xref: /openbmc/linux/fs/nfsd/nfs4xdr.c (revision 97da55fc)
1 /*
2  *  Server-side XDR for NFSv4
3  *
4  *  Copyright (c) 2002 The Regents of the University of Michigan.
5  *  All rights reserved.
6  *
7  *  Kendrick Smith <kmsmith@umich.edu>
8  *  Andy Adamson   <andros@umich.edu>
9  *
10  *  Redistribution and use in source and binary forms, with or without
11  *  modification, are permitted provided that the following conditions
12  *  are met:
13  *
14  *  1. Redistributions of source code must retain the above copyright
15  *     notice, this list of conditions and the following disclaimer.
16  *  2. Redistributions in binary form must reproduce the above copyright
17  *     notice, this list of conditions and the following disclaimer in the
18  *     documentation and/or other materials provided with the distribution.
19  *  3. Neither the name of the University nor the names of its
20  *     contributors may be used to endorse or promote products derived
21  *     from this software without specific prior written permission.
22  *
23  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
24  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  *
35  * TODO: Neil Brown made the following observation:  We currently
36  * initially reserve NFSD_BUFSIZE space on the transmit queue and
37  * never release any of that until the request is complete.
38  * It would be good to calculate a new maximum response size while
39  * decoding the COMPOUND, and call svc_reserve with this number
40  * at the end of nfs4svc_decode_compoundargs.
41  */
42 
43 #include <linux/slab.h>
44 #include <linux/namei.h>
45 #include <linux/statfs.h>
46 #include <linux/utsname.h>
47 #include <linux/pagemap.h>
48 #include <linux/sunrpc/svcauth_gss.h>
49 
50 #include "idmap.h"
51 #include "acl.h"
52 #include "xdr4.h"
53 #include "vfs.h"
54 #include "state.h"
55 #include "cache.h"
56 #include "netns.h"
57 
58 #define NFSDDBG_FACILITY		NFSDDBG_XDR
59 
60 /*
61  * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
62  * directory in order to indicate to the client that a filesystem boundary is present
63  * We use a fixed fsid for a referral
64  */
65 #define NFS4_REFERRAL_FSID_MAJOR	0x8000000ULL
66 #define NFS4_REFERRAL_FSID_MINOR	0x8000000ULL
67 
68 static __be32
69 check_filename(char *str, int len)
70 {
71 	int i;
72 
73 	if (len == 0)
74 		return nfserr_inval;
75 	if (isdotent(str, len))
76 		return nfserr_badname;
77 	for (i = 0; i < len; i++)
78 		if (str[i] == '/')
79 			return nfserr_badname;
80 	return 0;
81 }
82 
83 #define DECODE_HEAD				\
84 	__be32 *p;				\
85 	__be32 status
86 #define DECODE_TAIL				\
87 	status = 0;				\
88 out:						\
89 	return status;				\
90 xdr_error:					\
91 	dprintk("NFSD: xdr error (%s:%d)\n",	\
92 			__FILE__, __LINE__);	\
93 	status = nfserr_bad_xdr;		\
94 	goto out
95 
96 #define READ32(x)         (x) = ntohl(*p++)
97 #define READ64(x)         do {			\
98 	(x) = (u64)ntohl(*p++) << 32;		\
99 	(x) |= ntohl(*p++);			\
100 } while (0)
101 #define READTIME(x)       do {			\
102 	p++;					\
103 	(x) = ntohl(*p++);			\
104 	p++;					\
105 } while (0)
106 #define READMEM(x,nbytes) do {			\
107 	x = (char *)p;				\
108 	p += XDR_QUADLEN(nbytes);		\
109 } while (0)
110 #define SAVEMEM(x,nbytes) do {			\
111 	if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
112  		savemem(argp, p, nbytes) :	\
113  		(char *)p)) {			\
114 		dprintk("NFSD: xdr error (%s:%d)\n", \
115 				__FILE__, __LINE__); \
116 		goto xdr_error;			\
117 		}				\
118 	p += XDR_QUADLEN(nbytes);		\
119 } while (0)
120 #define COPYMEM(x,nbytes) do {			\
121 	memcpy((x), p, nbytes);			\
122 	p += XDR_QUADLEN(nbytes);		\
123 } while (0)
124 
125 /* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
126 #define READ_BUF(nbytes)  do {			\
127 	if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {	\
128 		p = argp->p;			\
129 		argp->p += XDR_QUADLEN(nbytes);	\
130 	} else if (!(p = read_buf(argp, nbytes))) { \
131 		dprintk("NFSD: xdr error (%s:%d)\n", \
132 				__FILE__, __LINE__); \
133 		goto xdr_error;			\
134 	}					\
135 } while (0)
136 
137 static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
138 {
139 	/* We want more bytes than seem to be available.
140 	 * Maybe we need a new page, maybe we have just run out
141 	 */
142 	unsigned int avail = (char *)argp->end - (char *)argp->p;
143 	__be32 *p;
144 	if (avail + argp->pagelen < nbytes)
145 		return NULL;
146 	if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
147 		return NULL;
148 	/* ok, we can do it with the current plus the next page */
149 	if (nbytes <= sizeof(argp->tmp))
150 		p = argp->tmp;
151 	else {
152 		kfree(argp->tmpp);
153 		p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
154 		if (!p)
155 			return NULL;
156 
157 	}
158 	/*
159 	 * The following memcpy is safe because read_buf is always
160 	 * called with nbytes > avail, and the two cases above both
161 	 * guarantee p points to at least nbytes bytes.
162 	 */
163 	memcpy(p, argp->p, avail);
164 	/* step to next page */
165 	argp->p = page_address(argp->pagelist[0]);
166 	argp->pagelist++;
167 	if (argp->pagelen < PAGE_SIZE) {
168 		argp->end = argp->p + (argp->pagelen>>2);
169 		argp->pagelen = 0;
170 	} else {
171 		argp->end = argp->p + (PAGE_SIZE>>2);
172 		argp->pagelen -= PAGE_SIZE;
173 	}
174 	memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
175 	argp->p += XDR_QUADLEN(nbytes - avail);
176 	return p;
177 }
178 
179 static int zero_clientid(clientid_t *clid)
180 {
181 	return (clid->cl_boot == 0) && (clid->cl_id == 0);
182 }
183 
184 static int
185 defer_free(struct nfsd4_compoundargs *argp,
186 		void (*release)(const void *), void *p)
187 {
188 	struct tmpbuf *tb;
189 
190 	tb = kmalloc(sizeof(*tb), GFP_KERNEL);
191 	if (!tb)
192 		return -ENOMEM;
193 	tb->buf = p;
194 	tb->release = release;
195 	tb->next = argp->to_free;
196 	argp->to_free = tb;
197 	return 0;
198 }
199 
200 static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
201 {
202 	if (p == argp->tmp) {
203 		p = kmemdup(argp->tmp, nbytes, GFP_KERNEL);
204 		if (!p)
205 			return NULL;
206 	} else {
207 		BUG_ON(p != argp->tmpp);
208 		argp->tmpp = NULL;
209 	}
210 	if (defer_free(argp, kfree, p)) {
211 		kfree(p);
212 		return NULL;
213 	} else
214 		return (char *)p;
215 }
216 
217 static __be32
218 nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
219 {
220 	u32 bmlen;
221 	DECODE_HEAD;
222 
223 	bmval[0] = 0;
224 	bmval[1] = 0;
225 	bmval[2] = 0;
226 
227 	READ_BUF(4);
228 	READ32(bmlen);
229 	if (bmlen > 1000)
230 		goto xdr_error;
231 
232 	READ_BUF(bmlen << 2);
233 	if (bmlen > 0)
234 		READ32(bmval[0]);
235 	if (bmlen > 1)
236 		READ32(bmval[1]);
237 	if (bmlen > 2)
238 		READ32(bmval[2]);
239 
240 	DECODE_TAIL;
241 }
242 
243 static __be32
244 nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
245 		   struct iattr *iattr, struct nfs4_acl **acl)
246 {
247 	int expected_len, len = 0;
248 	u32 dummy32;
249 	char *buf;
250 	int host_err;
251 
252 	DECODE_HEAD;
253 	iattr->ia_valid = 0;
254 	if ((status = nfsd4_decode_bitmap(argp, bmval)))
255 		return status;
256 
257 	READ_BUF(4);
258 	READ32(expected_len);
259 
260 	if (bmval[0] & FATTR4_WORD0_SIZE) {
261 		READ_BUF(8);
262 		len += 8;
263 		READ64(iattr->ia_size);
264 		iattr->ia_valid |= ATTR_SIZE;
265 	}
266 	if (bmval[0] & FATTR4_WORD0_ACL) {
267 		int nace;
268 		struct nfs4_ace *ace;
269 
270 		READ_BUF(4); len += 4;
271 		READ32(nace);
272 
273 		if (nace > NFS4_ACL_MAX)
274 			return nfserr_resource;
275 
276 		*acl = nfs4_acl_new(nace);
277 		if (*acl == NULL) {
278 			host_err = -ENOMEM;
279 			goto out_nfserr;
280 		}
281 		defer_free(argp, kfree, *acl);
282 
283 		(*acl)->naces = nace;
284 		for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
285 			READ_BUF(16); len += 16;
286 			READ32(ace->type);
287 			READ32(ace->flag);
288 			READ32(ace->access_mask);
289 			READ32(dummy32);
290 			READ_BUF(dummy32);
291 			len += XDR_QUADLEN(dummy32) << 2;
292 			READMEM(buf, dummy32);
293 			ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
294 			status = nfs_ok;
295 			if (ace->whotype != NFS4_ACL_WHO_NAMED)
296 				;
297 			else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
298 				status = nfsd_map_name_to_gid(argp->rqstp,
299 						buf, dummy32, &ace->who_gid);
300 			else
301 				status = nfsd_map_name_to_uid(argp->rqstp,
302 						buf, dummy32, &ace->who_uid);
303 			if (status)
304 				return status;
305 		}
306 	} else
307 		*acl = NULL;
308 	if (bmval[1] & FATTR4_WORD1_MODE) {
309 		READ_BUF(4);
310 		len += 4;
311 		READ32(iattr->ia_mode);
312 		iattr->ia_mode &= (S_IFMT | S_IALLUGO);
313 		iattr->ia_valid |= ATTR_MODE;
314 	}
315 	if (bmval[1] & FATTR4_WORD1_OWNER) {
316 		READ_BUF(4);
317 		len += 4;
318 		READ32(dummy32);
319 		READ_BUF(dummy32);
320 		len += (XDR_QUADLEN(dummy32) << 2);
321 		READMEM(buf, dummy32);
322 		if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
323 			return status;
324 		iattr->ia_valid |= ATTR_UID;
325 	}
326 	if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
327 		READ_BUF(4);
328 		len += 4;
329 		READ32(dummy32);
330 		READ_BUF(dummy32);
331 		len += (XDR_QUADLEN(dummy32) << 2);
332 		READMEM(buf, dummy32);
333 		if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
334 			return status;
335 		iattr->ia_valid |= ATTR_GID;
336 	}
337 	if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
338 		READ_BUF(4);
339 		len += 4;
340 		READ32(dummy32);
341 		switch (dummy32) {
342 		case NFS4_SET_TO_CLIENT_TIME:
343 			/* We require the high 32 bits of 'seconds' to be 0, and we ignore
344 			   all 32 bits of 'nseconds'. */
345 			READ_BUF(12);
346 			len += 12;
347 			READ32(dummy32);
348 			if (dummy32)
349 				return nfserr_inval;
350 			READ32(iattr->ia_atime.tv_sec);
351 			READ32(iattr->ia_atime.tv_nsec);
352 			if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
353 				return nfserr_inval;
354 			iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
355 			break;
356 		case NFS4_SET_TO_SERVER_TIME:
357 			iattr->ia_valid |= ATTR_ATIME;
358 			break;
359 		default:
360 			goto xdr_error;
361 		}
362 	}
363 	if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
364 		READ_BUF(4);
365 		len += 4;
366 		READ32(dummy32);
367 		switch (dummy32) {
368 		case NFS4_SET_TO_CLIENT_TIME:
369 			/* We require the high 32 bits of 'seconds' to be 0, and we ignore
370 			   all 32 bits of 'nseconds'. */
371 			READ_BUF(12);
372 			len += 12;
373 			READ32(dummy32);
374 			if (dummy32)
375 				return nfserr_inval;
376 			READ32(iattr->ia_mtime.tv_sec);
377 			READ32(iattr->ia_mtime.tv_nsec);
378 			if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
379 				return nfserr_inval;
380 			iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
381 			break;
382 		case NFS4_SET_TO_SERVER_TIME:
383 			iattr->ia_valid |= ATTR_MTIME;
384 			break;
385 		default:
386 			goto xdr_error;
387 		}
388 	}
389 	if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
390 	    || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
391 	    || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2)
392 		READ_BUF(expected_len - len);
393 	else if (len != expected_len)
394 		goto xdr_error;
395 
396 	DECODE_TAIL;
397 
398 out_nfserr:
399 	status = nfserrno(host_err);
400 	goto out;
401 }
402 
403 static __be32
404 nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
405 {
406 	DECODE_HEAD;
407 
408 	READ_BUF(sizeof(stateid_t));
409 	READ32(sid->si_generation);
410 	COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
411 
412 	DECODE_TAIL;
413 }
414 
415 static __be32
416 nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
417 {
418 	DECODE_HEAD;
419 
420 	READ_BUF(4);
421 	READ32(access->ac_req_access);
422 
423 	DECODE_TAIL;
424 }
425 
426 static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
427 {
428 	DECODE_HEAD;
429 	u32 dummy, uid, gid;
430 	char *machine_name;
431 	int i;
432 	int nr_secflavs;
433 
434 	/* callback_sec_params4 */
435 	READ_BUF(4);
436 	READ32(nr_secflavs);
437 	cbs->flavor = (u32)(-1);
438 	for (i = 0; i < nr_secflavs; ++i) {
439 		READ_BUF(4);
440 		READ32(dummy);
441 		switch (dummy) {
442 		case RPC_AUTH_NULL:
443 			/* Nothing to read */
444 			if (cbs->flavor == (u32)(-1))
445 				cbs->flavor = RPC_AUTH_NULL;
446 			break;
447 		case RPC_AUTH_UNIX:
448 			READ_BUF(8);
449 			/* stamp */
450 			READ32(dummy);
451 
452 			/* machine name */
453 			READ32(dummy);
454 			READ_BUF(dummy);
455 			SAVEMEM(machine_name, dummy);
456 
457 			/* uid, gid */
458 			READ_BUF(8);
459 			READ32(uid);
460 			READ32(gid);
461 
462 			/* more gids */
463 			READ_BUF(4);
464 			READ32(dummy);
465 			READ_BUF(dummy * 4);
466 			if (cbs->flavor == (u32)(-1)) {
467 				kuid_t kuid = make_kuid(&init_user_ns, uid);
468 				kgid_t kgid = make_kgid(&init_user_ns, gid);
469 				if (uid_valid(kuid) && gid_valid(kgid)) {
470 					cbs->uid = kuid;
471 					cbs->gid = kgid;
472 					cbs->flavor = RPC_AUTH_UNIX;
473 				} else {
474 					dprintk("RPC_AUTH_UNIX with invalid"
475 						"uid or gid ignoring!\n");
476 				}
477 			}
478 			break;
479 		case RPC_AUTH_GSS:
480 			dprintk("RPC_AUTH_GSS callback secflavor "
481 				"not supported!\n");
482 			READ_BUF(8);
483 			/* gcbp_service */
484 			READ32(dummy);
485 			/* gcbp_handle_from_server */
486 			READ32(dummy);
487 			READ_BUF(dummy);
488 			p += XDR_QUADLEN(dummy);
489 			/* gcbp_handle_from_client */
490 			READ_BUF(4);
491 			READ32(dummy);
492 			READ_BUF(dummy);
493 			break;
494 		default:
495 			dprintk("Illegal callback secflavor\n");
496 			return nfserr_inval;
497 		}
498 	}
499 	DECODE_TAIL;
500 }
501 
502 static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
503 {
504 	DECODE_HEAD;
505 
506 	READ_BUF(4);
507 	READ32(bc->bc_cb_program);
508 	nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
509 
510 	DECODE_TAIL;
511 }
512 
513 static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
514 {
515 	DECODE_HEAD;
516 
517 	READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
518 	COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
519 	READ32(bcts->dir);
520 	/* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
521 	 * could help us figure out we should be using it. */
522 	DECODE_TAIL;
523 }
524 
525 static __be32
526 nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
527 {
528 	DECODE_HEAD;
529 
530 	READ_BUF(4);
531 	READ32(close->cl_seqid);
532 	return nfsd4_decode_stateid(argp, &close->cl_stateid);
533 
534 	DECODE_TAIL;
535 }
536 
537 
538 static __be32
539 nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
540 {
541 	DECODE_HEAD;
542 
543 	READ_BUF(12);
544 	READ64(commit->co_offset);
545 	READ32(commit->co_count);
546 
547 	DECODE_TAIL;
548 }
549 
550 static __be32
551 nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
552 {
553 	DECODE_HEAD;
554 
555 	READ_BUF(4);
556 	READ32(create->cr_type);
557 	switch (create->cr_type) {
558 	case NF4LNK:
559 		READ_BUF(4);
560 		READ32(create->cr_linklen);
561 		READ_BUF(create->cr_linklen);
562 		SAVEMEM(create->cr_linkname, create->cr_linklen);
563 		break;
564 	case NF4BLK:
565 	case NF4CHR:
566 		READ_BUF(8);
567 		READ32(create->cr_specdata1);
568 		READ32(create->cr_specdata2);
569 		break;
570 	case NF4SOCK:
571 	case NF4FIFO:
572 	case NF4DIR:
573 	default:
574 		break;
575 	}
576 
577 	READ_BUF(4);
578 	READ32(create->cr_namelen);
579 	READ_BUF(create->cr_namelen);
580 	SAVEMEM(create->cr_name, create->cr_namelen);
581 	if ((status = check_filename(create->cr_name, create->cr_namelen)))
582 		return status;
583 
584 	status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
585 				    &create->cr_acl);
586 	if (status)
587 		goto out;
588 
589 	DECODE_TAIL;
590 }
591 
592 static inline __be32
593 nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
594 {
595 	return nfsd4_decode_stateid(argp, &dr->dr_stateid);
596 }
597 
598 static inline __be32
599 nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
600 {
601 	return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
602 }
603 
604 static __be32
605 nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
606 {
607 	DECODE_HEAD;
608 
609 	READ_BUF(4);
610 	READ32(link->li_namelen);
611 	READ_BUF(link->li_namelen);
612 	SAVEMEM(link->li_name, link->li_namelen);
613 	if ((status = check_filename(link->li_name, link->li_namelen)))
614 		return status;
615 
616 	DECODE_TAIL;
617 }
618 
619 static __be32
620 nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
621 {
622 	DECODE_HEAD;
623 
624 	/*
625 	* type, reclaim(boolean), offset, length, new_lock_owner(boolean)
626 	*/
627 	READ_BUF(28);
628 	READ32(lock->lk_type);
629 	if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
630 		goto xdr_error;
631 	READ32(lock->lk_reclaim);
632 	READ64(lock->lk_offset);
633 	READ64(lock->lk_length);
634 	READ32(lock->lk_is_new);
635 
636 	if (lock->lk_is_new) {
637 		READ_BUF(4);
638 		READ32(lock->lk_new_open_seqid);
639 		status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
640 		if (status)
641 			return status;
642 		READ_BUF(8 + sizeof(clientid_t));
643 		READ32(lock->lk_new_lock_seqid);
644 		COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
645 		READ32(lock->lk_new_owner.len);
646 		READ_BUF(lock->lk_new_owner.len);
647 		READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
648 	} else {
649 		status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
650 		if (status)
651 			return status;
652 		READ_BUF(4);
653 		READ32(lock->lk_old_lock_seqid);
654 	}
655 
656 	DECODE_TAIL;
657 }
658 
659 static __be32
660 nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
661 {
662 	DECODE_HEAD;
663 
664 	READ_BUF(32);
665 	READ32(lockt->lt_type);
666 	if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
667 		goto xdr_error;
668 	READ64(lockt->lt_offset);
669 	READ64(lockt->lt_length);
670 	COPYMEM(&lockt->lt_clientid, 8);
671 	READ32(lockt->lt_owner.len);
672 	READ_BUF(lockt->lt_owner.len);
673 	READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
674 
675 	DECODE_TAIL;
676 }
677 
678 static __be32
679 nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
680 {
681 	DECODE_HEAD;
682 
683 	READ_BUF(8);
684 	READ32(locku->lu_type);
685 	if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
686 		goto xdr_error;
687 	READ32(locku->lu_seqid);
688 	status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
689 	if (status)
690 		return status;
691 	READ_BUF(16);
692 	READ64(locku->lu_offset);
693 	READ64(locku->lu_length);
694 
695 	DECODE_TAIL;
696 }
697 
698 static __be32
699 nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
700 {
701 	DECODE_HEAD;
702 
703 	READ_BUF(4);
704 	READ32(lookup->lo_len);
705 	READ_BUF(lookup->lo_len);
706 	SAVEMEM(lookup->lo_name, lookup->lo_len);
707 	if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
708 		return status;
709 
710 	DECODE_TAIL;
711 }
712 
713 static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
714 {
715 	__be32 *p;
716 	u32 w;
717 
718 	READ_BUF(4);
719 	READ32(w);
720 	*share_access = w & NFS4_SHARE_ACCESS_MASK;
721 	*deleg_want = w & NFS4_SHARE_WANT_MASK;
722 	if (deleg_when)
723 		*deleg_when = w & NFS4_SHARE_WHEN_MASK;
724 
725 	switch (w & NFS4_SHARE_ACCESS_MASK) {
726 	case NFS4_SHARE_ACCESS_READ:
727 	case NFS4_SHARE_ACCESS_WRITE:
728 	case NFS4_SHARE_ACCESS_BOTH:
729 		break;
730 	default:
731 		return nfserr_bad_xdr;
732 	}
733 	w &= ~NFS4_SHARE_ACCESS_MASK;
734 	if (!w)
735 		return nfs_ok;
736 	if (!argp->minorversion)
737 		return nfserr_bad_xdr;
738 	switch (w & NFS4_SHARE_WANT_MASK) {
739 	case NFS4_SHARE_WANT_NO_PREFERENCE:
740 	case NFS4_SHARE_WANT_READ_DELEG:
741 	case NFS4_SHARE_WANT_WRITE_DELEG:
742 	case NFS4_SHARE_WANT_ANY_DELEG:
743 	case NFS4_SHARE_WANT_NO_DELEG:
744 	case NFS4_SHARE_WANT_CANCEL:
745 		break;
746 	default:
747 		return nfserr_bad_xdr;
748 	}
749 	w &= ~NFS4_SHARE_WANT_MASK;
750 	if (!w)
751 		return nfs_ok;
752 
753 	if (!deleg_when)	/* open_downgrade */
754 		return nfserr_inval;
755 	switch (w) {
756 	case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
757 	case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
758 	case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
759 	      NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
760 		return nfs_ok;
761 	}
762 xdr_error:
763 	return nfserr_bad_xdr;
764 }
765 
766 static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
767 {
768 	__be32 *p;
769 
770 	READ_BUF(4);
771 	READ32(*x);
772 	/* Note: unlinke access bits, deny bits may be zero. */
773 	if (*x & ~NFS4_SHARE_DENY_BOTH)
774 		return nfserr_bad_xdr;
775 	return nfs_ok;
776 xdr_error:
777 	return nfserr_bad_xdr;
778 }
779 
780 static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
781 {
782 	__be32 *p;
783 
784 	READ_BUF(4);
785 	READ32(o->len);
786 
787 	if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
788 		return nfserr_bad_xdr;
789 
790 	READ_BUF(o->len);
791 	SAVEMEM(o->data, o->len);
792 	return nfs_ok;
793 xdr_error:
794 	return nfserr_bad_xdr;
795 }
796 
797 static __be32
798 nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
799 {
800 	DECODE_HEAD;
801 	u32 dummy;
802 
803 	memset(open->op_bmval, 0, sizeof(open->op_bmval));
804 	open->op_iattr.ia_valid = 0;
805 	open->op_openowner = NULL;
806 
807 	/* seqid, share_access, share_deny, clientid, ownerlen */
808 	READ_BUF(4);
809 	READ32(open->op_seqid);
810 	/* decode, yet ignore deleg_when until supported */
811 	status = nfsd4_decode_share_access(argp, &open->op_share_access,
812 					   &open->op_deleg_want, &dummy);
813 	if (status)
814 		goto xdr_error;
815 	status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
816 	if (status)
817 		goto xdr_error;
818 	READ_BUF(sizeof(clientid_t));
819 	COPYMEM(&open->op_clientid, sizeof(clientid_t));
820 	status = nfsd4_decode_opaque(argp, &open->op_owner);
821 	if (status)
822 		goto xdr_error;
823 	READ_BUF(4);
824 	READ32(open->op_create);
825 	switch (open->op_create) {
826 	case NFS4_OPEN_NOCREATE:
827 		break;
828 	case NFS4_OPEN_CREATE:
829 		READ_BUF(4);
830 		READ32(open->op_createmode);
831 		switch (open->op_createmode) {
832 		case NFS4_CREATE_UNCHECKED:
833 		case NFS4_CREATE_GUARDED:
834 			status = nfsd4_decode_fattr(argp, open->op_bmval,
835 				&open->op_iattr, &open->op_acl);
836 			if (status)
837 				goto out;
838 			break;
839 		case NFS4_CREATE_EXCLUSIVE:
840 			READ_BUF(NFS4_VERIFIER_SIZE);
841 			COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
842 			break;
843 		case NFS4_CREATE_EXCLUSIVE4_1:
844 			if (argp->minorversion < 1)
845 				goto xdr_error;
846 			READ_BUF(NFS4_VERIFIER_SIZE);
847 			COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
848 			status = nfsd4_decode_fattr(argp, open->op_bmval,
849 				&open->op_iattr, &open->op_acl);
850 			if (status)
851 				goto out;
852 			break;
853 		default:
854 			goto xdr_error;
855 		}
856 		break;
857 	default:
858 		goto xdr_error;
859 	}
860 
861 	/* open_claim */
862 	READ_BUF(4);
863 	READ32(open->op_claim_type);
864 	switch (open->op_claim_type) {
865 	case NFS4_OPEN_CLAIM_NULL:
866 	case NFS4_OPEN_CLAIM_DELEGATE_PREV:
867 		READ_BUF(4);
868 		READ32(open->op_fname.len);
869 		READ_BUF(open->op_fname.len);
870 		SAVEMEM(open->op_fname.data, open->op_fname.len);
871 		if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
872 			return status;
873 		break;
874 	case NFS4_OPEN_CLAIM_PREVIOUS:
875 		READ_BUF(4);
876 		READ32(open->op_delegate_type);
877 		break;
878 	case NFS4_OPEN_CLAIM_DELEGATE_CUR:
879 		status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
880 		if (status)
881 			return status;
882 		READ_BUF(4);
883 		READ32(open->op_fname.len);
884 		READ_BUF(open->op_fname.len);
885 		SAVEMEM(open->op_fname.data, open->op_fname.len);
886 		if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
887 			return status;
888 		break;
889 	case NFS4_OPEN_CLAIM_FH:
890 	case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
891 		if (argp->minorversion < 1)
892 			goto xdr_error;
893 		/* void */
894 		break;
895 	case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
896 		if (argp->minorversion < 1)
897 			goto xdr_error;
898 		status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
899 		if (status)
900 			return status;
901 		break;
902 	default:
903 		goto xdr_error;
904 	}
905 
906 	DECODE_TAIL;
907 }
908 
909 static __be32
910 nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
911 {
912 	DECODE_HEAD;
913 
914 	status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
915 	if (status)
916 		return status;
917 	READ_BUF(4);
918 	READ32(open_conf->oc_seqid);
919 
920 	DECODE_TAIL;
921 }
922 
923 static __be32
924 nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
925 {
926 	DECODE_HEAD;
927 
928 	status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
929 	if (status)
930 		return status;
931 	READ_BUF(4);
932 	READ32(open_down->od_seqid);
933 	status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
934 					   &open_down->od_deleg_want, NULL);
935 	if (status)
936 		return status;
937 	status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
938 	if (status)
939 		return status;
940 	DECODE_TAIL;
941 }
942 
943 static __be32
944 nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
945 {
946 	DECODE_HEAD;
947 
948 	READ_BUF(4);
949 	READ32(putfh->pf_fhlen);
950 	if (putfh->pf_fhlen > NFS4_FHSIZE)
951 		goto xdr_error;
952 	READ_BUF(putfh->pf_fhlen);
953 	SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
954 
955 	DECODE_TAIL;
956 }
957 
958 static __be32
959 nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
960 {
961 	DECODE_HEAD;
962 
963 	status = nfsd4_decode_stateid(argp, &read->rd_stateid);
964 	if (status)
965 		return status;
966 	READ_BUF(12);
967 	READ64(read->rd_offset);
968 	READ32(read->rd_length);
969 
970 	DECODE_TAIL;
971 }
972 
973 static __be32
974 nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
975 {
976 	DECODE_HEAD;
977 
978 	READ_BUF(24);
979 	READ64(readdir->rd_cookie);
980 	COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
981 	READ32(readdir->rd_dircount);    /* just in case you needed a useless field... */
982 	READ32(readdir->rd_maxcount);
983 	if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
984 		goto out;
985 
986 	DECODE_TAIL;
987 }
988 
989 static __be32
990 nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
991 {
992 	DECODE_HEAD;
993 
994 	READ_BUF(4);
995 	READ32(remove->rm_namelen);
996 	READ_BUF(remove->rm_namelen);
997 	SAVEMEM(remove->rm_name, remove->rm_namelen);
998 	if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
999 		return status;
1000 
1001 	DECODE_TAIL;
1002 }
1003 
1004 static __be32
1005 nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1006 {
1007 	DECODE_HEAD;
1008 
1009 	READ_BUF(4);
1010 	READ32(rename->rn_snamelen);
1011 	READ_BUF(rename->rn_snamelen + 4);
1012 	SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1013 	READ32(rename->rn_tnamelen);
1014 	READ_BUF(rename->rn_tnamelen);
1015 	SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1016 	if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1017 		return status;
1018 	if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1019 		return status;
1020 
1021 	DECODE_TAIL;
1022 }
1023 
1024 static __be32
1025 nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1026 {
1027 	DECODE_HEAD;
1028 
1029 	READ_BUF(sizeof(clientid_t));
1030 	COPYMEM(clientid, sizeof(clientid_t));
1031 
1032 	DECODE_TAIL;
1033 }
1034 
1035 static __be32
1036 nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1037 		     struct nfsd4_secinfo *secinfo)
1038 {
1039 	DECODE_HEAD;
1040 
1041 	READ_BUF(4);
1042 	READ32(secinfo->si_namelen);
1043 	READ_BUF(secinfo->si_namelen);
1044 	SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1045 	status = check_filename(secinfo->si_name, secinfo->si_namelen);
1046 	if (status)
1047 		return status;
1048 	DECODE_TAIL;
1049 }
1050 
1051 static __be32
1052 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1053 		     struct nfsd4_secinfo_no_name *sin)
1054 {
1055 	DECODE_HEAD;
1056 
1057 	READ_BUF(4);
1058 	READ32(sin->sin_style);
1059 	DECODE_TAIL;
1060 }
1061 
1062 static __be32
1063 nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1064 {
1065 	__be32 status;
1066 
1067 	status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1068 	if (status)
1069 		return status;
1070 	return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1071 				  &setattr->sa_acl);
1072 }
1073 
1074 static __be32
1075 nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1076 {
1077 	DECODE_HEAD;
1078 
1079 	READ_BUF(NFS4_VERIFIER_SIZE);
1080 	COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1081 
1082 	status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1083 	if (status)
1084 		return nfserr_bad_xdr;
1085 	READ_BUF(8);
1086 	READ32(setclientid->se_callback_prog);
1087 	READ32(setclientid->se_callback_netid_len);
1088 
1089 	READ_BUF(setclientid->se_callback_netid_len + 4);
1090 	SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1091 	READ32(setclientid->se_callback_addr_len);
1092 
1093 	READ_BUF(setclientid->se_callback_addr_len + 4);
1094 	SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1095 	READ32(setclientid->se_callback_ident);
1096 
1097 	DECODE_TAIL;
1098 }
1099 
1100 static __be32
1101 nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1102 {
1103 	DECODE_HEAD;
1104 
1105 	READ_BUF(8 + NFS4_VERIFIER_SIZE);
1106 	COPYMEM(&scd_c->sc_clientid, 8);
1107 	COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1108 
1109 	DECODE_TAIL;
1110 }
1111 
1112 /* Also used for NVERIFY */
1113 static __be32
1114 nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1115 {
1116 	DECODE_HEAD;
1117 
1118 	if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1119 		goto out;
1120 
1121 	/* For convenience's sake, we compare raw xdr'd attributes in
1122 	 * nfsd4_proc_verify */
1123 
1124 	READ_BUF(4);
1125 	READ32(verify->ve_attrlen);
1126 	READ_BUF(verify->ve_attrlen);
1127 	SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1128 
1129 	DECODE_TAIL;
1130 }
1131 
1132 static __be32
1133 nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1134 {
1135 	int avail;
1136 	int len;
1137 	DECODE_HEAD;
1138 
1139 	status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1140 	if (status)
1141 		return status;
1142 	READ_BUF(16);
1143 	READ64(write->wr_offset);
1144 	READ32(write->wr_stable_how);
1145 	if (write->wr_stable_how > 2)
1146 		goto xdr_error;
1147 	READ32(write->wr_buflen);
1148 
1149 	/* Sorry .. no magic macros for this.. *
1150 	 * READ_BUF(write->wr_buflen);
1151 	 * SAVEMEM(write->wr_buf, write->wr_buflen);
1152 	 */
1153 	avail = (char*)argp->end - (char*)argp->p;
1154 	if (avail + argp->pagelen < write->wr_buflen) {
1155 		dprintk("NFSD: xdr error (%s:%d)\n",
1156 				__FILE__, __LINE__);
1157 		goto xdr_error;
1158 	}
1159 	write->wr_head.iov_base = p;
1160 	write->wr_head.iov_len = avail;
1161 	WARN_ON(avail != (XDR_QUADLEN(avail) << 2));
1162 	write->wr_pagelist = argp->pagelist;
1163 
1164 	len = XDR_QUADLEN(write->wr_buflen) << 2;
1165 	if (len >= avail) {
1166 		int pages;
1167 
1168 		len -= avail;
1169 
1170 		pages = len >> PAGE_SHIFT;
1171 		argp->pagelist += pages;
1172 		argp->pagelen -= pages * PAGE_SIZE;
1173 		len -= pages * PAGE_SIZE;
1174 
1175 		argp->p = (__be32 *)page_address(argp->pagelist[0]);
1176 		argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
1177 	}
1178 	argp->p += XDR_QUADLEN(len);
1179 
1180 	DECODE_TAIL;
1181 }
1182 
1183 static __be32
1184 nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1185 {
1186 	DECODE_HEAD;
1187 
1188 	READ_BUF(12);
1189 	COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1190 	READ32(rlockowner->rl_owner.len);
1191 	READ_BUF(rlockowner->rl_owner.len);
1192 	READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1193 
1194 	if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1195 		return nfserr_inval;
1196 	DECODE_TAIL;
1197 }
1198 
1199 static __be32
1200 nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1201 			 struct nfsd4_exchange_id *exid)
1202 {
1203 	int dummy, tmp;
1204 	DECODE_HEAD;
1205 
1206 	READ_BUF(NFS4_VERIFIER_SIZE);
1207 	COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1208 
1209 	status = nfsd4_decode_opaque(argp, &exid->clname);
1210 	if (status)
1211 		return nfserr_bad_xdr;
1212 
1213 	READ_BUF(4);
1214 	READ32(exid->flags);
1215 
1216 	/* Ignore state_protect4_a */
1217 	READ_BUF(4);
1218 	READ32(exid->spa_how);
1219 	switch (exid->spa_how) {
1220 	case SP4_NONE:
1221 		break;
1222 	case SP4_MACH_CRED:
1223 		/* spo_must_enforce */
1224 		READ_BUF(4);
1225 		READ32(dummy);
1226 		READ_BUF(dummy * 4);
1227 		p += dummy;
1228 
1229 		/* spo_must_allow */
1230 		READ_BUF(4);
1231 		READ32(dummy);
1232 		READ_BUF(dummy * 4);
1233 		p += dummy;
1234 		break;
1235 	case SP4_SSV:
1236 		/* ssp_ops */
1237 		READ_BUF(4);
1238 		READ32(dummy);
1239 		READ_BUF(dummy * 4);
1240 		p += dummy;
1241 
1242 		READ_BUF(4);
1243 		READ32(dummy);
1244 		READ_BUF(dummy * 4);
1245 		p += dummy;
1246 
1247 		/* ssp_hash_algs<> */
1248 		READ_BUF(4);
1249 		READ32(tmp);
1250 		while (tmp--) {
1251 			READ_BUF(4);
1252 			READ32(dummy);
1253 			READ_BUF(dummy);
1254 			p += XDR_QUADLEN(dummy);
1255 		}
1256 
1257 		/* ssp_encr_algs<> */
1258 		READ_BUF(4);
1259 		READ32(tmp);
1260 		while (tmp--) {
1261 			READ_BUF(4);
1262 			READ32(dummy);
1263 			READ_BUF(dummy);
1264 			p += XDR_QUADLEN(dummy);
1265 		}
1266 
1267 		/* ssp_window and ssp_num_gss_handles */
1268 		READ_BUF(8);
1269 		READ32(dummy);
1270 		READ32(dummy);
1271 		break;
1272 	default:
1273 		goto xdr_error;
1274 	}
1275 
1276 	/* Ignore Implementation ID */
1277 	READ_BUF(4);    /* nfs_impl_id4 array length */
1278 	READ32(dummy);
1279 
1280 	if (dummy > 1)
1281 		goto xdr_error;
1282 
1283 	if (dummy == 1) {
1284 		/* nii_domain */
1285 		READ_BUF(4);
1286 		READ32(dummy);
1287 		READ_BUF(dummy);
1288 		p += XDR_QUADLEN(dummy);
1289 
1290 		/* nii_name */
1291 		READ_BUF(4);
1292 		READ32(dummy);
1293 		READ_BUF(dummy);
1294 		p += XDR_QUADLEN(dummy);
1295 
1296 		/* nii_date */
1297 		READ_BUF(12);
1298 		p += 3;
1299 	}
1300 	DECODE_TAIL;
1301 }
1302 
1303 static __be32
1304 nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1305 			    struct nfsd4_create_session *sess)
1306 {
1307 	DECODE_HEAD;
1308 	u32 dummy;
1309 
1310 	READ_BUF(16);
1311 	COPYMEM(&sess->clientid, 8);
1312 	READ32(sess->seqid);
1313 	READ32(sess->flags);
1314 
1315 	/* Fore channel attrs */
1316 	READ_BUF(28);
1317 	READ32(dummy); /* headerpadsz is always 0 */
1318 	READ32(sess->fore_channel.maxreq_sz);
1319 	READ32(sess->fore_channel.maxresp_sz);
1320 	READ32(sess->fore_channel.maxresp_cached);
1321 	READ32(sess->fore_channel.maxops);
1322 	READ32(sess->fore_channel.maxreqs);
1323 	READ32(sess->fore_channel.nr_rdma_attrs);
1324 	if (sess->fore_channel.nr_rdma_attrs == 1) {
1325 		READ_BUF(4);
1326 		READ32(sess->fore_channel.rdma_attrs);
1327 	} else if (sess->fore_channel.nr_rdma_attrs > 1) {
1328 		dprintk("Too many fore channel attr bitmaps!\n");
1329 		goto xdr_error;
1330 	}
1331 
1332 	/* Back channel attrs */
1333 	READ_BUF(28);
1334 	READ32(dummy); /* headerpadsz is always 0 */
1335 	READ32(sess->back_channel.maxreq_sz);
1336 	READ32(sess->back_channel.maxresp_sz);
1337 	READ32(sess->back_channel.maxresp_cached);
1338 	READ32(sess->back_channel.maxops);
1339 	READ32(sess->back_channel.maxreqs);
1340 	READ32(sess->back_channel.nr_rdma_attrs);
1341 	if (sess->back_channel.nr_rdma_attrs == 1) {
1342 		READ_BUF(4);
1343 		READ32(sess->back_channel.rdma_attrs);
1344 	} else if (sess->back_channel.nr_rdma_attrs > 1) {
1345 		dprintk("Too many back channel attr bitmaps!\n");
1346 		goto xdr_error;
1347 	}
1348 
1349 	READ_BUF(4);
1350 	READ32(sess->callback_prog);
1351 	nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1352 	DECODE_TAIL;
1353 }
1354 
1355 static __be32
1356 nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1357 			     struct nfsd4_destroy_session *destroy_session)
1358 {
1359 	DECODE_HEAD;
1360 	READ_BUF(NFS4_MAX_SESSIONID_LEN);
1361 	COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1362 
1363 	DECODE_TAIL;
1364 }
1365 
1366 static __be32
1367 nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1368 			  struct nfsd4_free_stateid *free_stateid)
1369 {
1370 	DECODE_HEAD;
1371 
1372 	READ_BUF(sizeof(stateid_t));
1373 	READ32(free_stateid->fr_stateid.si_generation);
1374 	COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1375 
1376 	DECODE_TAIL;
1377 }
1378 
1379 static __be32
1380 nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1381 		      struct nfsd4_sequence *seq)
1382 {
1383 	DECODE_HEAD;
1384 
1385 	READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1386 	COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1387 	READ32(seq->seqid);
1388 	READ32(seq->slotid);
1389 	READ32(seq->maxslots);
1390 	READ32(seq->cachethis);
1391 
1392 	DECODE_TAIL;
1393 }
1394 
1395 static __be32
1396 nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1397 {
1398 	int i;
1399 	__be32 *p, status;
1400 	struct nfsd4_test_stateid_id *stateid;
1401 
1402 	READ_BUF(4);
1403 	test_stateid->ts_num_ids = ntohl(*p++);
1404 
1405 	INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1406 
1407 	for (i = 0; i < test_stateid->ts_num_ids; i++) {
1408 		stateid = kmalloc(sizeof(struct nfsd4_test_stateid_id), GFP_KERNEL);
1409 		if (!stateid) {
1410 			status = nfserrno(-ENOMEM);
1411 			goto out;
1412 		}
1413 
1414 		defer_free(argp, kfree, stateid);
1415 		INIT_LIST_HEAD(&stateid->ts_id_list);
1416 		list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1417 
1418 		status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1419 		if (status)
1420 			goto out;
1421 	}
1422 
1423 	status = 0;
1424 out:
1425 	return status;
1426 xdr_error:
1427 	dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1428 	status = nfserr_bad_xdr;
1429 	goto out;
1430 }
1431 
1432 static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1433 {
1434 	DECODE_HEAD;
1435 
1436 	READ_BUF(8);
1437 	COPYMEM(&dc->clientid, 8);
1438 
1439 	DECODE_TAIL;
1440 }
1441 
1442 static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1443 {
1444 	DECODE_HEAD;
1445 
1446 	READ_BUF(4);
1447 	READ32(rc->rca_one_fs);
1448 
1449 	DECODE_TAIL;
1450 }
1451 
1452 static __be32
1453 nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
1454 {
1455 	return nfs_ok;
1456 }
1457 
1458 static __be32
1459 nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
1460 {
1461 	return nfserr_notsupp;
1462 }
1463 
1464 typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
1465 
1466 static nfsd4_dec nfsd4_dec_ops[] = {
1467 	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
1468 	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
1469 	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
1470 	[OP_CREATE]		= (nfsd4_dec)nfsd4_decode_create,
1471 	[OP_DELEGPURGE]		= (nfsd4_dec)nfsd4_decode_notsupp,
1472 	[OP_DELEGRETURN]	= (nfsd4_dec)nfsd4_decode_delegreturn,
1473 	[OP_GETATTR]		= (nfsd4_dec)nfsd4_decode_getattr,
1474 	[OP_GETFH]		= (nfsd4_dec)nfsd4_decode_noop,
1475 	[OP_LINK]		= (nfsd4_dec)nfsd4_decode_link,
1476 	[OP_LOCK]		= (nfsd4_dec)nfsd4_decode_lock,
1477 	[OP_LOCKT]		= (nfsd4_dec)nfsd4_decode_lockt,
1478 	[OP_LOCKU]		= (nfsd4_dec)nfsd4_decode_locku,
1479 	[OP_LOOKUP]		= (nfsd4_dec)nfsd4_decode_lookup,
1480 	[OP_LOOKUPP]		= (nfsd4_dec)nfsd4_decode_noop,
1481 	[OP_NVERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1482 	[OP_OPEN]		= (nfsd4_dec)nfsd4_decode_open,
1483 	[OP_OPENATTR]		= (nfsd4_dec)nfsd4_decode_notsupp,
1484 	[OP_OPEN_CONFIRM]	= (nfsd4_dec)nfsd4_decode_open_confirm,
1485 	[OP_OPEN_DOWNGRADE]	= (nfsd4_dec)nfsd4_decode_open_downgrade,
1486 	[OP_PUTFH]		= (nfsd4_dec)nfsd4_decode_putfh,
1487 	[OP_PUTPUBFH]		= (nfsd4_dec)nfsd4_decode_noop,
1488 	[OP_PUTROOTFH]		= (nfsd4_dec)nfsd4_decode_noop,
1489 	[OP_READ]		= (nfsd4_dec)nfsd4_decode_read,
1490 	[OP_READDIR]		= (nfsd4_dec)nfsd4_decode_readdir,
1491 	[OP_READLINK]		= (nfsd4_dec)nfsd4_decode_noop,
1492 	[OP_REMOVE]		= (nfsd4_dec)nfsd4_decode_remove,
1493 	[OP_RENAME]		= (nfsd4_dec)nfsd4_decode_rename,
1494 	[OP_RENEW]		= (nfsd4_dec)nfsd4_decode_renew,
1495 	[OP_RESTOREFH]		= (nfsd4_dec)nfsd4_decode_noop,
1496 	[OP_SAVEFH]		= (nfsd4_dec)nfsd4_decode_noop,
1497 	[OP_SECINFO]		= (nfsd4_dec)nfsd4_decode_secinfo,
1498 	[OP_SETATTR]		= (nfsd4_dec)nfsd4_decode_setattr,
1499 	[OP_SETCLIENTID]	= (nfsd4_dec)nfsd4_decode_setclientid,
1500 	[OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
1501 	[OP_VERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1502 	[OP_WRITE]		= (nfsd4_dec)nfsd4_decode_write,
1503 	[OP_RELEASE_LOCKOWNER]	= (nfsd4_dec)nfsd4_decode_release_lockowner,
1504 };
1505 
1506 static nfsd4_dec nfsd41_dec_ops[] = {
1507 	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
1508 	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
1509 	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
1510 	[OP_CREATE]		= (nfsd4_dec)nfsd4_decode_create,
1511 	[OP_DELEGPURGE]		= (nfsd4_dec)nfsd4_decode_notsupp,
1512 	[OP_DELEGRETURN]	= (nfsd4_dec)nfsd4_decode_delegreturn,
1513 	[OP_GETATTR]		= (nfsd4_dec)nfsd4_decode_getattr,
1514 	[OP_GETFH]		= (nfsd4_dec)nfsd4_decode_noop,
1515 	[OP_LINK]		= (nfsd4_dec)nfsd4_decode_link,
1516 	[OP_LOCK]		= (nfsd4_dec)nfsd4_decode_lock,
1517 	[OP_LOCKT]		= (nfsd4_dec)nfsd4_decode_lockt,
1518 	[OP_LOCKU]		= (nfsd4_dec)nfsd4_decode_locku,
1519 	[OP_LOOKUP]		= (nfsd4_dec)nfsd4_decode_lookup,
1520 	[OP_LOOKUPP]		= (nfsd4_dec)nfsd4_decode_noop,
1521 	[OP_NVERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1522 	[OP_OPEN]		= (nfsd4_dec)nfsd4_decode_open,
1523 	[OP_OPENATTR]		= (nfsd4_dec)nfsd4_decode_notsupp,
1524 	[OP_OPEN_CONFIRM]	= (nfsd4_dec)nfsd4_decode_notsupp,
1525 	[OP_OPEN_DOWNGRADE]	= (nfsd4_dec)nfsd4_decode_open_downgrade,
1526 	[OP_PUTFH]		= (nfsd4_dec)nfsd4_decode_putfh,
1527 	[OP_PUTPUBFH]		= (nfsd4_dec)nfsd4_decode_notsupp,
1528 	[OP_PUTROOTFH]		= (nfsd4_dec)nfsd4_decode_noop,
1529 	[OP_READ]		= (nfsd4_dec)nfsd4_decode_read,
1530 	[OP_READDIR]		= (nfsd4_dec)nfsd4_decode_readdir,
1531 	[OP_READLINK]		= (nfsd4_dec)nfsd4_decode_noop,
1532 	[OP_REMOVE]		= (nfsd4_dec)nfsd4_decode_remove,
1533 	[OP_RENAME]		= (nfsd4_dec)nfsd4_decode_rename,
1534 	[OP_RENEW]		= (nfsd4_dec)nfsd4_decode_notsupp,
1535 	[OP_RESTOREFH]		= (nfsd4_dec)nfsd4_decode_noop,
1536 	[OP_SAVEFH]		= (nfsd4_dec)nfsd4_decode_noop,
1537 	[OP_SECINFO]		= (nfsd4_dec)nfsd4_decode_secinfo,
1538 	[OP_SETATTR]		= (nfsd4_dec)nfsd4_decode_setattr,
1539 	[OP_SETCLIENTID]	= (nfsd4_dec)nfsd4_decode_notsupp,
1540 	[OP_SETCLIENTID_CONFIRM]= (nfsd4_dec)nfsd4_decode_notsupp,
1541 	[OP_VERIFY]		= (nfsd4_dec)nfsd4_decode_verify,
1542 	[OP_WRITE]		= (nfsd4_dec)nfsd4_decode_write,
1543 	[OP_RELEASE_LOCKOWNER]	= (nfsd4_dec)nfsd4_decode_notsupp,
1544 
1545 	/* new operations for NFSv4.1 */
1546 	[OP_BACKCHANNEL_CTL]	= (nfsd4_dec)nfsd4_decode_backchannel_ctl,
1547 	[OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
1548 	[OP_EXCHANGE_ID]	= (nfsd4_dec)nfsd4_decode_exchange_id,
1549 	[OP_CREATE_SESSION]	= (nfsd4_dec)nfsd4_decode_create_session,
1550 	[OP_DESTROY_SESSION]	= (nfsd4_dec)nfsd4_decode_destroy_session,
1551 	[OP_FREE_STATEID]	= (nfsd4_dec)nfsd4_decode_free_stateid,
1552 	[OP_GET_DIR_DELEGATION]	= (nfsd4_dec)nfsd4_decode_notsupp,
1553 	[OP_GETDEVICEINFO]	= (nfsd4_dec)nfsd4_decode_notsupp,
1554 	[OP_GETDEVICELIST]	= (nfsd4_dec)nfsd4_decode_notsupp,
1555 	[OP_LAYOUTCOMMIT]	= (nfsd4_dec)nfsd4_decode_notsupp,
1556 	[OP_LAYOUTGET]		= (nfsd4_dec)nfsd4_decode_notsupp,
1557 	[OP_LAYOUTRETURN]	= (nfsd4_dec)nfsd4_decode_notsupp,
1558 	[OP_SECINFO_NO_NAME]	= (nfsd4_dec)nfsd4_decode_secinfo_no_name,
1559 	[OP_SEQUENCE]		= (nfsd4_dec)nfsd4_decode_sequence,
1560 	[OP_SET_SSV]		= (nfsd4_dec)nfsd4_decode_notsupp,
1561 	[OP_TEST_STATEID]	= (nfsd4_dec)nfsd4_decode_test_stateid,
1562 	[OP_WANT_DELEGATION]	= (nfsd4_dec)nfsd4_decode_notsupp,
1563 	[OP_DESTROY_CLIENTID]	= (nfsd4_dec)nfsd4_decode_destroy_clientid,
1564 	[OP_RECLAIM_COMPLETE]	= (nfsd4_dec)nfsd4_decode_reclaim_complete,
1565 };
1566 
1567 struct nfsd4_minorversion_ops {
1568 	nfsd4_dec *decoders;
1569 	int nops;
1570 };
1571 
1572 static struct nfsd4_minorversion_ops nfsd4_minorversion[] = {
1573 	[0] = { nfsd4_dec_ops, ARRAY_SIZE(nfsd4_dec_ops) },
1574 	[1] = { nfsd41_dec_ops, ARRAY_SIZE(nfsd41_dec_ops) },
1575 };
1576 
1577 static __be32
1578 nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
1579 {
1580 	DECODE_HEAD;
1581 	struct nfsd4_op *op;
1582 	struct nfsd4_minorversion_ops *ops;
1583 	bool cachethis = false;
1584 	int i;
1585 
1586 	READ_BUF(4);
1587 	READ32(argp->taglen);
1588 	READ_BUF(argp->taglen + 8);
1589 	SAVEMEM(argp->tag, argp->taglen);
1590 	READ32(argp->minorversion);
1591 	READ32(argp->opcnt);
1592 
1593 	if (argp->taglen > NFSD4_MAX_TAGLEN)
1594 		goto xdr_error;
1595 	if (argp->opcnt > 100)
1596 		goto xdr_error;
1597 
1598 	if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
1599 		argp->ops = kmalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
1600 		if (!argp->ops) {
1601 			argp->ops = argp->iops;
1602 			dprintk("nfsd: couldn't allocate room for COMPOUND\n");
1603 			goto xdr_error;
1604 		}
1605 	}
1606 
1607 	if (argp->minorversion >= ARRAY_SIZE(nfsd4_minorversion))
1608 		argp->opcnt = 0;
1609 
1610 	ops = &nfsd4_minorversion[argp->minorversion];
1611 	for (i = 0; i < argp->opcnt; i++) {
1612 		op = &argp->ops[i];
1613 		op->replay = NULL;
1614 
1615 		READ_BUF(4);
1616 		READ32(op->opnum);
1617 
1618 		if (op->opnum >= FIRST_NFS4_OP && op->opnum <= LAST_NFS4_OP)
1619 			op->status = ops->decoders[op->opnum](argp, &op->u);
1620 		else {
1621 			op->opnum = OP_ILLEGAL;
1622 			op->status = nfserr_op_illegal;
1623 		}
1624 
1625 		if (op->status) {
1626 			argp->opcnt = i+1;
1627 			break;
1628 		}
1629 		/*
1630 		 * We'll try to cache the result in the DRC if any one
1631 		 * op in the compound wants to be cached:
1632 		 */
1633 		cachethis |= nfsd4_cache_this_op(op);
1634 	}
1635 	/* Sessions make the DRC unnecessary: */
1636 	if (argp->minorversion)
1637 		cachethis = false;
1638 	argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
1639 
1640 	DECODE_TAIL;
1641 }
1642 
1643 #define WRITE32(n)               *p++ = htonl(n)
1644 #define WRITE64(n)               do {				\
1645 	*p++ = htonl((u32)((n) >> 32));				\
1646 	*p++ = htonl((u32)(n));					\
1647 } while (0)
1648 #define WRITEMEM(ptr,nbytes)     do { if (nbytes > 0) {		\
1649 	*(p + XDR_QUADLEN(nbytes) -1) = 0;                      \
1650 	memcpy(p, ptr, nbytes);					\
1651 	p += XDR_QUADLEN(nbytes);				\
1652 }} while (0)
1653 
1654 static void write32(__be32 **p, u32 n)
1655 {
1656 	*(*p)++ = htonl(n);
1657 }
1658 
1659 static void write64(__be32 **p, u64 n)
1660 {
1661 	write32(p, (n >> 32));
1662 	write32(p, (u32)n);
1663 }
1664 
1665 static void write_change(__be32 **p, struct kstat *stat, struct inode *inode)
1666 {
1667 	if (IS_I_VERSION(inode)) {
1668 		write64(p, inode->i_version);
1669 	} else {
1670 		write32(p, stat->ctime.tv_sec);
1671 		write32(p, stat->ctime.tv_nsec);
1672 	}
1673 }
1674 
1675 static void write_cinfo(__be32 **p, struct nfsd4_change_info *c)
1676 {
1677 	write32(p, c->atomic);
1678 	if (c->change_supported) {
1679 		write64(p, c->before_change);
1680 		write64(p, c->after_change);
1681 	} else {
1682 		write32(p, c->before_ctime_sec);
1683 		write32(p, c->before_ctime_nsec);
1684 		write32(p, c->after_ctime_sec);
1685 		write32(p, c->after_ctime_nsec);
1686 	}
1687 }
1688 
1689 #define RESERVE_SPACE(nbytes)	do {				\
1690 	p = resp->p;						\
1691 	BUG_ON(p + XDR_QUADLEN(nbytes) > resp->end);		\
1692 } while (0)
1693 #define ADJUST_ARGS()		resp->p = p
1694 
1695 /*
1696  * Header routine to setup seqid operation replay cache
1697  */
1698 #define ENCODE_SEQID_OP_HEAD					\
1699 	__be32 *save;						\
1700 								\
1701 	save = resp->p;
1702 
1703 /*
1704  * Routine for encoding the result of a "seqid-mutating" NFSv4 operation.  This
1705  * is where sequence id's are incremented, and the replay cache is filled.
1706  * Note that we increment sequence id's here, at the last moment, so we're sure
1707  * we know whether the error to be returned is a sequence id mutating error.
1708  */
1709 
1710 static void encode_seqid_op_tail(struct nfsd4_compoundres *resp, __be32 *save, __be32 nfserr)
1711 {
1712 	struct nfs4_stateowner *stateowner = resp->cstate.replay_owner;
1713 
1714 	if (seqid_mutating_err(ntohl(nfserr)) && stateowner) {
1715 		stateowner->so_seqid++;
1716 		stateowner->so_replay.rp_status = nfserr;
1717 		stateowner->so_replay.rp_buflen =
1718 			  (char *)resp->p - (char *)save;
1719 		memcpy(stateowner->so_replay.rp_buf, save,
1720 			stateowner->so_replay.rp_buflen);
1721 		nfsd4_purge_closed_stateid(stateowner);
1722 	}
1723 }
1724 
1725 /* Encode as an array of strings the string given with components
1726  * separated @sep, escaped with esc_enter and esc_exit.
1727  */
1728 static __be32 nfsd4_encode_components_esc(char sep, char *components,
1729 				   __be32 **pp, int *buflen,
1730 				   char esc_enter, char esc_exit)
1731 {
1732 	__be32 *p = *pp;
1733 	__be32 *countp = p;
1734 	int strlen, count=0;
1735 	char *str, *end, *next;
1736 
1737 	dprintk("nfsd4_encode_components(%s)\n", components);
1738 	if ((*buflen -= 4) < 0)
1739 		return nfserr_resource;
1740 	WRITE32(0); /* We will fill this in with @count later */
1741 	end = str = components;
1742 	while (*end) {
1743 		bool found_esc = false;
1744 
1745 		/* try to parse as esc_start, ..., esc_end, sep */
1746 		if (*str == esc_enter) {
1747 			for (; *end && (*end != esc_exit); end++)
1748 				/* find esc_exit or end of string */;
1749 			next = end + 1;
1750 			if (*end && (!*next || *next == sep)) {
1751 				str++;
1752 				found_esc = true;
1753 			}
1754 		}
1755 
1756 		if (!found_esc)
1757 			for (; *end && (*end != sep); end++)
1758 				/* find sep or end of string */;
1759 
1760 		strlen = end - str;
1761 		if (strlen) {
1762 			if ((*buflen -= ((XDR_QUADLEN(strlen) << 2) + 4)) < 0)
1763 				return nfserr_resource;
1764 			WRITE32(strlen);
1765 			WRITEMEM(str, strlen);
1766 			count++;
1767 		}
1768 		else
1769 			end++;
1770 		str = end;
1771 	}
1772 	*pp = p;
1773 	p = countp;
1774 	WRITE32(count);
1775 	return 0;
1776 }
1777 
1778 /* Encode as an array of strings the string given with components
1779  * separated @sep.
1780  */
1781 static __be32 nfsd4_encode_components(char sep, char *components,
1782 				   __be32 **pp, int *buflen)
1783 {
1784 	return nfsd4_encode_components_esc(sep, components, pp, buflen, 0, 0);
1785 }
1786 
1787 /*
1788  * encode a location element of a fs_locations structure
1789  */
1790 static __be32 nfsd4_encode_fs_location4(struct nfsd4_fs_location *location,
1791 				    __be32 **pp, int *buflen)
1792 {
1793 	__be32 status;
1794 	__be32 *p = *pp;
1795 
1796 	status = nfsd4_encode_components_esc(':', location->hosts, &p, buflen,
1797 						'[', ']');
1798 	if (status)
1799 		return status;
1800 	status = nfsd4_encode_components('/', location->path, &p, buflen);
1801 	if (status)
1802 		return status;
1803 	*pp = p;
1804 	return 0;
1805 }
1806 
1807 /*
1808  * Encode a path in RFC3530 'pathname4' format
1809  */
1810 static __be32 nfsd4_encode_path(const struct path *root,
1811 		const struct path *path, __be32 **pp, int *buflen)
1812 {
1813 	struct path cur = {
1814 		.mnt = path->mnt,
1815 		.dentry = path->dentry,
1816 	};
1817 	__be32 *p = *pp;
1818 	struct dentry **components = NULL;
1819 	unsigned int ncomponents = 0;
1820 	__be32 err = nfserr_jukebox;
1821 
1822 	dprintk("nfsd4_encode_components(");
1823 
1824 	path_get(&cur);
1825 	/* First walk the path up to the nfsd root, and store the
1826 	 * dentries/path components in an array.
1827 	 */
1828 	for (;;) {
1829 		if (cur.dentry == root->dentry && cur.mnt == root->mnt)
1830 			break;
1831 		if (cur.dentry == cur.mnt->mnt_root) {
1832 			if (follow_up(&cur))
1833 				continue;
1834 			goto out_free;
1835 		}
1836 		if ((ncomponents & 15) == 0) {
1837 			struct dentry **new;
1838 			new = krealloc(components,
1839 					sizeof(*new) * (ncomponents + 16),
1840 					GFP_KERNEL);
1841 			if (!new)
1842 				goto out_free;
1843 			components = new;
1844 		}
1845 		components[ncomponents++] = cur.dentry;
1846 		cur.dentry = dget_parent(cur.dentry);
1847 	}
1848 
1849 	*buflen -= 4;
1850 	if (*buflen < 0)
1851 		goto out_free;
1852 	WRITE32(ncomponents);
1853 
1854 	while (ncomponents) {
1855 		struct dentry *dentry = components[ncomponents - 1];
1856 		unsigned int len = dentry->d_name.len;
1857 
1858 		*buflen -= 4 + (XDR_QUADLEN(len) << 2);
1859 		if (*buflen < 0)
1860 			goto out_free;
1861 		WRITE32(len);
1862 		WRITEMEM(dentry->d_name.name, len);
1863 		dprintk("/%s", dentry->d_name.name);
1864 		dput(dentry);
1865 		ncomponents--;
1866 	}
1867 
1868 	*pp = p;
1869 	err = 0;
1870 out_free:
1871 	dprintk(")\n");
1872 	while (ncomponents)
1873 		dput(components[--ncomponents]);
1874 	kfree(components);
1875 	path_put(&cur);
1876 	return err;
1877 }
1878 
1879 static __be32 nfsd4_encode_fsloc_fsroot(struct svc_rqst *rqstp,
1880 		const struct path *path, __be32 **pp, int *buflen)
1881 {
1882 	struct svc_export *exp_ps;
1883 	__be32 res;
1884 
1885 	exp_ps = rqst_find_fsidzero_export(rqstp);
1886 	if (IS_ERR(exp_ps))
1887 		return nfserrno(PTR_ERR(exp_ps));
1888 	res = nfsd4_encode_path(&exp_ps->ex_path, path, pp, buflen);
1889 	exp_put(exp_ps);
1890 	return res;
1891 }
1892 
1893 /*
1894  *  encode a fs_locations structure
1895  */
1896 static __be32 nfsd4_encode_fs_locations(struct svc_rqst *rqstp,
1897 				     struct svc_export *exp,
1898 				     __be32 **pp, int *buflen)
1899 {
1900 	__be32 status;
1901 	int i;
1902 	__be32 *p = *pp;
1903 	struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
1904 
1905 	status = nfsd4_encode_fsloc_fsroot(rqstp, &exp->ex_path, &p, buflen);
1906 	if (status)
1907 		return status;
1908 	if ((*buflen -= 4) < 0)
1909 		return nfserr_resource;
1910 	WRITE32(fslocs->locations_count);
1911 	for (i=0; i<fslocs->locations_count; i++) {
1912 		status = nfsd4_encode_fs_location4(&fslocs->locations[i],
1913 						   &p, buflen);
1914 		if (status)
1915 			return status;
1916 	}
1917 	*pp = p;
1918 	return 0;
1919 }
1920 
1921 static u32 nfs4_file_type(umode_t mode)
1922 {
1923 	switch (mode & S_IFMT) {
1924 	case S_IFIFO:	return NF4FIFO;
1925 	case S_IFCHR:	return NF4CHR;
1926 	case S_IFDIR:	return NF4DIR;
1927 	case S_IFBLK:	return NF4BLK;
1928 	case S_IFLNK:	return NF4LNK;
1929 	case S_IFREG:	return NF4REG;
1930 	case S_IFSOCK:	return NF4SOCK;
1931 	default:	return NF4BAD;
1932 	};
1933 }
1934 
1935 static __be32
1936 nfsd4_encode_name(struct svc_rqst *rqstp, int whotype, kuid_t uid, kgid_t gid,
1937 			__be32 **p, int *buflen)
1938 {
1939 	int status;
1940 
1941 	if (*buflen < (XDR_QUADLEN(IDMAP_NAMESZ) << 2) + 4)
1942 		return nfserr_resource;
1943 	if (whotype != NFS4_ACL_WHO_NAMED)
1944 		status = nfs4_acl_write_who(whotype, (u8 *)(*p + 1));
1945 	else if (gid_valid(gid))
1946 		status = nfsd_map_gid_to_name(rqstp, gid, (u8 *)(*p + 1));
1947 	else
1948 		status = nfsd_map_uid_to_name(rqstp, uid, (u8 *)(*p + 1));
1949 	if (status < 0)
1950 		return nfserrno(status);
1951 	*p = xdr_encode_opaque(*p, NULL, status);
1952 	*buflen -= (XDR_QUADLEN(status) << 2) + 4;
1953 	BUG_ON(*buflen < 0);
1954 	return 0;
1955 }
1956 
1957 static inline __be32
1958 nfsd4_encode_user(struct svc_rqst *rqstp, kuid_t user, __be32 **p, int *buflen)
1959 {
1960 	return nfsd4_encode_name(rqstp, NFS4_ACL_WHO_NAMED, user, INVALID_GID,
1961 				 p, buflen);
1962 }
1963 
1964 static inline __be32
1965 nfsd4_encode_group(struct svc_rqst *rqstp, kgid_t group, __be32 **p, int *buflen)
1966 {
1967 	return nfsd4_encode_name(rqstp, NFS4_ACL_WHO_NAMED, INVALID_UID, group,
1968 				 p, buflen);
1969 }
1970 
1971 static inline __be32
1972 nfsd4_encode_aclname(struct svc_rqst *rqstp, struct nfs4_ace *ace,
1973 		__be32 **p, int *buflen)
1974 {
1975 	kuid_t uid = INVALID_UID;
1976 	kgid_t gid = INVALID_GID;
1977 
1978 	if (ace->whotype == NFS4_ACL_WHO_NAMED) {
1979 		if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
1980 			gid = ace->who_gid;
1981 		else
1982 			uid = ace->who_uid;
1983 	}
1984 	return nfsd4_encode_name(rqstp, ace->whotype, uid, gid, p, buflen);
1985 }
1986 
1987 #define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
1988 			      FATTR4_WORD0_RDATTR_ERROR)
1989 #define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
1990 
1991 static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err)
1992 {
1993 	/* As per referral draft:  */
1994 	if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
1995 	    *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
1996 		if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
1997 	            *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
1998 			*rdattr_err = NFSERR_MOVED;
1999 		else
2000 			return nfserr_moved;
2001 	}
2002 	*bmval0 &= WORD0_ABSENT_FS_ATTRS;
2003 	*bmval1 &= WORD1_ABSENT_FS_ATTRS;
2004 	return 0;
2005 }
2006 
2007 
2008 static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2009 {
2010 	struct path path = exp->ex_path;
2011 	int err;
2012 
2013 	path_get(&path);
2014 	while (follow_up(&path)) {
2015 		if (path.dentry != path.mnt->mnt_root)
2016 			break;
2017 	}
2018 	err = vfs_getattr(&path, stat);
2019 	path_put(&path);
2020 	return err;
2021 }
2022 
2023 /*
2024  * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2025  * ourselves.
2026  *
2027  * countp is the buffer size in _words_
2028  */
2029 __be32
2030 nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
2031 		struct dentry *dentry, __be32 **buffer, int count, u32 *bmval,
2032 		struct svc_rqst *rqstp, int ignore_crossmnt)
2033 {
2034 	u32 bmval0 = bmval[0];
2035 	u32 bmval1 = bmval[1];
2036 	u32 bmval2 = bmval[2];
2037 	struct kstat stat;
2038 	struct svc_fh tempfh;
2039 	struct kstatfs statfs;
2040 	int buflen = count << 2;
2041 	__be32 *attrlenp;
2042 	u32 dummy;
2043 	u64 dummy64;
2044 	u32 rdattr_err = 0;
2045 	__be32 *p = *buffer;
2046 	__be32 status;
2047 	int err;
2048 	int aclsupport = 0;
2049 	struct nfs4_acl *acl = NULL;
2050 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
2051 	u32 minorversion = resp->cstate.minorversion;
2052 	struct path path = {
2053 		.mnt	= exp->ex_path.mnt,
2054 		.dentry	= dentry,
2055 	};
2056 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2057 
2058 	BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2059 	BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion));
2060 	BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
2061 	BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion));
2062 
2063 	if (exp->ex_fslocs.migrated) {
2064 		BUG_ON(bmval[2]);
2065 		status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err);
2066 		if (status)
2067 			goto out;
2068 	}
2069 
2070 	err = vfs_getattr(&path, &stat);
2071 	if (err)
2072 		goto out_nfserr;
2073 	if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
2074 			FATTR4_WORD0_MAXNAME)) ||
2075 	    (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2076 		       FATTR4_WORD1_SPACE_TOTAL))) {
2077 		err = vfs_statfs(&path, &statfs);
2078 		if (err)
2079 			goto out_nfserr;
2080 	}
2081 	if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2082 		fh_init(&tempfh, NFS4_FHSIZE);
2083 		status = fh_compose(&tempfh, exp, dentry, NULL);
2084 		if (status)
2085 			goto out;
2086 		fhp = &tempfh;
2087 	}
2088 	if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
2089 			| FATTR4_WORD0_SUPPORTED_ATTRS)) {
2090 		err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2091 		aclsupport = (err == 0);
2092 		if (bmval0 & FATTR4_WORD0_ACL) {
2093 			if (err == -EOPNOTSUPP)
2094 				bmval0 &= ~FATTR4_WORD0_ACL;
2095 			else if (err == -EINVAL) {
2096 				status = nfserr_attrnotsupp;
2097 				goto out;
2098 			} else if (err != 0)
2099 				goto out_nfserr;
2100 		}
2101 	}
2102 
2103 	if (bmval2) {
2104 		if ((buflen -= 16) < 0)
2105 			goto out_resource;
2106 		WRITE32(3);
2107 		WRITE32(bmval0);
2108 		WRITE32(bmval1);
2109 		WRITE32(bmval2);
2110 	} else if (bmval1) {
2111 		if ((buflen -= 12) < 0)
2112 			goto out_resource;
2113 		WRITE32(2);
2114 		WRITE32(bmval0);
2115 		WRITE32(bmval1);
2116 	} else {
2117 		if ((buflen -= 8) < 0)
2118 			goto out_resource;
2119 		WRITE32(1);
2120 		WRITE32(bmval0);
2121 	}
2122 	attrlenp = p++;                /* to be backfilled later */
2123 
2124 	if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2125 		u32 word0 = nfsd_suppattrs0(minorversion);
2126 		u32 word1 = nfsd_suppattrs1(minorversion);
2127 		u32 word2 = nfsd_suppattrs2(minorversion);
2128 
2129 		if (!aclsupport)
2130 			word0 &= ~FATTR4_WORD0_ACL;
2131 		if (!word2) {
2132 			if ((buflen -= 12) < 0)
2133 				goto out_resource;
2134 			WRITE32(2);
2135 			WRITE32(word0);
2136 			WRITE32(word1);
2137 		} else {
2138 			if ((buflen -= 16) < 0)
2139 				goto out_resource;
2140 			WRITE32(3);
2141 			WRITE32(word0);
2142 			WRITE32(word1);
2143 			WRITE32(word2);
2144 		}
2145 	}
2146 	if (bmval0 & FATTR4_WORD0_TYPE) {
2147 		if ((buflen -= 4) < 0)
2148 			goto out_resource;
2149 		dummy = nfs4_file_type(stat.mode);
2150 		if (dummy == NF4BAD)
2151 			goto out_serverfault;
2152 		WRITE32(dummy);
2153 	}
2154 	if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2155 		if ((buflen -= 4) < 0)
2156 			goto out_resource;
2157 		if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2158 			WRITE32(NFS4_FH_PERSISTENT);
2159 		else
2160 			WRITE32(NFS4_FH_PERSISTENT|NFS4_FH_VOL_RENAME);
2161 	}
2162 	if (bmval0 & FATTR4_WORD0_CHANGE) {
2163 		if ((buflen -= 8) < 0)
2164 			goto out_resource;
2165 		write_change(&p, &stat, dentry->d_inode);
2166 	}
2167 	if (bmval0 & FATTR4_WORD0_SIZE) {
2168 		if ((buflen -= 8) < 0)
2169 			goto out_resource;
2170 		WRITE64(stat.size);
2171 	}
2172 	if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2173 		if ((buflen -= 4) < 0)
2174 			goto out_resource;
2175 		WRITE32(1);
2176 	}
2177 	if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2178 		if ((buflen -= 4) < 0)
2179 			goto out_resource;
2180 		WRITE32(1);
2181 	}
2182 	if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2183 		if ((buflen -= 4) < 0)
2184 			goto out_resource;
2185 		WRITE32(0);
2186 	}
2187 	if (bmval0 & FATTR4_WORD0_FSID) {
2188 		if ((buflen -= 16) < 0)
2189 			goto out_resource;
2190 		if (exp->ex_fslocs.migrated) {
2191 			WRITE64(NFS4_REFERRAL_FSID_MAJOR);
2192 			WRITE64(NFS4_REFERRAL_FSID_MINOR);
2193 		} else switch(fsid_source(fhp)) {
2194 		case FSIDSOURCE_FSID:
2195 			WRITE64((u64)exp->ex_fsid);
2196 			WRITE64((u64)0);
2197 			break;
2198 		case FSIDSOURCE_DEV:
2199 			WRITE32(0);
2200 			WRITE32(MAJOR(stat.dev));
2201 			WRITE32(0);
2202 			WRITE32(MINOR(stat.dev));
2203 			break;
2204 		case FSIDSOURCE_UUID:
2205 			WRITEMEM(exp->ex_uuid, 16);
2206 			break;
2207 		}
2208 	}
2209 	if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2210 		if ((buflen -= 4) < 0)
2211 			goto out_resource;
2212 		WRITE32(0);
2213 	}
2214 	if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2215 		if ((buflen -= 4) < 0)
2216 			goto out_resource;
2217 		WRITE32(nn->nfsd4_lease);
2218 	}
2219 	if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2220 		if ((buflen -= 4) < 0)
2221 			goto out_resource;
2222 		WRITE32(rdattr_err);
2223 	}
2224 	if (bmval0 & FATTR4_WORD0_ACL) {
2225 		struct nfs4_ace *ace;
2226 
2227 		if (acl == NULL) {
2228 			if ((buflen -= 4) < 0)
2229 				goto out_resource;
2230 
2231 			WRITE32(0);
2232 			goto out_acl;
2233 		}
2234 		if ((buflen -= 4) < 0)
2235 			goto out_resource;
2236 		WRITE32(acl->naces);
2237 
2238 		for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2239 			if ((buflen -= 4*3) < 0)
2240 				goto out_resource;
2241 			WRITE32(ace->type);
2242 			WRITE32(ace->flag);
2243 			WRITE32(ace->access_mask & NFS4_ACE_MASK_ALL);
2244 			status = nfsd4_encode_aclname(rqstp, ace, &p, &buflen);
2245 			if (status == nfserr_resource)
2246 				goto out_resource;
2247 			if (status)
2248 				goto out;
2249 		}
2250 	}
2251 out_acl:
2252 	if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2253 		if ((buflen -= 4) < 0)
2254 			goto out_resource;
2255 		WRITE32(aclsupport ?
2256 			ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2257 	}
2258 	if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2259 		if ((buflen -= 4) < 0)
2260 			goto out_resource;
2261 		WRITE32(1);
2262 	}
2263 	if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2264 		if ((buflen -= 4) < 0)
2265 			goto out_resource;
2266 		WRITE32(0);
2267 	}
2268 	if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2269 		if ((buflen -= 4) < 0)
2270 			goto out_resource;
2271 		WRITE32(1);
2272 	}
2273 	if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2274 		if ((buflen -= 4) < 0)
2275 			goto out_resource;
2276 		WRITE32(1);
2277 	}
2278 	if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2279 		buflen -= (XDR_QUADLEN(fhp->fh_handle.fh_size) << 2) + 4;
2280 		if (buflen < 0)
2281 			goto out_resource;
2282 		WRITE32(fhp->fh_handle.fh_size);
2283 		WRITEMEM(&fhp->fh_handle.fh_base, fhp->fh_handle.fh_size);
2284 	}
2285 	if (bmval0 & FATTR4_WORD0_FILEID) {
2286 		if ((buflen -= 8) < 0)
2287 			goto out_resource;
2288 		WRITE64(stat.ino);
2289 	}
2290 	if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2291 		if ((buflen -= 8) < 0)
2292 			goto out_resource;
2293 		WRITE64((u64) statfs.f_ffree);
2294 	}
2295 	if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2296 		if ((buflen -= 8) < 0)
2297 			goto out_resource;
2298 		WRITE64((u64) statfs.f_ffree);
2299 	}
2300 	if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2301 		if ((buflen -= 8) < 0)
2302 			goto out_resource;
2303 		WRITE64((u64) statfs.f_files);
2304 	}
2305 	if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2306 		status = nfsd4_encode_fs_locations(rqstp, exp, &p, &buflen);
2307 		if (status == nfserr_resource)
2308 			goto out_resource;
2309 		if (status)
2310 			goto out;
2311 	}
2312 	if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2313 		if ((buflen -= 4) < 0)
2314 			goto out_resource;
2315 		WRITE32(1);
2316 	}
2317 	if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2318 		if ((buflen -= 8) < 0)
2319 			goto out_resource;
2320 		WRITE64(~(u64)0);
2321 	}
2322 	if (bmval0 & FATTR4_WORD0_MAXLINK) {
2323 		if ((buflen -= 4) < 0)
2324 			goto out_resource;
2325 		WRITE32(255);
2326 	}
2327 	if (bmval0 & FATTR4_WORD0_MAXNAME) {
2328 		if ((buflen -= 4) < 0)
2329 			goto out_resource;
2330 		WRITE32(statfs.f_namelen);
2331 	}
2332 	if (bmval0 & FATTR4_WORD0_MAXREAD) {
2333 		if ((buflen -= 8) < 0)
2334 			goto out_resource;
2335 		WRITE64((u64) svc_max_payload(rqstp));
2336 	}
2337 	if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2338 		if ((buflen -= 8) < 0)
2339 			goto out_resource;
2340 		WRITE64((u64) svc_max_payload(rqstp));
2341 	}
2342 	if (bmval1 & FATTR4_WORD1_MODE) {
2343 		if ((buflen -= 4) < 0)
2344 			goto out_resource;
2345 		WRITE32(stat.mode & S_IALLUGO);
2346 	}
2347 	if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2348 		if ((buflen -= 4) < 0)
2349 			goto out_resource;
2350 		WRITE32(1);
2351 	}
2352 	if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2353 		if ((buflen -= 4) < 0)
2354 			goto out_resource;
2355 		WRITE32(stat.nlink);
2356 	}
2357 	if (bmval1 & FATTR4_WORD1_OWNER) {
2358 		status = nfsd4_encode_user(rqstp, stat.uid, &p, &buflen);
2359 		if (status == nfserr_resource)
2360 			goto out_resource;
2361 		if (status)
2362 			goto out;
2363 	}
2364 	if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2365 		status = nfsd4_encode_group(rqstp, stat.gid, &p, &buflen);
2366 		if (status == nfserr_resource)
2367 			goto out_resource;
2368 		if (status)
2369 			goto out;
2370 	}
2371 	if (bmval1 & FATTR4_WORD1_RAWDEV) {
2372 		if ((buflen -= 8) < 0)
2373 			goto out_resource;
2374 		WRITE32((u32) MAJOR(stat.rdev));
2375 		WRITE32((u32) MINOR(stat.rdev));
2376 	}
2377 	if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
2378 		if ((buflen -= 8) < 0)
2379 			goto out_resource;
2380 		dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
2381 		WRITE64(dummy64);
2382 	}
2383 	if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
2384 		if ((buflen -= 8) < 0)
2385 			goto out_resource;
2386 		dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
2387 		WRITE64(dummy64);
2388 	}
2389 	if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
2390 		if ((buflen -= 8) < 0)
2391 			goto out_resource;
2392 		dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
2393 		WRITE64(dummy64);
2394 	}
2395 	if (bmval1 & FATTR4_WORD1_SPACE_USED) {
2396 		if ((buflen -= 8) < 0)
2397 			goto out_resource;
2398 		dummy64 = (u64)stat.blocks << 9;
2399 		WRITE64(dummy64);
2400 	}
2401 	if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
2402 		if ((buflen -= 12) < 0)
2403 			goto out_resource;
2404 		WRITE32(0);
2405 		WRITE32(stat.atime.tv_sec);
2406 		WRITE32(stat.atime.tv_nsec);
2407 	}
2408 	if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
2409 		if ((buflen -= 12) < 0)
2410 			goto out_resource;
2411 		WRITE32(0);
2412 		WRITE32(1);
2413 		WRITE32(0);
2414 	}
2415 	if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
2416 		if ((buflen -= 12) < 0)
2417 			goto out_resource;
2418 		WRITE32(0);
2419 		WRITE32(stat.ctime.tv_sec);
2420 		WRITE32(stat.ctime.tv_nsec);
2421 	}
2422 	if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
2423 		if ((buflen -= 12) < 0)
2424 			goto out_resource;
2425 		WRITE32(0);
2426 		WRITE32(stat.mtime.tv_sec);
2427 		WRITE32(stat.mtime.tv_nsec);
2428 	}
2429 	if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
2430 		if ((buflen -= 8) < 0)
2431                 	goto out_resource;
2432 		/*
2433 		 * Get parent's attributes if not ignoring crossmount
2434 		 * and this is the root of a cross-mounted filesystem.
2435 		 */
2436 		if (ignore_crossmnt == 0 &&
2437 		    dentry == exp->ex_path.mnt->mnt_root)
2438 			get_parent_attributes(exp, &stat);
2439 		WRITE64(stat.ino);
2440 	}
2441 	if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
2442 		WRITE32(3);
2443 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
2444 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
2445 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD2);
2446 	}
2447 
2448 	*attrlenp = htonl((char *)p - (char *)attrlenp - 4);
2449 	*buffer = p;
2450 	status = nfs_ok;
2451 
2452 out:
2453 	kfree(acl);
2454 	if (fhp == &tempfh)
2455 		fh_put(&tempfh);
2456 	return status;
2457 out_nfserr:
2458 	status = nfserrno(err);
2459 	goto out;
2460 out_resource:
2461 	status = nfserr_resource;
2462 	goto out;
2463 out_serverfault:
2464 	status = nfserr_serverfault;
2465 	goto out;
2466 }
2467 
2468 static inline int attributes_need_mount(u32 *bmval)
2469 {
2470 	if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
2471 		return 1;
2472 	if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
2473 		return 1;
2474 	return 0;
2475 }
2476 
2477 static __be32
2478 nfsd4_encode_dirent_fattr(struct nfsd4_readdir *cd,
2479 		const char *name, int namlen, __be32 **p, int buflen)
2480 {
2481 	struct svc_export *exp = cd->rd_fhp->fh_export;
2482 	struct dentry *dentry;
2483 	__be32 nfserr;
2484 	int ignore_crossmnt = 0;
2485 
2486 	dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
2487 	if (IS_ERR(dentry))
2488 		return nfserrno(PTR_ERR(dentry));
2489 	if (!dentry->d_inode) {
2490 		/*
2491 		 * nfsd_buffered_readdir drops the i_mutex between
2492 		 * readdir and calling this callback, leaving a window
2493 		 * where this directory entry could have gone away.
2494 		 */
2495 		dput(dentry);
2496 		return nfserr_noent;
2497 	}
2498 
2499 	exp_get(exp);
2500 	/*
2501 	 * In the case of a mountpoint, the client may be asking for
2502 	 * attributes that are only properties of the underlying filesystem
2503 	 * as opposed to the cross-mounted file system. In such a case,
2504 	 * we will not follow the cross mount and will fill the attribtutes
2505 	 * directly from the mountpoint dentry.
2506 	 */
2507 	if (nfsd_mountpoint(dentry, exp)) {
2508 		int err;
2509 
2510 		if (!(exp->ex_flags & NFSEXP_V4ROOT)
2511 				&& !attributes_need_mount(cd->rd_bmval)) {
2512 			ignore_crossmnt = 1;
2513 			goto out_encode;
2514 		}
2515 		/*
2516 		 * Why the heck aren't we just using nfsd_lookup??
2517 		 * Different "."/".." handling?  Something else?
2518 		 * At least, add a comment here to explain....
2519 		 */
2520 		err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
2521 		if (err) {
2522 			nfserr = nfserrno(err);
2523 			goto out_put;
2524 		}
2525 		nfserr = check_nfsd_access(exp, cd->rd_rqstp);
2526 		if (nfserr)
2527 			goto out_put;
2528 
2529 	}
2530 out_encode:
2531 	nfserr = nfsd4_encode_fattr(NULL, exp, dentry, p, buflen, cd->rd_bmval,
2532 					cd->rd_rqstp, ignore_crossmnt);
2533 out_put:
2534 	dput(dentry);
2535 	exp_put(exp);
2536 	return nfserr;
2537 }
2538 
2539 static __be32 *
2540 nfsd4_encode_rdattr_error(__be32 *p, int buflen, __be32 nfserr)
2541 {
2542 	__be32 *attrlenp;
2543 
2544 	if (buflen < 6)
2545 		return NULL;
2546 	*p++ = htonl(2);
2547 	*p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
2548 	*p++ = htonl(0);			 /* bmval1 */
2549 
2550 	attrlenp = p++;
2551 	*p++ = nfserr;       /* no htonl */
2552 	*attrlenp = htonl((char *)p - (char *)attrlenp - 4);
2553 	return p;
2554 }
2555 
2556 static int
2557 nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2558 		    loff_t offset, u64 ino, unsigned int d_type)
2559 {
2560 	struct readdir_cd *ccd = ccdv;
2561 	struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
2562 	int buflen;
2563 	__be32 *p = cd->buffer;
2564 	__be32 *cookiep;
2565 	__be32 nfserr = nfserr_toosmall;
2566 
2567 	/* In nfsv4, "." and ".." never make it onto the wire.. */
2568 	if (name && isdotent(name, namlen)) {
2569 		cd->common.err = nfs_ok;
2570 		return 0;
2571 	}
2572 
2573 	if (cd->offset)
2574 		xdr_encode_hyper(cd->offset, (u64) offset);
2575 
2576 	buflen = cd->buflen - 4 - XDR_QUADLEN(namlen);
2577 	if (buflen < 0)
2578 		goto fail;
2579 
2580 	*p++ = xdr_one;                             /* mark entry present */
2581 	cookiep = p;
2582 	p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
2583 	p = xdr_encode_array(p, name, namlen);      /* name length & name */
2584 
2585 	nfserr = nfsd4_encode_dirent_fattr(cd, name, namlen, &p, buflen);
2586 	switch (nfserr) {
2587 	case nfs_ok:
2588 		break;
2589 	case nfserr_resource:
2590 		nfserr = nfserr_toosmall;
2591 		goto fail;
2592 	case nfserr_noent:
2593 		goto skip_entry;
2594 	default:
2595 		/*
2596 		 * If the client requested the RDATTR_ERROR attribute,
2597 		 * we stuff the error code into this attribute
2598 		 * and continue.  If this attribute was not requested,
2599 		 * then in accordance with the spec, we fail the
2600 		 * entire READDIR operation(!)
2601 		 */
2602 		if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
2603 			goto fail;
2604 		p = nfsd4_encode_rdattr_error(p, buflen, nfserr);
2605 		if (p == NULL) {
2606 			nfserr = nfserr_toosmall;
2607 			goto fail;
2608 		}
2609 	}
2610 	cd->buflen -= (p - cd->buffer);
2611 	cd->buffer = p;
2612 	cd->offset = cookiep;
2613 skip_entry:
2614 	cd->common.err = nfs_ok;
2615 	return 0;
2616 fail:
2617 	cd->common.err = nfserr;
2618 	return -EINVAL;
2619 }
2620 
2621 static void
2622 nfsd4_encode_stateid(struct nfsd4_compoundres *resp, stateid_t *sid)
2623 {
2624 	__be32 *p;
2625 
2626 	RESERVE_SPACE(sizeof(stateid_t));
2627 	WRITE32(sid->si_generation);
2628 	WRITEMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
2629 	ADJUST_ARGS();
2630 }
2631 
2632 static __be32
2633 nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
2634 {
2635 	__be32 *p;
2636 
2637 	if (!nfserr) {
2638 		RESERVE_SPACE(8);
2639 		WRITE32(access->ac_supported);
2640 		WRITE32(access->ac_resp_access);
2641 		ADJUST_ARGS();
2642 	}
2643 	return nfserr;
2644 }
2645 
2646 static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
2647 {
2648 	__be32 *p;
2649 
2650 	if (!nfserr) {
2651 		RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 8);
2652 		WRITEMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
2653 		WRITE32(bcts->dir);
2654 		/* Sorry, we do not yet support RDMA over 4.1: */
2655 		WRITE32(0);
2656 		ADJUST_ARGS();
2657 	}
2658 	return nfserr;
2659 }
2660 
2661 static __be32
2662 nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
2663 {
2664 	ENCODE_SEQID_OP_HEAD;
2665 
2666 	if (!nfserr)
2667 		nfsd4_encode_stateid(resp, &close->cl_stateid);
2668 
2669 	encode_seqid_op_tail(resp, save, nfserr);
2670 	return nfserr;
2671 }
2672 
2673 
2674 static __be32
2675 nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
2676 {
2677 	__be32 *p;
2678 
2679 	if (!nfserr) {
2680 		RESERVE_SPACE(NFS4_VERIFIER_SIZE);
2681 		WRITEMEM(commit->co_verf.data, NFS4_VERIFIER_SIZE);
2682 		ADJUST_ARGS();
2683 	}
2684 	return nfserr;
2685 }
2686 
2687 static __be32
2688 nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
2689 {
2690 	__be32 *p;
2691 
2692 	if (!nfserr) {
2693 		RESERVE_SPACE(32);
2694 		write_cinfo(&p, &create->cr_cinfo);
2695 		WRITE32(2);
2696 		WRITE32(create->cr_bmval[0]);
2697 		WRITE32(create->cr_bmval[1]);
2698 		ADJUST_ARGS();
2699 	}
2700 	return nfserr;
2701 }
2702 
2703 static __be32
2704 nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
2705 {
2706 	struct svc_fh *fhp = getattr->ga_fhp;
2707 	int buflen;
2708 
2709 	if (nfserr)
2710 		return nfserr;
2711 
2712 	buflen = resp->end - resp->p - (COMPOUND_ERR_SLACK_SPACE >> 2);
2713 	nfserr = nfsd4_encode_fattr(fhp, fhp->fh_export, fhp->fh_dentry,
2714 				    &resp->p, buflen, getattr->ga_bmval,
2715 				    resp->rqstp, 0);
2716 	return nfserr;
2717 }
2718 
2719 static __be32
2720 nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
2721 {
2722 	struct svc_fh *fhp = *fhpp;
2723 	unsigned int len;
2724 	__be32 *p;
2725 
2726 	if (!nfserr) {
2727 		len = fhp->fh_handle.fh_size;
2728 		RESERVE_SPACE(len + 4);
2729 		WRITE32(len);
2730 		WRITEMEM(&fhp->fh_handle.fh_base, len);
2731 		ADJUST_ARGS();
2732 	}
2733 	return nfserr;
2734 }
2735 
2736 /*
2737 * Including all fields other than the name, a LOCK4denied structure requires
2738 *   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
2739 */
2740 static void
2741 nfsd4_encode_lock_denied(struct nfsd4_compoundres *resp, struct nfsd4_lock_denied *ld)
2742 {
2743 	struct xdr_netobj *conf = &ld->ld_owner;
2744 	__be32 *p;
2745 
2746 	RESERVE_SPACE(32 + XDR_LEN(conf->len));
2747 	WRITE64(ld->ld_start);
2748 	WRITE64(ld->ld_length);
2749 	WRITE32(ld->ld_type);
2750 	if (conf->len) {
2751 		WRITEMEM(&ld->ld_clientid, 8);
2752 		WRITE32(conf->len);
2753 		WRITEMEM(conf->data, conf->len);
2754 		kfree(conf->data);
2755 	}  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
2756 		WRITE64((u64)0); /* clientid */
2757 		WRITE32(0); /* length of owner name */
2758 	}
2759 	ADJUST_ARGS();
2760 }
2761 
2762 static __be32
2763 nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
2764 {
2765 	ENCODE_SEQID_OP_HEAD;
2766 
2767 	if (!nfserr)
2768 		nfsd4_encode_stateid(resp, &lock->lk_resp_stateid);
2769 	else if (nfserr == nfserr_denied)
2770 		nfsd4_encode_lock_denied(resp, &lock->lk_denied);
2771 
2772 	encode_seqid_op_tail(resp, save, nfserr);
2773 	return nfserr;
2774 }
2775 
2776 static __be32
2777 nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
2778 {
2779 	if (nfserr == nfserr_denied)
2780 		nfsd4_encode_lock_denied(resp, &lockt->lt_denied);
2781 	return nfserr;
2782 }
2783 
2784 static __be32
2785 nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
2786 {
2787 	ENCODE_SEQID_OP_HEAD;
2788 
2789 	if (!nfserr)
2790 		nfsd4_encode_stateid(resp, &locku->lu_stateid);
2791 
2792 	encode_seqid_op_tail(resp, save, nfserr);
2793 	return nfserr;
2794 }
2795 
2796 
2797 static __be32
2798 nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
2799 {
2800 	__be32 *p;
2801 
2802 	if (!nfserr) {
2803 		RESERVE_SPACE(20);
2804 		write_cinfo(&p, &link->li_cinfo);
2805 		ADJUST_ARGS();
2806 	}
2807 	return nfserr;
2808 }
2809 
2810 
2811 static __be32
2812 nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
2813 {
2814 	__be32 *p;
2815 	ENCODE_SEQID_OP_HEAD;
2816 
2817 	if (nfserr)
2818 		goto out;
2819 
2820 	nfsd4_encode_stateid(resp, &open->op_stateid);
2821 	RESERVE_SPACE(40);
2822 	write_cinfo(&p, &open->op_cinfo);
2823 	WRITE32(open->op_rflags);
2824 	WRITE32(2);
2825 	WRITE32(open->op_bmval[0]);
2826 	WRITE32(open->op_bmval[1]);
2827 	WRITE32(open->op_delegate_type);
2828 	ADJUST_ARGS();
2829 
2830 	switch (open->op_delegate_type) {
2831 	case NFS4_OPEN_DELEGATE_NONE:
2832 		break;
2833 	case NFS4_OPEN_DELEGATE_READ:
2834 		nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2835 		RESERVE_SPACE(20);
2836 		WRITE32(open->op_recall);
2837 
2838 		/*
2839 		 * TODO: ACE's in delegations
2840 		 */
2841 		WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2842 		WRITE32(0);
2843 		WRITE32(0);
2844 		WRITE32(0);   /* XXX: is NULL principal ok? */
2845 		ADJUST_ARGS();
2846 		break;
2847 	case NFS4_OPEN_DELEGATE_WRITE:
2848 		nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2849 		RESERVE_SPACE(32);
2850 		WRITE32(0);
2851 
2852 		/*
2853 		 * TODO: space_limit's in delegations
2854 		 */
2855 		WRITE32(NFS4_LIMIT_SIZE);
2856 		WRITE32(~(u32)0);
2857 		WRITE32(~(u32)0);
2858 
2859 		/*
2860 		 * TODO: ACE's in delegations
2861 		 */
2862 		WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2863 		WRITE32(0);
2864 		WRITE32(0);
2865 		WRITE32(0);   /* XXX: is NULL principal ok? */
2866 		ADJUST_ARGS();
2867 		break;
2868 	case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
2869 		switch (open->op_why_no_deleg) {
2870 		case WND4_CONTENTION:
2871 		case WND4_RESOURCE:
2872 			RESERVE_SPACE(8);
2873 			WRITE32(open->op_why_no_deleg);
2874 			WRITE32(0);	/* deleg signaling not supported yet */
2875 			break;
2876 		default:
2877 			RESERVE_SPACE(4);
2878 			WRITE32(open->op_why_no_deleg);
2879 		}
2880 		ADJUST_ARGS();
2881 		break;
2882 	default:
2883 		BUG();
2884 	}
2885 	/* XXX save filehandle here */
2886 out:
2887 	encode_seqid_op_tail(resp, save, nfserr);
2888 	return nfserr;
2889 }
2890 
2891 static __be32
2892 nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
2893 {
2894 	ENCODE_SEQID_OP_HEAD;
2895 
2896 	if (!nfserr)
2897 		nfsd4_encode_stateid(resp, &oc->oc_resp_stateid);
2898 
2899 	encode_seqid_op_tail(resp, save, nfserr);
2900 	return nfserr;
2901 }
2902 
2903 static __be32
2904 nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
2905 {
2906 	ENCODE_SEQID_OP_HEAD;
2907 
2908 	if (!nfserr)
2909 		nfsd4_encode_stateid(resp, &od->od_stateid);
2910 
2911 	encode_seqid_op_tail(resp, save, nfserr);
2912 	return nfserr;
2913 }
2914 
2915 static __be32
2916 nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
2917 		  struct nfsd4_read *read)
2918 {
2919 	u32 eof;
2920 	int v;
2921 	struct page *page;
2922 	unsigned long maxcount;
2923 	long len;
2924 	__be32 *p;
2925 
2926 	if (nfserr)
2927 		return nfserr;
2928 	if (resp->xbuf->page_len)
2929 		return nfserr_resource;
2930 
2931 	RESERVE_SPACE(8); /* eof flag and byte count */
2932 
2933 	maxcount = svc_max_payload(resp->rqstp);
2934 	if (maxcount > read->rd_length)
2935 		maxcount = read->rd_length;
2936 
2937 	len = maxcount;
2938 	v = 0;
2939 	while (len > 0) {
2940 		page = *(resp->rqstp->rq_next_page);
2941 		if (!page) { /* ran out of pages */
2942 			maxcount -= len;
2943 			break;
2944 		}
2945 		resp->rqstp->rq_vec[v].iov_base = page_address(page);
2946 		resp->rqstp->rq_vec[v].iov_len =
2947 			len < PAGE_SIZE ? len : PAGE_SIZE;
2948 		resp->rqstp->rq_next_page++;
2949 		v++;
2950 		len -= PAGE_SIZE;
2951 	}
2952 	read->rd_vlen = v;
2953 
2954 	nfserr = nfsd_read_file(read->rd_rqstp, read->rd_fhp, read->rd_filp,
2955 			read->rd_offset, resp->rqstp->rq_vec, read->rd_vlen,
2956 			&maxcount);
2957 
2958 	if (nfserr)
2959 		return nfserr;
2960 	eof = (read->rd_offset + maxcount >=
2961 	       read->rd_fhp->fh_dentry->d_inode->i_size);
2962 
2963 	WRITE32(eof);
2964 	WRITE32(maxcount);
2965 	ADJUST_ARGS();
2966 	resp->xbuf->head[0].iov_len = (char*)p
2967 					- (char*)resp->xbuf->head[0].iov_base;
2968 	resp->xbuf->page_len = maxcount;
2969 
2970 	/* Use rest of head for padding and remaining ops: */
2971 	resp->xbuf->tail[0].iov_base = p;
2972 	resp->xbuf->tail[0].iov_len = 0;
2973 	if (maxcount&3) {
2974 		RESERVE_SPACE(4);
2975 		WRITE32(0);
2976 		resp->xbuf->tail[0].iov_base += maxcount&3;
2977 		resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
2978 		ADJUST_ARGS();
2979 	}
2980 	return 0;
2981 }
2982 
2983 static __be32
2984 nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
2985 {
2986 	int maxcount;
2987 	char *page;
2988 	__be32 *p;
2989 
2990 	if (nfserr)
2991 		return nfserr;
2992 	if (resp->xbuf->page_len)
2993 		return nfserr_resource;
2994 	if (!*resp->rqstp->rq_next_page)
2995 		return nfserr_resource;
2996 
2997 	page = page_address(*(resp->rqstp->rq_next_page++));
2998 
2999 	maxcount = PAGE_SIZE;
3000 	RESERVE_SPACE(4);
3001 
3002 	/*
3003 	 * XXX: By default, the ->readlink() VFS op will truncate symlinks
3004 	 * if they would overflow the buffer.  Is this kosher in NFSv4?  If
3005 	 * not, one easy fix is: if ->readlink() precisely fills the buffer,
3006 	 * assume that truncation occurred, and return NFS4ERR_RESOURCE.
3007 	 */
3008 	nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp, page, &maxcount);
3009 	if (nfserr == nfserr_isdir)
3010 		return nfserr_inval;
3011 	if (nfserr)
3012 		return nfserr;
3013 
3014 	WRITE32(maxcount);
3015 	ADJUST_ARGS();
3016 	resp->xbuf->head[0].iov_len = (char*)p
3017 				- (char*)resp->xbuf->head[0].iov_base;
3018 	resp->xbuf->page_len = maxcount;
3019 
3020 	/* Use rest of head for padding and remaining ops: */
3021 	resp->xbuf->tail[0].iov_base = p;
3022 	resp->xbuf->tail[0].iov_len = 0;
3023 	if (maxcount&3) {
3024 		RESERVE_SPACE(4);
3025 		WRITE32(0);
3026 		resp->xbuf->tail[0].iov_base += maxcount&3;
3027 		resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
3028 		ADJUST_ARGS();
3029 	}
3030 	return 0;
3031 }
3032 
3033 static __be32
3034 nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3035 {
3036 	int maxcount;
3037 	loff_t offset;
3038 	__be32 *page, *savep, *tailbase;
3039 	__be32 *p;
3040 
3041 	if (nfserr)
3042 		return nfserr;
3043 	if (resp->xbuf->page_len)
3044 		return nfserr_resource;
3045 	if (!*resp->rqstp->rq_next_page)
3046 		return nfserr_resource;
3047 
3048 	RESERVE_SPACE(NFS4_VERIFIER_SIZE);
3049 	savep = p;
3050 
3051 	/* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3052 	WRITE32(0);
3053 	WRITE32(0);
3054 	ADJUST_ARGS();
3055 	resp->xbuf->head[0].iov_len = ((char*)resp->p) - (char*)resp->xbuf->head[0].iov_base;
3056 	tailbase = p;
3057 
3058 	maxcount = PAGE_SIZE;
3059 	if (maxcount > readdir->rd_maxcount)
3060 		maxcount = readdir->rd_maxcount;
3061 
3062 	/*
3063 	 * Convert from bytes to words, account for the two words already
3064 	 * written, make sure to leave two words at the end for the next
3065 	 * pointer and eof field.
3066 	 */
3067 	maxcount = (maxcount >> 2) - 4;
3068 	if (maxcount < 0) {
3069 		nfserr =  nfserr_toosmall;
3070 		goto err_no_verf;
3071 	}
3072 
3073 	page = page_address(*(resp->rqstp->rq_next_page++));
3074 	readdir->common.err = 0;
3075 	readdir->buflen = maxcount;
3076 	readdir->buffer = page;
3077 	readdir->offset = NULL;
3078 
3079 	offset = readdir->rd_cookie;
3080 	nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3081 			      &offset,
3082 			      &readdir->common, nfsd4_encode_dirent);
3083 	if (nfserr == nfs_ok &&
3084 	    readdir->common.err == nfserr_toosmall &&
3085 	    readdir->buffer == page)
3086 		nfserr = nfserr_toosmall;
3087 	if (nfserr)
3088 		goto err_no_verf;
3089 
3090 	if (readdir->offset)
3091 		xdr_encode_hyper(readdir->offset, offset);
3092 
3093 	p = readdir->buffer;
3094 	*p++ = 0;	/* no more entries */
3095 	*p++ = htonl(readdir->common.err == nfserr_eof);
3096 	resp->xbuf->page_len = ((char*)p) -
3097 		(char*)page_address(*(resp->rqstp->rq_next_page-1));
3098 
3099 	/* Use rest of head for padding and remaining ops: */
3100 	resp->xbuf->tail[0].iov_base = tailbase;
3101 	resp->xbuf->tail[0].iov_len = 0;
3102 	resp->p = resp->xbuf->tail[0].iov_base;
3103 	resp->end = resp->p + (PAGE_SIZE - resp->xbuf->head[0].iov_len)/4;
3104 
3105 	return 0;
3106 err_no_verf:
3107 	p = savep;
3108 	ADJUST_ARGS();
3109 	return nfserr;
3110 }
3111 
3112 static __be32
3113 nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3114 {
3115 	__be32 *p;
3116 
3117 	if (!nfserr) {
3118 		RESERVE_SPACE(20);
3119 		write_cinfo(&p, &remove->rm_cinfo);
3120 		ADJUST_ARGS();
3121 	}
3122 	return nfserr;
3123 }
3124 
3125 static __be32
3126 nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3127 {
3128 	__be32 *p;
3129 
3130 	if (!nfserr) {
3131 		RESERVE_SPACE(40);
3132 		write_cinfo(&p, &rename->rn_sinfo);
3133 		write_cinfo(&p, &rename->rn_tinfo);
3134 		ADJUST_ARGS();
3135 	}
3136 	return nfserr;
3137 }
3138 
3139 static __be32
3140 nfsd4_do_encode_secinfo(struct nfsd4_compoundres *resp,
3141 			 __be32 nfserr,struct svc_export *exp)
3142 {
3143 	int i = 0;
3144 	u32 nflavs;
3145 	struct exp_flavor_info *flavs;
3146 	struct exp_flavor_info def_flavs[2];
3147 	__be32 *p;
3148 
3149 	if (nfserr)
3150 		goto out;
3151 	if (exp->ex_nflavors) {
3152 		flavs = exp->ex_flavors;
3153 		nflavs = exp->ex_nflavors;
3154 	} else { /* Handling of some defaults in absence of real secinfo: */
3155 		flavs = def_flavs;
3156 		if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3157 			nflavs = 2;
3158 			flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3159 			flavs[1].pseudoflavor = RPC_AUTH_NULL;
3160 		} else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
3161 			nflavs = 1;
3162 			flavs[0].pseudoflavor
3163 					= svcauth_gss_flavor(exp->ex_client);
3164 		} else {
3165 			nflavs = 1;
3166 			flavs[0].pseudoflavor
3167 					= exp->ex_client->flavour->flavour;
3168 		}
3169 	}
3170 
3171 	RESERVE_SPACE(4);
3172 	WRITE32(nflavs);
3173 	ADJUST_ARGS();
3174 	for (i = 0; i < nflavs; i++) {
3175 		u32 flav = flavs[i].pseudoflavor;
3176 		struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
3177 
3178 		if (gm) {
3179 			RESERVE_SPACE(4);
3180 			WRITE32(RPC_AUTH_GSS);
3181 			ADJUST_ARGS();
3182 			RESERVE_SPACE(4 + gm->gm_oid.len);
3183 			WRITE32(gm->gm_oid.len);
3184 			WRITEMEM(gm->gm_oid.data, gm->gm_oid.len);
3185 			ADJUST_ARGS();
3186 			RESERVE_SPACE(4);
3187 			WRITE32(0); /* qop */
3188 			ADJUST_ARGS();
3189 			RESERVE_SPACE(4);
3190 			WRITE32(gss_pseudoflavor_to_service(gm, flav));
3191 			ADJUST_ARGS();
3192 			gss_mech_put(gm);
3193 		} else {
3194 			RESERVE_SPACE(4);
3195 			WRITE32(flav);
3196 			ADJUST_ARGS();
3197 		}
3198 	}
3199 out:
3200 	if (exp)
3201 		exp_put(exp);
3202 	return nfserr;
3203 }
3204 
3205 static __be32
3206 nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
3207 		     struct nfsd4_secinfo *secinfo)
3208 {
3209 	return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->si_exp);
3210 }
3211 
3212 static __be32
3213 nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
3214 		     struct nfsd4_secinfo_no_name *secinfo)
3215 {
3216 	return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->sin_exp);
3217 }
3218 
3219 /*
3220  * The SETATTR encode routine is special -- it always encodes a bitmap,
3221  * regardless of the error status.
3222  */
3223 static __be32
3224 nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
3225 {
3226 	__be32 *p;
3227 
3228 	RESERVE_SPACE(12);
3229 	if (nfserr) {
3230 		WRITE32(2);
3231 		WRITE32(0);
3232 		WRITE32(0);
3233 	}
3234 	else {
3235 		WRITE32(2);
3236 		WRITE32(setattr->sa_bmval[0]);
3237 		WRITE32(setattr->sa_bmval[1]);
3238 	}
3239 	ADJUST_ARGS();
3240 	return nfserr;
3241 }
3242 
3243 static __be32
3244 nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
3245 {
3246 	__be32 *p;
3247 
3248 	if (!nfserr) {
3249 		RESERVE_SPACE(8 + NFS4_VERIFIER_SIZE);
3250 		WRITEMEM(&scd->se_clientid, 8);
3251 		WRITEMEM(&scd->se_confirm, NFS4_VERIFIER_SIZE);
3252 		ADJUST_ARGS();
3253 	}
3254 	else if (nfserr == nfserr_clid_inuse) {
3255 		RESERVE_SPACE(8);
3256 		WRITE32(0);
3257 		WRITE32(0);
3258 		ADJUST_ARGS();
3259 	}
3260 	return nfserr;
3261 }
3262 
3263 static __be32
3264 nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
3265 {
3266 	__be32 *p;
3267 
3268 	if (!nfserr) {
3269 		RESERVE_SPACE(16);
3270 		WRITE32(write->wr_bytes_written);
3271 		WRITE32(write->wr_how_written);
3272 		WRITEMEM(write->wr_verifier.data, NFS4_VERIFIER_SIZE);
3273 		ADJUST_ARGS();
3274 	}
3275 	return nfserr;
3276 }
3277 
3278 static __be32
3279 nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
3280 			 struct nfsd4_exchange_id *exid)
3281 {
3282 	__be32 *p;
3283 	char *major_id;
3284 	char *server_scope;
3285 	int major_id_sz;
3286 	int server_scope_sz;
3287 	uint64_t minor_id = 0;
3288 
3289 	if (nfserr)
3290 		return nfserr;
3291 
3292 	major_id = utsname()->nodename;
3293 	major_id_sz = strlen(major_id);
3294 	server_scope = utsname()->nodename;
3295 	server_scope_sz = strlen(server_scope);
3296 
3297 	RESERVE_SPACE(
3298 		8 /* eir_clientid */ +
3299 		4 /* eir_sequenceid */ +
3300 		4 /* eir_flags */ +
3301 		4 /* spr_how (SP4_NONE) */ +
3302 		8 /* so_minor_id */ +
3303 		4 /* so_major_id.len */ +
3304 		(XDR_QUADLEN(major_id_sz) * 4) +
3305 		4 /* eir_server_scope.len */ +
3306 		(XDR_QUADLEN(server_scope_sz) * 4) +
3307 		4 /* eir_server_impl_id.count (0) */);
3308 
3309 	WRITEMEM(&exid->clientid, 8);
3310 	WRITE32(exid->seqid);
3311 	WRITE32(exid->flags);
3312 
3313 	/* state_protect4_r. Currently only support SP4_NONE */
3314 	BUG_ON(exid->spa_how != SP4_NONE);
3315 	WRITE32(exid->spa_how);
3316 
3317 	/* The server_owner struct */
3318 	WRITE64(minor_id);      /* Minor id */
3319 	/* major id */
3320 	WRITE32(major_id_sz);
3321 	WRITEMEM(major_id, major_id_sz);
3322 
3323 	/* Server scope */
3324 	WRITE32(server_scope_sz);
3325 	WRITEMEM(server_scope, server_scope_sz);
3326 
3327 	/* Implementation id */
3328 	WRITE32(0);	/* zero length nfs_impl_id4 array */
3329 	ADJUST_ARGS();
3330 	return 0;
3331 }
3332 
3333 static __be32
3334 nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3335 			    struct nfsd4_create_session *sess)
3336 {
3337 	__be32 *p;
3338 
3339 	if (nfserr)
3340 		return nfserr;
3341 
3342 	RESERVE_SPACE(24);
3343 	WRITEMEM(sess->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3344 	WRITE32(sess->seqid);
3345 	WRITE32(sess->flags);
3346 	ADJUST_ARGS();
3347 
3348 	RESERVE_SPACE(28);
3349 	WRITE32(0); /* headerpadsz */
3350 	WRITE32(sess->fore_channel.maxreq_sz);
3351 	WRITE32(sess->fore_channel.maxresp_sz);
3352 	WRITE32(sess->fore_channel.maxresp_cached);
3353 	WRITE32(sess->fore_channel.maxops);
3354 	WRITE32(sess->fore_channel.maxreqs);
3355 	WRITE32(sess->fore_channel.nr_rdma_attrs);
3356 	ADJUST_ARGS();
3357 
3358 	if (sess->fore_channel.nr_rdma_attrs) {
3359 		RESERVE_SPACE(4);
3360 		WRITE32(sess->fore_channel.rdma_attrs);
3361 		ADJUST_ARGS();
3362 	}
3363 
3364 	RESERVE_SPACE(28);
3365 	WRITE32(0); /* headerpadsz */
3366 	WRITE32(sess->back_channel.maxreq_sz);
3367 	WRITE32(sess->back_channel.maxresp_sz);
3368 	WRITE32(sess->back_channel.maxresp_cached);
3369 	WRITE32(sess->back_channel.maxops);
3370 	WRITE32(sess->back_channel.maxreqs);
3371 	WRITE32(sess->back_channel.nr_rdma_attrs);
3372 	ADJUST_ARGS();
3373 
3374 	if (sess->back_channel.nr_rdma_attrs) {
3375 		RESERVE_SPACE(4);
3376 		WRITE32(sess->back_channel.rdma_attrs);
3377 		ADJUST_ARGS();
3378 	}
3379 	return 0;
3380 }
3381 
3382 static __be32
3383 nfsd4_encode_destroy_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3384 			     struct nfsd4_destroy_session *destroy_session)
3385 {
3386 	return nfserr;
3387 }
3388 
3389 static __be32
3390 nfsd4_encode_free_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3391 			  struct nfsd4_free_stateid *free_stateid)
3392 {
3393 	__be32 *p;
3394 
3395 	if (nfserr)
3396 		return nfserr;
3397 
3398 	RESERVE_SPACE(4);
3399 	*p++ = nfserr;
3400 	ADJUST_ARGS();
3401 	return nfserr;
3402 }
3403 
3404 static __be32
3405 nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
3406 		      struct nfsd4_sequence *seq)
3407 {
3408 	__be32 *p;
3409 
3410 	if (nfserr)
3411 		return nfserr;
3412 
3413 	RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 20);
3414 	WRITEMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3415 	WRITE32(seq->seqid);
3416 	WRITE32(seq->slotid);
3417 	/* Note slotid's are numbered from zero: */
3418 	WRITE32(seq->maxslots - 1); /* sr_highest_slotid */
3419 	WRITE32(seq->maxslots - 1); /* sr_target_highest_slotid */
3420 	WRITE32(seq->status_flags);
3421 
3422 	ADJUST_ARGS();
3423 	resp->cstate.datap = p; /* DRC cache data pointer */
3424 	return 0;
3425 }
3426 
3427 static __be32
3428 nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3429 			  struct nfsd4_test_stateid *test_stateid)
3430 {
3431 	struct nfsd4_test_stateid_id *stateid, *next;
3432 	__be32 *p;
3433 
3434 	RESERVE_SPACE(4 + (4 * test_stateid->ts_num_ids));
3435 	*p++ = htonl(test_stateid->ts_num_ids);
3436 
3437 	list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
3438 		*p++ = stateid->ts_id_status;
3439 	}
3440 
3441 	ADJUST_ARGS();
3442 	return nfserr;
3443 }
3444 
3445 static __be32
3446 nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
3447 {
3448 	return nfserr;
3449 }
3450 
3451 typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
3452 
3453 /*
3454  * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
3455  * since we don't need to filter out obsolete ops as this is
3456  * done in the decoding phase.
3457  */
3458 static nfsd4_enc nfsd4_enc_ops[] = {
3459 	[OP_ACCESS]		= (nfsd4_enc)nfsd4_encode_access,
3460 	[OP_CLOSE]		= (nfsd4_enc)nfsd4_encode_close,
3461 	[OP_COMMIT]		= (nfsd4_enc)nfsd4_encode_commit,
3462 	[OP_CREATE]		= (nfsd4_enc)nfsd4_encode_create,
3463 	[OP_DELEGPURGE]		= (nfsd4_enc)nfsd4_encode_noop,
3464 	[OP_DELEGRETURN]	= (nfsd4_enc)nfsd4_encode_noop,
3465 	[OP_GETATTR]		= (nfsd4_enc)nfsd4_encode_getattr,
3466 	[OP_GETFH]		= (nfsd4_enc)nfsd4_encode_getfh,
3467 	[OP_LINK]		= (nfsd4_enc)nfsd4_encode_link,
3468 	[OP_LOCK]		= (nfsd4_enc)nfsd4_encode_lock,
3469 	[OP_LOCKT]		= (nfsd4_enc)nfsd4_encode_lockt,
3470 	[OP_LOCKU]		= (nfsd4_enc)nfsd4_encode_locku,
3471 	[OP_LOOKUP]		= (nfsd4_enc)nfsd4_encode_noop,
3472 	[OP_LOOKUPP]		= (nfsd4_enc)nfsd4_encode_noop,
3473 	[OP_NVERIFY]		= (nfsd4_enc)nfsd4_encode_noop,
3474 	[OP_OPEN]		= (nfsd4_enc)nfsd4_encode_open,
3475 	[OP_OPENATTR]		= (nfsd4_enc)nfsd4_encode_noop,
3476 	[OP_OPEN_CONFIRM]	= (nfsd4_enc)nfsd4_encode_open_confirm,
3477 	[OP_OPEN_DOWNGRADE]	= (nfsd4_enc)nfsd4_encode_open_downgrade,
3478 	[OP_PUTFH]		= (nfsd4_enc)nfsd4_encode_noop,
3479 	[OP_PUTPUBFH]		= (nfsd4_enc)nfsd4_encode_noop,
3480 	[OP_PUTROOTFH]		= (nfsd4_enc)nfsd4_encode_noop,
3481 	[OP_READ]		= (nfsd4_enc)nfsd4_encode_read,
3482 	[OP_READDIR]		= (nfsd4_enc)nfsd4_encode_readdir,
3483 	[OP_READLINK]		= (nfsd4_enc)nfsd4_encode_readlink,
3484 	[OP_REMOVE]		= (nfsd4_enc)nfsd4_encode_remove,
3485 	[OP_RENAME]		= (nfsd4_enc)nfsd4_encode_rename,
3486 	[OP_RENEW]		= (nfsd4_enc)nfsd4_encode_noop,
3487 	[OP_RESTOREFH]		= (nfsd4_enc)nfsd4_encode_noop,
3488 	[OP_SAVEFH]		= (nfsd4_enc)nfsd4_encode_noop,
3489 	[OP_SECINFO]		= (nfsd4_enc)nfsd4_encode_secinfo,
3490 	[OP_SETATTR]		= (nfsd4_enc)nfsd4_encode_setattr,
3491 	[OP_SETCLIENTID]	= (nfsd4_enc)nfsd4_encode_setclientid,
3492 	[OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
3493 	[OP_VERIFY]		= (nfsd4_enc)nfsd4_encode_noop,
3494 	[OP_WRITE]		= (nfsd4_enc)nfsd4_encode_write,
3495 	[OP_RELEASE_LOCKOWNER]	= (nfsd4_enc)nfsd4_encode_noop,
3496 
3497 	/* NFSv4.1 operations */
3498 	[OP_BACKCHANNEL_CTL]	= (nfsd4_enc)nfsd4_encode_noop,
3499 	[OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
3500 	[OP_EXCHANGE_ID]	= (nfsd4_enc)nfsd4_encode_exchange_id,
3501 	[OP_CREATE_SESSION]	= (nfsd4_enc)nfsd4_encode_create_session,
3502 	[OP_DESTROY_SESSION]	= (nfsd4_enc)nfsd4_encode_destroy_session,
3503 	[OP_FREE_STATEID]	= (nfsd4_enc)nfsd4_encode_free_stateid,
3504 	[OP_GET_DIR_DELEGATION]	= (nfsd4_enc)nfsd4_encode_noop,
3505 	[OP_GETDEVICEINFO]	= (nfsd4_enc)nfsd4_encode_noop,
3506 	[OP_GETDEVICELIST]	= (nfsd4_enc)nfsd4_encode_noop,
3507 	[OP_LAYOUTCOMMIT]	= (nfsd4_enc)nfsd4_encode_noop,
3508 	[OP_LAYOUTGET]		= (nfsd4_enc)nfsd4_encode_noop,
3509 	[OP_LAYOUTRETURN]	= (nfsd4_enc)nfsd4_encode_noop,
3510 	[OP_SECINFO_NO_NAME]	= (nfsd4_enc)nfsd4_encode_secinfo_no_name,
3511 	[OP_SEQUENCE]		= (nfsd4_enc)nfsd4_encode_sequence,
3512 	[OP_SET_SSV]		= (nfsd4_enc)nfsd4_encode_noop,
3513 	[OP_TEST_STATEID]	= (nfsd4_enc)nfsd4_encode_test_stateid,
3514 	[OP_WANT_DELEGATION]	= (nfsd4_enc)nfsd4_encode_noop,
3515 	[OP_DESTROY_CLIENTID]	= (nfsd4_enc)nfsd4_encode_noop,
3516 	[OP_RECLAIM_COMPLETE]	= (nfsd4_enc)nfsd4_encode_noop,
3517 };
3518 
3519 /*
3520  * Calculate the total amount of memory that the compound response has taken
3521  * after encoding the current operation with pad.
3522  *
3523  * pad: if operation is non-idempotent, pad was calculate by op_rsize_bop()
3524  *      which was specified at nfsd4_operation, else pad is zero.
3525  *
3526  * Compare this length to the session se_fmaxresp_sz and se_fmaxresp_cached.
3527  *
3528  * Our se_fmaxresp_cached will always be a multiple of PAGE_SIZE, and so
3529  * will be at least a page and will therefore hold the xdr_buf head.
3530  */
3531 __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 pad)
3532 {
3533 	struct xdr_buf *xb = &resp->rqstp->rq_res;
3534 	struct nfsd4_session *session = NULL;
3535 	struct nfsd4_slot *slot = resp->cstate.slot;
3536 	u32 length, tlen = 0;
3537 
3538 	if (!nfsd4_has_session(&resp->cstate))
3539 		return 0;
3540 
3541 	session = resp->cstate.session;
3542 	if (session == NULL)
3543 		return 0;
3544 
3545 	if (xb->page_len == 0) {
3546 		length = (char *)resp->p - (char *)xb->head[0].iov_base + pad;
3547 	} else {
3548 		if (xb->tail[0].iov_base && xb->tail[0].iov_len > 0)
3549 			tlen = (char *)resp->p - (char *)xb->tail[0].iov_base;
3550 
3551 		length = xb->head[0].iov_len + xb->page_len + tlen + pad;
3552 	}
3553 	dprintk("%s length %u, xb->page_len %u tlen %u pad %u\n", __func__,
3554 		length, xb->page_len, tlen, pad);
3555 
3556 	if (length > session->se_fchannel.maxresp_sz)
3557 		return nfserr_rep_too_big;
3558 
3559 	if ((slot->sl_flags & NFSD4_SLOT_CACHETHIS) &&
3560 	    length > session->se_fchannel.maxresp_cached)
3561 		return nfserr_rep_too_big_to_cache;
3562 
3563 	return 0;
3564 }
3565 
3566 void
3567 nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3568 {
3569 	__be32 *statp;
3570 	__be32 *p;
3571 
3572 	RESERVE_SPACE(8);
3573 	WRITE32(op->opnum);
3574 	statp = p++;	/* to be backfilled at the end */
3575 	ADJUST_ARGS();
3576 
3577 	if (op->opnum == OP_ILLEGAL)
3578 		goto status;
3579 	BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
3580 	       !nfsd4_enc_ops[op->opnum]);
3581 	op->status = nfsd4_enc_ops[op->opnum](resp, op->status, &op->u);
3582 	/* nfsd4_check_drc_limit guarantees enough room for error status */
3583 	if (!op->status)
3584 		op->status = nfsd4_check_resp_size(resp, 0);
3585 status:
3586 	/*
3587 	 * Note: We write the status directly, instead of using WRITE32(),
3588 	 * since it is already in network byte order.
3589 	 */
3590 	*statp = op->status;
3591 }
3592 
3593 /*
3594  * Encode the reply stored in the stateowner reply cache
3595  *
3596  * XDR note: do not encode rp->rp_buflen: the buffer contains the
3597  * previously sent already encoded operation.
3598  *
3599  * called with nfs4_lock_state() held
3600  */
3601 void
3602 nfsd4_encode_replay(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3603 {
3604 	__be32 *p;
3605 	struct nfs4_replay *rp = op->replay;
3606 
3607 	BUG_ON(!rp);
3608 
3609 	RESERVE_SPACE(8);
3610 	WRITE32(op->opnum);
3611 	*p++ = rp->rp_status;  /* already xdr'ed */
3612 	ADJUST_ARGS();
3613 
3614 	RESERVE_SPACE(rp->rp_buflen);
3615 	WRITEMEM(rp->rp_buf, rp->rp_buflen);
3616 	ADJUST_ARGS();
3617 }
3618 
3619 int
3620 nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
3621 {
3622         return xdr_ressize_check(rqstp, p);
3623 }
3624 
3625 int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
3626 {
3627 	struct svc_rqst *rqstp = rq;
3628 	struct nfsd4_compoundargs *args = rqstp->rq_argp;
3629 
3630 	if (args->ops != args->iops) {
3631 		kfree(args->ops);
3632 		args->ops = args->iops;
3633 	}
3634 	kfree(args->tmpp);
3635 	args->tmpp = NULL;
3636 	while (args->to_free) {
3637 		struct tmpbuf *tb = args->to_free;
3638 		args->to_free = tb->next;
3639 		tb->release(tb->buf);
3640 		kfree(tb);
3641 	}
3642 	return 1;
3643 }
3644 
3645 int
3646 nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
3647 {
3648 	args->p = p;
3649 	args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
3650 	args->pagelist = rqstp->rq_arg.pages;
3651 	args->pagelen = rqstp->rq_arg.page_len;
3652 	args->tmpp = NULL;
3653 	args->to_free = NULL;
3654 	args->ops = args->iops;
3655 	args->rqstp = rqstp;
3656 
3657 	return !nfsd4_decode_compound(args);
3658 }
3659 
3660 int
3661 nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
3662 {
3663 	/*
3664 	 * All that remains is to write the tag and operation count...
3665 	 */
3666 	struct nfsd4_compound_state *cs = &resp->cstate;
3667 	struct kvec *iov;
3668 	p = resp->tagp;
3669 	*p++ = htonl(resp->taglen);
3670 	memcpy(p, resp->tag, resp->taglen);
3671 	p += XDR_QUADLEN(resp->taglen);
3672 	*p++ = htonl(resp->opcnt);
3673 
3674 	if (rqstp->rq_res.page_len)
3675 		iov = &rqstp->rq_res.tail[0];
3676 	else
3677 		iov = &rqstp->rq_res.head[0];
3678 	iov->iov_len = ((char*)resp->p) - (char*)iov->iov_base;
3679 	BUG_ON(iov->iov_len > PAGE_SIZE);
3680 	if (nfsd4_has_session(cs)) {
3681 		if (cs->status != nfserr_replay_cache) {
3682 			nfsd4_store_cache_entry(resp);
3683 			cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
3684 		}
3685 		/* Renew the clientid on success and on replay */
3686 		release_session_client(cs->session);
3687 		nfsd4_put_session(cs->session);
3688 	}
3689 	return 1;
3690 }
3691 
3692 /*
3693  * Local variables:
3694  *  c-basic-offset: 8
3695  * End:
3696  */
3697