1 #define MSNFS /* HACK HACK */
3 * linux/fs/nfsd/export.c
5 * NFS exporting and validation.
7 * We maintain a list of clients, each of which has a list of
8 * exports. To export an fs to a given client, you first have
9 * to create the client entry with NFSCTL_ADDCLIENT, which
10 * creates a client control block and adds it to the hash
11 * table. Then, you call NFSCTL_EXPORT for each fs.
14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de>
17 #include <linux/unistd.h>
18 #include <linux/slab.h>
19 #include <linux/stat.h>
21 #include <linux/seq_file.h>
22 #include <linux/syscalls.h>
23 #include <linux/rwsem.h>
24 #include <linux/dcache.h>
25 #include <linux/namei.h>
26 #include <linux/mount.h>
27 #include <linux/hash.h>
28 #include <linux/module.h>
29 #include <linux/exportfs.h>
31 #include <linux/sunrpc/svc.h>
32 #include <linux/nfsd/nfsd.h>
33 #include <linux/nfsd/nfsfh.h>
34 #include <linux/nfsd/syscall.h>
35 #include <linux/lockd/bind.h>
36 #include <linux/sunrpc/msg_prot.h>
37 #include <linux/sunrpc/gss_api.h>
40 #define NFSDDBG_FACILITY NFSDDBG_EXPORT
42 typedef struct auth_domain svc_client;
43 typedef struct svc_export svc_export;
45 static void exp_do_unexport(svc_export *unexp);
46 static int exp_verify_string(char *cp, int max);
50 * One maps client+vfsmnt+dentry to export options - the export map
51 * The other maps client+filehandle-fragment to export options. - the expkey map
53 * The export options are actually stored in the first map, and the
54 * second map contains a reference to the entry in the first map.
57 #define EXPKEY_HASHBITS 8
58 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
59 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
60 static struct cache_head *expkey_table[EXPKEY_HASHMAX];
62 static void expkey_put(struct kref *ref)
64 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
66 if (test_bit(CACHE_VALID, &key->h.flags) &&
67 !test_bit(CACHE_NEGATIVE, &key->h.flags))
68 path_put(&key->ek_path);
69 auth_domain_put(key->ek_client);
73 static void expkey_request(struct cache_detail *cd,
75 char **bpp, int *blen)
77 /* client fsidtype \xfsid */
78 struct svc_expkey *ek = container_of(h, struct svc_expkey, h);
81 qword_add(bpp, blen, ek->ek_client->name);
82 snprintf(type, 5, "%d", ek->ek_fsidtype);
83 qword_add(bpp, blen, type);
84 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype));
88 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old);
89 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *);
90 static struct cache_detail svc_expkey_cache;
92 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen)
94 /* client fsidtype fsid [path] */
97 struct auth_domain *dom = NULL;
101 struct svc_expkey key;
102 struct svc_expkey *ek;
104 if (mesg[mlen-1] != '\n')
108 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
113 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
117 dom = auth_domain_find(buf);
120 dprintk("found domain %s\n", buf);
123 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
125 fsidtype = simple_strtoul(buf, &ep, 10);
128 dprintk("found fsidtype %d\n", fsidtype);
129 if (key_len(fsidtype)==0) /* invalid type */
131 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
133 dprintk("found fsid length %d\n", len);
134 if (len != key_len(fsidtype))
137 /* OK, we seem to have a valid key */
139 key.h.expiry_time = get_expiry(&mesg);
140 if (key.h.expiry_time == 0)
144 key.ek_fsidtype = fsidtype;
145 memcpy(key.ek_fsid, buf, len);
147 ek = svc_expkey_lookup(&key);
152 /* now we want a pathname, or empty meaning NEGATIVE */
154 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) < 0)
156 dprintk("Path seems to be <%s>\n", buf);
159 set_bit(CACHE_NEGATIVE, &key.h.flags);
160 ek = svc_expkey_update(&key, ek);
162 cache_put(&ek->h, &svc_expkey_cache);
165 err = kern_path(buf, 0, &key.ek_path);
169 dprintk("Found the path %s\n", buf);
171 ek = svc_expkey_update(&key, ek);
173 cache_put(&ek->h, &svc_expkey_cache);
176 path_put(&key.ek_path);
181 auth_domain_put(dom);
186 static int expkey_show(struct seq_file *m,
187 struct cache_detail *cd,
188 struct cache_head *h)
190 struct svc_expkey *ek ;
194 seq_puts(m, "#domain fsidtype fsid [path]\n");
197 ek = container_of(h, struct svc_expkey, h);
198 seq_printf(m, "%s %d 0x", ek->ek_client->name,
200 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++)
201 seq_printf(m, "%08x", ek->ek_fsid[i]);
202 if (test_bit(CACHE_VALID, &h->flags) &&
203 !test_bit(CACHE_NEGATIVE, &h->flags)) {
205 seq_path(m, &ek->ek_path, "\\ \t\n");
211 static inline int expkey_match (struct cache_head *a, struct cache_head *b)
213 struct svc_expkey *orig = container_of(a, struct svc_expkey, h);
214 struct svc_expkey *new = container_of(b, struct svc_expkey, h);
216 if (orig->ek_fsidtype != new->ek_fsidtype ||
217 orig->ek_client != new->ek_client ||
218 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0)
223 static inline void expkey_init(struct cache_head *cnew,
224 struct cache_head *citem)
226 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
227 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
229 kref_get(&item->ek_client->ref);
230 new->ek_client = item->ek_client;
231 new->ek_fsidtype = item->ek_fsidtype;
233 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid));
236 static inline void expkey_update(struct cache_head *cnew,
237 struct cache_head *citem)
239 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
240 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
242 new->ek_path = item->ek_path;
243 path_get(&item->ek_path);
246 static struct cache_head *expkey_alloc(void)
248 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL);
255 static struct cache_detail svc_expkey_cache = {
256 .owner = THIS_MODULE,
257 .hash_size = EXPKEY_HASHMAX,
258 .hash_table = expkey_table,
260 .cache_put = expkey_put,
261 .cache_request = expkey_request,
262 .cache_parse = expkey_parse,
263 .cache_show = expkey_show,
264 .match = expkey_match,
266 .update = expkey_update,
267 .alloc = expkey_alloc,
270 static struct svc_expkey *
271 svc_expkey_lookup(struct svc_expkey *item)
273 struct cache_head *ch;
274 int hash = item->ek_fsidtype;
275 char * cp = (char*)item->ek_fsid;
276 int len = key_len(item->ek_fsidtype);
278 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
279 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS);
280 hash &= EXPKEY_HASHMASK;
282 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h,
285 return container_of(ch, struct svc_expkey, h);
290 static struct svc_expkey *
291 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old)
293 struct cache_head *ch;
294 int hash = new->ek_fsidtype;
295 char * cp = (char*)new->ek_fsid;
296 int len = key_len(new->ek_fsidtype);
298 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
299 hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS);
300 hash &= EXPKEY_HASHMASK;
302 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h,
305 return container_of(ch, struct svc_expkey, h);
311 #define EXPORT_HASHBITS 8
312 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
313 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1)
315 static struct cache_head *export_table[EXPORT_HASHMAX];
317 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc)
321 for (i = 0; i < fsloc->locations_count; i++) {
322 kfree(fsloc->locations[i].path);
323 kfree(fsloc->locations[i].hosts);
325 kfree(fsloc->locations);
328 static void svc_export_put(struct kref *ref)
330 struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
331 path_put(&exp->ex_path);
332 auth_domain_put(exp->ex_client);
333 kfree(exp->ex_pathname);
334 nfsd4_fslocs_free(&exp->ex_fslocs);
338 static void svc_export_request(struct cache_detail *cd,
339 struct cache_head *h,
340 char **bpp, int *blen)
343 struct svc_export *exp = container_of(h, struct svc_export, h);
346 qword_add(bpp, blen, exp->ex_client->name);
347 pth = d_path(&exp->ex_path, *bpp, *blen);
349 /* is this correct? */
353 qword_add(bpp, blen, pth);
357 static struct svc_export *svc_export_update(struct svc_export *new,
358 struct svc_export *old);
359 static struct svc_export *svc_export_lookup(struct svc_export *);
361 static int check_export(struct inode *inode, int flags, unsigned char *uuid)
364 /* We currently export only dirs and regular files.
365 * This is what umountd does.
367 if (!S_ISDIR(inode->i_mode) &&
368 !S_ISREG(inode->i_mode))
371 /* There are two requirements on a filesystem to be exportable.
372 * 1: We must be able to identify the filesystem from a number.
373 * either a device number (so FS_REQUIRES_DEV needed)
374 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
375 * 2: We must be able to find an inode from a filehandle.
376 * This means that s_export_op must be set.
378 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
379 !(flags & NFSEXP_FSID) &&
381 dprintk("exp_export: export of non-dev fs without fsid\n");
385 if (!inode->i_sb->s_export_op ||
386 !inode->i_sb->s_export_op->fh_to_dentry) {
387 dprintk("exp_export: export of invalid fs type.\n");
395 #ifdef CONFIG_NFSD_V4
398 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc)
401 int migrated, i, err;
404 err = get_int(mesg, &fsloc->locations_count);
407 if (fsloc->locations_count > MAX_FS_LOCATIONS)
409 if (fsloc->locations_count == 0)
412 fsloc->locations = kzalloc(fsloc->locations_count
413 * sizeof(struct nfsd4_fs_location), GFP_KERNEL);
414 if (!fsloc->locations)
416 for (i=0; i < fsloc->locations_count; i++) {
417 /* colon separated host list */
419 len = qword_get(mesg, buf, PAGE_SIZE);
423 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL);
424 if (!fsloc->locations[i].hosts)
427 /* slash separated path component list */
428 len = qword_get(mesg, buf, PAGE_SIZE);
432 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL);
433 if (!fsloc->locations[i].path)
437 err = get_int(mesg, &migrated);
441 if (migrated < 0 || migrated > 1)
443 fsloc->migrated = migrated;
446 nfsd4_fslocs_free(fsloc);
450 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
453 struct exp_flavor_info *f;
455 err = get_int(mesg, &listsize);
458 if (listsize < 0 || listsize > MAX_SECINFO_LIST)
461 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
462 err = get_int(mesg, &f->pseudoflavor);
466 * Just a quick sanity check; we could also try to check
467 * whether this pseudoflavor is supported, but at worst
468 * an unsupported pseudoflavor on the export would just
469 * be a pseudoflavor that won't match the flavor of any
470 * authenticated request. The administrator will
471 * probably discover the problem when someone fails to
474 if (f->pseudoflavor < 0)
476 err = get_int(mesg, &f->flags);
479 /* Only some flags are allowed to differ between flavors: */
480 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
483 exp->ex_nflavors = listsize;
487 #else /* CONFIG_NFSD_V4 */
489 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
491 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
494 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
496 /* client path expiry [flags anonuid anongid fsid] */
500 struct auth_domain *dom = NULL;
501 struct svc_export exp = {}, *expp;
504 if (mesg[mlen-1] != '\n')
508 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
514 len = qword_get(&mesg, buf, PAGE_SIZE);
519 dom = auth_domain_find(buf);
525 if ((len = qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
528 err = kern_path(buf, 0, &exp.ex_path);
535 exp.ex_pathname = kstrdup(buf, GFP_KERNEL);
536 if (!exp.ex_pathname)
541 exp.h.expiry_time = get_expiry(&mesg);
542 if (exp.h.expiry_time == 0)
546 err = get_int(&mesg, &an_int);
547 if (err == -ENOENT) {
549 set_bit(CACHE_NEGATIVE, &exp.h.flags);
551 if (err || an_int < 0)
553 exp.ex_flags= an_int;
556 err = get_int(&mesg, &an_int);
559 exp.ex_anon_uid= an_int;
562 err = get_int(&mesg, &an_int);
565 exp.ex_anon_gid= an_int;
568 err = get_int(&mesg, &an_int);
571 exp.ex_fsid = an_int;
573 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) {
574 if (strcmp(buf, "fsloc") == 0)
575 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs);
576 else if (strcmp(buf, "uuid") == 0) {
577 /* expect a 16 byte uuid encoded as \xXXXX... */
578 len = qword_get(&mesg, buf, PAGE_SIZE);
583 kmemdup(buf, 16, GFP_KERNEL);
584 if (exp.ex_uuid == NULL)
587 } else if (strcmp(buf, "secinfo") == 0)
588 err = secinfo_parse(&mesg, buf, &exp);
590 /* quietly ignore unknown words and anything
591 * following. Newer user-space can try to set
592 * new values, then see what the result was.
599 err = check_export(exp.ex_path.dentry->d_inode, exp.ex_flags,
605 expp = svc_export_lookup(&exp);
607 expp = svc_export_update(&exp, expp);
616 nfsd4_fslocs_free(&exp.ex_fslocs);
619 kfree(exp.ex_pathname);
621 path_put(&exp.ex_path);
623 auth_domain_put(dom);
629 static void exp_flags(struct seq_file *m, int flag, int fsid,
630 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs);
631 static void show_secinfo(struct seq_file *m, struct svc_export *exp);
633 static int svc_export_show(struct seq_file *m,
634 struct cache_detail *cd,
635 struct cache_head *h)
637 struct svc_export *exp ;
640 seq_puts(m, "#path domain(flags)\n");
643 exp = container_of(h, struct svc_export, h);
644 seq_path(m, &exp->ex_path, " \t\n\\");
646 seq_escape(m, exp->ex_client->name, " \t\n\\");
648 if (test_bit(CACHE_VALID, &h->flags) &&
649 !test_bit(CACHE_NEGATIVE, &h->flags)) {
650 exp_flags(m, exp->ex_flags, exp->ex_fsid,
651 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs);
654 seq_puts(m, ",uuid=");
655 for (i=0; i<16; i++) {
658 seq_printf(m, "%02x", exp->ex_uuid[i]);
661 show_secinfo(m, exp);
666 static int svc_export_match(struct cache_head *a, struct cache_head *b)
668 struct svc_export *orig = container_of(a, struct svc_export, h);
669 struct svc_export *new = container_of(b, struct svc_export, h);
670 return orig->ex_client == new->ex_client &&
671 orig->ex_path.dentry == new->ex_path.dentry &&
672 orig->ex_path.mnt == new->ex_path.mnt;
675 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem)
677 struct svc_export *new = container_of(cnew, struct svc_export, h);
678 struct svc_export *item = container_of(citem, struct svc_export, h);
680 kref_get(&item->ex_client->ref);
681 new->ex_client = item->ex_client;
682 new->ex_path.dentry = dget(item->ex_path.dentry);
683 new->ex_path.mnt = mntget(item->ex_path.mnt);
684 new->ex_pathname = NULL;
685 new->ex_fslocs.locations = NULL;
686 new->ex_fslocs.locations_count = 0;
687 new->ex_fslocs.migrated = 0;
690 static void export_update(struct cache_head *cnew, struct cache_head *citem)
692 struct svc_export *new = container_of(cnew, struct svc_export, h);
693 struct svc_export *item = container_of(citem, struct svc_export, h);
696 new->ex_flags = item->ex_flags;
697 new->ex_anon_uid = item->ex_anon_uid;
698 new->ex_anon_gid = item->ex_anon_gid;
699 new->ex_fsid = item->ex_fsid;
700 new->ex_uuid = item->ex_uuid;
701 item->ex_uuid = NULL;
702 new->ex_pathname = item->ex_pathname;
703 item->ex_pathname = NULL;
704 new->ex_fslocs.locations = item->ex_fslocs.locations;
705 item->ex_fslocs.locations = NULL;
706 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count;
707 item->ex_fslocs.locations_count = 0;
708 new->ex_fslocs.migrated = item->ex_fslocs.migrated;
709 item->ex_fslocs.migrated = 0;
710 new->ex_nflavors = item->ex_nflavors;
711 for (i = 0; i < MAX_SECINFO_LIST; i++) {
712 new->ex_flavors[i] = item->ex_flavors[i];
716 static struct cache_head *svc_export_alloc(void)
718 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL);
725 struct cache_detail svc_export_cache = {
726 .owner = THIS_MODULE,
727 .hash_size = EXPORT_HASHMAX,
728 .hash_table = export_table,
729 .name = "nfsd.export",
730 .cache_put = svc_export_put,
731 .cache_request = svc_export_request,
732 .cache_parse = svc_export_parse,
733 .cache_show = svc_export_show,
734 .match = svc_export_match,
735 .init = svc_export_init,
736 .update = export_update,
737 .alloc = svc_export_alloc,
740 static struct svc_export *
741 svc_export_lookup(struct svc_export *exp)
743 struct cache_head *ch;
745 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS);
746 hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS);
747 hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS);
749 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h,
752 return container_of(ch, struct svc_export, h);
757 static struct svc_export *
758 svc_export_update(struct svc_export *new, struct svc_export *old)
760 struct cache_head *ch;
762 hash = hash_ptr(old->ex_client, EXPORT_HASHBITS);
763 hash ^= hash_ptr(old->ex_path.dentry, EXPORT_HASHBITS);
764 hash ^= hash_ptr(old->ex_path.mnt, EXPORT_HASHBITS);
766 ch = sunrpc_cache_update(&svc_export_cache, &new->h,
770 return container_of(ch, struct svc_export, h);
776 static struct svc_expkey *
777 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp)
779 struct svc_expkey key, *ek;
783 return ERR_PTR(-ENOENT);
786 key.ek_fsidtype = fsid_type;
787 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
789 ek = svc_expkey_lookup(&key);
791 return ERR_PTR(-ENOMEM);
792 err = cache_check(&svc_expkey_cache, &ek->h, reqp);
798 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv,
799 struct svc_export *exp)
801 struct svc_expkey key, *ek;
804 key.ek_fsidtype = fsid_type;
805 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
806 key.ek_path = exp->ex_path;
807 key.h.expiry_time = NEVER;
810 ek = svc_expkey_lookup(&key);
812 ek = svc_expkey_update(&key,ek);
814 cache_put(&ek->h, &svc_expkey_cache);
821 * Find the client's export entry matching xdev/xino.
823 static inline struct svc_expkey *
824 exp_get_key(svc_client *clp, dev_t dev, ino_t ino)
828 if (old_valid_dev(dev)) {
829 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL);
830 return exp_find_key(clp, FSID_DEV, fsidv, NULL);
832 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL);
833 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL);
837 * Find the client's export entry matching fsid
839 static inline struct svc_expkey *
840 exp_get_fsid_key(svc_client *clp, int fsid)
844 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL);
846 return exp_find_key(clp, FSID_NUM, fsidv, NULL);
849 static svc_export *exp_get_by_name(svc_client *clp, struct vfsmount *mnt,
850 struct dentry *dentry,
851 struct cache_req *reqp)
853 struct svc_export *exp, key;
857 return ERR_PTR(-ENOENT);
860 key.ex_path.mnt = mnt;
861 key.ex_path.dentry = dentry;
863 exp = svc_export_lookup(&key);
865 return ERR_PTR(-ENOMEM);
866 err = cache_check(&svc_export_cache, &exp->h, reqp);
873 * Find the export entry for a given dentry.
875 static struct svc_export *exp_parent(svc_client *clp, struct vfsmount *mnt,
876 struct dentry *dentry,
877 struct cache_req *reqp)
882 exp = exp_get_by_name(clp, mnt, dentry, reqp);
884 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
885 struct dentry *parent;
887 parent = dget_parent(dentry);
890 exp = exp_get_by_name(clp, mnt, dentry, reqp);
897 * Hashtable locking. Write locks are placed only by user processes
898 * wanting to modify export information.
899 * Write locking only done in this file. Read locking
903 static DECLARE_RWSEM(hash_sem);
908 down_read(&hash_sem);
914 down_write(&hash_sem);
924 exp_writeunlock(void)
929 static void exp_fsid_unhash(struct svc_export *exp)
931 struct svc_expkey *ek;
933 if ((exp->ex_flags & NFSEXP_FSID) == 0)
936 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid);
938 ek->h.expiry_time = get_seconds()-1;
939 cache_put(&ek->h, &svc_expkey_cache);
941 svc_expkey_cache.nextcheck = get_seconds();
944 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp)
948 if ((exp->ex_flags & NFSEXP_FSID) == 0)
951 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL);
952 return exp_set_key(clp, FSID_NUM, fsid, exp);
955 static int exp_hash(struct auth_domain *clp, struct svc_export *exp)
958 struct inode *inode = exp->ex_path.dentry->d_inode;
959 dev_t dev = inode->i_sb->s_dev;
961 if (old_valid_dev(dev)) {
962 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL);
963 return exp_set_key(clp, FSID_DEV, fsid, exp);
965 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL);
966 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp);
969 static void exp_unhash(struct svc_export *exp)
971 struct svc_expkey *ek;
972 struct inode *inode = exp->ex_path.dentry->d_inode;
974 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino);
976 ek->h.expiry_time = get_seconds()-1;
977 cache_put(&ek->h, &svc_expkey_cache);
979 svc_expkey_cache.nextcheck = get_seconds();
983 * Export a file system.
986 exp_export(struct nfsctl_export *nxp)
989 struct svc_export *exp = NULL;
990 struct svc_export new;
991 struct svc_expkey *fsid_key = NULL;
995 /* Consistency check */
997 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
998 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1001 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n",
1002 nxp->ex_client, nxp->ex_path,
1003 (unsigned)nxp->ex_dev, (long)nxp->ex_ino,
1006 /* Try to lock the export table for update */
1009 /* Look up client info */
1010 if (!(clp = auth_domain_find(nxp->ex_client)))
1014 /* Look up the dentry */
1015 err = kern_path(nxp->ex_path, 0, &path);
1020 exp = exp_get_by_name(clp, path.mnt, path.dentry, NULL);
1022 memset(&new, 0, sizeof(new));
1024 /* must make sure there won't be an ex_fsid clash */
1025 if ((nxp->ex_flags & NFSEXP_FSID) &&
1026 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) &&
1027 fsid_key->ek_path.mnt &&
1028 (fsid_key->ek_path.mnt != path.mnt ||
1029 fsid_key->ek_path.dentry != path.dentry))
1033 /* just a flags/id/fsid update */
1035 exp_fsid_unhash(exp);
1036 exp->ex_flags = nxp->ex_flags;
1037 exp->ex_anon_uid = nxp->ex_anon_uid;
1038 exp->ex_anon_gid = nxp->ex_anon_gid;
1039 exp->ex_fsid = nxp->ex_dev;
1041 err = exp_fsid_hash(clp, exp);
1045 err = check_export(path.dentry->d_inode, nxp->ex_flags, NULL);
1046 if (err) goto finish;
1050 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp);
1052 new.h.expiry_time = NEVER;
1054 new.ex_pathname = kstrdup(nxp->ex_path, GFP_KERNEL);
1055 if (!new.ex_pathname)
1057 new.ex_client = clp;
1059 new.ex_flags = nxp->ex_flags;
1060 new.ex_anon_uid = nxp->ex_anon_uid;
1061 new.ex_anon_gid = nxp->ex_anon_gid;
1062 new.ex_fsid = nxp->ex_dev;
1064 exp = svc_export_lookup(&new);
1066 exp = svc_export_update(&new, exp);
1071 if (exp_hash(clp, exp) ||
1072 exp_fsid_hash(clp, exp)) {
1073 /* failed to create at least one index */
1074 exp_do_unexport(exp);
1079 kfree(new.ex_pathname);
1082 if (fsid_key && !IS_ERR(fsid_key))
1083 cache_put(&fsid_key->h, &svc_expkey_cache);
1086 auth_domain_put(clp);
1094 * Unexport a file system. The export entry has already
1095 * been removed from the client's list of exported fs's.
1098 exp_do_unexport(svc_export *unexp)
1100 unexp->h.expiry_time = get_seconds()-1;
1101 svc_export_cache.nextcheck = get_seconds();
1103 exp_fsid_unhash(unexp);
1111 exp_unexport(struct nfsctl_export *nxp)
1113 struct auth_domain *dom;
1118 /* Consistency check */
1119 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1120 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1126 dom = auth_domain_find(nxp->ex_client);
1128 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client);
1132 err = kern_path(nxp->ex_path, 0, &path);
1137 exp = exp_get_by_name(dom, path.mnt, path.dentry, NULL);
1142 exp_do_unexport(exp);
1147 auth_domain_put(dom);
1155 * Obtain the root fh on behalf of a client.
1156 * This could be done in user space, but I feel that it adds some safety
1157 * since its harder to fool a kernel module than a user space program.
1160 exp_rootfh(svc_client *clp, char *name, struct knfsd_fh *f, int maxsize)
1162 struct svc_export *exp;
1164 struct inode *inode;
1169 /* NB: we probably ought to check that it's NUL-terminated */
1170 if (kern_path(name, 0, &path)) {
1171 printk("nfsd: exp_rootfh path not found %s", name);
1174 inode = path.dentry->d_inode;
1176 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1177 name, path.dentry, clp->name,
1178 inode->i_sb->s_id, inode->i_ino);
1179 exp = exp_parent(clp, path.mnt, path.dentry, NULL);
1186 * fh must be initialized before calling fh_compose
1188 fh_init(&fh, maxsize);
1189 if (fh_compose(&fh, exp, path.dentry, NULL))
1193 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh));
1201 static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type,
1202 u32 *fsidv, struct cache_req *reqp)
1204 struct svc_export *exp;
1205 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp);
1207 return ERR_CAST(ek);
1209 exp = exp_get_by_name(clp, ek->ek_path.mnt, ek->ek_path.dentry, reqp);
1210 cache_put(&ek->h, &svc_expkey_cache);
1213 return ERR_CAST(exp);
1217 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
1219 struct exp_flavor_info *f;
1220 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1222 /* legacy gss-only clients are always OK: */
1223 if (exp->ex_client == rqstp->rq_gssclient)
1225 /* ip-address based client; check sec= export option: */
1226 for (f = exp->ex_flavors; f < end; f++) {
1227 if (f->pseudoflavor == rqstp->rq_flavor)
1230 /* defaults in absence of sec= options: */
1231 if (exp->ex_nflavors == 0) {
1232 if (rqstp->rq_flavor == RPC_AUTH_NULL ||
1233 rqstp->rq_flavor == RPC_AUTH_UNIX)
1236 return nfserr_wrongsec;
1240 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1241 * auth_unix client) if it's available and has secinfo information;
1242 * otherwise, will try to use rq_gssclient.
1244 * Called from functions that handle requests; functions that do work on
1245 * behalf of mountd are passed a single client name to use, and should
1246 * use exp_get_by_name() or exp_find().
1249 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
1250 struct dentry *dentry)
1252 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1254 if (rqstp->rq_client == NULL)
1257 /* First try the auth_unix client: */
1258 exp = exp_get_by_name(rqstp->rq_client, mnt, dentry,
1259 &rqstp->rq_chandle);
1260 if (PTR_ERR(exp) == -ENOENT)
1264 /* If it has secinfo, assume there are no gss/... clients */
1265 if (exp->ex_nflavors > 0)
1268 /* Otherwise, try falling back on gss client */
1269 if (rqstp->rq_gssclient == NULL)
1271 gssexp = exp_get_by_name(rqstp->rq_gssclient, mnt, dentry,
1272 &rqstp->rq_chandle);
1273 if (PTR_ERR(gssexp) == -ENOENT)
1281 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
1283 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1285 if (rqstp->rq_client == NULL)
1288 /* First try the auth_unix client: */
1289 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
1290 if (PTR_ERR(exp) == -ENOENT)
1294 /* If it has secinfo, assume there are no gss/... clients */
1295 if (exp->ex_nflavors > 0)
1298 /* Otherwise, try falling back on gss client */
1299 if (rqstp->rq_gssclient == NULL)
1301 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
1302 &rqstp->rq_chandle);
1303 if (PTR_ERR(gssexp) == -ENOENT)
1311 rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
1312 struct dentry *dentry)
1314 struct svc_export *exp;
1317 exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
1319 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
1320 struct dentry *parent;
1322 parent = dget_parent(dentry);
1325 exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
1332 * Called when we need the filehandle for the root of the pseudofs,
1333 * for a given NFSv4 client. The root is defined to be the
1334 * export point with fsid==0
1337 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1339 struct svc_export *exp;
1343 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
1345 exp = rqst_exp_find(rqstp, FSID_NUM, fsidv);
1347 return nfserrno(PTR_ERR(exp));
1348 rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL);
1351 rv = check_nfsd_access(exp, rqstp);
1359 static void *e_start(struct seq_file *m, loff_t *pos)
1360 __acquires(svc_export_cache.hash_lock)
1363 unsigned hash, export;
1364 struct cache_head *ch;
1367 read_lock(&svc_export_cache.hash_lock);
1369 return SEQ_START_TOKEN;
1371 export = n & ((1LL<<32) - 1);
1374 for (ch=export_table[hash]; ch; ch=ch->next)
1377 n &= ~((1LL<<32) - 1);
1381 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL);
1382 if (hash >= EXPORT_HASHMAX)
1385 return export_table[hash];
1388 static void *e_next(struct seq_file *m, void *p, loff_t *pos)
1390 struct cache_head *ch = p;
1391 int hash = (*pos >> 32);
1393 if (p == SEQ_START_TOKEN)
1395 else if (ch->next == NULL) {
1402 *pos &= ~((1LL<<32) - 1);
1403 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) {
1407 if (hash >= EXPORT_HASHMAX)
1410 return export_table[hash];
1413 static void e_stop(struct seq_file *m, void *p)
1414 __releases(svc_export_cache.hash_lock)
1416 read_unlock(&svc_export_cache.hash_lock);
1420 static struct flags {
1424 { NFSEXP_READONLY, {"ro", "rw"}},
1425 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1426 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1427 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1428 { NFSEXP_ASYNC, {"async", "sync"}},
1429 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1430 { NFSEXP_NOHIDE, {"nohide", ""}},
1431 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1432 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1433 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1435 { NFSEXP_MSNFS, {"msnfs", ""}},
1440 static void show_expflags(struct seq_file *m, int flags, int mask)
1443 int state, first = 0;
1445 for (flg = expflags; flg->flag; flg++) {
1446 if (flg->flag & ~mask)
1448 state = (flg->flag & flags) ? 0 : 1;
1449 if (*flg->name[state])
1450 seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
1454 static void show_secinfo_flags(struct seq_file *m, int flags)
1457 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
1460 static void show_secinfo(struct seq_file *m, struct svc_export *exp)
1462 struct exp_flavor_info *f;
1463 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1464 int lastflags = 0, first = 0;
1466 if (exp->ex_nflavors == 0)
1468 for (f = exp->ex_flavors; f < end; f++) {
1469 if (first || f->flags != lastflags) {
1471 show_secinfo_flags(m, lastflags);
1472 seq_printf(m, ",sec=%d", f->pseudoflavor);
1473 lastflags = f->flags;
1475 seq_printf(m, ":%d", f->pseudoflavor);
1478 show_secinfo_flags(m, lastflags);
1481 static void exp_flags(struct seq_file *m, int flag, int fsid,
1482 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
1484 show_expflags(m, flag, NFSEXP_ALLFLAGS);
1485 if (flag & NFSEXP_FSID)
1486 seq_printf(m, ",fsid=%d", fsid);
1487 if (anonu != (uid_t)-2 && anonu != (0x10000-2))
1488 seq_printf(m, ",anonuid=%u", anonu);
1489 if (anong != (gid_t)-2 && anong != (0x10000-2))
1490 seq_printf(m, ",anongid=%u", anong);
1491 if (fsloc && fsloc->locations_count > 0) {
1492 char *loctype = (fsloc->migrated) ? "refer" : "replicas";
1495 seq_printf(m, ",%s=", loctype);
1496 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
1498 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");
1499 for (i = 1; i < fsloc->locations_count; i++) {
1501 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\");
1503 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\");
1508 static int e_show(struct seq_file *m, void *p)
1510 struct cache_head *cp = p;
1511 struct svc_export *exp = container_of(cp, struct svc_export, h);
1513 if (p == SEQ_START_TOKEN) {
1514 seq_puts(m, "# Version 1.1\n");
1515 seq_puts(m, "# Path Client(Flags) # IPs\n");
1520 if (cache_check(&svc_export_cache, &exp->h, NULL))
1522 cache_put(&exp->h, &svc_export_cache);
1523 return svc_export_show(m, &svc_export_cache, cp);
1526 struct seq_operations nfs_exports_op = {
1534 * Add or modify a client.
1535 * Change requests may involve the list of host addresses. The list of
1536 * exports and possibly existing uid maps are left untouched.
1539 exp_addclient(struct nfsctl_client *ncp)
1541 struct auth_domain *dom;
1543 struct in6_addr addr6;
1545 /* First, consistency check. */
1547 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1549 if (ncp->cl_naddr > NFSCLNT_ADDRMAX)
1552 /* Lock the hashtable */
1555 dom = unix_domain_find(ncp->cl_ident);
1561 /* Insert client into hashtable. */
1562 for (i = 0; i < ncp->cl_naddr; i++) {
1563 ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &addr6);
1564 auth_unix_add_addr(&addr6, dom);
1566 auth_unix_forget_old(dom);
1567 auth_domain_put(dom);
1578 * Delete a client given an identifier.
1581 exp_delclient(struct nfsctl_client *ncp)
1584 struct auth_domain *dom;
1587 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1590 /* Lock the hashtable */
1593 dom = auth_domain_find(ncp->cl_ident);
1594 /* just make sure that no addresses work
1595 * and that it will expire soon
1598 err = auth_unix_forget_old(dom);
1599 auth_domain_put(dom);
1608 * Verify that string is non-empty and does not exceed max length.
1611 exp_verify_string(char *cp, int max)
1615 for (i = 0; i < max; i++)
1619 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp);
1624 * Initialize the exports module.
1627 nfsd_export_init(void)
1630 dprintk("nfsd: initializing export module.\n");
1632 rv = cache_register(&svc_export_cache);
1635 rv = cache_register(&svc_expkey_cache);
1637 cache_unregister(&svc_export_cache);
1643 * Flush exports table - called when last nfsd thread is killed
1646 nfsd_export_flush(void)
1649 cache_purge(&svc_expkey_cache);
1650 cache_purge(&svc_export_cache);
1655 * Shutdown the exports module.
1658 nfsd_export_shutdown(void)
1661 dprintk("nfsd: shutting down export module.\n");
1665 cache_unregister(&svc_expkey_cache);
1666 cache_unregister(&svc_export_cache);
1667 svcauth_unix_purge();
1670 dprintk("nfsd: export shutdown complete.\n");