1 /* 2 * Server-side XDR for NFSv4 3 * 4 * Copyright (c) 2002 The Regents of the University of Michigan. 5 * All rights reserved. 6 * 7 * Kendrick Smith <kmsmith@umich.edu> 8 * Andy Adamson <andros@umich.edu> 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of the University nor the names of its 20 * contributors may be used to endorse or promote products derived 21 * from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 #include <linux/file.h> 37 #include <linux/slab.h> 38 #include <linux/namei.h> 39 #include <linux/statfs.h> 40 #include <linux/utsname.h> 41 #include <linux/pagemap.h> 42 #include <linux/sunrpc/svcauth_gss.h> 43 #include <linux/sunrpc/addr.h> 44 #include <linux/xattr.h> 45 #include <linux/vmalloc.h> 46 47 #include <uapi/linux/xattr.h> 48 49 #include "idmap.h" 50 #include "acl.h" 51 #include "xdr4.h" 52 #include "vfs.h" 53 #include "state.h" 54 #include "cache.h" 55 #include "netns.h" 56 #include "pnfs.h" 57 #include "filecache.h" 58 59 #include "trace.h" 60 61 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 62 #include <linux/security.h> 63 #endif 64 65 66 #define NFSDDBG_FACILITY NFSDDBG_XDR 67 68 const u32 nfsd_suppattrs[3][3] = { 69 {NFSD4_SUPPORTED_ATTRS_WORD0, 70 NFSD4_SUPPORTED_ATTRS_WORD1, 71 NFSD4_SUPPORTED_ATTRS_WORD2}, 72 73 {NFSD4_1_SUPPORTED_ATTRS_WORD0, 74 NFSD4_1_SUPPORTED_ATTRS_WORD1, 75 NFSD4_1_SUPPORTED_ATTRS_WORD2}, 76 77 {NFSD4_1_SUPPORTED_ATTRS_WORD0, 78 NFSD4_1_SUPPORTED_ATTRS_WORD1, 79 NFSD4_2_SUPPORTED_ATTRS_WORD2}, 80 }; 81 82 /* 83 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing 84 * directory in order to indicate to the client that a filesystem boundary is present 85 * We use a fixed fsid for a referral 86 */ 87 #define NFS4_REFERRAL_FSID_MAJOR 0x8000000ULL 88 #define NFS4_REFERRAL_FSID_MINOR 0x8000000ULL 89 90 static __be32 check_filename(char * str,int len)91 check_filename(char *str, int len) 92 { 93 int i; 94 95 if (len == 0) 96 return nfserr_inval; 97 if (len > NFS4_MAXNAMLEN) 98 return nfserr_nametoolong; 99 if (isdotent(str, len)) 100 return nfserr_badname; 101 for (i = 0; i < len; i++) 102 if (str[i] == '/') 103 return nfserr_badname; 104 return 0; 105 } 106 zero_clientid(clientid_t * clid)107 static int zero_clientid(clientid_t *clid) 108 { 109 return (clid->cl_boot == 0) && (clid->cl_id == 0); 110 } 111 112 /** 113 * svcxdr_tmpalloc - allocate memory to be freed after compound processing 114 * @argp: NFSv4 compound argument structure 115 * @len: length of buffer to allocate 116 * 117 * Allocates a buffer of size @len to be freed when processing the compound 118 * operation described in @argp finishes. 119 */ 120 static void * svcxdr_tmpalloc(struct nfsd4_compoundargs * argp,u32 len)121 svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len) 122 { 123 struct svcxdr_tmpbuf *tb; 124 125 tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL); 126 if (!tb) 127 return NULL; 128 tb->next = argp->to_free; 129 argp->to_free = tb; 130 return tb->buf; 131 } 132 133 /* 134 * For xdr strings that need to be passed to other kernel api's 135 * as null-terminated strings. 136 * 137 * Note null-terminating in place usually isn't safe since the 138 * buffer might end on a page boundary. 139 */ 140 static char * svcxdr_dupstr(struct nfsd4_compoundargs * argp,void * buf,u32 len)141 svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len) 142 { 143 char *p = svcxdr_tmpalloc(argp, len + 1); 144 145 if (!p) 146 return NULL; 147 memcpy(p, buf, len); 148 p[len] = '\0'; 149 return p; 150 } 151 152 static void * svcxdr_savemem(struct nfsd4_compoundargs * argp,__be32 * p,u32 len)153 svcxdr_savemem(struct nfsd4_compoundargs *argp, __be32 *p, u32 len) 154 { 155 __be32 *tmp; 156 157 /* 158 * The location of the decoded data item is stable, 159 * so @p is OK to use. This is the common case. 160 */ 161 if (p != argp->xdr->scratch.iov_base) 162 return p; 163 164 tmp = svcxdr_tmpalloc(argp, len); 165 if (!tmp) 166 return NULL; 167 memcpy(tmp, p, len); 168 return tmp; 169 } 170 171 /* 172 * NFSv4 basic data type decoders 173 */ 174 175 /* 176 * This helper handles variable-length opaques which belong to protocol 177 * elements that this implementation does not support. 178 */ 179 static __be32 nfsd4_decode_ignored_string(struct nfsd4_compoundargs * argp,u32 maxlen)180 nfsd4_decode_ignored_string(struct nfsd4_compoundargs *argp, u32 maxlen) 181 { 182 u32 len; 183 184 if (xdr_stream_decode_u32(argp->xdr, &len) < 0) 185 return nfserr_bad_xdr; 186 if (maxlen && len > maxlen) 187 return nfserr_bad_xdr; 188 if (!xdr_inline_decode(argp->xdr, len)) 189 return nfserr_bad_xdr; 190 191 return nfs_ok; 192 } 193 194 static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs * argp,struct xdr_netobj * o)195 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o) 196 { 197 __be32 *p; 198 u32 len; 199 200 if (xdr_stream_decode_u32(argp->xdr, &len) < 0) 201 return nfserr_bad_xdr; 202 if (len == 0 || len > NFS4_OPAQUE_LIMIT) 203 return nfserr_bad_xdr; 204 p = xdr_inline_decode(argp->xdr, len); 205 if (!p) 206 return nfserr_bad_xdr; 207 o->data = svcxdr_savemem(argp, p, len); 208 if (!o->data) 209 return nfserr_jukebox; 210 o->len = len; 211 212 return nfs_ok; 213 } 214 215 static __be32 nfsd4_decode_component4(struct nfsd4_compoundargs * argp,char ** namp,u32 * lenp)216 nfsd4_decode_component4(struct nfsd4_compoundargs *argp, char **namp, u32 *lenp) 217 { 218 __be32 *p, status; 219 220 if (xdr_stream_decode_u32(argp->xdr, lenp) < 0) 221 return nfserr_bad_xdr; 222 p = xdr_inline_decode(argp->xdr, *lenp); 223 if (!p) 224 return nfserr_bad_xdr; 225 status = check_filename((char *)p, *lenp); 226 if (status) 227 return status; 228 *namp = svcxdr_savemem(argp, p, *lenp); 229 if (!*namp) 230 return nfserr_jukebox; 231 232 return nfs_ok; 233 } 234 235 static __be32 nfsd4_decode_nfstime4(struct nfsd4_compoundargs * argp,struct timespec64 * tv)236 nfsd4_decode_nfstime4(struct nfsd4_compoundargs *argp, struct timespec64 *tv) 237 { 238 __be32 *p; 239 240 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 3); 241 if (!p) 242 return nfserr_bad_xdr; 243 p = xdr_decode_hyper(p, &tv->tv_sec); 244 tv->tv_nsec = be32_to_cpup(p++); 245 if (tv->tv_nsec >= (u32)1000000000) 246 return nfserr_inval; 247 return nfs_ok; 248 } 249 250 static __be32 nfsd4_decode_verifier4(struct nfsd4_compoundargs * argp,nfs4_verifier * verf)251 nfsd4_decode_verifier4(struct nfsd4_compoundargs *argp, nfs4_verifier *verf) 252 { 253 __be32 *p; 254 255 p = xdr_inline_decode(argp->xdr, NFS4_VERIFIER_SIZE); 256 if (!p) 257 return nfserr_bad_xdr; 258 memcpy(verf->data, p, sizeof(verf->data)); 259 return nfs_ok; 260 } 261 262 /** 263 * nfsd4_decode_bitmap4 - Decode an NFSv4 bitmap4 264 * @argp: NFSv4 compound argument structure 265 * @bmval: pointer to an array of u32's to decode into 266 * @bmlen: size of the @bmval array 267 * 268 * The server needs to return nfs_ok rather than nfserr_bad_xdr when 269 * encountering bitmaps containing bits it does not recognize. This 270 * includes bits in bitmap words past WORDn, where WORDn is the last 271 * bitmap WORD the implementation currently supports. Thus we are 272 * careful here to simply ignore bits in bitmap words that this 273 * implementation has yet to support explicitly. 274 * 275 * Return values: 276 * %nfs_ok: @bmval populated successfully 277 * %nfserr_bad_xdr: the encoded bitmap was invalid 278 */ 279 static __be32 nfsd4_decode_bitmap4(struct nfsd4_compoundargs * argp,u32 * bmval,u32 bmlen)280 nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen) 281 { 282 ssize_t status; 283 284 status = xdr_stream_decode_uint32_array(argp->xdr, bmval, bmlen); 285 return status == -EBADMSG ? nfserr_bad_xdr : nfs_ok; 286 } 287 288 static __be32 nfsd4_decode_nfsace4(struct nfsd4_compoundargs * argp,struct nfs4_ace * ace)289 nfsd4_decode_nfsace4(struct nfsd4_compoundargs *argp, struct nfs4_ace *ace) 290 { 291 __be32 *p, status; 292 u32 length; 293 294 if (xdr_stream_decode_u32(argp->xdr, &ace->type) < 0) 295 return nfserr_bad_xdr; 296 if (xdr_stream_decode_u32(argp->xdr, &ace->flag) < 0) 297 return nfserr_bad_xdr; 298 if (xdr_stream_decode_u32(argp->xdr, &ace->access_mask) < 0) 299 return nfserr_bad_xdr; 300 301 if (xdr_stream_decode_u32(argp->xdr, &length) < 0) 302 return nfserr_bad_xdr; 303 p = xdr_inline_decode(argp->xdr, length); 304 if (!p) 305 return nfserr_bad_xdr; 306 ace->whotype = nfs4_acl_get_whotype((char *)p, length); 307 if (ace->whotype != NFS4_ACL_WHO_NAMED) 308 status = nfs_ok; 309 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP) 310 status = nfsd_map_name_to_gid(argp->rqstp, 311 (char *)p, length, &ace->who_gid); 312 else 313 status = nfsd_map_name_to_uid(argp->rqstp, 314 (char *)p, length, &ace->who_uid); 315 316 return status; 317 } 318 319 /* A counted array of nfsace4's */ 320 static noinline __be32 nfsd4_decode_acl(struct nfsd4_compoundargs * argp,struct nfs4_acl ** acl)321 nfsd4_decode_acl(struct nfsd4_compoundargs *argp, struct nfs4_acl **acl) 322 { 323 struct nfs4_ace *ace; 324 __be32 status; 325 u32 count; 326 327 if (xdr_stream_decode_u32(argp->xdr, &count) < 0) 328 return nfserr_bad_xdr; 329 330 if (count > xdr_stream_remaining(argp->xdr) / 20) 331 /* 332 * Even with 4-byte names there wouldn't be 333 * space for that many aces; something fishy is 334 * going on: 335 */ 336 return nfserr_fbig; 337 338 *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(count)); 339 if (*acl == NULL) 340 return nfserr_jukebox; 341 342 (*acl)->naces = count; 343 for (ace = (*acl)->aces; ace < (*acl)->aces + count; ace++) { 344 status = nfsd4_decode_nfsace4(argp, ace); 345 if (status) 346 return status; 347 } 348 349 return nfs_ok; 350 } 351 352 static noinline __be32 nfsd4_decode_security_label(struct nfsd4_compoundargs * argp,struct xdr_netobj * label)353 nfsd4_decode_security_label(struct nfsd4_compoundargs *argp, 354 struct xdr_netobj *label) 355 { 356 u32 lfs, pi, length; 357 __be32 *p; 358 359 if (xdr_stream_decode_u32(argp->xdr, &lfs) < 0) 360 return nfserr_bad_xdr; 361 if (xdr_stream_decode_u32(argp->xdr, &pi) < 0) 362 return nfserr_bad_xdr; 363 364 if (xdr_stream_decode_u32(argp->xdr, &length) < 0) 365 return nfserr_bad_xdr; 366 if (length > NFS4_MAXLABELLEN) 367 return nfserr_badlabel; 368 p = xdr_inline_decode(argp->xdr, length); 369 if (!p) 370 return nfserr_bad_xdr; 371 label->len = length; 372 label->data = svcxdr_dupstr(argp, p, length); 373 if (!label->data) 374 return nfserr_jukebox; 375 376 return nfs_ok; 377 } 378 379 static __be32 nfsd4_decode_fattr4(struct nfsd4_compoundargs * argp,u32 * bmval,u32 bmlen,struct iattr * iattr,struct nfs4_acl ** acl,struct xdr_netobj * label,int * umask)380 nfsd4_decode_fattr4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen, 381 struct iattr *iattr, struct nfs4_acl **acl, 382 struct xdr_netobj *label, int *umask) 383 { 384 unsigned int starting_pos; 385 u32 attrlist4_count; 386 __be32 *p, status; 387 388 iattr->ia_valid = 0; 389 status = nfsd4_decode_bitmap4(argp, bmval, bmlen); 390 if (status) 391 return nfserr_bad_xdr; 392 393 if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0 394 || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1 395 || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2) { 396 if (nfsd_attrs_supported(argp->minorversion, bmval)) 397 return nfserr_inval; 398 return nfserr_attrnotsupp; 399 } 400 401 if (xdr_stream_decode_u32(argp->xdr, &attrlist4_count) < 0) 402 return nfserr_bad_xdr; 403 starting_pos = xdr_stream_pos(argp->xdr); 404 405 if (bmval[0] & FATTR4_WORD0_SIZE) { 406 u64 size; 407 408 if (xdr_stream_decode_u64(argp->xdr, &size) < 0) 409 return nfserr_bad_xdr; 410 iattr->ia_size = size; 411 iattr->ia_valid |= ATTR_SIZE; 412 } 413 if (bmval[0] & FATTR4_WORD0_ACL) { 414 status = nfsd4_decode_acl(argp, acl); 415 if (status) 416 return status; 417 } else 418 *acl = NULL; 419 if (bmval[1] & FATTR4_WORD1_MODE) { 420 u32 mode; 421 422 if (xdr_stream_decode_u32(argp->xdr, &mode) < 0) 423 return nfserr_bad_xdr; 424 iattr->ia_mode = mode; 425 iattr->ia_mode &= (S_IFMT | S_IALLUGO); 426 iattr->ia_valid |= ATTR_MODE; 427 } 428 if (bmval[1] & FATTR4_WORD1_OWNER) { 429 u32 length; 430 431 if (xdr_stream_decode_u32(argp->xdr, &length) < 0) 432 return nfserr_bad_xdr; 433 p = xdr_inline_decode(argp->xdr, length); 434 if (!p) 435 return nfserr_bad_xdr; 436 status = nfsd_map_name_to_uid(argp->rqstp, (char *)p, length, 437 &iattr->ia_uid); 438 if (status) 439 return status; 440 iattr->ia_valid |= ATTR_UID; 441 } 442 if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) { 443 u32 length; 444 445 if (xdr_stream_decode_u32(argp->xdr, &length) < 0) 446 return nfserr_bad_xdr; 447 p = xdr_inline_decode(argp->xdr, length); 448 if (!p) 449 return nfserr_bad_xdr; 450 status = nfsd_map_name_to_gid(argp->rqstp, (char *)p, length, 451 &iattr->ia_gid); 452 if (status) 453 return status; 454 iattr->ia_valid |= ATTR_GID; 455 } 456 if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) { 457 u32 set_it; 458 459 if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0) 460 return nfserr_bad_xdr; 461 switch (set_it) { 462 case NFS4_SET_TO_CLIENT_TIME: 463 status = nfsd4_decode_nfstime4(argp, &iattr->ia_atime); 464 if (status) 465 return status; 466 iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET); 467 break; 468 case NFS4_SET_TO_SERVER_TIME: 469 iattr->ia_valid |= ATTR_ATIME; 470 break; 471 default: 472 return nfserr_bad_xdr; 473 } 474 } 475 if (bmval[1] & FATTR4_WORD1_TIME_CREATE) { 476 struct timespec64 ts; 477 478 /* No Linux filesystem supports setting this attribute. */ 479 bmval[1] &= ~FATTR4_WORD1_TIME_CREATE; 480 status = nfsd4_decode_nfstime4(argp, &ts); 481 if (status) 482 return status; 483 } 484 if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) { 485 u32 set_it; 486 487 if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0) 488 return nfserr_bad_xdr; 489 switch (set_it) { 490 case NFS4_SET_TO_CLIENT_TIME: 491 status = nfsd4_decode_nfstime4(argp, &iattr->ia_mtime); 492 if (status) 493 return status; 494 iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET); 495 break; 496 case NFS4_SET_TO_SERVER_TIME: 497 iattr->ia_valid |= ATTR_MTIME; 498 break; 499 default: 500 return nfserr_bad_xdr; 501 } 502 } 503 label->len = 0; 504 if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) && 505 bmval[2] & FATTR4_WORD2_SECURITY_LABEL) { 506 status = nfsd4_decode_security_label(argp, label); 507 if (status) 508 return status; 509 } 510 if (bmval[2] & FATTR4_WORD2_MODE_UMASK) { 511 u32 mode, mask; 512 513 if (!umask) 514 return nfserr_bad_xdr; 515 if (xdr_stream_decode_u32(argp->xdr, &mode) < 0) 516 return nfserr_bad_xdr; 517 iattr->ia_mode = mode & (S_IFMT | S_IALLUGO); 518 if (xdr_stream_decode_u32(argp->xdr, &mask) < 0) 519 return nfserr_bad_xdr; 520 *umask = mask & S_IRWXUGO; 521 iattr->ia_valid |= ATTR_MODE; 522 } 523 524 /* request sanity: did attrlist4 contain the expected number of words? */ 525 if (attrlist4_count != xdr_stream_pos(argp->xdr) - starting_pos) 526 return nfserr_bad_xdr; 527 528 return nfs_ok; 529 } 530 531 static __be32 nfsd4_decode_stateid4(struct nfsd4_compoundargs * argp,stateid_t * sid)532 nfsd4_decode_stateid4(struct nfsd4_compoundargs *argp, stateid_t *sid) 533 { 534 __be32 *p; 535 536 p = xdr_inline_decode(argp->xdr, NFS4_STATEID_SIZE); 537 if (!p) 538 return nfserr_bad_xdr; 539 sid->si_generation = be32_to_cpup(p++); 540 memcpy(&sid->si_opaque, p, sizeof(sid->si_opaque)); 541 return nfs_ok; 542 } 543 544 static __be32 nfsd4_decode_clientid4(struct nfsd4_compoundargs * argp,clientid_t * clientid)545 nfsd4_decode_clientid4(struct nfsd4_compoundargs *argp, clientid_t *clientid) 546 { 547 __be32 *p; 548 549 p = xdr_inline_decode(argp->xdr, sizeof(__be64)); 550 if (!p) 551 return nfserr_bad_xdr; 552 memcpy(clientid, p, sizeof(*clientid)); 553 return nfs_ok; 554 } 555 556 static __be32 nfsd4_decode_state_owner4(struct nfsd4_compoundargs * argp,clientid_t * clientid,struct xdr_netobj * owner)557 nfsd4_decode_state_owner4(struct nfsd4_compoundargs *argp, 558 clientid_t *clientid, struct xdr_netobj *owner) 559 { 560 __be32 status; 561 562 status = nfsd4_decode_clientid4(argp, clientid); 563 if (status) 564 return status; 565 return nfsd4_decode_opaque(argp, owner); 566 } 567 568 #ifdef CONFIG_NFSD_PNFS 569 static __be32 nfsd4_decode_deviceid4(struct nfsd4_compoundargs * argp,struct nfsd4_deviceid * devid)570 nfsd4_decode_deviceid4(struct nfsd4_compoundargs *argp, 571 struct nfsd4_deviceid *devid) 572 { 573 __be32 *p; 574 575 p = xdr_inline_decode(argp->xdr, NFS4_DEVICEID4_SIZE); 576 if (!p) 577 return nfserr_bad_xdr; 578 memcpy(devid, p, sizeof(*devid)); 579 return nfs_ok; 580 } 581 582 static __be32 nfsd4_decode_layoutupdate4(struct nfsd4_compoundargs * argp,struct nfsd4_layoutcommit * lcp)583 nfsd4_decode_layoutupdate4(struct nfsd4_compoundargs *argp, 584 struct nfsd4_layoutcommit *lcp) 585 { 586 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_layout_type) < 0) 587 return nfserr_bad_xdr; 588 if (lcp->lc_layout_type < LAYOUT_NFSV4_1_FILES) 589 return nfserr_bad_xdr; 590 if (lcp->lc_layout_type >= LAYOUT_TYPE_MAX) 591 return nfserr_bad_xdr; 592 593 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_up_len) < 0) 594 return nfserr_bad_xdr; 595 if (lcp->lc_up_len > 0) { 596 lcp->lc_up_layout = xdr_inline_decode(argp->xdr, lcp->lc_up_len); 597 if (!lcp->lc_up_layout) 598 return nfserr_bad_xdr; 599 } 600 601 return nfs_ok; 602 } 603 604 static __be32 nfsd4_decode_layoutreturn4(struct nfsd4_compoundargs * argp,struct nfsd4_layoutreturn * lrp)605 nfsd4_decode_layoutreturn4(struct nfsd4_compoundargs *argp, 606 struct nfsd4_layoutreturn *lrp) 607 { 608 __be32 status; 609 610 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_return_type) < 0) 611 return nfserr_bad_xdr; 612 switch (lrp->lr_return_type) { 613 case RETURN_FILE: 614 if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.offset) < 0) 615 return nfserr_bad_xdr; 616 if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.length) < 0) 617 return nfserr_bad_xdr; 618 status = nfsd4_decode_stateid4(argp, &lrp->lr_sid); 619 if (status) 620 return status; 621 if (xdr_stream_decode_u32(argp->xdr, &lrp->lrf_body_len) < 0) 622 return nfserr_bad_xdr; 623 if (lrp->lrf_body_len > 0) { 624 lrp->lrf_body = xdr_inline_decode(argp->xdr, lrp->lrf_body_len); 625 if (!lrp->lrf_body) 626 return nfserr_bad_xdr; 627 } 628 break; 629 case RETURN_FSID: 630 case RETURN_ALL: 631 lrp->lr_seg.offset = 0; 632 lrp->lr_seg.length = NFS4_MAX_UINT64; 633 break; 634 default: 635 return nfserr_bad_xdr; 636 } 637 638 return nfs_ok; 639 } 640 641 #endif /* CONFIG_NFSD_PNFS */ 642 643 static __be32 nfsd4_decode_sessionid4(struct nfsd4_compoundargs * argp,struct nfs4_sessionid * sessionid)644 nfsd4_decode_sessionid4(struct nfsd4_compoundargs *argp, 645 struct nfs4_sessionid *sessionid) 646 { 647 __be32 *p; 648 649 p = xdr_inline_decode(argp->xdr, NFS4_MAX_SESSIONID_LEN); 650 if (!p) 651 return nfserr_bad_xdr; 652 memcpy(sessionid->data, p, sizeof(sessionid->data)); 653 return nfs_ok; 654 } 655 656 /* Defined in Appendix A of RFC 5531 */ 657 static __be32 nfsd4_decode_authsys_parms(struct nfsd4_compoundargs * argp,struct nfsd4_cb_sec * cbs)658 nfsd4_decode_authsys_parms(struct nfsd4_compoundargs *argp, 659 struct nfsd4_cb_sec *cbs) 660 { 661 u32 stamp, gidcount, uid, gid; 662 __be32 *p, status; 663 664 if (xdr_stream_decode_u32(argp->xdr, &stamp) < 0) 665 return nfserr_bad_xdr; 666 /* machine name */ 667 status = nfsd4_decode_ignored_string(argp, 255); 668 if (status) 669 return status; 670 if (xdr_stream_decode_u32(argp->xdr, &uid) < 0) 671 return nfserr_bad_xdr; 672 if (xdr_stream_decode_u32(argp->xdr, &gid) < 0) 673 return nfserr_bad_xdr; 674 if (xdr_stream_decode_u32(argp->xdr, &gidcount) < 0) 675 return nfserr_bad_xdr; 676 if (gidcount > 16) 677 return nfserr_bad_xdr; 678 p = xdr_inline_decode(argp->xdr, gidcount << 2); 679 if (!p) 680 return nfserr_bad_xdr; 681 if (cbs->flavor == (u32)(-1)) { 682 struct user_namespace *userns = nfsd_user_namespace(argp->rqstp); 683 684 kuid_t kuid = make_kuid(userns, uid); 685 kgid_t kgid = make_kgid(userns, gid); 686 if (uid_valid(kuid) && gid_valid(kgid)) { 687 cbs->uid = kuid; 688 cbs->gid = kgid; 689 cbs->flavor = RPC_AUTH_UNIX; 690 } else { 691 dprintk("RPC_AUTH_UNIX with invalid uid or gid, ignoring!\n"); 692 } 693 } 694 695 return nfs_ok; 696 } 697 698 static __be32 nfsd4_decode_gss_cb_handles4(struct nfsd4_compoundargs * argp,struct nfsd4_cb_sec * cbs)699 nfsd4_decode_gss_cb_handles4(struct nfsd4_compoundargs *argp, 700 struct nfsd4_cb_sec *cbs) 701 { 702 __be32 status; 703 u32 service; 704 705 dprintk("RPC_AUTH_GSS callback secflavor not supported!\n"); 706 707 if (xdr_stream_decode_u32(argp->xdr, &service) < 0) 708 return nfserr_bad_xdr; 709 if (service < RPC_GSS_SVC_NONE || service > RPC_GSS_SVC_PRIVACY) 710 return nfserr_bad_xdr; 711 /* gcbp_handle_from_server */ 712 status = nfsd4_decode_ignored_string(argp, 0); 713 if (status) 714 return status; 715 /* gcbp_handle_from_client */ 716 status = nfsd4_decode_ignored_string(argp, 0); 717 if (status) 718 return status; 719 720 return nfs_ok; 721 } 722 723 /* a counted array of callback_sec_parms4 items */ 724 static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs * argp,struct nfsd4_cb_sec * cbs)725 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs) 726 { 727 u32 i, secflavor, nr_secflavs; 728 __be32 status; 729 730 /* callback_sec_params4 */ 731 if (xdr_stream_decode_u32(argp->xdr, &nr_secflavs) < 0) 732 return nfserr_bad_xdr; 733 if (nr_secflavs) 734 cbs->flavor = (u32)(-1); 735 else 736 /* Is this legal? Be generous, take it to mean AUTH_NONE: */ 737 cbs->flavor = 0; 738 739 for (i = 0; i < nr_secflavs; ++i) { 740 if (xdr_stream_decode_u32(argp->xdr, &secflavor) < 0) 741 return nfserr_bad_xdr; 742 switch (secflavor) { 743 case RPC_AUTH_NULL: 744 /* void */ 745 if (cbs->flavor == (u32)(-1)) 746 cbs->flavor = RPC_AUTH_NULL; 747 break; 748 case RPC_AUTH_UNIX: 749 status = nfsd4_decode_authsys_parms(argp, cbs); 750 if (status) 751 return status; 752 break; 753 case RPC_AUTH_GSS: 754 status = nfsd4_decode_gss_cb_handles4(argp, cbs); 755 if (status) 756 return status; 757 break; 758 default: 759 return nfserr_inval; 760 } 761 } 762 763 return nfs_ok; 764 } 765 766 767 /* 768 * NFSv4 operation argument decoders 769 */ 770 771 static __be32 nfsd4_decode_access(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)772 nfsd4_decode_access(struct nfsd4_compoundargs *argp, 773 union nfsd4_op_u *u) 774 { 775 struct nfsd4_access *access = &u->access; 776 if (xdr_stream_decode_u32(argp->xdr, &access->ac_req_access) < 0) 777 return nfserr_bad_xdr; 778 return nfs_ok; 779 } 780 781 static __be32 nfsd4_decode_close(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)782 nfsd4_decode_close(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 783 { 784 struct nfsd4_close *close = &u->close; 785 if (xdr_stream_decode_u32(argp->xdr, &close->cl_seqid) < 0) 786 return nfserr_bad_xdr; 787 return nfsd4_decode_stateid4(argp, &close->cl_stateid); 788 } 789 790 791 static __be32 nfsd4_decode_commit(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)792 nfsd4_decode_commit(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 793 { 794 struct nfsd4_commit *commit = &u->commit; 795 if (xdr_stream_decode_u64(argp->xdr, &commit->co_offset) < 0) 796 return nfserr_bad_xdr; 797 if (xdr_stream_decode_u32(argp->xdr, &commit->co_count) < 0) 798 return nfserr_bad_xdr; 799 memset(&commit->co_verf, 0, sizeof(commit->co_verf)); 800 return nfs_ok; 801 } 802 803 static __be32 nfsd4_decode_create(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)804 nfsd4_decode_create(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 805 { 806 struct nfsd4_create *create = &u->create; 807 __be32 *p, status; 808 809 memset(create, 0, sizeof(*create)); 810 if (xdr_stream_decode_u32(argp->xdr, &create->cr_type) < 0) 811 return nfserr_bad_xdr; 812 switch (create->cr_type) { 813 case NF4LNK: 814 if (xdr_stream_decode_u32(argp->xdr, &create->cr_datalen) < 0) 815 return nfserr_bad_xdr; 816 p = xdr_inline_decode(argp->xdr, create->cr_datalen); 817 if (!p) 818 return nfserr_bad_xdr; 819 create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen); 820 if (!create->cr_data) 821 return nfserr_jukebox; 822 break; 823 case NF4BLK: 824 case NF4CHR: 825 if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata1) < 0) 826 return nfserr_bad_xdr; 827 if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata2) < 0) 828 return nfserr_bad_xdr; 829 break; 830 case NF4SOCK: 831 case NF4FIFO: 832 case NF4DIR: 833 default: 834 break; 835 } 836 status = nfsd4_decode_component4(argp, &create->cr_name, 837 &create->cr_namelen); 838 if (status) 839 return status; 840 status = nfsd4_decode_fattr4(argp, create->cr_bmval, 841 ARRAY_SIZE(create->cr_bmval), 842 &create->cr_iattr, &create->cr_acl, 843 &create->cr_label, &create->cr_umask); 844 if (status) 845 return status; 846 847 return nfs_ok; 848 } 849 850 static inline __be32 nfsd4_decode_delegreturn(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)851 nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 852 { 853 struct nfsd4_delegreturn *dr = &u->delegreturn; 854 return nfsd4_decode_stateid4(argp, &dr->dr_stateid); 855 } 856 857 static inline __be32 nfsd4_decode_getattr(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)858 nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 859 { 860 struct nfsd4_getattr *getattr = &u->getattr; 861 memset(getattr, 0, sizeof(*getattr)); 862 return nfsd4_decode_bitmap4(argp, getattr->ga_bmval, 863 ARRAY_SIZE(getattr->ga_bmval)); 864 } 865 866 static __be32 nfsd4_decode_link(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)867 nfsd4_decode_link(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 868 { 869 struct nfsd4_link *link = &u->link; 870 memset(link, 0, sizeof(*link)); 871 return nfsd4_decode_component4(argp, &link->li_name, &link->li_namelen); 872 } 873 874 static __be32 nfsd4_decode_open_to_lock_owner4(struct nfsd4_compoundargs * argp,struct nfsd4_lock * lock)875 nfsd4_decode_open_to_lock_owner4(struct nfsd4_compoundargs *argp, 876 struct nfsd4_lock *lock) 877 { 878 __be32 status; 879 880 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_open_seqid) < 0) 881 return nfserr_bad_xdr; 882 status = nfsd4_decode_stateid4(argp, &lock->lk_new_open_stateid); 883 if (status) 884 return status; 885 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_lock_seqid) < 0) 886 return nfserr_bad_xdr; 887 return nfsd4_decode_state_owner4(argp, &lock->lk_new_clientid, 888 &lock->lk_new_owner); 889 } 890 891 static __be32 nfsd4_decode_exist_lock_owner4(struct nfsd4_compoundargs * argp,struct nfsd4_lock * lock)892 nfsd4_decode_exist_lock_owner4(struct nfsd4_compoundargs *argp, 893 struct nfsd4_lock *lock) 894 { 895 __be32 status; 896 897 status = nfsd4_decode_stateid4(argp, &lock->lk_old_lock_stateid); 898 if (status) 899 return status; 900 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_old_lock_seqid) < 0) 901 return nfserr_bad_xdr; 902 903 return nfs_ok; 904 } 905 906 static __be32 nfsd4_decode_locker4(struct nfsd4_compoundargs * argp,struct nfsd4_lock * lock)907 nfsd4_decode_locker4(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock) 908 { 909 if (xdr_stream_decode_bool(argp->xdr, &lock->lk_is_new) < 0) 910 return nfserr_bad_xdr; 911 if (lock->lk_is_new) 912 return nfsd4_decode_open_to_lock_owner4(argp, lock); 913 return nfsd4_decode_exist_lock_owner4(argp, lock); 914 } 915 916 static __be32 nfsd4_decode_lock(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)917 nfsd4_decode_lock(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 918 { 919 struct nfsd4_lock *lock = &u->lock; 920 memset(lock, 0, sizeof(*lock)); 921 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_type) < 0) 922 return nfserr_bad_xdr; 923 if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT)) 924 return nfserr_bad_xdr; 925 if (xdr_stream_decode_bool(argp->xdr, &lock->lk_reclaim) < 0) 926 return nfserr_bad_xdr; 927 if (xdr_stream_decode_u64(argp->xdr, &lock->lk_offset) < 0) 928 return nfserr_bad_xdr; 929 if (xdr_stream_decode_u64(argp->xdr, &lock->lk_length) < 0) 930 return nfserr_bad_xdr; 931 return nfsd4_decode_locker4(argp, lock); 932 } 933 934 static __be32 nfsd4_decode_lockt(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)935 nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 936 { 937 struct nfsd4_lockt *lockt = &u->lockt; 938 memset(lockt, 0, sizeof(*lockt)); 939 if (xdr_stream_decode_u32(argp->xdr, &lockt->lt_type) < 0) 940 return nfserr_bad_xdr; 941 if ((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT)) 942 return nfserr_bad_xdr; 943 if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_offset) < 0) 944 return nfserr_bad_xdr; 945 if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_length) < 0) 946 return nfserr_bad_xdr; 947 return nfsd4_decode_state_owner4(argp, &lockt->lt_clientid, 948 &lockt->lt_owner); 949 } 950 951 static __be32 nfsd4_decode_locku(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)952 nfsd4_decode_locku(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 953 { 954 struct nfsd4_locku *locku = &u->locku; 955 __be32 status; 956 957 if (xdr_stream_decode_u32(argp->xdr, &locku->lu_type) < 0) 958 return nfserr_bad_xdr; 959 if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT)) 960 return nfserr_bad_xdr; 961 if (xdr_stream_decode_u32(argp->xdr, &locku->lu_seqid) < 0) 962 return nfserr_bad_xdr; 963 status = nfsd4_decode_stateid4(argp, &locku->lu_stateid); 964 if (status) 965 return status; 966 if (xdr_stream_decode_u64(argp->xdr, &locku->lu_offset) < 0) 967 return nfserr_bad_xdr; 968 if (xdr_stream_decode_u64(argp->xdr, &locku->lu_length) < 0) 969 return nfserr_bad_xdr; 970 971 return nfs_ok; 972 } 973 974 static __be32 nfsd4_decode_lookup(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)975 nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 976 { 977 struct nfsd4_lookup *lookup = &u->lookup; 978 return nfsd4_decode_component4(argp, &lookup->lo_name, &lookup->lo_len); 979 } 980 981 static __be32 nfsd4_decode_createhow4(struct nfsd4_compoundargs * argp,struct nfsd4_open * open)982 nfsd4_decode_createhow4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open) 983 { 984 __be32 status; 985 986 if (xdr_stream_decode_u32(argp->xdr, &open->op_createmode) < 0) 987 return nfserr_bad_xdr; 988 switch (open->op_createmode) { 989 case NFS4_CREATE_UNCHECKED: 990 case NFS4_CREATE_GUARDED: 991 status = nfsd4_decode_fattr4(argp, open->op_bmval, 992 ARRAY_SIZE(open->op_bmval), 993 &open->op_iattr, &open->op_acl, 994 &open->op_label, &open->op_umask); 995 if (status) 996 return status; 997 break; 998 case NFS4_CREATE_EXCLUSIVE: 999 status = nfsd4_decode_verifier4(argp, &open->op_verf); 1000 if (status) 1001 return status; 1002 break; 1003 case NFS4_CREATE_EXCLUSIVE4_1: 1004 if (argp->minorversion < 1) 1005 return nfserr_bad_xdr; 1006 status = nfsd4_decode_verifier4(argp, &open->op_verf); 1007 if (status) 1008 return status; 1009 status = nfsd4_decode_fattr4(argp, open->op_bmval, 1010 ARRAY_SIZE(open->op_bmval), 1011 &open->op_iattr, &open->op_acl, 1012 &open->op_label, &open->op_umask); 1013 if (status) 1014 return status; 1015 break; 1016 default: 1017 return nfserr_bad_xdr; 1018 } 1019 1020 return nfs_ok; 1021 } 1022 1023 static __be32 nfsd4_decode_openflag4(struct nfsd4_compoundargs * argp,struct nfsd4_open * open)1024 nfsd4_decode_openflag4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open) 1025 { 1026 __be32 status; 1027 1028 if (xdr_stream_decode_u32(argp->xdr, &open->op_create) < 0) 1029 return nfserr_bad_xdr; 1030 switch (open->op_create) { 1031 case NFS4_OPEN_NOCREATE: 1032 break; 1033 case NFS4_OPEN_CREATE: 1034 status = nfsd4_decode_createhow4(argp, open); 1035 if (status) 1036 return status; 1037 break; 1038 default: 1039 return nfserr_bad_xdr; 1040 } 1041 1042 return nfs_ok; 1043 } 1044 nfsd4_decode_share_access(struct nfsd4_compoundargs * argp,u32 * share_access,u32 * deleg_want,u32 * deleg_when)1045 static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when) 1046 { 1047 u32 w; 1048 1049 if (xdr_stream_decode_u32(argp->xdr, &w) < 0) 1050 return nfserr_bad_xdr; 1051 *share_access = w & NFS4_SHARE_ACCESS_MASK; 1052 *deleg_want = w & NFS4_SHARE_WANT_MASK; 1053 if (deleg_when) 1054 *deleg_when = w & NFS4_SHARE_WHEN_MASK; 1055 1056 switch (w & NFS4_SHARE_ACCESS_MASK) { 1057 case NFS4_SHARE_ACCESS_READ: 1058 case NFS4_SHARE_ACCESS_WRITE: 1059 case NFS4_SHARE_ACCESS_BOTH: 1060 break; 1061 default: 1062 return nfserr_bad_xdr; 1063 } 1064 w &= ~NFS4_SHARE_ACCESS_MASK; 1065 if (!w) 1066 return nfs_ok; 1067 if (!argp->minorversion) 1068 return nfserr_bad_xdr; 1069 switch (w & NFS4_SHARE_WANT_MASK) { 1070 case NFS4_SHARE_WANT_NO_PREFERENCE: 1071 case NFS4_SHARE_WANT_READ_DELEG: 1072 case NFS4_SHARE_WANT_WRITE_DELEG: 1073 case NFS4_SHARE_WANT_ANY_DELEG: 1074 case NFS4_SHARE_WANT_NO_DELEG: 1075 case NFS4_SHARE_WANT_CANCEL: 1076 break; 1077 default: 1078 return nfserr_bad_xdr; 1079 } 1080 w &= ~NFS4_SHARE_WANT_MASK; 1081 if (!w) 1082 return nfs_ok; 1083 1084 if (!deleg_when) /* open_downgrade */ 1085 return nfserr_inval; 1086 switch (w) { 1087 case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL: 1088 case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED: 1089 case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL | 1090 NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED): 1091 return nfs_ok; 1092 } 1093 return nfserr_bad_xdr; 1094 } 1095 nfsd4_decode_share_deny(struct nfsd4_compoundargs * argp,u32 * x)1096 static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x) 1097 { 1098 if (xdr_stream_decode_u32(argp->xdr, x) < 0) 1099 return nfserr_bad_xdr; 1100 /* Note: unlike access bits, deny bits may be zero. */ 1101 if (*x & ~NFS4_SHARE_DENY_BOTH) 1102 return nfserr_bad_xdr; 1103 1104 return nfs_ok; 1105 } 1106 1107 static __be32 nfsd4_decode_open_claim4(struct nfsd4_compoundargs * argp,struct nfsd4_open * open)1108 nfsd4_decode_open_claim4(struct nfsd4_compoundargs *argp, 1109 struct nfsd4_open *open) 1110 { 1111 __be32 status; 1112 1113 if (xdr_stream_decode_u32(argp->xdr, &open->op_claim_type) < 0) 1114 return nfserr_bad_xdr; 1115 switch (open->op_claim_type) { 1116 case NFS4_OPEN_CLAIM_NULL: 1117 case NFS4_OPEN_CLAIM_DELEGATE_PREV: 1118 status = nfsd4_decode_component4(argp, &open->op_fname, 1119 &open->op_fnamelen); 1120 if (status) 1121 return status; 1122 break; 1123 case NFS4_OPEN_CLAIM_PREVIOUS: 1124 if (xdr_stream_decode_u32(argp->xdr, &open->op_delegate_type) < 0) 1125 return nfserr_bad_xdr; 1126 break; 1127 case NFS4_OPEN_CLAIM_DELEGATE_CUR: 1128 status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid); 1129 if (status) 1130 return status; 1131 status = nfsd4_decode_component4(argp, &open->op_fname, 1132 &open->op_fnamelen); 1133 if (status) 1134 return status; 1135 break; 1136 case NFS4_OPEN_CLAIM_FH: 1137 case NFS4_OPEN_CLAIM_DELEG_PREV_FH: 1138 if (argp->minorversion < 1) 1139 return nfserr_bad_xdr; 1140 /* void */ 1141 break; 1142 case NFS4_OPEN_CLAIM_DELEG_CUR_FH: 1143 if (argp->minorversion < 1) 1144 return nfserr_bad_xdr; 1145 status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid); 1146 if (status) 1147 return status; 1148 break; 1149 default: 1150 return nfserr_bad_xdr; 1151 } 1152 1153 return nfs_ok; 1154 } 1155 1156 static __be32 nfsd4_decode_open(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1157 nfsd4_decode_open(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1158 { 1159 struct nfsd4_open *open = &u->open; 1160 __be32 status; 1161 u32 dummy; 1162 1163 memset(open, 0, sizeof(*open)); 1164 1165 if (xdr_stream_decode_u32(argp->xdr, &open->op_seqid) < 0) 1166 return nfserr_bad_xdr; 1167 /* deleg_want is ignored */ 1168 status = nfsd4_decode_share_access(argp, &open->op_share_access, 1169 &open->op_deleg_want, &dummy); 1170 if (status) 1171 return status; 1172 status = nfsd4_decode_share_deny(argp, &open->op_share_deny); 1173 if (status) 1174 return status; 1175 status = nfsd4_decode_state_owner4(argp, &open->op_clientid, 1176 &open->op_owner); 1177 if (status) 1178 return status; 1179 status = nfsd4_decode_openflag4(argp, open); 1180 if (status) 1181 return status; 1182 return nfsd4_decode_open_claim4(argp, open); 1183 } 1184 1185 static __be32 nfsd4_decode_open_confirm(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1186 nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, 1187 union nfsd4_op_u *u) 1188 { 1189 struct nfsd4_open_confirm *open_conf = &u->open_confirm; 1190 __be32 status; 1191 1192 if (argp->minorversion >= 1) 1193 return nfserr_notsupp; 1194 1195 status = nfsd4_decode_stateid4(argp, &open_conf->oc_req_stateid); 1196 if (status) 1197 return status; 1198 if (xdr_stream_decode_u32(argp->xdr, &open_conf->oc_seqid) < 0) 1199 return nfserr_bad_xdr; 1200 1201 memset(&open_conf->oc_resp_stateid, 0, 1202 sizeof(open_conf->oc_resp_stateid)); 1203 return nfs_ok; 1204 } 1205 1206 static __be32 nfsd4_decode_open_downgrade(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1207 nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, 1208 union nfsd4_op_u *u) 1209 { 1210 struct nfsd4_open_downgrade *open_down = &u->open_downgrade; 1211 __be32 status; 1212 1213 memset(open_down, 0, sizeof(*open_down)); 1214 status = nfsd4_decode_stateid4(argp, &open_down->od_stateid); 1215 if (status) 1216 return status; 1217 if (xdr_stream_decode_u32(argp->xdr, &open_down->od_seqid) < 0) 1218 return nfserr_bad_xdr; 1219 /* deleg_want is ignored */ 1220 status = nfsd4_decode_share_access(argp, &open_down->od_share_access, 1221 &open_down->od_deleg_want, NULL); 1222 if (status) 1223 return status; 1224 return nfsd4_decode_share_deny(argp, &open_down->od_share_deny); 1225 } 1226 1227 static __be32 nfsd4_decode_putfh(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1228 nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1229 { 1230 struct nfsd4_putfh *putfh = &u->putfh; 1231 __be32 *p; 1232 1233 if (xdr_stream_decode_u32(argp->xdr, &putfh->pf_fhlen) < 0) 1234 return nfserr_bad_xdr; 1235 if (putfh->pf_fhlen > NFS4_FHSIZE) 1236 return nfserr_bad_xdr; 1237 p = xdr_inline_decode(argp->xdr, putfh->pf_fhlen); 1238 if (!p) 1239 return nfserr_bad_xdr; 1240 putfh->pf_fhval = svcxdr_savemem(argp, p, putfh->pf_fhlen); 1241 if (!putfh->pf_fhval) 1242 return nfserr_jukebox; 1243 1244 putfh->no_verify = false; 1245 return nfs_ok; 1246 } 1247 1248 static __be32 nfsd4_decode_putpubfh(struct nfsd4_compoundargs * argp,union nfsd4_op_u * p)1249 nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p) 1250 { 1251 if (argp->minorversion == 0) 1252 return nfs_ok; 1253 return nfserr_notsupp; 1254 } 1255 1256 static __be32 nfsd4_decode_read(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1257 nfsd4_decode_read(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1258 { 1259 struct nfsd4_read *read = &u->read; 1260 __be32 status; 1261 1262 memset(read, 0, sizeof(*read)); 1263 status = nfsd4_decode_stateid4(argp, &read->rd_stateid); 1264 if (status) 1265 return status; 1266 if (xdr_stream_decode_u64(argp->xdr, &read->rd_offset) < 0) 1267 return nfserr_bad_xdr; 1268 if (xdr_stream_decode_u32(argp->xdr, &read->rd_length) < 0) 1269 return nfserr_bad_xdr; 1270 1271 return nfs_ok; 1272 } 1273 1274 static __be32 nfsd4_decode_readdir(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1275 nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1276 { 1277 struct nfsd4_readdir *readdir = &u->readdir; 1278 __be32 status; 1279 1280 memset(readdir, 0, sizeof(*readdir)); 1281 if (xdr_stream_decode_u64(argp->xdr, &readdir->rd_cookie) < 0) 1282 return nfserr_bad_xdr; 1283 status = nfsd4_decode_verifier4(argp, &readdir->rd_verf); 1284 if (status) 1285 return status; 1286 if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_dircount) < 0) 1287 return nfserr_bad_xdr; 1288 if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_maxcount) < 0) 1289 return nfserr_bad_xdr; 1290 if (xdr_stream_decode_uint32_array(argp->xdr, readdir->rd_bmval, 1291 ARRAY_SIZE(readdir->rd_bmval)) < 0) 1292 return nfserr_bad_xdr; 1293 1294 return nfs_ok; 1295 } 1296 1297 static __be32 nfsd4_decode_remove(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1298 nfsd4_decode_remove(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1299 { 1300 struct nfsd4_remove *remove = &u->remove; 1301 memset(&remove->rm_cinfo, 0, sizeof(remove->rm_cinfo)); 1302 return nfsd4_decode_component4(argp, &remove->rm_name, &remove->rm_namelen); 1303 } 1304 1305 static __be32 nfsd4_decode_rename(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1306 nfsd4_decode_rename(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1307 { 1308 struct nfsd4_rename *rename = &u->rename; 1309 __be32 status; 1310 1311 memset(rename, 0, sizeof(*rename)); 1312 status = nfsd4_decode_component4(argp, &rename->rn_sname, &rename->rn_snamelen); 1313 if (status) 1314 return status; 1315 return nfsd4_decode_component4(argp, &rename->rn_tname, &rename->rn_tnamelen); 1316 } 1317 1318 static __be32 nfsd4_decode_renew(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1319 nfsd4_decode_renew(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1320 { 1321 clientid_t *clientid = &u->renew; 1322 return nfsd4_decode_clientid4(argp, clientid); 1323 } 1324 1325 static __be32 nfsd4_decode_secinfo(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1326 nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp, 1327 union nfsd4_op_u *u) 1328 { 1329 struct nfsd4_secinfo *secinfo = &u->secinfo; 1330 secinfo->si_exp = NULL; 1331 return nfsd4_decode_component4(argp, &secinfo->si_name, &secinfo->si_namelen); 1332 } 1333 1334 static __be32 nfsd4_decode_setattr(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1335 nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1336 { 1337 struct nfsd4_setattr *setattr = &u->setattr; 1338 __be32 status; 1339 1340 memset(setattr, 0, sizeof(*setattr)); 1341 status = nfsd4_decode_stateid4(argp, &setattr->sa_stateid); 1342 if (status) 1343 return status; 1344 return nfsd4_decode_fattr4(argp, setattr->sa_bmval, 1345 ARRAY_SIZE(setattr->sa_bmval), 1346 &setattr->sa_iattr, &setattr->sa_acl, 1347 &setattr->sa_label, NULL); 1348 } 1349 1350 static __be32 nfsd4_decode_setclientid(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1351 nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1352 { 1353 struct nfsd4_setclientid *setclientid = &u->setclientid; 1354 __be32 *p, status; 1355 1356 memset(setclientid, 0, sizeof(*setclientid)); 1357 1358 if (argp->minorversion >= 1) 1359 return nfserr_notsupp; 1360 1361 status = nfsd4_decode_verifier4(argp, &setclientid->se_verf); 1362 if (status) 1363 return status; 1364 status = nfsd4_decode_opaque(argp, &setclientid->se_name); 1365 if (status) 1366 return status; 1367 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_prog) < 0) 1368 return nfserr_bad_xdr; 1369 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_netid_len) < 0) 1370 return nfserr_bad_xdr; 1371 p = xdr_inline_decode(argp->xdr, setclientid->se_callback_netid_len); 1372 if (!p) 1373 return nfserr_bad_xdr; 1374 setclientid->se_callback_netid_val = svcxdr_savemem(argp, p, 1375 setclientid->se_callback_netid_len); 1376 if (!setclientid->se_callback_netid_val) 1377 return nfserr_jukebox; 1378 1379 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_addr_len) < 0) 1380 return nfserr_bad_xdr; 1381 p = xdr_inline_decode(argp->xdr, setclientid->se_callback_addr_len); 1382 if (!p) 1383 return nfserr_bad_xdr; 1384 setclientid->se_callback_addr_val = svcxdr_savemem(argp, p, 1385 setclientid->se_callback_addr_len); 1386 if (!setclientid->se_callback_addr_val) 1387 return nfserr_jukebox; 1388 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_ident) < 0) 1389 return nfserr_bad_xdr; 1390 1391 return nfs_ok; 1392 } 1393 1394 static __be32 nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1395 nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, 1396 union nfsd4_op_u *u) 1397 { 1398 struct nfsd4_setclientid_confirm *scd_c = &u->setclientid_confirm; 1399 __be32 status; 1400 1401 if (argp->minorversion >= 1) 1402 return nfserr_notsupp; 1403 1404 status = nfsd4_decode_clientid4(argp, &scd_c->sc_clientid); 1405 if (status) 1406 return status; 1407 return nfsd4_decode_verifier4(argp, &scd_c->sc_confirm); 1408 } 1409 1410 /* Also used for NVERIFY */ 1411 static __be32 nfsd4_decode_verify(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1412 nfsd4_decode_verify(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1413 { 1414 struct nfsd4_verify *verify = &u->verify; 1415 __be32 *p, status; 1416 1417 memset(verify, 0, sizeof(*verify)); 1418 1419 status = nfsd4_decode_bitmap4(argp, verify->ve_bmval, 1420 ARRAY_SIZE(verify->ve_bmval)); 1421 if (status) 1422 return status; 1423 1424 /* For convenience's sake, we compare raw xdr'd attributes in 1425 * nfsd4_proc_verify */ 1426 1427 if (xdr_stream_decode_u32(argp->xdr, &verify->ve_attrlen) < 0) 1428 return nfserr_bad_xdr; 1429 p = xdr_inline_decode(argp->xdr, verify->ve_attrlen); 1430 if (!p) 1431 return nfserr_bad_xdr; 1432 verify->ve_attrval = svcxdr_savemem(argp, p, verify->ve_attrlen); 1433 if (!verify->ve_attrval) 1434 return nfserr_jukebox; 1435 1436 return nfs_ok; 1437 } 1438 1439 static __be32 nfsd4_decode_write(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1440 nfsd4_decode_write(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1441 { 1442 struct nfsd4_write *write = &u->write; 1443 __be32 status; 1444 1445 status = nfsd4_decode_stateid4(argp, &write->wr_stateid); 1446 if (status) 1447 return status; 1448 if (xdr_stream_decode_u64(argp->xdr, &write->wr_offset) < 0) 1449 return nfserr_bad_xdr; 1450 if (xdr_stream_decode_u32(argp->xdr, &write->wr_stable_how) < 0) 1451 return nfserr_bad_xdr; 1452 if (write->wr_stable_how > NFS_FILE_SYNC) 1453 return nfserr_bad_xdr; 1454 if (xdr_stream_decode_u32(argp->xdr, &write->wr_buflen) < 0) 1455 return nfserr_bad_xdr; 1456 if (!xdr_stream_subsegment(argp->xdr, &write->wr_payload, write->wr_buflen)) 1457 return nfserr_bad_xdr; 1458 1459 write->wr_bytes_written = 0; 1460 write->wr_how_written = 0; 1461 memset(&write->wr_verifier, 0, sizeof(write->wr_verifier)); 1462 return nfs_ok; 1463 } 1464 1465 static __be32 nfsd4_decode_release_lockowner(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1466 nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, 1467 union nfsd4_op_u *u) 1468 { 1469 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner; 1470 __be32 status; 1471 1472 if (argp->minorversion >= 1) 1473 return nfserr_notsupp; 1474 1475 status = nfsd4_decode_state_owner4(argp, &rlockowner->rl_clientid, 1476 &rlockowner->rl_owner); 1477 if (status) 1478 return status; 1479 1480 if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid)) 1481 return nfserr_inval; 1482 1483 return nfs_ok; 1484 } 1485 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1486 static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, 1487 union nfsd4_op_u *u) 1488 { 1489 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl; 1490 memset(bc, 0, sizeof(*bc)); 1491 if (xdr_stream_decode_u32(argp->xdr, &bc->bc_cb_program) < 0) 1492 return nfserr_bad_xdr; 1493 return nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec); 1494 } 1495 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1496 static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, 1497 union nfsd4_op_u *u) 1498 { 1499 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 1500 u32 use_conn_in_rdma_mode; 1501 __be32 status; 1502 1503 memset(bcts, 0, sizeof(*bcts)); 1504 status = nfsd4_decode_sessionid4(argp, &bcts->sessionid); 1505 if (status) 1506 return status; 1507 if (xdr_stream_decode_u32(argp->xdr, &bcts->dir) < 0) 1508 return nfserr_bad_xdr; 1509 if (xdr_stream_decode_u32(argp->xdr, &use_conn_in_rdma_mode) < 0) 1510 return nfserr_bad_xdr; 1511 1512 return nfs_ok; 1513 } 1514 1515 static __be32 nfsd4_decode_state_protect_ops(struct nfsd4_compoundargs * argp,struct nfsd4_exchange_id * exid)1516 nfsd4_decode_state_protect_ops(struct nfsd4_compoundargs *argp, 1517 struct nfsd4_exchange_id *exid) 1518 { 1519 __be32 status; 1520 1521 status = nfsd4_decode_bitmap4(argp, exid->spo_must_enforce, 1522 ARRAY_SIZE(exid->spo_must_enforce)); 1523 if (status) 1524 return nfserr_bad_xdr; 1525 status = nfsd4_decode_bitmap4(argp, exid->spo_must_allow, 1526 ARRAY_SIZE(exid->spo_must_allow)); 1527 if (status) 1528 return nfserr_bad_xdr; 1529 1530 return nfs_ok; 1531 } 1532 1533 /* 1534 * This implementation currently does not support SP4_SSV. 1535 * This decoder simply skips over these arguments. 1536 */ 1537 static noinline __be32 nfsd4_decode_ssv_sp_parms(struct nfsd4_compoundargs * argp,struct nfsd4_exchange_id * exid)1538 nfsd4_decode_ssv_sp_parms(struct nfsd4_compoundargs *argp, 1539 struct nfsd4_exchange_id *exid) 1540 { 1541 u32 count, window, num_gss_handles; 1542 __be32 status; 1543 1544 /* ssp_ops */ 1545 status = nfsd4_decode_state_protect_ops(argp, exid); 1546 if (status) 1547 return status; 1548 1549 /* ssp_hash_algs<> */ 1550 if (xdr_stream_decode_u32(argp->xdr, &count) < 0) 1551 return nfserr_bad_xdr; 1552 while (count--) { 1553 status = nfsd4_decode_ignored_string(argp, 0); 1554 if (status) 1555 return status; 1556 } 1557 1558 /* ssp_encr_algs<> */ 1559 if (xdr_stream_decode_u32(argp->xdr, &count) < 0) 1560 return nfserr_bad_xdr; 1561 while (count--) { 1562 status = nfsd4_decode_ignored_string(argp, 0); 1563 if (status) 1564 return status; 1565 } 1566 1567 if (xdr_stream_decode_u32(argp->xdr, &window) < 0) 1568 return nfserr_bad_xdr; 1569 if (xdr_stream_decode_u32(argp->xdr, &num_gss_handles) < 0) 1570 return nfserr_bad_xdr; 1571 1572 return nfs_ok; 1573 } 1574 1575 static __be32 nfsd4_decode_state_protect4_a(struct nfsd4_compoundargs * argp,struct nfsd4_exchange_id * exid)1576 nfsd4_decode_state_protect4_a(struct nfsd4_compoundargs *argp, 1577 struct nfsd4_exchange_id *exid) 1578 { 1579 __be32 status; 1580 1581 if (xdr_stream_decode_u32(argp->xdr, &exid->spa_how) < 0) 1582 return nfserr_bad_xdr; 1583 switch (exid->spa_how) { 1584 case SP4_NONE: 1585 break; 1586 case SP4_MACH_CRED: 1587 status = nfsd4_decode_state_protect_ops(argp, exid); 1588 if (status) 1589 return status; 1590 break; 1591 case SP4_SSV: 1592 status = nfsd4_decode_ssv_sp_parms(argp, exid); 1593 if (status) 1594 return status; 1595 break; 1596 default: 1597 return nfserr_bad_xdr; 1598 } 1599 1600 return nfs_ok; 1601 } 1602 1603 static __be32 nfsd4_decode_nfs_impl_id4(struct nfsd4_compoundargs * argp,struct nfsd4_exchange_id * exid)1604 nfsd4_decode_nfs_impl_id4(struct nfsd4_compoundargs *argp, 1605 struct nfsd4_exchange_id *exid) 1606 { 1607 __be32 status; 1608 u32 count; 1609 1610 if (xdr_stream_decode_u32(argp->xdr, &count) < 0) 1611 return nfserr_bad_xdr; 1612 switch (count) { 1613 case 0: 1614 break; 1615 case 1: 1616 /* Note that RFC 8881 places no length limit on 1617 * nii_domain, but this implementation permits no 1618 * more than NFS4_OPAQUE_LIMIT bytes */ 1619 status = nfsd4_decode_opaque(argp, &exid->nii_domain); 1620 if (status) 1621 return status; 1622 /* Note that RFC 8881 places no length limit on 1623 * nii_name, but this implementation permits no 1624 * more than NFS4_OPAQUE_LIMIT bytes */ 1625 status = nfsd4_decode_opaque(argp, &exid->nii_name); 1626 if (status) 1627 return status; 1628 status = nfsd4_decode_nfstime4(argp, &exid->nii_time); 1629 if (status) 1630 return status; 1631 break; 1632 default: 1633 return nfserr_bad_xdr; 1634 } 1635 1636 return nfs_ok; 1637 } 1638 1639 static __be32 nfsd4_decode_exchange_id(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1640 nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp, 1641 union nfsd4_op_u *u) 1642 { 1643 struct nfsd4_exchange_id *exid = &u->exchange_id; 1644 __be32 status; 1645 1646 memset(exid, 0, sizeof(*exid)); 1647 status = nfsd4_decode_verifier4(argp, &exid->verifier); 1648 if (status) 1649 return status; 1650 status = nfsd4_decode_opaque(argp, &exid->clname); 1651 if (status) 1652 return status; 1653 if (xdr_stream_decode_u32(argp->xdr, &exid->flags) < 0) 1654 return nfserr_bad_xdr; 1655 status = nfsd4_decode_state_protect4_a(argp, exid); 1656 if (status) 1657 return status; 1658 return nfsd4_decode_nfs_impl_id4(argp, exid); 1659 } 1660 1661 static __be32 nfsd4_decode_channel_attrs4(struct nfsd4_compoundargs * argp,struct nfsd4_channel_attrs * ca)1662 nfsd4_decode_channel_attrs4(struct nfsd4_compoundargs *argp, 1663 struct nfsd4_channel_attrs *ca) 1664 { 1665 __be32 *p; 1666 1667 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 7); 1668 if (!p) 1669 return nfserr_bad_xdr; 1670 1671 /* headerpadsz is ignored */ 1672 p++; 1673 ca->maxreq_sz = be32_to_cpup(p++); 1674 ca->maxresp_sz = be32_to_cpup(p++); 1675 ca->maxresp_cached = be32_to_cpup(p++); 1676 ca->maxops = be32_to_cpup(p++); 1677 ca->maxreqs = be32_to_cpup(p++); 1678 ca->nr_rdma_attrs = be32_to_cpup(p); 1679 switch (ca->nr_rdma_attrs) { 1680 case 0: 1681 break; 1682 case 1: 1683 if (xdr_stream_decode_u32(argp->xdr, &ca->rdma_attrs) < 0) 1684 return nfserr_bad_xdr; 1685 break; 1686 default: 1687 return nfserr_bad_xdr; 1688 } 1689 1690 return nfs_ok; 1691 } 1692 1693 static __be32 nfsd4_decode_create_session(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1694 nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, 1695 union nfsd4_op_u *u) 1696 { 1697 struct nfsd4_create_session *sess = &u->create_session; 1698 __be32 status; 1699 1700 memset(sess, 0, sizeof(*sess)); 1701 status = nfsd4_decode_clientid4(argp, &sess->clientid); 1702 if (status) 1703 return status; 1704 if (xdr_stream_decode_u32(argp->xdr, &sess->seqid) < 0) 1705 return nfserr_bad_xdr; 1706 if (xdr_stream_decode_u32(argp->xdr, &sess->flags) < 0) 1707 return nfserr_bad_xdr; 1708 status = nfsd4_decode_channel_attrs4(argp, &sess->fore_channel); 1709 if (status) 1710 return status; 1711 status = nfsd4_decode_channel_attrs4(argp, &sess->back_channel); 1712 if (status) 1713 return status; 1714 if (xdr_stream_decode_u32(argp->xdr, &sess->callback_prog) < 0) 1715 return nfserr_bad_xdr; 1716 return nfsd4_decode_cb_sec(argp, &sess->cb_sec); 1717 } 1718 1719 static __be32 nfsd4_decode_destroy_session(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1720 nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp, 1721 union nfsd4_op_u *u) 1722 { 1723 struct nfsd4_destroy_session *destroy_session = &u->destroy_session; 1724 return nfsd4_decode_sessionid4(argp, &destroy_session->sessionid); 1725 } 1726 1727 static __be32 nfsd4_decode_free_stateid(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1728 nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp, 1729 union nfsd4_op_u *u) 1730 { 1731 struct nfsd4_free_stateid *free_stateid = &u->free_stateid; 1732 return nfsd4_decode_stateid4(argp, &free_stateid->fr_stateid); 1733 } 1734 1735 #ifdef CONFIG_NFSD_PNFS 1736 static __be32 nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1737 nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp, 1738 union nfsd4_op_u *u) 1739 { 1740 struct nfsd4_getdeviceinfo *gdev = &u->getdeviceinfo; 1741 __be32 status; 1742 1743 memset(gdev, 0, sizeof(*gdev)); 1744 status = nfsd4_decode_deviceid4(argp, &gdev->gd_devid); 1745 if (status) 1746 return status; 1747 if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_layout_type) < 0) 1748 return nfserr_bad_xdr; 1749 if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_maxcount) < 0) 1750 return nfserr_bad_xdr; 1751 if (xdr_stream_decode_uint32_array(argp->xdr, 1752 &gdev->gd_notify_types, 1) < 0) 1753 return nfserr_bad_xdr; 1754 1755 return nfs_ok; 1756 } 1757 1758 static __be32 nfsd4_decode_layoutcommit(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1759 nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp, 1760 union nfsd4_op_u *u) 1761 { 1762 struct nfsd4_layoutcommit *lcp = &u->layoutcommit; 1763 __be32 *p, status; 1764 1765 memset(lcp, 0, sizeof(*lcp)); 1766 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.offset) < 0) 1767 return nfserr_bad_xdr; 1768 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.length) < 0) 1769 return nfserr_bad_xdr; 1770 if (xdr_stream_decode_bool(argp->xdr, &lcp->lc_reclaim) < 0) 1771 return nfserr_bad_xdr; 1772 status = nfsd4_decode_stateid4(argp, &lcp->lc_sid); 1773 if (status) 1774 return status; 1775 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_newoffset) < 0) 1776 return nfserr_bad_xdr; 1777 if (lcp->lc_newoffset) { 1778 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_last_wr) < 0) 1779 return nfserr_bad_xdr; 1780 } else 1781 lcp->lc_last_wr = 0; 1782 p = xdr_inline_decode(argp->xdr, XDR_UNIT); 1783 if (!p) 1784 return nfserr_bad_xdr; 1785 if (xdr_item_is_present(p)) { 1786 status = nfsd4_decode_nfstime4(argp, &lcp->lc_mtime); 1787 if (status) 1788 return status; 1789 } else { 1790 lcp->lc_mtime.tv_nsec = UTIME_NOW; 1791 } 1792 return nfsd4_decode_layoutupdate4(argp, lcp); 1793 } 1794 1795 static __be32 nfsd4_decode_layoutget(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1796 nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp, 1797 union nfsd4_op_u *u) 1798 { 1799 struct nfsd4_layoutget *lgp = &u->layoutget; 1800 __be32 status; 1801 1802 memset(lgp, 0, sizeof(*lgp)); 1803 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_signal) < 0) 1804 return nfserr_bad_xdr; 1805 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_layout_type) < 0) 1806 return nfserr_bad_xdr; 1807 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_seg.iomode) < 0) 1808 return nfserr_bad_xdr; 1809 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.offset) < 0) 1810 return nfserr_bad_xdr; 1811 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.length) < 0) 1812 return nfserr_bad_xdr; 1813 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_minlength) < 0) 1814 return nfserr_bad_xdr; 1815 status = nfsd4_decode_stateid4(argp, &lgp->lg_sid); 1816 if (status) 1817 return status; 1818 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_maxcount) < 0) 1819 return nfserr_bad_xdr; 1820 1821 return nfs_ok; 1822 } 1823 1824 static __be32 nfsd4_decode_layoutreturn(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1825 nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp, 1826 union nfsd4_op_u *u) 1827 { 1828 struct nfsd4_layoutreturn *lrp = &u->layoutreturn; 1829 memset(lrp, 0, sizeof(*lrp)); 1830 if (xdr_stream_decode_bool(argp->xdr, &lrp->lr_reclaim) < 0) 1831 return nfserr_bad_xdr; 1832 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_layout_type) < 0) 1833 return nfserr_bad_xdr; 1834 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_seg.iomode) < 0) 1835 return nfserr_bad_xdr; 1836 return nfsd4_decode_layoutreturn4(argp, lrp); 1837 } 1838 #endif /* CONFIG_NFSD_PNFS */ 1839 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1840 static __be32 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp, 1841 union nfsd4_op_u *u) 1842 { 1843 struct nfsd4_secinfo_no_name *sin = &u->secinfo_no_name; 1844 if (xdr_stream_decode_u32(argp->xdr, &sin->sin_style) < 0) 1845 return nfserr_bad_xdr; 1846 1847 sin->sin_exp = NULL; 1848 return nfs_ok; 1849 } 1850 1851 static __be32 nfsd4_decode_sequence(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1852 nfsd4_decode_sequence(struct nfsd4_compoundargs *argp, 1853 union nfsd4_op_u *u) 1854 { 1855 struct nfsd4_sequence *seq = &u->sequence; 1856 __be32 *p, status; 1857 1858 status = nfsd4_decode_sessionid4(argp, &seq->sessionid); 1859 if (status) 1860 return status; 1861 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 4); 1862 if (!p) 1863 return nfserr_bad_xdr; 1864 seq->seqid = be32_to_cpup(p++); 1865 seq->slotid = be32_to_cpup(p++); 1866 seq->maxslots = be32_to_cpup(p++); 1867 seq->cachethis = be32_to_cpup(p); 1868 1869 seq->status_flags = 0; 1870 return nfs_ok; 1871 } 1872 1873 static __be32 nfsd4_decode_test_stateid(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1874 nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, 1875 union nfsd4_op_u *u) 1876 { 1877 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 1878 struct nfsd4_test_stateid_id *stateid; 1879 __be32 status; 1880 u32 i; 1881 1882 memset(test_stateid, 0, sizeof(*test_stateid)); 1883 if (xdr_stream_decode_u32(argp->xdr, &test_stateid->ts_num_ids) < 0) 1884 return nfserr_bad_xdr; 1885 1886 INIT_LIST_HEAD(&test_stateid->ts_stateid_list); 1887 for (i = 0; i < test_stateid->ts_num_ids; i++) { 1888 stateid = svcxdr_tmpalloc(argp, sizeof(*stateid)); 1889 if (!stateid) 1890 return nfserr_jukebox; 1891 INIT_LIST_HEAD(&stateid->ts_id_list); 1892 list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list); 1893 status = nfsd4_decode_stateid4(argp, &stateid->ts_id_stateid); 1894 if (status) 1895 return status; 1896 } 1897 1898 return nfs_ok; 1899 } 1900 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1901 static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, 1902 union nfsd4_op_u *u) 1903 { 1904 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid; 1905 return nfsd4_decode_clientid4(argp, &dc->clientid); 1906 } 1907 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1908 static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, 1909 union nfsd4_op_u *u) 1910 { 1911 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete; 1912 if (xdr_stream_decode_bool(argp->xdr, &rc->rca_one_fs) < 0) 1913 return nfserr_bad_xdr; 1914 return nfs_ok; 1915 } 1916 1917 static __be32 nfsd4_decode_fallocate(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1918 nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp, 1919 union nfsd4_op_u *u) 1920 { 1921 struct nfsd4_fallocate *fallocate = &u->allocate; 1922 __be32 status; 1923 1924 status = nfsd4_decode_stateid4(argp, &fallocate->falloc_stateid); 1925 if (status) 1926 return status; 1927 if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_offset) < 0) 1928 return nfserr_bad_xdr; 1929 if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_length) < 0) 1930 return nfserr_bad_xdr; 1931 1932 return nfs_ok; 1933 } 1934 nfsd4_decode_nl4_server(struct nfsd4_compoundargs * argp,struct nl4_server * ns)1935 static __be32 nfsd4_decode_nl4_server(struct nfsd4_compoundargs *argp, 1936 struct nl4_server *ns) 1937 { 1938 struct nfs42_netaddr *naddr; 1939 __be32 *p; 1940 1941 if (xdr_stream_decode_u32(argp->xdr, &ns->nl4_type) < 0) 1942 return nfserr_bad_xdr; 1943 1944 /* currently support for 1 inter-server source server */ 1945 switch (ns->nl4_type) { 1946 case NL4_NETADDR: 1947 naddr = &ns->u.nl4_addr; 1948 1949 if (xdr_stream_decode_u32(argp->xdr, &naddr->netid_len) < 0) 1950 return nfserr_bad_xdr; 1951 if (naddr->netid_len > RPCBIND_MAXNETIDLEN) 1952 return nfserr_bad_xdr; 1953 1954 p = xdr_inline_decode(argp->xdr, naddr->netid_len); 1955 if (!p) 1956 return nfserr_bad_xdr; 1957 memcpy(naddr->netid, p, naddr->netid_len); 1958 1959 if (xdr_stream_decode_u32(argp->xdr, &naddr->addr_len) < 0) 1960 return nfserr_bad_xdr; 1961 if (naddr->addr_len > RPCBIND_MAXUADDRLEN) 1962 return nfserr_bad_xdr; 1963 1964 p = xdr_inline_decode(argp->xdr, naddr->addr_len); 1965 if (!p) 1966 return nfserr_bad_xdr; 1967 memcpy(naddr->addr, p, naddr->addr_len); 1968 break; 1969 default: 1970 return nfserr_bad_xdr; 1971 } 1972 1973 return nfs_ok; 1974 } 1975 1976 static __be32 nfsd4_decode_copy(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)1977 nfsd4_decode_copy(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 1978 { 1979 struct nfsd4_copy *copy = &u->copy; 1980 u32 consecutive, i, count, sync; 1981 struct nl4_server *ns_dummy; 1982 __be32 status; 1983 1984 memset(copy, 0, sizeof(*copy)); 1985 status = nfsd4_decode_stateid4(argp, ©->cp_src_stateid); 1986 if (status) 1987 return status; 1988 status = nfsd4_decode_stateid4(argp, ©->cp_dst_stateid); 1989 if (status) 1990 return status; 1991 if (xdr_stream_decode_u64(argp->xdr, ©->cp_src_pos) < 0) 1992 return nfserr_bad_xdr; 1993 if (xdr_stream_decode_u64(argp->xdr, ©->cp_dst_pos) < 0) 1994 return nfserr_bad_xdr; 1995 if (xdr_stream_decode_u64(argp->xdr, ©->cp_count) < 0) 1996 return nfserr_bad_xdr; 1997 /* ca_consecutive: we always do consecutive copies */ 1998 if (xdr_stream_decode_u32(argp->xdr, &consecutive) < 0) 1999 return nfserr_bad_xdr; 2000 if (xdr_stream_decode_bool(argp->xdr, &sync) < 0) 2001 return nfserr_bad_xdr; 2002 nfsd4_copy_set_sync(copy, sync); 2003 2004 if (xdr_stream_decode_u32(argp->xdr, &count) < 0) 2005 return nfserr_bad_xdr; 2006 copy->cp_src = svcxdr_tmpalloc(argp, sizeof(*copy->cp_src)); 2007 if (copy->cp_src == NULL) 2008 return nfserr_jukebox; 2009 if (count == 0) { /* intra-server copy */ 2010 __set_bit(NFSD4_COPY_F_INTRA, ©->cp_flags); 2011 return nfs_ok; 2012 } 2013 2014 /* decode all the supplied server addresses but use only the first */ 2015 status = nfsd4_decode_nl4_server(argp, copy->cp_src); 2016 if (status) 2017 return status; 2018 2019 ns_dummy = kmalloc(sizeof(struct nl4_server), GFP_KERNEL); 2020 if (ns_dummy == NULL) 2021 return nfserr_jukebox; 2022 for (i = 0; i < count - 1; i++) { 2023 status = nfsd4_decode_nl4_server(argp, ns_dummy); 2024 if (status) { 2025 kfree(ns_dummy); 2026 return status; 2027 } 2028 } 2029 kfree(ns_dummy); 2030 2031 return nfs_ok; 2032 } 2033 2034 static __be32 nfsd4_decode_copy_notify(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2035 nfsd4_decode_copy_notify(struct nfsd4_compoundargs *argp, 2036 union nfsd4_op_u *u) 2037 { 2038 struct nfsd4_copy_notify *cn = &u->copy_notify; 2039 __be32 status; 2040 2041 memset(cn, 0, sizeof(*cn)); 2042 cn->cpn_src = svcxdr_tmpalloc(argp, sizeof(*cn->cpn_src)); 2043 if (cn->cpn_src == NULL) 2044 return nfserr_jukebox; 2045 cn->cpn_dst = svcxdr_tmpalloc(argp, sizeof(*cn->cpn_dst)); 2046 if (cn->cpn_dst == NULL) 2047 return nfserr_jukebox; 2048 2049 status = nfsd4_decode_stateid4(argp, &cn->cpn_src_stateid); 2050 if (status) 2051 return status; 2052 return nfsd4_decode_nl4_server(argp, cn->cpn_dst); 2053 } 2054 2055 static __be32 nfsd4_decode_offload_status(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2056 nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp, 2057 union nfsd4_op_u *u) 2058 { 2059 struct nfsd4_offload_status *os = &u->offload_status; 2060 os->count = 0; 2061 os->status = 0; 2062 return nfsd4_decode_stateid4(argp, &os->stateid); 2063 } 2064 2065 static __be32 nfsd4_decode_seek(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2066 nfsd4_decode_seek(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 2067 { 2068 struct nfsd4_seek *seek = &u->seek; 2069 __be32 status; 2070 2071 status = nfsd4_decode_stateid4(argp, &seek->seek_stateid); 2072 if (status) 2073 return status; 2074 if (xdr_stream_decode_u64(argp->xdr, &seek->seek_offset) < 0) 2075 return nfserr_bad_xdr; 2076 if (xdr_stream_decode_u32(argp->xdr, &seek->seek_whence) < 0) 2077 return nfserr_bad_xdr; 2078 2079 seek->seek_eof = 0; 2080 seek->seek_pos = 0; 2081 return nfs_ok; 2082 } 2083 2084 static __be32 nfsd4_decode_clone(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2085 nfsd4_decode_clone(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u) 2086 { 2087 struct nfsd4_clone *clone = &u->clone; 2088 __be32 status; 2089 2090 status = nfsd4_decode_stateid4(argp, &clone->cl_src_stateid); 2091 if (status) 2092 return status; 2093 status = nfsd4_decode_stateid4(argp, &clone->cl_dst_stateid); 2094 if (status) 2095 return status; 2096 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_src_pos) < 0) 2097 return nfserr_bad_xdr; 2098 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_dst_pos) < 0) 2099 return nfserr_bad_xdr; 2100 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_count) < 0) 2101 return nfserr_bad_xdr; 2102 2103 return nfs_ok; 2104 } 2105 2106 /* 2107 * XDR data that is more than PAGE_SIZE in size is normally part of a 2108 * read or write. However, the size of extended attributes is limited 2109 * by the maximum request size, and then further limited by the underlying 2110 * filesystem limits. This can exceed PAGE_SIZE (currently, XATTR_SIZE_MAX 2111 * is 64k). Since there is no kvec- or page-based interface to xattrs, 2112 * and we're not dealing with contiguous pages, we need to do some copying. 2113 */ 2114 2115 /* 2116 * Decode data into buffer. 2117 */ 2118 static __be32 nfsd4_vbuf_from_vector(struct nfsd4_compoundargs * argp,struct xdr_buf * xdr,char ** bufp,u32 buflen)2119 nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct xdr_buf *xdr, 2120 char **bufp, u32 buflen) 2121 { 2122 struct page **pages = xdr->pages; 2123 struct kvec *head = xdr->head; 2124 char *tmp, *dp; 2125 u32 len; 2126 2127 if (buflen <= head->iov_len) { 2128 /* 2129 * We're in luck, the head has enough space. Just return 2130 * the head, no need for copying. 2131 */ 2132 *bufp = head->iov_base; 2133 return 0; 2134 } 2135 2136 tmp = svcxdr_tmpalloc(argp, buflen); 2137 if (tmp == NULL) 2138 return nfserr_jukebox; 2139 2140 dp = tmp; 2141 memcpy(dp, head->iov_base, head->iov_len); 2142 buflen -= head->iov_len; 2143 dp += head->iov_len; 2144 2145 while (buflen > 0) { 2146 len = min_t(u32, buflen, PAGE_SIZE); 2147 memcpy(dp, page_address(*pages), len); 2148 2149 buflen -= len; 2150 dp += len; 2151 pages++; 2152 } 2153 2154 *bufp = tmp; 2155 return 0; 2156 } 2157 2158 /* 2159 * Get a user extended attribute name from the XDR buffer. 2160 * It will not have the "user." prefix, so prepend it. 2161 * Lastly, check for nul characters in the name. 2162 */ 2163 static __be32 nfsd4_decode_xattr_name(struct nfsd4_compoundargs * argp,char ** namep)2164 nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep) 2165 { 2166 char *name, *sp, *dp; 2167 u32 namelen, cnt; 2168 __be32 *p; 2169 2170 if (xdr_stream_decode_u32(argp->xdr, &namelen) < 0) 2171 return nfserr_bad_xdr; 2172 if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) 2173 return nfserr_nametoolong; 2174 if (namelen == 0) 2175 return nfserr_bad_xdr; 2176 p = xdr_inline_decode(argp->xdr, namelen); 2177 if (!p) 2178 return nfserr_bad_xdr; 2179 name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1); 2180 if (!name) 2181 return nfserr_jukebox; 2182 memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN); 2183 2184 /* 2185 * Copy the extended attribute name over while checking for 0 2186 * characters. 2187 */ 2188 sp = (char *)p; 2189 dp = name + XATTR_USER_PREFIX_LEN; 2190 cnt = namelen; 2191 2192 while (cnt-- > 0) { 2193 if (*sp == '\0') 2194 return nfserr_bad_xdr; 2195 *dp++ = *sp++; 2196 } 2197 *dp = '\0'; 2198 2199 *namep = name; 2200 2201 return nfs_ok; 2202 } 2203 2204 /* 2205 * A GETXATTR op request comes without a length specifier. We just set the 2206 * maximum length for the reply based on XATTR_SIZE_MAX and the maximum 2207 * channel reply size. nfsd_getxattr will probe the length of the xattr, 2208 * check it against getxa_len, and allocate + return the value. 2209 */ 2210 static __be32 nfsd4_decode_getxattr(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2211 nfsd4_decode_getxattr(struct nfsd4_compoundargs *argp, 2212 union nfsd4_op_u *u) 2213 { 2214 struct nfsd4_getxattr *getxattr = &u->getxattr; 2215 __be32 status; 2216 u32 maxcount; 2217 2218 memset(getxattr, 0, sizeof(*getxattr)); 2219 status = nfsd4_decode_xattr_name(argp, &getxattr->getxa_name); 2220 if (status) 2221 return status; 2222 2223 maxcount = svc_max_payload(argp->rqstp); 2224 maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount); 2225 2226 getxattr->getxa_len = maxcount; 2227 return nfs_ok; 2228 } 2229 2230 static __be32 nfsd4_decode_setxattr(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2231 nfsd4_decode_setxattr(struct nfsd4_compoundargs *argp, 2232 union nfsd4_op_u *u) 2233 { 2234 struct nfsd4_setxattr *setxattr = &u->setxattr; 2235 u32 flags, maxcount, size; 2236 __be32 status; 2237 2238 memset(setxattr, 0, sizeof(*setxattr)); 2239 2240 if (xdr_stream_decode_u32(argp->xdr, &flags) < 0) 2241 return nfserr_bad_xdr; 2242 2243 if (flags > SETXATTR4_REPLACE) 2244 return nfserr_inval; 2245 setxattr->setxa_flags = flags; 2246 2247 status = nfsd4_decode_xattr_name(argp, &setxattr->setxa_name); 2248 if (status) 2249 return status; 2250 2251 maxcount = svc_max_payload(argp->rqstp); 2252 maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount); 2253 2254 if (xdr_stream_decode_u32(argp->xdr, &size) < 0) 2255 return nfserr_bad_xdr; 2256 if (size > maxcount) 2257 return nfserr_xattr2big; 2258 2259 setxattr->setxa_len = size; 2260 if (size > 0) { 2261 struct xdr_buf payload; 2262 2263 if (!xdr_stream_subsegment(argp->xdr, &payload, size)) 2264 return nfserr_bad_xdr; 2265 status = nfsd4_vbuf_from_vector(argp, &payload, 2266 &setxattr->setxa_buf, size); 2267 } 2268 2269 return nfs_ok; 2270 } 2271 2272 static __be32 nfsd4_decode_listxattrs(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2273 nfsd4_decode_listxattrs(struct nfsd4_compoundargs *argp, 2274 union nfsd4_op_u *u) 2275 { 2276 struct nfsd4_listxattrs *listxattrs = &u->listxattrs; 2277 u32 maxcount; 2278 2279 memset(listxattrs, 0, sizeof(*listxattrs)); 2280 2281 if (xdr_stream_decode_u64(argp->xdr, &listxattrs->lsxa_cookie) < 0) 2282 return nfserr_bad_xdr; 2283 2284 /* 2285 * If the cookie is too large to have even one user.x attribute 2286 * plus trailing '\0' left in a maximum size buffer, it's invalid. 2287 */ 2288 if (listxattrs->lsxa_cookie >= 2289 (XATTR_LIST_MAX / (XATTR_USER_PREFIX_LEN + 2))) 2290 return nfserr_badcookie; 2291 2292 if (xdr_stream_decode_u32(argp->xdr, &maxcount) < 0) 2293 return nfserr_bad_xdr; 2294 if (maxcount < 8) 2295 /* Always need at least 2 words (length and one character) */ 2296 return nfserr_inval; 2297 2298 maxcount = min(maxcount, svc_max_payload(argp->rqstp)); 2299 listxattrs->lsxa_maxcount = maxcount; 2300 2301 return nfs_ok; 2302 } 2303 2304 static __be32 nfsd4_decode_removexattr(struct nfsd4_compoundargs * argp,union nfsd4_op_u * u)2305 nfsd4_decode_removexattr(struct nfsd4_compoundargs *argp, 2306 union nfsd4_op_u *u) 2307 { 2308 struct nfsd4_removexattr *removexattr = &u->removexattr; 2309 memset(removexattr, 0, sizeof(*removexattr)); 2310 return nfsd4_decode_xattr_name(argp, &removexattr->rmxa_name); 2311 } 2312 2313 static __be32 nfsd4_decode_noop(struct nfsd4_compoundargs * argp,union nfsd4_op_u * p)2314 nfsd4_decode_noop(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p) 2315 { 2316 return nfs_ok; 2317 } 2318 2319 static __be32 nfsd4_decode_notsupp(struct nfsd4_compoundargs * argp,union nfsd4_op_u * p)2320 nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, union nfsd4_op_u *p) 2321 { 2322 return nfserr_notsupp; 2323 } 2324 2325 typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, union nfsd4_op_u *u); 2326 2327 static const nfsd4_dec nfsd4_dec_ops[] = { 2328 [OP_ACCESS] = nfsd4_decode_access, 2329 [OP_CLOSE] = nfsd4_decode_close, 2330 [OP_COMMIT] = nfsd4_decode_commit, 2331 [OP_CREATE] = nfsd4_decode_create, 2332 [OP_DELEGPURGE] = nfsd4_decode_notsupp, 2333 [OP_DELEGRETURN] = nfsd4_decode_delegreturn, 2334 [OP_GETATTR] = nfsd4_decode_getattr, 2335 [OP_GETFH] = nfsd4_decode_noop, 2336 [OP_LINK] = nfsd4_decode_link, 2337 [OP_LOCK] = nfsd4_decode_lock, 2338 [OP_LOCKT] = nfsd4_decode_lockt, 2339 [OP_LOCKU] = nfsd4_decode_locku, 2340 [OP_LOOKUP] = nfsd4_decode_lookup, 2341 [OP_LOOKUPP] = nfsd4_decode_noop, 2342 [OP_NVERIFY] = nfsd4_decode_verify, 2343 [OP_OPEN] = nfsd4_decode_open, 2344 [OP_OPENATTR] = nfsd4_decode_notsupp, 2345 [OP_OPEN_CONFIRM] = nfsd4_decode_open_confirm, 2346 [OP_OPEN_DOWNGRADE] = nfsd4_decode_open_downgrade, 2347 [OP_PUTFH] = nfsd4_decode_putfh, 2348 [OP_PUTPUBFH] = nfsd4_decode_putpubfh, 2349 [OP_PUTROOTFH] = nfsd4_decode_noop, 2350 [OP_READ] = nfsd4_decode_read, 2351 [OP_READDIR] = nfsd4_decode_readdir, 2352 [OP_READLINK] = nfsd4_decode_noop, 2353 [OP_REMOVE] = nfsd4_decode_remove, 2354 [OP_RENAME] = nfsd4_decode_rename, 2355 [OP_RENEW] = nfsd4_decode_renew, 2356 [OP_RESTOREFH] = nfsd4_decode_noop, 2357 [OP_SAVEFH] = nfsd4_decode_noop, 2358 [OP_SECINFO] = nfsd4_decode_secinfo, 2359 [OP_SETATTR] = nfsd4_decode_setattr, 2360 [OP_SETCLIENTID] = nfsd4_decode_setclientid, 2361 [OP_SETCLIENTID_CONFIRM] = nfsd4_decode_setclientid_confirm, 2362 [OP_VERIFY] = nfsd4_decode_verify, 2363 [OP_WRITE] = nfsd4_decode_write, 2364 [OP_RELEASE_LOCKOWNER] = nfsd4_decode_release_lockowner, 2365 2366 /* new operations for NFSv4.1 */ 2367 [OP_BACKCHANNEL_CTL] = nfsd4_decode_backchannel_ctl, 2368 [OP_BIND_CONN_TO_SESSION] = nfsd4_decode_bind_conn_to_session, 2369 [OP_EXCHANGE_ID] = nfsd4_decode_exchange_id, 2370 [OP_CREATE_SESSION] = nfsd4_decode_create_session, 2371 [OP_DESTROY_SESSION] = nfsd4_decode_destroy_session, 2372 [OP_FREE_STATEID] = nfsd4_decode_free_stateid, 2373 [OP_GET_DIR_DELEGATION] = nfsd4_decode_notsupp, 2374 #ifdef CONFIG_NFSD_PNFS 2375 [OP_GETDEVICEINFO] = nfsd4_decode_getdeviceinfo, 2376 [OP_GETDEVICELIST] = nfsd4_decode_notsupp, 2377 [OP_LAYOUTCOMMIT] = nfsd4_decode_layoutcommit, 2378 [OP_LAYOUTGET] = nfsd4_decode_layoutget, 2379 [OP_LAYOUTRETURN] = nfsd4_decode_layoutreturn, 2380 #else 2381 [OP_GETDEVICEINFO] = nfsd4_decode_notsupp, 2382 [OP_GETDEVICELIST] = nfsd4_decode_notsupp, 2383 [OP_LAYOUTCOMMIT] = nfsd4_decode_notsupp, 2384 [OP_LAYOUTGET] = nfsd4_decode_notsupp, 2385 [OP_LAYOUTRETURN] = nfsd4_decode_notsupp, 2386 #endif 2387 [OP_SECINFO_NO_NAME] = nfsd4_decode_secinfo_no_name, 2388 [OP_SEQUENCE] = nfsd4_decode_sequence, 2389 [OP_SET_SSV] = nfsd4_decode_notsupp, 2390 [OP_TEST_STATEID] = nfsd4_decode_test_stateid, 2391 [OP_WANT_DELEGATION] = nfsd4_decode_notsupp, 2392 [OP_DESTROY_CLIENTID] = nfsd4_decode_destroy_clientid, 2393 [OP_RECLAIM_COMPLETE] = nfsd4_decode_reclaim_complete, 2394 2395 /* new operations for NFSv4.2 */ 2396 [OP_ALLOCATE] = nfsd4_decode_fallocate, 2397 [OP_COPY] = nfsd4_decode_copy, 2398 [OP_COPY_NOTIFY] = nfsd4_decode_copy_notify, 2399 [OP_DEALLOCATE] = nfsd4_decode_fallocate, 2400 [OP_IO_ADVISE] = nfsd4_decode_notsupp, 2401 [OP_LAYOUTERROR] = nfsd4_decode_notsupp, 2402 [OP_LAYOUTSTATS] = nfsd4_decode_notsupp, 2403 [OP_OFFLOAD_CANCEL] = nfsd4_decode_offload_status, 2404 [OP_OFFLOAD_STATUS] = nfsd4_decode_offload_status, 2405 [OP_READ_PLUS] = nfsd4_decode_read, 2406 [OP_SEEK] = nfsd4_decode_seek, 2407 [OP_WRITE_SAME] = nfsd4_decode_notsupp, 2408 [OP_CLONE] = nfsd4_decode_clone, 2409 /* RFC 8276 extended atributes operations */ 2410 [OP_GETXATTR] = nfsd4_decode_getxattr, 2411 [OP_SETXATTR] = nfsd4_decode_setxattr, 2412 [OP_LISTXATTRS] = nfsd4_decode_listxattrs, 2413 [OP_REMOVEXATTR] = nfsd4_decode_removexattr, 2414 }; 2415 2416 static inline bool nfsd4_opnum_in_range(struct nfsd4_compoundargs * argp,struct nfsd4_op * op)2417 nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op) 2418 { 2419 if (op->opnum < FIRST_NFS4_OP) 2420 return false; 2421 else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP) 2422 return false; 2423 else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP) 2424 return false; 2425 else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP) 2426 return false; 2427 return true; 2428 } 2429 2430 static bool nfsd4_decode_compound(struct nfsd4_compoundargs * argp)2431 nfsd4_decode_compound(struct nfsd4_compoundargs *argp) 2432 { 2433 struct nfsd4_op *op; 2434 bool cachethis = false; 2435 int auth_slack= argp->rqstp->rq_auth_slack; 2436 int max_reply = auth_slack + 8; /* opcnt, status */ 2437 int readcount = 0; 2438 int readbytes = 0; 2439 __be32 *p; 2440 int i; 2441 2442 if (xdr_stream_decode_u32(argp->xdr, &argp->taglen) < 0) 2443 return false; 2444 max_reply += XDR_UNIT; 2445 argp->tag = NULL; 2446 if (unlikely(argp->taglen)) { 2447 if (argp->taglen > NFSD4_MAX_TAGLEN) 2448 return false; 2449 p = xdr_inline_decode(argp->xdr, argp->taglen); 2450 if (!p) 2451 return false; 2452 argp->tag = svcxdr_savemem(argp, p, argp->taglen); 2453 if (!argp->tag) 2454 return false; 2455 max_reply += xdr_align_size(argp->taglen); 2456 } 2457 2458 if (xdr_stream_decode_u32(argp->xdr, &argp->minorversion) < 0) 2459 return false; 2460 if (xdr_stream_decode_u32(argp->xdr, &argp->client_opcnt) < 0) 2461 return false; 2462 argp->opcnt = min_t(u32, argp->client_opcnt, 2463 NFSD_MAX_OPS_PER_COMPOUND); 2464 2465 if (argp->opcnt > ARRAY_SIZE(argp->iops)) { 2466 argp->ops = vcalloc(argp->opcnt, sizeof(*argp->ops)); 2467 if (!argp->ops) { 2468 argp->ops = argp->iops; 2469 return false; 2470 } 2471 } 2472 2473 if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION) 2474 argp->opcnt = 0; 2475 2476 for (i = 0; i < argp->opcnt; i++) { 2477 op = &argp->ops[i]; 2478 op->replay = NULL; 2479 op->opdesc = NULL; 2480 2481 if (xdr_stream_decode_u32(argp->xdr, &op->opnum) < 0) 2482 return false; 2483 if (nfsd4_opnum_in_range(argp, op)) { 2484 op->opdesc = OPDESC(op); 2485 op->status = nfsd4_dec_ops[op->opnum](argp, &op->u); 2486 if (op->status != nfs_ok) 2487 trace_nfsd_compound_decode_err(argp->rqstp, 2488 argp->opcnt, i, 2489 op->opnum, 2490 op->status); 2491 } else { 2492 op->opnum = OP_ILLEGAL; 2493 op->status = nfserr_op_illegal; 2494 } 2495 2496 /* 2497 * We'll try to cache the result in the DRC if any one 2498 * op in the compound wants to be cached: 2499 */ 2500 cachethis |= nfsd4_cache_this_op(op); 2501 2502 if (op->opnum == OP_READ || op->opnum == OP_READ_PLUS) { 2503 readcount++; 2504 readbytes += nfsd4_max_reply(argp->rqstp, op); 2505 } else 2506 max_reply += nfsd4_max_reply(argp->rqstp, op); 2507 /* 2508 * OP_LOCK and OP_LOCKT may return a conflicting lock. 2509 * (Special case because it will just skip encoding this 2510 * if it runs out of xdr buffer space, and it is the only 2511 * operation that behaves this way.) 2512 */ 2513 if (op->opnum == OP_LOCK || op->opnum == OP_LOCKT) 2514 max_reply += NFS4_OPAQUE_LIMIT; 2515 2516 if (op->status) { 2517 argp->opcnt = i+1; 2518 break; 2519 } 2520 } 2521 /* Sessions make the DRC unnecessary: */ 2522 if (argp->minorversion) 2523 cachethis = false; 2524 svc_reserve(argp->rqstp, max_reply + readbytes); 2525 argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE; 2526 2527 if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack) 2528 clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags); 2529 2530 return true; 2531 } 2532 encode_change(__be32 * p,struct kstat * stat,struct inode * inode,struct svc_export * exp)2533 static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode, 2534 struct svc_export *exp) 2535 { 2536 if (exp->ex_flags & NFSEXP_V4ROOT) { 2537 *p++ = cpu_to_be32(convert_to_wallclock(exp->cd->flush_time)); 2538 *p++ = 0; 2539 } else 2540 p = xdr_encode_hyper(p, nfsd4_change_attribute(stat, inode)); 2541 return p; 2542 } 2543 nfsd4_encode_nfstime4(struct xdr_stream * xdr,struct timespec64 * tv)2544 static __be32 nfsd4_encode_nfstime4(struct xdr_stream *xdr, 2545 struct timespec64 *tv) 2546 { 2547 __be32 *p; 2548 2549 p = xdr_reserve_space(xdr, XDR_UNIT * 3); 2550 if (!p) 2551 return nfserr_resource; 2552 2553 p = xdr_encode_hyper(p, (s64)tv->tv_sec); 2554 *p = cpu_to_be32(tv->tv_nsec); 2555 return nfs_ok; 2556 } 2557 2558 /* 2559 * ctime (in NFSv4, time_metadata) is not writeable, and the client 2560 * doesn't really care what resolution could theoretically be stored by 2561 * the filesystem. 2562 * 2563 * The client cares how close together changes can be while still 2564 * guaranteeing ctime changes. For most filesystems (which have 2565 * timestamps with nanosecond fields) that is limited by the resolution 2566 * of the time returned from current_time() (which I'm assuming to be 2567 * 1/HZ). 2568 */ encode_time_delta(__be32 * p,struct inode * inode)2569 static __be32 *encode_time_delta(__be32 *p, struct inode *inode) 2570 { 2571 struct timespec64 ts; 2572 u32 ns; 2573 2574 ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran); 2575 ts = ns_to_timespec64(ns); 2576 2577 p = xdr_encode_hyper(p, ts.tv_sec); 2578 *p++ = cpu_to_be32(ts.tv_nsec); 2579 2580 return p; 2581 } 2582 2583 static __be32 nfsd4_encode_change_info4(struct xdr_stream * xdr,struct nfsd4_change_info * c)2584 nfsd4_encode_change_info4(struct xdr_stream *xdr, struct nfsd4_change_info *c) 2585 { 2586 if (xdr_stream_encode_bool(xdr, c->atomic) < 0) 2587 return nfserr_resource; 2588 if (xdr_stream_encode_u64(xdr, c->before_change) < 0) 2589 return nfserr_resource; 2590 if (xdr_stream_encode_u64(xdr, c->after_change) < 0) 2591 return nfserr_resource; 2592 return nfs_ok; 2593 } 2594 2595 /* Encode as an array of strings the string given with components 2596 * separated @sep, escaped with esc_enter and esc_exit. 2597 */ nfsd4_encode_components_esc(struct xdr_stream * xdr,char sep,char * components,char esc_enter,char esc_exit)2598 static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep, 2599 char *components, char esc_enter, 2600 char esc_exit) 2601 { 2602 __be32 *p; 2603 __be32 pathlen; 2604 int pathlen_offset; 2605 int strlen, count=0; 2606 char *str, *end, *next; 2607 2608 dprintk("nfsd4_encode_components(%s)\n", components); 2609 2610 pathlen_offset = xdr->buf->len; 2611 p = xdr_reserve_space(xdr, 4); 2612 if (!p) 2613 return nfserr_resource; 2614 p++; /* We will fill this in with @count later */ 2615 2616 end = str = components; 2617 while (*end) { 2618 bool found_esc = false; 2619 2620 /* try to parse as esc_start, ..., esc_end, sep */ 2621 if (*str == esc_enter) { 2622 for (; *end && (*end != esc_exit); end++) 2623 /* find esc_exit or end of string */; 2624 next = end + 1; 2625 if (*end && (!*next || *next == sep)) { 2626 str++; 2627 found_esc = true; 2628 } 2629 } 2630 2631 if (!found_esc) 2632 for (; *end && (*end != sep); end++) 2633 /* find sep or end of string */; 2634 2635 strlen = end - str; 2636 if (strlen) { 2637 p = xdr_reserve_space(xdr, strlen + 4); 2638 if (!p) 2639 return nfserr_resource; 2640 p = xdr_encode_opaque(p, str, strlen); 2641 count++; 2642 } 2643 else 2644 end++; 2645 if (found_esc) 2646 end = next; 2647 2648 str = end; 2649 } 2650 pathlen = htonl(count); 2651 write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4); 2652 return 0; 2653 } 2654 2655 /* Encode as an array of strings the string given with components 2656 * separated @sep. 2657 */ nfsd4_encode_components(struct xdr_stream * xdr,char sep,char * components)2658 static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep, 2659 char *components) 2660 { 2661 return nfsd4_encode_components_esc(xdr, sep, components, 0, 0); 2662 } 2663 2664 /* 2665 * encode a location element of a fs_locations structure 2666 */ nfsd4_encode_fs_location4(struct xdr_stream * xdr,struct nfsd4_fs_location * location)2667 static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr, 2668 struct nfsd4_fs_location *location) 2669 { 2670 __be32 status; 2671 2672 status = nfsd4_encode_components_esc(xdr, ':', location->hosts, 2673 '[', ']'); 2674 if (status) 2675 return status; 2676 status = nfsd4_encode_components(xdr, '/', location->path); 2677 if (status) 2678 return status; 2679 return 0; 2680 } 2681 2682 /* 2683 * Encode a path in RFC3530 'pathname4' format 2684 */ nfsd4_encode_path(struct xdr_stream * xdr,const struct path * root,const struct path * path)2685 static __be32 nfsd4_encode_path(struct xdr_stream *xdr, 2686 const struct path *root, 2687 const struct path *path) 2688 { 2689 struct path cur = *path; 2690 __be32 *p; 2691 struct dentry **components = NULL; 2692 unsigned int ncomponents = 0; 2693 __be32 err = nfserr_jukebox; 2694 2695 dprintk("nfsd4_encode_components("); 2696 2697 path_get(&cur); 2698 /* First walk the path up to the nfsd root, and store the 2699 * dentries/path components in an array. 2700 */ 2701 for (;;) { 2702 if (path_equal(&cur, root)) 2703 break; 2704 if (cur.dentry == cur.mnt->mnt_root) { 2705 if (follow_up(&cur)) 2706 continue; 2707 goto out_free; 2708 } 2709 if ((ncomponents & 15) == 0) { 2710 struct dentry **new; 2711 new = krealloc(components, 2712 sizeof(*new) * (ncomponents + 16), 2713 GFP_KERNEL); 2714 if (!new) 2715 goto out_free; 2716 components = new; 2717 } 2718 components[ncomponents++] = cur.dentry; 2719 cur.dentry = dget_parent(cur.dentry); 2720 } 2721 err = nfserr_resource; 2722 p = xdr_reserve_space(xdr, 4); 2723 if (!p) 2724 goto out_free; 2725 *p++ = cpu_to_be32(ncomponents); 2726 2727 while (ncomponents) { 2728 struct dentry *dentry = components[ncomponents - 1]; 2729 unsigned int len; 2730 2731 spin_lock(&dentry->d_lock); 2732 len = dentry->d_name.len; 2733 p = xdr_reserve_space(xdr, len + 4); 2734 if (!p) { 2735 spin_unlock(&dentry->d_lock); 2736 goto out_free; 2737 } 2738 p = xdr_encode_opaque(p, dentry->d_name.name, len); 2739 dprintk("/%pd", dentry); 2740 spin_unlock(&dentry->d_lock); 2741 dput(dentry); 2742 ncomponents--; 2743 } 2744 2745 err = 0; 2746 out_free: 2747 dprintk(")\n"); 2748 while (ncomponents) 2749 dput(components[--ncomponents]); 2750 kfree(components); 2751 path_put(&cur); 2752 return err; 2753 } 2754 nfsd4_encode_fsloc_fsroot(struct xdr_stream * xdr,struct svc_rqst * rqstp,const struct path * path)2755 static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr, 2756 struct svc_rqst *rqstp, const struct path *path) 2757 { 2758 struct svc_export *exp_ps; 2759 __be32 res; 2760 2761 exp_ps = rqst_find_fsidzero_export(rqstp); 2762 if (IS_ERR(exp_ps)) 2763 return nfserrno(PTR_ERR(exp_ps)); 2764 res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path); 2765 exp_put(exp_ps); 2766 return res; 2767 } 2768 2769 /* 2770 * encode a fs_locations structure 2771 */ nfsd4_encode_fs_locations(struct xdr_stream * xdr,struct svc_rqst * rqstp,struct svc_export * exp)2772 static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr, 2773 struct svc_rqst *rqstp, struct svc_export *exp) 2774 { 2775 __be32 status; 2776 int i; 2777 __be32 *p; 2778 struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs; 2779 2780 status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path); 2781 if (status) 2782 return status; 2783 p = xdr_reserve_space(xdr, 4); 2784 if (!p) 2785 return nfserr_resource; 2786 *p++ = cpu_to_be32(fslocs->locations_count); 2787 for (i=0; i<fslocs->locations_count; i++) { 2788 status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]); 2789 if (status) 2790 return status; 2791 } 2792 return 0; 2793 } 2794 nfs4_file_type(umode_t mode)2795 static u32 nfs4_file_type(umode_t mode) 2796 { 2797 switch (mode & S_IFMT) { 2798 case S_IFIFO: return NF4FIFO; 2799 case S_IFCHR: return NF4CHR; 2800 case S_IFDIR: return NF4DIR; 2801 case S_IFBLK: return NF4BLK; 2802 case S_IFLNK: return NF4LNK; 2803 case S_IFREG: return NF4REG; 2804 case S_IFSOCK: return NF4SOCK; 2805 default: return NF4BAD; 2806 } 2807 } 2808 2809 static inline __be32 nfsd4_encode_aclname(struct xdr_stream * xdr,struct svc_rqst * rqstp,struct nfs4_ace * ace)2810 nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp, 2811 struct nfs4_ace *ace) 2812 { 2813 if (ace->whotype != NFS4_ACL_WHO_NAMED) 2814 return nfs4_acl_write_who(xdr, ace->whotype); 2815 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP) 2816 return nfsd4_encode_group(xdr, rqstp, ace->who_gid); 2817 else 2818 return nfsd4_encode_user(xdr, rqstp, ace->who_uid); 2819 } 2820 2821 static inline __be32 nfsd4_encode_layout_types(struct xdr_stream * xdr,u32 layout_types)2822 nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types) 2823 { 2824 __be32 *p; 2825 unsigned long i = hweight_long(layout_types); 2826 2827 p = xdr_reserve_space(xdr, 4 + 4 * i); 2828 if (!p) 2829 return nfserr_resource; 2830 2831 *p++ = cpu_to_be32(i); 2832 2833 for (i = LAYOUT_NFSV4_1_FILES; i < LAYOUT_TYPE_MAX; ++i) 2834 if (layout_types & (1 << i)) 2835 *p++ = cpu_to_be32(i); 2836 2837 return 0; 2838 } 2839 2840 #define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \ 2841 FATTR4_WORD0_RDATTR_ERROR) 2842 #define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID 2843 #define WORD2_ABSENT_FS_ATTRS 0 2844 2845 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 2846 static inline __be32 nfsd4_encode_security_label(struct xdr_stream * xdr,struct svc_rqst * rqstp,void * context,int len)2847 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, 2848 void *context, int len) 2849 { 2850 __be32 *p; 2851 2852 p = xdr_reserve_space(xdr, len + 4 + 4 + 4); 2853 if (!p) 2854 return nfserr_resource; 2855 2856 /* 2857 * For now we use a 0 here to indicate the null translation; in 2858 * the future we may place a call to translation code here. 2859 */ 2860 *p++ = cpu_to_be32(0); /* lfs */ 2861 *p++ = cpu_to_be32(0); /* pi */ 2862 p = xdr_encode_opaque(p, context, len); 2863 return 0; 2864 } 2865 #else 2866 static inline __be32 nfsd4_encode_security_label(struct xdr_stream * xdr,struct svc_rqst * rqstp,void * context,int len)2867 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp, 2868 void *context, int len) 2869 { return 0; } 2870 #endif 2871 fattr_handle_absent_fs(u32 * bmval0,u32 * bmval1,u32 * bmval2,u32 * rdattr_err)2872 static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err) 2873 { 2874 /* As per referral draft: */ 2875 if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS || 2876 *bmval1 & ~WORD1_ABSENT_FS_ATTRS) { 2877 if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR || 2878 *bmval0 & FATTR4_WORD0_FS_LOCATIONS) 2879 *rdattr_err = NFSERR_MOVED; 2880 else 2881 return nfserr_moved; 2882 } 2883 *bmval0 &= WORD0_ABSENT_FS_ATTRS; 2884 *bmval1 &= WORD1_ABSENT_FS_ATTRS; 2885 *bmval2 &= WORD2_ABSENT_FS_ATTRS; 2886 return 0; 2887 } 2888 2889 nfsd4_get_mounted_on_ino(struct svc_export * exp,u64 * pino)2890 static int nfsd4_get_mounted_on_ino(struct svc_export *exp, u64 *pino) 2891 { 2892 struct path path = exp->ex_path; 2893 struct kstat stat; 2894 int err; 2895 2896 path_get(&path); 2897 while (follow_up(&path)) { 2898 if (path.dentry != path.mnt->mnt_root) 2899 break; 2900 } 2901 err = vfs_getattr(&path, &stat, STATX_INO, AT_STATX_SYNC_AS_STAT); 2902 path_put(&path); 2903 if (!err) 2904 *pino = stat.ino; 2905 return err; 2906 } 2907 2908 static __be32 nfsd4_encode_bitmap(struct xdr_stream * xdr,u32 bmval0,u32 bmval1,u32 bmval2)2909 nfsd4_encode_bitmap(struct xdr_stream *xdr, u32 bmval0, u32 bmval1, u32 bmval2) 2910 { 2911 __be32 *p; 2912 2913 if (bmval2) { 2914 p = xdr_reserve_space(xdr, 16); 2915 if (!p) 2916 goto out_resource; 2917 *p++ = cpu_to_be32(3); 2918 *p++ = cpu_to_be32(bmval0); 2919 *p++ = cpu_to_be32(bmval1); 2920 *p++ = cpu_to_be32(bmval2); 2921 } else if (bmval1) { 2922 p = xdr_reserve_space(xdr, 12); 2923 if (!p) 2924 goto out_resource; 2925 *p++ = cpu_to_be32(2); 2926 *p++ = cpu_to_be32(bmval0); 2927 *p++ = cpu_to_be32(bmval1); 2928 } else { 2929 p = xdr_reserve_space(xdr, 8); 2930 if (!p) 2931 goto out_resource; 2932 *p++ = cpu_to_be32(1); 2933 *p++ = cpu_to_be32(bmval0); 2934 } 2935 2936 return 0; 2937 out_resource: 2938 return nfserr_resource; 2939 } 2940 2941 /* 2942 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle 2943 * ourselves. 2944 */ 2945 static __be32 nfsd4_encode_fattr(struct xdr_stream * xdr,struct svc_fh * fhp,struct svc_export * exp,struct dentry * dentry,u32 * bmval,struct svc_rqst * rqstp,int ignore_crossmnt)2946 nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp, 2947 struct svc_export *exp, 2948 struct dentry *dentry, u32 *bmval, 2949 struct svc_rqst *rqstp, int ignore_crossmnt) 2950 { 2951 u32 bmval0 = bmval[0]; 2952 u32 bmval1 = bmval[1]; 2953 u32 bmval2 = bmval[2]; 2954 struct kstat stat; 2955 struct svc_fh *tempfh = NULL; 2956 struct kstatfs statfs; 2957 __be32 *p, *attrlen_p; 2958 int starting_len = xdr->buf->len; 2959 int attrlen_offset; 2960 u32 dummy; 2961 u64 dummy64; 2962 u32 rdattr_err = 0; 2963 __be32 status; 2964 int err; 2965 struct nfs4_acl *acl = NULL; 2966 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 2967 void *context = NULL; 2968 int contextlen; 2969 #endif 2970 bool contextsupport = false; 2971 struct nfsd4_compoundres *resp = rqstp->rq_resp; 2972 u32 minorversion = resp->cstate.minorversion; 2973 struct path path = { 2974 .mnt = exp->ex_path.mnt, 2975 .dentry = dentry, 2976 }; 2977 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2978 2979 BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1); 2980 BUG_ON(!nfsd_attrs_supported(minorversion, bmval)); 2981 2982 if (exp->ex_fslocs.migrated) { 2983 status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err); 2984 if (status) 2985 goto out; 2986 } 2987 if (bmval0 & (FATTR4_WORD0_CHANGE | FATTR4_WORD0_SIZE)) { 2988 status = nfsd4_deleg_getattr_conflict(rqstp, d_inode(dentry)); 2989 if (status) 2990 goto out; 2991 } 2992 2993 err = vfs_getattr(&path, &stat, 2994 STATX_BASIC_STATS | STATX_BTIME | STATX_CHANGE_COOKIE, 2995 AT_STATX_SYNC_AS_STAT); 2996 if (err) 2997 goto out_nfserr; 2998 if (!(stat.result_mask & STATX_BTIME)) 2999 /* underlying FS does not offer btime so we can't share it */ 3000 bmval1 &= ~FATTR4_WORD1_TIME_CREATE; 3001 if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE | 3002 FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) || 3003 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE | 3004 FATTR4_WORD1_SPACE_TOTAL))) { 3005 err = vfs_statfs(&path, &statfs); 3006 if (err) 3007 goto out_nfserr; 3008 } 3009 if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) { 3010 tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL); 3011 status = nfserr_jukebox; 3012 if (!tempfh) 3013 goto out; 3014 fh_init(tempfh, NFS4_FHSIZE); 3015 status = fh_compose(tempfh, exp, dentry, NULL); 3016 if (status) 3017 goto out; 3018 fhp = tempfh; 3019 } 3020 if (bmval0 & FATTR4_WORD0_ACL) { 3021 err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl); 3022 if (err == -EOPNOTSUPP) 3023 bmval0 &= ~FATTR4_WORD0_ACL; 3024 else if (err == -EINVAL) { 3025 status = nfserr_attrnotsupp; 3026 goto out; 3027 } else if (err != 0) 3028 goto out_nfserr; 3029 } 3030 3031 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 3032 if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) || 3033 bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { 3034 if (exp->ex_flags & NFSEXP_SECURITY_LABEL) 3035 err = security_inode_getsecctx(d_inode(dentry), 3036 &context, &contextlen); 3037 else 3038 err = -EOPNOTSUPP; 3039 contextsupport = (err == 0); 3040 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { 3041 if (err == -EOPNOTSUPP) 3042 bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL; 3043 else if (err) 3044 goto out_nfserr; 3045 } 3046 } 3047 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ 3048 3049 status = nfsd4_encode_bitmap(xdr, bmval0, bmval1, bmval2); 3050 if (status) 3051 goto out; 3052 3053 attrlen_offset = xdr->buf->len; 3054 attrlen_p = xdr_reserve_space(xdr, XDR_UNIT); 3055 if (!attrlen_p) 3056 goto out_resource; 3057 3058 if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) { 3059 u32 supp[3]; 3060 3061 memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp)); 3062 3063 if (!IS_POSIXACL(dentry->d_inode)) 3064 supp[0] &= ~FATTR4_WORD0_ACL; 3065 if (!contextsupport) 3066 supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL; 3067 if (!supp[2]) { 3068 p = xdr_reserve_space(xdr, 12); 3069 if (!p) 3070 goto out_resource; 3071 *p++ = cpu_to_be32(2); 3072 *p++ = cpu_to_be32(supp[0]); 3073 *p++ = cpu_to_be32(supp[1]); 3074 } else { 3075 p = xdr_reserve_space(xdr, 16); 3076 if (!p) 3077 goto out_resource; 3078 *p++ = cpu_to_be32(3); 3079 *p++ = cpu_to_be32(supp[0]); 3080 *p++ = cpu_to_be32(supp[1]); 3081 *p++ = cpu_to_be32(supp[2]); 3082 } 3083 } 3084 if (bmval0 & FATTR4_WORD0_TYPE) { 3085 p = xdr_reserve_space(xdr, 4); 3086 if (!p) 3087 goto out_resource; 3088 dummy = nfs4_file_type(stat.mode); 3089 if (dummy == NF4BAD) { 3090 status = nfserr_serverfault; 3091 goto out; 3092 } 3093 *p++ = cpu_to_be32(dummy); 3094 } 3095 if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) { 3096 p = xdr_reserve_space(xdr, 4); 3097 if (!p) 3098 goto out_resource; 3099 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) 3100 *p++ = cpu_to_be32(NFS4_FH_PERSISTENT); 3101 else 3102 *p++ = cpu_to_be32(NFS4_FH_PERSISTENT| 3103 NFS4_FH_VOL_RENAME); 3104 } 3105 if (bmval0 & FATTR4_WORD0_CHANGE) { 3106 p = xdr_reserve_space(xdr, 8); 3107 if (!p) 3108 goto out_resource; 3109 p = encode_change(p, &stat, d_inode(dentry), exp); 3110 } 3111 if (bmval0 & FATTR4_WORD0_SIZE) { 3112 p = xdr_reserve_space(xdr, 8); 3113 if (!p) 3114 goto out_resource; 3115 p = xdr_encode_hyper(p, stat.size); 3116 } 3117 if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) { 3118 p = xdr_reserve_space(xdr, 4); 3119 if (!p) 3120 goto out_resource; 3121 *p++ = cpu_to_be32(1); 3122 } 3123 if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) { 3124 p = xdr_reserve_space(xdr, 4); 3125 if (!p) 3126 goto out_resource; 3127 *p++ = cpu_to_be32(1); 3128 } 3129 if (bmval0 & FATTR4_WORD0_NAMED_ATTR) { 3130 p = xdr_reserve_space(xdr, 4); 3131 if (!p) 3132 goto out_resource; 3133 *p++ = cpu_to_be32(0); 3134 } 3135 if (bmval0 & FATTR4_WORD0_FSID) { 3136 p = xdr_reserve_space(xdr, 16); 3137 if (!p) 3138 goto out_resource; 3139 if (exp->ex_fslocs.migrated) { 3140 p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR); 3141 p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR); 3142 } else switch(fsid_source(fhp)) { 3143 case FSIDSOURCE_FSID: 3144 p = xdr_encode_hyper(p, (u64)exp->ex_fsid); 3145 p = xdr_encode_hyper(p, (u64)0); 3146 break; 3147 case FSIDSOURCE_DEV: 3148 *p++ = cpu_to_be32(0); 3149 *p++ = cpu_to_be32(MAJOR(stat.dev)); 3150 *p++ = cpu_to_be32(0); 3151 *p++ = cpu_to_be32(MINOR(stat.dev)); 3152 break; 3153 case FSIDSOURCE_UUID: 3154 p = xdr_encode_opaque_fixed(p, exp->ex_uuid, 3155 EX_UUID_LEN); 3156 break; 3157 } 3158 } 3159 if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) { 3160 p = xdr_reserve_space(xdr, 4); 3161 if (!p) 3162 goto out_resource; 3163 *p++ = cpu_to_be32(0); 3164 } 3165 if (bmval0 & FATTR4_WORD0_LEASE_TIME) { 3166 p = xdr_reserve_space(xdr, 4); 3167 if (!p) 3168 goto out_resource; 3169 *p++ = cpu_to_be32(nn->nfsd4_lease); 3170 } 3171 if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) { 3172 p = xdr_reserve_space(xdr, 4); 3173 if (!p) 3174 goto out_resource; 3175 *p++ = cpu_to_be32(rdattr_err); 3176 } 3177 if (bmval0 & FATTR4_WORD0_ACL) { 3178 struct nfs4_ace *ace; 3179 3180 if (acl == NULL) { 3181 p = xdr_reserve_space(xdr, 4); 3182 if (!p) 3183 goto out_resource; 3184 3185 *p++ = cpu_to_be32(0); 3186 goto out_acl; 3187 } 3188 p = xdr_reserve_space(xdr, 4); 3189 if (!p) 3190 goto out_resource; 3191 *p++ = cpu_to_be32(acl->naces); 3192 3193 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { 3194 p = xdr_reserve_space(xdr, 4*3); 3195 if (!p) 3196 goto out_resource; 3197 *p++ = cpu_to_be32(ace->type); 3198 *p++ = cpu_to_be32(ace->flag); 3199 *p++ = cpu_to_be32(ace->access_mask & 3200 NFS4_ACE_MASK_ALL); 3201 status = nfsd4_encode_aclname(xdr, rqstp, ace); 3202 if (status) 3203 goto out; 3204 } 3205 } 3206 out_acl: 3207 if (bmval0 & FATTR4_WORD0_ACLSUPPORT) { 3208 p = xdr_reserve_space(xdr, 4); 3209 if (!p) 3210 goto out_resource; 3211 *p++ = cpu_to_be32(IS_POSIXACL(dentry->d_inode) ? 3212 ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0); 3213 } 3214 if (bmval0 & FATTR4_WORD0_CANSETTIME) { 3215 p = xdr_reserve_space(xdr, 4); 3216 if (!p) 3217 goto out_resource; 3218 *p++ = cpu_to_be32(1); 3219 } 3220 if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) { 3221 p = xdr_reserve_space(xdr, 4); 3222 if (!p) 3223 goto out_resource; 3224 *p++ = cpu_to_be32(0); 3225 } 3226 if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) { 3227 p = xdr_reserve_space(xdr, 4); 3228 if (!p) 3229 goto out_resource; 3230 *p++ = cpu_to_be32(1); 3231 } 3232 if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) { 3233 p = xdr_reserve_space(xdr, 4); 3234 if (!p) 3235 goto out_resource; 3236 *p++ = cpu_to_be32(1); 3237 } 3238 if (bmval0 & FATTR4_WORD0_FILEHANDLE) { 3239 p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4); 3240 if (!p) 3241 goto out_resource; 3242 p = xdr_encode_opaque(p, &fhp->fh_handle.fh_raw, 3243 fhp->fh_handle.fh_size); 3244 } 3245 if (bmval0 & FATTR4_WORD0_FILEID) { 3246 p = xdr_reserve_space(xdr, 8); 3247 if (!p) 3248 goto out_resource; 3249 p = xdr_encode_hyper(p, stat.ino); 3250 } 3251 if (bmval0 & FATTR4_WORD0_FILES_AVAIL) { 3252 p = xdr_reserve_space(xdr, 8); 3253 if (!p) 3254 goto out_resource; 3255 p = xdr_encode_hyper(p, (u64) statfs.f_ffree); 3256 } 3257 if (bmval0 & FATTR4_WORD0_FILES_FREE) { 3258 p = xdr_reserve_space(xdr, 8); 3259 if (!p) 3260 goto out_resource; 3261 p = xdr_encode_hyper(p, (u64) statfs.f_ffree); 3262 } 3263 if (bmval0 & FATTR4_WORD0_FILES_TOTAL) { 3264 p = xdr_reserve_space(xdr, 8); 3265 if (!p) 3266 goto out_resource; 3267 p = xdr_encode_hyper(p, (u64) statfs.f_files); 3268 } 3269 if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) { 3270 status = nfsd4_encode_fs_locations(xdr, rqstp, exp); 3271 if (status) 3272 goto out; 3273 } 3274 if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) { 3275 p = xdr_reserve_space(xdr, 4); 3276 if (!p) 3277 goto out_resource; 3278 *p++ = cpu_to_be32(1); 3279 } 3280 if (bmval0 & FATTR4_WORD0_MAXFILESIZE) { 3281 p = xdr_reserve_space(xdr, 8); 3282 if (!p) 3283 goto out_resource; 3284 p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes); 3285 } 3286 if (bmval0 & FATTR4_WORD0_MAXLINK) { 3287 p = xdr_reserve_space(xdr, 4); 3288 if (!p) 3289 goto out_resource; 3290 *p++ = cpu_to_be32(255); 3291 } 3292 if (bmval0 & FATTR4_WORD0_MAXNAME) { 3293 p = xdr_reserve_space(xdr, 4); 3294 if (!p) 3295 goto out_resource; 3296 *p++ = cpu_to_be32(statfs.f_namelen); 3297 } 3298 if (bmval0 & FATTR4_WORD0_MAXREAD) { 3299 p = xdr_reserve_space(xdr, 8); 3300 if (!p) 3301 goto out_resource; 3302 p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp)); 3303 } 3304 if (bmval0 & FATTR4_WORD0_MAXWRITE) { 3305 p = xdr_reserve_space(xdr, 8); 3306 if (!p) 3307 goto out_resource; 3308 p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp)); 3309 } 3310 if (bmval1 & FATTR4_WORD1_MODE) { 3311 p = xdr_reserve_space(xdr, 4); 3312 if (!p) 3313 goto out_resource; 3314 *p++ = cpu_to_be32(stat.mode & S_IALLUGO); 3315 } 3316 if (bmval1 & FATTR4_WORD1_NO_TRUNC) { 3317 p = xdr_reserve_space(xdr, 4); 3318 if (!p) 3319 goto out_resource; 3320 *p++ = cpu_to_be32(1); 3321 } 3322 if (bmval1 & FATTR4_WORD1_NUMLINKS) { 3323 p = xdr_reserve_space(xdr, 4); 3324 if (!p) 3325 goto out_resource; 3326 *p++ = cpu_to_be32(stat.nlink); 3327 } 3328 if (bmval1 & FATTR4_WORD1_OWNER) { 3329 status = nfsd4_encode_user(xdr, rqstp, stat.uid); 3330 if (status) 3331 goto out; 3332 } 3333 if (bmval1 & FATTR4_WORD1_OWNER_GROUP) { 3334 status = nfsd4_encode_group(xdr, rqstp, stat.gid); 3335 if (status) 3336 goto out; 3337 } 3338 if (bmval1 & FATTR4_WORD1_RAWDEV) { 3339 p = xdr_reserve_space(xdr, 8); 3340 if (!p) 3341 goto out_resource; 3342 *p++ = cpu_to_be32((u32) MAJOR(stat.rdev)); 3343 *p++ = cpu_to_be32((u32) MINOR(stat.rdev)); 3344 } 3345 if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) { 3346 p = xdr_reserve_space(xdr, 8); 3347 if (!p) 3348 goto out_resource; 3349 dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize; 3350 p = xdr_encode_hyper(p, dummy64); 3351 } 3352 if (bmval1 & FATTR4_WORD1_SPACE_FREE) { 3353 p = xdr_reserve_space(xdr, 8); 3354 if (!p) 3355 goto out_resource; 3356 dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize; 3357 p = xdr_encode_hyper(p, dummy64); 3358 } 3359 if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) { 3360 p = xdr_reserve_space(xdr, 8); 3361 if (!p) 3362 goto out_resource; 3363 dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize; 3364 p = xdr_encode_hyper(p, dummy64); 3365 } 3366 if (bmval1 & FATTR4_WORD1_SPACE_USED) { 3367 p = xdr_reserve_space(xdr, 8); 3368 if (!p) 3369 goto out_resource; 3370 dummy64 = (u64)stat.blocks << 9; 3371 p = xdr_encode_hyper(p, dummy64); 3372 } 3373 if (bmval1 & FATTR4_WORD1_TIME_ACCESS) { 3374 status = nfsd4_encode_nfstime4(xdr, &stat.atime); 3375 if (status) 3376 goto out; 3377 } 3378 if (bmval1 & FATTR4_WORD1_TIME_CREATE) { 3379 status = nfsd4_encode_nfstime4(xdr, &stat.btime); 3380 if (status) 3381 goto out; 3382 } 3383 if (bmval1 & FATTR4_WORD1_TIME_DELTA) { 3384 p = xdr_reserve_space(xdr, 12); 3385 if (!p) 3386 goto out_resource; 3387 p = encode_time_delta(p, d_inode(dentry)); 3388 } 3389 if (bmval1 & FATTR4_WORD1_TIME_METADATA) { 3390 status = nfsd4_encode_nfstime4(xdr, &stat.ctime); 3391 if (status) 3392 goto out; 3393 } 3394 if (bmval1 & FATTR4_WORD1_TIME_MODIFY) { 3395 status = nfsd4_encode_nfstime4(xdr, &stat.mtime); 3396 if (status) 3397 goto out; 3398 } 3399 if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) { 3400 u64 ino = stat.ino; 3401 3402 p = xdr_reserve_space(xdr, 8); 3403 if (!p) 3404 goto out_resource; 3405 /* 3406 * Get ino of mountpoint in parent filesystem, if not ignoring 3407 * crossmount and this is the root of a cross-mounted 3408 * filesystem. 3409 */ 3410 if (ignore_crossmnt == 0 && 3411 dentry == exp->ex_path.mnt->mnt_root) { 3412 err = nfsd4_get_mounted_on_ino(exp, &ino); 3413 if (err) 3414 goto out_nfserr; 3415 } 3416 p = xdr_encode_hyper(p, ino); 3417 } 3418 #ifdef CONFIG_NFSD_PNFS 3419 if (bmval1 & FATTR4_WORD1_FS_LAYOUT_TYPES) { 3420 status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types); 3421 if (status) 3422 goto out; 3423 } 3424 3425 if (bmval2 & FATTR4_WORD2_LAYOUT_TYPES) { 3426 status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types); 3427 if (status) 3428 goto out; 3429 } 3430 3431 if (bmval2 & FATTR4_WORD2_LAYOUT_BLKSIZE) { 3432 p = xdr_reserve_space(xdr, 4); 3433 if (!p) 3434 goto out_resource; 3435 *p++ = cpu_to_be32(stat.blksize); 3436 } 3437 #endif /* CONFIG_NFSD_PNFS */ 3438 if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) { 3439 u32 supp[3]; 3440 3441 memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp)); 3442 supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0; 3443 supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1; 3444 supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2; 3445 3446 status = nfsd4_encode_bitmap(xdr, supp[0], supp[1], supp[2]); 3447 if (status) 3448 goto out; 3449 } 3450 3451 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 3452 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) { 3453 status = nfsd4_encode_security_label(xdr, rqstp, context, 3454 contextlen); 3455 if (status) 3456 goto out; 3457 } 3458 #endif 3459 3460 if (bmval2 & FATTR4_WORD2_XATTR_SUPPORT) { 3461 p = xdr_reserve_space(xdr, 4); 3462 if (!p) 3463 goto out_resource; 3464 err = xattr_supports_user_prefix(d_inode(dentry)); 3465 *p++ = cpu_to_be32(err == 0); 3466 } 3467 3468 *attrlen_p = cpu_to_be32(xdr->buf->len - attrlen_offset - XDR_UNIT); 3469 status = nfs_ok; 3470 3471 out: 3472 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL 3473 if (context) 3474 security_release_secctx(context, contextlen); 3475 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */ 3476 kfree(acl); 3477 if (tempfh) { 3478 fh_put(tempfh); 3479 kfree(tempfh); 3480 } 3481 if (status) 3482 xdr_truncate_encode(xdr, starting_len); 3483 return status; 3484 out_nfserr: 3485 status = nfserrno(err); 3486 goto out; 3487 out_resource: 3488 status = nfserr_resource; 3489 goto out; 3490 } 3491 svcxdr_init_encode_from_buffer(struct xdr_stream * xdr,struct xdr_buf * buf,__be32 * p,int bytes)3492 static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr, 3493 struct xdr_buf *buf, __be32 *p, int bytes) 3494 { 3495 xdr->scratch.iov_len = 0; 3496 memset(buf, 0, sizeof(struct xdr_buf)); 3497 buf->head[0].iov_base = p; 3498 buf->head[0].iov_len = 0; 3499 buf->len = 0; 3500 xdr->buf = buf; 3501 xdr->iov = buf->head; 3502 xdr->p = p; 3503 xdr->end = (void *)p + bytes; 3504 buf->buflen = bytes; 3505 } 3506 nfsd4_encode_fattr_to_buf(__be32 ** p,int words,struct svc_fh * fhp,struct svc_export * exp,struct dentry * dentry,u32 * bmval,struct svc_rqst * rqstp,int ignore_crossmnt)3507 __be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words, 3508 struct svc_fh *fhp, struct svc_export *exp, 3509 struct dentry *dentry, u32 *bmval, 3510 struct svc_rqst *rqstp, int ignore_crossmnt) 3511 { 3512 struct xdr_buf dummy; 3513 struct xdr_stream xdr; 3514 __be32 ret; 3515 3516 svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2); 3517 ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp, 3518 ignore_crossmnt); 3519 *p = xdr.p; 3520 return ret; 3521 } 3522 attributes_need_mount(u32 * bmval)3523 static inline int attributes_need_mount(u32 *bmval) 3524 { 3525 if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME)) 3526 return 1; 3527 if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID) 3528 return 1; 3529 return 0; 3530 } 3531 3532 static __be32 nfsd4_encode_dirent_fattr(struct xdr_stream * xdr,struct nfsd4_readdir * cd,const char * name,int namlen)3533 nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd, 3534 const char *name, int namlen) 3535 { 3536 struct svc_export *exp = cd->rd_fhp->fh_export; 3537 struct dentry *dentry; 3538 __be32 nfserr; 3539 int ignore_crossmnt = 0; 3540 3541 dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen); 3542 if (IS_ERR(dentry)) 3543 return nfserrno(PTR_ERR(dentry)); 3544 3545 exp_get(exp); 3546 /* 3547 * In the case of a mountpoint, the client may be asking for 3548 * attributes that are only properties of the underlying filesystem 3549 * as opposed to the cross-mounted file system. In such a case, 3550 * we will not follow the cross mount and will fill the attribtutes 3551 * directly from the mountpoint dentry. 3552 */ 3553 if (nfsd_mountpoint(dentry, exp)) { 3554 int err; 3555 3556 if (!(exp->ex_flags & NFSEXP_V4ROOT) 3557 && !attributes_need_mount(cd->rd_bmval)) { 3558 ignore_crossmnt = 1; 3559 goto out_encode; 3560 } 3561 /* 3562 * Why the heck aren't we just using nfsd_lookup?? 3563 * Different "."/".." handling? Something else? 3564 * At least, add a comment here to explain.... 3565 */ 3566 err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp); 3567 if (err) { 3568 nfserr = nfserrno(err); 3569 goto out_put; 3570 } 3571 nfserr = check_nfsd_access(exp, cd->rd_rqstp); 3572 if (nfserr) 3573 goto out_put; 3574 3575 } 3576 out_encode: 3577 nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval, 3578 cd->rd_rqstp, ignore_crossmnt); 3579 out_put: 3580 dput(dentry); 3581 exp_put(exp); 3582 return nfserr; 3583 } 3584 3585 static __be32 * nfsd4_encode_rdattr_error(struct xdr_stream * xdr,__be32 nfserr)3586 nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr) 3587 { 3588 __be32 *p; 3589 3590 p = xdr_reserve_space(xdr, 20); 3591 if (!p) 3592 return NULL; 3593 *p++ = htonl(2); 3594 *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */ 3595 *p++ = htonl(0); /* bmval1 */ 3596 3597 *p++ = htonl(4); /* attribute length */ 3598 *p++ = nfserr; /* no htonl */ 3599 return p; 3600 } 3601 3602 static int nfsd4_encode_dirent(void * ccdv,const char * name,int namlen,loff_t offset,u64 ino,unsigned int d_type)3603 nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, 3604 loff_t offset, u64 ino, unsigned int d_type) 3605 { 3606 struct readdir_cd *ccd = ccdv; 3607 struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common); 3608 struct xdr_stream *xdr = cd->xdr; 3609 int start_offset = xdr->buf->len; 3610 int cookie_offset; 3611 u32 name_and_cookie; 3612 int entry_bytes; 3613 __be32 nfserr = nfserr_toosmall; 3614 __be64 wire_offset; 3615 __be32 *p; 3616 3617 /* In nfsv4, "." and ".." never make it onto the wire.. */ 3618 if (name && isdotent(name, namlen)) { 3619 cd->common.err = nfs_ok; 3620 return 0; 3621 } 3622 3623 if (cd->cookie_offset) { 3624 wire_offset = cpu_to_be64(offset); 3625 write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset, 3626 &wire_offset, 8); 3627 } 3628 3629 p = xdr_reserve_space(xdr, 4); 3630 if (!p) 3631 goto fail; 3632 *p++ = xdr_one; /* mark entry present */ 3633 cookie_offset = xdr->buf->len; 3634 p = xdr_reserve_space(xdr, 3*4 + namlen); 3635 if (!p) 3636 goto fail; 3637 p = xdr_encode_hyper(p, OFFSET_MAX); /* offset of next entry */ 3638 p = xdr_encode_array(p, name, namlen); /* name length & name */ 3639 3640 nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen); 3641 switch (nfserr) { 3642 case nfs_ok: 3643 break; 3644 case nfserr_resource: 3645 nfserr = nfserr_toosmall; 3646 goto fail; 3647 case nfserr_noent: 3648 xdr_truncate_encode(xdr, start_offset); 3649 goto skip_entry; 3650 case nfserr_jukebox: 3651 /* 3652 * The pseudoroot should only display dentries that lead to 3653 * exports. If we get EJUKEBOX here, then we can't tell whether 3654 * this entry should be included. Just fail the whole READDIR 3655 * with NFS4ERR_DELAY in that case, and hope that the situation 3656 * will resolve itself by the client's next attempt. 3657 */ 3658 if (cd->rd_fhp->fh_export->ex_flags & NFSEXP_V4ROOT) 3659 goto fail; 3660 fallthrough; 3661 default: 3662 /* 3663 * If the client requested the RDATTR_ERROR attribute, 3664 * we stuff the error code into this attribute 3665 * and continue. If this attribute was not requested, 3666 * then in accordance with the spec, we fail the 3667 * entire READDIR operation(!) 3668 */ 3669 if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR)) 3670 goto fail; 3671 p = nfsd4_encode_rdattr_error(xdr, nfserr); 3672 if (p == NULL) { 3673 nfserr = nfserr_toosmall; 3674 goto fail; 3675 } 3676 } 3677 nfserr = nfserr_toosmall; 3678 entry_bytes = xdr->buf->len - start_offset; 3679 if (entry_bytes > cd->rd_maxcount) 3680 goto fail; 3681 cd->rd_maxcount -= entry_bytes; 3682 /* 3683 * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and 3684 * notes that it could be zero. If it is zero, then the server 3685 * should enforce only the rd_maxcount value. 3686 */ 3687 if (cd->rd_dircount) { 3688 name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; 3689 if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) 3690 goto fail; 3691 cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); 3692 if (!cd->rd_dircount) 3693 cd->rd_maxcount = 0; 3694 } 3695 3696 cd->cookie_offset = cookie_offset; 3697 skip_entry: 3698 cd->common.err = nfs_ok; 3699 return 0; 3700 fail: 3701 xdr_truncate_encode(xdr, start_offset); 3702 cd->common.err = nfserr; 3703 return -EINVAL; 3704 } 3705 3706 static __be32 nfsd4_encode_verifier4(struct xdr_stream * xdr,const nfs4_verifier * verf)3707 nfsd4_encode_verifier4(struct xdr_stream *xdr, const nfs4_verifier *verf) 3708 { 3709 __be32 *p; 3710 3711 p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE); 3712 if (!p) 3713 return nfserr_resource; 3714 memcpy(p, verf->data, sizeof(verf->data)); 3715 return nfs_ok; 3716 } 3717 3718 static __be32 nfsd4_encode_clientid4(struct xdr_stream * xdr,const clientid_t * clientid)3719 nfsd4_encode_clientid4(struct xdr_stream *xdr, const clientid_t *clientid) 3720 { 3721 __be32 *p; 3722 3723 p = xdr_reserve_space(xdr, sizeof(__be64)); 3724 if (!p) 3725 return nfserr_resource; 3726 memcpy(p, clientid, sizeof(*clientid)); 3727 return nfs_ok; 3728 } 3729 3730 static __be32 nfsd4_encode_stateid(struct xdr_stream * xdr,stateid_t * sid)3731 nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid) 3732 { 3733 __be32 *p; 3734 3735 p = xdr_reserve_space(xdr, sizeof(stateid_t)); 3736 if (!p) 3737 return nfserr_resource; 3738 *p++ = cpu_to_be32(sid->si_generation); 3739 p = xdr_encode_opaque_fixed(p, &sid->si_opaque, 3740 sizeof(stateid_opaque_t)); 3741 return 0; 3742 } 3743 3744 static __be32 nfsd4_encode_access(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3745 nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, 3746 union nfsd4_op_u *u) 3747 { 3748 struct nfsd4_access *access = &u->access; 3749 struct xdr_stream *xdr = resp->xdr; 3750 __be32 *p; 3751 3752 p = xdr_reserve_space(xdr, 8); 3753 if (!p) 3754 return nfserr_resource; 3755 *p++ = cpu_to_be32(access->ac_supported); 3756 *p++ = cpu_to_be32(access->ac_resp_access); 3757 return 0; 3758 } 3759 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3760 static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, 3761 union nfsd4_op_u *u) 3762 { 3763 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 3764 struct xdr_stream *xdr = resp->xdr; 3765 __be32 *p; 3766 3767 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8); 3768 if (!p) 3769 return nfserr_resource; 3770 p = xdr_encode_opaque_fixed(p, bcts->sessionid.data, 3771 NFS4_MAX_SESSIONID_LEN); 3772 *p++ = cpu_to_be32(bcts->dir); 3773 /* Upshifting from TCP to RDMA is not supported */ 3774 *p++ = cpu_to_be32(0); 3775 return 0; 3776 } 3777 3778 static __be32 nfsd4_encode_close(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3779 nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, 3780 union nfsd4_op_u *u) 3781 { 3782 struct nfsd4_close *close = &u->close; 3783 struct xdr_stream *xdr = resp->xdr; 3784 3785 return nfsd4_encode_stateid(xdr, &close->cl_stateid); 3786 } 3787 3788 3789 static __be32 nfsd4_encode_commit(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3790 nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, 3791 union nfsd4_op_u *u) 3792 { 3793 struct nfsd4_commit *commit = &u->commit; 3794 3795 return nfsd4_encode_verifier4(resp->xdr, &commit->co_verf); 3796 } 3797 3798 static __be32 nfsd4_encode_create(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3799 nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, 3800 union nfsd4_op_u *u) 3801 { 3802 struct nfsd4_create *create = &u->create; 3803 struct xdr_stream *xdr = resp->xdr; 3804 3805 nfserr = nfsd4_encode_change_info4(xdr, &create->cr_cinfo); 3806 if (nfserr) 3807 return nfserr; 3808 return nfsd4_encode_bitmap(xdr, create->cr_bmval[0], 3809 create->cr_bmval[1], create->cr_bmval[2]); 3810 } 3811 3812 static __be32 nfsd4_encode_getattr(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3813 nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, 3814 union nfsd4_op_u *u) 3815 { 3816 struct nfsd4_getattr *getattr = &u->getattr; 3817 struct svc_fh *fhp = getattr->ga_fhp; 3818 struct xdr_stream *xdr = resp->xdr; 3819 3820 return nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry, 3821 getattr->ga_bmval, resp->rqstp, 0); 3822 } 3823 3824 static __be32 nfsd4_encode_getfh(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3825 nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, 3826 union nfsd4_op_u *u) 3827 { 3828 struct svc_fh **fhpp = &u->getfh; 3829 struct xdr_stream *xdr = resp->xdr; 3830 struct svc_fh *fhp = *fhpp; 3831 unsigned int len; 3832 __be32 *p; 3833 3834 len = fhp->fh_handle.fh_size; 3835 p = xdr_reserve_space(xdr, len + 4); 3836 if (!p) 3837 return nfserr_resource; 3838 p = xdr_encode_opaque(p, &fhp->fh_handle.fh_raw, len); 3839 return 0; 3840 } 3841 3842 /* 3843 * Including all fields other than the name, a LOCK4denied structure requires 3844 * 8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes. 3845 */ 3846 static __be32 nfsd4_encode_lock_denied(struct xdr_stream * xdr,struct nfsd4_lock_denied * ld)3847 nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld) 3848 { 3849 struct xdr_netobj *conf = &ld->ld_owner; 3850 __be32 *p; 3851 3852 again: 3853 p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len)); 3854 if (!p) { 3855 /* 3856 * Don't fail to return the result just because we can't 3857 * return the conflicting open: 3858 */ 3859 if (conf->len) { 3860 kfree(conf->data); 3861 conf->len = 0; 3862 conf->data = NULL; 3863 goto again; 3864 } 3865 return nfserr_resource; 3866 } 3867 p = xdr_encode_hyper(p, ld->ld_start); 3868 p = xdr_encode_hyper(p, ld->ld_length); 3869 *p++ = cpu_to_be32(ld->ld_type); 3870 if (conf->len) { 3871 p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8); 3872 p = xdr_encode_opaque(p, conf->data, conf->len); 3873 kfree(conf->data); 3874 } else { /* non - nfsv4 lock in conflict, no clientid nor owner */ 3875 p = xdr_encode_hyper(p, (u64)0); /* clientid */ 3876 *p++ = cpu_to_be32(0); /* length of owner name */ 3877 } 3878 return nfserr_denied; 3879 } 3880 3881 static __be32 nfsd4_encode_lock(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3882 nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, 3883 union nfsd4_op_u *u) 3884 { 3885 struct nfsd4_lock *lock = &u->lock; 3886 struct xdr_stream *xdr = resp->xdr; 3887 3888 if (!nfserr) 3889 nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid); 3890 else if (nfserr == nfserr_denied) 3891 nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied); 3892 3893 return nfserr; 3894 } 3895 3896 static __be32 nfsd4_encode_lockt(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3897 nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, 3898 union nfsd4_op_u *u) 3899 { 3900 struct nfsd4_lockt *lockt = &u->lockt; 3901 struct xdr_stream *xdr = resp->xdr; 3902 3903 if (nfserr == nfserr_denied) 3904 nfsd4_encode_lock_denied(xdr, &lockt->lt_denied); 3905 return nfserr; 3906 } 3907 3908 static __be32 nfsd4_encode_locku(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3909 nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, 3910 union nfsd4_op_u *u) 3911 { 3912 struct nfsd4_locku *locku = &u->locku; 3913 struct xdr_stream *xdr = resp->xdr; 3914 3915 return nfsd4_encode_stateid(xdr, &locku->lu_stateid); 3916 } 3917 3918 3919 static __be32 nfsd4_encode_link(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3920 nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, 3921 union nfsd4_op_u *u) 3922 { 3923 struct nfsd4_link *link = &u->link; 3924 struct xdr_stream *xdr = resp->xdr; 3925 3926 return nfsd4_encode_change_info4(xdr, &link->li_cinfo); 3927 } 3928 3929 3930 static __be32 nfsd4_encode_open(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)3931 nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, 3932 union nfsd4_op_u *u) 3933 { 3934 struct nfsd4_open *open = &u->open; 3935 struct xdr_stream *xdr = resp->xdr; 3936 __be32 *p; 3937 3938 nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid); 3939 if (nfserr) 3940 return nfserr; 3941 nfserr = nfsd4_encode_change_info4(xdr, &open->op_cinfo); 3942 if (nfserr) 3943 return nfserr; 3944 if (xdr_stream_encode_u32(xdr, open->op_rflags) < 0) 3945 return nfserr_resource; 3946 3947 nfserr = nfsd4_encode_bitmap(xdr, open->op_bmval[0], open->op_bmval[1], 3948 open->op_bmval[2]); 3949 if (nfserr) 3950 return nfserr; 3951 3952 p = xdr_reserve_space(xdr, 4); 3953 if (!p) 3954 return nfserr_resource; 3955 3956 *p++ = cpu_to_be32(open->op_delegate_type); 3957 switch (open->op_delegate_type) { 3958 case NFS4_OPEN_DELEGATE_NONE: 3959 break; 3960 case NFS4_OPEN_DELEGATE_READ: 3961 nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid); 3962 if (nfserr) 3963 return nfserr; 3964 p = xdr_reserve_space(xdr, 20); 3965 if (!p) 3966 return nfserr_resource; 3967 *p++ = cpu_to_be32(open->op_recall); 3968 3969 /* 3970 * TODO: ACE's in delegations 3971 */ 3972 *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE); 3973 *p++ = cpu_to_be32(0); 3974 *p++ = cpu_to_be32(0); 3975 *p++ = cpu_to_be32(0); /* XXX: is NULL principal ok? */ 3976 break; 3977 case NFS4_OPEN_DELEGATE_WRITE: 3978 nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid); 3979 if (nfserr) 3980 return nfserr; 3981 3982 p = xdr_reserve_space(xdr, XDR_UNIT * 8); 3983 if (!p) 3984 return nfserr_resource; 3985 *p++ = cpu_to_be32(open->op_recall); 3986 3987 /* 3988 * Always flush on close 3989 * 3990 * TODO: space_limit's in delegations 3991 */ 3992 *p++ = cpu_to_be32(NFS4_LIMIT_SIZE); 3993 *p++ = xdr_zero; 3994 *p++ = xdr_zero; 3995 3996 /* 3997 * TODO: ACE's in delegations 3998 */ 3999 *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE); 4000 *p++ = cpu_to_be32(0); 4001 *p++ = cpu_to_be32(0); 4002 *p++ = cpu_to_be32(0); /* XXX: is NULL principal ok? */ 4003 break; 4004 case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */ 4005 switch (open->op_why_no_deleg) { 4006 case WND4_CONTENTION: 4007 case WND4_RESOURCE: 4008 p = xdr_reserve_space(xdr, 8); 4009 if (!p) 4010 return nfserr_resource; 4011 *p++ = cpu_to_be32(open->op_why_no_deleg); 4012 /* deleg signaling not supported yet: */ 4013 *p++ = cpu_to_be32(0); 4014 break; 4015 default: 4016 p = xdr_reserve_space(xdr, 4); 4017 if (!p) 4018 return nfserr_resource; 4019 *p++ = cpu_to_be32(open->op_why_no_deleg); 4020 } 4021 break; 4022 default: 4023 BUG(); 4024 } 4025 /* XXX save filehandle here */ 4026 return 0; 4027 } 4028 4029 static __be32 nfsd4_encode_open_confirm(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4030 nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, 4031 union nfsd4_op_u *u) 4032 { 4033 struct nfsd4_open_confirm *oc = &u->open_confirm; 4034 struct xdr_stream *xdr = resp->xdr; 4035 4036 return nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid); 4037 } 4038 4039 static __be32 nfsd4_encode_open_downgrade(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4040 nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, 4041 union nfsd4_op_u *u) 4042 { 4043 struct nfsd4_open_downgrade *od = &u->open_downgrade; 4044 struct xdr_stream *xdr = resp->xdr; 4045 4046 return nfsd4_encode_stateid(xdr, &od->od_stateid); 4047 } 4048 4049 /* 4050 * The operation of this function assumes that this is the only 4051 * READ operation in the COMPOUND. If there are multiple READs, 4052 * we use nfsd4_encode_readv(). 4053 */ nfsd4_encode_splice_read(struct nfsd4_compoundres * resp,struct nfsd4_read * read,struct file * file,unsigned long maxcount)4054 static __be32 nfsd4_encode_splice_read( 4055 struct nfsd4_compoundres *resp, 4056 struct nfsd4_read *read, 4057 struct file *file, unsigned long maxcount) 4058 { 4059 struct xdr_stream *xdr = resp->xdr; 4060 struct xdr_buf *buf = xdr->buf; 4061 int status, space_left; 4062 __be32 nfserr; 4063 4064 /* 4065 * Make sure there is room at the end of buf->head for 4066 * svcxdr_encode_opaque_pages() to create a tail buffer 4067 * to XDR-pad the payload. 4068 */ 4069 if (xdr->iov != xdr->buf->head || xdr->end - xdr->p < 1) 4070 return nfserr_resource; 4071 4072 nfserr = nfsd_splice_read(read->rd_rqstp, read->rd_fhp, 4073 file, read->rd_offset, &maxcount, 4074 &read->rd_eof); 4075 read->rd_length = maxcount; 4076 if (nfserr) 4077 goto out_err; 4078 svcxdr_encode_opaque_pages(read->rd_rqstp, xdr, buf->pages, 4079 buf->page_base, maxcount); 4080 status = svc_encode_result_payload(read->rd_rqstp, 4081 buf->head[0].iov_len, maxcount); 4082 if (status) { 4083 nfserr = nfserrno(status); 4084 goto out_err; 4085 } 4086 4087 /* 4088 * Prepare to encode subsequent operations. 4089 * 4090 * xdr_truncate_encode() is not safe to use after a successful 4091 * splice read has been done, so the following stream 4092 * manipulations are open-coded. 4093 */ 4094 space_left = min_t(int, (void *)xdr->end - (void *)xdr->p, 4095 buf->buflen - buf->len); 4096 buf->buflen = buf->len + space_left; 4097 xdr->end = (__be32 *)((void *)xdr->end + space_left); 4098 4099 return nfs_ok; 4100 4101 out_err: 4102 /* 4103 * nfsd_splice_actor may have already messed with the 4104 * page length; reset it so as not to confuse 4105 * xdr_truncate_encode in our caller. 4106 */ 4107 buf->page_len = 0; 4108 return nfserr; 4109 } 4110 nfsd4_encode_readv(struct nfsd4_compoundres * resp,struct nfsd4_read * read,struct file * file,unsigned long maxcount)4111 static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp, 4112 struct nfsd4_read *read, 4113 struct file *file, unsigned long maxcount) 4114 { 4115 struct xdr_stream *xdr = resp->xdr; 4116 unsigned int base = xdr->buf->page_len & ~PAGE_MASK; 4117 unsigned int starting_len = xdr->buf->len; 4118 __be32 zero = xdr_zero; 4119 __be32 nfserr; 4120 4121 if (xdr_reserve_space_vec(xdr, maxcount) < 0) 4122 return nfserr_resource; 4123 4124 nfserr = nfsd_iter_read(resp->rqstp, read->rd_fhp, file, 4125 read->rd_offset, &maxcount, base, 4126 &read->rd_eof); 4127 read->rd_length = maxcount; 4128 if (nfserr) 4129 return nfserr; 4130 if (svc_encode_result_payload(resp->rqstp, starting_len, maxcount)) 4131 return nfserr_io; 4132 xdr_truncate_encode(xdr, starting_len + xdr_align_size(maxcount)); 4133 4134 write_bytes_to_xdr_buf(xdr->buf, starting_len + maxcount, &zero, 4135 xdr_pad_size(maxcount)); 4136 return nfs_ok; 4137 } 4138 4139 static __be32 nfsd4_encode_read(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4140 nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr, 4141 union nfsd4_op_u *u) 4142 { 4143 struct nfsd4_read *read = &u->read; 4144 bool splice_ok = test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags); 4145 unsigned long maxcount; 4146 struct xdr_stream *xdr = resp->xdr; 4147 struct file *file; 4148 int starting_len = xdr->buf->len; 4149 __be32 *p; 4150 4151 if (nfserr) 4152 return nfserr; 4153 file = read->rd_nf->nf_file; 4154 4155 p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */ 4156 if (!p) { 4157 WARN_ON_ONCE(splice_ok); 4158 return nfserr_resource; 4159 } 4160 if (resp->xdr->buf->page_len && splice_ok) { 4161 WARN_ON_ONCE(1); 4162 return nfserr_serverfault; 4163 } 4164 xdr_commit_encode(xdr); 4165 4166 maxcount = min_t(unsigned long, read->rd_length, 4167 (xdr->buf->buflen - xdr->buf->len)); 4168 4169 if (file->f_op->splice_read && splice_ok) 4170 nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount); 4171 else 4172 nfserr = nfsd4_encode_readv(resp, read, file, maxcount); 4173 if (nfserr) { 4174 xdr_truncate_encode(xdr, starting_len); 4175 return nfserr; 4176 } 4177 4178 p = xdr_encode_bool(p, read->rd_eof); 4179 *p = cpu_to_be32(read->rd_length); 4180 return nfs_ok; 4181 } 4182 4183 static __be32 nfsd4_encode_readlink(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4184 nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, 4185 union nfsd4_op_u *u) 4186 { 4187 struct nfsd4_readlink *readlink = &u->readlink; 4188 __be32 *p, *maxcount_p, zero = xdr_zero; 4189 struct xdr_stream *xdr = resp->xdr; 4190 int length_offset = xdr->buf->len; 4191 int maxcount, status; 4192 4193 maxcount_p = xdr_reserve_space(xdr, XDR_UNIT); 4194 if (!maxcount_p) 4195 return nfserr_resource; 4196 maxcount = PAGE_SIZE; 4197 4198 p = xdr_reserve_space(xdr, maxcount); 4199 if (!p) 4200 return nfserr_resource; 4201 /* 4202 * XXX: By default, vfs_readlink() will truncate symlinks if they 4203 * would overflow the buffer. Is this kosher in NFSv4? If not, one 4204 * easy fix is: if vfs_readlink() precisely fills the buffer, assume 4205 * that truncation occurred, and return NFS4ERR_RESOURCE. 4206 */ 4207 nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp, 4208 (char *)p, &maxcount); 4209 if (nfserr == nfserr_isdir) 4210 nfserr = nfserr_inval; 4211 if (nfserr) 4212 goto out_err; 4213 status = svc_encode_result_payload(readlink->rl_rqstp, length_offset, 4214 maxcount); 4215 if (status) { 4216 nfserr = nfserrno(status); 4217 goto out_err; 4218 } 4219 *maxcount_p = cpu_to_be32(maxcount); 4220 xdr_truncate_encode(xdr, length_offset + 4 + xdr_align_size(maxcount)); 4221 write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount, &zero, 4222 xdr_pad_size(maxcount)); 4223 return nfs_ok; 4224 4225 out_err: 4226 xdr_truncate_encode(xdr, length_offset); 4227 return nfserr; 4228 } 4229 4230 static __be32 nfsd4_encode_readdir(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4231 nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, 4232 union nfsd4_op_u *u) 4233 { 4234 struct nfsd4_readdir *readdir = &u->readdir; 4235 int maxcount; 4236 int bytes_left; 4237 loff_t offset; 4238 __be64 wire_offset; 4239 struct xdr_stream *xdr = resp->xdr; 4240 int starting_len = xdr->buf->len; 4241 __be32 *p; 4242 4243 nfserr = nfsd4_encode_verifier4(xdr, &readdir->rd_verf); 4244 if (nfserr != nfs_ok) 4245 return nfserr; 4246 4247 /* 4248 * Number of bytes left for directory entries allowing for the 4249 * final 8 bytes of the readdir and a following failed op: 4250 */ 4251 bytes_left = xdr->buf->buflen - xdr->buf->len 4252 - COMPOUND_ERR_SLACK_SPACE - 8; 4253 if (bytes_left < 0) { 4254 nfserr = nfserr_resource; 4255 goto err_no_verf; 4256 } 4257 maxcount = svc_max_payload(resp->rqstp); 4258 maxcount = min_t(u32, readdir->rd_maxcount, maxcount); 4259 /* 4260 * Note the rfc defines rd_maxcount as the size of the 4261 * READDIR4resok structure, which includes the verifier above 4262 * and the 8 bytes encoded at the end of this function: 4263 */ 4264 if (maxcount < 16) { 4265 nfserr = nfserr_toosmall; 4266 goto err_no_verf; 4267 } 4268 maxcount = min_t(int, maxcount-16, bytes_left); 4269 4270 /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */ 4271 if (!readdir->rd_dircount) 4272 readdir->rd_dircount = svc_max_payload(resp->rqstp); 4273 4274 readdir->xdr = xdr; 4275 readdir->rd_maxcount = maxcount; 4276 readdir->common.err = 0; 4277 readdir->cookie_offset = 0; 4278 4279 offset = readdir->rd_cookie; 4280 nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp, 4281 &offset, 4282 &readdir->common, nfsd4_encode_dirent); 4283 if (nfserr == nfs_ok && 4284 readdir->common.err == nfserr_toosmall && 4285 xdr->buf->len == starting_len + 8) { 4286 /* nothing encoded; which limit did we hit?: */ 4287 if (maxcount - 16 < bytes_left) 4288 /* It was the fault of rd_maxcount: */ 4289 nfserr = nfserr_toosmall; 4290 else 4291 /* We ran out of buffer space: */ 4292 nfserr = nfserr_resource; 4293 } 4294 if (nfserr) 4295 goto err_no_verf; 4296 4297 if (readdir->cookie_offset) { 4298 wire_offset = cpu_to_be64(offset); 4299 write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset, 4300 &wire_offset, 8); 4301 } 4302 4303 p = xdr_reserve_space(xdr, 8); 4304 if (!p) { 4305 WARN_ON_ONCE(1); 4306 goto err_no_verf; 4307 } 4308 *p++ = 0; /* no more entries */ 4309 *p++ = htonl(readdir->common.err == nfserr_eof); 4310 4311 return 0; 4312 err_no_verf: 4313 xdr_truncate_encode(xdr, starting_len); 4314 return nfserr; 4315 } 4316 4317 static __be32 nfsd4_encode_remove(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4318 nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, 4319 union nfsd4_op_u *u) 4320 { 4321 struct nfsd4_remove *remove = &u->remove; 4322 struct xdr_stream *xdr = resp->xdr; 4323 4324 return nfsd4_encode_change_info4(xdr, &remove->rm_cinfo); 4325 } 4326 4327 static __be32 nfsd4_encode_rename(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4328 nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, 4329 union nfsd4_op_u *u) 4330 { 4331 struct nfsd4_rename *rename = &u->rename; 4332 struct xdr_stream *xdr = resp->xdr; 4333 4334 nfserr = nfsd4_encode_change_info4(xdr, &rename->rn_sinfo); 4335 if (nfserr) 4336 return nfserr; 4337 return nfsd4_encode_change_info4(xdr, &rename->rn_tinfo); 4338 } 4339 4340 static __be32 nfsd4_do_encode_secinfo(struct xdr_stream * xdr,struct svc_export * exp)4341 nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp) 4342 { 4343 u32 i, nflavs, supported; 4344 struct exp_flavor_info *flavs; 4345 struct exp_flavor_info def_flavs[2]; 4346 __be32 *p, *flavorsp; 4347 static bool report = true; 4348 4349 if (exp->ex_nflavors) { 4350 flavs = exp->ex_flavors; 4351 nflavs = exp->ex_nflavors; 4352 } else { /* Handling of some defaults in absence of real secinfo: */ 4353 flavs = def_flavs; 4354 if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) { 4355 nflavs = 2; 4356 flavs[0].pseudoflavor = RPC_AUTH_UNIX; 4357 flavs[1].pseudoflavor = RPC_AUTH_NULL; 4358 } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) { 4359 nflavs = 1; 4360 flavs[0].pseudoflavor 4361 = svcauth_gss_flavor(exp->ex_client); 4362 } else { 4363 nflavs = 1; 4364 flavs[0].pseudoflavor 4365 = exp->ex_client->flavour->flavour; 4366 } 4367 } 4368 4369 supported = 0; 4370 p = xdr_reserve_space(xdr, 4); 4371 if (!p) 4372 return nfserr_resource; 4373 flavorsp = p++; /* to be backfilled later */ 4374 4375 for (i = 0; i < nflavs; i++) { 4376 rpc_authflavor_t pf = flavs[i].pseudoflavor; 4377 struct rpcsec_gss_info info; 4378 4379 if (rpcauth_get_gssinfo(pf, &info) == 0) { 4380 supported++; 4381 p = xdr_reserve_space(xdr, 4 + 4 + 4382 XDR_LEN(info.oid.len) + 4 + 4); 4383 if (!p) 4384 return nfserr_resource; 4385 *p++ = cpu_to_be32(RPC_AUTH_GSS); 4386 p = xdr_encode_opaque(p, info.oid.data, info.oid.len); 4387 *p++ = cpu_to_be32(info.qop); 4388 *p++ = cpu_to_be32(info.service); 4389 } else if (pf < RPC_AUTH_MAXFLAVOR) { 4390 supported++; 4391 p = xdr_reserve_space(xdr, 4); 4392 if (!p) 4393 return nfserr_resource; 4394 *p++ = cpu_to_be32(pf); 4395 } else { 4396 if (report) 4397 pr_warn("NFS: SECINFO: security flavor %u " 4398 "is not supported\n", pf); 4399 } 4400 } 4401 4402 if (nflavs != supported) 4403 report = false; 4404 *flavorsp = htonl(supported); 4405 return 0; 4406 } 4407 4408 static __be32 nfsd4_encode_secinfo(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4409 nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr, 4410 union nfsd4_op_u *u) 4411 { 4412 struct nfsd4_secinfo *secinfo = &u->secinfo; 4413 struct xdr_stream *xdr = resp->xdr; 4414 4415 return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp); 4416 } 4417 4418 static __be32 nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4419 nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr, 4420 union nfsd4_op_u *u) 4421 { 4422 struct nfsd4_secinfo_no_name *secinfo = &u->secinfo_no_name; 4423 struct xdr_stream *xdr = resp->xdr; 4424 4425 return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp); 4426 } 4427 4428 /* 4429 * The SETATTR encode routine is special -- it always encodes a bitmap, 4430 * regardless of the error status. 4431 */ 4432 static __be32 nfsd4_encode_setattr(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4433 nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, 4434 union nfsd4_op_u *u) 4435 { 4436 struct nfsd4_setattr *setattr = &u->setattr; 4437 struct xdr_stream *xdr = resp->xdr; 4438 __be32 *p; 4439 4440 p = xdr_reserve_space(xdr, 16); 4441 if (!p) 4442 return nfserr_resource; 4443 if (nfserr) { 4444 *p++ = cpu_to_be32(3); 4445 *p++ = cpu_to_be32(0); 4446 *p++ = cpu_to_be32(0); 4447 *p++ = cpu_to_be32(0); 4448 } 4449 else { 4450 *p++ = cpu_to_be32(3); 4451 *p++ = cpu_to_be32(setattr->sa_bmval[0]); 4452 *p++ = cpu_to_be32(setattr->sa_bmval[1]); 4453 *p++ = cpu_to_be32(setattr->sa_bmval[2]); 4454 } 4455 return nfserr; 4456 } 4457 4458 static __be32 nfsd4_encode_setclientid(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4459 nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, 4460 union nfsd4_op_u *u) 4461 { 4462 struct nfsd4_setclientid *scd = &u->setclientid; 4463 struct xdr_stream *xdr = resp->xdr; 4464 4465 if (!nfserr) { 4466 nfserr = nfsd4_encode_clientid4(xdr, &scd->se_clientid); 4467 if (nfserr != nfs_ok) 4468 goto out; 4469 nfserr = nfsd4_encode_verifier4(xdr, &scd->se_confirm); 4470 } else if (nfserr == nfserr_clid_inuse) { 4471 /* empty network id */ 4472 if (xdr_stream_encode_u32(xdr, 0) < 0) { 4473 nfserr = nfserr_resource; 4474 goto out; 4475 } 4476 /* empty universal address */ 4477 if (xdr_stream_encode_u32(xdr, 0) < 0) { 4478 nfserr = nfserr_resource; 4479 goto out; 4480 } 4481 } 4482 out: 4483 return nfserr; 4484 } 4485 4486 static __be32 nfsd4_encode_write(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4487 nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, 4488 union nfsd4_op_u *u) 4489 { 4490 struct nfsd4_write *write = &u->write; 4491 4492 if (xdr_stream_encode_u32(resp->xdr, write->wr_bytes_written) < 0) 4493 return nfserr_resource; 4494 if (xdr_stream_encode_u32(resp->xdr, write->wr_how_written) < 0) 4495 return nfserr_resource; 4496 return nfsd4_encode_verifier4(resp->xdr, &write->wr_verifier); 4497 } 4498 4499 static __be32 nfsd4_encode_exchange_id(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4500 nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr, 4501 union nfsd4_op_u *u) 4502 { 4503 struct nfsd4_exchange_id *exid = &u->exchange_id; 4504 struct xdr_stream *xdr = resp->xdr; 4505 __be32 *p; 4506 char *major_id; 4507 char *server_scope; 4508 int major_id_sz; 4509 int server_scope_sz; 4510 uint64_t minor_id = 0; 4511 struct nfsd_net *nn = net_generic(SVC_NET(resp->rqstp), nfsd_net_id); 4512 4513 major_id = nn->nfsd_name; 4514 major_id_sz = strlen(nn->nfsd_name); 4515 server_scope = nn->nfsd_name; 4516 server_scope_sz = strlen(nn->nfsd_name); 4517 4518 if (nfsd4_encode_clientid4(xdr, &exid->clientid) != nfs_ok) 4519 return nfserr_resource; 4520 if (xdr_stream_encode_u32(xdr, exid->seqid) < 0) 4521 return nfserr_resource; 4522 if (xdr_stream_encode_u32(xdr, exid->flags) < 0) 4523 return nfserr_resource; 4524 4525 if (xdr_stream_encode_u32(xdr, exid->spa_how) < 0) 4526 return nfserr_resource; 4527 switch (exid->spa_how) { 4528 case SP4_NONE: 4529 break; 4530 case SP4_MACH_CRED: 4531 /* spo_must_enforce bitmap: */ 4532 nfserr = nfsd4_encode_bitmap(xdr, 4533 exid->spo_must_enforce[0], 4534 exid->spo_must_enforce[1], 4535 exid->spo_must_enforce[2]); 4536 if (nfserr) 4537 return nfserr; 4538 /* spo_must_allow bitmap: */ 4539 nfserr = nfsd4_encode_bitmap(xdr, 4540 exid->spo_must_allow[0], 4541 exid->spo_must_allow[1], 4542 exid->spo_must_allow[2]); 4543 if (nfserr) 4544 return nfserr; 4545 break; 4546 default: 4547 WARN_ON_ONCE(1); 4548 } 4549 4550 p = xdr_reserve_space(xdr, 4551 8 /* so_minor_id */ + 4552 4 /* so_major_id.len */ + 4553 (XDR_QUADLEN(major_id_sz) * 4) + 4554 4 /* eir_server_scope.len */ + 4555 (XDR_QUADLEN(server_scope_sz) * 4) + 4556 4 /* eir_server_impl_id.count (0) */); 4557 if (!p) 4558 return nfserr_resource; 4559 4560 /* The server_owner struct */ 4561 p = xdr_encode_hyper(p, minor_id); /* Minor id */ 4562 /* major id */ 4563 p = xdr_encode_opaque(p, major_id, major_id_sz); 4564 4565 /* Server scope */ 4566 p = xdr_encode_opaque(p, server_scope, server_scope_sz); 4567 4568 /* Implementation id */ 4569 *p++ = cpu_to_be32(0); /* zero length nfs_impl_id4 array */ 4570 return 0; 4571 } 4572 4573 static __be32 nfsd4_encode_create_session(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4574 nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr, 4575 union nfsd4_op_u *u) 4576 { 4577 struct nfsd4_create_session *sess = &u->create_session; 4578 struct xdr_stream *xdr = resp->xdr; 4579 __be32 *p; 4580 4581 p = xdr_reserve_space(xdr, 24); 4582 if (!p) 4583 return nfserr_resource; 4584 p = xdr_encode_opaque_fixed(p, sess->sessionid.data, 4585 NFS4_MAX_SESSIONID_LEN); 4586 *p++ = cpu_to_be32(sess->seqid); 4587 *p++ = cpu_to_be32(sess->flags); 4588 4589 p = xdr_reserve_space(xdr, 28); 4590 if (!p) 4591 return nfserr_resource; 4592 *p++ = cpu_to_be32(0); /* headerpadsz */ 4593 *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz); 4594 *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz); 4595 *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached); 4596 *p++ = cpu_to_be32(sess->fore_channel.maxops); 4597 *p++ = cpu_to_be32(sess->fore_channel.maxreqs); 4598 *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs); 4599 4600 if (sess->fore_channel.nr_rdma_attrs) { 4601 p = xdr_reserve_space(xdr, 4); 4602 if (!p) 4603 return nfserr_resource; 4604 *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs); 4605 } 4606 4607 p = xdr_reserve_space(xdr, 28); 4608 if (!p) 4609 return nfserr_resource; 4610 *p++ = cpu_to_be32(0); /* headerpadsz */ 4611 *p++ = cpu_to_be32(sess->back_channel.maxreq_sz); 4612 *p++ = cpu_to_be32(sess->back_channel.maxresp_sz); 4613 *p++ = cpu_to_be32(sess->back_channel.maxresp_cached); 4614 *p++ = cpu_to_be32(sess->back_channel.maxops); 4615 *p++ = cpu_to_be32(sess->back_channel.maxreqs); 4616 *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs); 4617 4618 if (sess->back_channel.nr_rdma_attrs) { 4619 p = xdr_reserve_space(xdr, 4); 4620 if (!p) 4621 return nfserr_resource; 4622 *p++ = cpu_to_be32(sess->back_channel.rdma_attrs); 4623 } 4624 return 0; 4625 } 4626 4627 static __be32 nfsd4_encode_sequence(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4628 nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr, 4629 union nfsd4_op_u *u) 4630 { 4631 struct nfsd4_sequence *seq = &u->sequence; 4632 struct xdr_stream *xdr = resp->xdr; 4633 __be32 *p; 4634 4635 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20); 4636 if (!p) 4637 return nfserr_resource; 4638 p = xdr_encode_opaque_fixed(p, seq->sessionid.data, 4639 NFS4_MAX_SESSIONID_LEN); 4640 *p++ = cpu_to_be32(seq->seqid); 4641 *p++ = cpu_to_be32(seq->slotid); 4642 /* Note slotid's are numbered from zero: */ 4643 *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */ 4644 *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */ 4645 *p++ = cpu_to_be32(seq->status_flags); 4646 4647 resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */ 4648 return 0; 4649 } 4650 4651 static __be32 nfsd4_encode_test_stateid(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4652 nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr, 4653 union nfsd4_op_u *u) 4654 { 4655 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 4656 struct xdr_stream *xdr = resp->xdr; 4657 struct nfsd4_test_stateid_id *stateid, *next; 4658 __be32 *p; 4659 4660 p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids)); 4661 if (!p) 4662 return nfserr_resource; 4663 *p++ = htonl(test_stateid->ts_num_ids); 4664 4665 list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) { 4666 *p++ = stateid->ts_id_status; 4667 } 4668 4669 return 0; 4670 } 4671 4672 #ifdef CONFIG_NFSD_PNFS 4673 static __be32 nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4674 nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr, 4675 union nfsd4_op_u *u) 4676 { 4677 struct nfsd4_getdeviceinfo *gdev = &u->getdeviceinfo; 4678 struct xdr_stream *xdr = resp->xdr; 4679 const struct nfsd4_layout_ops *ops; 4680 u32 starting_len = xdr->buf->len, needed_len; 4681 __be32 *p; 4682 4683 p = xdr_reserve_space(xdr, 4); 4684 if (!p) 4685 return nfserr_resource; 4686 4687 *p++ = cpu_to_be32(gdev->gd_layout_type); 4688 4689 ops = nfsd4_layout_ops[gdev->gd_layout_type]; 4690 nfserr = ops->encode_getdeviceinfo(xdr, gdev); 4691 if (nfserr) { 4692 /* 4693 * We don't bother to burden the layout drivers with 4694 * enforcing gd_maxcount, just tell the client to 4695 * come back with a bigger buffer if it's not enough. 4696 */ 4697 if (xdr->buf->len + 4 > gdev->gd_maxcount) 4698 goto toosmall; 4699 return nfserr; 4700 } 4701 4702 if (gdev->gd_notify_types) { 4703 p = xdr_reserve_space(xdr, 4 + 4); 4704 if (!p) 4705 return nfserr_resource; 4706 *p++ = cpu_to_be32(1); /* bitmap length */ 4707 *p++ = cpu_to_be32(gdev->gd_notify_types); 4708 } else { 4709 p = xdr_reserve_space(xdr, 4); 4710 if (!p) 4711 return nfserr_resource; 4712 *p++ = 0; 4713 } 4714 4715 return 0; 4716 toosmall: 4717 dprintk("%s: maxcount too small\n", __func__); 4718 needed_len = xdr->buf->len + 4 /* notifications */; 4719 xdr_truncate_encode(xdr, starting_len); 4720 p = xdr_reserve_space(xdr, 4); 4721 if (!p) 4722 return nfserr_resource; 4723 *p++ = cpu_to_be32(needed_len); 4724 return nfserr_toosmall; 4725 } 4726 4727 static __be32 nfsd4_encode_layoutget(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4728 nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr, 4729 union nfsd4_op_u *u) 4730 { 4731 struct nfsd4_layoutget *lgp = &u->layoutget; 4732 struct xdr_stream *xdr = resp->xdr; 4733 const struct nfsd4_layout_ops *ops; 4734 __be32 *p; 4735 4736 p = xdr_reserve_space(xdr, 36 + sizeof(stateid_opaque_t)); 4737 if (!p) 4738 return nfserr_resource; 4739 4740 *p++ = cpu_to_be32(1); /* we always set return-on-close */ 4741 *p++ = cpu_to_be32(lgp->lg_sid.si_generation); 4742 p = xdr_encode_opaque_fixed(p, &lgp->lg_sid.si_opaque, 4743 sizeof(stateid_opaque_t)); 4744 4745 *p++ = cpu_to_be32(1); /* we always return a single layout */ 4746 p = xdr_encode_hyper(p, lgp->lg_seg.offset); 4747 p = xdr_encode_hyper(p, lgp->lg_seg.length); 4748 *p++ = cpu_to_be32(lgp->lg_seg.iomode); 4749 *p++ = cpu_to_be32(lgp->lg_layout_type); 4750 4751 ops = nfsd4_layout_ops[lgp->lg_layout_type]; 4752 return ops->encode_layoutget(xdr, lgp); 4753 } 4754 4755 static __be32 nfsd4_encode_layoutcommit(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4756 nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr, 4757 union nfsd4_op_u *u) 4758 { 4759 struct nfsd4_layoutcommit *lcp = &u->layoutcommit; 4760 struct xdr_stream *xdr = resp->xdr; 4761 __be32 *p; 4762 4763 p = xdr_reserve_space(xdr, 4); 4764 if (!p) 4765 return nfserr_resource; 4766 *p++ = cpu_to_be32(lcp->lc_size_chg); 4767 if (lcp->lc_size_chg) { 4768 p = xdr_reserve_space(xdr, 8); 4769 if (!p) 4770 return nfserr_resource; 4771 p = xdr_encode_hyper(p, lcp->lc_newsize); 4772 } 4773 4774 return 0; 4775 } 4776 4777 static __be32 nfsd4_encode_layoutreturn(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4778 nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr, 4779 union nfsd4_op_u *u) 4780 { 4781 struct nfsd4_layoutreturn *lrp = &u->layoutreturn; 4782 struct xdr_stream *xdr = resp->xdr; 4783 __be32 *p; 4784 4785 p = xdr_reserve_space(xdr, 4); 4786 if (!p) 4787 return nfserr_resource; 4788 *p++ = cpu_to_be32(lrp->lrs_present); 4789 if (lrp->lrs_present) 4790 return nfsd4_encode_stateid(xdr, &lrp->lr_sid); 4791 return 0; 4792 } 4793 #endif /* CONFIG_NFSD_PNFS */ 4794 4795 static __be32 nfsd42_encode_write_res(struct nfsd4_compoundres * resp,struct nfsd42_write_res * write,bool sync)4796 nfsd42_encode_write_res(struct nfsd4_compoundres *resp, 4797 struct nfsd42_write_res *write, bool sync) 4798 { 4799 __be32 *p; 4800 p = xdr_reserve_space(resp->xdr, 4); 4801 if (!p) 4802 return nfserr_resource; 4803 4804 if (sync) 4805 *p++ = cpu_to_be32(0); 4806 else { 4807 __be32 nfserr; 4808 *p++ = cpu_to_be32(1); 4809 nfserr = nfsd4_encode_stateid(resp->xdr, &write->cb_stateid); 4810 if (nfserr) 4811 return nfserr; 4812 } 4813 p = xdr_reserve_space(resp->xdr, 8 + 4 + NFS4_VERIFIER_SIZE); 4814 if (!p) 4815 return nfserr_resource; 4816 4817 p = xdr_encode_hyper(p, write->wr_bytes_written); 4818 *p++ = cpu_to_be32(write->wr_stable_how); 4819 p = xdr_encode_opaque_fixed(p, write->wr_verifier.data, 4820 NFS4_VERIFIER_SIZE); 4821 return nfs_ok; 4822 } 4823 4824 static __be32 nfsd42_encode_nl4_server(struct nfsd4_compoundres * resp,struct nl4_server * ns)4825 nfsd42_encode_nl4_server(struct nfsd4_compoundres *resp, struct nl4_server *ns) 4826 { 4827 struct xdr_stream *xdr = resp->xdr; 4828 struct nfs42_netaddr *addr; 4829 __be32 *p; 4830 4831 p = xdr_reserve_space(xdr, 4); 4832 *p++ = cpu_to_be32(ns->nl4_type); 4833 4834 switch (ns->nl4_type) { 4835 case NL4_NETADDR: 4836 addr = &ns->u.nl4_addr; 4837 4838 /* netid_len, netid, uaddr_len, uaddr (port included 4839 * in RPCBIND_MAXUADDRLEN) 4840 */ 4841 p = xdr_reserve_space(xdr, 4842 4 /* netid len */ + 4843 (XDR_QUADLEN(addr->netid_len) * 4) + 4844 4 /* uaddr len */ + 4845 (XDR_QUADLEN(addr->addr_len) * 4)); 4846 if (!p) 4847 return nfserr_resource; 4848 4849 *p++ = cpu_to_be32(addr->netid_len); 4850 p = xdr_encode_opaque_fixed(p, addr->netid, 4851 addr->netid_len); 4852 *p++ = cpu_to_be32(addr->addr_len); 4853 p = xdr_encode_opaque_fixed(p, addr->addr, 4854 addr->addr_len); 4855 break; 4856 default: 4857 WARN_ON_ONCE(ns->nl4_type != NL4_NETADDR); 4858 return nfserr_inval; 4859 } 4860 4861 return 0; 4862 } 4863 4864 static __be32 nfsd4_encode_copy(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4865 nfsd4_encode_copy(struct nfsd4_compoundres *resp, __be32 nfserr, 4866 union nfsd4_op_u *u) 4867 { 4868 struct nfsd4_copy *copy = &u->copy; 4869 __be32 *p; 4870 4871 nfserr = nfsd42_encode_write_res(resp, ©->cp_res, 4872 nfsd4_copy_is_sync(copy)); 4873 if (nfserr) 4874 return nfserr; 4875 4876 p = xdr_reserve_space(resp->xdr, 4 + 4); 4877 *p++ = xdr_one; /* cr_consecutive */ 4878 *p = nfsd4_copy_is_sync(copy) ? xdr_one : xdr_zero; 4879 return 0; 4880 } 4881 4882 static __be32 nfsd4_encode_offload_status(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4883 nfsd4_encode_offload_status(struct nfsd4_compoundres *resp, __be32 nfserr, 4884 union nfsd4_op_u *u) 4885 { 4886 struct nfsd4_offload_status *os = &u->offload_status; 4887 struct xdr_stream *xdr = resp->xdr; 4888 __be32 *p; 4889 4890 p = xdr_reserve_space(xdr, 8 + 4); 4891 if (!p) 4892 return nfserr_resource; 4893 p = xdr_encode_hyper(p, os->count); 4894 *p++ = cpu_to_be32(0); 4895 return nfserr; 4896 } 4897 4898 static __be32 nfsd4_encode_read_plus_data(struct nfsd4_compoundres * resp,struct nfsd4_read * read)4899 nfsd4_encode_read_plus_data(struct nfsd4_compoundres *resp, 4900 struct nfsd4_read *read) 4901 { 4902 bool splice_ok = test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags); 4903 struct file *file = read->rd_nf->nf_file; 4904 struct xdr_stream *xdr = resp->xdr; 4905 unsigned long maxcount; 4906 __be32 nfserr, *p; 4907 4908 /* Content type, offset, byte count */ 4909 p = xdr_reserve_space(xdr, 4 + 8 + 4); 4910 if (!p) 4911 return nfserr_io; 4912 if (resp->xdr->buf->page_len && splice_ok) { 4913 WARN_ON_ONCE(splice_ok); 4914 return nfserr_serverfault; 4915 } 4916 4917 maxcount = min_t(unsigned long, read->rd_length, 4918 (xdr->buf->buflen - xdr->buf->len)); 4919 4920 if (file->f_op->splice_read && splice_ok) 4921 nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount); 4922 else 4923 nfserr = nfsd4_encode_readv(resp, read, file, maxcount); 4924 if (nfserr) 4925 return nfserr; 4926 4927 *p++ = cpu_to_be32(NFS4_CONTENT_DATA); 4928 p = xdr_encode_hyper(p, read->rd_offset); 4929 *p = cpu_to_be32(read->rd_length); 4930 4931 return nfs_ok; 4932 } 4933 4934 static __be32 nfsd4_encode_read_plus(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4935 nfsd4_encode_read_plus(struct nfsd4_compoundres *resp, __be32 nfserr, 4936 union nfsd4_op_u *u) 4937 { 4938 struct nfsd4_read *read = &u->read; 4939 struct file *file = read->rd_nf->nf_file; 4940 struct xdr_stream *xdr = resp->xdr; 4941 int starting_len = xdr->buf->len; 4942 u32 segments = 0; 4943 __be32 *p; 4944 4945 if (nfserr) 4946 return nfserr; 4947 4948 /* eof flag, segment count */ 4949 p = xdr_reserve_space(xdr, 4 + 4); 4950 if (!p) 4951 return nfserr_io; 4952 xdr_commit_encode(xdr); 4953 4954 read->rd_eof = read->rd_offset >= i_size_read(file_inode(file)); 4955 if (read->rd_eof) 4956 goto out; 4957 4958 nfserr = nfsd4_encode_read_plus_data(resp, read); 4959 if (nfserr) { 4960 xdr_truncate_encode(xdr, starting_len); 4961 return nfserr; 4962 } 4963 4964 segments++; 4965 4966 out: 4967 p = xdr_encode_bool(p, read->rd_eof); 4968 *p = cpu_to_be32(segments); 4969 return nfserr; 4970 } 4971 4972 static __be32 nfsd4_encode_copy_notify(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)4973 nfsd4_encode_copy_notify(struct nfsd4_compoundres *resp, __be32 nfserr, 4974 union nfsd4_op_u *u) 4975 { 4976 struct nfsd4_copy_notify *cn = &u->copy_notify; 4977 struct xdr_stream *xdr = resp->xdr; 4978 __be32 *p; 4979 4980 if (nfserr) 4981 return nfserr; 4982 4983 /* 8 sec, 4 nsec */ 4984 p = xdr_reserve_space(xdr, 12); 4985 if (!p) 4986 return nfserr_resource; 4987 4988 /* cnr_lease_time */ 4989 p = xdr_encode_hyper(p, cn->cpn_sec); 4990 *p++ = cpu_to_be32(cn->cpn_nsec); 4991 4992 /* cnr_stateid */ 4993 nfserr = nfsd4_encode_stateid(xdr, &cn->cpn_cnr_stateid); 4994 if (nfserr) 4995 return nfserr; 4996 4997 /* cnr_src.nl_nsvr */ 4998 p = xdr_reserve_space(xdr, 4); 4999 if (!p) 5000 return nfserr_resource; 5001 5002 *p++ = cpu_to_be32(1); 5003 5004 nfserr = nfsd42_encode_nl4_server(resp, cn->cpn_src); 5005 return nfserr; 5006 } 5007 5008 static __be32 nfsd4_encode_seek(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)5009 nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr, 5010 union nfsd4_op_u *u) 5011 { 5012 struct nfsd4_seek *seek = &u->seek; 5013 __be32 *p; 5014 5015 p = xdr_reserve_space(resp->xdr, 4 + 8); 5016 *p++ = cpu_to_be32(seek->seek_eof); 5017 p = xdr_encode_hyper(p, seek->seek_pos); 5018 5019 return 0; 5020 } 5021 5022 static __be32 nfsd4_encode_noop(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * p)5023 nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, 5024 union nfsd4_op_u *p) 5025 { 5026 return nfserr; 5027 } 5028 5029 /* 5030 * Encode kmalloc-ed buffer in to XDR stream. 5031 */ 5032 static __be32 nfsd4_vbuf_to_stream(struct xdr_stream * xdr,char * buf,u32 buflen)5033 nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen) 5034 { 5035 u32 cplen; 5036 __be32 *p; 5037 5038 cplen = min_t(unsigned long, buflen, 5039 ((void *)xdr->end - (void *)xdr->p)); 5040 p = xdr_reserve_space(xdr, cplen); 5041 if (!p) 5042 return nfserr_resource; 5043 5044 memcpy(p, buf, cplen); 5045 buf += cplen; 5046 buflen -= cplen; 5047 5048 while (buflen) { 5049 cplen = min_t(u32, buflen, PAGE_SIZE); 5050 p = xdr_reserve_space(xdr, cplen); 5051 if (!p) 5052 return nfserr_resource; 5053 5054 memcpy(p, buf, cplen); 5055 5056 if (cplen < PAGE_SIZE) { 5057 /* 5058 * We're done, with a length that wasn't page 5059 * aligned, so possibly not word aligned. Pad 5060 * any trailing bytes with 0. 5061 */ 5062 xdr_encode_opaque_fixed(p, NULL, cplen); 5063 break; 5064 } 5065 5066 buflen -= PAGE_SIZE; 5067 buf += PAGE_SIZE; 5068 } 5069 5070 return 0; 5071 } 5072 5073 static __be32 nfsd4_encode_getxattr(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)5074 nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr, 5075 union nfsd4_op_u *u) 5076 { 5077 struct nfsd4_getxattr *getxattr = &u->getxattr; 5078 struct xdr_stream *xdr = resp->xdr; 5079 __be32 *p, err; 5080 5081 p = xdr_reserve_space(xdr, 4); 5082 if (!p) 5083 return nfserr_resource; 5084 5085 *p = cpu_to_be32(getxattr->getxa_len); 5086 5087 if (getxattr->getxa_len == 0) 5088 return 0; 5089 5090 err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf, 5091 getxattr->getxa_len); 5092 5093 kvfree(getxattr->getxa_buf); 5094 5095 return err; 5096 } 5097 5098 static __be32 nfsd4_encode_setxattr(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)5099 nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr, 5100 union nfsd4_op_u *u) 5101 { 5102 struct nfsd4_setxattr *setxattr = &u->setxattr; 5103 struct xdr_stream *xdr = resp->xdr; 5104 5105 return nfsd4_encode_change_info4(xdr, &setxattr->setxa_cinfo); 5106 } 5107 5108 /* 5109 * See if there are cookie values that can be rejected outright. 5110 */ 5111 static __be32 nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs * listxattrs,u32 * offsetp)5112 nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs, 5113 u32 *offsetp) 5114 { 5115 u64 cookie = listxattrs->lsxa_cookie; 5116 5117 /* 5118 * If the cookie is larger than the maximum number we can fit 5119 * in either the buffer we just got back from vfs_listxattr, or, 5120 * XDR-encoded, in the return buffer, it's invalid. 5121 */ 5122 if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2)) 5123 return nfserr_badcookie; 5124 5125 if (cookie > (listxattrs->lsxa_maxcount / 5126 (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4))) 5127 return nfserr_badcookie; 5128 5129 *offsetp = (u32)cookie; 5130 return 0; 5131 } 5132 5133 static __be32 nfsd4_encode_listxattrs(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)5134 nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr, 5135 union nfsd4_op_u *u) 5136 { 5137 struct nfsd4_listxattrs *listxattrs = &u->listxattrs; 5138 struct xdr_stream *xdr = resp->xdr; 5139 u32 cookie_offset, count_offset, eof; 5140 u32 left, xdrleft, slen, count; 5141 u32 xdrlen, offset; 5142 u64 cookie; 5143 char *sp; 5144 __be32 status, tmp; 5145 __be32 *p; 5146 u32 nuser; 5147 5148 eof = 1; 5149 5150 status = nfsd4_listxattr_validate_cookie(listxattrs, &offset); 5151 if (status) 5152 goto out; 5153 5154 /* 5155 * Reserve space for the cookie and the name array count. Record 5156 * the offsets to save them later. 5157 */ 5158 cookie_offset = xdr->buf->len; 5159 count_offset = cookie_offset + 8; 5160 p = xdr_reserve_space(xdr, 12); 5161 if (!p) { 5162 status = nfserr_resource; 5163 goto out; 5164 } 5165 5166 count = 0; 5167 left = listxattrs->lsxa_len; 5168 sp = listxattrs->lsxa_buf; 5169 nuser = 0; 5170 5171 xdrleft = listxattrs->lsxa_maxcount; 5172 5173 while (left > 0 && xdrleft > 0) { 5174 slen = strlen(sp); 5175 5176 /* 5177 * Check if this is a "user." attribute, skip it if not. 5178 */ 5179 if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) 5180 goto contloop; 5181 5182 slen -= XATTR_USER_PREFIX_LEN; 5183 xdrlen = 4 + ((slen + 3) & ~3); 5184 if (xdrlen > xdrleft) { 5185 if (count == 0) { 5186 /* 5187 * Can't even fit the first attribute name. 5188 */ 5189 status = nfserr_toosmall; 5190 goto out; 5191 } 5192 eof = 0; 5193 goto wreof; 5194 } 5195 5196 left -= XATTR_USER_PREFIX_LEN; 5197 sp += XATTR_USER_PREFIX_LEN; 5198 if (nuser++ < offset) 5199 goto contloop; 5200 5201 5202 p = xdr_reserve_space(xdr, xdrlen); 5203 if (!p) { 5204 status = nfserr_resource; 5205 goto out; 5206 } 5207 5208 xdr_encode_opaque(p, sp, slen); 5209 5210 xdrleft -= xdrlen; 5211 count++; 5212 contloop: 5213 sp += slen + 1; 5214 left -= slen + 1; 5215 } 5216 5217 /* 5218 * If there were user attributes to copy, but we didn't copy 5219 * any, the offset was too large (e.g. the cookie was invalid). 5220 */ 5221 if (nuser > 0 && count == 0) { 5222 status = nfserr_badcookie; 5223 goto out; 5224 } 5225 5226 wreof: 5227 p = xdr_reserve_space(xdr, 4); 5228 if (!p) { 5229 status = nfserr_resource; 5230 goto out; 5231 } 5232 *p = cpu_to_be32(eof); 5233 5234 cookie = offset + count; 5235 5236 write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8); 5237 tmp = cpu_to_be32(count); 5238 write_bytes_to_xdr_buf(xdr->buf, count_offset, &tmp, 4); 5239 out: 5240 if (listxattrs->lsxa_len) 5241 kvfree(listxattrs->lsxa_buf); 5242 return status; 5243 } 5244 5245 static __be32 nfsd4_encode_removexattr(struct nfsd4_compoundres * resp,__be32 nfserr,union nfsd4_op_u * u)5246 nfsd4_encode_removexattr(struct nfsd4_compoundres *resp, __be32 nfserr, 5247 union nfsd4_op_u *u) 5248 { 5249 struct nfsd4_removexattr *removexattr = &u->removexattr; 5250 struct xdr_stream *xdr = resp->xdr; 5251 5252 return nfsd4_encode_change_info4(xdr, &removexattr->rmxa_cinfo); 5253 } 5254 5255 typedef __be32(*nfsd4_enc)(struct nfsd4_compoundres *, __be32, union nfsd4_op_u *u); 5256 5257 /* 5258 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1 5259 * since we don't need to filter out obsolete ops as this is 5260 * done in the decoding phase. 5261 */ 5262 static const nfsd4_enc nfsd4_enc_ops[] = { 5263 [OP_ACCESS] = nfsd4_encode_access, 5264 [OP_CLOSE] = nfsd4_encode_close, 5265 [OP_COMMIT] = nfsd4_encode_commit, 5266 [OP_CREATE] = nfsd4_encode_create, 5267 [OP_DELEGPURGE] = nfsd4_encode_noop, 5268 [OP_DELEGRETURN] = nfsd4_encode_noop, 5269 [OP_GETATTR] = nfsd4_encode_getattr, 5270 [OP_GETFH] = nfsd4_encode_getfh, 5271 [OP_LINK] = nfsd4_encode_link, 5272 [OP_LOCK] = nfsd4_encode_lock, 5273 [OP_LOCKT] = nfsd4_encode_lockt, 5274 [OP_LOCKU] = nfsd4_encode_locku, 5275 [OP_LOOKUP] = nfsd4_encode_noop, 5276 [OP_LOOKUPP] = nfsd4_encode_noop, 5277 [OP_NVERIFY] = nfsd4_encode_noop, 5278 [OP_OPEN] = nfsd4_encode_open, 5279 [OP_OPENATTR] = nfsd4_encode_noop, 5280 [OP_OPEN_CONFIRM] = nfsd4_encode_open_confirm, 5281 [OP_OPEN_DOWNGRADE] = nfsd4_encode_open_downgrade, 5282 [OP_PUTFH] = nfsd4_encode_noop, 5283 [OP_PUTPUBFH] = nfsd4_encode_noop, 5284 [OP_PUTROOTFH] = nfsd4_encode_noop, 5285 [OP_READ] = nfsd4_encode_read, 5286 [OP_READDIR] = nfsd4_encode_readdir, 5287 [OP_READLINK] = nfsd4_encode_readlink, 5288 [OP_REMOVE] = nfsd4_encode_remove, 5289 [OP_RENAME] = nfsd4_encode_rename, 5290 [OP_RENEW] = nfsd4_encode_noop, 5291 [OP_RESTOREFH] = nfsd4_encode_noop, 5292 [OP_SAVEFH] = nfsd4_encode_noop, 5293 [OP_SECINFO] = nfsd4_encode_secinfo, 5294 [OP_SETATTR] = nfsd4_encode_setattr, 5295 [OP_SETCLIENTID] = nfsd4_encode_setclientid, 5296 [OP_SETCLIENTID_CONFIRM] = nfsd4_encode_noop, 5297 [OP_VERIFY] = nfsd4_encode_noop, 5298 [OP_WRITE] = nfsd4_encode_write, 5299 [OP_RELEASE_LOCKOWNER] = nfsd4_encode_noop, 5300 5301 /* NFSv4.1 operations */ 5302 [OP_BACKCHANNEL_CTL] = nfsd4_encode_noop, 5303 [OP_BIND_CONN_TO_SESSION] = nfsd4_encode_bind_conn_to_session, 5304 [OP_EXCHANGE_ID] = nfsd4_encode_exchange_id, 5305 [OP_CREATE_SESSION] = nfsd4_encode_create_session, 5306 [OP_DESTROY_SESSION] = nfsd4_encode_noop, 5307 [OP_FREE_STATEID] = nfsd4_encode_noop, 5308 [OP_GET_DIR_DELEGATION] = nfsd4_encode_noop, 5309 #ifdef CONFIG_NFSD_PNFS 5310 [OP_GETDEVICEINFO] = nfsd4_encode_getdeviceinfo, 5311 [OP_GETDEVICELIST] = nfsd4_encode_noop, 5312 [OP_LAYOUTCOMMIT] = nfsd4_encode_layoutcommit, 5313 [OP_LAYOUTGET] = nfsd4_encode_layoutget, 5314 [OP_LAYOUTRETURN] = nfsd4_encode_layoutreturn, 5315 #else 5316 [OP_GETDEVICEINFO] = nfsd4_encode_noop, 5317 [OP_GETDEVICELIST] = nfsd4_encode_noop, 5318 [OP_LAYOUTCOMMIT] = nfsd4_encode_noop, 5319 [OP_LAYOUTGET] = nfsd4_encode_noop, 5320 [OP_LAYOUTRETURN] = nfsd4_encode_noop, 5321 #endif 5322 [OP_SECINFO_NO_NAME] = nfsd4_encode_secinfo_no_name, 5323 [OP_SEQUENCE] = nfsd4_encode_sequence, 5324 [OP_SET_SSV] = nfsd4_encode_noop, 5325 [OP_TEST_STATEID] = nfsd4_encode_test_stateid, 5326 [OP_WANT_DELEGATION] = nfsd4_encode_noop, 5327 [OP_DESTROY_CLIENTID] = nfsd4_encode_noop, 5328 [OP_RECLAIM_COMPLETE] = nfsd4_encode_noop, 5329 5330 /* NFSv4.2 operations */ 5331 [OP_ALLOCATE] = nfsd4_encode_noop, 5332 [OP_COPY] = nfsd4_encode_copy, 5333 [OP_COPY_NOTIFY] = nfsd4_encode_copy_notify, 5334 [OP_DEALLOCATE] = nfsd4_encode_noop, 5335 [OP_IO_ADVISE] = nfsd4_encode_noop, 5336 [OP_LAYOUTERROR] = nfsd4_encode_noop, 5337 [OP_LAYOUTSTATS] = nfsd4_encode_noop, 5338 [OP_OFFLOAD_CANCEL] = nfsd4_encode_noop, 5339 [OP_OFFLOAD_STATUS] = nfsd4_encode_offload_status, 5340 [OP_READ_PLUS] = nfsd4_encode_read_plus, 5341 [OP_SEEK] = nfsd4_encode_seek, 5342 [OP_WRITE_SAME] = nfsd4_encode_noop, 5343 [OP_CLONE] = nfsd4_encode_noop, 5344 5345 /* RFC 8276 extended atributes operations */ 5346 [OP_GETXATTR] = nfsd4_encode_getxattr, 5347 [OP_SETXATTR] = nfsd4_encode_setxattr, 5348 [OP_LISTXATTRS] = nfsd4_encode_listxattrs, 5349 [OP_REMOVEXATTR] = nfsd4_encode_removexattr, 5350 }; 5351 5352 /* 5353 * Calculate whether we still have space to encode repsize bytes. 5354 * There are two considerations: 5355 * - For NFS versions >=4.1, the size of the reply must stay within 5356 * session limits 5357 * - For all NFS versions, we must stay within limited preallocated 5358 * buffer space. 5359 * 5360 * This is called before the operation is processed, so can only provide 5361 * an upper estimate. For some nonidempotent operations (such as 5362 * getattr), it's not necessarily a problem if that estimate is wrong, 5363 * as we can fail it after processing without significant side effects. 5364 */ nfsd4_check_resp_size(struct nfsd4_compoundres * resp,u32 respsize)5365 __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) 5366 { 5367 struct xdr_buf *buf = &resp->rqstp->rq_res; 5368 struct nfsd4_slot *slot = resp->cstate.slot; 5369 5370 if (buf->len + respsize <= buf->buflen) 5371 return nfs_ok; 5372 if (!nfsd4_has_session(&resp->cstate)) 5373 return nfserr_resource; 5374 if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) { 5375 WARN_ON_ONCE(1); 5376 return nfserr_rep_too_big_to_cache; 5377 } 5378 return nfserr_rep_too_big; 5379 } 5380 5381 void nfsd4_encode_operation(struct nfsd4_compoundres * resp,struct nfsd4_op * op)5382 nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op) 5383 { 5384 struct xdr_stream *xdr = resp->xdr; 5385 struct nfs4_stateowner *so = resp->cstate.replay_owner; 5386 struct svc_rqst *rqstp = resp->rqstp; 5387 const struct nfsd4_operation *opdesc = op->opdesc; 5388 int post_err_offset; 5389 nfsd4_enc encoder; 5390 __be32 *p; 5391 5392 p = xdr_reserve_space(xdr, 8); 5393 if (!p) 5394 goto release; 5395 *p++ = cpu_to_be32(op->opnum); 5396 post_err_offset = xdr->buf->len; 5397 5398 if (op->opnum == OP_ILLEGAL) 5399 goto status; 5400 if (op->status && opdesc && 5401 !(opdesc->op_flags & OP_NONTRIVIAL_ERROR_ENCODE)) 5402 goto status; 5403 BUG_ON(op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) || 5404 !nfsd4_enc_ops[op->opnum]); 5405 encoder = nfsd4_enc_ops[op->opnum]; 5406 op->status = encoder(resp, op->status, &op->u); 5407 if (op->status) 5408 trace_nfsd_compound_encode_err(rqstp, op->opnum, op->status); 5409 xdr_commit_encode(xdr); 5410 5411 /* nfsd4_check_resp_size guarantees enough room for error status */ 5412 if (!op->status) { 5413 int space_needed = 0; 5414 if (!nfsd4_last_compound_op(rqstp)) 5415 space_needed = COMPOUND_ERR_SLACK_SPACE; 5416 op->status = nfsd4_check_resp_size(resp, space_needed); 5417 } 5418 if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) { 5419 struct nfsd4_slot *slot = resp->cstate.slot; 5420 5421 if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) 5422 op->status = nfserr_rep_too_big_to_cache; 5423 else 5424 op->status = nfserr_rep_too_big; 5425 } 5426 if (op->status == nfserr_resource || 5427 op->status == nfserr_rep_too_big || 5428 op->status == nfserr_rep_too_big_to_cache) { 5429 /* 5430 * The operation may have already been encoded or 5431 * partially encoded. No op returns anything additional 5432 * in the case of one of these three errors, so we can 5433 * just truncate back to after the status. But it's a 5434 * bug if we had to do this on a non-idempotent op: 5435 */ 5436 warn_on_nonidempotent_op(op); 5437 xdr_truncate_encode(xdr, post_err_offset); 5438 } 5439 if (so) { 5440 int len = xdr->buf->len - post_err_offset; 5441 5442 so->so_replay.rp_status = op->status; 5443 so->so_replay.rp_buflen = len; 5444 read_bytes_from_xdr_buf(xdr->buf, post_err_offset, 5445 so->so_replay.rp_buf, len); 5446 } 5447 status: 5448 *p = op->status; 5449 release: 5450 if (opdesc && opdesc->op_release) 5451 opdesc->op_release(&op->u); 5452 5453 /* 5454 * Account for pages consumed while encoding this operation. 5455 * The xdr_stream primitives don't manage rq_next_page. 5456 */ 5457 rqstp->rq_next_page = xdr->page_ptr + 1; 5458 } 5459 5460 /* 5461 * Encode the reply stored in the stateowner reply cache 5462 * 5463 * XDR note: do not encode rp->rp_buflen: the buffer contains the 5464 * previously sent already encoded operation. 5465 */ 5466 void nfsd4_encode_replay(struct xdr_stream * xdr,struct nfsd4_op * op)5467 nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op) 5468 { 5469 __be32 *p; 5470 struct nfs4_replay *rp = op->replay; 5471 5472 p = xdr_reserve_space(xdr, 8 + rp->rp_buflen); 5473 if (!p) { 5474 WARN_ON_ONCE(1); 5475 return; 5476 } 5477 *p++ = cpu_to_be32(op->opnum); 5478 *p++ = rp->rp_status; /* already xdr'ed */ 5479 5480 p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen); 5481 } 5482 nfsd4_release_compoundargs(struct svc_rqst * rqstp)5483 void nfsd4_release_compoundargs(struct svc_rqst *rqstp) 5484 { 5485 struct nfsd4_compoundargs *args = rqstp->rq_argp; 5486 5487 if (args->ops != args->iops) { 5488 vfree(args->ops); 5489 args->ops = args->iops; 5490 } 5491 while (args->to_free) { 5492 struct svcxdr_tmpbuf *tb = args->to_free; 5493 args->to_free = tb->next; 5494 kfree(tb); 5495 } 5496 } 5497 5498 bool nfs4svc_decode_compoundargs(struct svc_rqst * rqstp,struct xdr_stream * xdr)5499 nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) 5500 { 5501 struct nfsd4_compoundargs *args = rqstp->rq_argp; 5502 5503 /* svcxdr_tmp_alloc */ 5504 args->to_free = NULL; 5505 5506 args->xdr = xdr; 5507 args->ops = args->iops; 5508 args->rqstp = rqstp; 5509 5510 return nfsd4_decode_compound(args); 5511 } 5512 5513 bool nfs4svc_encode_compoundres(struct svc_rqst * rqstp,struct xdr_stream * xdr)5514 nfs4svc_encode_compoundres(struct svc_rqst *rqstp, struct xdr_stream *xdr) 5515 { 5516 struct nfsd4_compoundres *resp = rqstp->rq_resp; 5517 __be32 *p; 5518 5519 /* 5520 * Send buffer space for the following items is reserved 5521 * at the top of nfsd4_proc_compound(). 5522 */ 5523 p = resp->statusp; 5524 5525 *p++ = resp->cstate.status; 5526 *p++ = htonl(resp->taglen); 5527 memcpy(p, resp->tag, resp->taglen); 5528 p += XDR_QUADLEN(resp->taglen); 5529 *p++ = htonl(resp->opcnt); 5530 5531 nfsd4_sequence_done(resp); 5532 return true; 5533 } 5534
