xref: /openbmc/linux/fs/nfsd/nfs4xdr.c (revision 31b90347)
1 /*
2  *  Server-side XDR for NFSv4
3  *
4  *  Copyright (c) 2002 The Regents of the University of Michigan.
5  *  All rights reserved.
6  *
7  *  Kendrick Smith <kmsmith@umich.edu>
8  *  Andy Adamson   <andros@umich.edu>
9  *
10  *  Redistribution and use in source and binary forms, with or without
11  *  modification, are permitted provided that the following conditions
12  *  are met:
13  *
14  *  1. Redistributions of source code must retain the above copyright
15  *     notice, this list of conditions and the following disclaimer.
16  *  2. Redistributions in binary form must reproduce the above copyright
17  *     notice, this list of conditions and the following disclaimer in the
18  *     documentation and/or other materials provided with the distribution.
19  *  3. Neither the name of the University nor the names of its
20  *     contributors may be used to endorse or promote products derived
21  *     from this software without specific prior written permission.
22  *
23  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
24  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  *
35  * TODO: Neil Brown made the following observation:  We currently
36  * initially reserve NFSD_BUFSIZE space on the transmit queue and
37  * never release any of that until the request is complete.
38  * It would be good to calculate a new maximum response size while
39  * decoding the COMPOUND, and call svc_reserve with this number
40  * at the end of nfs4svc_decode_compoundargs.
41  */
42 
43 #include <linux/slab.h>
44 #include <linux/namei.h>
45 #include <linux/statfs.h>
46 #include <linux/utsname.h>
47 #include <linux/pagemap.h>
48 #include <linux/sunrpc/svcauth_gss.h>
49 
50 #include "idmap.h"
51 #include "acl.h"
52 #include "xdr4.h"
53 #include "vfs.h"
54 #include "state.h"
55 #include "cache.h"
56 #include "netns.h"
57 
58 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
59 #include <linux/security.h>
60 #endif
61 
62 
63 #define NFSDDBG_FACILITY		NFSDDBG_XDR
64 
65 /*
66  * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
67  * directory in order to indicate to the client that a filesystem boundary is present
68  * We use a fixed fsid for a referral
69  */
70 #define NFS4_REFERRAL_FSID_MAJOR	0x8000000ULL
71 #define NFS4_REFERRAL_FSID_MINOR	0x8000000ULL
72 
73 static __be32
74 check_filename(char *str, int len)
75 {
76 	int i;
77 
78 	if (len == 0)
79 		return nfserr_inval;
80 	if (isdotent(str, len))
81 		return nfserr_badname;
82 	for (i = 0; i < len; i++)
83 		if (str[i] == '/')
84 			return nfserr_badname;
85 	return 0;
86 }
87 
88 #define DECODE_HEAD				\
89 	__be32 *p;				\
90 	__be32 status
91 #define DECODE_TAIL				\
92 	status = 0;				\
93 out:						\
94 	return status;				\
95 xdr_error:					\
96 	dprintk("NFSD: xdr error (%s:%d)\n",	\
97 			__FILE__, __LINE__);	\
98 	status = nfserr_bad_xdr;		\
99 	goto out
100 
101 #define READ32(x)         (x) = ntohl(*p++)
102 #define READ64(x)         do {			\
103 	(x) = (u64)ntohl(*p++) << 32;		\
104 	(x) |= ntohl(*p++);			\
105 } while (0)
106 #define READTIME(x)       do {			\
107 	p++;					\
108 	(x) = ntohl(*p++);			\
109 	p++;					\
110 } while (0)
111 #define READMEM(x,nbytes) do {			\
112 	x = (char *)p;				\
113 	p += XDR_QUADLEN(nbytes);		\
114 } while (0)
115 #define SAVEMEM(x,nbytes) do {			\
116 	if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
117  		savemem(argp, p, nbytes) :	\
118  		(char *)p)) {			\
119 		dprintk("NFSD: xdr error (%s:%d)\n", \
120 				__FILE__, __LINE__); \
121 		goto xdr_error;			\
122 		}				\
123 	p += XDR_QUADLEN(nbytes);		\
124 } while (0)
125 #define COPYMEM(x,nbytes) do {			\
126 	memcpy((x), p, nbytes);			\
127 	p += XDR_QUADLEN(nbytes);		\
128 } while (0)
129 
130 /* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
131 #define READ_BUF(nbytes)  do {			\
132 	if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {	\
133 		p = argp->p;			\
134 		argp->p += XDR_QUADLEN(nbytes);	\
135 	} else if (!(p = read_buf(argp, nbytes))) { \
136 		dprintk("NFSD: xdr error (%s:%d)\n", \
137 				__FILE__, __LINE__); \
138 		goto xdr_error;			\
139 	}					\
140 } while (0)
141 
142 static void next_decode_page(struct nfsd4_compoundargs *argp)
143 {
144 	argp->p = page_address(argp->pagelist[0]);
145 	argp->pagelist++;
146 	if (argp->pagelen < PAGE_SIZE) {
147 		argp->end = argp->p + (argp->pagelen>>2);
148 		argp->pagelen = 0;
149 	} else {
150 		argp->end = argp->p + (PAGE_SIZE>>2);
151 		argp->pagelen -= PAGE_SIZE;
152 	}
153 }
154 
155 static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
156 {
157 	/* We want more bytes than seem to be available.
158 	 * Maybe we need a new page, maybe we have just run out
159 	 */
160 	unsigned int avail = (char *)argp->end - (char *)argp->p;
161 	__be32 *p;
162 	if (avail + argp->pagelen < nbytes)
163 		return NULL;
164 	if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
165 		return NULL;
166 	/* ok, we can do it with the current plus the next page */
167 	if (nbytes <= sizeof(argp->tmp))
168 		p = argp->tmp;
169 	else {
170 		kfree(argp->tmpp);
171 		p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
172 		if (!p)
173 			return NULL;
174 
175 	}
176 	/*
177 	 * The following memcpy is safe because read_buf is always
178 	 * called with nbytes > avail, and the two cases above both
179 	 * guarantee p points to at least nbytes bytes.
180 	 */
181 	memcpy(p, argp->p, avail);
182 	next_decode_page(argp);
183 	memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
184 	argp->p += XDR_QUADLEN(nbytes - avail);
185 	return p;
186 }
187 
188 static int zero_clientid(clientid_t *clid)
189 {
190 	return (clid->cl_boot == 0) && (clid->cl_id == 0);
191 }
192 
193 static int
194 defer_free(struct nfsd4_compoundargs *argp,
195 		void (*release)(const void *), void *p)
196 {
197 	struct tmpbuf *tb;
198 
199 	tb = kmalloc(sizeof(*tb), GFP_KERNEL);
200 	if (!tb)
201 		return -ENOMEM;
202 	tb->buf = p;
203 	tb->release = release;
204 	tb->next = argp->to_free;
205 	argp->to_free = tb;
206 	return 0;
207 }
208 
209 static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
210 {
211 	if (p == argp->tmp) {
212 		p = kmemdup(argp->tmp, nbytes, GFP_KERNEL);
213 		if (!p)
214 			return NULL;
215 	} else {
216 		BUG_ON(p != argp->tmpp);
217 		argp->tmpp = NULL;
218 	}
219 	if (defer_free(argp, kfree, p)) {
220 		kfree(p);
221 		return NULL;
222 	} else
223 		return (char *)p;
224 }
225 
226 static __be32
227 nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
228 {
229 	u32 bmlen;
230 	DECODE_HEAD;
231 
232 	bmval[0] = 0;
233 	bmval[1] = 0;
234 	bmval[2] = 0;
235 
236 	READ_BUF(4);
237 	READ32(bmlen);
238 	if (bmlen > 1000)
239 		goto xdr_error;
240 
241 	READ_BUF(bmlen << 2);
242 	if (bmlen > 0)
243 		READ32(bmval[0]);
244 	if (bmlen > 1)
245 		READ32(bmval[1]);
246 	if (bmlen > 2)
247 		READ32(bmval[2]);
248 
249 	DECODE_TAIL;
250 }
251 
252 static __be32
253 nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
254 		   struct iattr *iattr, struct nfs4_acl **acl,
255 		   struct xdr_netobj *label)
256 {
257 	int expected_len, len = 0;
258 	u32 dummy32;
259 	char *buf;
260 	int host_err;
261 
262 	DECODE_HEAD;
263 	iattr->ia_valid = 0;
264 	if ((status = nfsd4_decode_bitmap(argp, bmval)))
265 		return status;
266 
267 	READ_BUF(4);
268 	READ32(expected_len);
269 
270 	if (bmval[0] & FATTR4_WORD0_SIZE) {
271 		READ_BUF(8);
272 		len += 8;
273 		READ64(iattr->ia_size);
274 		iattr->ia_valid |= ATTR_SIZE;
275 	}
276 	if (bmval[0] & FATTR4_WORD0_ACL) {
277 		u32 nace;
278 		struct nfs4_ace *ace;
279 
280 		READ_BUF(4); len += 4;
281 		READ32(nace);
282 
283 		if (nace > NFS4_ACL_MAX)
284 			return nfserr_resource;
285 
286 		*acl = nfs4_acl_new(nace);
287 		if (*acl == NULL) {
288 			host_err = -ENOMEM;
289 			goto out_nfserr;
290 		}
291 		defer_free(argp, kfree, *acl);
292 
293 		(*acl)->naces = nace;
294 		for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
295 			READ_BUF(16); len += 16;
296 			READ32(ace->type);
297 			READ32(ace->flag);
298 			READ32(ace->access_mask);
299 			READ32(dummy32);
300 			READ_BUF(dummy32);
301 			len += XDR_QUADLEN(dummy32) << 2;
302 			READMEM(buf, dummy32);
303 			ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
304 			status = nfs_ok;
305 			if (ace->whotype != NFS4_ACL_WHO_NAMED)
306 				;
307 			else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
308 				status = nfsd_map_name_to_gid(argp->rqstp,
309 						buf, dummy32, &ace->who_gid);
310 			else
311 				status = nfsd_map_name_to_uid(argp->rqstp,
312 						buf, dummy32, &ace->who_uid);
313 			if (status)
314 				return status;
315 		}
316 	} else
317 		*acl = NULL;
318 	if (bmval[1] & FATTR4_WORD1_MODE) {
319 		READ_BUF(4);
320 		len += 4;
321 		READ32(iattr->ia_mode);
322 		iattr->ia_mode &= (S_IFMT | S_IALLUGO);
323 		iattr->ia_valid |= ATTR_MODE;
324 	}
325 	if (bmval[1] & FATTR4_WORD1_OWNER) {
326 		READ_BUF(4);
327 		len += 4;
328 		READ32(dummy32);
329 		READ_BUF(dummy32);
330 		len += (XDR_QUADLEN(dummy32) << 2);
331 		READMEM(buf, dummy32);
332 		if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
333 			return status;
334 		iattr->ia_valid |= ATTR_UID;
335 	}
336 	if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
337 		READ_BUF(4);
338 		len += 4;
339 		READ32(dummy32);
340 		READ_BUF(dummy32);
341 		len += (XDR_QUADLEN(dummy32) << 2);
342 		READMEM(buf, dummy32);
343 		if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
344 			return status;
345 		iattr->ia_valid |= ATTR_GID;
346 	}
347 	if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
348 		READ_BUF(4);
349 		len += 4;
350 		READ32(dummy32);
351 		switch (dummy32) {
352 		case NFS4_SET_TO_CLIENT_TIME:
353 			/* We require the high 32 bits of 'seconds' to be 0, and we ignore
354 			   all 32 bits of 'nseconds'. */
355 			READ_BUF(12);
356 			len += 12;
357 			READ64(iattr->ia_atime.tv_sec);
358 			READ32(iattr->ia_atime.tv_nsec);
359 			if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
360 				return nfserr_inval;
361 			iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
362 			break;
363 		case NFS4_SET_TO_SERVER_TIME:
364 			iattr->ia_valid |= ATTR_ATIME;
365 			break;
366 		default:
367 			goto xdr_error;
368 		}
369 	}
370 	if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
371 		READ_BUF(4);
372 		len += 4;
373 		READ32(dummy32);
374 		switch (dummy32) {
375 		case NFS4_SET_TO_CLIENT_TIME:
376 			/* We require the high 32 bits of 'seconds' to be 0, and we ignore
377 			   all 32 bits of 'nseconds'. */
378 			READ_BUF(12);
379 			len += 12;
380 			READ64(iattr->ia_mtime.tv_sec);
381 			READ32(iattr->ia_mtime.tv_nsec);
382 			if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
383 				return nfserr_inval;
384 			iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
385 			break;
386 		case NFS4_SET_TO_SERVER_TIME:
387 			iattr->ia_valid |= ATTR_MTIME;
388 			break;
389 		default:
390 			goto xdr_error;
391 		}
392 	}
393 
394 	label->len = 0;
395 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
396 	if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
397 		READ_BUF(4);
398 		len += 4;
399 		READ32(dummy32); /* lfs: we don't use it */
400 		READ_BUF(4);
401 		len += 4;
402 		READ32(dummy32); /* pi: we don't use it either */
403 		READ_BUF(4);
404 		len += 4;
405 		READ32(dummy32);
406 		READ_BUF(dummy32);
407 		if (dummy32 > NFSD4_MAX_SEC_LABEL_LEN)
408 			return nfserr_badlabel;
409 		len += (XDR_QUADLEN(dummy32) << 2);
410 		READMEM(buf, dummy32);
411 		label->data = kzalloc(dummy32 + 1, GFP_KERNEL);
412 		if (!label->data)
413 			return nfserr_jukebox;
414 		label->len = dummy32;
415 		defer_free(argp, kfree, label->data);
416 		memcpy(label->data, buf, dummy32);
417 	}
418 #endif
419 
420 	if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
421 	    || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
422 	    || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2)
423 		READ_BUF(expected_len - len);
424 	else if (len != expected_len)
425 		goto xdr_error;
426 
427 	DECODE_TAIL;
428 
429 out_nfserr:
430 	status = nfserrno(host_err);
431 	goto out;
432 }
433 
434 static __be32
435 nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
436 {
437 	DECODE_HEAD;
438 
439 	READ_BUF(sizeof(stateid_t));
440 	READ32(sid->si_generation);
441 	COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
442 
443 	DECODE_TAIL;
444 }
445 
446 static __be32
447 nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
448 {
449 	DECODE_HEAD;
450 
451 	READ_BUF(4);
452 	READ32(access->ac_req_access);
453 
454 	DECODE_TAIL;
455 }
456 
457 static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
458 {
459 	DECODE_HEAD;
460 	u32 dummy, uid, gid;
461 	char *machine_name;
462 	int i;
463 	int nr_secflavs;
464 
465 	/* callback_sec_params4 */
466 	READ_BUF(4);
467 	READ32(nr_secflavs);
468 	if (nr_secflavs)
469 		cbs->flavor = (u32)(-1);
470 	else
471 		/* Is this legal? Be generous, take it to mean AUTH_NONE: */
472 		cbs->flavor = 0;
473 	for (i = 0; i < nr_secflavs; ++i) {
474 		READ_BUF(4);
475 		READ32(dummy);
476 		switch (dummy) {
477 		case RPC_AUTH_NULL:
478 			/* Nothing to read */
479 			if (cbs->flavor == (u32)(-1))
480 				cbs->flavor = RPC_AUTH_NULL;
481 			break;
482 		case RPC_AUTH_UNIX:
483 			READ_BUF(8);
484 			/* stamp */
485 			READ32(dummy);
486 
487 			/* machine name */
488 			READ32(dummy);
489 			READ_BUF(dummy);
490 			SAVEMEM(machine_name, dummy);
491 
492 			/* uid, gid */
493 			READ_BUF(8);
494 			READ32(uid);
495 			READ32(gid);
496 
497 			/* more gids */
498 			READ_BUF(4);
499 			READ32(dummy);
500 			READ_BUF(dummy * 4);
501 			if (cbs->flavor == (u32)(-1)) {
502 				kuid_t kuid = make_kuid(&init_user_ns, uid);
503 				kgid_t kgid = make_kgid(&init_user_ns, gid);
504 				if (uid_valid(kuid) && gid_valid(kgid)) {
505 					cbs->uid = kuid;
506 					cbs->gid = kgid;
507 					cbs->flavor = RPC_AUTH_UNIX;
508 				} else {
509 					dprintk("RPC_AUTH_UNIX with invalid"
510 						"uid or gid ignoring!\n");
511 				}
512 			}
513 			break;
514 		case RPC_AUTH_GSS:
515 			dprintk("RPC_AUTH_GSS callback secflavor "
516 				"not supported!\n");
517 			READ_BUF(8);
518 			/* gcbp_service */
519 			READ32(dummy);
520 			/* gcbp_handle_from_server */
521 			READ32(dummy);
522 			READ_BUF(dummy);
523 			p += XDR_QUADLEN(dummy);
524 			/* gcbp_handle_from_client */
525 			READ_BUF(4);
526 			READ32(dummy);
527 			READ_BUF(dummy);
528 			break;
529 		default:
530 			dprintk("Illegal callback secflavor\n");
531 			return nfserr_inval;
532 		}
533 	}
534 	DECODE_TAIL;
535 }
536 
537 static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
538 {
539 	DECODE_HEAD;
540 
541 	READ_BUF(4);
542 	READ32(bc->bc_cb_program);
543 	nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
544 
545 	DECODE_TAIL;
546 }
547 
548 static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
549 {
550 	DECODE_HEAD;
551 
552 	READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
553 	COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
554 	READ32(bcts->dir);
555 	/* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
556 	 * could help us figure out we should be using it. */
557 	DECODE_TAIL;
558 }
559 
560 static __be32
561 nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
562 {
563 	DECODE_HEAD;
564 
565 	READ_BUF(4);
566 	READ32(close->cl_seqid);
567 	return nfsd4_decode_stateid(argp, &close->cl_stateid);
568 
569 	DECODE_TAIL;
570 }
571 
572 
573 static __be32
574 nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
575 {
576 	DECODE_HEAD;
577 
578 	READ_BUF(12);
579 	READ64(commit->co_offset);
580 	READ32(commit->co_count);
581 
582 	DECODE_TAIL;
583 }
584 
585 static __be32
586 nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
587 {
588 	DECODE_HEAD;
589 
590 	READ_BUF(4);
591 	READ32(create->cr_type);
592 	switch (create->cr_type) {
593 	case NF4LNK:
594 		READ_BUF(4);
595 		READ32(create->cr_linklen);
596 		READ_BUF(create->cr_linklen);
597 		SAVEMEM(create->cr_linkname, create->cr_linklen);
598 		break;
599 	case NF4BLK:
600 	case NF4CHR:
601 		READ_BUF(8);
602 		READ32(create->cr_specdata1);
603 		READ32(create->cr_specdata2);
604 		break;
605 	case NF4SOCK:
606 	case NF4FIFO:
607 	case NF4DIR:
608 	default:
609 		break;
610 	}
611 
612 	READ_BUF(4);
613 	READ32(create->cr_namelen);
614 	READ_BUF(create->cr_namelen);
615 	SAVEMEM(create->cr_name, create->cr_namelen);
616 	if ((status = check_filename(create->cr_name, create->cr_namelen)))
617 		return status;
618 
619 	status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
620 				    &create->cr_acl, &create->cr_label);
621 	if (status)
622 		goto out;
623 
624 	DECODE_TAIL;
625 }
626 
627 static inline __be32
628 nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
629 {
630 	return nfsd4_decode_stateid(argp, &dr->dr_stateid);
631 }
632 
633 static inline __be32
634 nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
635 {
636 	return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
637 }
638 
639 static __be32
640 nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
641 {
642 	DECODE_HEAD;
643 
644 	READ_BUF(4);
645 	READ32(link->li_namelen);
646 	READ_BUF(link->li_namelen);
647 	SAVEMEM(link->li_name, link->li_namelen);
648 	if ((status = check_filename(link->li_name, link->li_namelen)))
649 		return status;
650 
651 	DECODE_TAIL;
652 }
653 
654 static __be32
655 nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
656 {
657 	DECODE_HEAD;
658 
659 	/*
660 	* type, reclaim(boolean), offset, length, new_lock_owner(boolean)
661 	*/
662 	READ_BUF(28);
663 	READ32(lock->lk_type);
664 	if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
665 		goto xdr_error;
666 	READ32(lock->lk_reclaim);
667 	READ64(lock->lk_offset);
668 	READ64(lock->lk_length);
669 	READ32(lock->lk_is_new);
670 
671 	if (lock->lk_is_new) {
672 		READ_BUF(4);
673 		READ32(lock->lk_new_open_seqid);
674 		status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
675 		if (status)
676 			return status;
677 		READ_BUF(8 + sizeof(clientid_t));
678 		READ32(lock->lk_new_lock_seqid);
679 		COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
680 		READ32(lock->lk_new_owner.len);
681 		READ_BUF(lock->lk_new_owner.len);
682 		READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
683 	} else {
684 		status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
685 		if (status)
686 			return status;
687 		READ_BUF(4);
688 		READ32(lock->lk_old_lock_seqid);
689 	}
690 
691 	DECODE_TAIL;
692 }
693 
694 static __be32
695 nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
696 {
697 	DECODE_HEAD;
698 
699 	READ_BUF(32);
700 	READ32(lockt->lt_type);
701 	if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
702 		goto xdr_error;
703 	READ64(lockt->lt_offset);
704 	READ64(lockt->lt_length);
705 	COPYMEM(&lockt->lt_clientid, 8);
706 	READ32(lockt->lt_owner.len);
707 	READ_BUF(lockt->lt_owner.len);
708 	READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
709 
710 	DECODE_TAIL;
711 }
712 
713 static __be32
714 nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
715 {
716 	DECODE_HEAD;
717 
718 	READ_BUF(8);
719 	READ32(locku->lu_type);
720 	if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
721 		goto xdr_error;
722 	READ32(locku->lu_seqid);
723 	status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
724 	if (status)
725 		return status;
726 	READ_BUF(16);
727 	READ64(locku->lu_offset);
728 	READ64(locku->lu_length);
729 
730 	DECODE_TAIL;
731 }
732 
733 static __be32
734 nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
735 {
736 	DECODE_HEAD;
737 
738 	READ_BUF(4);
739 	READ32(lookup->lo_len);
740 	READ_BUF(lookup->lo_len);
741 	SAVEMEM(lookup->lo_name, lookup->lo_len);
742 	if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
743 		return status;
744 
745 	DECODE_TAIL;
746 }
747 
748 static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
749 {
750 	__be32 *p;
751 	u32 w;
752 
753 	READ_BUF(4);
754 	READ32(w);
755 	*share_access = w & NFS4_SHARE_ACCESS_MASK;
756 	*deleg_want = w & NFS4_SHARE_WANT_MASK;
757 	if (deleg_when)
758 		*deleg_when = w & NFS4_SHARE_WHEN_MASK;
759 
760 	switch (w & NFS4_SHARE_ACCESS_MASK) {
761 	case NFS4_SHARE_ACCESS_READ:
762 	case NFS4_SHARE_ACCESS_WRITE:
763 	case NFS4_SHARE_ACCESS_BOTH:
764 		break;
765 	default:
766 		return nfserr_bad_xdr;
767 	}
768 	w &= ~NFS4_SHARE_ACCESS_MASK;
769 	if (!w)
770 		return nfs_ok;
771 	if (!argp->minorversion)
772 		return nfserr_bad_xdr;
773 	switch (w & NFS4_SHARE_WANT_MASK) {
774 	case NFS4_SHARE_WANT_NO_PREFERENCE:
775 	case NFS4_SHARE_WANT_READ_DELEG:
776 	case NFS4_SHARE_WANT_WRITE_DELEG:
777 	case NFS4_SHARE_WANT_ANY_DELEG:
778 	case NFS4_SHARE_WANT_NO_DELEG:
779 	case NFS4_SHARE_WANT_CANCEL:
780 		break;
781 	default:
782 		return nfserr_bad_xdr;
783 	}
784 	w &= ~NFS4_SHARE_WANT_MASK;
785 	if (!w)
786 		return nfs_ok;
787 
788 	if (!deleg_when)	/* open_downgrade */
789 		return nfserr_inval;
790 	switch (w) {
791 	case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
792 	case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
793 	case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
794 	      NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
795 		return nfs_ok;
796 	}
797 xdr_error:
798 	return nfserr_bad_xdr;
799 }
800 
801 static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
802 {
803 	__be32 *p;
804 
805 	READ_BUF(4);
806 	READ32(*x);
807 	/* Note: unlinke access bits, deny bits may be zero. */
808 	if (*x & ~NFS4_SHARE_DENY_BOTH)
809 		return nfserr_bad_xdr;
810 	return nfs_ok;
811 xdr_error:
812 	return nfserr_bad_xdr;
813 }
814 
815 static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
816 {
817 	__be32 *p;
818 
819 	READ_BUF(4);
820 	READ32(o->len);
821 
822 	if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
823 		return nfserr_bad_xdr;
824 
825 	READ_BUF(o->len);
826 	SAVEMEM(o->data, o->len);
827 	return nfs_ok;
828 xdr_error:
829 	return nfserr_bad_xdr;
830 }
831 
832 static __be32
833 nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
834 {
835 	DECODE_HEAD;
836 	u32 dummy;
837 
838 	memset(open->op_bmval, 0, sizeof(open->op_bmval));
839 	open->op_iattr.ia_valid = 0;
840 	open->op_openowner = NULL;
841 
842 	open->op_xdr_error = 0;
843 	/* seqid, share_access, share_deny, clientid, ownerlen */
844 	READ_BUF(4);
845 	READ32(open->op_seqid);
846 	/* decode, yet ignore deleg_when until supported */
847 	status = nfsd4_decode_share_access(argp, &open->op_share_access,
848 					   &open->op_deleg_want, &dummy);
849 	if (status)
850 		goto xdr_error;
851 	status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
852 	if (status)
853 		goto xdr_error;
854 	READ_BUF(sizeof(clientid_t));
855 	COPYMEM(&open->op_clientid, sizeof(clientid_t));
856 	status = nfsd4_decode_opaque(argp, &open->op_owner);
857 	if (status)
858 		goto xdr_error;
859 	READ_BUF(4);
860 	READ32(open->op_create);
861 	switch (open->op_create) {
862 	case NFS4_OPEN_NOCREATE:
863 		break;
864 	case NFS4_OPEN_CREATE:
865 		READ_BUF(4);
866 		READ32(open->op_createmode);
867 		switch (open->op_createmode) {
868 		case NFS4_CREATE_UNCHECKED:
869 		case NFS4_CREATE_GUARDED:
870 			status = nfsd4_decode_fattr(argp, open->op_bmval,
871 				&open->op_iattr, &open->op_acl, &open->op_label);
872 			if (status)
873 				goto out;
874 			break;
875 		case NFS4_CREATE_EXCLUSIVE:
876 			READ_BUF(NFS4_VERIFIER_SIZE);
877 			COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
878 			break;
879 		case NFS4_CREATE_EXCLUSIVE4_1:
880 			if (argp->minorversion < 1)
881 				goto xdr_error;
882 			READ_BUF(NFS4_VERIFIER_SIZE);
883 			COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
884 			status = nfsd4_decode_fattr(argp, open->op_bmval,
885 				&open->op_iattr, &open->op_acl, &open->op_label);
886 			if (status)
887 				goto out;
888 			break;
889 		default:
890 			goto xdr_error;
891 		}
892 		break;
893 	default:
894 		goto xdr_error;
895 	}
896 
897 	/* open_claim */
898 	READ_BUF(4);
899 	READ32(open->op_claim_type);
900 	switch (open->op_claim_type) {
901 	case NFS4_OPEN_CLAIM_NULL:
902 	case NFS4_OPEN_CLAIM_DELEGATE_PREV:
903 		READ_BUF(4);
904 		READ32(open->op_fname.len);
905 		READ_BUF(open->op_fname.len);
906 		SAVEMEM(open->op_fname.data, open->op_fname.len);
907 		if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
908 			return status;
909 		break;
910 	case NFS4_OPEN_CLAIM_PREVIOUS:
911 		READ_BUF(4);
912 		READ32(open->op_delegate_type);
913 		break;
914 	case NFS4_OPEN_CLAIM_DELEGATE_CUR:
915 		status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
916 		if (status)
917 			return status;
918 		READ_BUF(4);
919 		READ32(open->op_fname.len);
920 		READ_BUF(open->op_fname.len);
921 		SAVEMEM(open->op_fname.data, open->op_fname.len);
922 		if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
923 			return status;
924 		break;
925 	case NFS4_OPEN_CLAIM_FH:
926 	case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
927 		if (argp->minorversion < 1)
928 			goto xdr_error;
929 		/* void */
930 		break;
931 	case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
932 		if (argp->minorversion < 1)
933 			goto xdr_error;
934 		status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
935 		if (status)
936 			return status;
937 		break;
938 	default:
939 		goto xdr_error;
940 	}
941 
942 	DECODE_TAIL;
943 }
944 
945 static __be32
946 nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
947 {
948 	DECODE_HEAD;
949 
950 	if (argp->minorversion >= 1)
951 		return nfserr_notsupp;
952 
953 	status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
954 	if (status)
955 		return status;
956 	READ_BUF(4);
957 	READ32(open_conf->oc_seqid);
958 
959 	DECODE_TAIL;
960 }
961 
962 static __be32
963 nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
964 {
965 	DECODE_HEAD;
966 
967 	status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
968 	if (status)
969 		return status;
970 	READ_BUF(4);
971 	READ32(open_down->od_seqid);
972 	status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
973 					   &open_down->od_deleg_want, NULL);
974 	if (status)
975 		return status;
976 	status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
977 	if (status)
978 		return status;
979 	DECODE_TAIL;
980 }
981 
982 static __be32
983 nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
984 {
985 	DECODE_HEAD;
986 
987 	READ_BUF(4);
988 	READ32(putfh->pf_fhlen);
989 	if (putfh->pf_fhlen > NFS4_FHSIZE)
990 		goto xdr_error;
991 	READ_BUF(putfh->pf_fhlen);
992 	SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
993 
994 	DECODE_TAIL;
995 }
996 
997 static __be32
998 nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
999 {
1000 	if (argp->minorversion == 0)
1001 		return nfs_ok;
1002 	return nfserr_notsupp;
1003 }
1004 
1005 static __be32
1006 nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1007 {
1008 	DECODE_HEAD;
1009 
1010 	status = nfsd4_decode_stateid(argp, &read->rd_stateid);
1011 	if (status)
1012 		return status;
1013 	READ_BUF(12);
1014 	READ64(read->rd_offset);
1015 	READ32(read->rd_length);
1016 
1017 	DECODE_TAIL;
1018 }
1019 
1020 static __be32
1021 nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1022 {
1023 	DECODE_HEAD;
1024 
1025 	READ_BUF(24);
1026 	READ64(readdir->rd_cookie);
1027 	COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1028 	READ32(readdir->rd_dircount);    /* just in case you needed a useless field... */
1029 	READ32(readdir->rd_maxcount);
1030 	if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
1031 		goto out;
1032 
1033 	DECODE_TAIL;
1034 }
1035 
1036 static __be32
1037 nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1038 {
1039 	DECODE_HEAD;
1040 
1041 	READ_BUF(4);
1042 	READ32(remove->rm_namelen);
1043 	READ_BUF(remove->rm_namelen);
1044 	SAVEMEM(remove->rm_name, remove->rm_namelen);
1045 	if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
1046 		return status;
1047 
1048 	DECODE_TAIL;
1049 }
1050 
1051 static __be32
1052 nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1053 {
1054 	DECODE_HEAD;
1055 
1056 	READ_BUF(4);
1057 	READ32(rename->rn_snamelen);
1058 	READ_BUF(rename->rn_snamelen + 4);
1059 	SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1060 	READ32(rename->rn_tnamelen);
1061 	READ_BUF(rename->rn_tnamelen);
1062 	SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1063 	if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1064 		return status;
1065 	if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1066 		return status;
1067 
1068 	DECODE_TAIL;
1069 }
1070 
1071 static __be32
1072 nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1073 {
1074 	DECODE_HEAD;
1075 
1076 	if (argp->minorversion >= 1)
1077 		return nfserr_notsupp;
1078 
1079 	READ_BUF(sizeof(clientid_t));
1080 	COPYMEM(clientid, sizeof(clientid_t));
1081 
1082 	DECODE_TAIL;
1083 }
1084 
1085 static __be32
1086 nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1087 		     struct nfsd4_secinfo *secinfo)
1088 {
1089 	DECODE_HEAD;
1090 
1091 	READ_BUF(4);
1092 	READ32(secinfo->si_namelen);
1093 	READ_BUF(secinfo->si_namelen);
1094 	SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1095 	status = check_filename(secinfo->si_name, secinfo->si_namelen);
1096 	if (status)
1097 		return status;
1098 	DECODE_TAIL;
1099 }
1100 
1101 static __be32
1102 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1103 		     struct nfsd4_secinfo_no_name *sin)
1104 {
1105 	DECODE_HEAD;
1106 
1107 	READ_BUF(4);
1108 	READ32(sin->sin_style);
1109 	DECODE_TAIL;
1110 }
1111 
1112 static __be32
1113 nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1114 {
1115 	__be32 status;
1116 
1117 	status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1118 	if (status)
1119 		return status;
1120 	return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1121 				  &setattr->sa_acl, &setattr->sa_label);
1122 }
1123 
1124 static __be32
1125 nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1126 {
1127 	DECODE_HEAD;
1128 
1129 	if (argp->minorversion >= 1)
1130 		return nfserr_notsupp;
1131 
1132 	READ_BUF(NFS4_VERIFIER_SIZE);
1133 	COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1134 
1135 	status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1136 	if (status)
1137 		return nfserr_bad_xdr;
1138 	READ_BUF(8);
1139 	READ32(setclientid->se_callback_prog);
1140 	READ32(setclientid->se_callback_netid_len);
1141 
1142 	READ_BUF(setclientid->se_callback_netid_len + 4);
1143 	SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1144 	READ32(setclientid->se_callback_addr_len);
1145 
1146 	READ_BUF(setclientid->se_callback_addr_len + 4);
1147 	SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1148 	READ32(setclientid->se_callback_ident);
1149 
1150 	DECODE_TAIL;
1151 }
1152 
1153 static __be32
1154 nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1155 {
1156 	DECODE_HEAD;
1157 
1158 	if (argp->minorversion >= 1)
1159 		return nfserr_notsupp;
1160 
1161 	READ_BUF(8 + NFS4_VERIFIER_SIZE);
1162 	COPYMEM(&scd_c->sc_clientid, 8);
1163 	COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1164 
1165 	DECODE_TAIL;
1166 }
1167 
1168 /* Also used for NVERIFY */
1169 static __be32
1170 nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1171 {
1172 	DECODE_HEAD;
1173 
1174 	if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1175 		goto out;
1176 
1177 	/* For convenience's sake, we compare raw xdr'd attributes in
1178 	 * nfsd4_proc_verify */
1179 
1180 	READ_BUF(4);
1181 	READ32(verify->ve_attrlen);
1182 	READ_BUF(verify->ve_attrlen);
1183 	SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1184 
1185 	DECODE_TAIL;
1186 }
1187 
1188 static __be32
1189 nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1190 {
1191 	int avail;
1192 	int len;
1193 	DECODE_HEAD;
1194 
1195 	status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1196 	if (status)
1197 		return status;
1198 	READ_BUF(16);
1199 	READ64(write->wr_offset);
1200 	READ32(write->wr_stable_how);
1201 	if (write->wr_stable_how > 2)
1202 		goto xdr_error;
1203 	READ32(write->wr_buflen);
1204 
1205 	/* Sorry .. no magic macros for this.. *
1206 	 * READ_BUF(write->wr_buflen);
1207 	 * SAVEMEM(write->wr_buf, write->wr_buflen);
1208 	 */
1209 	avail = (char*)argp->end - (char*)argp->p;
1210 	if (avail + argp->pagelen < write->wr_buflen) {
1211 		dprintk("NFSD: xdr error (%s:%d)\n",
1212 				__FILE__, __LINE__);
1213 		goto xdr_error;
1214 	}
1215 	write->wr_head.iov_base = p;
1216 	write->wr_head.iov_len = avail;
1217 	WARN_ON(avail != (XDR_QUADLEN(avail) << 2));
1218 	write->wr_pagelist = argp->pagelist;
1219 
1220 	len = XDR_QUADLEN(write->wr_buflen) << 2;
1221 	if (len >= avail) {
1222 		int pages;
1223 
1224 		len -= avail;
1225 
1226 		pages = len >> PAGE_SHIFT;
1227 		argp->pagelist += pages;
1228 		argp->pagelen -= pages * PAGE_SIZE;
1229 		len -= pages * PAGE_SIZE;
1230 
1231 		argp->p = (__be32 *)page_address(argp->pagelist[0]);
1232 		argp->pagelist++;
1233 		argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
1234 	}
1235 	argp->p += XDR_QUADLEN(len);
1236 
1237 	DECODE_TAIL;
1238 }
1239 
1240 static __be32
1241 nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1242 {
1243 	DECODE_HEAD;
1244 
1245 	if (argp->minorversion >= 1)
1246 		return nfserr_notsupp;
1247 
1248 	READ_BUF(12);
1249 	COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1250 	READ32(rlockowner->rl_owner.len);
1251 	READ_BUF(rlockowner->rl_owner.len);
1252 	READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1253 
1254 	if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1255 		return nfserr_inval;
1256 	DECODE_TAIL;
1257 }
1258 
1259 static __be32
1260 nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1261 			 struct nfsd4_exchange_id *exid)
1262 {
1263 	int dummy, tmp;
1264 	DECODE_HEAD;
1265 
1266 	READ_BUF(NFS4_VERIFIER_SIZE);
1267 	COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1268 
1269 	status = nfsd4_decode_opaque(argp, &exid->clname);
1270 	if (status)
1271 		return nfserr_bad_xdr;
1272 
1273 	READ_BUF(4);
1274 	READ32(exid->flags);
1275 
1276 	/* Ignore state_protect4_a */
1277 	READ_BUF(4);
1278 	READ32(exid->spa_how);
1279 	switch (exid->spa_how) {
1280 	case SP4_NONE:
1281 		break;
1282 	case SP4_MACH_CRED:
1283 		/* spo_must_enforce */
1284 		READ_BUF(4);
1285 		READ32(dummy);
1286 		READ_BUF(dummy * 4);
1287 		p += dummy;
1288 
1289 		/* spo_must_allow */
1290 		READ_BUF(4);
1291 		READ32(dummy);
1292 		READ_BUF(dummy * 4);
1293 		p += dummy;
1294 		break;
1295 	case SP4_SSV:
1296 		/* ssp_ops */
1297 		READ_BUF(4);
1298 		READ32(dummy);
1299 		READ_BUF(dummy * 4);
1300 		p += dummy;
1301 
1302 		READ_BUF(4);
1303 		READ32(dummy);
1304 		READ_BUF(dummy * 4);
1305 		p += dummy;
1306 
1307 		/* ssp_hash_algs<> */
1308 		READ_BUF(4);
1309 		READ32(tmp);
1310 		while (tmp--) {
1311 			READ_BUF(4);
1312 			READ32(dummy);
1313 			READ_BUF(dummy);
1314 			p += XDR_QUADLEN(dummy);
1315 		}
1316 
1317 		/* ssp_encr_algs<> */
1318 		READ_BUF(4);
1319 		READ32(tmp);
1320 		while (tmp--) {
1321 			READ_BUF(4);
1322 			READ32(dummy);
1323 			READ_BUF(dummy);
1324 			p += XDR_QUADLEN(dummy);
1325 		}
1326 
1327 		/* ssp_window and ssp_num_gss_handles */
1328 		READ_BUF(8);
1329 		READ32(dummy);
1330 		READ32(dummy);
1331 		break;
1332 	default:
1333 		goto xdr_error;
1334 	}
1335 
1336 	/* Ignore Implementation ID */
1337 	READ_BUF(4);    /* nfs_impl_id4 array length */
1338 	READ32(dummy);
1339 
1340 	if (dummy > 1)
1341 		goto xdr_error;
1342 
1343 	if (dummy == 1) {
1344 		/* nii_domain */
1345 		READ_BUF(4);
1346 		READ32(dummy);
1347 		READ_BUF(dummy);
1348 		p += XDR_QUADLEN(dummy);
1349 
1350 		/* nii_name */
1351 		READ_BUF(4);
1352 		READ32(dummy);
1353 		READ_BUF(dummy);
1354 		p += XDR_QUADLEN(dummy);
1355 
1356 		/* nii_date */
1357 		READ_BUF(12);
1358 		p += 3;
1359 	}
1360 	DECODE_TAIL;
1361 }
1362 
1363 static __be32
1364 nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1365 			    struct nfsd4_create_session *sess)
1366 {
1367 	DECODE_HEAD;
1368 	u32 dummy;
1369 
1370 	READ_BUF(16);
1371 	COPYMEM(&sess->clientid, 8);
1372 	READ32(sess->seqid);
1373 	READ32(sess->flags);
1374 
1375 	/* Fore channel attrs */
1376 	READ_BUF(28);
1377 	READ32(dummy); /* headerpadsz is always 0 */
1378 	READ32(sess->fore_channel.maxreq_sz);
1379 	READ32(sess->fore_channel.maxresp_sz);
1380 	READ32(sess->fore_channel.maxresp_cached);
1381 	READ32(sess->fore_channel.maxops);
1382 	READ32(sess->fore_channel.maxreqs);
1383 	READ32(sess->fore_channel.nr_rdma_attrs);
1384 	if (sess->fore_channel.nr_rdma_attrs == 1) {
1385 		READ_BUF(4);
1386 		READ32(sess->fore_channel.rdma_attrs);
1387 	} else if (sess->fore_channel.nr_rdma_attrs > 1) {
1388 		dprintk("Too many fore channel attr bitmaps!\n");
1389 		goto xdr_error;
1390 	}
1391 
1392 	/* Back channel attrs */
1393 	READ_BUF(28);
1394 	READ32(dummy); /* headerpadsz is always 0 */
1395 	READ32(sess->back_channel.maxreq_sz);
1396 	READ32(sess->back_channel.maxresp_sz);
1397 	READ32(sess->back_channel.maxresp_cached);
1398 	READ32(sess->back_channel.maxops);
1399 	READ32(sess->back_channel.maxreqs);
1400 	READ32(sess->back_channel.nr_rdma_attrs);
1401 	if (sess->back_channel.nr_rdma_attrs == 1) {
1402 		READ_BUF(4);
1403 		READ32(sess->back_channel.rdma_attrs);
1404 	} else if (sess->back_channel.nr_rdma_attrs > 1) {
1405 		dprintk("Too many back channel attr bitmaps!\n");
1406 		goto xdr_error;
1407 	}
1408 
1409 	READ_BUF(4);
1410 	READ32(sess->callback_prog);
1411 	nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1412 	DECODE_TAIL;
1413 }
1414 
1415 static __be32
1416 nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1417 			     struct nfsd4_destroy_session *destroy_session)
1418 {
1419 	DECODE_HEAD;
1420 	READ_BUF(NFS4_MAX_SESSIONID_LEN);
1421 	COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1422 
1423 	DECODE_TAIL;
1424 }
1425 
1426 static __be32
1427 nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1428 			  struct nfsd4_free_stateid *free_stateid)
1429 {
1430 	DECODE_HEAD;
1431 
1432 	READ_BUF(sizeof(stateid_t));
1433 	READ32(free_stateid->fr_stateid.si_generation);
1434 	COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1435 
1436 	DECODE_TAIL;
1437 }
1438 
1439 static __be32
1440 nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1441 		      struct nfsd4_sequence *seq)
1442 {
1443 	DECODE_HEAD;
1444 
1445 	READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1446 	COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1447 	READ32(seq->seqid);
1448 	READ32(seq->slotid);
1449 	READ32(seq->maxslots);
1450 	READ32(seq->cachethis);
1451 
1452 	DECODE_TAIL;
1453 }
1454 
1455 static __be32
1456 nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1457 {
1458 	int i;
1459 	__be32 *p, status;
1460 	struct nfsd4_test_stateid_id *stateid;
1461 
1462 	READ_BUF(4);
1463 	test_stateid->ts_num_ids = ntohl(*p++);
1464 
1465 	INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1466 
1467 	for (i = 0; i < test_stateid->ts_num_ids; i++) {
1468 		stateid = kmalloc(sizeof(struct nfsd4_test_stateid_id), GFP_KERNEL);
1469 		if (!stateid) {
1470 			status = nfserrno(-ENOMEM);
1471 			goto out;
1472 		}
1473 
1474 		defer_free(argp, kfree, stateid);
1475 		INIT_LIST_HEAD(&stateid->ts_id_list);
1476 		list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1477 
1478 		status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1479 		if (status)
1480 			goto out;
1481 	}
1482 
1483 	status = 0;
1484 out:
1485 	return status;
1486 xdr_error:
1487 	dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1488 	status = nfserr_bad_xdr;
1489 	goto out;
1490 }
1491 
1492 static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1493 {
1494 	DECODE_HEAD;
1495 
1496 	READ_BUF(8);
1497 	COPYMEM(&dc->clientid, 8);
1498 
1499 	DECODE_TAIL;
1500 }
1501 
1502 static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1503 {
1504 	DECODE_HEAD;
1505 
1506 	READ_BUF(4);
1507 	READ32(rc->rca_one_fs);
1508 
1509 	DECODE_TAIL;
1510 }
1511 
1512 static __be32
1513 nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
1514 {
1515 	return nfs_ok;
1516 }
1517 
1518 static __be32
1519 nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
1520 {
1521 	return nfserr_notsupp;
1522 }
1523 
1524 typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
1525 
1526 static nfsd4_dec nfsd4_dec_ops[] = {
1527 	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
1528 	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
1529 	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
1530 	[OP_CREATE]		= (nfsd4_dec)nfsd4_decode_create,
1531 	[OP_DELEGPURGE]		= (nfsd4_dec)nfsd4_decode_notsupp,
1532 	[OP_DELEGRETURN]	= (nfsd4_dec)nfsd4_decode_delegreturn,
1533 	[OP_GETATTR]		= (nfsd4_dec)nfsd4_decode_getattr,
1534 	[OP_GETFH]		= (nfsd4_dec)nfsd4_decode_noop,
1535 	[OP_LINK]		= (nfsd4_dec)nfsd4_decode_link,
1536 	[OP_LOCK]		= (nfsd4_dec)nfsd4_decode_lock,
1537 	[OP_LOCKT]		= (nfsd4_dec)nfsd4_decode_lockt,
1538 	[OP_LOCKU]		= (nfsd4_dec)nfsd4_decode_locku,
1539 	[OP_LOOKUP]		= (nfsd4_dec)nfsd4_decode_lookup,
1540 	[OP_LOOKUPP]		= (nfsd4_dec)nfsd4_decode_noop,
1541 	[OP_NVERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1542 	[OP_OPEN]		= (nfsd4_dec)nfsd4_decode_open,
1543 	[OP_OPENATTR]		= (nfsd4_dec)nfsd4_decode_notsupp,
1544 	[OP_OPEN_CONFIRM]	= (nfsd4_dec)nfsd4_decode_open_confirm,
1545 	[OP_OPEN_DOWNGRADE]	= (nfsd4_dec)nfsd4_decode_open_downgrade,
1546 	[OP_PUTFH]		= (nfsd4_dec)nfsd4_decode_putfh,
1547 	[OP_PUTPUBFH]		= (nfsd4_dec)nfsd4_decode_putpubfh,
1548 	[OP_PUTROOTFH]		= (nfsd4_dec)nfsd4_decode_noop,
1549 	[OP_READ]		= (nfsd4_dec)nfsd4_decode_read,
1550 	[OP_READDIR]		= (nfsd4_dec)nfsd4_decode_readdir,
1551 	[OP_READLINK]		= (nfsd4_dec)nfsd4_decode_noop,
1552 	[OP_REMOVE]		= (nfsd4_dec)nfsd4_decode_remove,
1553 	[OP_RENAME]		= (nfsd4_dec)nfsd4_decode_rename,
1554 	[OP_RENEW]		= (nfsd4_dec)nfsd4_decode_renew,
1555 	[OP_RESTOREFH]		= (nfsd4_dec)nfsd4_decode_noop,
1556 	[OP_SAVEFH]		= (nfsd4_dec)nfsd4_decode_noop,
1557 	[OP_SECINFO]		= (nfsd4_dec)nfsd4_decode_secinfo,
1558 	[OP_SETATTR]		= (nfsd4_dec)nfsd4_decode_setattr,
1559 	[OP_SETCLIENTID]	= (nfsd4_dec)nfsd4_decode_setclientid,
1560 	[OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
1561 	[OP_VERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1562 	[OP_WRITE]		= (nfsd4_dec)nfsd4_decode_write,
1563 	[OP_RELEASE_LOCKOWNER]	= (nfsd4_dec)nfsd4_decode_release_lockowner,
1564 
1565 	/* new operations for NFSv4.1 */
1566 	[OP_BACKCHANNEL_CTL]	= (nfsd4_dec)nfsd4_decode_backchannel_ctl,
1567 	[OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
1568 	[OP_EXCHANGE_ID]	= (nfsd4_dec)nfsd4_decode_exchange_id,
1569 	[OP_CREATE_SESSION]	= (nfsd4_dec)nfsd4_decode_create_session,
1570 	[OP_DESTROY_SESSION]	= (nfsd4_dec)nfsd4_decode_destroy_session,
1571 	[OP_FREE_STATEID]	= (nfsd4_dec)nfsd4_decode_free_stateid,
1572 	[OP_GET_DIR_DELEGATION]	= (nfsd4_dec)nfsd4_decode_notsupp,
1573 	[OP_GETDEVICEINFO]	= (nfsd4_dec)nfsd4_decode_notsupp,
1574 	[OP_GETDEVICELIST]	= (nfsd4_dec)nfsd4_decode_notsupp,
1575 	[OP_LAYOUTCOMMIT]	= (nfsd4_dec)nfsd4_decode_notsupp,
1576 	[OP_LAYOUTGET]		= (nfsd4_dec)nfsd4_decode_notsupp,
1577 	[OP_LAYOUTRETURN]	= (nfsd4_dec)nfsd4_decode_notsupp,
1578 	[OP_SECINFO_NO_NAME]	= (nfsd4_dec)nfsd4_decode_secinfo_no_name,
1579 	[OP_SEQUENCE]		= (nfsd4_dec)nfsd4_decode_sequence,
1580 	[OP_SET_SSV]		= (nfsd4_dec)nfsd4_decode_notsupp,
1581 	[OP_TEST_STATEID]	= (nfsd4_dec)nfsd4_decode_test_stateid,
1582 	[OP_WANT_DELEGATION]	= (nfsd4_dec)nfsd4_decode_notsupp,
1583 	[OP_DESTROY_CLIENTID]	= (nfsd4_dec)nfsd4_decode_destroy_clientid,
1584 	[OP_RECLAIM_COMPLETE]	= (nfsd4_dec)nfsd4_decode_reclaim_complete,
1585 };
1586 
1587 static inline bool
1588 nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
1589 {
1590 	if (op->opnum < FIRST_NFS4_OP)
1591 		return false;
1592 	else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
1593 		return false;
1594 	else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
1595 		return false;
1596 	else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
1597 		return false;
1598 	return true;
1599 }
1600 
1601 /*
1602  * Return a rough estimate of the maximum possible reply size.  Note the
1603  * estimate includes rpc headers so is meant to be passed to
1604  * svc_reserve, not svc_reserve_auth.
1605  *
1606  * Also note the current compound encoding permits only one operation to
1607  * use pages beyond the first one, so the maximum possible length is the
1608  * maximum over these values, not the sum.
1609  */
1610 static int nfsd4_max_reply(u32 opnum)
1611 {
1612 	switch (opnum) {
1613 	case OP_READLINK:
1614 	case OP_READDIR:
1615 		/*
1616 		 * Both of these ops take a single page for data and put
1617 		 * the head and tail in another page:
1618 		 */
1619 		return 2 * PAGE_SIZE;
1620 	case OP_READ:
1621 		return INT_MAX;
1622 	default:
1623 		return PAGE_SIZE;
1624 	}
1625 }
1626 
1627 static __be32
1628 nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
1629 {
1630 	DECODE_HEAD;
1631 	struct nfsd4_op *op;
1632 	bool cachethis = false;
1633 	int max_reply = PAGE_SIZE;
1634 	int i;
1635 
1636 	READ_BUF(4);
1637 	READ32(argp->taglen);
1638 	READ_BUF(argp->taglen + 8);
1639 	SAVEMEM(argp->tag, argp->taglen);
1640 	READ32(argp->minorversion);
1641 	READ32(argp->opcnt);
1642 
1643 	if (argp->taglen > NFSD4_MAX_TAGLEN)
1644 		goto xdr_error;
1645 	if (argp->opcnt > 100)
1646 		goto xdr_error;
1647 
1648 	if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
1649 		argp->ops = kmalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
1650 		if (!argp->ops) {
1651 			argp->ops = argp->iops;
1652 			dprintk("nfsd: couldn't allocate room for COMPOUND\n");
1653 			goto xdr_error;
1654 		}
1655 	}
1656 
1657 	if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
1658 		argp->opcnt = 0;
1659 
1660 	for (i = 0; i < argp->opcnt; i++) {
1661 		op = &argp->ops[i];
1662 		op->replay = NULL;
1663 
1664 		READ_BUF(4);
1665 		READ32(op->opnum);
1666 
1667 		if (nfsd4_opnum_in_range(argp, op))
1668 			op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
1669 		else {
1670 			op->opnum = OP_ILLEGAL;
1671 			op->status = nfserr_op_illegal;
1672 		}
1673 
1674 		if (op->status) {
1675 			argp->opcnt = i+1;
1676 			break;
1677 		}
1678 		/*
1679 		 * We'll try to cache the result in the DRC if any one
1680 		 * op in the compound wants to be cached:
1681 		 */
1682 		cachethis |= nfsd4_cache_this_op(op);
1683 
1684 		max_reply = max(max_reply, nfsd4_max_reply(op->opnum));
1685 	}
1686 	/* Sessions make the DRC unnecessary: */
1687 	if (argp->minorversion)
1688 		cachethis = false;
1689 	if (max_reply != INT_MAX)
1690 		svc_reserve(argp->rqstp, max_reply);
1691 	argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
1692 
1693 	DECODE_TAIL;
1694 }
1695 
1696 #define WRITE32(n)               *p++ = htonl(n)
1697 #define WRITE64(n)               do {				\
1698 	*p++ = htonl((u32)((n) >> 32));				\
1699 	*p++ = htonl((u32)(n));					\
1700 } while (0)
1701 #define WRITEMEM(ptr,nbytes)     do { if (nbytes > 0) {		\
1702 	*(p + XDR_QUADLEN(nbytes) -1) = 0;                      \
1703 	memcpy(p, ptr, nbytes);					\
1704 	p += XDR_QUADLEN(nbytes);				\
1705 }} while (0)
1706 
1707 static void write32(__be32 **p, u32 n)
1708 {
1709 	*(*p)++ = htonl(n);
1710 }
1711 
1712 static void write64(__be32 **p, u64 n)
1713 {
1714 	write32(p, (n >> 32));
1715 	write32(p, (u32)n);
1716 }
1717 
1718 static void write_change(__be32 **p, struct kstat *stat, struct inode *inode)
1719 {
1720 	if (IS_I_VERSION(inode)) {
1721 		write64(p, inode->i_version);
1722 	} else {
1723 		write32(p, stat->ctime.tv_sec);
1724 		write32(p, stat->ctime.tv_nsec);
1725 	}
1726 }
1727 
1728 static void write_cinfo(__be32 **p, struct nfsd4_change_info *c)
1729 {
1730 	write32(p, c->atomic);
1731 	if (c->change_supported) {
1732 		write64(p, c->before_change);
1733 		write64(p, c->after_change);
1734 	} else {
1735 		write32(p, c->before_ctime_sec);
1736 		write32(p, c->before_ctime_nsec);
1737 		write32(p, c->after_ctime_sec);
1738 		write32(p, c->after_ctime_nsec);
1739 	}
1740 }
1741 
1742 #define RESERVE_SPACE(nbytes)	do {				\
1743 	p = resp->p;						\
1744 	BUG_ON(p + XDR_QUADLEN(nbytes) > resp->end);		\
1745 } while (0)
1746 #define ADJUST_ARGS()		resp->p = p
1747 
1748 /* Encode as an array of strings the string given with components
1749  * separated @sep, escaped with esc_enter and esc_exit.
1750  */
1751 static __be32 nfsd4_encode_components_esc(char sep, char *components,
1752 				   __be32 **pp, int *buflen,
1753 				   char esc_enter, char esc_exit)
1754 {
1755 	__be32 *p = *pp;
1756 	__be32 *countp = p;
1757 	int strlen, count=0;
1758 	char *str, *end, *next;
1759 
1760 	dprintk("nfsd4_encode_components(%s)\n", components);
1761 	if ((*buflen -= 4) < 0)
1762 		return nfserr_resource;
1763 	WRITE32(0); /* We will fill this in with @count later */
1764 	end = str = components;
1765 	while (*end) {
1766 		bool found_esc = false;
1767 
1768 		/* try to parse as esc_start, ..., esc_end, sep */
1769 		if (*str == esc_enter) {
1770 			for (; *end && (*end != esc_exit); end++)
1771 				/* find esc_exit or end of string */;
1772 			next = end + 1;
1773 			if (*end && (!*next || *next == sep)) {
1774 				str++;
1775 				found_esc = true;
1776 			}
1777 		}
1778 
1779 		if (!found_esc)
1780 			for (; *end && (*end != sep); end++)
1781 				/* find sep or end of string */;
1782 
1783 		strlen = end - str;
1784 		if (strlen) {
1785 			if ((*buflen -= ((XDR_QUADLEN(strlen) << 2) + 4)) < 0)
1786 				return nfserr_resource;
1787 			WRITE32(strlen);
1788 			WRITEMEM(str, strlen);
1789 			count++;
1790 		}
1791 		else
1792 			end++;
1793 		str = end;
1794 	}
1795 	*pp = p;
1796 	p = countp;
1797 	WRITE32(count);
1798 	return 0;
1799 }
1800 
1801 /* Encode as an array of strings the string given with components
1802  * separated @sep.
1803  */
1804 static __be32 nfsd4_encode_components(char sep, char *components,
1805 				   __be32 **pp, int *buflen)
1806 {
1807 	return nfsd4_encode_components_esc(sep, components, pp, buflen, 0, 0);
1808 }
1809 
1810 /*
1811  * encode a location element of a fs_locations structure
1812  */
1813 static __be32 nfsd4_encode_fs_location4(struct nfsd4_fs_location *location,
1814 				    __be32 **pp, int *buflen)
1815 {
1816 	__be32 status;
1817 	__be32 *p = *pp;
1818 
1819 	status = nfsd4_encode_components_esc(':', location->hosts, &p, buflen,
1820 						'[', ']');
1821 	if (status)
1822 		return status;
1823 	status = nfsd4_encode_components('/', location->path, &p, buflen);
1824 	if (status)
1825 		return status;
1826 	*pp = p;
1827 	return 0;
1828 }
1829 
1830 /*
1831  * Encode a path in RFC3530 'pathname4' format
1832  */
1833 static __be32 nfsd4_encode_path(const struct path *root,
1834 		const struct path *path, __be32 **pp, int *buflen)
1835 {
1836 	struct path cur = *path;
1837 	__be32 *p = *pp;
1838 	struct dentry **components = NULL;
1839 	unsigned int ncomponents = 0;
1840 	__be32 err = nfserr_jukebox;
1841 
1842 	dprintk("nfsd4_encode_components(");
1843 
1844 	path_get(&cur);
1845 	/* First walk the path up to the nfsd root, and store the
1846 	 * dentries/path components in an array.
1847 	 */
1848 	for (;;) {
1849 		if (cur.dentry == root->dentry && cur.mnt == root->mnt)
1850 			break;
1851 		if (cur.dentry == cur.mnt->mnt_root) {
1852 			if (follow_up(&cur))
1853 				continue;
1854 			goto out_free;
1855 		}
1856 		if ((ncomponents & 15) == 0) {
1857 			struct dentry **new;
1858 			new = krealloc(components,
1859 					sizeof(*new) * (ncomponents + 16),
1860 					GFP_KERNEL);
1861 			if (!new)
1862 				goto out_free;
1863 			components = new;
1864 		}
1865 		components[ncomponents++] = cur.dentry;
1866 		cur.dentry = dget_parent(cur.dentry);
1867 	}
1868 
1869 	*buflen -= 4;
1870 	if (*buflen < 0)
1871 		goto out_free;
1872 	WRITE32(ncomponents);
1873 
1874 	while (ncomponents) {
1875 		struct dentry *dentry = components[ncomponents - 1];
1876 		unsigned int len;
1877 
1878 		spin_lock(&dentry->d_lock);
1879 		len = dentry->d_name.len;
1880 		*buflen -= 4 + (XDR_QUADLEN(len) << 2);
1881 		if (*buflen < 0) {
1882 			spin_unlock(&dentry->d_lock);
1883 			goto out_free;
1884 		}
1885 		WRITE32(len);
1886 		WRITEMEM(dentry->d_name.name, len);
1887 		dprintk("/%s", dentry->d_name.name);
1888 		spin_unlock(&dentry->d_lock);
1889 		dput(dentry);
1890 		ncomponents--;
1891 	}
1892 
1893 	*pp = p;
1894 	err = 0;
1895 out_free:
1896 	dprintk(")\n");
1897 	while (ncomponents)
1898 		dput(components[--ncomponents]);
1899 	kfree(components);
1900 	path_put(&cur);
1901 	return err;
1902 }
1903 
1904 static __be32 nfsd4_encode_fsloc_fsroot(struct svc_rqst *rqstp,
1905 		const struct path *path, __be32 **pp, int *buflen)
1906 {
1907 	struct svc_export *exp_ps;
1908 	__be32 res;
1909 
1910 	exp_ps = rqst_find_fsidzero_export(rqstp);
1911 	if (IS_ERR(exp_ps))
1912 		return nfserrno(PTR_ERR(exp_ps));
1913 	res = nfsd4_encode_path(&exp_ps->ex_path, path, pp, buflen);
1914 	exp_put(exp_ps);
1915 	return res;
1916 }
1917 
1918 /*
1919  *  encode a fs_locations structure
1920  */
1921 static __be32 nfsd4_encode_fs_locations(struct svc_rqst *rqstp,
1922 				     struct svc_export *exp,
1923 				     __be32 **pp, int *buflen)
1924 {
1925 	__be32 status;
1926 	int i;
1927 	__be32 *p = *pp;
1928 	struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
1929 
1930 	status = nfsd4_encode_fsloc_fsroot(rqstp, &exp->ex_path, &p, buflen);
1931 	if (status)
1932 		return status;
1933 	if ((*buflen -= 4) < 0)
1934 		return nfserr_resource;
1935 	WRITE32(fslocs->locations_count);
1936 	for (i=0; i<fslocs->locations_count; i++) {
1937 		status = nfsd4_encode_fs_location4(&fslocs->locations[i],
1938 						   &p, buflen);
1939 		if (status)
1940 			return status;
1941 	}
1942 	*pp = p;
1943 	return 0;
1944 }
1945 
1946 static u32 nfs4_file_type(umode_t mode)
1947 {
1948 	switch (mode & S_IFMT) {
1949 	case S_IFIFO:	return NF4FIFO;
1950 	case S_IFCHR:	return NF4CHR;
1951 	case S_IFDIR:	return NF4DIR;
1952 	case S_IFBLK:	return NF4BLK;
1953 	case S_IFLNK:	return NF4LNK;
1954 	case S_IFREG:	return NF4REG;
1955 	case S_IFSOCK:	return NF4SOCK;
1956 	default:	return NF4BAD;
1957 	};
1958 }
1959 
1960 static __be32
1961 nfsd4_encode_name(struct svc_rqst *rqstp, int whotype, kuid_t uid, kgid_t gid,
1962 			__be32 **p, int *buflen)
1963 {
1964 	int status;
1965 
1966 	if (*buflen < (XDR_QUADLEN(IDMAP_NAMESZ) << 2) + 4)
1967 		return nfserr_resource;
1968 	if (whotype != NFS4_ACL_WHO_NAMED)
1969 		status = nfs4_acl_write_who(whotype, (u8 *)(*p + 1));
1970 	else if (gid_valid(gid))
1971 		status = nfsd_map_gid_to_name(rqstp, gid, (u8 *)(*p + 1));
1972 	else
1973 		status = nfsd_map_uid_to_name(rqstp, uid, (u8 *)(*p + 1));
1974 	if (status < 0)
1975 		return nfserrno(status);
1976 	*p = xdr_encode_opaque(*p, NULL, status);
1977 	*buflen -= (XDR_QUADLEN(status) << 2) + 4;
1978 	BUG_ON(*buflen < 0);
1979 	return 0;
1980 }
1981 
1982 static inline __be32
1983 nfsd4_encode_user(struct svc_rqst *rqstp, kuid_t user, __be32 **p, int *buflen)
1984 {
1985 	return nfsd4_encode_name(rqstp, NFS4_ACL_WHO_NAMED, user, INVALID_GID,
1986 				 p, buflen);
1987 }
1988 
1989 static inline __be32
1990 nfsd4_encode_group(struct svc_rqst *rqstp, kgid_t group, __be32 **p, int *buflen)
1991 {
1992 	return nfsd4_encode_name(rqstp, NFS4_ACL_WHO_NAMED, INVALID_UID, group,
1993 				 p, buflen);
1994 }
1995 
1996 static inline __be32
1997 nfsd4_encode_aclname(struct svc_rqst *rqstp, struct nfs4_ace *ace,
1998 		__be32 **p, int *buflen)
1999 {
2000 	kuid_t uid = INVALID_UID;
2001 	kgid_t gid = INVALID_GID;
2002 
2003 	if (ace->whotype == NFS4_ACL_WHO_NAMED) {
2004 		if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
2005 			gid = ace->who_gid;
2006 		else
2007 			uid = ace->who_uid;
2008 	}
2009 	return nfsd4_encode_name(rqstp, ace->whotype, uid, gid, p, buflen);
2010 }
2011 
2012 #define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
2013 			      FATTR4_WORD0_RDATTR_ERROR)
2014 #define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
2015 
2016 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2017 static inline __be32
2018 nfsd4_encode_security_label(struct svc_rqst *rqstp, void *context, int len, __be32 **pp, int *buflen)
2019 {
2020 	__be32 *p = *pp;
2021 
2022 	if (*buflen < ((XDR_QUADLEN(len) << 2) + 4 + 4 + 4))
2023 		return nfserr_resource;
2024 
2025 	/*
2026 	 * For now we use a 0 here to indicate the null translation; in
2027 	 * the future we may place a call to translation code here.
2028 	 */
2029 	if ((*buflen -= 8) < 0)
2030 		return nfserr_resource;
2031 
2032 	WRITE32(0); /* lfs */
2033 	WRITE32(0); /* pi */
2034 	p = xdr_encode_opaque(p, context, len);
2035 	*buflen -= (XDR_QUADLEN(len) << 2) + 4;
2036 
2037 	*pp = p;
2038 	return 0;
2039 }
2040 #else
2041 static inline __be32
2042 nfsd4_encode_security_label(struct svc_rqst *rqstp, void *context, int len, __be32 **pp, int *buflen)
2043 { return 0; }
2044 #endif
2045 
2046 static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err)
2047 {
2048 	/* As per referral draft:  */
2049 	if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2050 	    *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2051 		if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2052 	            *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2053 			*rdattr_err = NFSERR_MOVED;
2054 		else
2055 			return nfserr_moved;
2056 	}
2057 	*bmval0 &= WORD0_ABSENT_FS_ATTRS;
2058 	*bmval1 &= WORD1_ABSENT_FS_ATTRS;
2059 	return 0;
2060 }
2061 
2062 
2063 static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2064 {
2065 	struct path path = exp->ex_path;
2066 	int err;
2067 
2068 	path_get(&path);
2069 	while (follow_up(&path)) {
2070 		if (path.dentry != path.mnt->mnt_root)
2071 			break;
2072 	}
2073 	err = vfs_getattr(&path, stat);
2074 	path_put(&path);
2075 	return err;
2076 }
2077 
2078 /*
2079  * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2080  * ourselves.
2081  *
2082  * countp is the buffer size in _words_
2083  */
2084 __be32
2085 nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
2086 		struct dentry *dentry, __be32 **buffer, int count, u32 *bmval,
2087 		struct svc_rqst *rqstp, int ignore_crossmnt)
2088 {
2089 	u32 bmval0 = bmval[0];
2090 	u32 bmval1 = bmval[1];
2091 	u32 bmval2 = bmval[2];
2092 	struct kstat stat;
2093 	struct svc_fh tempfh;
2094 	struct kstatfs statfs;
2095 	int buflen = count << 2;
2096 	__be32 *attrlenp;
2097 	u32 dummy;
2098 	u64 dummy64;
2099 	u32 rdattr_err = 0;
2100 	__be32 *p = *buffer;
2101 	__be32 status;
2102 	int err;
2103 	int aclsupport = 0;
2104 	struct nfs4_acl *acl = NULL;
2105 	void *context = NULL;
2106 	int contextlen;
2107 	bool contextsupport = false;
2108 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
2109 	u32 minorversion = resp->cstate.minorversion;
2110 	struct path path = {
2111 		.mnt	= exp->ex_path.mnt,
2112 		.dentry	= dentry,
2113 	};
2114 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2115 
2116 	BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2117 	BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion));
2118 	BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
2119 	BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion));
2120 
2121 	if (exp->ex_fslocs.migrated) {
2122 		BUG_ON(bmval[2]);
2123 		status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err);
2124 		if (status)
2125 			goto out;
2126 	}
2127 
2128 	err = vfs_getattr(&path, &stat);
2129 	if (err)
2130 		goto out_nfserr;
2131 	if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
2132 			FATTR4_WORD0_MAXNAME)) ||
2133 	    (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2134 		       FATTR4_WORD1_SPACE_TOTAL))) {
2135 		err = vfs_statfs(&path, &statfs);
2136 		if (err)
2137 			goto out_nfserr;
2138 	}
2139 	if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2140 		fh_init(&tempfh, NFS4_FHSIZE);
2141 		status = fh_compose(&tempfh, exp, dentry, NULL);
2142 		if (status)
2143 			goto out;
2144 		fhp = &tempfh;
2145 	}
2146 	if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
2147 			| FATTR4_WORD0_SUPPORTED_ATTRS)) {
2148 		err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2149 		aclsupport = (err == 0);
2150 		if (bmval0 & FATTR4_WORD0_ACL) {
2151 			if (err == -EOPNOTSUPP)
2152 				bmval0 &= ~FATTR4_WORD0_ACL;
2153 			else if (err == -EINVAL) {
2154 				status = nfserr_attrnotsupp;
2155 				goto out;
2156 			} else if (err != 0)
2157 				goto out_nfserr;
2158 		}
2159 	}
2160 
2161 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2162 	if ((bmval[2] & FATTR4_WORD2_SECURITY_LABEL) ||
2163 			bmval[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
2164 		err = security_inode_getsecctx(dentry->d_inode,
2165 						&context, &contextlen);
2166 		contextsupport = (err == 0);
2167 		if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2168 			if (err == -EOPNOTSUPP)
2169 				bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2170 			else if (err)
2171 				goto out_nfserr;
2172 		}
2173 	}
2174 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2175 
2176 	if (bmval2) {
2177 		if ((buflen -= 16) < 0)
2178 			goto out_resource;
2179 		WRITE32(3);
2180 		WRITE32(bmval0);
2181 		WRITE32(bmval1);
2182 		WRITE32(bmval2);
2183 	} else if (bmval1) {
2184 		if ((buflen -= 12) < 0)
2185 			goto out_resource;
2186 		WRITE32(2);
2187 		WRITE32(bmval0);
2188 		WRITE32(bmval1);
2189 	} else {
2190 		if ((buflen -= 8) < 0)
2191 			goto out_resource;
2192 		WRITE32(1);
2193 		WRITE32(bmval0);
2194 	}
2195 	attrlenp = p++;                /* to be backfilled later */
2196 
2197 	if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2198 		u32 word0 = nfsd_suppattrs0(minorversion);
2199 		u32 word1 = nfsd_suppattrs1(minorversion);
2200 		u32 word2 = nfsd_suppattrs2(minorversion);
2201 
2202 		if (!aclsupport)
2203 			word0 &= ~FATTR4_WORD0_ACL;
2204 		if (!contextsupport)
2205 			word2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2206 		if (!word2) {
2207 			if ((buflen -= 12) < 0)
2208 				goto out_resource;
2209 			WRITE32(2);
2210 			WRITE32(word0);
2211 			WRITE32(word1);
2212 		} else {
2213 			if ((buflen -= 16) < 0)
2214 				goto out_resource;
2215 			WRITE32(3);
2216 			WRITE32(word0);
2217 			WRITE32(word1);
2218 			WRITE32(word2);
2219 		}
2220 	}
2221 	if (bmval0 & FATTR4_WORD0_TYPE) {
2222 		if ((buflen -= 4) < 0)
2223 			goto out_resource;
2224 		dummy = nfs4_file_type(stat.mode);
2225 		if (dummy == NF4BAD)
2226 			goto out_serverfault;
2227 		WRITE32(dummy);
2228 	}
2229 	if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2230 		if ((buflen -= 4) < 0)
2231 			goto out_resource;
2232 		if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2233 			WRITE32(NFS4_FH_PERSISTENT);
2234 		else
2235 			WRITE32(NFS4_FH_PERSISTENT|NFS4_FH_VOL_RENAME);
2236 	}
2237 	if (bmval0 & FATTR4_WORD0_CHANGE) {
2238 		if ((buflen -= 8) < 0)
2239 			goto out_resource;
2240 		write_change(&p, &stat, dentry->d_inode);
2241 	}
2242 	if (bmval0 & FATTR4_WORD0_SIZE) {
2243 		if ((buflen -= 8) < 0)
2244 			goto out_resource;
2245 		WRITE64(stat.size);
2246 	}
2247 	if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2248 		if ((buflen -= 4) < 0)
2249 			goto out_resource;
2250 		WRITE32(1);
2251 	}
2252 	if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2253 		if ((buflen -= 4) < 0)
2254 			goto out_resource;
2255 		WRITE32(1);
2256 	}
2257 	if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2258 		if ((buflen -= 4) < 0)
2259 			goto out_resource;
2260 		WRITE32(0);
2261 	}
2262 	if (bmval0 & FATTR4_WORD0_FSID) {
2263 		if ((buflen -= 16) < 0)
2264 			goto out_resource;
2265 		if (exp->ex_fslocs.migrated) {
2266 			WRITE64(NFS4_REFERRAL_FSID_MAJOR);
2267 			WRITE64(NFS4_REFERRAL_FSID_MINOR);
2268 		} else switch(fsid_source(fhp)) {
2269 		case FSIDSOURCE_FSID:
2270 			WRITE64((u64)exp->ex_fsid);
2271 			WRITE64((u64)0);
2272 			break;
2273 		case FSIDSOURCE_DEV:
2274 			WRITE32(0);
2275 			WRITE32(MAJOR(stat.dev));
2276 			WRITE32(0);
2277 			WRITE32(MINOR(stat.dev));
2278 			break;
2279 		case FSIDSOURCE_UUID:
2280 			WRITEMEM(exp->ex_uuid, 16);
2281 			break;
2282 		}
2283 	}
2284 	if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2285 		if ((buflen -= 4) < 0)
2286 			goto out_resource;
2287 		WRITE32(0);
2288 	}
2289 	if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2290 		if ((buflen -= 4) < 0)
2291 			goto out_resource;
2292 		WRITE32(nn->nfsd4_lease);
2293 	}
2294 	if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2295 		if ((buflen -= 4) < 0)
2296 			goto out_resource;
2297 		WRITE32(rdattr_err);
2298 	}
2299 	if (bmval0 & FATTR4_WORD0_ACL) {
2300 		struct nfs4_ace *ace;
2301 
2302 		if (acl == NULL) {
2303 			if ((buflen -= 4) < 0)
2304 				goto out_resource;
2305 
2306 			WRITE32(0);
2307 			goto out_acl;
2308 		}
2309 		if ((buflen -= 4) < 0)
2310 			goto out_resource;
2311 		WRITE32(acl->naces);
2312 
2313 		for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2314 			if ((buflen -= 4*3) < 0)
2315 				goto out_resource;
2316 			WRITE32(ace->type);
2317 			WRITE32(ace->flag);
2318 			WRITE32(ace->access_mask & NFS4_ACE_MASK_ALL);
2319 			status = nfsd4_encode_aclname(rqstp, ace, &p, &buflen);
2320 			if (status == nfserr_resource)
2321 				goto out_resource;
2322 			if (status)
2323 				goto out;
2324 		}
2325 	}
2326 out_acl:
2327 	if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2328 		if ((buflen -= 4) < 0)
2329 			goto out_resource;
2330 		WRITE32(aclsupport ?
2331 			ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2332 	}
2333 	if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2334 		if ((buflen -= 4) < 0)
2335 			goto out_resource;
2336 		WRITE32(1);
2337 	}
2338 	if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2339 		if ((buflen -= 4) < 0)
2340 			goto out_resource;
2341 		WRITE32(0);
2342 	}
2343 	if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2344 		if ((buflen -= 4) < 0)
2345 			goto out_resource;
2346 		WRITE32(1);
2347 	}
2348 	if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2349 		if ((buflen -= 4) < 0)
2350 			goto out_resource;
2351 		WRITE32(1);
2352 	}
2353 	if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2354 		buflen -= (XDR_QUADLEN(fhp->fh_handle.fh_size) << 2) + 4;
2355 		if (buflen < 0)
2356 			goto out_resource;
2357 		WRITE32(fhp->fh_handle.fh_size);
2358 		WRITEMEM(&fhp->fh_handle.fh_base, fhp->fh_handle.fh_size);
2359 	}
2360 	if (bmval0 & FATTR4_WORD0_FILEID) {
2361 		if ((buflen -= 8) < 0)
2362 			goto out_resource;
2363 		WRITE64(stat.ino);
2364 	}
2365 	if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2366 		if ((buflen -= 8) < 0)
2367 			goto out_resource;
2368 		WRITE64((u64) statfs.f_ffree);
2369 	}
2370 	if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2371 		if ((buflen -= 8) < 0)
2372 			goto out_resource;
2373 		WRITE64((u64) statfs.f_ffree);
2374 	}
2375 	if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2376 		if ((buflen -= 8) < 0)
2377 			goto out_resource;
2378 		WRITE64((u64) statfs.f_files);
2379 	}
2380 	if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2381 		status = nfsd4_encode_fs_locations(rqstp, exp, &p, &buflen);
2382 		if (status == nfserr_resource)
2383 			goto out_resource;
2384 		if (status)
2385 			goto out;
2386 	}
2387 	if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2388 		if ((buflen -= 4) < 0)
2389 			goto out_resource;
2390 		WRITE32(1);
2391 	}
2392 	if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2393 		if ((buflen -= 8) < 0)
2394 			goto out_resource;
2395 		WRITE64(exp->ex_path.mnt->mnt_sb->s_maxbytes);
2396 	}
2397 	if (bmval0 & FATTR4_WORD0_MAXLINK) {
2398 		if ((buflen -= 4) < 0)
2399 			goto out_resource;
2400 		WRITE32(255);
2401 	}
2402 	if (bmval0 & FATTR4_WORD0_MAXNAME) {
2403 		if ((buflen -= 4) < 0)
2404 			goto out_resource;
2405 		WRITE32(statfs.f_namelen);
2406 	}
2407 	if (bmval0 & FATTR4_WORD0_MAXREAD) {
2408 		if ((buflen -= 8) < 0)
2409 			goto out_resource;
2410 		WRITE64((u64) svc_max_payload(rqstp));
2411 	}
2412 	if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2413 		if ((buflen -= 8) < 0)
2414 			goto out_resource;
2415 		WRITE64((u64) svc_max_payload(rqstp));
2416 	}
2417 	if (bmval1 & FATTR4_WORD1_MODE) {
2418 		if ((buflen -= 4) < 0)
2419 			goto out_resource;
2420 		WRITE32(stat.mode & S_IALLUGO);
2421 	}
2422 	if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2423 		if ((buflen -= 4) < 0)
2424 			goto out_resource;
2425 		WRITE32(1);
2426 	}
2427 	if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2428 		if ((buflen -= 4) < 0)
2429 			goto out_resource;
2430 		WRITE32(stat.nlink);
2431 	}
2432 	if (bmval1 & FATTR4_WORD1_OWNER) {
2433 		status = nfsd4_encode_user(rqstp, stat.uid, &p, &buflen);
2434 		if (status == nfserr_resource)
2435 			goto out_resource;
2436 		if (status)
2437 			goto out;
2438 	}
2439 	if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2440 		status = nfsd4_encode_group(rqstp, stat.gid, &p, &buflen);
2441 		if (status == nfserr_resource)
2442 			goto out_resource;
2443 		if (status)
2444 			goto out;
2445 	}
2446 	if (bmval1 & FATTR4_WORD1_RAWDEV) {
2447 		if ((buflen -= 8) < 0)
2448 			goto out_resource;
2449 		WRITE32((u32) MAJOR(stat.rdev));
2450 		WRITE32((u32) MINOR(stat.rdev));
2451 	}
2452 	if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
2453 		if ((buflen -= 8) < 0)
2454 			goto out_resource;
2455 		dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
2456 		WRITE64(dummy64);
2457 	}
2458 	if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
2459 		if ((buflen -= 8) < 0)
2460 			goto out_resource;
2461 		dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
2462 		WRITE64(dummy64);
2463 	}
2464 	if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
2465 		if ((buflen -= 8) < 0)
2466 			goto out_resource;
2467 		dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
2468 		WRITE64(dummy64);
2469 	}
2470 	if (bmval1 & FATTR4_WORD1_SPACE_USED) {
2471 		if ((buflen -= 8) < 0)
2472 			goto out_resource;
2473 		dummy64 = (u64)stat.blocks << 9;
2474 		WRITE64(dummy64);
2475 	}
2476 	if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
2477 		if ((buflen -= 12) < 0)
2478 			goto out_resource;
2479 		WRITE64((s64)stat.atime.tv_sec);
2480 		WRITE32(stat.atime.tv_nsec);
2481 	}
2482 	if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
2483 		if ((buflen -= 12) < 0)
2484 			goto out_resource;
2485 		WRITE32(0);
2486 		WRITE32(1);
2487 		WRITE32(0);
2488 	}
2489 	if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
2490 		if ((buflen -= 12) < 0)
2491 			goto out_resource;
2492 		WRITE64((s64)stat.ctime.tv_sec);
2493 		WRITE32(stat.ctime.tv_nsec);
2494 	}
2495 	if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
2496 		if ((buflen -= 12) < 0)
2497 			goto out_resource;
2498 		WRITE64((s64)stat.mtime.tv_sec);
2499 		WRITE32(stat.mtime.tv_nsec);
2500 	}
2501 	if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
2502 		if ((buflen -= 8) < 0)
2503                 	goto out_resource;
2504 		/*
2505 		 * Get parent's attributes if not ignoring crossmount
2506 		 * and this is the root of a cross-mounted filesystem.
2507 		 */
2508 		if (ignore_crossmnt == 0 &&
2509 		    dentry == exp->ex_path.mnt->mnt_root)
2510 			get_parent_attributes(exp, &stat);
2511 		WRITE64(stat.ino);
2512 	}
2513 	if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2514 		status = nfsd4_encode_security_label(rqstp, context,
2515 				contextlen, &p, &buflen);
2516 		if (status)
2517 			goto out;
2518 	}
2519 	if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
2520 		WRITE32(3);
2521 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
2522 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
2523 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD2);
2524 	}
2525 
2526 	*attrlenp = htonl((char *)p - (char *)attrlenp - 4);
2527 	*buffer = p;
2528 	status = nfs_ok;
2529 
2530 out:
2531 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2532 	if (context)
2533 		security_release_secctx(context, contextlen);
2534 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2535 	kfree(acl);
2536 	if (fhp == &tempfh)
2537 		fh_put(&tempfh);
2538 	return status;
2539 out_nfserr:
2540 	status = nfserrno(err);
2541 	goto out;
2542 out_resource:
2543 	status = nfserr_resource;
2544 	goto out;
2545 out_serverfault:
2546 	status = nfserr_serverfault;
2547 	goto out;
2548 }
2549 
2550 static inline int attributes_need_mount(u32 *bmval)
2551 {
2552 	if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
2553 		return 1;
2554 	if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
2555 		return 1;
2556 	return 0;
2557 }
2558 
2559 static __be32
2560 nfsd4_encode_dirent_fattr(struct nfsd4_readdir *cd,
2561 		const char *name, int namlen, __be32 **p, int buflen)
2562 {
2563 	struct svc_export *exp = cd->rd_fhp->fh_export;
2564 	struct dentry *dentry;
2565 	__be32 nfserr;
2566 	int ignore_crossmnt = 0;
2567 
2568 	dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
2569 	if (IS_ERR(dentry))
2570 		return nfserrno(PTR_ERR(dentry));
2571 	if (!dentry->d_inode) {
2572 		/*
2573 		 * nfsd_buffered_readdir drops the i_mutex between
2574 		 * readdir and calling this callback, leaving a window
2575 		 * where this directory entry could have gone away.
2576 		 */
2577 		dput(dentry);
2578 		return nfserr_noent;
2579 	}
2580 
2581 	exp_get(exp);
2582 	/*
2583 	 * In the case of a mountpoint, the client may be asking for
2584 	 * attributes that are only properties of the underlying filesystem
2585 	 * as opposed to the cross-mounted file system. In such a case,
2586 	 * we will not follow the cross mount and will fill the attribtutes
2587 	 * directly from the mountpoint dentry.
2588 	 */
2589 	if (nfsd_mountpoint(dentry, exp)) {
2590 		int err;
2591 
2592 		if (!(exp->ex_flags & NFSEXP_V4ROOT)
2593 				&& !attributes_need_mount(cd->rd_bmval)) {
2594 			ignore_crossmnt = 1;
2595 			goto out_encode;
2596 		}
2597 		/*
2598 		 * Why the heck aren't we just using nfsd_lookup??
2599 		 * Different "."/".." handling?  Something else?
2600 		 * At least, add a comment here to explain....
2601 		 */
2602 		err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
2603 		if (err) {
2604 			nfserr = nfserrno(err);
2605 			goto out_put;
2606 		}
2607 		nfserr = check_nfsd_access(exp, cd->rd_rqstp);
2608 		if (nfserr)
2609 			goto out_put;
2610 
2611 	}
2612 out_encode:
2613 	nfserr = nfsd4_encode_fattr(NULL, exp, dentry, p, buflen, cd->rd_bmval,
2614 					cd->rd_rqstp, ignore_crossmnt);
2615 out_put:
2616 	dput(dentry);
2617 	exp_put(exp);
2618 	return nfserr;
2619 }
2620 
2621 static __be32 *
2622 nfsd4_encode_rdattr_error(__be32 *p, int buflen, __be32 nfserr)
2623 {
2624 	__be32 *attrlenp;
2625 
2626 	if (buflen < 6)
2627 		return NULL;
2628 	*p++ = htonl(2);
2629 	*p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
2630 	*p++ = htonl(0);			 /* bmval1 */
2631 
2632 	attrlenp = p++;
2633 	*p++ = nfserr;       /* no htonl */
2634 	*attrlenp = htonl((char *)p - (char *)attrlenp - 4);
2635 	return p;
2636 }
2637 
2638 static int
2639 nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2640 		    loff_t offset, u64 ino, unsigned int d_type)
2641 {
2642 	struct readdir_cd *ccd = ccdv;
2643 	struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
2644 	int buflen;
2645 	__be32 *p = cd->buffer;
2646 	__be32 *cookiep;
2647 	__be32 nfserr = nfserr_toosmall;
2648 
2649 	/* In nfsv4, "." and ".." never make it onto the wire.. */
2650 	if (name && isdotent(name, namlen)) {
2651 		cd->common.err = nfs_ok;
2652 		return 0;
2653 	}
2654 
2655 	if (cd->offset)
2656 		xdr_encode_hyper(cd->offset, (u64) offset);
2657 
2658 	buflen = cd->buflen - 4 - XDR_QUADLEN(namlen);
2659 	if (buflen < 0)
2660 		goto fail;
2661 
2662 	*p++ = xdr_one;                             /* mark entry present */
2663 	cookiep = p;
2664 	p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
2665 	p = xdr_encode_array(p, name, namlen);      /* name length & name */
2666 
2667 	nfserr = nfsd4_encode_dirent_fattr(cd, name, namlen, &p, buflen);
2668 	switch (nfserr) {
2669 	case nfs_ok:
2670 		break;
2671 	case nfserr_resource:
2672 		nfserr = nfserr_toosmall;
2673 		goto fail;
2674 	case nfserr_noent:
2675 		goto skip_entry;
2676 	default:
2677 		/*
2678 		 * If the client requested the RDATTR_ERROR attribute,
2679 		 * we stuff the error code into this attribute
2680 		 * and continue.  If this attribute was not requested,
2681 		 * then in accordance with the spec, we fail the
2682 		 * entire READDIR operation(!)
2683 		 */
2684 		if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
2685 			goto fail;
2686 		p = nfsd4_encode_rdattr_error(p, buflen, nfserr);
2687 		if (p == NULL) {
2688 			nfserr = nfserr_toosmall;
2689 			goto fail;
2690 		}
2691 	}
2692 	cd->buflen -= (p - cd->buffer);
2693 	cd->buffer = p;
2694 	cd->offset = cookiep;
2695 skip_entry:
2696 	cd->common.err = nfs_ok;
2697 	return 0;
2698 fail:
2699 	cd->common.err = nfserr;
2700 	return -EINVAL;
2701 }
2702 
2703 static void
2704 nfsd4_encode_stateid(struct nfsd4_compoundres *resp, stateid_t *sid)
2705 {
2706 	__be32 *p;
2707 
2708 	RESERVE_SPACE(sizeof(stateid_t));
2709 	WRITE32(sid->si_generation);
2710 	WRITEMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
2711 	ADJUST_ARGS();
2712 }
2713 
2714 static __be32
2715 nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
2716 {
2717 	__be32 *p;
2718 
2719 	if (!nfserr) {
2720 		RESERVE_SPACE(8);
2721 		WRITE32(access->ac_supported);
2722 		WRITE32(access->ac_resp_access);
2723 		ADJUST_ARGS();
2724 	}
2725 	return nfserr;
2726 }
2727 
2728 static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
2729 {
2730 	__be32 *p;
2731 
2732 	if (!nfserr) {
2733 		RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 8);
2734 		WRITEMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
2735 		WRITE32(bcts->dir);
2736 		/* Sorry, we do not yet support RDMA over 4.1: */
2737 		WRITE32(0);
2738 		ADJUST_ARGS();
2739 	}
2740 	return nfserr;
2741 }
2742 
2743 static __be32
2744 nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
2745 {
2746 	if (!nfserr)
2747 		nfsd4_encode_stateid(resp, &close->cl_stateid);
2748 
2749 	return nfserr;
2750 }
2751 
2752 
2753 static __be32
2754 nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
2755 {
2756 	__be32 *p;
2757 
2758 	if (!nfserr) {
2759 		RESERVE_SPACE(NFS4_VERIFIER_SIZE);
2760 		WRITEMEM(commit->co_verf.data, NFS4_VERIFIER_SIZE);
2761 		ADJUST_ARGS();
2762 	}
2763 	return nfserr;
2764 }
2765 
2766 static __be32
2767 nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
2768 {
2769 	__be32 *p;
2770 
2771 	if (!nfserr) {
2772 		RESERVE_SPACE(32);
2773 		write_cinfo(&p, &create->cr_cinfo);
2774 		WRITE32(2);
2775 		WRITE32(create->cr_bmval[0]);
2776 		WRITE32(create->cr_bmval[1]);
2777 		ADJUST_ARGS();
2778 	}
2779 	return nfserr;
2780 }
2781 
2782 static __be32
2783 nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
2784 {
2785 	struct svc_fh *fhp = getattr->ga_fhp;
2786 	int buflen;
2787 
2788 	if (nfserr)
2789 		return nfserr;
2790 
2791 	buflen = resp->end - resp->p - (COMPOUND_ERR_SLACK_SPACE >> 2);
2792 	nfserr = nfsd4_encode_fattr(fhp, fhp->fh_export, fhp->fh_dentry,
2793 				    &resp->p, buflen, getattr->ga_bmval,
2794 				    resp->rqstp, 0);
2795 	return nfserr;
2796 }
2797 
2798 static __be32
2799 nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
2800 {
2801 	struct svc_fh *fhp = *fhpp;
2802 	unsigned int len;
2803 	__be32 *p;
2804 
2805 	if (!nfserr) {
2806 		len = fhp->fh_handle.fh_size;
2807 		RESERVE_SPACE(len + 4);
2808 		WRITE32(len);
2809 		WRITEMEM(&fhp->fh_handle.fh_base, len);
2810 		ADJUST_ARGS();
2811 	}
2812 	return nfserr;
2813 }
2814 
2815 /*
2816 * Including all fields other than the name, a LOCK4denied structure requires
2817 *   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
2818 */
2819 static void
2820 nfsd4_encode_lock_denied(struct nfsd4_compoundres *resp, struct nfsd4_lock_denied *ld)
2821 {
2822 	struct xdr_netobj *conf = &ld->ld_owner;
2823 	__be32 *p;
2824 
2825 	RESERVE_SPACE(32 + XDR_LEN(conf->len));
2826 	WRITE64(ld->ld_start);
2827 	WRITE64(ld->ld_length);
2828 	WRITE32(ld->ld_type);
2829 	if (conf->len) {
2830 		WRITEMEM(&ld->ld_clientid, 8);
2831 		WRITE32(conf->len);
2832 		WRITEMEM(conf->data, conf->len);
2833 		kfree(conf->data);
2834 	}  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
2835 		WRITE64((u64)0); /* clientid */
2836 		WRITE32(0); /* length of owner name */
2837 	}
2838 	ADJUST_ARGS();
2839 }
2840 
2841 static __be32
2842 nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
2843 {
2844 	if (!nfserr)
2845 		nfsd4_encode_stateid(resp, &lock->lk_resp_stateid);
2846 	else if (nfserr == nfserr_denied)
2847 		nfsd4_encode_lock_denied(resp, &lock->lk_denied);
2848 
2849 	return nfserr;
2850 }
2851 
2852 static __be32
2853 nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
2854 {
2855 	if (nfserr == nfserr_denied)
2856 		nfsd4_encode_lock_denied(resp, &lockt->lt_denied);
2857 	return nfserr;
2858 }
2859 
2860 static __be32
2861 nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
2862 {
2863 	if (!nfserr)
2864 		nfsd4_encode_stateid(resp, &locku->lu_stateid);
2865 
2866 	return nfserr;
2867 }
2868 
2869 
2870 static __be32
2871 nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
2872 {
2873 	__be32 *p;
2874 
2875 	if (!nfserr) {
2876 		RESERVE_SPACE(20);
2877 		write_cinfo(&p, &link->li_cinfo);
2878 		ADJUST_ARGS();
2879 	}
2880 	return nfserr;
2881 }
2882 
2883 
2884 static __be32
2885 nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
2886 {
2887 	__be32 *p;
2888 
2889 	if (nfserr)
2890 		goto out;
2891 
2892 	nfsd4_encode_stateid(resp, &open->op_stateid);
2893 	RESERVE_SPACE(40);
2894 	write_cinfo(&p, &open->op_cinfo);
2895 	WRITE32(open->op_rflags);
2896 	WRITE32(2);
2897 	WRITE32(open->op_bmval[0]);
2898 	WRITE32(open->op_bmval[1]);
2899 	WRITE32(open->op_delegate_type);
2900 	ADJUST_ARGS();
2901 
2902 	switch (open->op_delegate_type) {
2903 	case NFS4_OPEN_DELEGATE_NONE:
2904 		break;
2905 	case NFS4_OPEN_DELEGATE_READ:
2906 		nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2907 		RESERVE_SPACE(20);
2908 		WRITE32(open->op_recall);
2909 
2910 		/*
2911 		 * TODO: ACE's in delegations
2912 		 */
2913 		WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2914 		WRITE32(0);
2915 		WRITE32(0);
2916 		WRITE32(0);   /* XXX: is NULL principal ok? */
2917 		ADJUST_ARGS();
2918 		break;
2919 	case NFS4_OPEN_DELEGATE_WRITE:
2920 		nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2921 		RESERVE_SPACE(32);
2922 		WRITE32(0);
2923 
2924 		/*
2925 		 * TODO: space_limit's in delegations
2926 		 */
2927 		WRITE32(NFS4_LIMIT_SIZE);
2928 		WRITE32(~(u32)0);
2929 		WRITE32(~(u32)0);
2930 
2931 		/*
2932 		 * TODO: ACE's in delegations
2933 		 */
2934 		WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2935 		WRITE32(0);
2936 		WRITE32(0);
2937 		WRITE32(0);   /* XXX: is NULL principal ok? */
2938 		ADJUST_ARGS();
2939 		break;
2940 	case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
2941 		switch (open->op_why_no_deleg) {
2942 		case WND4_CONTENTION:
2943 		case WND4_RESOURCE:
2944 			RESERVE_SPACE(8);
2945 			WRITE32(open->op_why_no_deleg);
2946 			WRITE32(0);	/* deleg signaling not supported yet */
2947 			break;
2948 		default:
2949 			RESERVE_SPACE(4);
2950 			WRITE32(open->op_why_no_deleg);
2951 		}
2952 		ADJUST_ARGS();
2953 		break;
2954 	default:
2955 		BUG();
2956 	}
2957 	/* XXX save filehandle here */
2958 out:
2959 	return nfserr;
2960 }
2961 
2962 static __be32
2963 nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
2964 {
2965 	if (!nfserr)
2966 		nfsd4_encode_stateid(resp, &oc->oc_resp_stateid);
2967 
2968 	return nfserr;
2969 }
2970 
2971 static __be32
2972 nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
2973 {
2974 	if (!nfserr)
2975 		nfsd4_encode_stateid(resp, &od->od_stateid);
2976 
2977 	return nfserr;
2978 }
2979 
2980 static __be32
2981 nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
2982 		  struct nfsd4_read *read)
2983 {
2984 	u32 eof;
2985 	int v;
2986 	struct page *page;
2987 	unsigned long maxcount;
2988 	long len;
2989 	__be32 *p;
2990 
2991 	if (nfserr)
2992 		return nfserr;
2993 	if (resp->xbuf->page_len)
2994 		return nfserr_resource;
2995 
2996 	RESERVE_SPACE(8); /* eof flag and byte count */
2997 
2998 	maxcount = svc_max_payload(resp->rqstp);
2999 	if (maxcount > read->rd_length)
3000 		maxcount = read->rd_length;
3001 
3002 	len = maxcount;
3003 	v = 0;
3004 	while (len > 0) {
3005 		page = *(resp->rqstp->rq_next_page);
3006 		if (!page) { /* ran out of pages */
3007 			maxcount -= len;
3008 			break;
3009 		}
3010 		resp->rqstp->rq_vec[v].iov_base = page_address(page);
3011 		resp->rqstp->rq_vec[v].iov_len =
3012 			len < PAGE_SIZE ? len : PAGE_SIZE;
3013 		resp->rqstp->rq_next_page++;
3014 		v++;
3015 		len -= PAGE_SIZE;
3016 	}
3017 	read->rd_vlen = v;
3018 
3019 	nfserr = nfsd_read_file(read->rd_rqstp, read->rd_fhp, read->rd_filp,
3020 			read->rd_offset, resp->rqstp->rq_vec, read->rd_vlen,
3021 			&maxcount);
3022 
3023 	if (nfserr)
3024 		return nfserr;
3025 	eof = (read->rd_offset + maxcount >=
3026 	       read->rd_fhp->fh_dentry->d_inode->i_size);
3027 
3028 	WRITE32(eof);
3029 	WRITE32(maxcount);
3030 	ADJUST_ARGS();
3031 	resp->xbuf->head[0].iov_len = (char*)p
3032 					- (char*)resp->xbuf->head[0].iov_base;
3033 	resp->xbuf->page_len = maxcount;
3034 
3035 	/* Use rest of head for padding and remaining ops: */
3036 	resp->xbuf->tail[0].iov_base = p;
3037 	resp->xbuf->tail[0].iov_len = 0;
3038 	if (maxcount&3) {
3039 		RESERVE_SPACE(4);
3040 		WRITE32(0);
3041 		resp->xbuf->tail[0].iov_base += maxcount&3;
3042 		resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
3043 		ADJUST_ARGS();
3044 	}
3045 	return 0;
3046 }
3047 
3048 static __be32
3049 nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
3050 {
3051 	int maxcount;
3052 	char *page;
3053 	__be32 *p;
3054 
3055 	if (nfserr)
3056 		return nfserr;
3057 	if (resp->xbuf->page_len)
3058 		return nfserr_resource;
3059 	if (!*resp->rqstp->rq_next_page)
3060 		return nfserr_resource;
3061 
3062 	page = page_address(*(resp->rqstp->rq_next_page++));
3063 
3064 	maxcount = PAGE_SIZE;
3065 	RESERVE_SPACE(4);
3066 
3067 	/*
3068 	 * XXX: By default, the ->readlink() VFS op will truncate symlinks
3069 	 * if they would overflow the buffer.  Is this kosher in NFSv4?  If
3070 	 * not, one easy fix is: if ->readlink() precisely fills the buffer,
3071 	 * assume that truncation occurred, and return NFS4ERR_RESOURCE.
3072 	 */
3073 	nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp, page, &maxcount);
3074 	if (nfserr == nfserr_isdir)
3075 		return nfserr_inval;
3076 	if (nfserr)
3077 		return nfserr;
3078 
3079 	WRITE32(maxcount);
3080 	ADJUST_ARGS();
3081 	resp->xbuf->head[0].iov_len = (char*)p
3082 				- (char*)resp->xbuf->head[0].iov_base;
3083 	resp->xbuf->page_len = maxcount;
3084 
3085 	/* Use rest of head for padding and remaining ops: */
3086 	resp->xbuf->tail[0].iov_base = p;
3087 	resp->xbuf->tail[0].iov_len = 0;
3088 	if (maxcount&3) {
3089 		RESERVE_SPACE(4);
3090 		WRITE32(0);
3091 		resp->xbuf->tail[0].iov_base += maxcount&3;
3092 		resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
3093 		ADJUST_ARGS();
3094 	}
3095 	return 0;
3096 }
3097 
3098 static __be32
3099 nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3100 {
3101 	int maxcount;
3102 	loff_t offset;
3103 	__be32 *page, *savep, *tailbase;
3104 	__be32 *p;
3105 
3106 	if (nfserr)
3107 		return nfserr;
3108 	if (resp->xbuf->page_len)
3109 		return nfserr_resource;
3110 	if (!*resp->rqstp->rq_next_page)
3111 		return nfserr_resource;
3112 
3113 	RESERVE_SPACE(NFS4_VERIFIER_SIZE);
3114 	savep = p;
3115 
3116 	/* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3117 	WRITE32(0);
3118 	WRITE32(0);
3119 	ADJUST_ARGS();
3120 	resp->xbuf->head[0].iov_len = ((char*)resp->p) - (char*)resp->xbuf->head[0].iov_base;
3121 	tailbase = p;
3122 
3123 	maxcount = PAGE_SIZE;
3124 	if (maxcount > readdir->rd_maxcount)
3125 		maxcount = readdir->rd_maxcount;
3126 
3127 	/*
3128 	 * Convert from bytes to words, account for the two words already
3129 	 * written, make sure to leave two words at the end for the next
3130 	 * pointer and eof field.
3131 	 */
3132 	maxcount = (maxcount >> 2) - 4;
3133 	if (maxcount < 0) {
3134 		nfserr =  nfserr_toosmall;
3135 		goto err_no_verf;
3136 	}
3137 
3138 	page = page_address(*(resp->rqstp->rq_next_page++));
3139 	readdir->common.err = 0;
3140 	readdir->buflen = maxcount;
3141 	readdir->buffer = page;
3142 	readdir->offset = NULL;
3143 
3144 	offset = readdir->rd_cookie;
3145 	nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3146 			      &offset,
3147 			      &readdir->common, nfsd4_encode_dirent);
3148 	if (nfserr == nfs_ok &&
3149 	    readdir->common.err == nfserr_toosmall &&
3150 	    readdir->buffer == page)
3151 		nfserr = nfserr_toosmall;
3152 	if (nfserr)
3153 		goto err_no_verf;
3154 
3155 	if (readdir->offset)
3156 		xdr_encode_hyper(readdir->offset, offset);
3157 
3158 	p = readdir->buffer;
3159 	*p++ = 0;	/* no more entries */
3160 	*p++ = htonl(readdir->common.err == nfserr_eof);
3161 	resp->xbuf->page_len = ((char*)p) -
3162 		(char*)page_address(*(resp->rqstp->rq_next_page-1));
3163 
3164 	/* Use rest of head for padding and remaining ops: */
3165 	resp->xbuf->tail[0].iov_base = tailbase;
3166 	resp->xbuf->tail[0].iov_len = 0;
3167 	resp->p = resp->xbuf->tail[0].iov_base;
3168 	resp->end = resp->p + (PAGE_SIZE - resp->xbuf->head[0].iov_len)/4;
3169 
3170 	return 0;
3171 err_no_verf:
3172 	p = savep;
3173 	ADJUST_ARGS();
3174 	return nfserr;
3175 }
3176 
3177 static __be32
3178 nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3179 {
3180 	__be32 *p;
3181 
3182 	if (!nfserr) {
3183 		RESERVE_SPACE(20);
3184 		write_cinfo(&p, &remove->rm_cinfo);
3185 		ADJUST_ARGS();
3186 	}
3187 	return nfserr;
3188 }
3189 
3190 static __be32
3191 nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3192 {
3193 	__be32 *p;
3194 
3195 	if (!nfserr) {
3196 		RESERVE_SPACE(40);
3197 		write_cinfo(&p, &rename->rn_sinfo);
3198 		write_cinfo(&p, &rename->rn_tinfo);
3199 		ADJUST_ARGS();
3200 	}
3201 	return nfserr;
3202 }
3203 
3204 static __be32
3205 nfsd4_do_encode_secinfo(struct nfsd4_compoundres *resp,
3206 			 __be32 nfserr, struct svc_export *exp)
3207 {
3208 	u32 i, nflavs, supported;
3209 	struct exp_flavor_info *flavs;
3210 	struct exp_flavor_info def_flavs[2];
3211 	__be32 *p, *flavorsp;
3212 	static bool report = true;
3213 
3214 	if (nfserr)
3215 		goto out;
3216 	if (exp->ex_nflavors) {
3217 		flavs = exp->ex_flavors;
3218 		nflavs = exp->ex_nflavors;
3219 	} else { /* Handling of some defaults in absence of real secinfo: */
3220 		flavs = def_flavs;
3221 		if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3222 			nflavs = 2;
3223 			flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3224 			flavs[1].pseudoflavor = RPC_AUTH_NULL;
3225 		} else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
3226 			nflavs = 1;
3227 			flavs[0].pseudoflavor
3228 					= svcauth_gss_flavor(exp->ex_client);
3229 		} else {
3230 			nflavs = 1;
3231 			flavs[0].pseudoflavor
3232 					= exp->ex_client->flavour->flavour;
3233 		}
3234 	}
3235 
3236 	supported = 0;
3237 	RESERVE_SPACE(4);
3238 	flavorsp = p++;		/* to be backfilled later */
3239 	ADJUST_ARGS();
3240 
3241 	for (i = 0; i < nflavs; i++) {
3242 		rpc_authflavor_t pf = flavs[i].pseudoflavor;
3243 		struct rpcsec_gss_info info;
3244 
3245 		if (rpcauth_get_gssinfo(pf, &info) == 0) {
3246 			supported++;
3247 			RESERVE_SPACE(4 + 4 + info.oid.len + 4 + 4);
3248 			WRITE32(RPC_AUTH_GSS);
3249 			WRITE32(info.oid.len);
3250 			WRITEMEM(info.oid.data, info.oid.len);
3251 			WRITE32(info.qop);
3252 			WRITE32(info.service);
3253 			ADJUST_ARGS();
3254 		} else if (pf < RPC_AUTH_MAXFLAVOR) {
3255 			supported++;
3256 			RESERVE_SPACE(4);
3257 			WRITE32(pf);
3258 			ADJUST_ARGS();
3259 		} else {
3260 			if (report)
3261 				pr_warn("NFS: SECINFO: security flavor %u "
3262 					"is not supported\n", pf);
3263 		}
3264 	}
3265 
3266 	if (nflavs != supported)
3267 		report = false;
3268 	*flavorsp = htonl(supported);
3269 
3270 out:
3271 	if (exp)
3272 		exp_put(exp);
3273 	return nfserr;
3274 }
3275 
3276 static __be32
3277 nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
3278 		     struct nfsd4_secinfo *secinfo)
3279 {
3280 	return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->si_exp);
3281 }
3282 
3283 static __be32
3284 nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
3285 		     struct nfsd4_secinfo_no_name *secinfo)
3286 {
3287 	return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->sin_exp);
3288 }
3289 
3290 /*
3291  * The SETATTR encode routine is special -- it always encodes a bitmap,
3292  * regardless of the error status.
3293  */
3294 static __be32
3295 nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
3296 {
3297 	__be32 *p;
3298 
3299 	RESERVE_SPACE(16);
3300 	if (nfserr) {
3301 		WRITE32(3);
3302 		WRITE32(0);
3303 		WRITE32(0);
3304 		WRITE32(0);
3305 	}
3306 	else {
3307 		WRITE32(3);
3308 		WRITE32(setattr->sa_bmval[0]);
3309 		WRITE32(setattr->sa_bmval[1]);
3310 		WRITE32(setattr->sa_bmval[2]);
3311 	}
3312 	ADJUST_ARGS();
3313 	return nfserr;
3314 }
3315 
3316 static __be32
3317 nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
3318 {
3319 	__be32 *p;
3320 
3321 	if (!nfserr) {
3322 		RESERVE_SPACE(8 + NFS4_VERIFIER_SIZE);
3323 		WRITEMEM(&scd->se_clientid, 8);
3324 		WRITEMEM(&scd->se_confirm, NFS4_VERIFIER_SIZE);
3325 		ADJUST_ARGS();
3326 	}
3327 	else if (nfserr == nfserr_clid_inuse) {
3328 		RESERVE_SPACE(8);
3329 		WRITE32(0);
3330 		WRITE32(0);
3331 		ADJUST_ARGS();
3332 	}
3333 	return nfserr;
3334 }
3335 
3336 static __be32
3337 nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
3338 {
3339 	__be32 *p;
3340 
3341 	if (!nfserr) {
3342 		RESERVE_SPACE(16);
3343 		WRITE32(write->wr_bytes_written);
3344 		WRITE32(write->wr_how_written);
3345 		WRITEMEM(write->wr_verifier.data, NFS4_VERIFIER_SIZE);
3346 		ADJUST_ARGS();
3347 	}
3348 	return nfserr;
3349 }
3350 
3351 static const u32 nfs4_minimal_spo_must_enforce[2] = {
3352 	[1] = 1 << (OP_BIND_CONN_TO_SESSION - 32) |
3353 	      1 << (OP_EXCHANGE_ID - 32) |
3354 	      1 << (OP_CREATE_SESSION - 32) |
3355 	      1 << (OP_DESTROY_SESSION - 32) |
3356 	      1 << (OP_DESTROY_CLIENTID - 32)
3357 };
3358 
3359 static __be32
3360 nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
3361 			 struct nfsd4_exchange_id *exid)
3362 {
3363 	__be32 *p;
3364 	char *major_id;
3365 	char *server_scope;
3366 	int major_id_sz;
3367 	int server_scope_sz;
3368 	uint64_t minor_id = 0;
3369 
3370 	if (nfserr)
3371 		return nfserr;
3372 
3373 	major_id = utsname()->nodename;
3374 	major_id_sz = strlen(major_id);
3375 	server_scope = utsname()->nodename;
3376 	server_scope_sz = strlen(server_scope);
3377 
3378 	RESERVE_SPACE(
3379 		8 /* eir_clientid */ +
3380 		4 /* eir_sequenceid */ +
3381 		4 /* eir_flags */ +
3382 		4 /* spr_how */ +
3383 		8 /* spo_must_enforce, spo_must_allow */ +
3384 		8 /* so_minor_id */ +
3385 		4 /* so_major_id.len */ +
3386 		(XDR_QUADLEN(major_id_sz) * 4) +
3387 		4 /* eir_server_scope.len */ +
3388 		(XDR_QUADLEN(server_scope_sz) * 4) +
3389 		4 /* eir_server_impl_id.count (0) */);
3390 
3391 	WRITEMEM(&exid->clientid, 8);
3392 	WRITE32(exid->seqid);
3393 	WRITE32(exid->flags);
3394 
3395 	WRITE32(exid->spa_how);
3396 	switch (exid->spa_how) {
3397 	case SP4_NONE:
3398 		break;
3399 	case SP4_MACH_CRED:
3400 		/* spo_must_enforce bitmap: */
3401 		WRITE32(2);
3402 		WRITE32(nfs4_minimal_spo_must_enforce[0]);
3403 		WRITE32(nfs4_minimal_spo_must_enforce[1]);
3404 		/* empty spo_must_allow bitmap: */
3405 		WRITE32(0);
3406 		break;
3407 	default:
3408 		WARN_ON_ONCE(1);
3409 	}
3410 
3411 	/* The server_owner struct */
3412 	WRITE64(minor_id);      /* Minor id */
3413 	/* major id */
3414 	WRITE32(major_id_sz);
3415 	WRITEMEM(major_id, major_id_sz);
3416 
3417 	/* Server scope */
3418 	WRITE32(server_scope_sz);
3419 	WRITEMEM(server_scope, server_scope_sz);
3420 
3421 	/* Implementation id */
3422 	WRITE32(0);	/* zero length nfs_impl_id4 array */
3423 	ADJUST_ARGS();
3424 	return 0;
3425 }
3426 
3427 static __be32
3428 nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3429 			    struct nfsd4_create_session *sess)
3430 {
3431 	__be32 *p;
3432 
3433 	if (nfserr)
3434 		return nfserr;
3435 
3436 	RESERVE_SPACE(24);
3437 	WRITEMEM(sess->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3438 	WRITE32(sess->seqid);
3439 	WRITE32(sess->flags);
3440 	ADJUST_ARGS();
3441 
3442 	RESERVE_SPACE(28);
3443 	WRITE32(0); /* headerpadsz */
3444 	WRITE32(sess->fore_channel.maxreq_sz);
3445 	WRITE32(sess->fore_channel.maxresp_sz);
3446 	WRITE32(sess->fore_channel.maxresp_cached);
3447 	WRITE32(sess->fore_channel.maxops);
3448 	WRITE32(sess->fore_channel.maxreqs);
3449 	WRITE32(sess->fore_channel.nr_rdma_attrs);
3450 	ADJUST_ARGS();
3451 
3452 	if (sess->fore_channel.nr_rdma_attrs) {
3453 		RESERVE_SPACE(4);
3454 		WRITE32(sess->fore_channel.rdma_attrs);
3455 		ADJUST_ARGS();
3456 	}
3457 
3458 	RESERVE_SPACE(28);
3459 	WRITE32(0); /* headerpadsz */
3460 	WRITE32(sess->back_channel.maxreq_sz);
3461 	WRITE32(sess->back_channel.maxresp_sz);
3462 	WRITE32(sess->back_channel.maxresp_cached);
3463 	WRITE32(sess->back_channel.maxops);
3464 	WRITE32(sess->back_channel.maxreqs);
3465 	WRITE32(sess->back_channel.nr_rdma_attrs);
3466 	ADJUST_ARGS();
3467 
3468 	if (sess->back_channel.nr_rdma_attrs) {
3469 		RESERVE_SPACE(4);
3470 		WRITE32(sess->back_channel.rdma_attrs);
3471 		ADJUST_ARGS();
3472 	}
3473 	return 0;
3474 }
3475 
3476 static __be32
3477 nfsd4_encode_destroy_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3478 			     struct nfsd4_destroy_session *destroy_session)
3479 {
3480 	return nfserr;
3481 }
3482 
3483 static __be32
3484 nfsd4_encode_free_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3485 			  struct nfsd4_free_stateid *free_stateid)
3486 {
3487 	__be32 *p;
3488 
3489 	if (nfserr)
3490 		return nfserr;
3491 
3492 	RESERVE_SPACE(4);
3493 	*p++ = nfserr;
3494 	ADJUST_ARGS();
3495 	return nfserr;
3496 }
3497 
3498 static __be32
3499 nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
3500 		      struct nfsd4_sequence *seq)
3501 {
3502 	__be32 *p;
3503 
3504 	if (nfserr)
3505 		return nfserr;
3506 
3507 	RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 20);
3508 	WRITEMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3509 	WRITE32(seq->seqid);
3510 	WRITE32(seq->slotid);
3511 	/* Note slotid's are numbered from zero: */
3512 	WRITE32(seq->maxslots - 1); /* sr_highest_slotid */
3513 	WRITE32(seq->maxslots - 1); /* sr_target_highest_slotid */
3514 	WRITE32(seq->status_flags);
3515 
3516 	ADJUST_ARGS();
3517 	resp->cstate.datap = p; /* DRC cache data pointer */
3518 	return 0;
3519 }
3520 
3521 static __be32
3522 nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3523 			  struct nfsd4_test_stateid *test_stateid)
3524 {
3525 	struct nfsd4_test_stateid_id *stateid, *next;
3526 	__be32 *p;
3527 
3528 	RESERVE_SPACE(4 + (4 * test_stateid->ts_num_ids));
3529 	*p++ = htonl(test_stateid->ts_num_ids);
3530 
3531 	list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
3532 		*p++ = stateid->ts_id_status;
3533 	}
3534 
3535 	ADJUST_ARGS();
3536 	return nfserr;
3537 }
3538 
3539 static __be32
3540 nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
3541 {
3542 	return nfserr;
3543 }
3544 
3545 typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
3546 
3547 /*
3548  * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
3549  * since we don't need to filter out obsolete ops as this is
3550  * done in the decoding phase.
3551  */
3552 static nfsd4_enc nfsd4_enc_ops[] = {
3553 	[OP_ACCESS]		= (nfsd4_enc)nfsd4_encode_access,
3554 	[OP_CLOSE]		= (nfsd4_enc)nfsd4_encode_close,
3555 	[OP_COMMIT]		= (nfsd4_enc)nfsd4_encode_commit,
3556 	[OP_CREATE]		= (nfsd4_enc)nfsd4_encode_create,
3557 	[OP_DELEGPURGE]		= (nfsd4_enc)nfsd4_encode_noop,
3558 	[OP_DELEGRETURN]	= (nfsd4_enc)nfsd4_encode_noop,
3559 	[OP_GETATTR]		= (nfsd4_enc)nfsd4_encode_getattr,
3560 	[OP_GETFH]		= (nfsd4_enc)nfsd4_encode_getfh,
3561 	[OP_LINK]		= (nfsd4_enc)nfsd4_encode_link,
3562 	[OP_LOCK]		= (nfsd4_enc)nfsd4_encode_lock,
3563 	[OP_LOCKT]		= (nfsd4_enc)nfsd4_encode_lockt,
3564 	[OP_LOCKU]		= (nfsd4_enc)nfsd4_encode_locku,
3565 	[OP_LOOKUP]		= (nfsd4_enc)nfsd4_encode_noop,
3566 	[OP_LOOKUPP]		= (nfsd4_enc)nfsd4_encode_noop,
3567 	[OP_NVERIFY]		= (nfsd4_enc)nfsd4_encode_noop,
3568 	[OP_OPEN]		= (nfsd4_enc)nfsd4_encode_open,
3569 	[OP_OPENATTR]		= (nfsd4_enc)nfsd4_encode_noop,
3570 	[OP_OPEN_CONFIRM]	= (nfsd4_enc)nfsd4_encode_open_confirm,
3571 	[OP_OPEN_DOWNGRADE]	= (nfsd4_enc)nfsd4_encode_open_downgrade,
3572 	[OP_PUTFH]		= (nfsd4_enc)nfsd4_encode_noop,
3573 	[OP_PUTPUBFH]		= (nfsd4_enc)nfsd4_encode_noop,
3574 	[OP_PUTROOTFH]		= (nfsd4_enc)nfsd4_encode_noop,
3575 	[OP_READ]		= (nfsd4_enc)nfsd4_encode_read,
3576 	[OP_READDIR]		= (nfsd4_enc)nfsd4_encode_readdir,
3577 	[OP_READLINK]		= (nfsd4_enc)nfsd4_encode_readlink,
3578 	[OP_REMOVE]		= (nfsd4_enc)nfsd4_encode_remove,
3579 	[OP_RENAME]		= (nfsd4_enc)nfsd4_encode_rename,
3580 	[OP_RENEW]		= (nfsd4_enc)nfsd4_encode_noop,
3581 	[OP_RESTOREFH]		= (nfsd4_enc)nfsd4_encode_noop,
3582 	[OP_SAVEFH]		= (nfsd4_enc)nfsd4_encode_noop,
3583 	[OP_SECINFO]		= (nfsd4_enc)nfsd4_encode_secinfo,
3584 	[OP_SETATTR]		= (nfsd4_enc)nfsd4_encode_setattr,
3585 	[OP_SETCLIENTID]	= (nfsd4_enc)nfsd4_encode_setclientid,
3586 	[OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
3587 	[OP_VERIFY]		= (nfsd4_enc)nfsd4_encode_noop,
3588 	[OP_WRITE]		= (nfsd4_enc)nfsd4_encode_write,
3589 	[OP_RELEASE_LOCKOWNER]	= (nfsd4_enc)nfsd4_encode_noop,
3590 
3591 	/* NFSv4.1 operations */
3592 	[OP_BACKCHANNEL_CTL]	= (nfsd4_enc)nfsd4_encode_noop,
3593 	[OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
3594 	[OP_EXCHANGE_ID]	= (nfsd4_enc)nfsd4_encode_exchange_id,
3595 	[OP_CREATE_SESSION]	= (nfsd4_enc)nfsd4_encode_create_session,
3596 	[OP_DESTROY_SESSION]	= (nfsd4_enc)nfsd4_encode_destroy_session,
3597 	[OP_FREE_STATEID]	= (nfsd4_enc)nfsd4_encode_free_stateid,
3598 	[OP_GET_DIR_DELEGATION]	= (nfsd4_enc)nfsd4_encode_noop,
3599 	[OP_GETDEVICEINFO]	= (nfsd4_enc)nfsd4_encode_noop,
3600 	[OP_GETDEVICELIST]	= (nfsd4_enc)nfsd4_encode_noop,
3601 	[OP_LAYOUTCOMMIT]	= (nfsd4_enc)nfsd4_encode_noop,
3602 	[OP_LAYOUTGET]		= (nfsd4_enc)nfsd4_encode_noop,
3603 	[OP_LAYOUTRETURN]	= (nfsd4_enc)nfsd4_encode_noop,
3604 	[OP_SECINFO_NO_NAME]	= (nfsd4_enc)nfsd4_encode_secinfo_no_name,
3605 	[OP_SEQUENCE]		= (nfsd4_enc)nfsd4_encode_sequence,
3606 	[OP_SET_SSV]		= (nfsd4_enc)nfsd4_encode_noop,
3607 	[OP_TEST_STATEID]	= (nfsd4_enc)nfsd4_encode_test_stateid,
3608 	[OP_WANT_DELEGATION]	= (nfsd4_enc)nfsd4_encode_noop,
3609 	[OP_DESTROY_CLIENTID]	= (nfsd4_enc)nfsd4_encode_noop,
3610 	[OP_RECLAIM_COMPLETE]	= (nfsd4_enc)nfsd4_encode_noop,
3611 };
3612 
3613 /*
3614  * Calculate the total amount of memory that the compound response has taken
3615  * after encoding the current operation with pad.
3616  *
3617  * pad: if operation is non-idempotent, pad was calculate by op_rsize_bop()
3618  *      which was specified at nfsd4_operation, else pad is zero.
3619  *
3620  * Compare this length to the session se_fmaxresp_sz and se_fmaxresp_cached.
3621  *
3622  * Our se_fmaxresp_cached will always be a multiple of PAGE_SIZE, and so
3623  * will be at least a page and will therefore hold the xdr_buf head.
3624  */
3625 __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 pad)
3626 {
3627 	struct xdr_buf *xb = &resp->rqstp->rq_res;
3628 	struct nfsd4_session *session = NULL;
3629 	struct nfsd4_slot *slot = resp->cstate.slot;
3630 	u32 length, tlen = 0;
3631 
3632 	if (!nfsd4_has_session(&resp->cstate))
3633 		return 0;
3634 
3635 	session = resp->cstate.session;
3636 	if (session == NULL)
3637 		return 0;
3638 
3639 	if (xb->page_len == 0) {
3640 		length = (char *)resp->p - (char *)xb->head[0].iov_base + pad;
3641 	} else {
3642 		if (xb->tail[0].iov_base && xb->tail[0].iov_len > 0)
3643 			tlen = (char *)resp->p - (char *)xb->tail[0].iov_base;
3644 
3645 		length = xb->head[0].iov_len + xb->page_len + tlen + pad;
3646 	}
3647 	dprintk("%s length %u, xb->page_len %u tlen %u pad %u\n", __func__,
3648 		length, xb->page_len, tlen, pad);
3649 
3650 	if (length > session->se_fchannel.maxresp_sz)
3651 		return nfserr_rep_too_big;
3652 
3653 	if ((slot->sl_flags & NFSD4_SLOT_CACHETHIS) &&
3654 	    length > session->se_fchannel.maxresp_cached)
3655 		return nfserr_rep_too_big_to_cache;
3656 
3657 	return 0;
3658 }
3659 
3660 void
3661 nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3662 {
3663 	struct nfs4_stateowner *so = resp->cstate.replay_owner;
3664 	__be32 *statp;
3665 	__be32 *p;
3666 
3667 	RESERVE_SPACE(8);
3668 	WRITE32(op->opnum);
3669 	statp = p++;	/* to be backfilled at the end */
3670 	ADJUST_ARGS();
3671 
3672 	if (op->opnum == OP_ILLEGAL)
3673 		goto status;
3674 	BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
3675 	       !nfsd4_enc_ops[op->opnum]);
3676 	op->status = nfsd4_enc_ops[op->opnum](resp, op->status, &op->u);
3677 	/* nfsd4_check_drc_limit guarantees enough room for error status */
3678 	if (!op->status)
3679 		op->status = nfsd4_check_resp_size(resp, 0);
3680 	if (so) {
3681 		so->so_replay.rp_status = op->status;
3682 		so->so_replay.rp_buflen = (char *)resp->p - (char *)(statp+1);
3683 		memcpy(so->so_replay.rp_buf, statp+1, so->so_replay.rp_buflen);
3684 	}
3685 status:
3686 	/*
3687 	 * Note: We write the status directly, instead of using WRITE32(),
3688 	 * since it is already in network byte order.
3689 	 */
3690 	*statp = op->status;
3691 }
3692 
3693 /*
3694  * Encode the reply stored in the stateowner reply cache
3695  *
3696  * XDR note: do not encode rp->rp_buflen: the buffer contains the
3697  * previously sent already encoded operation.
3698  *
3699  * called with nfs4_lock_state() held
3700  */
3701 void
3702 nfsd4_encode_replay(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3703 {
3704 	__be32 *p;
3705 	struct nfs4_replay *rp = op->replay;
3706 
3707 	BUG_ON(!rp);
3708 
3709 	RESERVE_SPACE(8);
3710 	WRITE32(op->opnum);
3711 	*p++ = rp->rp_status;  /* already xdr'ed */
3712 	ADJUST_ARGS();
3713 
3714 	RESERVE_SPACE(rp->rp_buflen);
3715 	WRITEMEM(rp->rp_buf, rp->rp_buflen);
3716 	ADJUST_ARGS();
3717 }
3718 
3719 int
3720 nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
3721 {
3722         return xdr_ressize_check(rqstp, p);
3723 }
3724 
3725 int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
3726 {
3727 	struct svc_rqst *rqstp = rq;
3728 	struct nfsd4_compoundargs *args = rqstp->rq_argp;
3729 
3730 	if (args->ops != args->iops) {
3731 		kfree(args->ops);
3732 		args->ops = args->iops;
3733 	}
3734 	kfree(args->tmpp);
3735 	args->tmpp = NULL;
3736 	while (args->to_free) {
3737 		struct tmpbuf *tb = args->to_free;
3738 		args->to_free = tb->next;
3739 		tb->release(tb->buf);
3740 		kfree(tb);
3741 	}
3742 	return 1;
3743 }
3744 
3745 int
3746 nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
3747 {
3748 	args->p = p;
3749 	args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
3750 	args->pagelist = rqstp->rq_arg.pages;
3751 	args->pagelen = rqstp->rq_arg.page_len;
3752 	args->tmpp = NULL;
3753 	args->to_free = NULL;
3754 	args->ops = args->iops;
3755 	args->rqstp = rqstp;
3756 
3757 	return !nfsd4_decode_compound(args);
3758 }
3759 
3760 int
3761 nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
3762 {
3763 	/*
3764 	 * All that remains is to write the tag and operation count...
3765 	 */
3766 	struct nfsd4_compound_state *cs = &resp->cstate;
3767 	struct kvec *iov;
3768 	p = resp->tagp;
3769 	*p++ = htonl(resp->taglen);
3770 	memcpy(p, resp->tag, resp->taglen);
3771 	p += XDR_QUADLEN(resp->taglen);
3772 	*p++ = htonl(resp->opcnt);
3773 
3774 	if (rqstp->rq_res.page_len)
3775 		iov = &rqstp->rq_res.tail[0];
3776 	else
3777 		iov = &rqstp->rq_res.head[0];
3778 	iov->iov_len = ((char*)resp->p) - (char*)iov->iov_base;
3779 	BUG_ON(iov->iov_len > PAGE_SIZE);
3780 	if (nfsd4_has_session(cs)) {
3781 		struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3782 		struct nfs4_client *clp = cs->session->se_client;
3783 		if (cs->status != nfserr_replay_cache) {
3784 			nfsd4_store_cache_entry(resp);
3785 			cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
3786 		}
3787 		/* Renew the clientid on success and on replay */
3788 		spin_lock(&nn->client_lock);
3789 		nfsd4_put_session(cs->session);
3790 		spin_unlock(&nn->client_lock);
3791 		put_client_renew(clp);
3792 	}
3793 	return 1;
3794 }
3795 
3796 /*
3797  * Local variables:
3798  *  c-basic-offset: 8
3799  * End:
3800  */
3801