/*
 *  Server-side XDR for NFSv4
 *
 *  Copyright (c) 2002 The Regents of the University of Michigan.
 *  All rights reserved.
 *
 *  Kendrick Smith <kmsmith@umich.edu>
 *  Andy Adamson   <andros@umich.edu>
 *
 *  Redistribution and use in source and binary forms, with or without
 *  modification, are permitted provided that the following conditions
 *  are met:
 *
 *  1. Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *  2. Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *  3. Neither the name of the University nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <linux/file.h>
#include <linux/slab.h>
#include <linux/namei.h>
#include <linux/statfs.h>
#include <linux/utsname.h>
#include <linux/pagemap.h>
#include <linux/sunrpc/svcauth_gss.h>

#include "idmap.h"
#include "acl.h"
#include "xdr4.h"
#include "vfs.h"
#include "state.h"
#include "cache.h"
#include "netns.h"
#include "pnfs.h"
#include "filecache.h"

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
#include <linux/security.h>
#endif


#define NFSDDBG_FACILITY                NFSDDBG_XDR

const u32 nfsd_suppattrs[3][3] = {
        {NFSD4_SUPPORTED_ATTRS_WORD0,
         NFSD4_SUPPORTED_ATTRS_WORD1,
         NFSD4_SUPPORTED_ATTRS_WORD2},

        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
         NFSD4_1_SUPPORTED_ATTRS_WORD1,
         NFSD4_1_SUPPORTED_ATTRS_WORD2},

        {NFSD4_1_SUPPORTED_ATTRS_WORD0,
         NFSD4_1_SUPPORTED_ATTRS_WORD1,
         NFSD4_2_SUPPORTED_ATTRS_WORD2},
};

/*
 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
 * directory in order to indicate to the client that a filesystem boundary is present
 * We use a fixed fsid for a referral
 */
#define NFS4_REFERRAL_FSID_MAJOR        0x8000000ULL
#define NFS4_REFERRAL_FSID_MINOR        0x8000000ULL

static __be32
check_filename(char *str, int len)
{
        int i;

        if (len == 0)
                return nfserr_inval;
        if (isdotent(str, len))
                return nfserr_badname;
        for (i = 0; i < len; i++)
                if (str[i] == '/')
                        return nfserr_badname;
        return 0;
}

#define DECODE_HEAD                             \
        __be32 *p;                              \
        __be32 status
#define DECODE_TAIL                             \
        status = 0;                             \
out:                                            \
        return status;                          \
xdr_error:                                      \
        dprintk("NFSD: xdr error (%s:%d)\n",    \
                        __FILE__, __LINE__);    \
        status = nfserr_bad_xdr;                \
        goto out

#define READMEM(x,nbytes) do {                  \
        x = (char *)p;                          \
        p += XDR_QUADLEN(nbytes);               \
} while (0)
#define SAVEMEM(x,nbytes) do {                  \
        if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
                savemem(argp, p, nbytes) :      \
                (char *)p)) {                   \
                dprintk("NFSD: xdr error (%s:%d)\n", \
                                __FILE__, __LINE__); \
                goto xdr_error;                 \
                }                               \
        p += XDR_QUADLEN(nbytes);               \
} while (0)
#define COPYMEM(x,nbytes) do {                  \
        memcpy((x), p, nbytes);                 \
        p += XDR_QUADLEN(nbytes);               \
} while (0)

/* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
#define READ_BUF(nbytes)  do {                  \
        if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) {     \
                p = argp->p;                    \
                argp->p += XDR_QUADLEN(nbytes); \
        } else if (!(p = read_buf(argp, nbytes))) { \
                dprintk("NFSD: xdr error (%s:%d)\n", \
                                __FILE__, __LINE__); \
                goto xdr_error;                 \
        }                                       \
} while (0)

static void next_decode_page(struct nfsd4_compoundargs *argp)
{
        argp->p = page_address(argp->pagelist[0]);
        argp->pagelist++;
        if (argp->pagelen < PAGE_SIZE) {
                argp->end = argp->p + XDR_QUADLEN(argp->pagelen);
                argp->pagelen = 0;
        } else {
                argp->end = argp->p + (PAGE_SIZE>>2);
                argp->pagelen -= PAGE_SIZE;
        }
}

static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
{
        /* We want more bytes than seem to be available.
         * Maybe we need a new page, maybe we have just run out
         */
        unsigned int avail = (char *)argp->end - (char *)argp->p;
        __be32 *p;

        if (argp->pagelen == 0) {
                struct kvec *vec = &argp->rqstp->rq_arg.tail[0];

                if (!argp->tail) {
                        argp->tail = true;
                        avail = vec->iov_len;
                        argp->p = vec->iov_base;
                        argp->end = vec->iov_base + avail;
                }

                if (avail < nbytes)
                        return NULL;

                p = argp->p;
                argp->p += XDR_QUADLEN(nbytes);
                return p;
        }

        if (avail + argp->pagelen < nbytes)
                return NULL;
        if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
                return NULL;
        /* ok, we can do it with the current plus the next page */
        if (nbytes <= sizeof(argp->tmp))
                p = argp->tmp;
        else {
                kfree(argp->tmpp);
                p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
                if (!p)
                        return NULL;
                
        }
        /*
         * The following memcpy is safe because read_buf is always
         * called with nbytes > avail, and the two cases above both
         * guarantee p points to at least nbytes bytes.
         */
        memcpy(p, argp->p, avail);
        next_decode_page(argp);
        memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
        argp->p += XDR_QUADLEN(nbytes - avail);
        return p;
}

static unsigned int compoundargs_bytes_left(struct nfsd4_compoundargs *argp)
{
        unsigned int this = (char *)argp->end - (char *)argp->p;

        return this + argp->pagelen;
}

static int zero_clientid(clientid_t *clid)
{
        return (clid->cl_boot == 0) && (clid->cl_id == 0);
}

/**
 * svcxdr_tmpalloc - allocate memory to be freed after compound processing
 * @argp: NFSv4 compound argument structure
 * @len: length of buffer to allocate
 *
 * Allocates a buffer of size @len to be freed when processing the compound
 * operation described in @argp finishes.
 */
static void *
svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
{
        struct svcxdr_tmpbuf *tb;

        tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL);
        if (!tb)
                return NULL;
        tb->next = argp->to_free;
        argp->to_free = tb;
        return tb->buf;
}

/*
 * For xdr strings that need to be passed to other kernel api's
 * as null-terminated strings.
 *
 * Note null-terminating in place usually isn't safe since the
 * buffer might end on a page boundary.
 */
static char *
svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len)
{
        char *p = svcxdr_tmpalloc(argp, len + 1);

        if (!p)
                return NULL;
        memcpy(p, buf, len);
        p[len] = '\0';
        return p;
}

/**
 * savemem - duplicate a chunk of memory for later processing
 * @argp: NFSv4 compound argument structure to be freed with
 * @p: pointer to be duplicated
 * @nbytes: length to be duplicated
 *
 * Returns a pointer to a copy of @nbytes bytes of memory at @p
 * that are preserved until processing of the NFSv4 compound
 * operation described by @argp finishes.
 */
static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
{
        void *ret;

        ret = svcxdr_tmpalloc(argp, nbytes);
        if (!ret)
                return NULL;
        memcpy(ret, p, nbytes);
        return ret;
}

static __be32
nfsd4_decode_time(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
{
        DECODE_HEAD;

        READ_BUF(12);
        p = xdr_decode_hyper(p, &tv->tv_sec);
        tv->tv_nsec = be32_to_cpup(p++);
        if (tv->tv_nsec >= (u32)1000000000)
                return nfserr_inval;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
{
        u32 bmlen;
        DECODE_HEAD;

        bmval[0] = 0;
        bmval[1] = 0;
        bmval[2] = 0;

        READ_BUF(4);
        bmlen = be32_to_cpup(p++);
        if (bmlen > 1000)
                goto xdr_error;

        READ_BUF(bmlen << 2);
        if (bmlen > 0)
                bmval[0] = be32_to_cpup(p++);
        if (bmlen > 1)
                bmval[1] = be32_to_cpup(p++);
        if (bmlen > 2)
                bmval[2] = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
                   struct iattr *iattr, struct nfs4_acl **acl,
                   struct xdr_netobj *label, int *umask)
{
        int expected_len, len = 0;
        u32 dummy32;
        char *buf;

        DECODE_HEAD;
        iattr->ia_valid = 0;
        if ((status = nfsd4_decode_bitmap(argp, bmval)))
                return status;

        if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
            || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
            || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2) {
                if (nfsd_attrs_supported(argp->minorversion, bmval))
                        return nfserr_inval;
                return nfserr_attrnotsupp;
        }

        READ_BUF(4);
        expected_len = be32_to_cpup(p++);

        if (bmval[0] & FATTR4_WORD0_SIZE) {
                READ_BUF(8);
                len += 8;
                p = xdr_decode_hyper(p, &iattr->ia_size);
                iattr->ia_valid |= ATTR_SIZE;
        }
        if (bmval[0] & FATTR4_WORD0_ACL) {
                u32 nace;
                struct nfs4_ace *ace;

                READ_BUF(4); len += 4;
                nace = be32_to_cpup(p++);

                if (nace > compoundargs_bytes_left(argp)/20)
                        /*
                         * Even with 4-byte names there wouldn't be
                         * space for that many aces; something fishy is
                         * going on:
                         */
                        return nfserr_fbig;

                *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(nace));
                if (*acl == NULL)
                        return nfserr_jukebox;

                (*acl)->naces = nace;
                for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
                        READ_BUF(16); len += 16;
                        ace->type = be32_to_cpup(p++);
                        ace->flag = be32_to_cpup(p++);
                        ace->access_mask = be32_to_cpup(p++);
                        dummy32 = be32_to_cpup(p++);
                        READ_BUF(dummy32);
                        len += XDR_QUADLEN(dummy32) << 2;
                        READMEM(buf, dummy32);
                        ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
                        status = nfs_ok;
                        if (ace->whotype != NFS4_ACL_WHO_NAMED)
                                ;
                        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
                                status = nfsd_map_name_to_gid(argp->rqstp,
                                                buf, dummy32, &ace->who_gid);
                        else
                                status = nfsd_map_name_to_uid(argp->rqstp,
                                                buf, dummy32, &ace->who_uid);
                        if (status)
                                return status;
                }
        } else
                *acl = NULL;
        if (bmval[1] & FATTR4_WORD1_MODE) {
                READ_BUF(4);
                len += 4;
                iattr->ia_mode = be32_to_cpup(p++);
                iattr->ia_mode &= (S_IFMT | S_IALLUGO);
                iattr->ia_valid |= ATTR_MODE;
        }
        if (bmval[1] & FATTR4_WORD1_OWNER) {
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++);
                READ_BUF(dummy32);
                len += (XDR_QUADLEN(dummy32) << 2);
                READMEM(buf, dummy32);
                if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
                        return status;
                iattr->ia_valid |= ATTR_UID;
        }
        if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++);
                READ_BUF(dummy32);
                len += (XDR_QUADLEN(dummy32) << 2);
                READMEM(buf, dummy32);
                if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
                        return status;
                iattr->ia_valid |= ATTR_GID;
        }
        if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++);
                switch (dummy32) {
                case NFS4_SET_TO_CLIENT_TIME:
                        len += 12;
                        status = nfsd4_decode_time(argp, &iattr->ia_atime);
                        if (status)
                                return status;
                        iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
                        break;
                case NFS4_SET_TO_SERVER_TIME:
                        iattr->ia_valid |= ATTR_ATIME;
                        break;
                default:
                        goto xdr_error;
                }
        }
        if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++);
                switch (dummy32) {
                case NFS4_SET_TO_CLIENT_TIME:
                        len += 12;
                        status = nfsd4_decode_time(argp, &iattr->ia_mtime);
                        if (status)
                                return status;
                        iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
                        break;
                case NFS4_SET_TO_SERVER_TIME:
                        iattr->ia_valid |= ATTR_MTIME;
                        break;
                default:
                        goto xdr_error;
                }
        }

        label->len = 0;
        if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) &&
            bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++); /* lfs: we don't use it */
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++); /* pi: we don't use it either */
                READ_BUF(4);
                len += 4;
                dummy32 = be32_to_cpup(p++);
                READ_BUF(dummy32);
                if (dummy32 > NFS4_MAXLABELLEN)
                        return nfserr_badlabel;
                len += (XDR_QUADLEN(dummy32) << 2);
                READMEM(buf, dummy32);
                label->len = dummy32;
                label->data = svcxdr_dupstr(argp, buf, dummy32);
                if (!label->data)
                        return nfserr_jukebox;
        }
        if (bmval[2] & FATTR4_WORD2_MODE_UMASK) {
                if (!umask)
                        goto xdr_error;
                READ_BUF(8);
                len += 8;
                dummy32 = be32_to_cpup(p++);
                iattr->ia_mode = dummy32 & (S_IFMT | S_IALLUGO);
                dummy32 = be32_to_cpup(p++);
                *umask = dummy32 & S_IRWXUGO;
                iattr->ia_valid |= ATTR_MODE;
        }
        if (len != expected_len)
                goto xdr_error;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
{
        DECODE_HEAD;

        READ_BUF(sizeof(stateid_t));
        sid->si_generation = be32_to_cpup(p++);
        COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));

        DECODE_TAIL;
}

static __be32
nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
{
        DECODE_HEAD;

        READ_BUF(4);
        access->ac_req_access = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
{
        DECODE_HEAD;
        struct user_namespace *userns = nfsd_user_namespace(argp->rqstp);
        u32 dummy, uid, gid;
        char *machine_name;
        int i;
        int nr_secflavs;

        /* callback_sec_params4 */
        READ_BUF(4);
        nr_secflavs = be32_to_cpup(p++);
        if (nr_secflavs)
                cbs->flavor = (u32)(-1);
        else
                /* Is this legal? Be generous, take it to mean AUTH_NONE: */
                cbs->flavor = 0;
        for (i = 0; i < nr_secflavs; ++i) {
                READ_BUF(4);
                dummy = be32_to_cpup(p++);
                switch (dummy) {
                case RPC_AUTH_NULL:
                        /* Nothing to read */
                        if (cbs->flavor == (u32)(-1))
                                cbs->flavor = RPC_AUTH_NULL;
                        break;
                case RPC_AUTH_UNIX:
                        READ_BUF(8);
                        /* stamp */
                        dummy = be32_to_cpup(p++);

                        /* machine name */
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy);
                        SAVEMEM(machine_name, dummy);

                        /* uid, gid */
                        READ_BUF(8);
                        uid = be32_to_cpup(p++);
                        gid = be32_to_cpup(p++);

                        /* more gids */
                        READ_BUF(4);
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy * 4);
                        if (cbs->flavor == (u32)(-1)) {
                                kuid_t kuid = make_kuid(userns, uid);
                                kgid_t kgid = make_kgid(userns, gid);
                                if (uid_valid(kuid) && gid_valid(kgid)) {
                                        cbs->uid = kuid;
                                        cbs->gid = kgid;
                                        cbs->flavor = RPC_AUTH_UNIX;
                                } else {
                                        dprintk("RPC_AUTH_UNIX with invalid"
                                                "uid or gid ignoring!\n");
                                }
                        }
                        break;
                case RPC_AUTH_GSS:
                        dprintk("RPC_AUTH_GSS callback secflavor "
                                "not supported!\n");
                        READ_BUF(8);
                        /* gcbp_service */
                        dummy = be32_to_cpup(p++);
                        /* gcbp_handle_from_server */
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy);
                        p += XDR_QUADLEN(dummy);
                        /* gcbp_handle_from_client */
                        READ_BUF(4);
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy);
                        break;
                default:
                        dprintk("Illegal callback secflavor\n");
                        return nfserr_inval;
                }
        }
        DECODE_TAIL;
}

static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
{
        DECODE_HEAD;

        READ_BUF(4);
        bc->bc_cb_program = be32_to_cpup(p++);
        nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);

        DECODE_TAIL;
}

static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
{
        DECODE_HEAD;

        READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
        COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
        bcts->dir = be32_to_cpup(p++);
        /* XXX: skipping ctsa_use_conn_in_rdma_mode.  Perhaps Tom Tucker
         * could help us figure out we should be using it. */
        DECODE_TAIL;
}

static __be32
nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
{
        DECODE_HEAD;

        READ_BUF(4);
        close->cl_seqid = be32_to_cpup(p++);
        return nfsd4_decode_stateid(argp, &close->cl_stateid);

        DECODE_TAIL;
}


static __be32
nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
{
        DECODE_HEAD;

        READ_BUF(12);
        p = xdr_decode_hyper(p, &commit->co_offset);
        commit->co_count = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
{
        DECODE_HEAD;

        READ_BUF(4);
        create->cr_type = be32_to_cpup(p++);
        switch (create->cr_type) {
        case NF4LNK:
                READ_BUF(4);
                create->cr_datalen = be32_to_cpup(p++);
                READ_BUF(create->cr_datalen);
                create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
                if (!create->cr_data)
                        return nfserr_jukebox;
                break;
        case NF4BLK:
        case NF4CHR:
                READ_BUF(8);
                create->cr_specdata1 = be32_to_cpup(p++);
                create->cr_specdata2 = be32_to_cpup(p++);
                break;
        case NF4SOCK:
        case NF4FIFO:
        case NF4DIR:
        default:
                break;
        }

        READ_BUF(4);
        create->cr_namelen = be32_to_cpup(p++);
        READ_BUF(create->cr_namelen);
        SAVEMEM(create->cr_name, create->cr_namelen);
        if ((status = check_filename(create->cr_name, create->cr_namelen)))
                return status;

        status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
                                    &create->cr_acl, &create->cr_label,
                                    &create->cr_umask);
        if (status)
                goto out;

        DECODE_TAIL;
}

static inline __be32
nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
{
        return nfsd4_decode_stateid(argp, &dr->dr_stateid);
}

static inline __be32
nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
{
        return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
}

static __be32
nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
{
        DECODE_HEAD;

        READ_BUF(4);
        link->li_namelen = be32_to_cpup(p++);
        READ_BUF(link->li_namelen);
        SAVEMEM(link->li_name, link->li_namelen);
        if ((status = check_filename(link->li_name, link->li_namelen)))
                return status;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
{
        DECODE_HEAD;

        /*
        * type, reclaim(boolean), offset, length, new_lock_owner(boolean)
        */
        READ_BUF(28);
        lock->lk_type = be32_to_cpup(p++);
        if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
                goto xdr_error;
        lock->lk_reclaim = be32_to_cpup(p++);
        p = xdr_decode_hyper(p, &lock->lk_offset);
        p = xdr_decode_hyper(p, &lock->lk_length);
        lock->lk_is_new = be32_to_cpup(p++);

        if (lock->lk_is_new) {
                READ_BUF(4);
                lock->lk_new_open_seqid = be32_to_cpup(p++);
                status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
                if (status)
                        return status;
                READ_BUF(8 + sizeof(clientid_t));
                lock->lk_new_lock_seqid = be32_to_cpup(p++);
                COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
                lock->lk_new_owner.len = be32_to_cpup(p++);
                READ_BUF(lock->lk_new_owner.len);
                READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
        } else {
                status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
                if (status)
                        return status;
                READ_BUF(4);
                lock->lk_old_lock_seqid = be32_to_cpup(p++);
        }

        DECODE_TAIL;
}

static __be32
nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
{
        DECODE_HEAD;
                        
        READ_BUF(32);
        lockt->lt_type = be32_to_cpup(p++);
        if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
                goto xdr_error;
        p = xdr_decode_hyper(p, &lockt->lt_offset);
        p = xdr_decode_hyper(p, &lockt->lt_length);
        COPYMEM(&lockt->lt_clientid, 8);
        lockt->lt_owner.len = be32_to_cpup(p++);
        READ_BUF(lockt->lt_owner.len);
        READMEM(lockt->lt_owner.data, lockt->lt_owner.len);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
{
        DECODE_HEAD;

        READ_BUF(8);
        locku->lu_type = be32_to_cpup(p++);
        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
                goto xdr_error;
        locku->lu_seqid = be32_to_cpup(p++);
        status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
        if (status)
                return status;
        READ_BUF(16);
        p = xdr_decode_hyper(p, &locku->lu_offset);
        p = xdr_decode_hyper(p, &locku->lu_length);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
{
        DECODE_HEAD;

        READ_BUF(4);
        lookup->lo_len = be32_to_cpup(p++);
        READ_BUF(lookup->lo_len);
        SAVEMEM(lookup->lo_name, lookup->lo_len);
        if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
                return status;

        DECODE_TAIL;
}

static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
{
        __be32 *p;
        u32 w;

        READ_BUF(4);
        w = be32_to_cpup(p++);
        *share_access = w & NFS4_SHARE_ACCESS_MASK;
        *deleg_want = w & NFS4_SHARE_WANT_MASK;
        if (deleg_when)
                *deleg_when = w & NFS4_SHARE_WHEN_MASK;

        switch (w & NFS4_SHARE_ACCESS_MASK) {
        case NFS4_SHARE_ACCESS_READ:
        case NFS4_SHARE_ACCESS_WRITE:
        case NFS4_SHARE_ACCESS_BOTH:
                break;
        default:
                return nfserr_bad_xdr;
        }
        w &= ~NFS4_SHARE_ACCESS_MASK;
        if (!w)
                return nfs_ok;
        if (!argp->minorversion)
                return nfserr_bad_xdr;
        switch (w & NFS4_SHARE_WANT_MASK) {
        case NFS4_SHARE_WANT_NO_PREFERENCE:
        case NFS4_SHARE_WANT_READ_DELEG:
        case NFS4_SHARE_WANT_WRITE_DELEG:
        case NFS4_SHARE_WANT_ANY_DELEG:
        case NFS4_SHARE_WANT_NO_DELEG:
        case NFS4_SHARE_WANT_CANCEL:
                break;
        default:
                return nfserr_bad_xdr;
        }
        w &= ~NFS4_SHARE_WANT_MASK;
        if (!w)
                return nfs_ok;

        if (!deleg_when)        /* open_downgrade */
                return nfserr_inval;
        switch (w) {
        case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
        case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
        case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
              NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
                return nfs_ok;
        }
xdr_error:
        return nfserr_bad_xdr;
}

static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
{
        __be32 *p;

        READ_BUF(4);
        *x = be32_to_cpup(p++);
        /* Note: unlinke access bits, deny bits may be zero. */
        if (*x & ~NFS4_SHARE_DENY_BOTH)
                return nfserr_bad_xdr;
        return nfs_ok;
xdr_error:
        return nfserr_bad_xdr;
}

static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
{
        __be32 *p;

        READ_BUF(4);
        o->len = be32_to_cpup(p++);

        if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
                return nfserr_bad_xdr;

        READ_BUF(o->len);
        SAVEMEM(o->data, o->len);
        return nfs_ok;
xdr_error:
        return nfserr_bad_xdr;
}

static __be32
nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
{
        DECODE_HEAD;
        u32 dummy;

        memset(open->op_bmval, 0, sizeof(open->op_bmval));
        open->op_iattr.ia_valid = 0;
        open->op_openowner = NULL;

        open->op_xdr_error = 0;
        /* seqid, share_access, share_deny, clientid, ownerlen */
        READ_BUF(4);
        open->op_seqid = be32_to_cpup(p++);
        /* decode, yet ignore deleg_when until supported */
        status = nfsd4_decode_share_access(argp, &open->op_share_access,
                                           &open->op_deleg_want, &dummy);
        if (status)
                goto xdr_error;
        status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
        if (status)
                goto xdr_error;
        READ_BUF(sizeof(clientid_t));
        COPYMEM(&open->op_clientid, sizeof(clientid_t));
        status = nfsd4_decode_opaque(argp, &open->op_owner);
        if (status)
                goto xdr_error;
        READ_BUF(4);
        open->op_create = be32_to_cpup(p++);
        switch (open->op_create) {
        case NFS4_OPEN_NOCREATE:
                break;
        case NFS4_OPEN_CREATE:
                READ_BUF(4);
                open->op_createmode = be32_to_cpup(p++);
                switch (open->op_createmode) {
                case NFS4_CREATE_UNCHECKED:
                case NFS4_CREATE_GUARDED:
                        status = nfsd4_decode_fattr(argp, open->op_bmval,
                                &open->op_iattr, &open->op_acl, &open->op_label,
                                &open->op_umask);
                        if (status)
                                goto out;
                        break;
                case NFS4_CREATE_EXCLUSIVE:
                        READ_BUF(NFS4_VERIFIER_SIZE);
                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
                        break;
                case NFS4_CREATE_EXCLUSIVE4_1:
                        if (argp->minorversion < 1)
                                goto xdr_error;
                        READ_BUF(NFS4_VERIFIER_SIZE);
                        COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
                        status = nfsd4_decode_fattr(argp, open->op_bmval,
                                &open->op_iattr, &open->op_acl, &open->op_label,
                                &open->op_umask);
                        if (status)
                                goto out;
                        break;
                default:
                        goto xdr_error;
                }
                break;
        default:
                goto xdr_error;
        }

        /* open_claim */
        READ_BUF(4);
        open->op_claim_type = be32_to_cpup(p++);
        switch (open->op_claim_type) {
        case NFS4_OPEN_CLAIM_NULL:
        case NFS4_OPEN_CLAIM_DELEGATE_PREV:
                READ_BUF(4);
                open->op_fname.len = be32_to_cpup(p++);
                READ_BUF(open->op_fname.len);
                SAVEMEM(open->op_fname.data, open->op_fname.len);
                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
                        return status;
                break;
        case NFS4_OPEN_CLAIM_PREVIOUS:
                READ_BUF(4);
                open->op_delegate_type = be32_to_cpup(p++);
                break;
        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
                if (status)
                        return status;
                READ_BUF(4);
                open->op_fname.len = be32_to_cpup(p++);
                READ_BUF(open->op_fname.len);
                SAVEMEM(open->op_fname.data, open->op_fname.len);
                if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
                        return status;
                break;
        case NFS4_OPEN_CLAIM_FH:
        case NFS4_OPEN_CLAIM_DELEG_PREV_FH:

                if (argp->minorversion < 1)
                        goto xdr_error;
                /* void */
                break;
        case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
                if (argp->minorversion < 1)
                        goto xdr_error;
                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
                if (status)
                        return status;
                break;
        default:
                goto xdr_error;
        }

        DECODE_TAIL;
}

static __be32
nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
{
        DECODE_HEAD;

        if (argp->minorversion >= 1)
                return nfserr_notsupp;

        status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
        if (status)
                return status;
        READ_BUF(4);
        open_conf->oc_seqid = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
{
        DECODE_HEAD;
                    
        status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
        if (status)
                return status;
        READ_BUF(4);
        open_down->od_seqid = be32_to_cpup(p++);
        status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
                                           &open_down->od_deleg_want, NULL);
        if (status)
                return status;
        status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
        if (status)
                return status;
        DECODE_TAIL;
}

static __be32
nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
{
        DECODE_HEAD;

        READ_BUF(4);
        putfh->pf_fhlen = be32_to_cpup(p++);
        if (putfh->pf_fhlen > NFS4_FHSIZE)
                goto xdr_error;
        READ_BUF(putfh->pf_fhlen);
        SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
{
        if (argp->minorversion == 0)
                return nfs_ok;
        return nfserr_notsupp;
}

static __be32
nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
{
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &read->rd_stateid);
        if (status)
                return status;
        READ_BUF(12);
        p = xdr_decode_hyper(p, &read->rd_offset);
        read->rd_length = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
{
        DECODE_HEAD;

        READ_BUF(24);
        p = xdr_decode_hyper(p, &readdir->rd_cookie);
        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
        readdir->rd_dircount = be32_to_cpup(p++);
        readdir->rd_maxcount = be32_to_cpup(p++);
        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
                goto out;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
{
        DECODE_HEAD;

        READ_BUF(4);
        remove->rm_namelen = be32_to_cpup(p++);
        READ_BUF(remove->rm_namelen);
        SAVEMEM(remove->rm_name, remove->rm_namelen);
        if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
                return status;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
{
        DECODE_HEAD;

        READ_BUF(4);
        rename->rn_snamelen = be32_to_cpup(p++);
        READ_BUF(rename->rn_snamelen);
        SAVEMEM(rename->rn_sname, rename->rn_snamelen);
        READ_BUF(4);
        rename->rn_tnamelen = be32_to_cpup(p++);
        READ_BUF(rename->rn_tnamelen);
        SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
        if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
                return status;
        if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
                return status;

        DECODE_TAIL;
}

static __be32
nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
{
        DECODE_HEAD;

        if (argp->minorversion >= 1)
                return nfserr_notsupp;

        READ_BUF(sizeof(clientid_t));
        COPYMEM(clientid, sizeof(clientid_t));

        DECODE_TAIL;
}

static __be32
nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
                     struct nfsd4_secinfo *secinfo)
{
        DECODE_HEAD;

        READ_BUF(4);
        secinfo->si_namelen = be32_to_cpup(p++);
        READ_BUF(secinfo->si_namelen);
        SAVEMEM(secinfo->si_name, secinfo->si_namelen);
        status = check_filename(secinfo->si_name, secinfo->si_namelen);
        if (status)
                return status;
        DECODE_TAIL;
}

static __be32
nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
                     struct nfsd4_secinfo_no_name *sin)
{
        DECODE_HEAD;

        READ_BUF(4);
        sin->sin_style = be32_to_cpup(p++);
        DECODE_TAIL;
}

static __be32
nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
{
        __be32 status;

        status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
        if (status)
                return status;
        return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
                                  &setattr->sa_acl, &setattr->sa_label, NULL);
}

static __be32
nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
{
        DECODE_HEAD;

        if (argp->minorversion >= 1)
                return nfserr_notsupp;

        READ_BUF(NFS4_VERIFIER_SIZE);
        COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);

        status = nfsd4_decode_opaque(argp, &setclientid->se_name);
        if (status)
                return nfserr_bad_xdr;
        READ_BUF(8);
        setclientid->se_callback_prog = be32_to_cpup(p++);
        setclientid->se_callback_netid_len = be32_to_cpup(p++);
        READ_BUF(setclientid->se_callback_netid_len);
        SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
        READ_BUF(4);
        setclientid->se_callback_addr_len = be32_to_cpup(p++);

        READ_BUF(setclientid->se_callback_addr_len);
        SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
        READ_BUF(4);
        setclientid->se_callback_ident = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
{
        DECODE_HEAD;

        if (argp->minorversion >= 1)
                return nfserr_notsupp;

        READ_BUF(8 + NFS4_VERIFIER_SIZE);
        COPYMEM(&scd_c->sc_clientid, 8);
        COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);

        DECODE_TAIL;
}

/* Also used for NVERIFY */
static __be32
nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
{
        DECODE_HEAD;

        if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
                goto out;

        /* For convenience's sake, we compare raw xdr'd attributes in
         * nfsd4_proc_verify */

        READ_BUF(4);
        verify->ve_attrlen = be32_to_cpup(p++);
        READ_BUF(verify->ve_attrlen);
        SAVEMEM(verify->ve_attrval, verify->ve_attrlen);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
{
        int avail;
        int len;
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &write->wr_stateid);
        if (status)
                return status;
        READ_BUF(16);
        p = xdr_decode_hyper(p, &write->wr_offset);
        write->wr_stable_how = be32_to_cpup(p++);
        if (write->wr_stable_how > NFS_FILE_SYNC)
                goto xdr_error;
        write->wr_buflen = be32_to_cpup(p++);

        /* Sorry .. no magic macros for this.. *
         * READ_BUF(write->wr_buflen);
         * SAVEMEM(write->wr_buf, write->wr_buflen);
         */
        avail = (char*)argp->end - (char*)argp->p;
        if (avail + argp->pagelen < write->wr_buflen) {
                dprintk("NFSD: xdr error (%s:%d)\n",
                                __FILE__, __LINE__);
                goto xdr_error;
        }
        write->wr_head.iov_base = p;
        write->wr_head.iov_len = avail;
        write->wr_pagelist = argp->pagelist;

        len = XDR_QUADLEN(write->wr_buflen) << 2;
        if (len >= avail) {
                int pages;

                len -= avail;

                pages = len >> PAGE_SHIFT;
                argp->pagelist += pages;
                argp->pagelen -= pages * PAGE_SIZE;
                len -= pages * PAGE_SIZE;

                next_decode_page(argp);
        }
        argp->p += XDR_QUADLEN(len);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
{
        DECODE_HEAD;

        if (argp->minorversion >= 1)
                return nfserr_notsupp;

        READ_BUF(12);
        COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
        rlockowner->rl_owner.len = be32_to_cpup(p++);
        READ_BUF(rlockowner->rl_owner.len);
        READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);

        if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
                return nfserr_inval;
        DECODE_TAIL;
}

static __be32
nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
                         struct nfsd4_exchange_id *exid)
{
        int dummy, tmp;
        DECODE_HEAD;

        READ_BUF(NFS4_VERIFIER_SIZE);
        COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);

        status = nfsd4_decode_opaque(argp, &exid->clname);
        if (status)
                return nfserr_bad_xdr;

        READ_BUF(4);
        exid->flags = be32_to_cpup(p++);

        /* Ignore state_protect4_a */
        READ_BUF(4);
        exid->spa_how = be32_to_cpup(p++);
        switch (exid->spa_how) {
        case SP4_NONE:
                break;
        case SP4_MACH_CRED:
                /* spo_must_enforce */
                status = nfsd4_decode_bitmap(argp,
                                        exid->spo_must_enforce);
                if (status)
                        goto out;
                /* spo_must_allow */
                status = nfsd4_decode_bitmap(argp, exid->spo_must_allow);
                if (status)
                        goto out;
                break;
        case SP4_SSV:
                /* ssp_ops */
                READ_BUF(4);
                dummy = be32_to_cpup(p++);
                READ_BUF(dummy * 4);
                p += dummy;

                READ_BUF(4);
                dummy = be32_to_cpup(p++);
                READ_BUF(dummy * 4);
                p += dummy;

                /* ssp_hash_algs<> */
                READ_BUF(4);
                tmp = be32_to_cpup(p++);
                while (tmp--) {
                        READ_BUF(4);
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy);
                        p += XDR_QUADLEN(dummy);
                }

                /* ssp_encr_algs<> */
                READ_BUF(4);
                tmp = be32_to_cpup(p++);
                while (tmp--) {
                        READ_BUF(4);
                        dummy = be32_to_cpup(p++);
                        READ_BUF(dummy);
                        p += XDR_QUADLEN(dummy);
                }

                /* ignore ssp_window and ssp_num_gss_handles: */
                READ_BUF(8);
                break;
        default:
                goto xdr_error;
        }

        READ_BUF(4);    /* nfs_impl_id4 array length */
        dummy = be32_to_cpup(p++);

        if (dummy > 1)
                goto xdr_error;

        if (dummy == 1) {
                status = nfsd4_decode_opaque(argp, &exid->nii_domain);
                if (status)
                        goto xdr_error;

                /* nii_name */
                status = nfsd4_decode_opaque(argp, &exid->nii_name);
                if (status)
                        goto xdr_error;

                /* nii_date */
                status = nfsd4_decode_time(argp, &exid->nii_time);
                if (status)
                        goto xdr_error;
        }
        DECODE_TAIL;
}

static __be32
nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
                            struct nfsd4_create_session *sess)
{
        DECODE_HEAD;

        READ_BUF(16);
        COPYMEM(&sess->clientid, 8);
        sess->seqid = be32_to_cpup(p++);
        sess->flags = be32_to_cpup(p++);

        /* Fore channel attrs */
        READ_BUF(28);
        p++; /* headerpadsz is always 0 */
        sess->fore_channel.maxreq_sz = be32_to_cpup(p++);
        sess->fore_channel.maxresp_sz = be32_to_cpup(p++);
        sess->fore_channel.maxresp_cached = be32_to_cpup(p++);
        sess->fore_channel.maxops = be32_to_cpup(p++);
        sess->fore_channel.maxreqs = be32_to_cpup(p++);
        sess->fore_channel.nr_rdma_attrs = be32_to_cpup(p++);
        if (sess->fore_channel.nr_rdma_attrs == 1) {
                READ_BUF(4);
                sess->fore_channel.rdma_attrs = be32_to_cpup(p++);
        } else if (sess->fore_channel.nr_rdma_attrs > 1) {
                dprintk("Too many fore channel attr bitmaps!\n");
                goto xdr_error;
        }

        /* Back channel attrs */
        READ_BUF(28);
        p++; /* headerpadsz is always 0 */
        sess->back_channel.maxreq_sz = be32_to_cpup(p++);
        sess->back_channel.maxresp_sz = be32_to_cpup(p++);
        sess->back_channel.maxresp_cached = be32_to_cpup(p++);
        sess->back_channel.maxops = be32_to_cpup(p++);
        sess->back_channel.maxreqs = be32_to_cpup(p++);
        sess->back_channel.nr_rdma_attrs = be32_to_cpup(p++);
        if (sess->back_channel.nr_rdma_attrs == 1) {
                READ_BUF(4);
                sess->back_channel.rdma_attrs = be32_to_cpup(p++);
        } else if (sess->back_channel.nr_rdma_attrs > 1) {
                dprintk("Too many back channel attr bitmaps!\n");
                goto xdr_error;
        }

        READ_BUF(4);
        sess->callback_prog = be32_to_cpup(p++);
        nfsd4_decode_cb_sec(argp, &sess->cb_sec);
        DECODE_TAIL;
}

static __be32
nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
                             struct nfsd4_destroy_session *destroy_session)
{
        DECODE_HEAD;
        READ_BUF(NFS4_MAX_SESSIONID_LEN);
        COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
                          struct nfsd4_free_stateid *free_stateid)
{
        DECODE_HEAD;

        READ_BUF(sizeof(stateid_t));
        free_stateid->fr_stateid.si_generation = be32_to_cpup(p++);
        COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));

        DECODE_TAIL;
}

static __be32
nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
                      struct nfsd4_sequence *seq)
{
        DECODE_HEAD;

        READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
        COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
        seq->seqid = be32_to_cpup(p++);
        seq->slotid = be32_to_cpup(p++);
        seq->maxslots = be32_to_cpup(p++);
        seq->cachethis = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
{
        int i;
        __be32 *p, status;
        struct nfsd4_test_stateid_id *stateid;

        READ_BUF(4);
        test_stateid->ts_num_ids = ntohl(*p++);

        INIT_LIST_HEAD(&test_stateid->ts_stateid_list);

        for (i = 0; i < test_stateid->ts_num_ids; i++) {
                stateid = svcxdr_tmpalloc(argp, sizeof(*stateid));
                if (!stateid) {
                        status = nfserrno(-ENOMEM);
                        goto out;
                }

                INIT_LIST_HEAD(&stateid->ts_id_list);
                list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);

                status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
                if (status)
                        goto out;
        }

        status = 0;
out:
        return status;
xdr_error:
        dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
        status = nfserr_bad_xdr;
        goto out;
}

static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
{
        DECODE_HEAD;

        READ_BUF(8);
        COPYMEM(&dc->clientid, 8);

        DECODE_TAIL;
}

static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
{
        DECODE_HEAD;

        READ_BUF(4);
        rc->rca_one_fs = be32_to_cpup(p++);

        DECODE_TAIL;
}

#ifdef CONFIG_NFSD_PNFS
static __be32
nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
                struct nfsd4_getdeviceinfo *gdev)
{
        DECODE_HEAD;
        u32 num, i;

        READ_BUF(sizeof(struct nfsd4_deviceid) + 3 * 4);
        COPYMEM(&gdev->gd_devid, sizeof(struct nfsd4_deviceid));
        gdev->gd_layout_type = be32_to_cpup(p++);
        gdev->gd_maxcount = be32_to_cpup(p++);
        num = be32_to_cpup(p++);
        if (num) {
                if (num > 1000)
                        goto xdr_error;
                READ_BUF(4 * num);
                gdev->gd_notify_types = be32_to_cpup(p++);
                for (i = 1; i < num; i++) {
                        if (be32_to_cpup(p++)) {
                                status = nfserr_inval;
                                goto out;
                        }
                }
        }
        DECODE_TAIL;
}

static __be32
nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
                struct nfsd4_layoutget *lgp)
{
        DECODE_HEAD;

        READ_BUF(36);
        lgp->lg_signal = be32_to_cpup(p++);
        lgp->lg_layout_type = be32_to_cpup(p++);
        lgp->lg_seg.iomode = be32_to_cpup(p++);
        p = xdr_decode_hyper(p, &lgp->lg_seg.offset);
        p = xdr_decode_hyper(p, &lgp->lg_seg.length);
        p = xdr_decode_hyper(p, &lgp->lg_minlength);

        status = nfsd4_decode_stateid(argp, &lgp->lg_sid);
        if (status)
                return status;

        READ_BUF(4);
        lgp->lg_maxcount = be32_to_cpup(p++);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
                struct nfsd4_layoutcommit *lcp)
{
        DECODE_HEAD;
        u32 timechange;

        READ_BUF(20);
        p = xdr_decode_hyper(p, &lcp->lc_seg.offset);
        p = xdr_decode_hyper(p, &lcp->lc_seg.length);
        lcp->lc_reclaim = be32_to_cpup(p++);

        status = nfsd4_decode_stateid(argp, &lcp->lc_sid);
        if (status)
                return status;

        READ_BUF(4);
        lcp->lc_newoffset = be32_to_cpup(p++);
        if (lcp->lc_newoffset) {
                READ_BUF(8);
                p = xdr_decode_hyper(p, &lcp->lc_last_wr);
        } else
                lcp->lc_last_wr = 0;
        READ_BUF(4);
        timechange = be32_to_cpup(p++);
        if (timechange) {
                status = nfsd4_decode_time(argp, &lcp->lc_mtime);
                if (status)
                        return status;
        } else {
                lcp->lc_mtime.tv_nsec = UTIME_NOW;
        }
        READ_BUF(8);
        lcp->lc_layout_type = be32_to_cpup(p++);

        /*
         * Save the layout update in XDR format and let the layout driver deal
         * with it later.
         */
        lcp->lc_up_len = be32_to_cpup(p++);
        if (lcp->lc_up_len > 0) {
                READ_BUF(lcp->lc_up_len);
                READMEM(lcp->lc_up_layout, lcp->lc_up_len);
        }

        DECODE_TAIL;
}

static __be32
nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
                struct nfsd4_layoutreturn *lrp)
{
        DECODE_HEAD;

        READ_BUF(16);
        lrp->lr_reclaim = be32_to_cpup(p++);
        lrp->lr_layout_type = be32_to_cpup(p++);
        lrp->lr_seg.iomode = be32_to_cpup(p++);
        lrp->lr_return_type = be32_to_cpup(p++);
        if (lrp->lr_return_type == RETURN_FILE) {
                READ_BUF(16);
                p = xdr_decode_hyper(p, &lrp->lr_seg.offset);
                p = xdr_decode_hyper(p, &lrp->lr_seg.length);

                status = nfsd4_decode_stateid(argp, &lrp->lr_sid);
                if (status)
                        return status;

                READ_BUF(4);
                lrp->lrf_body_len = be32_to_cpup(p++);
                if (lrp->lrf_body_len > 0) {
                        READ_BUF(lrp->lrf_body_len);
                        READMEM(lrp->lrf_body, lrp->lrf_body_len);
                }
        } else {
                lrp->lr_seg.offset = 0;
                lrp->lr_seg.length = NFS4_MAX_UINT64;
        }

        DECODE_TAIL;
}
#endif /* CONFIG_NFSD_PNFS */

static __be32
nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
                       struct nfsd4_fallocate *fallocate)
{
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &fallocate->falloc_stateid);
        if (status)
                return status;

        READ_BUF(16);
        p = xdr_decode_hyper(p, &fallocate->falloc_offset);
        xdr_decode_hyper(p, &fallocate->falloc_length);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
{
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &clone->cl_src_stateid);
        if (status)
                return status;
        status = nfsd4_decode_stateid(argp, &clone->cl_dst_stateid);
        if (status)
                return status;

        READ_BUF(8 + 8 + 8);
        p = xdr_decode_hyper(p, &clone->cl_src_pos);
        p = xdr_decode_hyper(p, &clone->cl_dst_pos);
        p = xdr_decode_hyper(p, &clone->cl_count);
        DECODE_TAIL;
}

static __be32
nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
{
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &copy->cp_src_stateid);
        if (status)
                return status;
        status = nfsd4_decode_stateid(argp, &copy->cp_dst_stateid);
        if (status)
                return status;

        READ_BUF(8 + 8 + 8 + 4 + 4 + 4);
        p = xdr_decode_hyper(p, &copy->cp_src_pos);
        p = xdr_decode_hyper(p, &copy->cp_dst_pos);
        p = xdr_decode_hyper(p, &copy->cp_count);
        p++; /* ca_consecutive: we always do consecutive copies */
        copy->cp_synchronous = be32_to_cpup(p++);
        /* tmp = be32_to_cpup(p); Source server list not supported */

        DECODE_TAIL;
}

static __be32
nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp,
                            struct nfsd4_offload_status *os)
{
        return nfsd4_decode_stateid(argp, &os->stateid);
}

static __be32
nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
{
        DECODE_HEAD;

        status = nfsd4_decode_stateid(argp, &seek->seek_stateid);
        if (status)
                return status;

        READ_BUF(8 + 4);
        p = xdr_decode_hyper(p, &seek->seek_offset);
        seek->seek_whence = be32_to_cpup(p);

        DECODE_TAIL;
}

static __be32
nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
{
        return nfs_ok;
}

static __be32
nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
{
        return nfserr_notsupp;
}

typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);

static const nfsd4_dec nfsd4_dec_ops[] = {
        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
        [OP_CREATE]             = (nfsd4_dec)nfsd4_decode_create,
        [OP_DELEGPURGE]         = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_DELEGRETURN]        = (nfsd4_dec)nfsd4_decode_delegreturn,
        [OP_GETATTR]            = (nfsd4_dec)nfsd4_decode_getattr,
        [OP_GETFH]              = (nfsd4_dec)nfsd4_decode_noop,
        [OP_LINK]               = (nfsd4_dec)nfsd4_decode_link,
        [OP_LOCK]               = (nfsd4_dec)nfsd4_decode_lock,
        [OP_LOCKT]              = (nfsd4_dec)nfsd4_decode_lockt,
        [OP_LOCKU]              = (nfsd4_dec)nfsd4_decode_locku,
        [OP_LOOKUP]             = (nfsd4_dec)nfsd4_decode_lookup,
        [OP_LOOKUPP]            = (nfsd4_dec)nfsd4_decode_noop,
        [OP_NVERIFY]            = (nfsd4_dec)nfsd4_decode_verify,
        [OP_OPEN]               = (nfsd4_dec)nfsd4_decode_open,
        [OP_OPENATTR]           = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_OPEN_CONFIRM]       = (nfsd4_dec)nfsd4_decode_open_confirm,
        [OP_OPEN_DOWNGRADE]     = (nfsd4_dec)nfsd4_decode_open_downgrade,
        [OP_PUTFH]              = (nfsd4_dec)nfsd4_decode_putfh,
        [OP_PUTPUBFH]           = (nfsd4_dec)nfsd4_decode_putpubfh,
        [OP_PUTROOTFH]          = (nfsd4_dec)nfsd4_decode_noop,
        [OP_READ]               = (nfsd4_dec)nfsd4_decode_read,
        [OP_READDIR]            = (nfsd4_dec)nfsd4_decode_readdir,
        [OP_READLINK]           = (nfsd4_dec)nfsd4_decode_noop,
        [OP_REMOVE]             = (nfsd4_dec)nfsd4_decode_remove,
        [OP_RENAME]             = (nfsd4_dec)nfsd4_decode_rename,
        [OP_RENEW]              = (nfsd4_dec)nfsd4_decode_renew,
        [OP_RESTOREFH]          = (nfsd4_dec)nfsd4_decode_noop,
        [OP_SAVEFH]             = (nfsd4_dec)nfsd4_decode_noop,
        [OP_SECINFO]            = (nfsd4_dec)nfsd4_decode_secinfo,
        [OP_SETATTR]            = (nfsd4_dec)nfsd4_decode_setattr,
        [OP_SETCLIENTID]        = (nfsd4_dec)nfsd4_decode_setclientid,
        [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
        [OP_VERIFY]             = (nfsd4_dec)nfsd4_decode_verify,
        [OP_WRITE]              = (nfsd4_dec)nfsd4_decode_write,
        [OP_RELEASE_LOCKOWNER]  = (nfsd4_dec)nfsd4_decode_release_lockowner,

        /* new operations for NFSv4.1 */
        [OP_BACKCHANNEL_CTL]    = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
        [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
        [OP_EXCHANGE_ID]        = (nfsd4_dec)nfsd4_decode_exchange_id,
        [OP_CREATE_SESSION]     = (nfsd4_dec)nfsd4_decode_create_session,
        [OP_DESTROY_SESSION]    = (nfsd4_dec)nfsd4_decode_destroy_session,
        [OP_FREE_STATEID]       = (nfsd4_dec)nfsd4_decode_free_stateid,
        [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
#ifdef CONFIG_NFSD_PNFS
        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_getdeviceinfo,
        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_layoutcommit,
        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_layoutget,
        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_layoutreturn,
#else
        [OP_GETDEVICEINFO]      = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_GETDEVICELIST]      = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTCOMMIT]       = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTGET]          = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTRETURN]       = (nfsd4_dec)nfsd4_decode_notsupp,
#endif
        [OP_SECINFO_NO_NAME]    = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
        [OP_SEQUENCE]           = (nfsd4_dec)nfsd4_decode_sequence,
        [OP_SET_SSV]            = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_TEST_STATEID]       = (nfsd4_dec)nfsd4_decode_test_stateid,
        [OP_WANT_DELEGATION]    = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_DESTROY_CLIENTID]   = (nfsd4_dec)nfsd4_decode_destroy_clientid,
        [OP_RECLAIM_COMPLETE]   = (nfsd4_dec)nfsd4_decode_reclaim_complete,

        /* new operations for NFSv4.2 */
        [OP_ALLOCATE]           = (nfsd4_dec)nfsd4_decode_fallocate,
        [OP_COPY]               = (nfsd4_dec)nfsd4_decode_copy,
        [OP_COPY_NOTIFY]        = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_DEALLOCATE]         = (nfsd4_dec)nfsd4_decode_fallocate,
        [OP_IO_ADVISE]          = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTERROR]        = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_LAYOUTSTATS]        = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_OFFLOAD_CANCEL]     = (nfsd4_dec)nfsd4_decode_offload_status,
        [OP_OFFLOAD_STATUS]     = (nfsd4_dec)nfsd4_decode_offload_status,
        [OP_READ_PLUS]          = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_SEEK]               = (nfsd4_dec)nfsd4_decode_seek,
        [OP_WRITE_SAME]         = (nfsd4_dec)nfsd4_decode_notsupp,
        [OP_CLONE]              = (nfsd4_dec)nfsd4_decode_clone,
};

static inline bool
nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
{
        if (op->opnum < FIRST_NFS4_OP)
                return false;
        else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
                return false;
        else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
                return false;
        else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
                return false;
        return true;
}

static __be32
nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
{
        DECODE_HEAD;
        struct nfsd4_op *op;
        bool cachethis = false;
        int auth_slack= argp->rqstp->rq_auth_slack;
        int max_reply = auth_slack + 8; /* opcnt, status */
        int readcount = 0;
        int readbytes = 0;
        int i;

        READ_BUF(4);
        argp->taglen = be32_to_cpup(p++);
        READ_BUF(argp->taglen);
        SAVEMEM(argp->tag, argp->taglen);
        READ_BUF(8);
        argp->minorversion = be32_to_cpup(p++);
        argp->opcnt = be32_to_cpup(p++);
        max_reply += 4 + (XDR_QUADLEN(argp->taglen) << 2);

        if (argp->taglen > NFSD4_MAX_TAGLEN)
                goto xdr_error;
        /*
         * NFS4ERR_RESOURCE is a more helpful error than GARBAGE_ARGS
         * here, so we return success at the xdr level so that
         * nfsd4_proc can handle this is an NFS-level error.
         */
        if (argp->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
                return 0;

        if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
                argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
                if (!argp->ops) {
                        argp->ops = argp->iops;
                        dprintk("nfsd: couldn't allocate room for COMPOUND\n");
                        goto xdr_error;
                }
        }

        if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
                argp->opcnt = 0;

        for (i = 0; i < argp->opcnt; i++) {
                op = &argp->ops[i];
                op->replay = NULL;

                READ_BUF(4);
                op->opnum = be32_to_cpup(p++);

                if (nfsd4_opnum_in_range(argp, op))
                        op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
                else {
                        op->opnum = OP_ILLEGAL;
                        op->status = nfserr_op_illegal;
                }
                op->opdesc = OPDESC(op);
                /*
                 * We'll try to cache the result in the DRC if any one
                 * op in the compound wants to be cached:
                 */
                cachethis |= nfsd4_cache_this_op(op);

                if (op->opnum == OP_READ) {
                        readcount++;
                        readbytes += nfsd4_max_reply(argp->rqstp, op);
                } else
                        max_reply += nfsd4_max_reply(argp->rqstp, op);
                /*
                 * OP_LOCK and OP_LOCKT may return a conflicting lock.
                 * (Special case because it will just skip encoding this
                 * if it runs out of xdr buffer space, and it is the only
                 * operation that behaves this way.)
                 */
                if (op->opnum == OP_LOCK || op->opnum == OP_LOCKT)
                        max_reply += NFS4_OPAQUE_LIMIT;

                if (op->status) {
                        argp->opcnt = i+1;
                        break;
                }
        }
        /* Sessions make the DRC unnecessary: */
        if (argp->minorversion)
                cachethis = false;
        svc_reserve(argp->rqstp, max_reply + readbytes);
        argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;

        if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
                clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags);

        DECODE_TAIL;
}

static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode,
                             struct svc_export *exp)

{
        if (exp->ex_flags & NFSEXP_V4ROOT) {
                *p++ = cpu_to_be32(convert_to_wallclock(exp->cd->flush_time));
                *p++ = 0;
        } else if (IS_I_VERSION(inode)) {
                p = xdr_encode_hyper(p, nfsd4_change_attribute(stat, inode));
        } else {
                *p++ = cpu_to_be32(stat->ctime.tv_sec);
                *p++ = cpu_to_be32(stat->ctime.tv_nsec);
        }
        return p;
}

/*
 * ctime (in NFSv4, time_metadata) is not writeable, and the client
 * doesn't really care what resolution could theoretically be stored by
 * the filesystem.
 *
 * The client cares how close together changes can be while still
 * guaranteeing ctime changes.  For most filesystems (which have
 * timestamps with nanosecond fields) that is limited by the resolution
 * of the time returned from current_time() (which I'm assuming to be
 * 1/HZ).
 */
static __be32 *encode_time_delta(__be32 *p, struct inode *inode)
{
        struct timespec ts;
        u32 ns;

        ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran);
        ts = ns_to_timespec(ns);

        p = xdr_encode_hyper(p, ts.tv_sec);
        *p++ = cpu_to_be32(ts.tv_nsec);

        return p;
}

static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
{
        *p++ = cpu_to_be32(c->atomic);
        if (c->change_supported) {
                p = xdr_encode_hyper(p, c->before_change);
                p = xdr_encode_hyper(p, c->after_change);
        } else {
                *p++ = cpu_to_be32(c->before_ctime_sec);
                *p++ = cpu_to_be32(c->before_ctime_nsec);
                *p++ = cpu_to_be32(c->after_ctime_sec);
                *p++ = cpu_to_be32(c->after_ctime_nsec);
        }
        return p;
}

/* Encode as an array of strings the string given with components
 * separated @sep, escaped with esc_enter and esc_exit.
 */
static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
                                          char *components, char esc_enter,
                                          char esc_exit)
{
        __be32 *p;
        __be32 pathlen;
        int pathlen_offset;
        int strlen, count=0;
        char *str, *end, *next;

        dprintk("nfsd4_encode_components(%s)\n", components);

        pathlen_offset = xdr->buf->len;
        p = xdr_reserve_space(xdr, 4);
        if (!p)
                return nfserr_resource;
        p++; /* We will fill this in with @count later */

        end = str = components;
        while (*end) {
                bool found_esc = false;

                /* try to parse as esc_start, ..., esc_end, sep */
                if (*str == esc_enter) {
                        for (; *end && (*end != esc_exit); end++)
                                /* find esc_exit or end of string */;
                        next = end + 1;
                        if (*end && (!*next || *next == sep)) {
                                str++;
                                found_esc = true;
                        }
                }

                if (!found_esc)
                        for (; *end && (*end != sep); end++)
                                /* find sep or end of string */;

                strlen = end - str;
                if (strlen) {
                        p = xdr_reserve_space(xdr, strlen + 4);
                        if (!p)
                                return nfserr_resource;
                        p = xdr_encode_opaque(p, str, strlen);
                        count++;
                }
                else
                        end++;
                if (found_esc)
                        end = next;

                str = end;
        }
        pathlen = htonl(count);
        write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
        return 0;
}

/* Encode as an array of strings the string given with components
 * separated @sep.
 */
static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
                                      char *components)
{
        return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
}

/*
 * encode a location element of a fs_locations structure
 */
static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
                                        struct nfsd4_fs_location *location)
{
        __be32 status;

        status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
                                                '[', ']');
        if (status)
                return status;
        status = nfsd4_encode_components(xdr, '/', location->path);
        if (status)
                return status;
        return 0;
}

/*
 * Encode a path in RFC3530 'pathname4' format
 */
static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
                                const struct path *root,
                                const struct path *path)
{
        struct path cur = *path;
        __be32 *p;
        struct dentry **components = NULL;
        unsigned int ncomponents = 0;
        __be32 err = nfserr_jukebox;

        dprintk("nfsd4_encode_components(");

        path_get(&cur);
        /* First walk the path up to the nfsd root, and store the
         * dentries/path components in an array.
         */
        for (;;) {
                if (path_equal(&cur, root))
                        break;
                if (cur.dentry == cur.mnt->mnt_root) {
                        if (follow_up(&cur))
                                continue;
                        goto out_free;
                }
                if ((ncomponents & 15) == 0) {
                        struct dentry **new;
                        new = krealloc(components,
                                        sizeof(*new) * (ncomponents + 16),
                                        GFP_KERNEL);
                        if (!new)
                                goto out_free;
                        components = new;
                }
                components[ncomponents++] = cur.dentry;
                cur.dentry = dget_parent(cur.dentry);
        }
        err = nfserr_resource;
        p = xdr_reserve_space(xdr, 4);
        if (!p)
                goto out_free;
        *p++ = cpu_to_be32(ncomponents);

        while (ncomponents) {
                struct dentry *dentry = components[ncomponents - 1];
                unsigned int len;

                spin_lock(&dentry->d_lock);
                len = dentry->d_name.len;
                p = xdr_reserve_space(xdr, len + 4);
                if (!p) {
                        spin_unlock(&dentry->d_lock);
                        goto out_free;
                }
                p = xdr_encode_opaque(p, dentry->d_name.name, len);
                dprintk("/%pd", dentry);
                spin_unlock(&dentry->d_lock);
                dput(dentry);
                ncomponents--;
        }

        err = 0;
out_free:
        dprintk(")\n");
        while (ncomponents)
                dput(components[--ncomponents]);
        kfree(components);
        path_put(&cur);
        return err;
}

static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
                        struct svc_rqst *rqstp, const struct path *path)
{
        struct svc_export *exp_ps;
        __be32 res;

        exp_ps = rqst_find_fsidzero_export(rqstp);
        if (IS_ERR(exp_ps))
                return nfserrno(PTR_ERR(exp_ps));
        res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
        exp_put(exp_ps);
        return res;
}

/*
 *  encode a fs_locations structure
 */
static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
                        struct svc_rqst *rqstp, struct svc_export *exp)
{
        __be32 status;
        int i;
        __be32 *p;
        struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;

        status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
        if (status)
                return status;
        p = xdr_reserve_space(xdr, 4);
        if (!p)
                return nfserr_resource;
        *p++ = cpu_to_be32(fslocs->locations_count);
        for (i=0; i<fslocs->locations_count; i++) {
                status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
                if (status)
                        return status;
        }
        return 0;
}

static u32 nfs4_file_type(umode_t mode)
{
        switch (mode & S_IFMT) {
        case S_IFIFO:   return NF4FIFO;
        case S_IFCHR:   return NF4CHR;
        case S_IFDIR:   return NF4DIR;
        case S_IFBLK:   return NF4BLK;
        case S_IFLNK:   return NF4LNK;
        case S_IFREG:   return NF4REG;
        case S_IFSOCK:  return NF4SOCK;
        default:        return NF4BAD;
        };
}

static inline __be32
nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
                     struct nfs4_ace *ace)
{
        if (ace->whotype != NFS4_ACL_WHO_NAMED)
                return nfs4_acl_write_who(xdr, ace->whotype);
        else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
                return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
        else
                return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
}

static inline __be32
nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
{
        __be32          *p;
        unsigned long   i = hweight_long(layout_types);

        p = xdr_reserve_space(xdr, 4 + 4 * i);
        if (!p)
                return nfserr_resource;

        *p++ = cpu_to_be32(i);

        for (i = LAYOUT_NFSV4_1_FILES; i < LAYOUT_TYPE_MAX; ++i)
                if (layout_types & (1 << i))
                        *p++ = cpu_to_be32(i);

        return 0;
}

#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
                              FATTR4_WORD0_RDATTR_ERROR)
#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
#define WORD2_ABSENT_FS_ATTRS 0

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
static inline __be32
nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
                            void *context, int len)
{
        __be32 *p;

        p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
        if (!p)
                return nfserr_resource;

        /*
         * For now we use a 0 here to indicate the null translation; in
         * the future we may place a call to translation code here.
         */
        *p++ = cpu_to_be32(0); /* lfs */
        *p++ = cpu_to_be32(0); /* pi */
        p = xdr_encode_opaque(p, context, len);
        return 0;
}
#else
static inline __be32
nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
                            void *context, int len)
{ return 0; }
#endif

static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err)
{
        /* As per referral draft:  */
        if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
            *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
                if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
                    *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
                        *rdattr_err = NFSERR_MOVED;
                else
                        return nfserr_moved;
        }
        *bmval0 &= WORD0_ABSENT_FS_ATTRS;
        *bmval1 &= WORD1_ABSENT_FS_ATTRS;
        *bmval2 &= WORD2_ABSENT_FS_ATTRS;
        return 0;
}


static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
{
        struct path path = exp->ex_path;
        int err;

        path_get(&path);
        while (follow_up(&path)) {
                if (path.dentry != path.mnt->mnt_root)
                        break;
        }
        err = vfs_getattr(&path, stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
        path_put(&path);
        return err;
}

static __be32
nfsd4_encode_bitmap(struct xdr_stream *xdr, u32 bmval0, u32 bmval1, u32 bmval2)
{
        __be32 *p;

        if (bmval2) {
                p = xdr_reserve_space(xdr, 16);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(3);
                *p++ = cpu_to_be32(bmval0);
                *p++ = cpu_to_be32(bmval1);
                *p++ = cpu_to_be32(bmval2);
        } else if (bmval1) {
                p = xdr_reserve_space(xdr, 12);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(2);
                *p++ = cpu_to_be32(bmval0);
                *p++ = cpu_to_be32(bmval1);
        } else {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
                *p++ = cpu_to_be32(bmval0);
        }

        return 0;
out_resource:
        return nfserr_resource;
}

/*
 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
 * ourselves.
 */
static __be32
nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
                struct svc_export *exp,
                struct dentry *dentry, u32 *bmval,
                struct svc_rqst *rqstp, int ignore_crossmnt)
{
        u32 bmval0 = bmval[0];
        u32 bmval1 = bmval[1];
        u32 bmval2 = bmval[2];
        struct kstat stat;
        struct svc_fh *tempfh = NULL;
        struct kstatfs statfs;
        __be32 *p;
        int starting_len = xdr->buf->len;
        int attrlen_offset;
        __be32 attrlen;
        u32 dummy;
        u64 dummy64;
        u32 rdattr_err = 0;
        __be32 status;
        int err;
        struct nfs4_acl *acl = NULL;
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
        void *context = NULL;
        int contextlen;
#endif
        bool contextsupport = false;
        struct nfsd4_compoundres *resp = rqstp->rq_resp;
        u32 minorversion = resp->cstate.minorversion;
        struct path path = {
                .mnt    = exp->ex_path.mnt,
                .dentry = dentry,
        };
        struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

        BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
        BUG_ON(!nfsd_attrs_supported(minorversion, bmval));

        if (exp->ex_fslocs.migrated) {
                status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err);
                if (status)
                        goto out;
        }

        err = vfs_getattr(&path, &stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
        if (err)
                goto out_nfserr;
        if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
                        FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
            (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
                       FATTR4_WORD1_SPACE_TOTAL))) {
                err = vfs_statfs(&path, &statfs);
                if (err)
                        goto out_nfserr;
        }
        if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
                tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
                status = nfserr_jukebox;
                if (!tempfh)
                        goto out;
                fh_init(tempfh, NFS4_FHSIZE);
                status = fh_compose(tempfh, exp, dentry, NULL);
                if (status)
                        goto out;
                fhp = tempfh;
        }
        if (bmval0 & FATTR4_WORD0_ACL) {
                err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
                if (err == -EOPNOTSUPP)
                        bmval0 &= ~FATTR4_WORD0_ACL;
                else if (err == -EINVAL) {
                        status = nfserr_attrnotsupp;
                        goto out;
                } else if (err != 0)
                        goto out_nfserr;
        }

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
        if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) ||
             bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
                if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
                        err = security_inode_getsecctx(d_inode(dentry),
                                                &context, &contextlen);
                else
                        err = -EOPNOTSUPP;
                contextsupport = (err == 0);
                if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
                        if (err == -EOPNOTSUPP)
                                bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
                        else if (err)
                                goto out_nfserr;
                }
        }
#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */

        status = nfsd4_encode_bitmap(xdr, bmval0, bmval1, bmval2);
        if (status)
                goto out;

        attrlen_offset = xdr->buf->len;
        p = xdr_reserve_space(xdr, 4);
        if (!p)
                goto out_resource;
        p++;                /* to be backfilled later */

        if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
                u32 supp[3];

                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));

                if (!IS_POSIXACL(dentry->d_inode))
                        supp[0] &= ~FATTR4_WORD0_ACL;
                if (!contextsupport)
                        supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
                if (!supp[2]) {
                        p = xdr_reserve_space(xdr, 12);
                        if (!p)
                                goto out_resource;
                        *p++ = cpu_to_be32(2);
                        *p++ = cpu_to_be32(supp[0]);
                        *p++ = cpu_to_be32(supp[1]);
                } else {
                        p = xdr_reserve_space(xdr, 16);
                        if (!p)
                                goto out_resource;
                        *p++ = cpu_to_be32(3);
                        *p++ = cpu_to_be32(supp[0]);
                        *p++ = cpu_to_be32(supp[1]);
                        *p++ = cpu_to_be32(supp[2]);
                }
        }
        if (bmval0 & FATTR4_WORD0_TYPE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                dummy = nfs4_file_type(stat.mode);
                if (dummy == NF4BAD) {
                        status = nfserr_serverfault;
                        goto out;
                }
                *p++ = cpu_to_be32(dummy);
        }
        if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
                else
                        *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
                                                NFS4_FH_VOL_RENAME);
        }
        if (bmval0 & FATTR4_WORD0_CHANGE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = encode_change(p, &stat, d_inode(dentry), exp);
        }
        if (bmval0 & FATTR4_WORD0_SIZE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, stat.size);
        }
        if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(0);
        }
        if (bmval0 & FATTR4_WORD0_FSID) {
                p = xdr_reserve_space(xdr, 16);
                if (!p)
                        goto out_resource;
                if (exp->ex_fslocs.migrated) {
                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
                        p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
                } else switch(fsid_source(fhp)) {
                case FSIDSOURCE_FSID:
                        p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
                        p = xdr_encode_hyper(p, (u64)0);
                        break;
                case FSIDSOURCE_DEV:
                        *p++ = cpu_to_be32(0);
                        *p++ = cpu_to_be32(MAJOR(stat.dev));
                        *p++ = cpu_to_be32(0);
                        *p++ = cpu_to_be32(MINOR(stat.dev));
                        break;
                case FSIDSOURCE_UUID:
                        p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
                                                                EX_UUID_LEN);
                        break;
                }
        }
        if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(0);
        }
        if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(nn->nfsd4_lease);
        }
        if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(rdattr_err);
        }
        if (bmval0 & FATTR4_WORD0_ACL) {
                struct nfs4_ace *ace;

                if (acl == NULL) {
                        p = xdr_reserve_space(xdr, 4);
                        if (!p)
                                goto out_resource;

                        *p++ = cpu_to_be32(0);
                        goto out_acl;
                }
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(acl->naces);

                for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
                        p = xdr_reserve_space(xdr, 4*3);
                        if (!p)
                                goto out_resource;
                        *p++ = cpu_to_be32(ace->type);
                        *p++ = cpu_to_be32(ace->flag);
                        *p++ = cpu_to_be32(ace->access_mask &
                                                        NFS4_ACE_MASK_ALL);
                        status = nfsd4_encode_aclname(xdr, rqstp, ace);
                        if (status)
                                goto out;
                }
        }
out_acl:
        if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(IS_POSIXACL(dentry->d_inode) ?
                        ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
        }
        if (bmval0 & FATTR4_WORD0_CANSETTIME) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(0);
        }
        if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
                p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
                if (!p)
                        goto out_resource;
                p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
                                        fhp->fh_handle.fh_size);
        }
        if (bmval0 & FATTR4_WORD0_FILEID) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, stat.ino);
        }
        if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
        }
        if (bmval0 & FATTR4_WORD0_FILES_FREE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
        }
        if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (u64) statfs.f_files);
        }
        if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
                status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
                if (status)
                        goto out;
        }
        if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
        }
        if (bmval0 & FATTR4_WORD0_MAXLINK) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(255);
        }
        if (bmval0 & FATTR4_WORD0_MAXNAME) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(statfs.f_namelen);
        }
        if (bmval0 & FATTR4_WORD0_MAXREAD) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
        }
        if (bmval0 & FATTR4_WORD0_MAXWRITE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
        }
        if (bmval1 & FATTR4_WORD1_MODE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
        }
        if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(1);
        }
        if (bmval1 & FATTR4_WORD1_NUMLINKS) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(stat.nlink);
        }
        if (bmval1 & FATTR4_WORD1_OWNER) {
                status = nfsd4_encode_user(xdr, rqstp, stat.uid);
                if (status)
                        goto out;
        }
        if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
                status = nfsd4_encode_group(xdr, rqstp, stat.gid);
                if (status)
                        goto out;
        }
        if (bmval1 & FATTR4_WORD1_RAWDEV) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
                *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
        }
        if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
                p = xdr_encode_hyper(p, dummy64);
        }
        if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
                p = xdr_encode_hyper(p, dummy64);
        }
        if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
                p = xdr_encode_hyper(p, dummy64);
        }
        if (bmval1 & FATTR4_WORD1_SPACE_USED) {
                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                dummy64 = (u64)stat.blocks << 9;
                p = xdr_encode_hyper(p, dummy64);
        }
        if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
                p = xdr_reserve_space(xdr, 12);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
                *p++ = cpu_to_be32(stat.atime.tv_nsec);
        }
        if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
                p = xdr_reserve_space(xdr, 12);
                if (!p)
                        goto out_resource;
                p = encode_time_delta(p, d_inode(dentry));
        }
        if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
                p = xdr_reserve_space(xdr, 12);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
                *p++ = cpu_to_be32(stat.ctime.tv_nsec);
        }
        if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
                p = xdr_reserve_space(xdr, 12);
                if (!p)
                        goto out_resource;
                p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
                *p++ = cpu_to_be32(stat.mtime.tv_nsec);
        }
        if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
                struct kstat parent_stat;
                u64 ino = stat.ino;

                p = xdr_reserve_space(xdr, 8);
                if (!p)
                        goto out_resource;
                /*
                 * Get parent's attributes if not ignoring crossmount
                 * and this is the root of a cross-mounted filesystem.
                 */
                if (ignore_crossmnt == 0 &&
                    dentry == exp->ex_path.mnt->mnt_root) {
                        err = get_parent_attributes(exp, &parent_stat);
                        if (err)
                                goto out_nfserr;
                        ino = parent_stat.ino;
                }
                p = xdr_encode_hyper(p, ino);
        }
#ifdef CONFIG_NFSD_PNFS
        if (bmval1 & FATTR4_WORD1_FS_LAYOUT_TYPES) {
                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
                if (status)
                        goto out;
        }

        if (bmval2 & FATTR4_WORD2_LAYOUT_TYPES) {
                status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
                if (status)
                        goto out;
        }

        if (bmval2 & FATTR4_WORD2_LAYOUT_BLKSIZE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                *p++ = cpu_to_be32(stat.blksize);
        }
#endif /* CONFIG_NFSD_PNFS */
        if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
                u32 supp[3];

                memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
                supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0;
                supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1;
                supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2;

                status = nfsd4_encode_bitmap(xdr, supp[0], supp[1], supp[2]);
                if (status)
                        goto out;
        }

        if (bmval2 & FATTR4_WORD2_CHANGE_ATTR_TYPE) {
                p = xdr_reserve_space(xdr, 4);
                if (!p)
                        goto out_resource;
                if (IS_I_VERSION(d_inode(dentry)))
                        *p++ = cpu_to_be32(NFS4_CHANGE_TYPE_IS_MONOTONIC_INCR);
                else
                        *p++ = cpu_to_be32(NFS4_CHANGE_TYPE_IS_TIME_METADATA);
        }

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
        if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
                status = nfsd4_encode_security_label(xdr, rqstp, context,
                                                                contextlen);
                if (status)
                        goto out;
        }
#endif

        attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
        write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
        status = nfs_ok;

out:
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
        if (context)
                security_release_secctx(context, contextlen);
#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
        kfree(acl);
        if (tempfh) {
                fh_put(tempfh);
                kfree(tempfh);
        }
        if (status)
                xdr_truncate_encode(xdr, starting_len);
        return status;
out_nfserr:
        status = nfserrno(err);
        goto out;
out_resource:
        status = nfserr_resource;
        goto out;
}

static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
                                struct xdr_buf *buf, __be32 *p, int bytes)
{
        xdr->scratch.iov_len = 0;
        memset(buf, 0, sizeof(struct xdr_buf));
        buf->head[0].iov_base = p;
        buf->head[0].iov_len = 0;
        buf->len = 0;
        xdr->buf = buf;
        xdr->iov = buf->head;
        xdr->p = p;
        xdr->end = (void *)p + bytes;
        buf->buflen = bytes;
}

__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
                        struct svc_fh *fhp, struct svc_export *exp,
                        struct dentry *dentry, u32 *bmval,
                        struct svc_rqst *rqstp, int ignore_crossmnt)
{
        struct xdr_buf dummy;
        struct xdr_stream xdr;
        __be32 ret;

        svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
        ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
                                                        ignore_crossmnt);
        *p = xdr.p;
        return ret;
}

static inline int attributes_need_mount(u32 *bmval)
{
        if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
                return 1;
        if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
                return 1;
        return 0;
}

static __be32
nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
                        const char *name, int namlen)
{
        struct svc_export *exp = cd->rd_fhp->fh_export;
        struct dentry *dentry;
        __be32 nfserr;
        int ignore_crossmnt = 0;

        dentry = lookup_one_len_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
        if (IS_ERR(dentry))
                return nfserrno(PTR_ERR(dentry));
        if (d_really_is_negative(dentry)) {
                /*
                 * we're not holding the i_mutex here, so there's
                 * a window where this directory entry could have gone