LXR linux/fs/nfsd/nfs4xdr.c

   1/*
   2 *  Server-side XDR for NFSv4
   3 *
   4 *  Copyright (c) 2002 The Regents of the University of Michigan.
   5 *  All rights reserved.
   6 *
   7 *  Kendrick Smith <kmsmith@umich.edu>
   8 *  Andy Adamson   <andros@umich.edu>
   9 *
  10 *  Redistribution and use in source and binary forms, with or without
  11 *  modification, are permitted provided that the following conditions
  12 *  are met:
  13 *
  14 *  1. Redistributions of source code must retain the above copyright
  15 *     notice, this list of conditions and the following disclaimer.
  16 *  2. Redistributions in binary form must reproduce the above copyright
  17 *     notice, this list of conditions and the following disclaimer in the
  18 *     documentation and/or other materials provided with the distribution.
  19 *  3. Neither the name of the University nor the names of its
  20 *     contributors may be used to endorse or promote products derived
  21 *     from this software without specific prior written permission.
  22 *
  23 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  24 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  26 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  27 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  28 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  29 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  30 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  31 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  32 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  33 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  34 */
  35
  36#include <linux/file.h>
  37#include <linux/slab.h>
  38#include <linux/namei.h>
  39#include <linux/statfs.h>
  40#include <linux/utsname.h>
  41#include <linux/pagemap.h>
  42#include <linux/sunrpc/svcauth_gss.h>
  43#include <linux/sunrpc/addr.h>
  44#include <linux/xattr.h>
  45#include <uapi/linux/xattr.h>
  46
  47#include "idmap.h"
  48#include "acl.h"
  49#include "xdr4.h"
  50#include "vfs.h"
  51#include "state.h"
  52#include "cache.h"
  53#include "netns.h"
  54#include "pnfs.h"
  55#include "filecache.h"
  56
  57#include "trace.h"
  58
  59#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
  60#include <linux/security.h>
  61#endif
  62
  63
  64#define NFSDDBG_FACILITY                NFSDDBG_XDR
  65
  66const u32 nfsd_suppattrs[3][3] = {
  67        {NFSD4_SUPPORTED_ATTRS_WORD0,
  68         NFSD4_SUPPORTED_ATTRS_WORD1,
  69         NFSD4_SUPPORTED_ATTRS_WORD2},
  70
  71        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
  72         NFSD4_1_SUPPORTED_ATTRS_WORD1,
  73         NFSD4_1_SUPPORTED_ATTRS_WORD2},
  74
  75        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
  76         NFSD4_1_SUPPORTED_ATTRS_WORD1,
  77         NFSD4_2_SUPPORTED_ATTRS_WORD2},
  78};
  79
  80/*
  81 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
  82 * directory in order to indicate to the client that a filesystem boundary is present
  83 * We use a fixed fsid for a referral
  84 */
  85#define NFS4_REFERRAL_FSID_MAJOR        0x8000000ULL
  86#define NFS4_REFERRAL_FSID_MINOR        0x8000000ULL
  87
  88static __be32
  89check_filename(char *str, int len)
  90{
  91        int i;
  92
  93        if (len == 0)
  94                return nfserr_inval;
  95        if (len > NFS4_MAXNAMLEN)
  96                return nfserr_nametoolong;
  97        if (isdotent(str, len))
  98                return nfserr_badname;
  99        for (i = 0; i < len; i++)
 100                if (str[i] == '/')
 101                        return nfserr_badname;
 102        return 0;
 103}
 104
 105static int zero_clientid(clientid_t *clid)
 106{
 107        return (clid->cl_boot == 0) && (clid->cl_id == 0);
 108}
 109
 110/**
 111 * svcxdr_tmpalloc - allocate memory to be freed after compound processing
 112 * @argp: NFSv4 compound argument structure
 113 * @len: length of buffer to allocate
 114 *
 115 * Allocates a buffer of size @len to be freed when processing the compound
 116 * operation described in @argp finishes.
 117 */
 118static void *
 119svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
 120{
 121        struct svcxdr_tmpbuf *tb;
 122
 123        tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL);
 124        if (!tb)
 125                return NULL;
 126        tb->next = argp->to_free;
 127        argp->to_free = tb;
 128        return tb->buf;
 129}
 130
 131/*
 132 * For xdr strings that need to be passed to other kernel api's
 133 * as null-terminated strings.
 134 *
 135 * Note null-terminating in place usually isn't safe since the
 136 * buffer might end on a page boundary.
 137 */
 138static char *
 139svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len)
 140{
 141        char *p = svcxdr_tmpalloc(argp, len + 1);
 142
 143        if (!p)
 144                return NULL;
 145        memcpy(p, buf, len);
 146        p[len] = '\0';
 147        return p;
 148}
 149
 150static void *
 151svcxdr_savemem(struct nfsd4_compoundargs *argp, __be32 *p, u32 len)
 152{
 153        __be32 *tmp;
 154
 155        /*
 156         * The location of the decoded data item is stable,
 157         * so @p is OK to use. This is the common case.
 158         */
 159        if (p != argp->xdr->scratch.iov_base)
 160                return p;
 161
 162        tmp = svcxdr_tmpalloc(argp, len);
 163        if (!tmp)
 164                return NULL;
 165        memcpy(tmp, p, len);
 166        return tmp;
 167}
 168
 169/*
 170 * NFSv4 basic data type decoders
 171 */
 172
 173/*
 174 * This helper handles variable-length opaques which belong to protocol
 175 * elements that this implementation does not support.
 176 */
 177static __be32
 178nfsd4_decode_ignored_string(struct nfsd4_compoundargs *argp, u32 maxlen)
 179{
 180        u32 len;
 181
 182        if (xdr_stream_decode_u32(argp->xdr, &len) < 0)
 183                return nfserr_bad_xdr;
 184        if (maxlen && len > maxlen)
 185                return nfserr_bad_xdr;
 186        if (!xdr_inline_decode(argp->xdr, len))
 187                return nfserr_bad_xdr;
 188
 189        return nfs_ok;
 190}
 191
 192static __be32
 193nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
 194{
 195        __be32 *p;
 196        u32 len;
 197
 198        if (xdr_stream_decode_u32(argp->xdr, &len) < 0)
 199                return nfserr_bad_xdr;
 200        if (len == 0 || len > NFS4_OPAQUE_LIMIT)
 201                return nfserr_bad_xdr;
 202        p = xdr_inline_decode(argp->xdr, len);
 203        if (!p)
 204                return nfserr_bad_xdr;
 205        o->data = svcxdr_savemem(argp, p, len);
 206        if (!o->data)
 207                return nfserr_jukebox;
 208        o->len = len;
 209
 210        return nfs_ok;
 211}
 212
 213static __be32
 214nfsd4_decode_component4(struct nfsd4_compoundargs *argp, char **namp, u32 *lenp)
 215{
 216        __be32 *p, status;
 217
 218        if (xdr_stream_decode_u32(argp->xdr, lenp) < 0)
 219                return nfserr_bad_xdr;
 220        p = xdr_inline_decode(argp->xdr, *lenp);
 221        if (!p)
 222                return nfserr_bad_xdr;
 223        status = check_filename((char *)p, *lenp);
 224        if (status)
 225                return status;
 226        *namp = svcxdr_savemem(argp, p, *lenp);
 227        if (!*namp)
 228                return nfserr_jukebox;
 229
 230        return nfs_ok;
 231}
 232
 233static __be32
 234nfsd4_decode_nfstime4(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
 235{
 236        __be32 *p;
 237
 238        p = xdr_inline_decode(argp->xdr, XDR_UNIT * 3);
 239        if (!p)
 240                return nfserr_bad_xdr;
 241        p = xdr_decode_hyper(p, &tv->tv_sec);
 242        tv->tv_nsec = be32_to_cpup(p++);
 243        if (tv->tv_nsec >= (u32)1000000000)
 244                return nfserr_inval;
 245        return nfs_ok;
 246}
 247
 248static __be32
 249nfsd4_decode_verifier4(struct nfsd4_compoundargs *argp, nfs4_verifier *verf)
 250{
 251        __be32 *p;
 252
 253        p = xdr_inline_decode(argp->xdr, NFS4_VERIFIER_SIZE);
 254        if (!p)
 255                return nfserr_bad_xdr;
 256        memcpy(verf->data, p, sizeof(verf->data));
 257        return nfs_ok;
 258}
 259
 260/**
 261 * nfsd4_decode_bitmap4 - Decode an NFSv4 bitmap4
 262 * @argp: NFSv4 compound argument structure
 263 * @bmval: pointer to an array of u32's to decode into
 264 * @bmlen: size of the @bmval array
 265 *
 266 * The server needs to return nfs_ok rather than nfserr_bad_xdr when
 267 * encountering bitmaps containing bits it does not recognize. This
 268 * includes bits in bitmap words past WORDn, where WORDn is the last
 269 * bitmap WORD the implementation currently supports. Thus we are
 270 * careful here to simply ignore bits in bitmap words that this
 271 * implementation has yet to support explicitly.
 272 *
 273 * Return values:
 274 *   %nfs_ok: @bmval populated successfully
 275 *   %nfserr_bad_xdr: the encoded bitmap was invalid
 276 */
 277static __be32
 278nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen)
 279{
 280        u32 i, count;
 281        __be32 *p;
 282
 283        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
 284                return nfserr_bad_xdr;
 285        /* request sanity */
 286        if (count > 1000)
 287                return nfserr_bad_xdr;
 288        p = xdr_inline_decode(argp->xdr, count << 2);
 289        if (!p)
 290                return nfserr_bad_xdr;
 291        i = 0;
 292        while (i < count)
 293                bmval[i++] = be32_to_cpup(p++);
 294        while (i < bmlen)
 295                bmval[i++] = 0;
 296
 297        return nfs_ok;
 298}
 299
 300static __be32
 301nfsd4_decode_nfsace4(struct nfsd4_compoundargs *argp, struct nfs4_ace *ace)
 302{
 303        __be32 *p, status;
 304        u32 length;
 305
 306        if (xdr_stream_decode_u32(argp->xdr, &ace->type) < 0)
 307                return nfserr_bad_xdr;
 308        if (xdr_stream_decode_u32(argp->xdr, &ace->flag) < 0)
 309                return nfserr_bad_xdr;
 310        if (xdr_stream_decode_u32(argp->xdr, &ace->access_mask) < 0)
 311                return nfserr_bad_xdr;
 312
 313        if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
 314                return nfserr_bad_xdr;
 315        p = xdr_inline_decode(argp->xdr, length);
 316        if (!p)
 317                return nfserr_bad_xdr;
 318        ace->whotype = nfs4_acl_get_whotype((char *)p, length);
 319        if (ace->whotype != NFS4_ACL_WHO_NAMED)
 320                status = nfs_ok;
 321        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
 322                status = nfsd_map_name_to_gid(argp->rqstp,
 323                                (char *)p, length, &ace->who_gid);
 324        else
 325                status = nfsd_map_name_to_uid(argp->rqstp,
 326                                (char *)p, length, &ace->who_uid);
 327
 328        return status;
 329}
 330
 331/* A counted array of nfsace4's */
 332static noinline __be32
 333nfsd4_decode_acl(struct nfsd4_compoundargs *argp, struct nfs4_acl **acl)
 334{
 335        struct nfs4_ace *ace;
 336        __be32 status;
 337        u32 count;
 338
 339        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
 340                return nfserr_bad_xdr;
 341
 342        if (count > xdr_stream_remaining(argp->xdr) / 20)
 343                /*
 344                 * Even with 4-byte names there wouldn't be
 345                 * space for that many aces; something fishy is
 346                 * going on:
 347                 */
 348                return nfserr_fbig;
 349
 350        *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(count));
 351        if (*acl == NULL)
 352                return nfserr_jukebox;
 353
 354        (*acl)->naces = count;
 355        for (ace = (*acl)->aces; ace < (*acl)->aces + count; ace++) {
 356                status = nfsd4_decode_nfsace4(argp, ace);
 357                if (status)
 358                        return status;
 359        }
 360
 361        return nfs_ok;
 362}
 363
 364static noinline __be32
 365nfsd4_decode_security_label(struct nfsd4_compoundargs *argp,
 366                            struct xdr_netobj *label)
 367{
 368        u32 lfs, pi, length;
 369        __be32 *p;
 370
 371        if (xdr_stream_decode_u32(argp->xdr, &lfs) < 0)
 372                return nfserr_bad_xdr;
 373        if (xdr_stream_decode_u32(argp->xdr, &pi) < 0)
 374                return nfserr_bad_xdr;
 375
 376        if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
 377                return nfserr_bad_xdr;
 378        if (length > NFS4_MAXLABELLEN)
 379                return nfserr_badlabel;
 380        p = xdr_inline_decode(argp->xdr, length);
 381        if (!p)
 382                return nfserr_bad_xdr;
 383        label->len = length;
 384        label->data = svcxdr_dupstr(argp, p, length);
 385        if (!label->data)
 386                return nfserr_jukebox;
 387
 388        return nfs_ok;
 389}
 390
 391static __be32
 392nfsd4_decode_fattr4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen,
 393                    struct iattr *iattr, struct nfs4_acl **acl,
 394                    struct xdr_netobj *label, int *umask)
 395{
 396        unsigned int starting_pos;
 397        u32 attrlist4_count;
 398        __be32 *p, status;
 399
 400        iattr->ia_valid = 0;
 401        status = nfsd4_decode_bitmap4(argp, bmval, bmlen);
 402        if (status)
 403                return nfserr_bad_xdr;
 404
 405        if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
 406            || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
 407            || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2) {
 408                if (nfsd_attrs_supported(argp->minorversion, bmval))
 409                        return nfserr_inval;
 410                return nfserr_attrnotsupp;
 411        }
 412
 413        if (xdr_stream_decode_u32(argp->xdr, &attrlist4_count) < 0)
 414                return nfserr_bad_xdr;
 415        starting_pos = xdr_stream_pos(argp->xdr);
 416
 417        if (bmval[0] & FATTR4_WORD0_SIZE) {
 418                u64 size;
 419
 420                if (xdr_stream_decode_u64(argp->xdr, &size) < 0)
 421                        return nfserr_bad_xdr;
 422                iattr->ia_size = size;
 423                iattr->ia_valid |= ATTR_SIZE;
 424        }
 425        if (bmval[0] & FATTR4_WORD0_ACL) {
 426                status = nfsd4_decode_acl(argp, acl);
 427                if (status)
 428                        return status;
 429        } else
 430                *acl = NULL;
 431        if (bmval[1] & FATTR4_WORD1_MODE) {
 432                u32 mode;
 433
 434                if (xdr_stream_decode_u32(argp->xdr, &mode) < 0)
 435                        return nfserr_bad_xdr;
 436                iattr->ia_mode = mode;
 437                iattr->ia_mode &= (S_IFMT | S_IALLUGO);
 438                iattr->ia_valid |= ATTR_MODE;
 439        }
 440        if (bmval[1] & FATTR4_WORD1_OWNER) {
 441                u32 length;
 442
 443                if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
 444                        return nfserr_bad_xdr;
 445                p = xdr_inline_decode(argp->xdr, length);
 446                if (!p)
 447                        return nfserr_bad_xdr;
 448                status = nfsd_map_name_to_uid(argp->rqstp, (char *)p, length,
 449                                              &iattr->ia_uid);
 450                if (status)
 451                        return status;
 452                iattr->ia_valid |= ATTR_UID;
 453        }
 454        if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
 455                u32 length;
 456
 457                if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
 458                        return nfserr_bad_xdr;
 459                p = xdr_inline_decode(argp->xdr, length);
 460                if (!p)
 461                        return nfserr_bad_xdr;
 462                status = nfsd_map_name_to_gid(argp->rqstp, (char *)p, length,
 463                                              &iattr->ia_gid);
 464                if (status)
 465                        return status;
 466                iattr->ia_valid |= ATTR_GID;
 467        }
 468        if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
 469                u32 set_it;
 470
 471                if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0)
 472                        return nfserr_bad_xdr;
 473                switch (set_it) {
 474                case NFS4_SET_TO_CLIENT_TIME:
 475                        status = nfsd4_decode_nfstime4(argp, &iattr->ia_atime);
 476                        if (status)
 477                                return status;
 478                        iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
 479                        break;
 480                case NFS4_SET_TO_SERVER_TIME:
 481                        iattr->ia_valid |= ATTR_ATIME;
 482                        break;
 483                default:
 484                        return nfserr_bad_xdr;
 485                }
 486        }
 487        if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
 488                u32 set_it;
 489
 490                if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0)
 491                        return nfserr_bad_xdr;
 492                switch (set_it) {
 493                case NFS4_SET_TO_CLIENT_TIME:
 494                        status = nfsd4_decode_nfstime4(argp, &iattr->ia_mtime);
 495                        if (status)
 496                                return status;
 497                        iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
 498                        break;
 499                case NFS4_SET_TO_SERVER_TIME:
 500                        iattr->ia_valid |= ATTR_MTIME;
 501                        break;
 502                default:
 503                        return nfserr_bad_xdr;
 504                }
 505        }
 506        label->len = 0;
 507        if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) &&
 508            bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
 509                status = nfsd4_decode_security_label(argp, label);
 510                if (status)
 511                        return status;
 512        }
 513        if (bmval[2] & FATTR4_WORD2_MODE_UMASK) {
 514                u32 mode, mask;
 515
 516                if (!umask)
 517                        return nfserr_bad_xdr;
 518                if (xdr_stream_decode_u32(argp->xdr, &mode) < 0)
 519                        return nfserr_bad_xdr;
 520                iattr->ia_mode = mode & (S_IFMT | S_IALLUGO);
 521                if (xdr_stream_decode_u32(argp->xdr, &mask) < 0)
 522                        return nfserr_bad_xdr;
 523                *umask = mask & S_IRWXUGO;
 524                iattr->ia_valid |= ATTR_MODE;
 525        }
 526
 527        /* request sanity: did attrlist4 contain the expected number of words? */
 528        if (attrlist4_count != xdr_stream_pos(argp->xdr) - starting_pos)
 529                return nfserr_bad_xdr;
 530
 531        return nfs_ok;
 532}
 533
 534static __be32
 535nfsd4_decode_stateid4(struct nfsd4_compoundargs *argp, stateid_t *sid)
 536{
 537        __be32 *p;
 538
 539        p = xdr_inline_decode(argp->xdr, NFS4_STATEID_SIZE);
 540        if (!p)
 541                return nfserr_bad_xdr;
 542        sid->si_generation = be32_to_cpup(p++);
 543        memcpy(&sid->si_opaque, p, sizeof(sid->si_opaque));
 544        return nfs_ok;
 545}
 546
 547static __be32
 548nfsd4_decode_clientid4(struct nfsd4_compoundargs *argp, clientid_t *clientid)
 549{
 550        __be32 *p;
 551
 552        p = xdr_inline_decode(argp->xdr, sizeof(__be64));
 553        if (!p)
 554                return nfserr_bad_xdr;
 555        memcpy(clientid, p, sizeof(*clientid));
 556        return nfs_ok;
 557}
 558
 559static __be32
 560nfsd4_decode_state_owner4(struct nfsd4_compoundargs *argp,
 561                          clientid_t *clientid, struct xdr_netobj *owner)
 562{
 563        __be32 status;
 564
 565        status = nfsd4_decode_clientid4(argp, clientid);
 566        if (status)
 567                return status;
 568        return nfsd4_decode_opaque(argp, owner);
 569}
 570
 571#ifdef CONFIG_NFSD_PNFS
 572static __be32
 573nfsd4_decode_deviceid4(struct nfsd4_compoundargs *argp,
 574                       struct nfsd4_deviceid *devid)
 575{
 576        __be32 *p;
 577
 578        p = xdr_inline_decode(argp->xdr, NFS4_DEVICEID4_SIZE);
 579        if (!p)
 580                return nfserr_bad_xdr;
 581        memcpy(devid, p, sizeof(*devid));
 582        return nfs_ok;
 583}
 584
 585static __be32
 586nfsd4_decode_layoutupdate4(struct nfsd4_compoundargs *argp,
 587                           struct nfsd4_layoutcommit *lcp)
 588{
 589        if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_layout_type) < 0)
 590                return nfserr_bad_xdr;
 591        if (lcp->lc_layout_type < LAYOUT_NFSV4_1_FILES)
 592                return nfserr_bad_xdr;
 593        if (lcp->lc_layout_type >= LAYOUT_TYPE_MAX)
 594                return nfserr_bad_xdr;
 595
 596        if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_up_len) < 0)
 597                return nfserr_bad_xdr;
 598        if (lcp->lc_up_len > 0) {
 599                lcp->lc_up_layout = xdr_inline_decode(argp->xdr, lcp->lc_up_len);
 600                if (!lcp->lc_up_layout)
 601                        return nfserr_bad_xdr;
 602        }
 603
 604        return nfs_ok;
 605}
 606
 607static __be32
 608nfsd4_decode_layoutreturn4(struct nfsd4_compoundargs *argp,
 609                           struct nfsd4_layoutreturn *lrp)
 610{
 611        __be32 status;
 612
 613        if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_return_type) < 0)
 614                return nfserr_bad_xdr;
 615        switch (lrp->lr_return_type) {
 616        case RETURN_FILE:
 617                if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.offset) < 0)
 618                        return nfserr_bad_xdr;
 619                if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.length) < 0)
 620                        return nfserr_bad_xdr;
 621                status = nfsd4_decode_stateid4(argp, &lrp->lr_sid);
 622                if (status)
 623                        return status;
 624                if (xdr_stream_decode_u32(argp->xdr, &lrp->lrf_body_len) < 0)
 625                        return nfserr_bad_xdr;
 626                if (lrp->lrf_body_len > 0) {
 627                        lrp->lrf_body = xdr_inline_decode(argp->xdr, lrp->lrf_body_len);
 628                        if (!lrp->lrf_body)
 629                                return nfserr_bad_xdr;
 630                }
 631                break;
 632        case RETURN_FSID:
 633        case RETURN_ALL:
 634                lrp->lr_seg.offset = 0;
 635                lrp->lr_seg.length = NFS4_MAX_UINT64;
 636                break;
 637        default:
 638                return nfserr_bad_xdr;
 639        }
 640
 641        return nfs_ok;
 642}
 643
 644#endif /* CONFIG_NFSD_PNFS */
 645
 646static __be32
 647nfsd4_decode_sessionid4(struct nfsd4_compoundargs *argp,
 648                        struct nfs4_sessionid *sessionid)
 649{
 650        __be32 *p;
 651
 652        p = xdr_inline_decode(argp->xdr, NFS4_MAX_SESSIONID_LEN);
 653        if (!p)
 654                return nfserr_bad_xdr;
 655        memcpy(sessionid->data, p, sizeof(sessionid->data));
 656        return nfs_ok;
 657}
 658
 659/* Defined in Appendix A of RFC 5531 */
 660static __be32
 661nfsd4_decode_authsys_parms(struct nfsd4_compoundargs *argp,
 662                           struct nfsd4_cb_sec *cbs)
 663{
 664        u32 stamp, gidcount, uid, gid;
 665        __be32 *p, status;
 666
 667        if (xdr_stream_decode_u32(argp->xdr, &stamp) < 0)
 668                return nfserr_bad_xdr;
 669        /* machine name */
 670        status = nfsd4_decode_ignored_string(argp, 255);
 671        if (status)
 672                return status;
 673        if (xdr_stream_decode_u32(argp->xdr, &uid) < 0)
 674                return nfserr_bad_xdr;
 675        if (xdr_stream_decode_u32(argp->xdr, &gid) < 0)
 676                return nfserr_bad_xdr;
 677        if (xdr_stream_decode_u32(argp->xdr, &gidcount) < 0)
 678                return nfserr_bad_xdr;
 679        if (gidcount > 16)
 680                return nfserr_bad_xdr;
 681        p = xdr_inline_decode(argp->xdr, gidcount << 2);
 682        if (!p)
 683                return nfserr_bad_xdr;
 684        if (cbs->flavor == (u32)(-1)) {
 685                struct user_namespace *userns = nfsd_user_namespace(argp->rqstp);
 686
 687                kuid_t kuid = make_kuid(userns, uid);
 688                kgid_t kgid = make_kgid(userns, gid);
 689                if (uid_valid(kuid) && gid_valid(kgid)) {
 690                        cbs->uid = kuid;
 691                        cbs->gid = kgid;
 692                        cbs->flavor = RPC_AUTH_UNIX;
 693                } else {
 694                        dprintk("RPC_AUTH_UNIX with invalid uid or gid, ignoring!\n");
 695                }
 696        }
 697
 698        return nfs_ok;
 699}
 700
 701static __be32
 702nfsd4_decode_gss_cb_handles4(struct nfsd4_compoundargs *argp,
 703                             struct nfsd4_cb_sec *cbs)
 704{
 705        __be32 status;
 706        u32 service;
 707
 708        dprintk("RPC_AUTH_GSS callback secflavor not supported!\n");
 709
 710        if (xdr_stream_decode_u32(argp->xdr, &service) < 0)
 711                return nfserr_bad_xdr;
 712        if (service < RPC_GSS_SVC_NONE || service > RPC_GSS_SVC_PRIVACY)
 713                return nfserr_bad_xdr;
 714        /* gcbp_handle_from_server */
 715        status = nfsd4_decode_ignored_string(argp, 0);
 716        if (status)
 717                return status;
 718        /* gcbp_handle_from_client */
 719        status = nfsd4_decode_ignored_string(argp, 0);
 720        if (status)
 721                return status;
 722
 723        return nfs_ok;
 724}
 725
 726/* a counted array of callback_sec_parms4 items */
 727static __be32
 728nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
 729{
 730        u32 i, secflavor, nr_secflavs;
 731        __be32 status;
 732
 733        /* callback_sec_params4 */
 734        if (xdr_stream_decode_u32(argp->xdr, &nr_secflavs) < 0)
 735                return nfserr_bad_xdr;
 736        if (nr_secflavs)
 737                cbs->flavor = (u32)(-1);
 738        else
 739                /* Is this legal? Be generous, take it to mean AUTH_NONE: */
 740                cbs->flavor = 0;
 741
 742        for (i = 0; i < nr_secflavs; ++i) {
 743                if (xdr_stream_decode_u32(argp->xdr, &secflavor) < 0)
 744                        return nfserr_bad_xdr;
 745                switch (secflavor) {
 746                case RPC_AUTH_NULL:
 747                        /* void */
 748                        if (cbs->flavor == (u32)(-1))
 749                                cbs->flavor = RPC_AUTH_NULL;
 750                        break;
 751                case RPC_AUTH_UNIX:
 752                        status = nfsd4_decode_authsys_parms(argp, cbs);
 753                        if (status)
 754                                return status;
 755                        break;
 756                case RPC_AUTH_GSS:
 757                        status = nfsd4_decode_gss_cb_handles4(argp, cbs);
 758                        if (status)
 759                                return status;
 760                        break;
 761                default:
 762                        return nfserr_inval;
 763                }
 764        }
 765
 766        return nfs_ok;
 767}
 768
 769
 770/*
 771 * NFSv4 operation argument decoders
 772 */
 773
 774static __be32
 775nfsd4_decode_access(struct nfsd4_compoundargs *argp,
 776                    struct nfsd4_access *access)
 777{
 778        if (xdr_stream_decode_u32(argp->xdr, &access->ac_req_access) < 0)
 779                return nfserr_bad_xdr;
 780        return nfs_ok;
 781}
 782
 783static __be32
 784nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
 785{
 786        if (xdr_stream_decode_u32(argp->xdr, &close->cl_seqid) < 0)
 787                return nfserr_bad_xdr;
 788        return nfsd4_decode_stateid4(argp, &close->cl_stateid);
 789}
 790
 791
 792static __be32
 793nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
 794{
 795        if (xdr_stream_decode_u64(argp->xdr, &commit->co_offset) < 0)
 796                return nfserr_bad_xdr;
 797        if (xdr_stream_decode_u32(argp->xdr, &commit->co_count) < 0)
 798                return nfserr_bad_xdr;
 799        return nfs_ok;
 800}
 801
 802static __be32
 803nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
 804{
 805        __be32 *p, status;
 806
 807        if (xdr_stream_decode_u32(argp->xdr, &create->cr_type) < 0)
 808                return nfserr_bad_xdr;
 809        switch (create->cr_type) {
 810        case NF4LNK:
 811                if (xdr_stream_decode_u32(argp->xdr, &create->cr_datalen) < 0)
 812                        return nfserr_bad_xdr;
 813                p = xdr_inline_decode(argp->xdr, create->cr_datalen);
 814                if (!p)
 815                        return nfserr_bad_xdr;
 816                create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
 817                if (!create->cr_data)
 818                        return nfserr_jukebox;
 819                break;
 820        case NF4BLK:
 821        case NF4CHR:
 822                if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata1) < 0)
 823                        return nfserr_bad_xdr;
 824                if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata2) < 0)
 825                        return nfserr_bad_xdr;
 826                break;
 827        case NF4SOCK:
 828        case NF4FIFO:
 829        case NF4DIR:
 830        default:
 831                break;
 832        }
 833        status = nfsd4_decode_component4(argp, &create->cr_name,
 834                                         &create->cr_namelen);
 835        if (status)
 836                return status;
 837        status = nfsd4_decode_fattr4(argp, create->cr_bmval,
 838                                    ARRAY_SIZE(create->cr_bmval),
 839                                    &create->cr_iattr, &create->cr_acl,
 840                                    &create->cr_label, &create->cr_umask);
 841        if (status)
 842                return status;
 843
 844        return nfs_ok;
 845}
 846
 847static inline __be32
 848nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
 849{
 850        return nfsd4_decode_stateid4(argp, &dr->dr_stateid);
 851}
 852
 853static inline __be32
 854nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
 855{
 856        return nfsd4_decode_bitmap4(argp, getattr->ga_bmval,
 857                                    ARRAY_SIZE(getattr->ga_bmval));
 858}
 859
 860static __be32
 861nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
 862{
 863        return nfsd4_decode_component4(argp, &link->li_name, &link->li_namelen);
 864}
 865
 866static __be32
 867nfsd4_decode_open_to_lock_owner4(struct nfsd4_compoundargs *argp,
 868                                 struct nfsd4_lock *lock)
 869{
 870        __be32 status;
 871
 872        if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_open_seqid) < 0)
 873                return nfserr_bad_xdr;
 874        status = nfsd4_decode_stateid4(argp, &lock->lk_new_open_stateid);
 875        if (status)
 876                return status;
 877        if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_lock_seqid) < 0)
 878                return nfserr_bad_xdr;
 879        return nfsd4_decode_state_owner4(argp, &lock->lk_new_clientid,
 880                                         &lock->lk_new_owner);
 881}
 882
 883static __be32
 884nfsd4_decode_exist_lock_owner4(struct nfsd4_compoundargs *argp,
 885                               struct nfsd4_lock *lock)
 886{
 887        __be32 status;
 888
 889        status = nfsd4_decode_stateid4(argp, &lock->lk_old_lock_stateid);
 890        if (status)
 891                return status;
 892        if (xdr_stream_decode_u32(argp->xdr, &lock->lk_old_lock_seqid) < 0)
 893                return nfserr_bad_xdr;
 894
 895        return nfs_ok;
 896}
 897
 898static __be32
 899nfsd4_decode_locker4(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
 900{
 901        if (xdr_stream_decode_bool(argp->xdr, &lock->lk_is_new) < 0)
 902                return nfserr_bad_xdr;
 903        if (lock->lk_is_new)
 904                return nfsd4_decode_open_to_lock_owner4(argp, lock);
 905        return nfsd4_decode_exist_lock_owner4(argp, lock);
 906}
 907
 908static __be32
 909nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
 910{
 911        if (xdr_stream_decode_u32(argp->xdr, &lock->lk_type) < 0)
 912                return nfserr_bad_xdr;
 913        if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
 914                return nfserr_bad_xdr;
 915        if (xdr_stream_decode_bool(argp->xdr, &lock->lk_reclaim) < 0)
 916                return nfserr_bad_xdr;
 917        if (xdr_stream_decode_u64(argp->xdr, &lock->lk_offset) < 0)
 918                return nfserr_bad_xdr;
 919        if (xdr_stream_decode_u64(argp->xdr, &lock->lk_length) < 0)
 920                return nfserr_bad_xdr;
 921        return nfsd4_decode_locker4(argp, lock);
 922}
 923
 924static __be32
 925nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
 926{
 927        if (xdr_stream_decode_u32(argp->xdr, &lockt->lt_type) < 0)
 928                return nfserr_bad_xdr;
 929        if ((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
 930                return nfserr_bad_xdr;
 931        if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_offset) < 0)
 932                return nfserr_bad_xdr;
 933        if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_length) < 0)
 934                return nfserr_bad_xdr;
 935        return nfsd4_decode_state_owner4(argp, &lockt->lt_clientid,
 936                                         &lockt->lt_owner);
 937}
 938
 939static __be32
 940nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
 941{
 942        __be32 status;
 943
 944        if (xdr_stream_decode_u32(argp->xdr, &locku->lu_type) < 0)
 945                return nfserr_bad_xdr;
 946        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
 947                return nfserr_bad_xdr;
 948        if (xdr_stream_decode_u32(argp->xdr, &locku->lu_seqid) < 0)
 949                return nfserr_bad_xdr;
 950        status = nfsd4_decode_stateid4(argp, &locku->lu_stateid);
 951        if (status)
 952                return status;
 953        if (xdr_stream_decode_u64(argp->xdr, &locku->lu_offset) < 0)
 954                return nfserr_bad_xdr;
 955        if (xdr_stream_decode_u64(argp->xdr, &locku->lu_length) < 0)
 956                return nfserr_bad_xdr;
 957
 958        return nfs_ok;
 959}
 960
 961static __be32
 962nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
 963{
 964        return nfsd4_decode_component4(argp, &lookup->lo_name, &lookup->lo_len);
 965}
 966
 967static __be32
 968nfsd4_decode_createhow4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
 969{
 970        __be32 status;
 971
 972        if (xdr_stream_decode_u32(argp->xdr, &open->op_createmode) < 0)
 973                return nfserr_bad_xdr;
 974        switch (open->op_createmode) {
 975        case NFS4_CREATE_UNCHECKED:
 976        case NFS4_CREATE_GUARDED:
 977                status = nfsd4_decode_fattr4(argp, open->op_bmval,
 978                                             ARRAY_SIZE(open->op_bmval),
 979                                             &open->op_iattr, &open->op_acl,
 980                                             &open->op_label, &open->op_umask);
 981                if (status)
 982                        return status;
 983                break;
 984        case NFS4_CREATE_EXCLUSIVE:
 985                status = nfsd4_decode_verifier4(argp, &open->op_verf);
 986                if (status)
 987                        return status;
 988                break;
 989        case NFS4_CREATE_EXCLUSIVE4_1:
 990                if (argp->minorversion < 1)
 991                        return nfserr_bad_xdr;
 992                status = nfsd4_decode_verifier4(argp, &open->op_verf);
 993                if (status)
 994                        return status;
 995                status = nfsd4_decode_fattr4(argp, open->op_bmval,
 996                                             ARRAY_SIZE(open->op_bmval),
 997                                             &open->op_iattr, &open->op_acl,
 998                                             &open->op_label, &open->op_umask);
 999                if (status)
1000                        return status;

1001                break;
1002        default:
1003                return nfserr_bad_xdr;
1004        }
1005
1006        return nfs_ok;
1007}
1008
1009static __be32
1010nfsd4_decode_openflag4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
1011{
1012        __be32 status;
1013
1014        if (xdr_stream_decode_u32(argp->xdr, &open->op_create) < 0)
1015                return nfserr_bad_xdr;
1016        switch (open->op_create) {
1017        case NFS4_OPEN_NOCREATE:
1018                break;
1019        case NFS4_OPEN_CREATE:
1020                status = nfsd4_decode_createhow4(argp, open);
1021                if (status)
1022                        return status;
1023                break;
1024        default:
1025                return nfserr_bad_xdr;
1026        }
1027
1028        return nfs_ok;
1029}
1030
1031static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
1032{
1033        u32 w;
1034
1035        if (xdr_stream_decode_u32(argp->xdr, &w) < 0)
1036                return nfserr_bad_xdr;
1037        *share_access = w & NFS4_SHARE_ACCESS_MASK;
1038        *deleg_want = w & NFS4_SHARE_WANT_MASK;
1039        if (deleg_when)
1040                *deleg_when = w & NFS4_SHARE_WHEN_MASK;
1041
1042        switch (w & NFS4_SHARE_ACCESS_MASK) {
1043        case NFS4_SHARE_ACCESS_READ:
1044        case NFS4_SHARE_ACCESS_WRITE:
1045        case NFS4_SHARE_ACCESS_BOTH:
1046                break;
1047        default:
1048                return nfserr_bad_xdr;
1049        }
1050        w &= ~NFS4_SHARE_ACCESS_MASK;
1051        if (!w)
1052                return nfs_ok;
1053        if (!argp->minorversion)
1054                return nfserr_bad_xdr;
1055        switch (w & NFS4_SHARE_WANT_MASK) {
1056        case NFS4_SHARE_WANT_NO_PREFERENCE:
1057        case NFS4_SHARE_WANT_READ_DELEG:
1058        case NFS4_SHARE_WANT_WRITE_DELEG:
1059        case NFS4_SHARE_WANT_ANY_DELEG:
1060        case NFS4_SHARE_WANT_NO_DELEG:
1061        case NFS4_SHARE_WANT_CANCEL:
1062                break;
1063        default:
1064                return nfserr_bad_xdr;
1065        }
1066        w &= ~NFS4_SHARE_WANT_MASK;
1067        if (!w)
1068                return nfs_ok;
1069
1070        if (!deleg_when)        /* open_downgrade */
1071                return nfserr_inval;
1072        switch (w) {
1073        case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
1074        case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
1075        case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
1076              NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
1077                return nfs_ok;
1078        }
1079        return nfserr_bad_xdr;
1080}
1081
1082static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
1083{
1084        if (xdr_stream_decode_u32(argp->xdr, x) < 0)
1085                return nfserr_bad_xdr;
1086        /* Note: unlike access bits, deny bits may be zero. */
1087        if (*x & ~NFS4_SHARE_DENY_BOTH)
1088                return nfserr_bad_xdr;
1089
1090        return nfs_ok;
1091}
1092
1093static __be32
1094nfsd4_decode_open_claim4(struct nfsd4_compoundargs *argp,
1095                         struct nfsd4_open *open)
1096{
1097        __be32 status;
1098
1099        if (xdr_stream_decode_u32(argp->xdr, &open->op_claim_type) < 0)
1100                return nfserr_bad_xdr;
1101        switch (open->op_claim_type) {
1102        case NFS4_OPEN_CLAIM_NULL:
1103        case NFS4_OPEN_CLAIM_DELEGATE_PREV:
1104                status = nfsd4_decode_component4(argp, &open->op_fname,
1105                                                 &open->op_fnamelen);
1106                if (status)
1107                        return status;
1108                break;
1109        case NFS4_OPEN_CLAIM_PREVIOUS:
1110                if (xdr_stream_decode_u32(argp->xdr, &open->op_delegate_type) < 0)
1111                        return nfserr_bad_xdr;
1112                break;
1113        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
1114                status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid);
1115                if (status)
1116                        return status;
1117                status = nfsd4_decode_component4(argp, &open->op_fname,
1118                                                 &open->op_fnamelen);
1119                if (status)
1120                        return status;
1121                break;
1122        case NFS4_OPEN_CLAIM_FH:
1123        case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
1124                if (argp->minorversion < 1)
1125                        return nfserr_bad_xdr;
1126                /* void */
1127                break;
1128        case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
1129                if (argp->minorversion < 1)
1130                        return nfserr_bad_xdr;
1131                status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid);
1132                if (status)
1133                        return status;
1134                break;
1135        default:
1136                return nfserr_bad_xdr;
1137        }
1138
1139        return nfs_ok;
1140}
1141
1142static __be32
1143nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
1144{
1145        __be32 status;
1146        u32 dummy;
1147
1148        memset(open->op_bmval, 0, sizeof(open->op_bmval));
1149        open->op_iattr.ia_valid = 0;
1150        open->op_openowner = NULL;
1151
1152        open->op_xdr_error = 0;
1153        if (xdr_stream_decode_u32(argp->xdr, &open->op_seqid) < 0)
1154                return nfserr_bad_xdr;
1155        /* deleg_want is ignored */
1156        status = nfsd4_decode_share_access(argp, &open->op_share_access,
1157                                           &open->op_deleg_want, &dummy);
1158        if (status)
1159                return status;
1160        status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
1161        if (status)
1162                return status;
1163        status = nfsd4_decode_state_owner4(argp, &open->op_clientid,
1164                                           &open->op_owner);
1165        if (status)
1166                return status;
1167        status = nfsd4_decode_openflag4(argp, open);
1168        if (status)
1169                return status;
1170        return nfsd4_decode_open_claim4(argp, open);
1171}
1172
1173static __be32
1174nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
1175{
1176        __be32 status;
1177
1178        if (argp->minorversion >= 1)
1179                return nfserr_notsupp;
1180
1181        status = nfsd4_decode_stateid4(argp, &open_conf->oc_req_stateid);
1182        if (status)
1183                return status;
1184        if (xdr_stream_decode_u32(argp->xdr, &open_conf->oc_seqid) < 0)
1185                return nfserr_bad_xdr;
1186
1187        return nfs_ok;
1188}
1189
1190static __be32
1191nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
1192{
1193        __be32 status;
1194
1195        status = nfsd4_decode_stateid4(argp, &open_down->od_stateid);
1196        if (status)
1197                return status;
1198        if (xdr_stream_decode_u32(argp->xdr, &open_down->od_seqid) < 0)
1199                return nfserr_bad_xdr;
1200        /* deleg_want is ignored */
1201        status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
1202                                           &open_down->od_deleg_want, NULL);
1203        if (status)
1204                return status;
1205        return nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
1206}
1207
1208static __be32
1209nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
1210{
1211        __be32 *p;
1212
1213        if (xdr_stream_decode_u32(argp->xdr, &putfh->pf_fhlen) < 0)
1214                return nfserr_bad_xdr;
1215        if (putfh->pf_fhlen > NFS4_FHSIZE)
1216                return nfserr_bad_xdr;
1217        p = xdr_inline_decode(argp->xdr, putfh->pf_fhlen);
1218        if (!p)
1219                return nfserr_bad_xdr;
1220        putfh->pf_fhval = svcxdr_savemem(argp, p, putfh->pf_fhlen);
1221        if (!putfh->pf_fhval)
1222                return nfserr_jukebox;
1223
1224        return nfs_ok;
1225}
1226
1227static __be32
1228nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1229{
1230        if (argp->minorversion == 0)
1231                return nfs_ok;
1232        return nfserr_notsupp;
1233}
1234
1235static __be32
1236nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1237{
1238        __be32 status;
1239
1240        status = nfsd4_decode_stateid4(argp, &read->rd_stateid);
1241        if (status)
1242                return status;
1243        if (xdr_stream_decode_u64(argp->xdr, &read->rd_offset) < 0)
1244                return nfserr_bad_xdr;
1245        if (xdr_stream_decode_u32(argp->xdr, &read->rd_length) < 0)
1246                return nfserr_bad_xdr;
1247
1248        return nfs_ok;
1249}
1250
1251static __be32
1252nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1253{
1254        __be32 status;
1255
1256        if (xdr_stream_decode_u64(argp->xdr, &readdir->rd_cookie) < 0)
1257                return nfserr_bad_xdr;
1258        status = nfsd4_decode_verifier4(argp, &readdir->rd_verf);
1259        if (status)
1260                return status;
1261        if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_dircount) < 0)
1262                return nfserr_bad_xdr;
1263        if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_maxcount) < 0)
1264                return nfserr_bad_xdr;
1265        if (xdr_stream_decode_uint32_array(argp->xdr, readdir->rd_bmval,
1266                                           ARRAY_SIZE(readdir->rd_bmval)) < 0)
1267                return nfserr_bad_xdr;
1268
1269        return nfs_ok;
1270}
1271
1272static __be32
1273nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1274{
1275        return nfsd4_decode_component4(argp, &remove->rm_name, &remove->rm_namelen);
1276}
1277
1278static __be32
1279nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1280{
1281        __be32 status;
1282
1283        status = nfsd4_decode_component4(argp, &rename->rn_sname, &rename->rn_snamelen);
1284        if (status)
1285                return status;
1286        return nfsd4_decode_component4(argp, &rename->rn_tname, &rename->rn_tnamelen);
1287}
1288
1289static __be32
1290nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1291{
1292        return nfsd4_decode_clientid4(argp, clientid);
1293}
1294
1295static __be32
1296nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1297                     struct nfsd4_secinfo *secinfo)
1298{
1299        return nfsd4_decode_component4(argp, &secinfo->si_name, &secinfo->si_namelen);
1300}
1301
1302static __be32
1303nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1304{
1305        __be32 status;
1306
1307        status = nfsd4_decode_stateid4(argp, &setattr->sa_stateid);
1308        if (status)
1309                return status;
1310        return nfsd4_decode_fattr4(argp, setattr->sa_bmval,
1311                                   ARRAY_SIZE(setattr->sa_bmval),
1312                                   &setattr->sa_iattr, &setattr->sa_acl,
1313                                   &setattr->sa_label, NULL);
1314}
1315
1316static __be32
1317nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1318{
1319        __be32 *p, status;
1320
1321        if (argp->minorversion >= 1)
1322                return nfserr_notsupp;
1323
1324        status = nfsd4_decode_verifier4(argp, &setclientid->se_verf);
1325        if (status)
1326                return status;
1327        status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1328        if (status)
1329                return status;
1330        if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_prog) < 0)
1331                return nfserr_bad_xdr;
1332        if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_netid_len) < 0)
1333                return nfserr_bad_xdr;
1334        p = xdr_inline_decode(argp->xdr, setclientid->se_callback_netid_len);
1335        if (!p)
1336                return nfserr_bad_xdr;
1337        setclientid->se_callback_netid_val = svcxdr_savemem(argp, p,
1338                                                setclientid->se_callback_netid_len);
1339        if (!setclientid->se_callback_netid_val)
1340                return nfserr_jukebox;
1341
1342        if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_addr_len) < 0)
1343                return nfserr_bad_xdr;
1344        p = xdr_inline_decode(argp->xdr, setclientid->se_callback_addr_len);
1345        if (!p)
1346                return nfserr_bad_xdr;
1347        setclientid->se_callback_addr_val = svcxdr_savemem(argp, p,
1348                                                setclientid->se_callback_addr_len);
1349        if (!setclientid->se_callback_addr_val)
1350                return nfserr_jukebox;
1351        if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_ident) < 0)
1352                return nfserr_bad_xdr;
1353
1354        return nfs_ok;
1355}
1356
1357static __be32
1358nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1359{
1360        __be32 status;
1361
1362        if (argp->minorversion >= 1)
1363                return nfserr_notsupp;
1364
1365        status = nfsd4_decode_clientid4(argp, &scd_c->sc_clientid);
1366        if (status)
1367                return status;
1368        return nfsd4_decode_verifier4(argp, &scd_c->sc_confirm);
1369}
1370
1371/* Also used for NVERIFY */
1372static __be32
1373nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1374{
1375        __be32 *p, status;
1376
1377        status = nfsd4_decode_bitmap4(argp, verify->ve_bmval,
1378                                      ARRAY_SIZE(verify->ve_bmval));
1379        if (status)
1380                return status;
1381
1382        /* For convenience's sake, we compare raw xdr'd attributes in
1383         * nfsd4_proc_verify */
1384
1385        if (xdr_stream_decode_u32(argp->xdr, &verify->ve_attrlen) < 0)
1386                return nfserr_bad_xdr;
1387        p = xdr_inline_decode(argp->xdr, verify->ve_attrlen);
1388        if (!p)
1389                return nfserr_bad_xdr;
1390        verify->ve_attrval = svcxdr_savemem(argp, p, verify->ve_attrlen);
1391        if (!verify->ve_attrval)
1392                return nfserr_jukebox;
1393
1394        return nfs_ok;
1395}
1396
1397static __be32
1398nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1399{
1400        __be32 status;
1401
1402        status = nfsd4_decode_stateid4(argp, &write->wr_stateid);
1403        if (status)
1404                return status;
1405        if (xdr_stream_decode_u64(argp->xdr, &write->wr_offset) < 0)
1406                return nfserr_bad_xdr;
1407        if (xdr_stream_decode_u32(argp->xdr, &write->wr_stable_how) < 0)
1408                return nfserr_bad_xdr;
1409        if (write->wr_stable_how > NFS_FILE_SYNC)
1410                return nfserr_bad_xdr;
1411        if (xdr_stream_decode_u32(argp->xdr, &write->wr_buflen) < 0)
1412                return nfserr_bad_xdr;
1413        if (!xdr_stream_subsegment(argp->xdr, &write->wr_payload, write->wr_buflen))
1414                return nfserr_bad_xdr;
1415
1416        return nfs_ok;
1417}
1418
1419static __be32
1420nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1421{
1422        __be32 status;
1423
1424        if (argp->minorversion >= 1)
1425                return nfserr_notsupp;
1426
1427        status = nfsd4_decode_state_owner4(argp, &rlockowner->rl_clientid,
1428                                           &rlockowner->rl_owner);
1429        if (status)
1430                return status;
1431
1432        if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1433                return nfserr_inval;
1434
1435        return nfs_ok;
1436}
1437
1438static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
1439{
1440        if (xdr_stream_decode_u32(argp->xdr, &bc->bc_cb_program) < 0)
1441                return nfserr_bad_xdr;
1442        return nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
1443}
1444
1445static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
1446{
1447        u32 use_conn_in_rdma_mode;
1448        __be32 status;
1449
1450        status = nfsd4_decode_sessionid4(argp, &bcts->sessionid);
1451        if (status)
1452                return status;
1453        if (xdr_stream_decode_u32(argp->xdr, &bcts->dir) < 0)
1454                return nfserr_bad_xdr;
1455        if (xdr_stream_decode_u32(argp->xdr, &use_conn_in_rdma_mode) < 0)
1456                return nfserr_bad_xdr;
1457
1458        return nfs_ok;
1459}
1460
1461static __be32
1462nfsd4_decode_state_protect_ops(struct nfsd4_compoundargs *argp,
1463                               struct nfsd4_exchange_id *exid)
1464{
1465        __be32 status;
1466
1467        status = nfsd4_decode_bitmap4(argp, exid->spo_must_enforce,
1468                                      ARRAY_SIZE(exid->spo_must_enforce));
1469        if (status)
1470                return nfserr_bad_xdr;
1471        status = nfsd4_decode_bitmap4(argp, exid->spo_must_allow,
1472                                      ARRAY_SIZE(exid->spo_must_allow));
1473        if (status)
1474                return nfserr_bad_xdr;
1475
1476        return nfs_ok;
1477}
1478
1479/*
1480 * This implementation currently does not support SP4_SSV.
1481 * This decoder simply skips over these arguments.
1482 */
1483static noinline __be32
1484nfsd4_decode_ssv_sp_parms(struct nfsd4_compoundargs *argp,
1485                          struct nfsd4_exchange_id *exid)
1486{
1487        u32 count, window, num_gss_handles;
1488        __be32 status;
1489
1490        /* ssp_ops */
1491        status = nfsd4_decode_state_protect_ops(argp, exid);
1492        if (status)
1493                return status;
1494
1495        /* ssp_hash_algs<> */
1496        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1497                return nfserr_bad_xdr;
1498        while (count--) {
1499                status = nfsd4_decode_ignored_string(argp, 0);
1500                if (status)
1501                        return status;
1502        }
1503
1504        /* ssp_encr_algs<> */
1505        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1506                return nfserr_bad_xdr;
1507        while (count--) {
1508                status = nfsd4_decode_ignored_string(argp, 0);
1509                if (status)
1510                        return status;
1511        }
1512
1513        if (xdr_stream_decode_u32(argp->xdr, &window) < 0)
1514                return nfserr_bad_xdr;
1515        if (xdr_stream_decode_u32(argp->xdr, &num_gss_handles) < 0)
1516                return nfserr_bad_xdr;
1517
1518        return nfs_ok;
1519}
1520
1521static __be32
1522nfsd4_decode_state_protect4_a(struct nfsd4_compoundargs *argp,
1523                              struct nfsd4_exchange_id *exid)
1524{
1525        __be32 status;
1526
1527        if (xdr_stream_decode_u32(argp->xdr, &exid->spa_how) < 0)
1528                return nfserr_bad_xdr;
1529        switch (exid->spa_how) {
1530        case SP4_NONE:
1531                break;
1532        case SP4_MACH_CRED:
1533                status = nfsd4_decode_state_protect_ops(argp, exid);
1534                if (status)
1535                        return status;
1536                break;
1537        case SP4_SSV:
1538                status = nfsd4_decode_ssv_sp_parms(argp, exid);
1539                if (status)
1540                        return status;
1541                break;
1542        default:
1543                return nfserr_bad_xdr;
1544        }
1545
1546        return nfs_ok;
1547}
1548
1549static __be32
1550nfsd4_decode_nfs_impl_id4(struct nfsd4_compoundargs *argp,
1551                          struct nfsd4_exchange_id *exid)
1552{
1553        __be32 status;
1554        u32 count;
1555
1556        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1557                return nfserr_bad_xdr;
1558        switch (count) {
1559        case 0:
1560                break;
1561        case 1:
1562                /* Note that RFC 8881 places no length limit on
1563                 * nii_domain, but this implementation permits no
1564                 * more than NFS4_OPAQUE_LIMIT bytes */
1565                status = nfsd4_decode_opaque(argp, &exid->nii_domain);
1566                if (status)
1567                        return status;
1568                /* Note that RFC 8881 places no length limit on
1569                 * nii_name, but this implementation permits no
1570                 * more than NFS4_OPAQUE_LIMIT bytes */
1571                status = nfsd4_decode_opaque(argp, &exid->nii_name);
1572                if (status)
1573                        return status;
1574                status = nfsd4_decode_nfstime4(argp, &exid->nii_time);
1575                if (status)
1576                        return status;
1577                break;
1578        default:
1579                return nfserr_bad_xdr;
1580        }
1581
1582        return nfs_ok;
1583}
1584
1585static __be32
1586nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1587                         struct nfsd4_exchange_id *exid)
1588{
1589        __be32 status;
1590
1591        status = nfsd4_decode_verifier4(argp, &exid->verifier);
1592        if (status)
1593                return status;
1594        status = nfsd4_decode_opaque(argp, &exid->clname);
1595        if (status)
1596                return status;
1597        if (xdr_stream_decode_u32(argp->xdr, &exid->flags) < 0)
1598                return nfserr_bad_xdr;
1599        status = nfsd4_decode_state_protect4_a(argp, exid);
1600        if (status)
1601                return status;
1602        return nfsd4_decode_nfs_impl_id4(argp, exid);
1603}
1604
1605static __be32
1606nfsd4_decode_channel_attrs4(struct nfsd4_compoundargs *argp,
1607                            struct nfsd4_channel_attrs *ca)
1608{
1609        __be32 *p;
1610
1611        p = xdr_inline_decode(argp->xdr, XDR_UNIT * 7);
1612        if (!p)
1613                return nfserr_bad_xdr;
1614
1615        /* headerpadsz is ignored */
1616        p++;
1617        ca->maxreq_sz = be32_to_cpup(p++);
1618        ca->maxresp_sz = be32_to_cpup(p++);
1619        ca->maxresp_cached = be32_to_cpup(p++);
1620        ca->maxops = be32_to_cpup(p++);
1621        ca->maxreqs = be32_to_cpup(p++);
1622        ca->nr_rdma_attrs = be32_to_cpup(p);
1623        switch (ca->nr_rdma_attrs) {
1624        case 0:
1625                break;
1626        case 1:
1627                if (xdr_stream_decode_u32(argp->xdr, &ca->rdma_attrs) < 0)
1628                        return nfserr_bad_xdr;
1629                break;
1630        default:
1631                return nfserr_bad_xdr;
1632        }
1633
1634        return nfs_ok;
1635}
1636
1637static __be32
1638nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1639                            struct nfsd4_create_session *sess)
1640{
1641        __be32 status;
1642
1643        status = nfsd4_decode_clientid4(argp, &sess->clientid);
1644        if (status)
1645                return status;
1646        if (xdr_stream_decode_u32(argp->xdr, &sess->seqid) < 0)
1647                return nfserr_bad_xdr;
1648        if (xdr_stream_decode_u32(argp->xdr, &sess->flags) < 0)
1649                return nfserr_bad_xdr;
1650        status = nfsd4_decode_channel_attrs4(argp, &sess->fore_channel);
1651        if (status)
1652                return status;
1653        status = nfsd4_decode_channel_attrs4(argp, &sess->back_channel);
1654        if (status)
1655                return status;
1656        if (xdr_stream_decode_u32(argp->xdr, &sess->callback_prog) < 0)
1657                return nfserr_bad_xdr;
1658        status = nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1659        if (status)
1660                return status;
1661
1662        return nfs_ok;
1663}
1664
1665static __be32
1666nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1667                             struct nfsd4_destroy_session *destroy_session)
1668{
1669        return nfsd4_decode_sessionid4(argp, &destroy_session->sessionid);
1670}
1671
1672static __be32
1673nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1674                          struct nfsd4_free_stateid *free_stateid)
1675{
1676        return nfsd4_decode_stateid4(argp, &free_stateid->fr_stateid);
1677}
1678
1679#ifdef CONFIG_NFSD_PNFS
1680static __be32
1681nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
1682                struct nfsd4_getdeviceinfo *gdev)
1683{
1684        __be32 status;
1685
1686        status = nfsd4_decode_deviceid4(argp, &gdev->gd_devid);
1687        if (status)
1688                return status;
1689        if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_layout_type) < 0)
1690                return nfserr_bad_xdr;
1691        if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_maxcount) < 0)
1692                return nfserr_bad_xdr;
1693        if (xdr_stream_decode_uint32_array(argp->xdr,
1694                                           &gdev->gd_notify_types, 1) < 0)
1695                return nfserr_bad_xdr;
1696
1697        return nfs_ok;
1698}
1699
1700static __be32
1701nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
1702                          struct nfsd4_layoutcommit *lcp)
1703{
1704        __be32 *p, status;
1705
1706        if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.offset) < 0)
1707                return nfserr_bad_xdr;
1708        if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.length) < 0)
1709                return nfserr_bad_xdr;
1710        if (xdr_stream_decode_bool(argp->xdr, &lcp->lc_reclaim) < 0)
1711                return nfserr_bad_xdr;
1712        status = nfsd4_decode_stateid4(argp, &lcp->lc_sid);
1713        if (status)
1714                return status;
1715        if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_newoffset) < 0)
1716                return nfserr_bad_xdr;
1717        if (lcp->lc_newoffset) {
1718                if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_last_wr) < 0)
1719                        return nfserr_bad_xdr;
1720        } else
1721                lcp->lc_last_wr = 0;
1722        p = xdr_inline_decode(argp->xdr, XDR_UNIT);
1723        if (!p)
1724                return nfserr_bad_xdr;
1725        if (xdr_item_is_present(p)) {
1726                status = nfsd4_decode_nfstime4(argp, &lcp->lc_mtime);
1727                if (status)
1728                        return status;
1729        } else {
1730                lcp->lc_mtime.tv_nsec = UTIME_NOW;
1731        }
1732        return nfsd4_decode_layoutupdate4(argp, lcp);
1733}
1734
1735static __be32
1736nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
1737                struct nfsd4_layoutget *lgp)
1738{
1739        __be32 status;
1740
1741        if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_signal) < 0)
1742                return nfserr_bad_xdr;
1743        if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_layout_type) < 0)
1744                return nfserr_bad_xdr;
1745        if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_seg.iomode) < 0)
1746                return nfserr_bad_xdr;
1747        if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.offset) < 0)
1748                return nfserr_bad_xdr;
1749        if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.length) < 0)
1750                return nfserr_bad_xdr;
1751        if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_minlength) < 0)
1752                return nfserr_bad_xdr;
1753        status = nfsd4_decode_stateid4(argp, &lgp->lg_sid);
1754        if (status)
1755                return status;
1756        if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_maxcount) < 0)
1757                return nfserr_bad_xdr;
1758
1759        return nfs_ok;
1760}
1761
1762static __be32
1763nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
1764                struct nfsd4_layoutreturn *lrp)
1765{
1766        if (xdr_stream_decode_bool(argp->xdr, &lrp->lr_reclaim) < 0)
1767                return nfserr_bad_xdr;
1768        if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_layout_type) < 0)
1769                return nfserr_bad_xdr;
1770        if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_seg.iomode) < 0)
1771                return nfserr_bad_xdr;
1772        return nfsd4_decode_layoutreturn4(argp, lrp);
1773}
1774#endif /* CONFIG_NFSD_PNFS */
1775
1776static __be32 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1777                                           struct nfsd4_secinfo_no_name *sin)
1778{
1779        if (xdr_stream_decode_u32(argp->xdr, &sin->sin_style) < 0)
1780                return nfserr_bad_xdr;
1781        return nfs_ok;
1782}
1783
1784static __be32
1785nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1786                      struct nfsd4_sequence *seq)
1787{
1788        __be32 *p, status;
1789
1790        status = nfsd4_decode_sessionid4(argp, &seq->sessionid);
1791        if (status)
1792                return status;
1793        p = xdr_inline_decode(argp->xdr, XDR_UNIT * 4);
1794        if (!p)
1795                return nfserr_bad_xdr;
1796        seq->seqid = be32_to_cpup(p++);
1797        seq->slotid = be32_to_cpup(p++);
1798        seq->maxslots = be32_to_cpup(p++);
1799        seq->cachethis = be32_to_cpup(p);
1800
1801        return nfs_ok;
1802}
1803
1804static __be32
1805nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1806{
1807        struct nfsd4_test_stateid_id *stateid;
1808        __be32 status;
1809        u32 i;
1810
1811        if (xdr_stream_decode_u32(argp->xdr, &test_stateid->ts_num_ids) < 0)
1812                return nfserr_bad_xdr;
1813
1814        INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1815        for (i = 0; i < test_stateid->ts_num_ids; i++) {
1816                stateid = svcxdr_tmpalloc(argp, sizeof(*stateid));
1817                if (!stateid)
1818                        return nfserrno(-ENOMEM);       /* XXX: not jukebox? */
1819                INIT_LIST_HEAD(&stateid->ts_id_list);
1820                list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1821                status = nfsd4_decode_stateid4(argp, &stateid->ts_id_stateid);
1822                if (status)
1823                        return status;
1824        }
1825
1826        return nfs_ok;
1827}
1828
1829static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp,
1830                                            struct nfsd4_destroy_clientid *dc)
1831{
1832        return nfsd4_decode_clientid4(argp, &dc->clientid);
1833}
1834
1835static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp,
1836                                            struct nfsd4_reclaim_complete *rc)
1837{
1838        if (xdr_stream_decode_bool(argp->xdr, &rc->rca_one_fs) < 0)
1839                return nfserr_bad_xdr;
1840        return nfs_ok;
1841}
1842
1843static __be32
1844nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
1845                       struct nfsd4_fallocate *fallocate)
1846{
1847        __be32 status;
1848
1849        status = nfsd4_decode_stateid4(argp, &fallocate->falloc_stateid);
1850        if (status)
1851                return status;
1852        if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_offset) < 0)
1853                return nfserr_bad_xdr;
1854        if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_length) < 0)
1855                return nfserr_bad_xdr;
1856
1857        return nfs_ok;
1858}
1859
1860static __be32 nfsd4_decode_nl4_server(struct nfsd4_compoundargs *argp,
1861                                      struct nl4_server *ns)
1862{
1863        struct nfs42_netaddr *naddr;
1864        __be32 *p;
1865
1866        if (xdr_stream_decode_u32(argp->xdr, &ns->nl4_type) < 0)
1867                return nfserr_bad_xdr;
1868
1869        /* currently support for 1 inter-server source server */
1870        switch (ns->nl4_type) {
1871        case NL4_NETADDR:
1872                naddr = &ns->u.nl4_addr;
1873
1874                if (xdr_stream_decode_u32(argp->xdr, &naddr->netid_len) < 0)
1875                        return nfserr_bad_xdr;
1876                if (naddr->netid_len > RPCBIND_MAXNETIDLEN)
1877                        return nfserr_bad_xdr;
1878
1879                p = xdr_inline_decode(argp->xdr, naddr->netid_len);
1880                if (!p)
1881                        return nfserr_bad_xdr;
1882                memcpy(naddr->netid, p, naddr->netid_len);
1883
1884                if (xdr_stream_decode_u32(argp->xdr, &naddr->addr_len) < 0)
1885                        return nfserr_bad_xdr;
1886                if (naddr->addr_len > RPCBIND_MAXUADDRLEN)
1887                        return nfserr_bad_xdr;
1888
1889                p = xdr_inline_decode(argp->xdr, naddr->addr_len);
1890                if (!p)
1891                        return nfserr_bad_xdr;
1892                memcpy(naddr->addr, p, naddr->addr_len);
1893                break;
1894        default:
1895                return nfserr_bad_xdr;
1896        }
1897
1898        return nfs_ok;
1899}
1900
1901static __be32
1902nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
1903{
1904        struct nl4_server *ns_dummy;
1905        u32 consecutive, i, count;
1906        __be32 status;
1907
1908        status = nfsd4_decode_stateid4(argp, &copy->cp_src_stateid);
1909        if (status)
1910                return status;
1911        status = nfsd4_decode_stateid4(argp, &copy->cp_dst_stateid);
1912        if (status)
1913                return status;
1914        if (xdr_stream_decode_u64(argp->xdr, &copy->cp_src_pos) < 0)
1915                return nfserr_bad_xdr;
1916        if (xdr_stream_decode_u64(argp->xdr, &copy->cp_dst_pos) < 0)
1917                return nfserr_bad_xdr;
1918        if (xdr_stream_decode_u64(argp->xdr, &copy->cp_count) < 0)
1919                return nfserr_bad_xdr;
1920        /* ca_consecutive: we always do consecutive copies */
1921        if (xdr_stream_decode_u32(argp->xdr, &consecutive) < 0)
1922                return nfserr_bad_xdr;
1923        if (xdr_stream_decode_u32(argp->xdr, &copy->cp_synchronous) < 0)
1924                return nfserr_bad_xdr;
1925
1926        if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1927                return nfserr_bad_xdr;
1928        copy->cp_intra = false;
1929        if (count == 0) { /* intra-server copy */
1930                copy->cp_intra = true;
1931                return nfs_ok;
1932        }
1933
1934        /* decode all the supplied server addresses but use only the first */
1935        status = nfsd4_decode_nl4_server(argp, &copy->cp_src);
1936        if (status)
1937                return status;
1938
1939        ns_dummy = kmalloc(sizeof(struct nl4_server), GFP_KERNEL);
1940        if (ns_dummy == NULL)
1941                return nfserrno(-ENOMEM);       /* XXX: jukebox? */
1942        for (i = 0; i < count - 1; i++) {
1943                status = nfsd4_decode_nl4_server(argp, ns_dummy);
1944                if (status) {
1945                        kfree(ns_dummy);
1946                        return status;
1947                }
1948        }
1949        kfree(ns_dummy);
1950
1951        return nfs_ok;
1952}
1953
1954static __be32
1955nfsd4_decode_copy_notify(struct nfsd4_compoundargs *argp,
1956                         struct nfsd4_copy_notify *cn)
1957{
1958        __be32 status;
1959
1960        status = nfsd4_decode_stateid4(argp, &cn->cpn_src_stateid);
1961        if (status)
1962                return status;
1963        return nfsd4_decode_nl4_server(argp, &cn->cpn_dst);
1964}
1965
1966static __be32
1967nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp,
1968                            struct nfsd4_offload_status *os)
1969{
1970        return nfsd4_decode_stateid4(argp, &os->stateid);
1971}
1972
1973static __be32
1974nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
1975{
1976        __be32 status;
1977
1978        status = nfsd4_decode_stateid4(argp, &seek->seek_stateid);
1979        if (status)
1980                return status;
1981        if (xdr_stream_decode_u64(argp->xdr, &seek->seek_offset) < 0)
1982                return nfserr_bad_xdr;
1983        if (xdr_stream_decode_u32(argp->xdr, &seek->seek_whence) < 0)
1984                return nfserr_bad_xdr;
1985
1986        return nfs_ok;
1987}
1988
1989static __be32
1990nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
1991{
1992        __be32 status;
1993
1994        status = nfsd4_decode_stateid4(argp, &clone->cl_src_stateid);
1995        if (status)
1996                return status;
1997        status = nfsd4_decode_stateid4(argp, &clone->cl_dst_stateid);
1998        if (status)
1999                return status;
2000        if (xdr_stream_decode_u64(argp->xdr, &clone->cl_src_pos) < 0)

2001                return nfserr_bad_xdr;
2002        if (xdr_stream_decode_u64(argp->xdr, &clone->cl_dst_pos) < 0)
2003                return nfserr_bad_xdr;
2004        if (xdr_stream_decode_u64(argp->xdr, &clone->cl_count) < 0)
2005                return nfserr_bad_xdr;
2006
2007        return nfs_ok;
2008}
2009
2010/*
2011 * XDR data that is more than PAGE_SIZE in size is normally part of a
2012 * read or write. However, the size of extended attributes is limited
2013 * by the maximum request size, and then further limited by the underlying
2014 * filesystem limits. This can exceed PAGE_SIZE (currently, XATTR_SIZE_MAX
2015 * is 64k). Since there is no kvec- or page-based interface to xattrs,
2016 * and we're not dealing with contiguous pages, we need to do some copying.
2017 */
2018
2019/*
2020 * Decode data into buffer.
2021 */
2022static __be32
2023nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct xdr_buf *xdr,
2024                       char **bufp, u32 buflen)
2025{
2026        struct page **pages = xdr->pages;
2027        struct kvec *head = xdr->head;
2028        char *tmp, *dp;
2029        u32 len;
2030
2031        if (buflen <= head->iov_len) {
2032                /*
2033                 * We're in luck, the head has enough space. Just return
2034                 * the head, no need for copying.
2035                 */
2036                *bufp = head->iov_base;
2037                return 0;
2038        }
2039
2040        tmp = svcxdr_tmpalloc(argp, buflen);
2041        if (tmp == NULL)
2042                return nfserr_jukebox;
2043
2044        dp = tmp;
2045        memcpy(dp, head->iov_base, head->iov_len);
2046        buflen -= head->iov_len;
2047        dp += head->iov_len;
2048
2049        while (buflen > 0) {
2050                len = min_t(u32, buflen, PAGE_SIZE);
2051                memcpy(dp, page_address(*pages), len);
2052
2053                buflen -= len;
2054                dp += len;
2055                pages++;
2056        }
2057
2058        *bufp = tmp;
2059        return 0;
2060}
2061
2062/*
2063 * Get a user extended attribute name from the XDR buffer.
2064 * It will not have the "user." prefix, so prepend it.
2065 * Lastly, check for nul characters in the name.
2066 */
2067static __be32
2068nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
2069{
2070        char *name, *sp, *dp;
2071        u32 namelen, cnt;
2072        __be32 *p;
2073
2074        if (xdr_stream_decode_u32(argp->xdr, &namelen) < 0)
2075                return nfserr_bad_xdr;
2076        if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN))
2077                return nfserr_nametoolong;
2078        if (namelen == 0)
2079                return nfserr_bad_xdr;
2080        p = xdr_inline_decode(argp->xdr, namelen);
2081        if (!p)
2082                return nfserr_bad_xdr;
2083        name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1);
2084        if (!name)
2085                return nfserr_jukebox;
2086        memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
2087
2088        /*
2089         * Copy the extended attribute name over while checking for 0
2090         * characters.
2091         */
2092        sp = (char *)p;
2093        dp = name + XATTR_USER_PREFIX_LEN;
2094        cnt = namelen;
2095
2096        while (cnt-- > 0) {
2097                if (*sp == '\0')
2098                        return nfserr_bad_xdr;
2099                *dp++ = *sp++;
2100        }
2101        *dp = '\0';
2102
2103        *namep = name;
2104
2105        return nfs_ok;
2106}
2107
2108/*
2109 * A GETXATTR op request comes without a length specifier. We just set the
2110 * maximum length for the reply based on XATTR_SIZE_MAX and the maximum
2111 * channel reply size. nfsd_getxattr will probe the length of the xattr,
2112 * check it against getxa_len, and allocate + return the value.
2113 */
2114static __be32
2115nfsd4_decode_getxattr(struct nfsd4_compoundargs *argp,
2116                      struct nfsd4_getxattr *getxattr)
2117{
2118        __be32 status;
2119        u32 maxcount;
2120
2121        status = nfsd4_decode_xattr_name(argp, &getxattr->getxa_name);
2122        if (status)
2123                return status;
2124
2125        maxcount = svc_max_payload(argp->rqstp);
2126        maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2127
2128        getxattr->getxa_len = maxcount;
2129
2130        return status;
2131}
2132
2133static __be32
2134nfsd4_decode_setxattr(struct nfsd4_compoundargs *argp,
2135                      struct nfsd4_setxattr *setxattr)
2136{
2137        u32 flags, maxcount, size;
2138        __be32 status;
2139
2140        if (xdr_stream_decode_u32(argp->xdr, &flags) < 0)
2141                return nfserr_bad_xdr;
2142
2143        if (flags > SETXATTR4_REPLACE)
2144                return nfserr_inval;
2145        setxattr->setxa_flags = flags;
2146
2147        status = nfsd4_decode_xattr_name(argp, &setxattr->setxa_name);
2148        if (status)
2149                return status;
2150
2151        maxcount = svc_max_payload(argp->rqstp);
2152        maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2153
2154        if (xdr_stream_decode_u32(argp->xdr, &size) < 0)
2155                return nfserr_bad_xdr;
2156        if (size > maxcount)
2157                return nfserr_xattr2big;
2158
2159        setxattr->setxa_len = size;
2160        if (size > 0) {
2161                struct xdr_buf payload;
2162
2163                if (!xdr_stream_subsegment(argp->xdr, &payload, size))
2164                        return nfserr_bad_xdr;
2165                status = nfsd4_vbuf_from_vector(argp, &payload,
2166                                                &setxattr->setxa_buf, size);
2167        }
2168
2169        return nfs_ok;
2170}
2171
2172static __be32
2173nfsd4_decode_listxattrs(struct nfsd4_compoundargs *argp,
2174                        struct nfsd4_listxattrs *listxattrs)
2175{
2176        u32 maxcount;
2177
2178        if (xdr_stream_decode_u64(argp->xdr, &listxattrs->lsxa_cookie) < 0)
2179                return nfserr_bad_xdr;
2180
2181        /*
2182         * If the cookie  is too large to have even one user.x attribute
2183         * plus trailing '\0' left in a maximum size buffer, it's invalid.
2184         */
2185        if (listxattrs->lsxa_cookie >=
2186            (XATTR_LIST_MAX / (XATTR_USER_PREFIX_LEN + 2)))
2187                return nfserr_badcookie;
2188
2189        if (xdr_stream_decode_u32(argp->xdr, &maxcount) < 0)
2190                return nfserr_bad_xdr;
2191        if (maxcount < 8)
2192                /* Always need at least 2 words (length and one character) */
2193                return nfserr_inval;
2194
2195        maxcount = min(maxcount, svc_max_payload(argp->rqstp));
2196        listxattrs->lsxa_maxcount = maxcount;
2197
2198        return nfs_ok;
2199}
2200
2201static __be32
2202nfsd4_decode_removexattr(struct nfsd4_compoundargs *argp,
2203                         struct nfsd4_removexattr *removexattr)
2204{
2205        return nfsd4_decode_xattr_name(argp, &removexattr->rmxa_name);
2206}
2207
2208static __be32
2209nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
2210{
2211        return nfs_ok;
2212}
2213
2214static __be32
2215nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
2216{
2217        return nfserr_notsupp;
2218}
2219
2220typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
2221
2222static const nfsd4_dec nfsd4_dec_ops[] = {
2223        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
2224        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
2225        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
2226        [OP_CREATE]             = (nfsd4_dec)nfsd4_decode_create,
2227        [OP_DELEGPURGE]         = (nfsd4_dec)nfsd4_decode_notsupp,
2228        [OP_DELEGRETURN]        = (nfsd4_dec)nfsd4_decode_delegreturn,
2229        [OP_GETATTR]            = (nfsd4_dec)nfsd4_decode_getattr,
2230        [OP_GETFH]              = (nfsd4_dec)nfsd4_decode_noop,
2231        [OP_LINK]               = (nfsd4_dec)nfsd4_decode_link,
2232        [OP_LOCK]               = (nfsd4_dec)nfsd4_decode_lock,
2233        [OP_LOCKT]              = (nfsd4_dec)nfsd4_decode_lockt,
2234        [OP_LOCKU]              = (nfsd4_dec)nfsd4_decode_locku,
2235        [OP_LOOKUP]             = (nfsd4_dec)nfsd4_decode_lookup,
2236        [OP_LOOKUPP]            = (nfsd4_dec)nfsd4_decode_noop,
2237        [OP_NVERIFY]            = (nfsd4_dec)nfsd4_decode_verify,
2238        [OP_OPEN]               = (nfsd4_dec)nfsd4_decode_open,
2239        [OP_OPENATTR]           = (nfsd4_dec)nfsd4_decode_notsupp,
2240        [OP_OPEN_CONFIRM]       = (nfsd4_dec)nfsd4_decode_open_confirm,
2241        [OP_OPEN_DOWNGRADE]     = (nfsd4_dec)nfsd4_decode_open_downgrade,
2242        [OP_PUTFH]              = (nfsd4_dec)nfsd4_decode_putfh,
2243        [OP_PUTPUBFH]           = (nfsd4_dec)nfsd4_decode_putpubfh,
2244        [OP_PUTROOTFH]          = (nfsd4_dec)nfsd4_decode_noop,
2245        [OP_READ]               = (nfsd4_dec)nfsd4_decode_read,
2246        [OP_READDIR]            = (nfsd4_dec)nfsd4_decode_readdir,
2247        [OP_READLINK]           = (nfsd4_dec)nfsd4_decode_noop,
2248        [OP_REMOVE]             = (nfsd4_dec)nfsd4_decode_remove,
2249        [OP_RENAME]             = (nfsd4_dec)nfsd4_decode_rename,
2250        [OP_RENEW]              = (nfsd4_dec)nfsd4_decode_renew,
2251        [OP_RESTOREFH]          = (nfsd4_dec)nfsd4_decode_noop,
2252        [OP_SAVEFH]             = (nfsd4_dec)nfsd4_decode_noop,
2253        [OP_SECINFO]            = (nfsd4_dec)nfsd4_decode_secinfo,
2254        [OP_SETATTR]            = (nfsd4_dec)nfsd4_decode_setattr,
2255        [OP_SETCLIENTID]        = (nfsd4_dec)nfsd4_decode_setclientid,
2256        [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
2257        [OP_VERIFY]             = (nfsd4_dec)nfsd4_decode_verify,
2258        [OP_WRITE]              = (nfsd4_dec)nfsd4_decode_write,
2259        [OP_RELEASE_LOCKOWNER]  = (nfsd4_dec)nfsd4_decode_release_lockowner,
2260
2261        /* new operations for NFSv4.1 */
2262        [OP_BACKCHANNEL_CTL]    = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
2263        [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
2264        [OP_EXCHANGE_ID]        = (nfsd4_dec)nfsd4_decode_exchange_id,
2265        [OP_CREATE_SESSION]     = (nfsd4_dec)nfsd4_decode_create_session,
2266        [OP_DESTROY_SESSION]    = (nfsd4_dec)nfsd4_decode_destroy_session,
2267        [OP_FREE_STATEID]       = (nfsd4_dec)nfsd4_decode_free_stateid,
2268        [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
2269#ifdef CONFIG_NFSD_PNFS
2270        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_getdeviceinfo,
2271        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
2272        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_layoutcommit,
2273        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_layoutget,
2274        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_layoutreturn,
2275#else
2276        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_notsupp,
2277        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
2278        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_notsupp,
2279        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_notsupp,
2280        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_notsupp,
2281#endif
2282        [OP_SECINFO_NO_NAME]    = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
2283        [OP_SEQUENCE]           = (nfsd4_dec)nfsd4_decode_sequence,
2284        [OP_SET_SSV]            = (nfsd4_dec)nfsd4_decode_notsupp,
2285        [OP_TEST_STATEID]       = (nfsd4_dec)nfsd4_decode_test_stateid,
2286        [OP_WANT_DELEGATION]    = (nfsd4_dec)nfsd4_decode_notsupp,
2287        [OP_DESTROY_CLIENTID]   = (nfsd4_dec)nfsd4_decode_destroy_clientid,
2288        [OP_RECLAIM_COMPLETE]   = (nfsd4_dec)nfsd4_decode_reclaim_complete,
2289
2290        /* new operations for NFSv4.2 */
2291        [OP_ALLOCATE]           = (nfsd4_dec)nfsd4_decode_fallocate,
2292        [OP_COPY]               = (nfsd4_dec)nfsd4_decode_copy,
2293        [OP_COPY_NOTIFY]        = (nfsd4_dec)nfsd4_decode_copy_notify,
2294        [OP_DEALLOCATE]         = (nfsd4_dec)nfsd4_decode_fallocate,
2295        [OP_IO_ADVISE]          = (nfsd4_dec)nfsd4_decode_notsupp,
2296        [OP_LAYOUTERROR]        = (nfsd4_dec)nfsd4_decode_notsupp,
2297        [OP_LAYOUTSTATS]        = (nfsd4_dec)nfsd4_decode_notsupp,
2298        [OP_OFFLOAD_CANCEL]     = (nfsd4_dec)nfsd4_decode_offload_status,
2299        [OP_OFFLOAD_STATUS]     = (nfsd4_dec)nfsd4_decode_offload_status,
2300        [OP_READ_PLUS]          = (nfsd4_dec)nfsd4_decode_read,
2301        [OP_SEEK]               = (nfsd4_dec)nfsd4_decode_seek,
2302        [OP_WRITE_SAME]         = (nfsd4_dec)nfsd4_decode_notsupp,
2303        [OP_CLONE]              = (nfsd4_dec)nfsd4_decode_clone,
2304        /* RFC 8276 extended atributes operations */
2305        [OP_GETXATTR]           = (nfsd4_dec)nfsd4_decode_getxattr,
2306        [OP_SETXATTR]           = (nfsd4_dec)nfsd4_decode_setxattr,
2307        [OP_LISTXATTRS]         = (nfsd4_dec)nfsd4_decode_listxattrs,
2308        [OP_REMOVEXATTR]        = (nfsd4_dec)nfsd4_decode_removexattr,
2309};
2310
2311static inline bool
2312nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
2313{
2314        if (op->opnum < FIRST_NFS4_OP)
2315                return false;
2316        else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
2317                return false;
2318        else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
2319                return false;
2320        else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
2321                return false;
2322        return true;
2323}
2324
2325static int
2326nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
2327{
2328        struct nfsd4_op *op;
2329        bool cachethis = false;
2330        int auth_slack= argp->rqstp->rq_auth_slack;
2331        int max_reply = auth_slack + 8; /* opcnt, status */
2332        int readcount = 0;
2333        int readbytes = 0;
2334        __be32 *p;
2335        int i;
2336
2337        if (xdr_stream_decode_u32(argp->xdr, &argp->taglen) < 0)
2338                return 0;
2339        max_reply += XDR_UNIT;
2340        argp->tag = NULL;
2341        if (unlikely(argp->taglen)) {
2342                if (argp->taglen > NFSD4_MAX_TAGLEN)
2343                        return 0;
2344                p = xdr_inline_decode(argp->xdr, argp->taglen);
2345                if (!p)
2346                        return 0;
2347                argp->tag = svcxdr_savemem(argp, p, argp->taglen);
2348                if (!argp->tag)
2349                        return 0;
2350                max_reply += xdr_align_size(argp->taglen);
2351        }
2352
2353        if (xdr_stream_decode_u32(argp->xdr, &argp->minorversion) < 0)
2354                return 0;
2355        if (xdr_stream_decode_u32(argp->xdr, &argp->opcnt) < 0)
2356                return 0;
2357
2358        /*
2359         * NFS4ERR_RESOURCE is a more helpful error than GARBAGE_ARGS
2360         * here, so we return success at the xdr level so that
2361         * nfsd4_proc can handle this is an NFS-level error.
2362         */
2363        if (argp->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
2364                return 1;
2365
2366        if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
2367                argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
2368                if (!argp->ops) {
2369                        argp->ops = argp->iops;
2370                        dprintk("nfsd: couldn't allocate room for COMPOUND\n");
2371                        return 0;
2372                }
2373        }
2374
2375        if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
2376                argp->opcnt = 0;
2377
2378        for (i = 0; i < argp->opcnt; i++) {
2379                op = &argp->ops[i];
2380                op->replay = NULL;
2381
2382                if (xdr_stream_decode_u32(argp->xdr, &op->opnum) < 0)
2383                        return 0;
2384                if (nfsd4_opnum_in_range(argp, op)) {
2385                        op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
2386                        if (op->status != nfs_ok)
2387                                trace_nfsd_compound_decode_err(argp->rqstp,
2388                                                               argp->opcnt, i,
2389                                                               op->opnum,
2390                                                               op->status);
2391                } else {
2392                        op->opnum = OP_ILLEGAL;
2393                        op->status = nfserr_op_illegal;
2394                }
2395                op->opdesc = OPDESC(op);
2396                /*
2397                 * We'll try to cache the result in the DRC if any one
2398                 * op in the compound wants to be cached:
2399                 */
2400                cachethis |= nfsd4_cache_this_op(op);
2401
2402                if (op->opnum == OP_READ || op->opnum == OP_READ_PLUS) {
2403                        readcount++;
2404                        readbytes += nfsd4_max_reply(argp->rqstp, op);
2405                } else
2406                        max_reply += nfsd4_max_reply(argp->rqstp, op);
2407                /*
2408                 * OP_LOCK and OP_LOCKT may return a conflicting lock.
2409                 * (Special case because it will just skip encoding this
2410                 * if it runs out of xdr buffer space, and it is the only
2411                 * operation that behaves this way.)
2412                 */
2413                if (op->opnum == OP_LOCK || op->opnum == OP_LOCKT)
2414                        max_reply += NFS4_OPAQUE_LIMIT;
2415
2416                if (op->status) {
2417                        argp->opcnt = i+1;
2418                        break;
2419                }
2420        }
2421        /* Sessions make the DRC unnecessary: */
2422        if (argp->minorversion)
2423                cachethis = false;
2424        svc_reserve(argp->rqstp, max_reply + readbytes);
2425        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
2426
2427        if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
2428                clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags);
2429
2430        return 1;
2431}
2432
2433static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode,
2434                             struct svc_export *exp)
2435{
2436        if (exp->ex_flags & NFSEXP_V4ROOT) {
2437                *p++ = cpu_to_be32(convert_to_wallclock(exp->cd->flush_time));
2438                *p++ = 0;
2439        } else
2440                p = xdr_encode_hyper(p, nfsd4_change_attribute(stat, inode));
2441        return p;
2442}
2443
2444/*
2445 * ctime (in NFSv4, time_metadata) is not writeable, and the client
2446 * doesn't really care what resolution could theoretically be stored by
2447 * the filesystem.
2448 *
2449 * The client cares how close together changes can be while still
2450 * guaranteeing ctime changes.  For most filesystems (which have
2451 * timestamps with nanosecond fields) that is limited by the resolution
2452 * of the time returned from current_time() (which I'm assuming to be
2453 * 1/HZ).
2454 */
2455static __be32 *encode_time_delta(__be32 *p, struct inode *inode)
2456{
2457        struct timespec64 ts;
2458        u32 ns;
2459
2460        ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran);
2461        ts = ns_to_timespec64(ns);
2462
2463        p = xdr_encode_hyper(p, ts.tv_sec);
2464        *p++ = cpu_to_be32(ts.tv_nsec);
2465
2466        return p;
2467}
2468
2469static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
2470{
2471        *p++ = cpu_to_be32(c->atomic);
2472        p = xdr_encode_hyper(p, c->before_change);
2473        p = xdr_encode_hyper(p, c->after_change);
2474        return p;
2475}
2476
2477/* Encode as an array of strings the string given with components
2478 * separated @sep, escaped with esc_enter and esc_exit.
2479 */
2480static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
2481                                          char *components, char esc_enter,
2482                                          char esc_exit)
2483{
2484        __be32 *p;
2485        __be32 pathlen;
2486        int pathlen_offset;
2487        int strlen, count=0;
2488        char *str, *end, *next;
2489
2490        dprintk("nfsd4_encode_components(%s)\n", components);
2491
2492        pathlen_offset = xdr->buf->len;
2493        p = xdr_reserve_space(xdr, 4);
2494        if (!p)
2495                return nfserr_resource;
2496        p++; /* We will fill this in with @count later */
2497
2498        end = str = components;
2499        while (*end) {
2500                bool found_esc = false;
2501
2502                /* try to parse as esc_start, ..., esc_end, sep */
2503                if (*str == esc_enter) {
2504                        for (; *end && (*end != esc_exit); end++)
2505                                /* find esc_exit or end of string */;
2506                        next = end + 1;
2507                        if (*end && (!*next || *next == sep)) {
2508                                str++;
2509                                found_esc = true;
2510                        }
2511                }
2512
2513                if (!found_esc)
2514                        for (; *end && (*end != sep); end++)
2515                                /* find sep or end of string */;
2516
2517                strlen = end - str;
2518                if (strlen) {
2519                        p = xdr_reserve_space(xdr, strlen + 4);
2520                        if (!p)
2521                                return nfserr_resource;
2522                        p = xdr_encode_opaque(p, str, strlen);
2523                        count++;
2524                }
2525                else
2526                        end++;
2527                if (found_esc)
2528                        end = next;
2529
2530                str = end;
2531        }
2532        pathlen = htonl(count);
2533        write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
2534        return 0;
2535}
2536
2537/* Encode as an array of strings the string given with components
2538 * separated @sep.
2539 */
2540static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
2541                                      char *components)
2542{
2543        return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
2544}
2545
2546/*
2547 * encode a location element of a fs_locations structure
2548 */
2549static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
2550                                        struct nfsd4_fs_location *location)
2551{
2552        __be32 status;
2553
2554        status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
2555                                                '[', ']');
2556        if (status)
2557                return status;
2558        status = nfsd4_encode_components(xdr, '/', location->path);
2559        if (status)
2560                return status;
2561        return 0;
2562}
2563
2564/*
2565 * Encode a path in RFC3530 'pathname4' format
2566 */
2567static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
2568                                const struct path *root,
2569                                const struct path *path)
2570{
2571        struct path cur = *path;
2572        __be32 *p;
2573        struct dentry **components = NULL;
2574        unsigned int ncomponents = 0;
2575        __be32 err = nfserr_jukebox;
2576
2577        dprintk("nfsd4_encode_components(");
2578
2579        path_get(&cur);
2580        /* First walk the path up to the nfsd root, and store the
2581         * dentries/path components in an array.
2582         */
2583        for (;;) {
2584                if (path_equal(&cur, root))
2585                        break;
2586                if (cur.dentry == cur.mnt->mnt_root) {
2587                        if (follow_up(&cur))
2588                                continue;
2589                        goto out_free;
2590                }
2591                if ((ncomponents & 15) == 0) {
2592                        struct dentry **new;
2593                        new = krealloc(components,
2594                                        sizeof(*new) * (ncomponents + 16),
2595                                        GFP_KERNEL);
2596                        if (!new)
2597                                goto out_free;
2598                        components = new;
2599                }
2600                components[ncomponents++] = cur.dentry;
2601                cur.dentry = dget_parent(cur.dentry);
2602        }
2603        err = nfserr_resource;
2604        p = xdr_reserve_space(xdr, 4);
2605        if (!p)
2606                goto out_free;
2607        *p++ = cpu_to_be32(ncomponents);
2608
2609        while (ncomponents) {
2610                struct dentry *dentry = components[ncomponents - 1];
2611                unsigned int len;
2612
2613                spin_lock(&dentry->d_lock);
2614                len = dentry->d_name.len;
2615                p = xdr_reserve_space(xdr, len + 4);
2616                if (!p) {
2617                        spin_unlock(&dentry->d_lock);
2618                        goto out_free;
2619                }
2620                p = xdr_encode_opaque(p, dentry->d_name.name, len);
2621                dprintk("/%pd", dentry);
2622                spin_unlock(&dentry->d_lock);
2623                dput(dentry);
2624                ncomponents--;
2625        }
2626
2627        err = 0;
2628out_free:
2629        dprintk(")\n");
2630        while (ncomponents)
2631                dput(components[--ncomponents]);
2632        kfree(components);
2633        path_put(&cur);
2634        return err;
2635}
2636
2637static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
2638                        struct svc_rqst *rqstp, const struct path *path)
2639{
2640        struct svc_export *exp_ps;
2641        __be32 res;
2642
2643        exp_ps = rqst_find_fsidzero_export(rqstp);
2644        if (IS_ERR(exp_ps))
2645                return nfserrno(PTR_ERR(exp_ps));
2646        res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
2647        exp_put(exp_ps);
2648        return res;
2649}
2650
2651/*
2652 *  encode a fs_locations structure
2653 */
2654static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
2655                        struct svc_rqst *rqstp, struct svc_export *exp)
2656{
2657        __be32 status;
2658        int i;
2659        __be32 *p;
2660        struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
2661
2662        status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
2663        if (status)
2664                return status;
2665        p = xdr_reserve_space(xdr, 4);
2666        if (!p)
2667                return nfserr_resource;
2668        *p++ = cpu_to_be32(fslocs->locations_count);
2669        for (i=0; i<fslocs->locations_count; i++) {
2670                status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
2671                if (status)
2672                        return status;
2673        }
2674        return 0;
2675}
2676
2677static u32 nfs4_file_type(umode_t mode)
2678{
2679        switch (mode & S_IFMT) {
2680        case S_IFIFO:   return NF4FIFO;
2681        case S_IFCHR:   return NF4CHR;
2682        case S_IFDIR:   return NF4DIR;
2683        case S_IFBLK:   return NF4BLK;
2684        case S_IFLNK:   return NF4LNK;
2685        case S_IFREG:   return NF4REG;
2686        case S_IFSOCK:  return NF4SOCK;
2687        default:        return NF4BAD;
2688        }
2689}
2690
2691static inline __be32
2692nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2693                     struct nfs4_ace *ace)
2694{
2695        if (ace->whotype != NFS4_ACL_WHO_NAMED)
2696                return nfs4_acl_write_who(xdr, ace->whotype);
2697        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
2698                return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
2699        else
2700                return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
2701}
2702
2703static inline __be32
2704nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
2705{
2706        __be32          *p;
2707        unsigned long   i = hweight_long(layout_types);
2708
2709        p = xdr_reserve_space(xdr, 4 + 4 * i);
2710        if (!p)
2711                return nfserr_resource;
2712
2713        *p++ = cpu_to_be32(i);
2714
2715        for (i = LAYOUT_NFSV4_1_FILES; i < LAYOUT_TYPE_MAX; ++i)
2716                if (layout_types & (1 << i))
2717                        *p++ = cpu_to_be32(i);
2718
2719        return 0;
2720}
2721
2722#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
2723                              FATTR4_WORD0_RDATTR_ERROR)
2724#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
2725#define WORD2_ABSENT_FS_ATTRS 0
2726
2727#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2728static inline __be32
2729nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2730                            void *context, int len)
2731{
2732        __be32 *p;
2733
2734        p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
2735        if (!p)
2736                return nfserr_resource;
2737
2738        /*
2739         * For now we use a 0 here to indicate the null translation; in
2740         * the future we may place a call to translation code here.
2741         */
2742        *p++ = cpu_to_be32(0); /* lfs */
2743        *p++ = cpu_to_be32(0); /* pi */
2744        p = xdr_encode_opaque(p, context, len);
2745        return 0;
2746}
2747#else
2748static inline __be32
2749nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2750                            void *context, int len)
2751{ return 0; }
2752#endif
2753
2754static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err)
2755{
2756        /* As per referral draft:  */
2757        if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2758            *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2759                if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2760                    *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2761                        *rdattr_err = NFSERR_MOVED;
2762                else
2763                        return nfserr_moved;
2764        }
2765        *bmval0 &= WORD0_ABSENT_FS_ATTRS;
2766        *bmval1 &= WORD1_ABSENT_FS_ATTRS;
2767        *bmval2 &= WORD2_ABSENT_FS_ATTRS;
2768        return 0;
2769}
2770
2771
2772static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2773{
2774        struct path path = exp->ex_path;
2775        int err;
2776
2777        path_get(&path);
2778        while (follow_up(&path)) {
2779                if (path.dentry != path.mnt->mnt_root)
2780                        break;
2781        }
2782        err = vfs_getattr(&path, stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2783        path_put(&path);
2784        return err;
2785}
2786
2787static __be32
2788nfsd4_encode_bitmap(struct xdr_stream *xdr, u32 bmval0, u32 bmval1, u32 bmval2)
2789{
2790        __be32 *p;
2791
2792        if (bmval2) {
2793                p = xdr_reserve_space(xdr, 16);
2794                if (!p)
2795                        goto out_resource;
2796                *p++ = cpu_to_be32(3);
2797                *p++ = cpu_to_be32(bmval0);
2798                *p++ = cpu_to_be32(bmval1);
2799                *p++ = cpu_to_be32(bmval2);
2800        } else if (bmval1) {
2801                p = xdr_reserve_space(xdr, 12);
2802                if (!p)
2803                        goto out_resource;
2804                *p++ = cpu_to_be32(2);
2805                *p++ = cpu_to_be32(bmval0);
2806                *p++ = cpu_to_be32(bmval1);
2807        } else {
2808                p = xdr_reserve_space(xdr, 8);
2809                if (!p)
2810                        goto out_resource;
2811                *p++ = cpu_to_be32(1);
2812                *p++ = cpu_to_be32(bmval0);
2813        }
2814
2815        return 0;
2816out_resource:
2817        return nfserr_resource;
2818}
2819
2820/*
2821 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2822 * ourselves.
2823 */
2824static __be32
2825nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
2826                struct svc_export *exp,
2827                struct dentry *dentry, u32 *bmval,
2828                struct svc_rqst *rqstp, int ignore_crossmnt)
2829{
2830        u32 bmval0 = bmval[0];
2831        u32 bmval1 = bmval[1];
2832        u32 bmval2 = bmval[2];
2833        struct kstat stat;
2834        struct svc_fh *tempfh = NULL;
2835        struct kstatfs statfs;
2836        __be32 *p;
2837        int starting_len = xdr->buf->len;
2838        int attrlen_offset;
2839        __be32 attrlen;
2840        u32 dummy;
2841        u64 dummy64;
2842        u32 rdattr_err = 0;
2843        __be32 status;
2844        int err;
2845        struct nfs4_acl *acl = NULL;
2846#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2847        void *context = NULL;
2848        int contextlen;
2849#endif
2850        bool contextsupport = false;
2851        struct nfsd4_compoundres *resp = rqstp->rq_resp;
2852        u32 minorversion = resp->cstate.minorversion;
2853        struct path path = {
2854                .mnt    = exp->ex_path.mnt,
2855                .dentry = dentry,
2856        };
2857        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2858
2859        BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2860        BUG_ON(!nfsd_attrs_supported(minorversion, bmval));
2861
2862        if (exp->ex_fslocs.migrated) {
2863                status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err);
2864                if (status)
2865                        goto out;
2866        }
2867
2868        err = vfs_getattr(&path, &stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2869        if (err)
2870                goto out_nfserr;
2871        if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
2872                        FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
2873            (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2874                       FATTR4_WORD1_SPACE_TOTAL))) {
2875                err = vfs_statfs(&path, &statfs);
2876                if (err)
2877                        goto out_nfserr;
2878        }
2879        if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2880                tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2881                status = nfserr_jukebox;
2882                if (!tempfh)
2883                        goto out;
2884                fh_init(tempfh, NFS4_FHSIZE);
2885                status = fh_compose(tempfh, exp, dentry, NULL);
2886                if (status)
2887                        goto out;
2888                fhp = tempfh;
2889        }
2890        if (bmval0 & FATTR4_WORD0_ACL) {
2891                err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2892                if (err == -EOPNOTSUPP)
2893                        bmval0 &= ~FATTR4_WORD0_ACL;
2894                else if (err == -EINVAL) {
2895                        status = nfserr_attrnotsupp;
2896                        goto out;
2897                } else if (err != 0)
2898                        goto out_nfserr;
2899        }
2900
2901#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2902        if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) ||
2903             bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2904                if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
2905                        err = security_inode_getsecctx(d_inode(dentry),
2906                                                &context, &contextlen);
2907                else
2908                        err = -EOPNOTSUPP;
2909                contextsupport = (err == 0);
2910                if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2911                        if (err == -EOPNOTSUPP)
2912                                bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2913                        else if (err)
2914                                goto out_nfserr;
2915                }
2916        }
2917#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2918
2919        status = nfsd4_encode_bitmap(xdr, bmval0, bmval1, bmval2);
2920        if (status)
2921                goto out;
2922
2923        attrlen_offset = xdr->buf->len;
2924        p = xdr_reserve_space(xdr, 4);
2925        if (!p)
2926                goto out_resource;
2927        p++;                /* to be backfilled later */
2928
2929        if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2930                u32 supp[3];
2931
2932                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
2933
2934                if (!IS_POSIXACL(dentry->d_inode))
2935                        supp[0] &= ~FATTR4_WORD0_ACL;
2936                if (!contextsupport)
2937                        supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
2938                if (!supp[2]) {
2939                        p = xdr_reserve_space(xdr, 12);
2940                        if (!p)
2941                                goto out_resource;
2942                        *p++ = cpu_to_be32(2);
2943                        *p++ = cpu_to_be32(supp[0]);
2944                        *p++ = cpu_to_be32(supp[1]);
2945                } else {
2946                        p = xdr_reserve_space(xdr, 16);
2947                        if (!p)
2948                                goto out_resource;
2949                        *p++ = cpu_to_be32(3);
2950                        *p++ = cpu_to_be32(supp[0]);
2951                        *p++ = cpu_to_be32(supp[1]);
2952                        *p++ = cpu_to_be32(supp[2]);
2953                }
2954        }
2955        if (bmval0 & FATTR4_WORD0_TYPE) {
2956                p = xdr_reserve_space(xdr, 4);
2957                if (!p)
2958                        goto out_resource;
2959                dummy = nfs4_file_type(stat.mode);
2960                if (dummy == NF4BAD) {
2961                        status = nfserr_serverfault;
2962                        goto out;
2963                }
2964                *p++ = cpu_to_be32(dummy);
2965        }
2966        if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2967                p = xdr_reserve_space(xdr, 4);
2968                if (!p)
2969                        goto out_resource;
2970                if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2971                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
2972                else
2973                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
2974                                                NFS4_FH_VOL_RENAME);
2975        }
2976        if (bmval0 & FATTR4_WORD0_CHANGE) {
2977                p = xdr_reserve_space(xdr, 8);
2978                if (!p)
2979                        goto out_resource;
2980                p = encode_change(p, &stat, d_inode(dentry), exp);
2981        }
2982        if (bmval0 & FATTR4_WORD0_SIZE) {
2983                p = xdr_reserve_space(xdr, 8);
2984                if (!p)
2985                        goto out_resource;
2986                p = xdr_encode_hyper(p, stat.size);
2987        }
2988        if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2989                p = xdr_reserve_space(xdr, 4);
2990                if (!p)
2991                        goto out_resource;
2992                *p++ = cpu_to_be32(1);
2993        }
2994        if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2995                p = xdr_reserve_space(xdr, 4);
2996                if (!p)
2997                        goto out_resource;
2998                *p++ = cpu_to_be32(1);
2999        }
3000        if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {

3001                p = xdr_reserve_space(xdr, 4);
3002                if (!p)
3003                        goto out_resource;
3004                *p++ = cpu_to_be32(0);
3005        }
3006        if (bmval0 & FATTR4_WORD0_FSID) {
3007                p = xdr_reserve_space(xdr, 16);
3008                if (!p)
3009                        goto out_resource;
3010                if (exp->ex_fslocs.migrated) {
3011                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
3012                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
3013                } else switch(fsid_source(fhp)) {
3014                case FSIDSOURCE_FSID:
3015                        p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
3016                        p = xdr_encode_hyper(p, (u64)0);
3017                        break;
3018                case FSIDSOURCE_DEV:
3019                        *p++ = cpu_to_be32(0);
3020                        *p++ = cpu_to_be32(MAJOR(stat.dev));
3021                        *p++ = cpu_to_be32(0);
3022                        *p++ = cpu_to_be32(MINOR(stat.dev));
3023                        break;
3024                case FSIDSOURCE_UUID:
3025                        p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
3026                                                                EX_UUID_LEN);
3027                        break;
3028                }
3029        }
3030        if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
3031                p = xdr_reserve_space(xdr, 4);
3032                if (!p)
3033                        goto out_resource;
3034                *p++ = cpu_to_be32(0);
3035        }
3036        if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
3037                p = xdr_reserve_space(xdr, 4);
3038                if (!p)
3039                        goto out_resource;
3040                *p++ = cpu_to_be32(nn->nfsd4_lease);
3041        }
3042        if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
3043                p = xdr_reserve_space(xdr, 4);
3044                if (!p)
3045                        goto out_resource;
3046                *p++ = cpu_to_be32(rdattr_err);
3047        }
3048        if (bmval0 & FATTR4_WORD0_ACL) {
3049                struct nfs4_ace *ace;
3050
3051                if (acl == NULL) {
3052                        p = xdr_reserve_space(xdr, 4);
3053                        if (!p)
3054                                goto out_resource;
3055
3056                        *p++ = cpu_to_be32(0);
3057                        goto out_acl;
3058                }
3059                p = xdr_reserve_space(xdr, 4);
3060                if (!p)
3061                        goto out_resource;
3062                *p++ = cpu_to_be32(acl->naces);
3063
3064                for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
3065                        p = xdr_reserve_space(xdr, 4*3);
3066                        if (!p)
3067                                goto out_resource;
3068                        *p++ = cpu_to_be32(ace->type);
3069                        *p++ = cpu_to_be32(ace->flag);
3070                        *p++ = cpu_to_be32(ace->access_mask &
3071                                                        NFS4_ACE_MASK_ALL);
3072                        status = nfsd4_encode_aclname(xdr, rqstp, ace);
3073                        if (status)
3074                                goto out;
3075                }
3076        }
3077out_acl:
3078        if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
3079                p = xdr_reserve_space(xdr, 4);
3080                if (!p)
3081                        goto out_resource;
3082                *p++ = cpu_to_be32(IS_POSIXACL(dentry->d_inode) ?
3083                        ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
3084        }
3085        if (bmval0 & FATTR4_WORD0_CANSETTIME) {
3086                p = xdr_reserve_space(xdr, 4);
3087                if (!p)
3088                        goto out_resource;
3089                *p++ = cpu_to_be32(1);
3090        }
3091        if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
3092                p = xdr_reserve_space(xdr, 4);
3093                if (!p)
3094                        goto out_resource;
3095                *p++ = cpu_to_be32(0);
3096        }
3097        if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
3098                p = xdr_reserve_space(xdr, 4);
3099                if (!p)
3100                        goto out_resource;
3101                *p++ = cpu_to_be32(1);
3102        }
3103        if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
3104                p = xdr_reserve_space(xdr, 4);
3105                if (!p)
3106                        goto out_resource;
3107                *p++ = cpu_to_be32(1);
3108        }
3109        if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
3110                p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
3111                if (!p)
3112                        goto out_resource;
3113                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
3114                                        fhp->fh_handle.fh_size);
3115        }
3116        if (bmval0 & FATTR4_WORD0_FILEID) {
3117                p = xdr_reserve_space(xdr, 8);
3118                if (!p)
3119                        goto out_resource;
3120                p = xdr_encode_hyper(p, stat.ino);
3121        }
3122        if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
3123                p = xdr_reserve_space(xdr, 8);
3124                if (!p)
3125                        goto out_resource;
3126                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
3127        }
3128        if (bmval0 & FATTR4_WORD0_FILES_FREE) {
3129                p = xdr_reserve_space(xdr, 8);
3130                if (!p)
3131                        goto out_resource;
3132                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
3133        }
3134        if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
3135                p = xdr_reserve_space(xdr, 8);
3136                if (!p)
3137                        goto out_resource;
3138                p = xdr_encode_hyper(p, (u64) statfs.f_files);
3139        }
3140        if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
3141                status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
3142                if (status)
3143                        goto out;
3144        }
3145        if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
3146                p = xdr_reserve_space(xdr, 4);
3147                if (!p)
3148                        goto out_resource;
3149                *p++ = cpu_to_be32(1);
3150        }
3151        if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
3152                p = xdr_reserve_space(xdr, 8);
3153                if (!p)
3154                        goto out_resource;
3155                p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
3156        }
3157        if (bmval0 & FATTR4_WORD0_MAXLINK) {
3158                p = xdr_reserve_space(xdr, 4);
3159                if (!p)
3160                        goto out_resource;
3161                *p++ = cpu_to_be32(255);
3162        }
3163        if (bmval0 & FATTR4_WORD0_MAXNAME) {
3164                p = xdr_reserve_space(xdr, 4);
3165                if (!p)
3166                        goto out_resource;
3167                *p++ = cpu_to_be32(statfs.f_namelen);
3168        }
3169        if (bmval0 & FATTR4_WORD0_MAXREAD) {
3170                p = xdr_reserve_space(xdr, 8);
3171                if (!p)
3172                        goto out_resource;
3173                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
3174        }
3175        if (bmval0 & FATTR4_WORD0_MAXWRITE) {
3176                p = xdr_reserve_space(xdr, 8);
3177                if (!p)
3178                        goto out_resource;
3179                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
3180        }
3181        if (bmval1 & FATTR4_WORD1_MODE) {
3182                p = xdr_reserve_space(xdr, 4);
3183                if (!p)
3184                        goto out_resource;
3185                *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
3186        }
3187        if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
3188                p = xdr_reserve_space(xdr, 4);
3189                if (!p)
3190                        goto out_resource;
3191                *p++ = cpu_to_be32(1);
3192        }
3193        if (bmval1 & FATTR4_WORD1_NUMLINKS) {
3194                p = xdr_reserve_space(xdr, 4);
3195                if (!p)
3196                        goto out_resource;
3197                *p++ = cpu_to_be32(stat.nlink);
3198        }
3199        if (bmval1 & FATTR4_WORD1_OWNER) {
3200                status = nfsd4_encode_user(xdr, rqstp, stat.uid);
3201                if (status)
3202                        goto out;
3203        }
3204        if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
3205                status = nfsd4_encode_group(xdr, rqstp, stat.gid);
3206                if (status)
3207                        goto out;
3208        }
3209        if (bmval1 & FATTR4_WORD1_RAWDEV) {
3210                p = xdr_reserve_space(xdr, 8);
3211                if (!p)
3212                        goto out_resource;
3213                *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
3214                *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
3215        }
3216        if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
3217                p = xdr_reserve_space(xdr, 8);
3218                if (!p)
3219                        goto out_resource;
3220                dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
3221                p = xdr_encode_hyper(p, dummy64);
3222        }
3223        if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
3224                p = xdr_reserve_space(xdr, 8);
3225                if (!p)
3226                        goto out_resource;
3227                dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
3228                p = xdr_encode_hyper(p, dummy64);
3229        }
3230        if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
3231                p = xdr_reserve_space(xdr, 8);
3232                if (!p)
3233                        goto out_resource;
3234                dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
3235                p = xdr_encode_hyper(p, dummy64);
3236        }
3237        if (bmval1 & FATTR4_WORD1_SPACE_USED) {
3238                p = xdr_reserve_space(xdr, 8);
3239                if (!p)
3240                        goto out_resource;
3241                dummy64 = (u64)stat.blocks << 9;
3242                p = xdr_encode_hyper(p, dummy64);
3243        }
3244        if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
3245                p = xdr_reserve_space(xdr, 12);
3246                if (!p)
3247                        goto out_resource;
3248                p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
3249                *p++ = cpu_to_be32(stat.atime.tv_nsec);
3250        }
3251        if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
3252                p = xdr_reserve_space(xdr, 12);
3253                if (!p)
3254                        goto out_resource;
3255                p = encode_time_delta(p, d_inode(dentry));
3256        }
3257        if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
3258                p = xdr_reserve_space(xdr, 12);
3259                if (!p)
3260                        goto out_resource;
3261                p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
3262                *p++ = cpu_to_be32(stat.ctime.tv_nsec);
3263        }
3264        if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
3265                p = xdr_reserve_space(xdr, 12);
3266                if (!p)
3267                        goto out_resource;
3268                p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
3269                *p++ = cpu_to_be32(stat.mtime.tv_nsec);
3270        }
3271        if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
3272                struct kstat parent_stat;
3273                u64 ino = stat.ino;
3274
3275                p = xdr_reserve_space(xdr, 8);
3276                if (!p)
3277                        goto out_resource;
3278                /*
3279                 * Get parent's attributes if not ignoring crossmount
3280                 * and this is the root of a cross-mounted filesystem.
3281                 */
3282                if (ignore_crossmnt == 0 &&
3283                    dentry == exp->ex_path.mnt->mnt_root) {
3284                        err = get_parent_attributes(exp, &parent_stat);
3285                        if (err)
3286                                goto out_nfserr;
3287                        ino = parent_stat.ino;
3288                }
3289                p = xdr_encode_hyper(p, ino);
3290        }
3291#ifdef CONFIG_NFSD_PNFS
3292        if (bmval1 & FATTR4_WORD1_FS_LAYOUT_TYPES) {
3293                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3294                if (status)
3295                        goto out;
3296        }
3297
3298        if (bmval2 & FATTR4_WORD2_LAYOUT_TYPES) {
3299                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3300                if (status)
3301                        goto out;
3302        }
3303
3304        if (bmval2 & FATTR4_WORD2_LAYOUT_BLKSIZE) {
3305                p = xdr_reserve_space(xdr, 4);
3306                if (!p)
3307                        goto out_resource;
3308                *p++ = cpu_to_be32(stat.blksize);
3309        }
3310#endif /* CONFIG_NFSD_PNFS */
3311        if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
3312                u32 supp[3];
3313
3314                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
3315                supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0;
3316                supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1;
3317                supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2;
3318
3319                status = nfsd4_encode_bitmap(xdr, supp[0], supp[1], supp[2]);
3320                if (status)
3321                        goto out;
3322        }
3323
3324#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3325        if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
3326                status = nfsd4_encode_security_label(xdr, rqstp, context,
3327                                                                contextlen);
3328                if (status)
3329                        goto out;
3330        }
3331#endif
3332
3333        if (bmval2 & FATTR4_WORD2_XATTR_SUPPORT) {
3334                p = xdr_reserve_space(xdr, 4);
3335                if (!p)
3336                        goto out_resource;
3337                err = xattr_supported_namespace(d_inode(dentry),
3338                                                XATTR_USER_PREFIX);
3339                *p++ = cpu_to_be32(err == 0);
3340        }
3341
3342        attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
3343        write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
3344        status = nfs_ok;
3345
3346out:
3347#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3348        if (context)
3349                security_release_secctx(context, contextlen);
3350#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
3351        kfree(acl);
3352        if (tempfh) {
3353                fh_put(tempfh);
3354                kfree(tempfh);
3355        }
3356        if (status)
3357                xdr_truncate_encode(xdr, starting_len);
3358        return status;
3359out_nfserr:
3360        status = nfserrno(err);
3361        goto out;
3362out_resource:
3363        status = nfserr_resource;
3364        goto out;
3365}
3366
3367static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
3368                                struct xdr_buf *buf, __be32 *p, int bytes)
3369{
3370        xdr->scratch.iov_len = 0;
3371        memset(buf, 0, sizeof(struct xdr_buf));
3372        buf->head[0].iov_base = p;
3373        buf->head[0].iov_len = 0;
3374        buf->len = 0;
3375        xdr->buf = buf;
3376        xdr->iov = buf->head;
3377        xdr->p = p;
3378        xdr->end = (void *)p + bytes;
3379        buf->buflen = bytes;
3380}
3381
3382__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
3383                        struct svc_fh *fhp, struct svc_export *exp,
3384                        struct dentry *dentry, u32 *bmval,
3385                        struct svc_rqst *rqstp, int ignore_crossmnt)
3386{
3387        struct xdr_buf dummy;
3388        struct xdr_stream xdr;
3389        __be32 ret;
3390
3391        svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
3392        ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
3393                                                        ignore_crossmnt);
3394        *p = xdr.p;
3395        return ret;
3396}
3397
3398static inline int attributes_need_mount(u32 *bmval)
3399{
3400        if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
3401                return 1;
3402        if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
3403                return 1;
3404        return 0;
3405}
3406
3407static __be32
3408nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
3409                        const char *name, int namlen)
3410{
3411        struct svc_export *exp = cd->rd_fhp->fh_export;
3412        struct dentry *dentry;
3413        __be32 nfserr;
3414        int ignore_crossmnt = 0;
3415
3416        dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
3417        if (IS_ERR(dentry))
3418                return nfserrno(PTR_ERR(dentry));
3419
3420        exp_get(exp);
3421        /*
3422         * In the case of a mountpoint, the client may be asking for
3423         * attributes that are only properties of the underlying filesystem
3424         * as opposed to the cross-mounted file system. In such a case,
3425         * we will not follow the cross mount and will fill the attribtutes
3426         * directly from the mountpoint dentry.
3427         */
3428        if (nfsd_mountpoint(dentry, exp)) {
3429                int err;
3430
3431                if (!(exp->ex_flags & NFSEXP_V4ROOT)
3432                                && !attributes_need_mount(cd->rd_bmval)) {
3433                        ignore_crossmnt = 1;
3434                        goto out_encode;
3435                }
3436                /*
3437                 * Why the heck aren't we just using nfsd_lookup??
3438                 * Different "."/".." handling?  Something else?
3439                 * At least, add a comment here to explain....
3440                 */
3441                err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
3442                if (err) {
3443                        nfserr = nfserrno(err);
3444                        goto out_put;
3445                }
3446                nfserr = check_nfsd_access(exp, cd->rd_rqstp);
3447                if (nfserr)
3448                        goto out_put;
3449
3450        }
3451out_encode:
3452        nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval,
3453                                        cd->rd_rqstp, ignore_crossmnt);
3454out_put:
3455        dput(dentry);
3456        exp_put(exp);
3457        return nfserr;
3458}
3459
3460static __be32 *
3461nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr)
3462{
3463        __be32 *p;
3464
3465        p = xdr_reserve_space(xdr, 20);
3466        if (!p)
3467                return NULL;
3468        *p++ = htonl(2);
3469        *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
3470        *p++ = htonl(0);                         /* bmval1 */
3471
3472        *p++ = htonl(4);     /* attribute length */
3473        *p++ = nfserr;       /* no htonl */
3474        return p;
3475}
3476
3477static int
3478nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
3479                    loff_t offset, u64 ino, unsigned int d_type)
3480{
3481        struct readdir_cd *ccd = ccdv;
3482        struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
3483        struct xdr_stream *xdr = cd->xdr;
3484        int start_offset = xdr->buf->len;
3485        int cookie_offset;
3486        u32 name_and_cookie;
3487        int entry_bytes;
3488        __be32 nfserr = nfserr_toosmall;
3489        __be64 wire_offset;
3490        __be32 *p;
3491
3492        /* In nfsv4, "." and ".." never make it onto the wire.. */
3493        if (name && isdotent(name, namlen)) {
3494                cd->common.err = nfs_ok;
3495                return 0;
3496        }
3497
3498        if (cd->cookie_offset) {
3499                wire_offset = cpu_to_be64(offset);
3500                write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset,
3501                                                        &wire_offset, 8);
3502        }
3503
3504        p = xdr_reserve_space(xdr, 4);
3505        if (!p)
3506                goto fail;
3507        *p++ = xdr_one;                             /* mark entry present */
3508        cookie_offset = xdr->buf->len;
3509        p = xdr_reserve_space(xdr, 3*4 + namlen);
3510        if (!p)
3511                goto fail;
3512        p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
3513        p = xdr_encode_array(p, name, namlen);      /* name length & name */
3514
3515        nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen);
3516        switch (nfserr) {
3517        case nfs_ok:
3518                break;
3519        case nfserr_resource:
3520                nfserr = nfserr_toosmall;
3521                goto fail;
3522        case nfserr_noent:
3523                xdr_truncate_encode(xdr, start_offset);
3524                goto skip_entry;
3525        default:
3526                /*
3527                 * If the client requested the RDATTR_ERROR attribute,
3528                 * we stuff the error code into this attribute
3529                 * and continue.  If this attribute was not requested,
3530                 * then in accordance with the spec, we fail the
3531                 * entire READDIR operation(!)
3532                 */
3533                if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
3534                        goto fail;
3535                p = nfsd4_encode_rdattr_error(xdr, nfserr);
3536                if (p == NULL) {
3537                        nfserr = nfserr_toosmall;
3538                        goto fail;
3539                }
3540        }
3541        nfserr = nfserr_toosmall;
3542        entry_bytes = xdr->buf->len - start_offset;
3543        if (entry_bytes > cd->rd_maxcount)
3544                goto fail;
3545        cd->rd_maxcount -= entry_bytes;
3546        /*
3547         * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so
3548         * let's always let through the first entry, at least:
3549         */
3550        if (!cd->rd_dircount)
3551                goto fail;
3552        name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8;
3553        if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
3554                goto fail;
3555        cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
3556
3557        cd->cookie_offset = cookie_offset;
3558skip_entry:
3559        cd->common.err = nfs_ok;
3560        return 0;
3561fail:
3562        xdr_truncate_encode(xdr, start_offset);
3563        cd->common.err = nfserr;
3564        return -EINVAL;
3565}
3566
3567static __be32
3568nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
3569{
3570        __be32 *p;
3571
3572        p = xdr_reserve_space(xdr, sizeof(stateid_t));
3573        if (!p)
3574                return nfserr_resource;
3575        *p++ = cpu_to_be32(sid->si_generation);
3576        p = xdr_encode_opaque_fixed(p, &sid->si_opaque,
3577                                        sizeof(stateid_opaque_t));
3578        return 0;
3579}
3580
3581static __be32
3582nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
3583{
3584        struct xdr_stream *xdr = resp->xdr;
3585        __be32 *p;
3586
3587        p = xdr_reserve_space(xdr, 8);
3588        if (!p)
3589                return nfserr_resource;
3590        *p++ = cpu_to_be32(access->ac_supported);
3591        *p++ = cpu_to_be32(access->ac_resp_access);
3592        return 0;
3593}
3594
3595static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
3596{
3597        struct xdr_stream *xdr = resp->xdr;
3598        __be32 *p;
3599
3600        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8);
3601        if (!p)
3602                return nfserr_resource;
3603        p = xdr_encode_opaque_fixed(p, bcts->sessionid.data,
3604                                        NFS4_MAX_SESSIONID_LEN);
3605        *p++ = cpu_to_be32(bcts->dir);
3606        /* Upshifting from TCP to RDMA is not supported */
3607        *p++ = cpu_to_be32(0);
3608        return 0;
3609}
3610
3611static __be32
3612nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
3613{
3614        struct xdr_stream *xdr = resp->xdr;
3615
3616        return nfsd4_encode_stateid(xdr, &close->cl_stateid);
3617}
3618
3619
3620static __be32
3621nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
3622{
3623        struct xdr_stream *xdr = resp->xdr;
3624        __be32 *p;
3625
3626        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3627        if (!p)
3628                return nfserr_resource;
3629        p = xdr_encode_opaque_fixed(p, commit->co_verf.data,
3630                                                NFS4_VERIFIER_SIZE);
3631        return 0;
3632}
3633
3634static __be32
3635nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
3636{
3637        struct xdr_stream *xdr = resp->xdr;
3638        __be32 *p;
3639
3640        p = xdr_reserve_space(xdr, 20);
3641        if (!p)
3642                return nfserr_resource;
3643        encode_cinfo(p, &create->cr_cinfo);
3644        return nfsd4_encode_bitmap(xdr, create->cr_bmval[0],
3645                        create->cr_bmval[1], create->cr_bmval[2]);
3646}
3647
3648static __be32
3649nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
3650{
3651        struct svc_fh *fhp = getattr->ga_fhp;
3652        struct xdr_stream *xdr = resp->xdr;
3653
3654        return nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry,
3655                                    getattr->ga_bmval, resp->rqstp, 0);
3656}
3657
3658static __be32
3659nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
3660{
3661        struct xdr_stream *xdr = resp->xdr;
3662        struct svc_fh *fhp = *fhpp;
3663        unsigned int len;
3664        __be32 *p;
3665
3666        len = fhp->fh_handle.fh_size;
3667        p = xdr_reserve_space(xdr, len + 4);
3668        if (!p)
3669                return nfserr_resource;
3670        p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base, len);
3671        return 0;
3672}
3673
3674/*
3675* Including all fields other than the name, a LOCK4denied structure requires
3676*   8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
3677*/
3678static __be32
3679nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
3680{
3681        struct xdr_netobj *conf = &ld->ld_owner;
3682        __be32 *p;
3683
3684again:
3685        p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len));
3686        if (!p) {
3687                /*
3688                 * Don't fail to return the result just because we can't
3689                 * return the conflicting open:
3690                 */
3691                if (conf->len) {
3692                        kfree(conf->data);
3693                        conf->len = 0;
3694                        conf->data = NULL;
3695                        goto again;
3696                }
3697                return nfserr_resource;
3698        }
3699        p = xdr_encode_hyper(p, ld->ld_start);
3700        p = xdr_encode_hyper(p, ld->ld_length);
3701        *p++ = cpu_to_be32(ld->ld_type);
3702        if (conf->len) {
3703                p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8);
3704                p = xdr_encode_opaque(p, conf->data, conf->len);
3705                kfree(conf->data);
3706        }  else {  /* non - nfsv4 lock in conflict, no clientid nor owner */
3707                p = xdr_encode_hyper(p, (u64)0); /* clientid */
3708                *p++ = cpu_to_be32(0); /* length of owner name */
3709        }
3710        return nfserr_denied;
3711}
3712
3713static __be32
3714nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
3715{
3716        struct xdr_stream *xdr = resp->xdr;
3717
3718        if (!nfserr)
3719                nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid);
3720        else if (nfserr == nfserr_denied)
3721                nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied);
3722
3723        return nfserr;
3724}
3725
3726static __be32
3727nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
3728{
3729        struct xdr_stream *xdr = resp->xdr;
3730
3731        if (nfserr == nfserr_denied)
3732                nfsd4_encode_lock_denied(xdr, &lockt->lt_denied);
3733        return nfserr;
3734}
3735
3736static __be32
3737nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
3738{
3739        struct xdr_stream *xdr = resp->xdr;
3740
3741        return nfsd4_encode_stateid(xdr, &locku->lu_stateid);
3742}
3743
3744
3745static __be32
3746nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
3747{
3748        struct xdr_stream *xdr = resp->xdr;
3749        __be32 *p;
3750
3751        p = xdr_reserve_space(xdr, 20);
3752        if (!p)
3753                return nfserr_resource;
3754        p = encode_cinfo(p, &link->li_cinfo);
3755        return 0;
3756}
3757
3758
3759static __be32
3760nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
3761{
3762        struct xdr_stream *xdr = resp->xdr;
3763        __be32 *p;
3764
3765        nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid);
3766        if (nfserr)
3767                return nfserr;
3768        p = xdr_reserve_space(xdr, 24);
3769        if (!p)
3770                return nfserr_resource;
3771        p = encode_cinfo(p, &open->op_cinfo);
3772        *p++ = cpu_to_be32(open->op_rflags);
3773
3774        nfserr = nfsd4_encode_bitmap(xdr, open->op_bmval[0], open->op_bmval[1],
3775                                        open->op_bmval[2]);
3776        if (nfserr)
3777                return nfserr;
3778
3779        p = xdr_reserve_space(xdr, 4);
3780        if (!p)
3781                return nfserr_resource;
3782
3783        *p++ = cpu_to_be32(open->op_delegate_type);
3784        switch (open->op_delegate_type) {
3785        case NFS4_OPEN_DELEGATE_NONE:
3786                break;
3787        case NFS4_OPEN_DELEGATE_READ:
3788                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3789                if (nfserr)
3790                        return nfserr;
3791                p = xdr_reserve_space(xdr, 20);
3792                if (!p)
3793                        return nfserr_resource;
3794                *p++ = cpu_to_be32(open->op_recall);
3795
3796                /*
3797                 * TODO: ACE's in delegations
3798                 */
3799                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3800                *p++ = cpu_to_be32(0);
3801                *p++ = cpu_to_be32(0);
3802                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3803                break;
3804        case NFS4_OPEN_DELEGATE_WRITE:
3805                nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3806                if (nfserr)
3807                        return nfserr;
3808                p = xdr_reserve_space(xdr, 32);
3809                if (!p)
3810                        return nfserr_resource;
3811                *p++ = cpu_to_be32(0);
3812
3813                /*
3814                 * TODO: space_limit's in delegations
3815                 */
3816                *p++ = cpu_to_be32(NFS4_LIMIT_SIZE);
3817                *p++ = cpu_to_be32(~(u32)0);
3818                *p++ = cpu_to_be32(~(u32)0);
3819
3820                /*
3821                 * TODO: ACE's in delegations
3822                 */
3823                *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3824                *p++ = cpu_to_be32(0);
3825                *p++ = cpu_to_be32(0);
3826                *p++ = cpu_to_be32(0);   /* XXX: is NULL principal ok? */
3827                break;
3828        case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
3829                switch (open->op_why_no_deleg) {
3830                case WND4_CONTENTION:
3831                case WND4_RESOURCE:
3832                        p = xdr_reserve_space(xdr, 8);
3833                        if (!p)
3834                                return nfserr_resource;
3835                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3836                        /* deleg signaling not supported yet: */
3837                        *p++ = cpu_to_be32(0);
3838                        break;
3839                default:
3840                        p = xdr_reserve_space(xdr, 4);
3841                        if (!p)
3842                                return nfserr_resource;
3843                        *p++ = cpu_to_be32(open->op_why_no_deleg);
3844                }
3845                break;
3846        default:
3847                BUG();
3848        }
3849        /* XXX save filehandle here */
3850        return 0;
3851}
3852
3853static __be32
3854nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
3855{
3856        struct xdr_stream *xdr = resp->xdr;
3857
3858        return nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid);
3859}
3860
3861static __be32
3862nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
3863{
3864        struct xdr_stream *xdr = resp->xdr;
3865
3866        return nfsd4_encode_stateid(xdr, &od->od_stateid);
3867}
3868
3869static __be32 nfsd4_encode_splice_read(
3870                                struct nfsd4_compoundres *resp,
3871                                struct nfsd4_read *read,
3872                                struct file *file, unsigned long maxcount)
3873{
3874        struct xdr_stream *xdr = resp->xdr;
3875        struct xdr_buf *buf = xdr->buf;
3876        int status, space_left;
3877        u32 eof;
3878        __be32 nfserr;
3879        __be32 *p = xdr->p - 2;
3880
3881        /* Make sure there will be room for padding if needed */
3882        if (xdr->end - xdr->p < 1)
3883                return nfserr_resource;
3884
3885        nfserr = nfsd_splice_read(read->rd_rqstp, read->rd_fhp,
3886                                  file, read->rd_offset, &maxcount, &eof);
3887        read->rd_length = maxcount;
3888        if (nfserr)
3889                goto out_err;
3890        status = svc_encode_result_payload(read->rd_rqstp,
3891                                           buf->head[0].iov_len, maxcount);
3892        if (status) {
3893                nfserr = nfserrno(status);
3894                goto out_err;
3895        }
3896
3897        *(p++) = htonl(eof);
3898        *(p++) = htonl(maxcount);
3899
3900        buf->page_len = maxcount;
3901        buf->len += maxcount;
3902        xdr->page_ptr += (buf->page_base + maxcount + PAGE_SIZE - 1)
3903                                                        / PAGE_SIZE;
3904
3905        /* Use rest of head for padding and remaining ops: */
3906        buf->tail[0].iov_base = xdr->p;
3907        buf->tail[0].iov_len = 0;
3908        xdr->iov = buf->tail;
3909        if (maxcount&3) {
3910                int pad = 4 - (maxcount&3);
3911
3912                *(xdr->p++) = 0;
3913
3914                buf->tail[0].iov_base += maxcount&3;
3915                buf->tail[0].iov_len = pad;
3916                buf->len += pad;
3917        }
3918
3919        space_left = min_t(int, (void *)xdr->end - (void *)xdr->p,
3920                                buf->buflen - buf->len);
3921        buf->buflen = buf->len + space_left;
3922        xdr->end = (__be32 *)((void *)xdr->end + space_left);
3923
3924        return 0;
3925
3926out_err:
3927        /*
3928         * nfsd_splice_actor may have already messed with the
3929         * page length; reset it so as not to confuse
3930         * xdr_truncate_encode in our caller.
3931         */
3932        buf->page_len = 0;
3933        return nfserr;
3934}
3935
3936static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
3937                                 struct nfsd4_read *read,
3938                                 struct file *file, unsigned long maxcount)
3939{
3940        struct xdr_stream *xdr = resp->xdr;
3941        u32 eof;
3942        int starting_len = xdr->buf->len - 8;
3943        __be32 nfserr;
3944        __be32 tmp;
3945        int pad;
3946
3947        read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, maxcount);
3948        if (read->rd_vlen < 0)
3949                return nfserr_resource;
3950
3951        nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
3952                            resp->rqstp->rq_vec, read->rd_vlen, &maxcount,
3953                            &eof);
3954        read->rd_length = maxcount;
3955        if (nfserr)
3956                return nfserr;
3957        if (svc_encode_result_payload(resp->rqstp, starting_len + 8, maxcount))
3958                return nfserr_io;
3959        xdr_truncate_encode(xdr, starting_len + 8 + xdr_align_size(maxcount));
3960
3961        tmp = htonl(eof);
3962        write_bytes_to_xdr_buf(xdr->buf, starting_len    , &tmp, 4);
3963        tmp = htonl(maxcount);
3964        write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3965
3966        tmp = xdr_zero;
3967        pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3968        write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3969                                                                &tmp, pad);
3970        return 0;
3971
3972}
3973
3974static __be32
3975nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
3976                  struct nfsd4_read *read)
3977{
3978        unsigned long maxcount;
3979        struct xdr_stream *xdr = resp->xdr;
3980        struct file *file;
3981        int starting_len = xdr->buf->len;
3982        __be32 *p;
3983
3984        if (nfserr)
3985                return nfserr;
3986        file = read->rd_nf->nf_file;
3987
3988        p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3989        if (!p) {
3990                WARN_ON_ONCE(test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags));
3991                return nfserr_resource;
3992        }
3993        if (resp->xdr->buf->page_len &&
3994            test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
3995                WARN_ON_ONCE(1);
3996                return nfserr_resource;
3997        }
3998        xdr_commit_encode(xdr);
3999
4000        maxcount = svc_max_payload(resp->rqstp);

4001        maxcount = min_t(unsigned long, maxcount,
4002                         (xdr->buf->buflen - xdr->buf->len));
4003        maxcount = min_t(unsigned long, maxcount, read->rd_length);
4004
4005        if (file->f_op->splice_read &&
4006            test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags))
4007                nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount);
4008        else
4009                nfserr = nfsd4_encode_readv(resp, read, file, maxcount);
4010
4011        if (nfserr)
4012                xdr_truncate_encode(xdr, starting_len);
4013
4014        return nfserr;
4015}
4016
4017static __be32
4018nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
4019{
4020        int maxcount;
4021        __be32 wire_count;
4022        int zero = 0;
4023        struct xdr_stream *xdr = resp->xdr;
4024        int length_offset = xdr->buf->len;
4025        int status;
4026        __be32 *p;
4027
4028        p = xdr_reserve_space(xdr, 4);
4029        if (!p)
4030                return nfserr_resource;
4031        maxcount = PAGE_SIZE;
4032
4033        p = xdr_reserve_space(xdr, maxcount);
4034        if (!p)
4035                return nfserr_resource;
4036        /*
4037         * XXX: By default, vfs_readlink() will truncate symlinks if they
4038         * would overflow the buffer.  Is this kosher in NFSv4?  If not, one
4039         * easy fix is: if vfs_readlink() precisely fills the buffer, assume
4040         * that truncation occurred, and return NFS4ERR_RESOURCE.
4041         */
4042        nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp,
4043                                                (char *)p, &maxcount);
4044        if (nfserr == nfserr_isdir)
4045                nfserr = nfserr_inval;
4046        if (nfserr)
4047                goto out_err;
4048        status = svc_encode_result_payload(readlink->rl_rqstp, length_offset,
4049                                           maxcount);
4050        if (status) {
4051                nfserr = nfserrno(status);
4052                goto out_err;
4053        }
4054
4055        wire_count = htonl(maxcount);
4056        write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4);
4057        xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4));
4058        if (maxcount & 3)
4059                write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount,
4060                                                &zero, 4 - (maxcount&3));
4061        return 0;
4062
4063out_err:
4064        xdr_truncate_encode(xdr, length_offset);
4065        return nfserr;
4066}
4067
4068static __be32
4069nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
4070{
4071        int maxcount;
4072        int bytes_left;
4073        loff_t offset;
4074        __be64 wire_offset;
4075        struct xdr_stream *xdr = resp->xdr;
4076        int starting_len = xdr->buf->len;
4077        __be32 *p;
4078
4079        p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
4080        if (!p)
4081                return nfserr_resource;
4082
4083        /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
4084        *p++ = cpu_to_be32(0);
4085        *p++ = cpu_to_be32(0);
4086        xdr->buf->head[0].iov_len = (char *)xdr->p -
4087                                    (char *)xdr->buf->head[0].iov_base;
4088
4089        /*
4090         * Number of bytes left for directory entries allowing for the
4091         * final 8 bytes of the readdir and a following failed op:
4092         */
4093        bytes_left = xdr->buf->buflen - xdr->buf->len
4094                        - COMPOUND_ERR_SLACK_SPACE - 8;
4095        if (bytes_left < 0) {
4096                nfserr = nfserr_resource;
4097                goto err_no_verf;
4098        }
4099        maxcount = svc_max_payload(resp->rqstp);
4100        maxcount = min_t(u32, readdir->rd_maxcount, maxcount);
4101        /*
4102         * Note the rfc defines rd_maxcount as the size of the
4103         * READDIR4resok structure, which includes the verifier above
4104         * and the 8 bytes encoded at the end of this function:
4105         */
4106        if (maxcount < 16) {
4107                nfserr = nfserr_toosmall;
4108                goto err_no_verf;
4109        }
4110        maxcount = min_t(int, maxcount-16, bytes_left);
4111
4112        /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
4113        if (!readdir->rd_dircount)
4114                readdir->rd_dircount = svc_max_payload(resp->rqstp);
4115
4116        readdir->xdr = xdr;
4117        readdir->rd_maxcount = maxcount;
4118        readdir->common.err = 0;
4119        readdir->cookie_offset = 0;
4120
4121        offset = readdir->rd_cookie;
4122        nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
4123                              &offset,
4124                              &readdir->common, nfsd4_encode_dirent);
4125        if (nfserr == nfs_ok &&
4126            readdir->common.err == nfserr_toosmall &&
4127            xdr->buf->len == starting_len + 8) {
4128                /* nothing encoded; which limit did we hit?: */
4129                if (maxcount - 16 < bytes_left)
4130                        /* It was the fault of rd_maxcount: */
4131                        nfserr = nfserr_toosmall;
4132                else
4133                        /* We ran out of buffer space: */
4134                        nfserr = nfserr_resource;
4135        }
4136        if (nfserr)
4137                goto err_no_verf;
4138
4139        if (readdir->cookie_offset) {
4140                wire_offset = cpu_to_be64(offset);
4141                write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset,
4142                                                        &wire_offset, 8);
4143        }
4144
4145        p = xdr_reserve_space(xdr, 8);
4146        if (!p) {
4147                WARN_ON_ONCE(1);
4148                goto err_no_verf;
4149        }
4150        *p++ = 0;       /* no more entries */
4151        *p++ = htonl(readdir->common.err == nfserr_eof);
4152
4153        return 0;
4154err_no_verf:
4155        xdr_truncate_encode(xdr, starting_len);
4156        return nfserr;
4157}
4158
4159static __be32
4160nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
4161{
4162        struct xdr_stream *xdr = resp->xdr;
4163        __be32 *p;
4164
4165        p = xdr_reserve_space(xdr, 20);
4166        if (!p)
4167                return nfserr_resource;
4168        p = encode_cinfo(p, &remove->rm_cinfo);
4169        return 0;
4170}
4171
4172static __be32
4173nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
4174{
4175        struct xdr_stream *xdr = resp->xdr;
4176        __be32 *p;
4177
4178        p = xdr_reserve_space(xdr, 40);
4179        if (!p)
4180                return nfserr_resource;
4181        p = encode_cinfo(p, &rename->rn_sinfo);
4182        p = encode_cinfo(p, &rename->rn_tinfo);
4183        return 0;
4184}
4185
4186static __be32
4187nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
4188{
4189        u32 i, nflavs, supported;
4190        struct exp_flavor_info *flavs;
4191        struct exp_flavor_info def_flavs[2];
4192        __be32 *p, *flavorsp;
4193        static bool report = true;
4194
4195        if (exp->ex_nflavors) {
4196                flavs = exp->ex_flavors;
4197                nflavs = exp->ex_nflavors;
4198        } else { /* Handling of some defaults in absence of real secinfo: */
4199                flavs = def_flavs;
4200                if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
4201                        nflavs = 2;
4202                        flavs[0].pseudoflavor = RPC_AUTH_UNIX;
4203                        flavs[1].pseudoflavor = RPC_AUTH_NULL;
4204                } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
4205                        nflavs = 1;
4206                        flavs[0].pseudoflavor
4207                                        = svcauth_gss_flavor(exp->ex_client);
4208                } else {
4209                        nflavs = 1;
4210                        flavs[0].pseudoflavor
4211                                        = exp->ex_client->flavour->flavour;
4212                }
4213        }
4214
4215        supported = 0;
4216        p = xdr_reserve_space(xdr, 4);
4217        if (!p)
4218                return nfserr_resource;
4219        flavorsp = p++;         /* to be backfilled later */
4220
4221        for (i = 0; i < nflavs; i++) {
4222                rpc_authflavor_t pf = flavs[i].pseudoflavor;
4223                struct rpcsec_gss_info info;
4224
4225                if (rpcauth_get_gssinfo(pf, &info) == 0) {
4226                        supported++;
4227                        p = xdr_reserve_space(xdr, 4 + 4 +
4228                                              XDR_LEN(info.oid.len) + 4 + 4);
4229                        if (!p)
4230                                return nfserr_resource;
4231                        *p++ = cpu_to_be32(RPC_AUTH_GSS);
4232                        p = xdr_encode_opaque(p,  info.oid.data, info.oid.len);
4233                        *p++ = cpu_to_be32(info.qop);
4234                        *p++ = cpu_to_be32(info.service);
4235                } else if (pf < RPC_AUTH_MAXFLAVOR) {
4236                        supported++;
4237                        p = xdr_reserve_space(xdr, 4);
4238                        if (!p)
4239                                return nfserr_resource;
4240                        *p++ = cpu_to_be32(pf);
4241                } else {
4242                        if (report)
4243                                pr_warn("NFS: SECINFO: security flavor %u "
4244                                        "is not supported\n", pf);
4245                }
4246        }
4247
4248        if (nflavs != supported)
4249                report = false;
4250        *flavorsp = htonl(supported);
4251        return 0;
4252}
4253
4254static __be32
4255nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4256                     struct nfsd4_secinfo *secinfo)
4257{
4258        struct xdr_stream *xdr = resp->xdr;
4259
4260        return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp);
4261}
4262
4263static __be32
4264nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
4265                     struct nfsd4_secinfo_no_name *secinfo)
4266{
4267        struct xdr_stream *xdr = resp->xdr;
4268
4269        return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp);
4270}
4271
4272/*
4273 * The SETATTR encode routine is special -- it always encodes a bitmap,
4274 * regardless of the error status.
4275 */
4276static __be32
4277nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
4278{
4279        struct xdr_stream *xdr = resp->xdr;
4280        __be32 *p;
4281
4282        p = xdr_reserve_space(xdr, 16);
4283        if (!p)
4284                return nfserr_resource;
4285        if (nfserr) {
4286                *p++ = cpu_to_be32(3);
4287                *p++ = cpu_to_be32(0);
4288                *p++ = cpu_to_be32(0);
4289                *p++ = cpu_to_be32(0);
4290        }
4291        else {
4292                *p++ = cpu_to_be32(3);
4293                *p++ = cpu_to_be32(setattr->sa_bmval[0]);
4294                *p++ = cpu_to_be32(setattr->sa_bmval[1]);
4295                *p++ = cpu_to_be32(setattr->sa_bmval[2]);
4296        }
4297        return nfserr;
4298}
4299
4300static __be32
4301nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
4302{
4303        struct xdr_stream *xdr = resp->xdr;
4304        __be32 *p;
4305
4306        if (!nfserr) {
4307                p = xdr_reserve_space(xdr, 8 + NFS4_VERIFIER_SIZE);
4308                if (!p)
4309                        return nfserr_resource;
4310                p = xdr_encode_opaque_fixed(p, &scd->se_clientid, 8);
4311                p = xdr_encode_opaque_fixed(p, &scd->se_confirm,
4312                                                NFS4_VERIFIER_SIZE);
4313        }
4314        else if (nfserr == nfserr_clid_inuse) {
4315                p = xdr_reserve_space(xdr, 8);
4316                if (!p)
4317                        return nfserr_resource;
4318                *p++ = cpu_to_be32(0);
4319                *p++ = cpu_to_be32(0);
4320        }
4321        return nfserr;
4322}
4323
4324static __be32
4325nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
4326{
4327        struct xdr_stream *xdr = resp->xdr;
4328        __be32 *p;
4329
4330        p = xdr_reserve_space(xdr, 16);
4331        if (!p)
4332                return nfserr_resource;
4333        *p++ = cpu_to_be32(write->wr_bytes_written);
4334        *p++ = cpu_to_be32(write->wr_how_written);
4335        p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4336                                                NFS4_VERIFIER_SIZE);
4337        return 0;
4338}
4339
4340static __be32
4341nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
4342                         struct nfsd4_exchange_id *exid)
4343{
4344        struct xdr_stream *xdr = resp->xdr;
4345        __be32 *p;
4346        char *major_id;
4347        char *server_scope;
4348        int major_id_sz;
4349        int server_scope_sz;
4350        uint64_t minor_id = 0;
4351        struct nfsd_net *nn = net_generic(SVC_NET(resp->rqstp), nfsd_net_id);
4352
4353        major_id = nn->nfsd_name;
4354        major_id_sz = strlen(nn->nfsd_name);
4355        server_scope = nn->nfsd_name;
4356        server_scope_sz = strlen(nn->nfsd_name);
4357
4358        p = xdr_reserve_space(xdr,
4359                8 /* eir_clientid */ +
4360                4 /* eir_sequenceid */ +
4361                4 /* eir_flags */ +
4362                4 /* spr_how */);
4363        if (!p)
4364                return nfserr_resource;
4365
4366        p = xdr_encode_opaque_fixed(p, &exid->clientid, 8);
4367        *p++ = cpu_to_be32(exid->seqid);
4368        *p++ = cpu_to_be32(exid->flags);
4369
4370        *p++ = cpu_to_be32(exid->spa_how);
4371
4372        switch (exid->spa_how) {
4373        case SP4_NONE:
4374                break;
4375        case SP4_MACH_CRED:
4376                /* spo_must_enforce bitmap: */
4377                nfserr = nfsd4_encode_bitmap(xdr,
4378                                        exid->spo_must_enforce[0],
4379                                        exid->spo_must_enforce[1],
4380                                        exid->spo_must_enforce[2]);
4381                if (nfserr)
4382                        return nfserr;
4383                /* spo_must_allow bitmap: */
4384                nfserr = nfsd4_encode_bitmap(xdr,
4385                                        exid->spo_must_allow[0],
4386                                        exid->spo_must_allow[1],
4387                                        exid->spo_must_allow[2]);
4388                if (nfserr)
4389                        return nfserr;
4390                break;
4391        default:
4392                WARN_ON_ONCE(1);
4393        }
4394
4395        p = xdr_reserve_space(xdr,
4396                8 /* so_minor_id */ +
4397                4 /* so_major_id.len */ +
4398                (XDR_QUADLEN(major_id_sz) * 4) +
4399                4 /* eir_server_scope.len */ +
4400                (XDR_QUADLEN(server_scope_sz) * 4) +
4401                4 /* eir_server_impl_id.count (0) */);
4402        if (!p)
4403                return nfserr_resource;
4404
4405        /* The server_owner struct */
4406        p = xdr_encode_hyper(p, minor_id);      /* Minor id */
4407        /* major id */
4408        p = xdr_encode_opaque(p, major_id, major_id_sz);
4409
4410        /* Server scope */
4411        p = xdr_encode_opaque(p, server_scope, server_scope_sz);
4412
4413        /* Implementation id */
4414        *p++ = cpu_to_be32(0);  /* zero length nfs_impl_id4 array */
4415        return 0;
4416}
4417
4418static __be32
4419nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
4420                            struct nfsd4_create_session *sess)
4421{
4422        struct xdr_stream *xdr = resp->xdr;
4423        __be32 *p;
4424
4425        p = xdr_reserve_space(xdr, 24);
4426        if (!p)
4427                return nfserr_resource;
4428        p = xdr_encode_opaque_fixed(p, sess->sessionid.data,
4429                                        NFS4_MAX_SESSIONID_LEN);
4430        *p++ = cpu_to_be32(sess->seqid);
4431        *p++ = cpu_to_be32(sess->flags);
4432
4433        p = xdr_reserve_space(xdr, 28);
4434        if (!p)
4435                return nfserr_resource;
4436        *p++ = cpu_to_be32(0); /* headerpadsz */
4437        *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz);
4438        *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz);
4439        *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached);
4440        *p++ = cpu_to_be32(sess->fore_channel.maxops);
4441        *p++ = cpu_to_be32(sess->fore_channel.maxreqs);
4442        *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs);
4443
4444        if (sess->fore_channel.nr_rdma_attrs) {
4445                p = xdr_reserve_space(xdr, 4);
4446                if (!p)
4447                        return nfserr_resource;
4448                *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs);
4449        }
4450
4451        p = xdr_reserve_space(xdr, 28);
4452        if (!p)
4453                return nfserr_resource;
4454        *p++ = cpu_to_be32(0); /* headerpadsz */
4455        *p++ = cpu_to_be32(sess->back_channel.maxreq_sz);
4456        *p++ = cpu_to_be32(sess->back_channel.maxresp_sz);
4457        *p++ = cpu_to_be32(sess->back_channel.maxresp_cached);
4458        *p++ = cpu_to_be32(sess->back_channel.maxops);
4459        *p++ = cpu_to_be32(sess->back_channel.maxreqs);
4460        *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs);
4461
4462        if (sess->back_channel.nr_rdma_attrs) {
4463                p = xdr_reserve_space(xdr, 4);
4464                if (!p)
4465                        return nfserr_resource;
4466                *p++ = cpu_to_be32(sess->back_channel.rdma_attrs);
4467        }
4468        return 0;
4469}
4470
4471static __be32
4472nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
4473                      struct nfsd4_sequence *seq)
4474{
4475        struct xdr_stream *xdr = resp->xdr;
4476        __be32 *p;
4477
4478        p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20);
4479        if (!p)
4480                return nfserr_resource;
4481        p = xdr_encode_opaque_fixed(p, seq->sessionid.data,
4482                                        NFS4_MAX_SESSIONID_LEN);
4483        *p++ = cpu_to_be32(seq->seqid);
4484        *p++ = cpu_to_be32(seq->slotid);
4485        /* Note slotid's are numbered from zero: */
4486        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */
4487        *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */
4488        *p++ = cpu_to_be32(seq->status_flags);
4489
4490        resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */
4491        return 0;
4492}
4493
4494static __be32
4495nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
4496                          struct nfsd4_test_stateid *test_stateid)
4497{
4498        struct xdr_stream *xdr = resp->xdr;
4499        struct nfsd4_test_stateid_id *stateid, *next;
4500        __be32 *p;
4501
4502        p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids));
4503        if (!p)
4504                return nfserr_resource;
4505        *p++ = htonl(test_stateid->ts_num_ids);
4506
4507        list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
4508                *p++ = stateid->ts_id_status;
4509        }
4510
4511        return 0;
4512}
4513
4514#ifdef CONFIG_NFSD_PNFS
4515static __be32
4516nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4517                struct nfsd4_getdeviceinfo *gdev)
4518{
4519        struct xdr_stream *xdr = resp->xdr;
4520        const struct nfsd4_layout_ops *ops;
4521        u32 starting_len = xdr->buf->len, needed_len;
4522        __be32 *p;
4523
4524        p = xdr_reserve_space(xdr, 4);
4525        if (!p)
4526                return nfserr_resource;
4527
4528        *p++ = cpu_to_be32(gdev->gd_layout_type);
4529
4530        /* If maxcount is 0 then just update notifications */
4531        if (gdev->gd_maxcount != 0) {
4532                ops = nfsd4_layout_ops[gdev->gd_layout_type];
4533                nfserr = ops->encode_getdeviceinfo(xdr, gdev);
4534                if (nfserr) {
4535                        /*
4536                         * We don't bother to burden the layout drivers with
4537                         * enforcing gd_maxcount, just tell the client to
4538                         * come back with a bigger buffer if it's not enough.
4539                         */
4540                        if (xdr->buf->len + 4 > gdev->gd_maxcount)
4541                                goto toosmall;
4542                        return nfserr;
4543                }
4544        }
4545
4546        if (gdev->gd_notify_types) {
4547                p = xdr_reserve_space(xdr, 4 + 4);
4548                if (!p)
4549                        return nfserr_resource;
4550                *p++ = cpu_to_be32(1);                  /* bitmap length */
4551                *p++ = cpu_to_be32(gdev->gd_notify_types);
4552        } else {
4553                p = xdr_reserve_space(xdr, 4);
4554                if (!p)
4555                        return nfserr_resource;
4556                *p++ = 0;
4557        }
4558
4559        return 0;
4560toosmall:
4561        dprintk("%s: maxcount too small\n", __func__);
4562        needed_len = xdr->buf->len + 4 /* notifications */;
4563        xdr_truncate_encode(xdr, starting_len);
4564        p = xdr_reserve_space(xdr, 4);
4565        if (!p)
4566                return nfserr_resource;
4567        *p++ = cpu_to_be32(needed_len);
4568        return nfserr_toosmall;
4569}
4570
4571static __be32
4572nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr,
4573                struct nfsd4_layoutget *lgp)
4574{
4575        struct xdr_stream *xdr = resp->xdr;
4576        const struct nfsd4_layout_ops *ops;
4577        __be32 *p;
4578
4579        p = xdr_reserve_space(xdr, 36 + sizeof(stateid_opaque_t));
4580        if (!p)
4581                return nfserr_resource;
4582
4583        *p++ = cpu_to_be32(1);  /* we always set return-on-close */
4584        *p++ = cpu_to_be32(lgp->lg_sid.si_generation);
4585        p = xdr_encode_opaque_fixed(p, &lgp->lg_sid.si_opaque,
4586                                    sizeof(stateid_opaque_t));
4587
4588        *p++ = cpu_to_be32(1);  /* we always return a single layout */
4589        p = xdr_encode_hyper(p, lgp->lg_seg.offset);
4590        p = xdr_encode_hyper(p, lgp->lg_seg.length);
4591        *p++ = cpu_to_be32(lgp->lg_seg.iomode);
4592        *p++ = cpu_to_be32(lgp->lg_layout_type);
4593
4594        ops = nfsd4_layout_ops[lgp->lg_layout_type];
4595        return ops->encode_layoutget(xdr, lgp);
4596}
4597
4598static __be32
4599nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr,
4600                          struct nfsd4_layoutcommit *lcp)
4601{
4602        struct xdr_stream *xdr = resp->xdr;
4603        __be32 *p;
4604
4605        p = xdr_reserve_space(xdr, 4);
4606        if (!p)
4607                return nfserr_resource;
4608        *p++ = cpu_to_be32(lcp->lc_size_chg);
4609        if (lcp->lc_size_chg) {
4610                p = xdr_reserve_space(xdr, 8);
4611                if (!p)
4612                        return nfserr_resource;
4613                p = xdr_encode_hyper(p, lcp->lc_newsize);
4614        }
4615
4616        return 0;
4617}
4618
4619static __be32
4620nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr,
4621                struct nfsd4_layoutreturn *lrp)
4622{
4623        struct xdr_stream *xdr = resp->xdr;
4624        __be32 *p;
4625
4626        p = xdr_reserve_space(xdr, 4);
4627        if (!p)
4628                return nfserr_resource;
4629        *p++ = cpu_to_be32(lrp->lrs_present);
4630        if (lrp->lrs_present)
4631                return nfsd4_encode_stateid(xdr, &lrp->lr_sid);
4632        return 0;
4633}
4634#endif /* CONFIG_NFSD_PNFS */
4635
4636static __be32
4637nfsd42_encode_write_res(struct nfsd4_compoundres *resp,
4638                struct nfsd42_write_res *write, bool sync)
4639{
4640        __be32 *p;
4641        p = xdr_reserve_space(resp->xdr, 4);
4642        if (!p)
4643                return nfserr_resource;
4644
4645        if (sync)
4646                *p++ = cpu_to_be32(0);
4647        else {
4648                __be32 nfserr;
4649                *p++ = cpu_to_be32(1);
4650                nfserr = nfsd4_encode_stateid(resp->xdr, &write->cb_stateid);
4651                if (nfserr)
4652                        return nfserr;
4653        }
4654        p = xdr_reserve_space(resp->xdr, 8 + 4 + NFS4_VERIFIER_SIZE);
4655        if (!p)
4656                return nfserr_resource;
4657
4658        p = xdr_encode_hyper(p, write->wr_bytes_written);
4659        *p++ = cpu_to_be32(write->wr_stable_how);
4660        p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4661                                    NFS4_VERIFIER_SIZE);
4662        return nfs_ok;
4663}
4664
4665static __be32
4666nfsd42_encode_nl4_server(struct nfsd4_compoundres *resp, struct nl4_server *ns)
4667{
4668        struct xdr_stream *xdr = resp->xdr;
4669        struct nfs42_netaddr *addr;
4670        __be32 *p;
4671
4672        p = xdr_reserve_space(xdr, 4);
4673        *p++ = cpu_to_be32(ns->nl4_type);
4674
4675        switch (ns->nl4_type) {
4676        case NL4_NETADDR:
4677                addr = &ns->u.nl4_addr;
4678
4679                /* netid_len, netid, uaddr_len, uaddr (port included
4680                 * in RPCBIND_MAXUADDRLEN)
4681                 */
4682                p = xdr_reserve_space(xdr,
4683                        4 /* netid len */ +
4684                        (XDR_QUADLEN(addr->netid_len) * 4) +
4685                        4 /* uaddr len */ +
4686                        (XDR_QUADLEN(addr->addr_len) * 4));
4687                if (!p)
4688                        return nfserr_resource;
4689
4690                *p++ = cpu_to_be32(addr->netid_len);
4691                p = xdr_encode_opaque_fixed(p, addr->netid,
4692                                            addr->netid_len);
4693                *p++ = cpu_to_be32(addr->addr_len);
4694                p = xdr_encode_opaque_fixed(p, addr->addr,
4695                                        addr->addr_len);
4696                break;
4697        default:
4698                WARN_ON_ONCE(ns->nl4_type != NL4_NETADDR);
4699                return nfserr_inval;
4700        }
4701
4702        return 0;
4703}
4704
4705static __be32
4706nfsd4_encode_copy(struct nfsd4_compoundres *resp, __be32 nfserr,
4707                  struct nfsd4_copy *copy)
4708{
4709        __be32 *p;
4710
4711        nfserr = nfsd42_encode_write_res(resp, &copy->cp_res,
4712                                         !!copy->cp_synchronous);
4713        if (nfserr)
4714                return nfserr;
4715
4716        p = xdr_reserve_space(resp->xdr, 4 + 4);
4717        *p++ = xdr_one; /* cr_consecutive */
4718        *p++ = cpu_to_be32(copy->cp_synchronous);
4719        return 0;
4720}
4721
4722static __be32
4723nfsd4_encode_offload_status(struct nfsd4_compoundres *resp, __be32 nfserr,
4724                            struct nfsd4_offload_status *os)
4725{
4726        struct xdr_stream *xdr = resp->xdr;
4727        __be32 *p;
4728
4729        p = xdr_reserve_space(xdr, 8 + 4);
4730        if (!p)
4731                return nfserr_resource;
4732        p = xdr_encode_hyper(p, os->count);
4733        *p++ = cpu_to_be32(0);
4734        return nfserr;
4735}
4736
4737static __be32
4738nfsd4_encode_read_plus_data(struct nfsd4_compoundres *resp,
4739                            struct nfsd4_read *read,
4740                            unsigned long *maxcount, u32 *eof,
4741                            loff_t *pos)
4742{
4743        struct xdr_stream *xdr = resp->xdr;
4744        struct file *file = read->rd_nf->nf_file;
4745        int starting_len = xdr->buf->len;
4746        loff_t hole_pos;
4747        __be32 nfserr;
4748        __be32 *p, tmp;
4749        __be64 tmp64;
4750
4751        hole_pos = pos ? *pos : vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4752        if (hole_pos > read->rd_offset)
4753                *maxcount = min_t(unsigned long, *maxcount, hole_pos - read->rd_offset);
4754        *maxcount = min_t(unsigned long, *maxcount, (xdr->buf->buflen - xdr->buf->len));
4755
4756        /* Content type, offset, byte count */
4757        p = xdr_reserve_space(xdr, 4 + 8 + 4);
4758        if (!p)
4759                return nfserr_resource;
4760
4761        read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, *maxcount);
4762        if (read->rd_vlen < 0)
4763                return nfserr_resource;
4764
4765        nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
4766                            resp->rqstp->rq_vec, read->rd_vlen, maxcount, eof);
4767        if (nfserr)
4768                return nfserr;
4769        xdr_truncate_encode(xdr, starting_len + 16 + xdr_align_size(*maxcount));
4770
4771        tmp = htonl(NFS4_CONTENT_DATA);
4772        write_bytes_to_xdr_buf(xdr->buf, starting_len,      &tmp,   4);
4773        tmp64 = cpu_to_be64(read->rd_offset);
4774        write_bytes_to_xdr_buf(xdr->buf, starting_len + 4,  &tmp64, 8);
4775        tmp = htonl(*maxcount);
4776        write_bytes_to_xdr_buf(xdr->buf, starting_len + 12, &tmp,   4);
4777
4778        tmp = xdr_zero;
4779        write_bytes_to_xdr_buf(xdr->buf, starting_len + 16 + *maxcount, &tmp,
4780                               xdr_pad_size(*maxcount));
4781        return nfs_ok;
4782}
4783
4784static __be32
4785nfsd4_encode_read_plus_hole(struct nfsd4_compoundres *resp,
4786                            struct nfsd4_read *read,
4787                            unsigned long *maxcount, u32 *eof)
4788{
4789        struct file *file = read->rd_nf->nf_file;
4790        loff_t data_pos = vfs_llseek(file, read->rd_offset, SEEK_DATA);
4791        loff_t f_size = i_size_read(file_inode(file));
4792        unsigned long count;
4793        __be32 *p;
4794
4795        if (data_pos == -ENXIO)
4796                data_pos = f_size;
4797        else if (data_pos <= read->rd_offset || (data_pos < f_size && data_pos % PAGE_SIZE))
4798                return nfsd4_encode_read_plus_data(resp, read, maxcount, eof, &f_size);
4799        count = data_pos - read->rd_offset;
4800
4801        /* Content type, offset, byte count */
4802        p = xdr_reserve_space(resp->xdr, 4 + 8 + 8);
4803        if (!p)
4804                return nfserr_resource;
4805
4806        *p++ = htonl(NFS4_CONTENT_HOLE);
4807         p   = xdr_encode_hyper(p, read->rd_offset);
4808         p   = xdr_encode_hyper(p, count);
4809
4810        *eof = (read->rd_offset + count) >= f_size;
4811        *maxcount = min_t(unsigned long, count, *maxcount);
4812        return nfs_ok;
4813}
4814
4815static __be32
4816nfsd4_encode_read_plus(struct nfsd4_compoundres *resp, __be32 nfserr,
4817                       struct nfsd4_read *read)
4818{
4819        unsigned long maxcount, count;
4820        struct xdr_stream *xdr = resp->xdr;
4821        struct file *file;
4822        int starting_len = xdr->buf->len;
4823        int last_segment = xdr->buf->len;
4824        int segments = 0;
4825        __be32 *p, tmp;
4826        bool is_data;
4827        loff_t pos;
4828        u32 eof;
4829
4830        if (nfserr)
4831                return nfserr;
4832        file = read->rd_nf->nf_file;
4833
4834        /* eof flag, segment count */
4835        p = xdr_reserve_space(xdr, 4 + 4);
4836        if (!p)
4837                return nfserr_resource;
4838        xdr_commit_encode(xdr);
4839
4840        maxcount = svc_max_payload(resp->rqstp);
4841        maxcount = min_t(unsigned long, maxcount,
4842                         (xdr->buf->buflen - xdr->buf->len));
4843        maxcount = min_t(unsigned long, maxcount, read->rd_length);
4844        count    = maxcount;
4845
4846        eof = read->rd_offset >= i_size_read(file_inode(file));
4847        if (eof)
4848                goto out;
4849
4850        pos = vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4851        is_data = pos > read->rd_offset;
4852
4853        while (count > 0 && !eof) {
4854                maxcount = count;
4855                if (is_data)
4856                        nfserr = nfsd4_encode_read_plus_data(resp, read, &maxcount, &eof,
4857                                                segments == 0 ? &pos : NULL);
4858                else
4859                        nfserr = nfsd4_encode_read_plus_hole(resp, read, &maxcount, &eof);
4860                if (nfserr)
4861                        goto out;
4862                count -= maxcount;
4863                read->rd_offset += maxcount;
4864                is_data = !is_data;
4865                last_segment = xdr->buf->len;
4866                segments++;
4867        }
4868
4869out:
4870        if (nfserr && segments == 0)
4871                xdr_truncate_encode(xdr, starting_len);
4872        else {
4873                if (nfserr) {
4874                        xdr_truncate_encode(xdr, last_segment);
4875                        nfserr = nfs_ok;
4876                        eof = 0;
4877                }
4878                tmp = htonl(eof);
4879                write_bytes_to_xdr_buf(xdr->buf, starting_len,     &tmp, 4);
4880                tmp = htonl(segments);
4881                write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
4882        }
4883
4884        return nfserr;
4885}
4886
4887static __be32
4888nfsd4_encode_copy_notify(struct nfsd4_compoundres *resp, __be32 nfserr,
4889                         struct nfsd4_copy_notify *cn)
4890{
4891        struct xdr_stream *xdr = resp->xdr;
4892        __be32 *p;
4893
4894        if (nfserr)
4895                return nfserr;
4896
4897        /* 8 sec, 4 nsec */
4898        p = xdr_reserve_space(xdr, 12);
4899        if (!p)
4900                return nfserr_resource;
4901
4902        /* cnr_lease_time */
4903        p = xdr_encode_hyper(p, cn->cpn_sec);
4904        *p++ = cpu_to_be32(cn->cpn_nsec);
4905
4906        /* cnr_stateid */
4907        nfserr = nfsd4_encode_stateid(xdr, &cn->cpn_cnr_stateid);
4908        if (nfserr)
4909                return nfserr;
4910
4911        /* cnr_src.nl_nsvr */
4912        p = xdr_reserve_space(xdr, 4);
4913        if (!p)
4914                return nfserr_resource;
4915
4916        *p++ = cpu_to_be32(1);
4917
4918        return nfsd42_encode_nl4_server(resp, &cn->cpn_src);
4919}
4920
4921static __be32
4922nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr,
4923                  struct nfsd4_seek *seek)
4924{
4925        __be32 *p;
4926
4927        p = xdr_reserve_space(resp->xdr, 4 + 8);
4928        *p++ = cpu_to_be32(seek->seek_eof);
4929        p = xdr_encode_hyper(p, seek->seek_pos);
4930
4931        return 0;
4932}
4933
4934static __be32
4935nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
4936{
4937        return nfserr;
4938}
4939
4940/*
4941 * Encode kmalloc-ed buffer in to XDR stream.
4942 */
4943static __be32
4944nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen)
4945{
4946        u32 cplen;
4947        __be32 *p;
4948
4949        cplen = min_t(unsigned long, buflen,
4950                      ((void *)xdr->end - (void *)xdr->p));
4951        p = xdr_reserve_space(xdr, cplen);
4952        if (!p)
4953                return nfserr_resource;
4954
4955        memcpy(p, buf, cplen);
4956        buf += cplen;
4957        buflen -= cplen;
4958
4959        while (buflen) {
4960                cplen = min_t(u32, buflen, PAGE_SIZE);
4961                p = xdr_reserve_space(xdr, cplen);
4962                if (!p)
4963                        return nfserr_resource;
4964
4965                memcpy(p, buf, cplen);
4966
4967                if (cplen < PAGE_SIZE) {
4968                        /*
4969                         * We're done, with a length that wasn't page
4970                         * aligned, so possibly not word aligned. Pad
4971                         * any trailing bytes with 0.
4972                         */
4973                        xdr_encode_opaque_fixed(p, NULL, cplen);
4974                        break;
4975                }
4976
4977                buflen -= PAGE_SIZE;
4978                buf += PAGE_SIZE;
4979        }
4980
4981        return 0;
4982}
4983
4984static __be32
4985nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4986                      struct nfsd4_getxattr *getxattr)
4987{
4988        struct xdr_stream *xdr = resp->xdr;
4989        __be32 *p, err;
4990
4991        p = xdr_reserve_space(xdr, 4);
4992        if (!p)
4993                return nfserr_resource;
4994
4995        *p = cpu_to_be32(getxattr->getxa_len);
4996
4997        if (getxattr->getxa_len == 0)
4998                return 0;
4999
5000        err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf,

5001                                    getxattr->getxa_len);
5002
5003        kvfree(getxattr->getxa_buf);
5004
5005        return err;
5006}
5007
5008static __be32
5009nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
5010                      struct nfsd4_setxattr *setxattr)
5011{
5012        struct xdr_stream *xdr = resp->xdr;
5013        __be32 *p;
5014
5015        p = xdr_reserve_space(xdr, 20);
5016        if (!p)
5017                return nfserr_resource;
5018
5019        encode_cinfo(p, &setxattr->setxa_cinfo);
5020
5021        return 0;
5022}
5023
5024/*
5025 * See if there are cookie values that can be rejected outright.
5026 */
5027static __be32
5028nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs,
5029                                u32 *offsetp)
5030{
5031        u64 cookie = listxattrs->lsxa_cookie;
5032
5033        /*
5034         * If the cookie is larger than the maximum number we can fit
5035         * in either the buffer we just got back from vfs_listxattr, or,
5036         * XDR-encoded, in the return buffer, it's invalid.
5037         */
5038        if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2))
5039                return nfserr_badcookie;
5040
5041        if (cookie > (listxattrs->lsxa_maxcount /
5042                      (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4)))
5043                return nfserr_badcookie;
5044
5045        *offsetp = (u32)cookie;
5046        return 0;
5047}
5048
5049static __be32
5050nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr,
5051                        struct nfsd4_listxattrs *listxattrs)
5052{
5053        struct xdr_stream *xdr = resp->xdr;
5054        u32 cookie_offset, count_offset, eof;
5055        u32 left, xdrleft, slen, count;
5056        u32 xdrlen, offset;
5057        u64 cookie;
5058        char *sp;
5059        __be32 status, tmp;
5060        __be32 *p;
5061        u32 nuser;
5062
5063        eof = 1;
5064
5065        status = nfsd4_listxattr_validate_cookie(listxattrs, &offset);
5066        if (status)
5067                goto out;
5068
5069        /*
5070         * Reserve space for the cookie and the name array count. Record
5071         * the offsets to save them later.
5072         */
5073        cookie_offset = xdr->buf->len;
5074        count_offset = cookie_offset + 8;
5075        p = xdr_reserve_space(xdr, 12);
5076        if (!p) {
5077                status = nfserr_resource;
5078                goto out;
5079        }
5080
5081        count = 0;
5082        left = listxattrs->lsxa_len;
5083        sp = listxattrs->lsxa_buf;
5084        nuser = 0;
5085
5086        xdrleft = listxattrs->lsxa_maxcount;
5087
5088        while (left > 0 && xdrleft > 0) {
5089                slen = strlen(sp);
5090
5091                /*
5092                 * Check if this is a "user." attribute, skip it if not.
5093                 */
5094                if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
5095                        goto contloop;
5096
5097                slen -= XATTR_USER_PREFIX_LEN;
5098                xdrlen = 4 + ((slen + 3) & ~3);
5099                if (xdrlen > xdrleft) {
5100                        if (count == 0) {
5101                                /*
5102                                 * Can't even fit the first attribute name.
5103                                 */
5104                                status = nfserr_toosmall;
5105                                goto out;
5106                        }
5107                        eof = 0;
5108                        goto wreof;
5109                }
5110
5111                left -= XATTR_USER_PREFIX_LEN;
5112                sp += XATTR_USER_PREFIX_LEN;
5113                if (nuser++ < offset)
5114                        goto contloop;
5115
5116
5117                p = xdr_reserve_space(xdr, xdrlen);
5118                if (!p) {
5119                        status = nfserr_resource;
5120                        goto out;
5121                }
5122
5123                xdr_encode_opaque(p, sp, slen);
5124
5125                xdrleft -= xdrlen;
5126                count++;
5127contloop:
5128                sp += slen + 1;
5129                left -= slen + 1;
5130        }
5131
5132        /*
5133         * If there were user attributes to copy, but we didn't copy
5134         * any, the offset was too large (e.g. the cookie was invalid).
5135         */
5136        if (nuser > 0 && count == 0) {
5137                status = nfserr_badcookie;
5138                goto out;
5139        }
5140
5141wreof:
5142        p = xdr_reserve_space(xdr, 4);
5143        if (!p) {
5144                status = nfserr_resource;
5145                goto out;
5146        }
5147        *p = cpu_to_be32(eof);
5148
5149        cookie = offset + count;
5150
5151        write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8);
5152        tmp = cpu_to_be32(count);
5153        write_bytes_to_xdr_buf(xdr->buf, count_offset, &tmp, 4);
5154out:
5155        if (listxattrs->lsxa_len)
5156                kvfree(listxattrs->lsxa_buf);
5157        return status;
5158}
5159
5160static __be32
5161nfsd4_encode_removexattr(struct nfsd4_compoundres *resp, __be32 nfserr,
5162                         struct nfsd4_removexattr *removexattr)
5163{
5164        struct xdr_stream *xdr = resp->xdr;
5165        __be32 *p;
5166
5167        p = xdr_reserve_space(xdr, 20);
5168        if (!p)
5169                return nfserr_resource;
5170
5171        p = encode_cinfo(p, &removexattr->rmxa_cinfo);
5172        return 0;
5173}
5174
5175typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
5176
5177/*
5178 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
5179 * since we don't need to filter out obsolete ops as this is
5180 * done in the decoding phase.
5181 */
5182static const nfsd4_enc nfsd4_enc_ops[] = {
5183        [OP_ACCESS]             = (nfsd4_enc)nfsd4_encode_access,
5184        [OP_CLOSE]              = (nfsd4_enc)nfsd4_encode_close,
5185        [OP_COMMIT]             = (nfsd4_enc)nfsd4_encode_commit,
5186        [OP_CREATE]             = (nfsd4_enc)nfsd4_encode_create,
5187        [OP_DELEGPURGE]         = (nfsd4_enc)nfsd4_encode_noop,
5188        [OP_DELEGRETURN]        = (nfsd4_enc)nfsd4_encode_noop,
5189        [OP_GETATTR]            = (nfsd4_enc)nfsd4_encode_getattr,
5190        [OP_GETFH]              = (nfsd4_enc)nfsd4_encode_getfh,
5191        [OP_LINK]               = (nfsd4_enc)nfsd4_encode_link,
5192        [OP_LOCK]               = (nfsd4_enc)nfsd4_encode_lock,
5193        [OP_LOCKT]              = (nfsd4_enc)nfsd4_encode_lockt,
5194        [OP_LOCKU]              = (nfsd4_enc)nfsd4_encode_locku,
5195        [OP_LOOKUP]             = (nfsd4_enc)nfsd4_encode_noop,
5196        [OP_LOOKUPP]            = (nfsd4_enc)nfsd4_encode_noop,
5197        [OP_NVERIFY]            = (nfsd4_enc)nfsd4_encode_noop,
5198        [OP_OPEN]               = (nfsd4_enc)nfsd4_encode_open,
5199        [OP_OPENATTR]           = (nfsd4_enc)nfsd4_encode_noop,
5200        [OP_OPEN_CONFIRM]       = (nfsd4_enc)nfsd4_encode_open_confirm,
5201        [OP_OPEN_DOWNGRADE]     = (nfsd4_enc)nfsd4_encode_open_downgrade,
5202        [OP_PUTFH]              = (nfsd4_enc)nfsd4_encode_noop,
5203        [OP_PUTPUBFH]           = (nfsd4_enc)nfsd4_encode_noop,
5204        [OP_PUTROOTFH]          = (nfsd4_enc)nfsd4_encode_noop,
5205        [OP_READ]               = (nfsd4_enc)nfsd4_encode_read,
5206        [OP_READDIR]            = (nfsd4_enc)nfsd4_encode_readdir,
5207        [OP_READLINK]           = (nfsd4_enc)nfsd4_encode_readlink,
5208        [OP_REMOVE]             = (nfsd4_enc)nfsd4_encode_remove,
5209        [OP_RENAME]             = (nfsd4_enc)nfsd4_encode_rename,
5210        [OP_RENEW]              = (nfsd4_enc)nfsd4_encode_noop,
5211        [OP_RESTOREFH]          = (nfsd4_enc)nfsd4_encode_noop,
5212        [OP_SAVEFH]             = (nfsd4_enc)nfsd4_encode_noop,
5213        [OP_SECINFO]            = (nfsd4_enc)nfsd4_encode_secinfo,
5214        [OP_SETATTR]            = (nfsd4_enc)nfsd4_encode_setattr,
5215        [OP_SETCLIENTID]        = (nfsd4_enc)nfsd4_encode_setclientid,
5216        [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
5217        [OP_VERIFY]             = (nfsd4_enc)nfsd4_encode_noop,
5218        [OP_WRITE]              = (nfsd4_enc)nfsd4_encode_write,
5219        [OP_RELEASE_LOCKOWNER]  = (nfsd4_enc)nfsd4_encode_noop,
5220
5221        /* NFSv4.1 operations */
5222        [OP_BACKCHANNEL_CTL]    = (nfsd4_enc)nfsd4_encode_noop,
5223        [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
5224        [OP_EXCHANGE_ID]        = (nfsd4_enc)nfsd4_encode_exchange_id,
5225        [OP_CREATE_SESSION]     = (nfsd4_enc)nfsd4_encode_create_session,
5226        [OP_DESTROY_SESSION]    = (nfsd4_enc)nfsd4_encode_noop,
5227        [OP_FREE_STATEID]       = (nfsd4_enc)nfsd4_encode_noop,
5228        [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
5229#ifdef CONFIG_NFSD_PNFS
5230        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_getdeviceinfo,
5231        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
5232        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_layoutcommit,
5233        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_layoutget,
5234        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_layoutreturn,
5235#else
5236        [OP_GETDEVICEINFO]      = (nfsd4_enc)nfsd4_encode_noop,
5237        [OP_GETDEVICELIST]      = (nfsd4_enc)nfsd4_encode_noop,
5238        [OP_LAYOUTCOMMIT]       = (nfsd4_enc)nfsd4_encode_noop,
5239        [OP_LAYOUTGET]          = (nfsd4_enc)nfsd4_encode_noop,
5240        [OP_LAYOUTRETURN]       = (nfsd4_enc)nfsd4_encode_noop,
5241#endif
5242        [OP_SECINFO_NO_NAME]    = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
5243        [OP_SEQUENCE]           = (nfsd4_enc)nfsd4_encode_sequence,
5244        [OP_SET_SSV]            = (nfsd4_enc)nfsd4_encode_noop,
5245        [OP_TEST_STATEID]       = (nfsd4_enc)nfsd4_encode_test_stateid,
5246        [OP_WANT_DELEGATION]    = (nfsd4_enc)nfsd4_encode_noop,
5247        [OP_DESTROY_CLIENTID]   = (nfsd4_enc)nfsd4_encode_noop,
5248        [OP_RECLAIM_COMPLETE]   = (nfsd4_enc)nfsd4_encode_noop,
5249
5250        /* NFSv4.2 operations */
5251        [OP_ALLOCATE]           = (nfsd4_enc)nfsd4_encode_noop,
5252        [OP_COPY]               = (nfsd4_enc)nfsd4_encode_copy,
5253        [OP_COPY_NOTIFY]        = (nfsd4_enc)nfsd4_encode_copy_notify,
5254        [OP_DEALLOCATE]         = (nfsd4_enc)nfsd4_encode_noop,
5255        [OP_IO_ADVISE]          = (nfsd4_enc)nfsd4_encode_noop,
5256        [OP_LAYOUTERROR]        = (nfsd4_enc)nfsd4_encode_noop,
5257        [OP_LAYOUTSTATS]        = (nfsd4_enc)nfsd4_encode_noop,
5258        [OP_OFFLOAD_CANCEL]     = (nfsd4_enc)nfsd4_encode_noop,
5259        [OP_OFFLOAD_STATUS]     = (nfsd4_enc)nfsd4_encode_offload_status,
5260        [OP_READ_PLUS]          = (nfsd4_enc)nfsd4_encode_read_plus,
5261        [OP_SEEK]               = (nfsd4_enc)nfsd4_encode_seek,
5262        [OP_WRITE_SAME]         = (nfsd4_enc)nfsd4_encode_noop,
5263        [OP_CLONE]              = (nfsd4_enc)nfsd4_encode_noop,
5264
5265        /* RFC 8276 extended atributes operations */
5266        [OP_GETXATTR]           = (nfsd4_enc)nfsd4_encode_getxattr,
5267        [OP_SETXATTR]           = (nfsd4_enc)nfsd4_encode_setxattr,
5268        [OP_LISTXATTRS]         = (nfsd4_enc)nfsd4_encode_listxattrs,
5269        [OP_REMOVEXATTR]        = (nfsd4_enc)nfsd4_encode_removexattr,
5270};
5271
5272/*
5273 * Calculate whether we still have space to encode repsize bytes.
5274 * There are two considerations:
5275 *     - For NFS versions >=4.1, the size of the reply must stay within
5276 *       session limits
5277 *     - For all NFS versions, we must stay within limited preallocated
5278 *       buffer space.
5279 *
5280 * This is called before the operation is processed, so can only provide
5281 * an upper estimate.  For some nonidempotent operations (such as
5282 * getattr), it's not necessarily a problem if that estimate is wrong,
5283 * as we can fail it after processing without significant side effects.
5284 */
5285__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
5286{
5287        struct xdr_buf *buf = &resp->rqstp->rq_res;
5288        struct nfsd4_slot *slot = resp->cstate.slot;
5289
5290        if (buf->len + respsize <= buf->buflen)
5291                return nfs_ok;
5292        if (!nfsd4_has_session(&resp->cstate))
5293                return nfserr_resource;
5294        if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) {
5295                WARN_ON_ONCE(1);
5296                return nfserr_rep_too_big_to_cache;
5297        }
5298        return nfserr_rep_too_big;
5299}
5300
5301void
5302nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
5303{
5304        struct xdr_stream *xdr = resp->xdr;
5305        struct nfs4_stateowner *so = resp->cstate.replay_owner;
5306        struct svc_rqst *rqstp = resp->rqstp;
5307        const struct nfsd4_operation *opdesc = op->opdesc;
5308        int post_err_offset;
5309        nfsd4_enc encoder;
5310        __be32 *p;
5311
5312        p = xdr_reserve_space(xdr, 8);
5313        if (!p) {
5314                WARN_ON_ONCE(1);
5315                return;
5316        }
5317        *p++ = cpu_to_be32(op->opnum);
5318        post_err_offset = xdr->buf->len;
5319
5320        if (op->opnum == OP_ILLEGAL)
5321                goto status;
5322        if (op->status && opdesc &&
5323                        !(opdesc->op_flags & OP_NONTRIVIAL_ERROR_ENCODE))
5324                goto status;
5325        BUG_ON(op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
5326               !nfsd4_enc_ops[op->opnum]);
5327        encoder = nfsd4_enc_ops[op->opnum];
5328        op->status = encoder(resp, op->status, &op->u);
5329        if (op->status)
5330                trace_nfsd_compound_encode_err(rqstp, op->opnum, op->status);
5331        if (opdesc && opdesc->op_release)
5332                opdesc->op_release(&op->u);
5333        xdr_commit_encode(xdr);
5334
5335        /* nfsd4_check_resp_size guarantees enough room for error status */
5336        if (!op->status) {
5337                int space_needed = 0;
5338                if (!nfsd4_last_compound_op(rqstp))
5339                        space_needed = COMPOUND_ERR_SLACK_SPACE;
5340                op->status = nfsd4_check_resp_size(resp, space_needed);
5341        }
5342        if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) {
5343                struct nfsd4_slot *slot = resp->cstate.slot;
5344
5345                if (slot->sl_flags & NFSD4_SLOT_CACHETHIS)
5346                        op->status = nfserr_rep_too_big_to_cache;
5347                else
5348                        op->status = nfserr_rep_too_big;
5349        }
5350        if (op->status == nfserr_resource ||
5351            op->status == nfserr_rep_too_big ||
5352            op->status == nfserr_rep_too_big_to_cache) {
5353                /*
5354                 * The operation may have already been encoded or
5355                 * partially encoded.  No op returns anything additional
5356                 * in the case of one of these three errors, so we can
5357                 * just truncate back to after the status.  But it's a
5358                 * bug if we had to do this on a non-idempotent op:
5359                 */
5360                warn_on_nonidempotent_op(op);
5361                xdr_truncate_encode(xdr, post_err_offset);
5362        }
5363        if (so) {
5364                int len = xdr->buf->len - post_err_offset;
5365
5366                so->so_replay.rp_status = op->status;
5367                so->so_replay.rp_buflen = len;
5368                read_bytes_from_xdr_buf(xdr->buf, post_err_offset,
5369                                                so->so_replay.rp_buf, len);
5370        }
5371status:
5372        /* Note that op->status is already in network byte order: */
5373        write_bytes_to_xdr_buf(xdr->buf, post_err_offset - 4, &op->status, 4);
5374}
5375
5376/* 
5377 * Encode the reply stored in the stateowner reply cache 
5378 * 
5379 * XDR note: do not encode rp->rp_buflen: the buffer contains the
5380 * previously sent already encoded operation.
5381 */
5382void
5383nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
5384{
5385        __be32 *p;
5386        struct nfs4_replay *rp = op->replay;
5387
5388        p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
5389        if (!p) {
5390                WARN_ON_ONCE(1);
5391                return;
5392        }
5393        *p++ = cpu_to_be32(op->opnum);
5394        *p++ = rp->rp_status;  /* already xdr'ed */
5395
5396        p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen);
5397}
5398
5399void nfsd4_release_compoundargs(struct svc_rqst *rqstp)
5400{
5401        struct nfsd4_compoundargs *args = rqstp->rq_argp;
5402
5403        if (args->ops != args->iops) {
5404                kfree(args->ops);
5405                args->ops = args->iops;
5406        }
5407        while (args->to_free) {
5408                struct svcxdr_tmpbuf *tb = args->to_free;
5409                args->to_free = tb->next;
5410                kfree(tb);
5411        }
5412}
5413
5414int
5415nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p)
5416{
5417        struct nfsd4_compoundargs *args = rqstp->rq_argp;
5418
5419        /* svcxdr_tmp_alloc */
5420        args->to_free = NULL;
5421
5422        args->xdr = &rqstp->rq_arg_stream;
5423        args->ops = args->iops;
5424        args->rqstp = rqstp;
5425
5426        return nfsd4_decode_compound(args);
5427}
5428
5429int
5430nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p)
5431{
5432        struct nfsd4_compoundres *resp = rqstp->rq_resp;
5433        struct xdr_buf *buf = resp->xdr->buf;
5434
5435        WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
5436                                 buf->tail[0].iov_len);
5437
5438        *p = resp->cstate.status;
5439
5440        rqstp->rq_next_page = resp->xdr->page_ptr + 1;
5441
5442        p = resp->tagp;
5443        *p++ = htonl(resp->taglen);
5444        memcpy(p, resp->tag, resp->taglen);
5445        p += XDR_QUADLEN(resp->taglen);
5446        *p++ = htonl(resp->opcnt);
5447
5448        nfsd4_sequence_done(resp);
5449        return 1;
5450}
5451