aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfs4proc.c
Commit message (Collapse)AuthorAgeFilesLines
* nfsd4: free_stateid can use the current stateidJ. Bruce Fields2012-12-171-0/+1
| | | | | Cc: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: disable zero-copy on non-final read opsJ. Bruce Fields2012-12-171-0/+11
| | | | | | | To ensure ordering of read data with any following operations, turn off zero copy if the read is not the final operation in the compound. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: make NFSd service boot time per-netStanislav Kinsbursky2012-12-101-5/+6
| | | | | | | | | This is simple: an NFSd service can be started at different times in different network environments. So, its "boot time" has to be assigned per net. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: avoid permission checks on EXCLUSIVE_CREATE replayNeil Brown2012-12-101-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | With NFSv4, if we create a file then open it we explicit avoid checking the permissions on the file during the open because the fact that we created it ensures we should be allow to open it (the create and the open should appear to be a single operation). However if the reply to an EXCLUSIVE create gets lots and the client resends the create, the current code will perform the permission check - because it doesn't realise that it did the open already.. This patch should fix this. Note that I haven't actually seen this cause a problem. I was just looking at the code trying to figure out a different EXCLUSIVE open related issue, and this looked wrong. (Fix confirmed with pynfs 4.0 test OPEN4--bfields) Cc: stable@kernel.org Signed-off-by: NeilBrown <neilb@suse.de> [bfields: use OWNER_OVERRIDE and update for 4.1] Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: delay filling in write iovec array till after xdr decodingJ. Bruce Fields2012-11-261-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Our server rejects compounds containing more than one write operation. It's unclear whether this is really permitted by the spec; with 4.0, it's possibly OK, with 4.1 (which has clearer limits on compound parameters), it's probably not OK. No client that we're aware of has ever done this, but in theory it could be useful. The source of the limitation: we need an array of iovecs to pass to the write operation. In the worst case that array of iovecs could have hundreds of elements (the maximum rwsize divided by the page size), so it's too big to put on the stack, or in each compound op. So we instead keep a single such array in the compound argument. We fill in that array at the time we decode the xdr operation. But we decode every op in the compound before executing any of them. So once we've used that array we can't decode another write. If we instead delay filling in that array till the time we actually perform the write, we can reuse it. Another option might be to switch to decoding compound ops one at a time. I considered doing that, but it has a number of other side effects, and I'd rather fix just this one problem for now. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: use service net instead of hard-coded init_netStanislav Kinsbursky2012-11-151-4/+9
| | | | | | | | This patch replaces init_net by SVC_NET(), where possible and also passes proper context to nested functions where required. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: implement backchannel_ctl operationJ. Bruce Fields2012-11-071-0/+6
| | | | | | This operation is mandatory for servers to implement. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: enforce per-client sessions/no-sessions distinctionJ. Bruce Fields2012-10-011-1/+1
| | | | | | | | | Something like creating a client with setclientid and then trying to confirm it with create_session may not crash the server, but I'm not completely positive of that, and in any case it's obviously bad client behavior. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Swap the struct nfs4_operation getter and setterBryan Schumaker2012-08-201-2/+2
| | | | | | | | stateid_setter should be matched to op_set_currentstateid, rather than op_get_currentstateid. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* LockD: pass actual network namespace to grace period management functionsStanislav Kinsbursky2012-07-271-8/+10
| | | | | | | Passed network namespace replaced hard-coded init_net Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Merge branch 'for-3.4' of git://linux-nfs.org/~bfields/linuxLinus Torvalds2012-04-191-4/+4
|\ | | | | | | | | | | | | | | | | | | Pull nfsd bugfixes from J. Bruce Fields: "One bugfix, and one minor header fix from Jeff Layton while we're here" * 'for-3.4' of git://linux-nfs.org/~bfields/linux: nfsd: include cld.h in the headers_install target nfsd: don't fail unchecked creates of non-special files
| * nfsd: don't fail unchecked creates of non-special filesJ. Bruce Fields2012-04-111-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a v3 unchecked open of a non-regular file succeed as if it were a lookup; typically a client in such a case will want to fall back on a local open, so succeeding and giving it the filehandle is more useful than failing with nfserr_exist, which makes it appear that nothing at all exists by that name. Similarly for v4, on an open-create, return the same errors we would on an attempt to open a non-regular file, instead of returning nfserr_exist. This fixes a problem found doing a v4 open of a symlink with O_RDONLY|O_CREAT, which resulted in the current client returning EEXIST. Thanks also to Trond for analysis. Cc: stable@kernel.org Reported-by: Orion Poplawski <orion@cora.nwra.com> Tested-by: Orion Poplawski <orion@cora.nwra.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* | nfsd: fix b0rken error value for setattr on read-only mountAl Viro2012-04-131-3/+4
|/ | | | | | ..._want_write() returns -EROFS on failure, _not_ an NFS error value. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* nfsd: convert nfs4_client->cl_cb_flags to a generic flags fieldJeff Layton2012-03-261-1/+2
| | | | | | | | | | | | | | | | | | | We'll need a way to flag the nfs4_client as already being recorded on stable storage so that we don't continually upcall. Currently, that's recorded in the cl_firststate field of the client struct. Using an entire u32 to store a flag is rather wasteful though. The cl_cb_flags field is only using 2 bits right now, so repurpose that to a generic flags field. Rename NFSD4_CLIENT_KILL to NFSD4_CLIENT_CB_KILL to make it evident that it's part of the callback flags. Add a mask that we can use for existing checks that look to see whether any flags are set, so that the new flags don't interfere. Convert all references to cl_firstate to the NFSD4_CLIENT_STABLE flag, and add a new NFSD4_CLIENT_RECLAIM_COMPLETE flag. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Fix nfs4_verifier memory alignmentChuck Lever2012-03-201-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | Clean up due to code review. The nfs4_verifier's data field is not guaranteed to be u32-aligned. Casting an array of chars to a u32 * is considered generally hazardous. We can fix most of this by using a __be32 array to generate the verifier's contents and then byte-copying it into the verifier field. However, there is one spot where there is a backwards compatibility constraint: the do_nfsd_create() call expects a verifier which is 32-bit aligned. Fix this spot by forcing the alignment of the create verifier in the nfsd4_open args structure. Also, sizeof(nfs4_verifer) is the size of the in-core verifier data structure, but NFS4_VERIFIER_SIZE is the number of octets in an XDR'd verifier. The two are not interchangeable, even if they happen to have the same value. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFSD: Fix warnings when NFSD_DEBUG is not definedTrond Myklebust2012-03-201-0/+4
| | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: reduce do_open_lookup() stack usageJ. Bruce Fields2012-03-061-10/+14
| | | | | | | I get 320 bytes for struct svc_fh on x86_64, really a little large to be putting on the stack; kmalloc() instead. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: delay setting current filehandle till successJ. Bruce Fields2012-03-061-5/+3
| | | | | | | | Compound processing stops on error, so the current filehandle won't be used on error. Thus the order here doesn't really matter. It'll be more convenient to do it later, though. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: split out share_access want and signal flags while decodingBenny Halevy2012-02-171-3/+0
| | | | | Signed-off-by: Benny Halevy <bhalevy@tonian.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: use current stateid by valueTigran Mkrtchyan2012-02-151-3/+9
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: consume current stateid on DELEGRETURN and OPENDOWNGRADETigran Mkrtchyan2012-02-151-0/+3
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: handle current stateid in SETATTR and FREE_STATEIDTigran Mkrtchyan2012-02-151-0/+1
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: mark LOOKUP, LOOKUPP and CREATE to invalidate current stateidTigran Mkrtchyan2012-02-151-3/+3
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: save and restore current stateid with current fhTigran Mkrtchyan2012-02-151-0/+2
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: mark PUTFH, PUTPUBFH and PUTROOTFH to clear current stateidTigran Mkrtchyan2012-02-151-3/+6
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: consume current stateid on read and writeTigran Mkrtchyan2012-02-151-0/+2
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: handle current stateid on lock and lockuTigran Mkrtchyan2012-02-151-0/+2
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: handle current stateid in open and closeTigran Mkrtchyan2012-02-151-4/+26
| | | | | Signed-off-by: Tigran Mkrtchyan <kofemann@gmail.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Merge branch 'for-3.3' of git://linux-nfs.org/~bfields/linuxLinus Torvalds2012-01-141-4/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'for-3.3' of git://linux-nfs.org/~bfields/linux: (31 commits) nfsd4: nfsd4_create_clid_dir return value is unused NFSD: Change name of extended attribute containing junction svcrpc: don't revert to SVC_POOL_DEFAULT on nfsd shutdown svcrpc: fix double-free on shutdown of nfsd after changing pool mode nfsd4: be forgiving in the absence of the recovery directory nfsd4: fix spurious 4.1 post-reboot failures NFSD: forget_delegations should use list_for_each_entry_safe NFSD: Only reinitilize the recall_lru list under the recall lock nfsd4: initialize special stateid's at compile time NFSd: use network-namespace-aware cache registering routines SUNRPC: create svc_xprt in proper network namespace svcrpc: update outdated BKL comment nfsd41: allow non-reclaim open-by-fh's in 4.1 svcrpc: avoid memory-corruption on pool shutdown svcrpc: destroy server sockets all at once svcrpc: make svc_delete_xprt static nfsd: Fix oops when parsing a 0 length export nfsd4: Use kmemdup rather than duplicating its implementation nfsd4: add a separate (lockowner, inode) lookup nfsd4: fix CONFIG_NFSD_FAULT_INJECTION compile error ...
| * nfsd41: allow non-reclaim open-by-fh's in 4.1Mi Jinlong2011-12-061-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | With NFSv4.0 it was safe to assume that open-by-filehandles were always reclaims. With NFSv4.1 there are non-reclaim open-by-filehandle operations, so we should ensure we're only insisting on reclaims in the OPEN_CLAIM_PREVIOUS case. Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* | new helpers: fh_{want,drop}_write()Al Viro2012-01-031-2/+2
|/ | | | | | | A bunch of places in nfsd does mnt_{want,drop}_write on vfsmount of export of given fhandle. Switched to obvious inlined helpers... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* nfs41: implement DESTROY_CLIENTID operationMi Jinlong2011-10-241-1/+1
| | | | | | | According to rfc5661 18.50, implement DESTROY_CLIENTID operation. Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: implement new 4.1 open reclaim typesJ. Bruce Fields2011-10-191-12/+3
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: warn on open failure after createJ. Bruce Fields2011-10-171-3/+4
| | | | | | | | | | If we create the object and then return failure to the client, we're left with an unexpected file in the filesystem. I'm trying to eliminate such cases but not 100% sure I have so an assertion might be helpful for now. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: clean up open owners on OPEN failureJ. Bruce Fields2011-10-171-0/+1
| | | | | | | | | | | | | | | | | If process_open1() creates a new open owner, but the open later fails, the current code will leave the open owner around. It won't be on the close_lru list, and the client isn't expected to send a CLOSE, so it will hang around as long as the client does. Similarly, if process_open1() removes an existing open owner from the close lru, anticipating that an open owner that previously had no associated stateid's now will, but the open subsequently fails, then we'll again be left with the same leak. Fix both problems. Reported-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: more robust ignoring of WANT bits in OPENJ. Bruce Fields2011-10-111-0/+3
| | | | | | Mask out the WANT bits right at the start instead of on each use. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: make op_cacheresult another flagJ. Bruce Fields2011-09-201-25/+25
| | | | | | | | | I'm not sure why I used a new field for this originally. Also, the differences between some of these flags are a little subtle; add some comments to explain. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: replace oo_confirmed by flag bitJ. Bruce Fields2011-09-161-2/+2
| | | | | | | I want at least one more bit here. So, let's haul out the caps lock key and add a flags field. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: try to check reply size before operationMi Jinlong2011-09-161-18/+229
| | | | | | | | | | | | | | | | | | | | | | | | | | For checking the size of reply before calling a operation, we need try to get maxsize of the operation's reply. v3: using new method as Bruce said, "we could handle operations in two different ways: - For operations that actually change something (write, rename, open, close, ...), do it the way we're doing it now: be very careful to estimate the size of the response before even processing the operation. - For operations that don't change anything (read, getattr, ...) just go ahead and do the operation. If you realize after the fact that the response is too large, then return the error at that point. So we'd add another flag to op_flags: say, OP_MODIFIES_SOMETHING. And for operations with OP_MODIFIES_SOMETHING set, we'd do the first thing. For operations without it set, we'd do the second." Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com> [bfields@redhat.com: crash, don't attempt to handle, undefined op_rsize_bop] Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: split stateowners into open and lockownersJ. Bruce Fields2011-09-071-9/+9
| | | | | | | | The stateowner has some fields that only make sense for openowners, and some that only make sense for lockowners, and I find it a lot clearer if those are separated out. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: drop most stateowner refcountingJ. Bruce Fields2011-09-011-4/+2
| | | | | | | Maybe we'll bring it back some day, but we don't have much real use for it now. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: extend state lock over seqid replay logicJ. Bruce Fields2011-09-011-2/+3
| | | | | | | | | | | | | | | There are currently a couple races in the seqid replay code: a retransmission could come while we're still encoding the original reply, or a new seqid-mutating call could come as we're encoding a replay. So, extend the state lock over the encoding (both encoding of a replayed reply and caching of the original encoded reply). I really hate doing this, and previously added the stateowner reference-counting code to avoid it (which was insufficient)--but I don't see a less complicated alternative at the moment. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: stop using nfserr_resource for transitory errorsJ. Bruce Fields2011-08-271-1/+1
| | | | | | | | | | The server is returning nfserr_resource for both permanent errors and for errors (like allocation failures) that might be resolved by retrying later. Save nfserr_resource for the former and use delay/jukebox for the latter. Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: permit read opens of executable-only filesJ. Bruce Fields2011-08-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | A client that wants to execute a file must be able to read it. Read opens over nfs are therefore implicitly allowed for executable files even when those files are not readable. NFSv2/v3 get this right by using a passed-in NFSD_MAY_OWNER_OVERRIDE on read requests, but NFSv4 has gotten this wrong ever since dc730e173785e29b297aa605786c94adaffe2544 "nfsd4: fix owner-override on open", when we realized that the file owner shouldn't override permissions on non-reclaim NFSv4 opens. So we can't use NFSD_MAY_OWNER_OVERRIDE to tell nfsd_permission to allow reads of executable files. So, do the same thing we do whenever we encounter another weird NFS permission nit: define yet another NFSD_MAY_* flag. The industry's future standardization on 128-bit processors will be motivated primarily by the need for integers with enough bits for all the NFSD_MAY_* flags. Reported-by: Leonardo Borda <leonardoborda@gmail.com> Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: it's OK to return nfserr_symlinkJ. Bruce Fields2011-08-261-14/+1
| | | | | | | | | | | | | | | | | | | | | The nfsd4 code has a bunch of special exceptions for error returns which map nfserr_symlink to other errors. In fact, the spec makes it clear that nfserr_symlink is to be preferred over less specific errors where possible. The patch that introduced it back in 2.6.4 is "kNFSd: correct symlink related error returns.", which claims that these special exceptions are represent an NFSv4 break from v2/v3 tradition--when in fact the symlink error was introduced with v4. I suspect what happened was pynfs tests were written that were overly faithful to the (known-incomplete) rfc3530 error return lists, and then code was fixed up mindlessly to make the tests pass. Delete these unnecessary exceptions. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: return nfserr_symlink on v4 OPEN of non-regular fileJ. Bruce Fields2011-08-191-0/+21
| | | | | | | Without this, an attempt to open a device special file without first stat'ing it will fail. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir()Bernd Schubert2011-08-161-1/+1
| | | | | | | | | | | | Fan Yong <yong.fan@whamcloud.com> noticed setting FMODE_32bithash wouldn't work with nfsd v4, as nfsd4_readdir() checks for 32 bit cookies. However, according to RFC 3530 cookies have a 64 bit type and cookies are also defined as u64 in 'struct nfsd4_readdir'. So remove the test for >32-bit values. Cc: stable@kernel.org Signed-off-by: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd: turn on reply cache for NFSv4J. Bruce Fields2011-07-181-10/+22
| | | | | | | | | | | | | It's sort of ridiculous that we've never had a working reply cache for NFSv4. On the other hand, we may still not: our current reply cache is likely not very good, especially in the TCP case (which is the only case that matters for v4). What we really need here is some serious testing. Anyway, here's a start. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: call nfsd4_release_compoundargs from pc_releaseJ. Bruce Fields2011-07-181-1/+1
| | | | | | This simplifies cleanup a bit. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd41: Deny new lock before RECLAIM_COMPLETE doneMi Jinlong2011-07-151-0/+9
| | | | | | | | | | | | | | | | Before nfs41 client's RECLAIM_COMPLETE done, nfs server should deny any new locks or opens. rfc5661: " Whenever a client establishes a new client ID and before it does the first non-reclaim operation that obtains a lock, it MUST send a RECLAIM_COMPLETE with rca_one_fs set to FALSE, even if there are no locks to reclaim. If non-reclaim locking operations are done before the RECLAIM_COMPLETE, an NFS4ERR_GRACE error will be returned. " Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>