LXR linux/fs/nfsd/nfs4xdr.c

   1/*
   2 *  Server-side XDR for NFSv4
   3 *
   4 *  Copyright (c) 2002 The Regents of the University of Michigan.
   5 *  All rights reserved.
   6 *
   7 *  Kendrick Smith <kmsmith@umich.edu>
   8 *  Andy Adamson   <andros@umich.edu>
   9 *
  10 *  Redistribution and use in source and binary forms, with or without
  11 *  modification, are permitted provided that the following conditions
  12 *  are met:
  13 *
  14 *  1. Redistributions of source code must retain the above copyright
  15 *     notice, this list of conditions and the following disclaimer.
  16 *  2. Redistributions in binary form must reproduce the above copyright
  17 *     notice, this list of conditions and the following disclaimer in the
  18 *     documentation and/or other materials provided with the distribution.
  19 *  3. Neither the name of the University nor the names of its
  20 *     contributors may be used to endorse or promote products derived
  21 *     from this software without specific prior written permission.
  22 *
  23 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  24 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  27 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  28 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  29 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  30 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  31 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  32 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  33 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  34 *
  35 * TODO: Neil Brown made the following observation:  We currently
  36 * initially reserve NFSD_BUFSIZE space on the transmit queue and
  37 * never release any of that until the request is complete.
  38 * It would be good to calculate a new maximum response size while
  39 * decoding the COMPOUND, and call svc_reserve with this number
  40 * at the end of nfs4svc_decode_compoundargs.
  41 */
  42
  43#include <linux/slab.h>
  44#include <linux/namei.h>
  45#include <linux/statfs.h>
  46#include <linux/utsname.h>
  47#include <linux/pagemap.h>
  48#include <linux/sunrpc/svcauth_gss.h>
  49
  50#include "idmap.h"
  51#include "acl.h"
  52#include "xdr4.h"
  53#include "vfs.h"
  54#include "state.h"
  55#include "cache.h"
  56#include "netns.h"
  57
  58#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
  59#include <linux/security.h>
  60#endif
  61
  62
  63#define NFSDDBG_FACILITY                NFSDDBG_XDR
  64
  65/*
  66 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
  67 * directory in order to indicate to the client that a filesystem boundary is present
  68 * We use a fixed fsid for a referral
  69 */
  70#define NFS4_REFERRAL_FSID_MAJOR        0x8000000ULL
  71#define NFS4_REFERRAL_FSID_MINOR        0x8000000ULL
  72
  73static __be32
  74check_filename(char *str, int len)
  75{
  76        int i;
  77
  78        if (len == 0)
  79                return nfserr_inval;
  80        if (isdotent(str, len))
  81                return nfserr_badname;
  82        for (i = 0; i < len; i++)
  83                if (str[i] == '/')
  84                        return nfserr_badname;
  85        return 0;
  86}
  87
  88#define DECODE_HEAD                             \
  89        __be32 *p;                              \
  90        __be32 status
  91#define DECODE_TAIL                             \
  92        status = 0;                             \
  93out:                                            \
  94        return status;                          \
  95xdr_error:                                      \
  96        dprintk("NFSD: xdr error (%s:%d)\n",    \
  97                        __FILE__, __LINE__);    \
  98        status = nfserr_bad_xdr;                \
  99        goto out
 100
 101#define READMEM(x,nbytes) do {                  \
 102        x = (char *)p;                          \
 103        p += XDR_QUADLEN(nbytes);               \
 104} while (0)
 105#define SAVEMEM(x,nbytes) do {                  \
 106        if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
 107                savemem(argp, p, nbytes) :      \
 108                (char *)p)) {                   \
 109                dprintk("NFSD: xdr error (%s:%d)\n", \
 110                                __FILE__, __LINE__); \
 111                goto xdr_error;                 \
 112                }                               \
 113        p += XDR_QUADLEN(nbytes);               \
 114} while (0)
 115#define COPYMEM(x,nbytes) do {                  \
 116        memcpy((x), p, nbytes);                 \
 117        p += XDR_QUADLEN(nbytes);               \
 118} while (0)
 119
 120/* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
 121#define READ_BUF(nbytes)  do {                  \
 122        if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {     \
 123                p = argp->p;                    \
 124                argp->p += XDR_QUADLEN(nbytes); \
 125        } else if (!(p = read_buf(argp, nbytes))) { \
 126                dprintk("NFSD: xdr error (%s:%d)\n", \
 127                                __FILE__, __LINE__); \
 128                goto xdr_error;                 \
 129        }                                       \
 130} while (0)
 131
 132static void next_decode_page(struct nfsd4_compoundargs *argp)
 133{
 134        argp->p = page_address(argp->pagelist[0]);
 135        argp->pagelist++;
 136        if (argp->pagelen < PAGE_SIZE) {
 137                argp->end = argp->p + (argp->pagelen>>2);
 138                argp->pagelen = 0;
 139        } else {
 140                argp->end = argp->p + (PAGE_SIZE>>2);
 141                argp->pagelen -= PAGE_SIZE;
 142        }
 143}
 144
 145static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
 146{
 147        /* We want more bytes than seem to be available.
 148         * Maybe we need a new page, maybe we have just run out
 149         */
 150        unsigned int avail = (char *)argp->end - (char *)argp->p;
 151        __be32 *p;
 152        if (avail + argp->pagelen < nbytes)
 153                return NULL;
 154        if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
 155                return NULL;
 156        /* ok, we can do it with the current plus the next page */
 157        if (nbytes <= sizeof(argp->tmp))
 158                p = argp->tmp;
 159        else {
 160                kfree(argp->tmpp);
 161                p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
 162                if (!p)
 163                        return NULL;
 164                
 165        }
 166        /*
 167         * The following memcpy is safe because read_buf is always
 168         * called with nbytes > avail, and the two cases above both
 169         * guarantee p points to at least nbytes bytes.
 170         */
 171        memcpy(p, argp->p, avail);
 172        next_decode_page(argp);
 173        memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
 174        argp->p += XDR_QUADLEN(nbytes - avail);
 175        return p;
 176}
 177
 178static int zero_clientid(clientid_t *clid)
 179{
 180        return (clid->cl_boot == 0) && (clid->cl_id == 0);
 181}
 182
 183/**
 184 * defer_free - mark an allocation as deferred freed
 185 * @argp: NFSv4 compound argument structure to be freed with
 186 * @release: release callback to free @p, typically kfree()
 187 * @p: pointer to be freed
 188 *
 189 * Marks @p to be freed when processing the compound operation
 190 * described in @argp finishes.
 191 */
 192static int
 193defer_free(struct nfsd4_compoundargs *argp,
 194                void (*release)(const void *), void *p)
 195{
 196        struct tmpbuf *tb;
 197
 198        tb = kmalloc(sizeof(*tb), GFP_KERNEL);
 199        if (!tb)
 200                return -ENOMEM;
 201        tb->buf = p;
 202        tb->release = release;
 203        tb->next = argp->to_free;
 204        argp->to_free = tb;
 205        return 0;
 206}
 207
 208/**
 209 * savemem - duplicate a chunk of memory for later processing
 210 * @argp: NFSv4 compound argument structure to be freed with
 211 * @p: pointer to be duplicated
 212 * @nbytes: length to be duplicated
 213 *
 214 * Returns a pointer to a copy of @nbytes bytes of memory at @p
 215 * that are preserved until processing of the NFSv4 compound
 216 * operation described by @argp finishes.
 217 */
 218static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
 219{
 220        if (p == argp->tmp) {
 221                p = kmemdup(argp->tmp, nbytes, GFP_KERNEL);
 222                if (!p)
 223                        return NULL;
 224        } else {
 225                BUG_ON(p != argp->tmpp);
 226                argp->tmpp = NULL;
 227        }
 228        if (defer_free(argp, kfree, p)) {
 229                kfree(p);
 230                return NULL;
 231        } else
 232                return (char *)p;
 233}
 234
 235static __be32
 236nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
 237{
 238        u32 bmlen;
 239        DECODE_HEAD;
 240
 241        bmval[0] = 0;
 242        bmval[1] = 0;
 243        bmval[2] = 0;
 244
 245        READ_BUF(4);
 246        bmlen = be32_to_cpup(p++);
 247        if (bmlen > 1000)
 248                goto xdr_error;
 249
 250        READ_BUF(bmlen << 2);
 251        if (bmlen > 0)
 252                bmval[0] = be32_to_cpup(p++);
 253        if (bmlen > 1)
 254                bmval[1] = be32_to_cpup(p++);
 255        if (bmlen > 2)
 256                bmval[2] = be32_to_cpup(p++);
 257
 258        DECODE_TAIL;
 259}
 260
 261static __be32
 262nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 263                   struct iattr *iattr, struct nfs4_acl **acl,
 264                   struct xdr_netobj *label)
 265{
 266        int expected_len, len = 0;
 267        u32 dummy32;
 268        u64 sec;
 269        char *buf;
 270
 271        DECODE_HEAD;
 272        iattr->ia_valid = 0;
 273        if ((status = nfsd4_decode_bitmap(argp, bmval)))
 274                return status;
 275
 276        READ_BUF(4);
 277        expected_len = be32_to_cpup(p++);
 278
 279        if (bmval[0] & FATTR4_WORD0_SIZE) {
 280                READ_BUF(8);
 281                len += 8;
 282                p = xdr_decode_hyper(p, &iattr->ia_size);
 283                iattr->ia_valid |= ATTR_SIZE;
 284        }
 285        if (bmval[0] & FATTR4_WORD0_ACL) {
 286                u32 nace;
 287                struct nfs4_ace *ace;
 288
 289                READ_BUF(4); len += 4;
 290                nace = be32_to_cpup(p++);
 291
 292                if (nace > NFS4_ACL_MAX)
 293                        return nfserr_fbig;
 294
 295                *acl = nfs4_acl_new(nace);
 296                if (*acl == NULL)
 297                        return nfserr_jukebox;
 298
 299                defer_free(argp, kfree, *acl);
 300
 301                (*acl)->naces = nace;
 302                for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
 303                        READ_BUF(16); len += 16;
 304                        ace->type = be32_to_cpup(p++);
 305                        ace->flag = be32_to_cpup(p++);
 306                        ace->access_mask = be32_to_cpup(p++);
 307                        dummy32 = be32_to_cpup(p++);
 308                        READ_BUF(dummy32);
 309                        len += XDR_QUADLEN(dummy32) << 2;
 310                        READMEM(buf, dummy32);
 311                        ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
 312                        status = nfs_ok;
 313                        if (ace->whotype != NFS4_ACL_WHO_NAMED)
 314                                ;
 315                        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
 316                                status = nfsd_map_name_to_gid(argp->rqstp,
 317                                                buf, dummy32, &ace->who_gid);
 318                        else
 319                                status = nfsd_map_name_to_uid(argp->rqstp,
 320                                                buf, dummy32, &ace->who_uid);
 321                        if (status)
 322                                return status;
 323                }
 324        } else
 325                *acl = NULL;
 326        if (bmval[1] & FATTR4_WORD1_MODE) {
 327                READ_BUF(4);
 328                len += 4;
 329                iattr->ia_mode = be32_to_cpup(p++);
 330                iattr->ia_mode &= (S_IFMT | S_IALLUGO);
 331                iattr->ia_valid |= ATTR_MODE;
 332        }
 333        if (bmval[1] & FATTR4_WORD1_OWNER) {
 334                READ_BUF(4);
 335                len += 4;
 336                dummy32 = be32_to_cpup(p++);
 337                READ_BUF(dummy32);
 338                len += (XDR_QUADLEN(dummy32) << 2);
 339                READMEM(buf, dummy32);
 340                if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
 341                        return status;
 342                iattr->ia_valid |= ATTR_UID;
 343        }
 344        if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
 345                READ_BUF(4);
 346                len += 4;
 347                dummy32 = be32_to_cpup(p++);
 348                READ_BUF(dummy32);
 349                len += (XDR_QUADLEN(dummy32) << 2);
 350                READMEM(buf, dummy32);
 351                if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
 352                        return status;
 353                iattr->ia_valid |= ATTR_GID;
 354        }
 355        if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
 356                READ_BUF(4);
 357                len += 4;
 358                dummy32 = be32_to_cpup(p++);
 359                switch (dummy32) {
 360                case NFS4_SET_TO_CLIENT_TIME:
 361                        /* We require the high 32 bits of 'seconds' to be 0, and we ignore
 362                           all 32 bits of 'nseconds'. */
 363                        READ_BUF(12);
 364                        len += 12;
 365                        p = xdr_decode_hyper(p, &sec);
 366                        iattr->ia_atime.tv_sec = (time_t)sec;
 367                        iattr->ia_atime.tv_nsec = be32_to_cpup(p++);
 368                        if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
 369                                return nfserr_inval;
 370                        iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
 371                        break;
 372                case NFS4_SET_TO_SERVER_TIME:
 373                        iattr->ia_valid |= ATTR_ATIME;
 374                        break;
 375                default:
 376                        goto xdr_error;
 377                }
 378        }
 379        if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
 380                READ_BUF(4);
 381                len += 4;
 382                dummy32 = be32_to_cpup(p++);
 383                switch (dummy32) {
 384                case NFS4_SET_TO_CLIENT_TIME:
 385                        /* We require the high 32 bits of 'seconds' to be 0, and we ignore
 386                           all 32 bits of 'nseconds'. */
 387                        READ_BUF(12);
 388                        len += 12;
 389                        p = xdr_decode_hyper(p, &sec);
 390                        iattr->ia_mtime.tv_sec = sec;
 391                        iattr->ia_mtime.tv_nsec = be32_to_cpup(p++);
 392                        if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
 393                                return nfserr_inval;
 394                        iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
 395                        break;
 396                case NFS4_SET_TO_SERVER_TIME:
 397                        iattr->ia_valid |= ATTR_MTIME;
 398                        break;
 399                default:
 400                        goto xdr_error;
 401                }
 402        }
 403
 404        label->len = 0;
 405#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 406        if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
 407                READ_BUF(4);
 408                len += 4;
 409                dummy32 = be32_to_cpup(p++); /* lfs: we don't use it */
 410                READ_BUF(4);
 411                len += 4;
 412                dummy32 = be32_to_cpup(p++); /* pi: we don't use it either */
 413                READ_BUF(4);
 414                len += 4;
 415                dummy32 = be32_to_cpup(p++);
 416                READ_BUF(dummy32);
 417                if (dummy32 > NFSD4_MAX_SEC_LABEL_LEN)
 418                        return nfserr_badlabel;
 419                len += (XDR_QUADLEN(dummy32) << 2);
 420                READMEM(buf, dummy32);
 421                label->data = kzalloc(dummy32 + 1, GFP_KERNEL);
 422                if (!label->data)
 423                        return nfserr_jukebox;
 424                label->len = dummy32;
 425                defer_free(argp, kfree, label->data);
 426                memcpy(label->data, buf, dummy32);
 427        }
 428#endif
 429
 430        if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
 431            || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
 432            || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2)
 433                READ_BUF(expected_len - len);
 434        else if (len != expected_len)
 435                goto xdr_error;
 436
 437        DECODE_TAIL;
 438}
 439
 440static __be32
 441nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
 442{
 443        DECODE_HEAD;
 444
 445        READ_BUF(sizeof(stateid_t));
 446        sid->si_generation = be32_to_cpup(p++);
 447        COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
 448
 449        DECODE_TAIL;
 450}
 451
 452static __be32
 453nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
 454{
 455        DECODE_HEAD;
 456
 457        READ_BUF(4);
 458        access->ac_req_access = be32_to_cpup(p++);
 459
 460        DECODE_TAIL;
 461}
 462
 463static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
 464{
 465        DECODE_HEAD;
 466        u32 dummy, uid, gid;
 467        char *machine_name;
 468        int i;
 469        int nr_secflavs;
 470
 471        /* callback_sec_params4 */
 472        READ_BUF(4);
 473        nr_secflavs = be32_to_cpup(p++);
 474        if (nr_secflavs)
 475                cbs->flavor = (u32)(-1);
 476        else
 477                /* Is this legal? Be generous, take it to mean AUTH_NONE: */
 478                cbs->flavor = 0;
 479        for (i = 0; i < nr_secflavs; ++i) {
 480                READ_BUF(4);
 481                dummy = be32_to_cpup(p++);
 482                switch (dummy) {
 483                case RPC_AUTH_NULL:
 484                        /* Nothing to read */
 485                        if (cbs->flavor == (u32)(-1))
 486                                cbs->flavor = RPC_AUTH_NULL;
 487                        break;
 488                case RPC_AUTH_UNIX:
 489                        READ_BUF(8);
 490                        /* stamp */
 491                        dummy = be32_to_cpup(p++);
 492
 493                        /* machine name */
 494                        dummy = be32_to_cpup(p++);
 495                        READ_BUF(dummy);
 496                        SAVEMEM(machine_name, dummy);
 497
 498                        /* uid, gid */
 499                        READ_BUF(8);
 500                        uid = be32_to_cpup(p++);
 501                        gid = be32_to_cpup(p++);
 502
 503                        /* more gids */
 504                        READ_BUF(4);
 505                        dummy = be32_to_cpup(p++);
 506                        READ_BUF(dummy * 4);
 507                        if (cbs->flavor == (u32)(-1)) {
 508                                kuid_t kuid = make_kuid(&init_user_ns, uid);
 509                                kgid_t kgid = make_kgid(&init_user_ns, gid);
 510                                if (uid_valid(kuid) && gid_valid(kgid)) {
 511                                        cbs->uid = kuid;
 512                                        cbs->gid = kgid;
 513                                        cbs->flavor = RPC_AUTH_UNIX;
 514                                } else {
 515                                        dprintk("RPC_AUTH_UNIX with invalid"
 516                                                "uid or gid ignoring!\n");
 517                                }
 518                        }
 519                        break;
 520                case RPC_AUTH_GSS:
 521                        dprintk("RPC_AUTH_GSS callback secflavor "
 522                                "not supported!\n");
 523                        READ_BUF(8);
 524                        /* gcbp_service */
 525                        dummy = be32_to_cpup(p++);
 526                        /* gcbp_handle_from_server */
 527                        dummy = be32_to_cpup(p++);
 528                        READ_BUF(dummy);
 529                        p += XDR_QUADLEN(dummy);
 530                        /* gcbp_handle_from_client */
 531                        READ_BUF(4);
 532                        dummy = be32_to_cpup(p++);
 533                        READ_BUF(dummy);
 534                        break;
 535                default:
 536                        dprintk("Illegal callback secflavor\n");
 537                        return nfserr_inval;
 538                }
 539        }
 540        DECODE_TAIL;
 541}
 542
 543static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
 544{
 545        DECODE_HEAD;
 546
 547        READ_BUF(4);
 548        bc->bc_cb_program = be32_to_cpup(p++);
 549        nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
 550
 551        DECODE_TAIL;
 552}
 553
 554static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
 555{
 556        DECODE_HEAD;
 557
 558        READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
 559        COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
 560        bcts->dir = be32_to_cpup(p++);
 561        /* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
 562         * could help us figure out we should be using it. */
 563        DECODE_TAIL;
 564}
 565
 566static __be32
 567nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
 568{
 569        DECODE_HEAD;
 570
 571        READ_BUF(4);
 572        close->cl_seqid = be32_to_cpup(p++);
 573        return nfsd4_decode_stateid(argp, &close->cl_stateid);
 574
 575        DECODE_TAIL;
 576}
 577
 578
 579static __be32
 580nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
 581{
 582        DECODE_HEAD;
 583
 584        READ_BUF(12);
 585        p = xdr_decode_hyper(p, &commit->co_offset);
 586        commit->co_count = be32_to_cpup(p++);
 587
 588        DECODE_TAIL;
 589}
 590
 591static __be32
 592nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
 593{
 594        DECODE_HEAD;
 595
 596        READ_BUF(4);
 597        create->cr_type = be32_to_cpup(p++);
 598        switch (create->cr_type) {
 599        case NF4LNK:
 600                READ_BUF(4);
 601                create->cr_linklen = be32_to_cpup(p++);
 602                READ_BUF(create->cr_linklen);
 603                /*
 604                 * The VFS will want a null-terminated string, and
 605                 * null-terminating in place isn't safe since this might
 606                 * end on a page boundary:
 607                 */
 608                create->cr_linkname =
 609                                kmalloc(create->cr_linklen + 1, GFP_KERNEL);
 610                if (!create->cr_linkname)
 611                        return nfserr_jukebox;
 612                memcpy(create->cr_linkname, p, create->cr_linklen);
 613                create->cr_linkname[create->cr_linklen] = '\0';
 614                defer_free(argp, kfree, create->cr_linkname);
 615                break;
 616        case NF4BLK:
 617        case NF4CHR:
 618                READ_BUF(8);
 619                create->cr_specdata1 = be32_to_cpup(p++);
 620                create->cr_specdata2 = be32_to_cpup(p++);
 621                break;
 622        case NF4SOCK:
 623        case NF4FIFO:
 624        case NF4DIR:
 625        default:
 626                break;
 627        }
 628
 629        READ_BUF(4);
 630        create->cr_namelen = be32_to_cpup(p++);
 631        READ_BUF(create->cr_namelen);
 632        SAVEMEM(create->cr_name, create->cr_namelen);
 633        if ((status = check_filename(create->cr_name, create->cr_namelen)))
 634                return status;
 635
 636        status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
 637                                    &create->cr_acl, &create->cr_label);
 638        if (status)
 639                goto out;
 640
 641        DECODE_TAIL;
 642}
 643
 644static inline __be32
 645nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
 646{
 647        return nfsd4_decode_stateid(argp, &dr->dr_stateid);
 648}
 649
 650static inline __be32
 651nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
 652{
 653        return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
 654}
 655
 656static __be32
 657nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
 658{
 659        DECODE_HEAD;
 660
 661        READ_BUF(4);
 662        link->li_namelen = be32_to_cpup(p++);
 663        READ_BUF(link->li_namelen);
 664        SAVEMEM(link->li_name, link->li_namelen);
 665        if ((status = check_filename(link->li_name, link->li_namelen)))
 666                return status;
 667
 668        DECODE_TAIL;
 669}
 670
 671static __be32
 672nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
 673{
 674        DECODE_HEAD;
 675
 676        /*
 677        * type, reclaim(boolean), offset, length, new_lock_owner(boolean)
 678        */
 679        READ_BUF(28);
 680        lock->lk_type = be32_to_cpup(p++);
 681        if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
 682                goto xdr_error;
 683        lock->lk_reclaim = be32_to_cpup(p++);
 684        p = xdr_decode_hyper(p, &lock->lk_offset);
 685        p = xdr_decode_hyper(p, &lock->lk_length);
 686        lock->lk_is_new = be32_to_cpup(p++);
 687
 688        if (lock->lk_is_new) {
 689                READ_BUF(4);
 690                lock->lk_new_open_seqid = be32_to_cpup(p++);
 691                status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
 692                if (status)
 693                        return status;
 694                READ_BUF(8 + sizeof(clientid_t));
 695                lock->lk_new_lock_seqid = be32_to_cpup(p++);
 696                COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
 697                lock->lk_new_owner.len = be32_to_cpup(p++);
 698                READ_BUF(lock->lk_new_owner.len);
 699                READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
 700        } else {
 701                status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
 702                if (status)
 703                        return status;
 704                READ_BUF(4);
 705                lock->lk_old_lock_seqid = be32_to_cpup(p++);
 706        }
 707
 708        DECODE_TAIL;
 709}
 710
 711static __be32
 712nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
 713{
 714        DECODE_HEAD;
 715                        
 716        READ_BUF(32);
 717        lockt->lt_type = be32_to_cpup(p++);
 718        if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
 719                goto xdr_error;
 720        p = xdr_decode_hyper(p, &lockt->lt_offset);
 721        p = xdr_decode_hyper(p, &lockt->lt_length);
 722        COPYMEM(&lockt->lt_clientid, 8);
 723        lockt->lt_owner.len = be32_to_cpup(p++);
 724        READ_BUF(lockt->lt_owner.len);
 725        READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
 726
 727        DECODE_TAIL;
 728}
 729
 730static __be32
 731nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
 732{
 733        DECODE_HEAD;
 734
 735        READ_BUF(8);
 736        locku->lu_type = be32_to_cpup(p++);
 737        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
 738                goto xdr_error;
 739        locku->lu_seqid = be32_to_cpup(p++);
 740        status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
 741        if (status)
 742                return status;
 743        READ_BUF(16);
 744        p = xdr_decode_hyper(p, &locku->lu_offset);
 745        p = xdr_decode_hyper(p, &locku->lu_length);
 746
 747        DECODE_TAIL;
 748}
 749
 750static __be32
 751nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
 752{
 753        DECODE_HEAD;
 754
 755        READ_BUF(4);
 756        lookup->lo_len = be32_to_cpup(p++);
 757        READ_BUF(lookup->lo_len);
 758        SAVEMEM(lookup->lo_name, lookup->lo_len);
 759        if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
 760                return status;
 761
 762        DECODE_TAIL;
 763}
 764
 765static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
 766{
 767        __be32 *p;
 768        u32 w;
 769
 770        READ_BUF(4);
 771        w = be32_to_cpup(p++);
 772        *share_access = w & NFS4_SHARE_ACCESS_MASK;
 773        *deleg_want = w & NFS4_SHARE_WANT_MASK;
 774        if (deleg_when)
 775                *deleg_when = w & NFS4_SHARE_WHEN_MASK;
 776
 777        switch (w & NFS4_SHARE_ACCESS_MASK) {
 778        case NFS4_SHARE_ACCESS_READ:
 779        case NFS4_SHARE_ACCESS_WRITE:
 780        case NFS4_SHARE_ACCESS_BOTH:
 781                break;
 782        default:
 783                return nfserr_bad_xdr;
 784        }
 785        w &= ~NFS4_SHARE_ACCESS_MASK;
 786        if (!w)
 787                return nfs_ok;
 788        if (!argp->minorversion)
 789                return nfserr_bad_xdr;
 790        switch (w & NFS4_SHARE_WANT_MASK) {
 791        case NFS4_SHARE_WANT_NO_PREFERENCE:
 792        case NFS4_SHARE_WANT_READ_DELEG:
 793        case NFS4_SHARE_WANT_WRITE_DELEG:
 794        case NFS4_SHARE_WANT_ANY_DELEG:
 795        case NFS4_SHARE_WANT_NO_DELEG:
 796        case NFS4_SHARE_WANT_CANCEL:
 797                break;
 798        default:
 799                return nfserr_bad_xdr;
 800        }
 801        w &= ~NFS4_SHARE_WANT_MASK;
 802        if (!w)
 803                return nfs_ok;
 804
 805        if (!deleg_when)        /* open_downgrade */
 806                return nfserr_inval;
 807        switch (w) {
 808        case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
 809        case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
 810        case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
 811              NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
 812                return nfs_ok;
 813        }
 814xdr_error:
 815        return nfserr_bad_xdr;
 816}
 817
 818static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
 819{
 820        __be32 *p;
 821
 822        READ_BUF(4);
 823        *x = be32_to_cpup(p++);
 824        /* Note: unlinke access bits, deny bits may be zero. */
 825        if (*x & ~NFS4_SHARE_DENY_BOTH)
 826                return nfserr_bad_xdr;
 827        return nfs_ok;
 828xdr_error:
 829        return nfserr_bad_xdr;
 830}
 831
 832static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
 833{
 834        __be32 *p;
 835
 836        READ_BUF(4);
 837        o->len = be32_to_cpup(p++);
 838
 839        if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
 840                return nfserr_bad_xdr;
 841
 842        READ_BUF(o->len);
 843        SAVEMEM(o->data, o->len);
 844        return nfs_ok;
 845xdr_error:
 846        return nfserr_bad_xdr;
 847}
 848
 849static __be32
 850nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
 851{
 852        DECODE_HEAD;
 853        u32 dummy;
 854
 855        memset(open->op_bmval, 0, sizeof(open->op_bmval));
 856        open->op_iattr.ia_valid = 0;
 857        open->op_openowner = NULL;
 858
 859        open->op_xdr_error = 0;
 860        /* seqid, share_access, share_deny, clientid, ownerlen */
 861        READ_BUF(4);
 862        open->op_seqid = be32_to_cpup(p++);
 863        /* decode, yet ignore deleg_when until supported */
 864        status = nfsd4_decode_share_access(argp, &open->op_share_access,
 865                                           &open->op_deleg_want, &dummy);
 866        if (status)
 867                goto xdr_error;
 868        status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
 869        if (status)
 870                goto xdr_error;
 871        READ_BUF(sizeof(clientid_t));
 872        COPYMEM(&open->op_clientid, sizeof(clientid_t));
 873        status = nfsd4_decode_opaque(argp, &open->op_owner);
 874        if (status)
 875                goto xdr_error;
 876        READ_BUF(4);
 877        open->op_create = be32_to_cpup(p++);
 878        switch (open->op_create) {
 879        case NFS4_OPEN_NOCREATE:
 880                break;
 881        case NFS4_OPEN_CREATE:
 882                READ_BUF(4);
 883                open->op_createmode = be32_to_cpup(p++);
 884                switch (open->op_createmode) {
 885                case NFS4_CREATE_UNCHECKED:
 886                case NFS4_CREATE_GUARDED:
 887                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 888                                &open->op_iattr, &open->op_acl, &open->op_label);
 889                        if (status)
 890                                goto out;
 891                        break;
 892                case NFS4_CREATE_EXCLUSIVE:
 893                        READ_BUF(NFS4_VERIFIER_SIZE);
 894                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 895                        break;
 896                case NFS4_CREATE_EXCLUSIVE4_1:
 897                        if (argp->minorversion < 1)
 898                                goto xdr_error;
 899                        READ_BUF(NFS4_VERIFIER_SIZE);
 900                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 901                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 902                                &open->op_iattr, &open->op_acl, &open->op_label);
 903                        if (status)
 904                                goto out;
 905                        break;
 906                default:
 907                        goto xdr_error;
 908                }
 909                break;
 910        default:
 911                goto xdr_error;
 912        }
 913
 914        /* open_claim */
 915        READ_BUF(4);
 916        open->op_claim_type = be32_to_cpup(p++);
 917        switch (open->op_claim_type) {
 918        case NFS4_OPEN_CLAIM_NULL:
 919        case NFS4_OPEN_CLAIM_DELEGATE_PREV:
 920                READ_BUF(4);
 921                open->op_fname.len = be32_to_cpup(p++);
 922                READ_BUF(open->op_fname.len);
 923                SAVEMEM(open->op_fname.data, open->op_fname.len);
 924                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
 925                        return status;
 926                break;
 927        case NFS4_OPEN_CLAIM_PREVIOUS:
 928                READ_BUF(4);
 929                open->op_delegate_type = be32_to_cpup(p++);
 930                break;
 931        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
 932                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
 933                if (status)
 934                        return status;
 935                READ_BUF(4);
 936                open->op_fname.len = be32_to_cpup(p++);
 937                READ_BUF(open->op_fname.len);
 938                SAVEMEM(open->op_fname.data, open->op_fname.len);
 939                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
 940                        return status;
 941                break;
 942        case NFS4_OPEN_CLAIM_FH:
 943        case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
 944                if (argp->minorversion < 1)
 945                        goto xdr_error;
 946                /* void */
 947                break;
 948        case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
 949                if (argp->minorversion < 1)
 950                        goto xdr_error;
 951                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
 952                if (status)
 953                        return status;
 954                break;
 955        default:
 956                goto xdr_error;
 957        }
 958
 959        DECODE_TAIL;
 960}
 961
 962static __be32
 963nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
 964{
 965        DECODE_HEAD;
 966
 967        if (argp->minorversion >= 1)
 968                return nfserr_notsupp;
 969
 970        status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
 971        if (status)
 972                return status;
 973        READ_BUF(4);
 974        open_conf->oc_seqid = be32_to_cpup(p++);
 975
 976        DECODE_TAIL;
 977}
 978
 979static __be32
 980nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
 981{
 982        DECODE_HEAD;
 983                    
 984        status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
 985        if (status)
 986                return status;
 987        READ_BUF(4);
 988        open_down->od_seqid = be32_to_cpup(p++);
 989        status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
 990                                           &open_down->od_deleg_want, NULL);
 991        if (status)
 992                return status;
 993        status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
 994        if (status)
 995                return status;
 996        DECODE_TAIL;
 997}
 998
 999static __be32
1000nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)

1001{
1002        DECODE_HEAD;
1003
1004        READ_BUF(4);
1005        putfh->pf_fhlen = be32_to_cpup(p++);
1006        if (putfh->pf_fhlen > NFS4_FHSIZE)
1007                goto xdr_error;
1008        READ_BUF(putfh->pf_fhlen);
1009        SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
1010
1011        DECODE_TAIL;
1012}
1013
1014static __be32
1015nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1016{
1017        if (argp->minorversion == 0)
1018                return nfs_ok;
1019        return nfserr_notsupp;
1020}
1021
1022static __be32
1023nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1024{
1025        DECODE_HEAD;
1026
1027        status = nfsd4_decode_stateid(argp, &read->rd_stateid);
1028        if (status)
1029                return status;
1030        READ_BUF(12);
1031        p = xdr_decode_hyper(p, &read->rd_offset);
1032        read->rd_length = be32_to_cpup(p++);
1033
1034        DECODE_TAIL;
1035}
1036
1037static __be32
1038nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1039{
1040        DECODE_HEAD;
1041
1042        READ_BUF(24);
1043        p = xdr_decode_hyper(p, &readdir->rd_cookie);
1044        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1045        readdir->rd_dircount = be32_to_cpup(p++);
1046        readdir->rd_maxcount = be32_to_cpup(p++);
1047        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
1048                goto out;
1049
1050        DECODE_TAIL;
1051}
1052
1053static __be32
1054nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1055{
1056        DECODE_HEAD;
1057
1058        READ_BUF(4);
1059        remove->rm_namelen = be32_to_cpup(p++);
1060        READ_BUF(remove->rm_namelen);
1061        SAVEMEM(remove->rm_name, remove->rm_namelen);
1062        if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
1063                return status;
1064
1065        DECODE_TAIL;
1066}
1067
1068static __be32
1069nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1070{
1071        DECODE_HEAD;
1072
1073        READ_BUF(4);
1074        rename->rn_snamelen = be32_to_cpup(p++);
1075        READ_BUF(rename->rn_snamelen + 4);
1076        SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1077        rename->rn_tnamelen = be32_to_cpup(p++);
1078        READ_BUF(rename->rn_tnamelen);
1079        SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1080        if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1081                return status;
1082        if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1083                return status;
1084
1085        DECODE_TAIL;
1086}
1087
1088static __be32
1089nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1090{
1091        DECODE_HEAD;
1092
1093        if (argp->minorversion >= 1)
1094                return nfserr_notsupp;
1095
1096        READ_BUF(sizeof(clientid_t));
1097        COPYMEM(clientid, sizeof(clientid_t));
1098
1099        DECODE_TAIL;
1100}
1101
1102static __be32
1103nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1104                     struct nfsd4_secinfo *secinfo)
1105{
1106        DECODE_HEAD;
1107
1108        READ_BUF(4);
1109        secinfo->si_namelen = be32_to_cpup(p++);
1110        READ_BUF(secinfo->si_namelen);
1111        SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1112        status = check_filename(secinfo->si_name, secinfo->si_namelen);
1113        if (status)
1114                return status;
1115        DECODE_TAIL;
1116}
1117
1118static __be32
1119nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1120                     struct nfsd4_secinfo_no_name *sin)
1121{
1122        DECODE_HEAD;
1123
1124        READ_BUF(4);
1125        sin->sin_style = be32_to_cpup(p++);
1126        DECODE_TAIL;
1127}
1128
1129static __be32
1130nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1131{
1132        __be32 status;
1133
1134        status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1135        if (status)
1136                return status;
1137        return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1138                                  &setattr->sa_acl, &setattr->sa_label);
1139}
1140
1141static __be32
1142nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1143{
1144        DECODE_HEAD;
1145
1146        if (argp->minorversion >= 1)
1147                return nfserr_notsupp;
1148
1149        READ_BUF(NFS4_VERIFIER_SIZE);
1150        COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1151
1152        status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1153        if (status)
1154                return nfserr_bad_xdr;
1155        READ_BUF(8);
1156        setclientid->se_callback_prog = be32_to_cpup(p++);
1157        setclientid->se_callback_netid_len = be32_to_cpup(p++);
1158
1159        READ_BUF(setclientid->se_callback_netid_len + 4);
1160        SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1161        setclientid->se_callback_addr_len = be32_to_cpup(p++);
1162
1163        READ_BUF(setclientid->se_callback_addr_len + 4);
1164        SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1165        setclientid->se_callback_ident = be32_to_cpup(p++);
1166
1167        DECODE_TAIL;
1168}
1169
1170static __be32
1171nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1172{
1173        DECODE_HEAD;
1174
1175        if (argp->minorversion >= 1)
1176                return nfserr_notsupp;
1177
1178        READ_BUF(8 + NFS4_VERIFIER_SIZE);
1179        COPYMEM(&scd_c->sc_clientid, 8);
1180        COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1181
1182        DECODE_TAIL;
1183}
1184
1185/* Also used for NVERIFY */
1186static __be32
1187nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1188{
1189        DECODE_HEAD;
1190
1191        if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1192                goto out;
1193
1194        /* For convenience's sake, we compare raw xdr'd attributes in
1195         * nfsd4_proc_verify */
1196
1197        READ_BUF(4);
1198        verify->ve_attrlen = be32_to_cpup(p++);
1199        READ_BUF(verify->ve_attrlen);
1200        SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1201
1202        DECODE_TAIL;
1203}
1204
1205static __be32
1206nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1207{
1208        int avail;
1209        int len;
1210        DECODE_HEAD;
1211
1212        status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1213        if (status)
1214                return status;
1215        READ_BUF(16);
1216        p = xdr_decode_hyper(p, &write->wr_offset);
1217        write->wr_stable_how = be32_to_cpup(p++);
1218        if (write->wr_stable_how > 2)
1219                goto xdr_error;
1220        write->wr_buflen = be32_to_cpup(p++);
1221
1222        /* Sorry .. no magic macros for this.. *
1223         * READ_BUF(write->wr_buflen);
1224         * SAVEMEM(write->wr_buf, write->wr_buflen);
1225         */
1226        avail = (char*)argp->end - (char*)argp->p;
1227        if (avail + argp->pagelen < write->wr_buflen) {
1228                dprintk("NFSD: xdr error (%s:%d)\n",
1229                                __FILE__, __LINE__);
1230                goto xdr_error;
1231        }
1232        write->wr_head.iov_base = p;
1233        write->wr_head.iov_len = avail;
1234        write->wr_pagelist = argp->pagelist;
1235
1236        len = XDR_QUADLEN(write->wr_buflen) << 2;
1237        if (len >= avail) {
1238                int pages;
1239
1240                len -= avail;
1241
1242                pages = len >> PAGE_SHIFT;
1243                argp->pagelist += pages;
1244                argp->pagelen -= pages * PAGE_SIZE;
1245                len -= pages * PAGE_SIZE;
1246
1247                argp->p = (__be32 *)page_address(argp->pagelist[0]);
1248                argp->pagelist++;
1249                argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
1250        }
1251        argp->p += XDR_QUADLEN(len);
1252
1253        DECODE_TAIL;
1254}
1255
1256static __be32
1257nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1258{
1259        DECODE_HEAD;
1260
1261        if (argp->minorversion >= 1)
1262                return nfserr_notsupp;
1263
1264        READ_BUF(12);
1265        COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1266        rlockowner->rl_owner.len = be32_to_cpup(p++);
1267        READ_BUF(rlockowner->rl_owner.len);
1268        READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1269
1270        if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1271                return nfserr_inval;
1272        DECODE_TAIL;
1273}
1274
1275static __be32
1276nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1277                         struct nfsd4_exchange_id *exid)
1278{
1279        int dummy, tmp;
1280        DECODE_HEAD;
1281
1282        READ_BUF(NFS4_VERIFIER_SIZE);
1283        COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1284
1285        status = nfsd4_decode_opaque(argp, &exid->clname);
1286        if (status)
1287                return nfserr_bad_xdr;
1288
1289        READ_BUF(4);
1290        exid->flags = be32_to_cpup(p++);
1291
1292        /* Ignore state_protect4_a */
1293        READ_BUF(4);
1294        exid->spa_how = be32_to_cpup(p++);
1295        switch (exid->spa_how) {
1296        case SP4_NONE:
1297                break;
1298        case SP4_MACH_CRED:
1299                /* spo_must_enforce */
1300                READ_BUF(4);
1301                dummy = be32_to_cpup(p++);
1302                READ_BUF(dummy * 4);
1303                p += dummy;
1304
1305                /* spo_must_allow */
1306                READ_BUF(4);
1307                dummy = be32_to_cpup(p++);
1308                READ_BUF(dummy * 4);
1309                p += dummy;
1310                break;
1311        case SP4_SSV:
1312                /* ssp_ops */
1313                READ_BUF(4);
1314                dummy = be32_to_cpup(p++);
1315                READ_BUF(dummy * 4);
1316                p += dummy;
1317
1318                READ_BUF(4);
1319                dummy = be32_to_cpup(p++);
1320                READ_BUF(dummy * 4);
1321                p += dummy;
1322
1323                /* ssp_hash_algs<> */
1324                READ_BUF(4);
1325                tmp = be32_to_cpup(p++);
1326                while (tmp--) {
1327                        READ_BUF(4);
1328                        dummy = be32_to_cpup(p++);
1329                        READ_BUF(dummy);
1330                        p += XDR_QUADLEN(dummy);
1331                }
1332
1333                /* ssp_encr_algs<> */
1334                READ_BUF(4);
1335                tmp = be32_to_cpup(p++);
1336                while (tmp--) {
1337                        READ_BUF(4);
1338                        dummy = be32_to_cpup(p++);
1339                        READ_BUF(dummy);
1340                        p += XDR_QUADLEN(dummy);
1341                }
1342
1343                /* ssp_window and ssp_num_gss_handles */
1344                READ_BUF(8);
1345                dummy = be32_to_cpup(p++);
1346                dummy = be32_to_cpup(p++);
1347                break;
1348        default:
1349                goto xdr_error;
1350        }
1351
1352        /* Ignore Implementation ID */
1353        READ_BUF(4);    /* nfs_impl_id4 array length */
1354        dummy = be32_to_cpup(p++);
1355
1356        if (dummy > 1)
1357                goto xdr_error;
1358
1359        if (dummy == 1) {
1360                /* nii_domain */
1361                READ_BUF(4);
1362                dummy = be32_to_cpup(p++);
1363                READ_BUF(dummy);
1364                p += XDR_QUADLEN(dummy);
1365
1366                /* nii_name */
1367                READ_BUF(4);
1368                dummy = be32_to_cpup(p++);
1369                READ_BUF(dummy);
1370                p += XDR_QUADLEN(dummy);
1371
1372                /* nii_date */
1373                READ_BUF(12);
1374                p += 3;
1375        }
1376        DECODE_TAIL;
1377}
1378
1379static __be32
1380nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1381                            struct nfsd4_create_session *sess)
1382{
1383        DECODE_HEAD;
1384        u32 dummy;
1385
1386        READ_BUF(16);
1387        COPYMEM(&sess->clientid, 8);
1388        sess->seqid = be32_to_cpup(p++);
1389        sess->flags = be32_to_cpup(p++);
1390
1391        /* Fore channel attrs */
1392        READ_BUF(28);
1393        dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1394        sess->fore_channel.maxreq_sz = be32_to_cpup(p++);
1395        sess->fore_channel.maxresp_sz = be32_to_cpup(p++);
1396        sess->fore_channel.maxresp_cached = be32_to_cpup(p++);
1397        sess->fore_channel.maxops = be32_to_cpup(p++);
1398        sess->fore_channel.maxreqs = be32_to_cpup(p++);
1399        sess->fore_channel.nr_rdma_attrs = be32_to_cpup(p++);
1400        if (sess->fore_channel.nr_rdma_attrs == 1) {
1401                READ_BUF(4);
1402                sess->fore_channel.rdma_attrs = be32_to_cpup(p++);
1403        } else if (sess->fore_channel.nr_rdma_attrs > 1) {
1404                dprintk("Too many fore channel attr bitmaps!\n");
1405                goto xdr_error;
1406        }
1407
1408        /* Back channel attrs */
1409        READ_BUF(28);
1410        dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1411        sess->back_channel.maxreq_sz = be32_to_cpup(p++);
1412        sess->back_channel.maxresp_sz = be32_to_cpup(p++);
1413        sess->back_channel.maxresp_cached = be32_to_cpup(p++);
1414        sess->back_channel.maxops = be32_to_cpup(p++);
1415        sess->back_channel.maxreqs = be32_to_cpup(p++);
1416        sess->back_channel.nr_rdma_attrs = be32_to_cpup(p++);
1417        if (sess->back_channel.nr_rdma_attrs == 1) {
1418                READ_BUF(4);
1419                sess->back_channel.rdma_attrs = be32_to_cpup(p++);
1420        } else if (sess->back_channel.nr_rdma_attrs > 1) {
1421                dprintk("Too many back channel attr bitmaps!\n");
1422                goto xdr_error;
1423        }
1424
1425        READ_BUF(4);
1426        sess->callback_prog = be32_to_cpup(p++);
1427        nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1428        DECODE_TAIL;
1429}
1430
1431static __be32
1432nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1433                             struct nfsd4_destroy_session *destroy_session)
1434{
1435        DECODE_HEAD;
1436        READ_BUF(NFS4_MAX_SESSIONID_LEN);
1437        COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1438
1439        DECODE_TAIL;
1440}
1441
1442static __be32
1443nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1444                          struct nfsd4_free_stateid *free_stateid)
1445{
1446        DECODE_HEAD;
1447
1448        READ_BUF(sizeof(stateid_t));
1449        free_stateid->fr_stateid.si_generation = be32_to_cpup(p++);
1450        COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1451
1452        DECODE_TAIL;
1453}
1454
1455static __be32
1456nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1457                      struct nfsd4_sequence *seq)
1458{
1459        DECODE_HEAD;
1460
1461        READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1462        COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1463        seq->seqid = be32_to_cpup(p++);
1464        seq->slotid = be32_to_cpup(p++);
1465        seq->maxslots = be32_to_cpup(p++);
1466        seq->cachethis = be32_to_cpup(p++);
1467
1468        DECODE_TAIL;
1469}
1470
1471static __be32
1472nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1473{
1474        int i;
1475        __be32 *p, status;
1476        struct nfsd4_test_stateid_id *stateid;
1477
1478        READ_BUF(4);
1479        test_stateid->ts_num_ids = ntohl(*p++);
1480
1481        INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1482
1483        for (i = 0; i < test_stateid->ts_num_ids; i++) {
1484                stateid = kmalloc(sizeof(struct nfsd4_test_stateid_id), GFP_KERNEL);
1485                if (!stateid) {
1486                        status = nfserrno(-ENOMEM);
1487                        goto out;
1488                }
1489
1490                defer_free(argp, kfree, stateid);
1491                INIT_LIST_HEAD(&stateid->ts_id_list);
1492                list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1493
1494                status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1495                if (status)
1496                        goto out;
1497        }
1498
1499        status = 0;
1500out:
1501        return status;
1502xdr_error:
1503        dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1504        status = nfserr_bad_xdr;
1505        goto out;
1506}
1507
1508static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1509{
1510        DECODE_HEAD;
1511
1512        READ_BUF(8);
1513        COPYMEM(&dc->clientid, 8);
1514
1515        DECODE_TAIL;
1516}
1517
1518static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1519{
1520        DECODE_HEAD;
1521
1522        READ_BUF(4);
1523        rc->rca_one_fs = be32_to_cpup(p++);
1524
1525        DECODE_TAIL;
1526}
1527
1528static __be32
1529nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
1530{
1531        return nfs_ok;
1532}
1533
1534static __be32
1535nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
1536{
1537        return nfserr_notsupp;
1538}
1539
1540typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
1541
1542static nfsd4_dec nfsd4_dec_ops[] = {
1543        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
1544        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
1545        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
1546        [OP_CREATE]             = (nfsd4_dec)nfsd4_decode_create,
1547        [OP_DELEGPURGE]         = (nfsd4_dec)nfsd4_decode_notsupp,
1548        [OP_DELEGRETURN]        = (nfsd4_dec)nfsd4_decode_delegreturn,
1549        [OP_GETATTR]            = (nfsd4_dec)nfsd4_decode_getattr,
1550        [OP_GETFH]              = (nfsd4_dec)nfsd4_decode_noop,
1551        [OP_LINK]               = (nfsd4_dec)nfsd4_decode_link,
1552        [OP_LOCK]               = (nfsd4_dec)nfsd4_decode_lock,
1553        [OP_LOCKT]              = (nfsd4_dec)nfsd4_decode_lockt,
1554        [OP_LOCKU]              = (nfsd4_dec)nfsd4_decode_locku,
1555        [OP_LOOKUP]             = (nfsd4_dec)nfsd4_decode_lookup,
1556        [OP_LOOKUPP]            = (nfsd4_dec)nfsd4_decode_noop,
1557        [OP_NVERIFY]            = (nfsd4_dec)nfsd4_decode_verify,
1558        [OP_OPEN]               = (nfsd4_dec)nfsd4_decode_open,
1559        [OP_OPENATTR]           = (nfsd4_dec)nfsd4_decode_notsupp,
1560        [OP_OPEN_CONFIRM]       = (nfsd4_dec)nfsd4_decode_open_confirm,
1561        [OP_OPEN_DOWNGRADE]     = (nfsd4_dec)nfsd4_decode_open_downgrade,
1562        [OP_PUTFH]              = (nfsd4_dec)nfsd4_decode_putfh,
1563        [OP_PUTPUBFH]           = (nfsd4_dec)nfsd4_decode_putpubfh,
1564        [OP_PUTROOTFH]          = (nfsd4_dec)nfsd4_decode_noop,
1565        [OP_READ]               = (nfsd4_dec)nfsd4_decode_read,
1566        [OP_READDIR]            = (nfsd4_dec)nfsd4_decode_readdir,
1567        [OP_READLINK]           = (nfsd4_dec)nfsd4_decode_noop,
1568        [OP_REMOVE]             = (nfsd4_dec)nfsd4_decode_remove,
1569        [OP_RENAME]             = (nfsd4_dec)nfsd4_decode_rename,
1570        [OP_RENEW]              = (nfsd4_dec)nfsd4_decode_renew,
1571        [OP_RESTOREFH]          = (nfsd4_dec)nfsd4_decode_noop,
1572        [OP_SAVEFH]             = (nfsd4_dec)nfsd4_decode_noop,
1573        [OP_SECINFO]            = (nfsd4_dec)nfsd4_decode_secinfo,
1574        [OP_SETATTR]            = (nfsd4_dec)nfsd4_decode_setattr,
1575        [OP_SETCLIENTID]        = (nfsd4_dec)nfsd4_decode_setclientid,
1576        [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
1577        [OP_VERIFY]             = (nfsd4_dec)nfsd4_decode_verify,
1578        [OP_WRITE]              = (nfsd4_dec)nfsd4_decode_write,
1579        [OP_RELEASE_LOCKOWNER]  = (nfsd4_dec)nfsd4_decode_release_lockowner,
1580
1581        /* new operations for NFSv4.1 */
1582        [OP_BACKCHANNEL_CTL]    = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
1583        [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
1584        [OP_EXCHANGE_ID]        = (nfsd4_dec)nfsd4_decode_exchange_id,
1585        [OP_CREATE_SESSION]     = (nfsd4_dec)nfsd4_decode_create_session,
1586        [OP_DESTROY_SESSION]    = (nfsd4_dec)nfsd4_decode_destroy_session,
1587        [OP_FREE_STATEID]       = (nfsd4_dec)nfsd4_decode_free_stateid,
1588        [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
1589        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_notsupp,
1590        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
1591        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_notsupp,
1592        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_notsupp,
1593        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_notsupp,
1594        [OP_SECINFO_NO_NAME]    = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
1595        [OP_SEQUENCE]           = (nfsd4_dec)nfsd4_decode_sequence,
1596        [OP_SET_SSV]            = (nfsd4_dec)nfsd4_decode_notsupp,
1597        [OP_TEST_STATEID]       = (nfsd4_dec)nfsd4_decode_test_stateid,
1598        [OP_WANT_DELEGATION]    = (nfsd4_dec)nfsd4_decode_notsupp,
1599        [OP_DESTROY_CLIENTID]   = (nfsd4_dec)nfsd4_decode_destroy_clientid,
1600        [OP_RECLAIM_COMPLETE]   = (nfsd4_dec)nfsd4_decode_reclaim_complete,
1601};
1602
1603static inline bool
1604nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
1605{
1606        if (op->opnum < FIRST_NFS4_OP)
1607                return false;
1608        else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
1609                return false;
1610        else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
1611                return false;
1612        else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
1613                return false;
1614        return true;
1615}
1616
1617static __be32
1618nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
1619{
1620        DECODE_HEAD;
1621        struct nfsd4_op *op;
1622        bool cachethis = false;
1623        int auth_slack= argp->rqstp->rq_auth_slack;
1624        int max_reply = auth_slack + 8; /* opcnt, status */
1625        int readcount = 0;
1626        int readbytes = 0;
1627        int i;
1628
1629        READ_BUF(4);
1630        argp->taglen = be32_to_cpup(p++);
1631        READ_BUF(argp->taglen + 8);
1632        SAVEMEM(argp->tag, argp->taglen);
1633        argp->minorversion = be32_to_cpup(p++);
1634        argp->opcnt = be32_to_cpup(p++);
1635        max_reply += 4 + (XDR_QUADLEN(argp->taglen) << 2);
1636
1637        if (argp->taglen > NFSD4_MAX_TAGLEN)
1638                goto xdr_error;
1639        if (argp->opcnt > 100)
1640                goto xdr_error;
1641
1642        if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
1643                argp->ops = kmalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
1644                if (!argp->ops) {
1645                        argp->ops = argp->iops;
1646                        dprintk("nfsd: couldn't allocate room for COMPOUND\n");
1647                        goto xdr_error;
1648                }
1649        }
1650
1651        if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
1652                argp->opcnt = 0;
1653
1654        for (i = 0; i < argp->opcnt; i++) {
1655                op = &argp->ops[i];
1656                op->replay = NULL;
1657
1658                READ_BUF(4);
1659                op->opnum = be32_to_cpup(p++);
1660
1661                if (nfsd4_opnum_in_range(argp, op))
1662                        op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
1663                else {
1664                        op->opnum = OP_ILLEGAL;
1665                        op->status = nfserr_op_illegal;
1666                }
1667                /*
1668                 * We'll try to cache the result in the DRC if any one
1669                 * op in the compound wants to be cached:
1670                 */
1671                cachethis |= nfsd4_cache_this_op(op);
1672
1673                if (op->opnum == OP_READ) {
1674                        readcount++;
1675                        readbytes += nfsd4_max_reply(argp->rqstp, op);
1676                } else
1677                        max_reply += nfsd4_max_reply(argp->rqstp, op);
1678
1679                if (op->status) {
1680                        argp->opcnt = i+1;
1681                        break;
1682                }
1683        }
1684        /* Sessions make the DRC unnecessary: */
1685        if (argp->minorversion)
1686                cachethis = false;
1687        svc_reserve(argp->rqstp, max_reply + readbytes);
1688        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
1689
1690        if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
1691                argp->rqstp->rq_splice_ok = false;
1692
1693        DECODE_TAIL;
1694}
1695
1696static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode)
1697{
1698        if (IS_I_VERSION(inode)) {
1699                p = xdr_encode_hyper(p, inode->i_version);
1700        } else {
1701                *p++ = cpu_to_be32(stat->ctime.tv_sec);
1702                *p++ = cpu_to_be32(stat->ctime.tv_nsec);
1703        }
1704        return p;
1705}
1706
1707static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
1708{
1709        *p++ = cpu_to_be32(c->atomic);
1710        if (c->change_supported) {
1711                p = xdr_encode_hyper(p, c->before_change);
1712                p = xdr_encode_hyper(p, c->after_change);
1713        } else {
1714                *p++ = cpu_to_be32(c->before_ctime_sec);
1715                *p++ = cpu_to_be32(c->before_ctime_nsec);
1716                *p++ = cpu_to_be32(c->after_ctime_sec);
1717                *p++ = cpu_to_be32(c->after_ctime_nsec);
1718        }
1719        return p;
1720}
1721
1722/* Encode as an array of strings the string given with components
1723 * separated @sep, escaped with esc_enter and esc_exit.
1724 */
1725static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
1726                                          char *components, char esc_enter,
1727                                          char esc_exit)
1728{
1729        __be32 *p;
1730        __be32 pathlen;
1731        int pathlen_offset;
1732        int strlen, count=0;
1733        char *str, *end, *next;
1734
1735        dprintk("nfsd4_encode_components(%s)\n", components);
1736
1737        pathlen_offset = xdr->buf->len;
1738        p = xdr_reserve_space(xdr, 4);
1739        if (!p)
1740                return nfserr_resource;
1741        p++; /* We will fill this in with @count later */
1742
1743        end = str = components;
1744        while (*end) {
1745                bool found_esc = false;
1746
1747                /* try to parse as esc_start, ..., esc_end, sep */
1748                if (*str == esc_enter) {
1749                        for (; *end && (*end != esc_exit); end++)
1750                                /* find esc_exit or end of string */;
1751                        next = end + 1;
1752                        if (*end && (!*next || *next == sep)) {
1753                                str++;
1754                                found_esc = true;
1755                        }
1756                }
1757
1758                if (!found_esc)
1759                        for (; *end && (*end != sep); end++)
1760                                /* find sep or end of string */;
1761
1762                strlen = end - str;
1763                if (strlen) {
1764                        p = xdr_reserve_space(xdr, strlen + 4);
1765                        if (!p)
1766                                return nfserr_resource;
1767                        p = xdr_encode_opaque(p, str, strlen);
1768                        count++;
1769                }
1770                else
1771                        end++;
1772                str = end;
1773        }
1774        pathlen = htonl(xdr->buf->len - pathlen_offset);
1775        write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
1776        return 0;
1777}
1778
1779/* Encode as an array of strings the string given with components
1780 * separated @sep.
1781 */
1782static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
1783                                      char *components)
1784{
1785        return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
1786}
1787
1788/*
1789 * encode a location element of a fs_locations structure
1790 */
1791static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
1792                                        struct nfsd4_fs_location *location)
1793{
1794        __be32 status;
1795
1796        status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
1797                                                '[', ']');
1798        if (status)
1799                return status;
1800        status = nfsd4_encode_components(xdr, '/', location->path);
1801        if (status)
1802                return status;
1803        return 0;
1804}
1805
1806/*
1807 * Encode a path in RFC3530 'pathname4' format
1808 */
1809static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
1810                                const struct path *root,
1811                                const struct path *path)
1812{
1813        struct path cur = *path;
1814        __be32 *p;
1815        struct dentry **components = NULL;
1816        unsigned int ncomponents = 0;
1817        __be32 err = nfserr_jukebox;
1818
1819        dprintk("nfsd4_encode_components(");
1820
1821        path_get(&cur);
1822        /* First walk the path up to the nfsd root, and store the
1823         * dentries/path components in an array.
1824         */
1825        for (;;) {
1826                if (cur.dentry == root->dentry && cur.mnt == root->mnt)
1827                        break;
1828                if (cur.dentry == cur.mnt->mnt_root) {
1829                        if (follow_up(&cur))
1830                                continue;
1831                        goto out_free;
1832                }
1833                if ((ncomponents & 15) == 0) {
1834                        struct dentry **new;
1835                        new = krealloc(components,
1836                                        sizeof(*new) * (ncomponents + 16),
1837                                        GFP_KERNEL);
1838                        if (!new)
1839                                goto out_free;
1840                        components = new;
1841                }
1842                components[ncomponents++] = cur.dentry;
1843                cur.dentry = dget_parent(cur.dentry);
1844        }
1845        err = nfserr_resource;
1846        p = xdr_reserve_space(xdr, 4);
1847        if (!p)
1848                goto out_free;
1849        *p++ = cpu_to_be32(ncomponents);
1850
1851        while (ncomponents) {
1852                struct dentry *dentry = components[ncomponents - 1];
1853                unsigned int len;
1854
1855                spin_lock(&dentry->d_lock);
1856                len = dentry->d_name.len;
1857                p = xdr_reserve_space(xdr, len + 4);
1858                if (!p) {
1859                        spin_unlock(&dentry->d_lock);
1860                        goto out_free;
1861                }
1862                p = xdr_encode_opaque(p, dentry->d_name.name, len);
1863                dprintk("/%s", dentry->d_name.name);
1864                spin_unlock(&dentry->d_lock);
1865                dput(dentry);
1866                ncomponents--;
1867        }
1868
1869        err = 0;
1870out_free:
1871        dprintk(")\n");
1872        while (ncomponents)
1873                dput(components[--ncomponents]);
1874        kfree(components);
1875        path_put(&cur);
1876        return err;
1877}
1878
1879static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
1880                        struct svc_rqst *rqstp, const struct path *path)
1881{
1882        struct svc_export *exp_ps;
1883        __be32 res;
1884
1885        exp_ps = rqst_find_fsidzero_export(rqstp);
1886        if (IS_ERR(exp_ps))
1887                return nfserrno(PTR_ERR(exp_ps));
1888        res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
1889        exp_put(exp_ps);
1890        return res;
1891}
1892
1893/*
1894 *  encode a fs_locations structure
1895 */
1896static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
1897                        struct svc_rqst *rqstp, struct svc_export *exp)
1898{
1899        __be32 status;
1900        int i;
1901        __be32 *p;
1902        struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
1903
1904        status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
1905        if (status)
1906                return status;
1907        p = xdr_reserve_space(xdr, 4);
1908        if (!p)
1909                return nfserr_resource;
1910        *p++ = cpu_to_be32(fslocs->locations_count);
1911        for (i=0; i<fslocs->locations_count; i++) {
1912                status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
1913                if (status)
1914                        return status;
1915        }
1916        return 0;
1917}
1918
1919static u32 nfs4_file_type(umode_t mode)
1920{
1921        switch (mode & S_IFMT) {
1922        case S_IFIFO:   return NF4FIFO;
1923        case S_IFCHR:   return NF4CHR;
1924        case S_IFDIR:   return NF4DIR;
1925        case S_IFBLK:   return NF4BLK;
1926        case S_IFLNK:   return NF4LNK;
1927        case S_IFREG:   return NF4REG;
1928        case S_IFSOCK:  return NF4SOCK;
1929        default:        return NF4BAD;
1930        };
1931}
1932
1933static inline __be32
1934nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
1935                     struct nfs4_ace *ace)
1936{
1937        if (ace->whotype != NFS4_ACL_WHO_NAMED)
1938                return nfs4_acl_write_who(xdr, ace->whotype);
1939        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
1940                return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
1941        else
1942                return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
1943}
1944
1945#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
1946                              FATTR4_WORD0_RDATTR_ERROR)
1947#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
1948
1949#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
1950static inline __be32
1951nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
1952                            void *context, int len)
1953{
1954        __be32 *p;
1955
1956        p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
1957        if (!p)
1958                return nfserr_resource;
1959
1960        /*
1961         * For now we use a 0 here to indicate the null translation; in
1962         * the future we may place a call to translation code here.
1963         */
1964        *p++ = cpu_to_be32(0); /* lfs */
1965        *p++ = cpu_to_be32(0); /* pi */
1966        p = xdr_encode_opaque(p, context, len);
1967        return 0;
1968}
1969#else
1970static inline __be32
1971nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
1972                            void *context, int len)
1973{ return 0; }
1974#endif
1975
1976static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err)
1977{
1978        /* As per referral draft:  */
1979        if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
1980            *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
1981                if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
1982                    *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
1983                        *rdattr_err = NFSERR_MOVED;
1984                else
1985                        return nfserr_moved;
1986        }
1987        *bmval0 &= WORD0_ABSENT_FS_ATTRS;
1988        *bmval1 &= WORD1_ABSENT_FS_ATTRS;
1989        return 0;
1990}
1991
1992
1993static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
1994{
1995        struct path path = exp->ex_path;
1996        int err;
1997
1998        path_get(&path);
1999        while (follow_up(&path)) {
2000                if (path.dentry != path.mnt->mnt_root)

2001                        break;
2002        }
2003        err = vfs_getattr(&path, stat);
2004        path_put(&path);
2005        return err;
2006}
2007
2008/*
2009 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2010 * ourselves.
2011 */
2012static __be32
2013nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
2014                struct svc_export *exp,
2015                struct dentry *dentry, u32 *bmval,
2016                struct svc_rqst *rqstp, int ignore_crossmnt)
2017{
2018        u32 bmval0 = bmval[0];
2019        u32 bmval1 = bmval[1];
2020        u32 bmval2 = bmval[2];
2021        struct kstat stat;
2022        struct svc_fh *tempfh = NULL;
2023        struct kstatfs statfs;
2024        __be32 *p;
2025        int starting_len = xdr->buf->len;
2026        int attrlen_offset;
2027        __be32 attrlen;
2028        u32 dummy;
2029        u64 dummy64;
2030        u32 rdattr_err = 0;
2031        __be32 status;
2032        int err;
2033        int aclsupport = 0;
2034        struct nfs4_acl *acl = NULL;
2035        void *context = NULL;
2036        int contextlen;
2037        bool contextsupport = false;
2038        struct nfsd4_compoundres *resp = rqstp->rq_resp;
2039        u32 minorversion = resp->cstate.minorversion;
2040        struct path path = {
2041                .mnt    = exp->ex_path.mnt,
2042                .dentry = dentry,
2043        };
2044        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2045
2046        BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2047        BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion));
2048        BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
2049        BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion));
2050
2051        if (exp->ex_fslocs.migrated) {
2052                BUG_ON(bmval[2]);
2053                status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err);
2054                if (status)
2055                        goto out;
2056        }
2057
2058        err = vfs_getattr(&path, &stat);
2059        if (err)
2060                goto out_nfserr;
2061        if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
2062                        FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
2063            (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2064                       FATTR4_WORD1_SPACE_TOTAL))) {
2065                err = vfs_statfs(&path, &statfs);
2066                if (err)
2067                        goto out_nfserr;
2068        }
2069        if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2070                tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2071                status = nfserr_jukebox;
2072                if (!tempfh)
2073                        goto out;
2074                fh_init(tempfh, NFS4_FHSIZE);
2075                status = fh_compose(tempfh, exp, dentry, NULL);
2076                if (status)
2077                        goto out;
2078                fhp = tempfh;
2079        }
2080        if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
2081                        | FATTR4_WORD0_SUPPORTED_ATTRS)) {
2082                err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2083                aclsupport = (err == 0);
2084                if (bmval0 & FATTR4_WORD0_ACL) {
2085                        if (err == -EOPNOTSUPP)
2086                                bmval0 &= ~FATTR4_WORD0_ACL;
2087                        else if (err == -EINVAL) {
2088                                status = nfserr_attrnotsupp;
2089                                goto out;
2090                        } else if (err != 0)
2091                                goto out_nfserr;
2092                }
2093        }
2094
2095#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2096        if ((bmval[2] & FATTR4_WORD2_SECURITY_LABEL) ||
2097                        bmval[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
2098                err = security_inode_getsecctx(dentry->d_inode,
2099                                                &context, &contextlen);
2100                contextsupport = (err == 0);
2101                if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2102                        if (err == -EOPNOTSUPP)
2103                                bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2104                        else if (err)
2105                                goto out_nfserr;
2106                }
2107        }
2108#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2109
2110        if (bmval2) {
2111                p = xdr_reserve_space(xdr, 16);
2112                if (!p)
2113                        goto out_resource;
2114                *p++ = cpu_to_be32(3);
2115                *p++ = cpu_to_be32(bmval0);
2116                *p++ = cpu_to_be32(bmval1);
2117                *p++ = cpu_to_be32(bmval2);
2118        } else if (bmval1) {
2119                p = xdr_reserve_space(xdr, 12);
2120                if (!p)
2121                        goto out_resource;
2122                *p++ = cpu_to_be32(2);
2123                *p++ = cpu_to_be32(bmval0);
2124                *p++ = cpu_to_be32(bmval1);
2125        } else {
2126                p = xdr_reserve_space(xdr, 8);
2127                if (!p)
2128                        goto out_resource;
2129                *p++ = cpu_to_be32(1);
2130                *p++ = cpu_to_be32(bmval0);
2131        }
2132
2133        attrlen_offset = xdr->buf->len;
2134        p = xdr_reserve_space(xdr, 4);
2135        if (!p)
2136                goto out_resource;
2137        p++;                /* to be backfilled later */
2138
2139        if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2140                u32 word0 = nfsd_suppattrs0(minorversion);
2141                u32 word1 = nfsd_suppattrs1(minorversion);
2142                u32 word2 = nfsd_suppattrs2(minorversion);
2143
2144                if (!aclsupport)
2145                        word0 &= ~FATTR4_WORD0_ACL;
2146                if (!contextsupport)
2147                        word2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2148                if (!word2) {
2149                        p = xdr_reserve_space(xdr, 12);
2150                        if (!p)
2151                                goto out_resource;
2152                        *p++ = cpu_to_be32(2);
2153                        *p++ = cpu_to_be32(word0);
2154                        *p++ = cpu_to_be32(word1);
2155                } else {
2156                        p = xdr_reserve_space(xdr, 16);
2157                        if (!p)
2158                                goto out_resource;
2159                        *p++ = cpu_to_be32(3);
2160                        *p++ = cpu_to_be32(word0);
2161                        *p++ = cpu_to_be32(word1);
2162                        *p++ = cpu_to_be32(word2);
2163                }
2164        }
2165        if (bmval0 & FATTR4_WORD0_TYPE) {
2166                p = xdr_reserve_space(xdr, 4);
2167                if (!p)
2168                        goto out_resource;
2169                dummy = nfs4_file_type(stat.mode);
2170                if (dummy == NF4BAD) {
2171                        status = nfserr_serverfault;
2172                        goto out;
2173                }
2174                *p++ = cpu_to_be32(dummy);
2175        }
2176        if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2177                p = xdr_reserve_space(xdr, 4);
2178                if (!p)
2179                        goto out_resource;
2180                if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2181                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
2182                else
2183                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
2184                                                NFS4_FH_VOL_RENAME);
2185        }
2186        if (bmval0 & FATTR4_WORD0_CHANGE) {
2187                p = xdr_reserve_space(xdr, 8);
2188                if (!p)
2189                        goto out_resource;
2190                p = encode_change(p, &stat, dentry->d_inode);
2191        }
2192        if (bmval0 & FATTR4_WORD0_SIZE) {
2193                p = xdr_reserve_space(xdr, 8);
2194                if (!p)
2195                        goto out_resource;
2196                p = xdr_encode_hyper(p, stat.size);
2197        }
2198        if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2199                p = xdr_reserve_space(xdr, 4);
2200                if (!p)
2201                        goto out_resource;
2202                *p++ = cpu_to_be32(1);
2203        }
2204        if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2205                p = xdr_reserve_space(xdr, 4);
2206                if (!p)
2207                        goto out_resource;
2208                *p++ = cpu_to_be32(1);
2209        }
2210        if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2211                p = xdr_reserve_space(xdr, 4);
2212                if (!p)
2213                        goto out_resource;
2214                *p++ = cpu_to_be32(0);
2215        }
2216        if (bmval0 & FATTR4_WORD0_FSID) {
2217                p = xdr_reserve_space(xdr, 16);
2218                if (!p)
2219                        goto out_resource;
2220                if (exp->ex_fslocs.migrated) {
2221                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
2222                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
2223                } else switch(fsid_source(fhp)) {
2224                case FSIDSOURCE_FSID:
2225                        p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
2226                        p = xdr_encode_hyper(p, (u64)0);
2227                        break;
2228                case FSIDSOURCE_DEV:
2229                        *p++ = cpu_to_be32(0);
2230                        *p++ = cpu_to_be32(MAJOR(stat.dev));
2231                        *p++ = cpu_to_be32(0);
2232                        *p++ = cpu_to_be32(MINOR(stat.dev));
2233                        break;
2234                case FSIDSOURCE_UUID:
2235                        p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
2236                                                                EX_UUID_LEN);
2237                        break;
2238                }
2239        }
2240        if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2241                p = xdr_reserve_space(xdr, 4);
2242                if (!p)
2243                        goto out_resource;
2244                *p++ = cpu_to_be32(0);
2245        }
2246        if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2247                p = xdr_reserve_space(xdr, 4);
2248                if (!p)
2249                        goto out_resource;
2250                *p++ = cpu_to_be32(nn->nfsd4_lease);
2251        }
2252        if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2253                p = xdr_reserve_space(xdr, 4);
2254                if (!p)
2255                        goto out_resource;
2256                *p++ = cpu_to_be32(rdattr_err);
2257        }
2258        if (bmval0 & FATTR4_WORD0_ACL) {
2259                struct nfs4_ace *ace;
2260
2261                if (acl == NULL) {
2262                        p = xdr_reserve_space(xdr, 4);
2263                        if (!p)
2264                                goto out_resource;
2265
2266                        *p++ = cpu_to_be32(0);
2267                        goto out_acl;
2268                }
2269                p = xdr_reserve_space(xdr, 4);
2270                if (!p)
2271                        goto out_resource;
2272                *p++ = cpu_to_be32(acl->naces);
2273
2274                for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2275                        p = xdr_reserve_space(xdr, 4*3);
2276                        if (!p)
2277                                goto out_resource;
2278                        *p++ = cpu_to_be32(ace->type);
2279                        *p++ = cpu_to_be32(ace->flag);
2280                        *p++ = cpu_to_be32(ace->access_mask &
2281                                                        NFS4_ACE_MASK_ALL);
2282                        status = nfsd4_encode_aclname(xdr, rqstp, ace);
2283                        if (status)
2284                                goto out;
2285                }
2286        }
2287out_acl:
2288        if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2289                p = xdr_reserve_space(xdr, 4);
2290                if (!p)
2291                        goto out_resource;
2292                *p++ = cpu_to_be32(aclsupport ?
2293                        ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2294        }
2295        if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2296                p = xdr_reserve_space(xdr, 4);
2297                if (!p)
2298                        goto out_resource;
2299                *p++ = cpu_to_be32(1);
2300        }
2301        if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2302                p = xdr_reserve_space(xdr, 4);
2303                if (!p)
2304                        goto out_resource;
2305                *p++ = cpu_to_be32(0);
2306        }
2307        if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2308                p = xdr_reserve_space(xdr, 4);
2309                if (!p)
2310                        goto out_resource;
2311                *p++ = cpu_to_be32(1);
2312        }
2313        if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2314                p = xdr_reserve_space(xdr, 4);
2315                if (!p)
2316                        goto out_resource;
2317                *p++ = cpu_to_be32(1);
2318        }
2319        if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2320                p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
2321                if (!p)
2322                        goto out_resource;
2323                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
2324                                        fhp->fh_handle.fh_size);
2325        }
2326        if (bmval0 & FATTR4_WORD0_FILEID) {
2327                p = xdr_reserve_space(xdr, 8);
2328                if (!p)
2329                        goto out_resource;
2330                p = xdr_encode_hyper(p, stat.ino);
2331        }
2332        if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2333                p = xdr_reserve_space(xdr, 8);
2334                if (!p)
2335                        goto out_resource;
2336                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2337        }
2338        if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2339                p = xdr_reserve_space(xdr, 8);
2340                if (!p)
2341                        goto out_resource;
2342                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2343        }
2344        if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2345                p = xdr_reserve_space(xdr, 8);
2346                if (!p)
2347                        goto out_resource;
2348                p = xdr_encode_hyper(p, (u64) statfs.f_files);
2349        }
2350        if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2351                status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
2352                if (status)
2353                        goto out;
2354        }
2355        if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2356                p = xdr_reserve_space(xdr, 4);
2357                if (!p)
2358                        goto out_resource;
2359                *p++ = cpu_to_be32(1);
2360        }
2361        if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2362                p = xdr_reserve_space(xdr, 8);
2363                if (!p)
2364                        goto out_resource;
2365                p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
2366        }
2367        if (bmval0 & FATTR4_WORD0_MAXLINK) {
2368                p = xdr_reserve_space(xdr, 4);
2369                if (!p)
2370                        goto out_resource;
2371                *p++ = cpu_to_be32(255);
2372        }
2373        if (bmval0 & FATTR4_WORD0_MAXNAME) {
2374                p = xdr_reserve_space(xdr, 4);
2375                if (!p)
2376                        goto out_resource;
2377                *p++ = cpu_to_be32(statfs.f_namelen);
2378        }
2379        if (bmval0 & FATTR4_WORD0_MAXREAD) {
2380                p = xdr_reserve_space(xdr, 8);
2381                if (!p)
2382                        goto out_resource;
2383                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2384        }
2385        if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2386                p = xdr_reserve_space(xdr, 8);
2387                if (!p)
2388                        goto out_resource;
2389                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2390        }
2391        if (bmval1 & FATTR4_WORD1_MODE) {
2392                p = xdr_reserve_space(xdr, 4);
2393                if (!p)
2394                        goto out_resource;
2395                *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
2396        }
2397        if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2398                p = xdr_reserve_space(xdr, 4);
2399                if (!p)
2400                        goto out_resource;
2401                *p++ = cpu_to_be32(1);
2402        }
2403        if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2404                p = xdr_reserve_space(xdr, 4);
2405                if (!p)
2406                        goto out_resource;
2407                *p++ = cpu_to_be32(stat.nlink);
2408        }
2409        if (bmval1 & FATTR4_WORD1_OWNER) {
2410                status = nfsd4_encode_user(xdr, rqstp, stat.uid);
2411                if (status)
2412                        goto out;
2413        }
2414        if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2415                status = nfsd4_encode_group(xdr, rqstp, stat.gid);
2416                if (status)
2417                        goto out;
2418        }
2419        if (bmval1 & FATTR4_WORD1_RAWDEV) {
2420                p = xdr_reserve_space(xdr, 8);
2421                if (!p)
2422                        goto out_resource;
2423                *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
2424                *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
2425        }
2426        if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
2427                p = xdr_reserve_space(xdr, 8);
2428                if (!p)
2429                        goto out_resource;
2430                dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
2431                p = xdr_encode_hyper(p, dummy64);
2432        }
2433        if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
2434                p = xdr_reserve_space(xdr, 8);
2435                if (!p)
2436                        goto out_resource;
2437                dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
2438                p = xdr_encode_hyper(p, dummy64);
2439        }
2440        if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
2441                p = xdr_reserve_space(xdr, 8);
2442                if (!p)
2443                        goto out_resource;
2444                dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
2445                p = xdr_encode_hyper(p, dummy64);
2446        }
2447        if (bmval1 & FATTR4_WORD1_SPACE_USED) {
2448                p = xdr_reserve_space(xdr, 8);
2449                if (!p)
2450                        goto out_resource;
2451                dummy64 = (u64)stat.blocks << 9;
2452                p = xdr_encode_hyper(p, dummy64);
2453        }
2454        if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
2455                p = xdr_reserve_space(xdr, 12);
2456                if (!p)
2457                        goto out_resource;
2458                p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
2459                *p++ = cpu_to_be32(stat.atime.tv_nsec);
2460        }
2461        if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
2462                p = xdr_reserve_space(xdr, 12);
2463                if (!p)
2464                        goto out_resource;
2465                *p++ = cpu_to_be32(0);
2466                *p++ = cpu_to_be32(1);
2467                *p++ = cpu_to_be32(0);
2468        }
2469        if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
2470                p = xdr_reserve_space(xdr, 12);
2471                if (!p)
2472                        goto out_resource;
2473                p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
2474                *p++ = cpu_to_be32(stat.ctime.tv_nsec);
2475        }
2476        if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
2477                p = xdr_reserve_space(xdr, 12);
2478                if (!p)
2479                        goto out_resource;
2480                p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
2481                *p++ = cpu_to_be32(stat.mtime.tv_nsec);
2482        }
2483        if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
2484                p = xdr_reserve_space(xdr, 8);
2485                if (!p)
2486                        goto out_resource;
2487                /*
2488                 * Get parent's attributes if not ignoring crossmount
2489                 * and this is the root of a cross-mounted filesystem.
2490                 */
2491                if (ignore_crossmnt == 0 &&
2492                    dentry == exp->ex_path.mnt->mnt_root)
2493                        get_parent_attributes(exp, &stat);
2494                p = xdr_encode_hyper(p, stat.ino);
2495        }
2496        if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2497                status = nfsd4_encode_security_label(xdr, rqstp, context,
2498                                                                contextlen);
2499                if (status)
2500                        goto out;
2501        }
2502        if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
2503                p = xdr_reserve_space(xdr, 16);
2504                if (!p)
2505                        goto out_resource;
2506                *p++ = cpu_to_be32(3);
2507                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
2508                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
2509                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD2);
2510        }
2511
2512        attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
2513        write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
2514        status = nfs_ok;
2515
2516out:
2517#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2518        if (context)
2519                security_release_secctx(context, contextlen);
2520#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2521        kfree(acl);
2522        if (tempfh) {
2523                fh_put(tempfh);
2524                kfree(tempfh);
2525        }
2526        if (status)
2527                xdr_truncate_encode(xdr, starting_len);
2528        return status;
2529out_nfserr:
2530        status = nfserrno(err);
2531        goto out;
2532out_resource:
2533        status = nfserr_resource;
2534        goto out;
2535}
2536
2537static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
2538                                struct xdr_buf *buf, __be32 *p, int bytes)
2539{
2540        xdr->scratch.iov_len = 0;
2541        memset(buf, 0, sizeof(struct xdr_buf));
2542        buf->head[0].iov_base = p;
2543        buf->head[0].iov_len = 0;
2544        buf->len = 0;
2545        xdr->buf = buf;
2546        xdr->iov = buf->head;
2547        xdr->p = p;
2548        xdr->end = (void *)p + bytes;
2549        buf->buflen = bytes;
2550}
2551
2552__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
2553                        struct svc_fh *fhp, struct svc_export *exp,
2554                        struct dentry *dentry, u32 *bmval,
2555                        struct svc_rqst *rqstp, int ignore_crossmnt)
2556{
2557        struct xdr_buf dummy;
2558        struct xdr_stream xdr;
2559        __be32 ret;
2560
2561        svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
2562        ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
2563                                                        ignore_crossmnt);
2564        *p = xdr.p;
2565        return ret;
2566}
2567
2568static inline int attributes_need_mount(u32 *bmval)
2569{
2570        if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
2571                return 1;
2572        if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
2573                return 1;
2574        return 0;
2575}
2576
2577static __be32
2578nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
2579                        const char *name, int namlen)
2580{
2581        struct svc_export *exp = cd->rd_fhp->fh_export;
2582        struct dentry *dentry;
2583        __be32 nfserr;
2584        int ignore_crossmnt = 0;
2585
2586        dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
2587        if (IS_ERR(dentry))
2588                return nfserrno(PTR_ERR(dentry));
2589        if (!dentry->d_inode) {
2590                /*
2591                 * nfsd_buffered_readdir drops the i_mutex between
2592                 * readdir and calling this callback, leaving a window
2593                 * where this directory entry could have gone away.
2594                 */
2595                dput(dentry);
2596                return nfserr_noent;
2597        }
2598
2599        exp_get(exp);
2600        /*
2601         * In the case of a mountpoint, the client may be asking for
2602         * attributes that are only properties of the underlying filesystem
2603         * as opposed to the cross-mounted file system. In such a case,
2604         * we will not follow the cross mount and will fill the attribtutes
2605         * directly from the mountpoint dentry.
2606         */
2607        if (nfsd_mountpoint(dentry, exp)) {
2608                int err;
2609
2610                if (!(exp->ex_flags & NFSEXP_V4ROOT)
2611                                && !attributes_need_mount(cd->rd_bmval)) {
2612                        ignore_crossmnt = 1;
2613                        goto out_encode;
2614                }
2615                /*
2616                 * Why the heck aren't we just using nfsd_lookup??
2617                 * Different "."/".." handling?  Something else?
2618                 * At least, add a comment here to explain....
2619                 */
2620                err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
2621                if (err) {
2622                        nfserr = nfserrno(err);
2623                        goto out_put;
2624                }
2625                nfserr = check_nfsd_access(exp, cd->rd_rqstp);
2626                if (nfserr)
2627                        goto out_put;
2628
2629        }
2630out_encode:
2631        nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval,
2632                                        cd->rd_rqstp, ignore_crossmnt);
2633out_put:
2634        dput(dentry);
2635        exp_put(exp);
2636        return nfserr;
2637}
2638
2639static __be32 *
2640nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr)
2641{
2642        __be32 *p;
2643
2644        p = xdr_reserve_space(xdr, 20);
2645        if (!p)
2646                return NULL;
2647        *p++ = htonl(2);
2648        *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
2649        *p++ = htonl(0);                         /* bmval1 */
2650
2651        *p++ = htonl(4);     /* attribute length */
2652        *p++ = nfserr;       /* no htonl */
2653        return p;
2654}
2655
2656static int
2657nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2658                    loff_t offset, u64 ino, unsigned int d_type)
2659{
2660        struct readdir_cd *ccd = ccdv;
2661        struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
2662        struct xdr_stream *xdr = cd->xdr;
2663        int start_offset = xdr->buf->len;
2664        int cookie_offset;
2665        int entry_bytes;
2666        __be32 nfserr = nfserr_toosmall;
2667        __be64 wire_offset;
2668        __be32 *p;
2669
2670        /* In nfsv4, "." and ".." never make it onto the wire.. */
2671        if (name && isdotent(name, namlen)) {
2672                cd->common.err = nfs_ok;
2673                return 0;
2674        }
2675
2676        if (cd->cookie_offset) {
2677                wire_offset = cpu_to_be64(offset);
2678                write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset,
2679                                                        &wire_offset, 8);
2680        }
2681
2682        p = xdr_reserve_space(xdr, 4);
2683        if (!p)
2684                goto fail;
2685        *p++ = xdr_one;                             /* mark entry present */
2686        cookie_offset = xdr->buf->len;
2687        p = xdr_reserve_space(xdr, 3*4 + namlen);
2688        if (!p)
2689                goto fail;
2690        p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
2691        p = xdr_encode_array(p, name, namlen);      /* name length & name */
2692
2693        nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen);
2694        switch (nfserr) {
2695        case nfs_ok:
2696                break;
2697        case nfserr_resource:
2698                nfserr = nfserr_toosmall;
2699                goto fail;
2700        case nfserr_noent:
2701                xdr_truncate_encode(xdr, start_offset);
2702                goto skip_entry;
2703        default:
2704                /*
2705                 * If the client requested the RDATTR_ERROR attribute,
2706                 * we stuff the error code into this attribute
2707                 * and continue.  If this attribute was not requested,
2708                 * then in accordance with the spec, we fail the
2709                 * entire READDIR operation(!)
2710                 */
2711                if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
2712                        goto fail;
2713                p = nfsd4_encode_rdattr_error(xdr, nfserr);
2714                if (p == NULL) {
2715                        nfserr = nfserr_toosmall;
2716                        goto fail;
2717                }
2718        }
2719        nfserr = nfserr_toosmall;
2720        entry_bytes = xdr->buf->len - start_offset;
2721        if (entry_bytes > cd->rd_maxcount)
2722                goto fail;
2723        cd->rd_maxcount -= entry_bytes;
2724        if (!cd->rd_dircount)
2725                goto fail;
2726        cd->rd_dircount--;
2727        cd->cookie_offset = cookie_offset;
2728skip_entry:
2729        cd->common.err = nfs_ok;
2730        return 0;
2731fail:
2732        xdr_truncate_encode(xdr, start_offset);
2733        cd->common.err = nfserr;
2734        return -EINVAL;
2735}
2736
2737static __be32
2738nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
2739{
2740        __be32 *p;
2741
2742        p = xdr_reserve_space(xdr, sizeof(stateid_t));
2743        if (!p)
2744                return nfserr_resource;
2745        *p++ = cpu_to_be32(sid->si_generation);
2746        p = xdr_encode_opaque_fixed(p, &sid->si_opaque,
2747                                        sizeof(stateid_opaque_t));
2748        return 0;
2749}
2750
2751static __be32
2752nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
2753{
2754        struct xdr_stream *xdr = &resp->xdr;
2755        __be32 *p;
2756
2757        if (!nfserr) {
2758                p = xdr_reserve_space(xdr, 8);
2759                if (!p)
2760                        return nfserr_resource;
2761                *p++ = cpu_to_be32(access->ac_supported);
2762                *p++ = cpu_to_be32(access->ac_resp_access);
2763        }
2764        return nfserr;
2765}
2766
2767static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
2768{
2769        struct xdr_stream *xdr = &resp->xdr;
2770        __be32 *p;
2771
2772        if (!nfserr) {
2773                p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8);
2774                if (!p)
2775                        return nfserr_resource;
2776                p = xdr_encode_opaque_fixed(p, bcts->sessionid.data,
2777                                                NFS4_MAX_SESSIONID_LEN);
2778                *p++ = cpu_to_be32(bcts->dir);
2779                /* Sorry, we do not yet support RDMA over 4.1: */
2780                *p++ = cpu_to_be32(0);
2781        }
2782        return nfserr;
2783}
2784
2785static __be32
2786nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
2787{
2788        struct xdr_stream *xdr = &resp->xdr;
2789
2790        if (!nfserr)
2791                nfserr = nfsd4_encode_stateid(xdr, &close->cl_stateid);
2792
2793        return nfserr;
2794}
2795
2796
2797static __be32
2798nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
2799{
2800        struct xdr_stream *xdr = &resp->xdr;
2801        __be32 *p;
2802
2803        if (!nfserr) {
2804                p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
2805                if (!p)
2806                        return nfserr_resource;
2807                p = xdr_encode_opaque_fixed(p, commit->co_verf.data,
2808                                                NFS4_VERIFIER_SIZE);
2809        }
2810        return nfserr;
2811}
2812
2813static __be32
2814nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
2815{
2816        struct xdr_stream *xdr = &resp->xdr;
2817        __be32 *p;
2818
2819        if (!nfserr) {
2820                p = xdr_reserve_space(xdr, 32);
2821                if (!p)
2822                        return nfserr_resource;
2823                p = encode_cinfo(p, &create->cr_cinfo);
2824                *p++ = cpu_to_be32(2);
2825                *p++ = cpu_to_be32(create->cr_bmval[0]);
2826                *p++ = cpu_to_be32(create->cr_bmval[1]);
2827        }
2828        return nfserr;
2829}
2830
2831static __be32
2832nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
2833{
2834        struct svc_fh *fhp = getattr->ga_fhp;
2835        struct xdr_stream *xdr = &resp->xdr;
2836
2837        if (nfserr)
2838                return nfserr;
2839
2840        nfserr = nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry,
2841                                    getattr->ga_bmval,
2842                                    resp->rqstp, 0);
2843        return nfserr;
2844}
2845
2846static __be32
2847nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
2848{
2849        struct xdr_stream *xdr = &resp->xdr;
2850        struct svc_fh *fhp = *fhpp;
2851        unsigned int len;
2852        __be32 *p;
2853
2854        if (!nfserr) {
2855                len = fhp->fh_handle.fh_size;
2856                p = xdr_reserve_space(xdr, len + 4);
2857                if (!p)
2858                        return nfserr_resource;
2859                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base, len);
2860        }
2861        return nfserr;
2862}
2863
2864/*
2865* Including all fields other than the name, a LOCK4denied structure requires
2866*   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
2867*/
2868static __be32
2869nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
2870{
2871        struct xdr_netobj *conf = &ld->ld_owner;
2872        __be32 *p;
2873
2874again:
2875        p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len));
2876        if (!p) {
2877                /*
2878                 * Don't fail to return the result just because we can't
2879                 * return the conflicting open:
2880                 */
2881                if (conf->len) {
2882                        kfree(conf->data);
2883                        conf->len = 0;
2884                        conf->data = NULL;
2885                        goto again;
2886                }
2887                return nfserr_resource;
2888        }
2889        p = xdr_encode_hyper(p, ld->ld_start);
2890        p = xdr_encode_hyper(p, ld->ld_length);
2891        *p++ = cpu_to_be32(ld->ld_type);
2892        if (conf->len) {
2893                p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8);
2894                p = xdr_encode_opaque(p, conf->data, conf->len);
2895                kfree(conf->data);
2896        }  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
2897                p = xdr_encode_hyper(p, (u64)0); /* clientid */
2898                *p++ = cpu_to_be32(0); /* length of owner name */
2899        }
2900        return nfserr_denied;
2901}
2902
2903static __be32
2904nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
2905{
2906        struct xdr_stream *xdr = &resp->xdr;
2907
2908        if (!nfserr)
2909                nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid);
2910        else if (nfserr == nfserr_denied)
2911                nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied);
2912
2913        return nfserr;
2914}
2915
2916static __be32
2917nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
2918{
2919        struct xdr_stream *xdr = &resp->xdr;
2920
2921        if (nfserr == nfserr_denied)
2922                nfsd4_encode_lock_denied(xdr, &lockt->lt_denied);
2923        return nfserr;
2924}
2925
2926static __be32
2927nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
2928{
2929        struct xdr_stream *xdr = &resp->xdr;
2930
2931        if (!nfserr)
2932                nfserr = nfsd4_encode_stateid(xdr, &locku->lu_stateid);
2933
2934        return nfserr;
2935}
2936
2937
2938static __be32
2939nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
2940{
2941        struct xdr_stream *xdr = &resp->xdr;
2942        __be32 *p;
2943
2944        if (!nfserr) {
2945                p = xdr_reserve_space(xdr, 20);
2946                if (!p)
2947                        return nfserr_resource;
2948                p = encode_cinfo(p, &link->li_cinfo);
2949        }
2950        return nfserr;
2951}
2952
2953
2954static __be32
2955nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
2956{
2957        struct xdr_stream *xdr = &resp->xdr;
2958        __be32 *p;
2959
2960        if (nfserr)
2961                goto out;
2962
2963        nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid);
2964        if (nfserr)
2965                goto out;
2966        p = xdr_reserve_space(xdr, 40);
2967        if (!p)
2968                return nfserr_resource;
2969        p = encode_cinfo(p, &open->op_cinfo);
2970        *p++ = cpu_to_be32(open->op_rflags);
2971        *p++ = cpu_to_be32(2);
2972        *p++ = cpu_to_be32(open->op_bmval[0]);
2973        *p++ = cpu_to_be32(open->op_bmval[1]);
2974        *p++ = cpu_to_be32(open->op_delegate_type);
2975
2976        switch (open->op_delegate_type) {
2977        case NFS4_OPEN_DELEGATE_NONE:
2978                break;
2979        case NFS4_OPEN_DELEGATE_READ:
2980                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
2981                if (nfserr)
2982                        return nfserr;
2983                p = xdr_reserve_space(xdr, 20);
2984                if (!p)
2985                        return nfserr_resource;
2986                *p++ = cpu_to_be32(open->op_recall);
2987
2988                /*
2989                 * TODO: ACE's in delegations
2990                 */
2991                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2992                *p++ = cpu_to_be32(0);
2993                *p++ = cpu_to_be32(0);
2994                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
2995                break;
2996        case NFS4_OPEN_DELEGATE_WRITE:
2997                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
2998                if (nfserr)
2999                        return nfserr;
3000                p = xdr_reserve_space(xdr, 32);

3001                if (!p)
3002                        return nfserr_resource;
3003                *p++ = cpu_to_be32(0);
3004
3005                /*
3006                 * TODO: space_limit's in delegations
3007                 */
3008                *p++ = cpu_to_be32(NFS4_LIMIT_SIZE);
3009                *p++ = cpu_to_be32(~(u32)0);
3010                *p++ = cpu_to_be32(~(u32)0);
3011
3012                /*
3013                 * TODO: ACE's in delegations
3014                 */
3015                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3016                *p++ = cpu_to_be32(0);
3017                *p++ = cpu_to_be32(0);
3018                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3019                break;
3020        case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
3021                switch (open->op_why_no_deleg) {
3022                case WND4_CONTENTION:
3023                case WND4_RESOURCE:
3024                        p = xdr_reserve_space(xdr, 8);
3025                        if (!p)
3026                                return nfserr_resource;
3027                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3028                        /* deleg signaling not supported yet: */
3029                        *p++ = cpu_to_be32(0);
3030                        break;
3031                default:
3032                        p = xdr_reserve_space(xdr, 4);
3033                        if (!p)
3034                                return nfserr_resource;
3035                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3036                }
3037                break;
3038        default:
3039                BUG();
3040        }
3041        /* XXX save filehandle here */
3042out:
3043        return nfserr;
3044}
3045
3046static __be32
3047nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
3048{
3049        struct xdr_stream *xdr = &resp->xdr;
3050
3051        if (!nfserr)
3052                nfserr = nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid);
3053
3054        return nfserr;
3055}
3056
3057static __be32
3058nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
3059{
3060        struct xdr_stream *xdr = &resp->xdr;
3061
3062        if (!nfserr)
3063                nfserr = nfsd4_encode_stateid(xdr, &od->od_stateid);
3064
3065        return nfserr;
3066}
3067
3068static __be32 nfsd4_encode_splice_read(
3069                                struct nfsd4_compoundres *resp,
3070                                struct nfsd4_read *read,
3071                                struct file *file, unsigned long maxcount)
3072{
3073        struct xdr_stream *xdr = &resp->xdr;
3074        struct xdr_buf *buf = xdr->buf;
3075        u32 eof;
3076        int space_left;
3077        __be32 nfserr;
3078        __be32 *p = xdr->p - 2;
3079
3080        /*
3081         * Don't inline pages unless we know there's room for eof,
3082         * count, and possible padding:
3083         */
3084        if (xdr->end - xdr->p < 3)
3085                return nfserr_resource;
3086
3087        nfserr = nfsd_splice_read(read->rd_rqstp, file,
3088                                  read->rd_offset, &maxcount);
3089        if (nfserr) {
3090                /*
3091                 * nfsd_splice_actor may have already messed with the
3092                 * page length; reset it so as not to confuse
3093                 * xdr_truncate_encode:
3094                 */
3095                buf->page_len = 0;
3096                return nfserr;
3097        }
3098
3099        eof = (read->rd_offset + maxcount >=
3100               read->rd_fhp->fh_dentry->d_inode->i_size);
3101
3102        *(p++) = htonl(eof);
3103        *(p++) = htonl(maxcount);
3104
3105        buf->page_len = maxcount;
3106        buf->len += maxcount;
3107        xdr->page_ptr += (maxcount + PAGE_SIZE - 1) / PAGE_SIZE;
3108
3109        /* Use rest of head for padding and remaining ops: */
3110        buf->tail[0].iov_base = xdr->p;
3111        buf->tail[0].iov_len = 0;
3112        xdr->iov = buf->tail;
3113        if (maxcount&3) {
3114                int pad = 4 - (maxcount&3);
3115
3116                *(xdr->p++) = 0;
3117
3118                buf->tail[0].iov_base += maxcount&3;
3119                buf->tail[0].iov_len = pad;
3120                buf->len += pad;
3121        }
3122
3123        space_left = min_t(int, (void *)xdr->end - (void *)xdr->p,
3124                                buf->buflen - buf->len);
3125        buf->buflen = buf->len + space_left;
3126        xdr->end = (__be32 *)((void *)xdr->end + space_left);
3127
3128        return 0;
3129}
3130
3131static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
3132                                 struct nfsd4_read *read,
3133                                 struct file *file, unsigned long maxcount)
3134{
3135        struct xdr_stream *xdr = &resp->xdr;
3136        u32 eof;
3137        int v;
3138        int starting_len = xdr->buf->len - 8;
3139        long len;
3140        int thislen;
3141        __be32 nfserr;
3142        __be32 tmp;
3143        __be32 *p;
3144        u32 zzz = 0;
3145        int pad;
3146
3147        len = maxcount;
3148        v = 0;
3149
3150        thislen = (void *)xdr->end - (void *)xdr->p;
3151        if (len < thislen)
3152                thislen = len;
3153        p = xdr_reserve_space(xdr, (thislen+3)&~3);
3154        WARN_ON_ONCE(!p);
3155        resp->rqstp->rq_vec[v].iov_base = p;
3156        resp->rqstp->rq_vec[v].iov_len = thislen;
3157        v++;
3158        len -= thislen;
3159
3160        while (len) {
3161                thislen = min_t(long, len, PAGE_SIZE);
3162                p = xdr_reserve_space(xdr, (thislen+3)&~3);
3163                WARN_ON_ONCE(!p);
3164                resp->rqstp->rq_vec[v].iov_base = p;
3165                resp->rqstp->rq_vec[v].iov_len = thislen;
3166                v++;
3167                len -= thislen;
3168        }
3169        read->rd_vlen = v;
3170
3171        nfserr = nfsd_readv(file, read->rd_offset, resp->rqstp->rq_vec,
3172                        read->rd_vlen, &maxcount);
3173        if (nfserr)
3174                return nfserr;
3175        xdr_truncate_encode(xdr, starting_len + 8 + ((maxcount+3)&~3));
3176
3177        eof = (read->rd_offset + maxcount >=
3178               read->rd_fhp->fh_dentry->d_inode->i_size);
3179
3180        tmp = htonl(eof);
3181        write_bytes_to_xdr_buf(xdr->buf, starting_len    , &tmp, 4);
3182        tmp = htonl(maxcount);
3183        write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3184
3185        pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3186        write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3187                                                                &zzz, pad);
3188        return 0;
3189
3190}
3191
3192static __be32
3193nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
3194                  struct nfsd4_read *read)
3195{
3196        unsigned long maxcount;
3197        struct xdr_stream *xdr = &resp->xdr;
3198        struct file *file = read->rd_filp;
3199        int starting_len = xdr->buf->len;
3200        struct raparms *ra;
3201        __be32 *p;
3202        __be32 err;
3203
3204        if (nfserr)
3205                return nfserr;
3206
3207        p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3208        if (!p) {
3209                WARN_ON_ONCE(resp->rqstp->rq_splice_ok);
3210                return nfserr_resource;
3211        }
3212        if (resp->xdr.buf->page_len && resp->rqstp->rq_splice_ok) {
3213                WARN_ON_ONCE(1);
3214                return nfserr_resource;
3215        }
3216        xdr_commit_encode(xdr);
3217
3218        maxcount = svc_max_payload(resp->rqstp);
3219        if (maxcount > xdr->buf->buflen - xdr->buf->len)
3220                maxcount = xdr->buf->buflen - xdr->buf->len;
3221        if (maxcount > read->rd_length)
3222                maxcount = read->rd_length;
3223
3224        if (!read->rd_filp) {
3225                err = nfsd_get_tmp_read_open(resp->rqstp, read->rd_fhp,
3226                                                &file, &ra);
3227                if (err)
3228                        goto err_truncate;
3229        }
3230
3231        if (file->f_op->splice_read && resp->rqstp->rq_splice_ok)
3232                err = nfsd4_encode_splice_read(resp, read, file, maxcount);
3233        else
3234                err = nfsd4_encode_readv(resp, read, file, maxcount);
3235
3236        if (!read->rd_filp)
3237                nfsd_put_tmp_read_open(file, ra);
3238
3239err_truncate:
3240        if (err)
3241                xdr_truncate_encode(xdr, starting_len);
3242        return err;
3243}
3244
3245static __be32
3246nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
3247{
3248        int maxcount;
3249        __be32 wire_count;
3250        int zero = 0;
3251        struct xdr_stream *xdr = &resp->xdr;
3252        int length_offset = xdr->buf->len;
3253        __be32 *p;
3254
3255        if (nfserr)
3256                return nfserr;
3257
3258        p = xdr_reserve_space(xdr, 4);
3259        if (!p)
3260                return nfserr_resource;
3261        maxcount = PAGE_SIZE;
3262
3263        p = xdr_reserve_space(xdr, maxcount);
3264        if (!p)
3265                return nfserr_resource;
3266        /*
3267         * XXX: By default, the ->readlink() VFS op will truncate symlinks
3268         * if they would overflow the buffer.  Is this kosher in NFSv4?  If
3269         * not, one easy fix is: if ->readlink() precisely fills the buffer,
3270         * assume that truncation occurred, and return NFS4ERR_RESOURCE.
3271         */
3272        nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp,
3273                                                (char *)p, &maxcount);
3274        if (nfserr == nfserr_isdir)
3275                nfserr = nfserr_inval;
3276        if (nfserr) {
3277                xdr_truncate_encode(xdr, length_offset);
3278                return nfserr;
3279        }
3280
3281        wire_count = htonl(maxcount);
3282        write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4);
3283        xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4));
3284        if (maxcount & 3)
3285                write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount,
3286                                                &zero, 4 - (maxcount&3));
3287        return 0;
3288}
3289
3290static __be32
3291nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3292{
3293        int maxcount;
3294        int bytes_left;
3295        loff_t offset;
3296        __be64 wire_offset;
3297        struct xdr_stream *xdr = &resp->xdr;
3298        int starting_len = xdr->buf->len;
3299        __be32 *p;
3300
3301        if (nfserr)
3302                return nfserr;
3303
3304        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3305        if (!p)
3306                return nfserr_resource;
3307
3308        /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3309        *p++ = cpu_to_be32(0);
3310        *p++ = cpu_to_be32(0);
3311        resp->xdr.buf->head[0].iov_len = ((char *)resp->xdr.p)
3312                                - (char *)resp->xdr.buf->head[0].iov_base;
3313
3314        /*
3315         * Number of bytes left for directory entries allowing for the
3316         * final 8 bytes of the readdir and a following failed op:
3317         */
3318        bytes_left = xdr->buf->buflen - xdr->buf->len
3319                        - COMPOUND_ERR_SLACK_SPACE - 8;
3320        if (bytes_left < 0) {
3321                nfserr = nfserr_resource;
3322                goto err_no_verf;
3323        }
3324        maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX);
3325        /*
3326         * Note the rfc defines rd_maxcount as the size of the
3327         * READDIR4resok structure, which includes the verifier above
3328         * and the 8 bytes encoded at the end of this function:
3329         */
3330        if (maxcount < 16) {
3331                nfserr = nfserr_toosmall;
3332                goto err_no_verf;
3333        }
3334        maxcount = min_t(int, maxcount-16, bytes_left);
3335
3336        readdir->xdr = xdr;
3337        readdir->rd_maxcount = maxcount;
3338        readdir->common.err = 0;
3339        readdir->cookie_offset = 0;
3340
3341        offset = readdir->rd_cookie;
3342        nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3343                              &offset,
3344                              &readdir->common, nfsd4_encode_dirent);
3345        if (nfserr == nfs_ok &&
3346            readdir->common.err == nfserr_toosmall &&
3347            xdr->buf->len == starting_len + 8) {
3348                /* nothing encoded; which limit did we hit?: */
3349                if (maxcount - 16 < bytes_left)
3350                        /* It was the fault of rd_maxcount: */
3351                        nfserr = nfserr_toosmall;
3352                else
3353                        /* We ran out of buffer space: */
3354                        nfserr = nfserr_resource;
3355        }
3356        if (nfserr)
3357                goto err_no_verf;
3358
3359        if (readdir->cookie_offset) {
3360                wire_offset = cpu_to_be64(offset);
3361                write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset,
3362                                                        &wire_offset, 8);
3363        }
3364
3365        p = xdr_reserve_space(xdr, 8);
3366        if (!p) {
3367                WARN_ON_ONCE(1);
3368                goto err_no_verf;
3369        }
3370        *p++ = 0;       /* no more entries */
3371        *p++ = htonl(readdir->common.err == nfserr_eof);
3372
3373        return 0;
3374err_no_verf:
3375        xdr_truncate_encode(xdr, starting_len);
3376        return nfserr;
3377}
3378
3379static __be32
3380nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3381{
3382        struct xdr_stream *xdr = &resp->xdr;
3383        __be32 *p;
3384
3385        if (!nfserr) {
3386                p = xdr_reserve_space(xdr, 20);
3387                if (!p)
3388                        return nfserr_resource;
3389                p = encode_cinfo(p, &remove->rm_cinfo);
3390        }
3391        return nfserr;
3392}
3393
3394static __be32
3395nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3396{
3397        struct xdr_stream *xdr = &resp->xdr;
3398        __be32 *p;
3399
3400        if (!nfserr) {
3401                p = xdr_reserve_space(xdr, 40);
3402                if (!p)
3403                        return nfserr_resource;
3404                p = encode_cinfo(p, &rename->rn_sinfo);
3405                p = encode_cinfo(p, &rename->rn_tinfo);
3406        }
3407        return nfserr;
3408}
3409
3410static __be32
3411nfsd4_do_encode_secinfo(struct xdr_stream *xdr,
3412                         __be32 nfserr, struct svc_export *exp)
3413{
3414        u32 i, nflavs, supported;
3415        struct exp_flavor_info *flavs;
3416        struct exp_flavor_info def_flavs[2];
3417        __be32 *p, *flavorsp;
3418        static bool report = true;
3419
3420        if (nfserr)
3421                goto out;
3422        nfserr = nfserr_resource;
3423        if (exp->ex_nflavors) {
3424                flavs = exp->ex_flavors;
3425                nflavs = exp->ex_nflavors;
3426        } else { /* Handling of some defaults in absence of real secinfo: */
3427                flavs = def_flavs;
3428                if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3429                        nflavs = 2;
3430                        flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3431                        flavs[1].pseudoflavor = RPC_AUTH_NULL;
3432                } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
3433                        nflavs = 1;
3434                        flavs[0].pseudoflavor
3435                                        = svcauth_gss_flavor(exp->ex_client);
3436                } else {
3437                        nflavs = 1;
3438                        flavs[0].pseudoflavor
3439                                        = exp->ex_client->flavour->flavour;
3440                }
3441        }
3442
3443        supported = 0;
3444        p = xdr_reserve_space(xdr, 4);
3445        if (!p)
3446                goto out;
3447        flavorsp = p++;         /* to be backfilled later */
3448
3449        for (i = 0; i < nflavs; i++) {
3450                rpc_authflavor_t pf = flavs[i].pseudoflavor;
3451                struct rpcsec_gss_info info;
3452
3453                if (rpcauth_get_gssinfo(pf, &info) == 0) {
3454                        supported++;
3455                        p = xdr_reserve_space(xdr, 4 + 4 +
3456                                              XDR_LEN(info.oid.len) + 4 + 4);
3457                        if (!p)
3458                                goto out;
3459                        *p++ = cpu_to_be32(RPC_AUTH_GSS);
3460                        p = xdr_encode_opaque(p,  info.oid.data, info.oid.len);
3461                        *p++ = cpu_to_be32(info.qop);
3462                        *p++ = cpu_to_be32(info.service);
3463                } else if (pf < RPC_AUTH_MAXFLAVOR) {
3464                        supported++;
3465                        p = xdr_reserve_space(xdr, 4);
3466                        if (!p)
3467                                goto out;
3468                        *p++ = cpu_to_be32(pf);
3469                } else {
3470                        if (report)
3471                                pr_warn("NFS: SECINFO: security flavor %u "
3472                                        "is not supported\n", pf);
3473                }
3474        }
3475
3476        if (nflavs != supported)
3477                report = false;
3478        *flavorsp = htonl(supported);
3479        nfserr = 0;
3480out:
3481        if (exp)
3482                exp_put(exp);
3483        return nfserr;
3484}
3485
3486static __be32
3487nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
3488                     struct nfsd4_secinfo *secinfo)
3489{
3490        struct xdr_stream *xdr = &resp->xdr;
3491
3492        return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->si_exp);
3493}
3494
3495static __be32
3496nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
3497                     struct nfsd4_secinfo_no_name *secinfo)
3498{
3499        struct xdr_stream *xdr = &resp->xdr;
3500
3501        return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->sin_exp);
3502}
3503
3504/*
3505 * The SETATTR encode routine is special -- it always encodes a bitmap,
3506 * regardless of the error status.
3507 */
3508static __be32
3509nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
3510{
3511        struct xdr_stream *xdr = &resp->xdr;
3512        __be32 *p;
3513
3514        p = xdr_reserve_space(xdr, 16);
3515        if (!p)
3516                return nfserr_resource;
3517        if (nfserr) {
3518                *p++ = cpu_to_be32(3);
3519                *p++ = cpu_to_be32(0);
3520                *p++ = cpu_to_be32(0);
3521                *p++ = cpu_to_be32(0);
3522        }
3523        else {
3524                *p++ = cpu_to_be32(3);
3525                *p++ = cpu_to_be32(setattr->sa_bmval[0]);
3526                *p++ = cpu_to_be32(setattr->sa_bmval[1]);
3527                *p++ = cpu_to_be32(setattr->sa_bmval[2]);
3528        }
3529        return nfserr;
3530}
3531
3532static __be32
3533nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
3534{
3535        struct xdr_stream *xdr = &resp->xdr;
3536        __be32 *p;
3537
3538        if (!nfserr) {
3539                p = xdr_reserve_space(xdr, 8 + NFS4_VERIFIER_SIZE);
3540                if (!p)
3541                        return nfserr_resource;
3542                p = xdr_encode_opaque_fixed(p, &scd->se_clientid, 8);
3543                p = xdr_encode_opaque_fixed(p, &scd->se_confirm,
3544                                                NFS4_VERIFIER_SIZE);
3545        }
3546        else if (nfserr == nfserr_clid_inuse) {
3547                p = xdr_reserve_space(xdr, 8);
3548                if (!p)
3549                        return nfserr_resource;
3550                *p++ = cpu_to_be32(0);
3551                *p++ = cpu_to_be32(0);
3552        }
3553        return nfserr;
3554}
3555
3556static __be32
3557nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
3558{
3559        struct xdr_stream *xdr = &resp->xdr;
3560        __be32 *p;
3561
3562        if (!nfserr) {
3563                p = xdr_reserve_space(xdr, 16);
3564                if (!p)
3565                        return nfserr_resource;
3566                *p++ = cpu_to_be32(write->wr_bytes_written);
3567                *p++ = cpu_to_be32(write->wr_how_written);
3568                p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
3569                                                        NFS4_VERIFIER_SIZE);
3570        }
3571        return nfserr;
3572}
3573
3574static const u32 nfs4_minimal_spo_must_enforce[2] = {
3575        [1] = 1 << (OP_BIND_CONN_TO_SESSION - 32) |
3576              1 << (OP_EXCHANGE_ID - 32) |
3577              1 << (OP_CREATE_SESSION - 32) |
3578              1 << (OP_DESTROY_SESSION - 32) |
3579              1 << (OP_DESTROY_CLIENTID - 32)
3580};
3581
3582static __be32
3583nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
3584                         struct nfsd4_exchange_id *exid)
3585{
3586        struct xdr_stream *xdr = &resp->xdr;
3587        __be32 *p;
3588        char *major_id;
3589        char *server_scope;
3590        int major_id_sz;
3591        int server_scope_sz;
3592        uint64_t minor_id = 0;
3593
3594        if (nfserr)
3595                return nfserr;
3596
3597        major_id = utsname()->nodename;
3598        major_id_sz = strlen(major_id);
3599        server_scope = utsname()->nodename;
3600        server_scope_sz = strlen(server_scope);
3601
3602        p = xdr_reserve_space(xdr,
3603                8 /* eir_clientid */ +
3604                4 /* eir_sequenceid */ +
3605                4 /* eir_flags */ +
3606                4 /* spr_how */);
3607        if (!p)
3608                return nfserr_resource;
3609
3610        p = xdr_encode_opaque_fixed(p, &exid->clientid, 8);
3611        *p++ = cpu_to_be32(exid->seqid);
3612        *p++ = cpu_to_be32(exid->flags);
3613
3614        *p++ = cpu_to_be32(exid->spa_how);
3615
3616        switch (exid->spa_how) {
3617        case SP4_NONE:
3618                break;
3619        case SP4_MACH_CRED:
3620                /* spo_must_enforce, spo_must_allow */
3621                p = xdr_reserve_space(xdr, 16);
3622                if (!p)
3623                        return nfserr_resource;
3624
3625                /* spo_must_enforce bitmap: */
3626                *p++ = cpu_to_be32(2);
3627                *p++ = cpu_to_be32(nfs4_minimal_spo_must_enforce[0]);
3628                *p++ = cpu_to_be32(nfs4_minimal_spo_must_enforce[1]);
3629                /* empty spo_must_allow bitmap: */
3630                *p++ = cpu_to_be32(0);
3631
3632                break;
3633        default:
3634                WARN_ON_ONCE(1);
3635        }
3636
3637        p = xdr_reserve_space(xdr,
3638                8 /* so_minor_id */ +
3639                4 /* so_major_id.len */ +
3640                (XDR_QUADLEN(major_id_sz) * 4) +
3641                4 /* eir_server_scope.len */ +
3642                (XDR_QUADLEN(server_scope_sz) * 4) +
3643                4 /* eir_server_impl_id.count (0) */);
3644        if (!p)
3645                return nfserr_resource;
3646
3647        /* The server_owner struct */
3648        p = xdr_encode_hyper(p, minor_id);      /* Minor id */
3649        /* major id */
3650        p = xdr_encode_opaque(p, major_id, major_id_sz);
3651
3652        /* Server scope */
3653        p = xdr_encode_opaque(p, server_scope, server_scope_sz);
3654
3655        /* Implementation id */
3656        *p++ = cpu_to_be32(0);  /* zero length nfs_impl_id4 array */
3657        return 0;
3658}
3659
3660static __be32
3661nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3662                            struct nfsd4_create_session *sess)
3663{
3664        struct xdr_stream *xdr = &resp->xdr;
3665        __be32 *p;
3666
3667        if (nfserr)
3668                return nfserr;
3669
3670        p = xdr_reserve_space(xdr, 24);
3671        if (!p)
3672                return nfserr_resource;
3673        p = xdr_encode_opaque_fixed(p, sess->sessionid.data,
3674                                        NFS4_MAX_SESSIONID_LEN);
3675        *p++ = cpu_to_be32(sess->seqid);
3676        *p++ = cpu_to_be32(sess->flags);
3677
3678        p = xdr_reserve_space(xdr, 28);
3679        if (!p)
3680                return nfserr_resource;
3681        *p++ = cpu_to_be32(0); /* headerpadsz */
3682        *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz);
3683        *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz);
3684        *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached);
3685        *p++ = cpu_to_be32(sess->fore_channel.maxops);
3686        *p++ = cpu_to_be32(sess->fore_channel.maxreqs);
3687        *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs);
3688
3689        if (sess->fore_channel.nr_rdma_attrs) {
3690                p = xdr_reserve_space(xdr, 4);
3691                if (!p)
3692                        return nfserr_resource;
3693                *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs);
3694        }
3695
3696        p = xdr_reserve_space(xdr, 28);
3697        if (!p)
3698                return nfserr_resource;
3699        *p++ = cpu_to_be32(0); /* headerpadsz */
3700        *p++ = cpu_to_be32(sess->back_channel.maxreq_sz);
3701        *p++ = cpu_to_be32(sess->back_channel.maxresp_sz);
3702        *p++ = cpu_to_be32(sess->back_channel.maxresp_cached);
3703        *p++ = cpu_to_be32(sess->back_channel.maxops);
3704        *p++ = cpu_to_be32(sess->back_channel.maxreqs);
3705        *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs);
3706
3707        if (sess->back_channel.nr_rdma_attrs) {
3708                p = xdr_reserve_space(xdr, 4);
3709                if (!p)
3710                        return nfserr_resource;
3711                *p++ = cpu_to_be32(sess->back_channel.rdma_attrs);
3712        }
3713        return 0;
3714}
3715
3716static __be32
3717nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
3718                      struct nfsd4_sequence *seq)
3719{
3720        struct xdr_stream *xdr = &resp->xdr;
3721        __be32 *p;
3722
3723        if (nfserr)
3724                return nfserr;
3725
3726        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20);
3727        if (!p)
3728                return nfserr_resource;
3729        p = xdr_encode_opaque_fixed(p, seq->sessionid.data,
3730                                        NFS4_MAX_SESSIONID_LEN);
3731        *p++ = cpu_to_be32(seq->seqid);
3732        *p++ = cpu_to_be32(seq->slotid);
3733        /* Note slotid's are numbered from zero: */
3734        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */
3735        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */
3736        *p++ = cpu_to_be32(seq->status_flags);
3737
3738        resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */
3739        return 0;
3740}
3741
3742static __be32
3743nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3744                          struct nfsd4_test_stateid *test_stateid)
3745{
3746        struct xdr_stream *xdr = &resp->xdr;
3747        struct nfsd4_test_stateid_id *stateid, *next;
3748        __be32 *p;
3749
3750        if (nfserr)
3751                return nfserr;
3752
3753        p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids));
3754        if (!p)
3755                return nfserr_resource;
3756        *p++ = htonl(test_stateid->ts_num_ids);
3757
3758        list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
3759                *p++ = stateid->ts_id_status;
3760        }
3761
3762        return nfserr;
3763}
3764
3765static __be32
3766nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
3767{
3768        return nfserr;
3769}
3770
3771typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
3772
3773/*
3774 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
3775 * since we don't need to filter out obsolete ops as this is
3776 * done in the decoding phase.
3777 */
3778static nfsd4_enc nfsd4_enc_ops[] = {
3779        [OP_ACCESS]             = (nfsd4_enc)nfsd4_encode_access,
3780        [OP_CLOSE]              = (nfsd4_enc)nfsd4_encode_close,
3781        [OP_COMMIT]             = (nfsd4_enc)nfsd4_encode_commit,
3782        [OP_CREATE]             = (nfsd4_enc)nfsd4_encode_create,
3783        [OP_DELEGPURGE]         = (nfsd4_enc)nfsd4_encode_noop,
3784        [OP_DELEGRETURN]        = (nfsd4_enc)nfsd4_encode_noop,
3785        [OP_GETATTR]            = (nfsd4_enc)nfsd4_encode_getattr,
3786        [OP_GETFH]              = (nfsd4_enc)nfsd4_encode_getfh,
3787        [OP_LINK]               = (nfsd4_enc)nfsd4_encode_link,
3788        [OP_LOCK]               = (nfsd4_enc)nfsd4_encode_lock,
3789        [OP_LOCKT]              = (nfsd4_enc)nfsd4_encode_lockt,
3790        [OP_LOCKU]              = (nfsd4_enc)nfsd4_encode_locku,
3791        [OP_LOOKUP]             = (nfsd4_enc)nfsd4_encode_noop,
3792        [OP_LOOKUPP]            = (nfsd4_enc)nfsd4_encode_noop,
3793        [OP_NVERIFY]            = (nfsd4_enc)nfsd4_encode_noop,
3794        [OP_OPEN]               = (nfsd4_enc)nfsd4_encode_open,
3795        [OP_OPENATTR]           = (nfsd4_enc)nfsd4_encode_noop,
3796        [OP_OPEN_CONFIRM]       = (nfsd4_enc)nfsd4_encode_open_confirm,
3797        [OP_OPEN_DOWNGRADE]     = (nfsd4_enc)nfsd4_encode_open_downgrade,
3798        [OP_PUTFH]              = (nfsd4_enc)nfsd4_encode_noop,
3799        [OP_PUTPUBFH]           = (nfsd4_enc)nfsd4_encode_noop,
3800        [OP_PUTROOTFH]          = (nfsd4_enc)nfsd4_encode_noop,
3801        [OP_READ]               = (nfsd4_enc)nfsd4_encode_read,
3802        [OP_READDIR]            = (nfsd4_enc)nfsd4_encode_readdir,
3803        [OP_READLINK]           = (nfsd4_enc)nfsd4_encode_readlink,
3804        [OP_REMOVE]             = (nfsd4_enc)nfsd4_encode_remove,
3805        [OP_RENAME]             = (nfsd4_enc)nfsd4_encode_rename,
3806        [OP_RENEW]              = (nfsd4_enc)nfsd4_encode_noop,
3807        [OP_RESTOREFH]          = (nfsd4_enc)nfsd4_encode_noop,
3808        [OP_SAVEFH]             = (nfsd4_enc)nfsd4_encode_noop,
3809        [OP_SECINFO]            = (nfsd4_enc)nfsd4_encode_secinfo,
3810        [OP_SETATTR]            = (nfsd4_enc)nfsd4_encode_setattr,
3811        [OP_SETCLIENTID]        = (nfsd4_enc)nfsd4_encode_setclientid,
3812        [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
3813        [OP_VERIFY]             = (nfsd4_enc)nfsd4_encode_noop,
3814        [OP_WRITE]              = (nfsd4_enc)nfsd4_encode_write,
3815        [OP_RELEASE_LOCKOWNER]  = (nfsd4_enc)nfsd4_encode_noop,
3816
3817        /* NFSv4.1 operations */
3818        [OP_BACKCHANNEL_CTL]    = (nfsd4_enc)nfsd4_encode_noop,
3819        [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
3820        [OP_EXCHANGE_ID]        = (nfsd4_enc)nfsd4_encode_exchange_id,
3821        [OP_CREATE_SESSION]     = (nfsd4_enc)nfsd4_encode_create_session,
3822        [OP_DESTROY_SESSION]    = (nfsd4_enc)nfsd4_encode_noop,
3823        [OP_FREE_STATEID]       = (nfsd4_enc)nfsd4_encode_noop,
3824        [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
3825        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_noop,
3826        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
3827        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_noop,
3828        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_noop,
3829        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_noop,
3830        [OP_SECINFO_NO_NAME]    = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
3831        [OP_SEQUENCE]           = (nfsd4_enc)nfsd4_encode_sequence,
3832        [OP_SET_SSV]            = (nfsd4_enc)nfsd4_encode_noop,
3833        [OP_TEST_STATEID]       = (nfsd4_enc)nfsd4_encode_test_stateid,
3834        [OP_WANT_DELEGATION]    = (nfsd4_enc)nfsd4_encode_noop,
3835        [OP_DESTROY_CLIENTID]   = (nfsd4_enc)nfsd4_encode_noop,
3836        [OP_RECLAIM_COMPLETE]   = (nfsd4_enc)nfsd4_encode_noop,
3837};
3838
3839/*
3840 * Calculate whether we still have space to encode repsize bytes.
3841 * There are two considerations:
3842 *     - For NFS versions >=4.1, the size of the reply must stay within
3843 *       session limits
3844 *     - For all NFS versions, we must stay within limited preallocated
3845 *       buffer space.
3846 *
3847 * This is called before the operation is processed, so can only provide
3848 * an upper estimate.  For some nonidempotent operations (such as
3849 * getattr), it's not necessarily a problem if that estimate is wrong,
3850 * as we can fail it after processing without significant side effects.
3851 */
3852__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
3853{
3854        struct xdr_buf *buf = &resp->rqstp->rq_res;
3855        struct nfsd4_slot *slot = resp->cstate.slot;
3856
3857        if (buf->len + respsize <= buf->buflen)
3858                return nfs_ok;
3859        if (!nfsd4_has_session(&resp->cstate))
3860                return nfserr_resource;
3861        if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) {
3862                WARN_ON_ONCE(1);
3863                return nfserr_rep_too_big_to_cache;
3864        }
3865        return nfserr_rep_too_big;
3866}
3867
3868void
3869nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3870{
3871        struct xdr_stream *xdr = &resp->xdr;
3872        struct nfs4_stateowner *so = resp->cstate.replay_owner;
3873        struct svc_rqst *rqstp = resp->rqstp;
3874        int post_err_offset;
3875        nfsd4_enc encoder;
3876        __be32 *p;
3877
3878        p = xdr_reserve_space(xdr, 8);
3879        if (!p) {
3880                WARN_ON_ONCE(1);
3881                return;
3882        }
3883        *p++ = cpu_to_be32(op->opnum);
3884        post_err_offset = xdr->buf->len;
3885
3886        if (op->opnum == OP_ILLEGAL)
3887                goto status;
3888        BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
3889               !nfsd4_enc_ops[op->opnum]);
3890        encoder = nfsd4_enc_ops[op->opnum];
3891        op->status = encoder(resp, op->status, &op->u);
3892        xdr_commit_encode(xdr);
3893
3894        /* nfsd4_check_resp_size guarantees enough room for error status */
3895        if (!op->status) {
3896                int space_needed = 0;
3897                if (!nfsd4_last_compound_op(rqstp))
3898                        space_needed = COMPOUND_ERR_SLACK_SPACE;
3899                op->status = nfsd4_check_resp_size(resp, space_needed);
3900        }
3901        if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) {
3902                struct nfsd4_slot *slot = resp->cstate.slot;
3903
3904                if (slot->sl_flags & NFSD4_SLOT_CACHETHIS)
3905                        op->status = nfserr_rep_too_big_to_cache;
3906                else
3907                        op->status = nfserr_rep_too_big;
3908        }
3909        if (op->status == nfserr_resource ||
3910            op->status == nfserr_rep_too_big ||
3911            op->status == nfserr_rep_too_big_to_cache) {
3912                /*
3913                 * The operation may have already been encoded or
3914                 * partially encoded.  No op returns anything additional
3915                 * in the case of one of these three errors, so we can
3916                 * just truncate back to after the status.  But it's a
3917                 * bug if we had to do this on a non-idempotent op:
3918                 */
3919                warn_on_nonidempotent_op(op);
3920                xdr_truncate_encode(xdr, post_err_offset);
3921        }
3922        if (so) {
3923                int len = xdr->buf->len - post_err_offset;
3924
3925                so->so_replay.rp_status = op->status;
3926                so->so_replay.rp_buflen = len;
3927                read_bytes_from_xdr_buf(xdr->buf, post_err_offset,
3928                                                so->so_replay.rp_buf, len);
3929        }
3930status:
3931        /* Note that op->status is already in network byte order: */
3932        write_bytes_to_xdr_buf(xdr->buf, post_err_offset - 4, &op->status, 4);
3933}
3934
3935/* 
3936 * Encode the reply stored in the stateowner reply cache 
3937 * 
3938 * XDR note: do not encode rp->rp_buflen: the buffer contains the
3939 * previously sent already encoded operation.
3940 *
3941 * called with nfs4_lock_state() held
3942 */
3943void
3944nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
3945{
3946        __be32 *p;
3947        struct nfs4_replay *rp = op->replay;
3948
3949        BUG_ON(!rp);
3950
3951        p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
3952        if (!p) {
3953                WARN_ON_ONCE(1);
3954                return;
3955        }
3956        *p++ = cpu_to_be32(op->opnum);
3957        *p++ = rp->rp_status;  /* already xdr'ed */
3958
3959        p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen);
3960}
3961
3962int
3963nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
3964{
3965        return xdr_ressize_check(rqstp, p);
3966}
3967
3968int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
3969{
3970        struct svc_rqst *rqstp = rq;
3971        struct nfsd4_compoundargs *args = rqstp->rq_argp;
3972
3973        if (args->ops != args->iops) {
3974                kfree(args->ops);
3975                args->ops = args->iops;
3976        }
3977        kfree(args->tmpp);
3978        args->tmpp = NULL;
3979        while (args->to_free) {
3980                struct tmpbuf *tb = args->to_free;
3981                args->to_free = tb->next;
3982                tb->release(tb->buf);
3983                kfree(tb);
3984        }
3985        return 1;
3986}
3987
3988int
3989nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
3990{
3991        if (rqstp->rq_arg.head[0].iov_len % 4) {
3992                /* client is nuts */
3993                dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
3994                        __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid));
3995                return 0;
3996        }
3997        args->p = p;
3998        args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
3999        args->pagelist = rqstp->rq_arg.pages;
4000        args->pagelen = rqstp->rq_arg.page_len;

4001        args->tmpp = NULL;
4002        args->to_free = NULL;
4003        args->ops = args->iops;
4004        args->rqstp = rqstp;
4005
4006        return !nfsd4_decode_compound(args);
4007}
4008
4009int
4010nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
4011{
4012        /*
4013         * All that remains is to write the tag and operation count...
4014         */
4015        struct nfsd4_compound_state *cs = &resp->cstate;
4016        struct xdr_buf *buf = resp->xdr.buf;
4017
4018        WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
4019                                 buf->tail[0].iov_len);
4020
4021        rqstp->rq_next_page = resp->xdr.page_ptr + 1;
4022
4023        p = resp->tagp;
4024        *p++ = htonl(resp->taglen);
4025        memcpy(p, resp->tag, resp->taglen);
4026        p += XDR_QUADLEN(resp->taglen);
4027        *p++ = htonl(resp->opcnt);
4028
4029        if (nfsd4_has_session(cs)) {
4030                struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4031                struct nfs4_client *clp = cs->session->se_client;
4032                if (cs->status != nfserr_replay_cache) {
4033                        nfsd4_store_cache_entry(resp);
4034                        cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
4035                }
4036                /* Renew the clientid on success and on replay */
4037                spin_lock(&nn->client_lock);
4038                nfsd4_put_session(cs->session);
4039                spin_unlock(&nn->client_lock);
4040                put_client_renew(clp);
4041        }
4042        return 1;
4043}
4044
4045/*
4046 * Local variables:
4047 *  c-basic-offset: 8
4048 * End:
4049 */
4050