nfsfh.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * NFS server file handle treatment.
  4. *
  5. * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
  6. * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org>
  7. * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999
  8. * ... and again Southern-Winter 2001 to support export_operations
  9. */
  10. #include <linux/exportfs.h>
  11. #include <linux/sunrpc/svcauth_gss.h>
  12. #include "nfsd.h"
  13. #include "vfs.h"
  14. #include "auth.h"
  15. #include "trace.h"
  16. #define NFSDDBG_FACILITY NFSDDBG_FH
  17. /*
  18. * our acceptability function.
  19. * if NOSUBTREECHECK, accept anything
  20. * if not, require that we can walk up to exp->ex_dentry
  21. * doing some checks on the 'x' bits
  22. */
  23. static int nfsd_acceptable(void *expv, struct dentry *dentry)
  24. {
  25. struct svc_export *exp = expv;
  26. int rv;
  27. struct dentry *tdentry;
  28. struct dentry *parent;
  29. if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
  30. return 1;
  31. tdentry = dget(dentry);
  32. while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) {
  33. /* make sure parents give x permission to user */
  34. int err;
  35. parent = dget_parent(tdentry);
  36. err = inode_permission(&nop_mnt_idmap,
  37. d_inode(parent), MAY_EXEC);
  38. if (err < 0) {
  39. dput(parent);
  40. break;
  41. }
  42. dput(tdentry);
  43. tdentry = parent;
  44. }
  45. if (tdentry != exp->ex_path.dentry)
  46. dprintk("nfsd_acceptable failed at %p %pd\n", tdentry, tdentry);
  47. rv = (tdentry == exp->ex_path.dentry);
  48. dput(tdentry);
  49. return rv;
  50. }
  51. /* Type check. The correct error return for type mismatches does not seem to be
  52. * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a
  53. * comment in the NFSv3 spec says this is incorrect (implementation notes for
  54. * the write call).
  55. */
  56. static inline __be32
  57. nfsd_mode_check(struct dentry *dentry, umode_t requested)
  58. {
  59. umode_t mode = d_inode(dentry)->i_mode & S_IFMT;
  60. if (requested == 0) /* the caller doesn't care */
  61. return nfs_ok;
  62. if (mode == requested) {
  63. if (mode == S_IFDIR && !d_can_lookup(dentry)) {
  64. WARN_ON_ONCE(1);
  65. return nfserr_notdir;
  66. }
  67. return nfs_ok;
  68. }
  69. if (mode == S_IFLNK) {
  70. if (requested == S_IFDIR)
  71. return nfserr_symlink_not_dir;
  72. return nfserr_symlink;
  73. }
  74. if (requested == S_IFDIR)
  75. return nfserr_notdir;
  76. if (mode == S_IFDIR)
  77. return nfserr_isdir;
  78. return nfserr_wrong_type;
  79. }
  80. static bool nfsd_originating_port_ok(struct svc_rqst *rqstp,
  81. struct svc_cred *cred,
  82. struct svc_export *exp)
  83. {
  84. if (nfsexp_flags(cred, exp) & NFSEXP_INSECURE_PORT)
  85. return true;
  86. /* We don't require gss requests to use low ports: */
  87. if (cred->cr_flavor >= RPC_AUTH_GSS)
  88. return true;
  89. return test_bit(RQ_SECURE, &rqstp->rq_flags);
  90. }
  91. static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
  92. struct svc_cred *cred,
  93. struct svc_export *exp)
  94. {
  95. /* Check if the request originated from a secure port. */
  96. if (rqstp && !nfsd_originating_port_ok(rqstp, cred, exp)) {
  97. RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
  98. dprintk("nfsd: request from insecure port %s!\n",
  99. svc_print_addr(rqstp, buf, sizeof(buf)));
  100. return nfserr_perm;
  101. }
  102. /* Set user creds for this exportpoint */
  103. return nfserrno(nfsd_setuser(cred, exp));
  104. }
  105. static inline __be32 check_pseudo_root(struct dentry *dentry,
  106. struct svc_export *exp)
  107. {
  108. if (!(exp->ex_flags & NFSEXP_V4ROOT))
  109. return nfs_ok;
  110. /*
  111. * We're exposing only the directories and symlinks that have to be
  112. * traversed on the way to real exports:
  113. */
  114. if (unlikely(!d_is_dir(dentry) &&
  115. !d_is_symlink(dentry)))
  116. return nfserr_stale;
  117. /*
  118. * A pseudoroot export gives permission to access only one
  119. * single directory; the kernel has to make another upcall
  120. * before granting access to anything else under it:
  121. */
  122. if (unlikely(dentry != exp->ex_path.dentry))
  123. return nfserr_stale;
  124. return nfs_ok;
  125. }
  126. /*
  127. * Use the given filehandle to look up the corresponding export and
  128. * dentry. On success, the results are used to set fh_export and
  129. * fh_dentry.
  130. */
  131. static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
  132. struct svc_cred *cred,
  133. struct auth_domain *client,
  134. struct auth_domain *gssclient,
  135. struct svc_fh *fhp)
  136. {
  137. struct knfsd_fh *fh = &fhp->fh_handle;
  138. struct fid *fid = NULL;
  139. struct svc_export *exp;
  140. struct dentry *dentry;
  141. int fileid_type;
  142. int data_left = fh->fh_size/4;
  143. int len;
  144. __be32 error;
  145. error = nfserr_badhandle;
  146. if (fh->fh_size == 0)
  147. return nfserr_nofilehandle;
  148. if (fh->fh_version != 1)
  149. return error;
  150. if (--data_left < 0)
  151. return error;
  152. if (fh->fh_auth_type != 0)
  153. return error;
  154. len = key_len(fh->fh_fsid_type) / 4;
  155. if (len == 0)
  156. return error;
  157. if (fh->fh_fsid_type == FSID_MAJOR_MINOR) {
  158. u32 *fsid = fh_fsid(fh);
  159. /* deprecated, convert to type 3 */
  160. len = key_len(FSID_ENCODE_DEV)/4;
  161. fh->fh_fsid_type = FSID_ENCODE_DEV;
  162. /*
  163. * struct knfsd_fh uses host-endian fields, which are
  164. * sometimes used to hold net-endian values. This
  165. * confuses sparse, so we must use __force here to
  166. * keep it from complaining.
  167. */
  168. fsid[0] = new_encode_dev(MKDEV(ntohl((__force __be32)fsid[0]),
  169. ntohl((__force __be32)fsid[1])));
  170. fsid[1] = fsid[2];
  171. }
  172. data_left -= len;
  173. if (data_left < 0)
  174. return error;
  175. exp = rqst_exp_find(rqstp ? &rqstp->rq_chandle : NULL,
  176. net, client, gssclient,
  177. fh->fh_fsid_type, fh_fsid(fh));
  178. fid = (struct fid *)(fh_fsid(fh) + len);
  179. error = nfserr_stale;
  180. if (IS_ERR(exp)) {
  181. trace_nfsd_set_fh_dentry_badexport(rqstp, fhp, PTR_ERR(exp));
  182. if (PTR_ERR(exp) == -ENOENT)
  183. return error;
  184. return nfserrno(PTR_ERR(exp));
  185. }
  186. if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
  187. /* Elevate privileges so that the lack of 'r' or 'x'
  188. * permission on some parent directory will
  189. * not stop exportfs_decode_fh from being able
  190. * to reconnect a directory into the dentry cache.
  191. * The same problem can affect "SUBTREECHECK" exports,
  192. * but as nfsd_acceptable depends on correct
  193. * access control settings being in effect, we cannot
  194. * fix that case easily.
  195. */
  196. struct cred *new = prepare_creds();
  197. if (!new) {
  198. error = nfserrno(-ENOMEM);
  199. goto out;
  200. }
  201. new->cap_effective =
  202. cap_raise_nfsd_set(new->cap_effective,
  203. new->cap_permitted);
  204. put_cred(override_creds(new));
  205. } else {
  206. error = nfsd_setuser_and_check_port(rqstp, cred, exp);
  207. if (error)
  208. goto out;
  209. }
  210. /*
  211. * Look up the dentry using the NFS file handle.
  212. */
  213. error = nfserr_badhandle;
  214. fileid_type = fh->fh_fileid_type;
  215. if (fileid_type == FILEID_ROOT)
  216. dentry = dget(exp->ex_path.dentry);
  217. else {
  218. dentry = exportfs_decode_fh_raw(exp->ex_path.mnt, fid,
  219. data_left, fileid_type, 0,
  220. nfsd_acceptable, exp);
  221. if (IS_ERR_OR_NULL(dentry)) {
  222. trace_nfsd_set_fh_dentry_badhandle(rqstp, fhp,
  223. dentry ? PTR_ERR(dentry) : -ESTALE);
  224. switch (PTR_ERR(dentry)) {
  225. case -ENOMEM:
  226. case -ETIMEDOUT:
  227. break;
  228. default:
  229. dentry = ERR_PTR(-ESTALE);
  230. }
  231. }
  232. }
  233. if (dentry == NULL)
  234. goto out;
  235. if (IS_ERR(dentry)) {
  236. if (PTR_ERR(dentry) != -EINVAL)
  237. error = nfserrno(PTR_ERR(dentry));
  238. goto out;
  239. }
  240. if (d_is_dir(dentry) &&
  241. (dentry->d_flags & DCACHE_DISCONNECTED)) {
  242. printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %pd2\n",
  243. dentry);
  244. }
  245. switch (fhp->fh_maxsize) {
  246. case NFS4_FHSIZE:
  247. if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR)
  248. fhp->fh_no_atomic_attr = true;
  249. fhp->fh_64bit_cookies = true;
  250. break;
  251. case NFS3_FHSIZE:
  252. if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOWCC)
  253. fhp->fh_no_wcc = true;
  254. fhp->fh_64bit_cookies = true;
  255. if (exp->ex_flags & NFSEXP_V4ROOT)
  256. goto out;
  257. break;
  258. case NFS_FHSIZE:
  259. fhp->fh_no_wcc = true;
  260. if (EX_WGATHER(exp))
  261. fhp->fh_use_wgather = true;
  262. if (exp->ex_flags & NFSEXP_V4ROOT)
  263. goto out;
  264. }
  265. fhp->fh_dentry = dentry;
  266. fhp->fh_export = exp;
  267. return 0;
  268. out:
  269. exp_put(exp);
  270. return error;
  271. }
  272. /**
  273. * __fh_verify - filehandle lookup and access checking
  274. * @rqstp: RPC transaction context, or NULL
  275. * @net: net namespace in which to perform the export lookup
  276. * @cred: RPC user credential
  277. * @client: RPC auth domain
  278. * @gssclient: RPC GSS auth domain, or NULL
  279. * @fhp: filehandle to be verified
  280. * @type: expected type of object pointed to by filehandle
  281. * @access: type of access needed to object
  282. *
  283. * See fh_verify() for further descriptions of @fhp, @type, and @access.
  284. */
  285. static __be32
  286. __fh_verify(struct svc_rqst *rqstp,
  287. struct net *net, struct svc_cred *cred,
  288. struct auth_domain *client,
  289. struct auth_domain *gssclient,
  290. struct svc_fh *fhp, umode_t type, int access)
  291. {
  292. struct nfsd_net *nn = net_generic(net, nfsd_net_id);
  293. struct svc_export *exp = NULL;
  294. bool may_bypass_gss = false;
  295. struct dentry *dentry;
  296. __be32 error;
  297. if (!fhp->fh_dentry) {
  298. error = nfsd_set_fh_dentry(rqstp, net, cred, client,
  299. gssclient, fhp);
  300. if (error)
  301. goto out;
  302. }
  303. dentry = fhp->fh_dentry;
  304. exp = fhp->fh_export;
  305. trace_nfsd_fh_verify(rqstp, fhp, type, access);
  306. /*
  307. * We still have to do all these permission checks, even when
  308. * fh_dentry is already set:
  309. * - fh_verify may be called multiple times with different
  310. * "access" arguments (e.g. nfsd_proc_create calls
  311. * fh_verify(...,NFSD_MAY_EXEC) first, then later (in
  312. * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE).
  313. * - in the NFSv4 case, the filehandle may have been filled
  314. * in by fh_compose, and given a dentry, but further
  315. * compound operations performed with that filehandle
  316. * still need permissions checks. In the worst case, a
  317. * mountpoint crossing may have changed the export
  318. * options, and we may now need to use a different uid
  319. * (for example, if different id-squashing options are in
  320. * effect on the new filesystem).
  321. */
  322. error = check_pseudo_root(dentry, exp);
  323. if (error)
  324. goto out;
  325. error = nfsd_setuser_and_check_port(rqstp, cred, exp);
  326. if (error)
  327. goto out;
  328. error = nfsd_mode_check(dentry, type);
  329. if (error)
  330. goto out;
  331. /*
  332. * If rqstp is NULL, this is a LOCALIO request which will only
  333. * ever use a filehandle/credential pair for which access has
  334. * been affirmed (by ACCESS or OPEN NFS requests) over the
  335. * wire. Skip both the xprtsec policy and the security flavor
  336. * checks.
  337. */
  338. if (!rqstp)
  339. goto check_permissions;
  340. if ((access & NFSD_MAY_NLM) && (exp->ex_flags & NFSEXP_NOAUTHNLM))
  341. /* NLM is allowed to fully bypass authentication */
  342. goto out;
  343. /*
  344. * NLM is allowed to bypass the xprtsec policy check because lockd
  345. * doesn't support xprtsec.
  346. */
  347. if (!(access & NFSD_MAY_NLM)) {
  348. error = check_xprtsec_policy(exp, rqstp);
  349. if (error)
  350. goto out;
  351. }
  352. if (access & NFSD_MAY_BYPASS_GSS)
  353. may_bypass_gss = true;
  354. /*
  355. * Clients may expect to be able to use auth_sys during mount,
  356. * even if they use gss for everything else; see section 2.3.2
  357. * of rfc 2623.
  358. */
  359. if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT
  360. && exp->ex_path.dentry == dentry)
  361. may_bypass_gss = true;
  362. error = check_security_flavor(exp, rqstp, may_bypass_gss);
  363. if (error)
  364. goto out;
  365. svc_xprt_set_valid(rqstp->rq_xprt);
  366. check_permissions:
  367. /* Finally, check access permissions. */
  368. error = nfsd_permission(cred, exp, dentry, access);
  369. out:
  370. trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error);
  371. if (error == nfserr_stale)
  372. nfsd_stats_fh_stale_inc(nn, exp);
  373. return error;
  374. }
  375. /**
  376. * fh_verify_local - filehandle lookup and access checking
  377. * @net: net namespace in which to perform the export lookup
  378. * @cred: RPC user credential
  379. * @client: RPC auth domain
  380. * @fhp: filehandle to be verified
  381. * @type: expected type of object pointed to by filehandle
  382. * @access: type of access needed to object
  383. *
  384. * This API can be used by callers who do not have an RPC
  385. * transaction context (ie are not running in an nfsd thread).
  386. *
  387. * See fh_verify() for further descriptions of @fhp, @type, and @access.
  388. */
  389. __be32
  390. fh_verify_local(struct net *net, struct svc_cred *cred,
  391. struct auth_domain *client, struct svc_fh *fhp,
  392. umode_t type, int access)
  393. {
  394. return __fh_verify(NULL, net, cred, client, NULL,
  395. fhp, type, access);
  396. }
  397. /**
  398. * fh_verify - filehandle lookup and access checking
  399. * @rqstp: pointer to current rpc request
  400. * @fhp: filehandle to be verified
  401. * @type: expected type of object pointed to by filehandle
  402. * @access: type of access needed to object
  403. *
  404. * Look up a dentry from the on-the-wire filehandle, check the client's
  405. * access to the export, and set the current task's credentials.
  406. *
  407. * Regardless of success or failure of fh_verify(), fh_put() should be
  408. * called on @fhp when the caller is finished with the filehandle.
  409. *
  410. * fh_verify() may be called multiple times on a given filehandle, for
  411. * example, when processing an NFSv4 compound. The first call will look
  412. * up a dentry using the on-the-wire filehandle. Subsequent calls will
  413. * skip the lookup and just perform the other checks and possibly change
  414. * the current task's credentials.
  415. *
  416. * @type specifies the type of object expected using one of the S_IF*
  417. * constants defined in include/linux/stat.h. The caller may use zero
  418. * to indicate that it doesn't care, or a negative integer to indicate
  419. * that it expects something not of the given type.
  420. *
  421. * @access is formed from the NFSD_MAY_* constants defined in
  422. * fs/nfsd/vfs.h.
  423. */
  424. __be32
  425. fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
  426. {
  427. return __fh_verify(rqstp, SVC_NET(rqstp), &rqstp->rq_cred,
  428. rqstp->rq_client, rqstp->rq_gssclient,
  429. fhp, type, access);
  430. }
  431. /*
  432. * Compose a file handle for an NFS reply.
  433. *
  434. * Note that when first composed, the dentry may not yet have
  435. * an inode. In this case a call to fh_update should be made
  436. * before the fh goes out on the wire ...
  437. */
  438. static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
  439. struct dentry *dentry)
  440. {
  441. if (dentry != exp->ex_path.dentry) {
  442. struct fid *fid = (struct fid *)
  443. (fh_fsid(&fhp->fh_handle) + fhp->fh_handle.fh_size/4 - 1);
  444. int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
  445. int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 :
  446. EXPORT_FH_CONNECTABLE;
  447. int fileid_type =
  448. exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);
  449. fhp->fh_handle.fh_fileid_type =
  450. fileid_type > 0 ? fileid_type : FILEID_INVALID;
  451. fhp->fh_handle.fh_size += maxsize * 4;
  452. } else {
  453. fhp->fh_handle.fh_fileid_type = FILEID_ROOT;
  454. }
  455. }
  456. static bool is_root_export(struct svc_export *exp)
  457. {
  458. return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root;
  459. }
  460. static struct super_block *exp_sb(struct svc_export *exp)
  461. {
  462. return exp->ex_path.dentry->d_sb;
  463. }
  464. static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp)
  465. {
  466. switch (fsid_type) {
  467. case FSID_DEV:
  468. if (!old_valid_dev(exp_sb(exp)->s_dev))
  469. return false;
  470. fallthrough;
  471. case FSID_MAJOR_MINOR:
  472. case FSID_ENCODE_DEV:
  473. return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV;
  474. case FSID_NUM:
  475. return exp->ex_flags & NFSEXP_FSID;
  476. case FSID_UUID8:
  477. case FSID_UUID16:
  478. if (!is_root_export(exp))
  479. return false;
  480. fallthrough;
  481. case FSID_UUID4_INUM:
  482. case FSID_UUID16_INUM:
  483. return exp->ex_uuid != NULL;
  484. }
  485. return true;
  486. }
  487. static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh)
  488. {
  489. u8 version;
  490. u8 fsid_type;
  491. retry:
  492. version = 1;
  493. if (ref_fh && ref_fh->fh_export == exp) {
  494. version = ref_fh->fh_handle.fh_version;
  495. fsid_type = ref_fh->fh_handle.fh_fsid_type;
  496. ref_fh = NULL;
  497. switch (version) {
  498. case 0xca:
  499. fsid_type = FSID_DEV;
  500. break;
  501. case 1:
  502. break;
  503. default:
  504. goto retry;
  505. }
  506. /*
  507. * As the fsid -> filesystem mapping was guided by
  508. * user-space, there is no guarantee that the filesystem
  509. * actually supports that fsid type. If it doesn't we
  510. * loop around again without ref_fh set.
  511. */
  512. if (!fsid_type_ok_for_exp(fsid_type, exp))
  513. goto retry;
  514. } else if (exp->ex_flags & NFSEXP_FSID) {
  515. fsid_type = FSID_NUM;
  516. } else if (exp->ex_uuid) {
  517. if (fhp->fh_maxsize >= 64) {
  518. if (is_root_export(exp))
  519. fsid_type = FSID_UUID16;
  520. else
  521. fsid_type = FSID_UUID16_INUM;
  522. } else {
  523. if (is_root_export(exp))
  524. fsid_type = FSID_UUID8;
  525. else
  526. fsid_type = FSID_UUID4_INUM;
  527. }
  528. } else if (!old_valid_dev(exp_sb(exp)->s_dev))
  529. /* for newer device numbers, we must use a newer fsid format */
  530. fsid_type = FSID_ENCODE_DEV;
  531. else
  532. fsid_type = FSID_DEV;
  533. fhp->fh_handle.fh_version = version;
  534. if (version)
  535. fhp->fh_handle.fh_fsid_type = fsid_type;
  536. }
  537. __be32
  538. fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
  539. struct svc_fh *ref_fh)
  540. {
  541. /* ref_fh is a reference file handle.
  542. * if it is non-null and for the same filesystem, then we should compose
  543. * a filehandle which is of the same version, where possible.
  544. */
  545. struct inode * inode = d_inode(dentry);
  546. dev_t ex_dev = exp_sb(exp)->s_dev;
  547. dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
  548. MAJOR(ex_dev), MINOR(ex_dev),
  549. (long) d_inode(exp->ex_path.dentry)->i_ino,
  550. dentry,
  551. (inode ? inode->i_ino : 0));
  552. /* Choose filehandle version and fsid type based on
  553. * the reference filehandle (if it is in the same export)
  554. * or the export options.
  555. */
  556. set_version_and_fsid_type(fhp, exp, ref_fh);
  557. /* If we have a ref_fh, then copy the fh_no_wcc setting from it. */
  558. fhp->fh_no_wcc = ref_fh ? ref_fh->fh_no_wcc : false;
  559. if (ref_fh == fhp)
  560. fh_put(ref_fh);
  561. if (fhp->fh_dentry) {
  562. printk(KERN_ERR "fh_compose: fh %pd2 not initialized!\n",
  563. dentry);
  564. }
  565. if (fhp->fh_maxsize < NFS_FHSIZE)
  566. printk(KERN_ERR "fh_compose: called with maxsize %d! %pd2\n",
  567. fhp->fh_maxsize,
  568. dentry);
  569. fhp->fh_dentry = dget(dentry); /* our internal copy */
  570. fhp->fh_export = exp_get(exp);
  571. fhp->fh_handle.fh_size =
  572. key_len(fhp->fh_handle.fh_fsid_type) + 4;
  573. fhp->fh_handle.fh_auth_type = 0;
  574. mk_fsid(fhp->fh_handle.fh_fsid_type,
  575. fh_fsid(&fhp->fh_handle),
  576. ex_dev,
  577. d_inode(exp->ex_path.dentry)->i_ino,
  578. exp->ex_fsid, exp->ex_uuid);
  579. if (inode)
  580. _fh_update(fhp, exp, dentry);
  581. if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {
  582. fh_put(fhp);
  583. return nfserr_stale;
  584. }
  585. return 0;
  586. }
  587. /*
  588. * Update file handle information after changing a dentry.
  589. * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create
  590. */
  591. __be32
  592. fh_update(struct svc_fh *fhp)
  593. {
  594. struct dentry *dentry;
  595. if (!fhp->fh_dentry)
  596. goto out_bad;
  597. dentry = fhp->fh_dentry;
  598. if (d_really_is_negative(dentry))
  599. goto out_negative;
  600. if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT)
  601. return 0;
  602. _fh_update(fhp, fhp->fh_export, dentry);
  603. if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID)
  604. return nfserr_stale;
  605. return 0;
  606. out_bad:
  607. printk(KERN_ERR "fh_update: fh not verified!\n");
  608. return nfserr_serverfault;
  609. out_negative:
  610. printk(KERN_ERR "fh_update: %pd2 still negative!\n",
  611. dentry);
  612. return nfserr_serverfault;
  613. }
  614. /**
  615. * fh_getattr - Retrieve attributes on a local file
  616. * @fhp: File handle of target file
  617. * @stat: Caller-supplied kstat buffer to be filled in
  618. *
  619. * Returns nfs_ok on success, otherwise an NFS status code is
  620. * returned.
  621. */
  622. __be32 fh_getattr(const struct svc_fh *fhp, struct kstat *stat)
  623. {
  624. struct path p = {
  625. .mnt = fhp->fh_export->ex_path.mnt,
  626. .dentry = fhp->fh_dentry,
  627. };
  628. struct inode *inode = d_inode(p.dentry);
  629. u32 request_mask = STATX_BASIC_STATS;
  630. if (S_ISREG(inode->i_mode))
  631. request_mask |= (STATX_DIOALIGN | STATX_DIO_READ_ALIGN);
  632. if (fhp->fh_maxsize == NFS4_FHSIZE)
  633. request_mask |= (STATX_BTIME | STATX_CHANGE_COOKIE);
  634. return nfserrno(vfs_getattr(&p, stat, request_mask,
  635. AT_STATX_SYNC_AS_STAT));
  636. }
  637. /**
  638. * fh_fill_pre_attrs - Fill in pre-op attributes
  639. * @fhp: file handle to be updated
  640. *
  641. */
  642. __be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp)
  643. {
  644. bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
  645. struct kstat stat;
  646. __be32 err;
  647. if (fhp->fh_no_wcc || fhp->fh_pre_saved)
  648. return nfs_ok;
  649. err = fh_getattr(fhp, &stat);
  650. if (err)
  651. return err;
  652. if (v4)
  653. fhp->fh_pre_change = nfsd4_change_attribute(&stat);
  654. fhp->fh_pre_mtime = stat.mtime;
  655. fhp->fh_pre_ctime = stat.ctime;
  656. fhp->fh_pre_size = stat.size;
  657. fhp->fh_pre_saved = true;
  658. return nfs_ok;
  659. }
  660. /**
  661. * fh_fill_post_attrs - Fill in post-op attributes
  662. * @fhp: file handle to be updated
  663. *
  664. */
  665. __be32 fh_fill_post_attrs(struct svc_fh *fhp)
  666. {
  667. bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
  668. __be32 err;
  669. if (fhp->fh_no_wcc)
  670. return nfs_ok;
  671. if (fhp->fh_post_saved)
  672. printk("nfsd: inode locked twice during operation.\n");
  673. err = fh_getattr(fhp, &fhp->fh_post_attr);
  674. if (err)
  675. return err;
  676. fhp->fh_post_saved = true;
  677. if (v4)
  678. fhp->fh_post_change =
  679. nfsd4_change_attribute(&fhp->fh_post_attr);
  680. return nfs_ok;
  681. }
  682. /**
  683. * fh_fill_both_attrs - Fill pre-op and post-op attributes
  684. * @fhp: file handle to be updated
  685. *
  686. * This is used when the directory wasn't changed, but wcc attributes
  687. * are needed anyway.
  688. */
  689. __be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp)
  690. {
  691. __be32 err;
  692. err = fh_fill_post_attrs(fhp);
  693. if (err)
  694. return err;
  695. fhp->fh_pre_change = fhp->fh_post_change;
  696. fhp->fh_pre_mtime = fhp->fh_post_attr.mtime;
  697. fhp->fh_pre_ctime = fhp->fh_post_attr.ctime;
  698. fhp->fh_pre_size = fhp->fh_post_attr.size;
  699. fhp->fh_pre_saved = true;
  700. return nfs_ok;
  701. }
  702. /*
  703. * Release a file handle.
  704. */
  705. void
  706. fh_put(struct svc_fh *fhp)
  707. {
  708. struct dentry * dentry = fhp->fh_dentry;
  709. struct svc_export * exp = fhp->fh_export;
  710. if (dentry) {
  711. fhp->fh_dentry = NULL;
  712. dput(dentry);
  713. fh_clear_pre_post_attrs(fhp);
  714. }
  715. fh_drop_write(fhp);
  716. if (exp) {
  717. exp_put(exp);
  718. fhp->fh_export = NULL;
  719. }
  720. fhp->fh_no_wcc = false;
  721. return;
  722. }
  723. /*
  724. * Shorthand for dprintk()'s
  725. */
  726. char * SVCFH_fmt(struct svc_fh *fhp)
  727. {
  728. struct knfsd_fh *fh = &fhp->fh_handle;
  729. static char buf[2+1+1+64*3+1];
  730. if (fh->fh_size > 64)
  731. return "bad-fh";
  732. sprintf(buf, "%d: %*ph", fh->fh_size, fh->fh_size, fh->fh_raw);
  733. return buf;
  734. }
  735. enum fsid_source fsid_source(const struct svc_fh *fhp)
  736. {
  737. if (fhp->fh_handle.fh_version != 1)
  738. return FSIDSOURCE_DEV;
  739. switch(fhp->fh_handle.fh_fsid_type) {
  740. case FSID_DEV:
  741. case FSID_ENCODE_DEV:
  742. case FSID_MAJOR_MINOR:
  743. if (exp_sb(fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV)
  744. return FSIDSOURCE_DEV;
  745. break;
  746. case FSID_NUM:
  747. if (fhp->fh_export->ex_flags & NFSEXP_FSID)
  748. return FSIDSOURCE_FSID;
  749. break;
  750. default:
  751. break;
  752. }
  753. /* either a UUID type filehandle, or the filehandle doesn't
  754. * match the export.
  755. */
  756. if (fhp->fh_export->ex_flags & NFSEXP_FSID)
  757. return FSIDSOURCE_FSID;
  758. if (fhp->fh_export->ex_uuid)
  759. return FSIDSOURCE_UUID;
  760. return FSIDSOURCE_DEV;
  761. }
  762. /**
  763. * nfsd4_change_attribute - Generate an NFSv4 change_attribute value
  764. * @stat: inode attributes
  765. *
  766. * Caller must fill in @stat before calling, typically by invoking
  767. * vfs_getattr() with STATX_MODE, STATX_CTIME, and STATX_CHANGE_COOKIE.
  768. * Returns an unsigned 64-bit changeid4 value (RFC 8881 Section 3.2).
  769. *
  770. * We could use i_version alone as the change attribute. However, i_version
  771. * can go backwards on a regular file after an unclean shutdown. On its own
  772. * that doesn't necessarily cause a problem, but if i_version goes backwards
  773. * and then is incremented again it could reuse a value that was previously
  774. * used before boot, and a client who queried the two values might incorrectly
  775. * assume nothing changed.
  776. *
  777. * By using both ctime and the i_version counter we guarantee that as long as
  778. * time doesn't go backwards we never reuse an old value. If the filesystem
  779. * advertises STATX_ATTR_CHANGE_MONOTONIC, then this mitigation is not
  780. * needed.
  781. *
  782. * We only need to do this for regular files as well. For directories, we
  783. * assume that the new change attr is always logged to stable storage in some
  784. * fashion before the results can be seen.
  785. */
  786. u64 nfsd4_change_attribute(const struct kstat *stat)
  787. {
  788. u64 chattr;
  789. if (stat->result_mask & STATX_CHANGE_COOKIE) {
  790. chattr = stat->change_cookie;
  791. if (S_ISREG(stat->mode) &&
  792. !(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) {
  793. chattr += (u64)stat->ctime.tv_sec << 30;
  794. chattr += stat->ctime.tv_nsec;
  795. }
  796. } else {
  797. chattr = time_to_chattr(&stat->ctime);
  798. }
  799. return chattr;
  800. }