Commit | Line | Data |
---|---|---|
e38f9817 CH |
1 | /* |
2 | * Copyright (C) Neil Brown 2002 | |
3 | * Copyright (C) Christoph Hellwig 2007 | |
4 | * | |
5 | * This file contains the code mapping from inodes to NFS file handles, | |
6 | * and for mapping back from file handles to dentries. | |
7 | * | |
8 | * For details on why we do all the strange and hairy things in here | |
dc7a0816 | 9 | * take a look at Documentation/filesystems/nfs/Exporting. |
e38f9817 | 10 | */ |
a5694255 | 11 | #include <linux/exportfs.h> |
1da177e4 LT |
12 | #include <linux/fs.h> |
13 | #include <linux/file.h> | |
14 | #include <linux/module.h> | |
d37065cd | 15 | #include <linux/mount.h> |
1da177e4 | 16 | #include <linux/namei.h> |
745ca247 | 17 | #include <linux/sched.h> |
1da177e4 | 18 | |
10f11c34 | 19 | #define dprintk(fmt, args...) do{}while(0) |
1da177e4 | 20 | |
1da177e4 | 21 | |
765927b2 | 22 | static int get_name(const struct path *path, char *name, struct dentry *child); |
10f11c34 CH |
23 | |
24 | ||
e38f9817 CH |
25 | static int exportfs_get_name(struct vfsmount *mnt, struct dentry *dir, |
26 | char *name, struct dentry *child) | |
10f11c34 | 27 | { |
39655164 | 28 | const struct export_operations *nop = dir->d_sb->s_export_op; |
765927b2 | 29 | struct path path = {.mnt = mnt, .dentry = dir}; |
10f11c34 CH |
30 | |
31 | if (nop->get_name) | |
32 | return nop->get_name(dir, name, child); | |
33 | else | |
765927b2 | 34 | return get_name(&path, name, child); |
10f11c34 | 35 | } |
1da177e4 | 36 | |
fb66a198 CH |
37 | /* |
38 | * Check if the dentry or any of it's aliases is acceptable. | |
39 | */ | |
e2f99018 CH |
40 | static struct dentry * |
41 | find_acceptable_alias(struct dentry *result, | |
42 | int (*acceptable)(void *context, struct dentry *dentry), | |
43 | void *context) | |
44 | { | |
45 | struct dentry *dentry, *toput = NULL; | |
873feea0 | 46 | struct inode *inode; |
e2f99018 | 47 | |
fb66a198 CH |
48 | if (acceptable(context, result)) |
49 | return result; | |
50 | ||
873feea0 NP |
51 | inode = result->d_inode; |
52 | spin_lock(&inode->i_lock); | |
946e51f2 | 53 | hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { |
dc0474be | 54 | dget(dentry); |
873feea0 | 55 | spin_unlock(&inode->i_lock); |
e2f99018 CH |
56 | if (toput) |
57 | dput(toput); | |
58 | if (dentry != result && acceptable(context, dentry)) { | |
59 | dput(result); | |
60 | return dentry; | |
61 | } | |
873feea0 | 62 | spin_lock(&inode->i_lock); |
e2f99018 CH |
63 | toput = dentry; |
64 | } | |
873feea0 | 65 | spin_unlock(&inode->i_lock); |
e2f99018 CH |
66 | |
67 | if (toput) | |
68 | dput(toput); | |
69 | return NULL; | |
70 | } | |
71 | ||
a056cc89 BF |
72 | static bool dentry_connected(struct dentry *dentry) |
73 | { | |
74 | dget(dentry); | |
75 | while (dentry->d_flags & DCACHE_DISCONNECTED) { | |
76 | struct dentry *parent = dget_parent(dentry); | |
77 | ||
78 | dput(dentry); | |
79 | if (IS_ROOT(dentry)) { | |
80 | dput(parent); | |
81 | return false; | |
82 | } | |
83 | dentry = parent; | |
84 | } | |
85 | dput(dentry); | |
86 | return true; | |
87 | } | |
88 | ||
0dbc018a BF |
89 | static void clear_disconnected(struct dentry *dentry) |
90 | { | |
91 | dget(dentry); | |
92 | while (dentry->d_flags & DCACHE_DISCONNECTED) { | |
93 | struct dentry *parent = dget_parent(dentry); | |
94 | ||
95 | WARN_ON_ONCE(IS_ROOT(dentry)); | |
96 | ||
97 | spin_lock(&dentry->d_lock); | |
98 | dentry->d_flags &= ~DCACHE_DISCONNECTED; | |
99 | spin_unlock(&dentry->d_lock); | |
100 | ||
101 | dput(dentry); | |
102 | dentry = parent; | |
103 | } | |
104 | dput(dentry); | |
105 | } | |
106 | ||
bbf7a8a3 BF |
107 | /* |
108 | * Reconnect a directory dentry with its parent. | |
109 | * | |
110 | * This can return a dentry, or NULL, or an error. | |
111 | * | |
112 | * In the first case the returned dentry is the parent of the given | |
113 | * dentry, and may itself need to be reconnected to its parent. | |
114 | * | |
115 | * In the NULL case, a concurrent VFS operation has either renamed or | |
116 | * removed this directory. The concurrent operation has reconnected our | |
117 | * dentry, so we no longer need to. | |
118 | */ | |
119 | static struct dentry *reconnect_one(struct vfsmount *mnt, | |
120 | struct dentry *dentry, char *nbuf) | |
121 | { | |
122 | struct dentry *parent; | |
123 | struct dentry *tmp; | |
124 | int err; | |
125 | ||
126 | parent = ERR_PTR(-EACCES); | |
5955102c | 127 | inode_lock(dentry->d_inode); |
bbf7a8a3 BF |
128 | if (mnt->mnt_sb->s_export_op->get_parent) |
129 | parent = mnt->mnt_sb->s_export_op->get_parent(dentry); | |
5955102c | 130 | inode_unlock(dentry->d_inode); |
bbf7a8a3 BF |
131 | |
132 | if (IS_ERR(parent)) { | |
133 | dprintk("%s: get_parent of %ld failed, err %d\n", | |
134 | __func__, dentry->d_inode->i_ino, PTR_ERR(parent)); | |
135 | return parent; | |
136 | } | |
137 | ||
138 | dprintk("%s: find name of %lu in %lu\n", __func__, | |
139 | dentry->d_inode->i_ino, parent->d_inode->i_ino); | |
140 | err = exportfs_get_name(mnt, parent, nbuf, dentry); | |
141 | if (err == -ENOENT) | |
142 | goto out_reconnected; | |
143 | if (err) | |
144 | goto out_err; | |
145 | dprintk("%s: found name: %s\n", __func__, nbuf); | |
383d4e8a | 146 | tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); |
bbf7a8a3 BF |
147 | if (IS_ERR(tmp)) { |
148 | dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); | |
149 | goto out_err; | |
150 | } | |
151 | if (tmp != dentry) { | |
383d4e8a AV |
152 | /* |
153 | * Somebody has renamed it since exportfs_get_name(); | |
154 | * great, since it could've only been renamed if it | |
155 | * got looked up and thus connected, and it would | |
156 | * remain connected afterwards. We are done. | |
157 | */ | |
bbf7a8a3 BF |
158 | dput(tmp); |
159 | goto out_reconnected; | |
160 | } | |
161 | dput(tmp); | |
162 | if (IS_ROOT(dentry)) { | |
163 | err = -ESTALE; | |
164 | goto out_err; | |
165 | } | |
166 | return parent; | |
167 | ||
168 | out_err: | |
169 | dput(parent); | |
170 | return ERR_PTR(err); | |
171 | out_reconnected: | |
172 | dput(parent); | |
173 | /* | |
174 | * Someone must have renamed our entry into another parent, in | |
175 | * which case it has been reconnected by the rename. | |
176 | * | |
177 | * Or someone removed it entirely, in which case filehandle | |
178 | * lookup will succeed but the directory is now IS_DEAD and | |
179 | * subsequent operations on it will fail. | |
180 | * | |
181 | * Alternatively, maybe there was no race at all, and the | |
182 | * filesystem is just corrupt and gave us a parent that doesn't | |
183 | * actually contain any entry pointing to this inode. So, | |
184 | * double check that this worked and return -ESTALE if not: | |
185 | */ | |
186 | if (!dentry_connected(dentry)) | |
187 | return ERR_PTR(-ESTALE); | |
188 | return NULL; | |
189 | } | |
190 | ||
019ab801 CH |
191 | /* |
192 | * Make sure target_dir is fully connected to the dentry tree. | |
1da177e4 | 193 | * |
78cee9a8 BF |
194 | * On successful return, DCACHE_DISCONNECTED will be cleared on |
195 | * target_dir, and target_dir->d_parent->...->d_parent will reach the | |
196 | * root of the filesystem. | |
197 | * | |
198 | * Whenever DCACHE_DISCONNECTED is unset, target_dir is fully connected. | |
199 | * But the converse is not true: target_dir may have DCACHE_DISCONNECTED | |
200 | * set but already be connected. In that case we'll verify the | |
201 | * connection to root and then clear the flag. | |
202 | * | |
203 | * Note that target_dir could be removed by a concurrent operation. In | |
204 | * that case reconnect_path may still succeed with target_dir fully | |
205 | * connected, but further operations using the filehandle will fail when | |
206 | * necessary (due to S_DEAD being set on the directory). | |
1da177e4 | 207 | */ |
019ab801 | 208 | static int |
f3f8e175 | 209 | reconnect_path(struct vfsmount *mnt, struct dentry *target_dir, char *nbuf) |
1da177e4 | 210 | { |
f27c9298 | 211 | struct dentry *dentry, *parent; |
1da177e4 | 212 | |
f27c9298 | 213 | dentry = dget(target_dir); |
1da177e4 | 214 | |
f27c9298 | 215 | while (dentry->d_flags & DCACHE_DISCONNECTED) { |
efbf201f | 216 | BUG_ON(dentry == mnt->mnt_sb->s_root); |
854ff5ca | 217 | |
f27c9298 BF |
218 | if (IS_ROOT(dentry)) |
219 | parent = reconnect_one(mnt, dentry, nbuf); | |
220 | else | |
221 | parent = dget_parent(dentry); | |
222 | ||
223 | if (!parent) | |
0dbc018a | 224 | break; |
efbf201f | 225 | dput(dentry); |
f27c9298 BF |
226 | if (IS_ERR(parent)) |
227 | return PTR_ERR(parent); | |
228 | dentry = parent; | |
1da177e4 | 229 | } |
f27c9298 | 230 | dput(dentry); |
a056cc89 | 231 | clear_disconnected(target_dir); |
019ab801 CH |
232 | return 0; |
233 | } | |
234 | ||
1da177e4 | 235 | struct getdents_callback { |
5c0ba4e0 | 236 | struct dir_context ctx; |
1da177e4 LT |
237 | char *name; /* name that was found. It already points to a |
238 | buffer NAME_MAX+1 is size */ | |
950ee956 | 239 | u64 ino; /* the inum we are looking for */ |
1da177e4 LT |
240 | int found; /* inode matched? */ |
241 | int sequence; /* sequence counter */ | |
242 | }; | |
243 | ||
244 | /* | |
245 | * A rather strange filldir function to capture | |
246 | * the name matching the specified inode number. | |
247 | */ | |
ac7576f4 | 248 | static int filldir_one(struct dir_context *ctx, const char *name, int len, |
afefdbb2 | 249 | loff_t pos, u64 ino, unsigned int d_type) |
1da177e4 | 250 | { |
ac7576f4 MS |
251 | struct getdents_callback *buf = |
252 | container_of(ctx, struct getdents_callback, ctx); | |
1da177e4 LT |
253 | int result = 0; |
254 | ||
255 | buf->sequence++; | |
dfc59e2c | 256 | if (buf->ino == ino && len <= NAME_MAX) { |
1da177e4 LT |
257 | memcpy(buf->name, name, len); |
258 | buf->name[len] = '\0'; | |
259 | buf->found = 1; | |
260 | result = -1; | |
261 | } | |
262 | return result; | |
263 | } | |
264 | ||
265 | /** | |
266 | * get_name - default export_operations->get_name function | |
00f01791 | 267 | * @path: the directory in which to find a name |
1da177e4 LT |
268 | * @name: a pointer to a %NAME_MAX+1 char buffer to store the name |
269 | * @child: the dentry for the child directory. | |
270 | * | |
271 | * calls readdir on the parent until it finds an entry with | |
272 | * the same inode number as the child, and returns that. | |
273 | */ | |
765927b2 | 274 | static int get_name(const struct path *path, char *name, struct dentry *child) |
1da177e4 | 275 | { |
745ca247 | 276 | const struct cred *cred = current_cred(); |
765927b2 | 277 | struct inode *dir = path->dentry->d_inode; |
1da177e4 LT |
278 | int error; |
279 | struct file *file; | |
950ee956 BF |
280 | struct kstat stat; |
281 | struct path child_path = { | |
282 | .mnt = path->mnt, | |
283 | .dentry = child, | |
284 | }; | |
ac6614b7 AV |
285 | struct getdents_callback buffer = { |
286 | .ctx.actor = filldir_one, | |
287 | .name = name, | |
ac6614b7 | 288 | }; |
1da177e4 LT |
289 | |
290 | error = -ENOTDIR; | |
291 | if (!dir || !S_ISDIR(dir->i_mode)) | |
292 | goto out; | |
293 | error = -EINVAL; | |
294 | if (!dir->i_fop) | |
295 | goto out; | |
950ee956 BF |
296 | /* |
297 | * inode->i_ino is unsigned long, kstat->ino is u64, so the | |
298 | * former would be insufficient on 32-bit hosts when the | |
299 | * filesystem supports 64-bit inode numbers. So we need to | |
300 | * actually call ->getattr, not just read i_ino: | |
301 | */ | |
302 | error = vfs_getattr_nosec(&child_path, &stat); | |
303 | if (error) | |
304 | return error; | |
305 | buffer.ino = stat.ino; | |
1da177e4 LT |
306 | /* |
307 | * Open the directory ... | |
308 | */ | |
765927b2 | 309 | file = dentry_open(path, O_RDONLY, cred); |
1da177e4 LT |
310 | error = PTR_ERR(file); |
311 | if (IS_ERR(file)) | |
312 | goto out; | |
313 | ||
314 | error = -EINVAL; | |
61922694 | 315 | if (!file->f_op->iterate && !file->f_op->iterate_shared) |
1da177e4 LT |
316 | goto out_close; |
317 | ||
1da177e4 LT |
318 | buffer.sequence = 0; |
319 | while (1) { | |
320 | int old_seq = buffer.sequence; | |
321 | ||
5c0ba4e0 | 322 | error = iterate_dir(file, &buffer.ctx); |
53c9c5c0 AV |
323 | if (buffer.found) { |
324 | error = 0; | |
325 | break; | |
326 | } | |
1da177e4 LT |
327 | |
328 | if (error < 0) | |
329 | break; | |
330 | ||
1da177e4 LT |
331 | error = -ENOENT; |
332 | if (old_seq == buffer.sequence) | |
333 | break; | |
334 | } | |
335 | ||
336 | out_close: | |
337 | fput(file); | |
338 | out: | |
339 | return error; | |
340 | } | |
341 | ||
1da177e4 LT |
342 | /** |
343 | * export_encode_fh - default export_operations->encode_fh function | |
b0b0382b | 344 | * @inode: the object to encode |
00f01791 | 345 | * @fid: where to store the file handle fragment |
1da177e4 | 346 | * @max_len: maximum length to store there |
b0b0382b | 347 | * @parent: parent directory inode, if wanted |
1da177e4 LT |
348 | * |
349 | * This default encode_fh function assumes that the 32 inode number | |
350 | * is suitable for locating an inode, and that the generation number | |
351 | * can be used to check that it is still valid. It places them in the | |
352 | * filehandle fragment where export_decode_fh expects to find them. | |
353 | */ | |
b0b0382b AV |
354 | static int export_encode_fh(struct inode *inode, struct fid *fid, |
355 | int *max_len, struct inode *parent) | |
1da177e4 | 356 | { |
1da177e4 | 357 | int len = *max_len; |
6e91ea2b | 358 | int type = FILEID_INO32_GEN; |
5fe0c237 | 359 | |
b0b0382b | 360 | if (parent && (len < 4)) { |
5fe0c237 | 361 | *max_len = 4; |
216b6cbd | 362 | return FILEID_INVALID; |
5fe0c237 AK |
363 | } else if (len < 2) { |
364 | *max_len = 2; | |
216b6cbd | 365 | return FILEID_INVALID; |
5fe0c237 | 366 | } |
1da177e4 LT |
367 | |
368 | len = 2; | |
6e91ea2b CH |
369 | fid->i32.ino = inode->i_ino; |
370 | fid->i32.gen = inode->i_generation; | |
b0b0382b | 371 | if (parent) { |
6e91ea2b CH |
372 | fid->i32.parent_ino = parent->i_ino; |
373 | fid->i32.parent_gen = parent->i_generation; | |
1da177e4 | 374 | len = 4; |
6e91ea2b | 375 | type = FILEID_INO32_GEN_PARENT; |
1da177e4 LT |
376 | } |
377 | *max_len = len; | |
378 | return type; | |
379 | } | |
380 | ||
711c7bf9 CG |
381 | int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, |
382 | int *max_len, struct inode *parent) | |
383 | { | |
384 | const struct export_operations *nop = inode->i_sb->s_export_op; | |
385 | ||
386 | if (nop && nop->encode_fh) | |
387 | return nop->encode_fh(inode, fid->raw, max_len, parent); | |
388 | ||
389 | return export_encode_fh(inode, fid, max_len, parent); | |
390 | } | |
391 | EXPORT_SYMBOL_GPL(exportfs_encode_inode_fh); | |
392 | ||
6e91ea2b | 393 | int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, int *max_len, |
d37065cd CH |
394 | int connectable) |
395 | { | |
10f11c34 | 396 | int error; |
b0b0382b AV |
397 | struct dentry *p = NULL; |
398 | struct inode *inode = dentry->d_inode, *parent = NULL; | |
d37065cd | 399 | |
b0b0382b AV |
400 | if (connectable && !S_ISDIR(inode->i_mode)) { |
401 | p = dget_parent(dentry); | |
402 | /* | |
403 | * note that while p might've ceased to be our parent already, | |
404 | * it's still pinned by and still positive. | |
405 | */ | |
406 | parent = p->d_inode; | |
407 | } | |
711c7bf9 CG |
408 | |
409 | error = exportfs_encode_inode_fh(inode, fid, max_len, parent); | |
b0b0382b | 410 | dput(p); |
10f11c34 CH |
411 | |
412 | return error; | |
d37065cd CH |
413 | } |
414 | EXPORT_SYMBOL_GPL(exportfs_encode_fh); | |
415 | ||
6e91ea2b CH |
416 | struct dentry *exportfs_decode_fh(struct vfsmount *mnt, struct fid *fid, |
417 | int fh_len, int fileid_type, | |
418 | int (*acceptable)(void *, struct dentry *), void *context) | |
d37065cd | 419 | { |
39655164 | 420 | const struct export_operations *nop = mnt->mnt_sb->s_export_op; |
2596110a | 421 | struct dentry *result, *alias; |
f3f8e175 | 422 | char nbuf[NAME_MAX+1]; |
2596110a | 423 | int err; |
d37065cd | 424 | |
2596110a CH |
425 | /* |
426 | * Try to get any dentry for the given file handle from the filesystem. | |
427 | */ | |
becfd1f3 AK |
428 | if (!nop || !nop->fh_to_dentry) |
429 | return ERR_PTR(-ESTALE); | |
2596110a | 430 | result = nop->fh_to_dentry(mnt->mnt_sb, fid, fh_len, fileid_type); |
a4f4d6df BF |
431 | if (!result) |
432 | result = ERR_PTR(-ESTALE); | |
2596110a CH |
433 | if (IS_ERR(result)) |
434 | return result; | |
435 | ||
e36cb0b8 | 436 | if (d_is_dir(result)) { |
2596110a CH |
437 | /* |
438 | * This request is for a directory. | |
439 | * | |
440 | * On the positive side there is only one dentry for each | |
441 | * directory inode. On the negative side this implies that we | |
442 | * to ensure our dentry is connected all the way up to the | |
443 | * filesystem root. | |
444 | */ | |
445 | if (result->d_flags & DCACHE_DISCONNECTED) { | |
f3f8e175 | 446 | err = reconnect_path(mnt, result, nbuf); |
2596110a CH |
447 | if (err) |
448 | goto err_result; | |
449 | } | |
450 | ||
451 | if (!acceptable(context, result)) { | |
452 | err = -EACCES; | |
453 | goto err_result; | |
454 | } | |
455 | ||
456 | return result; | |
10f11c34 | 457 | } else { |
2596110a CH |
458 | /* |
459 | * It's not a directory. Life is a little more complicated. | |
460 | */ | |
461 | struct dentry *target_dir, *nresult; | |
2596110a CH |
462 | |
463 | /* | |
464 | * See if either the dentry we just got from the filesystem | |
465 | * or any alias for it is acceptable. This is always true | |
466 | * if this filesystem is exported without the subtreecheck | |
467 | * option. If the filesystem is exported with the subtree | |
468 | * check option there's a fair chance we need to look at | |
469 | * the parent directory in the file handle and make sure | |
470 | * it's connected to the filesystem root. | |
471 | */ | |
472 | alias = find_acceptable_alias(result, acceptable, context); | |
473 | if (alias) | |
474 | return alias; | |
475 | ||
476 | /* | |
477 | * Try to extract a dentry for the parent directory from the | |
478 | * file handle. If this fails we'll have to give up. | |
479 | */ | |
480 | err = -ESTALE; | |
481 | if (!nop->fh_to_parent) | |
482 | goto err_result; | |
483 | ||
484 | target_dir = nop->fh_to_parent(mnt->mnt_sb, fid, | |
485 | fh_len, fileid_type); | |
a4f4d6df BF |
486 | if (!target_dir) |
487 | goto err_result; | |
2596110a CH |
488 | err = PTR_ERR(target_dir); |
489 | if (IS_ERR(target_dir)) | |
490 | goto err_result; | |
491 | ||
492 | /* | |
493 | * And as usual we need to make sure the parent directory is | |
494 | * connected to the filesystem root. The VFS really doesn't | |
495 | * like disconnected directories.. | |
496 | */ | |
f3f8e175 | 497 | err = reconnect_path(mnt, target_dir, nbuf); |
2596110a CH |
498 | if (err) { |
499 | dput(target_dir); | |
500 | goto err_result; | |
501 | } | |
502 | ||
503 | /* | |
504 | * Now that we've got both a well-connected parent and a | |
505 | * dentry for the inode we're after, make sure that our | |
506 | * inode is actually connected to the parent. | |
507 | */ | |
e38f9817 | 508 | err = exportfs_get_name(mnt, target_dir, nbuf, result); |
2596110a | 509 | if (!err) { |
5955102c | 510 | inode_lock(target_dir->d_inode); |
2596110a CH |
511 | nresult = lookup_one_len(nbuf, target_dir, |
512 | strlen(nbuf)); | |
5955102c | 513 | inode_unlock(target_dir->d_inode); |
2596110a CH |
514 | if (!IS_ERR(nresult)) { |
515 | if (nresult->d_inode) { | |
516 | dput(result); | |
517 | result = nresult; | |
518 | } else | |
519 | dput(nresult); | |
520 | } | |
521 | } | |
522 | ||
523 | /* | |
524 | * At this point we are done with the parent, but it's pinned | |
525 | * by the child dentry anyway. | |
526 | */ | |
527 | dput(target_dir); | |
528 | ||
529 | /* | |
530 | * And finally make sure the dentry is actually acceptable | |
531 | * to NFSD. | |
532 | */ | |
533 | alias = find_acceptable_alias(result, acceptable, context); | |
534 | if (!alias) { | |
535 | err = -EACCES; | |
536 | goto err_result; | |
537 | } | |
538 | ||
539 | return alias; | |
10f11c34 CH |
540 | } |
541 | ||
2596110a CH |
542 | err_result: |
543 | dput(result); | |
544 | return ERR_PTR(err); | |
d37065cd CH |
545 | } |
546 | EXPORT_SYMBOL_GPL(exportfs_decode_fh); | |
547 | ||
1da177e4 | 548 | MODULE_LICENSE("GPL"); |