/*
*  Copyright (c) 2001 The Regents of the University of Michigan.
*  All rights reserved.
*
*  Kendrick Smith <kmsmith@umich.edu>
*  Andy Adamson <kandros@umich.edu>
*
*  Redistribution and use in source and binary forms, with or without
*  modification, are permitted provided that the following conditions
*  are met:
*
*  1. Redistributions of source code must retain the above copyright
*     notice, this list of conditions and the following disclaimer.
*  2. Redistributions in binary form must reproduce the above copyright
*     notice, this list of conditions and the following disclaimer in the
*     documentation and/or other materials provided with the distribution.
*  3. Neither the name of the University nor the names of its
*     contributors may be used to endorse or promote products derived
*     from this software without specific prior written permission.
*
*  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
*  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
*  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
*  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
*  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
*  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
*  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
*  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
*  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
*  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
*  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/

#include <linux/file.h>
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/namei.h>
#include <linux/swap.h>
#include <linux/pagemap.h>
#include <linux/ratelimit.h>
#include <linux/sunrpc/svcauth_gss.h>
#include <linux/sunrpc/addr.h>
#include "xdr4.h"
#include "xdr4cb.h"
#include "vfs.h"
#include "current_stateid.h"

#include "netns.h"

#define NFSDDBG_FACILITY                NFSDDBG_PROC

#define all_ones {{~0,~0},~0}
static const stateid_t one_stateid = {
        .si_generation = ~0,
        .si_opaque = all_ones,
};
static const stateid_t zero_stateid = {
        /* all fields zero */
};
static const stateid_t currentstateid = {
        .si_generation = 1,
};

static u64 current_sessionid = 1;

#define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
#define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
#define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))

/* forward declarations */
static int check_for_locks(struct nfs4_file *filp, struct nfs4_lockowner *lowner);

/* Locking: */

/* Currently used for almost all code touching nfsv4 state: */
static DEFINE_MUTEX(client_mutex);

/*
 * Currently used for the del_recall_lru and file hash table.  In an
 * effort to decrease the scope of the client_mutex, this spinlock may
 * eventually cover more:
 */
static DEFINE_SPINLOCK(recall_lock);

static struct kmem_cache *openowner_slab = NULL;
static struct kmem_cache *lockowner_slab = NULL;
static struct kmem_cache *file_slab = NULL;
static struct kmem_cache *stateid_slab = NULL;
static struct kmem_cache *deleg_slab = NULL;

void
nfs4_lock_state(void)
{
        mutex_lock(&client_mutex);
}

static void free_session(struct nfsd4_session *);

static bool is_session_dead(struct nfsd4_session *ses)
{
        return ses->se_flags & NFS4_SESSION_DEAD;
}

void nfsd4_put_session(struct nfsd4_session *ses)
{
        if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))
                free_session(ses);
}

static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)
{
        if (atomic_read(&ses->se_ref) > ref_held_by_me)
                return nfserr_jukebox;
        ses->se_flags |= NFS4_SESSION_DEAD;
        return nfs_ok;
}

static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses)
{
        if (is_session_dead(ses))
                return nfserr_badsession;
        atomic_inc(&ses->se_ref);
        return nfs_ok;
}

void
nfs4_unlock_state(void)
{
        mutex_unlock(&client_mutex);
}

static bool is_client_expired(struct nfs4_client *clp)
{
        return clp->cl_time == 0;
}

static __be32 mark_client_expired_locked(struct nfs4_client *clp)
{
        if (atomic_read(&clp->cl_refcount))
                return nfserr_jukebox;
        clp->cl_time = 0;
        return nfs_ok;
}

static __be32 mark_client_expired(struct nfs4_client *clp)
{
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
        __be32 ret;

        spin_lock(&nn->client_lock);
        ret = mark_client_expired_locked(clp);
        spin_unlock(&nn->client_lock);
        return ret;
}

static __be32 get_client_locked(struct nfs4_client *clp)
{
        if (is_client_expired(clp))
                return nfserr_expired;
        atomic_inc(&clp->cl_refcount);
        return nfs_ok;
}

/* must be called under the client_lock */
static inline void
renew_client_locked(struct nfs4_client *clp)
{
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        if (is_client_expired(clp)) {
                WARN_ON(1);
                printk("%s: client (clientid %08x/%08x) already expired\n",
                        __func__,
                        clp->cl_clientid.cl_boot,
                        clp->cl_clientid.cl_id);
                return;
        }

        dprintk("renewing client (clientid %08x/%08x)\n",
                        clp->cl_clientid.cl_boot,
                        clp->cl_clientid.cl_id);
        list_move_tail(&clp->cl_lru, &nn->client_lru);
        clp->cl_time = get_seconds();
}

static inline void
renew_client(struct nfs4_client *clp)
{
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        spin_lock(&nn->client_lock);
        renew_client_locked(clp);
        spin_unlock(&nn->client_lock);
}

static void put_client_renew_locked(struct nfs4_client *clp)
{
        if (!atomic_dec_and_test(&clp->cl_refcount))
                return;
        if (!is_client_expired(clp))
                renew_client_locked(clp);
}

void put_client_renew(struct nfs4_client *clp)
{
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        if (!atomic_dec_and_lock(&clp->cl_refcount, &nn->client_lock))
                return;
        if (!is_client_expired(clp))
                renew_client_locked(clp);
        spin_unlock(&nn->client_lock);
}


static inline u32
opaque_hashval(const void *ptr, int nbytes)
{
        unsigned char *cptr = (unsigned char *) ptr;

        u32 x = 0;
        while (nbytes--) {
                x *= 37;
                x += *cptr++;
        }
        return x;
}

static void nfsd4_free_file(struct nfs4_file *f)
{
        kmem_cache_free(file_slab, f);
}

static inline void
put_nfs4_file(struct nfs4_file *fi)
{
        if (atomic_dec_and_lock(&fi->fi_ref, &recall_lock)) {
                hlist_del(&fi->fi_hash);
                spin_unlock(&recall_lock);
                iput(fi->fi_inode);
                nfsd4_free_file(fi);
        }
}

static inline void
get_nfs4_file(struct nfs4_file *fi)
{
        atomic_inc(&fi->fi_ref);
}

static int num_delegations;
unsigned long max_delegations;

/*
 * Open owner state (share locks)
 */

/* hash tables for lock and open owners */
#define OWNER_HASH_BITS              8
#define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
#define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)

static unsigned int ownerstr_hashval(u32 clientid, struct xdr_netobj *ownername)
{
        unsigned int ret;

        ret = opaque_hashval(ownername->data, ownername->len);
        ret += clientid;
        return ret & OWNER_HASH_MASK;
}

/* hash table for nfs4_file */
#define FILE_HASH_BITS                   8
#define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)

static unsigned int file_hashval(struct inode *ino)
{
        /* XXX: why are we hashing on inode pointer, anyway? */
        return hash_ptr(ino, FILE_HASH_BITS);
}

static struct hlist_head file_hashtbl[FILE_HASH_SIZE];

static void __nfs4_file_get_access(struct nfs4_file *fp, int oflag)
{
        WARN_ON_ONCE(!(fp->fi_fds[oflag] || fp->fi_fds[O_RDWR]));
        atomic_inc(&fp->fi_access[oflag]);
}

static void nfs4_file_get_access(struct nfs4_file *fp, int oflag)
{
        if (oflag == O_RDWR) {
                __nfs4_file_get_access(fp, O_RDONLY);
                __nfs4_file_get_access(fp, O_WRONLY);
        } else
                __nfs4_file_get_access(fp, oflag);
}

static void nfs4_file_put_fd(struct nfs4_file *fp, int oflag)
{
        if (fp->fi_fds[oflag]) {
                fput(fp->fi_fds[oflag]);
                fp->fi_fds[oflag] = NULL;
        }
}

static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
{
        if (atomic_dec_and_test(&fp->fi_access[oflag])) {
                nfs4_file_put_fd(fp, oflag);
                if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
                        nfs4_file_put_fd(fp, O_RDWR);
        }
}

static void nfs4_file_put_access(struct nfs4_file *fp, int oflag)
{
        if (oflag == O_RDWR) {
                __nfs4_file_put_access(fp, O_RDONLY);
                __nfs4_file_put_access(fp, O_WRONLY);
        } else
                __nfs4_file_put_access(fp, oflag);
}

static struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct
kmem_cache *slab)
{
        struct idr *stateids = &cl->cl_stateids;
        struct nfs4_stid *stid;
        int new_id;

        stid = kmem_cache_alloc(slab, GFP_KERNEL);
        if (!stid)
                return NULL;

        new_id = idr_alloc_cyclic(stateids, stid, 0, 0, GFP_KERNEL);
        if (new_id < 0)
                goto out_free;
        stid->sc_client = cl;
        stid->sc_type = 0;
        stid->sc_stateid.si_opaque.so_id = new_id;
        stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid;
        /* Will be incremented before return to client: */
        stid->sc_stateid.si_generation = 0;

        /*
         * It shouldn't be a problem to reuse an opaque stateid value.
         * I don't think it is for 4.1.  But with 4.0 I worry that, for
         * example, a stray write retransmission could be accepted by
         * the server when it should have been rejected.  Therefore,
         * adopt a trick from the sctp code to attempt to maximize the
         * amount of time until an id is reused, by ensuring they always
         * "increase" (mod INT_MAX):
         */
        return stid;
out_free:
        kmem_cache_free(slab, stid);
        return NULL;
}

static struct nfs4_ol_stateid * nfs4_alloc_stateid(struct nfs4_client *clp)
{
        return openlockstateid(nfs4_alloc_stid(clp, stateid_slab));
}

static struct nfs4_delegation *
alloc_init_deleg(struct nfs4_client *clp, struct nfs4_ol_stateid *stp, struct svc_fh *current_fh)
{
        struct nfs4_delegation *dp;
        struct nfs4_file *fp = stp->st_file;

        dprintk("NFSD alloc_init_deleg\n");
        if (fp->fi_had_conflict)
                return NULL;
        if (num_delegations > max_delegations)
                return NULL;
        dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab));
        if (dp == NULL)
                return dp;
        dp->dl_stid.sc_type = NFS4_DELEG_STID;
        /*
         * delegation seqid's are never incremented.  The 4.1 special
         * meaning of seqid 0 isn't meaningful, really, but let's avoid
         * 0 anyway just for consistency and use 1:
         */
        dp->dl_stid.sc_stateid.si_generation = 1;
        num_delegations++;
        INIT_LIST_HEAD(&dp->dl_perfile);
        INIT_LIST_HEAD(&dp->dl_perclnt);
        INIT_LIST_HEAD(&dp->dl_recall_lru);
        get_nfs4_file(fp);
        dp->dl_file = fp;
        dp->dl_type = NFS4_OPEN_DELEGATE_READ;
        fh_copy_shallow(&dp->dl_fh, &current_fh->fh_handle);
        dp->dl_time = 0;
        atomic_set(&dp->dl_count, 1);
        nfsd4_init_callback(&dp->dl_recall);
        return dp;
}

static void remove_stid(struct nfs4_stid *s)
{
        struct idr *stateids = &s->sc_client->cl_stateids;

        idr_remove(stateids, s->sc_stateid.si_opaque.so_id);
}

void
nfs4_put_delegation(struct nfs4_delegation *dp)
{
        if (atomic_dec_and_test(&dp->dl_count)) {
                kmem_cache_free(deleg_slab, dp);
                num_delegations--;
        }
}

static void nfs4_put_deleg_lease(struct nfs4_file *fp)
{
        if (atomic_dec_and_test(&fp->fi_delegees)) {
                vfs_setlease(fp->fi_deleg_file, F_UNLCK, &fp->fi_lease);
                fp->fi_lease = NULL;
                fput(fp->fi_deleg_file);
                fp->fi_deleg_file = NULL;
        }
}

static void unhash_stid(struct nfs4_stid *s)
{
        s->sc_type = 0;
}

/* Called under the state lock. */
static void
unhash_delegation(struct nfs4_delegation *dp)
{
        list_del_init(&dp->dl_perclnt);
        spin_lock(&recall_lock);
        list_del_init(&dp->dl_perfile);
        list_del_init(&dp->dl_recall_lru);
        spin_unlock(&recall_lock);
        nfs4_put_deleg_lease(dp->dl_file);
        put_nfs4_file(dp->dl_file);
        dp->dl_file = NULL;
}



static void destroy_revoked_delegation(struct nfs4_delegation *dp)
{
        list_del_init(&dp->dl_recall_lru);
        remove_stid(&dp->dl_stid);
        nfs4_put_delegation(dp);
}

static void destroy_delegation(struct nfs4_delegation *dp)
{
        unhash_delegation(dp);
        remove_stid(&dp->dl_stid);
        nfs4_put_delegation(dp);
}

static void revoke_delegation(struct nfs4_delegation *dp)
{
        struct nfs4_client *clp = dp->dl_stid.sc_client;

        if (clp->cl_minorversion == 0)
                destroy_delegation(dp);
        else {
                unhash_delegation(dp);
                dp->dl_stid.sc_type = NFS4_REVOKED_DELEG_STID;
                list_add(&dp->dl_recall_lru, &clp->cl_revoked);
        }
}

/* 
 * SETCLIENTID state 
 */

static unsigned int clientid_hashval(u32 id)
{
        return id & CLIENT_HASH_MASK;
}

static unsigned int clientstr_hashval(const char *name)
{
        return opaque_hashval(name, 8) & CLIENT_HASH_MASK;
}

/*
 * We store the NONE, READ, WRITE, and BOTH bits separately in the
 * st_{access,deny}_bmap field of the stateid, in order to track not
 * only what share bits are currently in force, but also what
 * combinations of share bits previous opens have used.  This allows us
 * to enforce the recommendation of rfc 3530 14.2.19 that the server
 * return an error if the client attempt to downgrade to a combination
 * of share bits not explicable by closing some of its previous opens.
 *
 * XXX: This enforcement is actually incomplete, since we don't keep
 * track of access/deny bit combinations; so, e.g., we allow:
 *
 *      OPEN allow read, deny write
 *      OPEN allow both, deny none
 *      DOWNGRADE allow read, deny none
 *
 * which we should reject.
 */
static unsigned int
bmap_to_share_mode(unsigned long bmap) {
        int i;
        unsigned int access = 0;

        for (i = 1; i < 4; i++) {
                if (test_bit(i, &bmap))
                        access |= i;
        }
        return access;
}

static bool
test_share(struct nfs4_ol_stateid *stp, struct nfsd4_open *open) {
        unsigned int access, deny;

        access = bmap_to_share_mode(stp->st_access_bmap);
        deny = bmap_to_share_mode(stp->st_deny_bmap);
        if ((access & open->op_share_deny) || (deny & open->op_share_access))
                return false;
        return true;
}

/* set share access for a given stateid */
static inline void
set_access(u32 access, struct nfs4_ol_stateid *stp)
{
        __set_bit(access, &stp->st_access_bmap);
}

/* clear share access for a given stateid */
static inline void
clear_access(u32 access, struct nfs4_ol_stateid *stp)
{
        __clear_bit(access, &stp->st_access_bmap);
}

/* test whether a given stateid has access */
static inline bool
test_access(u32 access, struct nfs4_ol_stateid *stp)
{
        return test_bit(access, &stp->st_access_bmap);
}

/* set share deny for a given stateid */
static inline void
set_deny(u32 access, struct nfs4_ol_stateid *stp)
{
        __set_bit(access, &stp->st_deny_bmap);
}

/* clear share deny for a given stateid */
static inline void
clear_deny(u32 access, struct nfs4_ol_stateid *stp)
{
        __clear_bit(access, &stp->st_deny_bmap);
}

/* test whether a given stateid is denying specific access */
static inline bool
test_deny(u32 access, struct nfs4_ol_stateid *stp)
{
        return test_bit(access, &stp->st_deny_bmap);
}

static int nfs4_access_to_omode(u32 access)
{
        switch (access & NFS4_SHARE_ACCESS_BOTH) {
        case NFS4_SHARE_ACCESS_READ:
                return O_RDONLY;
        case NFS4_SHARE_ACCESS_WRITE:
                return O_WRONLY;
        case NFS4_SHARE_ACCESS_BOTH:
                return O_RDWR;
        }
        WARN_ON_ONCE(1);
        return O_RDONLY;
}

/* release all access and file references for a given stateid */
static void
release_all_access(struct nfs4_ol_stateid *stp)
{
        int i;

        for (i = 1; i < 4; i++) {
                if (test_access(i, stp))
                        nfs4_file_put_access(stp->st_file,
                                             nfs4_access_to_omode(i));
                clear_access(i, stp);
        }
}

static void unhash_generic_stateid(struct nfs4_ol_stateid *stp)
{
        list_del(&stp->st_perfile);
        list_del(&stp->st_perstateowner);
}

static void close_generic_stateid(struct nfs4_ol_stateid *stp)
{
        release_all_access(stp);
        put_nfs4_file(stp->st_file);
        stp->st_file = NULL;
}

static void free_generic_stateid(struct nfs4_ol_stateid *stp)
{
        remove_stid(&stp->st_stid);
        kmem_cache_free(stateid_slab, stp);
}

static void release_lock_stateid(struct nfs4_ol_stateid *stp)
{
        struct file *file;

        unhash_generic_stateid(stp);
        unhash_stid(&stp->st_stid);
        file = find_any_file(stp->st_file);
        if (file)
                locks_remove_posix(file, (fl_owner_t)lockowner(stp->st_stateowner));
        close_generic_stateid(stp);
        free_generic_stateid(stp);
}

static void unhash_lockowner(struct nfs4_lockowner *lo)
{
        struct nfs4_ol_stateid *stp;

        list_del(&lo->lo_owner.so_strhash);
        list_del(&lo->lo_perstateid);
        list_del(&lo->lo_owner_ino_hash);
        while (!list_empty(&lo->lo_owner.so_stateids)) {
                stp = list_first_entry(&lo->lo_owner.so_stateids,
                                struct nfs4_ol_stateid, st_perstateowner);
                release_lock_stateid(stp);
        }
}

static void release_lockowner(struct nfs4_lockowner *lo)
{
        unhash_lockowner(lo);
        nfs4_free_lockowner(lo);
}

static void
release_stateid_lockowners(struct nfs4_ol_stateid *open_stp)
{
        struct nfs4_lockowner *lo;

        while (!list_empty(&open_stp->st_lockowners)) {
                lo = list_entry(open_stp->st_lockowners.next,
                                struct nfs4_lockowner, lo_perstateid);
                release_lockowner(lo);
        }
}

static void unhash_open_stateid(struct nfs4_ol_stateid *stp)
{
        unhash_generic_stateid(stp);
        release_stateid_lockowners(stp);
        close_generic_stateid(stp);
}

static void release_open_stateid(struct nfs4_ol_stateid *stp)
{
        unhash_open_stateid(stp);
        unhash_stid(&stp->st_stid);
        free_generic_stateid(stp);
}

static void unhash_openowner(struct nfs4_openowner *oo)
{
        struct nfs4_ol_stateid *stp;

        list_del(&oo->oo_owner.so_strhash);
        list_del(&oo->oo_perclient);
        while (!list_empty(&oo->oo_owner.so_stateids)) {
                stp = list_first_entry(&oo->oo_owner.so_stateids,
                                struct nfs4_ol_stateid, st_perstateowner);
                release_open_stateid(stp);
        }
}

static void release_last_closed_stateid(struct nfs4_openowner *oo)
{
        struct nfs4_ol_stateid *s = oo->oo_last_closed_stid;

        if (s) {
                unhash_stid(&s->st_stid);
                free_generic_stateid(s);
                oo->oo_last_closed_stid = NULL;
        }
}

static void release_openowner(struct nfs4_openowner *oo)
{
        unhash_openowner(oo);
        list_del(&oo->oo_close_lru);
        release_last_closed_stateid(oo);
        nfs4_free_openowner(oo);
}

static inline int
hash_sessionid(struct nfs4_sessionid *sessionid)
{
        struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;

        return sid->sequence % SESSION_HASH_SIZE;
}

#ifdef NFSD_DEBUG
static inline void
dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
{
        u32 *ptr = (u32 *)(&sessionid->data[0]);
        dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
}
#else
static inline void
dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
{
}
#endif

/*
 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it
 * won't be used for replay.
 */
void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr)
{
        struct nfs4_stateowner *so = cstate->replay_owner;

        if (nfserr == nfserr_replay_me)
                return;

        if (!seqid_mutating_err(ntohl(nfserr))) {
                cstate->replay_owner = NULL;
                return;
        }
        if (!so)
                return;
        if (so->so_is_open_owner)
                release_last_closed_stateid(openowner(so));
        so->so_seqid++;
        return;
}

static void
gen_sessionid(struct nfsd4_session *ses)
{
        struct nfs4_client *clp = ses->se_client;
        struct nfsd4_sessionid *sid;

        sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
        sid->clientid = clp->cl_clientid;
        sid->sequence = current_sessionid++;
        sid->reserved = 0;
}

/*
 * The protocol defines ca_maxresponssize_cached to include the size of
 * the rpc header, but all we need to cache is the data starting after
 * the end of the initial SEQUENCE operation--the rest we regenerate
 * each time.  Therefore we can advertise a ca_maxresponssize_cached
 * value that is the number of bytes in our cache plus a few additional
 * bytes.  In order to stay on the safe side, and not promise more than
 * we can cache, those additional bytes must be the minimum possible: 24
 * bytes of rpc header (xid through accept state, with AUTH_NULL
 * verifier), 12 for the compound header (with zero-length tag), and 44
 * for the SEQUENCE op response:
 */
#define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)

static void
free_session_slots(struct nfsd4_session *ses)
{
        int i;

        for (i = 0; i < ses->se_fchannel.maxreqs; i++)
                kfree(ses->se_slots[i]);
}

/*
 * We don't actually need to cache the rpc and session headers, so we
 * can allocate a little less for each slot:
 */
static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca)
{
        u32 size;

        if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ)
                size = 0;
        else
                size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
        return size + sizeof(struct nfsd4_slot);
}

/*
 * XXX: If we run out of reserved DRC memory we could (up to a point)
 * re-negotiate active sessions and reduce their slot usage to make
 * room for new connections. For now we just fail the create session.
 */
static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca)
{
        u32 slotsize = slot_bytes(ca);
        u32 num = ca->maxreqs;
        int avail;

        spin_lock(&nfsd_drc_lock);
        avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION,
                    nfsd_drc_max_mem - nfsd_drc_mem_used);
        num = min_t(int, num, avail / slotsize);
        nfsd_drc_mem_used += num * slotsize;
        spin_unlock(&nfsd_drc_lock);

        return num;
}

static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca)
{
        int slotsize = slot_bytes(ca);

        spin_lock(&nfsd_drc_lock);
        nfsd_drc_mem_used -= slotsize * ca->maxreqs;
        spin_unlock(&nfsd_drc_lock);
}

static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *attrs)
{
        int numslots = attrs->maxreqs;
        int slotsize = slot_bytes(attrs);
        struct nfsd4_session *new;
        int mem, i;

        BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
                        + sizeof(struct nfsd4_session) > PAGE_SIZE);
        mem = numslots * sizeof(struct nfsd4_slot *);

        new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
        if (!new)
                return NULL;
        /* allocate each struct nfsd4_slot and data cache in one piece */
        for (i = 0; i < numslots; i++) {
                new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL);
                if (!new->se_slots[i])
                        goto out_free;
        }
        return new;
out_free:
        while (i--)
                kfree(new->se_slots[i]);
        kfree(new);
        return NULL;
}

static void free_conn(struct nfsd4_conn *c)
{
        svc_xprt_put(c->cn_xprt);
        kfree(c);
}

static void nfsd4_conn_lost(struct svc_xpt_user *u)
{
        struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
        struct nfs4_client *clp = c->cn_session->se_client;

        spin_lock(&clp->cl_lock);
        if (!list_empty(&c->cn_persession)) {
                list_del(&c->cn_persession);
                free_conn(c);
        }
        nfsd4_probe_callback(clp);
        spin_unlock(&clp->cl_lock);
}

static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
{
        struct nfsd4_conn *conn;

        conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
        if (!conn)
                return NULL;
        svc_xprt_get(rqstp->rq_xprt);
        conn->cn_xprt = rqstp->rq_xprt;
        conn->cn_flags = flags;
        INIT_LIST_HEAD(&conn->cn_xpt_user.list);
        return conn;
}

static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
{
        conn->cn_session = ses;
        list_add(&conn->cn_persession, &ses->se_conns);
}

static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
{
        struct nfs4_client *clp = ses->se_client;

        spin_lock(&clp->cl_lock);
        __nfsd4_hash_conn(conn, ses);
        spin_unlock(&clp->cl_lock);
}

static int nfsd4_register_conn(struct nfsd4_conn *conn)
{
        conn->cn_xpt_user.callback = nfsd4_conn_lost;
        return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
}

static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses)
{
        int ret;

        nfsd4_hash_conn(conn, ses);
        ret = nfsd4_register_conn(conn);
        if (ret)
                /* oops; xprt is already down: */
                nfsd4_conn_lost(&conn->cn_xpt_user);
        if (conn->cn_flags & NFS4_CDFC4_BACK) {
                /* callback channel may be back up */
                nfsd4_probe_callback(ses->se_client);
        }
}

static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses)
{
        u32 dir = NFS4_CDFC4_FORE;

        if (cses->flags & SESSION4_BACK_CHAN)
                dir |= NFS4_CDFC4_BACK;
        return alloc_conn(rqstp, dir);
}

/* must be called under client_lock */
static void nfsd4_del_conns(struct nfsd4_session *s)
{
        struct nfs4_client *clp = s->se_client;
        struct nfsd4_conn *c;

        spin_lock(&clp->cl_lock);
        while (!list_empty(&s->se_conns)) {
                c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
                list_del_init(&c->cn_persession);
                spin_unlock(&clp->cl_lock);

                unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
                free_conn(c);

                spin_lock(&clp->cl_lock);
        }
        spin_unlock(&clp->cl_lock);
}

static void __free_session(struct nfsd4_session *ses)
{
        free_session_slots(ses);
        kfree(ses);
}

static void free_session(struct nfsd4_session *ses)
{
        struct nfsd_net *nn = net_generic(ses->se_client->net, nfsd_net_id);

        lockdep_assert_held(&nn->client_lock);
        nfsd4_del_conns(ses);
        nfsd4_put_drc_mem(&ses->se_fchannel);
        __free_session(ses);
}

static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses)
{
        int idx;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        new->se_client = clp;
        gen_sessionid(new);

        INIT_LIST_HEAD(&new->se_conns);

        new->se_cb_seq_nr = 1;
        new->se_flags = cses->flags;
        new->se_cb_prog = cses->callback_prog;
        new->se_cb_sec = cses->cb_sec;
        atomic_set(&new->se_ref, 0);
        idx = hash_sessionid(&new->se_sessionid);
        spin_lock(&nn->client_lock);
        list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]);
        spin_lock(&clp->cl_lock);
        list_add(&new->se_perclnt, &clp->cl_sessions);
        spin_unlock(&clp->cl_lock);
        spin_unlock(&nn->client_lock);

        memcpy(&new->se_fchannel, &cses->fore_channel,
                        sizeof(struct nfsd4_channel_attrs));
        if (cses->flags & SESSION4_BACK_CHAN) {
                struct sockaddr *sa = svc_addr(rqstp);
                /*
                 * This is a little silly; with sessions there's no real
                 * use for the callback address.  Use the peer address
                 * as a reasonable default for now, but consider fixing
                 * the rpc client not to require an address in the
                 * future:
                 */
                rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
                clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
        }
}

/* caller must hold client_lock */
static struct nfsd4_session *
find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net)
{
        struct nfsd4_session *elem;
        int idx;
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);

        dump_sessionid(__func__, sessionid);
        idx = hash_sessionid(sessionid);
        /* Search in the appropriate list */
        list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) {
                if (!memcmp(elem->se_sessionid.data, sessionid->data,
                            NFS4_MAX_SESSIONID_LEN)) {
                        return elem;
                }
        }

        dprintk("%s: session not found\n", __func__);
        return NULL;
}

/* caller must hold client_lock */
static void
unhash_session(struct nfsd4_session *ses)
{
        list_del(&ses->se_hash);
        spin_lock(&ses->se_client->cl_lock);
        list_del(&ses->se_perclnt);
        spin_unlock(&ses->se_client->cl_lock);
}

/* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
static int
STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn)
{
        if (clid->cl_boot == nn->boot_time)
                return 0;
        dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
                clid->cl_boot, clid->cl_id, nn->boot_time);
        return 1;
}

/* 
 * XXX Should we use a slab cache ?
 * This type of memory management is somewhat inefficient, but we use it
 * anyway since SETCLIENTID is not a common operation.
 */
static struct nfs4_client *alloc_client(struct xdr_netobj name)
{
        struct nfs4_client *clp;

        clp = kzalloc(sizeof(struct nfs4_client), GFP_KERNEL);
        if (clp == NULL)
                return NULL;
        clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
        if (clp->cl_name.data == NULL) {
                kfree(clp);
                return NULL;
        }
        clp->cl_name.len = name.len;
        return clp;
}

static inline void
free_client(struct nfs4_client *clp)
{
        struct nfsd_net __maybe_unused *nn = net_generic(clp->net, nfsd_net_id);

        lockdep_assert_held(&nn->client_lock);
        while (!list_empty(&clp->cl_sessions)) {
                struct nfsd4_session *ses;
                ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
                                se_perclnt);
                list_del(&ses->se_perclnt);
                WARN_ON_ONCE(atomic_read(&ses->se_ref));
                free_session(ses);
        }
        free_svc_cred(&clp->cl_cred);
        kfree(clp->cl_name.data);
        idr_destroy(&clp->cl_stateids);
        kfree(clp);
}

/* must be called under the client_lock */
static inline void
unhash_client_locked(struct nfs4_client *clp)
{
        struct nfsd4_session *ses;

        list_del(&clp->cl_lru);
        spin_lock(&clp->cl_lock);
        list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
                list_del_init(&ses->se_hash);
        spin_unlock(&clp->cl_lock);
}

static void
destroy_client(struct nfs4_client *clp)
{
        struct nfs4_openowner *oo;
        struct nfs4_delegation *dp;
        struct list_head reaplist;
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        INIT_LIST_HEAD(&reaplist);
        spin_lock(&recall_lock);
        while (!list_empty(&clp->cl_delegations)) {
                dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
                list_del_init(&dp->dl_perclnt);
                list_move(&dp->dl_recall_lru, &reaplist);
        }
        spin_unlock(&recall_lock);
        while (!list_empty(&reaplist)) {
                dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
                destroy_delegation(dp);
        }
        while (!list_empty(&clp->cl_openowners)) {
                oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
                release_openowner(oo);
        }
        nfsd4_shutdown_callback(clp);
        if (clp->cl_cb_conn.cb_xprt)
                svc_xprt_put(clp->cl_cb_conn.cb_xprt);
        list_del(&clp->cl_idhash);
        if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
                rb_erase(&clp->cl_namenode, &nn->conf_name_tree);
        else
                rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
        spin_lock(&nn->client_lock);
        unhash_client_locked(clp);
        WARN_ON_ONCE(atomic_read(&clp->cl_refcount));
        free_client(clp);
        spin_unlock(&nn->client_lock);
}

static void expire_client(struct nfs4_client *clp)
{
        nfsd4_client_record_remove(clp);
        destroy_client(clp);
}

static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
{
        memcpy(target->cl_verifier.data, source->data,
                        sizeof(target->cl_verifier.data));
}

static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
{
        target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 
        target->cl_clientid.cl_id = source->cl_clientid.cl_id; 
}

static int copy_cred(struct svc_cred *target, struct svc_cred *source)
{
        if (source->cr_principal) {
                target->cr_principal =
                                kstrdup(source->cr_principal, GFP_KERNEL);
                if (target->cr_principal == NULL)
                        return -ENOMEM;
        } else
                target->cr_principal = NULL;
        target->cr_flavor = source->cr_flavor;
        target->cr_uid = source->cr_uid;
        target->cr_gid = source->cr_gid;
        target->cr_group_info = source->cr_group_info;
        get_group_info(target->cr_group_info);
        target->cr_gss_mech = source->cr_gss_mech;
        if (source->cr_gss_mech)
                gss_mech_get(source->cr_gss_mech);
        return 0;
}

static long long
compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2)
{
        long long res;

        res = o1->len - o2->len;
        if (res)
                return res;
        return (long long)memcmp(o1->data, o2->data, o1->len);
}

static int same_name(const char *n1, const char *n2)
{
        return 0 == memcmp(n1, n2, HEXDIR_LEN);
}

static int
same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
{
        return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
}

static int
same_clid(clientid_t *cl1, clientid_t *cl2)
{
        return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
}

static bool groups_equal(struct group_info *g1, struct group_info *g2)
{
        int i;

        if (g1->ngroups != g2->ngroups)
                return false;
        for (i=0; i<g1->ngroups; i++)
                if (!gid_eq(GROUP_AT(g1, i), GROUP_AT(g2, i)))
                        return false;
        return true;
}

/*
 * RFC 3530 language requires clid_inuse be returned when the
 * "principal" associated with a requests differs from that previously
 * used.  We use uid, gid's, and gss principal string as our best
 * approximation.  We also don't want to allow non-gss use of a client
 * established using gss: in theory cr_principal should catch that
 * change, but in practice cr_principal can be null even in the gss case
 * since gssd doesn't always pass down a principal string.
 */
static bool is_gss_cred(struct svc_cred *cr)
{
        /* Is cr_flavor one of the gss "pseudoflavors"?: */
        return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
}


static bool
same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
{
        if ((is_gss_cred(cr1) != is_gss_cred(cr2))
                || (!uid_eq(cr1->cr_uid, cr2->cr_uid))
                || (!gid_eq(cr1->cr_gid, cr2->cr_gid))
                || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
                return false;
        if (cr1->cr_principal == cr2->cr_principal)
                return true;
        if (!cr1->cr_principal || !cr2->cr_principal)
                return false;
        return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);
}

static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)
{
        struct svc_cred *cr = &rqstp->rq_cred;
        u32 service;

        if (!cr->cr_gss_mech)
                return false;
        service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);
        return service == RPC_GSS_SVC_INTEGRITY ||
               service == RPC_GSS_SVC_PRIVACY;
}

static bool mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)
{
        struct svc_cred *cr = &rqstp->rq_cred;

        if (!cl->cl_mach_cred)
                return true;
        if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)
                return false;
        if (!svc_rqst_integrity_protected(rqstp))
                return false;
        if (!cr->cr_principal)
                return false;
        return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);
}

static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)
{
        static u32 current_clientid = 1;

        clp->cl_clientid.cl_boot = nn->boot_time;
        clp->cl_clientid.cl_id = current_clientid++; 
}

static void gen_confirm(struct nfs4_client *clp)
{
        __be32 verf[2];
        static u32 i;

        verf[0] = (__be32)get_seconds();
        verf[1] = (__be32)i++;
        memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
}

static struct nfs4_stid *find_stateid(struct nfs4_client *cl, stateid_t *t)
{
        struct nfs4_stid *ret;

        ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id);
        if (!ret || !ret->sc_type)
                return NULL;
        return ret;
}

static struct nfs4_stid *find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
{
        struct nfs4_stid *s;

        s = find_stateid(cl, t);
        if (!s)
                return NULL;
        if (typemask & s->sc_type)
                return s;
        return NULL;
}

static struct nfs4_client *create_client(struct xdr_netobj name,
                struct svc_rqst *rqstp, nfs4_verifier *verf)
{
        struct nfs4_client *clp;
        struct sockaddr *sa = svc_addr(rqstp);
        int ret;
        struct net *net = SVC_NET(rqstp);
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);

        clp = alloc_client(name);
        if (clp == NULL)
                return NULL;

        INIT_LIST_HEAD(&clp->cl_sessions);
        ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred);
        if (ret) {
                spin_lock(&nn->client_lock);
                free_client(clp);
                spin_unlock(&nn->client_lock);
                return NULL;
        }
        idr_init(&clp->cl_stateids);
        atomic_set(&clp->cl_refcount, 0);
        clp->cl_cb_state = NFSD4_CB_UNKNOWN;
        INIT_LIST_HEAD(&clp->cl_idhash);
        INIT_LIST_HEAD(&clp->cl_openowners);
        INIT_LIST_HEAD(&clp->cl_delegations);
        INIT_LIST_HEAD(&clp->cl_lru);
        INIT_LIST_HEAD(&clp->cl_callbacks);
        INIT_LIST_HEAD(&clp->cl_revoked);
        spin_lock_init(&clp->cl_lock);
        nfsd4_init_callback(&clp->cl_cb_null);
        clp->cl_time = get_seconds();
        clear_bit(0, &clp->cl_cb_slot_busy);
        rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
        copy_verf(clp, verf);
        rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
        gen_confirm(clp);
        clp->cl_cb_session = NULL;
        clp->net = net;
        return clp;
}

static void
add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root)
{
        struct rb_node **new = &(root->rb_node), *parent = NULL;
        struct nfs4_client *clp;

        while (*new) {
                clp = rb_entry(*new, struct nfs4_client, cl_namenode);
                parent = *new;

                if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0)
                        new = &((*new)->rb_left);
                else
                        new = &((*new)->rb_right);
        }

        rb_link_node(&new_clp->cl_namenode, parent, new);
        rb_insert_color(&new_clp->cl_namenode, root);
}

static struct nfs4_client *
find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root)
{
        long long cmp;
        struct rb_node *node = root->rb_node;
        struct nfs4_client *clp;

        while (node) {
                clp = rb_entry(node, struct nfs4_client, cl_namenode);
                cmp = compare_blob(&clp->cl_name, name);
                if (cmp > 0)
                        node = node->rb_left;
                else if (cmp < 0)
                        node = node->rb_right;
                else
                        return clp;
        }
        return NULL;
}

static void
add_to_unconfirmed(struct nfs4_client *clp)
{
        unsigned int idhashval;
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
        add_clp_to_name_tree(clp, &nn->unconf_name_tree);
        idhashval = clientid_hashval(clp->cl_clientid.cl_id);
        list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]);
        renew_client(clp);
}

static void
move_to_confirmed(struct nfs4_client *clp)
{
        unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
        list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]);
        rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
        add_clp_to_name_tree(clp, &nn->conf_name_tree);
        set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
        renew_client(clp);
}

static struct nfs4_client *
find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions)
{
        struct nfs4_client *clp;
        unsigned int idhashval = clientid_hashval(clid->cl_id);

        list_for_each_entry(clp, &tbl[idhashval], cl_idhash) {
                if (same_clid(&clp->cl_clientid, clid)) {
                        if ((bool)clp->cl_minorversion != sessions)
                                return NULL;
                        renew_client(clp);
                        return clp;
                }
        }
        return NULL;
}

static struct nfs4_client *
find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
{
        struct list_head *tbl = nn->conf_id_hashtbl;

        return find_client_in_id_table(tbl, clid, sessions);
}

static struct nfs4_client *
find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
{
        struct list_head *tbl = nn->unconf_id_hashtbl;

        return find_client_in_id_table(tbl, clid, sessions);
}

static bool clp_used_exchangeid(struct nfs4_client *clp)
{
        return clp->cl_exchange_flags != 0;
} 

static struct nfs4_client *
find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
{
        return find_clp_in_name_tree(name, &nn->conf_name_tree);
}

static struct nfs4_client *
find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
{
        return find_clp_in_name_tree(name, &nn->unconf_name_tree);
}

static void
gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
{
        struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
        struct sockaddr *sa = svc_addr(rqstp);
        u32 scopeid = rpc_get_scope_id(sa);
        unsigned short expected_family;

        /* Currently, we only support tcp and tcp6 for the callback channel */
        if (se->se_callback_netid_len == 3 &&
            !memcmp(se->se_callback_netid_val, "tcp", 3))
                expected_family = AF_INET;
        else if (se->se_callback_netid_len == 4 &&
                 !memcmp(se->se_callback_netid_val, "tcp6", 4))
                expected_family = AF_INET6;
        else
                goto out_err;

        conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val,
                                            se->se_callback_addr_len,
                                            (struct sockaddr *)&conn->cb_addr,
                                            sizeof(conn->cb_addr));

        if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
                goto out_err;

        if (conn->cb_addr.ss_family == AF_INET6)
                ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;

        conn->cb_prog = se->se_callback_prog;
        conn->cb_ident = se->se_callback_ident;
        memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
        return;
out_err:
        conn->cb_addr.ss_family = AF_UNSPEC;
        conn->cb_addrlen = 0;
        dprintk(KERN_INFO "NFSD: this client (clientid %08x/%08x) "
                "will not receive delegations\n",
                clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);

        return;
}

/*
 * Cache a reply. nfsd4_check_drc_limit() has bounded the cache size.
 */
void
nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
{
        struct nfsd4_slot *slot = resp->cstate.slot;
        unsigned int base;

        dprintk("--> %s slot %p\n", __func__, slot);

        slot->sl_opcnt = resp->opcnt;
        slot->sl_status = resp->cstate.status;

        slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
        if (nfsd4_not_cached(resp)) {
                slot->sl_datalen = 0;
                return;
        }
        slot->sl_datalen = (char *)resp->p - (char *)resp->cstate.datap;
        base = (char *)resp->cstate.datap -
                                        (char *)resp->xbuf->head[0].iov_base;
        if (read_bytes_from_xdr_buf(resp->xbuf, base, slot->sl_data,
                                    slot->sl_datalen))
                WARN("%s: sessions DRC could not cache compound\n", __func__);
        return;
}

/*
 * Encode the replay sequence operation from the slot values.
 * If cachethis is FALSE encode the uncached rep error on the next
 * operation which sets resp->p and increments resp->opcnt for
 * nfs4svc_encode_compoundres.
 *
 */
static __be32
nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
                          struct nfsd4_compoundres *resp)
{
        struct nfsd4_op *op;
        struct nfsd4_slot *slot = resp->cstate.slot;

        /* Encode the replayed sequence operation */
        op = &args->ops[resp->opcnt - 1];
        nfsd4_encode_operation(resp, op);

        /* Return nfserr_retry_uncached_rep in next operation. */
        if (args->opcnt > 1 && !(slot->sl_flags & NFSD4_SLOT_CACHETHIS)) {
                op = &args->ops[resp->opcnt++];
                op->status = nfserr_retry_uncached_rep;
                nfsd4_encode_operation(resp, op);
        }
        return op->status;
}

/*
 * The sequence operation is not cached because we can use the slot and
 * session values.
 */
__be32
nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
                         struct nfsd4_sequence *seq)
{
        struct nfsd4_slot *slot = resp->cstate.slot;
        __be32 status;

        dprintk("--> %s slot %p\n", __func__, slot);

        /* Either returns 0 or nfserr_retry_uncached */
        status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
        if (status == nfserr_retry_uncached_rep)
                return status;

        /* The sequence operation has been encoded, cstate->datap set. */
        memcpy(resp->cstate.datap, slot->sl_data, slot->sl_datalen);

        resp->opcnt = slot->sl_opcnt;
        resp->p = resp->cstate.datap + XDR_QUADLEN(slot->sl_datalen);
        status = slot->sl_status;

        return status;
}

/*
 * Set the exchange_id flags returned by the server.
 */
static void
nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
{
        /* pNFS is not supported */
        new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;

        /* Referrals are supported, Migration is not. */
        new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;

        /* set the wire flags to return to client. */
        clid->flags = new->cl_exchange_flags;
}

static bool client_has_state(struct nfs4_client *clp)
{
        /*
         * Note clp->cl_openowners check isn't quite right: there's no
         * need to count owners without stateid's.
         *
         * Also note we should probably be using this in 4.0 case too.
         */
        return !list_empty(&clp->cl_openowners)
                || !list_empty(&clp->cl_delegations)
                || !list_empty(&clp->cl_sessions);
}

__be32
nfsd4_exchange_id(struct svc_rqst *rqstp,
                  struct nfsd4_compound_state *cstate,
                  struct nfsd4_exchange_id *exid)
{
        struct nfs4_client *unconf, *conf, *new;
        __be32 status;
        char                    addr_str[INET6_ADDRSTRLEN];
        nfs4_verifier           verf = exid->verifier;
        struct sockaddr         *sa = svc_addr(rqstp);
        bool    update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A;
        struct nfsd_net         *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        rpc_ntop(sa, addr_str, sizeof(addr_str));
        dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
                "ip_addr=%s flags %x, spa_how %d\n",
                __func__, rqstp, exid, exid->clname.len, exid->clname.data,
                addr_str, exid->flags, exid->spa_how);

        if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
                return nfserr_inval;

        switch (exid->spa_how) {
        case SP4_MACH_CRED:
                if (!svc_rqst_integrity_protected(rqstp))
                        return nfserr_inval;
        case SP4_NONE:
                break;
        default:                                /* checked by xdr code */
                WARN_ON_ONCE(1);
        case SP4_SSV:
                return nfserr_encr_alg_unsupp;
        }

        /* Cases below refer to rfc 5661 section 18.35.4: */
        nfs4_lock_state();
        conf = find_confirmed_client_by_name(&exid->clname, nn);
        if (conf) {
                bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred);
                bool verfs_match = same_verf(&verf, &conf->cl_verifier);

                if (update) {
                        if (!clp_used_exchangeid(conf)) { /* buggy client */
                                status = nfserr_inval;
                                goto out;
                        }
                        if (!mach_creds_match(conf, rqstp)) {
                                status = nfserr_wrong_cred;
                                goto out;
                        }
                        if (!creds_match) { /* case 9 */
                                status = nfserr_perm;
                                goto out;
                        }
                        if (!verfs_match) { /* case 8 */
                                status = nfserr_not_same;
                                goto out;
                        }
                        /* case 6 */
                        exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
                        new = conf;
                        goto out_copy;
                }
                if (!creds_match) { /* case 3 */
                        if (client_has_state(conf)) {
                                status = nfserr_clid_inuse;
                                goto out;
                        }
                        expire_client(conf);
                        goto out_new;
                }
                if (verfs_match) { /* case 2 */
                        conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R;
                        new = conf;
                        goto out_copy;
                }
                /* case 5, client reboot */
                goto out_new;
        }

        if (update) { /* case 7 */
                status = nfserr_noent;
                goto out;
        }

        unconf  = find_unconfirmed_client_by_name(&exid->clname, nn);
        if (unconf) /* case 4, possible retry or client restart */
                expire_client(unconf);

        /* case 1 (normal case) */
out_new:
        new = create_client(exid->clname, rqstp, &verf);
        if (new == NULL) {
                status = nfserr_jukebox;
                goto out;
        }
        new->cl_minorversion = cstate->minorversion;
        new->cl_mach_cred = (exid->spa_how == SP4_MACH_CRED);

        gen_clid(new, nn);
        add_to_unconfirmed(new);
out_copy:
        exid->clientid.cl_boot = new->cl_clientid.cl_boot;
        exid->clientid.cl_id = new->cl_clientid.cl_id;

        exid->seqid = new->cl_cs_slot.sl_seqid + 1;
        nfsd4_set_ex_flags(new, exid);

        dprintk("nfsd4_exchange_id seqid %d flags %x\n",
                new->cl_cs_slot.sl_seqid, new->cl_exchange_flags);
        status = nfs_ok;

out:
        nfs4_unlock_state();
        return status;
}

static __be32
check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
{
        dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
                slot_seqid);

        /* The slot is in use, and no response has been sent. */
        if (slot_inuse) {
                if (seqid == slot_seqid)
                        return nfserr_jukebox;
                else
                        return nfserr_seq_misordered;
        }
        /* Note unsigned 32-bit arithmetic handles wraparound: */
        if (likely(seqid == slot_seqid + 1))
                return nfs_ok;
        if (seqid == slot_seqid)
                return nfserr_replay_cache;
        return nfserr_seq_misordered;
}

/*
 * Cache the create session result into the create session single DRC
 * slot cache by saving the xdr structure. sl_seqid has been set.
 * Do this for solo or embedded create session operations.
 */
static void
nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
                           struct nfsd4_clid_slot *slot, __be32 nfserr)
{
        slot->sl_status = nfserr;
        memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
}

static __be32
nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
                            struct nfsd4_clid_slot *slot)
{
        memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
        return slot->sl_status;
}

#define NFSD_MIN_REQ_HDR_SEQ_SZ ((\
                        2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
                        1 +     /* MIN tag is length with zero, only length */ \
                        3 +     /* version, opcount, opcode */ \
                        XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
                                /* seqid, slotID, slotID, cache */ \
                        4 ) * sizeof(__be32))

#define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
                        2 +     /* verifier: AUTH_NULL, length 0 */\
                        1 +     /* status */ \
                        1 +     /* MIN tag is length with zero, only length */ \
                        3 +     /* opcount, opcode, opstatus*/ \
                        XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
                                /* seqid, slotID, slotID, slotID, status */ \
                        5 ) * sizeof(__be32))

static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
{
        u32 maxrpc = nn->nfsd_serv->sv_max_mesg;

        if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ)
                return nfserr_toosmall;
        if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ)
                return nfserr_toosmall;
        ca->headerpadsz = 0;
        ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc);
        ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc);
        ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND);
        ca->maxresp_cached = min_t(u32, ca->maxresp_cached,
                        NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ);
        ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION);
        /*
         * Note decreasing slot size below client's request may make it
         * difficult for client to function correctly, whereas
         * decreasing the number of slots will (just?) affect
         * performance.  When short on memory we therefore prefer to
         * decrease number of slots instead of their size.  Clients that
         * request larger slots than they need will get poor results:
         */
        ca->maxreqs = nfsd4_get_drc_mem(ca);
        if (!ca->maxreqs)
                return nfserr_jukebox;

        return nfs_ok;
}

static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
{
        ca->headerpadsz = 0;

        /*
         * These RPC_MAX_HEADER macros are overkill, especially since we
         * don't even do gss on the backchannel yet.  But this is still
         * less than 1k.  Tighten up this estimate in the unlikely event
         * it turns out to be a problem for some client:
         */
        if (ca->maxreq_sz < NFS4_enc_cb_recall_sz + RPC_MAX_HEADER_WITH_AUTH)
                return nfserr_toosmall;
        if (ca->maxresp_sz < NFS4_dec_cb_recall_sz + RPC_MAX_REPHEADER_WITH_AUTH)
                return nfserr_toosmall;
        ca->maxresp_cached = 0;
        if (ca->maxops < 2)
                return nfserr_toosmall;

        return nfs_ok;
}

static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
{
        switch (cbs->flavor) {
        case RPC_AUTH_NULL:
        case RPC_AUTH_UNIX:
                return nfs_ok;
        default:
                /*
                 * GSS case: the spec doesn't allow us to return this
                 * error.  But it also doesn't allow us not to support
                 * GSS.
                 * I'd rather this fail hard than return some error the
                 * client might think it can already handle:
                 */
                return nfserr_encr_alg_unsupp;
        }
}

__be32
nfsd4_create_session(struct svc_rqst *rqstp,
                     struct nfsd4_compound_state *cstate,
                     struct nfsd4_create_session *cr_ses)
{
        struct sockaddr *sa = svc_addr(rqstp);
        struct nfs4_client *conf, *unconf;
        struct nfsd4_session *new;
        struct nfsd4_conn *conn;
        struct nfsd4_clid_slot *cs_slot = NULL;
        __be32 status = 0;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
                return nfserr_inval;
        status = nfsd4_check_cb_sec(&cr_ses->cb_sec);
        if (status)
                return status;
        status = check_forechannel_attrs(&cr_ses->fore_channel, nn);
        if (status)
                return status;
        status = check_backchannel_attrs(&cr_ses->back_channel);
        if (status)
                return status;
        status = nfserr_jukebox;
        new = alloc_session(&cr_ses->fore_channel);
        if (!new)
                goto out_release_drc_mem;
        conn = alloc_conn_from_crses(rqstp, cr_ses);
        if (!conn)
                goto out_free_session;

        nfs4_lock_state();
        unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn);
        conf = find_confirmed_client(&cr_ses->clientid, true, nn);
        WARN_ON_ONCE(conf && unconf);

        if (conf) {
                status = nfserr_wrong_cred;
                if (!mach_creds_match(conf, rqstp))
                        goto out_free_conn;
                cs_slot = &conf->cl_cs_slot;
                status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
                if (status == nfserr_replay_cache) {
                        status = nfsd4_replay_create_session(cr_ses, cs_slot);
                        goto out_free_conn;
                } else if (cr_ses->seqid != cs_slot->sl_seqid + 1) {
                        status = nfserr_seq_misordered;
                        goto out_free_conn;
                }
        } else if (unconf) {
                struct nfs4_client *old;
                if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
                    !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
                        status = nfserr_clid_inuse;
                        goto out_free_conn;
                }
                status = nfserr_wrong_cred;
                if (!mach_creds_match(unconf, rqstp))
                        goto out_free_conn;
                cs_slot = &unconf->cl_cs_slot;
                status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
                if (status) {
                        /* an unconfirmed replay returns misordered */
                        status = nfserr_seq_misordered;
                        goto out_free_conn;
                }
                old = find_confirmed_client_by_name(&unconf->cl_name, nn);
                if (old) {
                        status = mark_client_expired(old);
                        if (status)
                                goto out_free_conn;
                        expire_client(old);
                }
                move_to_confirmed(unconf);
                conf = unconf;
        } else {
                status = nfserr_stale_clientid;
                goto out_free_conn;
        }
        status = nfs_ok;
        /*
         * We do not support RDMA or persistent sessions
         */
        cr_ses->flags &= ~SESSION4_PERSIST;
        cr_ses->flags &= ~SESSION4_RDMA;

        init_session(rqstp, new, conf, cr_ses);
        nfsd4_init_conn(rqstp, conn, new);

        memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
               NFS4_MAX_SESSIONID_LEN);
        cs_slot->sl_seqid++;
        cr_ses->seqid = cs_slot->sl_seqid;

        /* cache solo and embedded create sessions under the state lock */
        nfsd4_cache_create_session(cr_ses, cs_slot, status);
        nfs4_unlock_state();
        return status;
out_free_conn:
        nfs4_unlock_state();
        free_conn(conn);
out_free_session:
        __free_session(new);
out_release_drc_mem:
        nfsd4_put_drc_mem(&cr_ses->fore_channel);
        return status;
}

static __be32 nfsd4_map_bcts_dir(u32 *dir)
{
        switch (*dir) {

        case NFS4_CDFC4_FORE:
        case NFS4_CDFC4_BACK:
                return nfs_ok;
        case NFS4_CDFC4_FORE_OR_BOTH:
        case NFS4_CDFC4_BACK_OR_BOTH:
                *dir = NFS4_CDFC4_BOTH;
                return nfs_ok;
        };
        return nfserr_inval;
}

__be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_backchannel_ctl *bc)
{
        struct nfsd4_session *session = cstate->session;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
        __be32 status;

        status = nfsd4_check_cb_sec(&bc->bc_cb_sec);
        if (status)
                return status;
        spin_lock(&nn->client_lock);
        session->se_cb_prog = bc->bc_cb_program;
        session->se_cb_sec = bc->bc_cb_sec;
        spin_unlock(&nn->client_lock);

        nfsd4_probe_callback(session->se_client);

        return nfs_ok;
}

__be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
                     struct nfsd4_compound_state *cstate,
                     struct nfsd4_bind_conn_to_session *bcts)
{
        __be32 status;
        struct nfsd4_conn *conn;
        struct nfsd4_session *session;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        if (!nfsd4_last_compound_op(rqstp))
                return nfserr_not_only_op;
        nfs4_lock_state();
        spin_lock(&nn->client_lock);
        session = find_in_sessionid_hashtbl(&bcts->sessionid, SVC_NET(rqstp));
        spin_unlock(&nn->client_lock);
        status = nfserr_badsession;
        if (!session)
                goto out;
        status = nfserr_wrong_cred;
        if (!mach_creds_match(session->se_client, rqstp))
                goto out;
        status = nfsd4_map_bcts_dir(&bcts->dir);
        if (status)
                goto out;
        conn = alloc_conn(rqstp, bcts->dir);
        status = nfserr_jukebox;
        if (!conn)
                goto out;
        nfsd4_init_conn(rqstp, conn, session);
        status = nfs_ok;
out:
        nfs4_unlock_state();
        return status;
}

static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
{
        if (!session)
                return 0;
        return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
}

__be32
nfsd4_destroy_session(struct svc_rqst *r,
                      struct nfsd4_compound_state *cstate,
                      struct nfsd4_destroy_session *sessionid)
{
        struct nfsd4_session *ses;
        __be32 status;
        int ref_held_by_me = 0;
        struct nfsd_net *nn = net_generic(SVC_NET(r), nfsd_net_id);

        nfs4_lock_state();
        status = nfserr_not_only_op;
        if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
                if (!nfsd4_last_compound_op(r))
                        goto out;
                ref_held_by_me++;
        }
        dump_sessionid(__func__, &sessionid->sessionid);
        spin_lock(&nn->client_lock);
        ses = find_in_sessionid_hashtbl(&sessionid->sessionid, SVC_NET(r));
        status = nfserr_badsession;
        if (!ses)
                goto out_client_lock;
        status = nfserr_wrong_cred;
        if (!mach_creds_match(ses->se_client, r))
                goto out_client_lock;
        nfsd4_get_session_locked(ses);
        status = mark_session_dead_locked(ses, 1 + ref_held_by_me);
        if (status)
                goto out_put_session;
        unhash_session(ses);
        spin_unlock(&nn->client_lock);

        nfsd4_probe_callback_sync(ses->se_client);

        spin_lock(&nn->client_lock);
        status = nfs_ok;
out_put_session:
        nfsd4_put_session(ses);
out_client_lock:
        spin_unlock(&nn->client_lock);
out:
        nfs4_unlock_state();
        return status;
}

static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
{
        struct nfsd4_conn *c;

        list_for_each_entry(c, &s->se_conns, cn_persession) {
                if (c->cn_xprt == xpt) {
                        return c;
                }
        }
        return NULL;
}

static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
{
        struct nfs4_client *clp = ses->se_client;
        struct nfsd4_conn *c;
        __be32 status = nfs_ok;
        int ret;

        spin_lock(&clp->cl_lock);
        c = __nfsd4_find_conn(new->cn_xprt, ses);
        if (c)
                goto out_free;
        status = nfserr_conn_not_bound_to_session;
        if (clp->cl_mach_cred)
                goto out_free;
        __nfsd4_hash_conn(new, ses);
        spin_unlock(&clp->cl_lock);
        ret = nfsd4_register_conn(new);
        if (ret)
                /* oops; xprt is already down: */
                nfsd4_conn_lost(&new->cn_xpt_user);
        return nfs_ok;
out_free:
        spin_unlock(&clp->cl_lock);
        free_conn(new);
        return status;
}

static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
{
        struct nfsd4_compoundargs *args = rqstp->rq_argp;

        return args->opcnt > session->se_fchannel.maxops;
}

static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
                                  struct nfsd4_session *session)
{
        struct xdr_buf *xb = &rqstp->rq_arg;

        return xb->len > session->se_fchannel.maxreq_sz;
}

__be32
nfsd4_sequence(struct svc_rqst *rqstp,
               struct nfsd4_compound_state *cstate,
               struct nfsd4_sequence *seq)
{
        struct nfsd4_compoundres *resp = rqstp->rq_resp;
        struct nfsd4_session *session;
        struct nfs4_client *clp;
        struct nfsd4_slot *slot;
        struct nfsd4_conn *conn;
        __be32 status;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        if (resp->opcnt != 1)
                return nfserr_sequence_pos;

        /*
         * Will be either used or freed by nfsd4_sequence_check_conn
         * below.
         */
        conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
        if (!conn)
                return nfserr_jukebox;

        spin_lock(&nn->client_lock);
        status = nfserr_badsession;
        session = find_in_sessionid_hashtbl(&seq->sessionid, SVC_NET(rqstp));
        if (!session)
                goto out_no_session;
        clp = session->se_client;
        status = get_client_locked(clp);
        if (status)
                goto out_no_session;
        status = nfsd4_get_session_locked(session);
        if (status)
                goto out_put_client;

        status = nfserr_too_many_ops;
        if (nfsd4_session_too_many_ops(rqstp, session))
                goto out_put_session;

        status = nfserr_req_too_big;
        if (nfsd4_request_too_big(rqstp, session))
                goto out_put_session;

        status = nfserr_badslot;
        if (seq->slotid >= session->se_fchannel.maxreqs)
                goto out_put_session;

        slot = session->se_slots[seq->slotid];
        dprintk("%s: slotid %d\n", __func__, seq->slotid);

        /* We do not negotiate the number of slots yet, so set the
         * maxslots to the session maxreqs which is used to encode
         * sr_highest_slotid and the sr_target_slot id to maxslots */
        seq->maxslots = session->se_fchannel.maxreqs;

        status = check_slot_seqid(seq->seqid, slot->sl_seqid,
                                        slot->sl_flags & NFSD4_SLOT_INUSE);
        if (status == nfserr_replay_cache) {
                status = nfserr_seq_misordered;
                if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
                        goto out_put_session;
                cstate->slot = slot;
                cstate->session = session;
                /* Return the cached reply status and set cstate->status
                 * for nfsd4_proc_compound processing */
                status = nfsd4_replay_cache_entry(resp, seq);
                cstate->status = nfserr_replay_cache;
                goto out;
        }
        if (status)
                goto out_put_session;

        status = nfsd4_sequence_check_conn(conn, session);
        conn = NULL;
        if (status)
                goto out_put_session;

        /* Success! bump slot seqid */
        slot->sl_seqid = seq->seqid;
        slot->sl_flags |= NFSD4_SLOT_INUSE;
        if (seq->cachethis)
                slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
        else
                slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;

        cstate->slot = slot;
        cstate->session = session;

out:
        switch (clp->cl_cb_state) {
        case NFSD4_CB_DOWN:
                seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
                break;
        case NFSD4_CB_FAULT:
                seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
                break;
        default:
                seq->status_flags = 0;
        }
        if (!list_empty(&clp->cl_revoked))
                seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED;
out_no_session:
        kfree(conn);
        spin_unlock(&nn->client_lock);
        return status;
out_put_session:
        nfsd4_put_session(session);
out_put_client:
        put_client_renew_locked(clp);
        goto out_no_session;
}

__be32
nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_destroy_clientid *dc)
{
        struct nfs4_client *conf, *unconf, *clp;
        __be32 status = 0;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        nfs4_lock_state();
        unconf = find_unconfirmed_client(&dc->clientid, true, nn);
        conf = find_confirmed_client(&dc->clientid, true, nn);
        WARN_ON_ONCE(conf && unconf);

        if (conf) {
                clp = conf;

                if (client_has_state(conf)) {
                        status = nfserr_clientid_busy;
                        goto out;
                }
        } else if (unconf)
                clp = unconf;
        else {
                status = nfserr_stale_clientid;
                goto out;
        }
        if (!mach_creds_match(clp, rqstp)) {
                status = nfserr_wrong_cred;
                goto out;
        }
        expire_client(clp);
out:
        nfs4_unlock_state();
        return status;
}

__be32
nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
{
        __be32 status = 0;

        if (rc->rca_one_fs) {
                if (!cstate->current_fh.fh_dentry)
                        return nfserr_nofilehandle;
                /*
                 * We don't take advantage of the rca_one_fs case.
                 * That's OK, it's optional, we can safely ignore it.
                 */
                 return nfs_ok;
        }

        nfs4_lock_state();
        status = nfserr_complete_already;
        if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
                             &cstate->session->se_client->cl_flags))
                goto out;

        status = nfserr_stale_clientid;
        if (is_client_expired(cstate->session->se_client))
                /*
                 * The following error isn't really legal.
                 * But we only get here if the client just explicitly
                 * destroyed the client.  Surely it no longer cares what
                 * error it gets back on an operation for the dead
                 * client.
                 */
                goto out;

        status = nfs_ok;
        nfsd4_client_record_create(cstate->session->se_client);
out:
        nfs4_unlock_state();
        return status;
}

__be32
nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
                  struct nfsd4_setclientid *setclid)
{
        struct xdr_netobj       clname = setclid->se_name;
        nfs4_verifier           clverifier = setclid->se_verf;
        struct nfs4_client      *conf, *unconf, *new;
        __be32                  status;
        struct nfsd_net         *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        /* Cases below refer to rfc 3530 section 14.2.33: */
        nfs4_lock_state();
        conf = find_confirmed_client_by_name(&clname, nn);
        if (conf) {
                /* case 0: */
                status = nfserr_clid_inuse;
                if (clp_used_exchangeid(conf))
                        goto out;
                if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
                        char addr_str[INET6_ADDRSTRLEN];
                        rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
                                 sizeof(addr_str));
                        dprintk("NFSD: setclientid: string in use by client "
                                "at %s\n", addr_str);
                        goto out;
                }
        }
        unconf = find_unconfirmed_client_by_name(&clname, nn);
        if (unconf)
                expire_client(unconf);
        status = nfserr_jukebox;
        new = create_client(clname, rqstp, &clverifier);
        if (new == NULL)
                goto out;
        if (conf && same_verf(&conf->cl_verifier, &clverifier))
                /* case 1: probable callback update */
                copy_clid(new, conf);
        else /* case 4 (new client) or cases 2, 3 (client reboot): */
                gen_clid(new, nn);
        new->cl_minorversion = 0;
        gen_callback(new, setclid, rqstp);
        add_to_unconfirmed(new);
        setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
        setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
        memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
        status = nfs_ok;
out:
        nfs4_unlock_state();
        return status;
}


__be32
nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
                         struct nfsd4_compound_state *cstate,
                         struct nfsd4_setclientid_confirm *setclientid_confirm)
{
        struct nfs4_client *conf, *unconf;
        nfs4_verifier confirm = setclientid_confirm->sc_confirm; 
        clientid_t * clid = &setclientid_confirm->sc_clientid;
        __be32 status;
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        if (STALE_CLIENTID(clid, nn))
                return nfserr_stale_clientid;
        nfs4_lock_state();

        conf = find_confirmed_client(clid, false, nn);
        unconf = find_unconfirmed_client(clid, false, nn);
        /*
         * We try hard to give out unique clientid's, so if we get an
         * attempt to confirm the same clientid with a different cred,
         * there's a bug somewhere.  Let's charitably assume it's our
         * bug.
         */
        status = nfserr_serverfault;
        if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred))
                goto out;
        if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred))
                goto out;
        /* cases below refer to rfc 3530 section 14.2.34: */
        if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
                if (conf && !unconf) /* case 2: probable retransmit */
                        status = nfs_ok;
                else /* case 4: client hasn't noticed we rebooted yet? */
                        status = nfserr_stale_clientid;
                goto out;
        }
        status = nfs_ok;
        if (conf) { /* case 1: callback update */
                nfsd4_change_callback(conf, &unconf->cl_cb_conn);
                nfsd4_probe_callback(conf);
                expire_client(unconf);
        } else { /* case 3: normal case; new or rebooted client */
                conf = find_confirmed_client_by_name(&unconf->cl_name, nn);
                if (conf) {
                        status = mark_client_expired(conf);
                        if (status)
                                goto out;
                        expire_client(conf);
                }
                move_to_confirmed(unconf);
                nfsd4_probe_callback(unconf);
        }
out:
        nfs4_unlock_state();
        return status;
}

static struct nfs4_file *nfsd4_alloc_file(void)
{
        return kmem_cache_alloc(file_slab, GFP_KERNEL);
}

/* OPEN Share state helper functions */
static void nfsd4_init_file(struct nfs4_file *fp, struct inode *ino)
{
        unsigned int hashval = file_hashval(ino);

        atomic_set(&fp->fi_ref, 1);
        INIT_LIST_HEAD(&fp->fi_stateids);
        INIT_LIST_HEAD(&fp->fi_delegations);
        fp->fi_inode = igrab(ino);
        fp->fi_had_conflict = false;
        fp->fi_lease = NULL;
        memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
        memset(fp->fi_access, 0, sizeof(fp->fi_access));
        spin_lock(&recall_lock);
        hlist_add_head(&fp->fi_hash, &file_hashtbl[hashval]);
        spin_unlock(&recall_lock);
}

static void
nfsd4_free_slab(struct kmem_cache **slab)
{
        if (*slab == NULL)
                return;
        kmem_cache_destroy(*slab);
        *slab = NULL;
}

void
nfsd4_free_slabs(void)
{
        nfsd4_free_slab(&openowner_slab);
        nfsd4_free_slab(&lockowner_slab);
        nfsd4_free_slab(&file_slab);
        nfsd4_free_slab(&stateid_slab);
        nfsd4_free_slab(&deleg_slab);
}

int
nfsd4_init_slabs(void)
{
        openowner_slab = kmem_cache_create("nfsd4_openowners",
                        sizeof(struct nfs4_openowner), 0, 0, NULL);
        if (openowner_slab == NULL)
                goto out_nomem;
        lockowner_slab = kmem_cache_create("nfsd4_lockowners",
                        sizeof(struct nfs4_lockowner), 0, 0, NULL);
        if (lockowner_slab == NULL)
                goto out_nomem;
        file_slab = kmem_cache_create("nfsd4_files",
                        sizeof(struct nfs4_file), 0, 0, NULL);
        if (file_slab == NULL)
                goto out_nomem;
        stateid_slab = kmem_cache_create("nfsd4_stateids",
                        sizeof(struct nfs4_ol_stateid), 0, 0, NULL);
        if (stateid_slab == NULL)
                goto out_nomem;
        deleg_slab = kmem_cache_create("nfsd4_delegations",
                        sizeof(struct nfs4_delegation), 0, 0, NULL);
        if (deleg_slab == NULL)
                goto out_nomem;
        return 0;
out_nomem:
        nfsd4_free_slabs();
        dprintk("nfsd4: out of memory while initializing nfsv4\n");
        return -ENOMEM;
}

void nfs4_free_openowner(struct nfs4_openowner *oo)
{
        kfree(oo->oo_owner.so_owner.data);
        kmem_cache_free(openowner_slab, oo);
}

void nfs4_free_lockowner(struct nfs4_lockowner *lo)
{
        kfree(lo->lo_owner.so_owner.data);
        kmem_cache_free(lockowner_slab, lo);
}

static void init_nfs4_replay(struct nfs4_replay *rp)
{
        rp->rp_status = nfserr_serverfault;
        rp->rp_buflen = 0;
        rp->rp_buf = rp->rp_ibuf;
}

static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
{
        struct nfs4_stateowner *sop;

        sop = kmem_cache_alloc(slab, GFP_KERNEL);
        if (!sop)
                return NULL;

        sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL);
        if (!sop->so_owner.data) {
                kmem_cache_free(slab, sop);
                return NULL;
        }
        sop->so_owner.len = owner->len;

        INIT_LIST_HEAD(&sop->so_stateids);
        sop->so_client = clp;
        init_nfs4_replay(&sop->so_replay);
        return sop;
}

static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
{
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        list_add(&oo->oo_owner.so_strhash, &nn->ownerstr_hashtbl[strhashval]);
        list_add(&oo->oo_perclient, &clp->cl_openowners);
}

static struct nfs4_openowner *
alloc_init_open_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfsd4_open *open) {
        struct nfs4_openowner *oo;

        oo = alloc_stateowner(openowner_slab, &open->op_owner, clp);
        if (!oo)
                return NULL;
        oo->oo_owner.so_is_open_owner = 1;
        oo->oo_owner.so_seqid = open->op_seqid;
        oo->oo_flags = NFS4_OO_NEW;
        oo->oo_time = 0;
        oo->oo_last_closed_stid = NULL;
        INIT_LIST_HEAD(&oo->oo_close_lru);
        hash_openowner(oo, clp, strhashval);
        return oo;
}

static void init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp, struct nfsd4_open *open) {
        struct nfs4_openowner *oo = open->op_openowner;

        stp->st_stid.sc_type = NFS4_OPEN_STID;
        INIT_LIST_HEAD(&stp->st_lockowners);
        list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
        list_add(&stp->st_perfile, &fp->fi_stateids);
        stp->st_stateowner = &oo->oo_owner;
        get_nfs4_file(fp);
        stp->st_file = fp;
        stp->st_access_bmap = 0;
        stp->st_deny_bmap = 0;
        set_access(open->op_share_access, stp);
        set_deny(open->op_share_deny, stp);
        stp->st_openstp = NULL;
}

static void
move_to_close_lru(struct nfs4_openowner *oo, struct net *net)
{
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);

        dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);

        list_move_tail(&oo->oo_close_lru, &nn->close_lru);
        oo->oo_time = get_seconds();
}

static int
same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner,
                                                        clientid_t *clid)
{
        return (sop->so_owner.len == owner->len) &&
                0 == memcmp(sop->so_owner.data, owner->data, owner->len) &&
                (sop->so_client->cl_clientid.cl_id == clid->cl_id);
}

static struct nfs4_openowner *
find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open,
                        bool sessions, struct nfsd_net *nn)
{
        struct nfs4_stateowner *so;
        struct nfs4_openowner *oo;
        struct nfs4_client *clp;

        list_for_each_entry(so, &nn->ownerstr_hashtbl[hashval], so_strhash) {
                if (!so->so_is_open_owner)
                        continue;
                if (same_owner_str(so, &open->op_owner, &open->op_clientid)) {
                        oo = openowner(so);
                        clp = oo->oo_owner.so_client;
                        if ((bool)clp->cl_minorversion != sessions)
                                return NULL;
                        renew_client(oo->oo_owner.so_client);
                        return oo;
                }
        }
        return NULL;
}

/* search file_hashtbl[] for file */
static struct nfs4_file *
find_file(struct inode *ino)
{
        unsigned int hashval = file_hashval(ino);
        struct nfs4_file *fp;

        spin_lock(&recall_lock);
        hlist_for_each_entry(fp, &file_hashtbl[hashval], fi_hash) {
                if (fp->fi_inode == ino) {
                        get_nfs4_file(fp);
                        spin_unlock(&recall_lock);
                        return fp;
                }
        }
        spin_unlock(&recall_lock);
        return NULL;
}

/*
 * Called to check deny when READ with all zero stateid or
 * WRITE with all zero or all one stateid
 */
static __be32
nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
{
        struct inode *ino = current_fh->fh_dentry->d_inode;
        struct nfs4_file *fp;
        struct nfs4_ol_stateid *stp;
        __be32 ret;

        fp = find_file(ino);
        if (!fp)
                return nfs_ok;
        ret = nfserr_locked;
        /* Search for conflicting share reservations */
        list_for_each_entry(stp, &fp->fi_stateids, st_perfile) {
                if (test_deny(deny_type, stp) ||
                    test_deny(NFS4_SHARE_DENY_BOTH, stp))
                        goto out;
        }
        ret = nfs_ok;
out:
        put_nfs4_file(fp);
        return ret;
}

static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
{
        struct nfs4_client *clp = dp->dl_stid.sc_client;
        struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);

        /* We're assuming the state code never drops its reference
         * without first removing the lease.  Since we're in this lease
         * callback (and since the lease code is serialized by the kernel
         * lock) we know the server hasn't removed the lease yet, we know
         * it's safe to take a reference: */
        atomic_inc(&dp->dl_count);

        list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru);

        /* Only place dl_time is set; protected by i_lock: */
        dp->dl_time = get_seconds();

        nfsd4_cb_recall(dp);
}

/* Called from break_lease() with i_lock held. */
static void nfsd_break_deleg_cb(struct file_lock *fl)
{
        struct nfs4_file *fp = (struct nfs4_file *)fl->fl_owner;
        struct nfs4_delegation *dp;

        if (!fp) {
                WARN(1, "(%p)->fl_owner NULL\n", fl);
                return;
        }
        if (fp->fi_had_conflict) {
                WARN(1, "duplicate break on %p\n", fp);
                return;
        }
        /*
         * We don't want the locks code to timeout the lease for us;
         * we'll remove it ourself if a delegation isn't returned
         * in time:
         */
        fl->fl_break_time = 0;

        spin_lock(&recall_lock);
        fp->fi_had_conflict = true;
        list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
                nfsd_break_one_deleg(dp);
        spin_unlock(&recall_lock);
}

static
int nfsd_change_deleg_cb(struct file_lock **onlist, int arg)
{
        if (arg & F_UNLCK)
                return lease_modify(onlist, arg);
        else
                return -EAGAIN;
}

static const struct lock_manager_operations nfsd_lease_mng_ops = {
        .lm_break = nfsd_break_deleg_cb,
        .lm_change = nfsd_change_deleg_cb,
};

static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
{
        if (nfsd4_has_session(cstate))
                return nfs_ok;
        if (seqid == so->so_seqid - 1)
                return nfserr_replay_me;
        if (seqid == so->so_seqid)
                return nfs_ok;
        return nfserr_bad_seqid;
}

__be32
nfsd4_process_open1(struct nfsd4_compound_state *cstate,
                    struct nfsd4_open *open, struct nfsd_net *nn)
{
        clientid_t *clientid = &open->op_clientid;
        struct nfs4_client *clp = NULL;
        unsigned int strhashval;
        struct nfs4_openowner *oo = NULL;
        __be32 status;

        if (STALE_CLIENTID(&open->op_clientid, nn))
                return nfserr_stale_clientid;
        /*
         * In case we need it later, after we've already created the
         * file and don't want to risk a further failure:
         */
        open->op_file = nfsd4_alloc_file();
        if (open->op_file == NULL)
                return nfserr_jukebox;

        strhashval = ownerstr_hashval(clientid->cl_id, &open->op_owner);
        oo = find_openstateowner_str(strhashval, open, cstate->minorversion, nn);
        open->op_openowner = oo;
        if (!oo) {
                clp = find_confirmed_client(clientid, cstate->minorversion,
                                            nn);
                if (clp == NULL)
                        return nfserr_expired;
                goto new_owner;
        }
        if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
                /* Replace unconfirmed owners without checking for replay. */
                clp = oo->oo_owner.so_client;
                release_openowner(oo);
                open->op_openowner = NULL;
                goto new_owner;
        }
        status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
        if (status)
                return status;
        clp = oo->oo_owner.so_client;
        goto alloc_stateid;
new_owner:
        oo = alloc_init_open_stateowner(strhashval, clp, open);
        if (oo == NULL)
                return nfserr_jukebox;
        open->op_openowner = oo;
alloc_stateid:
        open->op_stp = nfs4_alloc_stateid(clp);
        if (!open->op_stp)
                return nfserr_jukebox;
        return nfs_ok;
}

static inline __be32
nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
{
        if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
                return nfserr_openmode;
        else
                return nfs_ok;
}

static int share_access_to_flags(u32 share_access)
{
        return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
}

static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s)
{
        struct nfs4_stid *ret;

        ret = find_stateid_by_type(cl, s, NFS4_DELEG_STID);
        if (!ret)
                return NULL;
        return delegstateid(ret);
}

static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
{
        return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
               open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
}

static __be32
nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open,
                struct nfs4_delegation **dp)
{
        int flags;
        __be32 status = nfserr_bad_stateid;

        *dp = find_deleg_stateid(cl, &open->op_delegate_stateid);
        if (*dp == NULL)
                goto out;
        flags = share_access_to_flags(open->op_share_access);
        status = nfs4_check_delegmode(*dp, flags);
        if (status)
                *dp = NULL;
out:
        if (!nfsd4_is_deleg_cur(open))
                return nfs_ok;
        if (status)
                return status;
        open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
        return nfs_ok;
}

static __be32
nfs4_check_open(struct nfs4_file *fp, struct nfsd4_open *open, struct nfs4_ol_stateid **stpp)
{
        struct nfs4_ol_stateid *local;
        struct nfs4_openowner *oo = open->op_openowner;

        list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
                /* ignore lock owners */
                if (local->st_stateowner->so_is_open_owner == 0)
                        continue;
                /* remember if we have seen this open owner */
                if (local->st_stateowner == &oo->oo_owner)
                        *stpp = local;
                /* check for conflicting share reservations */
                if (!test_share(local, open))
                        return nfserr_share_denied;
        }
        return nfs_ok;
}

static inline int nfs4_access_to_access(u32 nfs4_access)
{
        int flags = 0;

        if (nfs4_access & NFS4_SHARE_ACCESS_READ)
                flags |= NFSD_MAY_READ;
        if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
                flags |= NFSD_MAY_WRITE;
        return flags;
}

static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
                struct svc_fh *cur_fh, struct nfsd4_open *open)
{
        __be32 status;
        int oflag = nfs4_access_to_omode(open->op_share_access);
        int access = nfs4_access_to_access(open->op_share_access);

        if (!fp->fi_fds[oflag]) {
                status = nfsd_open(rqstp, cur_fh, S_IFREG, access,
                        &fp->fi_fds[oflag]);
                if (status)
                        return status;
        }
        nfs4_file_get_access(fp, oflag);

        return nfs_ok;
}

static inline __be32
nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
                struct nfsd4_open *open)
{
        struct iattr iattr = {
                .ia_valid = ATTR_SIZE,
                .ia_size = 0,
        };
        if (!open->op_truncate)
                return 0;
        if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
                return nfserr_inval;
        return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
}

static __be32
nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
{
        u32 op_share_access = open->op_share_access;
        bool new_access;
        __be32 status;

        new_access = !test_access(op_share_access, stp);
        if (new_access) {
                status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open);
                if (status)
                        return status;
        }
        status = nfsd4_truncate(rqstp, cur_fh, open);
        if (status) {
                if (new_access) {
                        int oflag = nfs4_access_to_omode(op_share_access);
                        nfs4_file_put_access(fp, oflag);
                }
                return status;
        }
        /* remember the open */
        set_access(op_share_access, stp);
        set_deny(open->op_share_deny, stp);

        return nfs_ok;
}


static void
nfs4_set_claim_prev(struct nfsd4_open *open, bool has_session)
{
        open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
}

/* Should we give out recallable state?: */
static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
{
        if (clp->cl_cb_state == NFSD4_CB_UP)
                return true;
        /*
         * In the sessions case, since we don't have to establish a
         * separate connection for callbacks, we assume it's OK