1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * NFS server file handle treatment. |
4 | * |
5 | * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> |
6 | * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org> |
7 | * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999 |
8 | * ... and again Southern-Winter 2001 to support export_operations |
9 | */ |
10 | |
11 | #include <linux/exportfs.h> |
12 | |
13 | #include <linux/sunrpc/svcauth_gss.h> |
14 | #include "nfsd.h" |
15 | #include "vfs.h" |
16 | #include "auth.h" |
17 | #include "trace.h" |
18 | |
19 | #define NFSDDBG_FACILITY NFSDDBG_FH |
20 | |
21 | |
22 | /* |
23 | * our acceptability function. |
24 | * if NOSUBTREECHECK, accept anything |
25 | * if not, require that we can walk up to exp->ex_dentry |
26 | * doing some checks on the 'x' bits |
27 | */ |
28 | static int nfsd_acceptable(void *expv, struct dentry *dentry) |
29 | { |
30 | struct svc_export *exp = expv; |
31 | int rv; |
32 | struct dentry *tdentry; |
33 | struct dentry *parent; |
34 | |
35 | if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) |
36 | return 1; |
37 | |
38 | tdentry = dget(dentry); |
39 | while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) { |
40 | /* make sure parents give x permission to user */ |
41 | int err; |
42 | parent = dget_parent(dentry: tdentry); |
43 | err = inode_permission(&nop_mnt_idmap, |
44 | d_inode(dentry: parent), MAY_EXEC); |
45 | if (err < 0) { |
46 | dput(parent); |
47 | break; |
48 | } |
49 | dput(tdentry); |
50 | tdentry = parent; |
51 | } |
52 | if (tdentry != exp->ex_path.dentry) |
53 | dprintk("nfsd_acceptable failed at %p %pd\n" , tdentry, tdentry); |
54 | rv = (tdentry == exp->ex_path.dentry); |
55 | dput(tdentry); |
56 | return rv; |
57 | } |
58 | |
59 | /* Type check. The correct error return for type mismatches does not seem to be |
60 | * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a |
61 | * comment in the NFSv3 spec says this is incorrect (implementation notes for |
62 | * the write call). |
63 | */ |
64 | static inline __be32 |
65 | nfsd_mode_check(struct svc_rqst *rqstp, struct dentry *dentry, |
66 | umode_t requested) |
67 | { |
68 | umode_t mode = d_inode(dentry)->i_mode & S_IFMT; |
69 | |
70 | if (requested == 0) /* the caller doesn't care */ |
71 | return nfs_ok; |
72 | if (mode == requested) { |
73 | if (mode == S_IFDIR && !d_can_lookup(dentry)) { |
74 | WARN_ON_ONCE(1); |
75 | return nfserr_notdir; |
76 | } |
77 | return nfs_ok; |
78 | } |
79 | /* |
80 | * v4 has an error more specific than err_notdir which we should |
81 | * return in preference to err_notdir: |
82 | */ |
83 | if (rqstp->rq_vers == 4 && mode == S_IFLNK) |
84 | return nfserr_symlink; |
85 | if (requested == S_IFDIR) |
86 | return nfserr_notdir; |
87 | if (mode == S_IFDIR) |
88 | return nfserr_isdir; |
89 | return nfserr_inval; |
90 | } |
91 | |
92 | static bool nfsd_originating_port_ok(struct svc_rqst *rqstp, int flags) |
93 | { |
94 | if (flags & NFSEXP_INSECURE_PORT) |
95 | return true; |
96 | /* We don't require gss requests to use low ports: */ |
97 | if (rqstp->rq_cred.cr_flavor >= RPC_AUTH_GSS) |
98 | return true; |
99 | return test_bit(RQ_SECURE, &rqstp->rq_flags); |
100 | } |
101 | |
102 | static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp, |
103 | struct svc_export *exp) |
104 | { |
105 | int flags = nfsexp_flags(rqstp, exp); |
106 | |
107 | /* Check if the request originated from a secure port. */ |
108 | if (!nfsd_originating_port_ok(rqstp, flags)) { |
109 | RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); |
110 | dprintk("nfsd: request from insecure port %s!\n" , |
111 | svc_print_addr(rqstp, buf, sizeof(buf))); |
112 | return nfserr_perm; |
113 | } |
114 | |
115 | /* Set user creds for this exportpoint */ |
116 | return nfserrno(errno: nfsd_setuser(rqstp, exp)); |
117 | } |
118 | |
119 | static inline __be32 check_pseudo_root(struct svc_rqst *rqstp, |
120 | struct dentry *dentry, struct svc_export *exp) |
121 | { |
122 | if (!(exp->ex_flags & NFSEXP_V4ROOT)) |
123 | return nfs_ok; |
124 | /* |
125 | * v2/v3 clients have no need for the V4ROOT export--they use |
126 | * the mount protocl instead; also, further V4ROOT checks may be |
127 | * in v4-specific code, in which case v2/v3 clients could bypass |
128 | * them. |
129 | */ |
130 | if (!nfsd_v4client(rq: rqstp)) |
131 | return nfserr_stale; |
132 | /* |
133 | * We're exposing only the directories and symlinks that have to be |
134 | * traversed on the way to real exports: |
135 | */ |
136 | if (unlikely(!d_is_dir(dentry) && |
137 | !d_is_symlink(dentry))) |
138 | return nfserr_stale; |
139 | /* |
140 | * A pseudoroot export gives permission to access only one |
141 | * single directory; the kernel has to make another upcall |
142 | * before granting access to anything else under it: |
143 | */ |
144 | if (unlikely(dentry != exp->ex_path.dentry)) |
145 | return nfserr_stale; |
146 | return nfs_ok; |
147 | } |
148 | |
149 | /* |
150 | * Use the given filehandle to look up the corresponding export and |
151 | * dentry. On success, the results are used to set fh_export and |
152 | * fh_dentry. |
153 | */ |
154 | static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) |
155 | { |
156 | struct knfsd_fh *fh = &fhp->fh_handle; |
157 | struct fid *fid = NULL; |
158 | struct svc_export *exp; |
159 | struct dentry *dentry; |
160 | int fileid_type; |
161 | int data_left = fh->fh_size/4; |
162 | int len; |
163 | __be32 error; |
164 | |
165 | error = nfserr_stale; |
166 | if (rqstp->rq_vers > 2) |
167 | error = nfserr_badhandle; |
168 | if (rqstp->rq_vers == 4 && fh->fh_size == 0) |
169 | return nfserr_nofilehandle; |
170 | |
171 | if (fh->fh_version != 1) |
172 | return error; |
173 | |
174 | if (--data_left < 0) |
175 | return error; |
176 | if (fh->fh_auth_type != 0) |
177 | return error; |
178 | len = key_len(type: fh->fh_fsid_type) / 4; |
179 | if (len == 0) |
180 | return error; |
181 | if (fh->fh_fsid_type == FSID_MAJOR_MINOR) { |
182 | /* deprecated, convert to type 3 */ |
183 | len = key_len(type: FSID_ENCODE_DEV)/4; |
184 | fh->fh_fsid_type = FSID_ENCODE_DEV; |
185 | /* |
186 | * struct knfsd_fh uses host-endian fields, which are |
187 | * sometimes used to hold net-endian values. This |
188 | * confuses sparse, so we must use __force here to |
189 | * keep it from complaining. |
190 | */ |
191 | fh->fh_fsid[0] = new_encode_dev(MKDEV(ntohl((__force __be32)fh->fh_fsid[0]), |
192 | ntohl((__force __be32)fh->fh_fsid[1]))); |
193 | fh->fh_fsid[1] = fh->fh_fsid[2]; |
194 | } |
195 | data_left -= len; |
196 | if (data_left < 0) |
197 | return error; |
198 | exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_fsid); |
199 | fid = (struct fid *)(fh->fh_fsid + len); |
200 | |
201 | error = nfserr_stale; |
202 | if (IS_ERR(ptr: exp)) { |
203 | trace_nfsd_set_fh_dentry_badexport(rqstp, fhp, status: PTR_ERR(ptr: exp)); |
204 | |
205 | if (PTR_ERR(ptr: exp) == -ENOENT) |
206 | return error; |
207 | |
208 | return nfserrno(errno: PTR_ERR(ptr: exp)); |
209 | } |
210 | |
211 | if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) { |
212 | /* Elevate privileges so that the lack of 'r' or 'x' |
213 | * permission on some parent directory will |
214 | * not stop exportfs_decode_fh from being able |
215 | * to reconnect a directory into the dentry cache. |
216 | * The same problem can affect "SUBTREECHECK" exports, |
217 | * but as nfsd_acceptable depends on correct |
218 | * access control settings being in effect, we cannot |
219 | * fix that case easily. |
220 | */ |
221 | struct cred *new = prepare_creds(); |
222 | if (!new) { |
223 | error = nfserrno(errno: -ENOMEM); |
224 | goto out; |
225 | } |
226 | new->cap_effective = |
227 | cap_raise_nfsd_set(a: new->cap_effective, |
228 | permitted: new->cap_permitted); |
229 | put_cred(cred: override_creds(new)); |
230 | put_cred(cred: new); |
231 | } else { |
232 | error = nfsd_setuser_and_check_port(rqstp, exp); |
233 | if (error) |
234 | goto out; |
235 | } |
236 | |
237 | /* |
238 | * Look up the dentry using the NFS file handle. |
239 | */ |
240 | error = nfserr_stale; |
241 | if (rqstp->rq_vers > 2) |
242 | error = nfserr_badhandle; |
243 | |
244 | fileid_type = fh->fh_fileid_type; |
245 | |
246 | if (fileid_type == FILEID_ROOT) |
247 | dentry = dget(dentry: exp->ex_path.dentry); |
248 | else { |
249 | dentry = exportfs_decode_fh_raw(mnt: exp->ex_path.mnt, fid, |
250 | fh_len: data_left, fileid_type, |
251 | acceptable: nfsd_acceptable, context: exp); |
252 | if (IS_ERR_OR_NULL(ptr: dentry)) { |
253 | trace_nfsd_set_fh_dentry_badhandle(rqstp, fhp, |
254 | status: dentry ? PTR_ERR(ptr: dentry) : -ESTALE); |
255 | switch (PTR_ERR(ptr: dentry)) { |
256 | case -ENOMEM: |
257 | case -ETIMEDOUT: |
258 | break; |
259 | default: |
260 | dentry = ERR_PTR(error: -ESTALE); |
261 | } |
262 | } |
263 | } |
264 | if (dentry == NULL) |
265 | goto out; |
266 | if (IS_ERR(ptr: dentry)) { |
267 | if (PTR_ERR(ptr: dentry) != -EINVAL) |
268 | error = nfserrno(errno: PTR_ERR(ptr: dentry)); |
269 | goto out; |
270 | } |
271 | |
272 | if (d_is_dir(dentry) && |
273 | (dentry->d_flags & DCACHE_DISCONNECTED)) { |
274 | printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %pd2\n" , |
275 | dentry); |
276 | } |
277 | |
278 | fhp->fh_dentry = dentry; |
279 | fhp->fh_export = exp; |
280 | |
281 | switch (rqstp->rq_vers) { |
282 | case 4: |
283 | if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR) |
284 | fhp->fh_no_atomic_attr = true; |
285 | break; |
286 | case 3: |
287 | if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOWCC) |
288 | fhp->fh_no_wcc = true; |
289 | break; |
290 | case 2: |
291 | fhp->fh_no_wcc = true; |
292 | } |
293 | |
294 | return 0; |
295 | out: |
296 | exp_put(exp); |
297 | return error; |
298 | } |
299 | |
300 | /** |
301 | * fh_verify - filehandle lookup and access checking |
302 | * @rqstp: pointer to current rpc request |
303 | * @fhp: filehandle to be verified |
304 | * @type: expected type of object pointed to by filehandle |
305 | * @access: type of access needed to object |
306 | * |
307 | * Look up a dentry from the on-the-wire filehandle, check the client's |
308 | * access to the export, and set the current task's credentials. |
309 | * |
310 | * Regardless of success or failure of fh_verify(), fh_put() should be |
311 | * called on @fhp when the caller is finished with the filehandle. |
312 | * |
313 | * fh_verify() may be called multiple times on a given filehandle, for |
314 | * example, when processing an NFSv4 compound. The first call will look |
315 | * up a dentry using the on-the-wire filehandle. Subsequent calls will |
316 | * skip the lookup and just perform the other checks and possibly change |
317 | * the current task's credentials. |
318 | * |
319 | * @type specifies the type of object expected using one of the S_IF* |
320 | * constants defined in include/linux/stat.h. The caller may use zero |
321 | * to indicate that it doesn't care, or a negative integer to indicate |
322 | * that it expects something not of the given type. |
323 | * |
324 | * @access is formed from the NFSD_MAY_* constants defined in |
325 | * fs/nfsd/vfs.h. |
326 | */ |
327 | __be32 |
328 | fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access) |
329 | { |
330 | struct svc_export *exp = NULL; |
331 | struct dentry *dentry; |
332 | __be32 error; |
333 | |
334 | if (!fhp->fh_dentry) { |
335 | error = nfsd_set_fh_dentry(rqstp, fhp); |
336 | if (error) |
337 | goto out; |
338 | } |
339 | dentry = fhp->fh_dentry; |
340 | exp = fhp->fh_export; |
341 | |
342 | trace_nfsd_fh_verify(rqstp, fhp, type, access); |
343 | |
344 | /* |
345 | * We still have to do all these permission checks, even when |
346 | * fh_dentry is already set: |
347 | * - fh_verify may be called multiple times with different |
348 | * "access" arguments (e.g. nfsd_proc_create calls |
349 | * fh_verify(...,NFSD_MAY_EXEC) first, then later (in |
350 | * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE). |
351 | * - in the NFSv4 case, the filehandle may have been filled |
352 | * in by fh_compose, and given a dentry, but further |
353 | * compound operations performed with that filehandle |
354 | * still need permissions checks. In the worst case, a |
355 | * mountpoint crossing may have changed the export |
356 | * options, and we may now need to use a different uid |
357 | * (for example, if different id-squashing options are in |
358 | * effect on the new filesystem). |
359 | */ |
360 | error = check_pseudo_root(rqstp, dentry, exp); |
361 | if (error) |
362 | goto out; |
363 | |
364 | error = nfsd_setuser_and_check_port(rqstp, exp); |
365 | if (error) |
366 | goto out; |
367 | |
368 | error = nfsd_mode_check(rqstp, dentry, requested: type); |
369 | if (error) |
370 | goto out; |
371 | |
372 | /* |
373 | * pseudoflavor restrictions are not enforced on NLM, |
374 | * which clients virtually always use auth_sys for, |
375 | * even while using RPCSEC_GSS for NFS. |
376 | */ |
377 | if (access & NFSD_MAY_LOCK || access & NFSD_MAY_BYPASS_GSS) |
378 | goto skip_pseudoflavor_check; |
379 | /* |
380 | * Clients may expect to be able to use auth_sys during mount, |
381 | * even if they use gss for everything else; see section 2.3.2 |
382 | * of rfc 2623. |
383 | */ |
384 | if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT |
385 | && exp->ex_path.dentry == dentry) |
386 | goto skip_pseudoflavor_check; |
387 | |
388 | error = check_nfsd_access(exp, rqstp); |
389 | if (error) |
390 | goto out; |
391 | |
392 | skip_pseudoflavor_check: |
393 | /* Finally, check access permissions. */ |
394 | error = nfsd_permission(rqstp, exp, dentry, access); |
395 | out: |
396 | trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error); |
397 | if (error == nfserr_stale) |
398 | nfsd_stats_fh_stale_inc(exp); |
399 | return error; |
400 | } |
401 | |
402 | |
403 | /* |
404 | * Compose a file handle for an NFS reply. |
405 | * |
406 | * Note that when first composed, the dentry may not yet have |
407 | * an inode. In this case a call to fh_update should be made |
408 | * before the fh goes out on the wire ... |
409 | */ |
410 | static void _fh_update(struct svc_fh *fhp, struct svc_export *exp, |
411 | struct dentry *dentry) |
412 | { |
413 | if (dentry != exp->ex_path.dentry) { |
414 | struct fid *fid = (struct fid *) |
415 | (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1); |
416 | int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4; |
417 | int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 : |
418 | EXPORT_FH_CONNECTABLE; |
419 | int fileid_type = |
420 | exportfs_encode_fh(dentry, fid, max_len: &maxsize, flags: fh_flags); |
421 | |
422 | fhp->fh_handle.fh_fileid_type = |
423 | fileid_type > 0 ? fileid_type : FILEID_INVALID; |
424 | fhp->fh_handle.fh_size += maxsize * 4; |
425 | } else { |
426 | fhp->fh_handle.fh_fileid_type = FILEID_ROOT; |
427 | } |
428 | } |
429 | |
430 | static bool is_root_export(struct svc_export *exp) |
431 | { |
432 | return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root; |
433 | } |
434 | |
435 | static struct super_block *exp_sb(struct svc_export *exp) |
436 | { |
437 | return exp->ex_path.dentry->d_sb; |
438 | } |
439 | |
440 | static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp) |
441 | { |
442 | switch (fsid_type) { |
443 | case FSID_DEV: |
444 | if (!old_valid_dev(dev: exp_sb(exp)->s_dev)) |
445 | return false; |
446 | fallthrough; |
447 | case FSID_MAJOR_MINOR: |
448 | case FSID_ENCODE_DEV: |
449 | return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV; |
450 | case FSID_NUM: |
451 | return exp->ex_flags & NFSEXP_FSID; |
452 | case FSID_UUID8: |
453 | case FSID_UUID16: |
454 | if (!is_root_export(exp)) |
455 | return false; |
456 | fallthrough; |
457 | case FSID_UUID4_INUM: |
458 | case FSID_UUID16_INUM: |
459 | return exp->ex_uuid != NULL; |
460 | } |
461 | return true; |
462 | } |
463 | |
464 | |
465 | static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh) |
466 | { |
467 | u8 version; |
468 | u8 fsid_type; |
469 | retry: |
470 | version = 1; |
471 | if (ref_fh && ref_fh->fh_export == exp) { |
472 | version = ref_fh->fh_handle.fh_version; |
473 | fsid_type = ref_fh->fh_handle.fh_fsid_type; |
474 | |
475 | ref_fh = NULL; |
476 | |
477 | switch (version) { |
478 | case 0xca: |
479 | fsid_type = FSID_DEV; |
480 | break; |
481 | case 1: |
482 | break; |
483 | default: |
484 | goto retry; |
485 | } |
486 | |
487 | /* |
488 | * As the fsid -> filesystem mapping was guided by |
489 | * user-space, there is no guarantee that the filesystem |
490 | * actually supports that fsid type. If it doesn't we |
491 | * loop around again without ref_fh set. |
492 | */ |
493 | if (!fsid_type_ok_for_exp(fsid_type, exp)) |
494 | goto retry; |
495 | } else if (exp->ex_flags & NFSEXP_FSID) { |
496 | fsid_type = FSID_NUM; |
497 | } else if (exp->ex_uuid) { |
498 | if (fhp->fh_maxsize >= 64) { |
499 | if (is_root_export(exp)) |
500 | fsid_type = FSID_UUID16; |
501 | else |
502 | fsid_type = FSID_UUID16_INUM; |
503 | } else { |
504 | if (is_root_export(exp)) |
505 | fsid_type = FSID_UUID8; |
506 | else |
507 | fsid_type = FSID_UUID4_INUM; |
508 | } |
509 | } else if (!old_valid_dev(dev: exp_sb(exp)->s_dev)) |
510 | /* for newer device numbers, we must use a newer fsid format */ |
511 | fsid_type = FSID_ENCODE_DEV; |
512 | else |
513 | fsid_type = FSID_DEV; |
514 | fhp->fh_handle.fh_version = version; |
515 | if (version) |
516 | fhp->fh_handle.fh_fsid_type = fsid_type; |
517 | } |
518 | |
519 | __be32 |
520 | fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry, |
521 | struct svc_fh *ref_fh) |
522 | { |
523 | /* ref_fh is a reference file handle. |
524 | * if it is non-null and for the same filesystem, then we should compose |
525 | * a filehandle which is of the same version, where possible. |
526 | */ |
527 | |
528 | struct inode * inode = d_inode(dentry); |
529 | dev_t ex_dev = exp_sb(exp)->s_dev; |
530 | |
531 | dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n" , |
532 | MAJOR(ex_dev), MINOR(ex_dev), |
533 | (long) d_inode(exp->ex_path.dentry)->i_ino, |
534 | dentry, |
535 | (inode ? inode->i_ino : 0)); |
536 | |
537 | /* Choose filehandle version and fsid type based on |
538 | * the reference filehandle (if it is in the same export) |
539 | * or the export options. |
540 | */ |
541 | set_version_and_fsid_type(fhp, exp, ref_fh); |
542 | |
543 | /* If we have a ref_fh, then copy the fh_no_wcc setting from it. */ |
544 | fhp->fh_no_wcc = ref_fh ? ref_fh->fh_no_wcc : false; |
545 | |
546 | if (ref_fh == fhp) |
547 | fh_put(ref_fh); |
548 | |
549 | if (fhp->fh_dentry) { |
550 | printk(KERN_ERR "fh_compose: fh %pd2 not initialized!\n" , |
551 | dentry); |
552 | } |
553 | if (fhp->fh_maxsize < NFS_FHSIZE) |
554 | printk(KERN_ERR "fh_compose: called with maxsize %d! %pd2\n" , |
555 | fhp->fh_maxsize, |
556 | dentry); |
557 | |
558 | fhp->fh_dentry = dget(dentry); /* our internal copy */ |
559 | fhp->fh_export = exp_get(exp); |
560 | |
561 | fhp->fh_handle.fh_size = |
562 | key_len(type: fhp->fh_handle.fh_fsid_type) + 4; |
563 | fhp->fh_handle.fh_auth_type = 0; |
564 | |
565 | mk_fsid(vers: fhp->fh_handle.fh_fsid_type, |
566 | fsidv: fhp->fh_handle.fh_fsid, |
567 | dev: ex_dev, |
568 | ino: d_inode(dentry: exp->ex_path.dentry)->i_ino, |
569 | fsid: exp->ex_fsid, uuid: exp->ex_uuid); |
570 | |
571 | if (inode) |
572 | _fh_update(fhp, exp, dentry); |
573 | if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) { |
574 | fh_put(fhp); |
575 | return nfserr_opnotsupp; |
576 | } |
577 | |
578 | return 0; |
579 | } |
580 | |
581 | /* |
582 | * Update file handle information after changing a dentry. |
583 | * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create |
584 | */ |
585 | __be32 |
586 | fh_update(struct svc_fh *fhp) |
587 | { |
588 | struct dentry *dentry; |
589 | |
590 | if (!fhp->fh_dentry) |
591 | goto out_bad; |
592 | |
593 | dentry = fhp->fh_dentry; |
594 | if (d_really_is_negative(dentry)) |
595 | goto out_negative; |
596 | if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT) |
597 | return 0; |
598 | |
599 | _fh_update(fhp, exp: fhp->fh_export, dentry); |
600 | if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) |
601 | return nfserr_opnotsupp; |
602 | return 0; |
603 | out_bad: |
604 | printk(KERN_ERR "fh_update: fh not verified!\n" ); |
605 | return nfserr_serverfault; |
606 | out_negative: |
607 | printk(KERN_ERR "fh_update: %pd2 still negative!\n" , |
608 | dentry); |
609 | return nfserr_serverfault; |
610 | } |
611 | |
612 | /** |
613 | * fh_fill_pre_attrs - Fill in pre-op attributes |
614 | * @fhp: file handle to be updated |
615 | * |
616 | */ |
617 | __be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp) |
618 | { |
619 | bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE); |
620 | struct inode *inode; |
621 | struct kstat stat; |
622 | __be32 err; |
623 | |
624 | if (fhp->fh_no_wcc || fhp->fh_pre_saved) |
625 | return nfs_ok; |
626 | |
627 | inode = d_inode(dentry: fhp->fh_dentry); |
628 | err = fh_getattr(fh: fhp, stat: &stat); |
629 | if (err) |
630 | return err; |
631 | |
632 | if (v4) |
633 | fhp->fh_pre_change = nfsd4_change_attribute(stat: &stat, inode); |
634 | |
635 | fhp->fh_pre_mtime = stat.mtime; |
636 | fhp->fh_pre_ctime = stat.ctime; |
637 | fhp->fh_pre_size = stat.size; |
638 | fhp->fh_pre_saved = true; |
639 | return nfs_ok; |
640 | } |
641 | |
642 | /** |
643 | * fh_fill_post_attrs - Fill in post-op attributes |
644 | * @fhp: file handle to be updated |
645 | * |
646 | */ |
647 | __be32 fh_fill_post_attrs(struct svc_fh *fhp) |
648 | { |
649 | bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE); |
650 | struct inode *inode = d_inode(dentry: fhp->fh_dentry); |
651 | __be32 err; |
652 | |
653 | if (fhp->fh_no_wcc) |
654 | return nfs_ok; |
655 | |
656 | if (fhp->fh_post_saved) |
657 | printk("nfsd: inode locked twice during operation.\n" ); |
658 | |
659 | err = fh_getattr(fh: fhp, stat: &fhp->fh_post_attr); |
660 | if (err) |
661 | return err; |
662 | |
663 | fhp->fh_post_saved = true; |
664 | if (v4) |
665 | fhp->fh_post_change = |
666 | nfsd4_change_attribute(stat: &fhp->fh_post_attr, inode); |
667 | return nfs_ok; |
668 | } |
669 | |
670 | /** |
671 | * fh_fill_both_attrs - Fill pre-op and post-op attributes |
672 | * @fhp: file handle to be updated |
673 | * |
674 | * This is used when the directory wasn't changed, but wcc attributes |
675 | * are needed anyway. |
676 | */ |
677 | __be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp) |
678 | { |
679 | __be32 err; |
680 | |
681 | err = fh_fill_post_attrs(fhp); |
682 | if (err) |
683 | return err; |
684 | |
685 | fhp->fh_pre_change = fhp->fh_post_change; |
686 | fhp->fh_pre_mtime = fhp->fh_post_attr.mtime; |
687 | fhp->fh_pre_ctime = fhp->fh_post_attr.ctime; |
688 | fhp->fh_pre_size = fhp->fh_post_attr.size; |
689 | fhp->fh_pre_saved = true; |
690 | return nfs_ok; |
691 | } |
692 | |
693 | /* |
694 | * Release a file handle. |
695 | */ |
696 | void |
697 | fh_put(struct svc_fh *fhp) |
698 | { |
699 | struct dentry * dentry = fhp->fh_dentry; |
700 | struct svc_export * exp = fhp->fh_export; |
701 | if (dentry) { |
702 | fhp->fh_dentry = NULL; |
703 | dput(dentry); |
704 | fh_clear_pre_post_attrs(fhp); |
705 | } |
706 | fh_drop_write(fh: fhp); |
707 | if (exp) { |
708 | exp_put(exp); |
709 | fhp->fh_export = NULL; |
710 | } |
711 | fhp->fh_no_wcc = false; |
712 | return; |
713 | } |
714 | |
715 | /* |
716 | * Shorthand for dprintk()'s |
717 | */ |
718 | char * SVCFH_fmt(struct svc_fh *fhp) |
719 | { |
720 | struct knfsd_fh *fh = &fhp->fh_handle; |
721 | static char buf[2+1+1+64*3+1]; |
722 | |
723 | if (fh->fh_size < 0 || fh->fh_size> 64) |
724 | return "bad-fh" ; |
725 | sprintf(buf, fmt: "%d: %*ph" , fh->fh_size, fh->fh_size, fh->fh_raw); |
726 | return buf; |
727 | } |
728 | |
729 | enum fsid_source fsid_source(const struct svc_fh *fhp) |
730 | { |
731 | if (fhp->fh_handle.fh_version != 1) |
732 | return FSIDSOURCE_DEV; |
733 | switch(fhp->fh_handle.fh_fsid_type) { |
734 | case FSID_DEV: |
735 | case FSID_ENCODE_DEV: |
736 | case FSID_MAJOR_MINOR: |
737 | if (exp_sb(exp: fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV) |
738 | return FSIDSOURCE_DEV; |
739 | break; |
740 | case FSID_NUM: |
741 | if (fhp->fh_export->ex_flags & NFSEXP_FSID) |
742 | return FSIDSOURCE_FSID; |
743 | break; |
744 | default: |
745 | break; |
746 | } |
747 | /* either a UUID type filehandle, or the filehandle doesn't |
748 | * match the export. |
749 | */ |
750 | if (fhp->fh_export->ex_flags & NFSEXP_FSID) |
751 | return FSIDSOURCE_FSID; |
752 | if (fhp->fh_export->ex_uuid) |
753 | return FSIDSOURCE_UUID; |
754 | return FSIDSOURCE_DEV; |
755 | } |
756 | |
757 | /* |
758 | * We could use i_version alone as the change attribute. However, i_version |
759 | * can go backwards on a regular file after an unclean shutdown. On its own |
760 | * that doesn't necessarily cause a problem, but if i_version goes backwards |
761 | * and then is incremented again it could reuse a value that was previously |
762 | * used before boot, and a client who queried the two values might incorrectly |
763 | * assume nothing changed. |
764 | * |
765 | * By using both ctime and the i_version counter we guarantee that as long as |
766 | * time doesn't go backwards we never reuse an old value. If the filesystem |
767 | * advertises STATX_ATTR_CHANGE_MONOTONIC, then this mitigation is not |
768 | * needed. |
769 | * |
770 | * We only need to do this for regular files as well. For directories, we |
771 | * assume that the new change attr is always logged to stable storage in some |
772 | * fashion before the results can be seen. |
773 | */ |
774 | u64 nfsd4_change_attribute(const struct kstat *stat, const struct inode *inode) |
775 | { |
776 | u64 chattr; |
777 | |
778 | if (stat->result_mask & STATX_CHANGE_COOKIE) { |
779 | chattr = stat->change_cookie; |
780 | if (S_ISREG(inode->i_mode) && |
781 | !(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) { |
782 | chattr += (u64)stat->ctime.tv_sec << 30; |
783 | chattr += stat->ctime.tv_nsec; |
784 | } |
785 | } else { |
786 | chattr = time_to_chattr(t: &stat->ctime); |
787 | } |
788 | return chattr; |
789 | } |
790 | |