1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * XDR support for nfsd/protocol version 3.
4  *
5  * Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>
6  *
7  * 2003-08-09 Jamie Lokier: Use htonl() for nanoseconds, not htons()!
8  */
9 
10 #include <linux/namei.h>
11 #include <linux/sunrpc/svc_xprt.h>
12 #include "xdr3.h"
13 #include "auth.h"
14 #include "netns.h"
15 #include "vfs.h"
16 
17 #define NFSDDBG_FACILITY		NFSDDBG_XDR
18 
19 
20 /*
21  * Mapping of S_IF* types to NFS file types
22  */
23 static u32	nfs3_ftypes[] = {
24 	NF3NON,  NF3FIFO, NF3CHR, NF3BAD,
25 	NF3DIR,  NF3BAD,  NF3BLK, NF3BAD,
26 	NF3REG,  NF3BAD,  NF3LNK, NF3BAD,
27 	NF3SOCK, NF3BAD,  NF3LNK, NF3BAD,
28 };
29 
30 /*
31  * XDR functions for basic NFS types
32  */
33 static __be32 *
encode_time3(__be32 * p,struct timespec * time)34 encode_time3(__be32 *p, struct timespec *time)
35 {
36 	*p++ = htonl((u32) time->tv_sec); *p++ = htonl(time->tv_nsec);
37 	return p;
38 }
39 
40 static __be32 *
decode_time3(__be32 * p,struct timespec * time)41 decode_time3(__be32 *p, struct timespec *time)
42 {
43 	time->tv_sec = ntohl(*p++);
44 	time->tv_nsec = ntohl(*p++);
45 	return p;
46 }
47 
48 static __be32 *
decode_fh(__be32 * p,struct svc_fh * fhp)49 decode_fh(__be32 *p, struct svc_fh *fhp)
50 {
51 	unsigned int size;
52 	fh_init(fhp, NFS3_FHSIZE);
53 	size = ntohl(*p++);
54 	if (size > NFS3_FHSIZE)
55 		return NULL;
56 
57 	memcpy(&fhp->fh_handle.fh_base, p, size);
58 	fhp->fh_handle.fh_size = size;
59 	return p + XDR_QUADLEN(size);
60 }
61 
62 /* Helper function for NFSv3 ACL code */
nfs3svc_decode_fh(__be32 * p,struct svc_fh * fhp)63 __be32 *nfs3svc_decode_fh(__be32 *p, struct svc_fh *fhp)
64 {
65 	return decode_fh(p, fhp);
66 }
67 
68 static __be32 *
encode_fh(__be32 * p,struct svc_fh * fhp)69 encode_fh(__be32 *p, struct svc_fh *fhp)
70 {
71 	unsigned int size = fhp->fh_handle.fh_size;
72 	*p++ = htonl(size);
73 	if (size) p[XDR_QUADLEN(size)-1]=0;
74 	memcpy(p, &fhp->fh_handle.fh_base, size);
75 	return p + XDR_QUADLEN(size);
76 }
77 
78 /*
79  * Decode a file name and make sure that the path contains
80  * no slashes or null bytes.
81  */
82 static __be32 *
decode_filename(__be32 * p,char ** namp,unsigned int * lenp)83 decode_filename(__be32 *p, char **namp, unsigned int *lenp)
84 {
85 	char		*name;
86 	unsigned int	i;
87 
88 	if ((p = xdr_decode_string_inplace(p, namp, lenp, NFS3_MAXNAMLEN)) != NULL) {
89 		for (i = 0, name = *namp; i < *lenp; i++, name++) {
90 			if (*name == '\0' || *name == '/')
91 				return NULL;
92 		}
93 	}
94 
95 	return p;
96 }
97 
98 static __be32 *
decode_sattr3(__be32 * p,struct iattr * iap)99 decode_sattr3(__be32 *p, struct iattr *iap)
100 {
101 	u32	tmp;
102 
103 	iap->ia_valid = 0;
104 
105 	if (*p++) {
106 		iap->ia_valid |= ATTR_MODE;
107 		iap->ia_mode = ntohl(*p++);
108 	}
109 	if (*p++) {
110 		iap->ia_uid = make_kuid(&init_user_ns, ntohl(*p++));
111 		if (uid_valid(iap->ia_uid))
112 			iap->ia_valid |= ATTR_UID;
113 	}
114 	if (*p++) {
115 		iap->ia_gid = make_kgid(&init_user_ns, ntohl(*p++));
116 		if (gid_valid(iap->ia_gid))
117 			iap->ia_valid |= ATTR_GID;
118 	}
119 	if (*p++) {
120 		u64	newsize;
121 
122 		iap->ia_valid |= ATTR_SIZE;
123 		p = xdr_decode_hyper(p, &newsize);
124 		iap->ia_size = min_t(u64, newsize, NFS_OFFSET_MAX);
125 	}
126 	if ((tmp = ntohl(*p++)) == 1) {	/* set to server time */
127 		iap->ia_valid |= ATTR_ATIME;
128 	} else if (tmp == 2) {		/* set to client time */
129 		iap->ia_valid |= ATTR_ATIME | ATTR_ATIME_SET;
130 		iap->ia_atime.tv_sec = ntohl(*p++);
131 		iap->ia_atime.tv_nsec = ntohl(*p++);
132 	}
133 	if ((tmp = ntohl(*p++)) == 1) {	/* set to server time */
134 		iap->ia_valid |= ATTR_MTIME;
135 	} else if (tmp == 2) {		/* set to client time */
136 		iap->ia_valid |= ATTR_MTIME | ATTR_MTIME_SET;
137 		iap->ia_mtime.tv_sec = ntohl(*p++);
138 		iap->ia_mtime.tv_nsec = ntohl(*p++);
139 	}
140 	return p;
141 }
142 
encode_fsid(__be32 * p,struct svc_fh * fhp)143 static __be32 *encode_fsid(__be32 *p, struct svc_fh *fhp)
144 {
145 	u64 f;
146 	switch(fsid_source(fhp)) {
147 	default:
148 	case FSIDSOURCE_DEV:
149 		p = xdr_encode_hyper(p, (u64)huge_encode_dev
150 				     (fhp->fh_dentry->d_sb->s_dev));
151 		break;
152 	case FSIDSOURCE_FSID:
153 		p = xdr_encode_hyper(p, (u64) fhp->fh_export->ex_fsid);
154 		break;
155 	case FSIDSOURCE_UUID:
156 		f = ((u64*)fhp->fh_export->ex_uuid)[0];
157 		f ^= ((u64*)fhp->fh_export->ex_uuid)[1];
158 		p = xdr_encode_hyper(p, f);
159 		break;
160 	}
161 	return p;
162 }
163 
164 static __be32 *
encode_fattr3(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp,struct kstat * stat)165 encode_fattr3(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp,
166 	      struct kstat *stat)
167 {
168 	struct timespec ts;
169 	*p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]);
170 	*p++ = htonl((u32) (stat->mode & S_IALLUGO));
171 	*p++ = htonl((u32) stat->nlink);
172 	*p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid));
173 	*p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid));
174 	if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) {
175 		p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN);
176 	} else {
177 		p = xdr_encode_hyper(p, (u64) stat->size);
178 	}
179 	p = xdr_encode_hyper(p, ((u64)stat->blocks) << 9);
180 	*p++ = htonl((u32) MAJOR(stat->rdev));
181 	*p++ = htonl((u32) MINOR(stat->rdev));
182 	p = encode_fsid(p, fhp);
183 	p = xdr_encode_hyper(p, stat->ino);
184 	ts = timespec64_to_timespec(stat->atime);
185 	p = encode_time3(p, &ts);
186 	ts = timespec64_to_timespec(stat->mtime);
187 	p = encode_time3(p, &ts);
188 	ts = timespec64_to_timespec(stat->ctime);
189 	p = encode_time3(p, &ts);
190 
191 	return p;
192 }
193 
194 static __be32 *
encode_saved_post_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)195 encode_saved_post_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
196 {
197 	/* Attributes to follow */
198 	*p++ = xdr_one;
199 	return encode_fattr3(rqstp, p, fhp, &fhp->fh_post_attr);
200 }
201 
202 /*
203  * Encode post-operation attributes.
204  * The inode may be NULL if the call failed because of a stale file
205  * handle. In this case, no attributes are returned.
206  */
207 static __be32 *
encode_post_op_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)208 encode_post_op_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
209 {
210 	struct dentry *dentry = fhp->fh_dentry;
211 	if (dentry && d_really_is_positive(dentry)) {
212 	        __be32 err;
213 		struct kstat stat;
214 
215 		err = fh_getattr(fhp, &stat);
216 		if (!err) {
217 			*p++ = xdr_one;		/* attributes follow */
218 			lease_get_mtime(d_inode(dentry), &stat.mtime);
219 			return encode_fattr3(rqstp, p, fhp, &stat);
220 		}
221 	}
222 	*p++ = xdr_zero;
223 	return p;
224 }
225 
226 /* Helper for NFSv3 ACLs */
227 __be32 *
nfs3svc_encode_post_op_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)228 nfs3svc_encode_post_op_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
229 {
230 	return encode_post_op_attr(rqstp, p, fhp);
231 }
232 
233 /*
234  * Enocde weak cache consistency data
235  */
236 static __be32 *
encode_wcc_data(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)237 encode_wcc_data(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
238 {
239 	struct dentry	*dentry = fhp->fh_dentry;
240 
241 	if (dentry && d_really_is_positive(dentry) && fhp->fh_post_saved) {
242 		if (fhp->fh_pre_saved) {
243 			*p++ = xdr_one;
244 			p = xdr_encode_hyper(p, (u64) fhp->fh_pre_size);
245 			p = encode_time3(p, &fhp->fh_pre_mtime);
246 			p = encode_time3(p, &fhp->fh_pre_ctime);
247 		} else {
248 			*p++ = xdr_zero;
249 		}
250 		return encode_saved_post_attr(rqstp, p, fhp);
251 	}
252 	/* no pre- or post-attrs */
253 	*p++ = xdr_zero;
254 	return encode_post_op_attr(rqstp, p, fhp);
255 }
256 
257 /*
258  * Fill in the pre_op attr for the wcc data
259  */
fill_pre_wcc(struct svc_fh * fhp)260 void fill_pre_wcc(struct svc_fh *fhp)
261 {
262 	struct inode    *inode;
263 	struct kstat	stat;
264 	__be32 err;
265 
266 	if (fhp->fh_pre_saved)
267 		return;
268 
269 	inode = d_inode(fhp->fh_dentry);
270 	err = fh_getattr(fhp, &stat);
271 	if (err) {
272 		/* Grab the times from inode anyway */
273 		stat.mtime = inode->i_mtime;
274 		stat.ctime = inode->i_ctime;
275 		stat.size  = inode->i_size;
276 	}
277 
278 	fhp->fh_pre_mtime = timespec64_to_timespec(stat.mtime);
279 	fhp->fh_pre_ctime = timespec64_to_timespec(stat.ctime);
280 	fhp->fh_pre_size  = stat.size;
281 	fhp->fh_pre_change = nfsd4_change_attribute(&stat, inode);
282 	fhp->fh_pre_saved = true;
283 }
284 
285 /*
286  * Fill in the post_op attr for the wcc data
287  */
fill_post_wcc(struct svc_fh * fhp)288 void fill_post_wcc(struct svc_fh *fhp)
289 {
290 	__be32 err;
291 
292 	if (fhp->fh_post_saved)
293 		printk("nfsd: inode locked twice during operation.\n");
294 
295 	err = fh_getattr(fhp, &fhp->fh_post_attr);
296 	fhp->fh_post_change = nfsd4_change_attribute(&fhp->fh_post_attr,
297 						     d_inode(fhp->fh_dentry));
298 	if (err) {
299 		fhp->fh_post_saved = false;
300 		/* Grab the ctime anyway - set_change_info might use it */
301 		fhp->fh_post_attr.ctime = d_inode(fhp->fh_dentry)->i_ctime;
302 	} else
303 		fhp->fh_post_saved = true;
304 }
305 
306 /*
307  * XDR decode functions
308  */
309 int
nfs3svc_decode_fhandle(struct svc_rqst * rqstp,__be32 * p)310 nfs3svc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p)
311 {
312 	struct nfsd_fhandle *args = rqstp->rq_argp;
313 
314 	p = decode_fh(p, &args->fh);
315 	if (!p)
316 		return 0;
317 	return xdr_argsize_check(rqstp, p);
318 }
319 
320 int
nfs3svc_decode_sattrargs(struct svc_rqst * rqstp,__be32 * p)321 nfs3svc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p)
322 {
323 	struct nfsd3_sattrargs *args = rqstp->rq_argp;
324 
325 	p = decode_fh(p, &args->fh);
326 	if (!p)
327 		return 0;
328 	p = decode_sattr3(p, &args->attrs);
329 
330 	if ((args->check_guard = ntohl(*p++)) != 0) {
331 		struct timespec time;
332 		p = decode_time3(p, &time);
333 		args->guardtime = time.tv_sec;
334 	}
335 
336 	return xdr_argsize_check(rqstp, p);
337 }
338 
339 int
nfs3svc_decode_diropargs(struct svc_rqst * rqstp,__be32 * p)340 nfs3svc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p)
341 {
342 	struct nfsd3_diropargs *args = rqstp->rq_argp;
343 
344 	if (!(p = decode_fh(p, &args->fh))
345 	 || !(p = decode_filename(p, &args->name, &args->len)))
346 		return 0;
347 
348 	return xdr_argsize_check(rqstp, p);
349 }
350 
351 int
nfs3svc_decode_accessargs(struct svc_rqst * rqstp,__be32 * p)352 nfs3svc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p)
353 {
354 	struct nfsd3_accessargs *args = rqstp->rq_argp;
355 
356 	p = decode_fh(p, &args->fh);
357 	if (!p)
358 		return 0;
359 	args->access = ntohl(*p++);
360 
361 	return xdr_argsize_check(rqstp, p);
362 }
363 
364 int
nfs3svc_decode_readargs(struct svc_rqst * rqstp,__be32 * p)365 nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p)
366 {
367 	struct nfsd3_readargs *args = rqstp->rq_argp;
368 	unsigned int len;
369 	int v;
370 	u32 max_blocksize = svc_max_payload(rqstp);
371 
372 	p = decode_fh(p, &args->fh);
373 	if (!p)
374 		return 0;
375 	p = xdr_decode_hyper(p, &args->offset);
376 
377 	args->count = ntohl(*p++);
378 	len = min(args->count, max_blocksize);
379 
380 	/* set up the kvec */
381 	v=0;
382 	while (len > 0) {
383 		struct page *p = *(rqstp->rq_next_page++);
384 
385 		rqstp->rq_vec[v].iov_base = page_address(p);
386 		rqstp->rq_vec[v].iov_len = min_t(unsigned int, len, PAGE_SIZE);
387 		len -= rqstp->rq_vec[v].iov_len;
388 		v++;
389 	}
390 	args->vlen = v;
391 	return xdr_argsize_check(rqstp, p);
392 }
393 
394 int
nfs3svc_decode_writeargs(struct svc_rqst * rqstp,__be32 * p)395 nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p)
396 {
397 	struct nfsd3_writeargs *args = rqstp->rq_argp;
398 	unsigned int len, hdr, dlen;
399 	u32 max_blocksize = svc_max_payload(rqstp);
400 	struct kvec *head = rqstp->rq_arg.head;
401 	struct kvec *tail = rqstp->rq_arg.tail;
402 
403 	p = decode_fh(p, &args->fh);
404 	if (!p)
405 		return 0;
406 	p = xdr_decode_hyper(p, &args->offset);
407 
408 	args->count = ntohl(*p++);
409 	args->stable = ntohl(*p++);
410 	len = args->len = ntohl(*p++);
411 	if ((void *)p > head->iov_base + head->iov_len)
412 		return 0;
413 	/*
414 	 * The count must equal the amount of data passed.
415 	 */
416 	if (args->count != args->len)
417 		return 0;
418 
419 	/*
420 	 * Check to make sure that we got the right number of
421 	 * bytes.
422 	 */
423 	hdr = (void*)p - head->iov_base;
424 	dlen = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len - hdr;
425 	/*
426 	 * Round the length of the data which was specified up to
427 	 * the next multiple of XDR units and then compare that
428 	 * against the length which was actually received.
429 	 * Note that when RPCSEC/GSS (for example) is used, the
430 	 * data buffer can be padded so dlen might be larger
431 	 * than required.  It must never be smaller.
432 	 */
433 	if (dlen < XDR_QUADLEN(len)*4)
434 		return 0;
435 
436 	if (args->count > max_blocksize) {
437 		args->count = max_blocksize;
438 		len = args->len = max_blocksize;
439 	}
440 
441 	args->first.iov_base = (void *)p;
442 	args->first.iov_len = head->iov_len - hdr;
443 	return 1;
444 }
445 
446 int
nfs3svc_decode_createargs(struct svc_rqst * rqstp,__be32 * p)447 nfs3svc_decode_createargs(struct svc_rqst *rqstp, __be32 *p)
448 {
449 	struct nfsd3_createargs *args = rqstp->rq_argp;
450 
451 	if (!(p = decode_fh(p, &args->fh))
452 	 || !(p = decode_filename(p, &args->name, &args->len)))
453 		return 0;
454 
455 	switch (args->createmode = ntohl(*p++)) {
456 	case NFS3_CREATE_UNCHECKED:
457 	case NFS3_CREATE_GUARDED:
458 		p = decode_sattr3(p, &args->attrs);
459 		break;
460 	case NFS3_CREATE_EXCLUSIVE:
461 		args->verf = p;
462 		p += 2;
463 		break;
464 	default:
465 		return 0;
466 	}
467 
468 	return xdr_argsize_check(rqstp, p);
469 }
470 
471 int
nfs3svc_decode_mkdirargs(struct svc_rqst * rqstp,__be32 * p)472 nfs3svc_decode_mkdirargs(struct svc_rqst *rqstp, __be32 *p)
473 {
474 	struct nfsd3_createargs *args = rqstp->rq_argp;
475 
476 	if (!(p = decode_fh(p, &args->fh)) ||
477 	    !(p = decode_filename(p, &args->name, &args->len)))
478 		return 0;
479 	p = decode_sattr3(p, &args->attrs);
480 
481 	return xdr_argsize_check(rqstp, p);
482 }
483 
484 int
nfs3svc_decode_symlinkargs(struct svc_rqst * rqstp,__be32 * p)485 nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p)
486 {
487 	struct nfsd3_symlinkargs *args = rqstp->rq_argp;
488 	char *base = (char *)p;
489 	size_t dlen;
490 
491 	if (!(p = decode_fh(p, &args->ffh)) ||
492 	    !(p = decode_filename(p, &args->fname, &args->flen)))
493 		return 0;
494 	p = decode_sattr3(p, &args->attrs);
495 
496 	args->tlen = ntohl(*p++);
497 
498 	args->first.iov_base = p;
499 	args->first.iov_len = rqstp->rq_arg.head[0].iov_len;
500 	args->first.iov_len -= (char *)p - base;
501 
502 	dlen = args->first.iov_len + rqstp->rq_arg.page_len +
503 	       rqstp->rq_arg.tail[0].iov_len;
504 	if (dlen < XDR_QUADLEN(args->tlen) << 2)
505 		return 0;
506 	return 1;
507 }
508 
509 int
nfs3svc_decode_mknodargs(struct svc_rqst * rqstp,__be32 * p)510 nfs3svc_decode_mknodargs(struct svc_rqst *rqstp, __be32 *p)
511 {
512 	struct nfsd3_mknodargs *args = rqstp->rq_argp;
513 
514 	if (!(p = decode_fh(p, &args->fh))
515 	 || !(p = decode_filename(p, &args->name, &args->len)))
516 		return 0;
517 
518 	args->ftype = ntohl(*p++);
519 
520 	if (args->ftype == NF3BLK  || args->ftype == NF3CHR
521 	 || args->ftype == NF3SOCK || args->ftype == NF3FIFO)
522 		p = decode_sattr3(p, &args->attrs);
523 
524 	if (args->ftype == NF3BLK || args->ftype == NF3CHR) {
525 		args->major = ntohl(*p++);
526 		args->minor = ntohl(*p++);
527 	}
528 
529 	return xdr_argsize_check(rqstp, p);
530 }
531 
532 int
nfs3svc_decode_renameargs(struct svc_rqst * rqstp,__be32 * p)533 nfs3svc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p)
534 {
535 	struct nfsd3_renameargs *args = rqstp->rq_argp;
536 
537 	if (!(p = decode_fh(p, &args->ffh))
538 	 || !(p = decode_filename(p, &args->fname, &args->flen))
539 	 || !(p = decode_fh(p, &args->tfh))
540 	 || !(p = decode_filename(p, &args->tname, &args->tlen)))
541 		return 0;
542 
543 	return xdr_argsize_check(rqstp, p);
544 }
545 
546 int
nfs3svc_decode_readlinkargs(struct svc_rqst * rqstp,__be32 * p)547 nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p)
548 {
549 	struct nfsd3_readlinkargs *args = rqstp->rq_argp;
550 
551 	p = decode_fh(p, &args->fh);
552 	if (!p)
553 		return 0;
554 	args->buffer = page_address(*(rqstp->rq_next_page++));
555 
556 	return xdr_argsize_check(rqstp, p);
557 }
558 
559 int
nfs3svc_decode_linkargs(struct svc_rqst * rqstp,__be32 * p)560 nfs3svc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p)
561 {
562 	struct nfsd3_linkargs *args = rqstp->rq_argp;
563 
564 	if (!(p = decode_fh(p, &args->ffh))
565 	 || !(p = decode_fh(p, &args->tfh))
566 	 || !(p = decode_filename(p, &args->tname, &args->tlen)))
567 		return 0;
568 
569 	return xdr_argsize_check(rqstp, p);
570 }
571 
572 int
nfs3svc_decode_readdirargs(struct svc_rqst * rqstp,__be32 * p)573 nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p)
574 {
575 	struct nfsd3_readdirargs *args = rqstp->rq_argp;
576 	p = decode_fh(p, &args->fh);
577 	if (!p)
578 		return 0;
579 	p = xdr_decode_hyper(p, &args->cookie);
580 	args->verf   = p; p += 2;
581 	args->dircount = ~0;
582 	args->count  = ntohl(*p++);
583 	args->count  = min_t(u32, args->count, PAGE_SIZE);
584 	args->buffer = page_address(*(rqstp->rq_next_page++));
585 
586 	return xdr_argsize_check(rqstp, p);
587 }
588 
589 int
nfs3svc_decode_readdirplusargs(struct svc_rqst * rqstp,__be32 * p)590 nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p)
591 {
592 	struct nfsd3_readdirargs *args = rqstp->rq_argp;
593 	int len;
594 	u32 max_blocksize = svc_max_payload(rqstp);
595 
596 	p = decode_fh(p, &args->fh);
597 	if (!p)
598 		return 0;
599 	p = xdr_decode_hyper(p, &args->cookie);
600 	args->verf     = p; p += 2;
601 	args->dircount = ntohl(*p++);
602 	args->count    = ntohl(*p++);
603 
604 	len = args->count = min(args->count, max_blocksize);
605 	while (len > 0) {
606 		struct page *p = *(rqstp->rq_next_page++);
607 		if (!args->buffer)
608 			args->buffer = page_address(p);
609 		len -= PAGE_SIZE;
610 	}
611 
612 	return xdr_argsize_check(rqstp, p);
613 }
614 
615 int
nfs3svc_decode_commitargs(struct svc_rqst * rqstp,__be32 * p)616 nfs3svc_decode_commitargs(struct svc_rqst *rqstp, __be32 *p)
617 {
618 	struct nfsd3_commitargs *args = rqstp->rq_argp;
619 	p = decode_fh(p, &args->fh);
620 	if (!p)
621 		return 0;
622 	p = xdr_decode_hyper(p, &args->offset);
623 	args->count = ntohl(*p++);
624 
625 	return xdr_argsize_check(rqstp, p);
626 }
627 
628 /*
629  * XDR encode functions
630  */
631 /*
632  * There must be an encoding function for void results so svc_process
633  * will work properly.
634  */
635 int
nfs3svc_encode_voidres(struct svc_rqst * rqstp,__be32 * p)636 nfs3svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p)
637 {
638 	return xdr_ressize_check(rqstp, p);
639 }
640 
641 /* GETATTR */
642 int
nfs3svc_encode_attrstat(struct svc_rqst * rqstp,__be32 * p)643 nfs3svc_encode_attrstat(struct svc_rqst *rqstp, __be32 *p)
644 {
645 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
646 
647 	if (resp->status == 0) {
648 		lease_get_mtime(d_inode(resp->fh.fh_dentry),
649 				&resp->stat.mtime);
650 		p = encode_fattr3(rqstp, p, &resp->fh, &resp->stat);
651 	}
652 	return xdr_ressize_check(rqstp, p);
653 }
654 
655 /* SETATTR, REMOVE, RMDIR */
656 int
nfs3svc_encode_wccstat(struct svc_rqst * rqstp,__be32 * p)657 nfs3svc_encode_wccstat(struct svc_rqst *rqstp, __be32 *p)
658 {
659 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
660 
661 	p = encode_wcc_data(rqstp, p, &resp->fh);
662 	return xdr_ressize_check(rqstp, p);
663 }
664 
665 /* LOOKUP */
666 int
nfs3svc_encode_diropres(struct svc_rqst * rqstp,__be32 * p)667 nfs3svc_encode_diropres(struct svc_rqst *rqstp, __be32 *p)
668 {
669 	struct nfsd3_diropres *resp = rqstp->rq_resp;
670 
671 	if (resp->status == 0) {
672 		p = encode_fh(p, &resp->fh);
673 		p = encode_post_op_attr(rqstp, p, &resp->fh);
674 	}
675 	p = encode_post_op_attr(rqstp, p, &resp->dirfh);
676 	return xdr_ressize_check(rqstp, p);
677 }
678 
679 /* ACCESS */
680 int
nfs3svc_encode_accessres(struct svc_rqst * rqstp,__be32 * p)681 nfs3svc_encode_accessres(struct svc_rqst *rqstp, __be32 *p)
682 {
683 	struct nfsd3_accessres *resp = rqstp->rq_resp;
684 
685 	p = encode_post_op_attr(rqstp, p, &resp->fh);
686 	if (resp->status == 0)
687 		*p++ = htonl(resp->access);
688 	return xdr_ressize_check(rqstp, p);
689 }
690 
691 /* READLINK */
692 int
nfs3svc_encode_readlinkres(struct svc_rqst * rqstp,__be32 * p)693 nfs3svc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p)
694 {
695 	struct nfsd3_readlinkres *resp = rqstp->rq_resp;
696 
697 	p = encode_post_op_attr(rqstp, p, &resp->fh);
698 	if (resp->status == 0) {
699 		*p++ = htonl(resp->len);
700 		xdr_ressize_check(rqstp, p);
701 		rqstp->rq_res.page_len = resp->len;
702 		if (resp->len & 3) {
703 			/* need to pad the tail */
704 			rqstp->rq_res.tail[0].iov_base = p;
705 			*p = 0;
706 			rqstp->rq_res.tail[0].iov_len = 4 - (resp->len&3);
707 		}
708 		return 1;
709 	} else
710 		return xdr_ressize_check(rqstp, p);
711 }
712 
713 /* READ */
714 int
nfs3svc_encode_readres(struct svc_rqst * rqstp,__be32 * p)715 nfs3svc_encode_readres(struct svc_rqst *rqstp, __be32 *p)
716 {
717 	struct nfsd3_readres *resp = rqstp->rq_resp;
718 
719 	p = encode_post_op_attr(rqstp, p, &resp->fh);
720 	if (resp->status == 0) {
721 		*p++ = htonl(resp->count);
722 		*p++ = htonl(resp->eof);
723 		*p++ = htonl(resp->count);	/* xdr opaque count */
724 		xdr_ressize_check(rqstp, p);
725 		/* now update rqstp->rq_res to reflect data as well */
726 		rqstp->rq_res.page_len = resp->count;
727 		if (resp->count & 3) {
728 			/* need to pad the tail */
729 			rqstp->rq_res.tail[0].iov_base = p;
730 			*p = 0;
731 			rqstp->rq_res.tail[0].iov_len = 4 - (resp->count & 3);
732 		}
733 		return 1;
734 	} else
735 		return xdr_ressize_check(rqstp, p);
736 }
737 
738 /* WRITE */
739 int
nfs3svc_encode_writeres(struct svc_rqst * rqstp,__be32 * p)740 nfs3svc_encode_writeres(struct svc_rqst *rqstp, __be32 *p)
741 {
742 	struct nfsd3_writeres *resp = rqstp->rq_resp;
743 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
744 
745 	p = encode_wcc_data(rqstp, p, &resp->fh);
746 	if (resp->status == 0) {
747 		*p++ = htonl(resp->count);
748 		*p++ = htonl(resp->committed);
749 		/* unique identifier, y2038 overflow can be ignored */
750 		*p++ = htonl((u32)nn->nfssvc_boot.tv_sec);
751 		*p++ = htonl(nn->nfssvc_boot.tv_nsec);
752 	}
753 	return xdr_ressize_check(rqstp, p);
754 }
755 
756 /* CREATE, MKDIR, SYMLINK, MKNOD */
757 int
nfs3svc_encode_createres(struct svc_rqst * rqstp,__be32 * p)758 nfs3svc_encode_createres(struct svc_rqst *rqstp, __be32 *p)
759 {
760 	struct nfsd3_diropres *resp = rqstp->rq_resp;
761 
762 	if (resp->status == 0) {
763 		*p++ = xdr_one;
764 		p = encode_fh(p, &resp->fh);
765 		p = encode_post_op_attr(rqstp, p, &resp->fh);
766 	}
767 	p = encode_wcc_data(rqstp, p, &resp->dirfh);
768 	return xdr_ressize_check(rqstp, p);
769 }
770 
771 /* RENAME */
772 int
nfs3svc_encode_renameres(struct svc_rqst * rqstp,__be32 * p)773 nfs3svc_encode_renameres(struct svc_rqst *rqstp, __be32 *p)
774 {
775 	struct nfsd3_renameres *resp = rqstp->rq_resp;
776 
777 	p = encode_wcc_data(rqstp, p, &resp->ffh);
778 	p = encode_wcc_data(rqstp, p, &resp->tfh);
779 	return xdr_ressize_check(rqstp, p);
780 }
781 
782 /* LINK */
783 int
nfs3svc_encode_linkres(struct svc_rqst * rqstp,__be32 * p)784 nfs3svc_encode_linkres(struct svc_rqst *rqstp, __be32 *p)
785 {
786 	struct nfsd3_linkres *resp = rqstp->rq_resp;
787 
788 	p = encode_post_op_attr(rqstp, p, &resp->fh);
789 	p = encode_wcc_data(rqstp, p, &resp->tfh);
790 	return xdr_ressize_check(rqstp, p);
791 }
792 
793 /* READDIR */
794 int
nfs3svc_encode_readdirres(struct svc_rqst * rqstp,__be32 * p)795 nfs3svc_encode_readdirres(struct svc_rqst *rqstp, __be32 *p)
796 {
797 	struct nfsd3_readdirres *resp = rqstp->rq_resp;
798 
799 	p = encode_post_op_attr(rqstp, p, &resp->fh);
800 
801 	if (resp->status == 0) {
802 		/* stupid readdir cookie */
803 		memcpy(p, resp->verf, 8); p += 2;
804 		xdr_ressize_check(rqstp, p);
805 		if (rqstp->rq_res.head[0].iov_len + (2<<2) > PAGE_SIZE)
806 			return 1; /*No room for trailer */
807 		rqstp->rq_res.page_len = (resp->count) << 2;
808 
809 		/* add the 'tail' to the end of the 'head' page - page 0. */
810 		rqstp->rq_res.tail[0].iov_base = p;
811 		*p++ = 0;		/* no more entries */
812 		*p++ = htonl(resp->common.err == nfserr_eof);
813 		rqstp->rq_res.tail[0].iov_len = 2<<2;
814 		return 1;
815 	} else
816 		return xdr_ressize_check(rqstp, p);
817 }
818 
819 static __be32 *
encode_entry_baggage(struct nfsd3_readdirres * cd,__be32 * p,const char * name,int namlen,u64 ino)820 encode_entry_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name,
821 	     int namlen, u64 ino)
822 {
823 	*p++ = xdr_one;				 /* mark entry present */
824 	p    = xdr_encode_hyper(p, ino);	 /* file id */
825 	p    = xdr_encode_array(p, name, namlen);/* name length & name */
826 
827 	cd->offset = p;				/* remember pointer */
828 	p = xdr_encode_hyper(p, NFS_OFFSET_MAX);/* offset of next entry */
829 
830 	return p;
831 }
832 
833 static __be32
compose_entry_fh(struct nfsd3_readdirres * cd,struct svc_fh * fhp,const char * name,int namlen,u64 ino)834 compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
835 		 const char *name, int namlen, u64 ino)
836 {
837 	struct svc_export	*exp;
838 	struct dentry		*dparent, *dchild;
839 	__be32 rv = nfserr_noent;
840 
841 	dparent = cd->fh.fh_dentry;
842 	exp  = cd->fh.fh_export;
843 
844 	if (isdotent(name, namlen)) {
845 		if (namlen == 2) {
846 			dchild = dget_parent(dparent);
847 			/* filesystem root - cannot return filehandle for ".." */
848 			if (dchild == dparent)
849 				goto out;
850 		} else
851 			dchild = dget(dparent);
852 	} else
853 		dchild = lookup_one_len_unlocked(name, dparent, namlen);
854 	if (IS_ERR(dchild))
855 		return rv;
856 	if (d_mountpoint(dchild))
857 		goto out;
858 	if (d_really_is_negative(dchild))
859 		goto out;
860 	if (dchild->d_inode->i_ino != ino)
861 		goto out;
862 	rv = fh_compose(fhp, exp, dchild, &cd->fh);
863 out:
864 	dput(dchild);
865 	return rv;
866 }
867 
encode_entryplus_baggage(struct nfsd3_readdirres * cd,__be32 * p,const char * name,int namlen,u64 ino)868 static __be32 *encode_entryplus_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name, int namlen, u64 ino)
869 {
870 	struct svc_fh	*fh = &cd->scratch;
871 	__be32 err;
872 
873 	fh_init(fh, NFS3_FHSIZE);
874 	err = compose_entry_fh(cd, fh, name, namlen, ino);
875 	if (err) {
876 		*p++ = 0;
877 		*p++ = 0;
878 		goto out;
879 	}
880 	p = encode_post_op_attr(cd->rqstp, p, fh);
881 	*p++ = xdr_one;			/* yes, a file handle follows */
882 	p = encode_fh(p, fh);
883 out:
884 	fh_put(fh);
885 	return p;
886 }
887 
888 /*
889  * Encode a directory entry. This one works for both normal readdir
890  * and readdirplus.
891  * The normal readdir reply requires 2 (fileid) + 1 (stringlen)
892  * + string + 2 (cookie) + 1 (next) words, i.e. 6 + strlen.
893  *
894  * The readdirplus baggage is 1+21 words for post_op_attr, plus the
895  * file handle.
896  */
897 
898 #define NFS3_ENTRY_BAGGAGE	(2 + 1 + 2 + 1)
899 #define NFS3_ENTRYPLUS_BAGGAGE	(1 + 21 + 1 + (NFS3_FHSIZE >> 2))
900 static int
encode_entry(struct readdir_cd * ccd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type,int plus)901 encode_entry(struct readdir_cd *ccd, const char *name, int namlen,
902 	     loff_t offset, u64 ino, unsigned int d_type, int plus)
903 {
904 	struct nfsd3_readdirres *cd = container_of(ccd, struct nfsd3_readdirres,
905 		       					common);
906 	__be32		*p = cd->buffer;
907 	caddr_t		curr_page_addr = NULL;
908 	struct page **	page;
909 	int		slen;		/* string (name) length */
910 	int		elen;		/* estimated entry length in words */
911 	int		num_entry_words = 0;	/* actual number of words */
912 
913 	if (cd->offset) {
914 		u64 offset64 = offset;
915 
916 		if (unlikely(cd->offset1)) {
917 			/* we ended up with offset on a page boundary */
918 			*cd->offset = htonl(offset64 >> 32);
919 			*cd->offset1 = htonl(offset64 & 0xffffffff);
920 			cd->offset1 = NULL;
921 		} else {
922 			xdr_encode_hyper(cd->offset, offset64);
923 		}
924 	}
925 
926 	/*
927 	dprintk("encode_entry(%.*s @%ld%s)\n",
928 		namlen, name, (long) offset, plus? " plus" : "");
929 	 */
930 
931 	/* truncate filename if too long */
932 	namlen = min(namlen, NFS3_MAXNAMLEN);
933 
934 	slen = XDR_QUADLEN(namlen);
935 	elen = slen + NFS3_ENTRY_BAGGAGE
936 		+ (plus? NFS3_ENTRYPLUS_BAGGAGE : 0);
937 
938 	if (cd->buflen < elen) {
939 		cd->common.err = nfserr_toosmall;
940 		return -EINVAL;
941 	}
942 
943 	/* determine which page in rq_respages[] we are currently filling */
944 	for (page = cd->rqstp->rq_respages + 1;
945 				page < cd->rqstp->rq_next_page; page++) {
946 		curr_page_addr = page_address(*page);
947 
948 		if (((caddr_t)cd->buffer >= curr_page_addr) &&
949 		    ((caddr_t)cd->buffer <  curr_page_addr + PAGE_SIZE))
950 			break;
951 	}
952 
953 	if ((caddr_t)(cd->buffer + elen) < (curr_page_addr + PAGE_SIZE)) {
954 		/* encode entry in current page */
955 
956 		p = encode_entry_baggage(cd, p, name, namlen, ino);
957 
958 		if (plus)
959 			p = encode_entryplus_baggage(cd, p, name, namlen, ino);
960 		num_entry_words = p - cd->buffer;
961 	} else if (*(page+1) != NULL) {
962 		/* temporarily encode entry into next page, then move back to
963 		 * current and next page in rq_respages[] */
964 		__be32 *p1, *tmp;
965 		int len1, len2;
966 
967 		/* grab next page for temporary storage of entry */
968 		p1 = tmp = page_address(*(page+1));
969 
970 		p1 = encode_entry_baggage(cd, p1, name, namlen, ino);
971 
972 		if (plus)
973 			p1 = encode_entryplus_baggage(cd, p1, name, namlen, ino);
974 
975 		/* determine entry word length and lengths to go in pages */
976 		num_entry_words = p1 - tmp;
977 		len1 = curr_page_addr + PAGE_SIZE - (caddr_t)cd->buffer;
978 		if ((num_entry_words << 2) < len1) {
979 			/* the actual number of words in the entry is less
980 			 * than elen and can still fit in the current page
981 			 */
982 			memmove(p, tmp, num_entry_words << 2);
983 			p += num_entry_words;
984 
985 			/* update offset */
986 			cd->offset = cd->buffer + (cd->offset - tmp);
987 		} else {
988 			unsigned int offset_r = (cd->offset - tmp) << 2;
989 
990 			/* update pointer to offset location.
991 			 * This is a 64bit quantity, so we need to
992 			 * deal with 3 cases:
993 			 *  -	entirely in first page
994 			 *  -	entirely in second page
995 			 *  -	4 bytes in each page
996 			 */
997 			if (offset_r + 8 <= len1) {
998 				cd->offset = p + (cd->offset - tmp);
999 			} else if (offset_r >= len1) {
1000 				cd->offset -= len1 >> 2;
1001 			} else {
1002 				/* sitting on the fence */
1003 				BUG_ON(offset_r != len1 - 4);
1004 				cd->offset = p + (cd->offset - tmp);
1005 				cd->offset1 = tmp;
1006 			}
1007 
1008 			len2 = (num_entry_words << 2) - len1;
1009 
1010 			/* move from temp page to current and next pages */
1011 			memmove(p, tmp, len1);
1012 			memmove(tmp, (caddr_t)tmp+len1, len2);
1013 
1014 			p = tmp + (len2 >> 2);
1015 		}
1016 	}
1017 	else {
1018 		cd->common.err = nfserr_toosmall;
1019 		return -EINVAL;
1020 	}
1021 
1022 	cd->buflen -= num_entry_words;
1023 	cd->buffer = p;
1024 	cd->common.err = nfs_ok;
1025 	return 0;
1026 
1027 }
1028 
1029 int
nfs3svc_encode_entry(void * cd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type)1030 nfs3svc_encode_entry(void *cd, const char *name,
1031 		     int namlen, loff_t offset, u64 ino, unsigned int d_type)
1032 {
1033 	return encode_entry(cd, name, namlen, offset, ino, d_type, 0);
1034 }
1035 
1036 int
nfs3svc_encode_entry_plus(void * cd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type)1037 nfs3svc_encode_entry_plus(void *cd, const char *name,
1038 			  int namlen, loff_t offset, u64 ino,
1039 			  unsigned int d_type)
1040 {
1041 	return encode_entry(cd, name, namlen, offset, ino, d_type, 1);
1042 }
1043 
1044 /* FSSTAT */
1045 int
nfs3svc_encode_fsstatres(struct svc_rqst * rqstp,__be32 * p)1046 nfs3svc_encode_fsstatres(struct svc_rqst *rqstp, __be32 *p)
1047 {
1048 	struct nfsd3_fsstatres *resp = rqstp->rq_resp;
1049 	struct kstatfs	*s = &resp->stats;
1050 	u64		bs = s->f_bsize;
1051 
1052 	*p++ = xdr_zero;	/* no post_op_attr */
1053 
1054 	if (resp->status == 0) {
1055 		p = xdr_encode_hyper(p, bs * s->f_blocks);	/* total bytes */
1056 		p = xdr_encode_hyper(p, bs * s->f_bfree);	/* free bytes */
1057 		p = xdr_encode_hyper(p, bs * s->f_bavail);	/* user available bytes */
1058 		p = xdr_encode_hyper(p, s->f_files);	/* total inodes */
1059 		p = xdr_encode_hyper(p, s->f_ffree);	/* free inodes */
1060 		p = xdr_encode_hyper(p, s->f_ffree);	/* user available inodes */
1061 		*p++ = htonl(resp->invarsec);	/* mean unchanged time */
1062 	}
1063 	return xdr_ressize_check(rqstp, p);
1064 }
1065 
1066 /* FSINFO */
1067 int
nfs3svc_encode_fsinfores(struct svc_rqst * rqstp,__be32 * p)1068 nfs3svc_encode_fsinfores(struct svc_rqst *rqstp, __be32 *p)
1069 {
1070 	struct nfsd3_fsinfores *resp = rqstp->rq_resp;
1071 
1072 	*p++ = xdr_zero;	/* no post_op_attr */
1073 
1074 	if (resp->status == 0) {
1075 		*p++ = htonl(resp->f_rtmax);
1076 		*p++ = htonl(resp->f_rtpref);
1077 		*p++ = htonl(resp->f_rtmult);
1078 		*p++ = htonl(resp->f_wtmax);
1079 		*p++ = htonl(resp->f_wtpref);
1080 		*p++ = htonl(resp->f_wtmult);
1081 		*p++ = htonl(resp->f_dtpref);
1082 		p = xdr_encode_hyper(p, resp->f_maxfilesize);
1083 		*p++ = xdr_one;
1084 		*p++ = xdr_zero;
1085 		*p++ = htonl(resp->f_properties);
1086 	}
1087 
1088 	return xdr_ressize_check(rqstp, p);
1089 }
1090 
1091 /* PATHCONF */
1092 int
nfs3svc_encode_pathconfres(struct svc_rqst * rqstp,__be32 * p)1093 nfs3svc_encode_pathconfres(struct svc_rqst *rqstp, __be32 *p)
1094 {
1095 	struct nfsd3_pathconfres *resp = rqstp->rq_resp;
1096 
1097 	*p++ = xdr_zero;	/* no post_op_attr */
1098 
1099 	if (resp->status == 0) {
1100 		*p++ = htonl(resp->p_link_max);
1101 		*p++ = htonl(resp->p_name_max);
1102 		*p++ = htonl(resp->p_no_trunc);
1103 		*p++ = htonl(resp->p_chown_restricted);
1104 		*p++ = htonl(resp->p_case_insensitive);
1105 		*p++ = htonl(resp->p_case_preserving);
1106 	}
1107 
1108 	return xdr_ressize_check(rqstp, p);
1109 }
1110 
1111 /* COMMIT */
1112 int
nfs3svc_encode_commitres(struct svc_rqst * rqstp,__be32 * p)1113 nfs3svc_encode_commitres(struct svc_rqst *rqstp, __be32 *p)
1114 {
1115 	struct nfsd3_commitres *resp = rqstp->rq_resp;
1116 	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1117 
1118 	p = encode_wcc_data(rqstp, p, &resp->fh);
1119 	/* Write verifier */
1120 	if (resp->status == 0) {
1121 		/* unique identifier, y2038 overflow can be ignored */
1122 		*p++ = htonl((u32)nn->nfssvc_boot.tv_sec);
1123 		*p++ = htonl(nn->nfssvc_boot.tv_nsec);
1124 	}
1125 	return xdr_ressize_check(rqstp, p);
1126 }
1127 
1128 /*
1129  * XDR release functions
1130  */
1131 void
nfs3svc_release_fhandle(struct svc_rqst * rqstp)1132 nfs3svc_release_fhandle(struct svc_rqst *rqstp)
1133 {
1134 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
1135 
1136 	fh_put(&resp->fh);
1137 }
1138 
1139 void
nfs3svc_release_fhandle2(struct svc_rqst * rqstp)1140 nfs3svc_release_fhandle2(struct svc_rqst *rqstp)
1141 {
1142 	struct nfsd3_fhandle_pair *resp = rqstp->rq_resp;
1143 
1144 	fh_put(&resp->fh1);
1145 	fh_put(&resp->fh2);
1146 }
1147