]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 | 2 | /* |
1da177e4 LT |
3 | * File operations used by nfsd. Some of these have been ripped from |
4 | * other parts of the kernel because they weren't exported, others | |
5 | * are partial duplicates with added or changed functionality. | |
6 | * | |
7 | * Note that several functions dget() the dentry upon which they want | |
8 | * to act, most notably those that create directory entries. Response | |
9 | * dentry's are dput()'d if necessary in the release callback. | |
10 | * So if you notice code paths that apparently fail to dput() the | |
11 | * dentry, don't worry--they have been taken care of. | |
12 | * | |
13 | * Copyright (C) 1995-1999 Olaf Kirch <okir@monad.swb.de> | |
14 | * Zerocpy NFS support (C) 2002 Hirokazu Takahashi <taka@valinux.co.jp> | |
15 | */ | |
16 | ||
1da177e4 LT |
17 | #include <linux/fs.h> |
18 | #include <linux/file.h> | |
d6b29d7c | 19 | #include <linux/splice.h> |
95d871f0 | 20 | #include <linux/falloc.h> |
1da177e4 | 21 | #include <linux/fcntl.h> |
1da177e4 | 22 | #include <linux/namei.h> |
1da177e4 | 23 | #include <linux/delay.h> |
0eeca283 | 24 | #include <linux/fsnotify.h> |
1da177e4 | 25 | #include <linux/posix_acl_xattr.h> |
1da177e4 | 26 | #include <linux/xattr.h> |
9a74af21 BH |
27 | #include <linux/jhash.h> |
28 | #include <linux/ima.h> | |
5a0e3ad6 | 29 | #include <linux/slab.h> |
7c0f6ba6 | 30 | #include <linux/uaccess.h> |
f501912a BM |
31 | #include <linux/exportfs.h> |
32 | #include <linux/writeback.h> | |
18032ca0 | 33 | #include <linux/security.h> |
9a74af21 BH |
34 | |
35 | #ifdef CONFIG_NFSD_V3 | |
36 | #include "xdr3.h" | |
37 | #endif /* CONFIG_NFSD_V3 */ | |
38 | ||
5be196e5 | 39 | #ifdef CONFIG_NFSD_V4 |
ffa0160a | 40 | #include "../internal.h" |
2ca72e17 BF |
41 | #include "acl.h" |
42 | #include "idmap.h" | |
1da177e4 LT |
43 | #endif /* CONFIG_NFSD_V4 */ |
44 | ||
9a74af21 BH |
45 | #include "nfsd.h" |
46 | #include "vfs.h" | |
b4935239 | 47 | #include "filecache.h" |
6e8b50d1 | 48 | #include "trace.h" |
1da177e4 LT |
49 | |
50 | #define NFSDDBG_FACILITY NFSDDBG_FILEOP | |
1da177e4 | 51 | |
1da177e4 LT |
52 | /* |
53 | * Called from nfsd_lookup and encode_dirent. Check if we have crossed | |
54 | * a mount point. | |
e0bb89ef | 55 | * Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged, |
1da177e4 LT |
56 | * or nfs_ok having possibly changed *dpp and *expp |
57 | */ | |
58 | int | |
59 | nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp, | |
60 | struct svc_export **expp) | |
61 | { | |
62 | struct svc_export *exp = *expp, *exp2 = NULL; | |
63 | struct dentry *dentry = *dpp; | |
91c9fa8f AV |
64 | struct path path = {.mnt = mntget(exp->ex_path.mnt), |
65 | .dentry = dget(dentry)}; | |
6264d69d | 66 | int err = 0; |
1da177e4 | 67 | |
7cc90cc3 | 68 | err = follow_down(&path); |
cc53ce53 DH |
69 | if (err < 0) |
70 | goto out; | |
99bbf6ec N |
71 | if (path.mnt == exp->ex_path.mnt && path.dentry == dentry && |
72 | nfsd_mountpoint(dentry, exp) == 2) { | |
73 | /* This is only a mountpoint in some other namespace */ | |
74 | path_put(&path); | |
75 | goto out; | |
76 | } | |
1da177e4 | 77 | |
91c9fa8f | 78 | exp2 = rqst_exp_get_by_name(rqstp, &path); |
1da177e4 | 79 | if (IS_ERR(exp2)) { |
3b6cee7b BF |
80 | err = PTR_ERR(exp2); |
81 | /* | |
82 | * We normally allow NFS clients to continue | |
83 | * "underneath" a mountpoint that is not exported. | |
84 | * The exception is V4ROOT, where no traversal is ever | |
85 | * allowed without an explicit export of the new | |
86 | * directory. | |
87 | */ | |
88 | if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT)) | |
89 | err = 0; | |
91c9fa8f | 90 | path_put(&path); |
1da177e4 LT |
91 | goto out; |
92 | } | |
3c394dda SD |
93 | if (nfsd_v4client(rqstp) || |
94 | (exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) { | |
1da177e4 | 95 | /* successfully crossed mount point */ |
1644ccc8 | 96 | /* |
91c9fa8f AV |
97 | * This is subtle: path.dentry is *not* on path.mnt |
98 | * at this point. The only reason we are safe is that | |
99 | * original mnt is pinned down by exp, so we should | |
100 | * put path *before* putting exp | |
1644ccc8 | 101 | */ |
91c9fa8f AV |
102 | *dpp = path.dentry; |
103 | path.dentry = dentry; | |
1644ccc8 | 104 | *expp = exp2; |
91c9fa8f | 105 | exp2 = exp; |
1da177e4 | 106 | } |
91c9fa8f AV |
107 | path_put(&path); |
108 | exp_put(exp2); | |
1da177e4 LT |
109 | out: |
110 | return err; | |
111 | } | |
112 | ||
289ede45 BF |
113 | static void follow_to_parent(struct path *path) |
114 | { | |
115 | struct dentry *dp; | |
116 | ||
117 | while (path->dentry == path->mnt->mnt_root && follow_up(path)) | |
118 | ; | |
119 | dp = dget_parent(path->dentry); | |
120 | dput(path->dentry); | |
121 | path->dentry = dp; | |
122 | } | |
123 | ||
124 | static int nfsd_lookup_parent(struct svc_rqst *rqstp, struct dentry *dparent, struct svc_export **exp, struct dentry **dentryp) | |
125 | { | |
126 | struct svc_export *exp2; | |
127 | struct path path = {.mnt = mntget((*exp)->ex_path.mnt), | |
128 | .dentry = dget(dparent)}; | |
129 | ||
130 | follow_to_parent(&path); | |
131 | ||
132 | exp2 = rqst_exp_parent(rqstp, &path); | |
133 | if (PTR_ERR(exp2) == -ENOENT) { | |
134 | *dentryp = dget(dparent); | |
135 | } else if (IS_ERR(exp2)) { | |
136 | path_put(&path); | |
137 | return PTR_ERR(exp2); | |
138 | } else { | |
139 | *dentryp = dget(path.dentry); | |
140 | exp_put(*exp); | |
141 | *exp = exp2; | |
142 | } | |
143 | path_put(&path); | |
144 | return 0; | |
145 | } | |
146 | ||
82ead7fe BF |
147 | /* |
148 | * For nfsd purposes, we treat V4ROOT exports as though there was an | |
149 | * export at *every* directory. | |
99bbf6ec N |
150 | * We return: |
151 | * '1' if this dentry *must* be an export point, | |
152 | * '2' if it might be, if there is really a mount here, and | |
153 | * '0' if there is no chance of an export point here. | |
82ead7fe | 154 | */ |
3227fa41 | 155 | int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp) |
82ead7fe | 156 | { |
99bbf6ec N |
157 | if (!d_inode(dentry)) |
158 | return 0; | |
159 | if (exp->ex_flags & NFSEXP_V4ROOT) | |
82ead7fe | 160 | return 1; |
11fcee02 TM |
161 | if (nfsd4_is_junction(dentry)) |
162 | return 1; | |
99bbf6ec N |
163 | if (d_mountpoint(dentry)) |
164 | /* | |
165 | * Might only be a mountpoint in a different namespace, | |
166 | * but we need to check. | |
167 | */ | |
168 | return 2; | |
169 | return 0; | |
82ead7fe BF |
170 | } |
171 | ||
6264d69d | 172 | __be32 |
6c0a654d | 173 | nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, |
5a022fc8 | 174 | const char *name, unsigned int len, |
6c0a654d | 175 | struct svc_export **exp_ret, struct dentry **dentry_ret) |
1da177e4 LT |
176 | { |
177 | struct svc_export *exp; | |
178 | struct dentry *dparent; | |
179 | struct dentry *dentry; | |
6264d69d | 180 | int host_err; |
1da177e4 LT |
181 | |
182 | dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name); | |
183 | ||
1da177e4 | 184 | dparent = fhp->fh_dentry; |
bf18f163 | 185 | exp = exp_get(fhp->fh_export); |
1da177e4 | 186 | |
1da177e4 LT |
187 | /* Lookup the name, but don't follow links */ |
188 | if (isdotent(name, len)) { | |
189 | if (len==1) | |
190 | dentry = dget(dparent); | |
54775491 | 191 | else if (dparent != exp->ex_path.dentry) |
1da177e4 | 192 | dentry = dget_parent(dparent); |
fed83811 | 193 | else if (!EX_NOHIDE(exp) && !nfsd_v4client(rqstp)) |
1da177e4 LT |
194 | dentry = dget(dparent); /* .. == . just like at / */ |
195 | else { | |
196 | /* checking mountpoint crossing is very different when stepping up */ | |
289ede45 BF |
197 | host_err = nfsd_lookup_parent(rqstp, dparent, &exp, &dentry); |
198 | if (host_err) | |
1da177e4 | 199 | goto out_nfserr; |
1da177e4 LT |
200 | } |
201 | } else { | |
4335723e BF |
202 | /* |
203 | * In the nfsd4_open() case, this may be held across | |
204 | * subsequent open and delegation acquisition which may | |
205 | * need to take the child's i_mutex: | |
206 | */ | |
207 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1da177e4 | 208 | dentry = lookup_one_len(name, dparent, len); |
6264d69d | 209 | host_err = PTR_ERR(dentry); |
1da177e4 LT |
210 | if (IS_ERR(dentry)) |
211 | goto out_nfserr; | |
82ead7fe | 212 | if (nfsd_mountpoint(dentry, exp)) { |
bbddca8e N |
213 | /* |
214 | * We don't need the i_mutex after all. It's | |
215 | * still possible we could open this (regular | |
216 | * files can be mountpoints too), but the | |
217 | * i_mutex is just there to prevent renames of | |
218 | * something that we might be about to delegate, | |
219 | * and a mountpoint won't be renamed: | |
220 | */ | |
221 | fh_unlock(fhp); | |
6264d69d | 222 | if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) { |
1da177e4 LT |
223 | dput(dentry); |
224 | goto out_nfserr; | |
225 | } | |
226 | } | |
227 | } | |
6c0a654d BF |
228 | *dentry_ret = dentry; |
229 | *exp_ret = exp; | |
230 | return 0; | |
231 | ||
232 | out_nfserr: | |
233 | exp_put(exp); | |
234 | return nfserrno(host_err); | |
235 | } | |
236 | ||
237 | /* | |
238 | * Look up one component of a pathname. | |
239 | * N.B. After this call _both_ fhp and resfh need an fh_put | |
240 | * | |
241 | * If the lookup would cross a mountpoint, and the mounted filesystem | |
242 | * is exported to the client with NFSEXP_NOHIDE, then the lookup is | |
243 | * accepted as it stands and the mounted directory is | |
244 | * returned. Otherwise the covered directory is returned. | |
245 | * NOTE: this mountpoint crossing is not supported properly by all | |
246 | * clients and is explicitly disallowed for NFSv3 | |
6c0a654d BF |
247 | */ |
248 | __be32 | |
249 | nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name, | |
5a022fc8 | 250 | unsigned int len, struct svc_fh *resfh) |
6c0a654d BF |
251 | { |
252 | struct svc_export *exp; | |
253 | struct dentry *dentry; | |
254 | __be32 err; | |
255 | ||
29a78a3e BF |
256 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); |
257 | if (err) | |
258 | return err; | |
6c0a654d BF |
259 | err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry); |
260 | if (err) | |
261 | return err; | |
32c1eb0c AA |
262 | err = check_nfsd_access(exp, rqstp); |
263 | if (err) | |
264 | goto out; | |
1da177e4 LT |
265 | /* |
266 | * Note: we compose the file handle now, but as the | |
267 | * dentry may be negative, it may need to be updated. | |
268 | */ | |
269 | err = fh_compose(resfh, exp, dentry, fhp); | |
2b0143b5 | 270 | if (!err && d_really_is_negative(dentry)) |
1da177e4 | 271 | err = nfserr_noent; |
32c1eb0c | 272 | out: |
1da177e4 | 273 | dput(dentry); |
1da177e4 LT |
274 | exp_put(exp); |
275 | return err; | |
1da177e4 LT |
276 | } |
277 | ||
f501912a BM |
278 | /* |
279 | * Commit metadata changes to stable storage. | |
280 | */ | |
281 | static int | |
57f64034 | 282 | commit_inode_metadata(struct inode *inode) |
f501912a | 283 | { |
f501912a | 284 | const struct export_operations *export_ops = inode->i_sb->s_export_op; |
f501912a | 285 | |
c3765016 CH |
286 | if (export_ops->commit_metadata) |
287 | return export_ops->commit_metadata(inode); | |
288 | return sync_inode_metadata(inode, 1); | |
f501912a | 289 | } |
6c0a654d | 290 | |
57f64034 TM |
291 | static int |
292 | commit_metadata(struct svc_fh *fhp) | |
293 | { | |
294 | struct inode *inode = d_inode(fhp->fh_dentry); | |
295 | ||
296 | if (!EX_ISSYNC(fhp->fh_export)) | |
297 | return 0; | |
298 | return commit_inode_metadata(inode); | |
299 | } | |
300 | ||
1da177e4 | 301 | /* |
818e5a22 CH |
302 | * Go over the attributes and take care of the small differences between |
303 | * NFS semantics and what Linux expects. | |
1da177e4 | 304 | */ |
818e5a22 CH |
305 | static void |
306 | nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) | |
1da177e4 | 307 | { |
ca456252 | 308 | /* sanitize the mode change */ |
1da177e4 LT |
309 | if (iap->ia_valid & ATTR_MODE) { |
310 | iap->ia_mode &= S_IALLUGO; | |
dee3209d | 311 | iap->ia_mode |= (inode->i_mode & ~S_IALLUGO); |
ca456252 JL |
312 | } |
313 | ||
314 | /* Revoke setuid/setgid on chown */ | |
0953e620 | 315 | if (!S_ISDIR(inode->i_mode) && |
c4fa6d7c | 316 | ((iap->ia_valid & ATTR_UID) || (iap->ia_valid & ATTR_GID))) { |
ca456252 JL |
317 | iap->ia_valid |= ATTR_KILL_PRIV; |
318 | if (iap->ia_valid & ATTR_MODE) { | |
319 | /* we're setting mode too, just clear the s*id bits */ | |
8a0ce7d9 | 320 | iap->ia_mode &= ~S_ISUID; |
ca456252 JL |
321 | if (iap->ia_mode & S_IXGRP) |
322 | iap->ia_mode &= ~S_ISGID; | |
323 | } else { | |
324 | /* set ATTR_KILL_* bits and let VFS handle it */ | |
325 | iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); | |
8a0ce7d9 | 326 | } |
1da177e4 | 327 | } |
818e5a22 CH |
328 | } |
329 | ||
0839ffb8 BF |
330 | static __be32 |
331 | nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
332 | struct iattr *iap) | |
333 | { | |
334 | struct inode *inode = d_inode(fhp->fh_dentry); | |
0839ffb8 BF |
335 | |
336 | if (iap->ia_size < inode->i_size) { | |
337 | __be32 err; | |
338 | ||
339 | err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, | |
340 | NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); | |
341 | if (err) | |
342 | return err; | |
343 | } | |
f7e33bdb | 344 | return nfserrno(get_write_access(inode)); |
0839ffb8 BF |
345 | } |
346 | ||
818e5a22 CH |
347 | /* |
348 | * Set various file attributes. After this call fhp needs an fh_put. | |
349 | */ | |
350 | __be32 | |
351 | nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, | |
2a1aa489 | 352 | int check_guard, time64_t guardtime) |
818e5a22 CH |
353 | { |
354 | struct dentry *dentry; | |
355 | struct inode *inode; | |
356 | int accmode = NFSD_MAY_SATTR; | |
357 | umode_t ftype = 0; | |
358 | __be32 err; | |
359 | int host_err; | |
9f67f189 | 360 | bool get_write_count; |
758e99fe | 361 | bool size_change = (iap->ia_valid & ATTR_SIZE); |
818e5a22 | 362 | |
255fbca6 | 363 | if (iap->ia_valid & ATTR_SIZE) { |
818e5a22 | 364 | accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; |
818e5a22 | 365 | ftype = S_IFREG; |
255fbca6 | 366 | } |
367 | ||
368 | /* | |
369 | * If utimes(2) and friends are called with times not NULL, we should | |
370 | * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission | |
e977cc83 | 371 | * will return EACCES, when the caller's effective UID does not match |
255fbca6 | 372 | * the owner of the file, and the caller is not privileged. In this |
373 | * situation, we should return EPERM(notify_change will return this). | |
374 | */ | |
375 | if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { | |
376 | accmode |= NFSD_MAY_OWNER_OVERRIDE; | |
377 | if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) | |
378 | accmode |= NFSD_MAY_WRITE; | |
379 | } | |
818e5a22 | 380 | |
9f67f189 BF |
381 | /* Callers that do fh_verify should do the fh_want_write: */ |
382 | get_write_count = !fhp->fh_dentry; | |
383 | ||
818e5a22 CH |
384 | /* Get inode */ |
385 | err = fh_verify(rqstp, fhp, ftype, accmode); | |
386 | if (err) | |
758e99fe | 387 | return err; |
9f67f189 BF |
388 | if (get_write_count) { |
389 | host_err = fh_want_write(fhp); | |
390 | if (host_err) | |
758e99fe | 391 | goto out; |
9f67f189 | 392 | } |
818e5a22 CH |
393 | |
394 | dentry = fhp->fh_dentry; | |
2b0143b5 | 395 | inode = d_inode(dentry); |
818e5a22 CH |
396 | |
397 | /* Ignore any mode updates on symlinks */ | |
398 | if (S_ISLNK(inode->i_mode)) | |
399 | iap->ia_valid &= ~ATTR_MODE; | |
400 | ||
401 | if (!iap->ia_valid) | |
758e99fe | 402 | return 0; |
1da177e4 | 403 | |
818e5a22 CH |
404 | nfsd_sanitize_attrs(inode, iap); |
405 | ||
758e99fe CH |
406 | if (check_guard && guardtime != inode->i_ctime.tv_sec) |
407 | return nfserr_notsync; | |
408 | ||
818e5a22 CH |
409 | /* |
410 | * The size case is special, it changes the file in addition to the | |
783112f7 CH |
411 | * attributes, and file systems don't expect it to be mixed with |
412 | * "random" attribute changes. We thus split out the size change | |
413 | * into a separate call to ->setattr, and do the rest as a separate | |
414 | * setattr call. | |
818e5a22 | 415 | */ |
758e99fe | 416 | if (size_change) { |
0839ffb8 BF |
417 | err = nfsd_get_write_access(rqstp, fhp, iap); |
418 | if (err) | |
758e99fe | 419 | return err; |
783112f7 | 420 | } |
f0c63124 | 421 | |
783112f7 CH |
422 | fh_lock(fhp); |
423 | if (size_change) { | |
f0c63124 | 424 | /* |
0839ffb8 BF |
425 | * RFC5661, Section 18.30.4: |
426 | * Changing the size of a file with SETATTR indirectly | |
427 | * changes the time_modify and change attributes. | |
428 | * | |
429 | * (and similar for the older RFCs) | |
f0c63124 | 430 | */ |
783112f7 CH |
431 | struct iattr size_attr = { |
432 | .ia_valid = ATTR_SIZE | ATTR_CTIME | ATTR_MTIME, | |
433 | .ia_size = iap->ia_size, | |
434 | }; | |
435 | ||
714cd86b CL |
436 | host_err = -EFBIG; |
437 | if (iap->ia_size < 0) | |
438 | goto out_unlock; | |
439 | ||
2f221d6f | 440 | host_err = notify_change(&init_user_ns, dentry, &size_attr, NULL); |
783112f7 CH |
441 | if (host_err) |
442 | goto out_unlock; | |
443 | iap->ia_valid &= ~ATTR_SIZE; | |
444 | ||
445 | /* | |
446 | * Avoid the additional setattr call below if the only other | |
447 | * attribute that the client sends is the mtime, as we update | |
448 | * it as part of the size change above. | |
449 | */ | |
450 | if ((iap->ia_valid & ~ATTR_MTIME) == 0) | |
451 | goto out_unlock; | |
1da177e4 | 452 | } |
987da479 | 453 | |
41f53350 | 454 | iap->ia_valid |= ATTR_CTIME; |
2f221d6f | 455 | host_err = notify_change(&init_user_ns, dentry, iap, NULL); |
987da479 | 456 | |
783112f7 CH |
457 | out_unlock: |
458 | fh_unlock(fhp); | |
0839ffb8 BF |
459 | if (size_change) |
460 | put_write_access(inode); | |
0839ffb8 | 461 | out: |
758e99fe CH |
462 | if (!host_err) |
463 | host_err = commit_metadata(fhp); | |
464 | return nfserrno(host_err); | |
1da177e4 LT |
465 | } |
466 | ||
5be196e5 | 467 | #if defined(CONFIG_NFSD_V4) |
9b4146e8 CL |
468 | /* |
469 | * NFS junction information is stored in an extended attribute. | |
470 | */ | |
471 | #define NFSD_JUNCTION_XATTR_NAME XATTR_TRUSTED_PREFIX "junction.nfs" | |
472 | ||
473 | /** | |
474 | * nfsd4_is_junction - Test if an object could be an NFS junction | |
475 | * | |
476 | * @dentry: object to test | |
477 | * | |
478 | * Returns 1 if "dentry" appears to contain NFS junction information. | |
479 | * Otherwise 0 is returned. | |
480 | */ | |
11fcee02 TM |
481 | int nfsd4_is_junction(struct dentry *dentry) |
482 | { | |
2b0143b5 | 483 | struct inode *inode = d_inode(dentry); |
11fcee02 TM |
484 | |
485 | if (inode == NULL) | |
486 | return 0; | |
487 | if (inode->i_mode & S_IXUGO) | |
488 | return 0; | |
489 | if (!(inode->i_mode & S_ISVTX)) | |
490 | return 0; | |
c7c7a1a1 TA |
491 | if (vfs_getxattr(&init_user_ns, dentry, NFSD_JUNCTION_XATTR_NAME, |
492 | NULL, 0) <= 0) | |
11fcee02 TM |
493 | return 0; |
494 | return 1; | |
495 | } | |
18032ca0 DQ |
496 | #ifdef CONFIG_NFSD_V4_SECURITY_LABEL |
497 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
498 | struct xdr_netobj *label) | |
499 | { | |
500 | __be32 error; | |
501 | int host_error; | |
502 | struct dentry *dentry; | |
503 | ||
504 | error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR); | |
505 | if (error) | |
506 | return error; | |
507 | ||
508 | dentry = fhp->fh_dentry; | |
509 | ||
5955102c | 510 | inode_lock(d_inode(dentry)); |
18032ca0 | 511 | host_error = security_inode_setsecctx(dentry, label->data, label->len); |
5955102c | 512 | inode_unlock(d_inode(dentry)); |
18032ca0 DQ |
513 | return nfserrno(host_error); |
514 | } | |
515 | #else | |
516 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
517 | struct xdr_netobj *label) | |
518 | { | |
519 | return nfserr_notsupp; | |
520 | } | |
521 | #endif | |
522 | ||
b66ae6dd TM |
523 | __be32 nfsd4_clone_file_range(struct nfsd_file *nf_src, u64 src_pos, |
524 | struct nfsd_file *nf_dst, u64 dst_pos, u64 count, bool sync) | |
ffa0160a | 525 | { |
b66ae6dd TM |
526 | struct file *src = nf_src->nf_file; |
527 | struct file *dst = nf_dst->nf_file; | |
adcfcbc2 | 528 | errseq_t since; |
42ec3d4c | 529 | loff_t cloned; |
1b28d756 | 530 | __be32 ret = 0; |
42ec3d4c | 531 | |
adcfcbc2 | 532 | since = READ_ONCE(dst->f_wb_err); |
452ce659 | 533 | cloned = vfs_clone_file_range(src, src_pos, dst, dst_pos, count, 0); |
1b28d756 TM |
534 | if (cloned < 0) { |
535 | ret = nfserrno(cloned); | |
536 | goto out_err; | |
537 | } | |
538 | if (count && cloned != count) { | |
539 | ret = nfserrno(-EINVAL); | |
540 | goto out_err; | |
541 | } | |
a25e3726 TM |
542 | if (sync) { |
543 | loff_t dst_end = count ? dst_pos + count - 1 : LLONG_MAX; | |
544 | int status = vfs_fsync_range(dst, dst_pos, dst_end, 0); | |
57f64034 | 545 | |
adcfcbc2 TM |
546 | if (!status) |
547 | status = filemap_check_wb_err(dst->f_mapping, since); | |
57f64034 TM |
548 | if (!status) |
549 | status = commit_inode_metadata(file_inode(src)); | |
1b28d756 TM |
550 | if (status < 0) { |
551 | nfsd_reset_boot_verifier(net_generic(nf_dst->nf_net, | |
552 | nfsd_net_id)); | |
553 | ret = nfserrno(status); | |
554 | } | |
a25e3726 | 555 | } |
1b28d756 | 556 | out_err: |
1b28d756 | 557 | return ret; |
ffa0160a CH |
558 | } |
559 | ||
29ae7f9d AS |
560 | ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst, |
561 | u64 dst_pos, u64 count) | |
562 | { | |
f7d42dca | 563 | ssize_t ret; |
29ae7f9d AS |
564 | |
565 | /* | |
566 | * Limit copy to 4MB to prevent indefinitely blocking an nfsd | |
567 | * thread and client rpc slot. The choice of 4MB is somewhat | |
568 | * arbitrary. We might instead base this on r/wsize, or make it | |
569 | * tunable, or use a time instead of a byte limit, or implement | |
570 | * asynchronous copy. In theory a client could also recognize a | |
571 | * limit like this and pipeline multiple COPY requests. | |
572 | */ | |
573 | count = min_t(u64, count, 1 << 22); | |
f7d42dca AG |
574 | ret = vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0); |
575 | ||
576 | if (ret == -EOPNOTSUPP || ret == -EXDEV) | |
577 | ret = generic_copy_file_range(src, src_pos, dst, dst_pos, | |
578 | count, 0); | |
579 | return ret; | |
29ae7f9d AS |
580 | } |
581 | ||
95d871f0 AS |
582 | __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp, |
583 | struct file *file, loff_t offset, loff_t len, | |
584 | int flags) | |
585 | { | |
95d871f0 AS |
586 | int error; |
587 | ||
588 | if (!S_ISREG(file_inode(file)->i_mode)) | |
589 | return nfserr_inval; | |
590 | ||
95d871f0 AS |
591 | error = vfs_fallocate(file, flags, offset, len); |
592 | if (!error) | |
593 | error = commit_metadata(fhp); | |
594 | ||
595 | return nfserrno(error); | |
596 | } | |
6a85d6c7 | 597 | #endif /* defined(CONFIG_NFSD_V4) */ |
1da177e4 LT |
598 | |
599 | #ifdef CONFIG_NFSD_V3 | |
600 | /* | |
601 | * Check server access rights to a file system object | |
602 | */ | |
603 | struct accessmap { | |
604 | u32 access; | |
605 | int how; | |
606 | }; | |
607 | static struct accessmap nfs3_regaccess[] = { | |
8837abca MS |
608 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
609 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
610 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_TRUNC }, | |
611 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE }, | |
1da177e4 | 612 | |
c11d7fd1 FL |
613 | #ifdef CONFIG_NFSD_V4 |
614 | { NFS4_ACCESS_XAREAD, NFSD_MAY_READ }, | |
615 | { NFS4_ACCESS_XAWRITE, NFSD_MAY_WRITE }, | |
616 | { NFS4_ACCESS_XALIST, NFSD_MAY_READ }, | |
617 | #endif | |
618 | ||
1da177e4 LT |
619 | { 0, 0 } |
620 | }; | |
621 | ||
622 | static struct accessmap nfs3_diraccess[] = { | |
8837abca MS |
623 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
624 | { NFS3_ACCESS_LOOKUP, NFSD_MAY_EXEC }, | |
625 | { NFS3_ACCESS_MODIFY, NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC}, | |
626 | { NFS3_ACCESS_EXTEND, NFSD_MAY_EXEC|NFSD_MAY_WRITE }, | |
627 | { NFS3_ACCESS_DELETE, NFSD_MAY_REMOVE }, | |
1da177e4 | 628 | |
c11d7fd1 FL |
629 | #ifdef CONFIG_NFSD_V4 |
630 | { NFS4_ACCESS_XAREAD, NFSD_MAY_READ }, | |
631 | { NFS4_ACCESS_XAWRITE, NFSD_MAY_WRITE }, | |
632 | { NFS4_ACCESS_XALIST, NFSD_MAY_READ }, | |
633 | #endif | |
634 | ||
1da177e4 LT |
635 | { 0, 0 } |
636 | }; | |
637 | ||
638 | static struct accessmap nfs3_anyaccess[] = { | |
639 | /* Some clients - Solaris 2.6 at least, make an access call | |
640 | * to the server to check for access for things like /dev/null | |
641 | * (which really, the server doesn't care about). So | |
642 | * We provide simple access checking for them, looking | |
643 | * mainly at mode bits, and we make sure to ignore read-only | |
644 | * filesystem checks | |
645 | */ | |
8837abca MS |
646 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, |
647 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
648 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
649 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
1da177e4 LT |
650 | |
651 | { 0, 0 } | |
652 | }; | |
653 | ||
6264d69d | 654 | __be32 |
1da177e4 LT |
655 | nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported) |
656 | { | |
657 | struct accessmap *map; | |
658 | struct svc_export *export; | |
659 | struct dentry *dentry; | |
660 | u32 query, result = 0, sresult = 0; | |
6264d69d | 661 | __be32 error; |
1da177e4 | 662 | |
8837abca | 663 | error = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP); |
1da177e4 LT |
664 | if (error) |
665 | goto out; | |
666 | ||
667 | export = fhp->fh_export; | |
668 | dentry = fhp->fh_dentry; | |
669 | ||
e36cb0b8 | 670 | if (d_is_reg(dentry)) |
1da177e4 | 671 | map = nfs3_regaccess; |
e36cb0b8 | 672 | else if (d_is_dir(dentry)) |
1da177e4 LT |
673 | map = nfs3_diraccess; |
674 | else | |
675 | map = nfs3_anyaccess; | |
676 | ||
677 | ||
678 | query = *access; | |
679 | for (; map->access; map++) { | |
680 | if (map->access & query) { | |
6264d69d | 681 | __be32 err2; |
1da177e4 LT |
682 | |
683 | sresult |= map->access; | |
684 | ||
0ec757df | 685 | err2 = nfsd_permission(rqstp, export, dentry, map->how); |
1da177e4 LT |
686 | switch (err2) { |
687 | case nfs_ok: | |
688 | result |= map->access; | |
689 | break; | |
690 | ||
691 | /* the following error codes just mean the access was not allowed, | |
692 | * rather than an error occurred */ | |
693 | case nfserr_rofs: | |
694 | case nfserr_acces: | |
695 | case nfserr_perm: | |
696 | /* simply don't "or" in the access bit. */ | |
697 | break; | |
698 | default: | |
699 | error = err2; | |
700 | goto out; | |
701 | } | |
702 | } | |
703 | } | |
704 | *access = result; | |
705 | if (supported) | |
706 | *supported = sresult; | |
707 | ||
708 | out: | |
709 | return error; | |
710 | } | |
711 | #endif /* CONFIG_NFSD_V3 */ | |
712 | ||
65294c1f | 713 | int nfsd_open_break_lease(struct inode *inode, int access) |
105f4622 BF |
714 | { |
715 | unsigned int mode; | |
1da177e4 | 716 | |
105f4622 BF |
717 | if (access & NFSD_MAY_NOT_BREAK_LEASE) |
718 | return 0; | |
719 | mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY; | |
720 | return break_lease(inode, mode | O_NONBLOCK); | |
721 | } | |
1da177e4 LT |
722 | |
723 | /* | |
724 | * Open an existing file or directory. | |
999448a8 BS |
725 | * The may_flags argument indicates the type of open (read/write/lock) |
726 | * and additional flags. | |
1da177e4 LT |
727 | * N.B. After this call fhp needs an fh_put |
728 | */ | |
65294c1f JL |
729 | static __be32 |
730 | __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
999448a8 | 731 | int may_flags, struct file **filp) |
1da177e4 | 732 | { |
765927b2 | 733 | struct path path; |
1da177e4 | 734 | struct inode *inode; |
8519f994 | 735 | struct file *file; |
6264d69d AV |
736 | int flags = O_RDONLY|O_LARGEFILE; |
737 | __be32 err; | |
91885258 | 738 | int host_err = 0; |
1da177e4 | 739 | |
765927b2 AV |
740 | path.mnt = fhp->fh_export->ex_path.mnt; |
741 | path.dentry = fhp->fh_dentry; | |
2b0143b5 | 742 | inode = d_inode(path.dentry); |
1da177e4 LT |
743 | |
744 | /* Disallow write access to files with the append-only bit set | |
745 | * or any access when mandatory locking enabled | |
746 | */ | |
747 | err = nfserr_perm; | |
999448a8 | 748 | if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE)) |
1da177e4 | 749 | goto out; |
1da177e4 LT |
750 | |
751 | if (!inode->i_fop) | |
752 | goto out; | |
753 | ||
999448a8 | 754 | host_err = nfsd_open_break_lease(inode, may_flags); |
6264d69d | 755 | if (host_err) /* NOMEM or WOULDBLOCK */ |
1da177e4 LT |
756 | goto out_nfserr; |
757 | ||
999448a8 BS |
758 | if (may_flags & NFSD_MAY_WRITE) { |
759 | if (may_flags & NFSD_MAY_READ) | |
9ecb6a08 BF |
760 | flags = O_RDWR|O_LARGEFILE; |
761 | else | |
762 | flags = O_WRONLY|O_LARGEFILE; | |
1da177e4 | 763 | } |
999448a8 | 764 | |
8519f994 KM |
765 | file = dentry_open(&path, flags, current_cred()); |
766 | if (IS_ERR(file)) { | |
767 | host_err = PTR_ERR(file); | |
768 | goto out_nfserr; | |
769 | } | |
770 | ||
6035a27b | 771 | host_err = ima_file_check(file, may_flags); |
8519f994 | 772 | if (host_err) { |
fd891454 | 773 | fput(file); |
8519f994 | 774 | goto out_nfserr; |
06effdbb BS |
775 | } |
776 | ||
8519f994 KM |
777 | if (may_flags & NFSD_MAY_64BIT_COOKIE) |
778 | file->f_mode |= FMODE_64BITHASH; | |
779 | else | |
780 | file->f_mode |= FMODE_32BITHASH; | |
781 | ||
782 | *filp = file; | |
1da177e4 | 783 | out_nfserr: |
6264d69d | 784 | err = nfserrno(host_err); |
1da177e4 | 785 | out: |
65294c1f JL |
786 | return err; |
787 | } | |
788 | ||
789 | __be32 | |
790 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
791 | int may_flags, struct file **filp) | |
792 | { | |
793 | __be32 err; | |
794 | ||
795 | validate_process_creds(); | |
796 | /* | |
797 | * If we get here, then the client has already done an "open", | |
798 | * and (hopefully) checked permission - so allow OWNER_OVERRIDE | |
799 | * in case a chmod has now revoked permission. | |
800 | * | |
801 | * Arguably we should also allow the owner override for | |
802 | * directories, but we never have and it doesn't seem to have | |
803 | * caused anyone a problem. If we were to change this, note | |
804 | * also that our filldir callbacks would need a variant of | |
805 | * lookup_one_len that doesn't check permissions. | |
806 | */ | |
807 | if (type == S_IFREG) | |
808 | may_flags |= NFSD_MAY_OWNER_OVERRIDE; | |
809 | err = fh_verify(rqstp, fhp, type, may_flags); | |
810 | if (!err) | |
811 | err = __nfsd_open(rqstp, fhp, type, may_flags, filp); | |
812 | validate_process_creds(); | |
813 | return err; | |
814 | } | |
815 | ||
816 | __be32 | |
817 | nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
818 | int may_flags, struct file **filp) | |
819 | { | |
820 | __be32 err; | |
821 | ||
822 | validate_process_creds(); | |
823 | err = __nfsd_open(rqstp, fhp, type, may_flags, filp); | |
e0e81739 | 824 | validate_process_creds(); |
1da177e4 LT |
825 | return err; |
826 | } | |
827 | ||
1da177e4 | 828 | /* |
cf8208d0 JA |
829 | * Grab and keep cached pages associated with a file in the svc_rqst |
830 | * so that they can be passed to the network sendmsg/sendpage routines | |
831 | * directly. They will be released after the sending has completed. | |
1da177e4 LT |
832 | */ |
833 | static int | |
cf8208d0 JA |
834 | nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, |
835 | struct splice_desc *sd) | |
1da177e4 | 836 | { |
cf8208d0 | 837 | struct svc_rqst *rqstp = sd->u.data; |
afc59400 | 838 | struct page **pp = rqstp->rq_next_page; |
cf8208d0 | 839 | struct page *page = buf->page; |
1da177e4 LT |
840 | |
841 | if (rqstp->rq_res.page_len == 0) { | |
496d83cf | 842 | svc_rqst_replace_page(rqstp, page); |
cf8208d0 | 843 | rqstp->rq_res.page_base = buf->offset; |
44524359 | 844 | } else if (page != pp[-1]) { |
496d83cf | 845 | svc_rqst_replace_page(rqstp, page); |
c7e0b781 CL |
846 | } |
847 | rqstp->rq_res.page_len += sd->len; | |
1da177e4 | 848 | |
c7e0b781 | 849 | return sd->len; |
1da177e4 LT |
850 | } |
851 | ||
cf8208d0 JA |
852 | static int nfsd_direct_splice_actor(struct pipe_inode_info *pipe, |
853 | struct splice_desc *sd) | |
854 | { | |
855 | return __splice_from_pipe(pipe, sd, nfsd_splice_actor); | |
856 | } | |
857 | ||
83a63072 TM |
858 | static u32 nfsd_eof_on_read(struct file *file, loff_t offset, ssize_t len, |
859 | size_t expected) | |
860 | { | |
861 | if (expected != 0 && len == 0) | |
862 | return 1; | |
863 | if (offset+len >= i_size_read(file_inode(file))) | |
864 | return 1; | |
865 | return 0; | |
866 | } | |
867 | ||
87c5942e CL |
868 | static __be32 nfsd_finish_read(struct svc_rqst *rqstp, struct svc_fh *fhp, |
869 | struct file *file, loff_t offset, | |
83a63072 | 870 | unsigned long *count, u32 *eof, ssize_t host_err) |
1da177e4 | 871 | { |
6264d69d | 872 | if (host_err >= 0) { |
20ad856e | 873 | nfsd_stats_io_read_add(fhp->fh_export, host_err); |
83a63072 | 874 | *eof = nfsd_eof_on_read(file, offset, host_err, *count); |
6264d69d | 875 | *count = host_err; |
2a12a9d7 | 876 | fsnotify_access(file); |
87c5942e | 877 | trace_nfsd_read_io_done(rqstp, fhp, offset, *count); |
dc97618d | 878 | return 0; |
87c5942e CL |
879 | } else { |
880 | trace_nfsd_read_err(rqstp, fhp, offset, host_err); | |
dc97618d | 881 | return nfserrno(host_err); |
87c5942e | 882 | } |
dc97618d BF |
883 | } |
884 | ||
87c5942e | 885 | __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp, |
83a63072 TM |
886 | struct file *file, loff_t offset, unsigned long *count, |
887 | u32 *eof) | |
dc97618d BF |
888 | { |
889 | struct splice_desc sd = { | |
890 | .len = 0, | |
891 | .total_len = *count, | |
892 | .pos = offset, | |
893 | .u.data = rqstp, | |
894 | }; | |
83a63072 | 895 | ssize_t host_err; |
dc97618d | 896 | |
87c5942e | 897 | trace_nfsd_read_splice(rqstp, fhp, offset, *count); |
dc97618d BF |
898 | rqstp->rq_next_page = rqstp->rq_respages + 1; |
899 | host_err = splice_direct_to_actor(file, &sd, nfsd_direct_splice_actor); | |
83a63072 | 900 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); |
dc97618d BF |
901 | } |
902 | ||
87c5942e CL |
903 | __be32 nfsd_readv(struct svc_rqst *rqstp, struct svc_fh *fhp, |
904 | struct file *file, loff_t offset, | |
83a63072 TM |
905 | struct kvec *vec, int vlen, unsigned long *count, |
906 | u32 *eof) | |
dc97618d | 907 | { |
73da852e | 908 | struct iov_iter iter; |
83a63072 TM |
909 | loff_t ppos = offset; |
910 | ssize_t host_err; | |
dc97618d | 911 | |
87c5942e | 912 | trace_nfsd_read_vector(rqstp, fhp, offset, *count); |
aa563d7b | 913 | iov_iter_kvec(&iter, READ, vec, vlen, *count); |
83a63072 TM |
914 | host_err = vfs_iter_read(file, &iter, &ppos, 0); |
915 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); | |
1da177e4 LT |
916 | } |
917 | ||
d911df7b BF |
918 | /* |
919 | * Gathered writes: If another process is currently writing to the file, | |
920 | * there's a high chance this is another nfsd (triggered by a bulk write | |
921 | * from a client's biod). Rather than syncing the file with each write | |
922 | * request, we sleep for 10 msec. | |
923 | * | |
924 | * I don't know if this roughly approximates C. Juszak's idea of | |
925 | * gathered writes, but it's a nice and simple solution (IMHO), and it | |
926 | * seems to work:-) | |
927 | * | |
928 | * Note: we do this only in the NFSv2 case, since v3 and higher have a | |
929 | * better tool (separate unstable writes and commits) for solving this | |
930 | * problem. | |
931 | */ | |
932 | static int wait_for_concurrent_writes(struct file *file) | |
933 | { | |
496ad9aa | 934 | struct inode *inode = file_inode(file); |
d911df7b BF |
935 | static ino_t last_ino; |
936 | static dev_t last_dev; | |
937 | int err = 0; | |
938 | ||
939 | if (atomic_read(&inode->i_writecount) > 1 | |
940 | || (last_ino == inode->i_ino && last_dev == inode->i_sb->s_dev)) { | |
941 | dprintk("nfsd: write defer %d\n", task_pid_nr(current)); | |
942 | msleep(10); | |
943 | dprintk("nfsd: write resume %d\n", task_pid_nr(current)); | |
944 | } | |
945 | ||
946 | if (inode->i_state & I_DIRTY) { | |
947 | dprintk("nfsd: write sync %d\n", task_pid_nr(current)); | |
8018ab05 | 948 | err = vfs_fsync(file, 0); |
d911df7b BF |
949 | } |
950 | last_ino = inode->i_ino; | |
951 | last_dev = inode->i_sb->s_dev; | |
952 | return err; | |
953 | } | |
954 | ||
af90f707 | 955 | __be32 |
16f8f894 | 956 | nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfsd_file *nf, |
1da177e4 | 957 | loff_t offset, struct kvec *vec, int vlen, |
19e0663f TM |
958 | unsigned long *cnt, int stable, |
959 | __be32 *verf) | |
1da177e4 | 960 | { |
16f8f894 | 961 | struct file *file = nf->nf_file; |
01cbf385 | 962 | struct super_block *sb = file_inode(file)->i_sb; |
1da177e4 | 963 | struct svc_export *exp; |
73da852e | 964 | struct iov_iter iter; |
adcfcbc2 | 965 | errseq_t since; |
d890be15 | 966 | __be32 nfserr; |
6264d69d | 967 | int host_err; |
48e03bc5 | 968 | int use_wgather; |
e49dbbf3 | 969 | loff_t pos = offset; |
01cbf385 | 970 | unsigned long exp_op_flags = 0; |
8658452e | 971 | unsigned int pflags = current->flags; |
ddef7ed2 | 972 | rwf_t flags = 0; |
01cbf385 | 973 | bool restore_flags = false; |
8658452e | 974 | |
d890be15 CL |
975 | trace_nfsd_write_opened(rqstp, fhp, offset, *cnt); |
976 | ||
01cbf385 TM |
977 | if (sb->s_export_op) |
978 | exp_op_flags = sb->s_export_op->flags; | |
979 | ||
980 | if (test_bit(RQ_LOCAL, &rqstp->rq_flags) && | |
981 | !(exp_op_flags & EXPORT_OP_REMOTE_FS)) { | |
8658452e | 982 | /* |
a37b0715 N |
983 | * We want throttling in balance_dirty_pages() |
984 | * and shrink_inactive_list() to only consider | |
985 | * the backingdev we are writing to, so that nfs to | |
8658452e N |
986 | * localhost doesn't cause nfsd to lock up due to all |
987 | * the client's dirty pages or its congested queue. | |
988 | */ | |
a37b0715 | 989 | current->flags |= PF_LOCAL_THROTTLE; |
01cbf385 TM |
990 | restore_flags = true; |
991 | } | |
1da177e4 | 992 | |
865d50b2 | 993 | exp = fhp->fh_export; |
48e03bc5 | 994 | use_wgather = (rqstp->rq_vers == 2) && EX_WGATHER(exp); |
1da177e4 | 995 | |
1da177e4 | 996 | if (!EX_ISSYNC(exp)) |
54bbb7d2 | 997 | stable = NFS_UNSTABLE; |
1da177e4 | 998 | |
24368aad CH |
999 | if (stable && !use_wgather) |
1000 | flags |= RWF_SYNC; | |
1001 | ||
aa563d7b | 1002 | iov_iter_kvec(&iter, WRITE, vec, vlen, *cnt); |
adcfcbc2 | 1003 | since = READ_ONCE(file->f_wb_err); |
5011af4c | 1004 | if (flags & RWF_SYNC) { |
dc842af8 CL |
1005 | if (verf) |
1006 | nfsd_copy_boot_verifier(verf, | |
1007 | net_generic(SVC_NET(rqstp), | |
1008 | nfsd_net_id)); | |
5011af4c TM |
1009 | host_err = vfs_iter_write(file, &iter, &pos, flags); |
1010 | if (host_err < 0) | |
1011 | nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp), | |
1012 | nfsd_net_id)); | |
5011af4c | 1013 | } else { |
19e0663f TM |
1014 | if (verf) |
1015 | nfsd_copy_boot_verifier(verf, | |
1016 | net_generic(SVC_NET(rqstp), | |
1017 | nfsd_net_id)); | |
5011af4c | 1018 | host_err = vfs_iter_write(file, &iter, &pos, flags); |
5011af4c | 1019 | } |
7bf94c6b TM |
1020 | if (host_err < 0) { |
1021 | nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp), | |
1022 | nfsd_net_id)); | |
e4636d53 | 1023 | goto out_nfserr; |
7bf94c6b | 1024 | } |
09a80f2a | 1025 | *cnt = host_err; |
20ad856e | 1026 | nfsd_stats_io_write_add(exp, *cnt); |
2a12a9d7 | 1027 | fsnotify_modify(file); |
adcfcbc2 TM |
1028 | host_err = filemap_check_wb_err(file->f_mapping, since); |
1029 | if (host_err < 0) | |
1030 | goto out_nfserr; | |
1da177e4 | 1031 | |
bbf2f098 | 1032 | if (stable && use_wgather) { |
24368aad | 1033 | host_err = wait_for_concurrent_writes(file); |
bbf2f098 TM |
1034 | if (host_err < 0) |
1035 | nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp), | |
1036 | nfsd_net_id)); | |
1037 | } | |
1da177e4 | 1038 | |
e4636d53 | 1039 | out_nfserr: |
d890be15 CL |
1040 | if (host_err >= 0) { |
1041 | trace_nfsd_write_io_done(rqstp, fhp, offset, *cnt); | |
1042 | nfserr = nfs_ok; | |
1043 | } else { | |
1044 | trace_nfsd_write_err(rqstp, fhp, offset, host_err); | |
1045 | nfserr = nfserrno(host_err); | |
1046 | } | |
01cbf385 | 1047 | if (restore_flags) |
a37b0715 | 1048 | current_restore_flags(pflags, PF_LOCAL_THROTTLE); |
d890be15 | 1049 | return nfserr; |
1da177e4 LT |
1050 | } |
1051 | ||
dc97618d BF |
1052 | /* |
1053 | * Read data from a file. count must contain the requested read count | |
1054 | * on entry. On return, *count contains the number of bytes actually read. | |
1055 | * N.B. After this call fhp needs an fh_put | |
1056 | */ | |
1057 | __be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
83a63072 TM |
1058 | loff_t offset, struct kvec *vec, int vlen, unsigned long *count, |
1059 | u32 *eof) | |
dc97618d | 1060 | { |
48cd7b51 | 1061 | struct nfsd_file *nf; |
dc97618d | 1062 | struct file *file; |
dc97618d BF |
1063 | __be32 err; |
1064 | ||
f394b62b | 1065 | trace_nfsd_read_start(rqstp, fhp, offset, *count); |
48cd7b51 | 1066 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); |
dc97618d BF |
1067 | if (err) |
1068 | return err; | |
1069 | ||
48cd7b51 | 1070 | file = nf->nf_file; |
a4058c5b | 1071 | if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &rqstp->rq_flags)) |
83a63072 | 1072 | err = nfsd_splice_read(rqstp, fhp, file, offset, count, eof); |
a4058c5b | 1073 | else |
83a63072 | 1074 | err = nfsd_readv(rqstp, fhp, file, offset, vec, vlen, count, eof); |
6e8b50d1 | 1075 | |
48cd7b51 | 1076 | nfsd_file_put(nf); |
dc97618d | 1077 | |
f394b62b | 1078 | trace_nfsd_read_done(rqstp, fhp, offset, *count); |
6e8b50d1 | 1079 | |
fa0a2126 BF |
1080 | return err; |
1081 | } | |
1082 | ||
1da177e4 LT |
1083 | /* |
1084 | * Write data to a file. | |
1085 | * The stable flag requests synchronous writes. | |
1086 | * N.B. After this call fhp needs an fh_put | |
1087 | */ | |
6264d69d | 1088 | __be32 |
52e380e0 | 1089 | nfsd_write(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t offset, |
19e0663f TM |
1090 | struct kvec *vec, int vlen, unsigned long *cnt, int stable, |
1091 | __be32 *verf) | |
1da177e4 | 1092 | { |
b4935239 JL |
1093 | struct nfsd_file *nf; |
1094 | __be32 err; | |
1da177e4 | 1095 | |
f394b62b | 1096 | trace_nfsd_write_start(rqstp, fhp, offset, *cnt); |
6e8b50d1 | 1097 | |
b4935239 | 1098 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_WRITE, &nf); |
52e380e0 KM |
1099 | if (err) |
1100 | goto out; | |
1101 | ||
16f8f894 | 1102 | err = nfsd_vfs_write(rqstp, fhp, nf, offset, vec, |
19e0663f | 1103 | vlen, cnt, stable, verf); |
b4935239 | 1104 | nfsd_file_put(nf); |
1da177e4 | 1105 | out: |
f394b62b | 1106 | trace_nfsd_write_done(rqstp, fhp, offset, *cnt); |
1da177e4 LT |
1107 | return err; |
1108 | } | |
1109 | ||
1110 | #ifdef CONFIG_NFSD_V3 | |
1111 | /* | |
1112 | * Commit all pending writes to stable storage. | |
aa696a6f TM |
1113 | * |
1114 | * Note: we only guarantee that data that lies within the range specified | |
1115 | * by the 'offset' and 'count' parameters will be synced. | |
1da177e4 LT |
1116 | * |
1117 | * Unfortunately we cannot lock the file to make sure we return full WCC | |
1118 | * data to the client, as locking happens lower down in the filesystem. | |
1119 | */ | |
6264d69d | 1120 | __be32 |
1da177e4 | 1121 | nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp, |
524ff1af | 1122 | loff_t offset, unsigned long count, __be32 *verf) |
1da177e4 | 1123 | { |
5920afa3 JL |
1124 | struct nfsd_file *nf; |
1125 | loff_t end = LLONG_MAX; | |
1126 | __be32 err = nfserr_inval; | |
1da177e4 | 1127 | |
aa696a6f TM |
1128 | if (offset < 0) |
1129 | goto out; | |
1130 | if (count != 0) { | |
1131 | end = offset + (loff_t)count - 1; | |
1132 | if (end < offset) | |
1133 | goto out; | |
1134 | } | |
1da177e4 | 1135 | |
5920afa3 JL |
1136 | err = nfsd_file_acquire(rqstp, fhp, |
1137 | NFSD_MAY_WRITE|NFSD_MAY_NOT_BREAK_LEASE, &nf); | |
8837abca | 1138 | if (err) |
aa696a6f | 1139 | goto out; |
1da177e4 | 1140 | if (EX_ISSYNC(fhp->fh_export)) { |
adcfcbc2 TM |
1141 | errseq_t since = READ_ONCE(nf->nf_file->f_wb_err); |
1142 | int err2; | |
aa696a6f | 1143 | |
adcfcbc2 | 1144 | err2 = vfs_fsync_range(nf->nf_file, offset, end, 0); |
bbf2f098 TM |
1145 | switch (err2) { |
1146 | case 0: | |
524ff1af TM |
1147 | nfsd_copy_boot_verifier(verf, net_generic(nf->nf_net, |
1148 | nfsd_net_id)); | |
adcfcbc2 TM |
1149 | err2 = filemap_check_wb_err(nf->nf_file->f_mapping, |
1150 | since); | |
98976e52 | 1151 | err = nfserrno(err2); |
bbf2f098 TM |
1152 | break; |
1153 | case -EINVAL: | |
1da177e4 | 1154 | err = nfserr_notsupp; |
bbf2f098 TM |
1155 | break; |
1156 | default: | |
bbf2f098 TM |
1157 | nfsd_reset_boot_verifier(net_generic(nf->nf_net, |
1158 | nfsd_net_id)); | |
98976e52 | 1159 | err = nfserrno(err2); |
bbf2f098 | 1160 | } |
524ff1af TM |
1161 | } else |
1162 | nfsd_copy_boot_verifier(verf, net_generic(nf->nf_net, | |
1163 | nfsd_net_id)); | |
1da177e4 | 1164 | |
5920afa3 | 1165 | nfsd_file_put(nf); |
aa696a6f | 1166 | out: |
1da177e4 LT |
1167 | return err; |
1168 | } | |
1169 | #endif /* CONFIG_NFSD_V3 */ | |
1170 | ||
f2b0dee2 | 1171 | static __be32 |
5c002b3b BF |
1172 | nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp, |
1173 | struct iattr *iap) | |
1174 | { | |
1175 | /* | |
1176 | * Mode has already been set earlier in create: | |
1177 | */ | |
1178 | iap->ia_valid &= ~ATTR_MODE; | |
1179 | /* | |
1180 | * Setting uid/gid works only for root. Irix appears to | |
1181 | * send along the gid on create when it tries to implement | |
1182 | * setgid directories via NFS: | |
1183 | */ | |
6fab8779 | 1184 | if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID)) |
5c002b3b BF |
1185 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); |
1186 | if (iap->ia_valid) | |
2a1aa489 | 1187 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time64_t)0); |
0f3a24b4 | 1188 | /* Callers expect file metadata to be committed here */ |
722b620d | 1189 | return nfserrno(commit_metadata(resfhp)); |
5c002b3b BF |
1190 | } |
1191 | ||
4ac35c2f | 1192 | /* HPUX client sometimes creates a file in mode 000, and sets size to 0. |
1193 | * setting size to 0 may fail for some specific file systems by the permission | |
1194 | * checking which requires WRITE permission but the mode is 000. | |
1195 | * we ignore the resizing(to 0) on the just new created file, since the size is | |
1196 | * 0 after file created. | |
1197 | * | |
1198 | * call this only after vfs_create() is called. | |
1199 | * */ | |
1200 | static void | |
1201 | nfsd_check_ignore_resizing(struct iattr *iap) | |
1202 | { | |
1203 | if ((iap->ia_valid & ATTR_SIZE) && (iap->ia_size == 0)) | |
1204 | iap->ia_valid &= ~ATTR_SIZE; | |
1205 | } | |
1206 | ||
b44061d0 | 1207 | /* The parent directory should already be locked: */ |
6264d69d | 1208 | __be32 |
b44061d0 | 1209 | nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1da177e4 LT |
1210 | char *fname, int flen, struct iattr *iap, |
1211 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1212 | { | |
2b118859 | 1213 | struct dentry *dentry, *dchild; |
1da177e4 | 1214 | struct inode *dirp; |
6264d69d | 1215 | __be32 err; |
5c002b3b | 1216 | __be32 err2; |
6264d69d | 1217 | int host_err; |
1da177e4 | 1218 | |
1da177e4 | 1219 | dentry = fhp->fh_dentry; |
2b0143b5 | 1220 | dirp = d_inode(dentry); |
1da177e4 | 1221 | |
b44061d0 BF |
1222 | dchild = dget(resfhp->fh_dentry); |
1223 | if (!fhp->fh_locked) { | |
1224 | WARN_ONCE(1, "nfsd_create: parent %pd2 not locked!\n", | |
a6a9f18f | 1225 | dentry); |
b44061d0 BF |
1226 | err = nfserr_io; |
1227 | goto out; | |
1da177e4 | 1228 | } |
1da177e4 | 1229 | |
7eed34f1 OD |
1230 | err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE); |
1231 | if (err) | |
1232 | goto out; | |
1233 | ||
1da177e4 LT |
1234 | if (!(iap->ia_valid & ATTR_MODE)) |
1235 | iap->ia_mode = 0; | |
1236 | iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; | |
1237 | ||
22cf8419 BF |
1238 | if (!IS_POSIXACL(dirp)) |
1239 | iap->ia_mode &= ~current_umask(); | |
1240 | ||
088406bc | 1241 | err = 0; |
4a55c101 | 1242 | host_err = 0; |
1da177e4 LT |
1243 | switch (type) { |
1244 | case S_IFREG: | |
6521f891 | 1245 | host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true); |
4ac35c2f | 1246 | if (!host_err) |
1247 | nfsd_check_ignore_resizing(iap); | |
1da177e4 LT |
1248 | break; |
1249 | case S_IFDIR: | |
6521f891 | 1250 | host_err = vfs_mkdir(&init_user_ns, dirp, dchild, iap->ia_mode); |
3819bb0d AV |
1251 | if (!host_err && unlikely(d_unhashed(dchild))) { |
1252 | struct dentry *d; | |
1253 | d = lookup_one_len(dchild->d_name.name, | |
1254 | dchild->d_parent, | |
1255 | dchild->d_name.len); | |
1256 | if (IS_ERR(d)) { | |
1257 | host_err = PTR_ERR(d); | |
1258 | break; | |
1259 | } | |
1260 | if (unlikely(d_is_negative(d))) { | |
1261 | dput(d); | |
1262 | err = nfserr_serverfault; | |
1263 | goto out; | |
1264 | } | |
1265 | dput(resfhp->fh_dentry); | |
1266 | resfhp->fh_dentry = dget(d); | |
1267 | err = fh_update(resfhp); | |
1268 | dput(dchild); | |
1269 | dchild = d; | |
1270 | if (err) | |
1271 | goto out; | |
1272 | } | |
1da177e4 LT |
1273 | break; |
1274 | case S_IFCHR: | |
1275 | case S_IFBLK: | |
1276 | case S_IFIFO: | |
1277 | case S_IFSOCK: | |
6521f891 CB |
1278 | host_err = vfs_mknod(&init_user_ns, dirp, dchild, |
1279 | iap->ia_mode, rdev); | |
1da177e4 | 1280 | break; |
71423274 BF |
1281 | default: |
1282 | printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n", | |
1283 | type); | |
1284 | host_err = -EINVAL; | |
1da177e4 | 1285 | } |
4a55c101 | 1286 | if (host_err < 0) |
1da177e4 LT |
1287 | goto out_nfserr; |
1288 | ||
f501912a | 1289 | err = nfsd_create_setattr(rqstp, resfhp, iap); |
1da177e4 | 1290 | |
f501912a | 1291 | /* |
0f3a24b4 TM |
1292 | * nfsd_create_setattr already committed the child. Transactional |
1293 | * filesystems had a chance to commit changes for both parent and | |
b44061d0 | 1294 | * child simultaneously making the following commit_metadata a |
0f3a24b4 | 1295 | * noop. |
f501912a BM |
1296 | */ |
1297 | err2 = nfserrno(commit_metadata(fhp)); | |
5c002b3b BF |
1298 | if (err2) |
1299 | err = err2; | |
1da177e4 LT |
1300 | /* |
1301 | * Update the file handle to get the new inode info. | |
1302 | */ | |
1303 | if (!err) | |
1304 | err = fh_update(resfhp); | |
1305 | out: | |
2b118859 | 1306 | dput(dchild); |
1da177e4 LT |
1307 | return err; |
1308 | ||
1309 | out_nfserr: | |
6264d69d | 1310 | err = nfserrno(host_err); |
1da177e4 LT |
1311 | goto out; |
1312 | } | |
1313 | ||
b44061d0 BF |
1314 | /* |
1315 | * Create a filesystem object (regular, directory, special). | |
1316 | * Note that the parent directory is left locked. | |
1317 | * | |
1318 | * N.B. Every call to nfsd_create needs an fh_put for _both_ fhp and resfhp | |
1319 | */ | |
1320 | __be32 | |
1321 | nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1322 | char *fname, int flen, struct iattr *iap, | |
1323 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1324 | { | |
1325 | struct dentry *dentry, *dchild = NULL; | |
b44061d0 BF |
1326 | __be32 err; |
1327 | int host_err; | |
1328 | ||
1329 | if (isdotent(fname, flen)) | |
1330 | return nfserr_exist; | |
1331 | ||
fa08139d | 1332 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_NOP); |
b44061d0 BF |
1333 | if (err) |
1334 | return err; | |
1335 | ||
1336 | dentry = fhp->fh_dentry; | |
b44061d0 BF |
1337 | |
1338 | host_err = fh_want_write(fhp); | |
1339 | if (host_err) | |
1340 | return nfserrno(host_err); | |
1341 | ||
1342 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1343 | dchild = lookup_one_len(fname, dentry, flen); | |
1344 | host_err = PTR_ERR(dchild); | |
1345 | if (IS_ERR(dchild)) | |
1346 | return nfserrno(host_err); | |
1347 | err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); | |
502aa0a5 JB |
1348 | /* |
1349 | * We unconditionally drop our ref to dchild as fh_compose will have | |
1350 | * already grabbed its own ref for it. | |
1351 | */ | |
1352 | dput(dchild); | |
1353 | if (err) | |
b44061d0 | 1354 | return err; |
b44061d0 BF |
1355 | return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type, |
1356 | rdev, resfhp); | |
1357 | } | |
1358 | ||
1da177e4 | 1359 | #ifdef CONFIG_NFSD_V3 |
ac6721a1 | 1360 | |
1da177e4 | 1361 | /* |
ac6721a1 | 1362 | * NFSv3 and NFSv4 version of nfsd_create |
1da177e4 | 1363 | */ |
6264d69d | 1364 | __be32 |
ac6721a1 | 1365 | do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1da177e4 LT |
1366 | char *fname, int flen, struct iattr *iap, |
1367 | struct svc_fh *resfhp, int createmode, u32 *verifier, | |
856121b2 | 1368 | bool *truncp, bool *created) |
1da177e4 LT |
1369 | { |
1370 | struct dentry *dentry, *dchild = NULL; | |
1371 | struct inode *dirp; | |
6264d69d AV |
1372 | __be32 err; |
1373 | int host_err; | |
1da177e4 | 1374 | __u32 v_mtime=0, v_atime=0; |
1da177e4 LT |
1375 | |
1376 | err = nfserr_perm; | |
1377 | if (!flen) | |
1378 | goto out; | |
1379 | err = nfserr_exist; | |
1380 | if (isdotent(fname, flen)) | |
1381 | goto out; | |
1382 | if (!(iap->ia_valid & ATTR_MODE)) | |
1383 | iap->ia_mode = 0; | |
1574dff8 | 1384 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); |
1da177e4 LT |
1385 | if (err) |
1386 | goto out; | |
1387 | ||
1388 | dentry = fhp->fh_dentry; | |
2b0143b5 | 1389 | dirp = d_inode(dentry); |
1da177e4 | 1390 | |
4a55c101 JK |
1391 | host_err = fh_want_write(fhp); |
1392 | if (host_err) | |
1393 | goto out_nfserr; | |
1394 | ||
12fd3520 | 1395 | fh_lock_nested(fhp, I_MUTEX_PARENT); |
1da177e4 LT |
1396 | |
1397 | /* | |
1398 | * Compose the response file handle. | |
1399 | */ | |
1400 | dchild = lookup_one_len(fname, dentry, flen); | |
6264d69d | 1401 | host_err = PTR_ERR(dchild); |
1da177e4 LT |
1402 | if (IS_ERR(dchild)) |
1403 | goto out_nfserr; | |
1404 | ||
1574dff8 | 1405 | /* If file doesn't exist, check for permissions to create one */ |
2b0143b5 | 1406 | if (d_really_is_negative(dchild)) { |
1574dff8 SP |
1407 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); |
1408 | if (err) | |
1409 | goto out; | |
1410 | } | |
1411 | ||
1da177e4 LT |
1412 | err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); |
1413 | if (err) | |
1414 | goto out; | |
1415 | ||
ac6721a1 | 1416 | if (nfsd_create_is_exclusive(createmode)) { |
c397852c | 1417 | /* solaris7 gets confused (bugid 4218508) if these have |
749997e5 JL |
1418 | * the high bit set, so just clear the high bits. If this is |
1419 | * ever changed to use different attrs for storing the | |
1420 | * verifier, then do_open_lookup() will also need to be fixed | |
1421 | * accordingly. | |
1da177e4 LT |
1422 | */ |
1423 | v_mtime = verifier[0]&0x7fffffff; | |
1424 | v_atime = verifier[1]&0x7fffffff; | |
1da177e4 LT |
1425 | } |
1426 | ||
2b0143b5 | 1427 | if (d_really_is_positive(dchild)) { |
1da177e4 LT |
1428 | err = 0; |
1429 | ||
1430 | switch (createmode) { | |
1431 | case NFS3_CREATE_UNCHECKED: | |
e36cb0b8 | 1432 | if (! d_is_reg(dchild)) |
9dc4e6c4 | 1433 | goto out; |
1da177e4 LT |
1434 | else if (truncp) { |
1435 | /* in nfsv4, we need to treat this case a little | |
1436 | * differently. we don't want to truncate the | |
1437 | * file now; this would be wrong if the OPEN | |
1438 | * fails for some other reason. furthermore, | |
1439 | * if the size is nonzero, we should ignore it | |
1440 | * according to spec! | |
1441 | */ | |
1442 | *truncp = (iap->ia_valid & ATTR_SIZE) && !iap->ia_size; | |
1443 | } | |
1444 | else { | |
1445 | iap->ia_valid &= ATTR_SIZE; | |
1446 | goto set_attr; | |
1447 | } | |
1448 | break; | |
1449 | case NFS3_CREATE_EXCLUSIVE: | |
2b0143b5 DH |
1450 | if ( d_inode(dchild)->i_mtime.tv_sec == v_mtime |
1451 | && d_inode(dchild)->i_atime.tv_sec == v_atime | |
1452 | && d_inode(dchild)->i_size == 0 ) { | |
7007c90f | 1453 | if (created) |
384a7cca | 1454 | *created = true; |
1da177e4 | 1455 | break; |
7007c90f | 1456 | } |
df561f66 | 1457 | fallthrough; |
ac6721a1 | 1458 | case NFS4_CREATE_EXCLUSIVE4_1: |
2b0143b5 DH |
1459 | if ( d_inode(dchild)->i_mtime.tv_sec == v_mtime |
1460 | && d_inode(dchild)->i_atime.tv_sec == v_atime | |
1461 | && d_inode(dchild)->i_size == 0 ) { | |
7007c90f | 1462 | if (created) |
384a7cca | 1463 | *created = true; |
ac6721a1 | 1464 | goto set_attr; |
7007c90f | 1465 | } |
df561f66 | 1466 | fallthrough; |
1da177e4 LT |
1467 | case NFS3_CREATE_GUARDED: |
1468 | err = nfserr_exist; | |
1469 | } | |
bad0dcff | 1470 | fh_drop_write(fhp); |
1da177e4 LT |
1471 | goto out; |
1472 | } | |
1473 | ||
22cf8419 BF |
1474 | if (!IS_POSIXACL(dirp)) |
1475 | iap->ia_mode &= ~current_umask(); | |
1476 | ||
6521f891 | 1477 | host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true); |
463c3197 | 1478 | if (host_err < 0) { |
bad0dcff | 1479 | fh_drop_write(fhp); |
1da177e4 | 1480 | goto out_nfserr; |
463c3197 | 1481 | } |
81ac95c5 | 1482 | if (created) |
384a7cca | 1483 | *created = true; |
1da177e4 | 1484 | |
4ac35c2f | 1485 | nfsd_check_ignore_resizing(iap); |
1486 | ||
ac6721a1 | 1487 | if (nfsd_create_is_exclusive(createmode)) { |
c397852c | 1488 | /* Cram the verifier into atime/mtime */ |
1da177e4 | 1489 | iap->ia_valid = ATTR_MTIME|ATTR_ATIME |
c397852c | 1490 | | ATTR_MTIME_SET|ATTR_ATIME_SET; |
1da177e4 LT |
1491 | /* XXX someone who knows this better please fix it for nsec */ |
1492 | iap->ia_mtime.tv_sec = v_mtime; | |
1493 | iap->ia_atime.tv_sec = v_atime; | |
1494 | iap->ia_mtime.tv_nsec = 0; | |
1495 | iap->ia_atime.tv_nsec = 0; | |
1da177e4 LT |
1496 | } |
1497 | ||
1da177e4 | 1498 | set_attr: |
f501912a BM |
1499 | err = nfsd_create_setattr(rqstp, resfhp, iap); |
1500 | ||
1501 | /* | |
0f3a24b4 TM |
1502 | * nfsd_create_setattr already committed the child |
1503 | * (and possibly also the parent). | |
f501912a BM |
1504 | */ |
1505 | if (!err) | |
1506 | err = nfserrno(commit_metadata(fhp)); | |
f193fbab YT |
1507 | |
1508 | /* | |
1509 | * Update the filehandle to get the new inode info. | |
1510 | */ | |
1511 | if (!err) | |
1512 | err = fh_update(resfhp); | |
1da177e4 LT |
1513 | |
1514 | out: | |
1515 | fh_unlock(fhp); | |
1516 | if (dchild && !IS_ERR(dchild)) | |
1517 | dput(dchild); | |
4a55c101 | 1518 | fh_drop_write(fhp); |
1da177e4 LT |
1519 | return err; |
1520 | ||
1521 | out_nfserr: | |
6264d69d | 1522 | err = nfserrno(host_err); |
1da177e4 LT |
1523 | goto out; |
1524 | } | |
1525 | #endif /* CONFIG_NFSD_V3 */ | |
1526 | ||
1527 | /* | |
1528 | * Read a symlink. On entry, *lenp must contain the maximum path length that | |
1529 | * fits into the buffer. On return, it contains the true length. | |
1530 | * N.B. After this call fhp needs an fh_put | |
1531 | */ | |
6264d69d | 1532 | __be32 |
1da177e4 LT |
1533 | nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) |
1534 | { | |
6264d69d | 1535 | __be32 err; |
4d7edbc3 | 1536 | const char *link; |
68ac1234 | 1537 | struct path path; |
4d7edbc3 AV |
1538 | DEFINE_DELAYED_CALL(done); |
1539 | int len; | |
1da177e4 | 1540 | |
8837abca | 1541 | err = fh_verify(rqstp, fhp, S_IFLNK, NFSD_MAY_NOP); |
4d7edbc3 AV |
1542 | if (unlikely(err)) |
1543 | return err; | |
1da177e4 | 1544 | |
68ac1234 AV |
1545 | path.mnt = fhp->fh_export->ex_path.mnt; |
1546 | path.dentry = fhp->fh_dentry; | |
1da177e4 | 1547 | |
4d7edbc3 AV |
1548 | if (unlikely(!d_is_symlink(path.dentry))) |
1549 | return nfserr_inval; | |
1da177e4 | 1550 | |
68ac1234 | 1551 | touch_atime(&path); |
1da177e4 | 1552 | |
4d7edbc3 AV |
1553 | link = vfs_get_link(path.dentry, &done); |
1554 | if (IS_ERR(link)) | |
1555 | return nfserrno(PTR_ERR(link)); | |
1da177e4 | 1556 | |
4d7edbc3 AV |
1557 | len = strlen(link); |
1558 | if (len < *lenp) | |
1559 | *lenp = len; | |
1560 | memcpy(buf, link, *lenp); | |
1561 | do_delayed_call(&done); | |
1562 | return 0; | |
1da177e4 LT |
1563 | } |
1564 | ||
1565 | /* | |
1566 | * Create a symlink and look up its inode | |
1567 | * N.B. After this call _both_ fhp and resfhp need an fh_put | |
1568 | */ | |
6264d69d | 1569 | __be32 |
1da177e4 LT |
1570 | nfsd_symlink(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1571 | char *fname, int flen, | |
52ee0433 | 1572 | char *path, |
1e444f5b | 1573 | struct svc_fh *resfhp) |
1da177e4 LT |
1574 | { |
1575 | struct dentry *dentry, *dnew; | |
6264d69d AV |
1576 | __be32 err, cerr; |
1577 | int host_err; | |
1da177e4 LT |
1578 | |
1579 | err = nfserr_noent; | |
52ee0433 | 1580 | if (!flen || path[0] == '\0') |
1da177e4 LT |
1581 | goto out; |
1582 | err = nfserr_exist; | |
1583 | if (isdotent(fname, flen)) | |
1584 | goto out; | |
1585 | ||
8837abca | 1586 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1587 | if (err) |
1588 | goto out; | |
4a55c101 JK |
1589 | |
1590 | host_err = fh_want_write(fhp); | |
1591 | if (host_err) | |
1592 | goto out_nfserr; | |
1593 | ||
1da177e4 LT |
1594 | fh_lock(fhp); |
1595 | dentry = fhp->fh_dentry; | |
1596 | dnew = lookup_one_len(fname, dentry, flen); | |
6264d69d | 1597 | host_err = PTR_ERR(dnew); |
1da177e4 LT |
1598 | if (IS_ERR(dnew)) |
1599 | goto out_nfserr; | |
1600 | ||
6521f891 | 1601 | host_err = vfs_symlink(&init_user_ns, d_inode(dentry), dnew, path); |
6264d69d | 1602 | err = nfserrno(host_err); |
eeeadbb9 | 1603 | fh_unlock(fhp); |
f501912a BM |
1604 | if (!err) |
1605 | err = nfserrno(commit_metadata(fhp)); | |
1da177e4 | 1606 | |
bad0dcff | 1607 | fh_drop_write(fhp); |
75c3f29d | 1608 | |
1da177e4 LT |
1609 | cerr = fh_compose(resfhp, fhp->fh_export, dnew, fhp); |
1610 | dput(dnew); | |
1611 | if (err==0) err = cerr; | |
1612 | out: | |
1613 | return err; | |
1614 | ||
1615 | out_nfserr: | |
6264d69d | 1616 | err = nfserrno(host_err); |
1da177e4 LT |
1617 | goto out; |
1618 | } | |
1619 | ||
1620 | /* | |
1621 | * Create a hardlink | |
1622 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1623 | */ | |
6264d69d | 1624 | __be32 |
1da177e4 LT |
1625 | nfsd_link(struct svc_rqst *rqstp, struct svc_fh *ffhp, |
1626 | char *name, int len, struct svc_fh *tfhp) | |
1627 | { | |
1628 | struct dentry *ddir, *dnew, *dold; | |
55b13354 | 1629 | struct inode *dirp; |
6264d69d AV |
1630 | __be32 err; |
1631 | int host_err; | |
1da177e4 | 1632 | |
8837abca | 1633 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1634 | if (err) |
1635 | goto out; | |
7d818a7b | 1636 | err = fh_verify(rqstp, tfhp, 0, NFSD_MAY_NOP); |
1da177e4 LT |
1637 | if (err) |
1638 | goto out; | |
7d818a7b | 1639 | err = nfserr_isdir; |
e36cb0b8 | 1640 | if (d_is_dir(tfhp->fh_dentry)) |
7d818a7b | 1641 | goto out; |
1da177e4 LT |
1642 | err = nfserr_perm; |
1643 | if (!len) | |
1644 | goto out; | |
1645 | err = nfserr_exist; | |
1646 | if (isdotent(name, len)) | |
1647 | goto out; | |
1648 | ||
4a55c101 JK |
1649 | host_err = fh_want_write(tfhp); |
1650 | if (host_err) { | |
1651 | err = nfserrno(host_err); | |
1652 | goto out; | |
1653 | } | |
1654 | ||
12fd3520 | 1655 | fh_lock_nested(ffhp, I_MUTEX_PARENT); |
1da177e4 | 1656 | ddir = ffhp->fh_dentry; |
2b0143b5 | 1657 | dirp = d_inode(ddir); |
1da177e4 LT |
1658 | |
1659 | dnew = lookup_one_len(name, ddir, len); | |
6264d69d | 1660 | host_err = PTR_ERR(dnew); |
1da177e4 LT |
1661 | if (IS_ERR(dnew)) |
1662 | goto out_nfserr; | |
1663 | ||
1664 | dold = tfhp->fh_dentry; | |
1da177e4 | 1665 | |
4795bb37 | 1666 | err = nfserr_noent; |
2b0143b5 | 1667 | if (d_really_is_negative(dold)) |
4a55c101 | 1668 | goto out_dput; |
6521f891 | 1669 | host_err = vfs_link(dold, &init_user_ns, dirp, dnew, NULL); |
eeeadbb9 | 1670 | fh_unlock(ffhp); |
6264d69d | 1671 | if (!host_err) { |
f501912a BM |
1672 | err = nfserrno(commit_metadata(ffhp)); |
1673 | if (!err) | |
1674 | err = nfserrno(commit_metadata(tfhp)); | |
1da177e4 | 1675 | } else { |
6264d69d | 1676 | if (host_err == -EXDEV && rqstp->rq_vers == 2) |
1da177e4 LT |
1677 | err = nfserr_acces; |
1678 | else | |
6264d69d | 1679 | err = nfserrno(host_err); |
1da177e4 | 1680 | } |
75c3f29d | 1681 | out_dput: |
1da177e4 | 1682 | dput(dnew); |
270d56e5 DR |
1683 | out_unlock: |
1684 | fh_unlock(ffhp); | |
4a55c101 | 1685 | fh_drop_write(tfhp); |
1da177e4 LT |
1686 | out: |
1687 | return err; | |
1688 | ||
1689 | out_nfserr: | |
6264d69d | 1690 | err = nfserrno(host_err); |
270d56e5 | 1691 | goto out_unlock; |
1da177e4 LT |
1692 | } |
1693 | ||
7775ec57 JL |
1694 | static void |
1695 | nfsd_close_cached_files(struct dentry *dentry) | |
1696 | { | |
1697 | struct inode *inode = d_inode(dentry); | |
1698 | ||
1699 | if (inode && S_ISREG(inode->i_mode)) | |
1700 | nfsd_file_close_inode_sync(inode); | |
1701 | } | |
1702 | ||
1703 | static bool | |
1704 | nfsd_has_cached_files(struct dentry *dentry) | |
1705 | { | |
1706 | bool ret = false; | |
1707 | struct inode *inode = d_inode(dentry); | |
1708 | ||
1709 | if (inode && S_ISREG(inode->i_mode)) | |
1710 | ret = nfsd_file_is_cached(inode); | |
1711 | return ret; | |
1712 | } | |
1713 | ||
1da177e4 LT |
1714 | /* |
1715 | * Rename a file | |
1716 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1717 | */ | |
6264d69d | 1718 | __be32 |
1da177e4 LT |
1719 | nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, |
1720 | struct svc_fh *tfhp, char *tname, int tlen) | |
1721 | { | |
1722 | struct dentry *fdentry, *tdentry, *odentry, *ndentry, *trap; | |
1723 | struct inode *fdir, *tdir; | |
6264d69d AV |
1724 | __be32 err; |
1725 | int host_err; | |
7f84b488 | 1726 | bool close_cached = false; |
1da177e4 | 1727 | |
8837abca | 1728 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_REMOVE); |
1da177e4 LT |
1729 | if (err) |
1730 | goto out; | |
8837abca | 1731 | err = fh_verify(rqstp, tfhp, S_IFDIR, NFSD_MAY_CREATE); |
1da177e4 LT |
1732 | if (err) |
1733 | goto out; | |
1734 | ||
1735 | fdentry = ffhp->fh_dentry; | |
2b0143b5 | 1736 | fdir = d_inode(fdentry); |
1da177e4 LT |
1737 | |
1738 | tdentry = tfhp->fh_dentry; | |
2b0143b5 | 1739 | tdir = d_inode(tdentry); |
1da177e4 | 1740 | |
1da177e4 LT |
1741 | err = nfserr_perm; |
1742 | if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen)) | |
1743 | goto out; | |
1744 | ||
7775ec57 | 1745 | retry: |
4a55c101 JK |
1746 | host_err = fh_want_write(ffhp); |
1747 | if (host_err) { | |
1748 | err = nfserrno(host_err); | |
1749 | goto out; | |
1750 | } | |
1751 | ||
1da177e4 LT |
1752 | /* cannot use fh_lock as we need deadlock protective ordering |
1753 | * so do it by hand */ | |
1754 | trap = lock_rename(tdentry, fdentry); | |
aaf91ec1 | 1755 | ffhp->fh_locked = tfhp->fh_locked = true; |
1da177e4 LT |
1756 | fill_pre_wcc(ffhp); |
1757 | fill_pre_wcc(tfhp); | |
1758 | ||
1759 | odentry = lookup_one_len(fname, fdentry, flen); | |
6264d69d | 1760 | host_err = PTR_ERR(odentry); |
1da177e4 LT |
1761 | if (IS_ERR(odentry)) |
1762 | goto out_nfserr; | |
1763 | ||
6264d69d | 1764 | host_err = -ENOENT; |
2b0143b5 | 1765 | if (d_really_is_negative(odentry)) |
1da177e4 | 1766 | goto out_dput_old; |
6264d69d | 1767 | host_err = -EINVAL; |
1da177e4 LT |
1768 | if (odentry == trap) |
1769 | goto out_dput_old; | |
1770 | ||
1771 | ndentry = lookup_one_len(tname, tdentry, tlen); | |
6264d69d | 1772 | host_err = PTR_ERR(ndentry); |
1da177e4 LT |
1773 | if (IS_ERR(ndentry)) |
1774 | goto out_dput_old; | |
6264d69d | 1775 | host_err = -ENOTEMPTY; |
1da177e4 LT |
1776 | if (ndentry == trap) |
1777 | goto out_dput_new; | |
1778 | ||
9079b1eb DH |
1779 | host_err = -EXDEV; |
1780 | if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt) | |
1781 | goto out_dput_new; | |
aa387d6c BF |
1782 | if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry) |
1783 | goto out_dput_new; | |
9079b1eb | 1784 | |
7f84b488 JL |
1785 | if ((ndentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) && |
1786 | nfsd_has_cached_files(ndentry)) { | |
1787 | close_cached = true; | |
7775ec57 JL |
1788 | goto out_dput_old; |
1789 | } else { | |
9fe61450 | 1790 | struct renamedata rd = { |
6521f891 | 1791 | .old_mnt_userns = &init_user_ns, |
9fe61450 CB |
1792 | .old_dir = fdir, |
1793 | .old_dentry = odentry, | |
6521f891 | 1794 | .new_mnt_userns = &init_user_ns, |
9fe61450 CB |
1795 | .new_dir = tdir, |
1796 | .new_dentry = ndentry, | |
1797 | }; | |
1798 | host_err = vfs_rename(&rd); | |
7775ec57 JL |
1799 | if (!host_err) { |
1800 | host_err = commit_metadata(tfhp); | |
1801 | if (!host_err) | |
1802 | host_err = commit_metadata(ffhp); | |
1803 | } | |
1da177e4 | 1804 | } |
1da177e4 LT |
1805 | out_dput_new: |
1806 | dput(ndentry); | |
1807 | out_dput_old: | |
1808 | dput(odentry); | |
1809 | out_nfserr: | |
6264d69d | 1810 | err = nfserrno(host_err); |
fbb74a34 BF |
1811 | /* |
1812 | * We cannot rely on fh_unlock on the two filehandles, | |
1da177e4 | 1813 | * as that would do the wrong thing if the two directories |
fbb74a34 | 1814 | * were the same, so again we do it by hand. |
1da177e4 | 1815 | */ |
7f84b488 | 1816 | if (!close_cached) { |
7775ec57 JL |
1817 | fill_post_wcc(ffhp); |
1818 | fill_post_wcc(tfhp); | |
1819 | } | |
1da177e4 | 1820 | unlock_rename(tdentry, fdentry); |
aaf91ec1 | 1821 | ffhp->fh_locked = tfhp->fh_locked = false; |
4a55c101 | 1822 | fh_drop_write(ffhp); |
1da177e4 | 1823 | |
7775ec57 JL |
1824 | /* |
1825 | * If the target dentry has cached open files, then we need to try to | |
1826 | * close them prior to doing the rename. Flushing delayed fput | |
1827 | * shouldn't be done with locks held however, so we delay it until this | |
1828 | * point and then reattempt the whole shebang. | |
1829 | */ | |
7f84b488 JL |
1830 | if (close_cached) { |
1831 | close_cached = false; | |
7775ec57 JL |
1832 | nfsd_close_cached_files(ndentry); |
1833 | dput(ndentry); | |
1834 | goto retry; | |
1835 | } | |
1da177e4 LT |
1836 | out: |
1837 | return err; | |
1838 | } | |
1839 | ||
1840 | /* | |
1841 | * Unlink a file or directory | |
1842 | * N.B. After this call fhp needs an fh_put | |
1843 | */ | |
6264d69d | 1844 | __be32 |
1da177e4 LT |
1845 | nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, |
1846 | char *fname, int flen) | |
1847 | { | |
1848 | struct dentry *dentry, *rdentry; | |
1849 | struct inode *dirp; | |
e5d74a2d | 1850 | struct inode *rinode; |
6264d69d AV |
1851 | __be32 err; |
1852 | int host_err; | |
1da177e4 LT |
1853 | |
1854 | err = nfserr_acces; | |
1855 | if (!flen || isdotent(fname, flen)) | |
1856 | goto out; | |
8837abca | 1857 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_REMOVE); |
1da177e4 LT |
1858 | if (err) |
1859 | goto out; | |
1860 | ||
4a55c101 JK |
1861 | host_err = fh_want_write(fhp); |
1862 | if (host_err) | |
1863 | goto out_nfserr; | |
1864 | ||
12fd3520 | 1865 | fh_lock_nested(fhp, I_MUTEX_PARENT); |
1da177e4 | 1866 | dentry = fhp->fh_dentry; |
2b0143b5 | 1867 | dirp = d_inode(dentry); |
1da177e4 LT |
1868 | |
1869 | rdentry = lookup_one_len(fname, dentry, flen); | |
6264d69d | 1870 | host_err = PTR_ERR(rdentry); |
1da177e4 | 1871 | if (IS_ERR(rdentry)) |
0ca0c9d7 | 1872 | goto out_drop_write; |
1da177e4 | 1873 | |
2b0143b5 | 1874 | if (d_really_is_negative(rdentry)) { |
1da177e4 | 1875 | dput(rdentry); |
0ca0c9d7 BF |
1876 | host_err = -ENOENT; |
1877 | goto out_drop_write; | |
1da177e4 | 1878 | } |
e5d74a2d YHH |
1879 | rinode = d_inode(rdentry); |
1880 | ihold(rinode); | |
1da177e4 LT |
1881 | |
1882 | if (!type) | |
2b0143b5 | 1883 | type = d_inode(rdentry)->i_mode & S_IFMT; |
1da177e4 | 1884 | |
7775ec57 | 1885 | if (type != S_IFDIR) { |
7f84b488 JL |
1886 | if (rdentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) |
1887 | nfsd_close_cached_files(rdentry); | |
6521f891 | 1888 | host_err = vfs_unlink(&init_user_ns, dirp, rdentry, NULL); |
7775ec57 | 1889 | } else { |
6521f891 | 1890 | host_err = vfs_rmdir(&init_user_ns, dirp, rdentry); |
7775ec57 JL |
1891 | } |
1892 | ||
eeeadbb9 | 1893 | fh_unlock(fhp); |
f501912a BM |
1894 | if (!host_err) |
1895 | host_err = commit_metadata(fhp); | |
541ce98c | 1896 | dput(rdentry); |
e5d74a2d | 1897 | iput(rinode); /* truncate the inode here */ |
541ce98c | 1898 | |
0ca0c9d7 BF |
1899 | out_drop_write: |
1900 | fh_drop_write(fhp); | |
1da177e4 | 1901 | out_nfserr: |
466e16f0 N |
1902 | if (host_err == -EBUSY) { |
1903 | /* name is mounted-on. There is no perfect | |
1904 | * error status. | |
1905 | */ | |
1906 | if (nfsd_v4client(rqstp)) | |
1907 | err = nfserr_file_open; | |
1908 | else | |
1909 | err = nfserr_acces; | |
1910 | } else { | |
1911 | err = nfserrno(host_err); | |
1912 | } | |
f193fbab YT |
1913 | out: |
1914 | return err; | |
1da177e4 LT |
1915 | } |
1916 | ||
14f7dd63 DW |
1917 | /* |
1918 | * We do this buffering because we must not call back into the file | |
1919 | * system's ->lookup() method from the filldir callback. That may well | |
1920 | * deadlock a number of file systems. | |
1921 | * | |
1922 | * This is based heavily on the implementation of same in XFS. | |
1923 | */ | |
1924 | struct buffered_dirent { | |
1925 | u64 ino; | |
1926 | loff_t offset; | |
1927 | int namlen; | |
1928 | unsigned int d_type; | |
1929 | char name[]; | |
1930 | }; | |
1931 | ||
1932 | struct readdir_data { | |
5c0ba4e0 | 1933 | struct dir_context ctx; |
14f7dd63 DW |
1934 | char *dirent; |
1935 | size_t used; | |
53c9c5c0 | 1936 | int full; |
14f7dd63 DW |
1937 | }; |
1938 | ||
ac7576f4 MS |
1939 | static int nfsd_buffered_filldir(struct dir_context *ctx, const char *name, |
1940 | int namlen, loff_t offset, u64 ino, | |
1941 | unsigned int d_type) | |
14f7dd63 | 1942 | { |
ac7576f4 MS |
1943 | struct readdir_data *buf = |
1944 | container_of(ctx, struct readdir_data, ctx); | |
14f7dd63 DW |
1945 | struct buffered_dirent *de = (void *)(buf->dirent + buf->used); |
1946 | unsigned int reclen; | |
1947 | ||
1948 | reclen = ALIGN(sizeof(struct buffered_dirent) + namlen, sizeof(u64)); | |
53c9c5c0 AV |
1949 | if (buf->used + reclen > PAGE_SIZE) { |
1950 | buf->full = 1; | |
14f7dd63 | 1951 | return -EINVAL; |
53c9c5c0 | 1952 | } |
14f7dd63 DW |
1953 | |
1954 | de->namlen = namlen; | |
1955 | de->offset = offset; | |
1956 | de->ino = ino; | |
1957 | de->d_type = d_type; | |
1958 | memcpy(de->name, name, namlen); | |
1959 | buf->used += reclen; | |
1960 | ||
1961 | return 0; | |
1962 | } | |
1963 | ||
6019ce07 CL |
1964 | static __be32 nfsd_buffered_readdir(struct file *file, struct svc_fh *fhp, |
1965 | nfsd_filldir_t func, struct readdir_cd *cdp, | |
1966 | loff_t *offsetp) | |
2628b766 | 1967 | { |
14f7dd63 | 1968 | struct buffered_dirent *de; |
2628b766 | 1969 | int host_err; |
14f7dd63 DW |
1970 | int size; |
1971 | loff_t offset; | |
ac6614b7 AV |
1972 | struct readdir_data buf = { |
1973 | .ctx.actor = nfsd_buffered_filldir, | |
1974 | .dirent = (void *)__get_free_page(GFP_KERNEL) | |
1975 | }; | |
2628b766 | 1976 | |
14f7dd63 | 1977 | if (!buf.dirent) |
2f9092e1 | 1978 | return nfserrno(-ENOMEM); |
14f7dd63 DW |
1979 | |
1980 | offset = *offsetp; | |
2628b766 | 1981 | |
14f7dd63 DW |
1982 | while (1) { |
1983 | unsigned int reclen; | |
1984 | ||
b726e923 | 1985 | cdp->err = nfserr_eof; /* will be cleared on successful read */ |
14f7dd63 | 1986 | buf.used = 0; |
53c9c5c0 | 1987 | buf.full = 0; |
14f7dd63 | 1988 | |
5c0ba4e0 | 1989 | host_err = iterate_dir(file, &buf.ctx); |
53c9c5c0 AV |
1990 | if (buf.full) |
1991 | host_err = 0; | |
1992 | ||
1993 | if (host_err < 0) | |
14f7dd63 DW |
1994 | break; |
1995 | ||
1996 | size = buf.used; | |
1997 | ||
1998 | if (!size) | |
1999 | break; | |
2000 | ||
14f7dd63 DW |
2001 | de = (struct buffered_dirent *)buf.dirent; |
2002 | while (size > 0) { | |
2003 | offset = de->offset; | |
2004 | ||
2005 | if (func(cdp, de->name, de->namlen, de->offset, | |
2006 | de->ino, de->d_type)) | |
2f9092e1 | 2007 | break; |
14f7dd63 DW |
2008 | |
2009 | if (cdp->err != nfs_ok) | |
2f9092e1 | 2010 | break; |
14f7dd63 | 2011 | |
6019ce07 CL |
2012 | trace_nfsd_dirent(fhp, de->ino, de->name, de->namlen); |
2013 | ||
14f7dd63 DW |
2014 | reclen = ALIGN(sizeof(*de) + de->namlen, |
2015 | sizeof(u64)); | |
2016 | size -= reclen; | |
2017 | de = (struct buffered_dirent *)((char *)de + reclen); | |
2018 | } | |
2f9092e1 DW |
2019 | if (size > 0) /* We bailed out early */ |
2020 | break; | |
2021 | ||
c002a6c7 | 2022 | offset = vfs_llseek(file, 0, SEEK_CUR); |
14f7dd63 DW |
2023 | } |
2024 | ||
14f7dd63 | 2025 | free_page((unsigned long)(buf.dirent)); |
2628b766 DW |
2026 | |
2027 | if (host_err) | |
2028 | return nfserrno(host_err); | |
14f7dd63 DW |
2029 | |
2030 | *offsetp = offset; | |
2031 | return cdp->err; | |
2628b766 DW |
2032 | } |
2033 | ||
1da177e4 LT |
2034 | /* |
2035 | * Read entries from a directory. | |
2036 | * The NFSv3/4 verifier we ignore for now. | |
2037 | */ | |
6264d69d | 2038 | __be32 |
1da177e4 | 2039 | nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp, |
ac7576f4 | 2040 | struct readdir_cd *cdp, nfsd_filldir_t func) |
1da177e4 | 2041 | { |
6264d69d | 2042 | __be32 err; |
1da177e4 LT |
2043 | struct file *file; |
2044 | loff_t offset = *offsetp; | |
06effdbb BS |
2045 | int may_flags = NFSD_MAY_READ; |
2046 | ||
2047 | /* NFSv2 only supports 32 bit cookies */ | |
2048 | if (rqstp->rq_vers > 2) | |
2049 | may_flags |= NFSD_MAY_64BIT_COOKIE; | |
1da177e4 | 2050 | |
06effdbb | 2051 | err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file); |
1da177e4 LT |
2052 | if (err) |
2053 | goto out; | |
2054 | ||
b108fe6b | 2055 | offset = vfs_llseek(file, offset, SEEK_SET); |
1da177e4 LT |
2056 | if (offset < 0) { |
2057 | err = nfserrno((int)offset); | |
2058 | goto out_close; | |
2059 | } | |
2060 | ||
6019ce07 | 2061 | err = nfsd_buffered_readdir(file, fhp, func, cdp, offsetp); |
1da177e4 LT |
2062 | |
2063 | if (err == nfserr_eof || err == nfserr_toosmall) | |
2064 | err = nfs_ok; /* can still be found in ->err */ | |
2065 | out_close: | |
fd891454 | 2066 | fput(file); |
1da177e4 LT |
2067 | out: |
2068 | return err; | |
2069 | } | |
2070 | ||
2071 | /* | |
2072 | * Get file system stats | |
2073 | * N.B. After this call fhp needs an fh_put | |
2074 | */ | |
6264d69d | 2075 | __be32 |
04716e66 | 2076 | nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access) |
1da177e4 | 2077 | { |
ebabe9a9 CH |
2078 | __be32 err; |
2079 | ||
2080 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access); | |
f6360efb TI |
2081 | if (!err) { |
2082 | struct path path = { | |
2083 | .mnt = fhp->fh_export->ex_path.mnt, | |
2084 | .dentry = fhp->fh_dentry, | |
2085 | }; | |
2086 | if (vfs_statfs(&path, stat)) | |
2087 | err = nfserr_io; | |
2088 | } | |
1da177e4 LT |
2089 | return err; |
2090 | } | |
2091 | ||
c7d51402 | 2092 | static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp) |
e22841c6 | 2093 | { |
c7d51402 | 2094 | return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY; |
e22841c6 BF |
2095 | } |
2096 | ||
32119446 FL |
2097 | #ifdef CONFIG_NFSD_V4 |
2098 | /* | |
2099 | * Helper function to translate error numbers. In the case of xattr operations, | |
2100 | * some error codes need to be translated outside of the standard translations. | |
2101 | * | |
2102 | * ENODATA needs to be translated to nfserr_noxattr. | |
2103 | * E2BIG to nfserr_xattr2big. | |
2104 | * | |
2105 | * Additionally, vfs_listxattr can return -ERANGE. This means that the | |
2106 | * file has too many extended attributes to retrieve inside an | |
2107 | * XATTR_LIST_MAX sized buffer. This is a bug in the xattr implementation: | |
2108 | * filesystems will allow the adding of extended attributes until they hit | |
2109 | * their own internal limit. This limit may be larger than XATTR_LIST_MAX. | |
2110 | * So, at that point, the attributes are present and valid, but can't | |
2111 | * be retrieved using listxattr, since the upper level xattr code enforces | |
2112 | * the XATTR_LIST_MAX limit. | |
2113 | * | |
2114 | * This bug means that we need to deal with listxattr returning -ERANGE. The | |
2115 | * best mapping is to return TOOSMALL. | |
2116 | */ | |
2117 | static __be32 | |
2118 | nfsd_xattr_errno(int err) | |
2119 | { | |
2120 | switch (err) { | |
2121 | case -ENODATA: | |
2122 | return nfserr_noxattr; | |
2123 | case -E2BIG: | |
2124 | return nfserr_xattr2big; | |
2125 | case -ERANGE: | |
2126 | return nfserr_toosmall; | |
2127 | } | |
2128 | return nfserrno(err); | |
2129 | } | |
2130 | ||
2131 | /* | |
2132 | * Retrieve the specified user extended attribute. To avoid always | |
2133 | * having to allocate the maximum size (since we are not getting | |
2134 | * a maximum size from the RPC), do a probe + alloc. Hold a reader | |
2135 | * lock on i_rwsem to prevent the extended attribute from changing | |
2136 | * size while we're doing this. | |
2137 | */ | |
2138 | __be32 | |
2139 | nfsd_getxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name, | |
2140 | void **bufp, int *lenp) | |
2141 | { | |
2142 | ssize_t len; | |
2143 | __be32 err; | |
2144 | char *buf; | |
2145 | struct inode *inode; | |
2146 | struct dentry *dentry; | |
2147 | ||
2148 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ); | |
2149 | if (err) | |
2150 | return err; | |
2151 | ||
2152 | err = nfs_ok; | |
2153 | dentry = fhp->fh_dentry; | |
2154 | inode = d_inode(dentry); | |
2155 | ||
2156 | inode_lock_shared(inode); | |
2157 | ||
c7c7a1a1 | 2158 | len = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0); |
32119446 FL |
2159 | |
2160 | /* | |
2161 | * Zero-length attribute, just return. | |
2162 | */ | |
2163 | if (len == 0) { | |
2164 | *bufp = NULL; | |
2165 | *lenp = 0; | |
2166 | goto out; | |
2167 | } | |
2168 | ||
2169 | if (len < 0) { | |
2170 | err = nfsd_xattr_errno(len); | |
2171 | goto out; | |
2172 | } | |
2173 | ||
2174 | if (len > *lenp) { | |
2175 | err = nfserr_toosmall; | |
2176 | goto out; | |
2177 | } | |
2178 | ||
2179 | buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS); | |
2180 | if (buf == NULL) { | |
2181 | err = nfserr_jukebox; | |
2182 | goto out; | |
2183 | } | |
2184 | ||
c7c7a1a1 | 2185 | len = vfs_getxattr(&init_user_ns, dentry, name, buf, len); |
32119446 FL |
2186 | if (len <= 0) { |
2187 | kvfree(buf); | |
2188 | buf = NULL; | |
2189 | err = nfsd_xattr_errno(len); | |
2190 | } | |
2191 | ||
2192 | *lenp = len; | |
2193 | *bufp = buf; | |
2194 | ||
2195 | out: | |
2196 | inode_unlock_shared(inode); | |
2197 | ||
2198 | return err; | |
2199 | } | |
2200 | ||
2201 | /* | |
2202 | * Retrieve the xattr names. Since we can't know how many are | |
2203 | * user extended attributes, we must get all attributes here, | |
2204 | * and have the XDR encode filter out the "user." ones. | |
2205 | * | |
2206 | * While this could always just allocate an XATTR_LIST_MAX | |
2207 | * buffer, that's a waste, so do a probe + allocate. To | |
2208 | * avoid any changes between the probe and allocate, wrap | |
2209 | * this in inode_lock. | |
2210 | */ | |
2211 | __be32 | |
2212 | nfsd_listxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char **bufp, | |
2213 | int *lenp) | |
2214 | { | |
2215 | ssize_t len; | |
2216 | __be32 err; | |
2217 | char *buf; | |
2218 | struct inode *inode; | |
2219 | struct dentry *dentry; | |
2220 | ||
2221 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ); | |
2222 | if (err) | |
2223 | return err; | |
2224 | ||
2225 | dentry = fhp->fh_dentry; | |
2226 | inode = d_inode(dentry); | |
2227 | *lenp = 0; | |
2228 | ||
2229 | inode_lock_shared(inode); | |
2230 | ||
2231 | len = vfs_listxattr(dentry, NULL, 0); | |
2232 | if (len <= 0) { | |
2233 | err = nfsd_xattr_errno(len); | |
2234 | goto out; | |
2235 | } | |
2236 | ||
2237 | if (len > XATTR_LIST_MAX) { | |
2238 | err = nfserr_xattr2big; | |
2239 | goto out; | |
2240 | } | |
2241 | ||
2242 | /* | |
2243 | * We're holding i_rwsem - use GFP_NOFS. | |
2244 | */ | |
2245 | buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS); | |
2246 | if (buf == NULL) { | |
2247 | err = nfserr_jukebox; | |
2248 | goto out; | |
2249 | } | |
2250 | ||
2251 | len = vfs_listxattr(dentry, buf, len); | |
2252 | if (len <= 0) { | |
2253 | kvfree(buf); | |
2254 | err = nfsd_xattr_errno(len); | |
2255 | goto out; | |
2256 | } | |
2257 | ||
2258 | *lenp = len; | |
2259 | *bufp = buf; | |
2260 | ||
2261 | err = nfs_ok; | |
2262 | out: | |
2263 | inode_unlock_shared(inode); | |
2264 | ||
2265 | return err; | |
2266 | } | |
2267 | ||
2268 | /* | |
2269 | * Removexattr and setxattr need to call fh_lock to both lock the inode | |
2270 | * and set the change attribute. Since the top-level vfs_removexattr | |
2271 | * and vfs_setxattr calls already do their own inode_lock calls, call | |
2272 | * the _locked variant. Pass in a NULL pointer for delegated_inode, | |
2273 | * and let the client deal with NFS4ERR_DELAY (same as with e.g. | |
2274 | * setattr and remove). | |
2275 | */ | |
2276 | __be32 | |
2277 | nfsd_removexattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name) | |
2278 | { | |
8237284a CL |
2279 | __be32 err; |
2280 | int ret; | |
32119446 FL |
2281 | |
2282 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE); | |
2283 | if (err) | |
2284 | return err; | |
2285 | ||
2286 | ret = fh_want_write(fhp); | |
2287 | if (ret) | |
2288 | return nfserrno(ret); | |
2289 | ||
2290 | fh_lock(fhp); | |
2291 | ||
c7c7a1a1 TA |
2292 | ret = __vfs_removexattr_locked(&init_user_ns, fhp->fh_dentry, |
2293 | name, NULL); | |
32119446 FL |
2294 | |
2295 | fh_unlock(fhp); | |
2296 | fh_drop_write(fhp); | |
2297 | ||
2298 | return nfsd_xattr_errno(ret); | |
2299 | } | |
2300 | ||
2301 | __be32 | |
2302 | nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name, | |
2303 | void *buf, u32 len, u32 flags) | |
2304 | { | |
8237284a CL |
2305 | __be32 err; |
2306 | int ret; | |
32119446 FL |
2307 | |
2308 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE); | |
2309 | if (err) | |
2310 | return err; | |
2311 | ||
2312 | ret = fh_want_write(fhp); | |
2313 | if (ret) | |
2314 | return nfserrno(ret); | |
2315 | fh_lock(fhp); | |
2316 | ||
c7c7a1a1 TA |
2317 | ret = __vfs_setxattr_locked(&init_user_ns, fhp->fh_dentry, name, buf, |
2318 | len, flags, NULL); | |
32119446 FL |
2319 | |
2320 | fh_unlock(fhp); | |
2321 | fh_drop_write(fhp); | |
2322 | ||
2323 | return nfsd_xattr_errno(ret); | |
2324 | } | |
2325 | #endif | |
2326 | ||
1da177e4 LT |
2327 | /* |
2328 | * Check for a user's access permissions to this inode. | |
2329 | */ | |
6264d69d | 2330 | __be32 |
0ec757df BF |
2331 | nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, |
2332 | struct dentry *dentry, int acc) | |
1da177e4 | 2333 | { |
2b0143b5 | 2334 | struct inode *inode = d_inode(dentry); |
1da177e4 LT |
2335 | int err; |
2336 | ||
aea93397 | 2337 | if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP) |
1da177e4 LT |
2338 | return 0; |
2339 | #if 0 | |
2340 | dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n", | |
2341 | acc, | |
8837abca MS |
2342 | (acc & NFSD_MAY_READ)? " read" : "", |
2343 | (acc & NFSD_MAY_WRITE)? " write" : "", | |
2344 | (acc & NFSD_MAY_EXEC)? " exec" : "", | |
2345 | (acc & NFSD_MAY_SATTR)? " sattr" : "", | |
2346 | (acc & NFSD_MAY_TRUNC)? " trunc" : "", | |
2347 | (acc & NFSD_MAY_LOCK)? " lock" : "", | |
2348 | (acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "", | |
1da177e4 LT |
2349 | inode->i_mode, |
2350 | IS_IMMUTABLE(inode)? " immut" : "", | |
2351 | IS_APPEND(inode)? " append" : "", | |
2c463e95 | 2352 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); |
1da177e4 | 2353 | dprintk(" owner %d/%d user %d/%d\n", |
5cc0a840 | 2354 | inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid()); |
1da177e4 LT |
2355 | #endif |
2356 | ||
2357 | /* Normally we reject any write/sattr etc access on a read-only file | |
2358 | * system. But if it is IRIX doing check on write-access for a | |
2359 | * device special file, we ignore rofs. | |
2360 | */ | |
8837abca MS |
2361 | if (!(acc & NFSD_MAY_LOCAL_ACCESS)) |
2362 | if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) { | |
2c463e95 DH |
2363 | if (exp_rdonly(rqstp, exp) || |
2364 | __mnt_is_readonly(exp->ex_path.mnt)) | |
1da177e4 | 2365 | return nfserr_rofs; |
8837abca | 2366 | if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode)) |
1da177e4 LT |
2367 | return nfserr_perm; |
2368 | } | |
8837abca | 2369 | if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode)) |
1da177e4 LT |
2370 | return nfserr_perm; |
2371 | ||
8837abca | 2372 | if (acc & NFSD_MAY_LOCK) { |
1da177e4 LT |
2373 | /* If we cannot rely on authentication in NLM requests, |
2374 | * just allow locks, otherwise require read permission, or | |
2375 | * ownership | |
2376 | */ | |
2377 | if (exp->ex_flags & NFSEXP_NOAUTHNLM) | |
2378 | return 0; | |
2379 | else | |
8837abca | 2380 | acc = NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE; |
1da177e4 LT |
2381 | } |
2382 | /* | |
2383 | * The file owner always gets access permission for accesses that | |
2384 | * would normally be checked at open time. This is to make | |
2385 | * file access work even when the client has done a fchmod(fd, 0). | |
2386 | * | |
2387 | * However, `cp foo bar' should fail nevertheless when bar is | |
2388 | * readonly. A sensible way to do this might be to reject all | |
2389 | * attempts to truncate a read-only file, because a creat() call | |
2390 | * always implies file truncation. | |
2391 | * ... but this isn't really fair. A process may reasonably call | |
2392 | * ftruncate on an open file descriptor on a file with perm 000. | |
2393 | * We must trust the client to do permission checking - using "ACCESS" | |
2394 | * with NFSv3. | |
2395 | */ | |
8837abca | 2396 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && |
6fab8779 | 2397 | uid_eq(inode->i_uid, current_fsuid())) |
1da177e4 LT |
2398 | return 0; |
2399 | ||
8837abca | 2400 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ |
47291baa CB |
2401 | err = inode_permission(&init_user_ns, inode, |
2402 | acc & (MAY_READ | MAY_WRITE | MAY_EXEC)); | |
1da177e4 LT |
2403 | |
2404 | /* Allow read access to binaries even when mode 111 */ | |
2405 | if (err == -EACCES && S_ISREG(inode->i_mode) && | |
a043226b BF |
2406 | (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) || |
2407 | acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC))) | |
47291baa | 2408 | err = inode_permission(&init_user_ns, inode, MAY_EXEC); |
1da177e4 LT |
2409 | |
2410 | return err? nfserrno(err) : 0; | |
2411 | } |