LXR linux/fs/nfsd/nfs4xdr.c

   1/*
   2 *  Server-side XDR for NFSv4
   3 *
   4 *  Copyright (c) 2002 The Regents of the University of Michigan.
   5 *  All rights reserved.
   6 *
   7 *  Kendrick Smith <kmsmith@umich.edu>
   8 *  Andy Adamson   <andros@umich.edu>
   9 *
  10 *  Redistribution and use in source and binary forms, with or without
  11 *  modification, are permitted provided that the following conditions
  12 *  are met:
  13 *
  14 *  1. Redistributions of source code must retain the above copyright
  15 *     notice, this list of conditions and the following disclaimer.
  16 *  2. Redistributions in binary form must reproduce the above copyright
  17 *     notice, this list of conditions and the following disclaimer in the
  18 *     documentation and/or other materials provided with the distribution.
  19 *  3. Neither the name of the University nor the names of its
  20 *     contributors may be used to endorse or promote products derived
  21 *     from this software without specific prior written permission.
  22 *
  23 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  24 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  27 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  28 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  29 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  30 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  31 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  32 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  33 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  34 */
  35
  36#include <linux/slab.h>
  37#include <linux/namei.h>
  38#include <linux/statfs.h>
  39#include <linux/utsname.h>
  40#include <linux/pagemap.h>
  41#include <linux/sunrpc/svcauth_gss.h>
  42
  43#include "idmap.h"
  44#include "acl.h"
  45#include "xdr4.h"
  46#include "vfs.h"
  47#include "state.h"
  48#include "cache.h"
  49#include "netns.h"
  50
  51#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
  52#include <linux/security.h>
  53#endif
  54
  55
  56#define NFSDDBG_FACILITY                NFSDDBG_XDR
  57
  58/*
  59 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
  60 * directory in order to indicate to the client that a filesystem boundary is present
  61 * We use a fixed fsid for a referral
  62 */
  63#define NFS4_REFERRAL_FSID_MAJOR        0x8000000ULL
  64#define NFS4_REFERRAL_FSID_MINOR        0x8000000ULL
  65
  66static __be32
  67check_filename(char *str, int len)
  68{
  69        int i;
  70
  71        if (len == 0)
  72                return nfserr_inval;
  73        if (isdotent(str, len))
  74                return nfserr_badname;
  75        for (i = 0; i < len; i++)
  76                if (str[i] == '/')
  77                        return nfserr_badname;
  78        return 0;
  79}
  80
  81#define DECODE_HEAD                             \
  82        __be32 *p;                              \
  83        __be32 status
  84#define DECODE_TAIL                             \
  85        status = 0;                             \
  86out:                                            \
  87        return status;                          \
  88xdr_error:                                      \
  89        dprintk("NFSD: xdr error (%s:%d)\n",    \
  90                        __FILE__, __LINE__);    \
  91        status = nfserr_bad_xdr;                \
  92        goto out
  93
  94#define READMEM(x,nbytes) do {                  \
  95        x = (char *)p;                          \
  96        p += XDR_QUADLEN(nbytes);               \
  97} while (0)
  98#define SAVEMEM(x,nbytes) do {                  \
  99        if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
 100                savemem(argp, p, nbytes) :      \
 101                (char *)p)) {                   \
 102                dprintk("NFSD: xdr error (%s:%d)\n", \
 103                                __FILE__, __LINE__); \
 104                goto xdr_error;                 \
 105                }                               \
 106        p += XDR_QUADLEN(nbytes);               \
 107} while (0)
 108#define COPYMEM(x,nbytes) do {                  \
 109        memcpy((x), p, nbytes);                 \
 110        p += XDR_QUADLEN(nbytes);               \
 111} while (0)
 112
 113/* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
 114#define READ_BUF(nbytes)  do {                  \
 115        if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {     \
 116                p = argp->p;                    \
 117                argp->p += XDR_QUADLEN(nbytes); \
 118        } else if (!(p = read_buf(argp, nbytes))) { \
 119                dprintk("NFSD: xdr error (%s:%d)\n", \
 120                                __FILE__, __LINE__); \
 121                goto xdr_error;                 \
 122        }                                       \
 123} while (0)
 124
 125static void next_decode_page(struct nfsd4_compoundargs *argp)
 126{
 127        argp->p = page_address(argp->pagelist[0]);
 128        argp->pagelist++;
 129        if (argp->pagelen < PAGE_SIZE) {
 130                argp->end = argp->p + (argp->pagelen>>2);
 131                argp->pagelen = 0;
 132        } else {
 133                argp->end = argp->p + (PAGE_SIZE>>2);
 134                argp->pagelen -= PAGE_SIZE;
 135        }
 136}
 137
 138static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
 139{
 140        /* We want more bytes than seem to be available.
 141         * Maybe we need a new page, maybe we have just run out
 142         */
 143        unsigned int avail = (char *)argp->end - (char *)argp->p;
 144        __be32 *p;
 145        if (avail + argp->pagelen < nbytes)
 146                return NULL;
 147        if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
 148                return NULL;
 149        /* ok, we can do it with the current plus the next page */
 150        if (nbytes <= sizeof(argp->tmp))
 151                p = argp->tmp;
 152        else {
 153                kfree(argp->tmpp);
 154                p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
 155                if (!p)
 156                        return NULL;
 157                
 158        }
 159        /*
 160         * The following memcpy is safe because read_buf is always
 161         * called with nbytes > avail, and the two cases above both
 162         * guarantee p points to at least nbytes bytes.
 163         */
 164        memcpy(p, argp->p, avail);
 165        next_decode_page(argp);
 166        memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
 167        argp->p += XDR_QUADLEN(nbytes - avail);
 168        return p;
 169}
 170
 171static int zero_clientid(clientid_t *clid)
 172{
 173        return (clid->cl_boot == 0) && (clid->cl_id == 0);
 174}
 175
 176/**
 177 * svcxdr_tmpalloc - allocate memory to be freed after compound processing
 178 * @argp: NFSv4 compound argument structure
 179 * @p: pointer to be freed (with kfree())
 180 *
 181 * Marks @p to be freed when processing the compound operation
 182 * described in @argp finishes.
 183 */
 184static void *
 185svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
 186{
 187        struct svcxdr_tmpbuf *tb;
 188
 189        tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL);
 190        if (!tb)
 191                return NULL;
 192        tb->next = argp->to_free;
 193        argp->to_free = tb;
 194        return tb->buf;
 195}
 196
 197/*
 198 * For xdr strings that need to be passed to other kernel api's
 199 * as null-terminated strings.
 200 *
 201 * Note null-terminating in place usually isn't safe since the
 202 * buffer might end on a page boundary.
 203 */
 204static char *
 205svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len)
 206{
 207        char *p = svcxdr_tmpalloc(argp, len + 1);
 208
 209        if (!p)
 210                return NULL;
 211        memcpy(p, buf, len);
 212        p[len] = '\0';
 213        return p;
 214}
 215
 216/**
 217 * savemem - duplicate a chunk of memory for later processing
 218 * @argp: NFSv4 compound argument structure to be freed with
 219 * @p: pointer to be duplicated
 220 * @nbytes: length to be duplicated
 221 *
 222 * Returns a pointer to a copy of @nbytes bytes of memory at @p
 223 * that are preserved until processing of the NFSv4 compound
 224 * operation described by @argp finishes.
 225 */
 226static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
 227{
 228        void *ret;
 229
 230        ret = svcxdr_tmpalloc(argp, nbytes);
 231        if (!ret)
 232                return NULL;
 233        memcpy(ret, p, nbytes);
 234        return ret;
 235}
 236
 237static __be32
 238nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
 239{
 240        u32 bmlen;
 241        DECODE_HEAD;
 242
 243        bmval[0] = 0;
 244        bmval[1] = 0;
 245        bmval[2] = 0;
 246
 247        READ_BUF(4);
 248        bmlen = be32_to_cpup(p++);
 249        if (bmlen > 1000)
 250                goto xdr_error;
 251
 252        READ_BUF(bmlen << 2);
 253        if (bmlen > 0)
 254                bmval[0] = be32_to_cpup(p++);
 255        if (bmlen > 1)
 256                bmval[1] = be32_to_cpup(p++);
 257        if (bmlen > 2)
 258                bmval[2] = be32_to_cpup(p++);
 259
 260        DECODE_TAIL;
 261}
 262
 263static __be32
 264nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 265                   struct iattr *iattr, struct nfs4_acl **acl,
 266                   struct xdr_netobj *label)
 267{
 268        int expected_len, len = 0;
 269        u32 dummy32;
 270        u64 sec;
 271        char *buf;
 272
 273        DECODE_HEAD;
 274        iattr->ia_valid = 0;
 275        if ((status = nfsd4_decode_bitmap(argp, bmval)))
 276                return status;
 277
 278        READ_BUF(4);
 279        expected_len = be32_to_cpup(p++);
 280
 281        if (bmval[0] & FATTR4_WORD0_SIZE) {
 282                READ_BUF(8);
 283                len += 8;
 284                p = xdr_decode_hyper(p, &iattr->ia_size);
 285                iattr->ia_valid |= ATTR_SIZE;
 286        }
 287        if (bmval[0] & FATTR4_WORD0_ACL) {
 288                u32 nace;
 289                struct nfs4_ace *ace;
 290
 291                READ_BUF(4); len += 4;
 292                nace = be32_to_cpup(p++);
 293
 294                if (nace > NFS4_ACL_MAX)
 295                        return nfserr_fbig;
 296
 297                *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(nace));
 298                if (*acl == NULL)
 299                        return nfserr_jukebox;
 300
 301                (*acl)->naces = nace;
 302                for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
 303                        READ_BUF(16); len += 16;
 304                        ace->type = be32_to_cpup(p++);
 305                        ace->flag = be32_to_cpup(p++);
 306                        ace->access_mask = be32_to_cpup(p++);
 307                        dummy32 = be32_to_cpup(p++);
 308                        READ_BUF(dummy32);
 309                        len += XDR_QUADLEN(dummy32) << 2;
 310                        READMEM(buf, dummy32);
 311                        ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
 312                        status = nfs_ok;
 313                        if (ace->whotype != NFS4_ACL_WHO_NAMED)
 314                                ;
 315                        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
 316                                status = nfsd_map_name_to_gid(argp->rqstp,
 317                                                buf, dummy32, &ace->who_gid);
 318                        else
 319                                status = nfsd_map_name_to_uid(argp->rqstp,
 320                                                buf, dummy32, &ace->who_uid);
 321                        if (status)
 322                                return status;
 323                }
 324        } else
 325                *acl = NULL;
 326        if (bmval[1] & FATTR4_WORD1_MODE) {
 327                READ_BUF(4);
 328                len += 4;
 329                iattr->ia_mode = be32_to_cpup(p++);
 330                iattr->ia_mode &= (S_IFMT | S_IALLUGO);
 331                iattr->ia_valid |= ATTR_MODE;
 332        }
 333        if (bmval[1] & FATTR4_WORD1_OWNER) {
 334                READ_BUF(4);
 335                len += 4;
 336                dummy32 = be32_to_cpup(p++);
 337                READ_BUF(dummy32);
 338                len += (XDR_QUADLEN(dummy32) << 2);
 339                READMEM(buf, dummy32);
 340                if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
 341                        return status;
 342                iattr->ia_valid |= ATTR_UID;
 343        }
 344        if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
 345                READ_BUF(4);
 346                len += 4;
 347                dummy32 = be32_to_cpup(p++);
 348                READ_BUF(dummy32);
 349                len += (XDR_QUADLEN(dummy32) << 2);
 350                READMEM(buf, dummy32);
 351                if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
 352                        return status;
 353                iattr->ia_valid |= ATTR_GID;
 354        }
 355        if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
 356                READ_BUF(4);
 357                len += 4;
 358                dummy32 = be32_to_cpup(p++);
 359                switch (dummy32) {
 360                case NFS4_SET_TO_CLIENT_TIME:
 361                        /* We require the high 32 bits of 'seconds' to be 0, and we ignore
 362                           all 32 bits of 'nseconds'. */
 363                        READ_BUF(12);
 364                        len += 12;
 365                        p = xdr_decode_hyper(p, &sec);
 366                        iattr->ia_atime.tv_sec = (time_t)sec;
 367                        iattr->ia_atime.tv_nsec = be32_to_cpup(p++);
 368                        if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
 369                                return nfserr_inval;
 370                        iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
 371                        break;
 372                case NFS4_SET_TO_SERVER_TIME:
 373                        iattr->ia_valid |= ATTR_ATIME;
 374                        break;
 375                default:
 376                        goto xdr_error;
 377                }
 378        }
 379        if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
 380                READ_BUF(4);
 381                len += 4;
 382                dummy32 = be32_to_cpup(p++);
 383                switch (dummy32) {
 384                case NFS4_SET_TO_CLIENT_TIME:
 385                        /* We require the high 32 bits of 'seconds' to be 0, and we ignore
 386                           all 32 bits of 'nseconds'. */
 387                        READ_BUF(12);
 388                        len += 12;
 389                        p = xdr_decode_hyper(p, &sec);
 390                        iattr->ia_mtime.tv_sec = sec;
 391                        iattr->ia_mtime.tv_nsec = be32_to_cpup(p++);
 392                        if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
 393                                return nfserr_inval;
 394                        iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
 395                        break;
 396                case NFS4_SET_TO_SERVER_TIME:
 397                        iattr->ia_valid |= ATTR_MTIME;
 398                        break;
 399                default:
 400                        goto xdr_error;
 401                }
 402        }
 403
 404        label->len = 0;
 405#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 406        if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
 407                READ_BUF(4);
 408                len += 4;
 409                dummy32 = be32_to_cpup(p++); /* lfs: we don't use it */
 410                READ_BUF(4);
 411                len += 4;
 412                dummy32 = be32_to_cpup(p++); /* pi: we don't use it either */
 413                READ_BUF(4);
 414                len += 4;
 415                dummy32 = be32_to_cpup(p++);
 416                READ_BUF(dummy32);
 417                if (dummy32 > NFSD4_MAX_SEC_LABEL_LEN)
 418                        return nfserr_badlabel;
 419                len += (XDR_QUADLEN(dummy32) << 2);
 420                READMEM(buf, dummy32);
 421                label->len = dummy32;
 422                label->data = svcxdr_dupstr(argp, buf, dummy32);
 423                if (!label->data)
 424                        return nfserr_jukebox;
 425        }
 426#endif
 427
 428        if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
 429            || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
 430            || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2)
 431                READ_BUF(expected_len - len);
 432        else if (len != expected_len)
 433                goto xdr_error;
 434
 435        DECODE_TAIL;
 436}
 437
 438static __be32
 439nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
 440{
 441        DECODE_HEAD;
 442
 443        READ_BUF(sizeof(stateid_t));
 444        sid->si_generation = be32_to_cpup(p++);
 445        COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
 446
 447        DECODE_TAIL;
 448}
 449
 450static __be32
 451nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
 452{
 453        DECODE_HEAD;
 454
 455        READ_BUF(4);
 456        access->ac_req_access = be32_to_cpup(p++);
 457
 458        DECODE_TAIL;
 459}
 460
 461static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
 462{
 463        DECODE_HEAD;
 464        u32 dummy, uid, gid;
 465        char *machine_name;
 466        int i;
 467        int nr_secflavs;
 468
 469        /* callback_sec_params4 */
 470        READ_BUF(4);
 471        nr_secflavs = be32_to_cpup(p++);
 472        if (nr_secflavs)
 473                cbs->flavor = (u32)(-1);
 474        else
 475                /* Is this legal? Be generous, take it to mean AUTH_NONE: */
 476                cbs->flavor = 0;
 477        for (i = 0; i < nr_secflavs; ++i) {
 478                READ_BUF(4);
 479                dummy = be32_to_cpup(p++);
 480                switch (dummy) {
 481                case RPC_AUTH_NULL:
 482                        /* Nothing to read */
 483                        if (cbs->flavor == (u32)(-1))
 484                                cbs->flavor = RPC_AUTH_NULL;
 485                        break;
 486                case RPC_AUTH_UNIX:
 487                        READ_BUF(8);
 488                        /* stamp */
 489                        dummy = be32_to_cpup(p++);
 490
 491                        /* machine name */
 492                        dummy = be32_to_cpup(p++);
 493                        READ_BUF(dummy);
 494                        SAVEMEM(machine_name, dummy);
 495
 496                        /* uid, gid */
 497                        READ_BUF(8);
 498                        uid = be32_to_cpup(p++);
 499                        gid = be32_to_cpup(p++);
 500
 501                        /* more gids */
 502                        READ_BUF(4);
 503                        dummy = be32_to_cpup(p++);
 504                        READ_BUF(dummy * 4);
 505                        if (cbs->flavor == (u32)(-1)) {
 506                                kuid_t kuid = make_kuid(&init_user_ns, uid);
 507                                kgid_t kgid = make_kgid(&init_user_ns, gid);
 508                                if (uid_valid(kuid) && gid_valid(kgid)) {
 509                                        cbs->uid = kuid;
 510                                        cbs->gid = kgid;
 511                                        cbs->flavor = RPC_AUTH_UNIX;
 512                                } else {
 513                                        dprintk("RPC_AUTH_UNIX with invalid"
 514                                                "uid or gid ignoring!\n");
 515                                }
 516                        }
 517                        break;
 518                case RPC_AUTH_GSS:
 519                        dprintk("RPC_AUTH_GSS callback secflavor "
 520                                "not supported!\n");
 521                        READ_BUF(8);
 522                        /* gcbp_service */
 523                        dummy = be32_to_cpup(p++);
 524                        /* gcbp_handle_from_server */
 525                        dummy = be32_to_cpup(p++);
 526                        READ_BUF(dummy);
 527                        p += XDR_QUADLEN(dummy);
 528                        /* gcbp_handle_from_client */
 529                        READ_BUF(4);
 530                        dummy = be32_to_cpup(p++);
 531                        READ_BUF(dummy);
 532                        break;
 533                default:
 534                        dprintk("Illegal callback secflavor\n");
 535                        return nfserr_inval;
 536                }
 537        }
 538        DECODE_TAIL;
 539}
 540
 541static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
 542{
 543        DECODE_HEAD;
 544
 545        READ_BUF(4);
 546        bc->bc_cb_program = be32_to_cpup(p++);
 547        nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
 548
 549        DECODE_TAIL;
 550}
 551
 552static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
 553{
 554        DECODE_HEAD;
 555
 556        READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
 557        COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
 558        bcts->dir = be32_to_cpup(p++);
 559        /* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
 560         * could help us figure out we should be using it. */
 561        DECODE_TAIL;
 562}
 563
 564static __be32
 565nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
 566{
 567        DECODE_HEAD;
 568
 569        READ_BUF(4);
 570        close->cl_seqid = be32_to_cpup(p++);
 571        return nfsd4_decode_stateid(argp, &close->cl_stateid);
 572
 573        DECODE_TAIL;
 574}
 575
 576
 577static __be32
 578nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
 579{
 580        DECODE_HEAD;
 581
 582        READ_BUF(12);
 583        p = xdr_decode_hyper(p, &commit->co_offset);
 584        commit->co_count = be32_to_cpup(p++);
 585
 586        DECODE_TAIL;
 587}
 588
 589static __be32
 590nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
 591{
 592        DECODE_HEAD;
 593
 594        READ_BUF(4);
 595        create->cr_type = be32_to_cpup(p++);
 596        switch (create->cr_type) {
 597        case NF4LNK:
 598                READ_BUF(4);
 599                create->cr_datalen = be32_to_cpup(p++);
 600                READ_BUF(create->cr_datalen);
 601                create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
 602                if (!create->cr_data)
 603                        return nfserr_jukebox;
 604                break;
 605        case NF4BLK:
 606        case NF4CHR:
 607                READ_BUF(8);
 608                create->cr_specdata1 = be32_to_cpup(p++);
 609                create->cr_specdata2 = be32_to_cpup(p++);
 610                break;
 611        case NF4SOCK:
 612        case NF4FIFO:
 613        case NF4DIR:
 614        default:
 615                break;
 616        }
 617
 618        READ_BUF(4);
 619        create->cr_namelen = be32_to_cpup(p++);
 620        READ_BUF(create->cr_namelen);
 621        SAVEMEM(create->cr_name, create->cr_namelen);
 622        if ((status = check_filename(create->cr_name, create->cr_namelen)))
 623                return status;
 624
 625        status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
 626                                    &create->cr_acl, &create->cr_label);
 627        if (status)
 628                goto out;
 629
 630        DECODE_TAIL;
 631}
 632
 633static inline __be32
 634nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
 635{
 636        return nfsd4_decode_stateid(argp, &dr->dr_stateid);
 637}
 638
 639static inline __be32
 640nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
 641{
 642        return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
 643}
 644
 645static __be32
 646nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
 647{
 648        DECODE_HEAD;
 649
 650        READ_BUF(4);
 651        link->li_namelen = be32_to_cpup(p++);
 652        READ_BUF(link->li_namelen);
 653        SAVEMEM(link->li_name, link->li_namelen);
 654        if ((status = check_filename(link->li_name, link->li_namelen)))
 655                return status;
 656
 657        DECODE_TAIL;
 658}
 659
 660static __be32
 661nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
 662{
 663        DECODE_HEAD;
 664
 665        /*
 666        * type, reclaim(boolean), offset, length, new_lock_owner(boolean)
 667        */
 668        READ_BUF(28);
 669        lock->lk_type = be32_to_cpup(p++);
 670        if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
 671                goto xdr_error;
 672        lock->lk_reclaim = be32_to_cpup(p++);
 673        p = xdr_decode_hyper(p, &lock->lk_offset);
 674        p = xdr_decode_hyper(p, &lock->lk_length);
 675        lock->lk_is_new = be32_to_cpup(p++);
 676
 677        if (lock->lk_is_new) {
 678                READ_BUF(4);
 679                lock->lk_new_open_seqid = be32_to_cpup(p++);
 680                status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
 681                if (status)
 682                        return status;
 683                READ_BUF(8 + sizeof(clientid_t));
 684                lock->lk_new_lock_seqid = be32_to_cpup(p++);
 685                COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
 686                lock->lk_new_owner.len = be32_to_cpup(p++);
 687                READ_BUF(lock->lk_new_owner.len);
 688                READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
 689        } else {
 690                status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
 691                if (status)
 692                        return status;
 693                READ_BUF(4);
 694                lock->lk_old_lock_seqid = be32_to_cpup(p++);
 695        }
 696
 697        DECODE_TAIL;
 698}
 699
 700static __be32
 701nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
 702{
 703        DECODE_HEAD;
 704                        
 705        READ_BUF(32);
 706        lockt->lt_type = be32_to_cpup(p++);
 707        if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
 708                goto xdr_error;
 709        p = xdr_decode_hyper(p, &lockt->lt_offset);
 710        p = xdr_decode_hyper(p, &lockt->lt_length);
 711        COPYMEM(&lockt->lt_clientid, 8);
 712        lockt->lt_owner.len = be32_to_cpup(p++);
 713        READ_BUF(lockt->lt_owner.len);
 714        READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
 715
 716        DECODE_TAIL;
 717}
 718
 719static __be32
 720nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
 721{
 722        DECODE_HEAD;
 723
 724        READ_BUF(8);
 725        locku->lu_type = be32_to_cpup(p++);
 726        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
 727                goto xdr_error;
 728        locku->lu_seqid = be32_to_cpup(p++);
 729        status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
 730        if (status)
 731                return status;
 732        READ_BUF(16);
 733        p = xdr_decode_hyper(p, &locku->lu_offset);
 734        p = xdr_decode_hyper(p, &locku->lu_length);
 735
 736        DECODE_TAIL;
 737}
 738
 739static __be32
 740nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
 741{
 742        DECODE_HEAD;
 743
 744        READ_BUF(4);
 745        lookup->lo_len = be32_to_cpup(p++);
 746        READ_BUF(lookup->lo_len);
 747        SAVEMEM(lookup->lo_name, lookup->lo_len);
 748        if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
 749                return status;
 750
 751        DECODE_TAIL;
 752}
 753
 754static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
 755{
 756        __be32 *p;
 757        u32 w;
 758
 759        READ_BUF(4);
 760        w = be32_to_cpup(p++);
 761        *share_access = w & NFS4_SHARE_ACCESS_MASK;
 762        *deleg_want = w & NFS4_SHARE_WANT_MASK;
 763        if (deleg_when)
 764                *deleg_when = w & NFS4_SHARE_WHEN_MASK;
 765
 766        switch (w & NFS4_SHARE_ACCESS_MASK) {
 767        case NFS4_SHARE_ACCESS_READ:
 768        case NFS4_SHARE_ACCESS_WRITE:
 769        case NFS4_SHARE_ACCESS_BOTH:
 770                break;
 771        default:
 772                return nfserr_bad_xdr;
 773        }
 774        w &= ~NFS4_SHARE_ACCESS_MASK;
 775        if (!w)
 776                return nfs_ok;
 777        if (!argp->minorversion)
 778                return nfserr_bad_xdr;
 779        switch (w & NFS4_SHARE_WANT_MASK) {
 780        case NFS4_SHARE_WANT_NO_PREFERENCE:
 781        case NFS4_SHARE_WANT_READ_DELEG:
 782        case NFS4_SHARE_WANT_WRITE_DELEG:
 783        case NFS4_SHARE_WANT_ANY_DELEG:
 784        case NFS4_SHARE_WANT_NO_DELEG:
 785        case NFS4_SHARE_WANT_CANCEL:
 786                break;
 787        default:
 788                return nfserr_bad_xdr;
 789        }
 790        w &= ~NFS4_SHARE_WANT_MASK;
 791        if (!w)
 792                return nfs_ok;
 793
 794        if (!deleg_when)        /* open_downgrade */
 795                return nfserr_inval;
 796        switch (w) {
 797        case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
 798        case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
 799        case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
 800              NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
 801                return nfs_ok;
 802        }
 803xdr_error:
 804        return nfserr_bad_xdr;
 805}
 806
 807static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
 808{
 809        __be32 *p;
 810
 811        READ_BUF(4);
 812        *x = be32_to_cpup(p++);
 813        /* Note: unlinke access bits, deny bits may be zero. */
 814        if (*x & ~NFS4_SHARE_DENY_BOTH)
 815                return nfserr_bad_xdr;
 816        return nfs_ok;
 817xdr_error:
 818        return nfserr_bad_xdr;
 819}
 820
 821static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
 822{
 823        __be32 *p;
 824
 825        READ_BUF(4);
 826        o->len = be32_to_cpup(p++);
 827
 828        if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
 829                return nfserr_bad_xdr;
 830
 831        READ_BUF(o->len);
 832        SAVEMEM(o->data, o->len);
 833        return nfs_ok;
 834xdr_error:
 835        return nfserr_bad_xdr;
 836}
 837
 838static __be32
 839nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
 840{
 841        DECODE_HEAD;
 842        u32 dummy;
 843
 844        memset(open->op_bmval, 0, sizeof(open->op_bmval));
 845        open->op_iattr.ia_valid = 0;
 846        open->op_openowner = NULL;
 847
 848        open->op_xdr_error = 0;
 849        /* seqid, share_access, share_deny, clientid, ownerlen */
 850        READ_BUF(4);
 851        open->op_seqid = be32_to_cpup(p++);
 852        /* decode, yet ignore deleg_when until supported */
 853        status = nfsd4_decode_share_access(argp, &open->op_share_access,
 854                                           &open->op_deleg_want, &dummy);
 855        if (status)
 856                goto xdr_error;
 857        status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
 858        if (status)
 859                goto xdr_error;
 860        READ_BUF(sizeof(clientid_t));
 861        COPYMEM(&open->op_clientid, sizeof(clientid_t));
 862        status = nfsd4_decode_opaque(argp, &open->op_owner);
 863        if (status)
 864                goto xdr_error;
 865        READ_BUF(4);
 866        open->op_create = be32_to_cpup(p++);
 867        switch (open->op_create) {
 868        case NFS4_OPEN_NOCREATE:
 869                break;
 870        case NFS4_OPEN_CREATE:
 871                READ_BUF(4);
 872                open->op_createmode = be32_to_cpup(p++);
 873                switch (open->op_createmode) {
 874                case NFS4_CREATE_UNCHECKED:
 875                case NFS4_CREATE_GUARDED:
 876                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 877                                &open->op_iattr, &open->op_acl, &open->op_label);
 878                        if (status)
 879                                goto out;
 880                        break;
 881                case NFS4_CREATE_EXCLUSIVE:
 882                        READ_BUF(NFS4_VERIFIER_SIZE);
 883                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 884                        break;
 885                case NFS4_CREATE_EXCLUSIVE4_1:
 886                        if (argp->minorversion < 1)
 887                                goto xdr_error;
 888                        READ_BUF(NFS4_VERIFIER_SIZE);
 889                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
 890                        status = nfsd4_decode_fattr(argp, open->op_bmval,
 891                                &open->op_iattr, &open->op_acl, &open->op_label);
 892                        if (status)
 893                                goto out;
 894                        break;
 895                default:
 896                        goto xdr_error;
 897                }
 898                break;
 899        default:
 900                goto xdr_error;
 901        }
 902
 903        /* open_claim */
 904        READ_BUF(4);
 905        open->op_claim_type = be32_to_cpup(p++);
 906        switch (open->op_claim_type) {
 907        case NFS4_OPEN_CLAIM_NULL:
 908        case NFS4_OPEN_CLAIM_DELEGATE_PREV:
 909                READ_BUF(4);
 910                open->op_fname.len = be32_to_cpup(p++);
 911                READ_BUF(open->op_fname.len);
 912                SAVEMEM(open->op_fname.data, open->op_fname.len);
 913                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
 914                        return status;
 915                break;
 916        case NFS4_OPEN_CLAIM_PREVIOUS:
 917                READ_BUF(4);
 918                open->op_delegate_type = be32_to_cpup(p++);
 919                break;
 920        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
 921                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
 922                if (status)
 923                        return status;
 924                READ_BUF(4);
 925                open->op_fname.len = be32_to_cpup(p++);
 926                READ_BUF(open->op_fname.len);
 927                SAVEMEM(open->op_fname.data, open->op_fname.len);
 928                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
 929                        return status;
 930                break;
 931        case NFS4_OPEN_CLAIM_FH:
 932        case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
 933                if (argp->minorversion < 1)
 934                        goto xdr_error;
 935                /* void */
 936                break;
 937        case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
 938                if (argp->minorversion < 1)
 939                        goto xdr_error;
 940                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
 941                if (status)
 942                        return status;
 943                break;
 944        default:
 945                goto xdr_error;
 946        }
 947
 948        DECODE_TAIL;
 949}
 950
 951static __be32
 952nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
 953{
 954        DECODE_HEAD;
 955
 956        if (argp->minorversion >= 1)
 957                return nfserr_notsupp;
 958
 959        status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
 960        if (status)
 961                return status;
 962        READ_BUF(4);
 963        open_conf->oc_seqid = be32_to_cpup(p++);
 964
 965        DECODE_TAIL;
 966}
 967
 968static __be32
 969nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
 970{
 971        DECODE_HEAD;
 972                    
 973        status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
 974        if (status)
 975                return status;
 976        READ_BUF(4);
 977        open_down->od_seqid = be32_to_cpup(p++);
 978        status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
 979                                           &open_down->od_deleg_want, NULL);
 980        if (status)
 981                return status;
 982        status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
 983        if (status)
 984                return status;
 985        DECODE_TAIL;
 986}
 987
 988static __be32
 989nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
 990{
 991        DECODE_HEAD;
 992
 993        READ_BUF(4);
 994        putfh->pf_fhlen = be32_to_cpup(p++);
 995        if (putfh->pf_fhlen > NFS4_FHSIZE)
 996                goto xdr_error;
 997        READ_BUF(putfh->pf_fhlen);
 998        SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
 999
1000        DECODE_TAIL;

1001}
1002
1003static __be32
1004nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1005{
1006        if (argp->minorversion == 0)
1007                return nfs_ok;
1008        return nfserr_notsupp;
1009}
1010
1011static __be32
1012nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1013{
1014        DECODE_HEAD;
1015
1016        status = nfsd4_decode_stateid(argp, &read->rd_stateid);
1017        if (status)
1018                return status;
1019        READ_BUF(12);
1020        p = xdr_decode_hyper(p, &read->rd_offset);
1021        read->rd_length = be32_to_cpup(p++);
1022
1023        DECODE_TAIL;
1024}
1025
1026static __be32
1027nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1028{
1029        DECODE_HEAD;
1030
1031        READ_BUF(24);
1032        p = xdr_decode_hyper(p, &readdir->rd_cookie);
1033        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1034        readdir->rd_dircount = be32_to_cpup(p++);
1035        readdir->rd_maxcount = be32_to_cpup(p++);
1036        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
1037                goto out;
1038
1039        DECODE_TAIL;
1040}
1041
1042static __be32
1043nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1044{
1045        DECODE_HEAD;
1046
1047        READ_BUF(4);
1048        remove->rm_namelen = be32_to_cpup(p++);
1049        READ_BUF(remove->rm_namelen);
1050        SAVEMEM(remove->rm_name, remove->rm_namelen);
1051        if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
1052                return status;
1053
1054        DECODE_TAIL;
1055}
1056
1057static __be32
1058nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1059{
1060        DECODE_HEAD;
1061
1062        READ_BUF(4);
1063        rename->rn_snamelen = be32_to_cpup(p++);
1064        READ_BUF(rename->rn_snamelen + 4);
1065        SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1066        rename->rn_tnamelen = be32_to_cpup(p++);
1067        READ_BUF(rename->rn_tnamelen);
1068        SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1069        if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1070                return status;
1071        if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1072                return status;
1073
1074        DECODE_TAIL;
1075}
1076
1077static __be32
1078nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1079{
1080        DECODE_HEAD;
1081
1082        if (argp->minorversion >= 1)
1083                return nfserr_notsupp;
1084
1085        READ_BUF(sizeof(clientid_t));
1086        COPYMEM(clientid, sizeof(clientid_t));
1087
1088        DECODE_TAIL;
1089}
1090
1091static __be32
1092nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1093                     struct nfsd4_secinfo *secinfo)
1094{
1095        DECODE_HEAD;
1096
1097        READ_BUF(4);
1098        secinfo->si_namelen = be32_to_cpup(p++);
1099        READ_BUF(secinfo->si_namelen);
1100        SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1101        status = check_filename(secinfo->si_name, secinfo->si_namelen);
1102        if (status)
1103                return status;
1104        DECODE_TAIL;
1105}
1106
1107static __be32
1108nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1109                     struct nfsd4_secinfo_no_name *sin)
1110{
1111        DECODE_HEAD;
1112
1113        READ_BUF(4);
1114        sin->sin_style = be32_to_cpup(p++);
1115        DECODE_TAIL;
1116}
1117
1118static __be32
1119nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1120{
1121        __be32 status;
1122
1123        status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1124        if (status)
1125                return status;
1126        return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1127                                  &setattr->sa_acl, &setattr->sa_label);
1128}
1129
1130static __be32
1131nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1132{
1133        DECODE_HEAD;
1134
1135        if (argp->minorversion >= 1)
1136                return nfserr_notsupp;
1137
1138        READ_BUF(NFS4_VERIFIER_SIZE);
1139        COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1140
1141        status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1142        if (status)
1143                return nfserr_bad_xdr;
1144        READ_BUF(8);
1145        setclientid->se_callback_prog = be32_to_cpup(p++);
1146        setclientid->se_callback_netid_len = be32_to_cpup(p++);
1147
1148        READ_BUF(setclientid->se_callback_netid_len + 4);
1149        SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1150        setclientid->se_callback_addr_len = be32_to_cpup(p++);
1151
1152        READ_BUF(setclientid->se_callback_addr_len + 4);
1153        SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1154        setclientid->se_callback_ident = be32_to_cpup(p++);
1155
1156        DECODE_TAIL;
1157}
1158
1159static __be32
1160nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1161{
1162        DECODE_HEAD;
1163
1164        if (argp->minorversion >= 1)
1165                return nfserr_notsupp;
1166
1167        READ_BUF(8 + NFS4_VERIFIER_SIZE);
1168        COPYMEM(&scd_c->sc_clientid, 8);
1169        COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1170
1171        DECODE_TAIL;
1172}
1173
1174/* Also used for NVERIFY */
1175static __be32
1176nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1177{
1178        DECODE_HEAD;
1179
1180        if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1181                goto out;
1182
1183        /* For convenience's sake, we compare raw xdr'd attributes in
1184         * nfsd4_proc_verify */
1185
1186        READ_BUF(4);
1187        verify->ve_attrlen = be32_to_cpup(p++);
1188        READ_BUF(verify->ve_attrlen);
1189        SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1190
1191        DECODE_TAIL;
1192}
1193
1194static __be32
1195nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1196{
1197        int avail;
1198        int len;
1199        DECODE_HEAD;
1200
1201        status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1202        if (status)
1203                return status;
1204        READ_BUF(16);
1205        p = xdr_decode_hyper(p, &write->wr_offset);
1206        write->wr_stable_how = be32_to_cpup(p++);
1207        if (write->wr_stable_how > 2)
1208                goto xdr_error;
1209        write->wr_buflen = be32_to_cpup(p++);
1210
1211        /* Sorry .. no magic macros for this.. *
1212         * READ_BUF(write->wr_buflen);
1213         * SAVEMEM(write->wr_buf, write->wr_buflen);
1214         */
1215        avail = (char*)argp->end - (char*)argp->p;
1216        if (avail + argp->pagelen < write->wr_buflen) {
1217                dprintk("NFSD: xdr error (%s:%d)\n",
1218                                __FILE__, __LINE__);
1219                goto xdr_error;
1220        }
1221        write->wr_head.iov_base = p;
1222        write->wr_head.iov_len = avail;
1223        write->wr_pagelist = argp->pagelist;
1224
1225        len = XDR_QUADLEN(write->wr_buflen) << 2;
1226        if (len >= avail) {
1227                int pages;
1228
1229                len -= avail;
1230
1231                pages = len >> PAGE_SHIFT;
1232                argp->pagelist += pages;
1233                argp->pagelen -= pages * PAGE_SIZE;
1234                len -= pages * PAGE_SIZE;
1235
1236                argp->p = (__be32 *)page_address(argp->pagelist[0]);
1237                argp->pagelist++;
1238                argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
1239        }
1240        argp->p += XDR_QUADLEN(len);
1241
1242        DECODE_TAIL;
1243}
1244
1245static __be32
1246nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1247{
1248        DECODE_HEAD;
1249
1250        if (argp->minorversion >= 1)
1251                return nfserr_notsupp;
1252
1253        READ_BUF(12);
1254        COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1255        rlockowner->rl_owner.len = be32_to_cpup(p++);
1256        READ_BUF(rlockowner->rl_owner.len);
1257        READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1258
1259        if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1260                return nfserr_inval;
1261        DECODE_TAIL;
1262}
1263
1264static __be32
1265nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1266                         struct nfsd4_exchange_id *exid)
1267{
1268        int dummy, tmp;
1269        DECODE_HEAD;
1270
1271        READ_BUF(NFS4_VERIFIER_SIZE);
1272        COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1273
1274        status = nfsd4_decode_opaque(argp, &exid->clname);
1275        if (status)
1276                return nfserr_bad_xdr;
1277
1278        READ_BUF(4);
1279        exid->flags = be32_to_cpup(p++);
1280
1281        /* Ignore state_protect4_a */
1282        READ_BUF(4);
1283        exid->spa_how = be32_to_cpup(p++);
1284        switch (exid->spa_how) {
1285        case SP4_NONE:
1286                break;
1287        case SP4_MACH_CRED:
1288                /* spo_must_enforce */
1289                READ_BUF(4);
1290                dummy = be32_to_cpup(p++);
1291                READ_BUF(dummy * 4);
1292                p += dummy;
1293
1294                /* spo_must_allow */
1295                READ_BUF(4);
1296                dummy = be32_to_cpup(p++);
1297                READ_BUF(dummy * 4);
1298                p += dummy;
1299                break;
1300        case SP4_SSV:
1301                /* ssp_ops */
1302                READ_BUF(4);
1303                dummy = be32_to_cpup(p++);
1304                READ_BUF(dummy * 4);
1305                p += dummy;
1306
1307                READ_BUF(4);
1308                dummy = be32_to_cpup(p++);
1309                READ_BUF(dummy * 4);
1310                p += dummy;
1311
1312                /* ssp_hash_algs<> */
1313                READ_BUF(4);
1314                tmp = be32_to_cpup(p++);
1315                while (tmp--) {
1316                        READ_BUF(4);
1317                        dummy = be32_to_cpup(p++);
1318                        READ_BUF(dummy);
1319                        p += XDR_QUADLEN(dummy);
1320                }
1321
1322                /* ssp_encr_algs<> */
1323                READ_BUF(4);
1324                tmp = be32_to_cpup(p++);
1325                while (tmp--) {
1326                        READ_BUF(4);
1327                        dummy = be32_to_cpup(p++);
1328                        READ_BUF(dummy);
1329                        p += XDR_QUADLEN(dummy);
1330                }
1331
1332                /* ssp_window and ssp_num_gss_handles */
1333                READ_BUF(8);
1334                dummy = be32_to_cpup(p++);
1335                dummy = be32_to_cpup(p++);
1336                break;
1337        default:
1338                goto xdr_error;
1339        }
1340
1341        /* Ignore Implementation ID */
1342        READ_BUF(4);    /* nfs_impl_id4 array length */
1343        dummy = be32_to_cpup(p++);
1344
1345        if (dummy > 1)
1346                goto xdr_error;
1347
1348        if (dummy == 1) {
1349                /* nii_domain */
1350                READ_BUF(4);
1351                dummy = be32_to_cpup(p++);
1352                READ_BUF(dummy);
1353                p += XDR_QUADLEN(dummy);
1354
1355                /* nii_name */
1356                READ_BUF(4);
1357                dummy = be32_to_cpup(p++);
1358                READ_BUF(dummy);
1359                p += XDR_QUADLEN(dummy);
1360
1361                /* nii_date */
1362                READ_BUF(12);
1363                p += 3;
1364        }
1365        DECODE_TAIL;
1366}
1367
1368static __be32
1369nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1370                            struct nfsd4_create_session *sess)
1371{
1372        DECODE_HEAD;
1373        u32 dummy;
1374
1375        READ_BUF(16);
1376        COPYMEM(&sess->clientid, 8);
1377        sess->seqid = be32_to_cpup(p++);
1378        sess->flags = be32_to_cpup(p++);
1379
1380        /* Fore channel attrs */
1381        READ_BUF(28);
1382        dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1383        sess->fore_channel.maxreq_sz = be32_to_cpup(p++);
1384        sess->fore_channel.maxresp_sz = be32_to_cpup(p++);
1385        sess->fore_channel.maxresp_cached = be32_to_cpup(p++);
1386        sess->fore_channel.maxops = be32_to_cpup(p++);
1387        sess->fore_channel.maxreqs = be32_to_cpup(p++);
1388        sess->fore_channel.nr_rdma_attrs = be32_to_cpup(p++);
1389        if (sess->fore_channel.nr_rdma_attrs == 1) {
1390                READ_BUF(4);
1391                sess->fore_channel.rdma_attrs = be32_to_cpup(p++);
1392        } else if (sess->fore_channel.nr_rdma_attrs > 1) {
1393                dprintk("Too many fore channel attr bitmaps!\n");
1394                goto xdr_error;
1395        }
1396
1397        /* Back channel attrs */
1398        READ_BUF(28);
1399        dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1400        sess->back_channel.maxreq_sz = be32_to_cpup(p++);
1401        sess->back_channel.maxresp_sz = be32_to_cpup(p++);
1402        sess->back_channel.maxresp_cached = be32_to_cpup(p++);
1403        sess->back_channel.maxops = be32_to_cpup(p++);
1404        sess->back_channel.maxreqs = be32_to_cpup(p++);
1405        sess->back_channel.nr_rdma_attrs = be32_to_cpup(p++);
1406        if (sess->back_channel.nr_rdma_attrs == 1) {
1407                READ_BUF(4);
1408                sess->back_channel.rdma_attrs = be32_to_cpup(p++);
1409        } else if (sess->back_channel.nr_rdma_attrs > 1) {
1410                dprintk("Too many back channel attr bitmaps!\n");
1411                goto xdr_error;
1412        }
1413
1414        READ_BUF(4);
1415        sess->callback_prog = be32_to_cpup(p++);
1416        nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1417        DECODE_TAIL;
1418}
1419
1420static __be32
1421nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1422                             struct nfsd4_destroy_session *destroy_session)
1423{
1424        DECODE_HEAD;
1425        READ_BUF(NFS4_MAX_SESSIONID_LEN);
1426        COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1427
1428        DECODE_TAIL;
1429}
1430
1431static __be32
1432nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1433                          struct nfsd4_free_stateid *free_stateid)
1434{
1435        DECODE_HEAD;
1436
1437        READ_BUF(sizeof(stateid_t));
1438        free_stateid->fr_stateid.si_generation = be32_to_cpup(p++);
1439        COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1440
1441        DECODE_TAIL;
1442}
1443
1444static __be32
1445nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1446                      struct nfsd4_sequence *seq)
1447{
1448        DECODE_HEAD;
1449
1450        READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1451        COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1452        seq->seqid = be32_to_cpup(p++);
1453        seq->slotid = be32_to_cpup(p++);
1454        seq->maxslots = be32_to_cpup(p++);
1455        seq->cachethis = be32_to_cpup(p++);
1456
1457        DECODE_TAIL;
1458}
1459
1460static __be32
1461nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1462{
1463        int i;
1464        __be32 *p, status;
1465        struct nfsd4_test_stateid_id *stateid;
1466
1467        READ_BUF(4);
1468        test_stateid->ts_num_ids = ntohl(*p++);
1469
1470        INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1471
1472        for (i = 0; i < test_stateid->ts_num_ids; i++) {
1473                stateid = svcxdr_tmpalloc(argp, sizeof(*stateid));
1474                if (!stateid) {
1475                        status = nfserrno(-ENOMEM);
1476                        goto out;
1477                }
1478
1479                INIT_LIST_HEAD(&stateid->ts_id_list);
1480                list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1481
1482                status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1483                if (status)
1484                        goto out;
1485        }
1486
1487        status = 0;
1488out:
1489        return status;
1490xdr_error:
1491        dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1492        status = nfserr_bad_xdr;
1493        goto out;
1494}
1495
1496static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1497{
1498        DECODE_HEAD;
1499
1500        READ_BUF(8);
1501        COPYMEM(&dc->clientid, 8);
1502
1503        DECODE_TAIL;
1504}
1505
1506static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1507{
1508        DECODE_HEAD;
1509
1510        READ_BUF(4);
1511        rc->rca_one_fs = be32_to_cpup(p++);
1512
1513        DECODE_TAIL;
1514}
1515
1516static __be32
1517nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
1518                       struct nfsd4_fallocate *fallocate)
1519{
1520        DECODE_HEAD;
1521
1522        status = nfsd4_decode_stateid(argp, &fallocate->falloc_stateid);
1523        if (status)
1524                return status;
1525
1526        READ_BUF(16);
1527        p = xdr_decode_hyper(p, &fallocate->falloc_offset);
1528        xdr_decode_hyper(p, &fallocate->falloc_length);
1529
1530        DECODE_TAIL;
1531}
1532
1533static __be32
1534nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
1535{
1536        DECODE_HEAD;
1537
1538        status = nfsd4_decode_stateid(argp, &seek->seek_stateid);
1539        if (status)
1540                return status;
1541
1542        READ_BUF(8 + 4);
1543        p = xdr_decode_hyper(p, &seek->seek_offset);
1544        seek->seek_whence = be32_to_cpup(p);
1545
1546        DECODE_TAIL;
1547}
1548
1549static __be32
1550nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
1551{
1552        return nfs_ok;
1553}
1554
1555static __be32
1556nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
1557{
1558        return nfserr_notsupp;
1559}
1560
1561typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
1562
1563static nfsd4_dec nfsd4_dec_ops[] = {
1564        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
1565        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
1566        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
1567        [OP_CREATE]             = (nfsd4_dec)nfsd4_decode_create,
1568        [OP_DELEGPURGE]         = (nfsd4_dec)nfsd4_decode_notsupp,
1569        [OP_DELEGRETURN]        = (nfsd4_dec)nfsd4_decode_delegreturn,
1570        [OP_GETATTR]            = (nfsd4_dec)nfsd4_decode_getattr,
1571        [OP_GETFH]              = (nfsd4_dec)nfsd4_decode_noop,
1572        [OP_LINK]               = (nfsd4_dec)nfsd4_decode_link,
1573        [OP_LOCK]               = (nfsd4_dec)nfsd4_decode_lock,
1574        [OP_LOCKT]              = (nfsd4_dec)nfsd4_decode_lockt,
1575        [OP_LOCKU]              = (nfsd4_dec)nfsd4_decode_locku,
1576        [OP_LOOKUP]             = (nfsd4_dec)nfsd4_decode_lookup,
1577        [OP_LOOKUPP]            = (nfsd4_dec)nfsd4_decode_noop,
1578        [OP_NVERIFY]            = (nfsd4_dec)nfsd4_decode_verify,
1579        [OP_OPEN]               = (nfsd4_dec)nfsd4_decode_open,
1580        [OP_OPENATTR]           = (nfsd4_dec)nfsd4_decode_notsupp,
1581        [OP_OPEN_CONFIRM]       = (nfsd4_dec)nfsd4_decode_open_confirm,
1582        [OP_OPEN_DOWNGRADE]     = (nfsd4_dec)nfsd4_decode_open_downgrade,
1583        [OP_PUTFH]              = (nfsd4_dec)nfsd4_decode_putfh,
1584        [OP_PUTPUBFH]           = (nfsd4_dec)nfsd4_decode_putpubfh,
1585        [OP_PUTROOTFH]          = (nfsd4_dec)nfsd4_decode_noop,
1586        [OP_READ]               = (nfsd4_dec)nfsd4_decode_read,
1587        [OP_READDIR]            = (nfsd4_dec)nfsd4_decode_readdir,
1588        [OP_READLINK]           = (nfsd4_dec)nfsd4_decode_noop,
1589        [OP_REMOVE]             = (nfsd4_dec)nfsd4_decode_remove,
1590        [OP_RENAME]             = (nfsd4_dec)nfsd4_decode_rename,
1591        [OP_RENEW]              = (nfsd4_dec)nfsd4_decode_renew,
1592        [OP_RESTOREFH]          = (nfsd4_dec)nfsd4_decode_noop,
1593        [OP_SAVEFH]             = (nfsd4_dec)nfsd4_decode_noop,
1594        [OP_SECINFO]            = (nfsd4_dec)nfsd4_decode_secinfo,
1595        [OP_SETATTR]            = (nfsd4_dec)nfsd4_decode_setattr,
1596        [OP_SETCLIENTID]        = (nfsd4_dec)nfsd4_decode_setclientid,
1597        [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
1598        [OP_VERIFY]             = (nfsd4_dec)nfsd4_decode_verify,
1599        [OP_WRITE]              = (nfsd4_dec)nfsd4_decode_write,
1600        [OP_RELEASE_LOCKOWNER]  = (nfsd4_dec)nfsd4_decode_release_lockowner,
1601
1602        /* new operations for NFSv4.1 */
1603        [OP_BACKCHANNEL_CTL]    = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
1604        [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
1605        [OP_EXCHANGE_ID]        = (nfsd4_dec)nfsd4_decode_exchange_id,
1606        [OP_CREATE_SESSION]     = (nfsd4_dec)nfsd4_decode_create_session,
1607        [OP_DESTROY_SESSION]    = (nfsd4_dec)nfsd4_decode_destroy_session,
1608        [OP_FREE_STATEID]       = (nfsd4_dec)nfsd4_decode_free_stateid,
1609        [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
1610        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_notsupp,
1611        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
1612        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_notsupp,
1613        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_notsupp,
1614        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_notsupp,
1615        [OP_SECINFO_NO_NAME]    = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
1616        [OP_SEQUENCE]           = (nfsd4_dec)nfsd4_decode_sequence,
1617        [OP_SET_SSV]            = (nfsd4_dec)nfsd4_decode_notsupp,
1618        [OP_TEST_STATEID]       = (nfsd4_dec)nfsd4_decode_test_stateid,
1619        [OP_WANT_DELEGATION]    = (nfsd4_dec)nfsd4_decode_notsupp,
1620        [OP_DESTROY_CLIENTID]   = (nfsd4_dec)nfsd4_decode_destroy_clientid,
1621        [OP_RECLAIM_COMPLETE]   = (nfsd4_dec)nfsd4_decode_reclaim_complete,
1622
1623        /* new operations for NFSv4.2 */
1624        [OP_ALLOCATE]           = (nfsd4_dec)nfsd4_decode_fallocate,
1625        [OP_COPY]               = (nfsd4_dec)nfsd4_decode_notsupp,
1626        [OP_COPY_NOTIFY]        = (nfsd4_dec)nfsd4_decode_notsupp,
1627        [OP_DEALLOCATE]         = (nfsd4_dec)nfsd4_decode_fallocate,
1628        [OP_IO_ADVISE]          = (nfsd4_dec)nfsd4_decode_notsupp,
1629        [OP_LAYOUTERROR]        = (nfsd4_dec)nfsd4_decode_notsupp,
1630        [OP_LAYOUTSTATS]        = (nfsd4_dec)nfsd4_decode_notsupp,
1631        [OP_OFFLOAD_CANCEL]     = (nfsd4_dec)nfsd4_decode_notsupp,
1632        [OP_OFFLOAD_STATUS]     = (nfsd4_dec)nfsd4_decode_notsupp,
1633        [OP_READ_PLUS]          = (nfsd4_dec)nfsd4_decode_notsupp,
1634        [OP_SEEK]               = (nfsd4_dec)nfsd4_decode_seek,
1635        [OP_WRITE_SAME]         = (nfsd4_dec)nfsd4_decode_notsupp,
1636};
1637
1638static inline bool
1639nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
1640{
1641        if (op->opnum < FIRST_NFS4_OP)
1642                return false;
1643        else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
1644                return false;
1645        else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
1646                return false;
1647        else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
1648                return false;
1649        return true;
1650}
1651
1652static __be32
1653nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
1654{
1655        DECODE_HEAD;
1656        struct nfsd4_op *op;
1657        bool cachethis = false;
1658        int auth_slack= argp->rqstp->rq_auth_slack;
1659        int max_reply = auth_slack + 8; /* opcnt, status */
1660        int readcount = 0;
1661        int readbytes = 0;
1662        int i;
1663
1664        READ_BUF(4);
1665        argp->taglen = be32_to_cpup(p++);
1666        READ_BUF(argp->taglen + 8);
1667        SAVEMEM(argp->tag, argp->taglen);
1668        argp->minorversion = be32_to_cpup(p++);
1669        argp->opcnt = be32_to_cpup(p++);
1670        max_reply += 4 + (XDR_QUADLEN(argp->taglen) << 2);
1671
1672        if (argp->taglen > NFSD4_MAX_TAGLEN)
1673                goto xdr_error;
1674        if (argp->opcnt > 100)
1675                goto xdr_error;
1676
1677        if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
1678                argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
1679                if (!argp->ops) {
1680                        argp->ops = argp->iops;
1681                        dprintk("nfsd: couldn't allocate room for COMPOUND\n");
1682                        goto xdr_error;
1683                }
1684        }
1685
1686        if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
1687                argp->opcnt = 0;
1688
1689        for (i = 0; i < argp->opcnt; i++) {
1690                op = &argp->ops[i];
1691                op->replay = NULL;
1692
1693                READ_BUF(4);
1694                op->opnum = be32_to_cpup(p++);
1695
1696                if (nfsd4_opnum_in_range(argp, op))
1697                        op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
1698                else {
1699                        op->opnum = OP_ILLEGAL;
1700                        op->status = nfserr_op_illegal;
1701                }
1702                /*
1703                 * We'll try to cache the result in the DRC if any one
1704                 * op in the compound wants to be cached:
1705                 */
1706                cachethis |= nfsd4_cache_this_op(op);
1707
1708                if (op->opnum == OP_READ) {
1709                        readcount++;
1710                        readbytes += nfsd4_max_reply(argp->rqstp, op);
1711                } else
1712                        max_reply += nfsd4_max_reply(argp->rqstp, op);
1713                /*
1714                 * OP_LOCK may return a conflicting lock.  (Special case
1715                 * because it will just skip encoding this if it runs
1716                 * out of xdr buffer space, and it is the only operation
1717                 * that behaves this way.)
1718                 */
1719                if (op->opnum == OP_LOCK)
1720                        max_reply += NFS4_OPAQUE_LIMIT;
1721
1722                if (op->status) {
1723                        argp->opcnt = i+1;
1724                        break;
1725                }
1726        }
1727        /* Sessions make the DRC unnecessary: */
1728        if (argp->minorversion)
1729                cachethis = false;
1730        svc_reserve(argp->rqstp, max_reply + readbytes);
1731        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
1732
1733        if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
1734                clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags);
1735
1736        DECODE_TAIL;
1737}
1738
1739static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode)
1740{
1741        if (IS_I_VERSION(inode)) {
1742                p = xdr_encode_hyper(p, inode->i_version);
1743        } else {
1744                *p++ = cpu_to_be32(stat->ctime.tv_sec);
1745                *p++ = cpu_to_be32(stat->ctime.tv_nsec);
1746        }
1747        return p;
1748}
1749
1750static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
1751{
1752        *p++ = cpu_to_be32(c->atomic);
1753        if (c->change_supported) {
1754                p = xdr_encode_hyper(p, c->before_change);
1755                p = xdr_encode_hyper(p, c->after_change);
1756        } else {
1757                *p++ = cpu_to_be32(c->before_ctime_sec);
1758                *p++ = cpu_to_be32(c->before_ctime_nsec);
1759                *p++ = cpu_to_be32(c->after_ctime_sec);
1760                *p++ = cpu_to_be32(c->after_ctime_nsec);
1761        }
1762        return p;
1763}
1764
1765/* Encode as an array of strings the string given with components
1766 * separated @sep, escaped with esc_enter and esc_exit.
1767 */
1768static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
1769                                          char *components, char esc_enter,
1770                                          char esc_exit)
1771{
1772        __be32 *p;
1773        __be32 pathlen;
1774        int pathlen_offset;
1775        int strlen, count=0;
1776        char *str, *end, *next;
1777
1778        dprintk("nfsd4_encode_components(%s)\n", components);
1779
1780        pathlen_offset = xdr->buf->len;
1781        p = xdr_reserve_space(xdr, 4);
1782        if (!p)
1783                return nfserr_resource;
1784        p++; /* We will fill this in with @count later */
1785
1786        end = str = components;
1787        while (*end) {
1788                bool found_esc = false;
1789
1790                /* try to parse as esc_start, ..., esc_end, sep */
1791                if (*str == esc_enter) {
1792                        for (; *end && (*end != esc_exit); end++)
1793                                /* find esc_exit or end of string */;
1794                        next = end + 1;
1795                        if (*end && (!*next || *next == sep)) {
1796                                str++;
1797                                found_esc = true;
1798                        }
1799                }
1800
1801                if (!found_esc)
1802                        for (; *end && (*end != sep); end++)
1803                                /* find sep or end of string */;
1804
1805                strlen = end - str;
1806                if (strlen) {
1807                        p = xdr_reserve_space(xdr, strlen + 4);
1808                        if (!p)
1809                                return nfserr_resource;
1810                        p = xdr_encode_opaque(p, str, strlen);
1811                        count++;
1812                }
1813                else
1814                        end++;
1815                if (found_esc)
1816                        end = next;
1817
1818                str = end;
1819        }
1820        pathlen = htonl(count);
1821        write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
1822        return 0;
1823}
1824
1825/* Encode as an array of strings the string given with components
1826 * separated @sep.
1827 */
1828static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
1829                                      char *components)
1830{
1831        return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
1832}
1833
1834/*
1835 * encode a location element of a fs_locations structure
1836 */
1837static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
1838                                        struct nfsd4_fs_location *location)
1839{
1840        __be32 status;
1841
1842        status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
1843                                                '[', ']');
1844        if (status)
1845                return status;
1846        status = nfsd4_encode_components(xdr, '/', location->path);
1847        if (status)
1848                return status;
1849        return 0;
1850}
1851
1852/*
1853 * Encode a path in RFC3530 'pathname4' format
1854 */
1855static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
1856                                const struct path *root,
1857                                const struct path *path)
1858{
1859        struct path cur = *path;
1860        __be32 *p;
1861        struct dentry **components = NULL;
1862        unsigned int ncomponents = 0;
1863        __be32 err = nfserr_jukebox;
1864
1865        dprintk("nfsd4_encode_components(");
1866
1867        path_get(&cur);
1868        /* First walk the path up to the nfsd root, and store the
1869         * dentries/path components in an array.
1870         */
1871        for (;;) {
1872                if (cur.dentry == root->dentry && cur.mnt == root->mnt)
1873                        break;
1874                if (cur.dentry == cur.mnt->mnt_root) {
1875                        if (follow_up(&cur))
1876                                continue;
1877                        goto out_free;
1878                }
1879                if ((ncomponents & 15) == 0) {
1880                        struct dentry **new;
1881                        new = krealloc(components,
1882                                        sizeof(*new) * (ncomponents + 16),
1883                                        GFP_KERNEL);
1884                        if (!new)
1885                                goto out_free;
1886                        components = new;
1887                }
1888                components[ncomponents++] = cur.dentry;
1889                cur.dentry = dget_parent(cur.dentry);
1890        }
1891        err = nfserr_resource;
1892        p = xdr_reserve_space(xdr, 4);
1893        if (!p)
1894                goto out_free;
1895        *p++ = cpu_to_be32(ncomponents);
1896
1897        while (ncomponents) {
1898                struct dentry *dentry = components[ncomponents - 1];
1899                unsigned int len;
1900
1901                spin_lock(&dentry->d_lock);
1902                len = dentry->d_name.len;
1903                p = xdr_reserve_space(xdr, len + 4);
1904                if (!p) {
1905                        spin_unlock(&dentry->d_lock);
1906                        goto out_free;
1907                }
1908                p = xdr_encode_opaque(p, dentry->d_name.name, len);
1909                dprintk("/%pd", dentry);
1910                spin_unlock(&dentry->d_lock);
1911                dput(dentry);
1912                ncomponents--;
1913        }
1914
1915        err = 0;
1916out_free:
1917        dprintk(")\n");
1918        while (ncomponents)
1919                dput(components[--ncomponents]);
1920        kfree(components);
1921        path_put(&cur);
1922        return err;
1923}
1924
1925static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
1926                        struct svc_rqst *rqstp, const struct path *path)
1927{
1928        struct svc_export *exp_ps;
1929        __be32 res;
1930
1931        exp_ps = rqst_find_fsidzero_export(rqstp);
1932        if (IS_ERR(exp_ps))
1933                return nfserrno(PTR_ERR(exp_ps));
1934        res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
1935        exp_put(exp_ps);
1936        return res;
1937}
1938
1939/*
1940 *  encode a fs_locations structure
1941 */
1942static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
1943                        struct svc_rqst *rqstp, struct svc_export *exp)
1944{
1945        __be32 status;
1946        int i;
1947        __be32 *p;
1948        struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
1949
1950        status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
1951        if (status)
1952                return status;
1953        p = xdr_reserve_space(xdr, 4);
1954        if (!p)
1955                return nfserr_resource;
1956        *p++ = cpu_to_be32(fslocs->locations_count);
1957        for (i=0; i<fslocs->locations_count; i++) {
1958                status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
1959                if (status)
1960                        return status;
1961        }
1962        return 0;
1963}
1964
1965static u32 nfs4_file_type(umode_t mode)
1966{
1967        switch (mode & S_IFMT) {
1968        case S_IFIFO:   return NF4FIFO;
1969        case S_IFCHR:   return NF4CHR;
1970        case S_IFDIR:   return NF4DIR;
1971        case S_IFBLK:   return NF4BLK;
1972        case S_IFLNK:   return NF4LNK;
1973        case S_IFREG:   return NF4REG;
1974        case S_IFSOCK:  return NF4SOCK;
1975        default:        return NF4BAD;
1976        };
1977}
1978
1979static inline __be32
1980nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
1981                     struct nfs4_ace *ace)
1982{
1983        if (ace->whotype != NFS4_ACL_WHO_NAMED)
1984                return nfs4_acl_write_who(xdr, ace->whotype);
1985        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
1986                return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
1987        else
1988                return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
1989}
1990
1991#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
1992                              FATTR4_WORD0_RDATTR_ERROR)
1993#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
1994
1995#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
1996static inline __be32
1997nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
1998                            void *context, int len)
1999{
2000        __be32 *p;

2001
2002        p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
2003        if (!p)
2004                return nfserr_resource;
2005
2006        /*
2007         * For now we use a 0 here to indicate the null translation; in
2008         * the future we may place a call to translation code here.
2009         */
2010        *p++ = cpu_to_be32(0); /* lfs */
2011        *p++ = cpu_to_be32(0); /* pi */
2012        p = xdr_encode_opaque(p, context, len);
2013        return 0;
2014}
2015#else
2016static inline __be32
2017nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2018                            void *context, int len)
2019{ return 0; }
2020#endif
2021
2022static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err)
2023{
2024        /* As per referral draft:  */
2025        if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2026            *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2027                if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2028                    *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2029                        *rdattr_err = NFSERR_MOVED;
2030                else
2031                        return nfserr_moved;
2032        }
2033        *bmval0 &= WORD0_ABSENT_FS_ATTRS;
2034        *bmval1 &= WORD1_ABSENT_FS_ATTRS;
2035        return 0;
2036}
2037
2038
2039static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2040{
2041        struct path path = exp->ex_path;
2042        int err;
2043
2044        path_get(&path);
2045        while (follow_up(&path)) {
2046                if (path.dentry != path.mnt->mnt_root)
2047                        break;
2048        }
2049        err = vfs_getattr(&path, stat);
2050        path_put(&path);
2051        return err;
2052}
2053
2054/*
2055 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2056 * ourselves.
2057 */
2058static __be32
2059nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
2060                struct svc_export *exp,
2061                struct dentry *dentry, u32 *bmval,
2062                struct svc_rqst *rqstp, int ignore_crossmnt)
2063{
2064        u32 bmval0 = bmval[0];
2065        u32 bmval1 = bmval[1];
2066        u32 bmval2 = bmval[2];
2067        struct kstat stat;
2068        struct svc_fh *tempfh = NULL;
2069        struct kstatfs statfs;
2070        __be32 *p;
2071        int starting_len = xdr->buf->len;
2072        int attrlen_offset;
2073        __be32 attrlen;
2074        u32 dummy;
2075        u64 dummy64;
2076        u32 rdattr_err = 0;
2077        __be32 status;
2078        int err;
2079        int aclsupport = 0;
2080        struct nfs4_acl *acl = NULL;
2081        void *context = NULL;
2082        int contextlen;
2083        bool contextsupport = false;
2084        struct nfsd4_compoundres *resp = rqstp->rq_resp;
2085        u32 minorversion = resp->cstate.minorversion;
2086        struct path path = {
2087                .mnt    = exp->ex_path.mnt,
2088                .dentry = dentry,
2089        };
2090        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2091
2092        BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2093        BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion));
2094        BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
2095        BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion));
2096
2097        if (exp->ex_fslocs.migrated) {
2098                BUG_ON(bmval[2]);
2099                status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err);
2100                if (status)
2101                        goto out;
2102        }
2103
2104        err = vfs_getattr(&path, &stat);
2105        if (err)
2106                goto out_nfserr;
2107        if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
2108                        FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
2109            (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2110                       FATTR4_WORD1_SPACE_TOTAL))) {
2111                err = vfs_statfs(&path, &statfs);
2112                if (err)
2113                        goto out_nfserr;
2114        }
2115        if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2116                tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2117                status = nfserr_jukebox;
2118                if (!tempfh)
2119                        goto out;
2120                fh_init(tempfh, NFS4_FHSIZE);
2121                status = fh_compose(tempfh, exp, dentry, NULL);
2122                if (status)
2123                        goto out;
2124                fhp = tempfh;
2125        }
2126        if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
2127                        | FATTR4_WORD0_SUPPORTED_ATTRS)) {
2128                err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2129                aclsupport = (err == 0);
2130                if (bmval0 & FATTR4_WORD0_ACL) {
2131                        if (err == -EOPNOTSUPP)
2132                                bmval0 &= ~FATTR4_WORD0_ACL;
2133                        else if (err == -EINVAL) {
2134                                status = nfserr_attrnotsupp;
2135                                goto out;
2136                        } else if (err != 0)
2137                                goto out_nfserr;
2138                }
2139        }
2140
2141#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2142        if ((bmval[2] & FATTR4_WORD2_SECURITY_LABEL) ||
2143                        bmval[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
2144                err = security_inode_getsecctx(dentry->d_inode,
2145                                                &context, &contextlen);
2146                contextsupport = (err == 0);
2147                if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2148                        if (err == -EOPNOTSUPP)
2149                                bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2150                        else if (err)
2151                                goto out_nfserr;
2152                }
2153        }
2154#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2155
2156        if (bmval2) {
2157                p = xdr_reserve_space(xdr, 16);
2158                if (!p)
2159                        goto out_resource;
2160                *p++ = cpu_to_be32(3);
2161                *p++ = cpu_to_be32(bmval0);
2162                *p++ = cpu_to_be32(bmval1);
2163                *p++ = cpu_to_be32(bmval2);
2164        } else if (bmval1) {
2165                p = xdr_reserve_space(xdr, 12);
2166                if (!p)
2167                        goto out_resource;
2168                *p++ = cpu_to_be32(2);
2169                *p++ = cpu_to_be32(bmval0);
2170                *p++ = cpu_to_be32(bmval1);
2171        } else {
2172                p = xdr_reserve_space(xdr, 8);
2173                if (!p)
2174                        goto out_resource;
2175                *p++ = cpu_to_be32(1);
2176                *p++ = cpu_to_be32(bmval0);
2177        }
2178
2179        attrlen_offset = xdr->buf->len;
2180        p = xdr_reserve_space(xdr, 4);
2181        if (!p)
2182                goto out_resource;
2183        p++;                /* to be backfilled later */
2184
2185        if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2186                u32 word0 = nfsd_suppattrs0(minorversion);
2187                u32 word1 = nfsd_suppattrs1(minorversion);
2188                u32 word2 = nfsd_suppattrs2(minorversion);
2189
2190                if (!aclsupport)
2191                        word0 &= ~FATTR4_WORD0_ACL;
2192                if (!contextsupport)
2193                        word2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2194                if (!word2) {
2195                        p = xdr_reserve_space(xdr, 12);
2196                        if (!p)
2197                                goto out_resource;
2198                        *p++ = cpu_to_be32(2);
2199                        *p++ = cpu_to_be32(word0);
2200                        *p++ = cpu_to_be32(word1);
2201                } else {
2202                        p = xdr_reserve_space(xdr, 16);
2203                        if (!p)
2204                                goto out_resource;
2205                        *p++ = cpu_to_be32(3);
2206                        *p++ = cpu_to_be32(word0);
2207                        *p++ = cpu_to_be32(word1);
2208                        *p++ = cpu_to_be32(word2);
2209                }
2210        }
2211        if (bmval0 & FATTR4_WORD0_TYPE) {
2212                p = xdr_reserve_space(xdr, 4);
2213                if (!p)
2214                        goto out_resource;
2215                dummy = nfs4_file_type(stat.mode);
2216                if (dummy == NF4BAD) {
2217                        status = nfserr_serverfault;
2218                        goto out;
2219                }
2220                *p++ = cpu_to_be32(dummy);
2221        }
2222        if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2223                p = xdr_reserve_space(xdr, 4);
2224                if (!p)
2225                        goto out_resource;
2226                if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2227                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
2228                else
2229                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
2230                                                NFS4_FH_VOL_RENAME);
2231        }
2232        if (bmval0 & FATTR4_WORD0_CHANGE) {
2233                p = xdr_reserve_space(xdr, 8);
2234                if (!p)
2235                        goto out_resource;
2236                p = encode_change(p, &stat, dentry->d_inode);
2237        }
2238        if (bmval0 & FATTR4_WORD0_SIZE) {
2239                p = xdr_reserve_space(xdr, 8);
2240                if (!p)
2241                        goto out_resource;
2242                p = xdr_encode_hyper(p, stat.size);
2243        }
2244        if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2245                p = xdr_reserve_space(xdr, 4);
2246                if (!p)
2247                        goto out_resource;
2248                *p++ = cpu_to_be32(1);
2249        }
2250        if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2251                p = xdr_reserve_space(xdr, 4);
2252                if (!p)
2253                        goto out_resource;
2254                *p++ = cpu_to_be32(1);
2255        }
2256        if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2257                p = xdr_reserve_space(xdr, 4);
2258                if (!p)
2259                        goto out_resource;
2260                *p++ = cpu_to_be32(0);
2261        }
2262        if (bmval0 & FATTR4_WORD0_FSID) {
2263                p = xdr_reserve_space(xdr, 16);
2264                if (!p)
2265                        goto out_resource;
2266                if (exp->ex_fslocs.migrated) {
2267                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
2268                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
2269                } else switch(fsid_source(fhp)) {
2270                case FSIDSOURCE_FSID:
2271                        p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
2272                        p = xdr_encode_hyper(p, (u64)0);
2273                        break;
2274                case FSIDSOURCE_DEV:
2275                        *p++ = cpu_to_be32(0);
2276                        *p++ = cpu_to_be32(MAJOR(stat.dev));
2277                        *p++ = cpu_to_be32(0);
2278                        *p++ = cpu_to_be32(MINOR(stat.dev));
2279                        break;
2280                case FSIDSOURCE_UUID:
2281                        p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
2282                                                                EX_UUID_LEN);
2283                        break;
2284                }
2285        }
2286        if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2287                p = xdr_reserve_space(xdr, 4);
2288                if (!p)
2289                        goto out_resource;
2290                *p++ = cpu_to_be32(0);
2291        }
2292        if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2293                p = xdr_reserve_space(xdr, 4);
2294                if (!p)
2295                        goto out_resource;
2296                *p++ = cpu_to_be32(nn->nfsd4_lease);
2297        }
2298        if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2299                p = xdr_reserve_space(xdr, 4);
2300                if (!p)
2301                        goto out_resource;
2302                *p++ = cpu_to_be32(rdattr_err);
2303        }
2304        if (bmval0 & FATTR4_WORD0_ACL) {
2305                struct nfs4_ace *ace;
2306
2307                if (acl == NULL) {
2308                        p = xdr_reserve_space(xdr, 4);
2309                        if (!p)
2310                                goto out_resource;
2311
2312                        *p++ = cpu_to_be32(0);
2313                        goto out_acl;
2314                }
2315                p = xdr_reserve_space(xdr, 4);
2316                if (!p)
2317                        goto out_resource;
2318                *p++ = cpu_to_be32(acl->naces);
2319
2320                for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2321                        p = xdr_reserve_space(xdr, 4*3);
2322                        if (!p)
2323                                goto out_resource;
2324                        *p++ = cpu_to_be32(ace->type);
2325                        *p++ = cpu_to_be32(ace->flag);
2326                        *p++ = cpu_to_be32(ace->access_mask &
2327                                                        NFS4_ACE_MASK_ALL);
2328                        status = nfsd4_encode_aclname(xdr, rqstp, ace);
2329                        if (status)
2330                                goto out;
2331                }
2332        }
2333out_acl:
2334        if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2335                p = xdr_reserve_space(xdr, 4);
2336                if (!p)
2337                        goto out_resource;
2338                *p++ = cpu_to_be32(aclsupport ?
2339                        ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2340        }
2341        if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2342                p = xdr_reserve_space(xdr, 4);
2343                if (!p)
2344                        goto out_resource;
2345                *p++ = cpu_to_be32(1);
2346        }
2347        if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2348                p = xdr_reserve_space(xdr, 4);
2349                if (!p)
2350                        goto out_resource;
2351                *p++ = cpu_to_be32(0);
2352        }
2353        if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2354                p = xdr_reserve_space(xdr, 4);
2355                if (!p)
2356                        goto out_resource;
2357                *p++ = cpu_to_be32(1);
2358        }
2359        if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2360                p = xdr_reserve_space(xdr, 4);
2361                if (!p)
2362                        goto out_resource;
2363                *p++ = cpu_to_be32(1);
2364        }
2365        if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2366                p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
2367                if (!p)
2368                        goto out_resource;
2369                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
2370                                        fhp->fh_handle.fh_size);
2371        }
2372        if (bmval0 & FATTR4_WORD0_FILEID) {
2373                p = xdr_reserve_space(xdr, 8);
2374                if (!p)
2375                        goto out_resource;
2376                p = xdr_encode_hyper(p, stat.ino);
2377        }
2378        if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2379                p = xdr_reserve_space(xdr, 8);
2380                if (!p)
2381                        goto out_resource;
2382                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2383        }
2384        if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2385                p = xdr_reserve_space(xdr, 8);
2386                if (!p)
2387                        goto out_resource;
2388                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
2389        }
2390        if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2391                p = xdr_reserve_space(xdr, 8);
2392                if (!p)
2393                        goto out_resource;
2394                p = xdr_encode_hyper(p, (u64) statfs.f_files);
2395        }
2396        if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2397                status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
2398                if (status)
2399                        goto out;
2400        }
2401        if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2402                p = xdr_reserve_space(xdr, 4);
2403                if (!p)
2404                        goto out_resource;
2405                *p++ = cpu_to_be32(1);
2406        }
2407        if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2408                p = xdr_reserve_space(xdr, 8);
2409                if (!p)
2410                        goto out_resource;
2411                p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
2412        }
2413        if (bmval0 & FATTR4_WORD0_MAXLINK) {
2414                p = xdr_reserve_space(xdr, 4);
2415                if (!p)
2416                        goto out_resource;
2417                *p++ = cpu_to_be32(255);
2418        }
2419        if (bmval0 & FATTR4_WORD0_MAXNAME) {
2420                p = xdr_reserve_space(xdr, 4);
2421                if (!p)
2422                        goto out_resource;
2423                *p++ = cpu_to_be32(statfs.f_namelen);
2424        }
2425        if (bmval0 & FATTR4_WORD0_MAXREAD) {
2426                p = xdr_reserve_space(xdr, 8);
2427                if (!p)
2428                        goto out_resource;
2429                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2430        }
2431        if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2432                p = xdr_reserve_space(xdr, 8);
2433                if (!p)
2434                        goto out_resource;
2435                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
2436        }
2437        if (bmval1 & FATTR4_WORD1_MODE) {
2438                p = xdr_reserve_space(xdr, 4);
2439                if (!p)
2440                        goto out_resource;
2441                *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
2442        }
2443        if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2444                p = xdr_reserve_space(xdr, 4);
2445                if (!p)
2446                        goto out_resource;
2447                *p++ = cpu_to_be32(1);
2448        }
2449        if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2450                p = xdr_reserve_space(xdr, 4);
2451                if (!p)
2452                        goto out_resource;
2453                *p++ = cpu_to_be32(stat.nlink);
2454        }
2455        if (bmval1 & FATTR4_WORD1_OWNER) {
2456                status = nfsd4_encode_user(xdr, rqstp, stat.uid);
2457                if (status)
2458                        goto out;
2459        }
2460        if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2461                status = nfsd4_encode_group(xdr, rqstp, stat.gid);
2462                if (status)
2463                        goto out;
2464        }
2465        if (bmval1 & FATTR4_WORD1_RAWDEV) {
2466                p = xdr_reserve_space(xdr, 8);
2467                if (!p)
2468                        goto out_resource;
2469                *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
2470                *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
2471        }
2472        if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
2473                p = xdr_reserve_space(xdr, 8);
2474                if (!p)
2475                        goto out_resource;
2476                dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
2477                p = xdr_encode_hyper(p, dummy64);
2478        }
2479        if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
2480                p = xdr_reserve_space(xdr, 8);
2481                if (!p)
2482                        goto out_resource;
2483                dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
2484                p = xdr_encode_hyper(p, dummy64);
2485        }
2486        if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
2487                p = xdr_reserve_space(xdr, 8);
2488                if (!p)
2489                        goto out_resource;
2490                dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
2491                p = xdr_encode_hyper(p, dummy64);
2492        }
2493        if (bmval1 & FATTR4_WORD1_SPACE_USED) {
2494                p = xdr_reserve_space(xdr, 8);
2495                if (!p)
2496                        goto out_resource;
2497                dummy64 = (u64)stat.blocks << 9;
2498                p = xdr_encode_hyper(p, dummy64);
2499        }
2500        if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
2501                p = xdr_reserve_space(xdr, 12);
2502                if (!p)
2503                        goto out_resource;
2504                p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
2505                *p++ = cpu_to_be32(stat.atime.tv_nsec);
2506        }
2507        if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
2508                p = xdr_reserve_space(xdr, 12);
2509                if (!p)
2510                        goto out_resource;
2511                *p++ = cpu_to_be32(0);
2512                *p++ = cpu_to_be32(1);
2513                *p++ = cpu_to_be32(0);
2514        }
2515        if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
2516                p = xdr_reserve_space(xdr, 12);
2517                if (!p)
2518                        goto out_resource;
2519                p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
2520                *p++ = cpu_to_be32(stat.ctime.tv_nsec);
2521        }
2522        if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
2523                p = xdr_reserve_space(xdr, 12);
2524                if (!p)
2525                        goto out_resource;
2526                p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
2527                *p++ = cpu_to_be32(stat.mtime.tv_nsec);
2528        }
2529        if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
2530                p = xdr_reserve_space(xdr, 8);
2531                if (!p)
2532                        goto out_resource;
2533                /*
2534                 * Get parent's attributes if not ignoring crossmount
2535                 * and this is the root of a cross-mounted filesystem.
2536                 */
2537                if (ignore_crossmnt == 0 &&
2538                    dentry == exp->ex_path.mnt->mnt_root)
2539                        get_parent_attributes(exp, &stat);
2540                p = xdr_encode_hyper(p, stat.ino);
2541        }
2542        if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2543                status = nfsd4_encode_security_label(xdr, rqstp, context,
2544                                                                contextlen);
2545                if (status)
2546                        goto out;
2547        }
2548        if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
2549                p = xdr_reserve_space(xdr, 16);
2550                if (!p)
2551                        goto out_resource;
2552                *p++ = cpu_to_be32(3);
2553                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
2554                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
2555                *p++ = cpu_to_be32(NFSD_SUPPATTR_EXCLCREAT_WORD2);
2556        }
2557
2558        attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
2559        write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
2560        status = nfs_ok;
2561
2562out:
2563#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2564        if (context)
2565                security_release_secctx(context, contextlen);
2566#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2567        kfree(acl);
2568        if (tempfh) {
2569                fh_put(tempfh);
2570                kfree(tempfh);
2571        }
2572        if (status)
2573                xdr_truncate_encode(xdr, starting_len);
2574        return status;
2575out_nfserr:
2576        status = nfserrno(err);
2577        goto out;
2578out_resource:
2579        status = nfserr_resource;
2580        goto out;
2581}
2582
2583static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
2584                                struct xdr_buf *buf, __be32 *p, int bytes)
2585{
2586        xdr->scratch.iov_len = 0;
2587        memset(buf, 0, sizeof(struct xdr_buf));
2588        buf->head[0].iov_base = p;
2589        buf->head[0].iov_len = 0;
2590        buf->len = 0;
2591        xdr->buf = buf;
2592        xdr->iov = buf->head;
2593        xdr->p = p;
2594        xdr->end = (void *)p + bytes;
2595        buf->buflen = bytes;
2596}
2597
2598__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
2599                        struct svc_fh *fhp, struct svc_export *exp,
2600                        struct dentry *dentry, u32 *bmval,
2601                        struct svc_rqst *rqstp, int ignore_crossmnt)
2602{
2603        struct xdr_buf dummy;
2604        struct xdr_stream xdr;
2605        __be32 ret;
2606
2607        svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
2608        ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
2609                                                        ignore_crossmnt);
2610        *p = xdr.p;
2611        return ret;
2612}
2613
2614static inline int attributes_need_mount(u32 *bmval)
2615{
2616        if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
2617                return 1;
2618        if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
2619                return 1;
2620        return 0;
2621}
2622
2623static __be32
2624nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
2625                        const char *name, int namlen)
2626{
2627        struct svc_export *exp = cd->rd_fhp->fh_export;
2628        struct dentry *dentry;
2629        __be32 nfserr;
2630        int ignore_crossmnt = 0;
2631
2632        dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
2633        if (IS_ERR(dentry))
2634                return nfserrno(PTR_ERR(dentry));
2635        if (!dentry->d_inode) {
2636                /*
2637                 * nfsd_buffered_readdir drops the i_mutex between
2638                 * readdir and calling this callback, leaving a window
2639                 * where this directory entry could have gone away.
2640                 */
2641                dput(dentry);
2642                return nfserr_noent;
2643        }
2644
2645        exp_get(exp);
2646        /*
2647         * In the case of a mountpoint, the client may be asking for
2648         * attributes that are only properties of the underlying filesystem
2649         * as opposed to the cross-mounted file system. In such a case,
2650         * we will not follow the cross mount and will fill the attribtutes
2651         * directly from the mountpoint dentry.
2652         */
2653        if (nfsd_mountpoint(dentry, exp)) {
2654                int err;
2655
2656                if (!(exp->ex_flags & NFSEXP_V4ROOT)
2657                                && !attributes_need_mount(cd->rd_bmval)) {
2658                        ignore_crossmnt = 1;
2659                        goto out_encode;
2660                }
2661                /*
2662                 * Why the heck aren't we just using nfsd_lookup??
2663                 * Different "."/".." handling?  Something else?
2664                 * At least, add a comment here to explain....
2665                 */
2666                err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
2667                if (err) {
2668                        nfserr = nfserrno(err);
2669                        goto out_put;
2670                }
2671                nfserr = check_nfsd_access(exp, cd->rd_rqstp);
2672                if (nfserr)
2673                        goto out_put;
2674
2675        }
2676out_encode:
2677        nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval,
2678                                        cd->rd_rqstp, ignore_crossmnt);
2679out_put:
2680        dput(dentry);
2681        exp_put(exp);
2682        return nfserr;
2683}
2684
2685static __be32 *
2686nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr)
2687{
2688        __be32 *p;
2689
2690        p = xdr_reserve_space(xdr, 20);
2691        if (!p)
2692                return NULL;
2693        *p++ = htonl(2);
2694        *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
2695        *p++ = htonl(0);                         /* bmval1 */
2696
2697        *p++ = htonl(4);     /* attribute length */
2698        *p++ = nfserr;       /* no htonl */
2699        return p;
2700}
2701
2702static int
2703nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2704                    loff_t offset, u64 ino, unsigned int d_type)
2705{
2706        struct readdir_cd *ccd = ccdv;
2707        struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
2708        struct xdr_stream *xdr = cd->xdr;
2709        int start_offset = xdr->buf->len;
2710        int cookie_offset;
2711        u32 name_and_cookie;
2712        int entry_bytes;
2713        __be32 nfserr = nfserr_toosmall;
2714        __be64 wire_offset;
2715        __be32 *p;
2716
2717        /* In nfsv4, "." and ".." never make it onto the wire.. */
2718        if (name && isdotent(name, namlen)) {
2719                cd->common.err = nfs_ok;
2720                return 0;
2721        }
2722
2723        if (cd->cookie_offset) {
2724                wire_offset = cpu_to_be64(offset);
2725                write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset,
2726                                                        &wire_offset, 8);
2727        }
2728
2729        p = xdr_reserve_space(xdr, 4);
2730        if (!p)
2731                goto fail;
2732        *p++ = xdr_one;                             /* mark entry present */
2733        cookie_offset = xdr->buf->len;
2734        p = xdr_reserve_space(xdr, 3*4 + namlen);
2735        if (!p)
2736                goto fail;
2737        p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
2738        p = xdr_encode_array(p, name, namlen);      /* name length & name */
2739
2740        nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen);
2741        switch (nfserr) {
2742        case nfs_ok:
2743                break;
2744        case nfserr_resource:
2745                nfserr = nfserr_toosmall;
2746                goto fail;
2747        case nfserr_noent:
2748                xdr_truncate_encode(xdr, start_offset);
2749                goto skip_entry;
2750        default:
2751                /*
2752                 * If the client requested the RDATTR_ERROR attribute,
2753                 * we stuff the error code into this attribute
2754                 * and continue.  If this attribute was not requested,
2755                 * then in accordance with the spec, we fail the
2756                 * entire READDIR operation(!)
2757                 */
2758                if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
2759                        goto fail;
2760                p = nfsd4_encode_rdattr_error(xdr, nfserr);
2761                if (p == NULL) {
2762                        nfserr = nfserr_toosmall;
2763                        goto fail;
2764                }
2765        }
2766        nfserr = nfserr_toosmall;
2767        entry_bytes = xdr->buf->len - start_offset;
2768        if (entry_bytes > cd->rd_maxcount)
2769                goto fail;
2770        cd->rd_maxcount -= entry_bytes;
2771        if (!cd->rd_dircount)
2772                goto fail;
2773        /*
2774         * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so
2775         * let's always let through the first entry, at least:
2776         */
2777        name_and_cookie = 4 * XDR_QUADLEN(namlen) + 8;
2778        if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
2779                goto fail;
2780        cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
2781        cd->cookie_offset = cookie_offset;
2782skip_entry:
2783        cd->common.err = nfs_ok;
2784        return 0;
2785fail:
2786        xdr_truncate_encode(xdr, start_offset);
2787        cd->common.err = nfserr;
2788        return -EINVAL;
2789}
2790
2791static __be32
2792nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
2793{
2794        __be32 *p;
2795
2796        p = xdr_reserve_space(xdr, sizeof(stateid_t));
2797        if (!p)
2798                return nfserr_resource;
2799        *p++ = cpu_to_be32(sid->si_generation);
2800        p = xdr_encode_opaque_fixed(p, &sid->si_opaque,
2801                                        sizeof(stateid_opaque_t));
2802        return 0;
2803}
2804
2805static __be32
2806nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
2807{
2808        struct xdr_stream *xdr = &resp->xdr;
2809        __be32 *p;
2810
2811        if (!nfserr) {
2812                p = xdr_reserve_space(xdr, 8);
2813                if (!p)
2814                        return nfserr_resource;
2815                *p++ = cpu_to_be32(access->ac_supported);
2816                *p++ = cpu_to_be32(access->ac_resp_access);
2817        }
2818        return nfserr;
2819}
2820
2821static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
2822{
2823        struct xdr_stream *xdr = &resp->xdr;
2824        __be32 *p;
2825
2826        if (!nfserr) {
2827                p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8);
2828                if (!p)
2829                        return nfserr_resource;
2830                p = xdr_encode_opaque_fixed(p, bcts->sessionid.data,
2831                                                NFS4_MAX_SESSIONID_LEN);
2832                *p++ = cpu_to_be32(bcts->dir);
2833                /* Sorry, we do not yet support RDMA over 4.1: */
2834                *p++ = cpu_to_be32(0);
2835        }
2836        return nfserr;
2837}
2838
2839static __be32
2840nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
2841{
2842        struct xdr_stream *xdr = &resp->xdr;
2843
2844        if (!nfserr)
2845                nfserr = nfsd4_encode_stateid(xdr, &close->cl_stateid);
2846
2847        return nfserr;
2848}
2849
2850
2851static __be32
2852nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
2853{
2854        struct xdr_stream *xdr = &resp->xdr;
2855        __be32 *p;
2856
2857        if (!nfserr) {
2858                p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
2859                if (!p)
2860                        return nfserr_resource;
2861                p = xdr_encode_opaque_fixed(p, commit->co_verf.data,
2862                                                NFS4_VERIFIER_SIZE);
2863        }
2864        return nfserr;
2865}
2866
2867static __be32
2868nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
2869{
2870        struct xdr_stream *xdr = &resp->xdr;
2871        __be32 *p;
2872
2873        if (!nfserr) {
2874                p = xdr_reserve_space(xdr, 32);
2875                if (!p)
2876                        return nfserr_resource;
2877                p = encode_cinfo(p, &create->cr_cinfo);
2878                *p++ = cpu_to_be32(2);
2879                *p++ = cpu_to_be32(create->cr_bmval[0]);
2880                *p++ = cpu_to_be32(create->cr_bmval[1]);
2881        }
2882        return nfserr;
2883}
2884
2885static __be32
2886nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
2887{
2888        struct svc_fh *fhp = getattr->ga_fhp;
2889        struct xdr_stream *xdr = &resp->xdr;
2890
2891        if (nfserr)
2892                return nfserr;
2893
2894        nfserr = nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry,
2895                                    getattr->ga_bmval,
2896                                    resp->rqstp, 0);
2897        return nfserr;
2898}
2899
2900static __be32
2901nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
2902{
2903        struct xdr_stream *xdr = &resp->xdr;
2904        struct svc_fh *fhp = *fhpp;
2905        unsigned int len;
2906        __be32 *p;
2907
2908        if (!nfserr) {
2909                len = fhp->fh_handle.fh_size;
2910                p = xdr_reserve_space(xdr, len + 4);
2911                if (!p)
2912                        return nfserr_resource;
2913                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base, len);
2914        }
2915        return nfserr;
2916}
2917
2918/*
2919* Including all fields other than the name, a LOCK4denied structure requires
2920*   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
2921*/
2922static __be32
2923nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
2924{
2925        struct xdr_netobj *conf = &ld->ld_owner;
2926        __be32 *p;
2927
2928again:
2929        p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len));
2930        if (!p) {
2931                /*
2932                 * Don't fail to return the result just because we can't
2933                 * return the conflicting open:
2934                 */
2935                if (conf->len) {
2936                        kfree(conf->data);
2937                        conf->len = 0;
2938                        conf->data = NULL;
2939                        goto again;
2940                }
2941                return nfserr_resource;
2942        }
2943        p = xdr_encode_hyper(p, ld->ld_start);
2944        p = xdr_encode_hyper(p, ld->ld_length);
2945        *p++ = cpu_to_be32(ld->ld_type);
2946        if (conf->len) {
2947                p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8);
2948                p = xdr_encode_opaque(p, conf->data, conf->len);
2949                kfree(conf->data);
2950        }  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
2951                p = xdr_encode_hyper(p, (u64)0); /* clientid */
2952                *p++ = cpu_to_be32(0); /* length of owner name */
2953        }
2954        return nfserr_denied;
2955}
2956
2957static __be32
2958nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
2959{
2960        struct xdr_stream *xdr = &resp->xdr;
2961
2962        if (!nfserr)
2963                nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid);
2964        else if (nfserr == nfserr_denied)
2965                nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied);
2966
2967        return nfserr;
2968}
2969
2970static __be32
2971nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
2972{
2973        struct xdr_stream *xdr = &resp->xdr;
2974
2975        if (nfserr == nfserr_denied)
2976                nfsd4_encode_lock_denied(xdr, &lockt->lt_denied);
2977        return nfserr;
2978}
2979
2980static __be32
2981nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
2982{
2983        struct xdr_stream *xdr = &resp->xdr;
2984
2985        if (!nfserr)
2986                nfserr = nfsd4_encode_stateid(xdr, &locku->lu_stateid);
2987
2988        return nfserr;
2989}
2990
2991
2992static __be32
2993nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
2994{
2995        struct xdr_stream *xdr = &resp->xdr;
2996        __be32 *p;
2997
2998        if (!nfserr) {
2999                p = xdr_reserve_space(xdr, 20);
3000                if (!p)

3001                        return nfserr_resource;
3002                p = encode_cinfo(p, &link->li_cinfo);
3003        }
3004        return nfserr;
3005}
3006
3007
3008static __be32
3009nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
3010{
3011        struct xdr_stream *xdr = &resp->xdr;
3012        __be32 *p;
3013
3014        if (nfserr)
3015                goto out;
3016
3017        nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid);
3018        if (nfserr)
3019                goto out;
3020        p = xdr_reserve_space(xdr, 40);
3021        if (!p)
3022                return nfserr_resource;
3023        p = encode_cinfo(p, &open->op_cinfo);
3024        *p++ = cpu_to_be32(open->op_rflags);
3025        *p++ = cpu_to_be32(2);
3026        *p++ = cpu_to_be32(open->op_bmval[0]);
3027        *p++ = cpu_to_be32(open->op_bmval[1]);
3028        *p++ = cpu_to_be32(open->op_delegate_type);
3029
3030        switch (open->op_delegate_type) {
3031        case NFS4_OPEN_DELEGATE_NONE:
3032                break;
3033        case NFS4_OPEN_DELEGATE_READ:
3034                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3035                if (nfserr)
3036                        return nfserr;
3037                p = xdr_reserve_space(xdr, 20);
3038                if (!p)
3039                        return nfserr_resource;
3040                *p++ = cpu_to_be32(open->op_recall);
3041
3042                /*
3043                 * TODO: ACE's in delegations
3044                 */
3045                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3046                *p++ = cpu_to_be32(0);
3047                *p++ = cpu_to_be32(0);
3048                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3049                break;
3050        case NFS4_OPEN_DELEGATE_WRITE:
3051                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3052                if (nfserr)
3053                        return nfserr;
3054                p = xdr_reserve_space(xdr, 32);
3055                if (!p)
3056                        return nfserr_resource;
3057                *p++ = cpu_to_be32(0);
3058
3059                /*
3060                 * TODO: space_limit's in delegations
3061                 */
3062                *p++ = cpu_to_be32(NFS4_LIMIT_SIZE);
3063                *p++ = cpu_to_be32(~(u32)0);
3064                *p++ = cpu_to_be32(~(u32)0);
3065
3066                /*
3067                 * TODO: ACE's in delegations
3068                 */
3069                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3070                *p++ = cpu_to_be32(0);
3071                *p++ = cpu_to_be32(0);
3072                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3073                break;
3074        case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
3075                switch (open->op_why_no_deleg) {
3076                case WND4_CONTENTION:
3077                case WND4_RESOURCE:
3078                        p = xdr_reserve_space(xdr, 8);
3079                        if (!p)
3080                                return nfserr_resource;
3081                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3082                        /* deleg signaling not supported yet: */
3083                        *p++ = cpu_to_be32(0);
3084                        break;
3085                default:
3086                        p = xdr_reserve_space(xdr, 4);
3087                        if (!p)
3088                                return nfserr_resource;
3089                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3090                }
3091                break;
3092        default:
3093                BUG();
3094        }
3095        /* XXX save filehandle here */
3096out:
3097        return nfserr;
3098}
3099
3100static __be32
3101nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
3102{
3103        struct xdr_stream *xdr = &resp->xdr;
3104
3105        if (!nfserr)
3106                nfserr = nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid);
3107
3108        return nfserr;
3109}
3110
3111static __be32
3112nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
3113{
3114        struct xdr_stream *xdr = &resp->xdr;
3115
3116        if (!nfserr)
3117                nfserr = nfsd4_encode_stateid(xdr, &od->od_stateid);
3118
3119        return nfserr;
3120}
3121
3122static __be32 nfsd4_encode_splice_read(
3123                                struct nfsd4_compoundres *resp,
3124                                struct nfsd4_read *read,
3125                                struct file *file, unsigned long maxcount)
3126{
3127        struct xdr_stream *xdr = &resp->xdr;
3128        struct xdr_buf *buf = xdr->buf;
3129        u32 eof;
3130        int space_left;
3131        __be32 nfserr;
3132        __be32 *p = xdr->p - 2;
3133
3134        /* Make sure there will be room for padding if needed */
3135        if (xdr->end - xdr->p < 1)
3136                return nfserr_resource;
3137
3138        nfserr = nfsd_splice_read(read->rd_rqstp, file,
3139                                  read->rd_offset, &maxcount);
3140        if (nfserr) {
3141                /*
3142                 * nfsd_splice_actor may have already messed with the
3143                 * page length; reset it so as not to confuse
3144                 * xdr_truncate_encode:
3145                 */
3146                buf->page_len = 0;
3147                return nfserr;
3148        }
3149
3150        eof = (read->rd_offset + maxcount >=
3151               read->rd_fhp->fh_dentry->d_inode->i_size);
3152
3153        *(p++) = htonl(eof);
3154        *(p++) = htonl(maxcount);
3155
3156        buf->page_len = maxcount;
3157        buf->len += maxcount;
3158        xdr->page_ptr += (buf->page_base + maxcount + PAGE_SIZE - 1)
3159                                                        / PAGE_SIZE;
3160
3161        /* Use rest of head for padding and remaining ops: */
3162        buf->tail[0].iov_base = xdr->p;
3163        buf->tail[0].iov_len = 0;
3164        xdr->iov = buf->tail;
3165        if (maxcount&3) {
3166                int pad = 4 - (maxcount&3);
3167
3168                *(xdr->p++) = 0;
3169
3170                buf->tail[0].iov_base += maxcount&3;
3171                buf->tail[0].iov_len = pad;
3172                buf->len += pad;
3173        }
3174
3175        space_left = min_t(int, (void *)xdr->end - (void *)xdr->p,
3176                                buf->buflen - buf->len);
3177        buf->buflen = buf->len + space_left;
3178        xdr->end = (__be32 *)((void *)xdr->end + space_left);
3179
3180        return 0;
3181}
3182
3183static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
3184                                 struct nfsd4_read *read,
3185                                 struct file *file, unsigned long maxcount)
3186{
3187        struct xdr_stream *xdr = &resp->xdr;
3188        u32 eof;
3189        int v;
3190        int starting_len = xdr->buf->len - 8;
3191        long len;
3192        int thislen;
3193        __be32 nfserr;
3194        __be32 tmp;
3195        __be32 *p;
3196        u32 zzz = 0;
3197        int pad;
3198
3199        len = maxcount;
3200        v = 0;
3201
3202        thislen = min_t(long, len, ((void *)xdr->end - (void *)xdr->p));
3203        p = xdr_reserve_space(xdr, (thislen+3)&~3);
3204        WARN_ON_ONCE(!p);
3205        resp->rqstp->rq_vec[v].iov_base = p;
3206        resp->rqstp->rq_vec[v].iov_len = thislen;
3207        v++;
3208        len -= thislen;
3209
3210        while (len) {
3211                thislen = min_t(long, len, PAGE_SIZE);
3212                p = xdr_reserve_space(xdr, (thislen+3)&~3);
3213                WARN_ON_ONCE(!p);
3214                resp->rqstp->rq_vec[v].iov_base = p;
3215                resp->rqstp->rq_vec[v].iov_len = thislen;
3216                v++;
3217                len -= thislen;
3218        }
3219        read->rd_vlen = v;
3220
3221        nfserr = nfsd_readv(file, read->rd_offset, resp->rqstp->rq_vec,
3222                        read->rd_vlen, &maxcount);
3223        if (nfserr)
3224                return nfserr;
3225        xdr_truncate_encode(xdr, starting_len + 8 + ((maxcount+3)&~3));
3226
3227        eof = (read->rd_offset + maxcount >=
3228               read->rd_fhp->fh_dentry->d_inode->i_size);
3229
3230        tmp = htonl(eof);
3231        write_bytes_to_xdr_buf(xdr->buf, starting_len    , &tmp, 4);
3232        tmp = htonl(maxcount);
3233        write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3234
3235        pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3236        write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3237                                                                &zzz, pad);
3238        return 0;
3239
3240}
3241
3242static __be32
3243nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
3244                  struct nfsd4_read *read)
3245{
3246        unsigned long maxcount;
3247        struct xdr_stream *xdr = &resp->xdr;
3248        struct file *file = read->rd_filp;
3249        int starting_len = xdr->buf->len;
3250        struct raparms *ra;
3251        __be32 *p;
3252        __be32 err;
3253
3254        if (nfserr)
3255                return nfserr;
3256
3257        p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3258        if (!p) {
3259                WARN_ON_ONCE(test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags));
3260                return nfserr_resource;
3261        }
3262        if (resp->xdr.buf->page_len && test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
3263                WARN_ON_ONCE(1);
3264                return nfserr_resource;
3265        }
3266        xdr_commit_encode(xdr);
3267
3268        maxcount = svc_max_payload(resp->rqstp);
3269        maxcount = min_t(unsigned long, maxcount, (xdr->buf->buflen - xdr->buf->len));
3270        maxcount = min_t(unsigned long, maxcount, read->rd_length);
3271
3272        if (!read->rd_filp) {
3273                err = nfsd_get_tmp_read_open(resp->rqstp, read->rd_fhp,
3274                                                &file, &ra);
3275                if (err)
3276                        goto err_truncate;
3277        }
3278
3279        if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags))
3280                err = nfsd4_encode_splice_read(resp, read, file, maxcount);
3281        else
3282                err = nfsd4_encode_readv(resp, read, file, maxcount);
3283
3284        if (!read->rd_filp)
3285                nfsd_put_tmp_read_open(file, ra);
3286
3287err_truncate:
3288        if (err)
3289                xdr_truncate_encode(xdr, starting_len);
3290        return err;
3291}
3292
3293static __be32
3294nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
3295{
3296        int maxcount;
3297        __be32 wire_count;
3298        int zero = 0;
3299        struct xdr_stream *xdr = &resp->xdr;
3300        int length_offset = xdr->buf->len;
3301        __be32 *p;
3302
3303        if (nfserr)
3304                return nfserr;
3305
3306        p = xdr_reserve_space(xdr, 4);
3307        if (!p)
3308                return nfserr_resource;
3309        maxcount = PAGE_SIZE;
3310
3311        p = xdr_reserve_space(xdr, maxcount);
3312        if (!p)
3313                return nfserr_resource;
3314        /*
3315         * XXX: By default, the ->readlink() VFS op will truncate symlinks
3316         * if they would overflow the buffer.  Is this kosher in NFSv4?  If
3317         * not, one easy fix is: if ->readlink() precisely fills the buffer,
3318         * assume that truncation occurred, and return NFS4ERR_RESOURCE.
3319         */
3320        nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp,
3321                                                (char *)p, &maxcount);
3322        if (nfserr == nfserr_isdir)
3323                nfserr = nfserr_inval;
3324        if (nfserr) {
3325                xdr_truncate_encode(xdr, length_offset);
3326                return nfserr;
3327        }
3328
3329        wire_count = htonl(maxcount);
3330        write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4);
3331        xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4));
3332        if (maxcount & 3)
3333                write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount,
3334                                                &zero, 4 - (maxcount&3));
3335        return 0;
3336}
3337
3338static __be32
3339nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3340{
3341        int maxcount;
3342        int bytes_left;
3343        loff_t offset;
3344        __be64 wire_offset;
3345        struct xdr_stream *xdr = &resp->xdr;
3346        int starting_len = xdr->buf->len;
3347        __be32 *p;
3348
3349        if (nfserr)
3350                return nfserr;
3351
3352        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3353        if (!p)
3354                return nfserr_resource;
3355
3356        /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3357        *p++ = cpu_to_be32(0);
3358        *p++ = cpu_to_be32(0);
3359        resp->xdr.buf->head[0].iov_len = ((char *)resp->xdr.p)
3360                                - (char *)resp->xdr.buf->head[0].iov_base;
3361
3362        /*
3363         * Number of bytes left for directory entries allowing for the
3364         * final 8 bytes of the readdir and a following failed op:
3365         */
3366        bytes_left = xdr->buf->buflen - xdr->buf->len
3367                        - COMPOUND_ERR_SLACK_SPACE - 8;
3368        if (bytes_left < 0) {
3369                nfserr = nfserr_resource;
3370                goto err_no_verf;
3371        }
3372        maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX);
3373        /*
3374         * Note the rfc defines rd_maxcount as the size of the
3375         * READDIR4resok structure, which includes the verifier above
3376         * and the 8 bytes encoded at the end of this function:
3377         */
3378        if (maxcount < 16) {
3379                nfserr = nfserr_toosmall;
3380                goto err_no_verf;
3381        }
3382        maxcount = min_t(int, maxcount-16, bytes_left);
3383
3384        /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
3385        if (!readdir->rd_dircount)
3386                readdir->rd_dircount = INT_MAX;
3387
3388        readdir->xdr = xdr;
3389        readdir->rd_maxcount = maxcount;
3390        readdir->common.err = 0;
3391        readdir->cookie_offset = 0;
3392
3393        offset = readdir->rd_cookie;
3394        nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3395                              &offset,
3396                              &readdir->common, nfsd4_encode_dirent);
3397        if (nfserr == nfs_ok &&
3398            readdir->common.err == nfserr_toosmall &&
3399            xdr->buf->len == starting_len + 8) {
3400                /* nothing encoded; which limit did we hit?: */
3401                if (maxcount - 16 < bytes_left)
3402                        /* It was the fault of rd_maxcount: */
3403                        nfserr = nfserr_toosmall;
3404                else
3405                        /* We ran out of buffer space: */
3406                        nfserr = nfserr_resource;
3407        }
3408        if (nfserr)
3409                goto err_no_verf;
3410
3411        if (readdir->cookie_offset) {
3412                wire_offset = cpu_to_be64(offset);
3413                write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset,
3414                                                        &wire_offset, 8);
3415        }
3416
3417        p = xdr_reserve_space(xdr, 8);
3418        if (!p) {
3419                WARN_ON_ONCE(1);
3420                goto err_no_verf;
3421        }
3422        *p++ = 0;       /* no more entries */
3423        *p++ = htonl(readdir->common.err == nfserr_eof);
3424
3425        return 0;
3426err_no_verf:
3427        xdr_truncate_encode(xdr, starting_len);
3428        return nfserr;
3429}
3430
3431static __be32
3432nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3433{
3434        struct xdr_stream *xdr = &resp->xdr;
3435        __be32 *p;
3436
3437        if (!nfserr) {
3438                p = xdr_reserve_space(xdr, 20);
3439                if (!p)
3440                        return nfserr_resource;
3441                p = encode_cinfo(p, &remove->rm_cinfo);
3442        }
3443        return nfserr;
3444}
3445
3446static __be32
3447nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3448{
3449        struct xdr_stream *xdr = &resp->xdr;
3450        __be32 *p;
3451
3452        if (!nfserr) {
3453                p = xdr_reserve_space(xdr, 40);
3454                if (!p)
3455                        return nfserr_resource;
3456                p = encode_cinfo(p, &rename->rn_sinfo);
3457                p = encode_cinfo(p, &rename->rn_tinfo);
3458        }
3459        return nfserr;
3460}
3461
3462static __be32
3463nfsd4_do_encode_secinfo(struct xdr_stream *xdr,
3464                         __be32 nfserr, struct svc_export *exp)
3465{
3466        u32 i, nflavs, supported;
3467        struct exp_flavor_info *flavs;
3468        struct exp_flavor_info def_flavs[2];
3469        __be32 *p, *flavorsp;
3470        static bool report = true;
3471
3472        if (nfserr)
3473                goto out;
3474        nfserr = nfserr_resource;
3475        if (exp->ex_nflavors) {
3476                flavs = exp->ex_flavors;
3477                nflavs = exp->ex_nflavors;
3478        } else { /* Handling of some defaults in absence of real secinfo: */
3479                flavs = def_flavs;
3480                if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3481                        nflavs = 2;
3482                        flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3483                        flavs[1].pseudoflavor = RPC_AUTH_NULL;
3484                } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
3485                        nflavs = 1;
3486                        flavs[0].pseudoflavor
3487                                        = svcauth_gss_flavor(exp->ex_client);
3488                } else {
3489                        nflavs = 1;
3490                        flavs[0].pseudoflavor
3491                                        = exp->ex_client->flavour->flavour;
3492                }
3493        }
3494
3495        supported = 0;
3496        p = xdr_reserve_space(xdr, 4);
3497        if (!p)
3498                goto out;
3499        flavorsp = p++;         /* to be backfilled later */
3500
3501        for (i = 0; i < nflavs; i++) {
3502                rpc_authflavor_t pf = flavs[i].pseudoflavor;
3503                struct rpcsec_gss_info info;
3504
3505                if (rpcauth_get_gssinfo(pf, &info) == 0) {
3506                        supported++;
3507                        p = xdr_reserve_space(xdr, 4 + 4 +
3508                                              XDR_LEN(info.oid.len) + 4 + 4);
3509                        if (!p)
3510                                goto out;
3511                        *p++ = cpu_to_be32(RPC_AUTH_GSS);
3512                        p = xdr_encode_opaque(p,  info.oid.data, info.oid.len);
3513                        *p++ = cpu_to_be32(info.qop);
3514                        *p++ = cpu_to_be32(info.service);
3515                } else if (pf < RPC_AUTH_MAXFLAVOR) {
3516                        supported++;
3517                        p = xdr_reserve_space(xdr, 4);
3518                        if (!p)
3519                                goto out;
3520                        *p++ = cpu_to_be32(pf);
3521                } else {
3522                        if (report)
3523                                pr_warn("NFS: SECINFO: security flavor %u "
3524                                        "is not supported\n", pf);
3525                }
3526        }
3527
3528        if (nflavs != supported)
3529                report = false;
3530        *flavorsp = htonl(supported);
3531        nfserr = 0;
3532out:
3533        if (exp)
3534                exp_put(exp);
3535        return nfserr;
3536}
3537
3538static __be32
3539nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
3540                     struct nfsd4_secinfo *secinfo)
3541{
3542        struct xdr_stream *xdr = &resp->xdr;
3543
3544        return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->si_exp);
3545}
3546
3547static __be32
3548nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
3549                     struct nfsd4_secinfo_no_name *secinfo)
3550{
3551        struct xdr_stream *xdr = &resp->xdr;
3552
3553        return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->sin_exp);
3554}
3555
3556/*
3557 * The SETATTR encode routine is special -- it always encodes a bitmap,
3558 * regardless of the error status.
3559 */
3560static __be32
3561nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
3562{
3563        struct xdr_stream *xdr = &resp->xdr;
3564        __be32 *p;
3565
3566        p = xdr_reserve_space(xdr, 16);
3567        if (!p)
3568                return nfserr_resource;
3569        if (nfserr) {
3570                *p++ = cpu_to_be32(3);
3571                *p++ = cpu_to_be32(0);
3572                *p++ = cpu_to_be32(0);
3573                *p++ = cpu_to_be32(0);
3574        }
3575        else {
3576                *p++ = cpu_to_be32(3);
3577                *p++ = cpu_to_be32(setattr->sa_bmval[0]);
3578                *p++ = cpu_to_be32(setattr->sa_bmval[1]);
3579                *p++ = cpu_to_be32(setattr->sa_bmval[2]);
3580        }
3581        return nfserr;
3582}
3583
3584static __be32
3585nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
3586{
3587        struct xdr_stream *xdr = &resp->xdr;
3588        __be32 *p;
3589
3590        if (!nfserr) {
3591                p = xdr_reserve_space(xdr, 8 + NFS4_VERIFIER_SIZE);
3592                if (!p)
3593                        return nfserr_resource;
3594                p = xdr_encode_opaque_fixed(p, &scd->se_clientid, 8);
3595                p = xdr_encode_opaque_fixed(p, &scd->se_confirm,
3596                                                NFS4_VERIFIER_SIZE);
3597        }
3598        else if (nfserr == nfserr_clid_inuse) {
3599                p = xdr_reserve_space(xdr, 8);
3600                if (!p)
3601                        return nfserr_resource;
3602                *p++ = cpu_to_be32(0);
3603                *p++ = cpu_to_be32(0);
3604        }
3605        return nfserr;
3606}
3607
3608static __be32
3609nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
3610{
3611        struct xdr_stream *xdr = &resp->xdr;
3612        __be32 *p;
3613
3614        if (!nfserr) {
3615                p = xdr_reserve_space(xdr, 16);
3616                if (!p)
3617                        return nfserr_resource;
3618                *p++ = cpu_to_be32(write->wr_bytes_written);
3619                *p++ = cpu_to_be32(write->wr_how_written);
3620                p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
3621                                                        NFS4_VERIFIER_SIZE);
3622        }
3623        return nfserr;
3624}
3625
3626static const u32 nfs4_minimal_spo_must_enforce[2] = {
3627        [1] = 1 << (OP_BIND_CONN_TO_SESSION - 32) |
3628              1 << (OP_EXCHANGE_ID - 32) |
3629              1 << (OP_CREATE_SESSION - 32) |
3630              1 << (OP_DESTROY_SESSION - 32) |
3631              1 << (OP_DESTROY_CLIENTID - 32)
3632};
3633
3634static __be32
3635nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
3636                         struct nfsd4_exchange_id *exid)
3637{
3638        struct xdr_stream *xdr = &resp->xdr;
3639        __be32 *p;
3640        char *major_id;
3641        char *server_scope;
3642        int major_id_sz;
3643        int server_scope_sz;
3644        uint64_t minor_id = 0;
3645
3646        if (nfserr)
3647                return nfserr;
3648
3649        major_id = utsname()->nodename;
3650        major_id_sz = strlen(major_id);
3651        server_scope = utsname()->nodename;
3652        server_scope_sz = strlen(server_scope);
3653
3654        p = xdr_reserve_space(xdr,
3655                8 /* eir_clientid */ +
3656                4 /* eir_sequenceid */ +
3657                4 /* eir_flags */ +
3658                4 /* spr_how */);
3659        if (!p)
3660                return nfserr_resource;
3661
3662        p = xdr_encode_opaque_fixed(p, &exid->clientid, 8);
3663        *p++ = cpu_to_be32(exid->seqid);
3664        *p++ = cpu_to_be32(exid->flags);
3665
3666        *p++ = cpu_to_be32(exid->spa_how);
3667
3668        switch (exid->spa_how) {
3669        case SP4_NONE:
3670                break;
3671        case SP4_MACH_CRED:
3672                /* spo_must_enforce, spo_must_allow */
3673                p = xdr_reserve_space(xdr, 16);
3674                if (!p)
3675                        return nfserr_resource;
3676
3677                /* spo_must_enforce bitmap: */
3678                *p++ = cpu_to_be32(2);
3679                *p++ = cpu_to_be32(nfs4_minimal_spo_must_enforce[0]);
3680                *p++ = cpu_to_be32(nfs4_minimal_spo_must_enforce[1]);
3681                /* empty spo_must_allow bitmap: */
3682                *p++ = cpu_to_be32(0);
3683
3684                break;
3685        default:
3686                WARN_ON_ONCE(1);
3687        }
3688
3689        p = xdr_reserve_space(xdr,
3690                8 /* so_minor_id */ +
3691                4 /* so_major_id.len */ +
3692                (XDR_QUADLEN(major_id_sz) * 4) +
3693                4 /* eir_server_scope.len */ +
3694                (XDR_QUADLEN(server_scope_sz) * 4) +
3695                4 /* eir_server_impl_id.count (0) */);
3696        if (!p)
3697                return nfserr_resource;
3698
3699        /* The server_owner struct */
3700        p = xdr_encode_hyper(p, minor_id);      /* Minor id */
3701        /* major id */
3702        p = xdr_encode_opaque(p, major_id, major_id_sz);
3703
3704        /* Server scope */
3705        p = xdr_encode_opaque(p, server_scope, server_scope_sz);
3706
3707        /* Implementation id */
3708        *p++ = cpu_to_be32(0);  /* zero length nfs_impl_id4 array */
3709        return 0;
3710}
3711
3712static __be32
3713nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3714                            struct nfsd4_create_session *sess)
3715{
3716        struct xdr_stream *xdr = &resp->xdr;
3717        __be32 *p;
3718
3719        if (nfserr)
3720                return nfserr;
3721
3722        p = xdr_reserve_space(xdr, 24);
3723        if (!p)
3724                return nfserr_resource;
3725        p = xdr_encode_opaque_fixed(p, sess->sessionid.data,
3726                                        NFS4_MAX_SESSIONID_LEN);
3727        *p++ = cpu_to_be32(sess->seqid);
3728        *p++ = cpu_to_be32(sess->flags);
3729
3730        p = xdr_reserve_space(xdr, 28);
3731        if (!p)
3732                return nfserr_resource;
3733        *p++ = cpu_to_be32(0); /* headerpadsz */
3734        *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz);
3735        *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz);
3736        *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached);
3737        *p++ = cpu_to_be32(sess->fore_channel.maxops);
3738        *p++ = cpu_to_be32(sess->fore_channel.maxreqs);
3739        *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs);
3740
3741        if (sess->fore_channel.nr_rdma_attrs) {
3742                p = xdr_reserve_space(xdr, 4);
3743                if (!p)
3744                        return nfserr_resource;
3745                *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs);
3746        }
3747
3748        p = xdr_reserve_space(xdr, 28);
3749        if (!p)
3750                return nfserr_resource;
3751        *p++ = cpu_to_be32(0); /* headerpadsz */
3752        *p++ = cpu_to_be32(sess->back_channel.maxreq_sz);
3753        *p++ = cpu_to_be32(sess->back_channel.maxresp_sz);
3754        *p++ = cpu_to_be32(sess->back_channel.maxresp_cached);
3755        *p++ = cpu_to_be32(sess->back_channel.maxops);
3756        *p++ = cpu_to_be32(sess->back_channel.maxreqs);
3757        *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs);
3758
3759        if (sess->back_channel.nr_rdma_attrs) {
3760                p = xdr_reserve_space(xdr, 4);
3761                if (!p)
3762                        return nfserr_resource;
3763                *p++ = cpu_to_be32(sess->back_channel.rdma_attrs);
3764        }
3765        return 0;
3766}
3767
3768static __be32
3769nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
3770                      struct nfsd4_sequence *seq)
3771{
3772        struct xdr_stream *xdr = &resp->xdr;
3773        __be32 *p;
3774
3775        if (nfserr)
3776                return nfserr;
3777
3778        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20);
3779        if (!p)
3780                return nfserr_resource;
3781        p = xdr_encode_opaque_fixed(p, seq->sessionid.data,
3782                                        NFS4_MAX_SESSIONID_LEN);
3783        *p++ = cpu_to_be32(seq->seqid);
3784        *p++ = cpu_to_be32(seq->slotid);
3785        /* Note slotid's are numbered from zero: */
3786        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */
3787        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */
3788        *p++ = cpu_to_be32(seq->status_flags);
3789
3790        resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */
3791        return 0;
3792}
3793
3794static __be32
3795nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3796                          struct nfsd4_test_stateid *test_stateid)
3797{
3798        struct xdr_stream *xdr = &resp->xdr;
3799        struct nfsd4_test_stateid_id *stateid, *next;
3800        __be32 *p;
3801
3802        if (nfserr)
3803                return nfserr;
3804
3805        p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids));
3806        if (!p)
3807                return nfserr_resource;
3808        *p++ = htonl(test_stateid->ts_num_ids);
3809
3810        list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
3811                *p++ = stateid->ts_id_status;
3812        }
3813
3814        return nfserr;
3815}
3816
3817static __be32
3818nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr,
3819                  struct nfsd4_seek *seek)
3820{
3821        __be32 *p;
3822
3823        if (nfserr)
3824                return nfserr;
3825
3826        p = xdr_reserve_space(&resp->xdr, 4 + 8);
3827        *p++ = cpu_to_be32(seek->seek_eof);
3828        p = xdr_encode_hyper(p, seek->seek_pos);
3829
3830        return nfserr;
3831}
3832
3833static __be32
3834nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
3835{
3836        return nfserr;
3837}
3838
3839typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
3840
3841/*
3842 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
3843 * since we don't need to filter out obsolete ops as this is
3844 * done in the decoding phase.
3845 */
3846static nfsd4_enc nfsd4_enc_ops[] = {
3847        [OP_ACCESS]             = (nfsd4_enc)nfsd4_encode_access,
3848        [OP_CLOSE]              = (nfsd4_enc)nfsd4_encode_close,
3849        [OP_COMMIT]             = (nfsd4_enc)nfsd4_encode_commit,
3850        [OP_CREATE]             = (nfsd4_enc)nfsd4_encode_create,
3851        [OP_DELEGPURGE]         = (nfsd4_enc)nfsd4_encode_noop,
3852        [OP_DELEGRETURN]        = (nfsd4_enc)nfsd4_encode_noop,
3853        [OP_GETATTR]            = (nfsd4_enc)nfsd4_encode_getattr,
3854        [OP_GETFH]              = (nfsd4_enc)nfsd4_encode_getfh,
3855        [OP_LINK]               = (nfsd4_enc)nfsd4_encode_link,
3856        [OP_LOCK]               = (nfsd4_enc)nfsd4_encode_lock,
3857        [OP_LOCKT]              = (nfsd4_enc)nfsd4_encode_lockt,
3858        [OP_LOCKU]              = (nfsd4_enc)nfsd4_encode_locku,
3859        [OP_LOOKUP]             = (nfsd4_enc)nfsd4_encode_noop,
3860        [OP_LOOKUPP]            = (nfsd4_enc)nfsd4_encode_noop,
3861        [OP_NVERIFY]            = (nfsd4_enc)nfsd4_encode_noop,
3862        [OP_OPEN]               = (nfsd4_enc)nfsd4_encode_open,
3863        [OP_OPENATTR]           = (nfsd4_enc)nfsd4_encode_noop,
3864        [OP_OPEN_CONFIRM]       = (nfsd4_enc)nfsd4_encode_open_confirm,
3865        [OP_OPEN_DOWNGRADE]     = (nfsd4_enc)nfsd4_encode_open_downgrade,
3866        [OP_PUTFH]              = (nfsd4_enc)nfsd4_encode_noop,
3867        [OP_PUTPUBFH]           = (nfsd4_enc)nfsd4_encode_noop,
3868        [OP_PUTROOTFH]          = (nfsd4_enc)nfsd4_encode_noop,
3869        [OP_READ]               = (nfsd4_enc)nfsd4_encode_read,
3870        [OP_READDIR]            = (nfsd4_enc)nfsd4_encode_readdir,
3871        [OP_READLINK]           = (nfsd4_enc)nfsd4_encode_readlink,
3872        [OP_REMOVE]             = (nfsd4_enc)nfsd4_encode_remove,
3873        [OP_RENAME]             = (nfsd4_enc)nfsd4_encode_rename,
3874        [OP_RENEW]              = (nfsd4_enc)nfsd4_encode_noop,
3875        [OP_RESTOREFH]          = (nfsd4_enc)nfsd4_encode_noop,
3876        [OP_SAVEFH]             = (nfsd4_enc)nfsd4_encode_noop,
3877        [OP_SECINFO]            = (nfsd4_enc)nfsd4_encode_secinfo,
3878        [OP_SETATTR]            = (nfsd4_enc)nfsd4_encode_setattr,
3879        [OP_SETCLIENTID]        = (nfsd4_enc)nfsd4_encode_setclientid,
3880        [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
3881        [OP_VERIFY]             = (nfsd4_enc)nfsd4_encode_noop,
3882        [OP_WRITE]              = (nfsd4_enc)nfsd4_encode_write,
3883        [OP_RELEASE_LOCKOWNER]  = (nfsd4_enc)nfsd4_encode_noop,
3884
3885        /* NFSv4.1 operations */
3886        [OP_BACKCHANNEL_CTL]    = (nfsd4_enc)nfsd4_encode_noop,
3887        [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
3888        [OP_EXCHANGE_ID]        = (nfsd4_enc)nfsd4_encode_exchange_id,
3889        [OP_CREATE_SESSION]     = (nfsd4_enc)nfsd4_encode_create_session,
3890        [OP_DESTROY_SESSION]    = (nfsd4_enc)nfsd4_encode_noop,
3891        [OP_FREE_STATEID]       = (nfsd4_enc)nfsd4_encode_noop,
3892        [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
3893        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_noop,
3894        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
3895        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_noop,
3896        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_noop,
3897        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_noop,
3898        [OP_SECINFO_NO_NAME]    = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
3899        [OP_SEQUENCE]           = (nfsd4_enc)nfsd4_encode_sequence,
3900        [OP_SET_SSV]            = (nfsd4_enc)nfsd4_encode_noop,
3901        [OP_TEST_STATEID]       = (nfsd4_enc)nfsd4_encode_test_stateid,
3902        [OP_WANT_DELEGATION]    = (nfsd4_enc)nfsd4_encode_noop,
3903        [OP_DESTROY_CLIENTID]   = (nfsd4_enc)nfsd4_encode_noop,
3904        [OP_RECLAIM_COMPLETE]   = (nfsd4_enc)nfsd4_encode_noop,
3905
3906        /* NFSv4.2 operations */
3907        [OP_ALLOCATE]           = (nfsd4_enc)nfsd4_encode_noop,
3908        [OP_COPY]               = (nfsd4_enc)nfsd4_encode_noop,
3909        [OP_COPY_NOTIFY]        = (nfsd4_enc)nfsd4_encode_noop,
3910        [OP_DEALLOCATE]         = (nfsd4_enc)nfsd4_encode_noop,
3911        [OP_IO_ADVISE]          = (nfsd4_enc)nfsd4_encode_noop,
3912        [OP_LAYOUTERROR]        = (nfsd4_enc)nfsd4_encode_noop,
3913        [OP_LAYOUTSTATS]        = (nfsd4_enc)nfsd4_encode_noop,
3914        [OP_OFFLOAD_CANCEL]     = (nfsd4_enc)nfsd4_encode_noop,
3915        [OP_OFFLOAD_STATUS]     = (nfsd4_enc)nfsd4_encode_noop,
3916        [OP_READ_PLUS]          = (nfsd4_enc)nfsd4_encode_noop,
3917        [OP_SEEK]               = (nfsd4_enc)nfsd4_encode_seek,
3918        [OP_WRITE_SAME]         = (nfsd4_enc)nfsd4_encode_noop,
3919};
3920
3921/*
3922 * Calculate whether we still have space to encode repsize bytes.
3923 * There are two considerations:
3924 *     - For NFS versions >=4.1, the size of the reply must stay within
3925 *       session limits
3926 *     - For all NFS versions, we must stay within limited preallocated
3927 *       buffer space.
3928 *
3929 * This is called before the operation is processed, so can only provide
3930 * an upper estimate.  For some nonidempotent operations (such as
3931 * getattr), it's not necessarily a problem if that estimate is wrong,
3932 * as we can fail it after processing without significant side effects.
3933 */
3934__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
3935{
3936        struct xdr_buf *buf = &resp->rqstp->rq_res;
3937        struct nfsd4_slot *slot = resp->cstate.slot;
3938
3939        if (buf->len + respsize <= buf->buflen)
3940                return nfs_ok;
3941        if (!nfsd4_has_session(&resp->cstate))
3942                return nfserr_resource;
3943        if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) {
3944                WARN_ON_ONCE(1);
3945                return nfserr_rep_too_big_to_cache;
3946        }
3947        return nfserr_rep_too_big;
3948}
3949
3950void
3951nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3952{
3953        struct xdr_stream *xdr = &resp->xdr;
3954        struct nfs4_stateowner *so = resp->cstate.replay_owner;
3955        struct svc_rqst *rqstp = resp->rqstp;
3956        int post_err_offset;
3957        nfsd4_enc encoder;
3958        __be32 *p;
3959
3960        p = xdr_reserve_space(xdr, 8);
3961        if (!p) {
3962                WARN_ON_ONCE(1);
3963                return;
3964        }
3965        *p++ = cpu_to_be32(op->opnum);
3966        post_err_offset = xdr->buf->len;
3967
3968        if (op->opnum == OP_ILLEGAL)
3969                goto status;
3970        BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
3971               !nfsd4_enc_ops[op->opnum]);
3972        encoder = nfsd4_enc_ops[op->opnum];
3973        op->status = encoder(resp, op->status, &op->u);
3974        xdr_commit_encode(xdr);
3975
3976        /* nfsd4_check_resp_size guarantees enough room for error status */
3977        if (!op->status) {
3978                int space_needed = 0;
3979                if (!nfsd4_last_compound_op(rqstp))
3980                        space_needed = COMPOUND_ERR_SLACK_SPACE;
3981                op->status = nfsd4_check_resp_size(resp, space_needed);
3982        }
3983        if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) {
3984                struct nfsd4_slot *slot = resp->cstate.slot;
3985
3986                if (slot->sl_flags & NFSD4_SLOT_CACHETHIS)
3987                        op->status = nfserr_rep_too_big_to_cache;
3988                else
3989                        op->status = nfserr_rep_too_big;
3990        }
3991        if (op->status == nfserr_resource ||
3992            op->status == nfserr_rep_too_big ||
3993            op->status == nfserr_rep_too_big_to_cache) {
3994                /*
3995                 * The operation may have already been encoded or
3996                 * partially encoded.  No op returns anything additional
3997                 * in the case of one of these three errors, so we can
3998                 * just truncate back to after the status.  But it's a
3999                 * bug if we had to do this on a non-idempotent op:
4000                 */

4001                warn_on_nonidempotent_op(op);
4002                xdr_truncate_encode(xdr, post_err_offset);
4003        }
4004        if (so) {
4005                int len = xdr->buf->len - post_err_offset;
4006
4007                so->so_replay.rp_status = op->status;
4008                so->so_replay.rp_buflen = len;
4009                read_bytes_from_xdr_buf(xdr->buf, post_err_offset,
4010                                                so->so_replay.rp_buf, len);
4011        }
4012status:
4013        /* Note that op->status is already in network byte order: */
4014        write_bytes_to_xdr_buf(xdr->buf, post_err_offset - 4, &op->status, 4);
4015}
4016
4017/* 
4018 * Encode the reply stored in the stateowner reply cache 
4019 * 
4020 * XDR note: do not encode rp->rp_buflen: the buffer contains the
4021 * previously sent already encoded operation.
4022 */
4023void
4024nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
4025{
4026        __be32 *p;
4027        struct nfs4_replay *rp = op->replay;
4028
4029        BUG_ON(!rp);
4030
4031        p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
4032        if (!p) {
4033                WARN_ON_ONCE(1);
4034                return;
4035        }
4036        *p++ = cpu_to_be32(op->opnum);
4037        *p++ = rp->rp_status;  /* already xdr'ed */
4038
4039        p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen);
4040}
4041
4042int
4043nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
4044{
4045        return xdr_ressize_check(rqstp, p);
4046}
4047
4048int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
4049{
4050        struct svc_rqst *rqstp = rq;
4051        struct nfsd4_compoundargs *args = rqstp->rq_argp;
4052
4053        if (args->ops != args->iops) {
4054                kfree(args->ops);
4055                args->ops = args->iops;
4056        }
4057        kfree(args->tmpp);
4058        args->tmpp = NULL;
4059        while (args->to_free) {
4060                struct svcxdr_tmpbuf *tb = args->to_free;
4061                args->to_free = tb->next;
4062                kfree(tb);
4063        }
4064        return 1;
4065}
4066
4067int
4068nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
4069{
4070        if (rqstp->rq_arg.head[0].iov_len % 4) {
4071                /* client is nuts */
4072                dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
4073                        __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid));
4074                return 0;
4075        }
4076        args->p = p;
4077        args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
4078        args->pagelist = rqstp->rq_arg.pages;
4079        args->pagelen = rqstp->rq_arg.page_len;
4080        args->tmpp = NULL;
4081        args->to_free = NULL;
4082        args->ops = args->iops;
4083        args->rqstp = rqstp;
4084
4085        return !nfsd4_decode_compound(args);
4086}
4087
4088int
4089nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
4090{
4091        /*
4092         * All that remains is to write the tag and operation count...
4093         */
4094        struct xdr_buf *buf = resp->xdr.buf;
4095
4096        WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
4097                                 buf->tail[0].iov_len);
4098
4099        rqstp->rq_next_page = resp->xdr.page_ptr + 1;
4100
4101        p = resp->tagp;
4102        *p++ = htonl(resp->taglen);
4103        memcpy(p, resp->tag, resp->taglen);
4104        p += XDR_QUADLEN(resp->taglen);
4105        *p++ = htonl(resp->opcnt);
4106
4107        nfsd4_sequence_done(resp);
4108        return 1;
4109}
4110
4111/*
4112 * Local variables:
4113 *  c-basic-offset: 8
4114 * End:
4115 */
4116