]>
Commit | Line | Data |
---|---|---|
1 | // SPDX-License-Identifier: GPL-2.0 | |
2 | /* | |
3 | * File operations used by nfsd. Some of these have been ripped from | |
4 | * other parts of the kernel because they weren't exported, others | |
5 | * are partial duplicates with added or changed functionality. | |
6 | * | |
7 | * Note that several functions dget() the dentry upon which they want | |
8 | * to act, most notably those that create directory entries. Response | |
9 | * dentry's are dput()'d if necessary in the release callback. | |
10 | * So if you notice code paths that apparently fail to dput() the | |
11 | * dentry, don't worry--they have been taken care of. | |
12 | * | |
13 | * Copyright (C) 1995-1999 Olaf Kirch <okir@monad.swb.de> | |
14 | * Zerocpy NFS support (C) 2002 Hirokazu Takahashi <taka@valinux.co.jp> | |
15 | */ | |
16 | ||
17 | #include <linux/fs.h> | |
18 | #include <linux/file.h> | |
19 | #include <linux/splice.h> | |
20 | #include <linux/falloc.h> | |
21 | #include <linux/fcntl.h> | |
22 | #include <linux/namei.h> | |
23 | #include <linux/delay.h> | |
24 | #include <linux/fsnotify.h> | |
25 | #include <linux/posix_acl_xattr.h> | |
26 | #include <linux/xattr.h> | |
27 | #include <linux/jhash.h> | |
28 | #include <linux/ima.h> | |
29 | #include <linux/slab.h> | |
30 | #include <linux/uaccess.h> | |
31 | #include <linux/exportfs.h> | |
32 | #include <linux/writeback.h> | |
33 | #include <linux/security.h> | |
34 | ||
35 | #ifdef CONFIG_NFSD_V3 | |
36 | #include "xdr3.h" | |
37 | #endif /* CONFIG_NFSD_V3 */ | |
38 | ||
39 | #ifdef CONFIG_NFSD_V4 | |
40 | #include "../internal.h" | |
41 | #include "acl.h" | |
42 | #include "idmap.h" | |
43 | #endif /* CONFIG_NFSD_V4 */ | |
44 | ||
45 | #include "nfsd.h" | |
46 | #include "vfs.h" | |
47 | #include "filecache.h" | |
48 | #include "trace.h" | |
49 | ||
50 | #define NFSDDBG_FACILITY NFSDDBG_FILEOP | |
51 | ||
52 | /* | |
53 | * Called from nfsd_lookup and encode_dirent. Check if we have crossed | |
54 | * a mount point. | |
55 | * Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged, | |
56 | * or nfs_ok having possibly changed *dpp and *expp | |
57 | */ | |
58 | int | |
59 | nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp, | |
60 | struct svc_export **expp) | |
61 | { | |
62 | struct svc_export *exp = *expp, *exp2 = NULL; | |
63 | struct dentry *dentry = *dpp; | |
64 | struct path path = {.mnt = mntget(exp->ex_path.mnt), | |
65 | .dentry = dget(dentry)}; | |
66 | int err = 0; | |
67 | ||
68 | err = follow_down(&path); | |
69 | if (err < 0) | |
70 | goto out; | |
71 | if (path.mnt == exp->ex_path.mnt && path.dentry == dentry && | |
72 | nfsd_mountpoint(dentry, exp) == 2) { | |
73 | /* This is only a mountpoint in some other namespace */ | |
74 | path_put(&path); | |
75 | goto out; | |
76 | } | |
77 | ||
78 | exp2 = rqst_exp_get_by_name(rqstp, &path); | |
79 | if (IS_ERR(exp2)) { | |
80 | err = PTR_ERR(exp2); | |
81 | /* | |
82 | * We normally allow NFS clients to continue | |
83 | * "underneath" a mountpoint that is not exported. | |
84 | * The exception is V4ROOT, where no traversal is ever | |
85 | * allowed without an explicit export of the new | |
86 | * directory. | |
87 | */ | |
88 | if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT)) | |
89 | err = 0; | |
90 | path_put(&path); | |
91 | goto out; | |
92 | } | |
93 | if (nfsd_v4client(rqstp) || | |
94 | (exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) { | |
95 | /* successfully crossed mount point */ | |
96 | /* | |
97 | * This is subtle: path.dentry is *not* on path.mnt | |
98 | * at this point. The only reason we are safe is that | |
99 | * original mnt is pinned down by exp, so we should | |
100 | * put path *before* putting exp | |
101 | */ | |
102 | *dpp = path.dentry; | |
103 | path.dentry = dentry; | |
104 | *expp = exp2; | |
105 | exp2 = exp; | |
106 | } | |
107 | path_put(&path); | |
108 | exp_put(exp2); | |
109 | out: | |
110 | return err; | |
111 | } | |
112 | ||
113 | static void follow_to_parent(struct path *path) | |
114 | { | |
115 | struct dentry *dp; | |
116 | ||
117 | while (path->dentry == path->mnt->mnt_root && follow_up(path)) | |
118 | ; | |
119 | dp = dget_parent(path->dentry); | |
120 | dput(path->dentry); | |
121 | path->dentry = dp; | |
122 | } | |
123 | ||
124 | static int nfsd_lookup_parent(struct svc_rqst *rqstp, struct dentry *dparent, struct svc_export **exp, struct dentry **dentryp) | |
125 | { | |
126 | struct svc_export *exp2; | |
127 | struct path path = {.mnt = mntget((*exp)->ex_path.mnt), | |
128 | .dentry = dget(dparent)}; | |
129 | ||
130 | follow_to_parent(&path); | |
131 | ||
132 | exp2 = rqst_exp_parent(rqstp, &path); | |
133 | if (PTR_ERR(exp2) == -ENOENT) { | |
134 | *dentryp = dget(dparent); | |
135 | } else if (IS_ERR(exp2)) { | |
136 | path_put(&path); | |
137 | return PTR_ERR(exp2); | |
138 | } else { | |
139 | *dentryp = dget(path.dentry); | |
140 | exp_put(*exp); | |
141 | *exp = exp2; | |
142 | } | |
143 | path_put(&path); | |
144 | return 0; | |
145 | } | |
146 | ||
147 | /* | |
148 | * For nfsd purposes, we treat V4ROOT exports as though there was an | |
149 | * export at *every* directory. | |
150 | * We return: | |
151 | * '1' if this dentry *must* be an export point, | |
152 | * '2' if it might be, if there is really a mount here, and | |
153 | * '0' if there is no chance of an export point here. | |
154 | */ | |
155 | int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp) | |
156 | { | |
157 | if (!d_inode(dentry)) | |
158 | return 0; | |
159 | if (exp->ex_flags & NFSEXP_V4ROOT) | |
160 | return 1; | |
161 | if (nfsd4_is_junction(dentry)) | |
162 | return 1; | |
163 | if (d_mountpoint(dentry)) | |
164 | /* | |
165 | * Might only be a mountpoint in a different namespace, | |
166 | * but we need to check. | |
167 | */ | |
168 | return 2; | |
169 | return 0; | |
170 | } | |
171 | ||
172 | __be32 | |
173 | nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
174 | const char *name, unsigned int len, | |
175 | struct svc_export **exp_ret, struct dentry **dentry_ret) | |
176 | { | |
177 | struct svc_export *exp; | |
178 | struct dentry *dparent; | |
179 | struct dentry *dentry; | |
180 | int host_err; | |
181 | ||
182 | dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name); | |
183 | ||
184 | dparent = fhp->fh_dentry; | |
185 | exp = exp_get(fhp->fh_export); | |
186 | ||
187 | /* Lookup the name, but don't follow links */ | |
188 | if (isdotent(name, len)) { | |
189 | if (len==1) | |
190 | dentry = dget(dparent); | |
191 | else if (dparent != exp->ex_path.dentry) | |
192 | dentry = dget_parent(dparent); | |
193 | else if (!EX_NOHIDE(exp) && !nfsd_v4client(rqstp)) | |
194 | dentry = dget(dparent); /* .. == . just like at / */ | |
195 | else { | |
196 | /* checking mountpoint crossing is very different when stepping up */ | |
197 | host_err = nfsd_lookup_parent(rqstp, dparent, &exp, &dentry); | |
198 | if (host_err) | |
199 | goto out_nfserr; | |
200 | } | |
201 | } else { | |
202 | /* | |
203 | * In the nfsd4_open() case, this may be held across | |
204 | * subsequent open and delegation acquisition which may | |
205 | * need to take the child's i_mutex: | |
206 | */ | |
207 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
208 | dentry = lookup_one_len(name, dparent, len); | |
209 | host_err = PTR_ERR(dentry); | |
210 | if (IS_ERR(dentry)) | |
211 | goto out_nfserr; | |
212 | if (nfsd_mountpoint(dentry, exp)) { | |
213 | /* | |
214 | * We don't need the i_mutex after all. It's | |
215 | * still possible we could open this (regular | |
216 | * files can be mountpoints too), but the | |
217 | * i_mutex is just there to prevent renames of | |
218 | * something that we might be about to delegate, | |
219 | * and a mountpoint won't be renamed: | |
220 | */ | |
221 | fh_unlock(fhp); | |
222 | if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) { | |
223 | dput(dentry); | |
224 | goto out_nfserr; | |
225 | } | |
226 | } | |
227 | } | |
228 | *dentry_ret = dentry; | |
229 | *exp_ret = exp; | |
230 | return 0; | |
231 | ||
232 | out_nfserr: | |
233 | exp_put(exp); | |
234 | return nfserrno(host_err); | |
235 | } | |
236 | ||
237 | /* | |
238 | * Look up one component of a pathname. | |
239 | * N.B. After this call _both_ fhp and resfh need an fh_put | |
240 | * | |
241 | * If the lookup would cross a mountpoint, and the mounted filesystem | |
242 | * is exported to the client with NFSEXP_NOHIDE, then the lookup is | |
243 | * accepted as it stands and the mounted directory is | |
244 | * returned. Otherwise the covered directory is returned. | |
245 | * NOTE: this mountpoint crossing is not supported properly by all | |
246 | * clients and is explicitly disallowed for NFSv3 | |
247 | * NeilBrown <neilb@cse.unsw.edu.au> | |
248 | */ | |
249 | __be32 | |
250 | nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name, | |
251 | unsigned int len, struct svc_fh *resfh) | |
252 | { | |
253 | struct svc_export *exp; | |
254 | struct dentry *dentry; | |
255 | __be32 err; | |
256 | ||
257 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); | |
258 | if (err) | |
259 | return err; | |
260 | err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry); | |
261 | if (err) | |
262 | return err; | |
263 | err = check_nfsd_access(exp, rqstp); | |
264 | if (err) | |
265 | goto out; | |
266 | /* | |
267 | * Note: we compose the file handle now, but as the | |
268 | * dentry may be negative, it may need to be updated. | |
269 | */ | |
270 | err = fh_compose(resfh, exp, dentry, fhp); | |
271 | if (!err && d_really_is_negative(dentry)) | |
272 | err = nfserr_noent; | |
273 | out: | |
274 | dput(dentry); | |
275 | exp_put(exp); | |
276 | return err; | |
277 | } | |
278 | ||
279 | /* | |
280 | * Commit metadata changes to stable storage. | |
281 | */ | |
282 | static int | |
283 | commit_inode_metadata(struct inode *inode) | |
284 | { | |
285 | const struct export_operations *export_ops = inode->i_sb->s_export_op; | |
286 | ||
287 | if (export_ops->commit_metadata) | |
288 | return export_ops->commit_metadata(inode); | |
289 | return sync_inode_metadata(inode, 1); | |
290 | } | |
291 | ||
292 | static int | |
293 | commit_metadata(struct svc_fh *fhp) | |
294 | { | |
295 | struct inode *inode = d_inode(fhp->fh_dentry); | |
296 | ||
297 | if (!EX_ISSYNC(fhp->fh_export)) | |
298 | return 0; | |
299 | return commit_inode_metadata(inode); | |
300 | } | |
301 | ||
302 | /* | |
303 | * Go over the attributes and take care of the small differences between | |
304 | * NFS semantics and what Linux expects. | |
305 | */ | |
306 | static void | |
307 | nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) | |
308 | { | |
309 | /* sanitize the mode change */ | |
310 | if (iap->ia_valid & ATTR_MODE) { | |
311 | iap->ia_mode &= S_IALLUGO; | |
312 | iap->ia_mode |= (inode->i_mode & ~S_IALLUGO); | |
313 | } | |
314 | ||
315 | /* Revoke setuid/setgid on chown */ | |
316 | if (!S_ISDIR(inode->i_mode) && | |
317 | ((iap->ia_valid & ATTR_UID) || (iap->ia_valid & ATTR_GID))) { | |
318 | iap->ia_valid |= ATTR_KILL_PRIV; | |
319 | if (iap->ia_valid & ATTR_MODE) { | |
320 | /* we're setting mode too, just clear the s*id bits */ | |
321 | iap->ia_mode &= ~S_ISUID; | |
322 | if (iap->ia_mode & S_IXGRP) | |
323 | iap->ia_mode &= ~S_ISGID; | |
324 | } else { | |
325 | /* set ATTR_KILL_* bits and let VFS handle it */ | |
326 | iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
331 | static __be32 | |
332 | nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
333 | struct iattr *iap) | |
334 | { | |
335 | struct inode *inode = d_inode(fhp->fh_dentry); | |
336 | int host_err; | |
337 | ||
338 | if (iap->ia_size < inode->i_size) { | |
339 | __be32 err; | |
340 | ||
341 | err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, | |
342 | NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); | |
343 | if (err) | |
344 | return err; | |
345 | } | |
346 | ||
347 | host_err = get_write_access(inode); | |
348 | if (host_err) | |
349 | goto out_nfserrno; | |
350 | ||
351 | host_err = locks_verify_truncate(inode, NULL, iap->ia_size); | |
352 | if (host_err) | |
353 | goto out_put_write_access; | |
354 | return 0; | |
355 | ||
356 | out_put_write_access: | |
357 | put_write_access(inode); | |
358 | out_nfserrno: | |
359 | return nfserrno(host_err); | |
360 | } | |
361 | ||
362 | /* | |
363 | * Set various file attributes. After this call fhp needs an fh_put. | |
364 | */ | |
365 | __be32 | |
366 | nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, | |
367 | int check_guard, time64_t guardtime) | |
368 | { | |
369 | struct dentry *dentry; | |
370 | struct inode *inode; | |
371 | int accmode = NFSD_MAY_SATTR; | |
372 | umode_t ftype = 0; | |
373 | __be32 err; | |
374 | int host_err; | |
375 | bool get_write_count; | |
376 | bool size_change = (iap->ia_valid & ATTR_SIZE); | |
377 | ||
378 | if (iap->ia_valid & ATTR_SIZE) { | |
379 | accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; | |
380 | ftype = S_IFREG; | |
381 | } | |
382 | ||
383 | /* | |
384 | * If utimes(2) and friends are called with times not NULL, we should | |
385 | * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission | |
386 | * will return EACCES, when the caller's effective UID does not match | |
387 | * the owner of the file, and the caller is not privileged. In this | |
388 | * situation, we should return EPERM(notify_change will return this). | |
389 | */ | |
390 | if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) { | |
391 | accmode |= NFSD_MAY_OWNER_OVERRIDE; | |
392 | if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET))) | |
393 | accmode |= NFSD_MAY_WRITE; | |
394 | } | |
395 | ||
396 | /* Callers that do fh_verify should do the fh_want_write: */ | |
397 | get_write_count = !fhp->fh_dentry; | |
398 | ||
399 | /* Get inode */ | |
400 | err = fh_verify(rqstp, fhp, ftype, accmode); | |
401 | if (err) | |
402 | return err; | |
403 | if (get_write_count) { | |
404 | host_err = fh_want_write(fhp); | |
405 | if (host_err) | |
406 | goto out; | |
407 | } | |
408 | ||
409 | dentry = fhp->fh_dentry; | |
410 | inode = d_inode(dentry); | |
411 | ||
412 | /* Ignore any mode updates on symlinks */ | |
413 | if (S_ISLNK(inode->i_mode)) | |
414 | iap->ia_valid &= ~ATTR_MODE; | |
415 | ||
416 | if (!iap->ia_valid) | |
417 | return 0; | |
418 | ||
419 | nfsd_sanitize_attrs(inode, iap); | |
420 | ||
421 | if (check_guard && guardtime != inode->i_ctime.tv_sec) | |
422 | return nfserr_notsync; | |
423 | ||
424 | /* | |
425 | * The size case is special, it changes the file in addition to the | |
426 | * attributes, and file systems don't expect it to be mixed with | |
427 | * "random" attribute changes. We thus split out the size change | |
428 | * into a separate call to ->setattr, and do the rest as a separate | |
429 | * setattr call. | |
430 | */ | |
431 | if (size_change) { | |
432 | err = nfsd_get_write_access(rqstp, fhp, iap); | |
433 | if (err) | |
434 | return err; | |
435 | } | |
436 | ||
437 | fh_lock(fhp); | |
438 | if (size_change) { | |
439 | /* | |
440 | * RFC5661, Section 18.30.4: | |
441 | * Changing the size of a file with SETATTR indirectly | |
442 | * changes the time_modify and change attributes. | |
443 | * | |
444 | * (and similar for the older RFCs) | |
445 | */ | |
446 | struct iattr size_attr = { | |
447 | .ia_valid = ATTR_SIZE | ATTR_CTIME | ATTR_MTIME, | |
448 | .ia_size = iap->ia_size, | |
449 | }; | |
450 | ||
451 | host_err = notify_change(dentry, &size_attr, NULL); | |
452 | if (host_err) | |
453 | goto out_unlock; | |
454 | iap->ia_valid &= ~ATTR_SIZE; | |
455 | ||
456 | /* | |
457 | * Avoid the additional setattr call below if the only other | |
458 | * attribute that the client sends is the mtime, as we update | |
459 | * it as part of the size change above. | |
460 | */ | |
461 | if ((iap->ia_valid & ~ATTR_MTIME) == 0) | |
462 | goto out_unlock; | |
463 | } | |
464 | ||
465 | iap->ia_valid |= ATTR_CTIME; | |
466 | host_err = notify_change(dentry, iap, NULL); | |
467 | ||
468 | out_unlock: | |
469 | fh_unlock(fhp); | |
470 | if (size_change) | |
471 | put_write_access(inode); | |
472 | out: | |
473 | if (!host_err) | |
474 | host_err = commit_metadata(fhp); | |
475 | return nfserrno(host_err); | |
476 | } | |
477 | ||
478 | #if defined(CONFIG_NFSD_V4) | |
479 | /* | |
480 | * NFS junction information is stored in an extended attribute. | |
481 | */ | |
482 | #define NFSD_JUNCTION_XATTR_NAME XATTR_TRUSTED_PREFIX "junction.nfs" | |
483 | ||
484 | /** | |
485 | * nfsd4_is_junction - Test if an object could be an NFS junction | |
486 | * | |
487 | * @dentry: object to test | |
488 | * | |
489 | * Returns 1 if "dentry" appears to contain NFS junction information. | |
490 | * Otherwise 0 is returned. | |
491 | */ | |
492 | int nfsd4_is_junction(struct dentry *dentry) | |
493 | { | |
494 | struct inode *inode = d_inode(dentry); | |
495 | ||
496 | if (inode == NULL) | |
497 | return 0; | |
498 | if (inode->i_mode & S_IXUGO) | |
499 | return 0; | |
500 | if (!(inode->i_mode & S_ISVTX)) | |
501 | return 0; | |
502 | if (vfs_getxattr(dentry, NFSD_JUNCTION_XATTR_NAME, NULL, 0) <= 0) | |
503 | return 0; | |
504 | return 1; | |
505 | } | |
506 | #ifdef CONFIG_NFSD_V4_SECURITY_LABEL | |
507 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
508 | struct xdr_netobj *label) | |
509 | { | |
510 | __be32 error; | |
511 | int host_error; | |
512 | struct dentry *dentry; | |
513 | ||
514 | error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR); | |
515 | if (error) | |
516 | return error; | |
517 | ||
518 | dentry = fhp->fh_dentry; | |
519 | ||
520 | inode_lock(d_inode(dentry)); | |
521 | host_error = security_inode_setsecctx(dentry, label->data, label->len); | |
522 | inode_unlock(d_inode(dentry)); | |
523 | return nfserrno(host_error); | |
524 | } | |
525 | #else | |
526 | __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
527 | struct xdr_netobj *label) | |
528 | { | |
529 | return nfserr_notsupp; | |
530 | } | |
531 | #endif | |
532 | ||
533 | __be32 nfsd4_clone_file_range(struct file *src, u64 src_pos, struct file *dst, | |
534 | u64 dst_pos, u64 count, bool sync) | |
535 | { | |
536 | loff_t cloned; | |
537 | ||
538 | cloned = vfs_clone_file_range(src, src_pos, dst, dst_pos, count, 0); | |
539 | if (cloned < 0) | |
540 | return nfserrno(cloned); | |
541 | if (count && cloned != count) | |
542 | return nfserrno(-EINVAL); | |
543 | if (sync) { | |
544 | loff_t dst_end = count ? dst_pos + count - 1 : LLONG_MAX; | |
545 | int status = vfs_fsync_range(dst, dst_pos, dst_end, 0); | |
546 | ||
547 | if (!status) | |
548 | status = commit_inode_metadata(file_inode(src)); | |
549 | if (status < 0) | |
550 | return nfserrno(status); | |
551 | } | |
552 | return 0; | |
553 | } | |
554 | ||
555 | ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst, | |
556 | u64 dst_pos, u64 count) | |
557 | { | |
558 | ||
559 | /* | |
560 | * Limit copy to 4MB to prevent indefinitely blocking an nfsd | |
561 | * thread and client rpc slot. The choice of 4MB is somewhat | |
562 | * arbitrary. We might instead base this on r/wsize, or make it | |
563 | * tunable, or use a time instead of a byte limit, or implement | |
564 | * asynchronous copy. In theory a client could also recognize a | |
565 | * limit like this and pipeline multiple COPY requests. | |
566 | */ | |
567 | count = min_t(u64, count, 1 << 22); | |
568 | return vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0); | |
569 | } | |
570 | ||
571 | __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
572 | struct file *file, loff_t offset, loff_t len, | |
573 | int flags) | |
574 | { | |
575 | int error; | |
576 | ||
577 | if (!S_ISREG(file_inode(file)->i_mode)) | |
578 | return nfserr_inval; | |
579 | ||
580 | error = vfs_fallocate(file, flags, offset, len); | |
581 | if (!error) | |
582 | error = commit_metadata(fhp); | |
583 | ||
584 | return nfserrno(error); | |
585 | } | |
586 | #endif /* defined(CONFIG_NFSD_V4) */ | |
587 | ||
588 | #ifdef CONFIG_NFSD_V3 | |
589 | /* | |
590 | * Check server access rights to a file system object | |
591 | */ | |
592 | struct accessmap { | |
593 | u32 access; | |
594 | int how; | |
595 | }; | |
596 | static struct accessmap nfs3_regaccess[] = { | |
597 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, | |
598 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
599 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_TRUNC }, | |
600 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE }, | |
601 | ||
602 | { 0, 0 } | |
603 | }; | |
604 | ||
605 | static struct accessmap nfs3_diraccess[] = { | |
606 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, | |
607 | { NFS3_ACCESS_LOOKUP, NFSD_MAY_EXEC }, | |
608 | { NFS3_ACCESS_MODIFY, NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC}, | |
609 | { NFS3_ACCESS_EXTEND, NFSD_MAY_EXEC|NFSD_MAY_WRITE }, | |
610 | { NFS3_ACCESS_DELETE, NFSD_MAY_REMOVE }, | |
611 | ||
612 | { 0, 0 } | |
613 | }; | |
614 | ||
615 | static struct accessmap nfs3_anyaccess[] = { | |
616 | /* Some clients - Solaris 2.6 at least, make an access call | |
617 | * to the server to check for access for things like /dev/null | |
618 | * (which really, the server doesn't care about). So | |
619 | * We provide simple access checking for them, looking | |
620 | * mainly at mode bits, and we make sure to ignore read-only | |
621 | * filesystem checks | |
622 | */ | |
623 | { NFS3_ACCESS_READ, NFSD_MAY_READ }, | |
624 | { NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC }, | |
625 | { NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
626 | { NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS }, | |
627 | ||
628 | { 0, 0 } | |
629 | }; | |
630 | ||
631 | __be32 | |
632 | nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported) | |
633 | { | |
634 | struct accessmap *map; | |
635 | struct svc_export *export; | |
636 | struct dentry *dentry; | |
637 | u32 query, result = 0, sresult = 0; | |
638 | __be32 error; | |
639 | ||
640 | error = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP); | |
641 | if (error) | |
642 | goto out; | |
643 | ||
644 | export = fhp->fh_export; | |
645 | dentry = fhp->fh_dentry; | |
646 | ||
647 | if (d_is_reg(dentry)) | |
648 | map = nfs3_regaccess; | |
649 | else if (d_is_dir(dentry)) | |
650 | map = nfs3_diraccess; | |
651 | else | |
652 | map = nfs3_anyaccess; | |
653 | ||
654 | ||
655 | query = *access; | |
656 | for (; map->access; map++) { | |
657 | if (map->access & query) { | |
658 | __be32 err2; | |
659 | ||
660 | sresult |= map->access; | |
661 | ||
662 | err2 = nfsd_permission(rqstp, export, dentry, map->how); | |
663 | switch (err2) { | |
664 | case nfs_ok: | |
665 | result |= map->access; | |
666 | break; | |
667 | ||
668 | /* the following error codes just mean the access was not allowed, | |
669 | * rather than an error occurred */ | |
670 | case nfserr_rofs: | |
671 | case nfserr_acces: | |
672 | case nfserr_perm: | |
673 | /* simply don't "or" in the access bit. */ | |
674 | break; | |
675 | default: | |
676 | error = err2; | |
677 | goto out; | |
678 | } | |
679 | } | |
680 | } | |
681 | *access = result; | |
682 | if (supported) | |
683 | *supported = sresult; | |
684 | ||
685 | out: | |
686 | return error; | |
687 | } | |
688 | #endif /* CONFIG_NFSD_V3 */ | |
689 | ||
690 | int nfsd_open_break_lease(struct inode *inode, int access) | |
691 | { | |
692 | unsigned int mode; | |
693 | ||
694 | if (access & NFSD_MAY_NOT_BREAK_LEASE) | |
695 | return 0; | |
696 | mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY; | |
697 | return break_lease(inode, mode | O_NONBLOCK); | |
698 | } | |
699 | ||
700 | /* | |
701 | * Open an existing file or directory. | |
702 | * The may_flags argument indicates the type of open (read/write/lock) | |
703 | * and additional flags. | |
704 | * N.B. After this call fhp needs an fh_put | |
705 | */ | |
706 | static __be32 | |
707 | __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
708 | int may_flags, struct file **filp) | |
709 | { | |
710 | struct path path; | |
711 | struct inode *inode; | |
712 | struct file *file; | |
713 | int flags = O_RDONLY|O_LARGEFILE; | |
714 | __be32 err; | |
715 | int host_err = 0; | |
716 | ||
717 | path.mnt = fhp->fh_export->ex_path.mnt; | |
718 | path.dentry = fhp->fh_dentry; | |
719 | inode = d_inode(path.dentry); | |
720 | ||
721 | /* Disallow write access to files with the append-only bit set | |
722 | * or any access when mandatory locking enabled | |
723 | */ | |
724 | err = nfserr_perm; | |
725 | if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE)) | |
726 | goto out; | |
727 | /* | |
728 | * We must ignore files (but only files) which might have mandatory | |
729 | * locks on them because there is no way to know if the accesser has | |
730 | * the lock. | |
731 | */ | |
732 | if (S_ISREG((inode)->i_mode) && mandatory_lock(inode)) | |
733 | goto out; | |
734 | ||
735 | if (!inode->i_fop) | |
736 | goto out; | |
737 | ||
738 | host_err = nfsd_open_break_lease(inode, may_flags); | |
739 | if (host_err) /* NOMEM or WOULDBLOCK */ | |
740 | goto out_nfserr; | |
741 | ||
742 | if (may_flags & NFSD_MAY_WRITE) { | |
743 | if (may_flags & NFSD_MAY_READ) | |
744 | flags = O_RDWR|O_LARGEFILE; | |
745 | else | |
746 | flags = O_WRONLY|O_LARGEFILE; | |
747 | } | |
748 | ||
749 | file = dentry_open(&path, flags, current_cred()); | |
750 | if (IS_ERR(file)) { | |
751 | host_err = PTR_ERR(file); | |
752 | goto out_nfserr; | |
753 | } | |
754 | ||
755 | host_err = ima_file_check(file, may_flags); | |
756 | if (host_err) { | |
757 | fput(file); | |
758 | goto out_nfserr; | |
759 | } | |
760 | ||
761 | if (may_flags & NFSD_MAY_64BIT_COOKIE) | |
762 | file->f_mode |= FMODE_64BITHASH; | |
763 | else | |
764 | file->f_mode |= FMODE_32BITHASH; | |
765 | ||
766 | *filp = file; | |
767 | out_nfserr: | |
768 | err = nfserrno(host_err); | |
769 | out: | |
770 | return err; | |
771 | } | |
772 | ||
773 | __be32 | |
774 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
775 | int may_flags, struct file **filp) | |
776 | { | |
777 | __be32 err; | |
778 | ||
779 | validate_process_creds(); | |
780 | /* | |
781 | * If we get here, then the client has already done an "open", | |
782 | * and (hopefully) checked permission - so allow OWNER_OVERRIDE | |
783 | * in case a chmod has now revoked permission. | |
784 | * | |
785 | * Arguably we should also allow the owner override for | |
786 | * directories, but we never have and it doesn't seem to have | |
787 | * caused anyone a problem. If we were to change this, note | |
788 | * also that our filldir callbacks would need a variant of | |
789 | * lookup_one_len that doesn't check permissions. | |
790 | */ | |
791 | if (type == S_IFREG) | |
792 | may_flags |= NFSD_MAY_OWNER_OVERRIDE; | |
793 | err = fh_verify(rqstp, fhp, type, may_flags); | |
794 | if (!err) | |
795 | err = __nfsd_open(rqstp, fhp, type, may_flags, filp); | |
796 | validate_process_creds(); | |
797 | return err; | |
798 | } | |
799 | ||
800 | __be32 | |
801 | nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, | |
802 | int may_flags, struct file **filp) | |
803 | { | |
804 | __be32 err; | |
805 | ||
806 | validate_process_creds(); | |
807 | err = __nfsd_open(rqstp, fhp, type, may_flags, filp); | |
808 | validate_process_creds(); | |
809 | return err; | |
810 | } | |
811 | ||
812 | /* | |
813 | * Grab and keep cached pages associated with a file in the svc_rqst | |
814 | * so that they can be passed to the network sendmsg/sendpage routines | |
815 | * directly. They will be released after the sending has completed. | |
816 | */ | |
817 | static int | |
818 | nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, | |
819 | struct splice_desc *sd) | |
820 | { | |
821 | struct svc_rqst *rqstp = sd->u.data; | |
822 | struct page **pp = rqstp->rq_next_page; | |
823 | struct page *page = buf->page; | |
824 | size_t size; | |
825 | ||
826 | size = sd->len; | |
827 | ||
828 | if (rqstp->rq_res.page_len == 0) { | |
829 | get_page(page); | |
830 | put_page(*rqstp->rq_next_page); | |
831 | *(rqstp->rq_next_page++) = page; | |
832 | rqstp->rq_res.page_base = buf->offset; | |
833 | rqstp->rq_res.page_len = size; | |
834 | } else if (page != pp[-1]) { | |
835 | get_page(page); | |
836 | if (*rqstp->rq_next_page) | |
837 | put_page(*rqstp->rq_next_page); | |
838 | *(rqstp->rq_next_page++) = page; | |
839 | rqstp->rq_res.page_len += size; | |
840 | } else | |
841 | rqstp->rq_res.page_len += size; | |
842 | ||
843 | return size; | |
844 | } | |
845 | ||
846 | static int nfsd_direct_splice_actor(struct pipe_inode_info *pipe, | |
847 | struct splice_desc *sd) | |
848 | { | |
849 | return __splice_from_pipe(pipe, sd, nfsd_splice_actor); | |
850 | } | |
851 | ||
852 | static u32 nfsd_eof_on_read(struct file *file, loff_t offset, ssize_t len, | |
853 | size_t expected) | |
854 | { | |
855 | if (expected != 0 && len == 0) | |
856 | return 1; | |
857 | if (offset+len >= i_size_read(file_inode(file))) | |
858 | return 1; | |
859 | return 0; | |
860 | } | |
861 | ||
862 | static __be32 nfsd_finish_read(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
863 | struct file *file, loff_t offset, | |
864 | unsigned long *count, u32 *eof, ssize_t host_err) | |
865 | { | |
866 | if (host_err >= 0) { | |
867 | nfsdstats.io_read += host_err; | |
868 | *eof = nfsd_eof_on_read(file, offset, host_err, *count); | |
869 | *count = host_err; | |
870 | fsnotify_access(file); | |
871 | trace_nfsd_read_io_done(rqstp, fhp, offset, *count); | |
872 | return 0; | |
873 | } else { | |
874 | trace_nfsd_read_err(rqstp, fhp, offset, host_err); | |
875 | return nfserrno(host_err); | |
876 | } | |
877 | } | |
878 | ||
879 | __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
880 | struct file *file, loff_t offset, unsigned long *count, | |
881 | u32 *eof) | |
882 | { | |
883 | struct splice_desc sd = { | |
884 | .len = 0, | |
885 | .total_len = *count, | |
886 | .pos = offset, | |
887 | .u.data = rqstp, | |
888 | }; | |
889 | ssize_t host_err; | |
890 | ||
891 | trace_nfsd_read_splice(rqstp, fhp, offset, *count); | |
892 | rqstp->rq_next_page = rqstp->rq_respages + 1; | |
893 | host_err = splice_direct_to_actor(file, &sd, nfsd_direct_splice_actor); | |
894 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); | |
895 | } | |
896 | ||
897 | __be32 nfsd_readv(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
898 | struct file *file, loff_t offset, | |
899 | struct kvec *vec, int vlen, unsigned long *count, | |
900 | u32 *eof) | |
901 | { | |
902 | struct iov_iter iter; | |
903 | loff_t ppos = offset; | |
904 | ssize_t host_err; | |
905 | ||
906 | trace_nfsd_read_vector(rqstp, fhp, offset, *count); | |
907 | iov_iter_kvec(&iter, READ, vec, vlen, *count); | |
908 | host_err = vfs_iter_read(file, &iter, &ppos, 0); | |
909 | return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err); | |
910 | } | |
911 | ||
912 | /* | |
913 | * Gathered writes: If another process is currently writing to the file, | |
914 | * there's a high chance this is another nfsd (triggered by a bulk write | |
915 | * from a client's biod). Rather than syncing the file with each write | |
916 | * request, we sleep for 10 msec. | |
917 | * | |
918 | * I don't know if this roughly approximates C. Juszak's idea of | |
919 | * gathered writes, but it's a nice and simple solution (IMHO), and it | |
920 | * seems to work:-) | |
921 | * | |
922 | * Note: we do this only in the NFSv2 case, since v3 and higher have a | |
923 | * better tool (separate unstable writes and commits) for solving this | |
924 | * problem. | |
925 | */ | |
926 | static int wait_for_concurrent_writes(struct file *file) | |
927 | { | |
928 | struct inode *inode = file_inode(file); | |
929 | static ino_t last_ino; | |
930 | static dev_t last_dev; | |
931 | int err = 0; | |
932 | ||
933 | if (atomic_read(&inode->i_writecount) > 1 | |
934 | || (last_ino == inode->i_ino && last_dev == inode->i_sb->s_dev)) { | |
935 | dprintk("nfsd: write defer %d\n", task_pid_nr(current)); | |
936 | msleep(10); | |
937 | dprintk("nfsd: write resume %d\n", task_pid_nr(current)); | |
938 | } | |
939 | ||
940 | if (inode->i_state & I_DIRTY) { | |
941 | dprintk("nfsd: write sync %d\n", task_pid_nr(current)); | |
942 | err = vfs_fsync(file, 0); | |
943 | } | |
944 | last_ino = inode->i_ino; | |
945 | last_dev = inode->i_sb->s_dev; | |
946 | return err; | |
947 | } | |
948 | ||
949 | __be32 | |
950 | nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfsd_file *nf, | |
951 | loff_t offset, struct kvec *vec, int vlen, | |
952 | unsigned long *cnt, int stable) | |
953 | { | |
954 | struct file *file = nf->nf_file; | |
955 | struct svc_export *exp; | |
956 | struct iov_iter iter; | |
957 | __be32 nfserr; | |
958 | int host_err; | |
959 | int use_wgather; | |
960 | loff_t pos = offset; | |
961 | unsigned int pflags = current->flags; | |
962 | rwf_t flags = 0; | |
963 | ||
964 | trace_nfsd_write_opened(rqstp, fhp, offset, *cnt); | |
965 | ||
966 | if (test_bit(RQ_LOCAL, &rqstp->rq_flags)) | |
967 | /* | |
968 | * We want less throttling in balance_dirty_pages() | |
969 | * and shrink_inactive_list() so that nfs to | |
970 | * localhost doesn't cause nfsd to lock up due to all | |
971 | * the client's dirty pages or its congested queue. | |
972 | */ | |
973 | current->flags |= PF_LESS_THROTTLE; | |
974 | ||
975 | exp = fhp->fh_export; | |
976 | use_wgather = (rqstp->rq_vers == 2) && EX_WGATHER(exp); | |
977 | ||
978 | if (!EX_ISSYNC(exp)) | |
979 | stable = NFS_UNSTABLE; | |
980 | ||
981 | if (stable && !use_wgather) | |
982 | flags |= RWF_SYNC; | |
983 | ||
984 | iov_iter_kvec(&iter, WRITE, vec, vlen, *cnt); | |
985 | if (flags & RWF_SYNC) { | |
986 | down_write(&nf->nf_rwsem); | |
987 | host_err = vfs_iter_write(file, &iter, &pos, flags); | |
988 | if (host_err < 0) | |
989 | nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp), | |
990 | nfsd_net_id)); | |
991 | up_write(&nf->nf_rwsem); | |
992 | } else { | |
993 | down_read(&nf->nf_rwsem); | |
994 | host_err = vfs_iter_write(file, &iter, &pos, flags); | |
995 | up_read(&nf->nf_rwsem); | |
996 | } | |
997 | if (host_err < 0) | |
998 | goto out_nfserr; | |
999 | *cnt = host_err; | |
1000 | nfsdstats.io_write += *cnt; | |
1001 | fsnotify_modify(file); | |
1002 | ||
1003 | if (stable && use_wgather) { | |
1004 | host_err = wait_for_concurrent_writes(file); | |
1005 | if (host_err < 0) | |
1006 | nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp), | |
1007 | nfsd_net_id)); | |
1008 | } | |
1009 | ||
1010 | out_nfserr: | |
1011 | if (host_err >= 0) { | |
1012 | trace_nfsd_write_io_done(rqstp, fhp, offset, *cnt); | |
1013 | nfserr = nfs_ok; | |
1014 | } else { | |
1015 | trace_nfsd_write_err(rqstp, fhp, offset, host_err); | |
1016 | nfserr = nfserrno(host_err); | |
1017 | } | |
1018 | if (test_bit(RQ_LOCAL, &rqstp->rq_flags)) | |
1019 | current_restore_flags(pflags, PF_LESS_THROTTLE); | |
1020 | return nfserr; | |
1021 | } | |
1022 | ||
1023 | /* | |
1024 | * Read data from a file. count must contain the requested read count | |
1025 | * on entry. On return, *count contains the number of bytes actually read. | |
1026 | * N.B. After this call fhp needs an fh_put | |
1027 | */ | |
1028 | __be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1029 | loff_t offset, struct kvec *vec, int vlen, unsigned long *count, | |
1030 | u32 *eof) | |
1031 | { | |
1032 | struct nfsd_file *nf; | |
1033 | struct file *file; | |
1034 | __be32 err; | |
1035 | ||
1036 | trace_nfsd_read_start(rqstp, fhp, offset, *count); | |
1037 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); | |
1038 | if (err) | |
1039 | return err; | |
1040 | ||
1041 | file = nf->nf_file; | |
1042 | if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &rqstp->rq_flags)) | |
1043 | err = nfsd_splice_read(rqstp, fhp, file, offset, count, eof); | |
1044 | else | |
1045 | err = nfsd_readv(rqstp, fhp, file, offset, vec, vlen, count, eof); | |
1046 | ||
1047 | nfsd_file_put(nf); | |
1048 | ||
1049 | trace_nfsd_read_done(rqstp, fhp, offset, *count); | |
1050 | ||
1051 | return err; | |
1052 | } | |
1053 | ||
1054 | /* | |
1055 | * Write data to a file. | |
1056 | * The stable flag requests synchronous writes. | |
1057 | * N.B. After this call fhp needs an fh_put | |
1058 | */ | |
1059 | __be32 | |
1060 | nfsd_write(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t offset, | |
1061 | struct kvec *vec, int vlen, unsigned long *cnt, int stable) | |
1062 | { | |
1063 | struct nfsd_file *nf; | |
1064 | __be32 err; | |
1065 | ||
1066 | trace_nfsd_write_start(rqstp, fhp, offset, *cnt); | |
1067 | ||
1068 | err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_WRITE, &nf); | |
1069 | if (err) | |
1070 | goto out; | |
1071 | ||
1072 | err = nfsd_vfs_write(rqstp, fhp, nf, offset, vec, | |
1073 | vlen, cnt, stable); | |
1074 | nfsd_file_put(nf); | |
1075 | out: | |
1076 | trace_nfsd_write_done(rqstp, fhp, offset, *cnt); | |
1077 | return err; | |
1078 | } | |
1079 | ||
1080 | #ifdef CONFIG_NFSD_V3 | |
1081 | /* | |
1082 | * Commit all pending writes to stable storage. | |
1083 | * | |
1084 | * Note: we only guarantee that data that lies within the range specified | |
1085 | * by the 'offset' and 'count' parameters will be synced. | |
1086 | * | |
1087 | * Unfortunately we cannot lock the file to make sure we return full WCC | |
1088 | * data to the client, as locking happens lower down in the filesystem. | |
1089 | */ | |
1090 | __be32 | |
1091 | nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1092 | loff_t offset, unsigned long count) | |
1093 | { | |
1094 | struct nfsd_file *nf; | |
1095 | loff_t end = LLONG_MAX; | |
1096 | __be32 err = nfserr_inval; | |
1097 | ||
1098 | if (offset < 0) | |
1099 | goto out; | |
1100 | if (count != 0) { | |
1101 | end = offset + (loff_t)count - 1; | |
1102 | if (end < offset) | |
1103 | goto out; | |
1104 | } | |
1105 | ||
1106 | err = nfsd_file_acquire(rqstp, fhp, | |
1107 | NFSD_MAY_WRITE|NFSD_MAY_NOT_BREAK_LEASE, &nf); | |
1108 | if (err) | |
1109 | goto out; | |
1110 | if (EX_ISSYNC(fhp->fh_export)) { | |
1111 | int err2; | |
1112 | ||
1113 | down_write(&nf->nf_rwsem); | |
1114 | err2 = vfs_fsync_range(nf->nf_file, offset, end, 0); | |
1115 | switch (err2) { | |
1116 | case 0: | |
1117 | break; | |
1118 | case -EINVAL: | |
1119 | err = nfserr_notsupp; | |
1120 | break; | |
1121 | default: | |
1122 | err = nfserrno(err2); | |
1123 | nfsd_reset_boot_verifier(net_generic(nf->nf_net, | |
1124 | nfsd_net_id)); | |
1125 | } | |
1126 | up_write(&nf->nf_rwsem); | |
1127 | } | |
1128 | ||
1129 | nfsd_file_put(nf); | |
1130 | out: | |
1131 | return err; | |
1132 | } | |
1133 | #endif /* CONFIG_NFSD_V3 */ | |
1134 | ||
1135 | static __be32 | |
1136 | nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp, | |
1137 | struct iattr *iap) | |
1138 | { | |
1139 | /* | |
1140 | * Mode has already been set earlier in create: | |
1141 | */ | |
1142 | iap->ia_valid &= ~ATTR_MODE; | |
1143 | /* | |
1144 | * Setting uid/gid works only for root. Irix appears to | |
1145 | * send along the gid on create when it tries to implement | |
1146 | * setgid directories via NFS: | |
1147 | */ | |
1148 | if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID)) | |
1149 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); | |
1150 | if (iap->ia_valid) | |
1151 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time64_t)0); | |
1152 | /* Callers expect file metadata to be committed here */ | |
1153 | return nfserrno(commit_metadata(resfhp)); | |
1154 | } | |
1155 | ||
1156 | /* HPUX client sometimes creates a file in mode 000, and sets size to 0. | |
1157 | * setting size to 0 may fail for some specific file systems by the permission | |
1158 | * checking which requires WRITE permission but the mode is 000. | |
1159 | * we ignore the resizing(to 0) on the just new created file, since the size is | |
1160 | * 0 after file created. | |
1161 | * | |
1162 | * call this only after vfs_create() is called. | |
1163 | * */ | |
1164 | static void | |
1165 | nfsd_check_ignore_resizing(struct iattr *iap) | |
1166 | { | |
1167 | if ((iap->ia_valid & ATTR_SIZE) && (iap->ia_size == 0)) | |
1168 | iap->ia_valid &= ~ATTR_SIZE; | |
1169 | } | |
1170 | ||
1171 | /* The parent directory should already be locked: */ | |
1172 | __be32 | |
1173 | nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1174 | char *fname, int flen, struct iattr *iap, | |
1175 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1176 | { | |
1177 | struct dentry *dentry, *dchild; | |
1178 | struct inode *dirp; | |
1179 | __be32 err; | |
1180 | __be32 err2; | |
1181 | int host_err; | |
1182 | ||
1183 | dentry = fhp->fh_dentry; | |
1184 | dirp = d_inode(dentry); | |
1185 | ||
1186 | dchild = dget(resfhp->fh_dentry); | |
1187 | if (!fhp->fh_locked) { | |
1188 | WARN_ONCE(1, "nfsd_create: parent %pd2 not locked!\n", | |
1189 | dentry); | |
1190 | err = nfserr_io; | |
1191 | goto out; | |
1192 | } | |
1193 | ||
1194 | err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE); | |
1195 | if (err) | |
1196 | goto out; | |
1197 | ||
1198 | if (!(iap->ia_valid & ATTR_MODE)) | |
1199 | iap->ia_mode = 0; | |
1200 | iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; | |
1201 | ||
1202 | err = 0; | |
1203 | host_err = 0; | |
1204 | switch (type) { | |
1205 | case S_IFREG: | |
1206 | host_err = vfs_create(dirp, dchild, iap->ia_mode, true); | |
1207 | if (!host_err) | |
1208 | nfsd_check_ignore_resizing(iap); | |
1209 | break; | |
1210 | case S_IFDIR: | |
1211 | host_err = vfs_mkdir(dirp, dchild, iap->ia_mode); | |
1212 | if (!host_err && unlikely(d_unhashed(dchild))) { | |
1213 | struct dentry *d; | |
1214 | d = lookup_one_len(dchild->d_name.name, | |
1215 | dchild->d_parent, | |
1216 | dchild->d_name.len); | |
1217 | if (IS_ERR(d)) { | |
1218 | host_err = PTR_ERR(d); | |
1219 | break; | |
1220 | } | |
1221 | if (unlikely(d_is_negative(d))) { | |
1222 | dput(d); | |
1223 | err = nfserr_serverfault; | |
1224 | goto out; | |
1225 | } | |
1226 | dput(resfhp->fh_dentry); | |
1227 | resfhp->fh_dentry = dget(d); | |
1228 | err = fh_update(resfhp); | |
1229 | dput(dchild); | |
1230 | dchild = d; | |
1231 | if (err) | |
1232 | goto out; | |
1233 | } | |
1234 | break; | |
1235 | case S_IFCHR: | |
1236 | case S_IFBLK: | |
1237 | case S_IFIFO: | |
1238 | case S_IFSOCK: | |
1239 | host_err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev); | |
1240 | break; | |
1241 | default: | |
1242 | printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n", | |
1243 | type); | |
1244 | host_err = -EINVAL; | |
1245 | } | |
1246 | if (host_err < 0) | |
1247 | goto out_nfserr; | |
1248 | ||
1249 | err = nfsd_create_setattr(rqstp, resfhp, iap); | |
1250 | ||
1251 | /* | |
1252 | * nfsd_create_setattr already committed the child. Transactional | |
1253 | * filesystems had a chance to commit changes for both parent and | |
1254 | * child simultaneously making the following commit_metadata a | |
1255 | * noop. | |
1256 | */ | |
1257 | err2 = nfserrno(commit_metadata(fhp)); | |
1258 | if (err2) | |
1259 | err = err2; | |
1260 | /* | |
1261 | * Update the file handle to get the new inode info. | |
1262 | */ | |
1263 | if (!err) | |
1264 | err = fh_update(resfhp); | |
1265 | out: | |
1266 | dput(dchild); | |
1267 | return err; | |
1268 | ||
1269 | out_nfserr: | |
1270 | err = nfserrno(host_err); | |
1271 | goto out; | |
1272 | } | |
1273 | ||
1274 | /* | |
1275 | * Create a filesystem object (regular, directory, special). | |
1276 | * Note that the parent directory is left locked. | |
1277 | * | |
1278 | * N.B. Every call to nfsd_create needs an fh_put for _both_ fhp and resfhp | |
1279 | */ | |
1280 | __be32 | |
1281 | nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1282 | char *fname, int flen, struct iattr *iap, | |
1283 | int type, dev_t rdev, struct svc_fh *resfhp) | |
1284 | { | |
1285 | struct dentry *dentry, *dchild = NULL; | |
1286 | __be32 err; | |
1287 | int host_err; | |
1288 | ||
1289 | if (isdotent(fname, flen)) | |
1290 | return nfserr_exist; | |
1291 | ||
1292 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_NOP); | |
1293 | if (err) | |
1294 | return err; | |
1295 | ||
1296 | dentry = fhp->fh_dentry; | |
1297 | ||
1298 | host_err = fh_want_write(fhp); | |
1299 | if (host_err) | |
1300 | return nfserrno(host_err); | |
1301 | ||
1302 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1303 | dchild = lookup_one_len(fname, dentry, flen); | |
1304 | host_err = PTR_ERR(dchild); | |
1305 | if (IS_ERR(dchild)) | |
1306 | return nfserrno(host_err); | |
1307 | err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); | |
1308 | /* | |
1309 | * We unconditionally drop our ref to dchild as fh_compose will have | |
1310 | * already grabbed its own ref for it. | |
1311 | */ | |
1312 | dput(dchild); | |
1313 | if (err) | |
1314 | return err; | |
1315 | return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type, | |
1316 | rdev, resfhp); | |
1317 | } | |
1318 | ||
1319 | #ifdef CONFIG_NFSD_V3 | |
1320 | ||
1321 | /* | |
1322 | * NFSv3 and NFSv4 version of nfsd_create | |
1323 | */ | |
1324 | __be32 | |
1325 | do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1326 | char *fname, int flen, struct iattr *iap, | |
1327 | struct svc_fh *resfhp, int createmode, u32 *verifier, | |
1328 | bool *truncp, bool *created) | |
1329 | { | |
1330 | struct dentry *dentry, *dchild = NULL; | |
1331 | struct inode *dirp; | |
1332 | __be32 err; | |
1333 | int host_err; | |
1334 | __u32 v_mtime=0, v_atime=0; | |
1335 | ||
1336 | err = nfserr_perm; | |
1337 | if (!flen) | |
1338 | goto out; | |
1339 | err = nfserr_exist; | |
1340 | if (isdotent(fname, flen)) | |
1341 | goto out; | |
1342 | if (!(iap->ia_valid & ATTR_MODE)) | |
1343 | iap->ia_mode = 0; | |
1344 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC); | |
1345 | if (err) | |
1346 | goto out; | |
1347 | ||
1348 | dentry = fhp->fh_dentry; | |
1349 | dirp = d_inode(dentry); | |
1350 | ||
1351 | host_err = fh_want_write(fhp); | |
1352 | if (host_err) | |
1353 | goto out_nfserr; | |
1354 | ||
1355 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1356 | ||
1357 | /* | |
1358 | * Compose the response file handle. | |
1359 | */ | |
1360 | dchild = lookup_one_len(fname, dentry, flen); | |
1361 | host_err = PTR_ERR(dchild); | |
1362 | if (IS_ERR(dchild)) | |
1363 | goto out_nfserr; | |
1364 | ||
1365 | /* If file doesn't exist, check for permissions to create one */ | |
1366 | if (d_really_is_negative(dchild)) { | |
1367 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); | |
1368 | if (err) | |
1369 | goto out; | |
1370 | } | |
1371 | ||
1372 | err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); | |
1373 | if (err) | |
1374 | goto out; | |
1375 | ||
1376 | if (nfsd_create_is_exclusive(createmode)) { | |
1377 | /* solaris7 gets confused (bugid 4218508) if these have | |
1378 | * the high bit set, so just clear the high bits. If this is | |
1379 | * ever changed to use different attrs for storing the | |
1380 | * verifier, then do_open_lookup() will also need to be fixed | |
1381 | * accordingly. | |
1382 | */ | |
1383 | v_mtime = verifier[0]&0x7fffffff; | |
1384 | v_atime = verifier[1]&0x7fffffff; | |
1385 | } | |
1386 | ||
1387 | if (d_really_is_positive(dchild)) { | |
1388 | err = 0; | |
1389 | ||
1390 | switch (createmode) { | |
1391 | case NFS3_CREATE_UNCHECKED: | |
1392 | if (! d_is_reg(dchild)) | |
1393 | goto out; | |
1394 | else if (truncp) { | |
1395 | /* in nfsv4, we need to treat this case a little | |
1396 | * differently. we don't want to truncate the | |
1397 | * file now; this would be wrong if the OPEN | |
1398 | * fails for some other reason. furthermore, | |
1399 | * if the size is nonzero, we should ignore it | |
1400 | * according to spec! | |
1401 | */ | |
1402 | *truncp = (iap->ia_valid & ATTR_SIZE) && !iap->ia_size; | |
1403 | } | |
1404 | else { | |
1405 | iap->ia_valid &= ATTR_SIZE; | |
1406 | goto set_attr; | |
1407 | } | |
1408 | break; | |
1409 | case NFS3_CREATE_EXCLUSIVE: | |
1410 | if ( d_inode(dchild)->i_mtime.tv_sec == v_mtime | |
1411 | && d_inode(dchild)->i_atime.tv_sec == v_atime | |
1412 | && d_inode(dchild)->i_size == 0 ) { | |
1413 | if (created) | |
1414 | *created = true; | |
1415 | break; | |
1416 | } | |
1417 | /* fall through */ | |
1418 | case NFS4_CREATE_EXCLUSIVE4_1: | |
1419 | if ( d_inode(dchild)->i_mtime.tv_sec == v_mtime | |
1420 | && d_inode(dchild)->i_atime.tv_sec == v_atime | |
1421 | && d_inode(dchild)->i_size == 0 ) { | |
1422 | if (created) | |
1423 | *created = true; | |
1424 | goto set_attr; | |
1425 | } | |
1426 | /* fall through */ | |
1427 | case NFS3_CREATE_GUARDED: | |
1428 | err = nfserr_exist; | |
1429 | } | |
1430 | fh_drop_write(fhp); | |
1431 | goto out; | |
1432 | } | |
1433 | ||
1434 | host_err = vfs_create(dirp, dchild, iap->ia_mode, true); | |
1435 | if (host_err < 0) { | |
1436 | fh_drop_write(fhp); | |
1437 | goto out_nfserr; | |
1438 | } | |
1439 | if (created) | |
1440 | *created = true; | |
1441 | ||
1442 | nfsd_check_ignore_resizing(iap); | |
1443 | ||
1444 | if (nfsd_create_is_exclusive(createmode)) { | |
1445 | /* Cram the verifier into atime/mtime */ | |
1446 | iap->ia_valid = ATTR_MTIME|ATTR_ATIME | |
1447 | | ATTR_MTIME_SET|ATTR_ATIME_SET; | |
1448 | /* XXX someone who knows this better please fix it for nsec */ | |
1449 | iap->ia_mtime.tv_sec = v_mtime; | |
1450 | iap->ia_atime.tv_sec = v_atime; | |
1451 | iap->ia_mtime.tv_nsec = 0; | |
1452 | iap->ia_atime.tv_nsec = 0; | |
1453 | } | |
1454 | ||
1455 | set_attr: | |
1456 | err = nfsd_create_setattr(rqstp, resfhp, iap); | |
1457 | ||
1458 | /* | |
1459 | * nfsd_create_setattr already committed the child | |
1460 | * (and possibly also the parent). | |
1461 | */ | |
1462 | if (!err) | |
1463 | err = nfserrno(commit_metadata(fhp)); | |
1464 | ||
1465 | /* | |
1466 | * Update the filehandle to get the new inode info. | |
1467 | */ | |
1468 | if (!err) | |
1469 | err = fh_update(resfhp); | |
1470 | ||
1471 | out: | |
1472 | fh_unlock(fhp); | |
1473 | if (dchild && !IS_ERR(dchild)) | |
1474 | dput(dchild); | |
1475 | fh_drop_write(fhp); | |
1476 | return err; | |
1477 | ||
1478 | out_nfserr: | |
1479 | err = nfserrno(host_err); | |
1480 | goto out; | |
1481 | } | |
1482 | #endif /* CONFIG_NFSD_V3 */ | |
1483 | ||
1484 | /* | |
1485 | * Read a symlink. On entry, *lenp must contain the maximum path length that | |
1486 | * fits into the buffer. On return, it contains the true length. | |
1487 | * N.B. After this call fhp needs an fh_put | |
1488 | */ | |
1489 | __be32 | |
1490 | nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) | |
1491 | { | |
1492 | __be32 err; | |
1493 | const char *link; | |
1494 | struct path path; | |
1495 | DEFINE_DELAYED_CALL(done); | |
1496 | int len; | |
1497 | ||
1498 | err = fh_verify(rqstp, fhp, S_IFLNK, NFSD_MAY_NOP); | |
1499 | if (unlikely(err)) | |
1500 | return err; | |
1501 | ||
1502 | path.mnt = fhp->fh_export->ex_path.mnt; | |
1503 | path.dentry = fhp->fh_dentry; | |
1504 | ||
1505 | if (unlikely(!d_is_symlink(path.dentry))) | |
1506 | return nfserr_inval; | |
1507 | ||
1508 | touch_atime(&path); | |
1509 | ||
1510 | link = vfs_get_link(path.dentry, &done); | |
1511 | if (IS_ERR(link)) | |
1512 | return nfserrno(PTR_ERR(link)); | |
1513 | ||
1514 | len = strlen(link); | |
1515 | if (len < *lenp) | |
1516 | *lenp = len; | |
1517 | memcpy(buf, link, *lenp); | |
1518 | do_delayed_call(&done); | |
1519 | return 0; | |
1520 | } | |
1521 | ||
1522 | /* | |
1523 | * Create a symlink and look up its inode | |
1524 | * N.B. After this call _both_ fhp and resfhp need an fh_put | |
1525 | */ | |
1526 | __be32 | |
1527 | nfsd_symlink(struct svc_rqst *rqstp, struct svc_fh *fhp, | |
1528 | char *fname, int flen, | |
1529 | char *path, | |
1530 | struct svc_fh *resfhp) | |
1531 | { | |
1532 | struct dentry *dentry, *dnew; | |
1533 | __be32 err, cerr; | |
1534 | int host_err; | |
1535 | ||
1536 | err = nfserr_noent; | |
1537 | if (!flen || path[0] == '\0') | |
1538 | goto out; | |
1539 | err = nfserr_exist; | |
1540 | if (isdotent(fname, flen)) | |
1541 | goto out; | |
1542 | ||
1543 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE); | |
1544 | if (err) | |
1545 | goto out; | |
1546 | ||
1547 | host_err = fh_want_write(fhp); | |
1548 | if (host_err) | |
1549 | goto out_nfserr; | |
1550 | ||
1551 | fh_lock(fhp); | |
1552 | dentry = fhp->fh_dentry; | |
1553 | dnew = lookup_one_len(fname, dentry, flen); | |
1554 | host_err = PTR_ERR(dnew); | |
1555 | if (IS_ERR(dnew)) | |
1556 | goto out_nfserr; | |
1557 | ||
1558 | host_err = vfs_symlink(d_inode(dentry), dnew, path); | |
1559 | err = nfserrno(host_err); | |
1560 | if (!err) | |
1561 | err = nfserrno(commit_metadata(fhp)); | |
1562 | fh_unlock(fhp); | |
1563 | ||
1564 | fh_drop_write(fhp); | |
1565 | ||
1566 | cerr = fh_compose(resfhp, fhp->fh_export, dnew, fhp); | |
1567 | dput(dnew); | |
1568 | if (err==0) err = cerr; | |
1569 | out: | |
1570 | return err; | |
1571 | ||
1572 | out_nfserr: | |
1573 | err = nfserrno(host_err); | |
1574 | goto out; | |
1575 | } | |
1576 | ||
1577 | /* | |
1578 | * Create a hardlink | |
1579 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1580 | */ | |
1581 | __be32 | |
1582 | nfsd_link(struct svc_rqst *rqstp, struct svc_fh *ffhp, | |
1583 | char *name, int len, struct svc_fh *tfhp) | |
1584 | { | |
1585 | struct dentry *ddir, *dnew, *dold; | |
1586 | struct inode *dirp; | |
1587 | __be32 err; | |
1588 | int host_err; | |
1589 | ||
1590 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_CREATE); | |
1591 | if (err) | |
1592 | goto out; | |
1593 | err = fh_verify(rqstp, tfhp, 0, NFSD_MAY_NOP); | |
1594 | if (err) | |
1595 | goto out; | |
1596 | err = nfserr_isdir; | |
1597 | if (d_is_dir(tfhp->fh_dentry)) | |
1598 | goto out; | |
1599 | err = nfserr_perm; | |
1600 | if (!len) | |
1601 | goto out; | |
1602 | err = nfserr_exist; | |
1603 | if (isdotent(name, len)) | |
1604 | goto out; | |
1605 | ||
1606 | host_err = fh_want_write(tfhp); | |
1607 | if (host_err) { | |
1608 | err = nfserrno(host_err); | |
1609 | goto out; | |
1610 | } | |
1611 | ||
1612 | fh_lock_nested(ffhp, I_MUTEX_PARENT); | |
1613 | ddir = ffhp->fh_dentry; | |
1614 | dirp = d_inode(ddir); | |
1615 | ||
1616 | dnew = lookup_one_len(name, ddir, len); | |
1617 | host_err = PTR_ERR(dnew); | |
1618 | if (IS_ERR(dnew)) | |
1619 | goto out_nfserr; | |
1620 | ||
1621 | dold = tfhp->fh_dentry; | |
1622 | ||
1623 | err = nfserr_noent; | |
1624 | if (d_really_is_negative(dold)) | |
1625 | goto out_dput; | |
1626 | host_err = vfs_link(dold, dirp, dnew, NULL); | |
1627 | if (!host_err) { | |
1628 | err = nfserrno(commit_metadata(ffhp)); | |
1629 | if (!err) | |
1630 | err = nfserrno(commit_metadata(tfhp)); | |
1631 | } else { | |
1632 | if (host_err == -EXDEV && rqstp->rq_vers == 2) | |
1633 | err = nfserr_acces; | |
1634 | else | |
1635 | err = nfserrno(host_err); | |
1636 | } | |
1637 | out_dput: | |
1638 | dput(dnew); | |
1639 | out_unlock: | |
1640 | fh_unlock(ffhp); | |
1641 | fh_drop_write(tfhp); | |
1642 | out: | |
1643 | return err; | |
1644 | ||
1645 | out_nfserr: | |
1646 | err = nfserrno(host_err); | |
1647 | goto out_unlock; | |
1648 | } | |
1649 | ||
1650 | static void | |
1651 | nfsd_close_cached_files(struct dentry *dentry) | |
1652 | { | |
1653 | struct inode *inode = d_inode(dentry); | |
1654 | ||
1655 | if (inode && S_ISREG(inode->i_mode)) | |
1656 | nfsd_file_close_inode_sync(inode); | |
1657 | } | |
1658 | ||
1659 | static bool | |
1660 | nfsd_has_cached_files(struct dentry *dentry) | |
1661 | { | |
1662 | bool ret = false; | |
1663 | struct inode *inode = d_inode(dentry); | |
1664 | ||
1665 | if (inode && S_ISREG(inode->i_mode)) | |
1666 | ret = nfsd_file_is_cached(inode); | |
1667 | return ret; | |
1668 | } | |
1669 | ||
1670 | /* | |
1671 | * Rename a file | |
1672 | * N.B. After this call _both_ ffhp and tfhp need an fh_put | |
1673 | */ | |
1674 | __be32 | |
1675 | nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen, | |
1676 | struct svc_fh *tfhp, char *tname, int tlen) | |
1677 | { | |
1678 | struct dentry *fdentry, *tdentry, *odentry, *ndentry, *trap; | |
1679 | struct inode *fdir, *tdir; | |
1680 | __be32 err; | |
1681 | int host_err; | |
1682 | bool has_cached = false; | |
1683 | ||
1684 | err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_REMOVE); | |
1685 | if (err) | |
1686 | goto out; | |
1687 | err = fh_verify(rqstp, tfhp, S_IFDIR, NFSD_MAY_CREATE); | |
1688 | if (err) | |
1689 | goto out; | |
1690 | ||
1691 | fdentry = ffhp->fh_dentry; | |
1692 | fdir = d_inode(fdentry); | |
1693 | ||
1694 | tdentry = tfhp->fh_dentry; | |
1695 | tdir = d_inode(tdentry); | |
1696 | ||
1697 | err = nfserr_perm; | |
1698 | if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen)) | |
1699 | goto out; | |
1700 | ||
1701 | retry: | |
1702 | host_err = fh_want_write(ffhp); | |
1703 | if (host_err) { | |
1704 | err = nfserrno(host_err); | |
1705 | goto out; | |
1706 | } | |
1707 | ||
1708 | /* cannot use fh_lock as we need deadlock protective ordering | |
1709 | * so do it by hand */ | |
1710 | trap = lock_rename(tdentry, fdentry); | |
1711 | ffhp->fh_locked = tfhp->fh_locked = true; | |
1712 | fill_pre_wcc(ffhp); | |
1713 | fill_pre_wcc(tfhp); | |
1714 | ||
1715 | odentry = lookup_one_len(fname, fdentry, flen); | |
1716 | host_err = PTR_ERR(odentry); | |
1717 | if (IS_ERR(odentry)) | |
1718 | goto out_nfserr; | |
1719 | ||
1720 | host_err = -ENOENT; | |
1721 | if (d_really_is_negative(odentry)) | |
1722 | goto out_dput_old; | |
1723 | host_err = -EINVAL; | |
1724 | if (odentry == trap) | |
1725 | goto out_dput_old; | |
1726 | ||
1727 | ndentry = lookup_one_len(tname, tdentry, tlen); | |
1728 | host_err = PTR_ERR(ndentry); | |
1729 | if (IS_ERR(ndentry)) | |
1730 | goto out_dput_old; | |
1731 | host_err = -ENOTEMPTY; | |
1732 | if (ndentry == trap) | |
1733 | goto out_dput_new; | |
1734 | ||
1735 | host_err = -EXDEV; | |
1736 | if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt) | |
1737 | goto out_dput_new; | |
1738 | if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry) | |
1739 | goto out_dput_new; | |
1740 | ||
1741 | if (nfsd_has_cached_files(ndentry)) { | |
1742 | has_cached = true; | |
1743 | goto out_dput_old; | |
1744 | } else { | |
1745 | host_err = vfs_rename(fdir, odentry, tdir, ndentry, NULL, 0); | |
1746 | if (!host_err) { | |
1747 | host_err = commit_metadata(tfhp); | |
1748 | if (!host_err) | |
1749 | host_err = commit_metadata(ffhp); | |
1750 | } | |
1751 | } | |
1752 | out_dput_new: | |
1753 | dput(ndentry); | |
1754 | out_dput_old: | |
1755 | dput(odentry); | |
1756 | out_nfserr: | |
1757 | err = nfserrno(host_err); | |
1758 | /* | |
1759 | * We cannot rely on fh_unlock on the two filehandles, | |
1760 | * as that would do the wrong thing if the two directories | |
1761 | * were the same, so again we do it by hand. | |
1762 | */ | |
1763 | if (!has_cached) { | |
1764 | fill_post_wcc(ffhp); | |
1765 | fill_post_wcc(tfhp); | |
1766 | } | |
1767 | unlock_rename(tdentry, fdentry); | |
1768 | ffhp->fh_locked = tfhp->fh_locked = false; | |
1769 | fh_drop_write(ffhp); | |
1770 | ||
1771 | /* | |
1772 | * If the target dentry has cached open files, then we need to try to | |
1773 | * close them prior to doing the rename. Flushing delayed fput | |
1774 | * shouldn't be done with locks held however, so we delay it until this | |
1775 | * point and then reattempt the whole shebang. | |
1776 | */ | |
1777 | if (has_cached) { | |
1778 | has_cached = false; | |
1779 | nfsd_close_cached_files(ndentry); | |
1780 | dput(ndentry); | |
1781 | goto retry; | |
1782 | } | |
1783 | out: | |
1784 | return err; | |
1785 | } | |
1786 | ||
1787 | /* | |
1788 | * Unlink a file or directory | |
1789 | * N.B. After this call fhp needs an fh_put | |
1790 | */ | |
1791 | __be32 | |
1792 | nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | |
1793 | char *fname, int flen) | |
1794 | { | |
1795 | struct dentry *dentry, *rdentry; | |
1796 | struct inode *dirp; | |
1797 | __be32 err; | |
1798 | int host_err; | |
1799 | ||
1800 | err = nfserr_acces; | |
1801 | if (!flen || isdotent(fname, flen)) | |
1802 | goto out; | |
1803 | err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_REMOVE); | |
1804 | if (err) | |
1805 | goto out; | |
1806 | ||
1807 | host_err = fh_want_write(fhp); | |
1808 | if (host_err) | |
1809 | goto out_nfserr; | |
1810 | ||
1811 | fh_lock_nested(fhp, I_MUTEX_PARENT); | |
1812 | dentry = fhp->fh_dentry; | |
1813 | dirp = d_inode(dentry); | |
1814 | ||
1815 | rdentry = lookup_one_len(fname, dentry, flen); | |
1816 | host_err = PTR_ERR(rdentry); | |
1817 | if (IS_ERR(rdentry)) | |
1818 | goto out_drop_write; | |
1819 | ||
1820 | if (d_really_is_negative(rdentry)) { | |
1821 | dput(rdentry); | |
1822 | host_err = -ENOENT; | |
1823 | goto out_drop_write; | |
1824 | } | |
1825 | ||
1826 | if (!type) | |
1827 | type = d_inode(rdentry)->i_mode & S_IFMT; | |
1828 | ||
1829 | if (type != S_IFDIR) { | |
1830 | nfsd_close_cached_files(rdentry); | |
1831 | host_err = vfs_unlink(dirp, rdentry, NULL); | |
1832 | } else { | |
1833 | host_err = vfs_rmdir(dirp, rdentry); | |
1834 | } | |
1835 | ||
1836 | if (!host_err) | |
1837 | host_err = commit_metadata(fhp); | |
1838 | dput(rdentry); | |
1839 | ||
1840 | out_drop_write: | |
1841 | fh_drop_write(fhp); | |
1842 | out_nfserr: | |
1843 | if (host_err == -EBUSY) { | |
1844 | /* name is mounted-on. There is no perfect | |
1845 | * error status. | |
1846 | */ | |
1847 | if (nfsd_v4client(rqstp)) | |
1848 | err = nfserr_file_open; | |
1849 | else | |
1850 | err = nfserr_acces; | |
1851 | } else { | |
1852 | err = nfserrno(host_err); | |
1853 | } | |
1854 | out: | |
1855 | return err; | |
1856 | } | |
1857 | ||
1858 | /* | |
1859 | * We do this buffering because we must not call back into the file | |
1860 | * system's ->lookup() method from the filldir callback. That may well | |
1861 | * deadlock a number of file systems. | |
1862 | * | |
1863 | * This is based heavily on the implementation of same in XFS. | |
1864 | */ | |
1865 | struct buffered_dirent { | |
1866 | u64 ino; | |
1867 | loff_t offset; | |
1868 | int namlen; | |
1869 | unsigned int d_type; | |
1870 | char name[]; | |
1871 | }; | |
1872 | ||
1873 | struct readdir_data { | |
1874 | struct dir_context ctx; | |
1875 | char *dirent; | |
1876 | size_t used; | |
1877 | int full; | |
1878 | }; | |
1879 | ||
1880 | static int nfsd_buffered_filldir(struct dir_context *ctx, const char *name, | |
1881 | int namlen, loff_t offset, u64 ino, | |
1882 | unsigned int d_type) | |
1883 | { | |
1884 | struct readdir_data *buf = | |
1885 | container_of(ctx, struct readdir_data, ctx); | |
1886 | struct buffered_dirent *de = (void *)(buf->dirent + buf->used); | |
1887 | unsigned int reclen; | |
1888 | ||
1889 | reclen = ALIGN(sizeof(struct buffered_dirent) + namlen, sizeof(u64)); | |
1890 | if (buf->used + reclen > PAGE_SIZE) { | |
1891 | buf->full = 1; | |
1892 | return -EINVAL; | |
1893 | } | |
1894 | ||
1895 | de->namlen = namlen; | |
1896 | de->offset = offset; | |
1897 | de->ino = ino; | |
1898 | de->d_type = d_type; | |
1899 | memcpy(de->name, name, namlen); | |
1900 | buf->used += reclen; | |
1901 | ||
1902 | return 0; | |
1903 | } | |
1904 | ||
1905 | static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, | |
1906 | struct readdir_cd *cdp, loff_t *offsetp) | |
1907 | { | |
1908 | struct buffered_dirent *de; | |
1909 | int host_err; | |
1910 | int size; | |
1911 | loff_t offset; | |
1912 | struct readdir_data buf = { | |
1913 | .ctx.actor = nfsd_buffered_filldir, | |
1914 | .dirent = (void *)__get_free_page(GFP_KERNEL) | |
1915 | }; | |
1916 | ||
1917 | if (!buf.dirent) | |
1918 | return nfserrno(-ENOMEM); | |
1919 | ||
1920 | offset = *offsetp; | |
1921 | ||
1922 | while (1) { | |
1923 | unsigned int reclen; | |
1924 | ||
1925 | cdp->err = nfserr_eof; /* will be cleared on successful read */ | |
1926 | buf.used = 0; | |
1927 | buf.full = 0; | |
1928 | ||
1929 | host_err = iterate_dir(file, &buf.ctx); | |
1930 | if (buf.full) | |
1931 | host_err = 0; | |
1932 | ||
1933 | if (host_err < 0) | |
1934 | break; | |
1935 | ||
1936 | size = buf.used; | |
1937 | ||
1938 | if (!size) | |
1939 | break; | |
1940 | ||
1941 | de = (struct buffered_dirent *)buf.dirent; | |
1942 | while (size > 0) { | |
1943 | offset = de->offset; | |
1944 | ||
1945 | if (func(cdp, de->name, de->namlen, de->offset, | |
1946 | de->ino, de->d_type)) | |
1947 | break; | |
1948 | ||
1949 | if (cdp->err != nfs_ok) | |
1950 | break; | |
1951 | ||
1952 | reclen = ALIGN(sizeof(*de) + de->namlen, | |
1953 | sizeof(u64)); | |
1954 | size -= reclen; | |
1955 | de = (struct buffered_dirent *)((char *)de + reclen); | |
1956 | } | |
1957 | if (size > 0) /* We bailed out early */ | |
1958 | break; | |
1959 | ||
1960 | offset = vfs_llseek(file, 0, SEEK_CUR); | |
1961 | } | |
1962 | ||
1963 | free_page((unsigned long)(buf.dirent)); | |
1964 | ||
1965 | if (host_err) | |
1966 | return nfserrno(host_err); | |
1967 | ||
1968 | *offsetp = offset; | |
1969 | return cdp->err; | |
1970 | } | |
1971 | ||
1972 | /* | |
1973 | * Read entries from a directory. | |
1974 | * The NFSv3/4 verifier we ignore for now. | |
1975 | */ | |
1976 | __be32 | |
1977 | nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp, | |
1978 | struct readdir_cd *cdp, nfsd_filldir_t func) | |
1979 | { | |
1980 | __be32 err; | |
1981 | struct file *file; | |
1982 | loff_t offset = *offsetp; | |
1983 | int may_flags = NFSD_MAY_READ; | |
1984 | ||
1985 | /* NFSv2 only supports 32 bit cookies */ | |
1986 | if (rqstp->rq_vers > 2) | |
1987 | may_flags |= NFSD_MAY_64BIT_COOKIE; | |
1988 | ||
1989 | err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file); | |
1990 | if (err) | |
1991 | goto out; | |
1992 | ||
1993 | offset = vfs_llseek(file, offset, SEEK_SET); | |
1994 | if (offset < 0) { | |
1995 | err = nfserrno((int)offset); | |
1996 | goto out_close; | |
1997 | } | |
1998 | ||
1999 | err = nfsd_buffered_readdir(file, func, cdp, offsetp); | |
2000 | ||
2001 | if (err == nfserr_eof || err == nfserr_toosmall) | |
2002 | err = nfs_ok; /* can still be found in ->err */ | |
2003 | out_close: | |
2004 | fput(file); | |
2005 | out: | |
2006 | return err; | |
2007 | } | |
2008 | ||
2009 | /* | |
2010 | * Get file system stats | |
2011 | * N.B. After this call fhp needs an fh_put | |
2012 | */ | |
2013 | __be32 | |
2014 | nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access) | |
2015 | { | |
2016 | __be32 err; | |
2017 | ||
2018 | err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access); | |
2019 | if (!err) { | |
2020 | struct path path = { | |
2021 | .mnt = fhp->fh_export->ex_path.mnt, | |
2022 | .dentry = fhp->fh_dentry, | |
2023 | }; | |
2024 | if (vfs_statfs(&path, stat)) | |
2025 | err = nfserr_io; | |
2026 | } | |
2027 | return err; | |
2028 | } | |
2029 | ||
2030 | static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp) | |
2031 | { | |
2032 | return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY; | |
2033 | } | |
2034 | ||
2035 | /* | |
2036 | * Check for a user's access permissions to this inode. | |
2037 | */ | |
2038 | __be32 | |
2039 | nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, | |
2040 | struct dentry *dentry, int acc) | |
2041 | { | |
2042 | struct inode *inode = d_inode(dentry); | |
2043 | int err; | |
2044 | ||
2045 | if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP) | |
2046 | return 0; | |
2047 | #if 0 | |
2048 | dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n", | |
2049 | acc, | |
2050 | (acc & NFSD_MAY_READ)? " read" : "", | |
2051 | (acc & NFSD_MAY_WRITE)? " write" : "", | |
2052 | (acc & NFSD_MAY_EXEC)? " exec" : "", | |
2053 | (acc & NFSD_MAY_SATTR)? " sattr" : "", | |
2054 | (acc & NFSD_MAY_TRUNC)? " trunc" : "", | |
2055 | (acc & NFSD_MAY_LOCK)? " lock" : "", | |
2056 | (acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "", | |
2057 | inode->i_mode, | |
2058 | IS_IMMUTABLE(inode)? " immut" : "", | |
2059 | IS_APPEND(inode)? " append" : "", | |
2060 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); | |
2061 | dprintk(" owner %d/%d user %d/%d\n", | |
2062 | inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid()); | |
2063 | #endif | |
2064 | ||
2065 | /* Normally we reject any write/sattr etc access on a read-only file | |
2066 | * system. But if it is IRIX doing check on write-access for a | |
2067 | * device special file, we ignore rofs. | |
2068 | */ | |
2069 | if (!(acc & NFSD_MAY_LOCAL_ACCESS)) | |
2070 | if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) { | |
2071 | if (exp_rdonly(rqstp, exp) || | |
2072 | __mnt_is_readonly(exp->ex_path.mnt)) | |
2073 | return nfserr_rofs; | |
2074 | if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode)) | |
2075 | return nfserr_perm; | |
2076 | } | |
2077 | if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode)) | |
2078 | return nfserr_perm; | |
2079 | ||
2080 | if (acc & NFSD_MAY_LOCK) { | |
2081 | /* If we cannot rely on authentication in NLM requests, | |
2082 | * just allow locks, otherwise require read permission, or | |
2083 | * ownership | |
2084 | */ | |
2085 | if (exp->ex_flags & NFSEXP_NOAUTHNLM) | |
2086 | return 0; | |
2087 | else | |
2088 | acc = NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE; | |
2089 | } | |
2090 | /* | |
2091 | * The file owner always gets access permission for accesses that | |
2092 | * would normally be checked at open time. This is to make | |
2093 | * file access work even when the client has done a fchmod(fd, 0). | |
2094 | * | |
2095 | * However, `cp foo bar' should fail nevertheless when bar is | |
2096 | * readonly. A sensible way to do this might be to reject all | |
2097 | * attempts to truncate a read-only file, because a creat() call | |
2098 | * always implies file truncation. | |
2099 | * ... but this isn't really fair. A process may reasonably call | |
2100 | * ftruncate on an open file descriptor on a file with perm 000. | |
2101 | * We must trust the client to do permission checking - using "ACCESS" | |
2102 | * with NFSv3. | |
2103 | */ | |
2104 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && | |
2105 | uid_eq(inode->i_uid, current_fsuid())) | |
2106 | return 0; | |
2107 | ||
2108 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ | |
2109 | err = inode_permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC)); | |
2110 | ||
2111 | /* Allow read access to binaries even when mode 111 */ | |
2112 | if (err == -EACCES && S_ISREG(inode->i_mode) && | |
2113 | (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) || | |
2114 | acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC))) | |
2115 | err = inode_permission(inode, MAY_EXEC); | |
2116 | ||
2117 | return err? nfserrno(err) : 0; | |
2118 | } |