LXR linux/fs/nfsd/nfs4xdr.c

   1/*
   2 *  Server-side XDR for NFSv4
   3 *
   4 *  Copyright (c) 2002 The Regents of the University of Michigan.
   5 *  All rights reserved.
   6 *
   7 *  Kendrick Smith <kmsmith@umich.edu>
   8 *  Andy Adamson   <andros@umich.edu>
   9 *
  10 *  Redistribution and use in source and binary forms, with or without
  11 *  modification, are permitted provided that the following conditions
  12 *  are met:
  13 *
  14 *  1. Redistributions of source code must retain the above copyright
  15 *     notice, this list of conditions and the following disclaimer.
  16 *  2. Redistributions in binary form must reproduce the above copyright
  17 *     notice, this list of conditions and the following disclaimer in the
  18 *     documentation and/or other materials provided with the distribution.
  19 *  3. Neither the name of the University nor the names of its
  20 *     contributors may be used to endorse or promote products derived
  21 *     from this software without specific prior written permission.
  22 *
  23 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  24 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  27 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  28 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  29 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  30 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  31 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  32 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  33 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  34 */
  35
  36#include <linux/file.h>
  37#include <linux/slab.h>
  38#include <linux/namei.h>
  39#include <linux/statfs.h>
  40#include <linux/utsname.h>
  41#include <linux/pagemap.h>
  42#include <linux/sunrpc/svcauth_gss.h>
  43#include <linux/xattr.h>
  44#include <uapi/linux/xattr.h>
  45
  46#include "idmap.h"
  47#include "acl.h"
  48#include "xdr4.h"
  49#include "vfs.h"
  50#include "state.h"
  51#include "cache.h"
  52#include "netns.h"
  53#include "pnfs.h"
  54
  55#include "trace.h"
  56
  57#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
  58#include <linux/security.h>
  59#endif
  60
  61
  62#define NFSDDBG_FACILITY                NFSDDBG_XDR
  63
  64const u32 nfsd_suppattrs[3][3] = {
  65        {NFSD4_SUPPORTED_ATTRS_WORD0,
  66         NFSD4_SUPPORTED_ATTRS_WORD1,
  67         NFSD4_SUPPORTED_ATTRS_WORD2},
  68
  69        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
  70         NFSD4_1_SUPPORTED_ATTRS_WORD1,
  71         NFSD4_1_SUPPORTED_ATTRS_WORD2},
  72
  73        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
  74         NFSD4_1_SUPPORTED_ATTRS_WORD1,
  75         NFSD4_2_SUPPORTED_ATTRS_WORD2},
  76};
  77
  78/*
  79 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
  80 * directory in order to indicate to the client that a filesystem boundary is present
  81 * We use a fixed fsid for a referral
  82 */
  83#define NFS4_REFERRAL_FSID_MAJOR        0x8000000ULL
  84#define NFS4_REFERRAL_FSID_MINOR        0x8000000ULL
  85
  86static __be32
  87check_filename(char *str, int len)
  88{
  89        int i;
  90
  91        if (len == 0)
  92                return nfserr_inval;
  93        if (isdotent(str, len))
  94                return nfserr_badname;
  95        for (i = 0; i < len; i++)
  96                if (str[i] == '/')
  97                        return nfserr_badname;
  98        return 0;
  99}
 100
 101#define DECODE_HEAD                             \
 102        __be32 *p;                              \
 103        __be32 status
 104#define DECODE_TAIL                             \
 105        status = 0;                             \
 106out:                                            \
 107        return status;                          \
 108xdr_error:                                      \
 109        dprintk("NFSD: xdr error (%s:%d)\n",    \
 110                        __FILE__, __LINE__);    \
 111        status = nfserr_bad_xdr;                \
 112        goto out
 113
 114#define READMEM(x,nbytes) do {                  \
 115        x = (char *)p;                          \
 116        p += XDR_QUADLEN(nbytes);               \
 117} while (0)
 118#define SAVEMEM(x,nbytes) do {                  \
 119        if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
 120                savemem(argp, p, nbytes) :      \
 121                (char *)p)) {                   \
 122                dprintk("NFSD: xdr error (%s:%d)\n", \
 123                                __FILE__, __LINE__); \
 124                goto xdr_error;                 \
 125                }                               \
 126        p += XDR_QUADLEN(nbytes);               \
 127} while (0)
 128#define COPYMEM(x,nbytes) do {                  \
 129        memcpy((x), p, nbytes);                 \
 130        p += XDR_QUADLEN(nbytes);               \
 131} while (0)
 132
 133/* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
 134#define READ_BUF(nbytes)  do {                  \
 135        if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {     \
 136                p = argp->p;                    \
 137                argp->p += XDR_QUADLEN(nbytes); \
 138        } else if (!(p = read_buf(argp, nbytes))) { \
 139                dprintk("NFSD: xdr error (%s:%d)\n", \
 140                                __FILE__, __LINE__); \
 141                goto xdr_error;                 \
 142        }                                       \
 143} while (0)
 144
 145static void next_decode_page(struct nfsd4_compoundargs *argp)
 146{
 147        argp->p = page_address(argp->pagelist[0]);
 148        argp->pagelist++;
 149        if (argp->pagelen < PAGE_SIZE) {
 150                argp->end = argp->p + XDR_QUADLEN(argp->pagelen);
 151                argp->pagelen = 0;
 152        } else {
 153                argp->end = argp->p + (PAGE_SIZE>>2);
 154                argp->pagelen -= PAGE_SIZE;
 155        }
 156}
 157
 158static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
 159{
 160        /* We want more bytes than seem to be available.
 161         * Maybe we need a new page, maybe we have just run out
 162         */
 163        unsigned int avail = (char *)argp->end - (char *)argp->p;
 164        __be32 *p;
 165
 166        if (argp->pagelen == 0) {
 167                struct kvec *vec = &argp->rqstp->rq_arg.tail[0];
 168
 169                if (!argp->tail) {
 170                        argp->tail = true;
 171                        avail = vec->iov_len;
 172                        argp->p = vec->iov_base;
 173                        argp->end = vec->iov_base + avail;
 174                }
 175
 176                if (avail < nbytes)
 177                        return NULL;
 178
 179                p = argp->p;
 180                argp->p += XDR_QUADLEN(nbytes);
 181                return p;
 182        }
 183
 184        if (avail + argp->pagelen < nbytes)
 185                return NULL;
 186        if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
 187                return NULL;
 188        /* ok, we can do it with the current plus the next page */
 189        if (nbytes <= sizeof(argp->tmp))
 190                p = argp->tmp;
 191        else {
 192                kfree(argp->tmpp);
 193                p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
 194                if (!p)
 195                        return NULL;
 196                
 197        }
 198        /*
 199         * The following memcpy is safe because read_buf is always
 200         * called with nbytes > avail, and the two cases above both
 201         * guarantee p points to at least nbytes bytes.
 202         */
 203        memcpy(p, argp->p, avail);
 204        next_decode_page(argp);
 205        memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
 206        argp->p += XDR_QUADLEN(nbytes - avail);
 207        return p;
 208}
 209
 210static unsigned int compoundargs_bytes_left(struct nfsd4_compoundargs *argp)
 211{
 212        unsigned int this = (char *)argp->end - (char *)argp->p;
 213
 214        return this + argp->pagelen;
 215}
 216
 217static int zero_clientid(clientid_t *clid)
 218{
 219        return (clid->cl_boot == 0) && (clid->cl_id == 0);
 220}
 221
 222/**
 223 * svcxdr_tmpalloc - allocate memory to be freed after compound processing
 224 * @argp: NFSv4 compound argument structure
 225 * @len: length of buffer to allocate
 226 *
 227 * Allocates a buffer of size @len to be freed when processing the compound
 228 * operation described in @argp finishes.
 229 */
 230static void *
 231svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
 232{
 233        struct svcxdr_tmpbuf *tb;
 234
 235        tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL);
 236        if (!tb)
 237                return NULL;
 238        tb->next = argp->to_free;
 239        argp->to_free = tb;
 240        return tb->buf;
 241}
 242
 243/*
 244 * For xdr strings that need to be passed to other kernel api's
 245 * as null-terminated strings.
 246 *
 247 * Note null-terminating in place usually isn't safe since the
 248 * buffer might end on a page boundary.
 249 */
 250static char *
 251svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len)
 252{
 253        char *p = svcxdr_tmpalloc(argp, len + 1);
 254
 255        if (!p)
 256                return NULL;
 257        memcpy(p, buf, len);
 258        p[len] = '\0';
 259        return p;
 260}
 261
 262static __be32
 263svcxdr_construct_vector(struct nfsd4_compoundargs *argp, struct kvec *head,
 264                        struct page ***pagelist, u32 buflen)
 265{
 266        int avail;
 267        int len;
 268        int pages;
 269
 270        /* Sorry .. no magic macros for this.. *
 271         * READ_BUF(write->wr_buflen);
 272         * SAVEMEM(write->wr_buf, write->wr_buflen);
 273         */
 274        avail = (char *)argp->end - (char *)argp->p;
 275        if (avail + argp->pagelen < buflen) {
 276                dprintk("NFSD: xdr error (%s:%d)\n",
 277                               __FILE__, __LINE__);
 278                return nfserr_bad_xdr;
 279        }
 280        head->iov_base = argp->p;
 281        head->iov_len = avail;
 282        *pagelist = argp->pagelist;
 283
 284        len = XDR_QUADLEN(buflen) << 2;
 285        if (len >= avail) {
 286                len -= avail;
 287
 288                pages = len >> PAGE_SHIFT;
 289                argp->pagelist += pages;
 290                argp->pagelen -= pages * PAGE_SIZE;
 291                len -= pages * PAGE_SIZE;
 292
 293                next_decode_page(argp);
 294        }
 295        argp->p += XDR_QUADLEN(len);
 296
 297        return 0;
 298}
 299
 300/**
 301 * savemem - duplicate a chunk of memory for later processing
 302 * @argp: NFSv4 compound argument structure to be freed with
 303 * @p: pointer to be duplicated
 304 * @nbytes: length to be duplicated
 305 *
 306 * Returns a pointer to a copy of @nbytes bytes of memory at @p
 307 * that are preserved until processing of the NFSv4 compound
 308 * operation described by @argp finishes.
 309 */
 310static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
 311{
 312        void *ret;
 313
 314        ret = svcxdr_tmpalloc(argp, nbytes);
 315        if (!ret)
 316                return NULL;
 317        memcpy(ret, p, nbytes);
 318        return ret;
 319}
 320
 321static __be32
 322nfsd4_decode_time(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
 323{
 324        DECODE_HEAD;
 325
 326        READ_BUF(12);
 327        p = xdr_decode_hyper(p, &tv->tv_sec);
 328        tv->tv_nsec = be32_to_cpup(p++);
 329        if (tv->tv_nsec >= (u32)1000000000)
 330                return nfserr_inval;
 331
 332        DECODE_TAIL;
 333}
 334
 335static __be32
 336nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
 337{
 338        u32 bmlen;
 339        DECODE_HEAD;
 340
 341        bmval[0] = 0;
 342        bmval[1] = 0;
 343        bmval[2] = 0;
 344
 345        READ_BUF(4);
 346        bmlen = be32_to_cpup(p++);
 347        if (bmlen > 1000)
 348                goto xdr_error;
 349
 350        READ_BUF(bmlen << 2);
 351        if (bmlen > 0)
 352                bmval[0] = be32_to_cpup(p++);
 353        if (bmlen > 1)
 354                bmval[1] = be32_to_cpup(p++);
 355        if (bmlen > 2)
 356                bmval[2] = be32_to_cpup(p++);
 357
 358        DECODE_TAIL;
 359}
 360
 361static __be32
 362nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 363                   struct iattr *iattr, struct nfs4_acl **acl,
 364                   struct xdr_netobj *label, int *umask)
 365{
 366        int expected_len, len = 0;
 367        u32 dummy32;
 368        char *buf;
 369
 370        DECODE_HEAD;
 371        iattr->ia_valid = 0;
 372        if ((status = nfsd4_decode_bitmap(argp, bmval)))
 373                return status;
 374
 375        if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
 376            || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
 377            || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2) {
 378                if (nfsd_attrs_supported(argp->minorversion, bmval))
 379                        return nfserr_inval;
 380                return nfserr_attrnotsupp;
 381        }
 382
 383        READ_BUF(4);
 384        expected_len = be32_to_cpup(p++);
 385
 386        if (bmval[0] & FATTR4_WORD0_SIZE) {
 387                READ_BUF(8);
 388                len += 8;
 389                p = xdr_decode_hyper(p, &iattr->ia_size);
 390                iattr->ia_valid |= ATTR_SIZE;
 391        }
 392        if (bmval[0] & FATTR4_WORD0_ACL) {
 393                u32 nace;
 394                struct nfs4_ace *ace;
 395
 396                READ_BUF(4); len += 4;
 397                nace = be32_to_cpup(p++);
 398
 399                if (nace > compoundargs_bytes_left(argp)/20)
 400                        /*
 401                         * Even with 4-byte names there wouldn't be
 402                         * space for that many aces; something fishy is
 403                         * going on:
 404                         */
 405                        return nfserr_fbig;
 406
 407                *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(nace));
 408                if (*acl == NULL)
 409                        return nfserr_jukebox;
 410
 411                (*acl)->naces = nace;
 412                for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
 413                        READ_BUF(16); len += 16;
 414                        ace->type = be32_to_cpup(p++);
 415                        ace->flag = be32_to_cpup(p++);
 416                        ace->access_mask = be32_to_cpup(p++);
 417                        dummy32 = be32_to_cpup(p++);
 418                        READ_BUF(dummy32);
 419                        len += XDR_QUADLEN(dummy32) << 2;
 420                        READMEM(buf, dummy32);
 421                        ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
 422                        status = nfs_ok;
 423                        if (ace->whotype != NFS4_ACL_WHO_NAMED)
 424                                ;
 425                        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
 426                                status = nfsd_map_name_to_gid(argp->rqstp,
 427                                                buf, dummy32, &ace->who_gid);
 428                        else
 429                                status = nfsd_map_name_to_uid(argp->rqstp,
 430                                                buf, dummy32, &ace->who_uid);
 431                        if (status)
 432                                return status;
 433                }
 434        } else
 435                *acl = NULL;
 436        if (bmval[1] & FATTR4_WORD1_MODE) {
 437                READ_BUF(4);
 438                len += 4;
 439                iattr->ia_mode = be32_to_cpup(p++);
 440                iattr->ia_mode &= (S_IFMT | S_IALLUGO);
 441                iattr->ia_valid |= ATTR_MODE;
 442        }
 443        if (bmval[1] & FATTR4_WORD1_OWNER) {
 444                READ_BUF(4);
 445                len += 4;
 446                dummy32 = be32_to_cpup(p++);
 447                READ_BUF(dummy32);
 448                len += (XDR_QUADLEN(dummy32) << 2);
 449                READMEM(buf, dummy32);
 450                if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
 451                        return status;
 452                iattr->ia_valid |= ATTR_UID;
 453        }
 454        if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
 455                READ_BUF(4);
 456                len += 4;
 457                dummy32 = be32_to_cpup(p++);
 458                READ_BUF(dummy32);
 459                len += (XDR_QUADLEN(dummy32) << 2);
 460                READMEM(buf, dummy32);
 461                if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
 462                        return status;
 463                iattr->ia_valid |= ATTR_GID;
 464        }
 465        if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
 466                READ_BUF(4);
 467                len += 4;
 468                dummy32 = be32_to_cpup(p++);
 469                switch (dummy32) {
 470                case NFS4_SET_TO_CLIENT_TIME:
 471                        len += 12;
 472                        status = nfsd4_decode_time(argp, &iattr->ia_atime);
 473                        if (status)
 474                                return status;
 475                        iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
 476                        break;
 477                case NFS4_SET_TO_SERVER_TIME:
 478                        iattr->ia_valid |= ATTR_ATIME;
 479                        break;
 480                default:
 481                        goto xdr_error;
 482                }
 483        }
 484        if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
 485                READ_BUF(4);
 486                len += 4;
 487                dummy32 = be32_to_cpup(p++);
 488                switch (dummy32) {
 489                case NFS4_SET_TO_CLIENT_TIME:
 490                        len += 12;
 491                        status = nfsd4_decode_time(argp, &iattr->ia_mtime);
 492                        if (status)
 493                                return status;
 494                        iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
 495                        break;
 496                case NFS4_SET_TO_SERVER_TIME:
 497                        iattr->ia_valid |= ATTR_MTIME;
 498                        break;
 499                default:
 500                        goto xdr_error;
 501                }
 502        }
 503
 504        label->len = 0;
 505        if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) &&
 506            bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
 507                READ_BUF(4);
 508                len += 4;
 509                dummy32 = be32_to_cpup(p++); /* lfs: we don't use it */
 510                READ_BUF(4);
 511                len += 4;
 512                dummy32 = be32_to_cpup(p++); /* pi: we don't use it either */
 513                READ_BUF(4);
 514                len += 4;
 515                dummy32 = be32_to_cpup(p++);
 516                READ_BUF(dummy32);
 517                if (dummy32 > NFS4_MAXLABELLEN)
 518                        return nfserr_badlabel;
 519                len += (XDR_QUADLEN(dummy32) << 2);
 520                READMEM(buf, dummy32);
 521                label->len = dummy32;
 522                label->data = svcxdr_dupstr(argp, buf, dummy32);
 523                if (!label->data)
 524                        return nfserr_jukebox;
 525        }
 526        if (bmval[2] & FATTR4_WORD2_MODE_UMASK) {
 527                if (!umask)
 528                        goto xdr_error;
 529                READ_BUF(8);
 530                len += 8;
 531                dummy32 = be32_to_cpup(p++);
 532                iattr->ia_mode = dummy32 & (S_IFMT | S_IALLUGO);
 533                dummy32 = be32_to_cpup(p++);
 534                *umask = dummy32 & S_IRWXUGO;
 535                iattr->ia_valid |= ATTR_MODE;
 536        }
 537        if (len != expected_len)
 538                goto xdr_error;
 539
 540        DECODE_TAIL;
 541}
 542
 543static __be32
 544nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
 545{
 546        DECODE_HEAD;
 547
 548        READ_BUF(sizeof(stateid_t));
 549        sid->si_generation = be32_to_cpup(p++);
 550        COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
 551
 552        DECODE_TAIL;
 553}
 554
 555static __be32
 556nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
 557{
 558        DECODE_HEAD;
 559
 560        READ_BUF(4);
 561        access->ac_req_access = be32_to_cpup(p++);
 562
 563        DECODE_TAIL;
 564}
 565
 566static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
 567{
 568        DECODE_HEAD;
 569        struct user_namespace *userns = nfsd_user_namespace(argp->rqstp);
 570        u32 dummy, uid, gid;
 571        char *machine_name;
 572        int i;
 573        int nr_secflavs;
 574
 575        /* callback_sec_params4 */
 576        READ_BUF(4);
 577        nr_secflavs = be32_to_cpup(p++);
 578        if (nr_secflavs)
 579                cbs->flavor = (u32)(-1);
 580        else
 581                /* Is this legal? Be generous, take it to mean AUTH_NONE: */
 582                cbs->flavor = 0;
 583        for (i = 0; i < nr_secflavs; ++i) {
 584                READ_BUF(4);
 585                dummy = be32_to_cpup(p++);
 586                switch (dummy) {
 587                case RPC_AUTH_NULL:
 588                        /* Nothing to read */
 589                        if (cbs->flavor == (u32)(-1))
 590                                cbs->flavor = RPC_AUTH_NULL;
 591                        break;
 592                case RPC_AUTH_UNIX:
 593                        READ_BUF(8);
 594                        /* stamp */
 595                        dummy = be32_to_cpup(p++);
 596
 597                        /* machine name */
 598                        dummy = be32_to_cpup(p++);
 599                        READ_BUF(dummy);
 600                        SAVEMEM(machine_name, dummy);
 601
 602                        /* uid, gid */
 603                        READ_BUF(8);
 604                        uid = be32_to_cpup(p++);
 605                        gid = be32_to_cpup(p++);
 606
 607                        /* more gids */
 608                        READ_BUF(4);
 609                        dummy = be32_to_cpup(p++);
 610                        READ_BUF(dummy * 4);
 611                        if (cbs->flavor == (u32)(-1)) {
 612                                kuid_t kuid = make_kuid(userns, uid);
 613                                kgid_t kgid = make_kgid(userns, gid);
 614                                if (uid_valid(kuid) && gid_valid(kgid)) {
 615                                        cbs->uid = kuid;
 616                                        cbs->gid = kgid;
 617                                        cbs->flavor = RPC_AUTH_UNIX;
 618                                } else {
 619                                        dprintk("RPC_AUTH_UNIX with invalid"
 620                                                "uid or gid ignoring!\n");
 621                                }
 622                        }
 623                        break;
 624                case RPC_AUTH_GSS:
 625                        dprintk("RPC_AUTH_GSS callback secflavor "
 626                                "not supported!\n");
 627                        READ_BUF(8);
 628                        /* gcbp_service */
 629                        dummy = be32_to_cpup(p++);
 630                        /* gcbp_handle_from_server */
 631                        dummy = be32_to_cpup(p++);
 632                        READ_BUF(dummy);
 633                        p += XDR_QUADLEN(dummy);
 634                        /* gcbp_handle_from_client */
 635                        READ_BUF(4);
 636                        dummy = be32_to_cpup(p++);
 637                        READ_BUF(dummy);
 638                        break;
 639                default:
 640                        dprintk("Illegal callback secflavor\n");
 641                        return nfserr_inval;
 642                }
 643        }
 644        DECODE_TAIL;
 645}
 646
 647static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
 648{
 649        DECODE_HEAD;
 650
 651        READ_BUF(4);
 652        bc->bc_cb_program = be32_to_cpup(p++);
 653        nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
 654
 655        DECODE_TAIL;
 656}
 657
 658static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
 659{
 660        DECODE_HEAD;
 661
 662        READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
 663        COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
 664        bcts->dir = be32_to_cpup(p++);
 665        /* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
 666         * could help us figure out we should be using it. */
 667        DECODE_TAIL;
 668}
 669
 670static __be32
 671nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
 672{
 673        DECODE_HEAD;
 674
 675        READ_BUF(4);
 676        close->cl_seqid = be32_to_cpup(p++);
 677        return nfsd4_decode_stateid(argp, &close->cl_stateid);
 678
 679        DECODE_TAIL;
 680}
 681
 682
 683static __be32
 684nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
 685{
 686        DECODE_HEAD;
 687
 688        READ_BUF(12);
 689        p = xdr_decode_hyper(p, &commit->co_offset);
 690        commit->co_count = be32_to_cpup(p++);
 691
 692        DECODE_TAIL;
 693}
 694
 695static __be32
 696nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
 697{
 698        DECODE_HEAD;
 699
 700        READ_BUF(4);
 701        create->cr_type = be32_to_cpup(p++);
 702        switch (create->cr_type) {
 703        case NF4LNK:
 704                READ_BUF(4);
 705                create->cr_datalen = be32_to_cpup(p++);
 706                READ_BUF(create->cr_datalen);
 707                create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
 708                if (!create->cr_data)
 709                        return nfserr_jukebox;
 710                break;
 711        case NF4BLK:
 712        case NF4CHR:
 713                READ_BUF(8);
 714                create->cr_specdata1 = be32_to_cpup(p++);
 715                create->cr_specdata2 = be32_to_cpup(p++);
 716                break;
 717        case NF4SOCK:
 718        case NF4FIFO:
 719        case NF4DIR:
 720        default:
 721                break;
 722        }
 723
 724        READ_BUF(4);
 725        create->cr_namelen = be32_to_cpup(p++);
 726        READ_BUF(create->cr_namelen);
 727        SAVEMEM(create->cr_name, create->cr_namelen);
 728        if ((status = check_filename(create->cr_name, create->cr_namelen)))
 729                return status;
 730
 731        status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
 732                                    &create->cr_acl, &create->cr_label,
 733                                    &create->cr_umask);
 734        if (status)
 735                goto out;
 736
 737        DECODE_TAIL;
 738}
 739
 740static inline __be32
 741nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
 742{
 743        return nfsd4_decode_stateid(argp, &dr->dr_stateid);
 744}
 745
 746static inline __be32
 747nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
 748{
 749        return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
 750}
 751
 752static __be32
 753nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
 754{
 755        DECODE_HEAD;
 756
 757        READ_BUF(4);
 758        link->li_namelen = be32_to_cpup(p++);
 759        READ_BUF(link->li_namelen);
 760        SAVEMEM(link->li_name, link->li_namelen);
 761        if ((status = check_filename(link->li_name, link->li_namelen)))
 762                return status;
 763
 764        DECODE_TAIL;
 765}
 766
 767static __be32
 768nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
 769{
 770        DECODE_HEAD;
 771
 772        /*
 773        * type, reclaim(boolean), offset, length, new_lock_owner(boolean)
 774        */
 775        READ_BUF(28);
 776        lock->lk_type = be32_to_cpup(p++);
 777        if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
 778                goto xdr_error;
 779        lock->lk_reclaim = be32_to_cpup(p++);
 780        p = xdr_decode_hyper(p, &lock->lk_offset);
 781        p = xdr_decode_hyper(p, &lock->lk_length);
 782        lock->lk_is_new = be32_to_cpup(p++);
 783
 784        if (lock->lk_is_new) {
 785                READ_BUF(4);
 786                lock->lk_new_open_seqid = be32_to_cpup(p++);
 787                status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
 788                if (status)
 789                        return status;
 790                READ_BUF(8 + sizeof(clientid_t));
 791                lock->lk_new_lock_seqid = be32_to_cpup(p++);
 792                COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
 793                lock->lk_new_owner.len = be32_to_cpup(p++);
 794                READ_BUF(lock->lk_new_owner.len);
 795                READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
 796        } else {
 797                status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
 798                if (status)
 799                        return status;
 800                READ_BUF(4);
 801                lock->lk_old_lock_seqid = be32_to_cpup(p++);
 802        }
 803
 804        DECODE_TAIL;
 805}
 806
 807static __be32
 808nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
 809{
 810        DECODE_HEAD;
 811                        
 812        READ_BUF(32);
 813        lockt->lt_type = be32_to_cpup(p++);
 814        if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
 815                goto xdr_error;
 816        p = xdr_decode_hyper(p, &lockt->lt_offset);
 817        p = xdr_decode_hyper(p, &lockt->lt_length);
 818        COPYMEM(&lockt->lt_clientid, 8);
 819        lockt->lt_owner.len = be32_to_cpup(p++);
 820        READ_BUF(lockt->lt_owner.len);
 821        READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
 822
 823        DECODE_TAIL;
 824}
 825
 826static __be32
 827nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
 828{
 829        DECODE_HEAD;
 830
 831        READ_BUF(8);
 832        locku->lu_type = be32_to_cpup(p++);
 833        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
 834                goto xdr_error;
 835        locku->lu_seqid = be32_to_cpup(p++);
 836        status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
 837        if (status)
 838                return status;
 839        READ_BUF(16);
 840        p = xdr_decode_hyper(p, &locku->lu_offset);
 841        p = xdr_decode_hyper(p, &locku->lu_length);
 842
 843        DECODE_TAIL;
 844}
 845
 846static __be32
 847nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
 848{
 849        DECODE_HEAD;
 850
 851        READ_BUF(4);
 852        lookup->lo_len = be32_to_cpup(p++);
 853        READ_BUF(lookup->lo_len);
 854        SAVEMEM(lookup->lo_name, lookup->lo_len);
 855        if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
 856                return status;
 857
 858        DECODE_TAIL;
 859}
 860
 861static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
 862{
 863        __be32 *p;
 864        u32 w;
 865
 866        READ_BUF(4);
 867        w = be32_to_cpup(p++);
 868        *share_access = w & NFS4_SHARE_ACCESS_MASK;
 869        *deleg_want = w & NFS4_SHARE_WANT_MASK;
 870        if (deleg_when)
 871                *deleg_when = w & NFS4_SHARE_WHEN_MASK;
 872
 873        switch (w & NFS4_SHARE_ACCESS_MASK) {
 874        case NFS4_SHARE_ACCESS_READ:
 875        case NFS4_SHARE_ACCESS_WRITE:
 876        case NFS4_SHARE_ACCESS_BOTH:
 877                break;
 878        default:
 879                return nfserr_bad_xdr;
 880        }
 881        w &= ~NFS4_SHARE_ACCESS_MASK;
 882        if (!w)
 883                return nfs_ok;
 884        if (!argp->minorversion)
 885                return nfserr_bad_xdr;
 886        switch (w & NFS4_SHARE_WANT_MASK) {
 887        case NFS4_SHARE_WANT_NO_PREFERENCE:
 888        case NFS4_SHARE_WANT_READ_DELEG:
 889        case NFS4_SHARE_WANT_WRITE_DELEG:
 890        case NFS4_SHARE_WANT_ANY_DELEG:
 891        case NFS4_SHARE_WANT_NO_DELEG:
 892        case NFS4_SHARE_WANT_CANCEL:
 893                break;
 894        default:
 895                return nfserr_bad_xdr;
 896        }
 897        w &= ~NFS4_SHARE_WANT_MASK;
 898        if (!w)
 899                return nfs_ok;
 900
 901        if (!deleg_when)        /* open_downgrade */
 902                return nfserr_inval;
 903        switch (w) {
 904        case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
 905        case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
 906        case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
 907              NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
 908                return nfs_ok;
 909        }
 910xdr_error:
 911        return nfserr_bad_xdr;
 912}
 913
 914static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
 915{
 916        __be32 *p;
 917
 918        READ_BUF(4);
 919        *x = be32_to_cpup(p++);
 920        /* Note: unlinke access bits, deny bits may be zero. */
 921        if (*x & ~NFS4_SHARE_DENY_BOTH)
 922                return nfserr_bad_xdr;
 923        return nfs_ok;
 924xdr_error:
 925        return nfserr_bad_xdr;
 926}
 927
 928static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
 929{
 930        __be32 *p;
 931
 932        READ_BUF(4);
 933        o->len = be32_to_cpup(p++);
 934
 935        if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
 936                return nfserr_bad_xdr;
 937
 938        READ_BUF(o->len);
 939        SAVEMEM(o->data, o->len);
 940        return nfs_ok;
 941xdr_error:
 942        return nfserr_bad_xdr;
 943}
 944
 945static __be32
 946nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
 947{
 948        DECODE_HEAD;
 949        u32 dummy;
 950
 951        memset(open->op_bmval, 0, sizeof(open->op_bmval));
 952        open->op_iattr.ia_valid = 0;
 953        open->op_openowner = NULL;
 954
 955        open->op_xdr_error = 0;
 956        /* seqid, share_access, share_deny, clientid, ownerlen */
 957        READ_BUF(4);
 958        open->op_seqid = be32_to_cpup(p++);
 959        /* decode, yet ignore deleg_when until supported */
 960        status = nfsd4_decode_share_access(argp, &open->op_share_access,
 961                                           &open->op_deleg_want, &dummy);
 962        if (status)
 963                goto xdr_error;
 964        status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
 965        if (status)
 966                goto xdr_error;
 967        READ_BUF(sizeof(clientid_t));
 968        COPYMEM(&open->op_clientid, sizeof(clientid_t));
 969        status = nfsd4_decode_opaque(argp, &open->op_owner);
 970        if (status)
 971                goto xdr_error;
 972        READ_BUF(4);
 973        open->op_create = be32_to_cpup(p++);
 974        switch (open->op_create) {
 975        case NFS4_OPEN_NOCREATE:
 976                break;
 977        case NFS4_OPEN_CREATE:
 978                READ_BUF(4);
 979                open->op_createmode = be32_to_cpup(p++);
 980                switch (open->op_createmode) {
 981                case NFS4_CREATE_UNCHECKED:
 982                case NFS4_CREATE_GUARDED:
 983                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 984                                &open->op_iattr, &open->op_acl, &open->op_label,
 985                                &open->op_umask);
 986                        if (status)
 987                                goto out;
 988                        break;
 989                case NFS4_CREATE_EXCLUSIVE:
 990                        READ_BUF(NFS4_VERIFIER_SIZE);
 991                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 992                        break;
 993                case NFS4_CREATE_EXCLUSIVE4_1:
 994                        if (argp->minorversion < 1)
 995                                goto xdr_error;
 996                        READ_BUF(NFS4_VERIFIER_SIZE);
 997                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 998                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 999                                &open->op_iattr, &open->op_acl, &open->op_label,
1000                                &open->op_umask);

1001                        if (status)
1002                                goto out;
1003                        break;
1004                default:
1005                        goto xdr_error;
1006                }
1007                break;
1008        default:
1009                goto xdr_error;
1010        }
1011
1012        /* open_claim */
1013        READ_BUF(4);
1014        open->op_claim_type = be32_to_cpup(p++);
1015        switch (open->op_claim_type) {
1016        case NFS4_OPEN_CLAIM_NULL:
1017        case NFS4_OPEN_CLAIM_DELEGATE_PREV:
1018                READ_BUF(4);
1019                open->op_fname.len = be32_to_cpup(p++);
1020                READ_BUF(open->op_fname.len);
1021                SAVEMEM(open->op_fname.data, open->op_fname.len);
1022                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
1023                        return status;
1024                break;
1025        case NFS4_OPEN_CLAIM_PREVIOUS:
1026                READ_BUF(4);
1027                open->op_delegate_type = be32_to_cpup(p++);
1028                break;
1029        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
1030                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
1031                if (status)
1032                        return status;
1033                READ_BUF(4);
1034                open->op_fname.len = be32_to_cpup(p++);
1035                READ_BUF(open->op_fname.len);
1036                SAVEMEM(open->op_fname.data, open->op_fname.len);
1037                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
1038                        return status;
1039                break;
1040        case NFS4_OPEN_CLAIM_FH:
1041        case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
1042                if (argp->minorversion < 1)
1043                        goto xdr_error;
1044                /* void */
1045                break;
1046        case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
1047                if (argp->minorversion < 1)
1048                        goto xdr_error;
1049                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
1050                if (status)
1051                        return status;
1052                break;
1053        default:
1054                goto xdr_error;
1055        }
1056
1057        DECODE_TAIL;
1058}
1059
1060static __be32
1061nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
1062{
1063        DECODE_HEAD;
1064
1065        if (argp->minorversion >= 1)
1066                return nfserr_notsupp;
1067
1068        status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
1069        if (status)
1070                return status;
1071        READ_BUF(4);
1072        open_conf->oc_seqid = be32_to_cpup(p++);
1073
1074        DECODE_TAIL;
1075}
1076
1077static __be32
1078nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
1079{
1080        DECODE_HEAD;
1081                    
1082        status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
1083        if (status)
1084                return status;
1085        READ_BUF(4);
1086        open_down->od_seqid = be32_to_cpup(p++);
1087        status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
1088                                           &open_down->od_deleg_want, NULL);
1089        if (status)
1090                return status;
1091        status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
1092        if (status)
1093                return status;
1094        DECODE_TAIL;
1095}
1096
1097static __be32
1098nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
1099{
1100        DECODE_HEAD;
1101
1102        READ_BUF(4);
1103        putfh->pf_fhlen = be32_to_cpup(p++);
1104        if (putfh->pf_fhlen > NFS4_FHSIZE)
1105                goto xdr_error;
1106        READ_BUF(putfh->pf_fhlen);
1107        SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
1108
1109        DECODE_TAIL;
1110}
1111
1112static __be32
1113nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1114{
1115        if (argp->minorversion == 0)
1116                return nfs_ok;
1117        return nfserr_notsupp;
1118}
1119
1120static __be32
1121nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1122{
1123        DECODE_HEAD;
1124
1125        status = nfsd4_decode_stateid(argp, &read->rd_stateid);
1126        if (status)
1127                return status;
1128        READ_BUF(12);
1129        p = xdr_decode_hyper(p, &read->rd_offset);
1130        read->rd_length = be32_to_cpup(p++);
1131
1132        DECODE_TAIL;
1133}
1134
1135static __be32
1136nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1137{
1138        DECODE_HEAD;
1139
1140        READ_BUF(24);
1141        p = xdr_decode_hyper(p, &readdir->rd_cookie);
1142        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1143        readdir->rd_dircount = be32_to_cpup(p++);
1144        readdir->rd_maxcount = be32_to_cpup(p++);
1145        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
1146                goto out;
1147
1148        DECODE_TAIL;
1149}
1150
1151static __be32
1152nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1153{
1154        DECODE_HEAD;
1155
1156        READ_BUF(4);
1157        remove->rm_namelen = be32_to_cpup(p++);
1158        READ_BUF(remove->rm_namelen);
1159        SAVEMEM(remove->rm_name, remove->rm_namelen);
1160        if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
1161                return status;
1162
1163        DECODE_TAIL;
1164}
1165
1166static __be32
1167nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1168{
1169        DECODE_HEAD;
1170
1171        READ_BUF(4);
1172        rename->rn_snamelen = be32_to_cpup(p++);
1173        READ_BUF(rename->rn_snamelen);
1174        SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1175        READ_BUF(4);
1176        rename->rn_tnamelen = be32_to_cpup(p++);
1177        READ_BUF(rename->rn_tnamelen);
1178        SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1179        if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1180                return status;
1181        if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1182                return status;
1183
1184        DECODE_TAIL;
1185}
1186
1187static __be32
1188nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1189{
1190        DECODE_HEAD;
1191
1192        if (argp->minorversion >= 1)
1193                return nfserr_notsupp;
1194
1195        READ_BUF(sizeof(clientid_t));
1196        COPYMEM(clientid, sizeof(clientid_t));
1197
1198        DECODE_TAIL;
1199}
1200
1201static __be32
1202nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1203                     struct nfsd4_secinfo *secinfo)
1204{
1205        DECODE_HEAD;
1206
1207        READ_BUF(4);
1208        secinfo->si_namelen = be32_to_cpup(p++);
1209        READ_BUF(secinfo->si_namelen);
1210        SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1211        status = check_filename(secinfo->si_name, secinfo->si_namelen);
1212        if (status)
1213                return status;
1214        DECODE_TAIL;
1215}
1216
1217static __be32
1218nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1219                     struct nfsd4_secinfo_no_name *sin)
1220{
1221        DECODE_HEAD;
1222
1223        READ_BUF(4);
1224        sin->sin_style = be32_to_cpup(p++);
1225        DECODE_TAIL;
1226}
1227
1228static __be32
1229nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1230{
1231        __be32 status;
1232
1233        status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1234        if (status)
1235                return status;
1236        return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1237                                  &setattr->sa_acl, &setattr->sa_label, NULL);
1238}
1239
1240static __be32
1241nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1242{
1243        DECODE_HEAD;
1244
1245        if (argp->minorversion >= 1)
1246                return nfserr_notsupp;
1247
1248        READ_BUF(NFS4_VERIFIER_SIZE);
1249        COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1250
1251        status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1252        if (status)
1253                return nfserr_bad_xdr;
1254        READ_BUF(8);
1255        setclientid->se_callback_prog = be32_to_cpup(p++);
1256        setclientid->se_callback_netid_len = be32_to_cpup(p++);
1257        READ_BUF(setclientid->se_callback_netid_len);
1258        SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1259        READ_BUF(4);
1260        setclientid->se_callback_addr_len = be32_to_cpup(p++);
1261
1262        READ_BUF(setclientid->se_callback_addr_len);
1263        SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1264        READ_BUF(4);
1265        setclientid->se_callback_ident = be32_to_cpup(p++);
1266
1267        DECODE_TAIL;
1268}
1269
1270static __be32
1271nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1272{
1273        DECODE_HEAD;
1274
1275        if (argp->minorversion >= 1)
1276                return nfserr_notsupp;
1277
1278        READ_BUF(8 + NFS4_VERIFIER_SIZE);
1279        COPYMEM(&scd_c->sc_clientid, 8);
1280        COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1281
1282        DECODE_TAIL;
1283}
1284
1285/* Also used for NVERIFY */
1286static __be32
1287nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1288{
1289        DECODE_HEAD;
1290
1291        if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1292                goto out;
1293
1294        /* For convenience's sake, we compare raw xdr'd attributes in
1295         * nfsd4_proc_verify */
1296
1297        READ_BUF(4);
1298        verify->ve_attrlen = be32_to_cpup(p++);
1299        READ_BUF(verify->ve_attrlen);
1300        SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1301
1302        DECODE_TAIL;
1303}
1304
1305static __be32
1306nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1307{
1308        DECODE_HEAD;
1309
1310        status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1311        if (status)
1312                return status;
1313        READ_BUF(16);
1314        p = xdr_decode_hyper(p, &write->wr_offset);
1315        write->wr_stable_how = be32_to_cpup(p++);
1316        if (write->wr_stable_how > NFS_FILE_SYNC)
1317                goto xdr_error;
1318        write->wr_buflen = be32_to_cpup(p++);
1319
1320        status = svcxdr_construct_vector(argp, &write->wr_head,
1321                                         &write->wr_pagelist, write->wr_buflen);
1322        if (status)
1323                return status;
1324
1325        DECODE_TAIL;
1326}
1327
1328static __be32
1329nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1330{
1331        DECODE_HEAD;
1332
1333        if (argp->minorversion >= 1)
1334                return nfserr_notsupp;
1335
1336        READ_BUF(12);
1337        COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1338        rlockowner->rl_owner.len = be32_to_cpup(p++);
1339        READ_BUF(rlockowner->rl_owner.len);
1340        READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1341
1342        if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1343                return nfserr_inval;
1344        DECODE_TAIL;
1345}
1346
1347static __be32
1348nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1349                         struct nfsd4_exchange_id *exid)
1350{
1351        int dummy, tmp;
1352        DECODE_HEAD;
1353
1354        READ_BUF(NFS4_VERIFIER_SIZE);
1355        COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1356
1357        status = nfsd4_decode_opaque(argp, &exid->clname);
1358        if (status)
1359                return nfserr_bad_xdr;
1360
1361        READ_BUF(4);
1362        exid->flags = be32_to_cpup(p++);
1363
1364        /* Ignore state_protect4_a */
1365        READ_BUF(4);
1366        exid->spa_how = be32_to_cpup(p++);
1367        switch (exid->spa_how) {
1368        case SP4_NONE:
1369                break;
1370        case SP4_MACH_CRED:
1371                /* spo_must_enforce */
1372                status = nfsd4_decode_bitmap(argp,
1373                                        exid->spo_must_enforce);
1374                if (status)
1375                        goto out;
1376                /* spo_must_allow */
1377                status = nfsd4_decode_bitmap(argp, exid->spo_must_allow);
1378                if (status)
1379                        goto out;
1380                break;
1381        case SP4_SSV:
1382                /* ssp_ops */
1383                READ_BUF(4);
1384                dummy = be32_to_cpup(p++);
1385                READ_BUF(dummy * 4);
1386                p += dummy;
1387
1388                READ_BUF(4);
1389                dummy = be32_to_cpup(p++);
1390                READ_BUF(dummy * 4);
1391                p += dummy;
1392
1393                /* ssp_hash_algs<> */
1394                READ_BUF(4);
1395                tmp = be32_to_cpup(p++);
1396                while (tmp--) {
1397                        READ_BUF(4);
1398                        dummy = be32_to_cpup(p++);
1399                        READ_BUF(dummy);
1400                        p += XDR_QUADLEN(dummy);
1401                }
1402
1403                /* ssp_encr_algs<> */
1404                READ_BUF(4);
1405                tmp = be32_to_cpup(p++);
1406                while (tmp--) {
1407                        READ_BUF(4);
1408                        dummy = be32_to_cpup(p++);
1409                        READ_BUF(dummy);
1410                        p += XDR_QUADLEN(dummy);
1411                }
1412
1413                /* ignore ssp_window and ssp_num_gss_handles: */
1414                READ_BUF(8);
1415                break;
1416        default:
1417                goto xdr_error;
1418        }
1419
1420        READ_BUF(4);    /* nfs_impl_id4 array length */
1421        dummy = be32_to_cpup(p++);
1422
1423        if (dummy > 1)
1424                goto xdr_error;
1425
1426        if (dummy == 1) {
1427                status = nfsd4_decode_opaque(argp, &exid->nii_domain);
1428                if (status)
1429                        goto xdr_error;
1430
1431                /* nii_name */
1432                status = nfsd4_decode_opaque(argp, &exid->nii_name);
1433                if (status)
1434                        goto xdr_error;
1435
1436                /* nii_date */
1437                status = nfsd4_decode_time(argp, &exid->nii_time);
1438                if (status)
1439                        goto xdr_error;
1440        }
1441        DECODE_TAIL;
1442}
1443
1444static __be32
1445nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1446                            struct nfsd4_create_session *sess)
1447{
1448        DECODE_HEAD;
1449
1450        READ_BUF(16);
1451        COPYMEM(&sess->clientid, 8);
1452        sess->seqid = be32_to_cpup(p++);
1453        sess->flags = be32_to_cpup(p++);
1454
1455        /* Fore channel attrs */
1456        READ_BUF(28);
1457        p++; /* headerpadsz is always 0 */
1458        sess->fore_channel.maxreq_sz = be32_to_cpup(p++);
1459        sess->fore_channel.maxresp_sz = be32_to_cpup(p++);
1460        sess->fore_channel.maxresp_cached = be32_to_cpup(p++);
1461        sess->fore_channel.maxops = be32_to_cpup(p++);
1462        sess->fore_channel.maxreqs = be32_to_cpup(p++);
1463        sess->fore_channel.nr_rdma_attrs = be32_to_cpup(p++);
1464        if (sess->fore_channel.nr_rdma_attrs == 1) {
1465                READ_BUF(4);
1466                sess->fore_channel.rdma_attrs = be32_to_cpup(p++);
1467        } else if (sess->fore_channel.nr_rdma_attrs > 1) {
1468                dprintk("Too many fore channel attr bitmaps!\n");
1469                goto xdr_error;
1470        }
1471
1472        /* Back channel attrs */
1473        READ_BUF(28);
1474        p++; /* headerpadsz is always 0 */
1475        sess->back_channel.maxreq_sz = be32_to_cpup(p++);
1476        sess->back_channel.maxresp_sz = be32_to_cpup(p++);
1477        sess->back_channel.maxresp_cached = be32_to_cpup(p++);
1478        sess->back_channel.maxops = be32_to_cpup(p++);
1479        sess->back_channel.maxreqs = be32_to_cpup(p++);
1480        sess->back_channel.nr_rdma_attrs = be32_to_cpup(p++);
1481        if (sess->back_channel.nr_rdma_attrs == 1) {
1482                READ_BUF(4);
1483                sess->back_channel.rdma_attrs = be32_to_cpup(p++);
1484        } else if (sess->back_channel.nr_rdma_attrs > 1) {
1485                dprintk("Too many back channel attr bitmaps!\n");
1486                goto xdr_error;
1487        }
1488
1489        READ_BUF(4);
1490        sess->callback_prog = be32_to_cpup(p++);
1491        nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1492        DECODE_TAIL;
1493}
1494
1495static __be32
1496nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1497                             struct nfsd4_destroy_session *destroy_session)
1498{
1499        DECODE_HEAD;
1500        READ_BUF(NFS4_MAX_SESSIONID_LEN);
1501        COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1502
1503        DECODE_TAIL;
1504}
1505
1506static __be32
1507nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1508                          struct nfsd4_free_stateid *free_stateid)
1509{
1510        DECODE_HEAD;
1511
1512        READ_BUF(sizeof(stateid_t));
1513        free_stateid->fr_stateid.si_generation = be32_to_cpup(p++);
1514        COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1515
1516        DECODE_TAIL;
1517}
1518
1519static __be32
1520nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1521                      struct nfsd4_sequence *seq)
1522{
1523        DECODE_HEAD;
1524
1525        READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1526        COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1527        seq->seqid = be32_to_cpup(p++);
1528        seq->slotid = be32_to_cpup(p++);
1529        seq->maxslots = be32_to_cpup(p++);
1530        seq->cachethis = be32_to_cpup(p++);
1531
1532        DECODE_TAIL;
1533}
1534
1535static __be32
1536nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1537{
1538        int i;
1539        __be32 *p, status;
1540        struct nfsd4_test_stateid_id *stateid;
1541
1542        READ_BUF(4);
1543        test_stateid->ts_num_ids = ntohl(*p++);
1544
1545        INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1546
1547        for (i = 0; i < test_stateid->ts_num_ids; i++) {
1548                stateid = svcxdr_tmpalloc(argp, sizeof(*stateid));
1549                if (!stateid) {
1550                        status = nfserrno(-ENOMEM);
1551                        goto out;
1552                }
1553
1554                INIT_LIST_HEAD(&stateid->ts_id_list);
1555                list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1556
1557                status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1558                if (status)
1559                        goto out;
1560        }
1561
1562        status = 0;
1563out:
1564        return status;
1565xdr_error:
1566        dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1567        status = nfserr_bad_xdr;
1568        goto out;
1569}
1570
1571static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1572{
1573        DECODE_HEAD;
1574
1575        READ_BUF(8);
1576        COPYMEM(&dc->clientid, 8);
1577
1578        DECODE_TAIL;
1579}
1580
1581static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1582{
1583        DECODE_HEAD;
1584
1585        READ_BUF(4);
1586        rc->rca_one_fs = be32_to_cpup(p++);
1587
1588        DECODE_TAIL;
1589}
1590
1591#ifdef CONFIG_NFSD_PNFS
1592static __be32
1593nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
1594                struct nfsd4_getdeviceinfo *gdev)
1595{
1596        DECODE_HEAD;
1597        u32 num, i;
1598
1599        READ_BUF(sizeof(struct nfsd4_deviceid) + 3 * 4);
1600        COPYMEM(&gdev->gd_devid, sizeof(struct nfsd4_deviceid));
1601        gdev->gd_layout_type = be32_to_cpup(p++);
1602        gdev->gd_maxcount = be32_to_cpup(p++);
1603        num = be32_to_cpup(p++);
1604        if (num) {
1605                if (num > 1000)
1606                        goto xdr_error;
1607                READ_BUF(4 * num);
1608                gdev->gd_notify_types = be32_to_cpup(p++);
1609                for (i = 1; i < num; i++) {
1610                        if (be32_to_cpup(p++)) {
1611                                status = nfserr_inval;
1612                                goto out;
1613                        }
1614                }
1615        }
1616        DECODE_TAIL;
1617}
1618
1619static __be32
1620nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
1621                struct nfsd4_layoutget *lgp)
1622{
1623        DECODE_HEAD;
1624
1625        READ_BUF(36);
1626        lgp->lg_signal = be32_to_cpup(p++);
1627        lgp->lg_layout_type = be32_to_cpup(p++);
1628        lgp->lg_seg.iomode = be32_to_cpup(p++);
1629        p = xdr_decode_hyper(p, &lgp->lg_seg.offset);
1630        p = xdr_decode_hyper(p, &lgp->lg_seg.length);
1631        p = xdr_decode_hyper(p, &lgp->lg_minlength);
1632
1633        status = nfsd4_decode_stateid(argp, &lgp->lg_sid);
1634        if (status)
1635                return status;
1636
1637        READ_BUF(4);
1638        lgp->lg_maxcount = be32_to_cpup(p++);
1639
1640        DECODE_TAIL;
1641}
1642
1643static __be32
1644nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
1645                struct nfsd4_layoutcommit *lcp)
1646{
1647        DECODE_HEAD;
1648        u32 timechange;
1649
1650        READ_BUF(20);
1651        p = xdr_decode_hyper(p, &lcp->lc_seg.offset);
1652        p = xdr_decode_hyper(p, &lcp->lc_seg.length);
1653        lcp->lc_reclaim = be32_to_cpup(p++);
1654
1655        status = nfsd4_decode_stateid(argp, &lcp->lc_sid);
1656        if (status)
1657                return status;
1658
1659        READ_BUF(4);
1660        lcp->lc_newoffset = be32_to_cpup(p++);
1661        if (lcp->lc_newoffset) {
1662                READ_BUF(8);
1663                p = xdr_decode_hyper(p, &lcp->lc_last_wr);
1664        } else
1665                lcp->lc_last_wr = 0;
1666        READ_BUF(4);
1667        timechange = be32_to_cpup(p++);
1668        if (timechange) {
1669                status = nfsd4_decode_time(argp, &lcp->lc_mtime);
1670                if (status)
1671                        return status;
1672        } else {
1673                lcp->lc_mtime.tv_nsec = UTIME_NOW;
1674        }
1675        READ_BUF(8);
1676        lcp->lc_layout_type = be32_to_cpup(p++);
1677
1678        /*
1679         * Save the layout update in XDR format and let the layout driver deal
1680         * with it later.
1681         */
1682        lcp->lc_up_len = be32_to_cpup(p++);
1683        if (lcp->lc_up_len > 0) {
1684                READ_BUF(lcp->lc_up_len);
1685                READMEM(lcp->lc_up_layout, lcp->lc_up_len);
1686        }
1687
1688        DECODE_TAIL;
1689}
1690
1691static __be32
1692nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
1693                struct nfsd4_layoutreturn *lrp)
1694{
1695        DECODE_HEAD;
1696
1697        READ_BUF(16);
1698        lrp->lr_reclaim = be32_to_cpup(p++);
1699        lrp->lr_layout_type = be32_to_cpup(p++);
1700        lrp->lr_seg.iomode = be32_to_cpup(p++);
1701        lrp->lr_return_type = be32_to_cpup(p++);
1702        if (lrp->lr_return_type == RETURN_FILE) {
1703                READ_BUF(16);
1704                p = xdr_decode_hyper(p, &lrp->lr_seg.offset);
1705                p = xdr_decode_hyper(p, &lrp->lr_seg.length);
1706
1707                status = nfsd4_decode_stateid(argp, &lrp->lr_sid);
1708                if (status)
1709                        return status;
1710
1711                READ_BUF(4);
1712                lrp->lrf_body_len = be32_to_cpup(p++);
1713                if (lrp->lrf_body_len > 0) {
1714                        READ_BUF(lrp->lrf_body_len);
1715                        READMEM(lrp->lrf_body, lrp->lrf_body_len);
1716                }
1717        } else {
1718                lrp->lr_seg.offset = 0;
1719                lrp->lr_seg.length = NFS4_MAX_UINT64;
1720        }
1721
1722        DECODE_TAIL;
1723}
1724#endif /* CONFIG_NFSD_PNFS */
1725
1726static __be32
1727nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
1728                       struct nfsd4_fallocate *fallocate)
1729{
1730        DECODE_HEAD;
1731
1732        status = nfsd4_decode_stateid(argp, &fallocate->falloc_stateid);
1733        if (status)
1734                return status;
1735
1736        READ_BUF(16);
1737        p = xdr_decode_hyper(p, &fallocate->falloc_offset);
1738        xdr_decode_hyper(p, &fallocate->falloc_length);
1739
1740        DECODE_TAIL;
1741}
1742
1743static __be32
1744nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
1745{
1746        DECODE_HEAD;
1747
1748        status = nfsd4_decode_stateid(argp, &clone->cl_src_stateid);
1749        if (status)
1750                return status;
1751        status = nfsd4_decode_stateid(argp, &clone->cl_dst_stateid);
1752        if (status)
1753                return status;
1754
1755        READ_BUF(8 + 8 + 8);
1756        p = xdr_decode_hyper(p, &clone->cl_src_pos);
1757        p = xdr_decode_hyper(p, &clone->cl_dst_pos);
1758        p = xdr_decode_hyper(p, &clone->cl_count);
1759        DECODE_TAIL;
1760}
1761
1762static __be32
1763nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
1764{
1765        DECODE_HEAD;
1766
1767        status = nfsd4_decode_stateid(argp, &copy->cp_src_stateid);
1768        if (status)
1769                return status;
1770        status = nfsd4_decode_stateid(argp, &copy->cp_dst_stateid);
1771        if (status)
1772                return status;
1773
1774        READ_BUF(8 + 8 + 8 + 4 + 4 + 4);
1775        p = xdr_decode_hyper(p, &copy->cp_src_pos);
1776        p = xdr_decode_hyper(p, &copy->cp_dst_pos);
1777        p = xdr_decode_hyper(p, &copy->cp_count);
1778        p++; /* ca_consecutive: we always do consecutive copies */
1779        copy->cp_synchronous = be32_to_cpup(p++);
1780        /* tmp = be32_to_cpup(p); Source server list not supported */
1781
1782        DECODE_TAIL;
1783}
1784
1785static __be32
1786nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp,
1787                            struct nfsd4_offload_status *os)
1788{
1789        return nfsd4_decode_stateid(argp, &os->stateid);
1790}
1791
1792static __be32
1793nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
1794{
1795        DECODE_HEAD;
1796
1797        status = nfsd4_decode_stateid(argp, &seek->seek_stateid);
1798        if (status)
1799                return status;
1800
1801        READ_BUF(8 + 4);
1802        p = xdr_decode_hyper(p, &seek->seek_offset);
1803        seek->seek_whence = be32_to_cpup(p);
1804
1805        DECODE_TAIL;
1806}
1807
1808/*
1809 * XDR data that is more than PAGE_SIZE in size is normally part of a
1810 * read or write. However, the size of extended attributes is limited
1811 * by the maximum request size, and then further limited by the underlying
1812 * filesystem limits. This can exceed PAGE_SIZE (currently, XATTR_SIZE_MAX
1813 * is 64k). Since there is no kvec- or page-based interface to xattrs,
1814 * and we're not dealing with contiguous pages, we need to do some copying.
1815 */
1816
1817/*
1818 * Decode data into buffer. Uses head and pages constructed by
1819 * svcxdr_construct_vector.
1820 */
1821static __be32
1822nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct kvec *head,
1823                       struct page **pages, char **bufp, u32 buflen)
1824{
1825        char *tmp, *dp;
1826        u32 len;
1827
1828        if (buflen <= head->iov_len) {
1829                /*
1830                 * We're in luck, the head has enough space. Just return
1831                 * the head, no need for copying.
1832                 */
1833                *bufp = head->iov_base;
1834                return 0;
1835        }
1836
1837        tmp = svcxdr_tmpalloc(argp, buflen);
1838        if (tmp == NULL)
1839                return nfserr_jukebox;
1840
1841        dp = tmp;
1842        memcpy(dp, head->iov_base, head->iov_len);
1843        buflen -= head->iov_len;
1844        dp += head->iov_len;
1845
1846        while (buflen > 0) {
1847                len = min_t(u32, buflen, PAGE_SIZE);
1848                memcpy(dp, page_address(*pages), len);
1849
1850                buflen -= len;
1851                dp += len;
1852                pages++;
1853        }
1854
1855        *bufp = tmp;
1856        return 0;
1857}
1858
1859/*
1860 * Get a user extended attribute name from the XDR buffer.
1861 * It will not have the "user." prefix, so prepend it.
1862 * Lastly, check for nul characters in the name.
1863 */
1864static __be32
1865nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
1866{
1867        DECODE_HEAD;
1868        char *name, *sp, *dp;
1869        u32 namelen, cnt;
1870
1871        READ_BUF(4);
1872        namelen = be32_to_cpup(p++);
1873
1874        if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN))
1875                return nfserr_nametoolong;
1876
1877        if (namelen == 0)
1878                goto xdr_error;
1879
1880        READ_BUF(namelen);
1881
1882        name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1);
1883        if (!name)
1884                return nfserr_jukebox;
1885
1886        memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
1887
1888        /*
1889         * Copy the extended attribute name over while checking for 0
1890         * characters.
1891         */
1892        sp = (char *)p;
1893        dp = name + XATTR_USER_PREFIX_LEN;
1894        cnt = namelen;
1895
1896        while (cnt-- > 0) {
1897                if (*sp == '\0')
1898                        goto xdr_error;
1899                *dp++ = *sp++;
1900        }
1901        *dp = '\0';
1902
1903        *namep = name;
1904
1905        DECODE_TAIL;
1906}
1907
1908/*
1909 * A GETXATTR op request comes without a length specifier. We just set the
1910 * maximum length for the reply based on XATTR_SIZE_MAX and the maximum
1911 * channel reply size. nfsd_getxattr will probe the length of the xattr,
1912 * check it against getxa_len, and allocate + return the value.
1913 */
1914static __be32
1915nfsd4_decode_getxattr(struct nfsd4_compoundargs *argp,
1916                      struct nfsd4_getxattr *getxattr)
1917{
1918        __be32 status;
1919        u32 maxcount;
1920
1921        status = nfsd4_decode_xattr_name(argp, &getxattr->getxa_name);
1922        if (status)
1923                return status;
1924
1925        maxcount = svc_max_payload(argp->rqstp);
1926        maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
1927
1928        getxattr->getxa_len = maxcount;
1929
1930        return status;
1931}
1932
1933static __be32
1934nfsd4_decode_setxattr(struct nfsd4_compoundargs *argp,
1935                      struct nfsd4_setxattr *setxattr)
1936{
1937        DECODE_HEAD;
1938        u32 flags, maxcount, size;
1939        struct kvec head;
1940        struct page **pagelist;
1941
1942        READ_BUF(4);
1943        flags = be32_to_cpup(p++);
1944
1945        if (flags > SETXATTR4_REPLACE)
1946                return nfserr_inval;
1947        setxattr->setxa_flags = flags;
1948
1949        status = nfsd4_decode_xattr_name(argp, &setxattr->setxa_name);
1950        if (status)
1951                return status;
1952
1953        maxcount = svc_max_payload(argp->rqstp);
1954        maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
1955
1956        READ_BUF(4);
1957        size = be32_to_cpup(p++);
1958        if (size > maxcount)
1959                return nfserr_xattr2big;
1960
1961        setxattr->setxa_len = size;
1962        if (size > 0) {
1963                status = svcxdr_construct_vector(argp, &head, &pagelist, size);
1964                if (status)
1965                        return status;
1966
1967                status = nfsd4_vbuf_from_vector(argp, &head, pagelist,
1968                    &setxattr->setxa_buf, size);
1969        }
1970
1971        DECODE_TAIL;
1972}
1973
1974static __be32
1975nfsd4_decode_listxattrs(struct nfsd4_compoundargs *argp,
1976                        struct nfsd4_listxattrs *listxattrs)
1977{
1978        DECODE_HEAD;
1979        u32 maxcount;
1980
1981        READ_BUF(12);
1982        p = xdr_decode_hyper(p, &listxattrs->lsxa_cookie);
1983
1984        /*
1985         * If the cookie  is too large to have even one user.x attribute
1986         * plus trailing '\0' left in a maximum size buffer, it's invalid.
1987         */
1988        if (listxattrs->lsxa_cookie >=
1989            (XATTR_LIST_MAX / (XATTR_USER_PREFIX_LEN + 2)))
1990                return nfserr_badcookie;
1991
1992        maxcount = be32_to_cpup(p++);
1993        if (maxcount < 8)
1994                /* Always need at least 2 words (length and one character) */
1995                return nfserr_inval;
1996
1997        maxcount = min(maxcount, svc_max_payload(argp->rqstp));
1998        listxattrs->lsxa_maxcount = maxcount;
1999
2000        DECODE_TAIL;

2001}
2002
2003static __be32
2004nfsd4_decode_removexattr(struct nfsd4_compoundargs *argp,
2005                         struct nfsd4_removexattr *removexattr)
2006{
2007        return nfsd4_decode_xattr_name(argp, &removexattr->rmxa_name);
2008}
2009
2010static __be32
2011nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
2012{
2013        return nfs_ok;
2014}
2015
2016static __be32
2017nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
2018{
2019        return nfserr_notsupp;
2020}
2021
2022typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
2023
2024static const nfsd4_dec nfsd4_dec_ops[] = {
2025        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
2026        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
2027        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
2028        [OP_CREATE]             = (nfsd4_dec)nfsd4_decode_create,
2029        [OP_DELEGPURGE]         = (nfsd4_dec)nfsd4_decode_notsupp,
2030        [OP_DELEGRETURN]        = (nfsd4_dec)nfsd4_decode_delegreturn,
2031        [OP_GETATTR]            = (nfsd4_dec)nfsd4_decode_getattr,
2032        [OP_GETFH]              = (nfsd4_dec)nfsd4_decode_noop,
2033        [OP_LINK]               = (nfsd4_dec)nfsd4_decode_link,
2034        [OP_LOCK]               = (nfsd4_dec)nfsd4_decode_lock,
2035        [OP_LOCKT]              = (nfsd4_dec)nfsd4_decode_lockt,
2036        [OP_LOCKU]              = (nfsd4_dec)nfsd4_decode_locku,
2037        [OP_LOOKUP]             = (nfsd4_dec)nfsd4_decode_lookup,
2038        [OP_LOOKUPP]            = (nfsd4_dec)nfsd4_decode_noop,
2039        [OP_NVERIFY]            = (nfsd4_dec)nfsd4_decode_verify,
2040        [OP_OPEN]               = (nfsd4_dec)nfsd4_decode_open,
2041        [OP_OPENATTR]           = (nfsd4_dec)nfsd4_decode_notsupp,
2042        [OP_OPEN_CONFIRM]       = (nfsd4_dec)nfsd4_decode_open_confirm,
2043        [OP_OPEN_DOWNGRADE]     = (nfsd4_dec)nfsd4_decode_open_downgrade,
2044        [OP_PUTFH]              = (nfsd4_dec)nfsd4_decode_putfh,
2045        [OP_PUTPUBFH]           = (nfsd4_dec)nfsd4_decode_putpubfh,
2046        [OP_PUTROOTFH]          = (nfsd4_dec)nfsd4_decode_noop,
2047        [OP_READ]               = (nfsd4_dec)nfsd4_decode_read,
2048        [OP_READDIR]            = (nfsd4_dec)nfsd4_decode_readdir,
2049        [OP_READLINK]           = (nfsd4_dec)nfsd4_decode_noop,
2050        [OP_REMOVE]             = (nfsd4_dec)nfsd4_decode_remove,
2051        [OP_RENAME]             = (nfsd4_dec)nfsd4_decode_rename,
2052        [OP_RENEW]              = (nfsd4_dec)nfsd4_decode_renew,
2053        [OP_RESTOREFH]          = (nfsd4_dec)nfsd4_decode_noop,
2054        [OP_SAVEFH]             = (nfsd4_dec)nfsd4_decode_noop,
2055        [OP_SECINFO]            = (nfsd4_dec)nfsd4_decode_secinfo,
2056        [OP_SETATTR]            = (nfsd4_dec)nfsd4_decode_setattr,
2057        [OP_SETCLIENTID]        = (nfsd4_dec)nfsd4_decode_setclientid,
2058        [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
2059        [OP_VERIFY]             = (nfsd4_dec)nfsd4_decode_verify,
2060        [OP_WRITE]              = (nfsd4_dec)nfsd4_decode_write,
2061        [OP_RELEASE_LOCKOWNER]  = (nfsd4_dec)nfsd4_decode_release_lockowner,
2062
2063        /* new operations for NFSv4.1 */
2064        [OP_BACKCHANNEL_CTL]    = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
2065        [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
2066        [OP_EXCHANGE_ID]        = (nfsd4_dec)nfsd4_decode_exchange_id,
2067        [OP_CREATE_SESSION]     = (nfsd4_dec)nfsd4_decode_create_session,
2068        [OP_DESTROY_SESSION]    = (nfsd4_dec)nfsd4_decode_destroy_session,
2069        [OP_FREE_STATEID]       = (nfsd4_dec)nfsd4_decode_free_stateid,
2070        [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
2071#ifdef CONFIG_NFSD_PNFS
2072        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_getdeviceinfo,
2073        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
2074        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_layoutcommit,
2075        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_layoutget,
2076        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_layoutreturn,
2077#else
2078        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_notsupp,
2079        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
2080        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_notsupp,
2081        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_notsupp,
2082        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_notsupp,
2083#endif
2084        [OP_SECINFO_NO_NAME]    = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
2085        [OP_SEQUENCE]           = (nfsd4_dec)nfsd4_decode_sequence,
2086        [OP_SET_SSV]            = (nfsd4_dec)nfsd4_decode_notsupp,
2087        [OP_TEST_STATEID]       = (nfsd4_dec)nfsd4_decode_test_stateid,
2088        [OP_WANT_DELEGATION]    = (nfsd4_dec)nfsd4_decode_notsupp,
2089        [OP_DESTROY_CLIENTID]   = (nfsd4_dec)nfsd4_decode_destroy_clientid,
2090        [OP_RECLAIM_COMPLETE]   = (nfsd4_dec)nfsd4_decode_reclaim_complete,
2091
2092        /* new operations for NFSv4.2 */
2093        [OP_ALLOCATE]           = (nfsd4_dec)nfsd4_decode_fallocate,
2094        [OP_COPY]               = (nfsd4_dec)nfsd4_decode_copy,
2095        [OP_COPY_NOTIFY]        = (nfsd4_dec)nfsd4_decode_notsupp,
2096        [OP_DEALLOCATE]         = (nfsd4_dec)nfsd4_decode_fallocate,
2097        [OP_IO_ADVISE]          = (nfsd4_dec)nfsd4_decode_notsupp,
2098        [OP_LAYOUTERROR]        = (nfsd4_dec)nfsd4_decode_notsupp,
2099        [OP_LAYOUTSTATS]        = (nfsd4_dec)nfsd4_decode_notsupp,
2100        [OP_OFFLOAD_CANCEL]     = (nfsd4_dec)nfsd4_decode_offload_status,
2101        [OP_OFFLOAD_STATUS]     = (nfsd4_dec)nfsd4_decode_offload_status,
2102        [OP_READ_PLUS]          = (nfsd4_dec)nfsd4_decode_notsupp,
2103        [OP_SEEK]               = (nfsd4_dec)nfsd4_decode_seek,
2104        [OP_WRITE_SAME]         = (nfsd4_dec)nfsd4_decode_notsupp,
2105        [OP_CLONE]              = (nfsd4_dec)nfsd4_decode_clone,
2106        /* RFC 8276 extended atributes operations */
2107        [OP_GETXATTR]           = (nfsd4_dec)nfsd4_decode_getxattr,
2108        [OP_SETXATTR]           = (nfsd4_dec)nfsd4_decode_setxattr,
2109        [OP_LISTXATTRS]         = (nfsd4_dec)nfsd4_decode_listxattrs,
2110        [OP_REMOVEXATTR]        = (nfsd4_dec)nfsd4_decode_removexattr,
2111};
2112
2113static inline bool
2114nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
2115{
2116        if (op->opnum < FIRST_NFS4_OP)
2117                return false;
2118        else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
2119                return false;
2120        else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
2121                return false;
2122        else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
2123                return false;
2124        return true;
2125}
2126
2127static __be32
2128nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
2129{
2130        DECODE_HEAD;
2131        struct nfsd4_op *op;
2132        bool cachethis = false;
2133        int auth_slack= argp->rqstp->rq_auth_slack;
2134        int max_reply = auth_slack + 8; /* opcnt, status */
2135        int readcount = 0;
2136        int readbytes = 0;
2137        int i;
2138
2139        READ_BUF(4);
2140        argp->taglen = be32_to_cpup(p++);
2141        READ_BUF(argp->taglen);
2142        SAVEMEM(argp->tag, argp->taglen);
2143        READ_BUF(8);
2144        argp->minorversion = be32_to_cpup(p++);
2145        argp->opcnt = be32_to_cpup(p++);
2146        max_reply += 4 + (XDR_QUADLEN(argp->taglen) << 2);
2147
2148        if (argp->taglen > NFSD4_MAX_TAGLEN)
2149                goto xdr_error;
2150        /*
2151         * NFS4ERR_RESOURCE is a more helpful error than GARBAGE_ARGS
2152         * here, so we return success at the xdr level so that
2153         * nfsd4_proc can handle this is an NFS-level error.
2154         */
2155        if (argp->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
2156                return 0;
2157
2158        if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
2159                argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
2160                if (!argp->ops) {
2161                        argp->ops = argp->iops;
2162                        dprintk("nfsd: couldn't allocate room for COMPOUND\n");
2163                        goto xdr_error;
2164                }
2165        }
2166
2167        if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
2168                argp->opcnt = 0;
2169
2170        for (i = 0; i < argp->opcnt; i++) {
2171                op = &argp->ops[i];
2172                op->replay = NULL;
2173
2174                READ_BUF(4);
2175                op->opnum = be32_to_cpup(p++);
2176
2177                if (nfsd4_opnum_in_range(argp, op)) {
2178                        op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
2179                        if (op->status != nfs_ok)
2180                                trace_nfsd_compound_decode_err(argp->rqstp,
2181                                                               argp->opcnt, i,
2182                                                               op->opnum,
2183                                                               op->status);
2184                } else {
2185                        op->opnum = OP_ILLEGAL;
2186                        op->status = nfserr_op_illegal;
2187                }
2188                op->opdesc = OPDESC(op);
2189                /*
2190                 * We'll try to cache the result in the DRC if any one
2191                 * op in the compound wants to be cached:
2192                 */
2193                cachethis |= nfsd4_cache_this_op(op);
2194
2195                if (op->opnum == OP_READ) {
2196                        readcount++;
2197                        readbytes += nfsd4_max_reply(argp->rqstp, op);
2198                } else
2199                        max_reply += nfsd4_max_reply(argp->rqstp, op);
2200                /*
2201                 * OP_LOCK and OP_LOCKT may return a conflicting lock.
2202                 * (Special case because it will just skip encoding this
2203                 * if it runs out of xdr buffer space, and it is the only
2204                 * operation that behaves this way.)
2205                 */
2206                if (op->opnum == OP_LOCK || op->opnum == OP_LOCKT)
2207                        max_reply += NFS4_OPAQUE_LIMIT;
2208
2209                if (op->status) {
2210                        argp->opcnt = i+1;
2211                        break;
2212                }
2213        }
2214        /* Sessions make the DRC unnecessary: */
2215        if (argp->minorversion)
2216                cachethis = false;
2217        svc_reserve(argp->rqstp, max_reply + readbytes);
2218        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
2219
2220        if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
2221                clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags);
2222
2223        DECODE_TAIL;
2224}
2225
2226static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode,
2227                             struct svc_export *exp)
2228{
2229        if (exp->ex_flags & NFSEXP_V4ROOT) {
2230                *p++ = cpu_to_be32(convert_to_wallclock(exp->cd->flush_time));
2231                *p++ = 0;
2232        } else
2233                p = xdr_encode_hyper(p, nfsd4_change_attribute(stat, inode));
2234        return p;
2235}
2236
2237/*
2238 * ctime (in NFSv4, time_metadata) is not writeable, and the client
2239 * doesn't really care what resolution could theoretically be stored by
2240 * the filesystem.
2241 *
2242 * The client cares how close together changes can be while still
2243 * guaranteeing ctime changes.  For most filesystems (which have
2244 * timestamps with nanosecond fields) that is limited by the resolution
2245 * of the time returned from current_time() (which I'm assuming to be
2246 * 1/HZ).
2247 */
2248static __be32 *encode_time_delta(__be32 *p, struct inode *inode)
2249{
2250        struct timespec64 ts;
2251        u32 ns;
2252
2253        ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran);
2254        ts = ns_to_timespec64(ns);
2255
2256        p = xdr_encode_hyper(p, ts.tv_sec);
2257        *p++ = cpu_to_be32(ts.tv_nsec);
2258
2259        return p;
2260}
2261
2262static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
2263{
2264        *p++ = cpu_to_be32(c->atomic);
2265        p = xdr_encode_hyper(p, c->before_change);
2266        p = xdr_encode_hyper(p, c->after_change);
2267        return p;
2268}
2269
2270/* Encode as an array of strings the string given with components
2271 * separated @sep, escaped with esc_enter and esc_exit.
2272 */
2273static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
2274                                          char *components, char esc_enter,
2275                                          char esc_exit)
2276{
2277        __be32 *p;
2278        __be32 pathlen;
2279        int pathlen_offset;
2280        int strlen, count=0;
2281        char *str, *end, *next;
2282
2283        dprintk("nfsd4_encode_components(%s)\n", components);
2284
2285        pathlen_offset = xdr->buf->len;
2286        p = xdr_reserve_space(xdr, 4);
2287        if (!p)
2288                return nfserr_resource;
2289        p++; /* We will fill this in with @count later */
2290
2291        end = str = components;
2292        while (*end) {
2293                bool found_esc = false;
2294
2295                /* try to parse as esc_start, ..., esc_end, sep */
2296                if (*str == esc_enter) {
2297                        for (; *end && (*end != esc_exit); end++)
2298                                /* find esc_exit or end of string */;
2299                        next = end + 1;
2300                        if (*end && (!*next || *next == sep)) {
2301                                str++;
2302                                found_esc = true;
2303                        }
2304                }
2305
2306                if (!found_esc)
2307                        for (; *end && (*end != sep); end++)
2308                                /* find sep or end of string */;
2309
2310                strlen = end - str;
2311                if (strlen) {
2312                        p = xdr_reserve_space(xdr, strlen + 4);
2313                        if (!p)
2314                                return nfserr_resource;
2315                        p = xdr_encode_opaque(p, str, strlen);
2316                        count++;
2317                }
2318                else
2319                        end++;
2320                if (found_esc)
2321                        end = next;
2322
2323                str = end;
2324        }
2325        pathlen = htonl(count);
2326        write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
2327        return 0;
2328}
2329
2330/* Encode as an array of strings the string given with components
2331 * separated @sep.
2332 */
2333static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
2334                                      char *components)
2335{
2336        return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
2337}
2338
2339/*
2340 * encode a location element of a fs_locations structure
2341 */
2342static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
2343                                        struct nfsd4_fs_location *location)
2344{
2345        __be32 status;
2346
2347        status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
2348                                                '[', ']');
2349        if (status)
2350                return status;
2351        status = nfsd4_encode_components(xdr, '/', location->path);
2352        if (status)
2353                return status;
2354        return 0;
2355}
2356
2357/*
2358 * Encode a path in RFC3530 'pathname4' format
2359 */
2360static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
2361                                const struct path *root,
2362                                const struct path *path)
2363{
2364        struct path cur = *path;
2365        __be32 *p;
2366        struct dentry **components = NULL;
2367        unsigned int ncomponents = 0;
2368        __be32 err = nfserr_jukebox;
2369
2370        dprintk("nfsd4_encode_components(");
2371
2372        path_get(&cur);
2373        /* First walk the path up to the nfsd root, and store the
2374         * dentries/path components in an array.
2375         */
2376        for (;;) {
2377                if (path_equal(&cur, root))
2378                        break;
2379                if (cur.dentry == cur.mnt->mnt_root) {
2380                        if (follow_up(&cur))
2381                                continue;
2382                        goto out_free;
2383                }
2384                if ((ncomponents & 15) == 0) {
2385                        struct dentry **new;
2386                        new = krealloc(components,
2387                                        sizeof(*new) * (ncomponents + 16),
2388                                        GFP_KERNEL);
2389                        if (!new)
2390                                goto out_free;
2391                        components = new;
2392                }
2393                components[ncomponents++] = cur.dentry;
2394                cur.dentry = dget_parent(cur.dentry);
2395        }
2396        err = nfserr_resource;
2397        p = xdr_reserve_space(xdr, 4);
2398        if (!p)
2399                goto out_free;
2400        *p++ = cpu_to_be32(ncomponents);
2401
2402        while (ncomponents) {
2403                struct dentry *dentry = components[ncomponents - 1];
2404                unsigned int len;
2405
2406                spin_lock(&dentry->d_lock);
2407                len = dentry->d_name.len;
2408                p = xdr_reserve_space(xdr, len + 4);
2409                if (!p) {
2410                        spin_unlock(&dentry->d_lock);
2411                        goto out_free;
2412                }
2413                p = xdr_encode_opaque(p, dentry->d_name.name, len);
2414                dprintk("/%pd", dentry);
2415                spin_unlock(&dentry->d_lock);
2416                dput(dentry);
2417                ncomponents--;
2418        }
2419
2420        err = 0;
2421out_free:
2422        dprintk(")\n");
2423        while (ncomponents)
2424                dput(components[--ncomponents]);
2425        kfree(components);
2426        path_put(&cur);
2427        return err;
2428}
2429
2430static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
2431                        struct svc_rqst *rqstp, const struct path *path)
2432{
2433        struct svc_export *exp_ps;
2434        __be32 res;
2435
2436        exp_ps = rqst_find_fsidzero_export(rqstp);
2437        if (IS_ERR(exp_ps))
2438                return nfserrno(PTR_ERR(exp_ps));
2439        res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
2440        exp_put(exp_ps);
2441        return res;
2442}
2443
2444/*
2445 *  encode a fs_locations structure
2446 */
2447static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
2448                        struct svc_rqst *rqstp, struct svc_export *exp)
2449{
2450        __be32 status;
2451        int i;
2452        __be32 *p;
2453        struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
2454
2455        status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
2456        if (status)
2457                return status;
2458        p = xdr_reserve_space(xdr, 4);
2459        if (!p)
2460                return nfserr_resource;
2461        *p++ = cpu_to_be32(fslocs->locations_count);
2462        for (i=0; i<fslocs->locations_count; i++) {
2463                status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
2464                if (status)
2465                        return status;
2466        }
2467        return 0;
2468}
2469
2470static u32 nfs4_file_type(umode_t mode)
2471{
2472        switch (mode & S_IFMT) {
2473        case S_IFIFO:   return NF4FIFO;
2474        case S_IFCHR:   return NF4CHR;
2475        case S_IFDIR:   return NF4DIR;
2476        case S_IFBLK:   return NF4BLK;
2477        case S_IFLNK:   return NF4LNK;
2478        case S_IFREG:   return NF4REG;
2479        case S_IFSOCK:  return NF4SOCK;
2480        default:        return NF4BAD;
2481        }
2482}
2483
2484static inline __be32
2485nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2486                     struct nfs4_ace *ace)
2487{
2488        if (ace->whotype != NFS4_ACL_WHO_NAMED)
2489                return nfs4_acl_write_who(xdr, ace->whotype);
2490        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
2491                return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
2492        else
2493                return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
2494}
2495
2496static inline __be32
2497nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
2498{
2499        __be32          *p;
2500        unsigned long   i = hweight_long(layout_types);
2501
2502        p = xdr_reserve_space(xdr, 4 + 4 * i);
2503        if (!p)
2504                return nfserr_resource;
2505
2506        *p++ = cpu_to_be32(i);
2507
2508        for (i = LAYOUT_NFSV4_1_FILES; i < LAYOUT_TYPE_MAX; ++i)
2509                if (layout_types & (1 << i))
2510                        *p++ = cpu_to_be32(i);
2511
2512        return 0;
2513}
2514
2515#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
2516                              FATTR4_WORD0_RDATTR_ERROR)
2517#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
2518#define WORD2_ABSENT_FS_ATTRS 0
2519
2520#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2521static inline __be32
2522nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2523                            void *context, int len)
2524{
2525        __be32 *p;
2526
2527        p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
2528        if (!p)
2529                return nfserr_resource;
2530
2531        /*
2532         * For now we use a 0 here to indicate the null translation; in
2533         * the future we may place a call to translation code here.
2534         */
2535        *p++ = cpu_to_be32(0); /* lfs */
2536        *p++ = cpu_to_be32(0); /* pi */
2537        p = xdr_encode_opaque(p, context, len);
2538        return 0;
2539}
2540#else
2541static inline __be32
2542nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2543                            void *context, int len)
2544{ return 0; }
2545#endif
2546
2547static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err)
2548{
2549        /* As per referral draft:  */
2550        if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2551            *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2552                if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2553                    *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2554                        *rdattr_err = NFSERR_MOVED;
2555                else
2556                        return nfserr_moved;
2557        }
2558        *bmval0 &= WORD0_ABSENT_FS_ATTRS;
2559        *bmval1 &= WORD1_ABSENT_FS_ATTRS;
2560        *bmval2 &= WORD2_ABSENT_FS_ATTRS;
2561        return 0;
2562}
2563
2564
2565static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2566{
2567        struct path path = exp->ex_path;
2568        int err;
2569
2570        path_get(&path);
2571        while (follow_up(&path)) {
2572                if (path.dentry != path.mnt->mnt_root)
2573                        break;
2574        }
2575        err = vfs_getattr(&path, stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2576        path_put(&path);
2577        return err;
2578}
2579
2580static __be32
2581nfsd4_encode_bitmap(struct xdr_stream *xdr, u32 bmval0, u32 bmval1, u32 bmval2)
2582{
2583        __be32 *p;
2584
2585        if (bmval2) {
2586                p = xdr_reserve_space(xdr, 16);
2587                if (!p)
2588                        goto out_resource;
2589                *p++ = cpu_to_be32(3);
2590                *p++ = cpu_to_be32(bmval0);
2591                *p++ = cpu_to_be32(bmval1);
2592                *p++ = cpu_to_be32(bmval2);
2593        } else if (bmval1) {
2594                p = xdr_reserve_space(xdr, 12);
2595                if (!p)
2596                        goto out_resource;
2597                *p++ = cpu_to_be32(2);
2598                *p++ = cpu_to_be32(bmval0);
2599                *p++ = cpu_to_be32(bmval1);
2600        } else {
2601                p = xdr_reserve_space(xdr, 8);
2602                if (!p)
2603                        goto out_resource;
2604                *p++ = cpu_to_be32(1);
2605                *p++ = cpu_to_be32(bmval0);
2606        }
2607
2608        return 0;
2609out_resource:
2610        return nfserr_resource;
2611}
2612
2613/*
2614 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2615 * ourselves.
2616 */
2617static __be32
2618nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
2619                struct svc_export *exp,
2620                struct dentry *dentry, u32 *bmval,
2621                struct svc_rqst *rqstp, int ignore_crossmnt)
2622{
2623        u32 bmval0 = bmval[0];
2624        u32 bmval1 = bmval[1];
2625        u32 bmval2 = bmval[2];
2626        struct kstat stat;
2627        struct svc_fh *tempfh = NULL;
2628        struct kstatfs statfs;
2629        __be32 *p;
2630        int starting_len = xdr->buf->len;
2631        int attrlen_offset;
2632        __be32 attrlen;
2633        u32 dummy;
2634        u64 dummy64;
2635        u32 rdattr_err = 0;
2636        __be32 status;
2637        int err;
2638        struct nfs4_acl *acl = NULL;
2639#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2640        void *context = NULL;
2641        int contextlen;
2642#endif
2643        bool contextsupport = false;
2644        struct nfsd4_compoundres *resp = rqstp->rq_resp;
2645        u32 minorversion = resp->cstate.minorversion;
2646        struct path path = {
2647                .mnt    = exp->ex_path.mnt,
2648                .dentry = dentry,
2649        };
2650        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2651
2652        BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2653        BUG_ON(!nfsd_attrs_supported(minorversion, bmval));
2654
2655        if (exp->ex_fslocs.migrated) {
2656                status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err);
2657                if (status)
2658                        goto out;
2659        }
2660
2661        err = vfs_getattr(&path, &stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2662        if (err)
2663                goto out_nfserr;
2664        if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
2665                        FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
2666            (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2667                       FATTR4_WORD1_SPACE_TOTAL))) {
2668                err = vfs_statfs(&path, &statfs);
2669                if (err)
2670                        goto out_nfserr;
2671        }
2672        if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2673                tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2674                status = nfserr_jukebox;
2675                if (!tempfh)
2676                        goto out;
2677                fh_init(tempfh, NFS4_FHSIZE);
2678                status = fh_compose(tempfh, exp, dentry, NULL);
2679                if (status)
2680                        goto out;
2681                fhp = tempfh;
2682        }
2683        if (bmval0 & FATTR4_WORD0_ACL) {
2684                err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2685                if (err == -EOPNOTSUPP)
2686                        bmval0 &= ~FATTR4_WORD0_ACL;
2687                else if (err == -EINVAL) {
2688                        status = nfserr_attrnotsupp;
2689                        goto out;
2690                } else if (err != 0)
2691                        goto out_nfserr;
2692        }
2693
2694#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2695        if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) ||
2696             bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2697                if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
2698                        err = security_inode_getsecctx(d_inode(dentry),
2699                                                &context, &contextlen);
2700                else
2701                        err = -EOPNOTSUPP;
2702                contextsupport = (err == 0);
2703                if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2704                        if (err == -EOPNOTSUPP)
2705                                bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2706                        else if (err)
2707                                goto out_nfserr;
2708                }
2709        }
2710#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2711
2712        status = nfsd4_encode_bitmap(xdr, bmval0, bmval1, bmval2);
2713        if (status)
2714                goto out;
2715
2716        attrlen_offset = xdr->buf->len;
2717        p = xdr_reserve_space(xdr, 4);
2718        if (!p)
2719                goto out_resource;
2720        p++;                /* to be backfilled later */
2721
2722        if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2723                u32 supp[3];
2724
2725                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
2726
2727                if (!IS_POSIXACL(dentry->d_inode))
2728                        supp[0] &= ~FATTR4_WORD0_ACL;
2729                if (!contextsupport)
2730                        supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
2731                if (!supp[2]) {
2732                        p = xdr_reserve_space(xdr, 12);
2733                        if (!p)
2734                                goto out_resource;
2735                        *p++ = cpu_to_be32(2);
2736                        *p++ = cpu_to_be32(supp[0]);
2737                        *p++ = cpu_to_be32(supp[1]);
2738                } else {
2739                        p = xdr_reserve_space(xdr, 16);
2740                        if (!p)
2741                                goto out_resource;
2742                        *p++ = cpu_to_be32(3);
2743                        *p++ = cpu_to_be32(supp[0]);
2744                        *p++ = cpu_to_be32(supp[1]);
2745                        *p++ = cpu_to_be32(supp[2]);
2746                }
2747        }
2748        if (bmval0 & FATTR4_WORD0_TYPE) {
2749                p = xdr_reserve_space(xdr, 4);
2750                if (!p)
2751                        goto out_resource;
2752                dummy = nfs4_file_type(stat.mode);
2753                if (dummy == NF4BAD) {
2754                        status = nfserr_serverfault;
2755                        goto out;
2756                }
2757                *p++ = cpu_to_be32(dummy);
2758        }
2759        if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2760                p = xdr_reserve_space(xdr, 4);
2761                if (!p)
2762                        goto out_resource;
2763                if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2764                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
2765                else
2766                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
2767                                                NFS4_FH_VOL_RENAME);
2768        }
2769        if (bmval0 & FATTR4_WORD0_CHANGE) {
2770                p = xdr_reserve_space(xdr, 8);
2771                if (!p)
2772                        goto out_resource;
2773                p = encode_change(p, &stat, d_inode(dentry), exp);
2774        }
2775        if (bmval0 & FATTR4_WORD0_SIZE) {
2776                p = xdr_reserve_space(xdr, 8);
2777                if (!p)
2778                        goto out_resource;
2779                p = xdr_encode_hyper(p, stat.size);
2780        }
2781        if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2782                p = xdr_reserve_space(xdr, 4);
2783                if (!p)
2784                        goto out_resource;
2785                *p++ = cpu_to_be32(1);
2786        }
2787        if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2788                p = xdr_reserve_space(xdr, 4);
2789                if (!p)
2790                        goto out_resource;
2791                *p++ = cpu_to_be32(1);
2792        }
2793        if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2794                p = xdr_reserve_space(xdr, 4);
2795                if (!p)
2796                        goto out_resource;
2797                *p++ = cpu_to_be32(0);
2798        }
2799        if (bmval0 & FATTR4_WORD0_FSID) {
2800                p = xdr_reserve_space(xdr, 16);
2801                if (!p)
2802                        goto out_resource;
2803                if (exp->ex_fslocs.migrated) {
2804                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
2805                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
2806                } else switch(fsid_source(fhp)) {
2807                case FSIDSOURCE_FSID:
2808                        p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
2809                        p = xdr_encode_hyper(p, (u64)0);
2810                        break;
2811                case FSIDSOURCE_DEV:
2812                        *p++ = cpu_to_be32(0);
2813                        *p++ = cpu_to_be32(MAJOR(stat.dev));
2814                        *p++ = cpu_to_be32(0);
2815                        *p++ = cpu_to_be32(MINOR(stat.dev));
2816                        break;
2817                case FSIDSOURCE_UUID:
2818                        p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
2819                                                                EX_UUID_LEN);
2820                        break;
2821                }
2822        }
2823        if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2824                p = xdr_reserve_space(xdr, 4);
2825                if (!p)
2826                        goto out_resource;
2827                *p++ = cpu_to_be32(0);
2828        }
2829        if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2830                p = xdr_reserve_space(xdr, 4);
2831                if (!p)
2832                        goto out_resource;
2833                *p++ = cpu_to_be32(nn->nfsd4_lease);
2834        }
2835        if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2836                p = xdr_reserve_space(xdr, 4);
2837                if (!p)
2838                        goto out_resource;
2839                *p++ = cpu_to_be32(rdattr_err);
2840        }
2841        if (bmval0 & FATTR4_WORD0_ACL) {
2842                struct nfs4_ace *ace;
2843
2844                if (acl == NULL) {
2845                        p = xdr_reserve_space(xdr, 4);
2846                        if (!p)
2847                                goto out_resource;
2848
2849                        *p++ = cpu_to_be32(0);
2850                        goto out_acl;
2851                }
2852                p = xdr_reserve_space(xdr, 4);
2853                if (!p)
2854                        goto out_resource;
2855                *p++ = cpu_to_be32(acl->naces);
2856
2857                for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2858                        p = xdr_reserve_space(xdr, 4*3);
2859                        if (!p)
2860                                goto out_resource;
2861                        *p++ = cpu_to_be32(ace->type);
2862                        *p++ = cpu_to_be32(ace->flag);
2863                        *p++ = cpu_to_be32(ace->access_mask &
2864                                                        NFS4_ACE_MASK_ALL);
2865                        status = nfsd4_encode_aclname(xdr, rqstp, ace);
2866                        if (status)
2867                                goto out;
2868                }
2869        }
2870out_acl:
2871        if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2872                p = xdr_reserve_space(xdr, 4);
2873                if (!p)
2874                        goto out_resource;
2875                *p++ = cpu_to_be32(IS_POSIXACL(dentry->d_inode) ?
2876                        ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2877        }
2878        if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2879                p = xdr_reserve_space(xdr, 4);
2880                if (!p)
2881                        goto out_resource;
2882                *p++ = cpu_to_be32(1);
2883        }
2884        if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2885                p = xdr_reserve_space(xdr, 4);
2886                if (!p)
2887                        goto out_resource;
2888                *p++ = cpu_to_be32(0);
2889        }
2890        if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2891                p = xdr_reserve_space(xdr, 4);
2892                if (!p)
2893                        goto out_resource;
2894                *p++ = cpu_to_be32(1);
2895        }
2896        if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2897                p = xdr_reserve_space(xdr, 4);
2898                if (!p)
2899                        goto out_resource;
2900                *p++ = cpu_to_be32(1);
2901        }
2902        if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2903                p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
2904                if (!p)
2905                        goto out_resource;
2906                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
2907                                        fhp->fh_handle.fh_size);
2908        }
2909        if (bmval0 & FATTR4_WORD0_FILEID) {
2910                p = xdr_reserve_space(xdr, 8);
2911                if (!p)
2912                        goto out_resource;
2913                p = xdr_encode_hyper(p, stat.ino);
2914        }
2915        if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2916                p = xdr_reserve_space(xdr, 8);
2917                if (!p)
2918                        goto out_resource;
2919                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2920        }
2921        if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2922                p = xdr_reserve_space(xdr, 8);
2923                if (!p)
2924                        goto out_resource;
2925                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2926        }
2927        if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2928                p = xdr_reserve_space(xdr, 8);
2929                if (!p)
2930                        goto out_resource;
2931                p = xdr_encode_hyper(p, (u64) statfs.f_files);
2932        }
2933        if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2934                status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
2935                if (status)
2936                        goto out;
2937        }
2938        if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2939                p = xdr_reserve_space(xdr, 4);
2940                if (!p)
2941                        goto out_resource;
2942                *p++ = cpu_to_be32(1);
2943        }
2944        if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2945                p = xdr_reserve_space(xdr, 8);
2946                if (!p)
2947                        goto out_resource;
2948                p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
2949        }
2950        if (bmval0 & FATTR4_WORD0_MAXLINK) {
2951                p = xdr_reserve_space(xdr, 4);
2952                if (!p)
2953                        goto out_resource;
2954                *p++ = cpu_to_be32(255);
2955        }
2956        if (bmval0 & FATTR4_WORD0_MAXNAME) {
2957                p = xdr_reserve_space(xdr, 4);
2958                if (!p)
2959                        goto out_resource;
2960                *p++ = cpu_to_be32(statfs.f_namelen);
2961        }
2962        if (bmval0 & FATTR4_WORD0_MAXREAD) {
2963                p = xdr_reserve_space(xdr, 8);
2964                if (!p)
2965                        goto out_resource;
2966                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2967        }
2968        if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2969                p = xdr_reserve_space(xdr, 8);
2970                if (!p)
2971                        goto out_resource;
2972                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2973        }
2974        if (bmval1 & FATTR4_WORD1_MODE) {
2975                p = xdr_reserve_space(xdr, 4);
2976                if (!p)
2977                        goto out_resource;
2978                *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
2979        }
2980        if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2981                p = xdr_reserve_space(xdr, 4);
2982                if (!p)
2983                        goto out_resource;
2984                *p++ = cpu_to_be32(1);
2985        }
2986        if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2987                p = xdr_reserve_space(xdr, 4);
2988                if (!p)
2989                        goto out_resource;
2990                *p++ = cpu_to_be32(stat.nlink);
2991        }
2992        if (bmval1 & FATTR4_WORD1_OWNER) {
2993                status = nfsd4_encode_user(xdr, rqstp, stat.uid);
2994                if (status)
2995                        goto out;
2996        }
2997        if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2998                status = nfsd4_encode_group(xdr, rqstp, stat.gid);
2999                if (status)
3000                        goto out;

3001        }
3002        if (bmval1 & FATTR4_WORD1_RAWDEV) {
3003                p = xdr_reserve_space(xdr, 8);
3004                if (!p)
3005                        goto out_resource;
3006                *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
3007                *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
3008        }
3009        if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
3010                p = xdr_reserve_space(xdr, 8);
3011                if (!p)
3012                        goto out_resource;
3013                dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
3014                p = xdr_encode_hyper(p, dummy64);
3015        }
3016        if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
3017                p = xdr_reserve_space(xdr, 8);
3018                if (!p)
3019                        goto out_resource;
3020                dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
3021                p = xdr_encode_hyper(p, dummy64);
3022        }
3023        if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
3024                p = xdr_reserve_space(xdr, 8);
3025                if (!p)
3026                        goto out_resource;
3027                dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
3028                p = xdr_encode_hyper(p, dummy64);
3029        }
3030        if (bmval1 & FATTR4_WORD1_SPACE_USED) {
3031                p = xdr_reserve_space(xdr, 8);
3032                if (!p)
3033                        goto out_resource;
3034                dummy64 = (u64)stat.blocks << 9;
3035                p = xdr_encode_hyper(p, dummy64);
3036        }
3037        if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
3038                p = xdr_reserve_space(xdr, 12);
3039                if (!p)
3040                        goto out_resource;
3041                p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
3042                *p++ = cpu_to_be32(stat.atime.tv_nsec);
3043        }
3044        if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
3045                p = xdr_reserve_space(xdr, 12);
3046                if (!p)
3047                        goto out_resource;
3048                p = encode_time_delta(p, d_inode(dentry));
3049        }
3050        if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
3051                p = xdr_reserve_space(xdr, 12);
3052                if (!p)
3053                        goto out_resource;
3054                p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
3055                *p++ = cpu_to_be32(stat.ctime.tv_nsec);
3056        }
3057        if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
3058                p = xdr_reserve_space(xdr, 12);
3059                if (!p)
3060                        goto out_resource;
3061                p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
3062                *p++ = cpu_to_be32(stat.mtime.tv_nsec);
3063        }
3064        if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
3065                struct kstat parent_stat;
3066                u64 ino = stat.ino;
3067
3068                p = xdr_reserve_space(xdr, 8);
3069                if (!p)
3070                        goto out_resource;
3071                /*
3072                 * Get parent's attributes if not ignoring crossmount
3073                 * and this is the root of a cross-mounted filesystem.
3074                 */
3075                if (ignore_crossmnt == 0 &&
3076                    dentry == exp->ex_path.mnt->mnt_root) {
3077                        err = get_parent_attributes(exp, &parent_stat);
3078                        if (err)
3079                                goto out_nfserr;
3080                        ino = parent_stat.ino;
3081                }
3082                p = xdr_encode_hyper(p, ino);
3083        }
3084#ifdef CONFIG_NFSD_PNFS
3085        if (bmval1 & FATTR4_WORD1_FS_LAYOUT_TYPES) {
3086                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3087                if (status)
3088                        goto out;
3089        }
3090
3091        if (bmval2 & FATTR4_WORD2_LAYOUT_TYPES) {
3092                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3093                if (status)
3094                        goto out;
3095        }
3096
3097        if (bmval2 & FATTR4_WORD2_LAYOUT_BLKSIZE) {
3098                p = xdr_reserve_space(xdr, 4);
3099                if (!p)
3100                        goto out_resource;
3101                *p++ = cpu_to_be32(stat.blksize);
3102        }
3103#endif /* CONFIG_NFSD_PNFS */
3104        if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
3105                u32 supp[3];
3106
3107                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
3108                supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0;
3109                supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1;
3110                supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2;
3111
3112                status = nfsd4_encode_bitmap(xdr, supp[0], supp[1], supp[2]);
3113                if (status)
3114                        goto out;
3115        }
3116
3117#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3118        if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
3119                status = nfsd4_encode_security_label(xdr, rqstp, context,
3120                                                                contextlen);
3121                if (status)
3122                        goto out;
3123        }
3124#endif
3125
3126        if (bmval2 & FATTR4_WORD2_XATTR_SUPPORT) {
3127                p = xdr_reserve_space(xdr, 4);
3128                if (!p)
3129                        goto out_resource;
3130                err = xattr_supported_namespace(d_inode(dentry),
3131                                                XATTR_USER_PREFIX);
3132                *p++ = cpu_to_be32(err == 0);
3133        }
3134
3135        attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
3136        write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
3137        status = nfs_ok;
3138
3139out:
3140#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3141        if (context)
3142                security_release_secctx(context, contextlen);
3143#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
3144        kfree(acl);
3145        if (tempfh) {
3146                fh_put(tempfh);
3147                kfree(tempfh);
3148        }
3149        if (status)
3150                xdr_truncate_encode(xdr, starting_len);
3151        return status;
3152out_nfserr:
3153        status = nfserrno(err);
3154        goto out;
3155out_resource:
3156        status = nfserr_resource;
3157        goto out;
3158}
3159
3160static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
3161                                struct xdr_buf *buf, __be32 *p, int bytes)
3162{
3163        xdr->scratch.iov_len = 0;
3164        memset(buf, 0, sizeof(struct xdr_buf));
3165        buf->head[0].iov_base = p;
3166        buf->head[0].iov_len = 0;
3167        buf->len = 0;
3168        xdr->buf = buf;
3169        xdr->iov = buf->head;
3170        xdr->p = p;
3171        xdr->end = (void *)p + bytes;
3172        buf->buflen = bytes;
3173}
3174
3175__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
3176                        struct svc_fh *fhp, struct svc_export *exp,
3177                        struct dentry *dentry, u32 *bmval,
3178                        struct svc_rqst *rqstp, int ignore_crossmnt)
3179{
3180        struct xdr_buf dummy;
3181        struct xdr_stream xdr;
3182        __be32 ret;
3183
3184        svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
3185        ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
3186                                                        ignore_crossmnt);
3187        *p = xdr.p;
3188        return ret;
3189}
3190
3191static inline int attributes_need_mount(u32 *bmval)
3192{
3193        if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
3194                return 1;
3195        if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
3196                return 1;
3197        return 0;
3198}
3199
3200static __be32
3201nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
3202                        const char *name, int namlen)
3203{
3204        struct svc_export *exp = cd->rd_fhp->fh_export;
3205        struct dentry *dentry;
3206        __be32 nfserr;
3207        int ignore_crossmnt = 0;
3208
3209        dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
3210        if (IS_ERR(dentry))
3211                return nfserrno(PTR_ERR(dentry));
3212
3213        exp_get(exp);
3214        /*
3215         * In the case of a mountpoint, the client may be asking for
3216         * attributes that are only properties of the underlying filesystem
3217         * as opposed to the cross-mounted file system. In such a case,
3218         * we will not follow the cross mount and will fill the attribtutes
3219         * directly from the mountpoint dentry.
3220         */
3221        if (nfsd_mountpoint(dentry, exp)) {
3222                int err;
3223
3224                if (!(exp->ex_flags & NFSEXP_V4ROOT)
3225                                && !attributes_need_mount(cd->rd_bmval)) {
3226                        ignore_crossmnt = 1;
3227                        goto out_encode;
3228                }
3229                /*
3230                 * Why the heck aren't we just using nfsd_lookup??
3231                 * Different "."/".." handling?  Something else?
3232                 * At least, add a comment here to explain....
3233                 */
3234                err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
3235                if (err) {
3236                        nfserr = nfserrno(err);
3237                        goto out_put;
3238                }
3239                nfserr = check_nfsd_access(exp, cd->rd_rqstp);
3240                if (nfserr)
3241                        goto out_put;
3242
3243        }
3244out_encode:
3245        nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval,
3246                                        cd->rd_rqstp, ignore_crossmnt);
3247out_put:
3248        dput(dentry);
3249        exp_put(exp);
3250        return nfserr;
3251}
3252
3253static __be32 *
3254nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr)
3255{
3256        __be32 *p;
3257
3258        p = xdr_reserve_space(xdr, 20);
3259        if (!p)
3260                return NULL;
3261        *p++ = htonl(2);
3262        *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
3263        *p++ = htonl(0);                         /* bmval1 */
3264
3265        *p++ = htonl(4);     /* attribute length */
3266        *p++ = nfserr;       /* no htonl */
3267        return p;
3268}
3269
3270static int
3271nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
3272                    loff_t offset, u64 ino, unsigned int d_type)
3273{
3274        struct readdir_cd *ccd = ccdv;
3275        struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
3276        struct xdr_stream *xdr = cd->xdr;
3277        int start_offset = xdr->buf->len;
3278        int cookie_offset;
3279        u32 name_and_cookie;
3280        int entry_bytes;
3281        __be32 nfserr = nfserr_toosmall;
3282        __be64 wire_offset;
3283        __be32 *p;
3284
3285        /* In nfsv4, "." and ".." never make it onto the wire.. */
3286        if (name && isdotent(name, namlen)) {
3287                cd->common.err = nfs_ok;
3288                return 0;
3289        }
3290
3291        if (cd->cookie_offset) {
3292                wire_offset = cpu_to_be64(offset);
3293                write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset,
3294                                                        &wire_offset, 8);
3295        }
3296
3297        p = xdr_reserve_space(xdr, 4);
3298        if (!p)
3299                goto fail;
3300        *p++ = xdr_one;                             /* mark entry present */
3301        cookie_offset = xdr->buf->len;
3302        p = xdr_reserve_space(xdr, 3*4 + namlen);
3303        if (!p)
3304                goto fail;
3305        p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
3306        p = xdr_encode_array(p, name, namlen);      /* name length & name */
3307
3308        nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen);
3309        switch (nfserr) {
3310        case nfs_ok:
3311                break;
3312        case nfserr_resource:
3313                nfserr = nfserr_toosmall;
3314                goto fail;
3315        case nfserr_noent:
3316                xdr_truncate_encode(xdr, start_offset);
3317                goto skip_entry;
3318        default:
3319                /*
3320                 * If the client requested the RDATTR_ERROR attribute,
3321                 * we stuff the error code into this attribute
3322                 * and continue.  If this attribute was not requested,
3323                 * then in accordance with the spec, we fail the
3324                 * entire READDIR operation(!)
3325                 */
3326                if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
3327                        goto fail;
3328                p = nfsd4_encode_rdattr_error(xdr, nfserr);
3329                if (p == NULL) {
3330                        nfserr = nfserr_toosmall;
3331                        goto fail;
3332                }
3333        }
3334        nfserr = nfserr_toosmall;
3335        entry_bytes = xdr->buf->len - start_offset;
3336        if (entry_bytes > cd->rd_maxcount)
3337                goto fail;
3338        cd->rd_maxcount -= entry_bytes;
3339        /*
3340         * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so
3341         * let's always let through the first entry, at least:
3342         */
3343        if (!cd->rd_dircount)
3344                goto fail;
3345        name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8;
3346        if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
3347                goto fail;
3348        cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
3349
3350        cd->cookie_offset = cookie_offset;
3351skip_entry:
3352        cd->common.err = nfs_ok;
3353        return 0;
3354fail:
3355        xdr_truncate_encode(xdr, start_offset);
3356        cd->common.err = nfserr;
3357        return -EINVAL;
3358}
3359
3360static __be32
3361nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
3362{
3363        __be32 *p;
3364
3365        p = xdr_reserve_space(xdr, sizeof(stateid_t));
3366        if (!p)
3367                return nfserr_resource;
3368        *p++ = cpu_to_be32(sid->si_generation);
3369        p = xdr_encode_opaque_fixed(p, &sid->si_opaque,
3370                                        sizeof(stateid_opaque_t));
3371        return 0;
3372}
3373
3374static __be32
3375nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
3376{
3377        struct xdr_stream *xdr = &resp->xdr;
3378        __be32 *p;
3379
3380        p = xdr_reserve_space(xdr, 8);
3381        if (!p)
3382                return nfserr_resource;
3383        *p++ = cpu_to_be32(access->ac_supported);
3384        *p++ = cpu_to_be32(access->ac_resp_access);
3385        return 0;
3386}
3387
3388static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
3389{
3390        struct xdr_stream *xdr = &resp->xdr;
3391        __be32 *p;
3392
3393        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8);
3394        if (!p)
3395                return nfserr_resource;
3396        p = xdr_encode_opaque_fixed(p, bcts->sessionid.data,
3397                                        NFS4_MAX_SESSIONID_LEN);
3398        *p++ = cpu_to_be32(bcts->dir);
3399        /* Upshifting from TCP to RDMA is not supported */
3400        *p++ = cpu_to_be32(0);
3401        return 0;
3402}
3403
3404static __be32
3405nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
3406{
3407        struct xdr_stream *xdr = &resp->xdr;
3408
3409        return nfsd4_encode_stateid(xdr, &close->cl_stateid);
3410}
3411
3412
3413static __be32
3414nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
3415{
3416        struct xdr_stream *xdr = &resp->xdr;
3417        __be32 *p;
3418
3419        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3420        if (!p)
3421                return nfserr_resource;
3422        p = xdr_encode_opaque_fixed(p, commit->co_verf.data,
3423                                                NFS4_VERIFIER_SIZE);
3424        return 0;
3425}
3426
3427static __be32
3428nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
3429{
3430        struct xdr_stream *xdr = &resp->xdr;
3431        __be32 *p;
3432
3433        p = xdr_reserve_space(xdr, 20);
3434        if (!p)
3435                return nfserr_resource;
3436        encode_cinfo(p, &create->cr_cinfo);
3437        return nfsd4_encode_bitmap(xdr, create->cr_bmval[0],
3438                        create->cr_bmval[1], create->cr_bmval[2]);
3439}
3440
3441static __be32
3442nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
3443{
3444        struct svc_fh *fhp = getattr->ga_fhp;
3445        struct xdr_stream *xdr = &resp->xdr;
3446
3447        return nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry,
3448                                    getattr->ga_bmval, resp->rqstp, 0);
3449}
3450
3451static __be32
3452nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
3453{
3454        struct xdr_stream *xdr = &resp->xdr;
3455        struct svc_fh *fhp = *fhpp;
3456        unsigned int len;
3457        __be32 *p;
3458
3459        len = fhp->fh_handle.fh_size;
3460        p = xdr_reserve_space(xdr, len + 4);
3461        if (!p)
3462                return nfserr_resource;
3463        p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base, len);
3464        return 0;
3465}
3466
3467/*
3468* Including all fields other than the name, a LOCK4denied structure requires
3469*   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
3470*/
3471static __be32
3472nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
3473{
3474        struct xdr_netobj *conf = &ld->ld_owner;
3475        __be32 *p;
3476
3477again:
3478        p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len));
3479        if (!p) {
3480                /*
3481                 * Don't fail to return the result just because we can't
3482                 * return the conflicting open:
3483                 */
3484                if (conf->len) {
3485                        kfree(conf->data);
3486                        conf->len = 0;
3487                        conf->data = NULL;
3488                        goto again;
3489                }
3490                return nfserr_resource;
3491        }
3492        p = xdr_encode_hyper(p, ld->ld_start);
3493        p = xdr_encode_hyper(p, ld->ld_length);
3494        *p++ = cpu_to_be32(ld->ld_type);
3495        if (conf->len) {
3496                p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8);
3497                p = xdr_encode_opaque(p, conf->data, conf->len);
3498                kfree(conf->data);
3499        }  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
3500                p = xdr_encode_hyper(p, (u64)0); /* clientid */
3501                *p++ = cpu_to_be32(0); /* length of owner name */
3502        }
3503        return nfserr_denied;
3504}
3505
3506static __be32
3507nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
3508{
3509        struct xdr_stream *xdr = &resp->xdr;
3510
3511        if (!nfserr)
3512                nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid);
3513        else if (nfserr == nfserr_denied)
3514                nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied);
3515
3516        return nfserr;
3517}
3518
3519static __be32
3520nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
3521{
3522        struct xdr_stream *xdr = &resp->xdr;
3523
3524        if (nfserr == nfserr_denied)
3525                nfsd4_encode_lock_denied(xdr, &lockt->lt_denied);
3526        return nfserr;
3527}
3528
3529static __be32
3530nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
3531{
3532        struct xdr_stream *xdr = &resp->xdr;
3533
3534        return nfsd4_encode_stateid(xdr, &locku->lu_stateid);
3535}
3536
3537
3538static __be32
3539nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
3540{
3541        struct xdr_stream *xdr = &resp->xdr;
3542        __be32 *p;
3543
3544        p = xdr_reserve_space(xdr, 20);
3545        if (!p)
3546                return nfserr_resource;
3547        p = encode_cinfo(p, &link->li_cinfo);
3548        return 0;
3549}
3550
3551
3552static __be32
3553nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
3554{
3555        struct xdr_stream *xdr = &resp->xdr;
3556        __be32 *p;
3557
3558        nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid);
3559        if (nfserr)
3560                return nfserr;
3561        p = xdr_reserve_space(xdr, 24);
3562        if (!p)
3563                return nfserr_resource;
3564        p = encode_cinfo(p, &open->op_cinfo);
3565        *p++ = cpu_to_be32(open->op_rflags);
3566
3567        nfserr = nfsd4_encode_bitmap(xdr, open->op_bmval[0], open->op_bmval[1],
3568                                        open->op_bmval[2]);
3569        if (nfserr)
3570                return nfserr;
3571
3572        p = xdr_reserve_space(xdr, 4);
3573        if (!p)
3574                return nfserr_resource;
3575
3576        *p++ = cpu_to_be32(open->op_delegate_type);
3577        switch (open->op_delegate_type) {
3578        case NFS4_OPEN_DELEGATE_NONE:
3579                break;
3580        case NFS4_OPEN_DELEGATE_READ:
3581                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3582                if (nfserr)
3583                        return nfserr;
3584                p = xdr_reserve_space(xdr, 20);
3585                if (!p)
3586                        return nfserr_resource;
3587                *p++ = cpu_to_be32(open->op_recall);
3588
3589                /*
3590                 * TODO: ACE's in delegations
3591                 */
3592                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3593                *p++ = cpu_to_be32(0);
3594                *p++ = cpu_to_be32(0);
3595                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3596                break;
3597        case NFS4_OPEN_DELEGATE_WRITE:
3598                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3599                if (nfserr)
3600                        return nfserr;
3601                p = xdr_reserve_space(xdr, 32);
3602                if (!p)
3603                        return nfserr_resource;
3604                *p++ = cpu_to_be32(0);
3605
3606                /*
3607                 * TODO: space_limit's in delegations
3608                 */
3609                *p++ = cpu_to_be32(NFS4_LIMIT_SIZE);
3610                *p++ = cpu_to_be32(~(u32)0);
3611                *p++ = cpu_to_be32(~(u32)0);
3612
3613                /*
3614                 * TODO: ACE's in delegations
3615                 */
3616                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3617                *p++ = cpu_to_be32(0);
3618                *p++ = cpu_to_be32(0);
3619                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3620                break;
3621        case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
3622                switch (open->op_why_no_deleg) {
3623                case WND4_CONTENTION:
3624                case WND4_RESOURCE:
3625                        p = xdr_reserve_space(xdr, 8);
3626                        if (!p)
3627                                return nfserr_resource;
3628                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3629                        /* deleg signaling not supported yet: */
3630                        *p++ = cpu_to_be32(0);
3631                        break;
3632                default:
3633                        p = xdr_reserve_space(xdr, 4);
3634                        if (!p)
3635                                return nfserr_resource;
3636                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3637                }
3638                break;
3639        default:
3640                BUG();
3641        }
3642        /* XXX save filehandle here */
3643        return 0;
3644}
3645
3646static __be32
3647nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
3648{
3649        struct xdr_stream *xdr = &resp->xdr;
3650
3651        return nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid);
3652}
3653
3654static __be32
3655nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
3656{
3657        struct xdr_stream *xdr = &resp->xdr;
3658
3659        return nfsd4_encode_stateid(xdr, &od->od_stateid);
3660}
3661
3662static __be32 nfsd4_encode_splice_read(
3663                                struct nfsd4_compoundres *resp,
3664                                struct nfsd4_read *read,
3665                                struct file *file, unsigned long maxcount)
3666{
3667        struct xdr_stream *xdr = &resp->xdr;
3668        struct xdr_buf *buf = xdr->buf;
3669        int status, space_left;
3670        u32 eof;
3671        __be32 nfserr;
3672        __be32 *p = xdr->p - 2;
3673
3674        /* Make sure there will be room for padding if needed */
3675        if (xdr->end - xdr->p < 1)
3676                return nfserr_resource;
3677
3678        nfserr = nfsd_splice_read(read->rd_rqstp, read->rd_fhp,
3679                                  file, read->rd_offset, &maxcount, &eof);
3680        read->rd_length = maxcount;
3681        if (nfserr)
3682                goto out_err;
3683        status = svc_encode_result_payload(read->rd_rqstp,
3684                                           buf->head[0].iov_len, maxcount);
3685        if (status) {
3686                nfserr = nfserrno(status);
3687                goto out_err;
3688        }
3689
3690        *(p++) = htonl(eof);
3691        *(p++) = htonl(maxcount);
3692
3693        buf->page_len = maxcount;
3694        buf->len += maxcount;
3695        xdr->page_ptr += (buf->page_base + maxcount + PAGE_SIZE - 1)
3696                                                        / PAGE_SIZE;
3697
3698        /* Use rest of head for padding and remaining ops: */
3699        buf->tail[0].iov_base = xdr->p;
3700        buf->tail[0].iov_len = 0;
3701        xdr->iov = buf->tail;
3702        if (maxcount&3) {
3703                int pad = 4 - (maxcount&3);
3704
3705                *(xdr->p++) = 0;
3706
3707                buf->tail[0].iov_base += maxcount&3;
3708                buf->tail[0].iov_len = pad;
3709                buf->len += pad;
3710        }
3711
3712        space_left = min_t(int, (void *)xdr->end - (void *)xdr->p,
3713                                buf->buflen - buf->len);
3714        buf->buflen = buf->len + space_left;
3715        xdr->end = (__be32 *)((void *)xdr->end + space_left);
3716
3717        return 0;
3718
3719out_err:
3720        /*
3721         * nfsd_splice_actor may have already messed with the
3722         * page length; reset it so as not to confuse
3723         * xdr_truncate_encode in our caller.
3724         */
3725        buf->page_len = 0;
3726        return nfserr;
3727}
3728
3729static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
3730                                 struct nfsd4_read *read,
3731                                 struct file *file, unsigned long maxcount)
3732{
3733        struct xdr_stream *xdr = &resp->xdr;
3734        u32 eof;
3735        int starting_len = xdr->buf->len - 8;
3736        __be32 nfserr;
3737        __be32 tmp;
3738        int pad;
3739
3740        read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, maxcount);
3741        if (read->rd_vlen < 0)
3742                return nfserr_resource;
3743
3744        nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
3745                            resp->rqstp->rq_vec, read->rd_vlen, &maxcount,
3746                            &eof);
3747        read->rd_length = maxcount;
3748        if (nfserr)
3749                return nfserr;
3750        if (svc_encode_result_payload(resp->rqstp, starting_len + 8, maxcount))
3751                return nfserr_io;
3752        xdr_truncate_encode(xdr, starting_len + 8 + xdr_align_size(maxcount));
3753
3754        tmp = htonl(eof);
3755        write_bytes_to_xdr_buf(xdr->buf, starting_len    , &tmp, 4);
3756        tmp = htonl(maxcount);
3757        write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3758
3759        tmp = xdr_zero;
3760        pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3761        write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3762                                                                &tmp, pad);
3763        return 0;
3764
3765}
3766
3767static __be32
3768nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
3769                  struct nfsd4_read *read)
3770{
3771        unsigned long maxcount;
3772        struct xdr_stream *xdr = &resp->xdr;
3773        struct file *file = read->rd_filp;
3774        int starting_len = xdr->buf->len;
3775        struct raparms *ra = NULL;
3776        __be32 *p;
3777
3778        p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3779        if (!p) {
3780                WARN_ON_ONCE(test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags));
3781                return nfserr_resource;
3782        }
3783        if (resp->xdr.buf->page_len &&
3784            test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
3785                WARN_ON_ONCE(1);
3786                return nfserr_resource;
3787        }
3788        xdr_commit_encode(xdr);
3789
3790        maxcount = svc_max_payload(resp->rqstp);
3791        maxcount = min_t(unsigned long, maxcount,
3792                         (xdr->buf->buflen - xdr->buf->len));
3793        maxcount = min_t(unsigned long, maxcount, read->rd_length);
3794
3795        if (read->rd_tmp_file)
3796                ra = nfsd_init_raparms(file);
3797
3798        if (file->f_op->splice_read &&
3799            test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags))
3800                nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount);
3801        else
3802                nfserr = nfsd4_encode_readv(resp, read, file, maxcount);
3803
3804        if (ra)
3805                nfsd_put_raparams(file, ra);
3806
3807        if (nfserr)
3808                xdr_truncate_encode(xdr, starting_len);
3809
3810        return nfserr;
3811}
3812
3813static __be32
3814nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
3815{
3816        int maxcount;
3817        __be32 wire_count;
3818        int zero = 0;
3819        struct xdr_stream *xdr = &resp->xdr;
3820        int length_offset = xdr->buf->len;
3821        int status;
3822        __be32 *p;
3823
3824        p = xdr_reserve_space(xdr, 4);
3825        if (!p)
3826                return nfserr_resource;
3827        maxcount = PAGE_SIZE;
3828
3829        p = xdr_reserve_space(xdr, maxcount);
3830        if (!p)
3831                return nfserr_resource;
3832        /*
3833         * XXX: By default, vfs_readlink() will truncate symlinks if they
3834         * would overflow the buffer.  Is this kosher in NFSv4?  If not, one
3835         * easy fix is: if vfs_readlink() precisely fills the buffer, assume
3836         * that truncation occurred, and return NFS4ERR_RESOURCE.
3837         */
3838        nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp,
3839                                                (char *)p, &maxcount);
3840        if (nfserr == nfserr_isdir)
3841                nfserr = nfserr_inval;
3842        if (nfserr)
3843                goto out_err;
3844        status = svc_encode_result_payload(readlink->rl_rqstp, length_offset,
3845                                           maxcount);
3846        if (status) {
3847                nfserr = nfserrno(status);
3848                goto out_err;
3849        }
3850
3851        wire_count = htonl(maxcount);
3852        write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4);
3853        xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4));
3854        if (maxcount & 3)
3855                write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount,
3856                                                &zero, 4 - (maxcount&3));
3857        return 0;
3858
3859out_err:
3860        xdr_truncate_encode(xdr, length_offset);
3861        return nfserr;
3862}
3863
3864static __be32
3865nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3866{
3867        int maxcount;
3868        int bytes_left;
3869        loff_t offset;
3870        __be64 wire_offset;
3871        struct xdr_stream *xdr = &resp->xdr;
3872        int starting_len = xdr->buf->len;
3873        __be32 *p;
3874
3875        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3876        if (!p)
3877                return nfserr_resource;
3878
3879        /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3880        *p++ = cpu_to_be32(0);
3881        *p++ = cpu_to_be32(0);
3882        resp->xdr.buf->head[0].iov_len = ((char *)resp->xdr.p)
3883                                - (char *)resp->xdr.buf->head[0].iov_base;
3884
3885        /*
3886         * Number of bytes left for directory entries allowing for the
3887         * final 8 bytes of the readdir and a following failed op:
3888         */
3889        bytes_left = xdr->buf->buflen - xdr->buf->len
3890                        - COMPOUND_ERR_SLACK_SPACE - 8;
3891        if (bytes_left < 0) {
3892                nfserr = nfserr_resource;
3893                goto err_no_verf;
3894        }
3895        maxcount = svc_max_payload(resp->rqstp);
3896        maxcount = min_t(u32, readdir->rd_maxcount, maxcount);
3897        /*
3898         * Note the rfc defines rd_maxcount as the size of the
3899         * READDIR4resok structure, which includes the verifier above
3900         * and the 8 bytes encoded at the end of this function:
3901         */
3902        if (maxcount < 16) {
3903                nfserr = nfserr_toosmall;
3904                goto err_no_verf;
3905        }
3906        maxcount = min_t(int, maxcount-16, bytes_left);
3907
3908        /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
3909        if (!readdir->rd_dircount)
3910                readdir->rd_dircount = svc_max_payload(resp->rqstp);
3911
3912        readdir->xdr = xdr;
3913        readdir->rd_maxcount = maxcount;
3914        readdir->common.err = 0;
3915        readdir->cookie_offset = 0;
3916
3917        offset = readdir->rd_cookie;
3918        nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3919                              &offset,
3920                              &readdir->common, nfsd4_encode_dirent);
3921        if (nfserr == nfs_ok &&
3922            readdir->common.err == nfserr_toosmall &&
3923            xdr->buf->len == starting_len + 8) {
3924                /* nothing encoded; which limit did we hit?: */
3925                if (maxcount - 16 < bytes_left)
3926                        /* It was the fault of rd_maxcount: */
3927                        nfserr = nfserr_toosmall;
3928                else
3929                        /* We ran out of buffer space: */
3930                        nfserr = nfserr_resource;
3931        }
3932        if (nfserr)
3933                goto err_no_verf;
3934
3935        if (readdir->cookie_offset) {
3936                wire_offset = cpu_to_be64(offset);
3937                write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset,
3938                                                        &wire_offset, 8);
3939        }
3940
3941        p = xdr_reserve_space(xdr, 8);
3942        if (!p) {
3943                WARN_ON_ONCE(1);
3944                goto err_no_verf;
3945        }
3946        *p++ = 0;       /* no more entries */
3947        *p++ = htonl(readdir->common.err == nfserr_eof);
3948
3949        return 0;
3950err_no_verf:
3951        xdr_truncate_encode(xdr, starting_len);
3952        return nfserr;
3953}
3954
3955static __be32
3956nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3957{
3958        struct xdr_stream *xdr = &resp->xdr;
3959        __be32 *p;
3960
3961        p = xdr_reserve_space(xdr, 20);
3962        if (!p)
3963                return nfserr_resource;
3964        p = encode_cinfo(p, &remove->rm_cinfo);
3965        return 0;
3966}
3967
3968static __be32
3969nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3970{
3971        struct xdr_stream *xdr = &resp->xdr;
3972        __be32 *p;
3973
3974        p = xdr_reserve_space(xdr, 40);
3975        if (!p)
3976                return nfserr_resource;
3977        p = encode_cinfo(p, &rename->rn_sinfo);
3978        p = encode_cinfo(p, &rename->rn_tinfo);
3979        return 0;
3980}
3981
3982static __be32
3983nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
3984{
3985        u32 i, nflavs, supported;
3986        struct exp_flavor_info *flavs;
3987        struct exp_flavor_info def_flavs[2];
3988        __be32 *p, *flavorsp;
3989        static bool report = true;
3990
3991        if (exp->ex_nflavors) {
3992                flavs = exp->ex_flavors;
3993                nflavs = exp->ex_nflavors;
3994        } else { /* Handling of some defaults in absence of real secinfo: */
3995                flavs = def_flavs;
3996                if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3997                        nflavs = 2;
3998                        flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3999                        flavs[1].pseudoflavor = RPC_AUTH_NULL;
4000                } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {

4001                        nflavs = 1;
4002                        flavs[0].pseudoflavor
4003                                        = svcauth_gss_flavor(exp->ex_client);
4004                } else {
4005                        nflavs = 1;
4006                        flavs[0].pseudoflavor
4007                                        = exp->ex_client->flavour->flavour;
4008                }
4009        }
4010
4011        supported = 0;
4012        p = xdr_reserve_space(xdr, 4);
4013        if (!p)
4014                return nfserr_resource;
4015        flavorsp = p++;         /* to be backfilled later */
4016
4017        for (i = 0; i < nflavs; i++) {
4018                rpc_authflavor_t pf = flavs[i].pseudoflavor;
4019                struct rpcsec_gss_info info;
4020
4021                if (rpcauth_get_gssinfo(pf, &info) == 0) {
4022                        supported++;
4023                        p = xdr_reserve_space(xdr, 4 + 4 +
4024                                              XDR_LEN(info.oid.len) + 4 + 4);
4025                        if (!p)
4026                                return nfserr_resource;
4027                        *p++ = cpu_to_be32(RPC_AUTH_GSS);
4028                        p = xdr_encode_opaque(p,  info.oid.data, info.oid.len);
4029                        *p++ = cpu_to_be32(info.qop);
4030                        *p++ = cpu_to_be32(info.service);
4031                } else if (pf < RPC_AUTH_MAXFLAVOR) {
4032                        supported++;
4033                        p = xdr_reserve_space(xdr, 4);
4034                        if (!p)
4035                                return nfserr_resource;
4036                        *p++ = cpu_to_be32(pf);
4037                } else {
4038                        if (report)
4039                                pr_warn("NFS: SECINFO: security flavor %u "
4040                                        "is not supported\n", pf);
4041                }
4042        }
4043
4044        if (nflavs != supported)
4045                report = false;
4046        *flavorsp = htonl(supported);
4047        return 0;
4048}
4049
4050static __be32
4051nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4052                     struct nfsd4_secinfo *secinfo)
4053{
4054        struct xdr_stream *xdr = &resp->xdr;
4055
4056        return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp);
4057}
4058
4059static __be32
4060nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
4061                     struct nfsd4_secinfo_no_name *secinfo)
4062{
4063        struct xdr_stream *xdr = &resp->xdr;
4064
4065        return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp);
4066}
4067
4068/*
4069 * The SETATTR encode routine is special -- it always encodes a bitmap,
4070 * regardless of the error status.
4071 */
4072static __be32
4073nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
4074{
4075        struct xdr_stream *xdr = &resp->xdr;
4076        __be32 *p;
4077
4078        p = xdr_reserve_space(xdr, 16);
4079        if (!p)
4080                return nfserr_resource;
4081        if (nfserr) {
4082                *p++ = cpu_to_be32(3);
4083                *p++ = cpu_to_be32(0);
4084                *p++ = cpu_to_be32(0);
4085                *p++ = cpu_to_be32(0);
4086        }
4087        else {
4088                *p++ = cpu_to_be32(3);
4089                *p++ = cpu_to_be32(setattr->sa_bmval[0]);
4090                *p++ = cpu_to_be32(setattr->sa_bmval[1]);
4091                *p++ = cpu_to_be32(setattr->sa_bmval[2]);
4092        }
4093        return nfserr;
4094}
4095
4096static __be32
4097nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
4098{
4099        struct xdr_stream *xdr = &resp->xdr;
4100        __be32 *p;
4101
4102        if (!nfserr) {
4103                p = xdr_reserve_space(xdr, 8 + NFS4_VERIFIER_SIZE);
4104                if (!p)
4105                        return nfserr_resource;
4106                p = xdr_encode_opaque_fixed(p, &scd->se_clientid, 8);
4107                p = xdr_encode_opaque_fixed(p, &scd->se_confirm,
4108                                                NFS4_VERIFIER_SIZE);
4109        }
4110        else if (nfserr == nfserr_clid_inuse) {
4111                p = xdr_reserve_space(xdr, 8);
4112                if (!p)
4113                        return nfserr_resource;
4114                *p++ = cpu_to_be32(0);
4115                *p++ = cpu_to_be32(0);
4116        }
4117        return nfserr;
4118}
4119
4120static __be32
4121nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
4122{
4123        struct xdr_stream *xdr = &resp->xdr;
4124        __be32 *p;
4125
4126        p = xdr_reserve_space(xdr, 16);
4127        if (!p)
4128                return nfserr_resource;
4129        *p++ = cpu_to_be32(write->wr_bytes_written);
4130        *p++ = cpu_to_be32(write->wr_how_written);
4131        p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4132                                                NFS4_VERIFIER_SIZE);
4133        return 0;
4134}
4135
4136static __be32
4137nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
4138                         struct nfsd4_exchange_id *exid)
4139{
4140        struct xdr_stream *xdr = &resp->xdr;
4141        __be32 *p;
4142        char *major_id;
4143        char *server_scope;
4144        int major_id_sz;
4145        int server_scope_sz;
4146        uint64_t minor_id = 0;
4147        struct nfsd_net *nn = net_generic(SVC_NET(resp->rqstp), nfsd_net_id);
4148
4149        major_id = nn->nfsd_name;
4150        major_id_sz = strlen(nn->nfsd_name);
4151        server_scope = nn->nfsd_name;
4152        server_scope_sz = strlen(nn->nfsd_name);
4153
4154        p = xdr_reserve_space(xdr,
4155                8 /* eir_clientid */ +
4156                4 /* eir_sequenceid */ +
4157                4 /* eir_flags */ +
4158                4 /* spr_how */);
4159        if (!p)
4160                return nfserr_resource;
4161
4162        p = xdr_encode_opaque_fixed(p, &exid->clientid, 8);
4163        *p++ = cpu_to_be32(exid->seqid);
4164        *p++ = cpu_to_be32(exid->flags);
4165
4166        *p++ = cpu_to_be32(exid->spa_how);
4167
4168        switch (exid->spa_how) {
4169        case SP4_NONE:
4170                break;
4171        case SP4_MACH_CRED:
4172                /* spo_must_enforce bitmap: */
4173                nfserr = nfsd4_encode_bitmap(xdr,
4174                                        exid->spo_must_enforce[0],
4175                                        exid->spo_must_enforce[1],
4176                                        exid->spo_must_enforce[2]);
4177                if (nfserr)
4178                        return nfserr;
4179                /* spo_must_allow bitmap: */
4180                nfserr = nfsd4_encode_bitmap(xdr,
4181                                        exid->spo_must_allow[0],
4182                                        exid->spo_must_allow[1],
4183                                        exid->spo_must_allow[2]);
4184                if (nfserr)
4185                        return nfserr;
4186                break;
4187        default:
4188                WARN_ON_ONCE(1);
4189        }
4190
4191        p = xdr_reserve_space(xdr,
4192                8 /* so_minor_id */ +
4193                4 /* so_major_id.len */ +
4194                (XDR_QUADLEN(major_id_sz) * 4) +
4195                4 /* eir_server_scope.len */ +
4196                (XDR_QUADLEN(server_scope_sz) * 4) +
4197                4 /* eir_server_impl_id.count (0) */);
4198        if (!p)
4199                return nfserr_resource;
4200
4201        /* The server_owner struct */
4202        p = xdr_encode_hyper(p, minor_id);      /* Minor id */
4203        /* major id */
4204        p = xdr_encode_opaque(p, major_id, major_id_sz);
4205
4206        /* Server scope */
4207        p = xdr_encode_opaque(p, server_scope, server_scope_sz);
4208
4209        /* Implementation id */
4210        *p++ = cpu_to_be32(0);  /* zero length nfs_impl_id4 array */
4211        return 0;
4212}
4213
4214static __be32
4215nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
4216                            struct nfsd4_create_session *sess)
4217{
4218        struct xdr_stream *xdr = &resp->xdr;
4219        __be32 *p;
4220
4221        p = xdr_reserve_space(xdr, 24);
4222        if (!p)
4223                return nfserr_resource;
4224        p = xdr_encode_opaque_fixed(p, sess->sessionid.data,
4225                                        NFS4_MAX_SESSIONID_LEN);
4226        *p++ = cpu_to_be32(sess->seqid);
4227        *p++ = cpu_to_be32(sess->flags);
4228
4229        p = xdr_reserve_space(xdr, 28);
4230        if (!p)
4231                return nfserr_resource;
4232        *p++ = cpu_to_be32(0); /* headerpadsz */
4233        *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz);
4234        *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz);
4235        *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached);
4236        *p++ = cpu_to_be32(sess->fore_channel.maxops);
4237        *p++ = cpu_to_be32(sess->fore_channel.maxreqs);
4238        *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs);
4239
4240        if (sess->fore_channel.nr_rdma_attrs) {
4241                p = xdr_reserve_space(xdr, 4);
4242                if (!p)
4243                        return nfserr_resource;
4244                *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs);
4245        }
4246
4247        p = xdr_reserve_space(xdr, 28);
4248        if (!p)
4249                return nfserr_resource;
4250        *p++ = cpu_to_be32(0); /* headerpadsz */
4251        *p++ = cpu_to_be32(sess->back_channel.maxreq_sz);
4252        *p++ = cpu_to_be32(sess->back_channel.maxresp_sz);
4253        *p++ = cpu_to_be32(sess->back_channel.maxresp_cached);
4254        *p++ = cpu_to_be32(sess->back_channel.maxops);
4255        *p++ = cpu_to_be32(sess->back_channel.maxreqs);
4256        *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs);
4257
4258        if (sess->back_channel.nr_rdma_attrs) {
4259                p = xdr_reserve_space(xdr, 4);
4260                if (!p)
4261                        return nfserr_resource;
4262                *p++ = cpu_to_be32(sess->back_channel.rdma_attrs);
4263        }
4264        return 0;
4265}
4266
4267static __be32
4268nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
4269                      struct nfsd4_sequence *seq)
4270{
4271        struct xdr_stream *xdr = &resp->xdr;
4272        __be32 *p;
4273
4274        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20);
4275        if (!p)
4276                return nfserr_resource;
4277        p = xdr_encode_opaque_fixed(p, seq->sessionid.data,
4278                                        NFS4_MAX_SESSIONID_LEN);
4279        *p++ = cpu_to_be32(seq->seqid);
4280        *p++ = cpu_to_be32(seq->slotid);
4281        /* Note slotid's are numbered from zero: */
4282        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */
4283        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */
4284        *p++ = cpu_to_be32(seq->status_flags);
4285
4286        resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */
4287        return 0;
4288}
4289
4290static __be32
4291nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
4292                          struct nfsd4_test_stateid *test_stateid)
4293{
4294        struct xdr_stream *xdr = &resp->xdr;
4295        struct nfsd4_test_stateid_id *stateid, *next;
4296        __be32 *p;
4297
4298        p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids));
4299        if (!p)
4300                return nfserr_resource;
4301        *p++ = htonl(test_stateid->ts_num_ids);
4302
4303        list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
4304                *p++ = stateid->ts_id_status;
4305        }
4306
4307        return 0;
4308}
4309
4310#ifdef CONFIG_NFSD_PNFS
4311static __be32
4312nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4313                struct nfsd4_getdeviceinfo *gdev)
4314{
4315        struct xdr_stream *xdr = &resp->xdr;
4316        const struct nfsd4_layout_ops *ops;
4317        u32 starting_len = xdr->buf->len, needed_len;
4318        __be32 *p;
4319
4320        p = xdr_reserve_space(xdr, 4);
4321        if (!p)
4322                return nfserr_resource;
4323
4324        *p++ = cpu_to_be32(gdev->gd_layout_type);
4325
4326        /* If maxcount is 0 then just update notifications */
4327        if (gdev->gd_maxcount != 0) {
4328                ops = nfsd4_layout_ops[gdev->gd_layout_type];
4329                nfserr = ops->encode_getdeviceinfo(xdr, gdev);
4330                if (nfserr) {
4331                        /*
4332                         * We don't bother to burden the layout drivers with
4333                         * enforcing gd_maxcount, just tell the client to
4334                         * come back with a bigger buffer if it's not enough.
4335                         */
4336                        if (xdr->buf->len + 4 > gdev->gd_maxcount)
4337                                goto toosmall;
4338                        return nfserr;
4339                }
4340        }
4341
4342        if (gdev->gd_notify_types) {
4343                p = xdr_reserve_space(xdr, 4 + 4);
4344                if (!p)
4345                        return nfserr_resource;
4346                *p++ = cpu_to_be32(1);                  /* bitmap length */
4347                *p++ = cpu_to_be32(gdev->gd_notify_types);
4348        } else {
4349                p = xdr_reserve_space(xdr, 4);
4350                if (!p)
4351                        return nfserr_resource;
4352                *p++ = 0;
4353        }
4354
4355        return 0;
4356toosmall:
4357        dprintk("%s: maxcount too small\n", __func__);
4358        needed_len = xdr->buf->len + 4 /* notifications */;
4359        xdr_truncate_encode(xdr, starting_len);
4360        p = xdr_reserve_space(xdr, 4);
4361        if (!p)
4362                return nfserr_resource;
4363        *p++ = cpu_to_be32(needed_len);
4364        return nfserr_toosmall;
4365}
4366
4367static __be32
4368nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr,
4369                struct nfsd4_layoutget *lgp)
4370{
4371        struct xdr_stream *xdr = &resp->xdr;
4372        const struct nfsd4_layout_ops *ops;
4373        __be32 *p;
4374
4375        p = xdr_reserve_space(xdr, 36 + sizeof(stateid_opaque_t));
4376        if (!p)
4377                return nfserr_resource;
4378
4379        *p++ = cpu_to_be32(1);  /* we always set return-on-close */
4380        *p++ = cpu_to_be32(lgp->lg_sid.si_generation);
4381        p = xdr_encode_opaque_fixed(p, &lgp->lg_sid.si_opaque,
4382                                    sizeof(stateid_opaque_t));
4383
4384        *p++ = cpu_to_be32(1);  /* we always return a single layout */
4385        p = xdr_encode_hyper(p, lgp->lg_seg.offset);
4386        p = xdr_encode_hyper(p, lgp->lg_seg.length);
4387        *p++ = cpu_to_be32(lgp->lg_seg.iomode);
4388        *p++ = cpu_to_be32(lgp->lg_layout_type);
4389
4390        ops = nfsd4_layout_ops[lgp->lg_layout_type];
4391        return ops->encode_layoutget(xdr, lgp);
4392}
4393
4394static __be32
4395nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr,
4396                          struct nfsd4_layoutcommit *lcp)
4397{
4398        struct xdr_stream *xdr = &resp->xdr;
4399        __be32 *p;
4400
4401        p = xdr_reserve_space(xdr, 4);
4402        if (!p)
4403                return nfserr_resource;
4404        *p++ = cpu_to_be32(lcp->lc_size_chg);
4405        if (lcp->lc_size_chg) {
4406                p = xdr_reserve_space(xdr, 8);
4407                if (!p)
4408                        return nfserr_resource;
4409                p = xdr_encode_hyper(p, lcp->lc_newsize);
4410        }
4411
4412        return 0;
4413}
4414
4415static __be32
4416nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr,
4417                struct nfsd4_layoutreturn *lrp)
4418{
4419        struct xdr_stream *xdr = &resp->xdr;
4420        __be32 *p;
4421
4422        p = xdr_reserve_space(xdr, 4);
4423        if (!p)
4424                return nfserr_resource;
4425        *p++ = cpu_to_be32(lrp->lrs_present);
4426        if (lrp->lrs_present)
4427                return nfsd4_encode_stateid(xdr, &lrp->lr_sid);
4428        return 0;
4429}
4430#endif /* CONFIG_NFSD_PNFS */
4431
4432static __be32
4433nfsd42_encode_write_res(struct nfsd4_compoundres *resp,
4434                struct nfsd42_write_res *write, bool sync)
4435{
4436        __be32 *p;
4437        p = xdr_reserve_space(&resp->xdr, 4);
4438        if (!p)
4439                return nfserr_resource;
4440
4441        if (sync)
4442                *p++ = cpu_to_be32(0);
4443        else {
4444                __be32 nfserr;
4445                *p++ = cpu_to_be32(1);
4446                nfserr = nfsd4_encode_stateid(&resp->xdr, &write->cb_stateid);
4447                if (nfserr)
4448                        return nfserr;
4449        }
4450        p = xdr_reserve_space(&resp->xdr, 8 + 4 + NFS4_VERIFIER_SIZE);
4451        if (!p)
4452                return nfserr_resource;
4453
4454        p = xdr_encode_hyper(p, write->wr_bytes_written);
4455        *p++ = cpu_to_be32(write->wr_stable_how);
4456        p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4457                                    NFS4_VERIFIER_SIZE);
4458        return nfs_ok;
4459}
4460
4461static __be32
4462nfsd4_encode_copy(struct nfsd4_compoundres *resp, __be32 nfserr,
4463                  struct nfsd4_copy *copy)
4464{
4465        __be32 *p;
4466
4467        nfserr = nfsd42_encode_write_res(resp, &copy->cp_res,
4468                        copy->cp_synchronous);
4469        if (nfserr)
4470                return nfserr;
4471
4472        p = xdr_reserve_space(&resp->xdr, 4 + 4);
4473        *p++ = xdr_one; /* cr_consecutive */
4474        *p++ = cpu_to_be32(copy->cp_synchronous);
4475        return 0;
4476}
4477
4478static __be32
4479nfsd4_encode_offload_status(struct nfsd4_compoundres *resp, __be32 nfserr,
4480                            struct nfsd4_offload_status *os)
4481{
4482        struct xdr_stream *xdr = &resp->xdr;
4483        __be32 *p;
4484
4485        p = xdr_reserve_space(xdr, 8 + 4);
4486        if (!p)
4487                return nfserr_resource;
4488        p = xdr_encode_hyper(p, os->count);
4489        *p++ = cpu_to_be32(0);
4490
4491        return nfserr;
4492}
4493
4494static __be32
4495nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr,
4496                  struct nfsd4_seek *seek)
4497{
4498        __be32 *p;
4499
4500        p = xdr_reserve_space(&resp->xdr, 4 + 8);
4501        *p++ = cpu_to_be32(seek->seek_eof);
4502        p = xdr_encode_hyper(p, seek->seek_pos);
4503
4504        return 0;
4505}
4506
4507static __be32
4508nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
4509{
4510        return nfserr;
4511}
4512
4513/*
4514 * Encode kmalloc-ed buffer in to XDR stream.
4515 */
4516static __be32
4517nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen)
4518{
4519        u32 cplen;
4520        __be32 *p;
4521
4522        cplen = min_t(unsigned long, buflen,
4523                      ((void *)xdr->end - (void *)xdr->p));
4524        p = xdr_reserve_space(xdr, cplen);
4525        if (!p)
4526                return nfserr_resource;
4527
4528        memcpy(p, buf, cplen);
4529        buf += cplen;
4530        buflen -= cplen;
4531
4532        while (buflen) {
4533                cplen = min_t(u32, buflen, PAGE_SIZE);
4534                p = xdr_reserve_space(xdr, cplen);
4535                if (!p)
4536                        return nfserr_resource;
4537
4538                memcpy(p, buf, cplen);
4539
4540                if (cplen < PAGE_SIZE) {
4541                        /*
4542                         * We're done, with a length that wasn't page
4543                         * aligned, so possibly not word aligned. Pad
4544                         * any trailing bytes with 0.
4545                         */
4546                        xdr_encode_opaque_fixed(p, NULL, cplen);
4547                        break;
4548                }
4549
4550                buflen -= PAGE_SIZE;
4551                buf += PAGE_SIZE;
4552        }
4553
4554        return 0;
4555}
4556
4557static __be32
4558nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4559                      struct nfsd4_getxattr *getxattr)
4560{
4561        struct xdr_stream *xdr = &resp->xdr;
4562        __be32 *p, err;
4563
4564        p = xdr_reserve_space(xdr, 4);
4565        if (!p)
4566                return nfserr_resource;
4567
4568        *p = cpu_to_be32(getxattr->getxa_len);
4569
4570        if (getxattr->getxa_len == 0)
4571                return 0;
4572
4573        err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf,
4574                                    getxattr->getxa_len);
4575
4576        kvfree(getxattr->getxa_buf);
4577
4578        return err;
4579}
4580
4581static __be32
4582nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4583                      struct nfsd4_setxattr *setxattr)
4584{
4585        struct xdr_stream *xdr = &resp->xdr;
4586        __be32 *p;
4587
4588        p = xdr_reserve_space(xdr, 20);
4589        if (!p)
4590                return nfserr_resource;
4591
4592        encode_cinfo(p, &setxattr->setxa_cinfo);
4593
4594        return 0;
4595}
4596
4597/*
4598 * See if there are cookie values that can be rejected outright.
4599 */
4600static __be32
4601nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs,
4602                                u32 *offsetp)
4603{
4604        u64 cookie = listxattrs->lsxa_cookie;
4605
4606        /*
4607         * If the cookie is larger than the maximum number we can fit
4608         * in either the buffer we just got back from vfs_listxattr, or,
4609         * XDR-encoded, in the return buffer, it's invalid.
4610         */
4611        if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2))
4612                return nfserr_badcookie;
4613
4614        if (cookie > (listxattrs->lsxa_maxcount /
4615                      (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4)))
4616                return nfserr_badcookie;
4617
4618        *offsetp = (u32)cookie;
4619        return 0;
4620}
4621
4622static __be32
4623nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr,
4624                        struct nfsd4_listxattrs *listxattrs)
4625{
4626        struct xdr_stream *xdr = &resp->xdr;
4627        u32 cookie_offset, count_offset, eof;
4628        u32 left, xdrleft, slen, count;
4629        u32 xdrlen, offset;
4630        u64 cookie;
4631        char *sp;
4632        __be32 status, tmp;
4633        __be32 *p;
4634        u32 nuser;
4635
4636        eof = 1;
4637
4638        status = nfsd4_listxattr_validate_cookie(listxattrs, &offset);
4639        if (status)
4640                goto out;
4641
4642        /*
4643         * Reserve space for the cookie and the name array count. Record
4644         * the offsets to save them later.
4645         */
4646        cookie_offset = xdr->buf->len;
4647        count_offset = cookie_offset + 8;
4648        p = xdr_reserve_space(xdr, 12);
4649        if (!p) {
4650                status = nfserr_resource;
4651                goto out;
4652        }
4653
4654        count = 0;
4655        left = listxattrs->lsxa_len;
4656        sp = listxattrs->lsxa_buf;
4657        nuser = 0;
4658
4659        xdrleft = listxattrs->lsxa_maxcount;
4660
4661        while (left > 0 && xdrleft > 0) {
4662                slen = strlen(sp);
4663
4664                /*
4665                 * Check if this is a "user." attribute, skip it if not.
4666                 */
4667                if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
4668                        goto contloop;
4669
4670                slen -= XATTR_USER_PREFIX_LEN;
4671                xdrlen = 4 + ((slen + 3) & ~3);
4672                if (xdrlen > xdrleft) {
4673                        if (count == 0) {
4674                                /*
4675                                 * Can't even fit the first attribute name.
4676                                 */
4677                                status = nfserr_toosmall;
4678                                goto out;
4679                        }
4680                        eof = 0;
4681                        goto wreof;
4682                }
4683
4684                left -= XATTR_USER_PREFIX_LEN;
4685                sp += XATTR_USER_PREFIX_LEN;
4686                if (nuser++ < offset)
4687                        goto contloop;
4688
4689
4690                p = xdr_reserve_space(xdr, xdrlen);
4691                if (!p) {
4692                        status = nfserr_resource;
4693                        goto out;
4694                }
4695
4696                xdr_encode_opaque(p, sp, slen);
4697
4698                xdrleft -= xdrlen;
4699                count++;
4700contloop:
4701                sp += slen + 1;
4702                left -= slen + 1;
4703        }
4704
4705        /*
4706         * If there were user attributes to copy, but we didn't copy
4707         * any, the offset was too large (e.g. the cookie was invalid).
4708         */
4709        if (nuser > 0 && count == 0) {
4710                status = nfserr_badcookie;
4711                goto out;
4712        }
4713
4714wreof:
4715        p = xdr_reserve_space(xdr, 4);
4716        if (!p) {
4717                status = nfserr_resource;
4718                goto out;
4719        }
4720        *p = cpu_to_be32(eof);
4721
4722        cookie = offset + count;
4723
4724        write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8);
4725        tmp = cpu_to_be32(count);
4726        write_bytes_to_xdr_buf(xdr->buf, count_offset, &tmp, 4);
4727out:
4728        if (listxattrs->lsxa_len)
4729                kvfree(listxattrs->lsxa_buf);
4730        return status;
4731}
4732
4733static __be32
4734nfsd4_encode_removexattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4735                         struct nfsd4_removexattr *removexattr)
4736{
4737        struct xdr_stream *xdr = &resp->xdr;
4738        __be32 *p;
4739
4740        p = xdr_reserve_space(xdr, 20);
4741        if (!p)
4742                return nfserr_resource;
4743
4744        p = encode_cinfo(p, &removexattr->rmxa_cinfo);
4745        return 0;
4746}
4747
4748typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
4749
4750/*
4751 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
4752 * since we don't need to filter out obsolete ops as this is
4753 * done in the decoding phase.
4754 */
4755static const nfsd4_enc nfsd4_enc_ops[] = {
4756        [OP_ACCESS]             = (nfsd4_enc)nfsd4_encode_access,
4757        [OP_CLOSE]              = (nfsd4_enc)nfsd4_encode_close,
4758        [OP_COMMIT]             = (nfsd4_enc)nfsd4_encode_commit,
4759        [OP_CREATE]             = (nfsd4_enc)nfsd4_encode_create,
4760        [OP_DELEGPURGE]         = (nfsd4_enc)nfsd4_encode_noop,
4761        [OP_DELEGRETURN]        = (nfsd4_enc)nfsd4_encode_noop,
4762        [OP_GETATTR]            = (nfsd4_enc)nfsd4_encode_getattr,
4763        [OP_GETFH]              = (nfsd4_enc)nfsd4_encode_getfh,
4764        [OP_LINK]               = (nfsd4_enc)nfsd4_encode_link,
4765        [OP_LOCK]               = (nfsd4_enc)nfsd4_encode_lock,
4766        [OP_LOCKT]              = (nfsd4_enc)nfsd4_encode_lockt,
4767        [OP_LOCKU]              = (nfsd4_enc)nfsd4_encode_locku,
4768        [OP_LOOKUP]             = (nfsd4_enc)nfsd4_encode_noop,
4769        [OP_LOOKUPP]            = (nfsd4_enc)nfsd4_encode_noop,
4770        [OP_NVERIFY]            = (nfsd4_enc)nfsd4_encode_noop,
4771        [OP_OPEN]               = (nfsd4_enc)nfsd4_encode_open,
4772        [OP_OPENATTR]           = (nfsd4_enc)nfsd4_encode_noop,
4773        [OP_OPEN_CONFIRM]       = (nfsd4_enc)nfsd4_encode_open_confirm,
4774        [OP_OPEN_DOWNGRADE]     = (nfsd4_enc)nfsd4_encode_open_downgrade,
4775        [OP_PUTFH]              = (nfsd4_enc)nfsd4_encode_noop,
4776        [OP_PUTPUBFH]           = (nfsd4_enc)nfsd4_encode_noop,
4777        [OP_PUTROOTFH]          = (nfsd4_enc)nfsd4_encode_noop,
4778        [OP_READ]               = (nfsd4_enc)nfsd4_encode_read,
4779        [OP_READDIR]            = (nfsd4_enc)nfsd4_encode_readdir,
4780        [OP_READLINK]           = (nfsd4_enc)nfsd4_encode_readlink,
4781        [OP_REMOVE]             = (nfsd4_enc)nfsd4_encode_remove,
4782        [OP_RENAME]             = (nfsd4_enc)nfsd4_encode_rename,
4783        [OP_RENEW]              = (nfsd4_enc)nfsd4_encode_noop,
4784        [OP_RESTOREFH]          = (nfsd4_enc)nfsd4_encode_noop,
4785        [OP_SAVEFH]             = (nfsd4_enc)nfsd4_encode_noop,
4786        [OP_SECINFO]            = (nfsd4_enc)nfsd4_encode_secinfo,
4787        [OP_SETATTR]            = (nfsd4_enc)nfsd4_encode_setattr,
4788        [OP_SETCLIENTID]        = (nfsd4_enc)nfsd4_encode_setclientid,
4789        [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
4790        [OP_VERIFY]             = (nfsd4_enc)nfsd4_encode_noop,
4791        [OP_WRITE]              = (nfsd4_enc)nfsd4_encode_write,
4792        [OP_RELEASE_LOCKOWNER]  = (nfsd4_enc)nfsd4_encode_noop,
4793
4794        /* NFSv4.1 operations */
4795        [OP_BACKCHANNEL_CTL]    = (nfsd4_enc)nfsd4_encode_noop,
4796        [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
4797        [OP_EXCHANGE_ID]        = (nfsd4_enc)nfsd4_encode_exchange_id,
4798        [OP_CREATE_SESSION]     = (nfsd4_enc)nfsd4_encode_create_session,
4799        [OP_DESTROY_SESSION]    = (nfsd4_enc)nfsd4_encode_noop,
4800        [OP_FREE_STATEID]       = (nfsd4_enc)nfsd4_encode_noop,
4801        [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
4802#ifdef CONFIG_NFSD_PNFS
4803        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_getdeviceinfo,
4804        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
4805        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_layoutcommit,
4806        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_layoutget,
4807        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_layoutreturn,
4808#else
4809        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_noop,
4810        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
4811        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_noop,
4812        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_noop,
4813        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_noop,
4814#endif
4815        [OP_SECINFO_NO_NAME]    = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
4816        [OP_SEQUENCE]           = (nfsd4_enc)nfsd4_encode_sequence,
4817        [OP_SET_SSV]            = (nfsd4_enc)nfsd4_encode_noop,
4818        [OP_TEST_STATEID]       = (nfsd4_enc)nfsd4_encode_test_stateid,
4819        [OP_WANT_DELEGATION]    = (nfsd4_enc)nfsd4_encode_noop,
4820        [OP_DESTROY_CLIENTID]   = (nfsd4_enc)nfsd4_encode_noop,
4821        [OP_RECLAIM_COMPLETE]   = (nfsd4_enc)nfsd4_encode_noop,
4822
4823        /* NFSv4.2 operations */
4824        [OP_ALLOCATE]           = (nfsd4_enc)nfsd4_encode_noop,
4825        [OP_COPY]               = (nfsd4_enc)nfsd4_encode_copy,
4826        [OP_COPY_NOTIFY]        = (nfsd4_enc)nfsd4_encode_noop,
4827        [OP_DEALLOCATE]         = (nfsd4_enc)nfsd4_encode_noop,
4828        [OP_IO_ADVISE]          = (nfsd4_enc)nfsd4_encode_noop,
4829        [OP_LAYOUTERROR]        = (nfsd4_enc)nfsd4_encode_noop,
4830        [OP_LAYOUTSTATS]        = (nfsd4_enc)nfsd4_encode_noop,
4831        [OP_OFFLOAD_CANCEL]     = (nfsd4_enc)nfsd4_encode_noop,
4832        [OP_OFFLOAD_STATUS]     = (nfsd4_enc)nfsd4_encode_offload_status,
4833        [OP_READ_PLUS]          = (nfsd4_enc)nfsd4_encode_noop,
4834        [OP_SEEK]               = (nfsd4_enc)nfsd4_encode_seek,
4835        [OP_WRITE_SAME]         = (nfsd4_enc)nfsd4_encode_noop,
4836        [OP_CLONE]              = (nfsd4_enc)nfsd4_encode_noop,
4837
4838        /* RFC 8276 extended atributes operations */
4839        [OP_GETXATTR]           = (nfsd4_enc)nfsd4_encode_getxattr,
4840        [OP_SETXATTR]           = (nfsd4_enc)nfsd4_encode_setxattr,
4841        [OP_LISTXATTRS]         = (nfsd4_enc)nfsd4_encode_listxattrs,
4842        [OP_REMOVEXATTR]        = (nfsd4_enc)nfsd4_encode_removexattr,
4843};
4844
4845/*
4846 * Calculate whether we still have space to encode repsize bytes.
4847 * There are two considerations:
4848 *     - For NFS versions >=4.1, the size of the reply must stay within
4849 *       session limits
4850 *     - For all NFS versions, we must stay within limited preallocated
4851 *       buffer space.
4852 *
4853 * This is called before the operation is processed, so can only provide
4854 * an upper estimate.  For some nonidempotent operations (such as
4855 * getattr), it's not necessarily a problem if that estimate is wrong,
4856 * as we can fail it after processing without significant side effects.
4857 */
4858__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
4859{
4860        struct xdr_buf *buf = &resp->rqstp->rq_res;
4861        struct nfsd4_slot *slot = resp->cstate.slot;
4862
4863        if (buf->len + respsize <= buf->buflen)
4864                return nfs_ok;
4865        if (!nfsd4_has_session(&resp->cstate))
4866                return nfserr_resource;
4867        if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) {
4868                WARN_ON_ONCE(1);
4869                return nfserr_rep_too_big_to_cache;
4870        }
4871        return nfserr_rep_too_big;
4872}
4873
4874void
4875nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
4876{
4877        struct xdr_stream *xdr = &resp->xdr;
4878        struct nfs4_stateowner *so = resp->cstate.replay_owner;
4879        struct svc_rqst *rqstp = resp->rqstp;
4880        const struct nfsd4_operation *opdesc = op->opdesc;
4881        int post_err_offset;
4882        nfsd4_enc encoder;
4883        __be32 *p;
4884
4885        p = xdr_reserve_space(xdr, 8);
4886        if (!p) {
4887                WARN_ON_ONCE(1);
4888                return;
4889        }
4890        *p++ = cpu_to_be32(op->opnum);
4891        post_err_offset = xdr->buf->len;
4892
4893        if (op->opnum == OP_ILLEGAL)
4894                goto status;
4895        if (op->status && opdesc &&
4896                        !(opdesc->op_flags & OP_NONTRIVIAL_ERROR_ENCODE))
4897                goto status;
4898        BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
4899               !nfsd4_enc_ops[op->opnum]);
4900        encoder = nfsd4_enc_ops[op->opnum];
4901        op->status = encoder(resp, op->status, &op->u);
4902        if (op->status)
4903                trace_nfsd_compound_encode_err(rqstp, op->opnum, op->status);
4904        if (opdesc && opdesc->op_release)
4905                opdesc->op_release(&op->u);
4906        xdr_commit_encode(xdr);
4907
4908        /* nfsd4_check_resp_size guarantees enough room for error status */
4909        if (!op->status) {
4910                int space_needed = 0;
4911                if (!nfsd4_last_compound_op(rqstp))
4912                        space_needed = COMPOUND_ERR_SLACK_SPACE;
4913                op->status = nfsd4_check_resp_size(resp, space_needed);
4914        }
4915        if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) {
4916                struct nfsd4_slot *slot = resp->cstate.slot;
4917
4918                if (slot->sl_flags & NFSD4_SLOT_CACHETHIS)
4919                        op->status = nfserr_rep_too_big_to_cache;
4920                else
4921                        op->status = nfserr_rep_too_big;
4922        }
4923        if (op->status == nfserr_resource ||
4924            op->status == nfserr_rep_too_big ||
4925            op->status == nfserr_rep_too_big_to_cache) {
4926                /*
4927                 * The operation may have already been encoded or
4928                 * partially encoded.  No op returns anything additional
4929                 * in the case of one of these three errors, so we can
4930                 * just truncate back to after the status.  But it's a
4931                 * bug if we had to do this on a non-idempotent op:
4932                 */
4933                warn_on_nonidempotent_op(op);
4934                xdr_truncate_encode(xdr, post_err_offset);
4935        }
4936        if (so) {
4937                int len = xdr->buf->len - post_err_offset;
4938
4939                so->so_replay.rp_status = op->status;
4940                so->so_replay.rp_buflen = len;
4941                read_bytes_from_xdr_buf(xdr->buf, post_err_offset,
4942                                                so->so_replay.rp_buf, len);
4943        }
4944status:
4945        /* Note that op->status is already in network byte order: */
4946        write_bytes_to_xdr_buf(xdr->buf, post_err_offset - 4, &op->status, 4);
4947}
4948
4949/* 
4950 * Encode the reply stored in the stateowner reply cache 
4951 * 
4952 * XDR note: do not encode rp->rp_buflen: the buffer contains the
4953 * previously sent already encoded operation.
4954 */
4955void
4956nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
4957{
4958        __be32 *p;
4959        struct nfs4_replay *rp = op->replay;
4960
4961        p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
4962        if (!p) {
4963                WARN_ON_ONCE(1);
4964                return;
4965        }
4966        *p++ = cpu_to_be32(op->opnum);
4967        *p++ = rp->rp_status;  /* already xdr'ed */
4968
4969        p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen);
4970}
4971
4972void nfsd4_release_compoundargs(struct svc_rqst *rqstp)
4973{
4974        struct nfsd4_compoundargs *args = rqstp->rq_argp;
4975
4976        if (args->ops != args->iops) {
4977                kfree(args->ops);
4978                args->ops = args->iops;
4979        }
4980        kfree(args->tmpp);
4981        args->tmpp = NULL;
4982        while (args->to_free) {
4983                struct svcxdr_tmpbuf *tb = args->to_free;
4984                args->to_free = tb->next;
4985                kfree(tb);
4986        }
4987}
4988
4989int
4990nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p)
4991{
4992        struct nfsd4_compoundargs *args = rqstp->rq_argp;
4993
4994        if (rqstp->rq_arg.head[0].iov_len % 4) {
4995                /* client is nuts */
4996                dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
4997                        __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid));
4998                return 0;
4999        }
5000        args->p = p;

5001        args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
5002        args->pagelist = rqstp->rq_arg.pages;
5003        args->pagelen = rqstp->rq_arg.page_len;
5004        args->tail = false;
5005        args->tmpp = NULL;
5006        args->to_free = NULL;
5007        args->ops = args->iops;
5008        args->rqstp = rqstp;
5009
5010        return !nfsd4_decode_compound(args);
5011}
5012
5013int
5014nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p)
5015{
5016        struct nfsd4_compoundres *resp = rqstp->rq_resp;
5017        struct xdr_buf *buf = resp->xdr.buf;
5018
5019        WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
5020                                 buf->tail[0].iov_len);
5021
5022        *p = resp->cstate.status;
5023
5024        rqstp->rq_next_page = resp->xdr.page_ptr + 1;
5025
5026        p = resp->tagp;
5027        *p++ = htonl(resp->taglen);
5028        memcpy(p, resp->tag, resp->taglen);
5029        p += XDR_QUADLEN(resp->taglen);
5030        *p++ = htonl(resp->opcnt);
5031
5032        nfsd4_sequence_done(resp);
5033        return 1;
5034}
5035
5036/*
5037 * Local variables:
5038 *  c-basic-offset: 8
5039 * End:
5040 */
5041