1 #define MSNFS /* HACK HACK */
3 * NFS exporting and validation.
5 * We maintain a list of clients, each of which has a list of
6 * exports. To export an fs to a given client, you first have
7 * to create the client entry with NFSCTL_ADDCLIENT, which
8 * creates a client control block and adds it to the hash
9 * table. Then, you call NFSCTL_EXPORT for each fs.
15 #include <linux/slab.h>
16 #include <linux/namei.h>
17 #include <linux/module.h>
18 #include <linux/exportfs.h>
20 #include <linux/nfsd/syscall.h>
26 #define NFSDDBG_FACILITY NFSDDBG_EXPORT
28 typedef struct auth_domain svc_client;
29 typedef struct svc_export svc_export;
33 * One maps client+vfsmnt+dentry to export options - the export map
34 * The other maps client+filehandle-fragment to export options. - the expkey map
36 * The export options are actually stored in the first map, and the
37 * second map contains a reference to the entry in the first map.
40 #define EXPKEY_HASHBITS 8
41 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
42 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
43 static struct cache_head *expkey_table[EXPKEY_HASHMAX];
45 static void expkey_put(struct kref *ref)
47 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
49 if (test_bit(CACHE_VALID, &key->h.flags) &&
50 !test_bit(CACHE_NEGATIVE, &key->h.flags))
51 path_put(&key->ek_path);
52 auth_domain_put(key->ek_client);
56 static void expkey_request(struct cache_detail *cd,
58 char **bpp, int *blen)
60 /* client fsidtype \xfsid */
61 struct svc_expkey *ek = container_of(h, struct svc_expkey, h);
64 qword_add(bpp, blen, ek->ek_client->name);
65 snprintf(type, 5, "%d", ek->ek_fsidtype);
66 qword_add(bpp, blen, type);
67 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype));
71 static int expkey_upcall(struct cache_detail *cd, struct cache_head *h)
73 return sunrpc_cache_pipe_upcall(cd, h, expkey_request);
76 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old);
77 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *);
78 static struct cache_detail svc_expkey_cache;
80 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen)
82 /* client fsidtype fsid [path] */
85 struct auth_domain *dom = NULL;
89 struct svc_expkey key;
90 struct svc_expkey *ek = NULL;
92 if (mesg[mlen-1] != '\n')
96 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
102 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
106 dom = auth_domain_find(buf);
109 dprintk("found domain %s\n", buf);
112 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
114 fsidtype = simple_strtoul(buf, &ep, 10);
117 dprintk("found fsidtype %d\n", fsidtype);
118 if (key_len(fsidtype)==0) /* invalid type */
120 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
122 dprintk("found fsid length %d\n", len);
123 if (len != key_len(fsidtype))
126 /* OK, we seem to have a valid key */
128 key.h.expiry_time = get_expiry(&mesg);
129 if (key.h.expiry_time == 0)
133 key.ek_fsidtype = fsidtype;
134 memcpy(key.ek_fsid, buf, len);
136 ek = svc_expkey_lookup(&key);
141 /* now we want a pathname, or empty meaning NEGATIVE */
143 len = qword_get(&mesg, buf, PAGE_SIZE);
146 dprintk("Path seems to be <%s>\n", buf);
149 set_bit(CACHE_NEGATIVE, &key.h.flags);
150 ek = svc_expkey_update(&key, ek);
154 err = kern_path(buf, 0, &key.ek_path);
158 dprintk("Found the path %s\n", buf);
160 ek = svc_expkey_update(&key, ek);
163 path_put(&key.ek_path);
168 cache_put(&ek->h, &svc_expkey_cache);
170 auth_domain_put(dom);
175 static int expkey_show(struct seq_file *m,
176 struct cache_detail *cd,
177 struct cache_head *h)
179 struct svc_expkey *ek ;
183 seq_puts(m, "#domain fsidtype fsid [path]\n");
186 ek = container_of(h, struct svc_expkey, h);
187 seq_printf(m, "%s %d 0x", ek->ek_client->name,
189 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++)
190 seq_printf(m, "%08x", ek->ek_fsid[i]);
191 if (test_bit(CACHE_VALID, &h->flags) &&
192 !test_bit(CACHE_NEGATIVE, &h->flags)) {
194 seq_path(m, &ek->ek_path, "\\ \t\n");
200 static inline int expkey_match (struct cache_head *a, struct cache_head *b)
202 struct svc_expkey *orig = container_of(a, struct svc_expkey, h);
203 struct svc_expkey *new = container_of(b, struct svc_expkey, h);
205 if (orig->ek_fsidtype != new->ek_fsidtype ||
206 orig->ek_client != new->ek_client ||
207 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0)
212 static inline void expkey_init(struct cache_head *cnew,
213 struct cache_head *citem)
215 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
216 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
218 kref_get(&item->ek_client->ref);
219 new->ek_client = item->ek_client;
220 new->ek_fsidtype = item->ek_fsidtype;
222 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid));
225 static inline void expkey_update(struct cache_head *cnew,
226 struct cache_head *citem)
228 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
229 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
231 new->ek_path = item->ek_path;
232 path_get(&item->ek_path);
235 static struct cache_head *expkey_alloc(void)
237 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL);
244 static struct cache_detail svc_expkey_cache = {
245 .owner = THIS_MODULE,
246 .hash_size = EXPKEY_HASHMAX,
247 .hash_table = expkey_table,
249 .cache_put = expkey_put,
250 .cache_upcall = expkey_upcall,
251 .cache_parse = expkey_parse,
252 .cache_show = expkey_show,
253 .match = expkey_match,
255 .update = expkey_update,
256 .alloc = expkey_alloc,
260 svc_expkey_hash(struct svc_expkey *item)
262 int hash = item->ek_fsidtype;
263 char * cp = (char*)item->ek_fsid;
264 int len = key_len(item->ek_fsidtype);
266 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
267 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS);
268 hash &= EXPKEY_HASHMASK;
272 static struct svc_expkey *
273 svc_expkey_lookup(struct svc_expkey *item)
275 struct cache_head *ch;
276 int hash = svc_expkey_hash(item);
278 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h,
281 return container_of(ch, struct svc_expkey, h);
286 static struct svc_expkey *
287 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old)
289 struct cache_head *ch;
290 int hash = svc_expkey_hash(new);
292 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h,
295 return container_of(ch, struct svc_expkey, h);
301 #define EXPORT_HASHBITS 8
302 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
303 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1)
305 static struct cache_head *export_table[EXPORT_HASHMAX];
307 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc)
311 for (i = 0; i < fsloc->locations_count; i++) {
312 kfree(fsloc->locations[i].path);
313 kfree(fsloc->locations[i].hosts);
315 kfree(fsloc->locations);
318 static void svc_export_put(struct kref *ref)
320 struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
321 path_put(&exp->ex_path);
322 auth_domain_put(exp->ex_client);
323 kfree(exp->ex_pathname);
324 nfsd4_fslocs_free(&exp->ex_fslocs);
328 static void svc_export_request(struct cache_detail *cd,
329 struct cache_head *h,
330 char **bpp, int *blen)
333 struct svc_export *exp = container_of(h, struct svc_export, h);
336 qword_add(bpp, blen, exp->ex_client->name);
337 pth = d_path(&exp->ex_path, *bpp, *blen);
339 /* is this correct? */
343 qword_add(bpp, blen, pth);
347 static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h)
349 return sunrpc_cache_pipe_upcall(cd, h, svc_export_request);
352 static struct svc_export *svc_export_update(struct svc_export *new,
353 struct svc_export *old);
354 static struct svc_export *svc_export_lookup(struct svc_export *);
356 static int check_export(struct inode *inode, int *flags, unsigned char *uuid)
360 * We currently export only dirs, regular files, and (for v4
361 * pseudoroot) symlinks.
363 if (!S_ISDIR(inode->i_mode) &&
364 !S_ISLNK(inode->i_mode) &&
365 !S_ISREG(inode->i_mode))
369 * Mountd should never pass down a writeable V4ROOT export, but,
372 if (*flags & NFSEXP_V4ROOT)
373 *flags |= NFSEXP_READONLY;
375 /* There are two requirements on a filesystem to be exportable.
376 * 1: We must be able to identify the filesystem from a number.
377 * either a device number (so FS_REQUIRES_DEV needed)
378 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
379 * 2: We must be able to find an inode from a filehandle.
380 * This means that s_export_op must be set.
382 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
383 !(*flags & NFSEXP_FSID) &&
385 dprintk("exp_export: export of non-dev fs without fsid\n");
389 if (!inode->i_sb->s_export_op ||
390 !inode->i_sb->s_export_op->fh_to_dentry) {
391 dprintk("exp_export: export of invalid fs type.\n");
399 #ifdef CONFIG_NFSD_V4
402 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc)
405 int migrated, i, err;
408 err = get_int(mesg, &fsloc->locations_count);
411 if (fsloc->locations_count > MAX_FS_LOCATIONS)
413 if (fsloc->locations_count == 0)
416 fsloc->locations = kzalloc(fsloc->locations_count
417 * sizeof(struct nfsd4_fs_location), GFP_KERNEL);
418 if (!fsloc->locations)
420 for (i=0; i < fsloc->locations_count; i++) {
421 /* colon separated host list */
423 len = qword_get(mesg, buf, PAGE_SIZE);
427 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL);
428 if (!fsloc->locations[i].hosts)
431 /* slash separated path component list */
432 len = qword_get(mesg, buf, PAGE_SIZE);
436 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL);
437 if (!fsloc->locations[i].path)
441 err = get_int(mesg, &migrated);
445 if (migrated < 0 || migrated > 1)
447 fsloc->migrated = migrated;
450 nfsd4_fslocs_free(fsloc);
454 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
457 struct exp_flavor_info *f;
459 err = get_int(mesg, &listsize);
462 if (listsize < 0 || listsize > MAX_SECINFO_LIST)
465 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
466 err = get_int(mesg, &f->pseudoflavor);
470 * XXX: It would be nice to also check whether this
471 * pseudoflavor is supported, so we can discover the
472 * problem at export time instead of when a client fails
475 err = get_int(mesg, &f->flags);
478 /* Only some flags are allowed to differ between flavors: */
479 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
482 exp->ex_nflavors = listsize;
486 #else /* CONFIG_NFSD_V4 */
488 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
490 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
493 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
495 /* client path expiry [flags anonuid anongid fsid] */
499 struct auth_domain *dom = NULL;
500 struct svc_export exp = {}, *expp;
503 if (mesg[mlen-1] != '\n')
507 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
513 len = qword_get(&mesg, buf, PAGE_SIZE);
518 dom = auth_domain_find(buf);
524 if ((len = qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
527 err = kern_path(buf, 0, &exp.ex_path);
534 exp.ex_pathname = kstrdup(buf, GFP_KERNEL);
535 if (!exp.ex_pathname)
540 exp.h.expiry_time = get_expiry(&mesg);
541 if (exp.h.expiry_time == 0)
545 err = get_int(&mesg, &an_int);
546 if (err == -ENOENT) {
548 set_bit(CACHE_NEGATIVE, &exp.h.flags);
550 if (err || an_int < 0)
552 exp.ex_flags= an_int;
555 err = get_int(&mesg, &an_int);
558 exp.ex_anon_uid= an_int;
561 err = get_int(&mesg, &an_int);
564 exp.ex_anon_gid= an_int;
567 err = get_int(&mesg, &an_int);
570 exp.ex_fsid = an_int;
572 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) {
573 if (strcmp(buf, "fsloc") == 0)
574 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs);
575 else if (strcmp(buf, "uuid") == 0) {
576 /* expect a 16 byte uuid encoded as \xXXXX... */
577 len = qword_get(&mesg, buf, PAGE_SIZE);
582 kmemdup(buf, 16, GFP_KERNEL);
583 if (exp.ex_uuid == NULL)
586 } else if (strcmp(buf, "secinfo") == 0)
587 err = secinfo_parse(&mesg, buf, &exp);
589 /* quietly ignore unknown words and anything
590 * following. Newer user-space can try to set
591 * new values, then see what the result was.
598 err = check_export(exp.ex_path.dentry->d_inode, &exp.ex_flags,
604 expp = svc_export_lookup(&exp);
606 expp = svc_export_update(&exp, expp);
615 nfsd4_fslocs_free(&exp.ex_fslocs);
618 kfree(exp.ex_pathname);
620 path_put(&exp.ex_path);
622 auth_domain_put(dom);
628 static void exp_flags(struct seq_file *m, int flag, int fsid,
629 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs);
630 static void show_secinfo(struct seq_file *m, struct svc_export *exp);
632 static int svc_export_show(struct seq_file *m,
633 struct cache_detail *cd,
634 struct cache_head *h)
636 struct svc_export *exp ;
639 seq_puts(m, "#path domain(flags)\n");
642 exp = container_of(h, struct svc_export, h);
643 seq_path(m, &exp->ex_path, " \t\n\\");
645 seq_escape(m, exp->ex_client->name, " \t\n\\");
647 if (test_bit(CACHE_VALID, &h->flags) &&
648 !test_bit(CACHE_NEGATIVE, &h->flags)) {
649 exp_flags(m, exp->ex_flags, exp->ex_fsid,
650 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs);
653 seq_puts(m, ",uuid=");
654 for (i=0; i<16; i++) {
657 seq_printf(m, "%02x", exp->ex_uuid[i]);
660 show_secinfo(m, exp);
665 static int svc_export_match(struct cache_head *a, struct cache_head *b)
667 struct svc_export *orig = container_of(a, struct svc_export, h);
668 struct svc_export *new = container_of(b, struct svc_export, h);
669 return orig->ex_client == new->ex_client &&
670 orig->ex_path.dentry == new->ex_path.dentry &&
671 orig->ex_path.mnt == new->ex_path.mnt;
674 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem)
676 struct svc_export *new = container_of(cnew, struct svc_export, h);
677 struct svc_export *item = container_of(citem, struct svc_export, h);
679 kref_get(&item->ex_client->ref);
680 new->ex_client = item->ex_client;
681 new->ex_path.dentry = dget(item->ex_path.dentry);
682 new->ex_path.mnt = mntget(item->ex_path.mnt);
683 new->ex_pathname = NULL;
684 new->ex_fslocs.locations = NULL;
685 new->ex_fslocs.locations_count = 0;
686 new->ex_fslocs.migrated = 0;
689 static void export_update(struct cache_head *cnew, struct cache_head *citem)
691 struct svc_export *new = container_of(cnew, struct svc_export, h);
692 struct svc_export *item = container_of(citem, struct svc_export, h);
695 new->ex_flags = item->ex_flags;
696 new->ex_anon_uid = item->ex_anon_uid;
697 new->ex_anon_gid = item->ex_anon_gid;
698 new->ex_fsid = item->ex_fsid;
699 new->ex_uuid = item->ex_uuid;
700 item->ex_uuid = NULL;
701 new->ex_pathname = item->ex_pathname;
702 item->ex_pathname = NULL;
703 new->ex_fslocs.locations = item->ex_fslocs.locations;
704 item->ex_fslocs.locations = NULL;
705 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count;
706 item->ex_fslocs.locations_count = 0;
707 new->ex_fslocs.migrated = item->ex_fslocs.migrated;
708 item->ex_fslocs.migrated = 0;
709 new->ex_nflavors = item->ex_nflavors;
710 for (i = 0; i < MAX_SECINFO_LIST; i++) {
711 new->ex_flavors[i] = item->ex_flavors[i];
715 static struct cache_head *svc_export_alloc(void)
717 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL);
724 struct cache_detail svc_export_cache = {
725 .owner = THIS_MODULE,
726 .hash_size = EXPORT_HASHMAX,
727 .hash_table = export_table,
728 .name = "nfsd.export",
729 .cache_put = svc_export_put,
730 .cache_upcall = svc_export_upcall,
731 .cache_parse = svc_export_parse,
732 .cache_show = svc_export_show,
733 .match = svc_export_match,
734 .init = svc_export_init,
735 .update = export_update,
736 .alloc = svc_export_alloc,
740 svc_export_hash(struct svc_export *exp)
744 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS);
745 hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS);
746 hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS);
750 static struct svc_export *
751 svc_export_lookup(struct svc_export *exp)
753 struct cache_head *ch;
754 int hash = svc_export_hash(exp);
756 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h,
759 return container_of(ch, struct svc_export, h);
764 static struct svc_export *
765 svc_export_update(struct svc_export *new, struct svc_export *old)
767 struct cache_head *ch;
768 int hash = svc_export_hash(old);
770 ch = sunrpc_cache_update(&svc_export_cache, &new->h,
774 return container_of(ch, struct svc_export, h);
780 static struct svc_expkey *
781 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp)
783 struct svc_expkey key, *ek;
787 return ERR_PTR(-ENOENT);
790 key.ek_fsidtype = fsid_type;
791 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
793 ek = svc_expkey_lookup(&key);
795 return ERR_PTR(-ENOMEM);
796 err = cache_check(&svc_expkey_cache, &ek->h, reqp);
802 #ifdef CONFIG_NFSD_DEPRECATED
803 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv,
804 struct svc_export *exp)
806 struct svc_expkey key, *ek;
809 key.ek_fsidtype = fsid_type;
810 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
811 key.ek_path = exp->ex_path;
812 key.h.expiry_time = NEVER;
815 ek = svc_expkey_lookup(&key);
817 ek = svc_expkey_update(&key,ek);
819 cache_put(&ek->h, &svc_expkey_cache);
826 * Find the client's export entry matching xdev/xino.
828 static inline struct svc_expkey *
829 exp_get_key(svc_client *clp, dev_t dev, ino_t ino)
833 if (old_valid_dev(dev)) {
834 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL);
835 return exp_find_key(clp, FSID_DEV, fsidv, NULL);
837 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL);
838 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL);
842 * Find the client's export entry matching fsid
844 static inline struct svc_expkey *
845 exp_get_fsid_key(svc_client *clp, int fsid)
849 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL);
851 return exp_find_key(clp, FSID_NUM, fsidv, NULL);
855 static svc_export *exp_get_by_name(svc_client *clp, const struct path *path,
856 struct cache_req *reqp)
858 struct svc_export *exp, key;
862 return ERR_PTR(-ENOENT);
867 exp = svc_export_lookup(&key);
869 return ERR_PTR(-ENOMEM);
870 err = cache_check(&svc_export_cache, &exp->h, reqp);
877 * Find the export entry for a given dentry.
879 static struct svc_export *exp_parent(svc_client *clp, struct path *path)
881 struct dentry *saved = dget(path->dentry);
882 svc_export *exp = exp_get_by_name(clp, path, NULL);
884 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
885 struct dentry *parent = dget_parent(path->dentry);
887 path->dentry = parent;
888 exp = exp_get_by_name(clp, path, NULL);
891 path->dentry = saved;
895 #ifdef CONFIG_NFSD_DEPRECATED
897 * Hashtable locking. Write locks are placed only by user processes
898 * wanting to modify export information.
899 * Write locking only done in this file. Read locking
903 static DECLARE_RWSEM(hash_sem);
908 down_read(&hash_sem);
914 down_write(&hash_sem);
924 exp_writeunlock(void)
930 /* hash_sem not needed once deprecated interface is removed */
931 void exp_readlock(void) {}
932 static inline void exp_writelock(void){}
933 void exp_readunlock(void) {}
934 static inline void exp_writeunlock(void){}
938 #ifdef CONFIG_NFSD_DEPRECATED
939 static void exp_do_unexport(svc_export *unexp);
940 static int exp_verify_string(char *cp, int max);
942 static void exp_fsid_unhash(struct svc_export *exp)
944 struct svc_expkey *ek;
946 if ((exp->ex_flags & NFSEXP_FSID) == 0)
949 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid);
951 sunrpc_invalidate(&ek->h, &svc_expkey_cache);
952 cache_put(&ek->h, &svc_expkey_cache);
956 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp)
960 if ((exp->ex_flags & NFSEXP_FSID) == 0)
963 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL);
964 return exp_set_key(clp, FSID_NUM, fsid, exp);
967 static int exp_hash(struct auth_domain *clp, struct svc_export *exp)
970 struct inode *inode = exp->ex_path.dentry->d_inode;
971 dev_t dev = inode->i_sb->s_dev;
973 if (old_valid_dev(dev)) {
974 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL);
975 return exp_set_key(clp, FSID_DEV, fsid, exp);
977 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL);
978 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp);
981 static void exp_unhash(struct svc_export *exp)
983 struct svc_expkey *ek;
984 struct inode *inode = exp->ex_path.dentry->d_inode;
986 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino);
988 sunrpc_invalidate(&ek->h, &svc_expkey_cache);
989 cache_put(&ek->h, &svc_expkey_cache);
994 * Export a file system.
997 exp_export(struct nfsctl_export *nxp)
1000 struct svc_export *exp = NULL;
1001 struct svc_export new;
1002 struct svc_expkey *fsid_key = NULL;
1006 /* Consistency check */
1008 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1009 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1012 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n",
1013 nxp->ex_client, nxp->ex_path,
1014 (unsigned)nxp->ex_dev, (long)nxp->ex_ino,
1017 /* Try to lock the export table for update */
1020 /* Look up client info */
1021 if (!(clp = auth_domain_find(nxp->ex_client)))
1025 /* Look up the dentry */
1026 err = kern_path(nxp->ex_path, 0, &path);
1031 exp = exp_get_by_name(clp, &path, NULL);
1033 memset(&new, 0, sizeof(new));
1035 /* must make sure there won't be an ex_fsid clash */
1036 if ((nxp->ex_flags & NFSEXP_FSID) &&
1037 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) &&
1038 fsid_key->ek_path.mnt &&
1039 (fsid_key->ek_path.mnt != path.mnt ||
1040 fsid_key->ek_path.dentry != path.dentry))
1044 /* just a flags/id/fsid update */
1046 exp_fsid_unhash(exp);
1047 exp->ex_flags = nxp->ex_flags;
1048 exp->ex_anon_uid = nxp->ex_anon_uid;
1049 exp->ex_anon_gid = nxp->ex_anon_gid;
1050 exp->ex_fsid = nxp->ex_dev;
1052 err = exp_fsid_hash(clp, exp);
1056 err = check_export(path.dentry->d_inode, &nxp->ex_flags, NULL);
1057 if (err) goto finish;
1061 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp);
1063 new.h.expiry_time = NEVER;
1065 new.ex_pathname = kstrdup(nxp->ex_path, GFP_KERNEL);
1066 if (!new.ex_pathname)
1068 new.ex_client = clp;
1070 new.ex_flags = nxp->ex_flags;
1071 new.ex_anon_uid = nxp->ex_anon_uid;
1072 new.ex_anon_gid = nxp->ex_anon_gid;
1073 new.ex_fsid = nxp->ex_dev;
1075 exp = svc_export_lookup(&new);
1077 exp = svc_export_update(&new, exp);
1082 if (exp_hash(clp, exp) ||
1083 exp_fsid_hash(clp, exp)) {
1084 /* failed to create at least one index */
1085 exp_do_unexport(exp);
1090 kfree(new.ex_pathname);
1091 if (!IS_ERR_OR_NULL(exp))
1093 if (!IS_ERR_OR_NULL(fsid_key))
1094 cache_put(&fsid_key->h, &svc_expkey_cache);
1097 auth_domain_put(clp);
1105 * Unexport a file system. The export entry has already
1106 * been removed from the client's list of exported fs's.
1109 exp_do_unexport(svc_export *unexp)
1111 sunrpc_invalidate(&unexp->h, &svc_export_cache);
1113 exp_fsid_unhash(unexp);
1121 exp_unexport(struct nfsctl_export *nxp)
1123 struct auth_domain *dom;
1128 /* Consistency check */
1129 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1130 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1136 dom = auth_domain_find(nxp->ex_client);
1138 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client);
1142 err = kern_path(nxp->ex_path, 0, &path);
1147 exp = exp_get_by_name(dom, &path, NULL);
1152 exp_do_unexport(exp);
1157 auth_domain_put(dom);
1163 #endif /* CONFIG_NFSD_DEPRECATED */
1166 * Obtain the root fh on behalf of a client.
1167 * This could be done in user space, but I feel that it adds some safety
1168 * since its harder to fool a kernel module than a user space program.
1171 exp_rootfh(svc_client *clp, char *name, struct knfsd_fh *f, int maxsize)
1173 struct svc_export *exp;
1175 struct inode *inode;
1180 /* NB: we probably ought to check that it's NUL-terminated */
1181 if (kern_path(name, 0, &path)) {
1182 printk("nfsd: exp_rootfh path not found %s", name);
1185 inode = path.dentry->d_inode;
1187 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1188 name, path.dentry, clp->name,
1189 inode->i_sb->s_id, inode->i_ino);
1190 exp = exp_parent(clp, &path);
1197 * fh must be initialized before calling fh_compose
1199 fh_init(&fh, maxsize);
1200 if (fh_compose(&fh, exp, path.dentry, NULL))
1204 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh));
1212 static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type,
1213 u32 *fsidv, struct cache_req *reqp)
1215 struct svc_export *exp;
1216 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp);
1218 return ERR_CAST(ek);
1220 exp = exp_get_by_name(clp, &ek->ek_path, reqp);
1221 cache_put(&ek->h, &svc_expkey_cache);
1224 return ERR_CAST(exp);
1228 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
1230 struct exp_flavor_info *f;
1231 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1233 /* legacy gss-only clients are always OK: */
1234 if (exp->ex_client == rqstp->rq_gssclient)
1236 /* ip-address based client; check sec= export option: */
1237 for (f = exp->ex_flavors; f < end; f++) {
1238 if (f->pseudoflavor == rqstp->rq_flavor)
1241 /* defaults in absence of sec= options: */
1242 if (exp->ex_nflavors == 0) {
1243 if (rqstp->rq_flavor == RPC_AUTH_NULL ||
1244 rqstp->rq_flavor == RPC_AUTH_UNIX)
1247 return nfserr_wrongsec;
1251 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1252 * auth_unix client) if it's available and has secinfo information;
1253 * otherwise, will try to use rq_gssclient.
1255 * Called from functions that handle requests; functions that do work on
1256 * behalf of mountd are passed a single client name to use, and should
1257 * use exp_get_by_name() or exp_find().
1260 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path)
1262 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1264 if (rqstp->rq_client == NULL)
1267 /* First try the auth_unix client: */
1268 exp = exp_get_by_name(rqstp->rq_client, path, &rqstp->rq_chandle);
1269 if (PTR_ERR(exp) == -ENOENT)
1273 /* If it has secinfo, assume there are no gss/... clients */
1274 if (exp->ex_nflavors > 0)
1277 /* Otherwise, try falling back on gss client */
1278 if (rqstp->rq_gssclient == NULL)
1280 gssexp = exp_get_by_name(rqstp->rq_gssclient, path, &rqstp->rq_chandle);
1281 if (PTR_ERR(gssexp) == -ENOENT)
1289 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
1291 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1293 if (rqstp->rq_client == NULL)
1296 /* First try the auth_unix client: */
1297 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
1298 if (PTR_ERR(exp) == -ENOENT)
1302 /* If it has secinfo, assume there are no gss/... clients */
1303 if (exp->ex_nflavors > 0)
1306 /* Otherwise, try falling back on gss client */
1307 if (rqstp->rq_gssclient == NULL)
1309 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
1310 &rqstp->rq_chandle);
1311 if (PTR_ERR(gssexp) == -ENOENT)
1319 rqst_exp_parent(struct svc_rqst *rqstp, struct path *path)
1321 struct dentry *saved = dget(path->dentry);
1322 struct svc_export *exp = rqst_exp_get_by_name(rqstp, path);
1324 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
1325 struct dentry *parent = dget_parent(path->dentry);
1327 path->dentry = parent;
1328 exp = rqst_exp_get_by_name(rqstp, path);
1331 path->dentry = saved;
1335 static struct svc_export *find_fsidzero_export(struct svc_rqst *rqstp)
1339 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
1341 return rqst_exp_find(rqstp, FSID_NUM, fsidv);
1345 * Called when we need the filehandle for the root of the pseudofs,
1346 * for a given NFSv4 client. The root is defined to be the
1347 * export point with fsid==0
1350 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1352 struct svc_export *exp;
1355 exp = find_fsidzero_export(rqstp);
1357 return nfserrno(PTR_ERR(exp));
1358 rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL);
1361 rv = check_nfsd_access(exp, rqstp);
1371 static void *e_start(struct seq_file *m, loff_t *pos)
1372 __acquires(svc_export_cache.hash_lock)
1375 unsigned hash, export;
1376 struct cache_head *ch;
1379 read_lock(&svc_export_cache.hash_lock);
1381 return SEQ_START_TOKEN;
1383 export = n & ((1LL<<32) - 1);
1386 for (ch=export_table[hash]; ch; ch=ch->next)
1389 n &= ~((1LL<<32) - 1);
1393 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL);
1394 if (hash >= EXPORT_HASHMAX)
1397 return export_table[hash];
1400 static void *e_next(struct seq_file *m, void *p, loff_t *pos)
1402 struct cache_head *ch = p;
1403 int hash = (*pos >> 32);
1405 if (p == SEQ_START_TOKEN)
1407 else if (ch->next == NULL) {
1414 *pos &= ~((1LL<<32) - 1);
1415 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) {
1419 if (hash >= EXPORT_HASHMAX)
1422 return export_table[hash];
1425 static void e_stop(struct seq_file *m, void *p)
1426 __releases(svc_export_cache.hash_lock)
1428 read_unlock(&svc_export_cache.hash_lock);
1432 static struct flags {
1436 { NFSEXP_READONLY, {"ro", "rw"}},
1437 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1438 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1439 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1440 { NFSEXP_ASYNC, {"async", "sync"}},
1441 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1442 { NFSEXP_NOHIDE, {"nohide", ""}},
1443 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1444 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1445 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1446 { NFSEXP_V4ROOT, {"v4root", ""}},
1448 { NFSEXP_MSNFS, {"msnfs", ""}},
1453 static void show_expflags(struct seq_file *m, int flags, int mask)
1456 int state, first = 0;
1458 for (flg = expflags; flg->flag; flg++) {
1459 if (flg->flag & ~mask)
1461 state = (flg->flag & flags) ? 0 : 1;
1462 if (*flg->name[state])
1463 seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
1467 static void show_secinfo_flags(struct seq_file *m, int flags)
1470 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
1473 static bool secinfo_flags_equal(int f, int g)
1475 f &= NFSEXP_SECINFO_FLAGS;
1476 g &= NFSEXP_SECINFO_FLAGS;
1480 static int show_secinfo_run(struct seq_file *m, struct exp_flavor_info **fp, struct exp_flavor_info *end)
1484 flags = (*fp)->flags;
1485 seq_printf(m, ",sec=%d", (*fp)->pseudoflavor);
1487 while (*fp != end && secinfo_flags_equal(flags, (*fp)->flags)) {
1488 seq_printf(m, ":%d", (*fp)->pseudoflavor);
1494 static void show_secinfo(struct seq_file *m, struct svc_export *exp)
1496 struct exp_flavor_info *f;
1497 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1500 if (exp->ex_nflavors == 0)
1502 f = exp->ex_flavors;
1503 flags = show_secinfo_run(m, &f, end);
1504 if (!secinfo_flags_equal(flags, exp->ex_flags))
1505 show_secinfo_flags(m, flags);
1507 flags = show_secinfo_run(m, &f, end);
1508 show_secinfo_flags(m, flags);
1512 static void exp_flags(struct seq_file *m, int flag, int fsid,
1513 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
1515 show_expflags(m, flag, NFSEXP_ALLFLAGS);
1516 if (flag & NFSEXP_FSID)
1517 seq_printf(m, ",fsid=%d", fsid);
1518 if (anonu != (uid_t)-2 && anonu != (0x10000-2))
1519 seq_printf(m, ",anonuid=%u", anonu);
1520 if (anong != (gid_t)-2 && anong != (0x10000-2))
1521 seq_printf(m, ",anongid=%u", anong);
1522 if (fsloc && fsloc->locations_count > 0) {
1523 char *loctype = (fsloc->migrated) ? "refer" : "replicas";
1526 seq_printf(m, ",%s=", loctype);
1527 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
1529 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");
1530 for (i = 1; i < fsloc->locations_count; i++) {
1532 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\");
1534 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\");
1539 static int e_show(struct seq_file *m, void *p)
1541 struct cache_head *cp = p;
1542 struct svc_export *exp = container_of(cp, struct svc_export, h);
1544 if (p == SEQ_START_TOKEN) {
1545 seq_puts(m, "# Version 1.1\n");
1546 seq_puts(m, "# Path Client(Flags) # IPs\n");
1551 if (cache_check(&svc_export_cache, &exp->h, NULL))
1553 cache_put(&exp->h, &svc_export_cache);
1554 return svc_export_show(m, &svc_export_cache, cp);
1557 const struct seq_operations nfs_exports_op = {
1564 #ifdef CONFIG_NFSD_DEPRECATED
1566 * Add or modify a client.
1567 * Change requests may involve the list of host addresses. The list of
1568 * exports and possibly existing uid maps are left untouched.
1571 exp_addclient(struct nfsctl_client *ncp)
1573 struct auth_domain *dom;
1575 struct in6_addr addr6;
1577 /* First, consistency check. */
1579 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1581 if (ncp->cl_naddr > NFSCLNT_ADDRMAX)
1584 /* Lock the hashtable */
1587 dom = unix_domain_find(ncp->cl_ident);
1593 /* Insert client into hashtable. */
1594 for (i = 0; i < ncp->cl_naddr; i++) {
1595 ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &addr6);
1596 auth_unix_add_addr(&init_net, &addr6, dom);
1598 auth_unix_forget_old(dom);
1599 auth_domain_put(dom);
1610 * Delete a client given an identifier.
1613 exp_delclient(struct nfsctl_client *ncp)
1616 struct auth_domain *dom;
1619 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1622 /* Lock the hashtable */
1625 dom = auth_domain_find(ncp->cl_ident);
1626 /* just make sure that no addresses work
1627 * and that it will expire soon
1630 err = auth_unix_forget_old(dom);
1631 auth_domain_put(dom);
1640 * Verify that string is non-empty and does not exceed max length.
1643 exp_verify_string(char *cp, int max)
1647 for (i = 0; i < max; i++)
1651 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp);
1654 #endif /* CONFIG_NFSD_DEPRECATED */
1657 * Initialize the exports module.
1660 nfsd_export_init(void)
1663 dprintk("nfsd: initializing export module.\n");
1665 rv = cache_register(&svc_export_cache);
1668 rv = cache_register(&svc_expkey_cache);
1670 cache_unregister(&svc_export_cache);
1676 * Flush exports table - called when last nfsd thread is killed
1679 nfsd_export_flush(void)
1682 cache_purge(&svc_expkey_cache);
1683 cache_purge(&svc_export_cache);
1688 * Shutdown the exports module.
1691 nfsd_export_shutdown(void)
1694 dprintk("nfsd: shutting down export module.\n");
1698 cache_unregister(&svc_expkey_cache);
1699 cache_unregister(&svc_export_cache);
1700 svcauth_unix_purge();
1703 dprintk("nfsd: export shutdown complete.\n");
projects / linux.git / blob