diff options
Diffstat (limited to 'fs/nfsd/export.c')
| -rw-r--r-- | fs/nfsd/export.c | 1200 |
1 files changed, 1200 insertions, 0 deletions
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c new file mode 100644 index 00000000000..9a11aa39e2e --- /dev/null +++ b/fs/nfsd/export.c @@ -0,0 +1,1200 @@ +#define MSNFS /* HACK HACK */ +/* + * linux/fs/nfsd/export.c + * + * NFS exporting and validation. + * + * We maintain a list of clients, each of which has a list of + * exports. To export an fs to a given client, you first have + * to create the client entry with NFSCTL_ADDCLIENT, which + * creates a client control block and adds it to the hash + * table. Then, you call NFSCTL_EXPORT for each fs. + * + * + * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de> + */ + +#include <linux/unistd.h> +#include <linux/slab.h> +#include <linux/sched.h> +#include <linux/stat.h> +#include <linux/in.h> +#include <linux/seq_file.h> +#include <linux/syscalls.h> +#include <linux/rwsem.h> +#include <linux/dcache.h> +#include <linux/namei.h> +#include <linux/mount.h> +#include <linux/hash.h> + +#include <linux/sunrpc/svc.h> +#include <linux/nfsd/nfsd.h> +#include <linux/nfsd/nfsfh.h> +#include <linux/nfsd/syscall.h> +#include <linux/lockd/bind.h> + +#define NFSDDBG_FACILITY NFSDDBG_EXPORT +#define NFSD_PARANOIA 1 + +typedef struct auth_domain svc_client; +typedef struct svc_export svc_export; + +static void exp_do_unexport(svc_export *unexp); +static int exp_verify_string(char *cp, int max); + +/* + * We have two caches. + * One maps client+vfsmnt+dentry to export options - the export map + * The other maps client+filehandle-fragment to export options. - the expkey map + * + * The export options are actually stored in the first map, and the + * second map contains a reference to the entry in the first map. + */ + +#define EXPKEY_HASHBITS 8 +#define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) +#define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) +static struct cache_head *expkey_table[EXPKEY_HASHMAX]; + +static inline int svc_expkey_hash(struct svc_expkey *item) +{ + int hash = item->ek_fsidtype; + char * cp = (char*)item->ek_fsid; + int len = key_len(item->ek_fsidtype); + + hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); + hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS); + return hash & EXPKEY_HASHMASK; +} + +void expkey_put(struct cache_head *item, struct cache_detail *cd) +{ + if (cache_put(item, cd)) { + struct svc_expkey *key = container_of(item, struct svc_expkey, h); + if (test_bit(CACHE_VALID, &item->flags) && + !test_bit(CACHE_NEGATIVE, &item->flags)) + exp_put(key->ek_export); + auth_domain_put(key->ek_client); + kfree(key); + } +} + +static void expkey_request(struct cache_detail *cd, + struct cache_head *h, + char **bpp, int *blen) +{ + /* client fsidtype \xfsid */ + struct svc_expkey *ek = container_of(h, struct svc_expkey, h); + char type[5]; + + qword_add(bpp, blen, ek->ek_client->name); + snprintf(type, 5, "%d", ek->ek_fsidtype); + qword_add(bpp, blen, type); + qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype)); + (*bpp)[-1] = '\n'; +} + +static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *, int); +static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen) +{ + /* client fsidtype fsid [path] */ + char *buf; + int len; + struct auth_domain *dom = NULL; + int err; + int fsidtype; + char *ep; + struct svc_expkey key; + + if (mesg[mlen-1] != '\n') + return -EINVAL; + mesg[mlen-1] = 0; + + buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + err = -ENOMEM; + if (!buf) goto out; + + err = -EINVAL; + if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) + goto out; + + err = -ENOENT; + dom = auth_domain_find(buf); + if (!dom) + goto out; + dprintk("found domain %s\n", buf); + + err = -EINVAL; + if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) + goto out; + fsidtype = simple_strtoul(buf, &ep, 10); + if (*ep) + goto out; + dprintk("found fsidtype %d\n", fsidtype); + if (fsidtype > 2) + goto out; + if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) + goto out; + dprintk("found fsid length %d\n", len); + if (len != key_len(fsidtype)) + goto out; + + /* OK, we seem to have a valid key */ + key.h.flags = 0; + key.h.expiry_time = get_expiry(&mesg); + if (key.h.expiry_time == 0) + goto out; + + key.ek_client = dom; + key.ek_fsidtype = fsidtype; + memcpy(key.ek_fsid, buf, len); + + /* now we want a pathname, or empty meaning NEGATIVE */ + if ((len=qword_get(&mesg, buf, PAGE_SIZE)) < 0) + goto out; + dprintk("Path seems to be <%s>\n", buf); + err = 0; + if (len == 0) { + struct svc_expkey *ek; + set_bit(CACHE_NEGATIVE, &key.h.flags); + ek = svc_expkey_lookup(&key, 1); + if (ek) + expkey_put(&ek->h, &svc_expkey_cache); + } else { + struct nameidata nd; + struct svc_expkey *ek; + struct svc_export *exp; + err = path_lookup(buf, 0, &nd); + if (err) + goto out; + + dprintk("Found the path %s\n", buf); + exp = exp_get_by_name(dom, nd.mnt, nd.dentry, NULL); + + err = -ENOENT; + if (!exp) + goto out_nd; + key.ek_export = exp; + dprintk("And found export\n"); + + ek = svc_expkey_lookup(&key, 1); + if (ek) + expkey_put(&ek->h, &svc_expkey_cache); + exp_put(exp); + err = 0; + out_nd: + path_release(&nd); + } + cache_flush(); + out: + if (dom) + auth_domain_put(dom); + if (buf) + kfree(buf); + return err; +} + +static int expkey_show(struct seq_file *m, + struct cache_detail *cd, + struct cache_head *h) +{ + struct svc_expkey *ek ; + + if (h ==NULL) { + seq_puts(m, "#domain fsidtype fsid [path]\n"); + return 0; + } + ek = container_of(h, struct svc_expkey, h); + seq_printf(m, "%s %d 0x%08x", ek->ek_client->name, + ek->ek_fsidtype, ek->ek_fsid[0]); + if (ek->ek_fsidtype != 1) + seq_printf(m, "%08x", ek->ek_fsid[1]); + if (ek->ek_fsidtype == 2) + seq_printf(m, "%08x", ek->ek_fsid[2]); + if (test_bit(CACHE_VALID, &h->flags) && + !test_bit(CACHE_NEGATIVE, &h->flags)) { + seq_printf(m, " "); + seq_path(m, ek->ek_export->ex_mnt, ek->ek_export->ex_dentry, "\\ \t\n"); + } + seq_printf(m, "\n"); + return 0; +} + +struct cache_detail svc_expkey_cache = { + .hash_size = EXPKEY_HASHMAX, + .hash_table = expkey_table, + .name = "nfsd.fh", + .cache_put = expkey_put, + .cache_request = expkey_request, + .cache_parse = expkey_parse, + .cache_show = expkey_show, +}; + +static inline int svc_expkey_match (struct svc_expkey *a, struct svc_expkey *b) +{ + if (a->ek_fsidtype != b->ek_fsidtype || + a->ek_client != b->ek_client || + memcmp(a->ek_fsid, b->ek_fsid, key_len(a->ek_fsidtype)) != 0) + return 0; + return 1; +} + +static inline void svc_expkey_init(struct svc_expkey *new, struct svc_expkey *item) +{ + cache_get(&item->ek_client->h); + new->ek_client = item->ek_client; + new->ek_fsidtype = item->ek_fsidtype; + new->ek_fsid[0] = item->ek_fsid[0]; + new->ek_fsid[1] = item->ek_fsid[1]; + new->ek_fsid[2] = item->ek_fsid[2]; +} + +static inline void svc_expkey_update(struct svc_expkey *new, struct svc_expkey *item) +{ + cache_get(&item->ek_export->h); + new->ek_export = item->ek_export; +} + +static DefineSimpleCacheLookup(svc_expkey,0) /* no inplace updates */ + +#define EXPORT_HASHBITS 8 +#define EXPORT_HASHMAX (1<< EXPORT_HASHBITS) +#define EXPORT_HASHMASK (EXPORT_HASHMAX -1) + +static struct cache_head *export_table[EXPORT_HASHMAX]; + +static inline int svc_export_hash(struct svc_export *item) +{ + int rv; + + rv = hash_ptr(item->ex_client, EXPORT_HASHBITS); + rv ^= hash_ptr(item->ex_dentry, EXPORT_HASHBITS); + rv ^= hash_ptr(item->ex_mnt, EXPORT_HASHBITS); + return rv; +} + +void svc_export_put(struct cache_head *item, struct cache_detail *cd) +{ + if (cache_put(item, cd)) { + struct svc_export *exp = container_of(item, struct svc_export, h); + dput(exp->ex_dentry); + mntput(exp->ex_mnt); + auth_domain_put(exp->ex_client); + kfree(exp); + } +} + +static void svc_export_request(struct cache_detail *cd, + struct cache_head *h, + char **bpp, int *blen) +{ + /* client path */ + struct svc_export *exp = container_of(h, struct svc_export, h); + char *pth; + + qword_add(bpp, blen, exp->ex_client->name); + pth = d_path(exp->ex_dentry, exp->ex_mnt, *bpp, *blen); + if (IS_ERR(pth)) { + /* is this correct? */ + (*bpp)[0] = '\n'; + return; + } + qword_add(bpp, blen, pth); + (*bpp)[-1] = '\n'; +} + +static struct svc_export *svc_export_lookup(struct svc_export *, int); + +static int check_export(struct inode *inode, int flags) +{ + + /* We currently export only dirs and regular files. + * This is what umountd does. + */ + if (!S_ISDIR(inode->i_mode) && + !S_ISREG(inode->i_mode)) + return -ENOTDIR; + + /* There are two requirements on a filesystem to be exportable. + * 1: We must be able to identify the filesystem from a number. + * either a device number (so FS_REQUIRES_DEV needed) + * or an FSID number (so NFSEXP_FSID needed). + * 2: We must be able to find an inode from a filehandle. + * This means that s_export_op must be set. + */ + if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) && + !(flags & NFSEXP_FSID)) { + dprintk("exp_export: export of non-dev fs without fsid"); + return -EINVAL; + } + if (!inode->i_sb->s_export_op) { + dprintk("exp_export: export of invalid fs type.\n"); + return -EINVAL; + } + + /* Ok, we can export it */; + if (!inode->i_sb->s_export_op->find_exported_dentry) + inode->i_sb->s_export_op->find_exported_dentry = + find_exported_dentry; + return 0; + +} + +static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) +{ + /* client path expiry [flags anonuid anongid fsid] */ + char *buf; + int len; + int err; + struct auth_domain *dom = NULL; + struct nameidata nd; + struct svc_export exp, *expp; + int an_int; + + nd.dentry = NULL; + + if (mesg[mlen-1] != '\n') + return -EINVAL; + mesg[mlen-1] = 0; + + buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + err = -ENOMEM; + if (!buf) goto out; + + /* client */ + len = qword_get(&mesg, buf, PAGE_SIZE); + err = -EINVAL; + if (len <= 0) goto out; + + err = -ENOENT; + dom = auth_domain_find(buf); + if (!dom) + goto out; + + /* path */ + err = -EINVAL; + if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) + goto out; + err = path_lookup(buf, 0, &nd); + if (err) goto out; + + exp.h.flags = 0; + exp.ex_client = dom; + exp.ex_mnt = nd.mnt; + exp.ex_dentry = nd.dentry; + + /* expiry */ + err = -EINVAL; + exp.h.expiry_time = get_expiry(&mesg); + if (exp.h.expiry_time == 0) + goto out; + + /* flags */ + err = get_int(&mesg, &an_int); + if (err == -ENOENT) + set_bit(CACHE_NEGATIVE, &exp.h.flags); + else { + if (err || an_int < 0) goto out; + exp.ex_flags= an_int; + + /* anon uid */ + err = get_int(&mesg, &an_int); + if (err) goto out; + exp.ex_anon_uid= an_int; + + /* anon gid */ + err = get_int(&mesg, &an_int); + if (err) goto out; + exp.ex_anon_gid= an_int; + + /* fsid */ + err = get_int(&mesg, &an_int); + if (err) goto out; + exp.ex_fsid = an_int; + + err = check_export(nd.dentry->d_inode, exp.ex_flags); + if (err) goto out; + } + + expp = svc_export_lookup(&exp, 1); + if (expp) + exp_put(expp); + err = 0; + cache_flush(); + out: + if (nd.dentry) + path_release(&nd); + if (dom) + auth_domain_put(dom); + if (buf) + kfree(buf); + return err; +} + +static void exp_flags(struct seq_file *m, int flag, int fsid, uid_t anonu, uid_t anong); + +static int svc_export_show(struct seq_file *m, + struct cache_detail *cd, + struct cache_head *h) +{ + struct svc_export *exp ; + + if (h ==NULL) { + seq_puts(m, "#path domain(flags)\n"); + return 0; + } + exp = container_of(h, struct svc_export, h); + seq_path(m, exp->ex_mnt, exp->ex_dentry, " \t\n\\"); + seq_putc(m, '\t'); + seq_escape(m, exp->ex_client->name, " \t\n\\"); + seq_putc(m, '('); + if (test_bit(CACHE_VALID, &h->flags) && + !test_bit(CACHE_NEGATIVE, &h->flags)) + exp_flags(m, exp->ex_flags, exp->ex_fsid, + exp->ex_anon_uid, exp->ex_anon_gid); + seq_puts(m, ")\n"); + return 0; +} +struct cache_detail svc_export_cache = { + .hash_size = EXPORT_HASHMAX, + .hash_table = export_table, + .name = "nfsd.export", + .cache_put = svc_export_put, + .cache_request = svc_export_request, + .cache_parse = svc_export_parse, + .cache_show = svc_export_show, +}; + +static inline int svc_export_match(struct svc_export *a, struct svc_export *b) +{ + return a->ex_client == b->ex_client && + a->ex_dentry == b->ex_dentry && + a->ex_mnt == b->ex_mnt; +} +static inline void svc_export_init(struct svc_export *new, struct svc_export *item) +{ + cache_get(&item->ex_client->h); + new->ex_client = item->ex_client; + new->ex_dentry = dget(item->ex_dentry); + new->ex_mnt = mntget(item->ex_mnt); +} + +static inline void svc_export_update(struct svc_export *new, struct svc_export *item) +{ + new->ex_flags = item->ex_flags; + new->ex_anon_uid = item->ex_anon_uid; + new->ex_anon_gid = item->ex_anon_gid; + new->ex_fsid = item->ex_fsid; +} + +static DefineSimpleCacheLookup(svc_export,1) /* allow inplace updates */ + + +struct svc_expkey * +exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp) +{ + struct svc_expkey key, *ek; + int err; + + if (!clp) + return NULL; + + key.ek_client = clp; + key.ek_fsidtype = fsid_type; + memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); + + ek = svc_expkey_lookup(&key, 0); + if (ek != NULL) + if ((err = cache_check(&svc_expkey_cache, &ek->h, reqp))) + ek = ERR_PTR(err); + return ek; +} + +static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv, + struct svc_export *exp) +{ + struct svc_expkey key, *ek; + + key.ek_client = clp; + key.ek_fsidtype = fsid_type; + memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); + key.ek_export = exp; + key.h.expiry_time = NEVER; + key.h.flags = 0; + + ek = svc_expkey_lookup(&key, 1); + if (ek) { + expkey_put(&ek->h, &svc_expkey_cache); + return 0; + } + return -ENOMEM; +} + +/* + * Find the client's export entry matching xdev/xino. + */ +static inline struct svc_expkey * +exp_get_key(svc_client *clp, dev_t dev, ino_t ino) +{ + u32 fsidv[3]; + + if (old_valid_dev(dev)) { + mk_fsid_v0(fsidv, dev, ino); + return exp_find_key(clp, 0, fsidv, NULL); + } + mk_fsid_v3(fsidv, dev, ino); + return exp_find_key(clp, 3, fsidv, NULL); +} + +/* + * Find the client's export entry matching fsid + */ +static inline struct svc_expkey * +exp_get_fsid_key(svc_client *clp, int fsid) +{ + u32 fsidv[2]; + + mk_fsid_v1(fsidv, fsid); + + return exp_find_key(clp, 1, fsidv, NULL); +} + +svc_export * +exp_get_by_name(svc_client *clp, struct vfsmount *mnt, struct dentry *dentry, + struct cache_req *reqp) +{ + struct svc_export *exp, key; + + if (!clp) + return NULL; + + key.ex_client = clp; + key.ex_mnt = mnt; + key.ex_dentry = dentry; + + exp = svc_export_lookup(&key, 0); + if (exp != NULL) + switch (cache_check(&svc_export_cache, &exp->h, reqp)) { + case 0: break; + case -EAGAIN: + exp = ERR_PTR(-EAGAIN); + break; + default: + exp = NULL; + } + + return exp; +} + +/* + * Find the export entry for a given dentry. + */ +struct svc_export * +exp_parent(svc_client *clp, struct vfsmount *mnt, struct dentry *dentry, + struct cache_req *reqp) +{ + svc_export *exp; + + dget(dentry); + exp = exp_get_by_name(clp, mnt, dentry, reqp); + + while (exp == NULL && !IS_ROOT(dentry)) { + struct dentry *parent; + + parent = dget_parent(dentry); + dput(dentry); + dentry = parent; + exp = exp_get_by_name(clp, mnt, dentry, reqp); + } + dput(dentry); + return exp; +} + +/* + * Hashtable locking. Write locks are placed only by user processes + * wanting to modify export information. + * Write locking only done in this file. Read locking + * needed externally. + */ + +static DECLARE_RWSEM(hash_sem); + +void +exp_readlock(void) +{ + down_read(&hash_sem); +} + +static inline void +exp_writelock(void) +{ + down_write(&hash_sem); +} + +void +exp_readunlock(void) +{ + up_read(&hash_sem); +} + +static inline void +exp_writeunlock(void) +{ + up_write(&hash_sem); +} + +static void exp_fsid_unhash(struct svc_export *exp) +{ + struct svc_expkey *ek; + + if ((exp->ex_flags & NFSEXP_FSID) == 0) + return; + + ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid); + if (ek && !IS_ERR(ek)) { + ek->h.expiry_time = get_seconds()-1; + expkey_put(&ek->h, &svc_expkey_cache); + } + svc_expkey_cache.nextcheck = get_seconds(); +} + +static int exp_fsid_hash(svc_client *clp, struct svc_export *exp) +{ + u32 fsid[2]; + + if ((exp->ex_flags & NFSEXP_FSID) == 0) + return 0; + + mk_fsid_v1(fsid, exp->ex_fsid); + return exp_set_key(clp, 1, fsid, exp); +} + +static int exp_hash(struct auth_domain *clp, struct svc_export *exp) +{ + u32 fsid[2]; + struct inode *inode = exp->ex_dentry->d_inode; + dev_t dev = inode->i_sb->s_dev; + + if (old_valid_dev(dev)) { + mk_fsid_v0(fsid, dev, inode->i_ino); + return exp_set_key(clp, 0, fsid, exp); + } + mk_fsid_v3(fsid, dev, inode->i_ino); + return exp_set_key(clp, 3, fsid, exp); +} + +static void exp_unhash(struct svc_export *exp) +{ + struct svc_expkey *ek; + struct inode *inode = exp->ex_dentry->d_inode; + + ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino); + if (ek && !IS_ERR(ek)) { + ek->h.expiry_time = get_seconds()-1; + expkey_put(&ek->h, &svc_expkey_cache); + } + svc_expkey_cache.nextcheck = get_seconds(); +} + +/* + * Export a file system. + */ +int +exp_export(struct nfsctl_export *nxp) +{ + svc_client *clp; + struct svc_export *exp = NULL; + struct svc_export new; + struct svc_expkey *fsid_key = NULL; + struct nameidata nd; + int err; + + /* Consistency check */ + err = -EINVAL; + if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || + !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) + goto out; + + dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n", + nxp->ex_client, nxp->ex_path, + (unsigned)nxp->ex_dev, (long)nxp->ex_ino, + nxp->ex_flags); + + /* Try to lock the export table for update */ + exp_writelock(); + + /* Look up client info */ + if (!(clp = auth_domain_find(nxp->ex_client))) + goto out_unlock; + + + /* Look up the dentry */ + err = path_lookup(nxp->ex_path, 0, &nd); + if (err) + goto out_unlock; + err = -EINVAL; + + exp = exp_get_by_name(clp, nd.mnt, nd.dentry, NULL); + + /* must make sure there won't be an ex_fsid clash */ + if ((nxp->ex_flags & NFSEXP_FSID) && + (fsid_key = exp_get_fsid_key(clp, nxp->ex_dev)) && + !IS_ERR(fsid_key) && + fsid_key->ek_export && + fsid_key->ek_export != exp) + goto finish; + + if (exp) { + /* just a flags/id/fsid update */ + + exp_fsid_unhash(exp); + exp->ex_flags = nxp->ex_flags; + exp->ex_anon_uid = nxp->ex_anon_uid; + exp->ex_anon_gid = nxp->ex_anon_gid; + exp->ex_fsid = nxp->ex_dev; + + err = exp_fsid_hash(clp, exp); + goto finish; + } + + err = check_export(nd.dentry->d_inode, nxp->ex_flags); + if (err) goto finish; + + err = -ENOMEM; + + dprintk("nfsd: creating export entry %p for client %p\n", exp, clp); + + new.h.expiry_time = NEVER; + new.h.flags = 0; + new.ex_client = clp; + new.ex_mnt = nd.mnt; + new.ex_dentry = nd.dentry; + new.ex_flags = nxp->ex_flags; + new.ex_anon_uid = nxp->ex_anon_uid; + new.ex_anon_gid = nxp->ex_anon_gid; + new.ex_fsid = nxp->ex_dev; + + exp = svc_export_lookup(&new, 1); + + if (exp == NULL) + goto finish; + + err = 0; + + if (exp_hash(clp, exp) || + exp_fsid_hash(clp, exp)) { + /* failed to create at least one index */ + exp_do_unexport(exp); + cache_flush(); + err = -ENOMEM; + } + +finish: + if (exp) + exp_put(exp); + if (fsid_key && !IS_ERR(fsid_key)) + expkey_put(&fsid_key->h, &svc_expkey_cache); + if (clp) + auth_domain_put(clp); + path_release(&nd); +out_unlock: + exp_writeunlock(); +out: + return err; +} + +/* + * Unexport a file system. The export entry has already + * been removed from the client's list of exported fs's. + */ +static void +exp_do_unexport(svc_export *unexp) +{ + unexp->h.expiry_time = get_seconds()-1; + svc_export_cache.nextcheck = get_seconds(); + exp_unhash(unexp); + exp_fsid_unhash(unexp); +} + + +/* + * unexport syscall. + */ +int +exp_unexport(struct nfsctl_export *nxp) +{ + struct auth_domain *dom; + svc_export *exp; + struct nameidata nd; + int err; + + /* Consistency check */ + if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || + !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) + return -EINVAL; + + exp_writelock(); + + err = -EINVAL; + dom = auth_domain_find(nxp->ex_client); + if (!dom) { + dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client); + goto out_unlock; + } + + err = path_lookup(nxp->ex_path, 0, &nd); + if (err) + goto out_domain; + + err = -EINVAL; + exp = exp_get_by_name(dom, nd.mnt, nd.dentry, NULL); + path_release(&nd); + if (!exp) + goto out_domain; + + exp_do_unexport(exp); + exp_put(exp); + err = 0; + +out_domain: + auth_domain_put(dom); + cache_flush(); +out_unlock: + exp_writeunlock(); + return err; +} + +/* + * Obtain the root fh on behalf of a client. + * This could be done in user space, but I feel that it adds some safety + * since its harder to fool a kernel module than a user space program. + */ +int +exp_rootfh(svc_client *clp, char *path, struct knfsd_fh *f, int maxsize) +{ + struct svc_export *exp; + struct nameidata nd; + struct inode *inode; + struct svc_fh fh; + int err; + + err = -EPERM; + /* NB: we probably ought to check that it's NUL-terminated */ + if (path_lookup(path, 0, &nd)) { + printk("nfsd: exp_rootfh path not found %s", path); + return err; + } + inode = nd.dentry->d_inode; + + dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n", + path, nd.dentry, clp->name, + inode->i_sb->s_id, inode->i_ino); + exp = exp_parent(clp, nd.mnt, nd.dentry, NULL); + if (!exp) { + dprintk("nfsd: exp_rootfh export not found.\n"); + goto out; + } + + /* + * fh must be initialized before calling fh_compose + */ + fh_init(&fh, maxsize); + if (fh_compose(&fh, exp, nd.dentry, NULL)) + err = -EINVAL; + else + err = 0; + memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh)); + fh_put(&fh); + exp_put(exp); +out: + path_release(&nd); + return err; +} + +/* + * Called when we need the filehandle for the root of the pseudofs, + * for a given NFSv4 client. The root is defined to be the + * export point with fsid==0 + */ +int +exp_pseudoroot(struct auth_domain *clp, struct svc_fh *fhp, + struct cache_req *creq) +{ + struct svc_expkey *fsid_key; + int rv; + u32 fsidv[2]; + + mk_fsid_v1(fsidv, 0); + + fsid_key = exp_find_key(clp, 1, fsidv, creq); + if (IS_ERR(fsid_key) && PTR_ERR(fsid_key) == -EAGAIN) + return nfserr_dropit; + if (!fsid_key || IS_ERR(fsid_key)) + return nfserr_perm; + + rv = fh_compose(fhp, fsid_key->ek_export, + fsid_key->ek_export->ex_dentry, NULL); + expkey_put(&fsid_key->h, &svc_expkey_cache); + return rv; +} + +/* Iterator */ + +static void *e_start(struct seq_file *m, loff_t *pos) +{ + loff_t n = *pos; + unsigned hash, export; + struct cache_head *ch; + + exp_readlock(); + read_lock(&svc_export_cache.hash_lock); + if (!n--) + return (void *)1; + hash = n >> 32; + export = n & ((1LL<<32) - 1); + + + for (ch=export_table[hash]; ch; ch=ch->next) + if (!export--) + return ch; + n &= ~((1LL<<32) - 1); + do { + hash++; + n += 1LL<<32; + } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL); + if (hash >= EXPORT_HASHMAX) + return NULL; + *pos = n+1; + return export_table[hash]; +} + +static void *e_next(struct seq_file *m, void *p, loff_t *pos) +{ + struct cache_head *ch = p; + int hash = (*pos >> 32); + + if (p == (void *)1) + hash = 0; + else if (ch->next == NULL) { + hash++; + *pos += 1LL<<32; + } else { + ++*pos; + return ch->next; + } + *pos &= ~((1LL<<32) - 1); + while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) { + hash++; + *pos += 1LL<<32; + } + if (hash >= EXPORT_HASHMAX) + return NULL; + ++*pos; + return export_table[hash]; +} + +static void e_stop(struct seq_file *m, void *p) +{ + read_unlock(&svc_export_cache.hash_lock); + exp_readunlock(); +} + +static struct flags { + int flag; + char *name[2]; +} expflags[] = { + { NFSEXP_READONLY, {"ro", "rw"}}, + { NFSEXP_INSECURE_PORT, {"insecure", ""}}, + { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}}, + { NFSEXP_ALLSQUASH, {"all_squash", ""}}, + { NFSEXP_ASYNC, {"async", "sync"}}, + { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}}, + { NFSEXP_NOHIDE, {"nohide", ""}}, + { NFSEXP_CROSSMOUNT, {"crossmnt", ""}}, + { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}}, + { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}}, +#ifdef MSNFS + { NFSEXP_MSNFS, {"msnfs", ""}}, +#endif + { 0, {"", ""}} +}; + +static void exp_flags(struct seq_file *m, int flag, int fsid, uid_t anonu, uid_t anong) +{ + int first = 0; + struct flags *flg; + + for (flg = expflags; flg->flag; flg++) { + int state = (flg->flag & flag)?0:1; + if (*flg->name[state]) + seq_printf(m, "%s%s", first++?",":"", flg->name[state]); + } + if (flag & NFSEXP_FSID) + seq_printf(m, "%sfsid=%d", first++?",":"", fsid); + if (anonu != (uid_t)-2 && anonu != (0x10000-2)) + seq_printf(m, "%sanonuid=%d", first++?",":"", anonu); + if (anong != (gid_t)-2 && anong != (0x10000-2)) + seq_printf(m, "%sanongid=%d", first++?",":"", anong); +} + +static int e_show(struct seq_file *m, void *p) +{ + struct cache_head *cp = p; + struct svc_export *exp = container_of(cp, struct svc_export, h); + svc_client *clp; + + if (p == (void *)1) { + seq_puts(m, "# Version 1.1\n"); + seq_puts(m, "# Path Client(Flags) # IPs\n"); + return 0; + } + + clp = exp->ex_client; + cache_get(&exp->h); + if (cache_check(&svc_export_cache, &exp->h, NULL)) + return 0; + if (cache_put(&exp->h, &svc_export_cache)) BUG(); + return svc_export_show(m, &svc_export_cache, cp); +} + +struct seq_operations nfs_exports_op = { + .start = e_start, + .next = e_next, + .stop = e_stop, + .show = e_show, +}; + +/* + * Add or modify a client. + * Change requests may involve the list of host addresses. The list of + * exports and possibly existing uid maps are left untouched. + */ +int +exp_addclient(struct nfsctl_client *ncp) +{ + struct auth_domain *dom; + int i, err; + + /* First, consistency check. */ + err = -EINVAL; + if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) + goto out; + if (ncp->cl_naddr > NFSCLNT_ADDRMAX) + goto out; + + /* Lock the hashtable */ + exp_writelock(); + + dom = unix_domain_find(ncp->cl_ident); + + err = -ENOMEM; + if (!dom) + goto out_unlock; + + /* Insert client into hashtable. */ + for (i = 0; i < ncp->cl_naddr; i++) + auth_unix_add_addr(ncp->cl_addrlist[i], dom); + + auth_unix_forget_old(dom); + auth_domain_put(dom); + + err = 0; + +out_unlock: + exp_writeunlock(); +out: + return err; +} + +/* + * Delete a client given an identifier. + */ +int +exp_delclient(struct nfsctl_client *ncp) +{ + int err; + struct auth_domain *dom; + + err = -EINVAL; + if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) + goto out; + + /* Lock the hashtable */ + exp_writelock(); + + dom = auth_domain_find(ncp->cl_ident); + /* just make sure that no addresses work + * and that it will expire soon + */ + if (dom) { + err = auth_unix_forget_old(dom); + dom->h.expiry_time = get_seconds(); + auth_domain_put(dom); + } + + exp_writeunlock(); +out: + return err; +} + +/* + * Verify that string is non-empty and does not exceed max length. + */ +static int +exp_verify_string(char *cp, int max) +{ + int i; + + for (i = 0; i < max; i++) + if (!cp[i]) + return i; + cp[i] = 0; + printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp); + return 0; +} + +/* + * Initialize the exports module. + */ +void +nfsd_export_init(void) +{ + dprintk("nfsd: initializing export module.\n"); + + cache_register(&svc_export_cache); + cache_register(&svc_expkey_cache); + +} + +/* + * Flush exports table - called when last nfsd thread is killed + */ +void +nfsd_export_flush(void) +{ + exp_writelock(); + cache_purge(&svc_expkey_cache); + cache_purge(&svc_export_cache); + exp_writeunlock(); +} + +/* + * Shutdown the exports module. + */ +void +nfsd_export_shutdown(void) +{ + + dprintk("nfsd: shutting down export module.\n"); + + exp_writelock(); + + if (cache_unregister(&svc_expkey_cache)) + printk(KERN_ERR "nfsd: failed to unregister expkey cache\n"); + if (cache_unregister(&svc_export_cache)) + printk(KERN_ERR "nfsd: failed to unregister export cache\n"); + svcauth_unix_purge(); + + exp_writeunlock(); + dprintk("nfsd: export shutdown complete.\n"); +} |