830 mutex_init(&stp->st_mutex); 5831 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 5832 retry: 5833 spin_lock(&clp->cl_lock); 5834 spin_lock(&fp->fi_lock); 5835 retstp = find_lock_stateid(lo, fp); 5836 if (retstp) 5837 goto out_unlock; 5838 5839 refcount_inc(&stp->st_stid.sc_count); 5840 stp->st_stid.sc_type = NFS4_LOCK_STID; 5841 stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner); 5842 get_nfs4_file(fp); 5843 stp->st_stid.sc_file = fp; 5844 stp->st_access_bmap = 0; 5845 stp->st_deny_bmap = open_stp->st_deny_bmap; 5846 stp->st_openstp = open_stp; 5847 list_add(&stp->st_locks, &open_stp->st_locks); 5848 list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids); 5849 list_add(&stp->st_perfile, &fp->fi_stateids); 5850 out_unlock: 5851 spin_unlock(&fp->fi_lock); 5852 spin_unlock(&clp->cl_lock); 5853 if (retstp) { 5854 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 5855 nfs4_put_stid(&retstp->st_stid); 5856 goto retry; 5857 } 5858 /* To keep mutex tracking happy */ 5859 mutex_unlock(&stp->st_mutex); 5860 stp = retstp; 5861 } 5862 return stp; 5863 } 5864 5865 static struct nfs4_ol_stateid * 5866 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi, 5867 struct inode *inode, struct nfs4_ol_stateid *ost, 5868 bool *new) 5869 { 5870 struct nfs4_stid *ns = NULL; 5871 struct nfs4_ol_stateid *lst; 5872 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 5873 struct nfs4_client *clp = oo->oo_owner.so_client; 5874 5875 *new = false; 5876 spin_lock(&clp->cl_lock); 5877 lst = find_lock_stateid(lo, fi); 5878 spin_unlock(&clp->cl_lock); 5879 if (lst != NULL) { 5880 if (nfsd4_lock_ol_stateid(lst) == nfs_ok) 5881 goto out; 5882 nfs4_put_stid(&lst->st_stid); 5883 } 5884 ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid); 5885 if (ns == NULL) 5886 return NULL; 5887 5888 lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost); 5889 if (lst == openlockstateid(ns)) 5890 *new = true; 5891 else 5892 nfs4_put_stid(ns); 5893 out: 5894 return lst; 5895 } 5896 5897 static int 5898 check_lock_length(u64 offset, u64 length) 5899 { 5900 return ((length == 0) || ((length != NFS4_MAX_UINT64) && 5901 (length > ~offset))); 5902 } 5903 5904 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access) 5905 { 5906 struct nfs4_file *fp = lock_stp->st_stid.sc_file; 5907 5908 lockdep_assert_held(&fp->fi_lock); 5909 5910 if (test_access(access, lock_stp)) 5911 return; 5912 __nfs4_file_get_access(fp, access); 5913 set_access(access, lock_stp); 5914 } 5915 5916 static __be32 5917 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, 5918 struct nfs4_ol_stateid *ost, 5919 struct nfsd4_lock *lock, 5920 struct nfs4_ol_stateid **plst, bool *new) 5921 { 5922 __be32 status; 5923 struct nfs4_file *fi = ost->st_stid.sc_file; 5924 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 5925 struct nfs4_client *cl = oo->oo_owner.so_client; 5926 struct inode *inode = d_inode(cstate->current_fh.fh_dentry); 5927 struct nfs4_lockowner *lo; 5928 struct nfs4_ol_stateid *lst; 5929 unsigned int strhashval; 5930 5931 lo = find_lockowner_str(cl, &lock->lk_new_owner); 5932 if (!lo) { 5933 strhashval = ownerstr_hashval(&lock->lk_new_owner); 5934 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock); 5935 if (lo == NULL) 5936 return nfserr_jukebox; 5937 } else { 5938 /* with an existing lockowner, seqids must be the same */ 5939 status = nfserr_bad_seqid; 5940 if (!cstate->minorversion && 5941 lock->lk_new_lock_seqid != lo->lo_owner.so_seqid) 5942 goto out; 5943 } 5944 5945 lst = find_or_create_lock_stateid(lo, fi, inode, ost, new); 5946 if (lst == NULL) { 5947 status = nfserr_jukebox; 5948 goto out; 5949 } 5950 5951 status = nfs_ok; 5952 *plst = lst; 5953 out: 5954 nfs4_put_stateowner(&lo->lo_owner); 5955 return status; 5956 } 5957 5958 /* 5959 * LOCK operation 5960 */ 5961 __be32 5962 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 5963 union nfsd4_op_u *u) 5964 { 5965 struct nfsd4_lock *lock = &u->lock; 5966 struct nfs4_openowner *open_sop = NULL; 5967 struct nfs4_lockowner *lock_sop = NULL; 5968 struct nfs4_ol_stateid *lock_stp = NULL; 5969 struct nfs4_ol_stateid *open_stp = NULL; 5970 struct nfs4_file *fp; 5971 struct file *filp = NULL; 5972 struct nfsd4_blocked_lock *nbl = NULL; 5973 struct file_lock *file_lock = NULL; 5974 struct file_lock *conflock = NULL; 5975 __be32 status = 0; 5976 int lkflg; 5977 int err; 5978 bool new = false; 5979 unsigned char fl_type; 5980 unsigned int fl_flags = FL_POSIX; 5981 struct net *net = SVC_NET(rqstp); 5982 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 5983 5984 dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", 5985 (long long) lock->lk_offset, 5986 (long long) lock->lk_length); 5987 5988 if (check_lock_length(lock->lk_offset, lock->lk_length)) 5989 return nfserr_inval; 5990 5991 if ((status = fh_verify(rqstp, &cstate->current_fh, 5992 S_IFREG, NFSD_MAY_LOCK))) { 5993 dprintk("NFSD: nfsd4_lock: permission denied!\n"); 5994 return status; 5995 } 5996 5997 if (lock->lk_is_new) { 5998 if (nfsd4_has_session(cstate)) 5999 /* See rfc 5661 18.10.3: given clientid is ignored: */ 6000 memcpy(&lock->lk_new_clientid, 6001 &cstate->session->se_client->cl_clientid, 6002 sizeof(clientid_t)); 6003 6004 status = nfserr_stale_clientid; 6005 if (STALE_CLIENTID(&lock->lk_new_clientid, nn)) 6006 goto out; 6007 6008 /* validate and update open stateid and open seqid */ 6009 status = nfs4_preprocess_confirmed_seqid_op(cstate, 6010 lock->lk_new_open_seqid, 6011 &lock->lk_new_open_stateid, 6012 &open_stp, nn); 6013 if (status) 6014 goto out; 6015 mutex_unlock(&open_stp->st_mutex); 6016 open_sop = openowner(open_stp->st_stateowner); 6017 status = nfserr_bad_stateid; 6018 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid, 6019 &lock->lk_new_clientid)) 6020 goto out; 6021 status = lookup_or_create_lock_state(cstate, open_stp, lock, 6022 &lock_stp, &new); 6023 } else { 6024 status = nfs4_preprocess_seqid_op(cstate, 6025 lock->lk_old_lock_seqid, 6026 &lock->lk_old_lock_stateid, 6027 NFS4_LOCK_STID, &lock_stp, nn); 6028 } 6029 if (status) 6030 goto out; 6031 lock_sop = lockowner(lock_stp->st_stateowner); 6032 6033 lkflg = setlkflg(lock->lk_type); 6034 status = nfs4_check_openmode(lock_stp, lkflg); 6035 if (status) 6036 goto out; 6037 6038 status = nfserr_grace; 6039 if (locks_in_grace(net) && !lock->lk_reclaim) 6040 goto out; 6041 status = nfserr_no_grace; 6042 if (!locks_in_grace(net) && lock->lk_reclaim) 6043 goto out; 6044 6045 fp = lock_stp->st_stid.sc_file; 6046 switch (lock->lk_type) { 6047 case NFS4_READW_LT: 6048 if (nfsd4_has_session(cstate)) 6049 fl_flags |= FL_SLEEP; 6050 /* Fallthrough */ 6051 case NFS4_READ_LT: 6052 spin_lock(&fp->fi_lock); 6053 filp = find_readable_file_locked(fp); 6054 if (filp) 6055 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ); 6056 spin_unlock(&fp->fi_lock); 6057 fl_type = F_RDLCK; 6058 break; 6059 case NFS4_WRITEW_LT: 6060 if (nfsd4_has_session(cstate)) 6061 fl_flags |= FL_SLEEP; 6062 /* Fallthrough */ 6063 case NFS4_WRITE_LT: 6064 spin_lock(&fp->fi_lock); 6065 filp = find_writeable_file_locked(fp); 6066 if (filp) 6067 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE); 6068 spin_unlock(&fp->fi_lock); 6069 fl_type = F_WRLCK; 6070 break; 6071 default: 6072 status = nfserr_inval; 6073 goto out; 6074 } 6075 6076 if (!filp) { 6077 status = nfserr_openmode; 6078 goto out; 6079 } 6080 6081 nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); 6082 if (!nbl) { 6083 dprintk("NFSD: %s: unable to allocate block!\n", __func__); 6084 status = nfserr_jukebox; 6085 goto out; 6086 } 6087 6088 file_lock = &nbl->nbl_lock; 6089 file_lock->fl_type = fl_type; 6090 file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner)); 6091 file_lock->fl_pid = current->tgid; 6092 file_lock->fl_file = filp; 6093 file_lock->fl_flags = fl_flags; 6094 file_lock->fl_lmops = &nfsd_posix_mng_ops; 6095 file_lock->fl_start = lock->lk_offset; 6096 file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length); 6097 nfs4_transform_lock_offset(file_lock); 6098 6099 conflock = locks_alloc_lock(); 6100 if (!conflock) { 6101 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 6102 status = nfserr_jukebox; 6103 goto out; 6104 } 6105 6106 if (fl_flags & FL_SLEEP) { 6107 nbl->nbl_time = jiffies; 6108 spin_lock(&nn->blocked_locks_lock); 6109 list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); 6110 list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); 6111 spin_unlock(&nn->blocked_locks_lock); 6112 } 6113 6114 err = vfs_lock_file(filp, F_SETLK, file_lock, conflock); 6115 switch (err) { 6116 case 0: /* success! */ 6117 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid); 6118 status = 0; 6119 if (lock->lk_reclaim) 6120 nn->somebody_reclaimed = true; 6121 break; 6122 case FILE_LOCK_DEFERRED: 6123 nbl = NULL; 6124 /* Fallthrough */ 6125 case -EAGAIN: /* conflock holds conflicting lock */ 6126 status = nfserr_denied; 6127 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n"); 6128 nfs4_set_lock_denied(conflock, &lock->lk_denied); 6129 break; 6130 case -EDEADLK: 6131 status = nfserr_deadlock; 6132 break; 6133 default: 6134 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err); 6135 status = nfserrno(err); 6136 break; 6137 } 6138 out: 6139 if (nbl) { 6140 /* dequeue it if we queued it before */ 6141 if (fl_flags & FL_SLEEP) { 6142 spin_lock(&nn->blocked_locks_lock); 6143 list_del_init(&nbl->nbl_list); 6144 list_del_init(&nbl->nbl_lru); 6145 spin_unlock(&nn->blocked_locks_lock); 6146 } 6147 free_blocked_lock(nbl); 6148 } 6149 if (filp) 6150 fput(filp); 6151 if (lock_stp) { 6152 /* Bump seqid manually if the 4.0 replay owner is openowner */ 6153 if (cstate->replay_owner && 6154 cstate->replay_owner != &lock_sop->lo_owner && 6155 seqid_mutating_err(ntohl(status))) 6156 lock_sop->lo_owner.so_seqid++; 6157 6158 /* 6159 * If this is a new, never-before-used stateid, and we are 6160 * returning an error, then just go ahead and release it. 6161 */ 6162 if (status && new) 6163 release_lock_stateid(lock_stp); 6164 6165 mutex_unlock(&lock_stp->st_mutex); 6166 6167 nfs4_put_stid(&lock_stp->st_stid); 6168 } 6169 if (open_stp) 6170 nfs4_put_stid(&open_stp->st_stid); 6171 nfsd4_bump_seqid(cstate, status); 6172 if (conflock) 6173 locks_free_lock(conflock); 6174 return status; 6175 } 6176 6177 /* 6178 * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN, 6179 * so we do a temporary open here just to get an open file to pass to 6180 * vfs_test_lock. (Arguably perhaps test_lock should be done with an 6181 * inode operation.) 6182 */ 6183 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock) 6184 { 6185 struct file *file; 6186 __be32 err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file); 6187 if (!err) { 6188 err = nfserrno(vfs_test_lock(file, lock)); 6189 fput(file); 6190 } 6191 return err; 6192 } 6193 6194 /* 6195 * LOCKT operation 6196 */ 6197 __be32 6198 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 6199 union nfsd4_op_u *u) 6200 { 6201 struct nfsd4_lockt *lockt = &u->lockt; 6202 struct file_lock *file_lock = NULL; 6203 struct nfs4_lockowner *lo = NULL; 6204 __be32 status; 6205 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6206 6207 if (locks_in_grace(SVC_NET(rqstp))) 6208 return nfserr_grace; 6209 6210 if (check_lock_length(lockt->lt_offset, lockt->lt_length)) 6211 return nfserr_inval; 6212 6213 if (!nfsd4_has_session(cstate)) { 6214 status = lookup_clientid(&lockt->lt_clientid, cstate, nn); 6215 if (status) 6216 goto out; 6217 } 6218 6219 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 6220 goto out; 6221 6222 file_lock = locks_alloc_lock(); 6223 if (!file_lock) { 6224 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 6225 status = nfserr_jukebox; 6226 goto out; 6227 } 6228 6229 switch (lockt->lt_type) { 6230 case NFS4_READ_LT: 6231 case NFS4_READW_LT: 6232 file_lock->fl_type = F_RDLCK; 6233 break; 6234 case NFS4_WRITE_LT: 6235 case NFS4_WRITEW_LT: 6236 file_lock->fl_type = F_WRLCK; 6237 break; 6238 default: 6239 dprintk("NFSD: nfs4_lockt: bad lock type!\n"); 6240 status = nfserr_inval; 6241 goto out; 6242 } 6243 6244 lo = find_lockowner_str(cstate->clp, &lockt->lt_owner); 6245 if (lo) 6246 file_lock->fl_owner = (fl_owner_t)lo; 6247 file_lock->fl_pid = current->tgid; 6248 file_lock->fl_flags = FL_POSIX; 6249 6250 file_lock->fl_start = lockt->lt_offset; 6251 file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length); 6252 6253 nfs4_transform_lock_offset(file_lock); 6254 6255 status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock); 6256 if (status) 6257 goto out; 6258 6259 if (file_lock->fl_type != F_UNLCK) { 6260 status = nfserr_denied; 6261 nfs4_set_lock_denied(file_lock, &lockt->lt_denied); 6262 } 6263 out: 6264 if (lo) 6265 nfs4_put_stateowner(&lo->lo_owner); 6266 if (file_lock) 6267 locks_free_lock(file_lock); 6268 return status; 6269 } 6270 6271 __be32 6272 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 6273 union nfsd4_op_u *u) 6274 { 6275 struct nfsd4_locku *locku = &u->locku; 6276 struct nfs4_ol_stateid *stp; 6277 struct file *filp = NULL; 6278 struct file_lock *file_lock = NULL; 6279 __be32 status; 6280 int err; 6281 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6282 6283 dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n", 6284 (long long) locku->lu_offset, 6285 (long long) locku->lu_length); 6286 6287 if (check_lock_length(locku->lu_offset, locku->lu_length)) 6288 return nfserr_inval; 6289 6290 status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid, 6291 &locku->lu_stateid, NFS4_LOCK_STID, 6292 &stp, nn); 6293 if (status) 6294 goto out; 6295 filp = find_any_file(stp->st_stid.sc_file); 6296 if (!filp) { 6297 status = nfserr_lock_range; 6298 goto put_stateid; 6299 } 6300 file_lock = locks_alloc_lock(); 6301 if (!file_lock) { 6302 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 6303 status = nfserr_jukebox; 6304 goto fput; 6305 } 6306 6307 file_lock->fl_type = F_UNLCK; 6308 file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner)); 6309 file_lock->fl_pid = current->tgid; 6310 file_lock->fl_file = filp; 6311 file_lock->fl_flags = FL_POSIX; 6312 file_lock->fl_lmops = &nfsd_posix_mng_ops; 6313 file_lock->fl_start = locku->lu_offset; 6314 6315 file_lock->fl_end = last_byte_offset(locku->lu_offset, 6316 locku->lu_length); 6317 nfs4_transform_lock_offset(file_lock); 6318 6319 err = vfs_lock_file(filp, F_SETLK, file_lock, NULL); 6320 if (err) { 6321 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n"); 6322 goto out_nfserr; 6323 } 6324 nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid); 6325 fput: 6326 fput(filp); 6327 put_stateid: 6328 mutex_unlock(&stp->st_mutex); 6329 nfs4_put_stid(&stp->st_stid); 6330 out: 6331 nfsd4_bump_seqid(cstate, status); 6332 if (file_lock) 6333 locks_free_lock(file_lock); 6334 return status; 6335 6336 out_nfserr: 6337 status = nfserrno(err); 6338 goto fput; 6339 } 6340 6341 /* 6342 * returns 6343 * true: locks held by lockowner 6344 * false: no locks held by lockowner 6345 */ 6346 static bool 6347 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner) 6348 { 6349 struct file_lock *fl; 6350 int status = false; 6351 struct file *filp = find_any_file(fp); 6352 struct inode *inode; 6353 struct file_lock_context *flctx; 6354 6355 if (!filp) { 6356 /* Any valid lock stateid should have some sort of access */ 6357 WARN_ON_ONCE(1); 6358 return status; 6359 } 6360 6361 inode = locks_inode(filp); 6362 flctx = inode->i_flctx; 6363 6364 if (flctx && !list_empty_careful(&flctx->flc_posix)) { 6365 spin_lock(&flctx->flc_lock); 6366 list_for_each_entry(fl, &flctx->flc_posix, fl_list) { 6367 if (fl->fl_owner == (fl_owner_t)lowner) { 6368 status = true; 6369 break; 6370 } 6371 } 6372 spin_unlock(&flctx->flc_lock); 6373 } 6374 fput(filp); 6375 return status; 6376 } 6377 6378 __be32 6379 nfsd4_release_lockowner(struct svc_rqst *rqstp, 6380 struct nfsd4_compound_state *cstate, 6381 union nfsd4_op_u *u) 6382 { 6383 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner; 6384 clientid_t *clid = &rlockowner->rl_clientid; 6385 struct nfs4_stateowner *sop; 6386 struct nfs4_lockowner *lo = NULL; 6387 struct nfs4_ol_stateid *stp; 6388 struct xdr_netobj *owner = &rlockowner->rl_owner; 6389 unsigned int hashval = ownerstr_hashval(owner); 6390 __be32 status; 6391 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6392 struct nfs4_client *clp; 6393 LIST_HEAD (reaplist); 6394 6395 dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n", 6396 clid->cl_boot, clid->cl_id); 6397 6398 status = lookup_clientid(clid, cstate, nn); 6399 if (status) 6400 return status; 6401 6402 clp = cstate->clp; 6403 /* Find the matching lock stateowner */ 6404 spin_lock(&clp->cl_lock); 6405 list_for_each_entry(sop, &clp->cl_ownerstr_hashtbl[hashval], 6406 so_strhash) { 6407 6408 if (sop->so_is_open_owner || !same_owner_str(sop, owner)) 6409 continue; 6410 6411 /* see if there are still any locks associated with it */ 6412 lo = lockowner(sop); 6413 list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) { 6414 if (check_for_locks(stp->st_stid.sc_file, lo)) { 6415 status = nfserr_locks_held; 6416 spin_unlock(&clp->cl_lock); 6417 return status; 6418 } 6419 } 6420 6421 nfs4_get_stateowner(sop); 6422 break; 6423 } 6424 if (!lo) { 6425 spin_unlock(&clp->cl_lock); 6426 return status; 6427 } 6428 6429 unhash_lockowner_locked(lo); 6430 while (!list_empty(&lo->lo_owner.so_stateids)) { 6431 stp = list_first_entry(&lo->lo_owner.so_stateids, 6432 struct nfs4_ol_stateid, 6433 st_perstateowner); 6434 WARN_ON(!unhash_lock_stateid(stp)); 6435 put_ol_stateid_locked(stp, &reaplist); 6436 } 6437 spin_unlock(&clp->cl_lock); 6438 free_ol_stateid_reaplist(&reaplist); 6439 remove_blocked_locks(lo); 6440 nfs4_put_stateowner(&lo->lo_owner); 6441 6442 return status; 6443 } 6444 6445 static inline struct nfs4_client_reclaim * 6446 alloc_reclaim(void) 6447 { 6448 return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL); 6449 } 6450 6451 bool 6452 nfs4_has_reclaimed_state(const char *name, struct nfsd_net *nn) 6453 { 6454 struct nfs4_client_reclaim *crp; 6455 6456 crp = nfsd4_find_reclaim_client(name, nn); 6457 return (crp && crp->cr_clp); 6458 } 6459 6460 /* 6461 * failure => all reset bets are off, nfserr_no_grace... 6462 */ 6463 struct nfs4_client_reclaim * 6464 nfs4_client_to_reclaim(const char *name, struct nfsd_net *nn) 6465 { 6466 unsigned int strhashval; 6467 struct nfs4_client_reclaim *crp; 6468 6469 dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name); 6470 crp = alloc_reclaim(); 6471 if (crp) { 6472 strhashval = clientstr_hashval(name); 6473 INIT_LIST_HEAD(&crp->cr_strhash); 6474 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]); 6475 memcpy(crp->cr_recdir, name, HEXDIR_LEN); 6476 crp->cr_clp = NULL; 6477 nn->reclaim_str_hashtbl_size++; 6478 } 6479 return crp; 6480 } 6481 6482 void 6483 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn) 6484 { 6485 list_del(&crp->cr_strhash); 6486 kfree(crp); 6487 nn->reclaim_str_hashtbl_size--; 6488 } 6489 6490 void 6491 nfs4_release_reclaim(struct nfsd_net *nn) 6492 { 6493 struct nfs4_client_reclaim *crp = NULL; 6494 int i; 6495 6496 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 6497 while (!list_empty(&nn->reclaim_str_hashtbl[i])) { 6498 crp = list_entry(nn->reclaim_str_hashtbl[i].next, 6499 struct nfs4_client_reclaim, cr_strhash); 6500 nfs4_remove_reclaim_record(crp, nn); 6501 } 6502 } 6503 WARN_ON_ONCE(nn->reclaim_str_hashtbl_size); 6504 } 6505 6506 /* 6507 * called from OPEN, CLAIM_PREVIOUS with a new clientid. */ 6508 struct nfs4_client_reclaim * 6509 nfsd4_find_reclaim_client(const char *recdir, struct nfsd_net *nn) 6510 { 6511 unsigned int strhashval; 6512 struct nfs4_client_reclaim *crp = NULL; 6513 6514 dprintk("NFSD: nfs4_find_reclaim_client for recdir %s\n", recdir); 6515 6516 strhashval = clientstr_hashval(recdir); 6517 list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) { 6518 if (same_name(crp->cr_recdir, recdir)) { 6519 return crp; 6520 } 6521 } 6522 return NULL; 6523 } 6524 6525 /* 6526 * Called from OPEN. Look for clientid in reclaim list. 6527 */ 6528 __be32 6529 nfs4_check_open_reclaim(clientid_t *clid, 6530 struct nfsd4_compound_state *cstate, 6531 struct nfsd_net *nn) 6532 { 6533 __be32 status; 6534 6535 /* find clientid in conf_id_hashtbl */ 6536 status = lookup_clientid(clid, cstate, nn); 6537 if (status) 6538 return nfserr_reclaim_bad; 6539 6540 if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &cstate->clp->cl_flags)) 6541 return nfserr_no_grace; 6542 6543 if (nfsd4_client_record_check(cstate->clp)) 6544 return nfserr_reclaim_bad; 6545 6546 return nfs_ok; 6547 } 6548 6549 #ifdef CONFIG_NFSD_FAULT_INJECTION 6550 static inline void 6551 put_client(struct nfs4_client *clp) 6552 { 6553 atomic_dec(&clp->cl_refcount); 6554 } 6555 6556 static struct nfs4_client * 6557 nfsd_find_client(struct sockaddr_storage *addr, size_t addr_size) 6558 { 6559 struct nfs4_client *clp; 6560 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6561 nfsd_net_id); 6562 6563 if (!nfsd_netns_ready(nn)) 6564 return NULL; 6565 6566 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6567 if (memcmp(&clp->cl_addr, addr, addr_size) == 0) 6568 return clp; 6569 } 6570 return NULL; 6571 } 6572 6573 u64 6574 nfsd_inject_print_clients(void) 6575 { 6576 struct nfs4_client *clp; 6577 u64 count = 0; 6578 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6579 nfsd_net_id); 6580 char buf[INET6_ADDRSTRLEN]; 6581 6582 if (!nfsd_netns_ready(nn)) 6583 return 0; 6584 6585 spin_lock(&nn->client_lock); 6586 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6587 rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf)); 6588 pr_info("NFS Client: %s\n", buf); 6589 ++count; 6590 } 6591 spin_unlock(&nn->client_lock); 6592 6593 return count; 6594 } 6595 6596 u64 6597 nfsd_inject_forget_client(struct sockaddr_storage *addr, size_t addr_size) 6598 { 6599 u64 count = 0; 6600 struct nfs4_client *clp; 6601 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6602 nfsd_net_id); 6603 6604 if (!nfsd_netns_ready(nn)) 6605 return count; 6606 6607 spin_lock(&nn->client_lock); 6608 clp = nfsd_find_client(addr, addr_size); 6609 if (clp) { 6610 if (mark_client_expired_locked(clp) == nfs_ok) 6611 ++count; 6612 else 6613 clp = NULL; 6614 } 6615 spin_unlock(&nn->client_lock); 6616 6617 if (clp) 6618 expire_client(clp); 6619 6620 return count; 6621 } 6622 6623 u64 6624 nfsd_inject_forget_clients(u64 max) 6625 { 6626 u64 count = 0; 6627 struct nfs4_client *clp, *next; 6628 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6629 nfsd_net_id); 6630 LIST_HEAD(reaplist); 6631 6632 if (!nfsd_netns_ready(nn)) 6633 return count; 6634 6635 spin_lock(&nn->client_lock); 6636 list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) { 6637 if (mark_client_expired_locked(clp) == nfs_ok) { 6638 list_add(&clp->cl_lru, &reaplist); 6639 if (max != 0 && ++count >= max) 6640 break; 6641 } 6642 } 6643 spin_unlock(&nn->client_lock); 6644 6645 list_for_each_entry_safe(clp, next, &reaplist, cl_lru) 6646 expire_client(clp); 6647 6648 return count; 6649 } 6650 6651 static void nfsd_print_count(struct nfs4_client *clp, unsigned int count, 6652 const char *type) 6653 { 6654 char buf[INET6_ADDRSTRLEN]; 6655 rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf)); 6656 printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type); 6657 } 6658 6659 static void 6660 nfsd_inject_add_lock_to_list(struct nfs4_ol_stateid *lst, 6661 struct list_head *collect) 6662 { 6663 struct nfs4_client *clp = lst->st_stid.sc_client; 6664 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6665 nfsd_net_id); 6666 6667 if (!collect) 6668 return; 6669 6670 lockdep_assert_held(&nn->client_lock); 6671 atomic_inc(&clp->cl_refcount); 6672 list_add(&lst->st_locks, collect); 6673 } 6674 6675 static u64 nfsd_foreach_client_lock(struct nfs4_client *clp, u64 max, 6676 struct list_head *collect, 6677 bool (*func)(struct nfs4_ol_stateid *)) 6678 { 6679 struct nfs4_openowner *oop; 6680 struct nfs4_ol_stateid *stp, *st_next; 6681 struct nfs4_ol_stateid *lst, *lst_next; 6682 u64 count = 0; 6683 6684 spin_lock(&clp->cl_lock); 6685 list_for_each_entry(oop, &clp->cl_openowners, oo_perclient) { 6686 list_for_each_entry_safe(stp, st_next, 6687 &oop->oo_owner.so_stateids, st_perstateowner) { 6688 list_for_each_entry_safe(lst, lst_next, 6689 &stp->st_locks, st_locks) { 6690 if (func) { 6691 if (func(lst)) 6692 nfsd_inject_add_lock_to_list(lst, 6693 collect); 6694 } 6695 ++count; 6696 /* 6697 * Despite the fact that these functions deal 6698 * with 64-bit integers for "count", we must 6699 * ensure that it doesn't blow up the 6700 * clp->cl_refcount. Throw a warning if we 6701 * start to approach INT_MAX here. 6702 */ 6703 WARN_ON_ONCE(count == (INT_MAX / 2)); 6704 if (count == max) 6705 goto out; 6706 } 6707 } 6708 } 6709 out: 6710 spin_unlock(&clp->cl_lock); 6711 6712 return count; 6713 } 6714 6715 static u64 6716 nfsd_collect_client_locks(struct nfs4_client *clp, struct list_head *collect, 6717 u64 max) 6718 { 6719 return nfsd_foreach_client_lock(clp, max, collect, unhash_lock_stateid); 6720 } 6721 6722 static u64 6723 nfsd_print_client_locks(struct nfs4_client *clp) 6724 { 6725 u64 count = nfsd_foreach_client_lock(clp, 0, NULL, NULL); 6726 nfsd_print_count(clp, count, "locked files"); 6727 return count; 6728 } 6729 6730 u64 6731 nfsd_inject_print_locks(void) 6732 { 6733 struct nfs4_client *clp; 6734 u64 count = 0; 6735 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6736 nfsd_net_id); 6737 6738 if (!nfsd_netns_ready(nn)) 6739 return 0; 6740 6741 spin_lock(&nn->client_lock); 6742 list_for_each_entry(clp, &nn->client_lru, cl_lru) 6743 count += nfsd_print_client_locks(clp); 6744 spin_unlock(&nn->client_lock); 6745 6746 return count; 6747 } 6748 6749 static void 6750 nfsd_reap_locks(struct list_head *reaplist) 6751 { 6752 struct nfs4_client *clp; 6753 struct nfs4_ol_stateid *stp, *next; 6754 6755 list_for_each_entry_safe(stp, next, reaplist, st_locks) { 6756 list_del_init(&stp->st_locks); 6757 clp = stp->st_stid.sc_client; 6758 nfs4_put_stid(&stp->st_stid); 6759 put_client(clp); 6760 } 6761 } 6762 6763 u64 6764 nfsd_inject_forget_client_locks(struct sockaddr_storage *addr, size_t addr_size) 6765 { 6766 unsigned int count = 0; 6767 struct nfs4_client *clp; 6768 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6769 nfsd_net_id); 6770 LIST_HEAD(reaplist); 6771 6772 if (!nfsd_netns_ready(nn)) 6773 return count; 6774 6775 spin_lock(&nn->client_lock); 6776 clp = nfsd_find_client(addr, addr_size); 6777 if (clp) 6778 count = nfsd_collect_client_locks(clp, &reaplist, 0); 6779 spin_unlock(&nn->client_lock); 6780 nfsd_reap_locks(&reaplist); 6781 return count; 6782 } 6783 6784 u64 6785 nfsd_inject_forget_locks(u64 max) 6786 { 6787 u64 count = 0; 6788 struct nfs4_client *clp; 6789 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6790 nfsd_net_id); 6791 LIST_HEAD(reaplist); 6792 6793 if (!nfsd_netns_ready(nn)) 6794 return count; 6795 6796 spin_lock(&nn->client_lock); 6797 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6798 count += nfsd_collect_client_locks(clp, &reaplist, max - count); 6799 if (max != 0 && count >= max) 6800 break; 6801 } 6802 spin_unlock(&nn->client_lock); 6803 nfsd_reap_locks(&reaplist); 6804 return count; 6805 } 6806 6807 static u64 6808 nfsd_foreach_client_openowner(struct nfs4_client *clp, u64 max, 6809 struct list_head *collect, 6810 void (*func)(struct nfs4_openowner *)) 6811 { 6812 struct nfs4_openowner *oop, *next; 6813 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6814 nfsd_net_id); 6815 u64 count = 0; 6816 6817 lockdep_assert_held(&nn->client_lock); 6818 6819 spin_lock(&clp->cl_lock); 6820 list_for_each_entry_safe(oop, next, &clp->cl_openowners, oo_perclient) { 6821 if (func) { 6822 func(oop); 6823 if (collect) { 6824 atomic_inc(&clp->cl_refcount); 6825 list_add(&oop->oo_perclient, collect); 6826 } 6827 } 6828 ++count; 6829 /* 6830 * Despite the fact that these functions deal with 6831 * 64-bit integers for "count", we must ensure that 6832 * it doesn't blow up the clp->cl_refcount. Throw a 6833 * warning if we start to approach INT_MAX here. 6834 */ 6835 WARN_ON_ONCE(count == (INT_MAX / 2)); 6836 if (count == max) 6837 break; 6838 } 6839 spin_unlock(&clp->cl_lock); 6840 6841 return count; 6842 } 6843 6844 static u64 6845 nfsd_print_client_openowners(struct nfs4_client *clp) 6846 { 6847 u64 count = nfsd_foreach_client_openowner(clp, 0, NULL, NULL); 6848 6849 nfsd_print_count(clp, count, "openowners"); 6850 return count; 6851 } 6852 6853 static u64 6854 nfsd_collect_client_openowners(struct nfs4_client *clp, 6855 struct list_head *collect, u64 max) 6856 { 6857 return nfsd_foreach_client_openowner(clp, max, collect, 6858 unhash_openowner_locked); 6859 } 6860 6861 u64 6862 nfsd_inject_print_openowners(void) 6863 { 6864 struct nfs4_client *clp; 6865 u64 count = 0; 6866 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6867 nfsd_net_id); 6868 6869 if (!nfsd_netns_ready(nn)) 6870 return 0; 6871 6872 spin_lock(&nn->client_lock); 6873 list_for_each_entry(clp, &nn->client_lru, cl_lru) 6874 count += nfsd_print_client_openowners(clp); 6875 spin_unlock(&nn->client_lock); 6876 6877 return count; 6878 } 6879 6880 static void 6881 nfsd_reap_openowners(struct list_head *reaplist) 6882 { 6883 struct nfs4_client *clp; 6884 struct nfs4_openowner *oop, *next; 6885 6886 list_for_each_entry_safe(oop, next, reaplist, oo_perclient) { 6887 list_del_init(&oop->oo_perclient); 6888 clp = oop->oo_owner.so_client; 6889 release_openowner(oop); 6890 put_client(clp); 6891 } 6892 } 6893 6894 u64 6895 nfsd_inject_forget_client_openowners(struct sockaddr_storage *addr, 6896 size_t addr_size) 6897 { 6898 unsigned int count = 0; 6899 struct nfs4_client *clp; 6900 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6901 nfsd_net_id); 6902 LIST_HEAD(reaplist); 6903 6904 if (!nfsd_netns_ready(nn)) 6905 return count; 6906 6907 spin_lock(&nn->client_lock); 6908 clp = nfsd_find_client(addr, addr_size); 6909 if (clp) 6910 count = nfsd_collect_client_openowners(clp, &reaplist, 0); 6911 spin_unlock(&nn->client_lock); 6912 nfsd_reap_openowners(&reaplist); 6913 return count; 6914 } 6915 6916 u64 6917 nfsd_inject_forget_openowners(u64 max) 6918 { 6919 u64 count = 0; 6920 struct nfs4_client *clp; 6921 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6922 nfsd_net_id); 6923 LIST_HEAD(reaplist); 6924 6925 if (!nfsd_netns_ready(nn)) 6926 return count; 6927 6928 spin_lock(&nn->client_lock); 6929 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 6930 count += nfsd_collect_client_openowners(clp, &reaplist, 6931 max - count); 6932 if (max != 0 && count >= max) 6933 break; 6934 } 6935 spin_unlock(&nn->client_lock); 6936 nfsd_reap_openowners(&reaplist); 6937 return count; 6938 } 6939 6940 static u64 nfsd_find_all_delegations(struct nfs4_client *clp, u64 max, 6941 struct list_head *victims) 6942 { 6943 struct nfs4_delegation *dp, *next; 6944 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6945 nfsd_net_id); 6946 u64 count = 0; 6947 6948 lockdep_assert_held(&nn->client_lock); 6949 6950 spin_lock(&state_lock); 6951 list_for_each_entry_safe(dp, next, &clp->cl_delegations, dl_perclnt) { 6952 if (victims) { 6953 /* 6954 * It's not safe to mess with delegations that have a 6955 * non-zero dl_time. They might have already been broken 6956 * and could be processed by the laundromat outside of 6957 * the state_lock. Just leave them be. 6958 */ 6959 if (dp->dl_time != 0) 6960 continue; 6961 6962 atomic_inc(&clp->cl_refcount); 6963 WARN_ON(!unhash_delegation_locked(dp)); 6964 list_add(&dp->dl_recall_lru, victims); 6965 } 6966 ++count; 6967 /* 6968 * Despite the fact that these functions deal with 6969 * 64-bit integers for "count", we must ensure that 6970 * it doesn't blow up the clp->cl_refcount. Throw a 6971 * warning if we start to approach INT_MAX here. 6972 */ 6973 WARN_ON_ONCE(count == (INT_MAX / 2)); 6974 if (count == max) 6975 break; 6976 } 6977 spin_unlock(&state_lock); 6978 return count; 6979 } 6980 6981 static u64 6982 nfsd_print_client_delegations(struct nfs4_client *clp) 6983 { 6984 u64 count = nfsd_find_all_delegations(clp, 0, NULL); 6985 6986 nfsd_print_count(clp, count, "delegations"); 6987 return count; 6988 } 6989 6990 u64 6991 nfsd_inject_print_delegations(void) 6992 { 6993 struct nfs4_client *clp; 6994 u64 count = 0; 6995 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 6996 nfsd_net_id); 6997 6998 if (!nfsd_netns_ready(nn)) 6999 return 0; 7000 7001 spin_lock(&nn->client_lock); 7002 list_for_each_entry(clp, &nn->client_lru, cl_lru) 7003 count += nfsd_print_client_delegations(clp); 7004 spin_unlock(&nn->client_lock); 7005 7006 return count; 7007 } 7008 7009 static void 7010 nfsd_forget_delegations(struct list_head *reaplist) 7011 { 7012 struct nfs4_client *clp; 7013 struct nfs4_delegation *dp, *next; 7014 7015 list_for_each_entry_safe(dp, next, reaplist, dl_recall_lru) { 7016 list_del_init(&dp->dl_recall_lru); 7017 clp = dp->dl_stid.sc_client; 7018 revoke_delegation(dp); 7019 put_client(clp); 7020 } 7021 } 7022 7023 u64 7024 nfsd_inject_forget_client_delegations(struct sockaddr_storage *addr, 7025 size_t addr_size) 7026 { 7027 u64 count = 0; 7028 struct nfs4_client *clp; 7029 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 7030 nfsd_net_id); 7031 LIST_HEAD(reaplist); 7032 7033 if (!nfsd_netns_ready(nn)) 7034 return count; 7035 7036 spin_lock(&nn->client_lock); 7037 clp = nfsd_find_client(addr, addr_size); 7038 if (clp) 7039 count = nfsd_find_all_delegations(clp, 0, &reaplist); 7040 spin_unlock(&nn->client_lock); 7041 7042 nfsd_forget_delegations(&reaplist); 7043 return count; 7044 } 7045 7046 u64 7047 nfsd_inject_forget_delegations(u64 max) 7048 { 7049 u64 count = 0; 7050 struct nfs4_client *clp; 7051 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 7052 nfsd_net_id); 7053 LIST_HEAD(reaplist); 7054 7055 if (!nfsd_netns_ready(nn)) 7056 return count; 7057 7058 spin_lock(&nn->client_lock); 7059 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 7060 count += nfsd_find_all_delegations(clp, max - count, &reaplist); 7061 if (max != 0 && count >= max) 7062 break; 7063 } 7064 spin_unlock(&nn->client_lock); 7065 nfsd_forget_delegations(&reaplist); 7066 return count; 7067 } 7068 7069 static void 7070 nfsd_recall_delegations(struct list_head *reaplist) 7071 { 7072 struct nfs4_client *clp; 7073 struct nfs4_delegation *dp, *next; 7074 7075 list_for_each_entry_safe(dp, next, reaplist, dl_recall_lru) { 7076 list_del_init(&dp->dl_recall_lru); 7077 clp = dp->dl_stid.sc_client; 7078 /* 7079 * We skipped all entries that had a zero dl_time before, 7080 * so we can now reset the dl_time back to 0. If a delegation 7081 * break comes in now, then it won't make any difference since 7082 * we're recalling it either way. 7083 */ 7084 spin_lock(&state_lock); 7085 dp->dl_time = 0; 7086 spin_unlock(&state_lock); 7087 nfsd_break_one_deleg(dp); 7088 put_client(clp); 7089 } 7090 } 7091 7092 u64 7093 nfsd_inject_recall_client_delegations(struct sockaddr_storage *addr, 7094 size_t addr_size) 7095 { 7096 u64 count = 0; 7097 struct nfs4_client *clp; 7098 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 7099 nfsd_net_id); 7100 LIST_HEAD(reaplist); 7101 7102 if (!nfsd_netns_ready(nn)) 7103 return count; 7104 7105 spin_lock(&nn->client_lock); 7106 clp = nfsd_find_client(addr, addr_size); 7107 if (clp) 7108 count = nfsd_find_all_delegations(clp, 0, &reaplist); 7109 spin_unlock(&nn->client_lock); 7110 7111 nfsd_recall_delegations(&reaplist); 7112 return count; 7113 } 7114 7115 u64 7116 nfsd_inject_recall_delegations(u64 max) 7117 { 7118 u64 count = 0; 7119 struct nfs4_client *clp, *next; 7120 struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, 7121 nfsd_net_id); 7122 LIST_HEAD(reaplist); 7123 7124 if (!nfsd_netns_ready(nn)) 7125 return count; 7126 7127 spin_lock(&nn->client_lock); 7128 list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) { 7129 count += nfsd_find_all_delegations(clp, max - count, &reaplist); 7130 if (max != 0 && ++count >= max) 7131 break; 7132 } 7133 spin_unlock(&nn->client_lock); 7134 nfsd_recall_delegations(&reaplist); 7135 return count; 7136 } 7137 #endif /* CONFIG_NFSD_FAULT_INJECTION */ 7138 7139 /* 7140 * Since the lifetime of a delegation isn't limited to that of an open, a 7141 * client may quite reasonably hang on to a delegation as long as it has 7142 * the inode cached. This becomes an obvious problem the first time a 7143 * client's inode cache approaches the size of the server's total memory. 7144 * 7145 * For now we avoid this problem by imposing a hard limit on the number 7146 * of delegations, which varies according to the server's memory size. 7147 */ 7148 static void 7149 set_max_delegations(void) 7150 { 7151 /* 7152 * Allow at most 4 delegations per megabyte of RAM. Quick 7153 * estimates suggest that in the worst case (where every delegation 7154 * is for a different inode), a delegation could take about 1.5K, 7155 * giving a worst case usage of about 6% of memory. 7156 */ 7157 max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT); 7158 } 7159 7160 static int nfs4_state_create_net(struct net *net) 7161 { 7162 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7163 int i; 7164 7165 nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 7166 sizeof(struct list_head), 7167 GFP_KERNEL); 7168 if (!nn->conf_id_hashtbl) 7169 goto err; 7170 nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE, 7171 sizeof(struct list_head), 7172 GFP_KERNEL); 7173 if (!nn->unconf_id_hashtbl) 7174 goto err_unconf_id; 7175 nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE, 7176 sizeof(struct list_head), 7177 GFP_KERNEL); 7178 if (!nn->sessionid_hashtbl) 7179 goto err_sessionid; 7180 7181 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 7182 INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]); 7183 INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]); 7184 } 7185 for (i = 0; i < SESSION_HASH_SIZE; i++) 7186 INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]); 7187 nn->conf_name_tree = RB_ROOT; 7188 nn->unconf_name_tree = RB_ROOT; 7189 nn->boot_time = get_seconds(); 7190 nn->grace_ended = false; 7191 nn->nfsd4_manager.block_opens = true; 7192 INIT_LIST_HEAD(&nn->nfsd4_manager.list); 7193 INIT_LIST_HEAD(&nn->client_lru); 7194 INIT_LIST_HEAD(&nn->close_lru); 7195 INIT_LIST_HEAD(&nn->del_recall_lru); 7196 spin_lock_init(&nn->client_lock); 7197 spin_lock_init(&nn->s2s_cp_lock); 7198 idr_init(&nn->s2s_cp_stateids); 7199 7200 spin_lock_init(&nn->blocked_locks_lock); 7201 INIT_LIST_HEAD(&nn->blocked_locks_lru); 7202 7203 INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main); 7204 get_net(net); 7205 7206 return 0; 7207 7208 err_sessionid: 7209 kfree(nn->unconf_id_hashtbl); 7210 err_unconf_id: 7211 kfree(nn->conf_id_hashtbl); 7212 err: 7213 return -ENOMEM; 7214 } 7215 7216 static void 7217 nfs4_state_destroy_net(struct net *net) 7218 { 7219 int i; 7220 struct nfs4_client *clp = NULL; 7221 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7222 7223 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 7224 while (!list_empty(&nn->conf_id_hashtbl[i])) { 7225 clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 7226 destroy_client(clp); 7227 } 7228 } 7229 7230 WARN_ON(!list_empty(&nn->blocked_locks_lru)); 7231 7232 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 7233 while (!list_empty(&nn->unconf_id_hashtbl[i])) { 7234 clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 7235 destroy_client(clp); 7236 } 7237 } 7238 7239 kfree(nn->sessionid_hashtbl); 7240 kfree(nn->unconf_id_hashtbl); 7241 kfree(nn->conf_id_hashtbl); 7242 put_net(net); 7243 } 7244 7245 int 7246 nfs4_state_start_net(struct net *net) 7247 { 7248 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7249 int ret; 7250 7251 ret = nfs4_state_create_net(net); 7252 if (ret) 7253 return ret; 7254 locks_start_grace(net, &nn->nfsd4_manager); 7255 nfsd4_client_tracking_init(net); 7256 printk(KERN_INFO "NFSD: starting %ld-second grace period (net %x)\n", 7257 nn->nfsd4_grace, net->ns.inum); 7258 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ); 7259 return 0; 7260 } 7261 7262 /* initialization to perform when the nfsd service is started: */ 7263 7264 int 7265 nfs4_state_start(void) 7266 { 7267 int ret; 7268 7269 laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4"); 7270 if (laundry_wq == NULL) { 7271 ret = -ENOMEM; 7272 goto out; 7273 } 7274 ret = nfsd4_create_callback_queue(); 7275 if (ret) 7276 goto out_free_laundry; 7277 7278 set_max_delegations(); 7279 return 0; 7280 7281 out_free_laundry: 7282 destroy_workqueue(laundry_wq); 7283 out: 7284 return ret; 7285 } 7286 7287 void 7288 nfs4_state_shutdown_net(struct net *net) 7289 { 7290 struct nfs4_delegation *dp = NULL; 7291 struct list_head *pos, *next, reaplist; 7292 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7293 7294 cancel_delayed_work_sync(&nn->laundromat_work); 7295 locks_end_grace(&nn->nfsd4_manager); 7296 7297 INIT_LIST_HEAD(&reaplist); 7298 spin_lock(&state_lock); 7299 list_for_each_safe(pos, next, &nn->del_recall_lru) { 7300 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 7301 WARN_ON(!unhash_delegation_locked(dp)); 7302 list_add(&dp->dl_recall_lru, &reaplist); 7303 } 7304 spin_unlock(&state_lock); 7305 list_for_each_safe(pos, next, &reaplist) { 7306 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 7307 list_del_init(&dp->dl_recall_lru); 7308 destroy_unhashed_deleg(dp); 7309 } 7310 7311 nfsd4_client_tracking_exit(net); 7312 nfs4_state_destroy_net(net); 7313 } 7314 7315 void 7316 nfs4_state_shutdown(void) 7317 { 7318 destroy_workqueue(laundry_wq); 7319 nfsd4_destroy_callback_queue(); 7320 } 7321 7322 static void 7323 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 7324 { 7325 if (HAS_STATE_ID(cstate, CURRENT_STATE_ID_FLAG) && CURRENT_STATEID(stateid)) 7326 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t)); 7327 } 7328 7329 static void 7330 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 7331 { 7332 if (cstate->minorversion) { 7333 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t)); 7334 SET_STATE_ID(cstate, CURRENT_STATE_ID_FLAG); 7335 } 7336 } 7337 7338 void 7339 clear_current_stateid(struct nfsd4_compound_state *cstate) 7340 { 7341 CLEAR_STATE_ID(cstate, CURRENT_STATE_ID_FLAG); 7342 } 7343 7344 /* 7345 * functions to set current state id 7346 */ 7347 void 7348 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, 7349 union nfsd4_op_u *u) 7350 { 7351 put_stateid(cstate, &u->open_downgrade.od_stateid); 7352 } 7353 7354 void 7355 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, 7356 union nfsd4_op_u *u) 7357 { 7358 put_stateid(cstate, &u->open.op_stateid); 7359 } 7360 7361 void 7362 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, 7363 union nfsd4_op_u *u) 7364 { 7365 put_stateid(cstate, &u->close.cl_stateid); 7366 } 7367 7368 void 7369 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, 7370 union nfsd4_op_u *u) 7371 { 7372 put_stateid(cstate, &u->lock.lk_resp_stateid); 7373 } 7374 7375 /* 7376 * functions to consume current state id 7377 */ 7378 7379 void 7380 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, 7381 union nfsd4_op_u *u) 7382 { 7383 get_stateid(cstate, &u->open_downgrade.od_stateid); 7384 } 7385 7386 void 7387 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, 7388 union nfsd4_op_u *u) 7389 { 7390 get_stateid(cstate, &u->delegreturn.dr_stateid); 7391 } 7392 7393 void 7394 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, 7395 union nfsd4_op_u *u) 7396 { 7397 get_stateid(cstate, &u->free_stateid.fr_stateid); 7398 } 7399 7400 void 7401 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, 7402 union nfsd4_op_u *u) 7403 { 7404 get_stateid(cstate, &u->setattr.sa_stateid); 7405 } 7406 7407 void 7408 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, 7409 union nfsd4_op_u *u) 7410 { 7411 get_stateid(cstate, &u->close.cl_stateid); 7412 } 7413 7414 void 7415 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, 7416 union nfsd4_op_u *u) 7417 { 7418 get_stateid(cstate, &u->locku.lu_stateid); 7419 } 7420 7421 void 7422 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, 7423 union nfsd4_op_u *u) 7424 { 7425 get_stateid(cstate, &u->read.rd_stateid); 7426 } 7427 7428 void 7429 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, 7430 union nfsd4_op_u *u) 7431 { 7432 get_stateid(cstate, &u->write.wr_stateid); 7433 } 7434