1 #define MSNFS /* HACK HACK */
3 * linux/fs/nfsd/export.c
5 * NFS exporting and validation.
7 * We maintain a list of clients, each of which has a list of
8 * exports. To export an fs to a given client, you first have
9 * to create the client entry with NFSCTL_ADDCLIENT, which
10 * creates a client control block and adds it to the hash
11 * table. Then, you call NFSCTL_EXPORT for each fs.
14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de>
17 #include <linux/namei.h>
18 #include <linux/module.h>
19 #include <linux/exportfs.h>
21 #include <linux/nfsd/syscall.h>
26 #define NFSDDBG_FACILITY NFSDDBG_EXPORT
28 typedef struct auth_domain svc_client;
29 typedef struct svc_export svc_export;
31 static void exp_do_unexport(svc_export *unexp);
32 static int exp_verify_string(char *cp, int max);
36 * One maps client+vfsmnt+dentry to export options - the export map
37 * The other maps client+filehandle-fragment to export options. - the expkey map
39 * The export options are actually stored in the first map, and the
40 * second map contains a reference to the entry in the first map.
43 #define EXPKEY_HASHBITS 8
44 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
45 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
46 static struct cache_head *expkey_table[EXPKEY_HASHMAX];
48 static void expkey_put(struct kref *ref)
50 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
52 if (test_bit(CACHE_VALID, &key->h.flags) &&
53 !test_bit(CACHE_NEGATIVE, &key->h.flags))
54 path_put(&key->ek_path);
55 auth_domain_put(key->ek_client);
59 static void expkey_request(struct cache_detail *cd,
61 char **bpp, int *blen)
63 /* client fsidtype \xfsid */
64 struct svc_expkey *ek = container_of(h, struct svc_expkey, h);
67 qword_add(bpp, blen, ek->ek_client->name);
68 snprintf(type, 5, "%d", ek->ek_fsidtype);
69 qword_add(bpp, blen, type);
70 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype));
74 static int expkey_upcall(struct cache_detail *cd, struct cache_head *h)
76 return sunrpc_cache_pipe_upcall(cd, h, expkey_request);
79 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old);
80 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *);
81 static struct cache_detail svc_expkey_cache;
83 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen)
85 /* client fsidtype fsid [path] */
88 struct auth_domain *dom = NULL;
92 struct svc_expkey key;
93 struct svc_expkey *ek = NULL;
95 if (mesg[mlen-1] != '\n')
99 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
105 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
109 dom = auth_domain_find(buf);
112 dprintk("found domain %s\n", buf);
115 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
117 fsidtype = simple_strtoul(buf, &ep, 10);
120 dprintk("found fsidtype %d\n", fsidtype);
121 if (key_len(fsidtype)==0) /* invalid type */
123 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
125 dprintk("found fsid length %d\n", len);
126 if (len != key_len(fsidtype))
129 /* OK, we seem to have a valid key */
131 key.h.expiry_time = get_expiry(&mesg);
132 if (key.h.expiry_time == 0)
136 key.ek_fsidtype = fsidtype;
137 memcpy(key.ek_fsid, buf, len);
139 ek = svc_expkey_lookup(&key);
144 /* now we want a pathname, or empty meaning NEGATIVE */
146 len = qword_get(&mesg, buf, PAGE_SIZE);
149 dprintk("Path seems to be <%s>\n", buf);
152 set_bit(CACHE_NEGATIVE, &key.h.flags);
153 ek = svc_expkey_update(&key, ek);
157 err = kern_path(buf, 0, &key.ek_path);
161 dprintk("Found the path %s\n", buf);
163 ek = svc_expkey_update(&key, ek);
166 path_put(&key.ek_path);
171 cache_put(&ek->h, &svc_expkey_cache);
173 auth_domain_put(dom);
178 static int expkey_show(struct seq_file *m,
179 struct cache_detail *cd,
180 struct cache_head *h)
182 struct svc_expkey *ek ;
186 seq_puts(m, "#domain fsidtype fsid [path]\n");
189 ek = container_of(h, struct svc_expkey, h);
190 seq_printf(m, "%s %d 0x", ek->ek_client->name,
192 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++)
193 seq_printf(m, "%08x", ek->ek_fsid[i]);
194 if (test_bit(CACHE_VALID, &h->flags) &&
195 !test_bit(CACHE_NEGATIVE, &h->flags)) {
197 seq_path(m, &ek->ek_path, "\\ \t\n");
203 static inline int expkey_match (struct cache_head *a, struct cache_head *b)
205 struct svc_expkey *orig = container_of(a, struct svc_expkey, h);
206 struct svc_expkey *new = container_of(b, struct svc_expkey, h);
208 if (orig->ek_fsidtype != new->ek_fsidtype ||
209 orig->ek_client != new->ek_client ||
210 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0)
215 static inline void expkey_init(struct cache_head *cnew,
216 struct cache_head *citem)
218 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
219 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
221 kref_get(&item->ek_client->ref);
222 new->ek_client = item->ek_client;
223 new->ek_fsidtype = item->ek_fsidtype;
225 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid));
228 static inline void expkey_update(struct cache_head *cnew,
229 struct cache_head *citem)
231 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
232 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
234 new->ek_path = item->ek_path;
235 path_get(&item->ek_path);
238 static struct cache_head *expkey_alloc(void)
240 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL);
247 static struct cache_detail svc_expkey_cache = {
248 .owner = THIS_MODULE,
249 .hash_size = EXPKEY_HASHMAX,
250 .hash_table = expkey_table,
252 .cache_put = expkey_put,
253 .cache_upcall = expkey_upcall,
254 .cache_parse = expkey_parse,
255 .cache_show = expkey_show,
256 .match = expkey_match,
258 .update = expkey_update,
259 .alloc = expkey_alloc,
262 static struct svc_expkey *
263 svc_expkey_lookup(struct svc_expkey *item)
265 struct cache_head *ch;
266 int hash = item->ek_fsidtype;
267 char * cp = (char*)item->ek_fsid;
268 int len = key_len(item->ek_fsidtype);
270 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
271 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS);
272 hash &= EXPKEY_HASHMASK;
274 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h,
277 return container_of(ch, struct svc_expkey, h);
282 static struct svc_expkey *
283 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old)
285 struct cache_head *ch;
286 int hash = new->ek_fsidtype;
287 char * cp = (char*)new->ek_fsid;
288 int len = key_len(new->ek_fsidtype);
290 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
291 hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS);
292 hash &= EXPKEY_HASHMASK;
294 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h,
297 return container_of(ch, struct svc_expkey, h);
303 #define EXPORT_HASHBITS 8
304 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
305 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1)
307 static struct cache_head *export_table[EXPORT_HASHMAX];
309 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc)
313 for (i = 0; i < fsloc->locations_count; i++) {
314 kfree(fsloc->locations[i].path);
315 kfree(fsloc->locations[i].hosts);
317 kfree(fsloc->locations);
320 static void svc_export_put(struct kref *ref)
322 struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
323 path_put(&exp->ex_path);
324 auth_domain_put(exp->ex_client);
325 kfree(exp->ex_pathname);
326 nfsd4_fslocs_free(&exp->ex_fslocs);
330 static void svc_export_request(struct cache_detail *cd,
331 struct cache_head *h,
332 char **bpp, int *blen)
335 struct svc_export *exp = container_of(h, struct svc_export, h);
338 qword_add(bpp, blen, exp->ex_client->name);
339 pth = d_path(&exp->ex_path, *bpp, *blen);
341 /* is this correct? */
345 qword_add(bpp, blen, pth);
349 static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h)
351 return sunrpc_cache_pipe_upcall(cd, h, svc_export_request);
354 static struct svc_export *svc_export_update(struct svc_export *new,
355 struct svc_export *old);
356 static struct svc_export *svc_export_lookup(struct svc_export *);
358 static int check_export(struct inode *inode, int flags, unsigned char *uuid)
361 /* We currently export only dirs and regular files.
362 * This is what umountd does.
364 if (!S_ISDIR(inode->i_mode) &&
365 !S_ISREG(inode->i_mode))
368 /* There are two requirements on a filesystem to be exportable.
369 * 1: We must be able to identify the filesystem from a number.
370 * either a device number (so FS_REQUIRES_DEV needed)
371 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
372 * 2: We must be able to find an inode from a filehandle.
373 * This means that s_export_op must be set.
375 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
376 !(flags & NFSEXP_FSID) &&
378 dprintk("exp_export: export of non-dev fs without fsid\n");
382 if (!inode->i_sb->s_export_op ||
383 !inode->i_sb->s_export_op->fh_to_dentry) {
384 dprintk("exp_export: export of invalid fs type.\n");
392 #ifdef CONFIG_NFSD_V4
395 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc)
398 int migrated, i, err;
401 err = get_int(mesg, &fsloc->locations_count);
404 if (fsloc->locations_count > MAX_FS_LOCATIONS)
406 if (fsloc->locations_count == 0)
409 fsloc->locations = kzalloc(fsloc->locations_count
410 * sizeof(struct nfsd4_fs_location), GFP_KERNEL);
411 if (!fsloc->locations)
413 for (i=0; i < fsloc->locations_count; i++) {
414 /* colon separated host list */
416 len = qword_get(mesg, buf, PAGE_SIZE);
420 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL);
421 if (!fsloc->locations[i].hosts)
424 /* slash separated path component list */
425 len = qword_get(mesg, buf, PAGE_SIZE);
429 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL);
430 if (!fsloc->locations[i].path)
434 err = get_int(mesg, &migrated);
438 if (migrated < 0 || migrated > 1)
440 fsloc->migrated = migrated;
443 nfsd4_fslocs_free(fsloc);
447 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
450 struct exp_flavor_info *f;
452 err = get_int(mesg, &listsize);
455 if (listsize < 0 || listsize > MAX_SECINFO_LIST)
458 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
459 err = get_int(mesg, &f->pseudoflavor);
463 * XXX: It would be nice to also check whether this
464 * pseudoflavor is supported, so we can discover the
465 * problem at export time instead of when a client fails
468 err = get_int(mesg, &f->flags);
471 /* Only some flags are allowed to differ between flavors: */
472 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
475 exp->ex_nflavors = listsize;
479 #else /* CONFIG_NFSD_V4 */
481 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
483 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
486 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
488 /* client path expiry [flags anonuid anongid fsid] */
492 struct auth_domain *dom = NULL;
493 struct svc_export exp = {}, *expp;
496 if (mesg[mlen-1] != '\n')
500 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
506 len = qword_get(&mesg, buf, PAGE_SIZE);
511 dom = auth_domain_find(buf);
517 if ((len = qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
520 err = kern_path(buf, 0, &exp.ex_path);
527 exp.ex_pathname = kstrdup(buf, GFP_KERNEL);
528 if (!exp.ex_pathname)
533 exp.h.expiry_time = get_expiry(&mesg);
534 if (exp.h.expiry_time == 0)
538 err = get_int(&mesg, &an_int);
539 if (err == -ENOENT) {
541 set_bit(CACHE_NEGATIVE, &exp.h.flags);
543 if (err || an_int < 0)
545 exp.ex_flags= an_int;
548 err = get_int(&mesg, &an_int);
551 exp.ex_anon_uid= an_int;
554 err = get_int(&mesg, &an_int);
557 exp.ex_anon_gid= an_int;
560 err = get_int(&mesg, &an_int);
563 exp.ex_fsid = an_int;
565 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) {
566 if (strcmp(buf, "fsloc") == 0)
567 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs);
568 else if (strcmp(buf, "uuid") == 0) {
569 /* expect a 16 byte uuid encoded as \xXXXX... */
570 len = qword_get(&mesg, buf, PAGE_SIZE);
575 kmemdup(buf, 16, GFP_KERNEL);
576 if (exp.ex_uuid == NULL)
579 } else if (strcmp(buf, "secinfo") == 0)
580 err = secinfo_parse(&mesg, buf, &exp);
582 /* quietly ignore unknown words and anything
583 * following. Newer user-space can try to set
584 * new values, then see what the result was.
591 err = check_export(exp.ex_path.dentry->d_inode, exp.ex_flags,
597 expp = svc_export_lookup(&exp);
599 expp = svc_export_update(&exp, expp);
608 nfsd4_fslocs_free(&exp.ex_fslocs);
611 kfree(exp.ex_pathname);
613 path_put(&exp.ex_path);
615 auth_domain_put(dom);
621 static void exp_flags(struct seq_file *m, int flag, int fsid,
622 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs);
623 static void show_secinfo(struct seq_file *m, struct svc_export *exp);
625 static int svc_export_show(struct seq_file *m,
626 struct cache_detail *cd,
627 struct cache_head *h)
629 struct svc_export *exp ;
632 seq_puts(m, "#path domain(flags)\n");
635 exp = container_of(h, struct svc_export, h);
636 seq_path(m, &exp->ex_path, " \t\n\\");
638 seq_escape(m, exp->ex_client->name, " \t\n\\");
640 if (test_bit(CACHE_VALID, &h->flags) &&
641 !test_bit(CACHE_NEGATIVE, &h->flags)) {
642 exp_flags(m, exp->ex_flags, exp->ex_fsid,
643 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs);
646 seq_puts(m, ",uuid=");
647 for (i=0; i<16; i++) {
650 seq_printf(m, "%02x", exp->ex_uuid[i]);
653 show_secinfo(m, exp);
658 static int svc_export_match(struct cache_head *a, struct cache_head *b)
660 struct svc_export *orig = container_of(a, struct svc_export, h);
661 struct svc_export *new = container_of(b, struct svc_export, h);
662 return orig->ex_client == new->ex_client &&
663 orig->ex_path.dentry == new->ex_path.dentry &&
664 orig->ex_path.mnt == new->ex_path.mnt;
667 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem)
669 struct svc_export *new = container_of(cnew, struct svc_export, h);
670 struct svc_export *item = container_of(citem, struct svc_export, h);
672 kref_get(&item->ex_client->ref);
673 new->ex_client = item->ex_client;
674 new->ex_path.dentry = dget(item->ex_path.dentry);
675 new->ex_path.mnt = mntget(item->ex_path.mnt);
676 new->ex_pathname = NULL;
677 new->ex_fslocs.locations = NULL;
678 new->ex_fslocs.locations_count = 0;
679 new->ex_fslocs.migrated = 0;
682 static void export_update(struct cache_head *cnew, struct cache_head *citem)
684 struct svc_export *new = container_of(cnew, struct svc_export, h);
685 struct svc_export *item = container_of(citem, struct svc_export, h);
688 new->ex_flags = item->ex_flags;
689 new->ex_anon_uid = item->ex_anon_uid;
690 new->ex_anon_gid = item->ex_anon_gid;
691 new->ex_fsid = item->ex_fsid;
692 new->ex_uuid = item->ex_uuid;
693 item->ex_uuid = NULL;
694 new->ex_pathname = item->ex_pathname;
695 item->ex_pathname = NULL;
696 new->ex_fslocs.locations = item->ex_fslocs.locations;
697 item->ex_fslocs.locations = NULL;
698 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count;
699 item->ex_fslocs.locations_count = 0;
700 new->ex_fslocs.migrated = item->ex_fslocs.migrated;
701 item->ex_fslocs.migrated = 0;
702 new->ex_nflavors = item->ex_nflavors;
703 for (i = 0; i < MAX_SECINFO_LIST; i++) {
704 new->ex_flavors[i] = item->ex_flavors[i];
708 static struct cache_head *svc_export_alloc(void)
710 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL);
717 struct cache_detail svc_export_cache = {
718 .owner = THIS_MODULE,
719 .hash_size = EXPORT_HASHMAX,
720 .hash_table = export_table,
721 .name = "nfsd.export",
722 .cache_put = svc_export_put,
723 .cache_upcall = svc_export_upcall,
724 .cache_parse = svc_export_parse,
725 .cache_show = svc_export_show,
726 .match = svc_export_match,
727 .init = svc_export_init,
728 .update = export_update,
729 .alloc = svc_export_alloc,
732 static struct svc_export *
733 svc_export_lookup(struct svc_export *exp)
735 struct cache_head *ch;
737 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS);
738 hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS);
739 hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS);
741 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h,
744 return container_of(ch, struct svc_export, h);
749 static struct svc_export *
750 svc_export_update(struct svc_export *new, struct svc_export *old)
752 struct cache_head *ch;
754 hash = hash_ptr(old->ex_client, EXPORT_HASHBITS);
755 hash ^= hash_ptr(old->ex_path.dentry, EXPORT_HASHBITS);
756 hash ^= hash_ptr(old->ex_path.mnt, EXPORT_HASHBITS);
758 ch = sunrpc_cache_update(&svc_export_cache, &new->h,
762 return container_of(ch, struct svc_export, h);
768 static struct svc_expkey *
769 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp)
771 struct svc_expkey key, *ek;
775 return ERR_PTR(-ENOENT);
778 key.ek_fsidtype = fsid_type;
779 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
781 ek = svc_expkey_lookup(&key);
783 return ERR_PTR(-ENOMEM);
784 err = cache_check(&svc_expkey_cache, &ek->h, reqp);
790 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv,
791 struct svc_export *exp)
793 struct svc_expkey key, *ek;
796 key.ek_fsidtype = fsid_type;
797 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
798 key.ek_path = exp->ex_path;
799 key.h.expiry_time = NEVER;
802 ek = svc_expkey_lookup(&key);
804 ek = svc_expkey_update(&key,ek);
806 cache_put(&ek->h, &svc_expkey_cache);
813 * Find the client's export entry matching xdev/xino.
815 static inline struct svc_expkey *
816 exp_get_key(svc_client *clp, dev_t dev, ino_t ino)
820 if (old_valid_dev(dev)) {
821 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL);
822 return exp_find_key(clp, FSID_DEV, fsidv, NULL);
824 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL);
825 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL);
829 * Find the client's export entry matching fsid
831 static inline struct svc_expkey *
832 exp_get_fsid_key(svc_client *clp, int fsid)
836 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL);
838 return exp_find_key(clp, FSID_NUM, fsidv, NULL);
841 static svc_export *exp_get_by_name(svc_client *clp, const struct path *path,
842 struct cache_req *reqp)
844 struct svc_export *exp, key;
848 return ERR_PTR(-ENOENT);
853 exp = svc_export_lookup(&key);
855 return ERR_PTR(-ENOMEM);
856 err = cache_check(&svc_export_cache, &exp->h, reqp);
863 * Find the export entry for a given dentry.
865 static struct svc_export *exp_parent(svc_client *clp, struct path *path)
867 struct dentry *saved = dget(path->dentry);
868 svc_export *exp = exp_get_by_name(clp, path, NULL);
870 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
871 struct dentry *parent = dget_parent(path->dentry);
873 path->dentry = parent;
874 exp = exp_get_by_name(clp, path, NULL);
877 path->dentry = saved;
882 * Hashtable locking. Write locks are placed only by user processes
883 * wanting to modify export information.
884 * Write locking only done in this file. Read locking
888 static DECLARE_RWSEM(hash_sem);
893 down_read(&hash_sem);
899 down_write(&hash_sem);
909 exp_writeunlock(void)
914 static void exp_fsid_unhash(struct svc_export *exp)
916 struct svc_expkey *ek;
918 if ((exp->ex_flags & NFSEXP_FSID) == 0)
921 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid);
923 ek->h.expiry_time = get_seconds()-1;
924 cache_put(&ek->h, &svc_expkey_cache);
926 svc_expkey_cache.nextcheck = get_seconds();
929 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp)
933 if ((exp->ex_flags & NFSEXP_FSID) == 0)
936 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL);
937 return exp_set_key(clp, FSID_NUM, fsid, exp);
940 static int exp_hash(struct auth_domain *clp, struct svc_export *exp)
943 struct inode *inode = exp->ex_path.dentry->d_inode;
944 dev_t dev = inode->i_sb->s_dev;
946 if (old_valid_dev(dev)) {
947 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL);
948 return exp_set_key(clp, FSID_DEV, fsid, exp);
950 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL);
951 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp);
954 static void exp_unhash(struct svc_export *exp)
956 struct svc_expkey *ek;
957 struct inode *inode = exp->ex_path.dentry->d_inode;
959 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino);
961 ek->h.expiry_time = get_seconds()-1;
962 cache_put(&ek->h, &svc_expkey_cache);
964 svc_expkey_cache.nextcheck = get_seconds();
968 * Export a file system.
971 exp_export(struct nfsctl_export *nxp)
974 struct svc_export *exp = NULL;
975 struct svc_export new;
976 struct svc_expkey *fsid_key = NULL;
980 /* Consistency check */
982 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
983 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
986 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n",
987 nxp->ex_client, nxp->ex_path,
988 (unsigned)nxp->ex_dev, (long)nxp->ex_ino,
991 /* Try to lock the export table for update */
994 /* Look up client info */
995 if (!(clp = auth_domain_find(nxp->ex_client)))
999 /* Look up the dentry */
1000 err = kern_path(nxp->ex_path, 0, &path);
1005 exp = exp_get_by_name(clp, &path, NULL);
1007 memset(&new, 0, sizeof(new));
1009 /* must make sure there won't be an ex_fsid clash */
1010 if ((nxp->ex_flags & NFSEXP_FSID) &&
1011 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) &&
1012 fsid_key->ek_path.mnt &&
1013 (fsid_key->ek_path.mnt != path.mnt ||
1014 fsid_key->ek_path.dentry != path.dentry))
1018 /* just a flags/id/fsid update */
1020 exp_fsid_unhash(exp);
1021 exp->ex_flags = nxp->ex_flags;
1022 exp->ex_anon_uid = nxp->ex_anon_uid;
1023 exp->ex_anon_gid = nxp->ex_anon_gid;
1024 exp->ex_fsid = nxp->ex_dev;
1026 err = exp_fsid_hash(clp, exp);
1030 err = check_export(path.dentry->d_inode, nxp->ex_flags, NULL);
1031 if (err) goto finish;
1035 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp);
1037 new.h.expiry_time = NEVER;
1039 new.ex_pathname = kstrdup(nxp->ex_path, GFP_KERNEL);
1040 if (!new.ex_pathname)
1042 new.ex_client = clp;
1044 new.ex_flags = nxp->ex_flags;
1045 new.ex_anon_uid = nxp->ex_anon_uid;
1046 new.ex_anon_gid = nxp->ex_anon_gid;
1047 new.ex_fsid = nxp->ex_dev;
1049 exp = svc_export_lookup(&new);
1051 exp = svc_export_update(&new, exp);
1056 if (exp_hash(clp, exp) ||
1057 exp_fsid_hash(clp, exp)) {
1058 /* failed to create at least one index */
1059 exp_do_unexport(exp);
1064 kfree(new.ex_pathname);
1067 if (fsid_key && !IS_ERR(fsid_key))
1068 cache_put(&fsid_key->h, &svc_expkey_cache);
1071 auth_domain_put(clp);
1079 * Unexport a file system. The export entry has already
1080 * been removed from the client's list of exported fs's.
1083 exp_do_unexport(svc_export *unexp)
1085 unexp->h.expiry_time = get_seconds()-1;
1086 svc_export_cache.nextcheck = get_seconds();
1088 exp_fsid_unhash(unexp);
1096 exp_unexport(struct nfsctl_export *nxp)
1098 struct auth_domain *dom;
1103 /* Consistency check */
1104 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1105 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1111 dom = auth_domain_find(nxp->ex_client);
1113 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client);
1117 err = kern_path(nxp->ex_path, 0, &path);
1122 exp = exp_get_by_name(dom, &path, NULL);
1127 exp_do_unexport(exp);
1132 auth_domain_put(dom);
1140 * Obtain the root fh on behalf of a client.
1141 * This could be done in user space, but I feel that it adds some safety
1142 * since its harder to fool a kernel module than a user space program.
1145 exp_rootfh(svc_client *clp, char *name, struct knfsd_fh *f, int maxsize)
1147 struct svc_export *exp;
1149 struct inode *inode;
1154 /* NB: we probably ought to check that it's NUL-terminated */
1155 if (kern_path(name, 0, &path)) {
1156 printk("nfsd: exp_rootfh path not found %s", name);
1159 inode = path.dentry->d_inode;
1161 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1162 name, path.dentry, clp->name,
1163 inode->i_sb->s_id, inode->i_ino);
1164 exp = exp_parent(clp, &path);
1171 * fh must be initialized before calling fh_compose
1173 fh_init(&fh, maxsize);
1174 if (fh_compose(&fh, exp, path.dentry, NULL))
1178 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh));
1186 static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type,
1187 u32 *fsidv, struct cache_req *reqp)
1189 struct svc_export *exp;
1190 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp);
1192 return ERR_CAST(ek);
1194 exp = exp_get_by_name(clp, &ek->ek_path, reqp);
1195 cache_put(&ek->h, &svc_expkey_cache);
1198 return ERR_CAST(exp);
1202 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
1204 struct exp_flavor_info *f;
1205 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1207 /* legacy gss-only clients are always OK: */
1208 if (exp->ex_client == rqstp->rq_gssclient)
1210 /* ip-address based client; check sec= export option: */
1211 for (f = exp->ex_flavors; f < end; f++) {
1212 if (f->pseudoflavor == rqstp->rq_flavor)
1215 /* defaults in absence of sec= options: */
1216 if (exp->ex_nflavors == 0) {
1217 if (rqstp->rq_flavor == RPC_AUTH_NULL ||
1218 rqstp->rq_flavor == RPC_AUTH_UNIX)
1221 return nfserr_wrongsec;
1225 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1226 * auth_unix client) if it's available and has secinfo information;
1227 * otherwise, will try to use rq_gssclient.
1229 * Called from functions that handle requests; functions that do work on
1230 * behalf of mountd are passed a single client name to use, and should
1231 * use exp_get_by_name() or exp_find().
1234 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path)
1236 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1238 if (rqstp->rq_client == NULL)
1241 /* First try the auth_unix client: */
1242 exp = exp_get_by_name(rqstp->rq_client, path, &rqstp->rq_chandle);
1243 if (PTR_ERR(exp) == -ENOENT)
1247 /* If it has secinfo, assume there are no gss/... clients */
1248 if (exp->ex_nflavors > 0)
1251 /* Otherwise, try falling back on gss client */
1252 if (rqstp->rq_gssclient == NULL)
1254 gssexp = exp_get_by_name(rqstp->rq_gssclient, path, &rqstp->rq_chandle);
1255 if (PTR_ERR(gssexp) == -ENOENT)
1263 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
1265 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1267 if (rqstp->rq_client == NULL)
1270 /* First try the auth_unix client: */
1271 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
1272 if (PTR_ERR(exp) == -ENOENT)
1276 /* If it has secinfo, assume there are no gss/... clients */
1277 if (exp->ex_nflavors > 0)
1280 /* Otherwise, try falling back on gss client */
1281 if (rqstp->rq_gssclient == NULL)
1283 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
1284 &rqstp->rq_chandle);
1285 if (PTR_ERR(gssexp) == -ENOENT)
1293 rqst_exp_parent(struct svc_rqst *rqstp, struct path *path)
1295 struct dentry *saved = dget(path->dentry);
1296 struct svc_export *exp = rqst_exp_get_by_name(rqstp, path);
1298 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) {
1299 struct dentry *parent = dget_parent(path->dentry);
1301 path->dentry = parent;
1302 exp = rqst_exp_get_by_name(rqstp, path);
1305 path->dentry = saved;
1309 static struct svc_export *find_fsidzero_export(struct svc_rqst *rqstp)
1311 struct svc_export *exp;
1314 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
1316 exp = rqst_exp_find(rqstp, FSID_NUM, fsidv);
1318 * We shouldn't have accepting an nfsv4 request at all if we
1319 * don't have a pseudoexport!:
1321 if (IS_ERR(exp) && PTR_ERR(exp) == -ENOENT)
1322 exp = ERR_PTR(-ESERVERFAULT);
1327 * Called when we need the filehandle for the root of the pseudofs,
1328 * for a given NFSv4 client. The root is defined to be the
1329 * export point with fsid==0
1332 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1334 struct svc_export *exp;
1337 exp = find_fsidzero_export(rqstp);
1339 return nfserrno(PTR_ERR(exp));
1340 rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL);
1343 rv = check_nfsd_access(exp, rqstp);
1353 static void *e_start(struct seq_file *m, loff_t *pos)
1354 __acquires(svc_export_cache.hash_lock)
1357 unsigned hash, export;
1358 struct cache_head *ch;
1361 read_lock(&svc_export_cache.hash_lock);
1363 return SEQ_START_TOKEN;
1365 export = n & ((1LL<<32) - 1);
1368 for (ch=export_table[hash]; ch; ch=ch->next)
1371 n &= ~((1LL<<32) - 1);
1375 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL);
1376 if (hash >= EXPORT_HASHMAX)
1379 return export_table[hash];
1382 static void *e_next(struct seq_file *m, void *p, loff_t *pos)
1384 struct cache_head *ch = p;
1385 int hash = (*pos >> 32);
1387 if (p == SEQ_START_TOKEN)
1389 else if (ch->next == NULL) {
1396 *pos &= ~((1LL<<32) - 1);
1397 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) {
1401 if (hash >= EXPORT_HASHMAX)
1404 return export_table[hash];
1407 static void e_stop(struct seq_file *m, void *p)
1408 __releases(svc_export_cache.hash_lock)
1410 read_unlock(&svc_export_cache.hash_lock);
1414 static struct flags {
1418 { NFSEXP_READONLY, {"ro", "rw"}},
1419 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1420 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1421 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1422 { NFSEXP_ASYNC, {"async", "sync"}},
1423 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1424 { NFSEXP_NOHIDE, {"nohide", ""}},
1425 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1426 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1427 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1429 { NFSEXP_MSNFS, {"msnfs", ""}},
1434 static void show_expflags(struct seq_file *m, int flags, int mask)
1437 int state, first = 0;
1439 for (flg = expflags; flg->flag; flg++) {
1440 if (flg->flag & ~mask)
1442 state = (flg->flag & flags) ? 0 : 1;
1443 if (*flg->name[state])
1444 seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
1448 static void show_secinfo_flags(struct seq_file *m, int flags)
1451 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
1454 static void show_secinfo(struct seq_file *m, struct svc_export *exp)
1456 struct exp_flavor_info *f;
1457 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1458 int lastflags = 0, first = 0;
1460 if (exp->ex_nflavors == 0)
1462 for (f = exp->ex_flavors; f < end; f++) {
1463 if (first || f->flags != lastflags) {
1465 show_secinfo_flags(m, lastflags);
1466 seq_printf(m, ",sec=%d", f->pseudoflavor);
1467 lastflags = f->flags;
1469 seq_printf(m, ":%d", f->pseudoflavor);
1472 show_secinfo_flags(m, lastflags);
1475 static void exp_flags(struct seq_file *m, int flag, int fsid,
1476 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
1478 show_expflags(m, flag, NFSEXP_ALLFLAGS);
1479 if (flag & NFSEXP_FSID)
1480 seq_printf(m, ",fsid=%d", fsid);
1481 if (anonu != (uid_t)-2 && anonu != (0x10000-2))
1482 seq_printf(m, ",anonuid=%u", anonu);
1483 if (anong != (gid_t)-2 && anong != (0x10000-2))
1484 seq_printf(m, ",anongid=%u", anong);
1485 if (fsloc && fsloc->locations_count > 0) {
1486 char *loctype = (fsloc->migrated) ? "refer" : "replicas";
1489 seq_printf(m, ",%s=", loctype);
1490 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
1492 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");
1493 for (i = 1; i < fsloc->locations_count; i++) {
1495 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\");
1497 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\");
1502 static int e_show(struct seq_file *m, void *p)
1504 struct cache_head *cp = p;
1505 struct svc_export *exp = container_of(cp, struct svc_export, h);
1507 if (p == SEQ_START_TOKEN) {
1508 seq_puts(m, "# Version 1.1\n");
1509 seq_puts(m, "# Path Client(Flags) # IPs\n");
1514 if (cache_check(&svc_export_cache, &exp->h, NULL))
1516 cache_put(&exp->h, &svc_export_cache);
1517 return svc_export_show(m, &svc_export_cache, cp);
1520 const struct seq_operations nfs_exports_op = {
1528 * Add or modify a client.
1529 * Change requests may involve the list of host addresses. The list of
1530 * exports and possibly existing uid maps are left untouched.
1533 exp_addclient(struct nfsctl_client *ncp)
1535 struct auth_domain *dom;
1537 struct in6_addr addr6;
1539 /* First, consistency check. */
1541 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1543 if (ncp->cl_naddr > NFSCLNT_ADDRMAX)
1546 /* Lock the hashtable */
1549 dom = unix_domain_find(ncp->cl_ident);
1555 /* Insert client into hashtable. */
1556 for (i = 0; i < ncp->cl_naddr; i++) {
1557 ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &addr6);
1558 auth_unix_add_addr(&addr6, dom);
1560 auth_unix_forget_old(dom);
1561 auth_domain_put(dom);
1572 * Delete a client given an identifier.
1575 exp_delclient(struct nfsctl_client *ncp)
1578 struct auth_domain *dom;
1581 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1584 /* Lock the hashtable */
1587 dom = auth_domain_find(ncp->cl_ident);
1588 /* just make sure that no addresses work
1589 * and that it will expire soon
1592 err = auth_unix_forget_old(dom);
1593 auth_domain_put(dom);
1602 * Verify that string is non-empty and does not exceed max length.
1605 exp_verify_string(char *cp, int max)
1609 for (i = 0; i < max; i++)
1613 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp);
1618 * Initialize the exports module.
1621 nfsd_export_init(void)
1624 dprintk("nfsd: initializing export module.\n");
1626 rv = cache_register(&svc_export_cache);
1629 rv = cache_register(&svc_expkey_cache);
1631 cache_unregister(&svc_export_cache);
1637 * Flush exports table - called when last nfsd thread is killed
1640 nfsd_export_flush(void)
1643 cache_purge(&svc_expkey_cache);
1644 cache_purge(&svc_export_cache);
1649 * Shutdown the exports module.
1652 nfsd_export_shutdown(void)
1655 dprintk("nfsd: shutting down export module.\n");
1659 cache_unregister(&svc_expkey_cache);
1660 cache_unregister(&svc_export_cache);
1661 svcauth_unix_purge();
1664 dprintk("nfsd: export shutdown complete.\n");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob