root/fs/nfsd/vfs.c

DEFINITIONS

1. nfsd_cross_mnt
2. follow_to_parent
3. nfsd_lookup_parent
4. nfsd_mountpoint
5. nfsd_lookup_dentry
6. nfsd_lookup
7. commit_inode_metadata
8. commit_metadata
9. nfsd_sanitize_attrs
10. nfsd_get_write_access
11. nfsd_setattr
12. nfsd4_is_junction
13. nfsd4_set_nfs4_label
14. nfsd4_set_nfs4_label
15. nfsd4_clone_file_range
16. nfsd_copy_file_range
17. nfsd4_vfs_fallocate
18. nfsd_access
19. nfsd_open_break_lease
20. __nfsd_open
21. nfsd_open
22. nfsd_open_verified
23. nfsd_splice_actor
24. nfsd_direct_splice_actor
25. nfsd_eof_on_read
26. nfsd_finish_read
27. nfsd_splice_read
28. nfsd_readv
29. wait_for_concurrent_writes
30. nfsd_vfs_write
31. nfsd_read
32. nfsd_write
33. nfsd_commit
34. nfsd_create_setattr
35. nfsd_check_ignore_resizing
36. nfsd_create_locked
37. nfsd_create
38. do_nfsd_create
39. nfsd_readlink
40. nfsd_symlink
41. nfsd_link
42. nfsd_close_cached_files
43. nfsd_has_cached_files
44. nfsd_rename
45. nfsd_unlink
46. nfsd_buffered_filldir
47. nfsd_buffered_readdir
48. nfsd_readdir
49. nfsd_statfs
50. exp_rdonly
51. nfsd_permission

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * File operations used by nfsd. Some of these have been ripped from
   4  * other parts of the kernel because they weren't exported, others
   5  * are partial duplicates with added or changed functionality.
   6  *
   7  * Note that several functions dget() the dentry upon which they want
   8  * to act, most notably those that create directory entries. Response
   9  * dentry's are dput()'d if necessary in the release callback.
  10  * So if you notice code paths that apparently fail to dput() the
  11  * dentry, don't worry--they have been taken care of.
  12  *
  13  * Copyright (C) 1995-1999 Olaf Kirch <okir@monad.swb.de>
  14  * Zerocpy NFS support (C) 2002 Hirokazu Takahashi <taka@valinux.co.jp>
  15  */
  16 
  17 #include <linux/fs.h>
  18 #include <linux/file.h>
  19 #include <linux/splice.h>
  20 #include <linux/falloc.h>
  21 #include <linux/fcntl.h>
  22 #include <linux/namei.h>
  23 #include <linux/delay.h>
  24 #include <linux/fsnotify.h>
  25 #include <linux/posix_acl_xattr.h>
  26 #include <linux/xattr.h>
  27 #include <linux/jhash.h>
  28 #include <linux/ima.h>
  29 #include <linux/slab.h>
  30 #include <linux/uaccess.h>
  31 #include <linux/exportfs.h>
  32 #include <linux/writeback.h>
  33 #include <linux/security.h>
  34 
  35 #ifdef CONFIG_NFSD_V3
  36 #include "xdr3.h"
  37 #endif /* CONFIG_NFSD_V3 */
  38 
  39 #ifdef CONFIG_NFSD_V4
  40 #include "../internal.h"
  41 #include "acl.h"
  42 #include "idmap.h"
  43 #endif /* CONFIG_NFSD_V4 */
  44 
  45 #include "nfsd.h"
  46 #include "vfs.h"
  47 #include "filecache.h"
  48 #include "trace.h"
  49 
  50 #define NFSDDBG_FACILITY                NFSDDBG_FILEOP
  51 
  52 /* 
  53  * Called from nfsd_lookup and encode_dirent. Check if we have crossed 
  54  * a mount point.
  55  * Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged,
  56  *  or nfs_ok having possibly changed *dpp and *expp
  57  */
  58 int
  59 nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp, 
  60                         struct svc_export **expp)
  61 {
  62         struct svc_export *exp = *expp, *exp2 = NULL;
  63         struct dentry *dentry = *dpp;
  64         struct path path = {.mnt = mntget(exp->ex_path.mnt),
  65                             .dentry = dget(dentry)};
  66         int err = 0;
  67 
  68         err = follow_down(&path);
  69         if (err < 0)
  70                 goto out;
  71         if (path.mnt == exp->ex_path.mnt && path.dentry == dentry &&
  72             nfsd_mountpoint(dentry, exp) == 2) {
  73                 /* This is only a mountpoint in some other namespace */
  74                 path_put(&path);
  75                 goto out;
  76         }
  77 
  78         exp2 = rqst_exp_get_by_name(rqstp, &path);
  79         if (IS_ERR(exp2)) {
  80                 err = PTR_ERR(exp2);
  81                 /*
  82                  * We normally allow NFS clients to continue
  83                  * "underneath" a mountpoint that is not exported.
  84                  * The exception is V4ROOT, where no traversal is ever
  85                  * allowed without an explicit export of the new
  86                  * directory.
  87                  */
  88                 if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT))
  89                         err = 0;
  90                 path_put(&path);
  91                 goto out;
  92         }
  93         if (nfsd_v4client(rqstp) ||
  94                 (exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) {
  95                 /* successfully crossed mount point */
  96                 /*
  97                  * This is subtle: path.dentry is *not* on path.mnt
  98                  * at this point.  The only reason we are safe is that
  99                  * original mnt is pinned down by exp, so we should
 100                  * put path *before* putting exp
 101                  */
 102                 *dpp = path.dentry;
 103                 path.dentry = dentry;
 104                 *expp = exp2;
 105                 exp2 = exp;
 106         }
 107         path_put(&path);
 108         exp_put(exp2);
 109 out:
 110         return err;
 111 }
 112 
 113 static void follow_to_parent(struct path *path)
 114 {
 115         struct dentry *dp;
 116 
 117         while (path->dentry == path->mnt->mnt_root && follow_up(path))
 118                 ;
 119         dp = dget_parent(path->dentry);
 120         dput(path->dentry);
 121         path->dentry = dp;
 122 }
 123 
 124 static int nfsd_lookup_parent(struct svc_rqst *rqstp, struct dentry *dparent, struct svc_export **exp, struct dentry **dentryp)
 125 {
 126         struct svc_export *exp2;
 127         struct path path = {.mnt = mntget((*exp)->ex_path.mnt),
 128                             .dentry = dget(dparent)};
 129 
 130         follow_to_parent(&path);
 131 
 132         exp2 = rqst_exp_parent(rqstp, &path);
 133         if (PTR_ERR(exp2) == -ENOENT) {
 134                 *dentryp = dget(dparent);
 135         } else if (IS_ERR(exp2)) {
 136                 path_put(&path);
 137                 return PTR_ERR(exp2);
 138         } else {
 139                 *dentryp = dget(path.dentry);
 140                 exp_put(*exp);
 141                 *exp = exp2;
 142         }
 143         path_put(&path);
 144         return 0;
 145 }
 146 
 147 /*
 148  * For nfsd purposes, we treat V4ROOT exports as though there was an
 149  * export at *every* directory.
 150  * We return:
 151  * '1' if this dentry *must* be an export point,
 152  * '2' if it might be, if there is really a mount here, and
 153  * '0' if there is no chance of an export point here.
 154  */
 155 int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp)
 156 {
 157         if (!d_inode(dentry))
 158                 return 0;
 159         if (exp->ex_flags & NFSEXP_V4ROOT)
 160                 return 1;
 161         if (nfsd4_is_junction(dentry))
 162                 return 1;
 163         if (d_mountpoint(dentry))
 164                 /*
 165                  * Might only be a mountpoint in a different namespace,
 166                  * but we need to check.
 167                  */
 168                 return 2;
 169         return 0;
 170 }
 171 
 172 __be32
 173 nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp,
 174                    const char *name, unsigned int len,
 175                    struct svc_export **exp_ret, struct dentry **dentry_ret)
 176 {
 177         struct svc_export       *exp;
 178         struct dentry           *dparent;
 179         struct dentry           *dentry;
 180         int                     host_err;
 181 
 182         dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name);
 183 
 184         dparent = fhp->fh_dentry;
 185         exp = exp_get(fhp->fh_export);
 186 
 187         /* Lookup the name, but don't follow links */
 188         if (isdotent(name, len)) {
 189                 if (len==1)
 190                         dentry = dget(dparent);
 191                 else if (dparent != exp->ex_path.dentry)
 192                         dentry = dget_parent(dparent);
 193                 else if (!EX_NOHIDE(exp) && !nfsd_v4client(rqstp))
 194                         dentry = dget(dparent); /* .. == . just like at / */
 195                 else {
 196                         /* checking mountpoint crossing is very different when stepping up */
 197                         host_err = nfsd_lookup_parent(rqstp, dparent, &exp, &dentry);
 198                         if (host_err)
 199                                 goto out_nfserr;
 200                 }
 201         } else {
 202                 /*
 203                  * In the nfsd4_open() case, this may be held across
 204                  * subsequent open and delegation acquisition which may
 205                  * need to take the child's i_mutex:
 206                  */
 207                 fh_lock_nested(fhp, I_MUTEX_PARENT);
 208                 dentry = lookup_one_len(name, dparent, len);
 209                 host_err = PTR_ERR(dentry);
 210                 if (IS_ERR(dentry))
 211                         goto out_nfserr;
 212                 if (nfsd_mountpoint(dentry, exp)) {
 213                         /*
 214                          * We don't need the i_mutex after all.  It's
 215                          * still possible we could open this (regular
 216                          * files can be mountpoints too), but the
 217                          * i_mutex is just there to prevent renames of
 218                          * something that we might be about to delegate,
 219                          * and a mountpoint won't be renamed:
 220                          */
 221                         fh_unlock(fhp);
 222                         if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) {
 223                                 dput(dentry);
 224                                 goto out_nfserr;
 225                         }
 226                 }
 227         }
 228         *dentry_ret = dentry;
 229         *exp_ret = exp;
 230         return 0;
 231 
 232 out_nfserr:
 233         exp_put(exp);
 234         return nfserrno(host_err);
 235 }
 236 
 237 /*
 238  * Look up one component of a pathname.
 239  * N.B. After this call _both_ fhp and resfh need an fh_put
 240  *
 241  * If the lookup would cross a mountpoint, and the mounted filesystem
 242  * is exported to the client with NFSEXP_NOHIDE, then the lookup is
 243  * accepted as it stands and the mounted directory is
 244  * returned. Otherwise the covered directory is returned.
 245  * NOTE: this mountpoint crossing is not supported properly by all
 246  *   clients and is explicitly disallowed for NFSv3
 247  *      NeilBrown <neilb@cse.unsw.edu.au>
 248  */
 249 __be32
 250 nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name,
 251                                 unsigned int len, struct svc_fh *resfh)
 252 {
 253         struct svc_export       *exp;
 254         struct dentry           *dentry;
 255         __be32 err;
 256 
 257         err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
 258         if (err)
 259                 return err;
 260         err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry);
 261         if (err)
 262                 return err;
 263         err = check_nfsd_access(exp, rqstp);
 264         if (err)
 265                 goto out;
 266         /*
 267          * Note: we compose the file handle now, but as the
 268          * dentry may be negative, it may need to be updated.
 269          */
 270         err = fh_compose(resfh, exp, dentry, fhp);
 271         if (!err && d_really_is_negative(dentry))
 272                 err = nfserr_noent;
 273 out:
 274         dput(dentry);
 275         exp_put(exp);
 276         return err;
 277 }
 278 
 279 /*
 280  * Commit metadata changes to stable storage.
 281  */
 282 static int
 283 commit_inode_metadata(struct inode *inode)
 284 {
 285         const struct export_operations *export_ops = inode->i_sb->s_export_op;
 286 
 287         if (export_ops->commit_metadata)
 288                 return export_ops->commit_metadata(inode);
 289         return sync_inode_metadata(inode, 1);
 290 }
 291 
 292 static int
 293 commit_metadata(struct svc_fh *fhp)
 294 {
 295         struct inode *inode = d_inode(fhp->fh_dentry);
 296 
 297         if (!EX_ISSYNC(fhp->fh_export))
 298                 return 0;
 299         return commit_inode_metadata(inode);
 300 }
 301 
 302 /*
 303  * Go over the attributes and take care of the small differences between
 304  * NFS semantics and what Linux expects.
 305  */
 306 static void
 307 nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap)
 308 {
 309         /* sanitize the mode change */
 310         if (iap->ia_valid & ATTR_MODE) {
 311                 iap->ia_mode &= S_IALLUGO;
 312                 iap->ia_mode |= (inode->i_mode & ~S_IALLUGO);
 313         }
 314 
 315         /* Revoke setuid/setgid on chown */
 316         if (!S_ISDIR(inode->i_mode) &&
 317             ((iap->ia_valid & ATTR_UID) || (iap->ia_valid & ATTR_GID))) {
 318                 iap->ia_valid |= ATTR_KILL_PRIV;
 319                 if (iap->ia_valid & ATTR_MODE) {
 320                         /* we're setting mode too, just clear the s*id bits */
 321                         iap->ia_mode &= ~S_ISUID;
 322                         if (iap->ia_mode & S_IXGRP)
 323                                 iap->ia_mode &= ~S_ISGID;
 324                 } else {
 325                         /* set ATTR_KILL_* bits and let VFS handle it */
 326                         iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID);
 327                 }
 328         }
 329 }
 330 
 331 static __be32
 332 nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp,
 333                 struct iattr *iap)
 334 {
 335         struct inode *inode = d_inode(fhp->fh_dentry);
 336         int host_err;
 337 
 338         if (iap->ia_size < inode->i_size) {
 339                 __be32 err;
 340 
 341                 err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
 342                                 NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE);
 343                 if (err)
 344                         return err;
 345         }
 346 
 347         host_err = get_write_access(inode);
 348         if (host_err)
 349                 goto out_nfserrno;
 350 
 351         host_err = locks_verify_truncate(inode, NULL, iap->ia_size);
 352         if (host_err)
 353                 goto out_put_write_access;
 354         return 0;
 355 
 356 out_put_write_access:
 357         put_write_access(inode);
 358 out_nfserrno:
 359         return nfserrno(host_err);
 360 }
 361 
 362 /*
 363  * Set various file attributes.  After this call fhp needs an fh_put.
 364  */
 365 __be32
 366 nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
 367              int check_guard, time_t guardtime)
 368 {
 369         struct dentry   *dentry;
 370         struct inode    *inode;
 371         int             accmode = NFSD_MAY_SATTR;
 372         umode_t         ftype = 0;
 373         __be32          err;
 374         int             host_err;
 375         bool            get_write_count;
 376         bool            size_change = (iap->ia_valid & ATTR_SIZE);
 377 
 378         if (iap->ia_valid & ATTR_SIZE) {
 379                 accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
 380                 ftype = S_IFREG;
 381         }
 382 
 383         /*
 384          * If utimes(2) and friends are called with times not NULL, we should
 385          * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission
 386          * will return EACCES, when the caller's effective UID does not match
 387          * the owner of the file, and the caller is not privileged. In this
 388          * situation, we should return EPERM(notify_change will return this).
 389          */
 390         if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) {
 391                 accmode |= NFSD_MAY_OWNER_OVERRIDE;
 392                 if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET)))
 393                         accmode |= NFSD_MAY_WRITE;
 394         }
 395 
 396         /* Callers that do fh_verify should do the fh_want_write: */
 397         get_write_count = !fhp->fh_dentry;
 398 
 399         /* Get inode */
 400         err = fh_verify(rqstp, fhp, ftype, accmode);
 401         if (err)
 402                 return err;
 403         if (get_write_count) {
 404                 host_err = fh_want_write(fhp);
 405                 if (host_err)
 406                         goto out;
 407         }
 408 
 409         dentry = fhp->fh_dentry;
 410         inode = d_inode(dentry);
 411 
 412         /* Ignore any mode updates on symlinks */
 413         if (S_ISLNK(inode->i_mode))
 414                 iap->ia_valid &= ~ATTR_MODE;
 415 
 416         if (!iap->ia_valid)
 417                 return 0;
 418 
 419         nfsd_sanitize_attrs(inode, iap);
 420 
 421         if (check_guard && guardtime != inode->i_ctime.tv_sec)
 422                 return nfserr_notsync;
 423 
 424         /*
 425          * The size case is special, it changes the file in addition to the
 426          * attributes, and file systems don't expect it to be mixed with
 427          * "random" attribute changes.  We thus split out the size change
 428          * into a separate call to ->setattr, and do the rest as a separate
 429          * setattr call.
 430          */
 431         if (size_change) {
 432                 err = nfsd_get_write_access(rqstp, fhp, iap);
 433                 if (err)
 434                         return err;
 435         }
 436 
 437         fh_lock(fhp);
 438         if (size_change) {
 439                 /*
 440                  * RFC5661, Section 18.30.4:
 441                  *   Changing the size of a file with SETATTR indirectly
 442                  *   changes the time_modify and change attributes.
 443                  *
 444                  * (and similar for the older RFCs)
 445                  */
 446                 struct iattr size_attr = {
 447                         .ia_valid       = ATTR_SIZE | ATTR_CTIME | ATTR_MTIME,
 448                         .ia_size        = iap->ia_size,
 449                 };
 450 
 451                 host_err = notify_change(dentry, &size_attr, NULL);
 452                 if (host_err)
 453                         goto out_unlock;
 454                 iap->ia_valid &= ~ATTR_SIZE;
 455 
 456                 /*
 457                  * Avoid the additional setattr call below if the only other
 458                  * attribute that the client sends is the mtime, as we update
 459                  * it as part of the size change above.
 460                  */
 461                 if ((iap->ia_valid & ~ATTR_MTIME) == 0)
 462                         goto out_unlock;
 463         }
 464 
 465         iap->ia_valid |= ATTR_CTIME;
 466         host_err = notify_change(dentry, iap, NULL);
 467 
 468 out_unlock:
 469         fh_unlock(fhp);
 470         if (size_change)
 471                 put_write_access(inode);
 472 out:
 473         if (!host_err)
 474                 host_err = commit_metadata(fhp);
 475         return nfserrno(host_err);
 476 }
 477 
 478 #if defined(CONFIG_NFSD_V4)
 479 /*
 480  * NFS junction information is stored in an extended attribute.
 481  */
 482 #define NFSD_JUNCTION_XATTR_NAME        XATTR_TRUSTED_PREFIX "junction.nfs"
 483 
 484 /**
 485  * nfsd4_is_junction - Test if an object could be an NFS junction
 486  *
 487  * @dentry: object to test
 488  *
 489  * Returns 1 if "dentry" appears to contain NFS junction information.
 490  * Otherwise 0 is returned.
 491  */
 492 int nfsd4_is_junction(struct dentry *dentry)
 493 {
 494         struct inode *inode = d_inode(dentry);
 495 
 496         if (inode == NULL)
 497                 return 0;
 498         if (inode->i_mode & S_IXUGO)
 499                 return 0;
 500         if (!(inode->i_mode & S_ISVTX))
 501                 return 0;
 502         if (vfs_getxattr(dentry, NFSD_JUNCTION_XATTR_NAME, NULL, 0) <= 0)
 503                 return 0;
 504         return 1;
 505 }
 506 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 507 __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
 508                 struct xdr_netobj *label)
 509 {
 510         __be32 error;
 511         int host_error;
 512         struct dentry *dentry;
 513 
 514         error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR);
 515         if (error)
 516                 return error;
 517 
 518         dentry = fhp->fh_dentry;
 519 
 520         inode_lock(d_inode(dentry));
 521         host_error = security_inode_setsecctx(dentry, label->data, label->len);
 522         inode_unlock(d_inode(dentry));
 523         return nfserrno(host_error);
 524 }
 525 #else
 526 __be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
 527                 struct xdr_netobj *label)
 528 {
 529         return nfserr_notsupp;
 530 }
 531 #endif
 532 
 533 __be32 nfsd4_clone_file_range(struct file *src, u64 src_pos, struct file *dst,
 534                 u64 dst_pos, u64 count, bool sync)
 535 {
 536         loff_t cloned;
 537 
 538         cloned = vfs_clone_file_range(src, src_pos, dst, dst_pos, count, 0);
 539         if (cloned < 0)
 540                 return nfserrno(cloned);
 541         if (count && cloned != count)
 542                 return nfserrno(-EINVAL);
 543         if (sync) {
 544                 loff_t dst_end = count ? dst_pos + count - 1 : LLONG_MAX;
 545                 int status = vfs_fsync_range(dst, dst_pos, dst_end, 0);
 546 
 547                 if (!status)
 548                         status = commit_inode_metadata(file_inode(src));
 549                 if (status < 0)
 550                         return nfserrno(status);
 551         }
 552         return 0;
 553 }
 554 
 555 ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst,
 556                              u64 dst_pos, u64 count)
 557 {
 558 
 559         /*
 560          * Limit copy to 4MB to prevent indefinitely blocking an nfsd
 561          * thread and client rpc slot.  The choice of 4MB is somewhat
 562          * arbitrary.  We might instead base this on r/wsize, or make it
 563          * tunable, or use a time instead of a byte limit, or implement
 564          * asynchronous copy.  In theory a client could also recognize a
 565          * limit like this and pipeline multiple COPY requests.
 566          */
 567         count = min_t(u64, count, 1 << 22);
 568         return vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0);
 569 }
 570 
 571 __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp,
 572                            struct file *file, loff_t offset, loff_t len,
 573                            int flags)
 574 {
 575         int error;
 576 
 577         if (!S_ISREG(file_inode(file)->i_mode))
 578                 return nfserr_inval;
 579 
 580         error = vfs_fallocate(file, flags, offset, len);
 581         if (!error)
 582                 error = commit_metadata(fhp);
 583 
 584         return nfserrno(error);
 585 }
 586 #endif /* defined(CONFIG_NFSD_V4) */
 587 
 588 #ifdef CONFIG_NFSD_V3
 589 /*
 590  * Check server access rights to a file system object
 591  */
 592 struct accessmap {
 593         u32             access;
 594         int             how;
 595 };
 596 static struct accessmap nfs3_regaccess[] = {
 597     {   NFS3_ACCESS_READ,       NFSD_MAY_READ                   },
 598     {   NFS3_ACCESS_EXECUTE,    NFSD_MAY_EXEC                   },
 599     {   NFS3_ACCESS_MODIFY,     NFSD_MAY_WRITE|NFSD_MAY_TRUNC   },
 600     {   NFS3_ACCESS_EXTEND,     NFSD_MAY_WRITE                  },
 601 
 602     {   0,                      0                               }
 603 };
 604 
 605 static struct accessmap nfs3_diraccess[] = {
 606     {   NFS3_ACCESS_READ,       NFSD_MAY_READ                   },
 607     {   NFS3_ACCESS_LOOKUP,     NFSD_MAY_EXEC                   },
 608     {   NFS3_ACCESS_MODIFY,     NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC},
 609     {   NFS3_ACCESS_EXTEND,     NFSD_MAY_EXEC|NFSD_MAY_WRITE    },
 610     {   NFS3_ACCESS_DELETE,     NFSD_MAY_REMOVE                 },
 611 
 612     {   0,                      0                               }
 613 };
 614 
 615 static struct accessmap nfs3_anyaccess[] = {
 616         /* Some clients - Solaris 2.6 at least, make an access call
 617          * to the server to check for access for things like /dev/null
 618          * (which really, the server doesn't care about).  So
 619          * We provide simple access checking for them, looking
 620          * mainly at mode bits, and we make sure to ignore read-only
 621          * filesystem checks
 622          */
 623     {   NFS3_ACCESS_READ,       NFSD_MAY_READ                   },
 624     {   NFS3_ACCESS_EXECUTE,    NFSD_MAY_EXEC                   },
 625     {   NFS3_ACCESS_MODIFY,     NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS    },
 626     {   NFS3_ACCESS_EXTEND,     NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS    },
 627 
 628     {   0,                      0                               }
 629 };
 630 
 631 __be32
 632 nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported)
 633 {
 634         struct accessmap        *map;
 635         struct svc_export       *export;
 636         struct dentry           *dentry;
 637         u32                     query, result = 0, sresult = 0;
 638         __be32                  error;
 639 
 640         error = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP);
 641         if (error)
 642                 goto out;
 643 
 644         export = fhp->fh_export;
 645         dentry = fhp->fh_dentry;
 646 
 647         if (d_is_reg(dentry))
 648                 map = nfs3_regaccess;
 649         else if (d_is_dir(dentry))
 650                 map = nfs3_diraccess;
 651         else
 652                 map = nfs3_anyaccess;
 653 
 654 
 655         query = *access;
 656         for  (; map->access; map++) {
 657                 if (map->access & query) {
 658                         __be32 err2;
 659 
 660                         sresult |= map->access;
 661 
 662                         err2 = nfsd_permission(rqstp, export, dentry, map->how);
 663                         switch (err2) {
 664                         case nfs_ok:
 665                                 result |= map->access;
 666                                 break;
 667                                 
 668                         /* the following error codes just mean the access was not allowed,
 669                          * rather than an error occurred */
 670                         case nfserr_rofs:
 671                         case nfserr_acces:
 672                         case nfserr_perm:
 673                                 /* simply don't "or" in the access bit. */
 674                                 break;
 675                         default:
 676                                 error = err2;
 677                                 goto out;
 678                         }
 679                 }
 680         }
 681         *access = result;
 682         if (supported)
 683                 *supported = sresult;
 684 
 685  out:
 686         return error;
 687 }
 688 #endif /* CONFIG_NFSD_V3 */
 689 
 690 int nfsd_open_break_lease(struct inode *inode, int access)
 691 {
 692         unsigned int mode;
 693 
 694         if (access & NFSD_MAY_NOT_BREAK_LEASE)
 695                 return 0;
 696         mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY;
 697         return break_lease(inode, mode | O_NONBLOCK);
 698 }
 699 
 700 /*
 701  * Open an existing file or directory.
 702  * The may_flags argument indicates the type of open (read/write/lock)
 703  * and additional flags.
 704  * N.B. After this call fhp needs an fh_put
 705  */
 706 static __be32
 707 __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
 708                         int may_flags, struct file **filp)
 709 {
 710         struct path     path;
 711         struct inode    *inode;
 712         struct file     *file;
 713         int             flags = O_RDONLY|O_LARGEFILE;
 714         __be32          err;
 715         int             host_err = 0;
 716 
 717         path.mnt = fhp->fh_export->ex_path.mnt;
 718         path.dentry = fhp->fh_dentry;
 719         inode = d_inode(path.dentry);
 720 
 721         /* Disallow write access to files with the append-only bit set
 722          * or any access when mandatory locking enabled
 723          */
 724         err = nfserr_perm;
 725         if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE))
 726                 goto out;
 727         /*
 728          * We must ignore files (but only files) which might have mandatory
 729          * locks on them because there is no way to know if the accesser has
 730          * the lock.
 731          */
 732         if (S_ISREG((inode)->i_mode) && mandatory_lock(inode))
 733                 goto out;
 734 
 735         if (!inode->i_fop)
 736                 goto out;
 737 
 738         host_err = nfsd_open_break_lease(inode, may_flags);
 739         if (host_err) /* NOMEM or WOULDBLOCK */
 740                 goto out_nfserr;
 741 
 742         if (may_flags & NFSD_MAY_WRITE) {
 743                 if (may_flags & NFSD_MAY_READ)
 744                         flags = O_RDWR|O_LARGEFILE;
 745                 else
 746                         flags = O_WRONLY|O_LARGEFILE;
 747         }
 748 
 749         file = dentry_open(&path, flags, current_cred());
 750         if (IS_ERR(file)) {
 751                 host_err = PTR_ERR(file);
 752                 goto out_nfserr;
 753         }
 754 
 755         host_err = ima_file_check(file, may_flags);
 756         if (host_err) {
 757                 fput(file);
 758                 goto out_nfserr;
 759         }
 760 
 761         if (may_flags & NFSD_MAY_64BIT_COOKIE)
 762                 file->f_mode |= FMODE_64BITHASH;
 763         else
 764                 file->f_mode |= FMODE_32BITHASH;
 765 
 766         *filp = file;
 767 out_nfserr:
 768         err = nfserrno(host_err);
 769 out:
 770         return err;
 771 }
 772 
 773 __be32
 774 nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
 775                 int may_flags, struct file **filp)
 776 {
 777         __be32 err;
 778 
 779         validate_process_creds();
 780         /*
 781          * If we get here, then the client has already done an "open",
 782          * and (hopefully) checked permission - so allow OWNER_OVERRIDE
 783          * in case a chmod has now revoked permission.
 784          *
 785          * Arguably we should also allow the owner override for
 786          * directories, but we never have and it doesn't seem to have
 787          * caused anyone a problem.  If we were to change this, note
 788          * also that our filldir callbacks would need a variant of
 789          * lookup_one_len that doesn't check permissions.
 790          */
 791         if (type == S_IFREG)
 792                 may_flags |= NFSD_MAY_OWNER_OVERRIDE;
 793         err = fh_verify(rqstp, fhp, type, may_flags);
 794         if (!err)
 795                 err = __nfsd_open(rqstp, fhp, type, may_flags, filp);
 796         validate_process_creds();
 797         return err;
 798 }
 799 
 800 __be32
 801 nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
 802                 int may_flags, struct file **filp)
 803 {
 804         __be32 err;
 805 
 806         validate_process_creds();
 807         err = __nfsd_open(rqstp, fhp, type, may_flags, filp);
 808         validate_process_creds();
 809         return err;
 810 }
 811 
 812 /*
 813  * Grab and keep cached pages associated with a file in the svc_rqst
 814  * so that they can be passed to the network sendmsg/sendpage routines
 815  * directly. They will be released after the sending has completed.
 816  */
 817 static int
 818 nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
 819                   struct splice_desc *sd)
 820 {
 821         struct svc_rqst *rqstp = sd->u.data;
 822         struct page **pp = rqstp->rq_next_page;
 823         struct page *page = buf->page;
 824         size_t size;
 825 
 826         size = sd->len;
 827 
 828         if (rqstp->rq_res.page_len == 0) {
 829                 get_page(page);
 830                 put_page(*rqstp->rq_next_page);
 831                 *(rqstp->rq_next_page++) = page;
 832                 rqstp->rq_res.page_base = buf->offset;
 833                 rqstp->rq_res.page_len = size;
 834         } else if (page != pp[-1]) {
 835                 get_page(page);
 836                 if (*rqstp->rq_next_page)
 837                         put_page(*rqstp->rq_next_page);
 838                 *(rqstp->rq_next_page++) = page;
 839                 rqstp->rq_res.page_len += size;
 840         } else
 841                 rqstp->rq_res.page_len += size;
 842 
 843         return size;
 844 }
 845 
 846 static int nfsd_direct_splice_actor(struct pipe_inode_info *pipe,
 847                                     struct splice_desc *sd)
 848 {
 849         return __splice_from_pipe(pipe, sd, nfsd_splice_actor);
 850 }
 851 
 852 static u32 nfsd_eof_on_read(struct file *file, loff_t offset, ssize_t len,
 853                 size_t expected)
 854 {
 855         if (expected != 0 && len == 0)
 856                 return 1;
 857         if (offset+len >= i_size_read(file_inode(file)))
 858                 return 1;
 859         return 0;
 860 }
 861 
 862 static __be32 nfsd_finish_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
 863                                struct file *file, loff_t offset,
 864                                unsigned long *count, u32 *eof, ssize_t host_err)
 865 {
 866         if (host_err >= 0) {
 867                 nfsdstats.io_read += host_err;
 868                 *eof = nfsd_eof_on_read(file, offset, host_err, *count);
 869                 *count = host_err;
 870                 fsnotify_access(file);
 871                 trace_nfsd_read_io_done(rqstp, fhp, offset, *count);
 872                 return 0;
 873         } else {
 874                 trace_nfsd_read_err(rqstp, fhp, offset, host_err);
 875                 return nfserrno(host_err);
 876         }
 877 }
 878 
 879 __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
 880                         struct file *file, loff_t offset, unsigned long *count,
 881                         u32 *eof)
 882 {
 883         struct splice_desc sd = {
 884                 .len            = 0,
 885                 .total_len      = *count,
 886                 .pos            = offset,
 887                 .u.data         = rqstp,
 888         };
 889         ssize_t host_err;
 890 
 891         trace_nfsd_read_splice(rqstp, fhp, offset, *count);
 892         rqstp->rq_next_page = rqstp->rq_respages + 1;
 893         host_err = splice_direct_to_actor(file, &sd, nfsd_direct_splice_actor);
 894         return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err);
 895 }
 896 
 897 __be32 nfsd_readv(struct svc_rqst *rqstp, struct svc_fh *fhp,
 898                   struct file *file, loff_t offset,
 899                   struct kvec *vec, int vlen, unsigned long *count,
 900                   u32 *eof)
 901 {
 902         struct iov_iter iter;
 903         loff_t ppos = offset;
 904         ssize_t host_err;
 905 
 906         trace_nfsd_read_vector(rqstp, fhp, offset, *count);
 907         iov_iter_kvec(&iter, READ, vec, vlen, *count);
 908         host_err = vfs_iter_read(file, &iter, &ppos, 0);
 909         return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err);
 910 }
 911 
 912 /*
 913  * Gathered writes: If another process is currently writing to the file,
 914  * there's a high chance this is another nfsd (triggered by a bulk write
 915  * from a client's biod). Rather than syncing the file with each write
 916  * request, we sleep for 10 msec.
 917  *
 918  * I don't know if this roughly approximates C. Juszak's idea of
 919  * gathered writes, but it's a nice and simple solution (IMHO), and it
 920  * seems to work:-)
 921  *
 922  * Note: we do this only in the NFSv2 case, since v3 and higher have a
 923  * better tool (separate unstable writes and commits) for solving this
 924  * problem.
 925  */
 926 static int wait_for_concurrent_writes(struct file *file)
 927 {
 928         struct inode *inode = file_inode(file);
 929         static ino_t last_ino;
 930         static dev_t last_dev;
 931         int err = 0;
 932 
 933         if (atomic_read(&inode->i_writecount) > 1
 934             || (last_ino == inode->i_ino && last_dev == inode->i_sb->s_dev)) {
 935                 dprintk("nfsd: write defer %d\n", task_pid_nr(current));
 936                 msleep(10);
 937                 dprintk("nfsd: write resume %d\n", task_pid_nr(current));
 938         }
 939 
 940         if (inode->i_state & I_DIRTY) {
 941                 dprintk("nfsd: write sync %d\n", task_pid_nr(current));
 942                 err = vfs_fsync(file, 0);
 943         }
 944         last_ino = inode->i_ino;
 945         last_dev = inode->i_sb->s_dev;
 946         return err;
 947 }
 948 
 949 __be32
 950 nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
 951                                 loff_t offset, struct kvec *vec, int vlen,
 952                                 unsigned long *cnt, int stable)
 953 {
 954         struct svc_export       *exp;
 955         struct iov_iter         iter;
 956         __be32                  nfserr;
 957         int                     host_err;
 958         int                     use_wgather;
 959         loff_t                  pos = offset;
 960         unsigned int            pflags = current->flags;
 961         rwf_t                   flags = 0;
 962 
 963         trace_nfsd_write_opened(rqstp, fhp, offset, *cnt);
 964 
 965         if (test_bit(RQ_LOCAL, &rqstp->rq_flags))
 966                 /*
 967                  * We want less throttling in balance_dirty_pages()
 968                  * and shrink_inactive_list() so that nfs to
 969                  * localhost doesn't cause nfsd to lock up due to all
 970                  * the client's dirty pages or its congested queue.
 971                  */
 972                 current->flags |= PF_LESS_THROTTLE;
 973 
 974         exp = fhp->fh_export;
 975         use_wgather = (rqstp->rq_vers == 2) && EX_WGATHER(exp);
 976 
 977         if (!EX_ISSYNC(exp))
 978                 stable = NFS_UNSTABLE;
 979 
 980         if (stable && !use_wgather)
 981                 flags |= RWF_SYNC;
 982 
 983         iov_iter_kvec(&iter, WRITE, vec, vlen, *cnt);
 984         host_err = vfs_iter_write(file, &iter, &pos, flags);
 985         if (host_err < 0)
 986                 goto out_nfserr;
 987         *cnt = host_err;
 988         nfsdstats.io_write += *cnt;
 989         fsnotify_modify(file);
 990 
 991         if (stable && use_wgather) {
 992                 host_err = wait_for_concurrent_writes(file);
 993                 if (host_err < 0)
 994                         nfsd_reset_boot_verifier(net_generic(SVC_NET(rqstp),
 995                                                  nfsd_net_id));
 996         }
 997 
 998 out_nfserr:
 999         if (host_err >= 0) {
1000                 trace_nfsd_write_io_done(rqstp, fhp, offset, *cnt);
1001                 nfserr = nfs_ok;
1002         } else {
1003                 trace_nfsd_write_err(rqstp, fhp, offset, host_err);
1004                 nfserr = nfserrno(host_err);
1005         }
1006         if (test_bit(RQ_LOCAL, &rqstp->rq_flags))
1007                 current_restore_flags(pflags, PF_LESS_THROTTLE);
1008         return nfserr;
1009 }
1010 
1011 /*
1012  * Read data from a file. count must contain the requested read count
1013  * on entry. On return, *count contains the number of bytes actually read.
1014  * N.B. After this call fhp needs an fh_put
1015  */
1016 __be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
1017         loff_t offset, struct kvec *vec, int vlen, unsigned long *count,
1018         u32 *eof)
1019 {
1020         struct nfsd_file        *nf;
1021         struct file *file;
1022         __be32 err;
1023 
1024         trace_nfsd_read_start(rqstp, fhp, offset, *count);
1025         err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf);
1026         if (err)
1027                 return err;
1028 
1029         file = nf->nf_file;
1030         if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &rqstp->rq_flags))
1031                 err = nfsd_splice_read(rqstp, fhp, file, offset, count, eof);
1032         else
1033                 err = nfsd_readv(rqstp, fhp, file, offset, vec, vlen, count, eof);
1034 
1035         nfsd_file_put(nf);
1036 
1037         trace_nfsd_read_done(rqstp, fhp, offset, *count);
1038 
1039         return err;
1040 }
1041 
1042 /*
1043  * Write data to a file.
1044  * The stable flag requests synchronous writes.
1045  * N.B. After this call fhp needs an fh_put
1046  */
1047 __be32
1048 nfsd_write(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t offset,
1049            struct kvec *vec, int vlen, unsigned long *cnt, int stable)
1050 {
1051         struct nfsd_file *nf;
1052         __be32 err;
1053 
1054         trace_nfsd_write_start(rqstp, fhp, offset, *cnt);
1055 
1056         err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_WRITE, &nf);
1057         if (err)
1058                 goto out;
1059 
1060         err = nfsd_vfs_write(rqstp, fhp, nf->nf_file, offset, vec,
1061                         vlen, cnt, stable);
1062         nfsd_file_put(nf);
1063 out:
1064         trace_nfsd_write_done(rqstp, fhp, offset, *cnt);
1065         return err;
1066 }
1067 
1068 #ifdef CONFIG_NFSD_V3
1069 /*
1070  * Commit all pending writes to stable storage.
1071  *
1072  * Note: we only guarantee that data that lies within the range specified
1073  * by the 'offset' and 'count' parameters will be synced.
1074  *
1075  * Unfortunately we cannot lock the file to make sure we return full WCC
1076  * data to the client, as locking happens lower down in the filesystem.
1077  */
1078 __be32
1079 nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp,
1080                loff_t offset, unsigned long count)
1081 {
1082         struct nfsd_file        *nf;
1083         loff_t                  end = LLONG_MAX;
1084         __be32                  err = nfserr_inval;
1085 
1086         if (offset < 0)
1087                 goto out;
1088         if (count != 0) {
1089                 end = offset + (loff_t)count - 1;
1090                 if (end < offset)
1091                         goto out;
1092         }
1093 
1094         err = nfsd_file_acquire(rqstp, fhp,
1095                         NFSD_MAY_WRITE|NFSD_MAY_NOT_BREAK_LEASE, &nf);
1096         if (err)
1097                 goto out;
1098         if (EX_ISSYNC(fhp->fh_export)) {
1099                 int err2 = vfs_fsync_range(nf->nf_file, offset, end, 0);
1100 
1101                 switch (err2) {
1102                 case 0:
1103                         break;
1104                 case -EINVAL:
1105                         err = nfserr_notsupp;
1106                         break;
1107                 default:
1108                         err = nfserrno(err2);
1109                         nfsd_reset_boot_verifier(net_generic(nf->nf_net,
1110                                                  nfsd_net_id));
1111                 }
1112         }
1113 
1114         nfsd_file_put(nf);
1115 out:
1116         return err;
1117 }
1118 #endif /* CONFIG_NFSD_V3 */
1119 
1120 static __be32
1121 nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp,
1122                         struct iattr *iap)
1123 {
1124         /*
1125          * Mode has already been set earlier in create:
1126          */
1127         iap->ia_valid &= ~ATTR_MODE;
1128         /*
1129          * Setting uid/gid works only for root.  Irix appears to
1130          * send along the gid on create when it tries to implement
1131          * setgid directories via NFS:
1132          */
1133         if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID))
1134                 iap->ia_valid &= ~(ATTR_UID|ATTR_GID);
1135         if (iap->ia_valid)
1136                 return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0);
1137         /* Callers expect file metadata to be committed here */
1138         return nfserrno(commit_metadata(resfhp));
1139 }
1140 
1141 /* HPUX client sometimes creates a file in mode 000, and sets size to 0.
1142  * setting size to 0 may fail for some specific file systems by the permission
1143  * checking which requires WRITE permission but the mode is 000.
1144  * we ignore the resizing(to 0) on the just new created file, since the size is
1145  * 0 after file created.
1146  *
1147  * call this only after vfs_create() is called.
1148  * */
1149 static void
1150 nfsd_check_ignore_resizing(struct iattr *iap)
1151 {
1152         if ((iap->ia_valid & ATTR_SIZE) && (iap->ia_size == 0))
1153                 iap->ia_valid &= ~ATTR_SIZE;
1154 }
1155 
1156 /* The parent directory should already be locked: */
1157 __be32
1158 nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp,
1159                 char *fname, int flen, struct iattr *iap,
1160                 int type, dev_t rdev, struct svc_fh *resfhp)
1161 {
1162         struct dentry   *dentry, *dchild;
1163         struct inode    *dirp;
1164         __be32          err;
1165         __be32          err2;
1166         int             host_err;
1167 
1168         dentry = fhp->fh_dentry;
1169         dirp = d_inode(dentry);
1170 
1171         dchild = dget(resfhp->fh_dentry);
1172         if (!fhp->fh_locked) {
1173                 WARN_ONCE(1, "nfsd_create: parent %pd2 not locked!\n",
1174                                 dentry);
1175                 err = nfserr_io;
1176                 goto out;
1177         }
1178 
1179         err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE);
1180         if (err)
1181                 goto out;
1182 
1183         if (!(iap->ia_valid & ATTR_MODE))
1184                 iap->ia_mode = 0;
1185         iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
1186 
1187         err = 0;
1188         host_err = 0;
1189         switch (type) {
1190         case S_IFREG:
1191                 host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
1192                 if (!host_err)
1193                         nfsd_check_ignore_resizing(iap);
1194                 break;
1195         case S_IFDIR:
1196                 host_err = vfs_mkdir(dirp, dchild, iap->ia_mode);
1197                 if (!host_err && unlikely(d_unhashed(dchild))) {
1198                         struct dentry *d;
1199                         d = lookup_one_len(dchild->d_name.name,
1200                                            dchild->d_parent,
1201                                            dchild->d_name.len);
1202                         if (IS_ERR(d)) {
1203                                 host_err = PTR_ERR(d);
1204                                 break;
1205                         }
1206                         if (unlikely(d_is_negative(d))) {
1207                                 dput(d);
1208                                 err = nfserr_serverfault;
1209                                 goto out;
1210                         }
1211                         dput(resfhp->fh_dentry);
1212                         resfhp->fh_dentry = dget(d);
1213                         err = fh_update(resfhp);
1214                         dput(dchild);
1215                         dchild = d;
1216                         if (err)
1217                                 goto out;
1218                 }
1219                 break;
1220         case S_IFCHR:
1221         case S_IFBLK:
1222         case S_IFIFO:
1223         case S_IFSOCK:
1224                 host_err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev);
1225                 break;
1226         default:
1227                 printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n",
1228                        type);
1229                 host_err = -EINVAL;
1230         }
1231         if (host_err < 0)
1232                 goto out_nfserr;
1233 
1234         err = nfsd_create_setattr(rqstp, resfhp, iap);
1235 
1236         /*
1237          * nfsd_create_setattr already committed the child.  Transactional
1238          * filesystems had a chance to commit changes for both parent and
1239          * child simultaneously making the following commit_metadata a
1240          * noop.
1241          */
1242         err2 = nfserrno(commit_metadata(fhp));
1243         if (err2)
1244                 err = err2;
1245         /*
1246          * Update the file handle to get the new inode info.
1247          */
1248         if (!err)
1249                 err = fh_update(resfhp);
1250 out:
1251         dput(dchild);
1252         return err;
1253 
1254 out_nfserr:
1255         err = nfserrno(host_err);
1256         goto out;
1257 }
1258 
1259 /*
1260  * Create a filesystem object (regular, directory, special).
1261  * Note that the parent directory is left locked.
1262  *
1263  * N.B. Every call to nfsd_create needs an fh_put for _both_ fhp and resfhp
1264  */
1265 __be32
1266 nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
1267                 char *fname, int flen, struct iattr *iap,
1268                 int type, dev_t rdev, struct svc_fh *resfhp)
1269 {
1270         struct dentry   *dentry, *dchild = NULL;
1271         __be32          err;
1272         int             host_err;
1273 
1274         if (isdotent(fname, flen))
1275                 return nfserr_exist;
1276 
1277         err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_NOP);
1278         if (err)
1279                 return err;
1280 
1281         dentry = fhp->fh_dentry;
1282 
1283         host_err = fh_want_write(fhp);
1284         if (host_err)
1285                 return nfserrno(host_err);
1286 
1287         fh_lock_nested(fhp, I_MUTEX_PARENT);
1288         dchild = lookup_one_len(fname, dentry, flen);
1289         host_err = PTR_ERR(dchild);
1290         if (IS_ERR(dchild))
1291                 return nfserrno(host_err);
1292         err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
1293         /*
1294          * We unconditionally drop our ref to dchild as fh_compose will have
1295          * already grabbed its own ref for it.
1296          */
1297         dput(dchild);
1298         if (err)
1299                 return err;
1300         return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type,
1301                                         rdev, resfhp);
1302 }
1303 
1304 #ifdef CONFIG_NFSD_V3
1305 
1306 /*
1307  * NFSv3 and NFSv4 version of nfsd_create
1308  */
1309 __be32
1310 do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
1311                 char *fname, int flen, struct iattr *iap,
1312                 struct svc_fh *resfhp, int createmode, u32 *verifier,
1313                 bool *truncp, bool *created)
1314 {
1315         struct dentry   *dentry, *dchild = NULL;
1316         struct inode    *dirp;
1317         __be32          err;
1318         int             host_err;
1319         __u32           v_mtime=0, v_atime=0;
1320 
1321         err = nfserr_perm;
1322         if (!flen)
1323                 goto out;
1324         err = nfserr_exist;
1325         if (isdotent(fname, flen))
1326                 goto out;
1327         if (!(iap->ia_valid & ATTR_MODE))
1328                 iap->ia_mode = 0;
1329         err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
1330         if (err)
1331                 goto out;
1332 
1333         dentry = fhp->fh_dentry;
1334         dirp = d_inode(dentry);
1335 
1336         host_err = fh_want_write(fhp);
1337         if (host_err)
1338                 goto out_nfserr;
1339 
1340         fh_lock_nested(fhp, I_MUTEX_PARENT);
1341 
1342         /*
1343          * Compose the response file handle.
1344          */
1345         dchild = lookup_one_len(fname, dentry, flen);
1346         host_err = PTR_ERR(dchild);
1347         if (IS_ERR(dchild))
1348                 goto out_nfserr;
1349 
1350         /* If file doesn't exist, check for permissions to create one */
1351         if (d_really_is_negative(dchild)) {
1352                 err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
1353                 if (err)
1354                         goto out;
1355         }
1356 
1357         err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
1358         if (err)
1359                 goto out;
1360 
1361         if (nfsd_create_is_exclusive(createmode)) {
1362                 /* solaris7 gets confused (bugid 4218508) if these have
1363                  * the high bit set, so just clear the high bits. If this is
1364                  * ever changed to use different attrs for storing the
1365                  * verifier, then do_open_lookup() will also need to be fixed
1366                  * accordingly.
1367                  */
1368                 v_mtime = verifier[0]&0x7fffffff;
1369                 v_atime = verifier[1]&0x7fffffff;
1370         }
1371         
1372         if (d_really_is_positive(dchild)) {
1373                 err = 0;
1374 
1375                 switch (createmode) {
1376                 case NFS3_CREATE_UNCHECKED:
1377                         if (! d_is_reg(dchild))
1378                                 goto out;
1379                         else if (truncp) {
1380                                 /* in nfsv4, we need to treat this case a little
1381                                  * differently.  we don't want to truncate the
1382                                  * file now; this would be wrong if the OPEN
1383                                  * fails for some other reason.  furthermore,
1384                                  * if the size is nonzero, we should ignore it
1385                                  * according to spec!
1386                                  */
1387                                 *truncp = (iap->ia_valid & ATTR_SIZE) && !iap->ia_size;
1388                         }
1389                         else {
1390                                 iap->ia_valid &= ATTR_SIZE;
1391                                 goto set_attr;
1392                         }
1393                         break;
1394                 case NFS3_CREATE_EXCLUSIVE:
1395                         if (   d_inode(dchild)->i_mtime.tv_sec == v_mtime
1396                             && d_inode(dchild)->i_atime.tv_sec == v_atime
1397                             && d_inode(dchild)->i_size  == 0 ) {
1398                                 if (created)
1399                                         *created = 1;
1400                                 break;
1401                         }
1402                         /* fall through */
1403                 case NFS4_CREATE_EXCLUSIVE4_1:
1404                         if (   d_inode(dchild)->i_mtime.tv_sec == v_mtime
1405                             && d_inode(dchild)->i_atime.tv_sec == v_atime
1406                             && d_inode(dchild)->i_size  == 0 ) {
1407                                 if (created)
1408                                         *created = 1;
1409                                 goto set_attr;
1410                         }
1411                         /* fall through */
1412                 case NFS3_CREATE_GUARDED:
1413                         err = nfserr_exist;
1414                 }
1415                 fh_drop_write(fhp);
1416                 goto out;
1417         }
1418 
1419         host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
1420         if (host_err < 0) {
1421                 fh_drop_write(fhp);
1422                 goto out_nfserr;
1423         }
1424         if (created)
1425                 *created = 1;
1426 
1427         nfsd_check_ignore_resizing(iap);
1428 
1429         if (nfsd_create_is_exclusive(createmode)) {
1430                 /* Cram the verifier into atime/mtime */
1431                 iap->ia_valid = ATTR_MTIME|ATTR_ATIME
1432                         | ATTR_MTIME_SET|ATTR_ATIME_SET;
1433                 /* XXX someone who knows this better please fix it for nsec */ 
1434                 iap->ia_mtime.tv_sec = v_mtime;
1435                 iap->ia_atime.tv_sec = v_atime;
1436                 iap->ia_mtime.tv_nsec = 0;
1437                 iap->ia_atime.tv_nsec = 0;
1438         }
1439 
1440  set_attr:
1441         err = nfsd_create_setattr(rqstp, resfhp, iap);
1442 
1443         /*
1444          * nfsd_create_setattr already committed the child
1445          * (and possibly also the parent).
1446          */
1447         if (!err)
1448                 err = nfserrno(commit_metadata(fhp));
1449 
1450         /*
1451          * Update the filehandle to get the new inode info.
1452          */
1453         if (!err)
1454                 err = fh_update(resfhp);
1455 
1456  out:
1457         fh_unlock(fhp);
1458         if (dchild && !IS_ERR(dchild))
1459                 dput(dchild);
1460         fh_drop_write(fhp);
1461         return err;
1462  
1463  out_nfserr:
1464         err = nfserrno(host_err);
1465         goto out;
1466 }
1467 #endif /* CONFIG_NFSD_V3 */
1468 
1469 /*
1470  * Read a symlink. On entry, *lenp must contain the maximum path length that
1471  * fits into the buffer. On return, it contains the true length.
1472  * N.B. After this call fhp needs an fh_put
1473  */
1474 __be32
1475 nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
1476 {
1477         __be32          err;
1478         const char *link;
1479         struct path path;
1480         DEFINE_DELAYED_CALL(done);
1481         int len;
1482 
1483         err = fh_verify(rqstp, fhp, S_IFLNK, NFSD_MAY_NOP);
1484         if (unlikely(err))
1485                 return err;
1486 
1487         path.mnt = fhp->fh_export->ex_path.mnt;
1488         path.dentry = fhp->fh_dentry;
1489 
1490         if (unlikely(!d_is_symlink(path.dentry)))
1491                 return nfserr_inval;
1492 
1493         touch_atime(&path);
1494 
1495         link = vfs_get_link(path.dentry, &done);
1496         if (IS_ERR(link))
1497                 return nfserrno(PTR_ERR(link));
1498 
1499         len = strlen(link);
1500         if (len < *lenp)
1501                 *lenp = len;
1502         memcpy(buf, link, *lenp);
1503         do_delayed_call(&done);
1504         return 0;
1505 }
1506 
1507 /*
1508  * Create a symlink and look up its inode
1509  * N.B. After this call _both_ fhp and resfhp need an fh_put
1510  */
1511 __be32
1512 nfsd_symlink(struct svc_rqst *rqstp, struct svc_fh *fhp,
1513                                 char *fname, int flen,
1514                                 char *path,
1515                                 struct svc_fh *resfhp)
1516 {
1517         struct dentry   *dentry, *dnew;
1518         __be32          err, cerr;
1519         int             host_err;
1520 
1521         err = nfserr_noent;
1522         if (!flen || path[0] == '\0')
1523                 goto out;
1524         err = nfserr_exist;
1525         if (isdotent(fname, flen))
1526                 goto out;
1527 
1528         err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
1529         if (err)
1530                 goto out;
1531 
1532         host_err = fh_want_write(fhp);
1533         if (host_err)
1534                 goto out_nfserr;
1535 
1536         fh_lock(fhp);
1537         dentry = fhp->fh_dentry;
1538         dnew = lookup_one_len(fname, dentry, flen);
1539         host_err = PTR_ERR(dnew);
1540         if (IS_ERR(dnew))
1541                 goto out_nfserr;
1542 
1543         host_err = vfs_symlink(d_inode(dentry), dnew, path);
1544         err = nfserrno(host_err);
1545         if (!err)
1546                 err = nfserrno(commit_metadata(fhp));
1547         fh_unlock(fhp);
1548 
1549         fh_drop_write(fhp);
1550 
1551         cerr = fh_compose(resfhp, fhp->fh_export, dnew, fhp);
1552         dput(dnew);
1553         if (err==0) err = cerr;
1554 out:
1555         return err;
1556 
1557 out_nfserr:
1558         err = nfserrno(host_err);
1559         goto out;
1560 }
1561 
1562 /*
1563  * Create a hardlink
1564  * N.B. After this call _both_ ffhp and tfhp need an fh_put
1565  */
1566 __be32
1567 nfsd_link(struct svc_rqst *rqstp, struct svc_fh *ffhp,
1568                                 char *name, int len, struct svc_fh *tfhp)
1569 {
1570         struct dentry   *ddir, *dnew, *dold;
1571         struct inode    *dirp;
1572         __be32          err;
1573         int             host_err;
1574 
1575         err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_CREATE);
1576         if (err)
1577                 goto out;
1578         err = fh_verify(rqstp, tfhp, 0, NFSD_MAY_NOP);
1579         if (err)
1580                 goto out;
1581         err = nfserr_isdir;
1582         if (d_is_dir(tfhp->fh_dentry))
1583                 goto out;
1584         err = nfserr_perm;
1585         if (!len)
1586                 goto out;
1587         err = nfserr_exist;
1588         if (isdotent(name, len))
1589                 goto out;
1590 
1591         host_err = fh_want_write(tfhp);
1592         if (host_err) {
1593                 err = nfserrno(host_err);
1594                 goto out;
1595         }
1596 
1597         fh_lock_nested(ffhp, I_MUTEX_PARENT);
1598         ddir = ffhp->fh_dentry;
1599         dirp = d_inode(ddir);
1600 
1601         dnew = lookup_one_len(name, ddir, len);
1602         host_err = PTR_ERR(dnew);
1603         if (IS_ERR(dnew))
1604                 goto out_nfserr;
1605 
1606         dold = tfhp->fh_dentry;
1607 
1608         err = nfserr_noent;
1609         if (d_really_is_negative(dold))
1610                 goto out_dput;
1611         host_err = vfs_link(dold, dirp, dnew, NULL);
1612         if (!host_err) {
1613                 err = nfserrno(commit_metadata(ffhp));
1614                 if (!err)
1615                         err = nfserrno(commit_metadata(tfhp));
1616         } else {
1617                 if (host_err == -EXDEV && rqstp->rq_vers == 2)
1618                         err = nfserr_acces;
1619                 else
1620                         err = nfserrno(host_err);
1621         }
1622 out_dput:
1623         dput(dnew);
1624 out_unlock:
1625         fh_unlock(ffhp);
1626         fh_drop_write(tfhp);
1627 out:
1628         return err;
1629 
1630 out_nfserr:
1631         err = nfserrno(host_err);
1632         goto out_unlock;
1633 }
1634 
1635 static void
1636 nfsd_close_cached_files(struct dentry *dentry)
1637 {
1638         struct inode *inode = d_inode(dentry);
1639 
1640         if (inode && S_ISREG(inode->i_mode))
1641                 nfsd_file_close_inode_sync(inode);
1642 }
1643 
1644 static bool
1645 nfsd_has_cached_files(struct dentry *dentry)
1646 {
1647         bool            ret = false;
1648         struct inode *inode = d_inode(dentry);
1649 
1650         if (inode && S_ISREG(inode->i_mode))
1651                 ret = nfsd_file_is_cached(inode);
1652         return ret;
1653 }
1654 
1655 /*
1656  * Rename a file
1657  * N.B. After this call _both_ ffhp and tfhp need an fh_put
1658  */
1659 __be32
1660 nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen,
1661                             struct svc_fh *tfhp, char *tname, int tlen)
1662 {
1663         struct dentry   *fdentry, *tdentry, *odentry, *ndentry, *trap;
1664         struct inode    *fdir, *tdir;
1665         __be32          err;
1666         int             host_err;
1667         bool            has_cached = false;
1668 
1669         err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_REMOVE);
1670         if (err)
1671                 goto out;
1672         err = fh_verify(rqstp, tfhp, S_IFDIR, NFSD_MAY_CREATE);
1673         if (err)
1674                 goto out;
1675 
1676         fdentry = ffhp->fh_dentry;
1677         fdir = d_inode(fdentry);
1678 
1679         tdentry = tfhp->fh_dentry;
1680         tdir = d_inode(tdentry);
1681 
1682         err = nfserr_perm;
1683         if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen))
1684                 goto out;
1685 
1686 retry:
1687         host_err = fh_want_write(ffhp);
1688         if (host_err) {
1689                 err = nfserrno(host_err);
1690                 goto out;
1691         }
1692 
1693         /* cannot use fh_lock as we need deadlock protective ordering
1694          * so do it by hand */
1695         trap = lock_rename(tdentry, fdentry);
1696         ffhp->fh_locked = tfhp->fh_locked = true;
1697         fill_pre_wcc(ffhp);
1698         fill_pre_wcc(tfhp);
1699 
1700         odentry = lookup_one_len(fname, fdentry, flen);
1701         host_err = PTR_ERR(odentry);
1702         if (IS_ERR(odentry))
1703                 goto out_nfserr;
1704 
1705         host_err = -ENOENT;
1706         if (d_really_is_negative(odentry))
1707                 goto out_dput_old;
1708         host_err = -EINVAL;
1709         if (odentry == trap)
1710                 goto out_dput_old;
1711 
1712         ndentry = lookup_one_len(tname, tdentry, tlen);
1713         host_err = PTR_ERR(ndentry);
1714         if (IS_ERR(ndentry))
1715                 goto out_dput_old;
1716         host_err = -ENOTEMPTY;
1717         if (ndentry == trap)
1718                 goto out_dput_new;
1719 
1720         host_err = -EXDEV;
1721         if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt)
1722                 goto out_dput_new;
1723         if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry)
1724                 goto out_dput_new;
1725 
1726         if (nfsd_has_cached_files(ndentry)) {
1727                 has_cached = true;
1728                 goto out_dput_old;
1729         } else {
1730                 host_err = vfs_rename(fdir, odentry, tdir, ndentry, NULL, 0);
1731                 if (!host_err) {
1732                         host_err = commit_metadata(tfhp);
1733                         if (!host_err)
1734                                 host_err = commit_metadata(ffhp);
1735                 }
1736         }
1737  out_dput_new:
1738         dput(ndentry);
1739  out_dput_old:
1740         dput(odentry);
1741  out_nfserr:
1742         err = nfserrno(host_err);
1743         /*
1744          * We cannot rely on fh_unlock on the two filehandles,
1745          * as that would do the wrong thing if the two directories
1746          * were the same, so again we do it by hand.
1747          */
1748         if (!has_cached) {
1749                 fill_post_wcc(ffhp);
1750                 fill_post_wcc(tfhp);
1751         }
1752         unlock_rename(tdentry, fdentry);
1753         ffhp->fh_locked = tfhp->fh_locked = false;
1754         fh_drop_write(ffhp);
1755 
1756         /*
1757          * If the target dentry has cached open files, then we need to try to
1758          * close them prior to doing the rename. Flushing delayed fput
1759          * shouldn't be done with locks held however, so we delay it until this
1760          * point and then reattempt the whole shebang.
1761          */
1762         if (has_cached) {
1763                 has_cached = false;
1764                 nfsd_close_cached_files(ndentry);
1765                 dput(ndentry);
1766                 goto retry;
1767         }
1768 out:
1769         return err;
1770 }
1771 
1772 /*
1773  * Unlink a file or directory
1774  * N.B. After this call fhp needs an fh_put
1775  */
1776 __be32
1777 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
1778                                 char *fname, int flen)
1779 {
1780         struct dentry   *dentry, *rdentry;
1781         struct inode    *dirp;
1782         __be32          err;
1783         int             host_err;
1784 
1785         err = nfserr_acces;
1786         if (!flen || isdotent(fname, flen))
1787                 goto out;
1788         err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_REMOVE);
1789         if (err)
1790                 goto out;
1791 
1792         host_err = fh_want_write(fhp);
1793         if (host_err)
1794                 goto out_nfserr;
1795 
1796         fh_lock_nested(fhp, I_MUTEX_PARENT);
1797         dentry = fhp->fh_dentry;
1798         dirp = d_inode(dentry);
1799 
1800         rdentry = lookup_one_len(fname, dentry, flen);
1801         host_err = PTR_ERR(rdentry);
1802         if (IS_ERR(rdentry))
1803                 goto out_drop_write;
1804 
1805         if (d_really_is_negative(rdentry)) {
1806                 dput(rdentry);
1807                 host_err = -ENOENT;
1808                 goto out_drop_write;
1809         }
1810 
1811         if (!type)
1812                 type = d_inode(rdentry)->i_mode & S_IFMT;
1813 
1814         if (type != S_IFDIR) {
1815                 nfsd_close_cached_files(rdentry);
1816                 host_err = vfs_unlink(dirp, rdentry, NULL);
1817         } else {
1818                 host_err = vfs_rmdir(dirp, rdentry);
1819         }
1820 
1821         if (!host_err)
1822                 host_err = commit_metadata(fhp);
1823         dput(rdentry);
1824 
1825 out_drop_write:
1826         fh_drop_write(fhp);
1827 out_nfserr:
1828         err = nfserrno(host_err);
1829 out:
1830         return err;
1831 }
1832 
1833 /*
1834  * We do this buffering because we must not call back into the file
1835  * system's ->lookup() method from the filldir callback. That may well
1836  * deadlock a number of file systems.
1837  *
1838  * This is based heavily on the implementation of same in XFS.
1839  */
1840 struct buffered_dirent {
1841         u64             ino;
1842         loff_t          offset;
1843         int             namlen;
1844         unsigned int    d_type;
1845         char            name[];
1846 };
1847 
1848 struct readdir_data {
1849         struct dir_context ctx;
1850         char            *dirent;
1851         size_t          used;
1852         int             full;
1853 };
1854 
1855 static int nfsd_buffered_filldir(struct dir_context *ctx, const char *name,
1856                                  int namlen, loff_t offset, u64 ino,
1857                                  unsigned int d_type)
1858 {
1859         struct readdir_data *buf =
1860                 container_of(ctx, struct readdir_data, ctx);
1861         struct buffered_dirent *de = (void *)(buf->dirent + buf->used);
1862         unsigned int reclen;
1863 
1864         reclen = ALIGN(sizeof(struct buffered_dirent) + namlen, sizeof(u64));
1865         if (buf->used + reclen > PAGE_SIZE) {
1866                 buf->full = 1;
1867                 return -EINVAL;
1868         }
1869 
1870         de->namlen = namlen;
1871         de->offset = offset;
1872         de->ino = ino;
1873         de->d_type = d_type;
1874         memcpy(de->name, name, namlen);
1875         buf->used += reclen;
1876 
1877         return 0;
1878 }
1879 
1880 static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func,
1881                                     struct readdir_cd *cdp, loff_t *offsetp)
1882 {
1883         struct buffered_dirent *de;
1884         int host_err;
1885         int size;
1886         loff_t offset;
1887         struct readdir_data buf = {
1888                 .ctx.actor = nfsd_buffered_filldir,
1889                 .dirent = (void *)__get_free_page(GFP_KERNEL)
1890         };
1891 
1892         if (!buf.dirent)
1893                 return nfserrno(-ENOMEM);
1894 
1895         offset = *offsetp;
1896 
1897         while (1) {
1898                 unsigned int reclen;
1899 
1900                 cdp->err = nfserr_eof; /* will be cleared on successful read */
1901                 buf.used = 0;
1902                 buf.full = 0;
1903 
1904                 host_err = iterate_dir(file, &buf.ctx);
1905                 if (buf.full)
1906                         host_err = 0;
1907 
1908                 if (host_err < 0)
1909                         break;
1910 
1911                 size = buf.used;
1912 
1913                 if (!size)
1914                         break;
1915 
1916                 de = (struct buffered_dirent *)buf.dirent;
1917                 while (size > 0) {
1918                         offset = de->offset;
1919 
1920                         if (func(cdp, de->name, de->namlen, de->offset,
1921                                  de->ino, de->d_type))
1922                                 break;
1923 
1924                         if (cdp->err != nfs_ok)
1925                                 break;
1926 
1927                         reclen = ALIGN(sizeof(*de) + de->namlen,
1928                                        sizeof(u64));
1929                         size -= reclen;
1930                         de = (struct buffered_dirent *)((char *)de + reclen);
1931                 }
1932                 if (size > 0) /* We bailed out early */
1933                         break;
1934 
1935                 offset = vfs_llseek(file, 0, SEEK_CUR);
1936         }
1937 
1938         free_page((unsigned long)(buf.dirent));
1939 
1940         if (host_err)
1941                 return nfserrno(host_err);
1942 
1943         *offsetp = offset;
1944         return cdp->err;
1945 }
1946 
1947 /*
1948  * Read entries from a directory.
1949  * The  NFSv3/4 verifier we ignore for now.
1950  */
1951 __be32
1952 nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp, 
1953              struct readdir_cd *cdp, nfsd_filldir_t func)
1954 {
1955         __be32          err;
1956         struct file     *file;
1957         loff_t          offset = *offsetp;
1958         int             may_flags = NFSD_MAY_READ;
1959 
1960         /* NFSv2 only supports 32 bit cookies */
1961         if (rqstp->rq_vers > 2)
1962                 may_flags |= NFSD_MAY_64BIT_COOKIE;
1963 
1964         err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file);
1965         if (err)
1966                 goto out;
1967 
1968         offset = vfs_llseek(file, offset, SEEK_SET);
1969         if (offset < 0) {
1970                 err = nfserrno((int)offset);
1971                 goto out_close;
1972         }
1973 
1974         err = nfsd_buffered_readdir(file, func, cdp, offsetp);
1975 
1976         if (err == nfserr_eof || err == nfserr_toosmall)
1977                 err = nfs_ok; /* can still be found in ->err */
1978 out_close:
1979         fput(file);
1980 out:
1981         return err;
1982 }
1983 
1984 /*
1985  * Get file system stats
1986  * N.B. After this call fhp needs an fh_put
1987  */
1988 __be32
1989 nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access)
1990 {
1991         __be32 err;
1992 
1993         err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access);
1994         if (!err) {
1995                 struct path path = {
1996                         .mnt    = fhp->fh_export->ex_path.mnt,
1997                         .dentry = fhp->fh_dentry,
1998                 };
1999                 if (vfs_statfs(&path, stat))
2000                         err = nfserr_io;
2001         }
2002         return err;
2003 }
2004 
2005 static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp)
2006 {
2007         return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY;
2008 }
2009 
2010 /*
2011  * Check for a user's access permissions to this inode.
2012  */
2013 __be32
2014 nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2015                                         struct dentry *dentry, int acc)
2016 {
2017         struct inode    *inode = d_inode(dentry);
2018         int             err;
2019 
2020         if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP)
2021                 return 0;
2022 #if 0
2023         dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n",
2024                 acc,
2025                 (acc & NFSD_MAY_READ)?  " read"  : "",
2026                 (acc & NFSD_MAY_WRITE)? " write" : "",
2027                 (acc & NFSD_MAY_EXEC)?  " exec"  : "",
2028                 (acc & NFSD_MAY_SATTR)? " sattr" : "",
2029                 (acc & NFSD_MAY_TRUNC)? " trunc" : "",
2030                 (acc & NFSD_MAY_LOCK)?  " lock"  : "",
2031                 (acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "",
2032                 inode->i_mode,
2033                 IS_IMMUTABLE(inode)?    " immut" : "",
2034                 IS_APPEND(inode)?       " append" : "",
2035                 __mnt_is_readonly(exp->ex_path.mnt)?    " ro" : "");
2036         dprintk("      owner %d/%d user %d/%d\n",
2037                 inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid());
2038 #endif
2039 
2040         /* Normally we reject any write/sattr etc access on a read-only file
2041          * system.  But if it is IRIX doing check on write-access for a 
2042          * device special file, we ignore rofs.
2043          */
2044         if (!(acc & NFSD_MAY_LOCAL_ACCESS))
2045                 if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) {
2046                         if (exp_rdonly(rqstp, exp) ||
2047                             __mnt_is_readonly(exp->ex_path.mnt))
2048                                 return nfserr_rofs;
2049                         if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode))
2050                                 return nfserr_perm;
2051                 }
2052         if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode))
2053                 return nfserr_perm;
2054 
2055         if (acc & NFSD_MAY_LOCK) {
2056                 /* If we cannot rely on authentication in NLM requests,
2057                  * just allow locks, otherwise require read permission, or
2058                  * ownership
2059                  */
2060                 if (exp->ex_flags & NFSEXP_NOAUTHNLM)
2061                         return 0;
2062                 else
2063                         acc = NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE;
2064         }
2065         /*
2066          * The file owner always gets access permission for accesses that
2067          * would normally be checked at open time. This is to make
2068          * file access work even when the client has done a fchmod(fd, 0).
2069          *
2070          * However, `cp foo bar' should fail nevertheless when bar is
2071          * readonly. A sensible way to do this might be to reject all
2072          * attempts to truncate a read-only file, because a creat() call
2073          * always implies file truncation.
2074          * ... but this isn't really fair.  A process may reasonably call
2075          * ftruncate on an open file descriptor on a file with perm 000.
2076          * We must trust the client to do permission checking - using "ACCESS"
2077          * with NFSv3.
2078          */
2079         if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
2080             uid_eq(inode->i_uid, current_fsuid()))
2081                 return 0;
2082 
2083         /* This assumes  NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */
2084         err = inode_permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC));
2085 
2086         /* Allow read access to binaries even when mode 111 */
2087         if (err == -EACCES && S_ISREG(inode->i_mode) &&
2088              (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) ||
2089               acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC)))
2090                 err = inode_permission(inode, MAY_EXEC);
2091 
2092         return err? nfserrno(err) : 0;
2093 }