1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * XDR support for nfsd/protocol version 3.
4  *
5  * Copyright (C) 1995, 1996, 1997 Olaf Kirch <okir@monad.swb.de>
6  *
7  * 2003-08-09 Jamie Lokier: Use htonl() for nanoseconds, not htons()!
8  */
9 
10 #include <linux/namei.h>
11 #include <linux/sunrpc/svc_xprt.h>
12 #include "xdr3.h"
13 #include "auth.h"
14 #include "netns.h"
15 #include "vfs.h"
16 
17 #define NFSDDBG_FACILITY		NFSDDBG_XDR
18 
19 
20 /*
21  * Mapping of S_IF* types to NFS file types
22  */
23 static u32	nfs3_ftypes[] = {
24 	NF3NON,  NF3FIFO, NF3CHR, NF3BAD,
25 	NF3DIR,  NF3BAD,  NF3BLK, NF3BAD,
26 	NF3REG,  NF3BAD,  NF3LNK, NF3BAD,
27 	NF3SOCK, NF3BAD,  NF3LNK, NF3BAD,
28 };
29 
30 
31 /*
32  * XDR functions for basic NFS types
33  */
34 static __be32 *
encode_time3(__be32 * p,struct timespec64 * time)35 encode_time3(__be32 *p, struct timespec64 *time)
36 {
37 	*p++ = htonl((u32) time->tv_sec); *p++ = htonl(time->tv_nsec);
38 	return p;
39 }
40 
41 static __be32 *
decode_time3(__be32 * p,struct timespec64 * time)42 decode_time3(__be32 *p, struct timespec64 *time)
43 {
44 	time->tv_sec = ntohl(*p++);
45 	time->tv_nsec = ntohl(*p++);
46 	return p;
47 }
48 
49 static __be32 *
decode_fh(__be32 * p,struct svc_fh * fhp)50 decode_fh(__be32 *p, struct svc_fh *fhp)
51 {
52 	unsigned int size;
53 	fh_init(fhp, NFS3_FHSIZE);
54 	size = ntohl(*p++);
55 	if (size > NFS3_FHSIZE)
56 		return NULL;
57 
58 	memcpy(&fhp->fh_handle.fh_base, p, size);
59 	fhp->fh_handle.fh_size = size;
60 	return p + XDR_QUADLEN(size);
61 }
62 
63 /* Helper function for NFSv3 ACL code */
nfs3svc_decode_fh(__be32 * p,struct svc_fh * fhp)64 __be32 *nfs3svc_decode_fh(__be32 *p, struct svc_fh *fhp)
65 {
66 	return decode_fh(p, fhp);
67 }
68 
69 static __be32 *
encode_fh(__be32 * p,struct svc_fh * fhp)70 encode_fh(__be32 *p, struct svc_fh *fhp)
71 {
72 	unsigned int size = fhp->fh_handle.fh_size;
73 	*p++ = htonl(size);
74 	if (size) p[XDR_QUADLEN(size)-1]=0;
75 	memcpy(p, &fhp->fh_handle.fh_base, size);
76 	return p + XDR_QUADLEN(size);
77 }
78 
79 /*
80  * Decode a file name and make sure that the path contains
81  * no slashes or null bytes.
82  */
83 static __be32 *
decode_filename(__be32 * p,char ** namp,unsigned int * lenp)84 decode_filename(__be32 *p, char **namp, unsigned int *lenp)
85 {
86 	char		*name;
87 	unsigned int	i;
88 
89 	if ((p = xdr_decode_string_inplace(p, namp, lenp, NFS3_MAXNAMLEN)) != NULL) {
90 		for (i = 0, name = *namp; i < *lenp; i++, name++) {
91 			if (*name == '\0' || *name == '/')
92 				return NULL;
93 		}
94 	}
95 
96 	return p;
97 }
98 
99 static __be32 *
decode_sattr3(__be32 * p,struct iattr * iap,struct user_namespace * userns)100 decode_sattr3(__be32 *p, struct iattr *iap, struct user_namespace *userns)
101 {
102 	u32	tmp;
103 
104 	iap->ia_valid = 0;
105 
106 	if (*p++) {
107 		iap->ia_valid |= ATTR_MODE;
108 		iap->ia_mode = ntohl(*p++);
109 	}
110 	if (*p++) {
111 		iap->ia_uid = make_kuid(userns, ntohl(*p++));
112 		if (uid_valid(iap->ia_uid))
113 			iap->ia_valid |= ATTR_UID;
114 	}
115 	if (*p++) {
116 		iap->ia_gid = make_kgid(userns, ntohl(*p++));
117 		if (gid_valid(iap->ia_gid))
118 			iap->ia_valid |= ATTR_GID;
119 	}
120 	if (*p++) {
121 		u64	newsize;
122 
123 		iap->ia_valid |= ATTR_SIZE;
124 		p = xdr_decode_hyper(p, &newsize);
125 		iap->ia_size = min_t(u64, newsize, NFS_OFFSET_MAX);
126 	}
127 	if ((tmp = ntohl(*p++)) == 1) {	/* set to server time */
128 		iap->ia_valid |= ATTR_ATIME;
129 	} else if (tmp == 2) {		/* set to client time */
130 		iap->ia_valid |= ATTR_ATIME | ATTR_ATIME_SET;
131 		iap->ia_atime.tv_sec = ntohl(*p++);
132 		iap->ia_atime.tv_nsec = ntohl(*p++);
133 	}
134 	if ((tmp = ntohl(*p++)) == 1) {	/* set to server time */
135 		iap->ia_valid |= ATTR_MTIME;
136 	} else if (tmp == 2) {		/* set to client time */
137 		iap->ia_valid |= ATTR_MTIME | ATTR_MTIME_SET;
138 		iap->ia_mtime.tv_sec = ntohl(*p++);
139 		iap->ia_mtime.tv_nsec = ntohl(*p++);
140 	}
141 	return p;
142 }
143 
encode_fsid(__be32 * p,struct svc_fh * fhp)144 static __be32 *encode_fsid(__be32 *p, struct svc_fh *fhp)
145 {
146 	u64 f;
147 	switch(fsid_source(fhp)) {
148 	default:
149 	case FSIDSOURCE_DEV:
150 		p = xdr_encode_hyper(p, (u64)huge_encode_dev
151 				     (fhp->fh_dentry->d_sb->s_dev));
152 		break;
153 	case FSIDSOURCE_FSID:
154 		p = xdr_encode_hyper(p, (u64) fhp->fh_export->ex_fsid);
155 		break;
156 	case FSIDSOURCE_UUID:
157 		f = ((u64*)fhp->fh_export->ex_uuid)[0];
158 		f ^= ((u64*)fhp->fh_export->ex_uuid)[1];
159 		p = xdr_encode_hyper(p, f);
160 		break;
161 	}
162 	return p;
163 }
164 
165 static __be32 *
encode_fattr3(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp,struct kstat * stat)166 encode_fattr3(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp,
167 	      struct kstat *stat)
168 {
169 	struct user_namespace *userns = nfsd_user_namespace(rqstp);
170 	*p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]);
171 	*p++ = htonl((u32) (stat->mode & S_IALLUGO));
172 	*p++ = htonl((u32) stat->nlink);
173 	*p++ = htonl((u32) from_kuid_munged(userns, stat->uid));
174 	*p++ = htonl((u32) from_kgid_munged(userns, stat->gid));
175 	if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) {
176 		p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN);
177 	} else {
178 		p = xdr_encode_hyper(p, (u64) stat->size);
179 	}
180 	p = xdr_encode_hyper(p, ((u64)stat->blocks) << 9);
181 	*p++ = htonl((u32) MAJOR(stat->rdev));
182 	*p++ = htonl((u32) MINOR(stat->rdev));
183 	p = encode_fsid(p, fhp);
184 	p = xdr_encode_hyper(p, stat->ino);
185 	p = encode_time3(p, &stat->atime);
186 	p = encode_time3(p, &stat->mtime);
187 	p = encode_time3(p, &stat->ctime);
188 
189 	return p;
190 }
191 
192 static __be32 *
encode_saved_post_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)193 encode_saved_post_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
194 {
195 	/* Attributes to follow */
196 	*p++ = xdr_one;
197 	return encode_fattr3(rqstp, p, fhp, &fhp->fh_post_attr);
198 }
199 
200 /*
201  * Encode post-operation attributes.
202  * The inode may be NULL if the call failed because of a stale file
203  * handle. In this case, no attributes are returned.
204  */
205 static __be32 *
encode_post_op_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)206 encode_post_op_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
207 {
208 	struct dentry *dentry = fhp->fh_dentry;
209 	if (dentry && d_really_is_positive(dentry)) {
210 	        __be32 err;
211 		struct kstat stat;
212 
213 		err = fh_getattr(fhp, &stat);
214 		if (!err) {
215 			*p++ = xdr_one;		/* attributes follow */
216 			lease_get_mtime(d_inode(dentry), &stat.mtime);
217 			return encode_fattr3(rqstp, p, fhp, &stat);
218 		}
219 	}
220 	*p++ = xdr_zero;
221 	return p;
222 }
223 
224 /* Helper for NFSv3 ACLs */
225 __be32 *
nfs3svc_encode_post_op_attr(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)226 nfs3svc_encode_post_op_attr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
227 {
228 	return encode_post_op_attr(rqstp, p, fhp);
229 }
230 
231 /*
232  * Enocde weak cache consistency data
233  */
234 static __be32 *
encode_wcc_data(struct svc_rqst * rqstp,__be32 * p,struct svc_fh * fhp)235 encode_wcc_data(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp)
236 {
237 	struct dentry	*dentry = fhp->fh_dentry;
238 
239 	if (dentry && d_really_is_positive(dentry) && fhp->fh_post_saved) {
240 		if (fhp->fh_pre_saved) {
241 			*p++ = xdr_one;
242 			p = xdr_encode_hyper(p, (u64) fhp->fh_pre_size);
243 			p = encode_time3(p, &fhp->fh_pre_mtime);
244 			p = encode_time3(p, &fhp->fh_pre_ctime);
245 		} else {
246 			*p++ = xdr_zero;
247 		}
248 		return encode_saved_post_attr(rqstp, p, fhp);
249 	}
250 	/* no pre- or post-attrs */
251 	*p++ = xdr_zero;
252 	return encode_post_op_attr(rqstp, p, fhp);
253 }
254 
255 /*
256  * Fill in the pre_op attr for the wcc data
257  */
fill_pre_wcc(struct svc_fh * fhp)258 void fill_pre_wcc(struct svc_fh *fhp)
259 {
260 	struct inode    *inode;
261 	struct kstat	stat;
262 	__be32 err;
263 
264 	if (fhp->fh_pre_saved)
265 		return;
266 
267 	inode = d_inode(fhp->fh_dentry);
268 	err = fh_getattr(fhp, &stat);
269 	if (err) {
270 		/* Grab the times from inode anyway */
271 		stat.mtime = inode->i_mtime;
272 		stat.ctime = inode->i_ctime;
273 		stat.size  = inode->i_size;
274 	}
275 
276 	fhp->fh_pre_mtime = stat.mtime;
277 	fhp->fh_pre_ctime = stat.ctime;
278 	fhp->fh_pre_size  = stat.size;
279 	fhp->fh_pre_change = nfsd4_change_attribute(&stat, inode);
280 	fhp->fh_pre_saved = true;
281 }
282 
283 /*
284  * Fill in the post_op attr for the wcc data
285  */
fill_post_wcc(struct svc_fh * fhp)286 void fill_post_wcc(struct svc_fh *fhp)
287 {
288 	__be32 err;
289 
290 	if (fhp->fh_post_saved)
291 		printk("nfsd: inode locked twice during operation.\n");
292 
293 	err = fh_getattr(fhp, &fhp->fh_post_attr);
294 	fhp->fh_post_change = nfsd4_change_attribute(&fhp->fh_post_attr,
295 						     d_inode(fhp->fh_dentry));
296 	if (err) {
297 		fhp->fh_post_saved = false;
298 		/* Grab the ctime anyway - set_change_info might use it */
299 		fhp->fh_post_attr.ctime = d_inode(fhp->fh_dentry)->i_ctime;
300 	} else
301 		fhp->fh_post_saved = true;
302 }
303 
304 /*
305  * XDR decode functions
306  */
307 int
nfs3svc_decode_voidarg(struct svc_rqst * rqstp,__be32 * p)308 nfs3svc_decode_voidarg(struct svc_rqst *rqstp, __be32 *p)
309 {
310 	return 1;
311 }
312 
313 int
nfs3svc_decode_fhandle(struct svc_rqst * rqstp,__be32 * p)314 nfs3svc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p)
315 {
316 	struct nfsd_fhandle *args = rqstp->rq_argp;
317 
318 	p = decode_fh(p, &args->fh);
319 	if (!p)
320 		return 0;
321 	return xdr_argsize_check(rqstp, p);
322 }
323 
324 int
nfs3svc_decode_sattrargs(struct svc_rqst * rqstp,__be32 * p)325 nfs3svc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p)
326 {
327 	struct nfsd3_sattrargs *args = rqstp->rq_argp;
328 
329 	p = decode_fh(p, &args->fh);
330 	if (!p)
331 		return 0;
332 	p = decode_sattr3(p, &args->attrs, nfsd_user_namespace(rqstp));
333 
334 	if ((args->check_guard = ntohl(*p++)) != 0) {
335 		struct timespec64 time;
336 		p = decode_time3(p, &time);
337 		args->guardtime = time.tv_sec;
338 	}
339 
340 	return xdr_argsize_check(rqstp, p);
341 }
342 
343 int
nfs3svc_decode_diropargs(struct svc_rqst * rqstp,__be32 * p)344 nfs3svc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p)
345 {
346 	struct nfsd3_diropargs *args = rqstp->rq_argp;
347 
348 	if (!(p = decode_fh(p, &args->fh))
349 	 || !(p = decode_filename(p, &args->name, &args->len)))
350 		return 0;
351 
352 	return xdr_argsize_check(rqstp, p);
353 }
354 
355 int
nfs3svc_decode_accessargs(struct svc_rqst * rqstp,__be32 * p)356 nfs3svc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p)
357 {
358 	struct nfsd3_accessargs *args = rqstp->rq_argp;
359 
360 	p = decode_fh(p, &args->fh);
361 	if (!p)
362 		return 0;
363 	args->access = ntohl(*p++);
364 
365 	return xdr_argsize_check(rqstp, p);
366 }
367 
368 int
nfs3svc_decode_readargs(struct svc_rqst * rqstp,__be32 * p)369 nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p)
370 {
371 	struct nfsd3_readargs *args = rqstp->rq_argp;
372 	unsigned int len;
373 	int v;
374 	u32 max_blocksize = svc_max_payload(rqstp);
375 
376 	p = decode_fh(p, &args->fh);
377 	if (!p)
378 		return 0;
379 	p = xdr_decode_hyper(p, &args->offset);
380 
381 	args->count = ntohl(*p++);
382 	len = min(args->count, max_blocksize);
383 
384 	/* set up the kvec */
385 	v=0;
386 	while (len > 0) {
387 		struct page *p = *(rqstp->rq_next_page++);
388 
389 		rqstp->rq_vec[v].iov_base = page_address(p);
390 		rqstp->rq_vec[v].iov_len = min_t(unsigned int, len, PAGE_SIZE);
391 		len -= rqstp->rq_vec[v].iov_len;
392 		v++;
393 	}
394 	args->vlen = v;
395 	return xdr_argsize_check(rqstp, p);
396 }
397 
398 int
nfs3svc_decode_writeargs(struct svc_rqst * rqstp,__be32 * p)399 nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p)
400 {
401 	struct nfsd3_writeargs *args = rqstp->rq_argp;
402 	unsigned int len, hdr, dlen;
403 	u32 max_blocksize = svc_max_payload(rqstp);
404 	struct kvec *head = rqstp->rq_arg.head;
405 	struct kvec *tail = rqstp->rq_arg.tail;
406 
407 	p = decode_fh(p, &args->fh);
408 	if (!p)
409 		return 0;
410 	p = xdr_decode_hyper(p, &args->offset);
411 
412 	args->count = ntohl(*p++);
413 	args->stable = ntohl(*p++);
414 	len = args->len = ntohl(*p++);
415 	if ((void *)p > head->iov_base + head->iov_len)
416 		return 0;
417 	/*
418 	 * The count must equal the amount of data passed.
419 	 */
420 	if (args->count != args->len)
421 		return 0;
422 
423 	/*
424 	 * Check to make sure that we got the right number of
425 	 * bytes.
426 	 */
427 	hdr = (void*)p - head->iov_base;
428 	dlen = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len - hdr;
429 	/*
430 	 * Round the length of the data which was specified up to
431 	 * the next multiple of XDR units and then compare that
432 	 * against the length which was actually received.
433 	 * Note that when RPCSEC/GSS (for example) is used, the
434 	 * data buffer can be padded so dlen might be larger
435 	 * than required.  It must never be smaller.
436 	 */
437 	if (dlen < XDR_QUADLEN(len)*4)
438 		return 0;
439 
440 	if (args->count > max_blocksize) {
441 		args->count = max_blocksize;
442 		len = args->len = max_blocksize;
443 	}
444 
445 	args->first.iov_base = (void *)p;
446 	args->first.iov_len = head->iov_len - hdr;
447 	return 1;
448 }
449 
450 int
nfs3svc_decode_createargs(struct svc_rqst * rqstp,__be32 * p)451 nfs3svc_decode_createargs(struct svc_rqst *rqstp, __be32 *p)
452 {
453 	struct nfsd3_createargs *args = rqstp->rq_argp;
454 
455 	if (!(p = decode_fh(p, &args->fh))
456 	 || !(p = decode_filename(p, &args->name, &args->len)))
457 		return 0;
458 
459 	switch (args->createmode = ntohl(*p++)) {
460 	case NFS3_CREATE_UNCHECKED:
461 	case NFS3_CREATE_GUARDED:
462 		p = decode_sattr3(p, &args->attrs, nfsd_user_namespace(rqstp));
463 		break;
464 	case NFS3_CREATE_EXCLUSIVE:
465 		args->verf = p;
466 		p += 2;
467 		break;
468 	default:
469 		return 0;
470 	}
471 
472 	return xdr_argsize_check(rqstp, p);
473 }
474 
475 int
nfs3svc_decode_mkdirargs(struct svc_rqst * rqstp,__be32 * p)476 nfs3svc_decode_mkdirargs(struct svc_rqst *rqstp, __be32 *p)
477 {
478 	struct nfsd3_createargs *args = rqstp->rq_argp;
479 
480 	if (!(p = decode_fh(p, &args->fh)) ||
481 	    !(p = decode_filename(p, &args->name, &args->len)))
482 		return 0;
483 	p = decode_sattr3(p, &args->attrs, nfsd_user_namespace(rqstp));
484 
485 	return xdr_argsize_check(rqstp, p);
486 }
487 
488 int
nfs3svc_decode_symlinkargs(struct svc_rqst * rqstp,__be32 * p)489 nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p)
490 {
491 	struct nfsd3_symlinkargs *args = rqstp->rq_argp;
492 	char *base = (char *)p;
493 	size_t dlen;
494 
495 	if (!(p = decode_fh(p, &args->ffh)) ||
496 	    !(p = decode_filename(p, &args->fname, &args->flen)))
497 		return 0;
498 	p = decode_sattr3(p, &args->attrs, nfsd_user_namespace(rqstp));
499 
500 	args->tlen = ntohl(*p++);
501 
502 	args->first.iov_base = p;
503 	args->first.iov_len = rqstp->rq_arg.head[0].iov_len;
504 	args->first.iov_len -= (char *)p - base;
505 
506 	dlen = args->first.iov_len + rqstp->rq_arg.page_len +
507 	       rqstp->rq_arg.tail[0].iov_len;
508 	if (dlen < XDR_QUADLEN(args->tlen) << 2)
509 		return 0;
510 	return 1;
511 }
512 
513 int
nfs3svc_decode_mknodargs(struct svc_rqst * rqstp,__be32 * p)514 nfs3svc_decode_mknodargs(struct svc_rqst *rqstp, __be32 *p)
515 {
516 	struct nfsd3_mknodargs *args = rqstp->rq_argp;
517 
518 	if (!(p = decode_fh(p, &args->fh))
519 	 || !(p = decode_filename(p, &args->name, &args->len)))
520 		return 0;
521 
522 	args->ftype = ntohl(*p++);
523 
524 	if (args->ftype == NF3BLK  || args->ftype == NF3CHR
525 	 || args->ftype == NF3SOCK || args->ftype == NF3FIFO)
526 		p = decode_sattr3(p, &args->attrs, nfsd_user_namespace(rqstp));
527 
528 	if (args->ftype == NF3BLK || args->ftype == NF3CHR) {
529 		args->major = ntohl(*p++);
530 		args->minor = ntohl(*p++);
531 	}
532 
533 	return xdr_argsize_check(rqstp, p);
534 }
535 
536 int
nfs3svc_decode_renameargs(struct svc_rqst * rqstp,__be32 * p)537 nfs3svc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p)
538 {
539 	struct nfsd3_renameargs *args = rqstp->rq_argp;
540 
541 	if (!(p = decode_fh(p, &args->ffh))
542 	 || !(p = decode_filename(p, &args->fname, &args->flen))
543 	 || !(p = decode_fh(p, &args->tfh))
544 	 || !(p = decode_filename(p, &args->tname, &args->tlen)))
545 		return 0;
546 
547 	return xdr_argsize_check(rqstp, p);
548 }
549 
550 int
nfs3svc_decode_readlinkargs(struct svc_rqst * rqstp,__be32 * p)551 nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p)
552 {
553 	struct nfsd3_readlinkargs *args = rqstp->rq_argp;
554 
555 	p = decode_fh(p, &args->fh);
556 	if (!p)
557 		return 0;
558 	args->buffer = page_address(*(rqstp->rq_next_page++));
559 
560 	return xdr_argsize_check(rqstp, p);
561 }
562 
563 int
nfs3svc_decode_linkargs(struct svc_rqst * rqstp,__be32 * p)564 nfs3svc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p)
565 {
566 	struct nfsd3_linkargs *args = rqstp->rq_argp;
567 
568 	if (!(p = decode_fh(p, &args->ffh))
569 	 || !(p = decode_fh(p, &args->tfh))
570 	 || !(p = decode_filename(p, &args->tname, &args->tlen)))
571 		return 0;
572 
573 	return xdr_argsize_check(rqstp, p);
574 }
575 
576 int
nfs3svc_decode_readdirargs(struct svc_rqst * rqstp,__be32 * p)577 nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p)
578 {
579 	struct nfsd3_readdirargs *args = rqstp->rq_argp;
580 	int len;
581 	u32 max_blocksize = svc_max_payload(rqstp);
582 
583 	p = decode_fh(p, &args->fh);
584 	if (!p)
585 		return 0;
586 	p = xdr_decode_hyper(p, &args->cookie);
587 	args->verf   = p; p += 2;
588 	args->dircount = ~0;
589 	args->count  = ntohl(*p++);
590 	len = args->count  = min_t(u32, args->count, max_blocksize);
591 
592 	while (len > 0) {
593 		struct page *p = *(rqstp->rq_next_page++);
594 		if (!args->buffer)
595 			args->buffer = page_address(p);
596 		len -= PAGE_SIZE;
597 	}
598 
599 	return xdr_argsize_check(rqstp, p);
600 }
601 
602 int
nfs3svc_decode_readdirplusargs(struct svc_rqst * rqstp,__be32 * p)603 nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p)
604 {
605 	struct nfsd3_readdirargs *args = rqstp->rq_argp;
606 	int len;
607 	u32 max_blocksize = svc_max_payload(rqstp);
608 
609 	p = decode_fh(p, &args->fh);
610 	if (!p)
611 		return 0;
612 	p = xdr_decode_hyper(p, &args->cookie);
613 	args->verf     = p; p += 2;
614 	args->dircount = ntohl(*p++);
615 	args->count    = ntohl(*p++);
616 
617 	len = args->count = min(args->count, max_blocksize);
618 	while (len > 0) {
619 		struct page *p = *(rqstp->rq_next_page++);
620 		if (!args->buffer)
621 			args->buffer = page_address(p);
622 		len -= PAGE_SIZE;
623 	}
624 
625 	return xdr_argsize_check(rqstp, p);
626 }
627 
628 int
nfs3svc_decode_commitargs(struct svc_rqst * rqstp,__be32 * p)629 nfs3svc_decode_commitargs(struct svc_rqst *rqstp, __be32 *p)
630 {
631 	struct nfsd3_commitargs *args = rqstp->rq_argp;
632 	p = decode_fh(p, &args->fh);
633 	if (!p)
634 		return 0;
635 	p = xdr_decode_hyper(p, &args->offset);
636 	args->count = ntohl(*p++);
637 
638 	return xdr_argsize_check(rqstp, p);
639 }
640 
641 /*
642  * XDR encode functions
643  */
644 
645 int
nfs3svc_encode_voidres(struct svc_rqst * rqstp,__be32 * p)646 nfs3svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p)
647 {
648 	return xdr_ressize_check(rqstp, p);
649 }
650 
651 /* GETATTR */
652 int
nfs3svc_encode_attrstat(struct svc_rqst * rqstp,__be32 * p)653 nfs3svc_encode_attrstat(struct svc_rqst *rqstp, __be32 *p)
654 {
655 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
656 
657 	*p++ = resp->status;
658 	if (resp->status == 0) {
659 		lease_get_mtime(d_inode(resp->fh.fh_dentry),
660 				&resp->stat.mtime);
661 		p = encode_fattr3(rqstp, p, &resp->fh, &resp->stat);
662 	}
663 	return xdr_ressize_check(rqstp, p);
664 }
665 
666 /* SETATTR, REMOVE, RMDIR */
667 int
nfs3svc_encode_wccstat(struct svc_rqst * rqstp,__be32 * p)668 nfs3svc_encode_wccstat(struct svc_rqst *rqstp, __be32 *p)
669 {
670 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
671 
672 	*p++ = resp->status;
673 	p = encode_wcc_data(rqstp, p, &resp->fh);
674 	return xdr_ressize_check(rqstp, p);
675 }
676 
677 /* LOOKUP */
678 int
nfs3svc_encode_diropres(struct svc_rqst * rqstp,__be32 * p)679 nfs3svc_encode_diropres(struct svc_rqst *rqstp, __be32 *p)
680 {
681 	struct nfsd3_diropres *resp = rqstp->rq_resp;
682 
683 	*p++ = resp->status;
684 	if (resp->status == 0) {
685 		p = encode_fh(p, &resp->fh);
686 		p = encode_post_op_attr(rqstp, p, &resp->fh);
687 	}
688 	p = encode_post_op_attr(rqstp, p, &resp->dirfh);
689 	return xdr_ressize_check(rqstp, p);
690 }
691 
692 /* ACCESS */
693 int
nfs3svc_encode_accessres(struct svc_rqst * rqstp,__be32 * p)694 nfs3svc_encode_accessres(struct svc_rqst *rqstp, __be32 *p)
695 {
696 	struct nfsd3_accessres *resp = rqstp->rq_resp;
697 
698 	*p++ = resp->status;
699 	p = encode_post_op_attr(rqstp, p, &resp->fh);
700 	if (resp->status == 0)
701 		*p++ = htonl(resp->access);
702 	return xdr_ressize_check(rqstp, p);
703 }
704 
705 /* READLINK */
706 int
nfs3svc_encode_readlinkres(struct svc_rqst * rqstp,__be32 * p)707 nfs3svc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p)
708 {
709 	struct nfsd3_readlinkres *resp = rqstp->rq_resp;
710 
711 	*p++ = resp->status;
712 	p = encode_post_op_attr(rqstp, p, &resp->fh);
713 	if (resp->status == 0) {
714 		*p++ = htonl(resp->len);
715 		xdr_ressize_check(rqstp, p);
716 		rqstp->rq_res.page_len = resp->len;
717 		if (resp->len & 3) {
718 			/* need to pad the tail */
719 			rqstp->rq_res.tail[0].iov_base = p;
720 			*p = 0;
721 			rqstp->rq_res.tail[0].iov_len = 4 - (resp->len&3);
722 		}
723 		return 1;
724 	} else
725 		return xdr_ressize_check(rqstp, p);
726 }
727 
728 /* READ */
729 int
nfs3svc_encode_readres(struct svc_rqst * rqstp,__be32 * p)730 nfs3svc_encode_readres(struct svc_rqst *rqstp, __be32 *p)
731 {
732 	struct nfsd3_readres *resp = rqstp->rq_resp;
733 
734 	*p++ = resp->status;
735 	p = encode_post_op_attr(rqstp, p, &resp->fh);
736 	if (resp->status == 0) {
737 		*p++ = htonl(resp->count);
738 		*p++ = htonl(resp->eof);
739 		*p++ = htonl(resp->count);	/* xdr opaque count */
740 		xdr_ressize_check(rqstp, p);
741 		/* now update rqstp->rq_res to reflect data as well */
742 		rqstp->rq_res.page_len = resp->count;
743 		if (resp->count & 3) {
744 			/* need to pad the tail */
745 			rqstp->rq_res.tail[0].iov_base = p;
746 			*p = 0;
747 			rqstp->rq_res.tail[0].iov_len = 4 - (resp->count & 3);
748 		}
749 		return 1;
750 	} else
751 		return xdr_ressize_check(rqstp, p);
752 }
753 
754 /* WRITE */
755 int
nfs3svc_encode_writeres(struct svc_rqst * rqstp,__be32 * p)756 nfs3svc_encode_writeres(struct svc_rqst *rqstp, __be32 *p)
757 {
758 	struct nfsd3_writeres *resp = rqstp->rq_resp;
759 
760 	*p++ = resp->status;
761 	p = encode_wcc_data(rqstp, p, &resp->fh);
762 	if (resp->status == 0) {
763 		*p++ = htonl(resp->count);
764 		*p++ = htonl(resp->committed);
765 		*p++ = resp->verf[0];
766 		*p++ = resp->verf[1];
767 	}
768 	return xdr_ressize_check(rqstp, p);
769 }
770 
771 /* CREATE, MKDIR, SYMLINK, MKNOD */
772 int
nfs3svc_encode_createres(struct svc_rqst * rqstp,__be32 * p)773 nfs3svc_encode_createres(struct svc_rqst *rqstp, __be32 *p)
774 {
775 	struct nfsd3_diropres *resp = rqstp->rq_resp;
776 
777 	*p++ = resp->status;
778 	if (resp->status == 0) {
779 		*p++ = xdr_one;
780 		p = encode_fh(p, &resp->fh);
781 		p = encode_post_op_attr(rqstp, p, &resp->fh);
782 	}
783 	p = encode_wcc_data(rqstp, p, &resp->dirfh);
784 	return xdr_ressize_check(rqstp, p);
785 }
786 
787 /* RENAME */
788 int
nfs3svc_encode_renameres(struct svc_rqst * rqstp,__be32 * p)789 nfs3svc_encode_renameres(struct svc_rqst *rqstp, __be32 *p)
790 {
791 	struct nfsd3_renameres *resp = rqstp->rq_resp;
792 
793 	*p++ = resp->status;
794 	p = encode_wcc_data(rqstp, p, &resp->ffh);
795 	p = encode_wcc_data(rqstp, p, &resp->tfh);
796 	return xdr_ressize_check(rqstp, p);
797 }
798 
799 /* LINK */
800 int
nfs3svc_encode_linkres(struct svc_rqst * rqstp,__be32 * p)801 nfs3svc_encode_linkres(struct svc_rqst *rqstp, __be32 *p)
802 {
803 	struct nfsd3_linkres *resp = rqstp->rq_resp;
804 
805 	*p++ = resp->status;
806 	p = encode_post_op_attr(rqstp, p, &resp->fh);
807 	p = encode_wcc_data(rqstp, p, &resp->tfh);
808 	return xdr_ressize_check(rqstp, p);
809 }
810 
811 /* READDIR */
812 int
nfs3svc_encode_readdirres(struct svc_rqst * rqstp,__be32 * p)813 nfs3svc_encode_readdirres(struct svc_rqst *rqstp, __be32 *p)
814 {
815 	struct nfsd3_readdirres *resp = rqstp->rq_resp;
816 
817 	*p++ = resp->status;
818 	p = encode_post_op_attr(rqstp, p, &resp->fh);
819 
820 	if (resp->status == 0) {
821 		/* stupid readdir cookie */
822 		memcpy(p, resp->verf, 8); p += 2;
823 		xdr_ressize_check(rqstp, p);
824 		if (rqstp->rq_res.head[0].iov_len + (2<<2) > PAGE_SIZE)
825 			return 1; /*No room for trailer */
826 		rqstp->rq_res.page_len = (resp->count) << 2;
827 
828 		/* add the 'tail' to the end of the 'head' page - page 0. */
829 		rqstp->rq_res.tail[0].iov_base = p;
830 		*p++ = 0;		/* no more entries */
831 		*p++ = htonl(resp->common.err == nfserr_eof);
832 		rqstp->rq_res.tail[0].iov_len = 2<<2;
833 		return 1;
834 	} else
835 		return xdr_ressize_check(rqstp, p);
836 }
837 
838 static __be32 *
encode_entry_baggage(struct nfsd3_readdirres * cd,__be32 * p,const char * name,int namlen,u64 ino)839 encode_entry_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name,
840 	     int namlen, u64 ino)
841 {
842 	*p++ = xdr_one;				 /* mark entry present */
843 	p    = xdr_encode_hyper(p, ino);	 /* file id */
844 	p    = xdr_encode_array(p, name, namlen);/* name length & name */
845 
846 	cd->offset = p;				/* remember pointer */
847 	p = xdr_encode_hyper(p, NFS_OFFSET_MAX);/* offset of next entry */
848 
849 	return p;
850 }
851 
852 static __be32
compose_entry_fh(struct nfsd3_readdirres * cd,struct svc_fh * fhp,const char * name,int namlen,u64 ino)853 compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
854 		 const char *name, int namlen, u64 ino)
855 {
856 	struct svc_export	*exp;
857 	struct dentry		*dparent, *dchild;
858 	__be32 rv = nfserr_noent;
859 
860 	dparent = cd->fh.fh_dentry;
861 	exp  = cd->fh.fh_export;
862 
863 	if (isdotent(name, namlen)) {
864 		if (namlen == 2) {
865 			dchild = dget_parent(dparent);
866 			/* filesystem root - cannot return filehandle for ".." */
867 			if (dchild == dparent)
868 				goto out;
869 		} else
870 			dchild = dget(dparent);
871 	} else
872 		dchild = lookup_positive_unlocked(name, dparent, namlen);
873 	if (IS_ERR(dchild))
874 		return rv;
875 	if (d_mountpoint(dchild))
876 		goto out;
877 	if (dchild->d_inode->i_ino != ino)
878 		goto out;
879 	rv = fh_compose(fhp, exp, dchild, &cd->fh);
880 out:
881 	dput(dchild);
882 	return rv;
883 }
884 
encode_entryplus_baggage(struct nfsd3_readdirres * cd,__be32 * p,const char * name,int namlen,u64 ino)885 static __be32 *encode_entryplus_baggage(struct nfsd3_readdirres *cd, __be32 *p, const char *name, int namlen, u64 ino)
886 {
887 	struct svc_fh	*fh = &cd->scratch;
888 	__be32 err;
889 
890 	fh_init(fh, NFS3_FHSIZE);
891 	err = compose_entry_fh(cd, fh, name, namlen, ino);
892 	if (err) {
893 		*p++ = 0;
894 		*p++ = 0;
895 		goto out;
896 	}
897 	p = encode_post_op_attr(cd->rqstp, p, fh);
898 	*p++ = xdr_one;			/* yes, a file handle follows */
899 	p = encode_fh(p, fh);
900 out:
901 	fh_put(fh);
902 	return p;
903 }
904 
905 /*
906  * Encode a directory entry. This one works for both normal readdir
907  * and readdirplus.
908  * The normal readdir reply requires 2 (fileid) + 1 (stringlen)
909  * + string + 2 (cookie) + 1 (next) words, i.e. 6 + strlen.
910  *
911  * The readdirplus baggage is 1+21 words for post_op_attr, plus the
912  * file handle.
913  */
914 
915 #define NFS3_ENTRY_BAGGAGE	(2 + 1 + 2 + 1)
916 #define NFS3_ENTRYPLUS_BAGGAGE	(1 + 21 + 1 + (NFS3_FHSIZE >> 2))
917 static int
encode_entry(struct readdir_cd * ccd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type,int plus)918 encode_entry(struct readdir_cd *ccd, const char *name, int namlen,
919 	     loff_t offset, u64 ino, unsigned int d_type, int plus)
920 {
921 	struct nfsd3_readdirres *cd = container_of(ccd, struct nfsd3_readdirres,
922 		       					common);
923 	__be32		*p = cd->buffer;
924 	caddr_t		curr_page_addr = NULL;
925 	struct page **	page;
926 	int		slen;		/* string (name) length */
927 	int		elen;		/* estimated entry length in words */
928 	int		num_entry_words = 0;	/* actual number of words */
929 
930 	if (cd->offset) {
931 		u64 offset64 = offset;
932 
933 		if (unlikely(cd->offset1)) {
934 			/* we ended up with offset on a page boundary */
935 			*cd->offset = htonl(offset64 >> 32);
936 			*cd->offset1 = htonl(offset64 & 0xffffffff);
937 			cd->offset1 = NULL;
938 		} else {
939 			xdr_encode_hyper(cd->offset, offset64);
940 		}
941 		cd->offset = NULL;
942 	}
943 
944 	/*
945 	dprintk("encode_entry(%.*s @%ld%s)\n",
946 		namlen, name, (long) offset, plus? " plus" : "");
947 	 */
948 
949 	/* truncate filename if too long */
950 	namlen = min(namlen, NFS3_MAXNAMLEN);
951 
952 	slen = XDR_QUADLEN(namlen);
953 	elen = slen + NFS3_ENTRY_BAGGAGE
954 		+ (plus? NFS3_ENTRYPLUS_BAGGAGE : 0);
955 
956 	if (cd->buflen < elen) {
957 		cd->common.err = nfserr_toosmall;
958 		return -EINVAL;
959 	}
960 
961 	/* determine which page in rq_respages[] we are currently filling */
962 	for (page = cd->rqstp->rq_respages + 1;
963 				page < cd->rqstp->rq_next_page; page++) {
964 		curr_page_addr = page_address(*page);
965 
966 		if (((caddr_t)cd->buffer >= curr_page_addr) &&
967 		    ((caddr_t)cd->buffer <  curr_page_addr + PAGE_SIZE))
968 			break;
969 	}
970 
971 	if ((caddr_t)(cd->buffer + elen) < (curr_page_addr + PAGE_SIZE)) {
972 		/* encode entry in current page */
973 
974 		p = encode_entry_baggage(cd, p, name, namlen, ino);
975 
976 		if (plus)
977 			p = encode_entryplus_baggage(cd, p, name, namlen, ino);
978 		num_entry_words = p - cd->buffer;
979 	} else if (*(page+1) != NULL) {
980 		/* temporarily encode entry into next page, then move back to
981 		 * current and next page in rq_respages[] */
982 		__be32 *p1, *tmp;
983 		int len1, len2;
984 
985 		/* grab next page for temporary storage of entry */
986 		p1 = tmp = page_address(*(page+1));
987 
988 		p1 = encode_entry_baggage(cd, p1, name, namlen, ino);
989 
990 		if (plus)
991 			p1 = encode_entryplus_baggage(cd, p1, name, namlen, ino);
992 
993 		/* determine entry word length and lengths to go in pages */
994 		num_entry_words = p1 - tmp;
995 		len1 = curr_page_addr + PAGE_SIZE - (caddr_t)cd->buffer;
996 		if ((num_entry_words << 2) < len1) {
997 			/* the actual number of words in the entry is less
998 			 * than elen and can still fit in the current page
999 			 */
1000 			memmove(p, tmp, num_entry_words << 2);
1001 			p += num_entry_words;
1002 
1003 			/* update offset */
1004 			cd->offset = cd->buffer + (cd->offset - tmp);
1005 		} else {
1006 			unsigned int offset_r = (cd->offset - tmp) << 2;
1007 
1008 			/* update pointer to offset location.
1009 			 * This is a 64bit quantity, so we need to
1010 			 * deal with 3 cases:
1011 			 *  -	entirely in first page
1012 			 *  -	entirely in second page
1013 			 *  -	4 bytes in each page
1014 			 */
1015 			if (offset_r + 8 <= len1) {
1016 				cd->offset = p + (cd->offset - tmp);
1017 			} else if (offset_r >= len1) {
1018 				cd->offset -= len1 >> 2;
1019 			} else {
1020 				/* sitting on the fence */
1021 				BUG_ON(offset_r != len1 - 4);
1022 				cd->offset = p + (cd->offset - tmp);
1023 				cd->offset1 = tmp;
1024 			}
1025 
1026 			len2 = (num_entry_words << 2) - len1;
1027 
1028 			/* move from temp page to current and next pages */
1029 			memmove(p, tmp, len1);
1030 			memmove(tmp, (caddr_t)tmp+len1, len2);
1031 
1032 			p = tmp + (len2 >> 2);
1033 		}
1034 	}
1035 	else {
1036 		cd->common.err = nfserr_toosmall;
1037 		return -EINVAL;
1038 	}
1039 
1040 	cd->buflen -= num_entry_words;
1041 	cd->buffer = p;
1042 	cd->common.err = nfs_ok;
1043 	return 0;
1044 
1045 }
1046 
1047 int
nfs3svc_encode_entry(void * cd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type)1048 nfs3svc_encode_entry(void *cd, const char *name,
1049 		     int namlen, loff_t offset, u64 ino, unsigned int d_type)
1050 {
1051 	return encode_entry(cd, name, namlen, offset, ino, d_type, 0);
1052 }
1053 
1054 int
nfs3svc_encode_entry_plus(void * cd,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type)1055 nfs3svc_encode_entry_plus(void *cd, const char *name,
1056 			  int namlen, loff_t offset, u64 ino,
1057 			  unsigned int d_type)
1058 {
1059 	return encode_entry(cd, name, namlen, offset, ino, d_type, 1);
1060 }
1061 
1062 /* FSSTAT */
1063 int
nfs3svc_encode_fsstatres(struct svc_rqst * rqstp,__be32 * p)1064 nfs3svc_encode_fsstatres(struct svc_rqst *rqstp, __be32 *p)
1065 {
1066 	struct nfsd3_fsstatres *resp = rqstp->rq_resp;
1067 	struct kstatfs	*s = &resp->stats;
1068 	u64		bs = s->f_bsize;
1069 
1070 	*p++ = resp->status;
1071 	*p++ = xdr_zero;	/* no post_op_attr */
1072 
1073 	if (resp->status == 0) {
1074 		p = xdr_encode_hyper(p, bs * s->f_blocks);	/* total bytes */
1075 		p = xdr_encode_hyper(p, bs * s->f_bfree);	/* free bytes */
1076 		p = xdr_encode_hyper(p, bs * s->f_bavail);	/* user available bytes */
1077 		p = xdr_encode_hyper(p, s->f_files);	/* total inodes */
1078 		p = xdr_encode_hyper(p, s->f_ffree);	/* free inodes */
1079 		p = xdr_encode_hyper(p, s->f_ffree);	/* user available inodes */
1080 		*p++ = htonl(resp->invarsec);	/* mean unchanged time */
1081 	}
1082 	return xdr_ressize_check(rqstp, p);
1083 }
1084 
1085 /* FSINFO */
1086 int
nfs3svc_encode_fsinfores(struct svc_rqst * rqstp,__be32 * p)1087 nfs3svc_encode_fsinfores(struct svc_rqst *rqstp, __be32 *p)
1088 {
1089 	struct nfsd3_fsinfores *resp = rqstp->rq_resp;
1090 
1091 	*p++ = resp->status;
1092 	*p++ = xdr_zero;	/* no post_op_attr */
1093 
1094 	if (resp->status == 0) {
1095 		*p++ = htonl(resp->f_rtmax);
1096 		*p++ = htonl(resp->f_rtpref);
1097 		*p++ = htonl(resp->f_rtmult);
1098 		*p++ = htonl(resp->f_wtmax);
1099 		*p++ = htonl(resp->f_wtpref);
1100 		*p++ = htonl(resp->f_wtmult);
1101 		*p++ = htonl(resp->f_dtpref);
1102 		p = xdr_encode_hyper(p, resp->f_maxfilesize);
1103 		*p++ = xdr_one;
1104 		*p++ = xdr_zero;
1105 		*p++ = htonl(resp->f_properties);
1106 	}
1107 
1108 	return xdr_ressize_check(rqstp, p);
1109 }
1110 
1111 /* PATHCONF */
1112 int
nfs3svc_encode_pathconfres(struct svc_rqst * rqstp,__be32 * p)1113 nfs3svc_encode_pathconfres(struct svc_rqst *rqstp, __be32 *p)
1114 {
1115 	struct nfsd3_pathconfres *resp = rqstp->rq_resp;
1116 
1117 	*p++ = resp->status;
1118 	*p++ = xdr_zero;	/* no post_op_attr */
1119 
1120 	if (resp->status == 0) {
1121 		*p++ = htonl(resp->p_link_max);
1122 		*p++ = htonl(resp->p_name_max);
1123 		*p++ = htonl(resp->p_no_trunc);
1124 		*p++ = htonl(resp->p_chown_restricted);
1125 		*p++ = htonl(resp->p_case_insensitive);
1126 		*p++ = htonl(resp->p_case_preserving);
1127 	}
1128 
1129 	return xdr_ressize_check(rqstp, p);
1130 }
1131 
1132 /* COMMIT */
1133 int
nfs3svc_encode_commitres(struct svc_rqst * rqstp,__be32 * p)1134 nfs3svc_encode_commitres(struct svc_rqst *rqstp, __be32 *p)
1135 {
1136 	struct nfsd3_commitres *resp = rqstp->rq_resp;
1137 
1138 	*p++ = resp->status;
1139 	p = encode_wcc_data(rqstp, p, &resp->fh);
1140 	/* Write verifier */
1141 	if (resp->status == 0) {
1142 		*p++ = resp->verf[0];
1143 		*p++ = resp->verf[1];
1144 	}
1145 	return xdr_ressize_check(rqstp, p);
1146 }
1147 
1148 /*
1149  * XDR release functions
1150  */
1151 void
nfs3svc_release_fhandle(struct svc_rqst * rqstp)1152 nfs3svc_release_fhandle(struct svc_rqst *rqstp)
1153 {
1154 	struct nfsd3_attrstat *resp = rqstp->rq_resp;
1155 
1156 	fh_put(&resp->fh);
1157 }
1158 
1159 void
nfs3svc_release_fhandle2(struct svc_rqst * rqstp)1160 nfs3svc_release_fhandle2(struct svc_rqst *rqstp)
1161 {
1162 	struct nfsd3_fhandle_pair *resp = rqstp->rq_resp;
1163 
1164 	fh_put(&resp->fh1);
1165 	fh_put(&resp->fh2);
1166 }
1167