1 #define MSNFS /* HACK HACK */
3 * linux/fs/nfsd/export.c
5 * NFS exporting and validation.
7 * We maintain a list of clients, each of which has a list of
8 * exports. To export an fs to a given client, you first have
9 * to create the client entry with NFSCTL_ADDCLIENT, which
10 * creates a client control block and adds it to the hash
11 * table. Then, you call NFSCTL_EXPORT for each fs.
14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de>
17 #include <linux/unistd.h>
18 #include <linux/slab.h>
19 #include <linux/stat.h>
21 #include <linux/seq_file.h>
22 #include <linux/syscalls.h>
23 #include <linux/rwsem.h>
24 #include <linux/dcache.h>
25 #include <linux/namei.h>
26 #include <linux/mount.h>
27 #include <linux/hash.h>
28 #include <linux/module.h>
29 #include <linux/exportfs.h>
31 #include <linux/sunrpc/svc.h>
32 #include <linux/nfsd/nfsd.h>
33 #include <linux/nfsd/nfsfh.h>
34 #include <linux/nfsd/syscall.h>
35 #include <linux/lockd/bind.h>
36 #include <linux/sunrpc/msg_prot.h>
37 #include <linux/sunrpc/gss_api.h>
39 #define NFSDDBG_FACILITY NFSDDBG_EXPORT
41 typedef struct auth_domain svc_client
;
42 typedef struct svc_export svc_export
;
44 static void exp_do_unexport(svc_export
*unexp
);
45 static int exp_verify_string(char *cp
, int max
);
49 * One maps client+vfsmnt+dentry to export options - the export map
50 * The other maps client+filehandle-fragment to export options. - the expkey map
52 * The export options are actually stored in the first map, and the
53 * second map contains a reference to the entry in the first map.
56 #define EXPKEY_HASHBITS 8
57 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
58 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
59 static struct cache_head
*expkey_table
[EXPKEY_HASHMAX
];
61 static void expkey_put(struct kref
*ref
)
63 struct svc_expkey
*key
= container_of(ref
, struct svc_expkey
, h
.ref
);
65 if (test_bit(CACHE_VALID
, &key
->h
.flags
) &&
66 !test_bit(CACHE_NEGATIVE
, &key
->h
.flags
))
67 path_put(&key
->ek_path
);
68 auth_domain_put(key
->ek_client
);
72 static void expkey_request(struct cache_detail
*cd
,
74 char **bpp
, int *blen
)
76 /* client fsidtype \xfsid */
77 struct svc_expkey
*ek
= container_of(h
, struct svc_expkey
, h
);
80 qword_add(bpp
, blen
, ek
->ek_client
->name
);
81 snprintf(type
, 5, "%d", ek
->ek_fsidtype
);
82 qword_add(bpp
, blen
, type
);
83 qword_addhex(bpp
, blen
, (char*)ek
->ek_fsid
, key_len(ek
->ek_fsidtype
));
87 static struct svc_expkey
*svc_expkey_update(struct svc_expkey
*new, struct svc_expkey
*old
);
88 static struct svc_expkey
*svc_expkey_lookup(struct svc_expkey
*);
89 static struct cache_detail svc_expkey_cache
;
91 static int expkey_parse(struct cache_detail
*cd
, char *mesg
, int mlen
)
93 /* client fsidtype fsid [path] */
96 struct auth_domain
*dom
= NULL
;
100 struct svc_expkey key
;
101 struct svc_expkey
*ek
;
103 if (mesg
[mlen
-1] != '\n')
107 buf
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
112 if ((len
=qword_get(&mesg
, buf
, PAGE_SIZE
)) <= 0)
116 dom
= auth_domain_find(buf
);
119 dprintk("found domain %s\n", buf
);
122 if ((len
=qword_get(&mesg
, buf
, PAGE_SIZE
)) <= 0)
124 fsidtype
= simple_strtoul(buf
, &ep
, 10);
127 dprintk("found fsidtype %d\n", fsidtype
);
128 if (key_len(fsidtype
)==0) /* invalid type */
130 if ((len
=qword_get(&mesg
, buf
, PAGE_SIZE
)) <= 0)
132 dprintk("found fsid length %d\n", len
);
133 if (len
!= key_len(fsidtype
))
136 /* OK, we seem to have a valid key */
138 key
.h
.expiry_time
= get_expiry(&mesg
);
139 if (key
.h
.expiry_time
== 0)
143 key
.ek_fsidtype
= fsidtype
;
144 memcpy(key
.ek_fsid
, buf
, len
);
146 ek
= svc_expkey_lookup(&key
);
151 /* now we want a pathname, or empty meaning NEGATIVE */
153 if ((len
=qword_get(&mesg
, buf
, PAGE_SIZE
)) < 0)
155 dprintk("Path seems to be <%s>\n", buf
);
158 set_bit(CACHE_NEGATIVE
, &key
.h
.flags
);
159 ek
= svc_expkey_update(&key
, ek
);
161 cache_put(&ek
->h
, &svc_expkey_cache
);
165 err
= path_lookup(buf
, 0, &nd
);
169 dprintk("Found the path %s\n", buf
);
170 key
.ek_path
= nd
.path
;
172 ek
= svc_expkey_update(&key
, ek
);
174 cache_put(&ek
->h
, &svc_expkey_cache
);
182 auth_domain_put(dom
);
187 static int expkey_show(struct seq_file
*m
,
188 struct cache_detail
*cd
,
189 struct cache_head
*h
)
191 struct svc_expkey
*ek
;
195 seq_puts(m
, "#domain fsidtype fsid [path]\n");
198 ek
= container_of(h
, struct svc_expkey
, h
);
199 seq_printf(m
, "%s %d 0x", ek
->ek_client
->name
,
201 for (i
=0; i
< key_len(ek
->ek_fsidtype
)/4; i
++)
202 seq_printf(m
, "%08x", ek
->ek_fsid
[i
]);
203 if (test_bit(CACHE_VALID
, &h
->flags
) &&
204 !test_bit(CACHE_NEGATIVE
, &h
->flags
)) {
206 seq_path(m
, &ek
->ek_path
, "\\ \t\n");
212 static inline int expkey_match (struct cache_head
*a
, struct cache_head
*b
)
214 struct svc_expkey
*orig
= container_of(a
, struct svc_expkey
, h
);
215 struct svc_expkey
*new = container_of(b
, struct svc_expkey
, h
);
217 if (orig
->ek_fsidtype
!= new->ek_fsidtype
||
218 orig
->ek_client
!= new->ek_client
||
219 memcmp(orig
->ek_fsid
, new->ek_fsid
, key_len(orig
->ek_fsidtype
)) != 0)
224 static inline void expkey_init(struct cache_head
*cnew
,
225 struct cache_head
*citem
)
227 struct svc_expkey
*new = container_of(cnew
, struct svc_expkey
, h
);
228 struct svc_expkey
*item
= container_of(citem
, struct svc_expkey
, h
);
230 kref_get(&item
->ek_client
->ref
);
231 new->ek_client
= item
->ek_client
;
232 new->ek_fsidtype
= item
->ek_fsidtype
;
234 memcpy(new->ek_fsid
, item
->ek_fsid
, sizeof(new->ek_fsid
));
237 static inline void expkey_update(struct cache_head
*cnew
,
238 struct cache_head
*citem
)
240 struct svc_expkey
*new = container_of(cnew
, struct svc_expkey
, h
);
241 struct svc_expkey
*item
= container_of(citem
, struct svc_expkey
, h
);
243 new->ek_path
= item
->ek_path
;
244 path_get(&item
->ek_path
);
247 static struct cache_head
*expkey_alloc(void)
249 struct svc_expkey
*i
= kmalloc(sizeof(*i
), GFP_KERNEL
);
256 static struct cache_detail svc_expkey_cache
= {
257 .owner
= THIS_MODULE
,
258 .hash_size
= EXPKEY_HASHMAX
,
259 .hash_table
= expkey_table
,
261 .cache_put
= expkey_put
,
262 .cache_request
= expkey_request
,
263 .cache_parse
= expkey_parse
,
264 .cache_show
= expkey_show
,
265 .match
= expkey_match
,
267 .update
= expkey_update
,
268 .alloc
= expkey_alloc
,
271 static struct svc_expkey
*
272 svc_expkey_lookup(struct svc_expkey
*item
)
274 struct cache_head
*ch
;
275 int hash
= item
->ek_fsidtype
;
276 char * cp
= (char*)item
->ek_fsid
;
277 int len
= key_len(item
->ek_fsidtype
);
279 hash
^= hash_mem(cp
, len
, EXPKEY_HASHBITS
);
280 hash
^= hash_ptr(item
->ek_client
, EXPKEY_HASHBITS
);
281 hash
&= EXPKEY_HASHMASK
;
283 ch
= sunrpc_cache_lookup(&svc_expkey_cache
, &item
->h
,
286 return container_of(ch
, struct svc_expkey
, h
);
291 static struct svc_expkey
*
292 svc_expkey_update(struct svc_expkey
*new, struct svc_expkey
*old
)
294 struct cache_head
*ch
;
295 int hash
= new->ek_fsidtype
;
296 char * cp
= (char*)new->ek_fsid
;
297 int len
= key_len(new->ek_fsidtype
);
299 hash
^= hash_mem(cp
, len
, EXPKEY_HASHBITS
);
300 hash
^= hash_ptr(new->ek_client
, EXPKEY_HASHBITS
);
301 hash
&= EXPKEY_HASHMASK
;
303 ch
= sunrpc_cache_update(&svc_expkey_cache
, &new->h
,
306 return container_of(ch
, struct svc_expkey
, h
);
312 #define EXPORT_HASHBITS 8
313 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
314 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1)
316 static struct cache_head
*export_table
[EXPORT_HASHMAX
];
318 static void nfsd4_fslocs_free(struct nfsd4_fs_locations
*fsloc
)
322 for (i
= 0; i
< fsloc
->locations_count
; i
++) {
323 kfree(fsloc
->locations
[i
].path
);
324 kfree(fsloc
->locations
[i
].hosts
);
326 kfree(fsloc
->locations
);
329 static void svc_export_put(struct kref
*ref
)
331 struct svc_export
*exp
= container_of(ref
, struct svc_export
, h
.ref
);
332 path_put(&exp
->ex_path
);
333 auth_domain_put(exp
->ex_client
);
334 kfree(exp
->ex_pathname
);
335 nfsd4_fslocs_free(&exp
->ex_fslocs
);
339 static void svc_export_request(struct cache_detail
*cd
,
340 struct cache_head
*h
,
341 char **bpp
, int *blen
)
344 struct svc_export
*exp
= container_of(h
, struct svc_export
, h
);
347 qword_add(bpp
, blen
, exp
->ex_client
->name
);
348 pth
= d_path(&exp
->ex_path
, *bpp
, *blen
);
350 /* is this correct? */
354 qword_add(bpp
, blen
, pth
);
358 static struct svc_export
*svc_export_update(struct svc_export
*new,
359 struct svc_export
*old
);
360 static struct svc_export
*svc_export_lookup(struct svc_export
*);
362 static int check_export(struct inode
*inode
, int flags
, unsigned char *uuid
)
365 /* We currently export only dirs and regular files.
366 * This is what umountd does.
368 if (!S_ISDIR(inode
->i_mode
) &&
369 !S_ISREG(inode
->i_mode
))
372 /* There are two requirements on a filesystem to be exportable.
373 * 1: We must be able to identify the filesystem from a number.
374 * either a device number (so FS_REQUIRES_DEV needed)
375 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
376 * 2: We must be able to find an inode from a filehandle.
377 * This means that s_export_op must be set.
379 if (!(inode
->i_sb
->s_type
->fs_flags
& FS_REQUIRES_DEV
) &&
380 !(flags
& NFSEXP_FSID
) &&
382 dprintk("exp_export: export of non-dev fs without fsid\n");
386 if (!inode
->i_sb
->s_export_op
||
387 !inode
->i_sb
->s_export_op
->fh_to_dentry
) {
388 dprintk("exp_export: export of invalid fs type.\n");
396 #ifdef CONFIG_NFSD_V4
399 fsloc_parse(char **mesg
, char *buf
, struct nfsd4_fs_locations
*fsloc
)
402 int migrated
, i
, err
;
405 err
= get_int(mesg
, &fsloc
->locations_count
);
408 if (fsloc
->locations_count
> MAX_FS_LOCATIONS
)
410 if (fsloc
->locations_count
== 0)
413 fsloc
->locations
= kzalloc(fsloc
->locations_count
414 * sizeof(struct nfsd4_fs_location
), GFP_KERNEL
);
415 if (!fsloc
->locations
)
417 for (i
=0; i
< fsloc
->locations_count
; i
++) {
418 /* colon separated host list */
420 len
= qword_get(mesg
, buf
, PAGE_SIZE
);
424 fsloc
->locations
[i
].hosts
= kstrdup(buf
, GFP_KERNEL
);
425 if (!fsloc
->locations
[i
].hosts
)
428 /* slash separated path component list */
429 len
= qword_get(mesg
, buf
, PAGE_SIZE
);
433 fsloc
->locations
[i
].path
= kstrdup(buf
, GFP_KERNEL
);
434 if (!fsloc
->locations
[i
].path
)
438 err
= get_int(mesg
, &migrated
);
442 if (migrated
< 0 || migrated
> 1)
444 fsloc
->migrated
= migrated
;
447 nfsd4_fslocs_free(fsloc
);
451 static int secinfo_parse(char **mesg
, char *buf
, struct svc_export
*exp
)
454 struct exp_flavor_info
*f
;
456 err
= get_int(mesg
, &listsize
);
459 if (listsize
< 0 || listsize
> MAX_SECINFO_LIST
)
462 for (f
= exp
->ex_flavors
; f
< exp
->ex_flavors
+ listsize
; f
++) {
463 err
= get_int(mesg
, &f
->pseudoflavor
);
467 * Just a quick sanity check; we could also try to check
468 * whether this pseudoflavor is supported, but at worst
469 * an unsupported pseudoflavor on the export would just
470 * be a pseudoflavor that won't match the flavor of any
471 * authenticated request. The administrator will
472 * probably discover the problem when someone fails to
475 if (f
->pseudoflavor
< 0)
477 err
= get_int(mesg
, &f
->flags
);
480 /* Only some flags are allowed to differ between flavors: */
481 if (~NFSEXP_SECINFO_FLAGS
& (f
->flags
^ exp
->ex_flags
))
484 exp
->ex_nflavors
= listsize
;
488 #else /* CONFIG_NFSD_V4 */
490 fsloc_parse(char **mesg
, char *buf
, struct nfsd4_fs_locations
*fsloc
){return 0;}
492 secinfo_parse(char **mesg
, char *buf
, struct svc_export
*exp
) { return 0; }
495 static int svc_export_parse(struct cache_detail
*cd
, char *mesg
, int mlen
)
497 /* client path expiry [flags anonuid anongid fsid] */
501 struct auth_domain
*dom
= NULL
;
503 struct svc_export exp
, *expp
;
506 nd
.path
.dentry
= NULL
;
507 exp
.ex_pathname
= NULL
;
510 exp
.ex_fslocs
.locations
= NULL
;
511 exp
.ex_fslocs
.locations_count
= 0;
512 exp
.ex_fslocs
.migrated
= 0;
519 if (mesg
[mlen
-1] != '\n')
523 buf
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
528 len
= qword_get(&mesg
, buf
, PAGE_SIZE
);
530 if (len
<= 0) goto out
;
533 dom
= auth_domain_find(buf
);
539 if ((len
=qword_get(&mesg
, buf
, PAGE_SIZE
)) <= 0)
541 err
= path_lookup(buf
, 0, &nd
);
542 if (err
) goto out_no_path
;
546 exp
.ex_path
.mnt
= nd
.path
.mnt
;
547 exp
.ex_path
.dentry
= nd
.path
.dentry
;
548 exp
.ex_pathname
= kstrdup(buf
, GFP_KERNEL
);
550 if (!exp
.ex_pathname
)
555 exp
.h
.expiry_time
= get_expiry(&mesg
);
556 if (exp
.h
.expiry_time
== 0)
560 err
= get_int(&mesg
, &an_int
);
561 if (err
== -ENOENT
) {
563 set_bit(CACHE_NEGATIVE
, &exp
.h
.flags
);
565 if (err
|| an_int
< 0) goto out
;
566 exp
.ex_flags
= an_int
;
569 err
= get_int(&mesg
, &an_int
);
571 exp
.ex_anon_uid
= an_int
;
574 err
= get_int(&mesg
, &an_int
);
576 exp
.ex_anon_gid
= an_int
;
579 err
= get_int(&mesg
, &an_int
);
581 exp
.ex_fsid
= an_int
;
583 while ((len
= qword_get(&mesg
, buf
, PAGE_SIZE
)) > 0) {
584 if (strcmp(buf
, "fsloc") == 0)
585 err
= fsloc_parse(&mesg
, buf
, &exp
.ex_fslocs
);
586 else if (strcmp(buf
, "uuid") == 0) {
587 /* expect a 16 byte uuid encoded as \xXXXX... */
588 len
= qword_get(&mesg
, buf
, PAGE_SIZE
);
593 kmemdup(buf
, 16, GFP_KERNEL
);
594 if (exp
.ex_uuid
== NULL
)
597 } else if (strcmp(buf
, "secinfo") == 0)
598 err
= secinfo_parse(&mesg
, buf
, &exp
);
600 /* quietly ignore unknown words and anything
601 * following. Newer user-space can try to set
602 * new values, then see what the result was.
609 err
= check_export(nd
.path
.dentry
->d_inode
, exp
.ex_flags
,
614 expp
= svc_export_lookup(&exp
);
616 expp
= svc_export_update(&exp
, expp
);
625 nfsd4_fslocs_free(&exp
.ex_fslocs
);
627 kfree(exp
.ex_pathname
);
632 auth_domain_put(dom
);
637 static void exp_flags(struct seq_file
*m
, int flag
, int fsid
,
638 uid_t anonu
, uid_t anong
, struct nfsd4_fs_locations
*fslocs
);
639 static void show_secinfo(struct seq_file
*m
, struct svc_export
*exp
);
641 static int svc_export_show(struct seq_file
*m
,
642 struct cache_detail
*cd
,
643 struct cache_head
*h
)
645 struct svc_export
*exp
;
648 seq_puts(m
, "#path domain(flags)\n");
651 exp
= container_of(h
, struct svc_export
, h
);
652 seq_path(m
, &exp
->ex_path
, " \t\n\\");
654 seq_escape(m
, exp
->ex_client
->name
, " \t\n\\");
656 if (test_bit(CACHE_VALID
, &h
->flags
) &&
657 !test_bit(CACHE_NEGATIVE
, &h
->flags
)) {
658 exp_flags(m
, exp
->ex_flags
, exp
->ex_fsid
,
659 exp
->ex_anon_uid
, exp
->ex_anon_gid
, &exp
->ex_fslocs
);
662 seq_puts(m
, ",uuid=");
663 for (i
=0; i
<16; i
++) {
666 seq_printf(m
, "%02x", exp
->ex_uuid
[i
]);
669 show_secinfo(m
, exp
);
674 static int svc_export_match(struct cache_head
*a
, struct cache_head
*b
)
676 struct svc_export
*orig
= container_of(a
, struct svc_export
, h
);
677 struct svc_export
*new = container_of(b
, struct svc_export
, h
);
678 return orig
->ex_client
== new->ex_client
&&
679 orig
->ex_path
.dentry
== new->ex_path
.dentry
&&
680 orig
->ex_path
.mnt
== new->ex_path
.mnt
;
683 static void svc_export_init(struct cache_head
*cnew
, struct cache_head
*citem
)
685 struct svc_export
*new = container_of(cnew
, struct svc_export
, h
);
686 struct svc_export
*item
= container_of(citem
, struct svc_export
, h
);
688 kref_get(&item
->ex_client
->ref
);
689 new->ex_client
= item
->ex_client
;
690 new->ex_path
.dentry
= dget(item
->ex_path
.dentry
);
691 new->ex_path
.mnt
= mntget(item
->ex_path
.mnt
);
692 new->ex_pathname
= NULL
;
693 new->ex_fslocs
.locations
= NULL
;
694 new->ex_fslocs
.locations_count
= 0;
695 new->ex_fslocs
.migrated
= 0;
698 static void export_update(struct cache_head
*cnew
, struct cache_head
*citem
)
700 struct svc_export
*new = container_of(cnew
, struct svc_export
, h
);
701 struct svc_export
*item
= container_of(citem
, struct svc_export
, h
);
704 new->ex_flags
= item
->ex_flags
;
705 new->ex_anon_uid
= item
->ex_anon_uid
;
706 new->ex_anon_gid
= item
->ex_anon_gid
;
707 new->ex_fsid
= item
->ex_fsid
;
708 new->ex_uuid
= item
->ex_uuid
;
709 item
->ex_uuid
= NULL
;
710 new->ex_pathname
= item
->ex_pathname
;
711 item
->ex_pathname
= NULL
;
712 new->ex_fslocs
.locations
= item
->ex_fslocs
.locations
;
713 item
->ex_fslocs
.locations
= NULL
;
714 new->ex_fslocs
.locations_count
= item
->ex_fslocs
.locations_count
;
715 item
->ex_fslocs
.locations_count
= 0;
716 new->ex_fslocs
.migrated
= item
->ex_fslocs
.migrated
;
717 item
->ex_fslocs
.migrated
= 0;
718 new->ex_nflavors
= item
->ex_nflavors
;
719 for (i
= 0; i
< MAX_SECINFO_LIST
; i
++) {
720 new->ex_flavors
[i
] = item
->ex_flavors
[i
];
724 static struct cache_head
*svc_export_alloc(void)
726 struct svc_export
*i
= kmalloc(sizeof(*i
), GFP_KERNEL
);
733 struct cache_detail svc_export_cache
= {
734 .owner
= THIS_MODULE
,
735 .hash_size
= EXPORT_HASHMAX
,
736 .hash_table
= export_table
,
737 .name
= "nfsd.export",
738 .cache_put
= svc_export_put
,
739 .cache_request
= svc_export_request
,
740 .cache_parse
= svc_export_parse
,
741 .cache_show
= svc_export_show
,
742 .match
= svc_export_match
,
743 .init
= svc_export_init
,
744 .update
= export_update
,
745 .alloc
= svc_export_alloc
,
748 static struct svc_export
*
749 svc_export_lookup(struct svc_export
*exp
)
751 struct cache_head
*ch
;
753 hash
= hash_ptr(exp
->ex_client
, EXPORT_HASHBITS
);
754 hash
^= hash_ptr(exp
->ex_path
.dentry
, EXPORT_HASHBITS
);
755 hash
^= hash_ptr(exp
->ex_path
.mnt
, EXPORT_HASHBITS
);
757 ch
= sunrpc_cache_lookup(&svc_export_cache
, &exp
->h
,
760 return container_of(ch
, struct svc_export
, h
);
765 static struct svc_export
*
766 svc_export_update(struct svc_export
*new, struct svc_export
*old
)
768 struct cache_head
*ch
;
770 hash
= hash_ptr(old
->ex_client
, EXPORT_HASHBITS
);
771 hash
^= hash_ptr(old
->ex_path
.dentry
, EXPORT_HASHBITS
);
772 hash
^= hash_ptr(old
->ex_path
.mnt
, EXPORT_HASHBITS
);
774 ch
= sunrpc_cache_update(&svc_export_cache
, &new->h
,
778 return container_of(ch
, struct svc_export
, h
);
784 static struct svc_expkey
*
785 exp_find_key(svc_client
*clp
, int fsid_type
, u32
*fsidv
, struct cache_req
*reqp
)
787 struct svc_expkey key
, *ek
;
791 return ERR_PTR(-ENOENT
);
794 key
.ek_fsidtype
= fsid_type
;
795 memcpy(key
.ek_fsid
, fsidv
, key_len(fsid_type
));
797 ek
= svc_expkey_lookup(&key
);
799 return ERR_PTR(-ENOMEM
);
800 err
= cache_check(&svc_expkey_cache
, &ek
->h
, reqp
);
806 static int exp_set_key(svc_client
*clp
, int fsid_type
, u32
*fsidv
,
807 struct svc_export
*exp
)
809 struct svc_expkey key
, *ek
;
812 key
.ek_fsidtype
= fsid_type
;
813 memcpy(key
.ek_fsid
, fsidv
, key_len(fsid_type
));
814 key
.ek_path
= exp
->ex_path
;
815 key
.h
.expiry_time
= NEVER
;
818 ek
= svc_expkey_lookup(&key
);
820 ek
= svc_expkey_update(&key
,ek
);
822 cache_put(&ek
->h
, &svc_expkey_cache
);
829 * Find the client's export entry matching xdev/xino.
831 static inline struct svc_expkey
*
832 exp_get_key(svc_client
*clp
, dev_t dev
, ino_t ino
)
836 if (old_valid_dev(dev
)) {
837 mk_fsid(FSID_DEV
, fsidv
, dev
, ino
, 0, NULL
);
838 return exp_find_key(clp
, FSID_DEV
, fsidv
, NULL
);
840 mk_fsid(FSID_ENCODE_DEV
, fsidv
, dev
, ino
, 0, NULL
);
841 return exp_find_key(clp
, FSID_ENCODE_DEV
, fsidv
, NULL
);
845 * Find the client's export entry matching fsid
847 static inline struct svc_expkey
*
848 exp_get_fsid_key(svc_client
*clp
, int fsid
)
852 mk_fsid(FSID_NUM
, fsidv
, 0, 0, fsid
, NULL
);
854 return exp_find_key(clp
, FSID_NUM
, fsidv
, NULL
);
857 static svc_export
*exp_get_by_name(svc_client
*clp
, struct vfsmount
*mnt
,
858 struct dentry
*dentry
,
859 struct cache_req
*reqp
)
861 struct svc_export
*exp
, key
;
865 return ERR_PTR(-ENOENT
);
868 key
.ex_path
.mnt
= mnt
;
869 key
.ex_path
.dentry
= dentry
;
871 exp
= svc_export_lookup(&key
);
873 return ERR_PTR(-ENOMEM
);
874 err
= cache_check(&svc_export_cache
, &exp
->h
, reqp
);
881 * Find the export entry for a given dentry.
883 static struct svc_export
*exp_parent(svc_client
*clp
, struct vfsmount
*mnt
,
884 struct dentry
*dentry
,
885 struct cache_req
*reqp
)
890 exp
= exp_get_by_name(clp
, mnt
, dentry
, reqp
);
892 while (PTR_ERR(exp
) == -ENOENT
&& !IS_ROOT(dentry
)) {
893 struct dentry
*parent
;
895 parent
= dget_parent(dentry
);
898 exp
= exp_get_by_name(clp
, mnt
, dentry
, reqp
);
905 * Hashtable locking. Write locks are placed only by user processes
906 * wanting to modify export information.
907 * Write locking only done in this file. Read locking
911 static DECLARE_RWSEM(hash_sem
);
916 down_read(&hash_sem
);
922 down_write(&hash_sem
);
932 exp_writeunlock(void)
937 static void exp_fsid_unhash(struct svc_export
*exp
)
939 struct svc_expkey
*ek
;
941 if ((exp
->ex_flags
& NFSEXP_FSID
) == 0)
944 ek
= exp_get_fsid_key(exp
->ex_client
, exp
->ex_fsid
);
946 ek
->h
.expiry_time
= get_seconds()-1;
947 cache_put(&ek
->h
, &svc_expkey_cache
);
949 svc_expkey_cache
.nextcheck
= get_seconds();
952 static int exp_fsid_hash(svc_client
*clp
, struct svc_export
*exp
)
956 if ((exp
->ex_flags
& NFSEXP_FSID
) == 0)
959 mk_fsid(FSID_NUM
, fsid
, 0, 0, exp
->ex_fsid
, NULL
);
960 return exp_set_key(clp
, FSID_NUM
, fsid
, exp
);
963 static int exp_hash(struct auth_domain
*clp
, struct svc_export
*exp
)
966 struct inode
*inode
= exp
->ex_path
.dentry
->d_inode
;
967 dev_t dev
= inode
->i_sb
->s_dev
;
969 if (old_valid_dev(dev
)) {
970 mk_fsid(FSID_DEV
, fsid
, dev
, inode
->i_ino
, 0, NULL
);
971 return exp_set_key(clp
, FSID_DEV
, fsid
, exp
);
973 mk_fsid(FSID_ENCODE_DEV
, fsid
, dev
, inode
->i_ino
, 0, NULL
);
974 return exp_set_key(clp
, FSID_ENCODE_DEV
, fsid
, exp
);
977 static void exp_unhash(struct svc_export
*exp
)
979 struct svc_expkey
*ek
;
980 struct inode
*inode
= exp
->ex_path
.dentry
->d_inode
;
982 ek
= exp_get_key(exp
->ex_client
, inode
->i_sb
->s_dev
, inode
->i_ino
);
984 ek
->h
.expiry_time
= get_seconds()-1;
985 cache_put(&ek
->h
, &svc_expkey_cache
);
987 svc_expkey_cache
.nextcheck
= get_seconds();
991 * Export a file system.
994 exp_export(struct nfsctl_export
*nxp
)
997 struct svc_export
*exp
= NULL
;
998 struct svc_export
new;
999 struct svc_expkey
*fsid_key
= NULL
;
1000 struct nameidata nd
;
1003 /* Consistency check */
1005 if (!exp_verify_string(nxp
->ex_path
, NFS_MAXPATHLEN
) ||
1006 !exp_verify_string(nxp
->ex_client
, NFSCLNT_IDMAX
))
1009 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n",
1010 nxp
->ex_client
, nxp
->ex_path
,
1011 (unsigned)nxp
->ex_dev
, (long)nxp
->ex_ino
,
1014 /* Try to lock the export table for update */
1017 /* Look up client info */
1018 if (!(clp
= auth_domain_find(nxp
->ex_client
)))
1022 /* Look up the dentry */
1023 err
= path_lookup(nxp
->ex_path
, 0, &nd
);
1028 exp
= exp_get_by_name(clp
, nd
.path
.mnt
, nd
.path
.dentry
, NULL
);
1030 memset(&new, 0, sizeof(new));
1032 /* must make sure there won't be an ex_fsid clash */
1033 if ((nxp
->ex_flags
& NFSEXP_FSID
) &&
1034 (!IS_ERR(fsid_key
= exp_get_fsid_key(clp
, nxp
->ex_dev
))) &&
1035 fsid_key
->ek_path
.mnt
&&
1036 (fsid_key
->ek_path
.mnt
!= nd
.path
.mnt
||
1037 fsid_key
->ek_path
.dentry
!= nd
.path
.dentry
))
1041 /* just a flags/id/fsid update */
1043 exp_fsid_unhash(exp
);
1044 exp
->ex_flags
= nxp
->ex_flags
;
1045 exp
->ex_anon_uid
= nxp
->ex_anon_uid
;
1046 exp
->ex_anon_gid
= nxp
->ex_anon_gid
;
1047 exp
->ex_fsid
= nxp
->ex_dev
;
1049 err
= exp_fsid_hash(clp
, exp
);
1053 err
= check_export(nd
.path
.dentry
->d_inode
, nxp
->ex_flags
, NULL
);
1054 if (err
) goto finish
;
1058 dprintk("nfsd: creating export entry %p for client %p\n", exp
, clp
);
1060 new.h
.expiry_time
= NEVER
;
1062 new.ex_pathname
= kstrdup(nxp
->ex_path
, GFP_KERNEL
);
1063 if (!new.ex_pathname
)
1065 new.ex_client
= clp
;
1066 new.ex_path
= nd
.path
;
1067 new.ex_flags
= nxp
->ex_flags
;
1068 new.ex_anon_uid
= nxp
->ex_anon_uid
;
1069 new.ex_anon_gid
= nxp
->ex_anon_gid
;
1070 new.ex_fsid
= nxp
->ex_dev
;
1072 exp
= svc_export_lookup(&new);
1074 exp
= svc_export_update(&new, exp
);
1079 if (exp_hash(clp
, exp
) ||
1080 exp_fsid_hash(clp
, exp
)) {
1081 /* failed to create at least one index */
1082 exp_do_unexport(exp
);
1087 kfree(new.ex_pathname
);
1090 if (fsid_key
&& !IS_ERR(fsid_key
))
1091 cache_put(&fsid_key
->h
, &svc_expkey_cache
);
1093 auth_domain_put(clp
);
1102 * Unexport a file system. The export entry has already
1103 * been removed from the client's list of exported fs's.
1106 exp_do_unexport(svc_export
*unexp
)
1108 unexp
->h
.expiry_time
= get_seconds()-1;
1109 svc_export_cache
.nextcheck
= get_seconds();
1111 exp_fsid_unhash(unexp
);
1119 exp_unexport(struct nfsctl_export
*nxp
)
1121 struct auth_domain
*dom
;
1123 struct nameidata nd
;
1126 /* Consistency check */
1127 if (!exp_verify_string(nxp
->ex_path
, NFS_MAXPATHLEN
) ||
1128 !exp_verify_string(nxp
->ex_client
, NFSCLNT_IDMAX
))
1134 dom
= auth_domain_find(nxp
->ex_client
);
1136 dprintk("nfsd: unexport couldn't find %s\n", nxp
->ex_client
);
1140 err
= path_lookup(nxp
->ex_path
, 0, &nd
);
1145 exp
= exp_get_by_name(dom
, nd
.path
.mnt
, nd
.path
.dentry
, NULL
);
1150 exp_do_unexport(exp
);
1155 auth_domain_put(dom
);
1163 * Obtain the root fh on behalf of a client.
1164 * This could be done in user space, but I feel that it adds some safety
1165 * since its harder to fool a kernel module than a user space program.
1168 exp_rootfh(svc_client
*clp
, char *path
, struct knfsd_fh
*f
, int maxsize
)
1170 struct svc_export
*exp
;
1171 struct nameidata nd
;
1172 struct inode
*inode
;
1177 /* NB: we probably ought to check that it's NUL-terminated */
1178 if (path_lookup(path
, 0, &nd
)) {
1179 printk("nfsd: exp_rootfh path not found %s", path
);
1182 inode
= nd
.path
.dentry
->d_inode
;
1184 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1185 path
, nd
.path
.dentry
, clp
->name
,
1186 inode
->i_sb
->s_id
, inode
->i_ino
);
1187 exp
= exp_parent(clp
, nd
.path
.mnt
, nd
.path
.dentry
, NULL
);
1194 * fh must be initialized before calling fh_compose
1196 fh_init(&fh
, maxsize
);
1197 if (fh_compose(&fh
, exp
, nd
.path
.dentry
, NULL
))
1201 memcpy(f
, &fh
.fh_handle
, sizeof(struct knfsd_fh
));
1209 static struct svc_export
*exp_find(struct auth_domain
*clp
, int fsid_type
,
1210 u32
*fsidv
, struct cache_req
*reqp
)
1212 struct svc_export
*exp
;
1213 struct svc_expkey
*ek
= exp_find_key(clp
, fsid_type
, fsidv
, reqp
);
1215 return ERR_CAST(ek
);
1217 exp
= exp_get_by_name(clp
, ek
->ek_path
.mnt
, ek
->ek_path
.dentry
, reqp
);
1218 cache_put(&ek
->h
, &svc_expkey_cache
);
1221 return ERR_CAST(exp
);
1225 __be32
check_nfsd_access(struct svc_export
*exp
, struct svc_rqst
*rqstp
)
1227 struct exp_flavor_info
*f
;
1228 struct exp_flavor_info
*end
= exp
->ex_flavors
+ exp
->ex_nflavors
;
1230 /* legacy gss-only clients are always OK: */
1231 if (exp
->ex_client
== rqstp
->rq_gssclient
)
1233 /* ip-address based client; check sec= export option: */
1234 for (f
= exp
->ex_flavors
; f
< end
; f
++) {
1235 if (f
->pseudoflavor
== rqstp
->rq_flavor
)
1238 /* defaults in absence of sec= options: */
1239 if (exp
->ex_nflavors
== 0) {
1240 if (rqstp
->rq_flavor
== RPC_AUTH_NULL
||
1241 rqstp
->rq_flavor
== RPC_AUTH_UNIX
)
1244 return nfserr_wrongsec
;
1248 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1249 * auth_unix client) if it's available and has secinfo information;
1250 * otherwise, will try to use rq_gssclient.
1252 * Called from functions that handle requests; functions that do work on
1253 * behalf of mountd are passed a single client name to use, and should
1254 * use exp_get_by_name() or exp_find().
1257 rqst_exp_get_by_name(struct svc_rqst
*rqstp
, struct vfsmount
*mnt
,
1258 struct dentry
*dentry
)
1260 struct svc_export
*gssexp
, *exp
= ERR_PTR(-ENOENT
);
1262 if (rqstp
->rq_client
== NULL
)
1265 /* First try the auth_unix client: */
1266 exp
= exp_get_by_name(rqstp
->rq_client
, mnt
, dentry
,
1267 &rqstp
->rq_chandle
);
1268 if (PTR_ERR(exp
) == -ENOENT
)
1272 /* If it has secinfo, assume there are no gss/... clients */
1273 if (exp
->ex_nflavors
> 0)
1276 /* Otherwise, try falling back on gss client */
1277 if (rqstp
->rq_gssclient
== NULL
)
1279 gssexp
= exp_get_by_name(rqstp
->rq_gssclient
, mnt
, dentry
,
1280 &rqstp
->rq_chandle
);
1281 if (PTR_ERR(gssexp
) == -ENOENT
)
1289 rqst_exp_find(struct svc_rqst
*rqstp
, int fsid_type
, u32
*fsidv
)
1291 struct svc_export
*gssexp
, *exp
= ERR_PTR(-ENOENT
);
1293 if (rqstp
->rq_client
== NULL
)
1296 /* First try the auth_unix client: */
1297 exp
= exp_find(rqstp
->rq_client
, fsid_type
, fsidv
, &rqstp
->rq_chandle
);
1298 if (PTR_ERR(exp
) == -ENOENT
)
1302 /* If it has secinfo, assume there are no gss/... clients */
1303 if (exp
->ex_nflavors
> 0)
1306 /* Otherwise, try falling back on gss client */
1307 if (rqstp
->rq_gssclient
== NULL
)
1309 gssexp
= exp_find(rqstp
->rq_gssclient
, fsid_type
, fsidv
,
1310 &rqstp
->rq_chandle
);
1311 if (PTR_ERR(gssexp
) == -ENOENT
)
1319 rqst_exp_parent(struct svc_rqst
*rqstp
, struct vfsmount
*mnt
,
1320 struct dentry
*dentry
)
1322 struct svc_export
*exp
;
1325 exp
= rqst_exp_get_by_name(rqstp
, mnt
, dentry
);
1327 while (PTR_ERR(exp
) == -ENOENT
&& !IS_ROOT(dentry
)) {
1328 struct dentry
*parent
;
1330 parent
= dget_parent(dentry
);
1333 exp
= rqst_exp_get_by_name(rqstp
, mnt
, dentry
);
1340 * Called when we need the filehandle for the root of the pseudofs,
1341 * for a given NFSv4 client. The root is defined to be the
1342 * export point with fsid==0
1345 exp_pseudoroot(struct svc_rqst
*rqstp
, struct svc_fh
*fhp
)
1347 struct svc_export
*exp
;
1351 mk_fsid(FSID_NUM
, fsidv
, 0, 0, 0, NULL
);
1353 exp
= rqst_exp_find(rqstp
, FSID_NUM
, fsidv
);
1355 return nfserrno(PTR_ERR(exp
));
1356 rv
= fh_compose(fhp
, exp
, exp
->ex_path
.dentry
, NULL
);
1359 rv
= check_nfsd_access(exp
, rqstp
);
1367 static void *e_start(struct seq_file
*m
, loff_t
*pos
)
1368 __acquires(svc_export_cache
.hash_lock
)
1371 unsigned hash
, export
;
1372 struct cache_head
*ch
;
1375 read_lock(&svc_export_cache
.hash_lock
);
1377 return SEQ_START_TOKEN
;
1379 export
= n
& ((1LL<<32) - 1);
1382 for (ch
=export_table
[hash
]; ch
; ch
=ch
->next
)
1385 n
&= ~((1LL<<32) - 1);
1389 } while(hash
< EXPORT_HASHMAX
&& export_table
[hash
]==NULL
);
1390 if (hash
>= EXPORT_HASHMAX
)
1393 return export_table
[hash
];
1396 static void *e_next(struct seq_file
*m
, void *p
, loff_t
*pos
)
1398 struct cache_head
*ch
= p
;
1399 int hash
= (*pos
>> 32);
1401 if (p
== SEQ_START_TOKEN
)
1403 else if (ch
->next
== NULL
) {
1410 *pos
&= ~((1LL<<32) - 1);
1411 while (hash
< EXPORT_HASHMAX
&& export_table
[hash
] == NULL
) {
1415 if (hash
>= EXPORT_HASHMAX
)
1418 return export_table
[hash
];
1421 static void e_stop(struct seq_file
*m
, void *p
)
1422 __releases(svc_export_cache
.hash_lock
)
1424 read_unlock(&svc_export_cache
.hash_lock
);
1428 static struct flags
{
1432 { NFSEXP_READONLY
, {"ro", "rw"}},
1433 { NFSEXP_INSECURE_PORT
, {"insecure", ""}},
1434 { NFSEXP_ROOTSQUASH
, {"root_squash", "no_root_squash"}},
1435 { NFSEXP_ALLSQUASH
, {"all_squash", ""}},
1436 { NFSEXP_ASYNC
, {"async", "sync"}},
1437 { NFSEXP_GATHERED_WRITES
, {"wdelay", "no_wdelay"}},
1438 { NFSEXP_NOHIDE
, {"nohide", ""}},
1439 { NFSEXP_CROSSMOUNT
, {"crossmnt", ""}},
1440 { NFSEXP_NOSUBTREECHECK
, {"no_subtree_check", ""}},
1441 { NFSEXP_NOAUTHNLM
, {"insecure_locks", ""}},
1443 { NFSEXP_MSNFS
, {"msnfs", ""}},
1448 static void show_expflags(struct seq_file
*m
, int flags
, int mask
)
1451 int state
, first
= 0;
1453 for (flg
= expflags
; flg
->flag
; flg
++) {
1454 if (flg
->flag
& ~mask
)
1456 state
= (flg
->flag
& flags
) ? 0 : 1;
1457 if (*flg
->name
[state
])
1458 seq_printf(m
, "%s%s", first
++?",":"", flg
->name
[state
]);
1462 static void show_secinfo_flags(struct seq_file
*m
, int flags
)
1465 show_expflags(m
, flags
, NFSEXP_SECINFO_FLAGS
);
1468 static void show_secinfo(struct seq_file
*m
, struct svc_export
*exp
)
1470 struct exp_flavor_info
*f
;
1471 struct exp_flavor_info
*end
= exp
->ex_flavors
+ exp
->ex_nflavors
;
1472 int lastflags
= 0, first
= 0;
1474 if (exp
->ex_nflavors
== 0)
1476 for (f
= exp
->ex_flavors
; f
< end
; f
++) {
1477 if (first
|| f
->flags
!= lastflags
) {
1479 show_secinfo_flags(m
, lastflags
);
1480 seq_printf(m
, ",sec=%d", f
->pseudoflavor
);
1481 lastflags
= f
->flags
;
1483 seq_printf(m
, ":%d", f
->pseudoflavor
);
1486 show_secinfo_flags(m
, lastflags
);
1489 static void exp_flags(struct seq_file
*m
, int flag
, int fsid
,
1490 uid_t anonu
, uid_t anong
, struct nfsd4_fs_locations
*fsloc
)
1492 show_expflags(m
, flag
, NFSEXP_ALLFLAGS
);
1493 if (flag
& NFSEXP_FSID
)
1494 seq_printf(m
, ",fsid=%d", fsid
);
1495 if (anonu
!= (uid_t
)-2 && anonu
!= (0x10000-2))
1496 seq_printf(m
, ",anonuid=%u", anonu
);
1497 if (anong
!= (gid_t
)-2 && anong
!= (0x10000-2))
1498 seq_printf(m
, ",anongid=%u", anong
);
1499 if (fsloc
&& fsloc
->locations_count
> 0) {
1500 char *loctype
= (fsloc
->migrated
) ? "refer" : "replicas";
1503 seq_printf(m
, ",%s=", loctype
);
1504 seq_escape(m
, fsloc
->locations
[0].path
, ",;@ \t\n\\");
1506 seq_escape(m
, fsloc
->locations
[0].hosts
, ",;@ \t\n\\");
1507 for (i
= 1; i
< fsloc
->locations_count
; i
++) {
1509 seq_escape(m
, fsloc
->locations
[i
].path
, ",;@ \t\n\\");
1511 seq_escape(m
, fsloc
->locations
[i
].hosts
, ",;@ \t\n\\");
1516 static int e_show(struct seq_file
*m
, void *p
)
1518 struct cache_head
*cp
= p
;
1519 struct svc_export
*exp
= container_of(cp
, struct svc_export
, h
);
1521 if (p
== SEQ_START_TOKEN
) {
1522 seq_puts(m
, "# Version 1.1\n");
1523 seq_puts(m
, "# Path Client(Flags) # IPs\n");
1528 if (cache_check(&svc_export_cache
, &exp
->h
, NULL
))
1530 cache_put(&exp
->h
, &svc_export_cache
);
1531 return svc_export_show(m
, &svc_export_cache
, cp
);
1534 struct seq_operations nfs_exports_op
= {
1542 * Add or modify a client.
1543 * Change requests may involve the list of host addresses. The list of
1544 * exports and possibly existing uid maps are left untouched.
1547 exp_addclient(struct nfsctl_client
*ncp
)
1549 struct auth_domain
*dom
;
1552 /* First, consistency check. */
1554 if (! exp_verify_string(ncp
->cl_ident
, NFSCLNT_IDMAX
))
1556 if (ncp
->cl_naddr
> NFSCLNT_ADDRMAX
)
1559 /* Lock the hashtable */
1562 dom
= unix_domain_find(ncp
->cl_ident
);
1568 /* Insert client into hashtable. */
1569 for (i
= 0; i
< ncp
->cl_naddr
; i
++)
1570 auth_unix_add_addr(ncp
->cl_addrlist
[i
], dom
);
1572 auth_unix_forget_old(dom
);
1573 auth_domain_put(dom
);
1584 * Delete a client given an identifier.
1587 exp_delclient(struct nfsctl_client
*ncp
)
1590 struct auth_domain
*dom
;
1593 if (!exp_verify_string(ncp
->cl_ident
, NFSCLNT_IDMAX
))
1596 /* Lock the hashtable */
1599 dom
= auth_domain_find(ncp
->cl_ident
);
1600 /* just make sure that no addresses work
1601 * and that it will expire soon
1604 err
= auth_unix_forget_old(dom
);
1605 auth_domain_put(dom
);
1614 * Verify that string is non-empty and does not exceed max length.
1617 exp_verify_string(char *cp
, int max
)
1621 for (i
= 0; i
< max
; i
++)
1625 printk(KERN_NOTICE
"nfsd: couldn't validate string %s\n", cp
);
1630 * Initialize the exports module.
1633 nfsd_export_init(void)
1636 dprintk("nfsd: initializing export module.\n");
1638 rv
= cache_register(&svc_export_cache
);
1641 rv
= cache_register(&svc_expkey_cache
);
1643 cache_unregister(&svc_export_cache
);
1649 * Flush exports table - called when last nfsd thread is killed
1652 nfsd_export_flush(void)
1655 cache_purge(&svc_expkey_cache
);
1656 cache_purge(&svc_export_cache
);
1661 * Shutdown the exports module.
1664 nfsd_export_shutdown(void)
1667 dprintk("nfsd: shutting down export module.\n");
1671 cache_unregister(&svc_expkey_cache
);
1672 cache_unregister(&svc_export_cache
);
1673 svcauth_unix_purge();
1676 dprintk("nfsd: export shutdown complete.\n");