~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/nfsd/nfs4state.c

Version: ~ [ linux-5.2 ] ~ [ linux-5.1.16 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.57 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.132 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.184 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.184 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.69 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2 *  Copyright (c) 2001 The Regents of the University of Michigan.
  3 *  All rights reserved.
  4 *
  5 *  Kendrick Smith <kmsmith@umich.edu>
  6 *  Andy Adamson <kandros@umich.edu>
  7 *
  8 *  Redistribution and use in source and binary forms, with or without
  9 *  modification, are permitted provided that the following conditions
 10 *  are met:
 11 *
 12 *  1. Redistributions of source code must retain the above copyright
 13 *     notice, this list of conditions and the following disclaimer.
 14 *  2. Redistributions in binary form must reproduce the above copyright
 15 *     notice, this list of conditions and the following disclaimer in the
 16 *     documentation and/or other materials provided with the distribution.
 17 *  3. Neither the name of the University nor the names of its
 18 *     contributors may be used to endorse or promote products derived
 19 *     from this software without specific prior written permission.
 20 *
 21 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 22 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 23 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 24 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 25 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 26 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 27 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 28 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 29 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 30 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 31 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 32 *
 33 */
 34 
 35 #include <linux/file.h>
 36 #include <linux/fs.h>
 37 #include <linux/slab.h>
 38 #include <linux/namei.h>
 39 #include <linux/swap.h>
 40 #include <linux/sunrpc/svcauth_gss.h>
 41 #include <linux/sunrpc/clnt.h>
 42 #include "xdr4.h"
 43 #include "vfs.h"
 44 
 45 #define NFSDDBG_FACILITY                NFSDDBG_PROC
 46 
 47 /* Globals */
 48 time_t nfsd4_lease = 90;     /* default lease time */
 49 time_t nfsd4_grace = 90;
 50 static time_t boot_time;
 51 static u32 current_ownerid = 1;
 52 static u32 current_fileid = 1;
 53 static u32 current_delegid = 1;
 54 static stateid_t zerostateid;             /* bits all 0 */
 55 static stateid_t onestateid;              /* bits all 1 */
 56 static u64 current_sessionid = 1;
 57 
 58 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zerostateid, sizeof(stateid_t)))
 59 #define ONE_STATEID(stateid)  (!memcmp((stateid), &onestateid, sizeof(stateid_t)))
 60 
 61 /* forward declarations */
 62 static struct nfs4_stateid * find_stateid(stateid_t *stid, int flags);
 63 static struct nfs4_delegation * find_delegation_stateid(struct inode *ino, stateid_t *stid);
 64 static char user_recovery_dirname[PATH_MAX] = "/var/lib/nfs/v4recovery";
 65 static void nfs4_set_recdir(char *recdir);
 66 
 67 /* Locking: */
 68 
 69 /* Currently used for almost all code touching nfsv4 state: */
 70 static DEFINE_MUTEX(client_mutex);
 71 
 72 /*
 73  * Currently used for the del_recall_lru and file hash table.  In an
 74  * effort to decrease the scope of the client_mutex, this spinlock may
 75  * eventually cover more:
 76  */
 77 static DEFINE_SPINLOCK(recall_lock);
 78 
 79 static struct kmem_cache *stateowner_slab = NULL;
 80 static struct kmem_cache *file_slab = NULL;
 81 static struct kmem_cache *stateid_slab = NULL;
 82 static struct kmem_cache *deleg_slab = NULL;
 83 
 84 void
 85 nfs4_lock_state(void)
 86 {
 87         mutex_lock(&client_mutex);
 88 }
 89 
 90 void
 91 nfs4_unlock_state(void)
 92 {
 93         mutex_unlock(&client_mutex);
 94 }
 95 
 96 static inline u32
 97 opaque_hashval(const void *ptr, int nbytes)
 98 {
 99         unsigned char *cptr = (unsigned char *) ptr;
100 
101         u32 x = 0;
102         while (nbytes--) {
103                 x *= 37;
104                 x += *cptr++;
105         }
106         return x;
107 }
108 
109 static struct list_head del_recall_lru;
110 
111 static inline void
112 put_nfs4_file(struct nfs4_file *fi)
113 {
114         if (atomic_dec_and_lock(&fi->fi_ref, &recall_lock)) {
115                 list_del(&fi->fi_hash);
116                 spin_unlock(&recall_lock);
117                 iput(fi->fi_inode);
118                 kmem_cache_free(file_slab, fi);
119         }
120 }
121 
122 static inline void
123 get_nfs4_file(struct nfs4_file *fi)
124 {
125         atomic_inc(&fi->fi_ref);
126 }
127 
128 static int num_delegations;
129 unsigned int max_delegations;
130 
131 /*
132  * Open owner state (share locks)
133  */
134 
135 /* hash tables for nfs4_stateowner */
136 #define OWNER_HASH_BITS              8
137 #define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
138 #define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)
139 
140 #define ownerid_hashval(id) \
141         ((id) & OWNER_HASH_MASK)
142 #define ownerstr_hashval(clientid, ownername) \
143         (((clientid) + opaque_hashval((ownername.data), (ownername.len))) & OWNER_HASH_MASK)
144 
145 static struct list_head ownerid_hashtbl[OWNER_HASH_SIZE];
146 static struct list_head ownerstr_hashtbl[OWNER_HASH_SIZE];
147 
148 /* hash table for nfs4_file */
149 #define FILE_HASH_BITS                   8
150 #define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)
151 
152 /* hash table for (open)nfs4_stateid */
153 #define STATEID_HASH_BITS              10
154 #define STATEID_HASH_SIZE              (1 << STATEID_HASH_BITS)
155 #define STATEID_HASH_MASK              (STATEID_HASH_SIZE - 1)
156 
157 #define file_hashval(x) \
158         hash_ptr(x, FILE_HASH_BITS)
159 #define stateid_hashval(owner_id, file_id)  \
160         (((owner_id) + (file_id)) & STATEID_HASH_MASK)
161 
162 static struct list_head file_hashtbl[FILE_HASH_SIZE];
163 static struct list_head stateid_hashtbl[STATEID_HASH_SIZE];
164 
165 static void __nfs4_file_get_access(struct nfs4_file *fp, int oflag)
166 {
167         BUG_ON(!(fp->fi_fds[oflag] || fp->fi_fds[O_RDWR]));
168         atomic_inc(&fp->fi_access[oflag]);
169 }
170 
171 static void nfs4_file_get_access(struct nfs4_file *fp, int oflag)
172 {
173         if (oflag == O_RDWR) {
174                 __nfs4_file_get_access(fp, O_RDONLY);
175                 __nfs4_file_get_access(fp, O_WRONLY);
176         } else
177                 __nfs4_file_get_access(fp, oflag);
178 }
179 
180 static void nfs4_file_put_fd(struct nfs4_file *fp, int oflag)
181 {
182         if (fp->fi_fds[oflag]) {
183                 fput(fp->fi_fds[oflag]);
184                 fp->fi_fds[oflag] = NULL;
185         }
186 }
187 
188 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
189 {
190         if (atomic_dec_and_test(&fp->fi_access[oflag])) {
191                 nfs4_file_put_fd(fp, O_RDWR);
192                 nfs4_file_put_fd(fp, oflag);
193         }
194 }
195 
196 static void nfs4_file_put_access(struct nfs4_file *fp, int oflag)
197 {
198         if (oflag == O_RDWR) {
199                 __nfs4_file_put_access(fp, O_RDONLY);
200                 __nfs4_file_put_access(fp, O_WRONLY);
201         } else
202                 __nfs4_file_put_access(fp, oflag);
203 }
204 
205 static struct nfs4_delegation *
206 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_stateid *stp, struct svc_fh *current_fh, u32 type)
207 {
208         struct nfs4_delegation *dp;
209         struct nfs4_file *fp = stp->st_file;
210 
211         dprintk("NFSD alloc_init_deleg\n");
212         /*
213          * Major work on the lease subsystem (for example, to support
214          * calbacks on stat) will be required before we can support
215          * write delegations properly.
216          */
217         if (type != NFS4_OPEN_DELEGATE_READ)
218                 return NULL;
219         if (fp->fi_had_conflict)
220                 return NULL;
221         if (num_delegations > max_delegations)
222                 return NULL;
223         dp = kmem_cache_alloc(deleg_slab, GFP_KERNEL);
224         if (dp == NULL)
225                 return dp;
226         num_delegations++;
227         INIT_LIST_HEAD(&dp->dl_perfile);
228         INIT_LIST_HEAD(&dp->dl_perclnt);
229         INIT_LIST_HEAD(&dp->dl_recall_lru);
230         dp->dl_client = clp;
231         get_nfs4_file(fp);
232         dp->dl_file = fp;
233         dp->dl_type = type;
234         dp->dl_stateid.si_boot = boot_time;
235         dp->dl_stateid.si_stateownerid = current_delegid++;
236         dp->dl_stateid.si_fileid = 0;
237         dp->dl_stateid.si_generation = 0;
238         fh_copy_shallow(&dp->dl_fh, &current_fh->fh_handle);
239         dp->dl_time = 0;
240         atomic_set(&dp->dl_count, 1);
241         INIT_WORK(&dp->dl_recall.cb_work, nfsd4_do_callback_rpc);
242         return dp;
243 }
244 
245 void
246 nfs4_put_delegation(struct nfs4_delegation *dp)
247 {
248         if (atomic_dec_and_test(&dp->dl_count)) {
249                 dprintk("NFSD: freeing dp %p\n",dp);
250                 put_nfs4_file(dp->dl_file);
251                 kmem_cache_free(deleg_slab, dp);
252                 num_delegations--;
253         }
254 }
255 
256 static void nfs4_put_deleg_lease(struct nfs4_file *fp)
257 {
258         if (atomic_dec_and_test(&fp->fi_delegees)) {
259                 vfs_setlease(fp->fi_deleg_file, F_UNLCK, &fp->fi_lease);
260                 fp->fi_lease = NULL;
261                 fput(fp->fi_deleg_file);
262                 fp->fi_deleg_file = NULL;
263         }
264 }
265 
266 /* Called under the state lock. */
267 static void
268 unhash_delegation(struct nfs4_delegation *dp)
269 {
270         list_del_init(&dp->dl_perclnt);
271         spin_lock(&recall_lock);
272         list_del_init(&dp->dl_perfile);
273         list_del_init(&dp->dl_recall_lru);
274         spin_unlock(&recall_lock);
275         nfs4_put_deleg_lease(dp->dl_file);
276         nfs4_put_delegation(dp);
277 }
278 
279 /* 
280  * SETCLIENTID state 
281  */
282 
283 /* client_lock protects the client lru list and session hash table */
284 static DEFINE_SPINLOCK(client_lock);
285 
286 /* Hash tables for nfs4_clientid state */
287 #define CLIENT_HASH_BITS                 4
288 #define CLIENT_HASH_SIZE                (1 << CLIENT_HASH_BITS)
289 #define CLIENT_HASH_MASK                (CLIENT_HASH_SIZE - 1)
290 
291 #define clientid_hashval(id) \
292         ((id) & CLIENT_HASH_MASK)
293 #define clientstr_hashval(name) \
294         (opaque_hashval((name), 8) & CLIENT_HASH_MASK)
295 /*
296  * reclaim_str_hashtbl[] holds known client info from previous reset/reboot
297  * used in reboot/reset lease grace period processing
298  *
299  * conf_id_hashtbl[], and conf_str_hashtbl[] hold confirmed
300  * setclientid_confirmed info. 
301  *
302  * unconf_str_hastbl[] and unconf_id_hashtbl[] hold unconfirmed 
303  * setclientid info.
304  *
305  * client_lru holds client queue ordered by nfs4_client.cl_time
306  * for lease renewal.
307  *
308  * close_lru holds (open) stateowner queue ordered by nfs4_stateowner.so_time
309  * for last close replay.
310  */
311 static struct list_head reclaim_str_hashtbl[CLIENT_HASH_SIZE];
312 static int reclaim_str_hashtbl_size = 0;
313 static struct list_head conf_id_hashtbl[CLIENT_HASH_SIZE];
314 static struct list_head conf_str_hashtbl[CLIENT_HASH_SIZE];
315 static struct list_head unconf_str_hashtbl[CLIENT_HASH_SIZE];
316 static struct list_head unconf_id_hashtbl[CLIENT_HASH_SIZE];
317 static struct list_head client_lru;
318 static struct list_head close_lru;
319 
320 /*
321  * We store the NONE, READ, WRITE, and BOTH bits separately in the
322  * st_{access,deny}_bmap field of the stateid, in order to track not
323  * only what share bits are currently in force, but also what
324  * combinations of share bits previous opens have used.  This allows us
325  * to enforce the recommendation of rfc 3530 14.2.19 that the server
326  * return an error if the client attempt to downgrade to a combination
327  * of share bits not explicable by closing some of its previous opens.
328  *
329  * XXX: This enforcement is actually incomplete, since we don't keep
330  * track of access/deny bit combinations; so, e.g., we allow:
331  *
332  *      OPEN allow read, deny write
333  *      OPEN allow both, deny none
334  *      DOWNGRADE allow read, deny none
335  *
336  * which we should reject.
337  */
338 static void
339 set_access(unsigned int *access, unsigned long bmap) {
340         int i;
341 
342         *access = 0;
343         for (i = 1; i < 4; i++) {
344                 if (test_bit(i, &bmap))
345                         *access |= i;
346         }
347 }
348 
349 static void
350 set_deny(unsigned int *deny, unsigned long bmap) {
351         int i;
352 
353         *deny = 0;
354         for (i = 0; i < 4; i++) {
355                 if (test_bit(i, &bmap))
356                         *deny |= i ;
357         }
358 }
359 
360 static int
361 test_share(struct nfs4_stateid *stp, struct nfsd4_open *open) {
362         unsigned int access, deny;
363 
364         set_access(&access, stp->st_access_bmap);
365         set_deny(&deny, stp->st_deny_bmap);
366         if ((access & open->op_share_deny) || (deny & open->op_share_access))
367                 return 0;
368         return 1;
369 }
370 
371 static int nfs4_access_to_omode(u32 access)
372 {
373         switch (access & NFS4_SHARE_ACCESS_BOTH) {
374         case NFS4_SHARE_ACCESS_READ:
375                 return O_RDONLY;
376         case NFS4_SHARE_ACCESS_WRITE:
377                 return O_WRONLY;
378         case NFS4_SHARE_ACCESS_BOTH:
379                 return O_RDWR;
380         }
381         BUG();
382 }
383 
384 static int nfs4_access_bmap_to_omode(struct nfs4_stateid *stp)
385 {
386         unsigned int access;
387 
388         set_access(&access, stp->st_access_bmap);
389         return nfs4_access_to_omode(access);
390 }
391 
392 static void unhash_generic_stateid(struct nfs4_stateid *stp)
393 {
394         list_del(&stp->st_hash);
395         list_del(&stp->st_perfile);
396         list_del(&stp->st_perstateowner);
397 }
398 
399 static void free_generic_stateid(struct nfs4_stateid *stp)
400 {
401         int oflag;
402 
403         if (stp->st_access_bmap) {
404                 oflag = nfs4_access_bmap_to_omode(stp);
405                 nfs4_file_put_access(stp->st_file, oflag);
406         }
407         put_nfs4_file(stp->st_file);
408         kmem_cache_free(stateid_slab, stp);
409 }
410 
411 static void release_lock_stateid(struct nfs4_stateid *stp)
412 {
413         struct file *file;
414 
415         unhash_generic_stateid(stp);
416         file = find_any_file(stp->st_file);
417         if (file)
418                 locks_remove_posix(file, (fl_owner_t)stp->st_stateowner);
419         free_generic_stateid(stp);
420 }
421 
422 static void unhash_lockowner(struct nfs4_stateowner *sop)
423 {
424         struct nfs4_stateid *stp;
425 
426         list_del(&sop->so_idhash);
427         list_del(&sop->so_strhash);
428         list_del(&sop->so_perstateid);
429         while (!list_empty(&sop->so_stateids)) {
430                 stp = list_first_entry(&sop->so_stateids,
431                                 struct nfs4_stateid, st_perstateowner);
432                 release_lock_stateid(stp);
433         }
434 }
435 
436 static void release_lockowner(struct nfs4_stateowner *sop)
437 {
438         unhash_lockowner(sop);
439         nfs4_put_stateowner(sop);
440 }
441 
442 static void
443 release_stateid_lockowners(struct nfs4_stateid *open_stp)
444 {
445         struct nfs4_stateowner *lock_sop;
446 
447         while (!list_empty(&open_stp->st_lockowners)) {
448                 lock_sop = list_entry(open_stp->st_lockowners.next,
449                                 struct nfs4_stateowner, so_perstateid);
450                 /* list_del(&open_stp->st_lockowners);  */
451                 BUG_ON(lock_sop->so_is_open_owner);
452                 release_lockowner(lock_sop);
453         }
454 }
455 
456 static void release_open_stateid(struct nfs4_stateid *stp)
457 {
458         unhash_generic_stateid(stp);
459         release_stateid_lockowners(stp);
460         free_generic_stateid(stp);
461 }
462 
463 static void unhash_openowner(struct nfs4_stateowner *sop)
464 {
465         struct nfs4_stateid *stp;
466 
467         list_del(&sop->so_idhash);
468         list_del(&sop->so_strhash);
469         list_del(&sop->so_perclient);
470         list_del(&sop->so_perstateid); /* XXX: necessary? */
471         while (!list_empty(&sop->so_stateids)) {
472                 stp = list_first_entry(&sop->so_stateids,
473                                 struct nfs4_stateid, st_perstateowner);
474                 release_open_stateid(stp);
475         }
476 }
477 
478 static void release_openowner(struct nfs4_stateowner *sop)
479 {
480         unhash_openowner(sop);
481         list_del(&sop->so_close_lru);
482         nfs4_put_stateowner(sop);
483 }
484 
485 #define SESSION_HASH_SIZE       512
486 static struct list_head sessionid_hashtbl[SESSION_HASH_SIZE];
487 
488 static inline int
489 hash_sessionid(struct nfs4_sessionid *sessionid)
490 {
491         struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
492 
493         return sid->sequence % SESSION_HASH_SIZE;
494 }
495 
496 static inline void
497 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
498 {
499         u32 *ptr = (u32 *)(&sessionid->data[0]);
500         dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
501 }
502 
503 static void
504 gen_sessionid(struct nfsd4_session *ses)
505 {
506         struct nfs4_client *clp = ses->se_client;
507         struct nfsd4_sessionid *sid;
508 
509         sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
510         sid->clientid = clp->cl_clientid;
511         sid->sequence = current_sessionid++;
512         sid->reserved = 0;
513 }
514 
515 /*
516  * The protocol defines ca_maxresponssize_cached to include the size of
517  * the rpc header, but all we need to cache is the data starting after
518  * the end of the initial SEQUENCE operation--the rest we regenerate
519  * each time.  Therefore we can advertise a ca_maxresponssize_cached
520  * value that is the number of bytes in our cache plus a few additional
521  * bytes.  In order to stay on the safe side, and not promise more than
522  * we can cache, those additional bytes must be the minimum possible: 24
523  * bytes of rpc header (xid through accept state, with AUTH_NULL
524  * verifier), 12 for the compound header (with zero-length tag), and 44
525  * for the SEQUENCE op response:
526  */
527 #define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)
528 
529 static void
530 free_session_slots(struct nfsd4_session *ses)
531 {
532         int i;
533 
534         for (i = 0; i < ses->se_fchannel.maxreqs; i++)
535                 kfree(ses->se_slots[i]);
536 }
537 
538 /*
539  * We don't actually need to cache the rpc and session headers, so we
540  * can allocate a little less for each slot:
541  */
542 static inline int slot_bytes(struct nfsd4_channel_attrs *ca)
543 {
544         return ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
545 }
546 
547 static int nfsd4_sanitize_slot_size(u32 size)
548 {
549         size -= NFSD_MIN_HDR_SEQ_SZ; /* We don't cache the rpc header */
550         size = min_t(u32, size, NFSD_SLOT_CACHE_SIZE);
551 
552         return size;
553 }
554 
555 /*
556  * XXX: If we run out of reserved DRC memory we could (up to a point)
557  * re-negotiate active sessions and reduce their slot usage to make
558  * rooom for new connections. For now we just fail the create session.
559  */
560 static int nfsd4_get_drc_mem(int slotsize, u32 num)
561 {
562         int avail;
563 
564         num = min_t(u32, num, NFSD_MAX_SLOTS_PER_SESSION);
565 
566         spin_lock(&nfsd_drc_lock);
567         avail = min_t(int, NFSD_MAX_MEM_PER_SESSION,
568                         nfsd_drc_max_mem - nfsd_drc_mem_used);
569         num = min_t(int, num, avail / slotsize);
570         nfsd_drc_mem_used += num * slotsize;
571         spin_unlock(&nfsd_drc_lock);
572 
573         return num;
574 }
575 
576 static void nfsd4_put_drc_mem(int slotsize, int num)
577 {
578         spin_lock(&nfsd_drc_lock);
579         nfsd_drc_mem_used -= slotsize * num;
580         spin_unlock(&nfsd_drc_lock);
581 }
582 
583 static struct nfsd4_session *alloc_session(int slotsize, int numslots)
584 {
585         struct nfsd4_session *new;
586         int mem, i;
587 
588         BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
589                         + sizeof(struct nfsd4_session) > PAGE_SIZE);
590         mem = numslots * sizeof(struct nfsd4_slot *);
591 
592         new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
593         if (!new)
594                 return NULL;
595         /* allocate each struct nfsd4_slot and data cache in one piece */
596         for (i = 0; i < numslots; i++) {
597                 mem = sizeof(struct nfsd4_slot) + slotsize;
598                 new->se_slots[i] = kzalloc(mem, GFP_KERNEL);
599                 if (!new->se_slots[i])
600                         goto out_free;
601         }
602         return new;
603 out_free:
604         while (i--)
605                 kfree(new->se_slots[i]);
606         kfree(new);
607         return NULL;
608 }
609 
610 static void init_forechannel_attrs(struct nfsd4_channel_attrs *new, struct nfsd4_channel_attrs *req, int numslots, int slotsize)
611 {
612         u32 maxrpc = nfsd_serv->sv_max_mesg;
613 
614         new->maxreqs = numslots;
615         new->maxresp_cached = min_t(u32, req->maxresp_cached,
616                                         slotsize + NFSD_MIN_HDR_SEQ_SZ);
617         new->maxreq_sz = min_t(u32, req->maxreq_sz, maxrpc);
618         new->maxresp_sz = min_t(u32, req->maxresp_sz, maxrpc);
619         new->maxops = min_t(u32, req->maxops, NFSD_MAX_OPS_PER_COMPOUND);
620 }
621 
622 static void free_conn(struct nfsd4_conn *c)
623 {
624         svc_xprt_put(c->cn_xprt);
625         kfree(c);
626 }
627 
628 static void nfsd4_conn_lost(struct svc_xpt_user *u)
629 {
630         struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
631         struct nfs4_client *clp = c->cn_session->se_client;
632 
633         spin_lock(&clp->cl_lock);
634         if (!list_empty(&c->cn_persession)) {
635                 list_del(&c->cn_persession);
636                 free_conn(c);
637         }
638         spin_unlock(&clp->cl_lock);
639         nfsd4_probe_callback(clp);
640 }
641 
642 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
643 {
644         struct nfsd4_conn *conn;
645 
646         conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
647         if (!conn)
648                 return NULL;
649         svc_xprt_get(rqstp->rq_xprt);
650         conn->cn_xprt = rqstp->rq_xprt;
651         conn->cn_flags = flags;
652         INIT_LIST_HEAD(&conn->cn_xpt_user.list);
653         return conn;
654 }
655 
656 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
657 {
658         conn->cn_session = ses;
659         list_add(&conn->cn_persession, &ses->se_conns);
660 }
661 
662 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
663 {
664         struct nfs4_client *clp = ses->se_client;
665 
666         spin_lock(&clp->cl_lock);
667         __nfsd4_hash_conn(conn, ses);
668         spin_unlock(&clp->cl_lock);
669 }
670 
671 static int nfsd4_register_conn(struct nfsd4_conn *conn)
672 {
673         conn->cn_xpt_user.callback = nfsd4_conn_lost;
674         return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
675 }
676 
677 static __be32 nfsd4_new_conn(struct svc_rqst *rqstp, struct nfsd4_session *ses, u32 dir)
678 {
679         struct nfsd4_conn *conn;
680         int ret;
681 
682         conn = alloc_conn(rqstp, dir);
683         if (!conn)
684                 return nfserr_jukebox;
685         nfsd4_hash_conn(conn, ses);
686         ret = nfsd4_register_conn(conn);
687         if (ret)
688                 /* oops; xprt is already down: */
689                 nfsd4_conn_lost(&conn->cn_xpt_user);
690         return nfs_ok;
691 }
692 
693 static __be32 nfsd4_new_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_session *ses)
694 {
695         u32 dir = NFS4_CDFC4_FORE;
696 
697         if (ses->se_flags & SESSION4_BACK_CHAN)
698                 dir |= NFS4_CDFC4_BACK;
699 
700         return nfsd4_new_conn(rqstp, ses, dir);
701 }
702 
703 /* must be called under client_lock */
704 static void nfsd4_del_conns(struct nfsd4_session *s)
705 {
706         struct nfs4_client *clp = s->se_client;
707         struct nfsd4_conn *c;
708 
709         spin_lock(&clp->cl_lock);
710         while (!list_empty(&s->se_conns)) {
711                 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
712                 list_del_init(&c->cn_persession);
713                 spin_unlock(&clp->cl_lock);
714 
715                 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
716                 free_conn(c);
717 
718                 spin_lock(&clp->cl_lock);
719         }
720         spin_unlock(&clp->cl_lock);
721 }
722 
723 void free_session(struct kref *kref)
724 {
725         struct nfsd4_session *ses;
726         int mem;
727 
728         ses = container_of(kref, struct nfsd4_session, se_ref);
729         nfsd4_del_conns(ses);
730         spin_lock(&nfsd_drc_lock);
731         mem = ses->se_fchannel.maxreqs * slot_bytes(&ses->se_fchannel);
732         nfsd_drc_mem_used -= mem;
733         spin_unlock(&nfsd_drc_lock);
734         free_session_slots(ses);
735         kfree(ses);
736 }
737 
738 static struct nfsd4_session *alloc_init_session(struct svc_rqst *rqstp, struct nfs4_client *clp, struct nfsd4_create_session *cses)
739 {
740         struct nfsd4_session *new;
741         struct nfsd4_channel_attrs *fchan = &cses->fore_channel;
742         int numslots, slotsize;
743         int status;
744         int idx;
745 
746         /*
747          * Note decreasing slot size below client's request may
748          * make it difficult for client to function correctly, whereas
749          * decreasing the number of slots will (just?) affect
750          * performance.  When short on memory we therefore prefer to
751          * decrease number of slots instead of their size.
752          */
753         slotsize = nfsd4_sanitize_slot_size(fchan->maxresp_cached);
754         numslots = nfsd4_get_drc_mem(slotsize, fchan->maxreqs);
755         if (numslots < 1)
756                 return NULL;
757 
758         new = alloc_session(slotsize, numslots);
759         if (!new) {
760                 nfsd4_put_drc_mem(slotsize, fchan->maxreqs);
761                 return NULL;
762         }
763         init_forechannel_attrs(&new->se_fchannel, fchan, numslots, slotsize);
764 
765         new->se_client = clp;
766         gen_sessionid(new);
767 
768         INIT_LIST_HEAD(&new->se_conns);
769 
770         new->se_cb_seq_nr = 1;
771         new->se_flags = cses->flags;
772         new->se_cb_prog = cses->callback_prog;
773         kref_init(&new->se_ref);
774         idx = hash_sessionid(&new->se_sessionid);
775         spin_lock(&client_lock);
776         list_add(&new->se_hash, &sessionid_hashtbl[idx]);
777         spin_lock(&clp->cl_lock);
778         list_add(&new->se_perclnt, &clp->cl_sessions);
779         spin_unlock(&clp->cl_lock);
780         spin_unlock(&client_lock);
781 
782         status = nfsd4_new_conn_from_crses(rqstp, new);
783         /* whoops: benny points out, status is ignored! (err, or bogus) */
784         if (status) {
785                 free_session(&new->se_ref);
786                 return NULL;
787         }
788         if (cses->flags & SESSION4_BACK_CHAN) {
789                 struct sockaddr *sa = svc_addr(rqstp);
790                 /*
791                  * This is a little silly; with sessions there's no real
792                  * use for the callback address.  Use the peer address
793                  * as a reasonable default for now, but consider fixing
794                  * the rpc client not to require an address in the
795                  * future:
796                  */
797                 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
798                 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
799         }
800         nfsd4_probe_callback(clp);
801         return new;
802 }
803 
804 /* caller must hold client_lock */
805 static struct nfsd4_session *
806 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid)
807 {
808         struct nfsd4_session *elem;
809         int idx;
810 
811         dump_sessionid(__func__, sessionid);
812         idx = hash_sessionid(sessionid);
813         /* Search in the appropriate list */
814         list_for_each_entry(elem, &sessionid_hashtbl[idx], se_hash) {
815                 if (!memcmp(elem->se_sessionid.data, sessionid->data,
816                             NFS4_MAX_SESSIONID_LEN)) {
817                         return elem;
818                 }
819         }
820 
821         dprintk("%s: session not found\n", __func__);
822         return NULL;
823 }
824 
825 /* caller must hold client_lock */
826 static void
827 unhash_session(struct nfsd4_session *ses)
828 {
829         list_del(&ses->se_hash);
830         spin_lock(&ses->se_client->cl_lock);
831         list_del(&ses->se_perclnt);
832         spin_unlock(&ses->se_client->cl_lock);
833 }
834 
835 /* must be called under the client_lock */
836 static inline void
837 renew_client_locked(struct nfs4_client *clp)
838 {
839         if (is_client_expired(clp)) {
840                 dprintk("%s: client (clientid %08x/%08x) already expired\n",
841                         __func__,
842                         clp->cl_clientid.cl_boot,
843                         clp->cl_clientid.cl_id);
844                 return;
845         }
846 
847         /*
848         * Move client to the end to the LRU list.
849         */
850         dprintk("renewing client (clientid %08x/%08x)\n", 
851                         clp->cl_clientid.cl_boot, 
852                         clp->cl_clientid.cl_id);
853         list_move_tail(&clp->cl_lru, &client_lru);
854         clp->cl_time = get_seconds();
855 }
856 
857 static inline void
858 renew_client(struct nfs4_client *clp)
859 {
860         spin_lock(&client_lock);
861         renew_client_locked(clp);
862         spin_unlock(&client_lock);
863 }
864 
865 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
866 static int
867 STALE_CLIENTID(clientid_t *clid)
868 {
869         if (clid->cl_boot == boot_time)
870                 return 0;
871         dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
872                 clid->cl_boot, clid->cl_id, boot_time);
873         return 1;
874 }
875 
876 /* 
877  * XXX Should we use a slab cache ?
878  * This type of memory management is somewhat inefficient, but we use it
879  * anyway since SETCLIENTID is not a common operation.
880  */
881 static struct nfs4_client *alloc_client(struct xdr_netobj name)
882 {
883         struct nfs4_client *clp;
884 
885         clp = kzalloc(sizeof(struct nfs4_client), GFP_KERNEL);
886         if (clp == NULL)
887                 return NULL;
888         clp->cl_name.data = kmalloc(name.len, GFP_KERNEL);
889         if (clp->cl_name.data == NULL) {
890                 kfree(clp);
891                 return NULL;
892         }
893         memcpy(clp->cl_name.data, name.data, name.len);
894         clp->cl_name.len = name.len;
895         return clp;
896 }
897 
898 static inline void
899 free_client(struct nfs4_client *clp)
900 {
901         while (!list_empty(&clp->cl_sessions)) {
902                 struct nfsd4_session *ses;
903                 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
904                                 se_perclnt);
905                 list_del(&ses->se_perclnt);
906                 nfsd4_put_session(ses);
907         }
908         if (clp->cl_cred.cr_group_info)
909                 put_group_info(clp->cl_cred.cr_group_info);
910         kfree(clp->cl_principal);
911         kfree(clp->cl_name.data);
912         kfree(clp);
913 }
914 
915 void
916 release_session_client(struct nfsd4_session *session)
917 {
918         struct nfs4_client *clp = session->se_client;
919 
920         if (!atomic_dec_and_lock(&clp->cl_refcount, &client_lock))
921                 return;
922         if (is_client_expired(clp)) {
923                 free_client(clp);
924                 session->se_client = NULL;
925         } else
926                 renew_client_locked(clp);
927         spin_unlock(&client_lock);
928 }
929 
930 /* must be called under the client_lock */
931 static inline void
932 unhash_client_locked(struct nfs4_client *clp)
933 {
934         struct nfsd4_session *ses;
935 
936         mark_client_expired(clp);
937         list_del(&clp->cl_lru);
938         spin_lock(&clp->cl_lock);
939         list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
940                 list_del_init(&ses->se_hash);
941         spin_unlock(&clp->cl_lock);
942 }
943 
944 static void
945 expire_client(struct nfs4_client *clp)
946 {
947         struct nfs4_stateowner *sop;
948         struct nfs4_delegation *dp;
949         struct list_head reaplist;
950 
951         INIT_LIST_HEAD(&reaplist);
952         spin_lock(&recall_lock);
953         while (!list_empty(&clp->cl_delegations)) {
954                 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
955                 list_del_init(&dp->dl_perclnt);
956                 list_move(&dp->dl_recall_lru, &reaplist);
957         }
958         spin_unlock(&recall_lock);
959         while (!list_empty(&reaplist)) {
960                 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
961                 list_del_init(&dp->dl_recall_lru);
962                 unhash_delegation(dp);
963         }
964         while (!list_empty(&clp->cl_openowners)) {
965                 sop = list_entry(clp->cl_openowners.next, struct nfs4_stateowner, so_perclient);
966                 release_openowner(sop);
967         }
968         nfsd4_shutdown_callback(clp);
969         if (clp->cl_cb_conn.cb_xprt)
970                 svc_xprt_put(clp->cl_cb_conn.cb_xprt);
971         list_del(&clp->cl_idhash);
972         list_del(&clp->cl_strhash);
973         spin_lock(&client_lock);
974         unhash_client_locked(clp);
975         if (atomic_read(&clp->cl_refcount) == 0)
976                 free_client(clp);
977         spin_unlock(&client_lock);
978 }
979 
980 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
981 {
982         memcpy(target->cl_verifier.data, source->data,
983                         sizeof(target->cl_verifier.data));
984 }
985 
986 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
987 {
988         target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 
989         target->cl_clientid.cl_id = source->cl_clientid.cl_id; 
990 }
991 
992 static void copy_cred(struct svc_cred *target, struct svc_cred *source)
993 {
994         target->cr_uid = source->cr_uid;
995         target->cr_gid = source->cr_gid;
996         target->cr_group_info = source->cr_group_info;
997         get_group_info(target->cr_group_info);
998 }
999 
1000 static int same_name(const char *n1, const char *n2)
1001 {
1002         return 0 == memcmp(n1, n2, HEXDIR_LEN);
1003 }
1004 
1005 static int
1006 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
1007 {
1008         return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
1009 }
1010 
1011 static int
1012 same_clid(clientid_t *cl1, clientid_t *cl2)
1013 {
1014         return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
1015 }
1016 
1017 /* XXX what about NGROUP */
1018 static int
1019 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
1020 {
1021         return cr1->cr_uid == cr2->cr_uid;
1022 }
1023 
1024 static void gen_clid(struct nfs4_client *clp)
1025 {
1026         static u32 current_clientid = 1;
1027 
1028         clp->cl_clientid.cl_boot = boot_time;
1029         clp->cl_clientid.cl_id = current_clientid++; 
1030 }
1031 
1032 static void gen_confirm(struct nfs4_client *clp)
1033 {
1034         static u32 i;
1035         u32 *p;
1036 
1037         p = (u32 *)clp->cl_confirm.data;
1038         *p++ = get_seconds();
1039         *p++ = i++;
1040 }
1041 
1042 static struct nfs4_client *create_client(struct xdr_netobj name, char *recdir,
1043                 struct svc_rqst *rqstp, nfs4_verifier *verf)
1044 {
1045         struct nfs4_client *clp;
1046         struct sockaddr *sa = svc_addr(rqstp);
1047         char *princ;
1048 
1049         clp = alloc_client(name);
1050         if (clp == NULL)
1051                 return NULL;
1052 
1053         INIT_LIST_HEAD(&clp->cl_sessions);
1054 
1055         princ = svc_gss_principal(rqstp);
1056         if (princ) {
1057                 clp->cl_principal = kstrdup(princ, GFP_KERNEL);
1058                 if (clp->cl_principal == NULL) {
1059                         free_client(clp);
1060                         return NULL;
1061                 }
1062         }
1063 
1064         memcpy(clp->cl_recdir, recdir, HEXDIR_LEN);
1065         atomic_set(&clp->cl_refcount, 0);
1066         clp->cl_cb_state = NFSD4_CB_UNKNOWN;
1067         INIT_LIST_HEAD(&clp->cl_idhash);
1068         INIT_LIST_HEAD(&clp->cl_strhash);
1069         INIT_LIST_HEAD(&clp->cl_openowners);
1070         INIT_LIST_HEAD(&clp->cl_delegations);
1071         INIT_LIST_HEAD(&clp->cl_lru);
1072         INIT_LIST_HEAD(&clp->cl_callbacks);
1073         spin_lock_init(&clp->cl_lock);
1074         INIT_WORK(&clp->cl_cb_null.cb_work, nfsd4_do_callback_rpc);
1075         clp->cl_time = get_seconds();
1076         clear_bit(0, &clp->cl_cb_slot_busy);
1077         rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
1078         copy_verf(clp, verf);
1079         rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
1080         clp->cl_flavor = rqstp->rq_flavor;
1081         copy_cred(&clp->cl_cred, &rqstp->rq_cred);
1082         gen_confirm(clp);
1083         clp->cl_cb_session = NULL;
1084         return clp;
1085 }
1086 
1087 static int check_name(struct xdr_netobj name)
1088 {
1089         if (name.len == 0) 
1090                 return 0;
1091         if (name.len > NFS4_OPAQUE_LIMIT) {
1092                 dprintk("NFSD: check_name: name too long(%d)!\n", name.len);
1093                 return 0;
1094         }
1095         return 1;
1096 }
1097 
1098 static void
1099 add_to_unconfirmed(struct nfs4_client *clp, unsigned int strhashval)
1100 {
1101         unsigned int idhashval;
1102 
1103         list_add(&clp->cl_strhash, &unconf_str_hashtbl[strhashval]);
1104         idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1105         list_add(&clp->cl_idhash, &unconf_id_hashtbl[idhashval]);
1106         renew_client(clp);
1107 }
1108 
1109 static void
1110 move_to_confirmed(struct nfs4_client *clp)
1111 {
1112         unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1113         unsigned int strhashval;
1114 
1115         dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
1116         list_move(&clp->cl_idhash, &conf_id_hashtbl[idhashval]);
1117         strhashval = clientstr_hashval(clp->cl_recdir);
1118         list_move(&clp->cl_strhash, &conf_str_hashtbl[strhashval]);
1119         renew_client(clp);
1120 }
1121 
1122 static struct nfs4_client *
1123 find_confirmed_client(clientid_t *clid)
1124 {
1125         struct nfs4_client *clp;
1126         unsigned int idhashval = clientid_hashval(clid->cl_id);
1127 
1128         list_for_each_entry(clp, &conf_id_hashtbl[idhashval], cl_idhash) {
1129                 if (same_clid(&clp->cl_clientid, clid))
1130                         return clp;
1131         }
1132         return NULL;
1133 }
1134 
1135 static struct nfs4_client *
1136 find_unconfirmed_client(clientid_t *clid)
1137 {
1138         struct nfs4_client *clp;
1139         unsigned int idhashval = clientid_hashval(clid->cl_id);
1140 
1141         list_for_each_entry(clp, &unconf_id_hashtbl[idhashval], cl_idhash) {
1142                 if (same_clid(&clp->cl_clientid, clid))
1143                         return clp;
1144         }
1145         return NULL;
1146 }
1147 
1148 static bool clp_used_exchangeid(struct nfs4_client *clp)
1149 {
1150         return clp->cl_exchange_flags != 0;
1151 } 
1152 
1153 static struct nfs4_client *
1154 find_confirmed_client_by_str(const char *dname, unsigned int hashval)
1155 {
1156         struct nfs4_client *clp;
1157 
1158         list_for_each_entry(clp, &conf_str_hashtbl[hashval], cl_strhash) {
1159                 if (same_name(clp->cl_recdir, dname))
1160                         return clp;
1161         }
1162         return NULL;
1163 }
1164 
1165 static struct nfs4_client *
1166 find_unconfirmed_client_by_str(const char *dname, unsigned int hashval)
1167 {
1168         struct nfs4_client *clp;
1169 
1170         list_for_each_entry(clp, &unconf_str_hashtbl[hashval], cl_strhash) {
1171                 if (same_name(clp->cl_recdir, dname))
1172                         return clp;
1173         }
1174         return NULL;
1175 }
1176 
1177 static void rpc_svcaddr2sockaddr(struct sockaddr *sa, unsigned short family, union svc_addr_u *svcaddr)
1178 {
1179         switch (family) {
1180         case AF_INET:
1181                 ((struct sockaddr_in *)sa)->sin_family = AF_INET;
1182                 ((struct sockaddr_in *)sa)->sin_addr = svcaddr->addr;
1183                 return;
1184         case AF_INET6:
1185                 ((struct sockaddr_in6 *)sa)->sin6_family = AF_INET6;
1186                 ((struct sockaddr_in6 *)sa)->sin6_addr = svcaddr->addr6;
1187                 return;
1188         }
1189 }
1190 
1191 static void
1192 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
1193 {
1194         struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
1195         struct sockaddr *sa = svc_addr(rqstp);
1196         u32 scopeid = rpc_get_scope_id(sa);
1197         unsigned short expected_family;
1198 
1199         /* Currently, we only support tcp and tcp6 for the callback channel */
1200         if (se->se_callback_netid_len == 3 &&
1201             !memcmp(se->se_callback_netid_val, "tcp", 3))
1202                 expected_family = AF_INET;
1203         else if (se->se_callback_netid_len == 4 &&
1204                  !memcmp(se->se_callback_netid_val, "tcp6", 4))
1205                 expected_family = AF_INET6;
1206         else
1207                 goto out_err;
1208 
1209         conn->cb_addrlen = rpc_uaddr2sockaddr(se->se_callback_addr_val,
1210                                             se->se_callback_addr_len,
1211                                             (struct sockaddr *)&conn->cb_addr,
1212                                             sizeof(conn->cb_addr));
1213 
1214         if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
1215                 goto out_err;
1216 
1217         if (conn->cb_addr.ss_family == AF_INET6)
1218                 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
1219 
1220         conn->cb_prog = se->se_callback_prog;
1221         conn->cb_ident = se->se_callback_ident;
1222         rpc_svcaddr2sockaddr((struct sockaddr *)&conn->cb_saddr, expected_family, &rqstp->rq_daddr);
1223         return;
1224 out_err:
1225         conn->cb_addr.ss_family = AF_UNSPEC;
1226         conn->cb_addrlen = 0;
1227         dprintk(KERN_INFO "NFSD: this client (clientid %08x/%08x) "
1228                 "will not receive delegations\n",
1229                 clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);
1230 
1231         return;
1232 }
1233 
1234 /*
1235  * Cache a reply. nfsd4_check_drc_limit() has bounded the cache size.
1236  */
1237 void
1238 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
1239 {
1240         struct nfsd4_slot *slot = resp->cstate.slot;
1241         unsigned int base;
1242 
1243         dprintk("--> %s slot %p\n", __func__, slot);
1244 
1245         slot->sl_opcnt = resp->opcnt;
1246         slot->sl_status = resp->cstate.status;
1247 
1248         if (nfsd4_not_cached(resp)) {
1249                 slot->sl_datalen = 0;
1250                 return;
1251         }
1252         slot->sl_datalen = (char *)resp->p - (char *)resp->cstate.datap;
1253         base = (char *)resp->cstate.datap -
1254                                         (char *)resp->xbuf->head[0].iov_base;
1255         if (read_bytes_from_xdr_buf(resp->xbuf, base, slot->sl_data,
1256                                     slot->sl_datalen))
1257                 WARN("%s: sessions DRC could not cache compound\n", __func__);
1258         return;
1259 }
1260 
1261 /*
1262  * Encode the replay sequence operation from the slot values.
1263  * If cachethis is FALSE encode the uncached rep error on the next
1264  * operation which sets resp->p and increments resp->opcnt for
1265  * nfs4svc_encode_compoundres.
1266  *
1267  */
1268 static __be32
1269 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
1270                           struct nfsd4_compoundres *resp)
1271 {
1272         struct nfsd4_op *op;
1273         struct nfsd4_slot *slot = resp->cstate.slot;
1274 
1275         dprintk("--> %s resp->opcnt %d cachethis %u \n", __func__,
1276                 resp->opcnt, resp->cstate.slot->sl_cachethis);
1277 
1278         /* Encode the replayed sequence operation */
1279         op = &args->ops[resp->opcnt - 1];
1280         nfsd4_encode_operation(resp, op);
1281 
1282         /* Return nfserr_retry_uncached_rep in next operation. */
1283         if (args->opcnt > 1 && slot->sl_cachethis == 0) {
1284                 op = &args->ops[resp->opcnt++];
1285                 op->status = nfserr_retry_uncached_rep;
1286                 nfsd4_encode_operation(resp, op);
1287         }
1288         return op->status;
1289 }
1290 
1291 /*
1292  * The sequence operation is not cached because we can use the slot and
1293  * session values.
1294  */
1295 __be32
1296 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
1297                          struct nfsd4_sequence *seq)
1298 {
1299         struct nfsd4_slot *slot = resp->cstate.slot;
1300         __be32 status;
1301 
1302         dprintk("--> %s slot %p\n", __func__, slot);
1303 
1304         /* Either returns 0 or nfserr_retry_uncached */
1305         status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
1306         if (status == nfserr_retry_uncached_rep)
1307                 return status;
1308 
1309         /* The sequence operation has been encoded, cstate->datap set. */
1310         memcpy(resp->cstate.datap, slot->sl_data, slot->sl_datalen);
1311 
1312         resp->opcnt = slot->sl_opcnt;
1313         resp->p = resp->cstate.datap + XDR_QUADLEN(slot->sl_datalen);
1314         status = slot->sl_status;
1315 
1316         return status;
1317 }
1318 
1319 /*
1320  * Set the exchange_id flags returned by the server.
1321  */
1322 static void
1323 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
1324 {
1325         /* pNFS is not supported */
1326         new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
1327 
1328         /* Referrals are supported, Migration is not. */
1329         new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
1330 
1331         /* set the wire flags to return to client. */
1332         clid->flags = new->cl_exchange_flags;
1333 }
1334 
1335 __be32
1336 nfsd4_exchange_id(struct svc_rqst *rqstp,
1337                   struct nfsd4_compound_state *cstate,
1338                   struct nfsd4_exchange_id *exid)
1339 {
1340         struct nfs4_client *unconf, *conf, *new;
1341         int status;
1342         unsigned int            strhashval;
1343         char                    dname[HEXDIR_LEN];
1344         char                    addr_str[INET6_ADDRSTRLEN];
1345         nfs4_verifier           verf = exid->verifier;
1346         struct sockaddr         *sa = svc_addr(rqstp);
1347 
1348         rpc_ntop(sa, addr_str, sizeof(addr_str));
1349         dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
1350                 "ip_addr=%s flags %x, spa_how %d\n",
1351                 __func__, rqstp, exid, exid->clname.len, exid->clname.data,
1352                 addr_str, exid->flags, exid->spa_how);
1353 
1354         if (!check_name(exid->clname) || (exid->flags & ~EXCHGID4_FLAG_MASK_A))
1355                 return nfserr_inval;
1356 
1357         /* Currently only support SP4_NONE */
1358         switch (exid->spa_how) {
1359         case SP4_NONE:
1360                 break;
1361         case SP4_SSV:
1362                 return nfserr_serverfault;
1363         default:
1364                 BUG();                          /* checked by xdr code */
1365         case SP4_MACH_CRED:
1366                 return nfserr_serverfault;      /* no excuse :-/ */
1367         }
1368 
1369         status = nfs4_make_rec_clidname(dname, &exid->clname);
1370 
1371         if (status)
1372                 goto error;
1373 
1374         strhashval = clientstr_hashval(dname);
1375 
1376         nfs4_lock_state();
1377         status = nfs_ok;
1378 
1379         conf = find_confirmed_client_by_str(dname, strhashval);
1380         if (conf) {
1381                 if (!clp_used_exchangeid(conf)) {
1382                         status = nfserr_clid_inuse; /* XXX: ? */
1383                         goto out;
1384                 }
1385                 if (!same_verf(&verf, &conf->cl_verifier)) {
1386                         /* 18.35.4 case 8 */
1387                         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1388                                 status = nfserr_not_same;
1389                                 goto out;
1390                         }
1391                         /* Client reboot: destroy old state */
1392                         expire_client(conf);
1393                         goto out_new;
1394                 }
1395                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
1396                         /* 18.35.4 case 9 */
1397                         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1398                                 status = nfserr_perm;
1399                                 goto out;
1400                         }
1401                         expire_client(conf);
1402                         goto out_new;
1403                 }
1404                 /*
1405                  * Set bit when the owner id and verifier map to an already
1406                  * confirmed client id (18.35.3).
1407                  */
1408                 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
1409 
1410                 /*
1411                  * Falling into 18.35.4 case 2, possible router replay.
1412                  * Leave confirmed record intact and return same result.
1413                  */
1414                 copy_verf(conf, &verf);
1415                 new = conf;
1416                 goto out_copy;
1417         }
1418 
1419         /* 18.35.4 case 7 */
1420         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1421                 status = nfserr_noent;
1422                 goto out;
1423         }
1424 
1425         unconf  = find_unconfirmed_client_by_str(dname, strhashval);
1426         if (unconf) {
1427                 /*
1428                  * Possible retry or client restart.  Per 18.35.4 case 4,
1429                  * a new unconfirmed record should be generated regardless
1430                  * of whether any properties have changed.
1431                  */
1432                 expire_client(unconf);
1433         }
1434 
1435 out_new:
1436         /* Normal case */
1437         new = create_client(exid->clname, dname, rqstp, &verf);
1438         if (new == NULL) {
1439                 status = nfserr_jukebox;
1440                 goto out;
1441         }
1442 
1443         gen_clid(new);
1444         add_to_unconfirmed(new, strhashval);
1445 out_copy:
1446         exid->clientid.cl_boot = new->cl_clientid.cl_boot;
1447         exid->clientid.cl_id = new->cl_clientid.cl_id;
1448 
1449         exid->seqid = 1;
1450         nfsd4_set_ex_flags(new, exid);
1451 
1452         dprintk("nfsd4_exchange_id seqid %d flags %x\n",
1453                 new->cl_cs_slot.sl_seqid, new->cl_exchange_flags);
1454         status = nfs_ok;
1455 
1456 out:
1457         nfs4_unlock_state();
1458 error:
1459         dprintk("nfsd4_exchange_id returns %d\n", ntohl(status));
1460         return status;
1461 }
1462 
1463 static int
1464 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
1465 {
1466         dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
1467                 slot_seqid);
1468 
1469         /* The slot is in use, and no response has been sent. */
1470         if (slot_inuse) {
1471                 if (seqid == slot_seqid)
1472                         return nfserr_jukebox;
1473                 else
1474                         return nfserr_seq_misordered;
1475         }
1476         /* Normal */
1477         if (likely(seqid == slot_seqid + 1))
1478                 return nfs_ok;
1479         /* Replay */
1480         if (seqid == slot_seqid)
1481                 return nfserr_replay_cache;
1482         /* Wraparound */
1483         if (seqid == 1 && (slot_seqid + 1) == 0)
1484                 return nfs_ok;
1485         /* Misordered replay or misordered new request */
1486         return nfserr_seq_misordered;
1487 }
1488 
1489 /*
1490  * Cache the create session result into the create session single DRC
1491  * slot cache by saving the xdr structure. sl_seqid has been set.
1492  * Do this for solo or embedded create session operations.
1493  */
1494 static void
1495 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
1496                            struct nfsd4_clid_slot *slot, int nfserr)
1497 {
1498         slot->sl_status = nfserr;
1499         memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
1500 }
1501 
1502 static __be32
1503 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
1504                             struct nfsd4_clid_slot *slot)
1505 {
1506         memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
1507         return slot->sl_status;
1508 }
1509 
1510 __be32
1511 nfsd4_create_session(struct svc_rqst *rqstp,
1512                      struct nfsd4_compound_state *cstate,
1513                      struct nfsd4_create_session *cr_ses)
1514 {
1515         struct sockaddr *sa = svc_addr(rqstp);
1516         struct nfs4_client *conf, *unconf;
1517         struct nfsd4_session *new;
1518         struct nfsd4_clid_slot *cs_slot = NULL;
1519         bool confirm_me = false;
1520         int status = 0;
1521 
1522         nfs4_lock_state();
1523         unconf = find_unconfirmed_client(&cr_ses->clientid);
1524         conf = find_confirmed_client(&cr_ses->clientid);
1525 
1526         if (conf) {
1527                 cs_slot = &conf->cl_cs_slot;
1528                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1529                 if (status == nfserr_replay_cache) {
1530                         dprintk("Got a create_session replay! seqid= %d\n",
1531                                 cs_slot->sl_seqid);
1532                         /* Return the cached reply status */
1533                         status = nfsd4_replay_create_session(cr_ses, cs_slot);
1534                         goto out;
1535                 } else if (cr_ses->seqid != cs_slot->sl_seqid + 1) {
1536                         status = nfserr_seq_misordered;
1537                         dprintk("Sequence misordered!\n");
1538                         dprintk("Expected seqid= %d but got seqid= %d\n",
1539                                 cs_slot->sl_seqid, cr_ses->seqid);
1540                         goto out;
1541                 }
1542         } else if (unconf) {
1543                 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
1544                     !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
1545                         status = nfserr_clid_inuse;
1546                         goto out;
1547                 }
1548 
1549                 cs_slot = &unconf->cl_cs_slot;
1550                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1551                 if (status) {
1552                         /* an unconfirmed replay returns misordered */
1553                         status = nfserr_seq_misordered;
1554                         goto out;
1555                 }
1556 
1557                 confirm_me = true;
1558                 conf = unconf;
1559         } else {
1560                 status = nfserr_stale_clientid;
1561                 goto out;
1562         }
1563 
1564         /*
1565          * XXX: we should probably set this at creation time, and check
1566          * for consistent minorversion use throughout:
1567          */
1568         conf->cl_minorversion = 1;
1569         /*
1570          * We do not support RDMA or persistent sessions
1571          */
1572         cr_ses->flags &= ~SESSION4_PERSIST;
1573         cr_ses->flags &= ~SESSION4_RDMA;
1574 
1575         status = nfserr_jukebox;
1576         new = alloc_init_session(rqstp, conf, cr_ses);
1577         if (!new)
1578                 goto out;
1579         status = nfs_ok;
1580         memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
1581                NFS4_MAX_SESSIONID_LEN);
1582         memcpy(&cr_ses->fore_channel, &new->se_fchannel,
1583                 sizeof(struct nfsd4_channel_attrs));
1584         cs_slot->sl_seqid++;
1585         cr_ses->seqid = cs_slot->sl_seqid;
1586 
1587         /* cache solo and embedded create sessions under the state lock */
1588         nfsd4_cache_create_session(cr_ses, cs_slot, status);
1589         if (confirm_me)
1590                 move_to_confirmed(conf);
1591 out:
1592         nfs4_unlock_state();
1593         dprintk("%s returns %d\n", __func__, ntohl(status));
1594         return status;
1595 }
1596 
1597 static bool nfsd4_last_compound_op(struct svc_rqst *rqstp)
1598 {
1599         struct nfsd4_compoundres *resp = rqstp->rq_resp;
1600         struct nfsd4_compoundargs *argp = rqstp->rq_argp;
1601 
1602         return argp->opcnt == resp->opcnt;
1603 }
1604 
1605 static __be32 nfsd4_map_bcts_dir(u32 *dir)
1606 {
1607         switch (*dir) {
1608         case NFS4_CDFC4_FORE:
1609         case NFS4_CDFC4_BACK:
1610                 return nfs_ok;
1611         case NFS4_CDFC4_FORE_OR_BOTH:
1612         case NFS4_CDFC4_BACK_OR_BOTH:
1613                 *dir = NFS4_CDFC4_BOTH;
1614                 return nfs_ok;
1615         };
1616         return nfserr_inval;
1617 }
1618 
1619 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
1620                      struct nfsd4_compound_state *cstate,
1621                      struct nfsd4_bind_conn_to_session *bcts)
1622 {
1623         __be32 status;
1624 
1625         if (!nfsd4_last_compound_op(rqstp))
1626                 return nfserr_not_only_op;
1627         spin_lock(&client_lock);
1628         cstate->session = find_in_sessionid_hashtbl(&bcts->sessionid);
1629         /* Sorta weird: we only need the refcnt'ing because new_conn acquires
1630          * client_lock iself: */
1631         if (cstate->session) {
1632                 nfsd4_get_session(cstate->session);
1633                 atomic_inc(&cstate->session->se_client->cl_refcount);
1634         }
1635         spin_unlock(&client_lock);
1636         if (!cstate->session)
1637                 return nfserr_badsession;
1638 
1639         status = nfsd4_map_bcts_dir(&bcts->dir);
1640         nfsd4_new_conn(rqstp, cstate->session, bcts->dir);
1641         return nfs_ok;
1642 }
1643 
1644 static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
1645 {
1646         if (!session)
1647                 return 0;
1648         return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
1649 }
1650 
1651 __be32
1652 nfsd4_destroy_session(struct svc_rqst *r,
1653                       struct nfsd4_compound_state *cstate,
1654                       struct nfsd4_destroy_session *sessionid)
1655 {
1656         struct nfsd4_session *ses;
1657         u32 status = nfserr_badsession;
1658 
1659         /* Notes:
1660          * - The confirmed nfs4_client->cl_sessionid holds destroyed sessinid
1661          * - Should we return nfserr_back_chan_busy if waiting for
1662          *   callbacks on to-be-destroyed session?
1663          * - Do we need to clear any callback info from previous session?
1664          */
1665 
1666         if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
1667                 if (!nfsd4_last_compound_op(r))
1668                         return nfserr_not_only_op;
1669         }
1670         dump_sessionid(__func__, &sessionid->sessionid);
1671         spin_lock(&client_lock);
1672         ses = find_in_sessionid_hashtbl(&sessionid->sessionid);
1673         if (!ses) {
1674                 spin_unlock(&client_lock);
1675                 goto out;
1676         }
1677 
1678         unhash_session(ses);
1679         spin_unlock(&client_lock);
1680 
1681         nfs4_lock_state();
1682         nfsd4_probe_callback_sync(ses->se_client);
1683         nfs4_unlock_state();
1684 
1685         nfsd4_del_conns(ses);
1686 
1687         nfsd4_put_session(ses);
1688         status = nfs_ok;
1689 out:
1690         dprintk("%s returns %d\n", __func__, ntohl(status));
1691         return status;
1692 }
1693 
1694 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
1695 {
1696         struct nfsd4_conn *c;
1697 
1698         list_for_each_entry(c, &s->se_conns, cn_persession) {
1699                 if (c->cn_xprt == xpt) {
1700                         return c;
1701                 }
1702         }
1703         return NULL;
1704 }
1705 
1706 static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
1707 {
1708         struct nfs4_client *clp = ses->se_client;
1709         struct nfsd4_conn *c;
1710         int ret;
1711 
1712         spin_lock(&clp->cl_lock);
1713         c = __nfsd4_find_conn(new->cn_xprt, ses);
1714         if (c) {
1715                 spin_unlock(&clp->cl_lock);
1716                 free_conn(new);
1717                 return;
1718         }
1719         __nfsd4_hash_conn(new, ses);
1720         spin_unlock(&clp->cl_lock);
1721         ret = nfsd4_register_conn(new);
1722         if (ret)
1723                 /* oops; xprt is already down: */
1724                 nfsd4_conn_lost(&new->cn_xpt_user);
1725         return;
1726 }
1727 
1728 __be32
1729 nfsd4_sequence(struct svc_rqst *rqstp,
1730                struct nfsd4_compound_state *cstate,
1731                struct nfsd4_sequence *seq)
1732 {
1733         struct nfsd4_compoundres *resp = rqstp->rq_resp;
1734         struct nfsd4_session *session;
1735         struct nfsd4_slot *slot;
1736         struct nfsd4_conn *conn;
1737         int status;
1738 
1739         if (resp->opcnt != 1)
1740                 return nfserr_sequence_pos;
1741 
1742         /*
1743          * Will be either used or freed by nfsd4_sequence_check_conn
1744          * below.
1745          */
1746         conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
1747         if (!conn)
1748                 return nfserr_jukebox;
1749 
1750         spin_lock(&client_lock);
1751         status = nfserr_badsession;
1752         session = find_in_sessionid_hashtbl(&seq->sessionid);
1753         if (!session)
1754                 goto out;
1755 
1756         status = nfserr_badslot;
1757         if (seq->slotid >= session->se_fchannel.maxreqs)
1758                 goto out;
1759 
1760         slot = session->se_slots[seq->slotid];
1761         dprintk("%s: slotid %d\n", __func__, seq->slotid);
1762 
1763         /* We do not negotiate the number of slots yet, so set the
1764          * maxslots to the session maxreqs which is used to encode
1765          * sr_highest_slotid and the sr_target_slot id to maxslots */
1766         seq->maxslots = session->se_fchannel.maxreqs;
1767 
1768         status = check_slot_seqid(seq->seqid, slot->sl_seqid, slot->sl_inuse);
1769         if (status == nfserr_replay_cache) {
1770                 cstate->slot = slot;
1771                 cstate->session = session;
1772                 /* Return the cached reply status and set cstate->status
1773                  * for nfsd4_proc_compound processing */
1774                 status = nfsd4_replay_cache_entry(resp, seq);
1775                 cstate->status = nfserr_replay_cache;
1776                 goto out;
1777         }
1778         if (status)
1779                 goto out;
1780 
1781         nfsd4_sequence_check_conn(conn, session);
1782         conn = NULL;
1783 
1784         /* Success! bump slot seqid */
1785         slot->sl_inuse = true;
1786         slot->sl_seqid = seq->seqid;
1787         slot->sl_cachethis = seq->cachethis;
1788 
1789         cstate->slot = slot;
1790         cstate->session = session;
1791 
1792 out:
1793         /* Hold a session reference until done processing the compound. */
1794         if (cstate->session) {
1795                 struct nfs4_client *clp = session->se_client;
1796 
1797                 nfsd4_get_session(cstate->session);
1798                 atomic_inc(&clp->cl_refcount);
1799                 if (clp->cl_cb_state == NFSD4_CB_DOWN)
1800                         seq->status_flags |= SEQ4_STATUS_CB_PATH_DOWN;
1801         }
1802         kfree(conn);
1803         spin_unlock(&client_lock);
1804         dprintk("%s: return %d\n", __func__, ntohl(status));
1805         return status;
1806 }
1807 
1808 __be32
1809 nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
1810 {
1811         if (rc->rca_one_fs) {
1812                 if (!cstate->current_fh.fh_dentry)
1813                         return nfserr_nofilehandle;
1814                 /*
1815                  * We don't take advantage of the rca_one_fs case.
1816                  * That's OK, it's optional, we can safely ignore it.
1817                  */
1818                  return nfs_ok;
1819         }
1820         nfs4_lock_state();
1821         if (is_client_expired(cstate->session->se_client)) {
1822                 nfs4_unlock_state();
1823                 /*
1824                  * The following error isn't really legal.
1825                  * But we only get here if the client just explicitly
1826                  * destroyed the client.  Surely it no longer cares what
1827                  * error it gets back on an operation for the dead
1828                  * client.
1829                  */
1830                 return nfserr_stale_clientid;
1831         }
1832         nfsd4_create_clid_dir(cstate->session->se_client);
1833         nfs4_unlock_state();
1834         return nfs_ok;
1835 }
1836 
1837 __be32
1838 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
1839                   struct nfsd4_setclientid *setclid)
1840 {
1841         struct xdr_netobj       clname = { 
1842                 .len = setclid->se_namelen,
1843                 .data = setclid->se_name,
1844         };
1845         nfs4_verifier           clverifier = setclid->se_verf;
1846         unsigned int            strhashval;
1847         struct nfs4_client      *conf, *unconf, *new;
1848         __be32                  status;
1849         char                    dname[HEXDIR_LEN];
1850         
1851         if (!check_name(clname))
1852                 return nfserr_inval;
1853 
1854         status = nfs4_make_rec_clidname(dname, &clname);
1855         if (status)
1856                 return status;
1857 
1858         /* 
1859          * XXX The Duplicate Request Cache (DRC) has been checked (??)
1860          * We get here on a DRC miss.
1861          */
1862 
1863         strhashval = clientstr_hashval(dname);
1864 
1865         nfs4_lock_state();
1866         conf = find_confirmed_client_by_str(dname, strhashval);
1867         if (conf) {
1868                 /* RFC 3530 14.2.33 CASE 0: */
1869                 status = nfserr_clid_inuse;
1870                 if (clp_used_exchangeid(conf))
1871                         goto out;
1872                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
1873                         char addr_str[INET6_ADDRSTRLEN];
1874                         rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
1875                                  sizeof(addr_str));
1876                         dprintk("NFSD: setclientid: string in use by client "
1877                                 "at %s\n", addr_str);
1878                         goto out;
1879                 }
1880         }
1881         /*
1882          * section 14.2.33 of RFC 3530 (under the heading "IMPLEMENTATION")
1883          * has a description of SETCLIENTID request processing consisting
1884          * of 5 bullet points, labeled as CASE0 - CASE4 below.
1885          */
1886         unconf = find_unconfirmed_client_by_str(dname, strhashval);
1887         status = nfserr_resource;
1888         if (!conf) {
1889                 /*
1890                  * RFC 3530 14.2.33 CASE 4:
1891                  * placed first, because it is the normal case
1892                  */
1893                 if (unconf)
1894                         expire_client(unconf);
1895                 new = create_client(clname, dname, rqstp, &clverifier);
1896                 if (new == NULL)
1897                         goto out;
1898                 gen_clid(new);
1899         } else if (same_verf(&conf->cl_verifier, &clverifier)) {
1900                 /*
1901                  * RFC 3530 14.2.33 CASE 1:
1902                  * probable callback update
1903                  */
1904                 if (unconf) {
1905                         /* Note this is removing unconfirmed {*x***},
1906                          * which is stronger than RFC recommended {vxc**}.
1907                          * This has the advantage that there is at most
1908                          * one {*x***} in either list at any time.
1909                          */
1910                         expire_client(unconf);
1911                 }
1912                 new = create_client(clname, dname, rqstp, &clverifier);
1913                 if (new == NULL)
1914                         goto out;
1915                 copy_clid(new, conf);
1916         } else if (!unconf) {
1917                 /*
1918                  * RFC 3530 14.2.33 CASE 2:
1919                  * probable client reboot; state will be removed if
1920                  * confirmed.
1921                  */
1922                 new = create_client(clname, dname, rqstp, &clverifier);
1923                 if (new == NULL)
1924                         goto out;
1925                 gen_clid(new);
1926         } else {
1927                 /*
1928                  * RFC 3530 14.2.33 CASE 3:
1929                  * probable client reboot; state will be removed if
1930                  * confirmed.
1931                  */
1932                 expire_client(unconf);
1933                 new = create_client(clname, dname, rqstp, &clverifier);
1934                 if (new == NULL)
1935                         goto out;
1936                 gen_clid(new);
1937         }
1938         /*
1939          * XXX: we should probably set this at creation time, and check
1940          * for consistent minorversion use throughout:
1941          */
1942         new->cl_minorversion = 0;
1943         gen_callback(new, setclid, rqstp);
1944         add_to_unconfirmed(new, strhashval);
1945         setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
1946         setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
1947         memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
1948         status = nfs_ok;
1949 out:
1950         nfs4_unlock_state();
1951         return status;
1952 }
1953 
1954 
1955 /*
1956  * Section 14.2.34 of RFC 3530 (under the heading "IMPLEMENTATION") has
1957  * a description of SETCLIENTID_CONFIRM request processing consisting of 4
1958  * bullets, labeled as CASE1 - CASE4 below.
1959  */
1960 __be32
1961 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
1962                          struct nfsd4_compound_state *cstate,
1963                          struct nfsd4_setclientid_confirm *setclientid_confirm)
1964 {
1965         struct sockaddr *sa = svc_addr(rqstp);
1966         struct nfs4_client *conf, *unconf;
1967         nfs4_verifier confirm = setclientid_confirm->sc_confirm; 
1968         clientid_t * clid = &setclientid_confirm->sc_clientid;
1969         __be32 status;
1970 
1971         if (STALE_CLIENTID(clid))
1972                 return nfserr_stale_clientid;
1973         /* 
1974          * XXX The Duplicate Request Cache (DRC) has been checked (??)
1975          * We get here on a DRC miss.
1976          */
1977 
1978         nfs4_lock_state();
1979 
1980         conf = find_confirmed_client(clid);
1981         unconf = find_unconfirmed_client(clid);
1982 
1983         status = nfserr_clid_inuse;
1984         if (conf && !rpc_cmp_addr((struct sockaddr *) &conf->cl_addr, sa))
1985                 goto out;
1986         if (unconf && !rpc_cmp_addr((struct sockaddr *) &unconf->cl_addr, sa))
1987                 goto out;
1988 
1989         /*
1990          * section 14.2.34 of RFC 3530 has a description of
1991          * SETCLIENTID_CONFIRM request processing consisting
1992          * of 4 bullet points, labeled as CASE1 - CASE4 below.
1993          */
1994         if (conf && unconf && same_verf(&confirm, &unconf->cl_confirm)) {
1995                 /*
1996                  * RFC 3530 14.2.34 CASE 1:
1997                  * callback update
1998                  */
1999                 if (!same_creds(&conf->cl_cred, &unconf->cl_cred))
2000                         status = nfserr_clid_inuse;
2001                 else {
2002                         nfsd4_change_callback(conf, &unconf->cl_cb_conn);
2003                         nfsd4_probe_callback(conf);
2004                         expire_client(unconf);
2005                         status = nfs_ok;
2006 
2007                 }
2008         } else if (conf && !unconf) {
2009                 /*
2010                  * RFC 3530 14.2.34 CASE 2:
2011                  * probable retransmitted request; play it safe and
2012                  * do nothing.
2013                  */
2014                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred))
2015                         status = nfserr_clid_inuse;
2016                 else
2017                         status = nfs_ok;
2018         } else if (!conf && unconf
2019                         && same_verf(&unconf->cl_confirm, &confirm)) {
2020                 /*
2021                  * RFC 3530 14.2.34 CASE 3:
2022                  * Normal case; new or rebooted client:
2023                  */
2024                 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred)) {
2025                         status = nfserr_clid_inuse;
2026                 } else {
2027                         unsigned int hash =
2028                                 clientstr_hashval(unconf->cl_recdir);
2029                         conf = find_confirmed_client_by_str(unconf->cl_recdir,
2030                                                             hash);
2031                         if (conf) {
2032                                 nfsd4_remove_clid_dir(conf);
2033                                 expire_client(conf);
2034                         }
2035                         move_to_confirmed(unconf);
2036                         conf = unconf;
2037                         nfsd4_probe_callback(conf);
2038                         status = nfs_ok;
2039                 }
2040         } else if ((!conf || (conf && !same_verf(&conf->cl_confirm, &confirm)))
2041             && (!unconf || (unconf && !same_verf(&unconf->cl_confirm,
2042                                                                 &confirm)))) {
2043                 /*
2044                  * RFC 3530 14.2.34 CASE 4:
2045                  * Client probably hasn't noticed that we rebooted yet.
2046                  */
2047                 status = nfserr_stale_clientid;
2048         } else {
2049                 /* check that we have hit one of the cases...*/
2050                 status = nfserr_clid_inuse;
2051         }
2052 out:
2053         nfs4_unlock_state();
2054         return status;
2055 }
2056 
2057 /* OPEN Share state helper functions */
2058 static inline struct nfs4_file *
2059 alloc_init_file(struct inode *ino)
2060 {
2061         struct nfs4_file *fp;
2062         unsigned int hashval = file_hashval(ino);
2063 
2064         fp = kmem_cache_alloc(file_slab, GFP_KERNEL);
2065         if (fp) {
2066                 atomic_set(&fp->fi_ref, 1);
2067                 INIT_LIST_HEAD(&fp->fi_hash);
2068                 INIT_LIST_HEAD(&fp->fi_stateids);
2069                 INIT_LIST_HEAD(&fp->fi_delegations);
2070                 fp->fi_inode = igrab(ino);
2071                 fp->fi_id = current_fileid++;
2072                 fp->fi_had_conflict = false;
2073                 fp->fi_lease = NULL;
2074                 memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
2075                 memset(fp->fi_access, 0, sizeof(fp->fi_access));
2076                 spin_lock(&recall_lock);
2077                 list_add(&fp->fi_hash, &file_hashtbl[hashval]);
2078                 spin_unlock(&recall_lock);
2079                 return fp;
2080         }
2081         return NULL;
2082 }
2083 
2084 static void
2085 nfsd4_free_slab(struct kmem_cache **slab)
2086 {
2087         if (*slab == NULL)
2088                 return;
2089         kmem_cache_destroy(*slab);
2090         *slab = NULL;
2091 }
2092 
2093 void
2094 nfsd4_free_slabs(void)
2095 {
2096         nfsd4_free_slab(&stateowner_slab);
2097         nfsd4_free_slab(&file_slab);
2098         nfsd4_free_slab(&stateid_slab);
2099         nfsd4_free_slab(&deleg_slab);
2100 }
2101 
2102 static int
2103 nfsd4_init_slabs(void)
2104 {
2105         stateowner_slab = kmem_cache_create("nfsd4_stateowners",
2106                         sizeof(struct nfs4_stateowner), 0, 0, NULL);
2107         if (stateowner_slab == NULL)
2108                 goto out_nomem;
2109         file_slab = kmem_cache_create("nfsd4_files",
2110                         sizeof(struct nfs4_file), 0, 0, NULL);
2111         if (file_slab == NULL)
2112                 goto out_nomem;
2113         stateid_slab = kmem_cache_create("nfsd4_stateids",
2114                         sizeof(struct nfs4_stateid), 0, 0, NULL);
2115         if (stateid_slab == NULL)
2116                 goto out_nomem;
2117         deleg_slab = kmem_cache_create("nfsd4_delegations",
2118                         sizeof(struct nfs4_delegation), 0, 0, NULL);
2119         if (deleg_slab == NULL)
2120                 goto out_nomem;
2121         return 0;
2122 out_nomem:
2123         nfsd4_free_slabs();
2124         dprintk("nfsd4: out of memory while initializing nfsv4\n");
2125         return -ENOMEM;
2126 }
2127 
2128 void
2129 nfs4_free_stateowner(struct kref *kref)
2130 {
2131         struct nfs4_stateowner *sop =
2132                 container_of(kref, struct nfs4_stateowner, so_ref);
2133         kfree(sop->so_owner.data);
2134         kmem_cache_free(stateowner_slab, sop);
2135 }
2136 
2137 static inline struct nfs4_stateowner *
2138 alloc_stateowner(struct xdr_netobj *owner)
2139 {
2140         struct nfs4_stateowner *sop;
2141 
2142         if ((sop = kmem_cache_alloc(stateowner_slab, GFP_KERNEL))) {
2143                 if ((sop->so_owner.data = kmalloc(owner->len, GFP_KERNEL))) {
2144                         memcpy(sop->so_owner.data, owner->data, owner->len);
2145                         sop->so_owner.len = owner->len;
2146                         kref_init(&sop->so_ref);
2147                         return sop;
2148                 } 
2149                 kmem_cache_free(stateowner_slab, sop);
2150         }
2151         return NULL;
2152 }
2153 
2154 static struct nfs4_stateowner *
2155 alloc_init_open_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfsd4_open *open) {
2156         struct nfs4_stateowner *sop;
2157         struct nfs4_replay *rp;
2158         unsigned int idhashval;
2159 
2160         if (!(sop = alloc_stateowner(&open->op_owner)))
2161                 return NULL;
2162         idhashval = ownerid_hashval(current_ownerid);
2163         INIT_LIST_HEAD(&sop->so_idhash);
2164         INIT_LIST_HEAD(&sop->so_strhash);
2165         INIT_LIST_HEAD(&sop->so_perclient);
2166         INIT_LIST_HEAD(&sop->so_stateids);
2167         INIT_LIST_HEAD(&sop->so_perstateid);  /* not used */
2168         INIT_LIST_HEAD(&sop->so_close_lru);
2169         sop->so_time = 0;
2170         list_add(&sop->so_idhash, &ownerid_hashtbl[idhashval]);
2171         list_add(&sop->so_strhash, &ownerstr_hashtbl[strhashval]);
2172         list_add(&sop->so_perclient, &clp->cl_openowners);
2173         sop->so_is_open_owner = 1;
2174         sop->so_id = current_ownerid++;
2175         sop->so_client = clp;
2176         sop->so_seqid = open->op_seqid;
2177         sop->so_confirmed = 0;
2178         rp = &sop->so_replay;
2179         rp->rp_status = nfserr_serverfault;
2180         rp->rp_buflen = 0;
2181         rp->rp_buf = rp->rp_ibuf;
2182         return sop;
2183 }
2184 
2185 static inline void
2186 init_stateid(struct nfs4_stateid *stp, struct nfs4_file *fp, struct nfsd4_open *open) {
2187         struct nfs4_stateowner *sop = open->op_stateowner;
2188         unsigned int hashval = stateid_hashval(sop->so_id, fp->fi_id);
2189 
2190         INIT_LIST_HEAD(&stp->st_hash);
2191         INIT_LIST_HEAD(&stp->st_perstateowner);
2192         INIT_LIST_HEAD(&stp->st_lockowners);
2193         INIT_LIST_HEAD(&stp->st_perfile);
2194         list_add(&stp->st_hash, &stateid_hashtbl[hashval]);
2195         list_add(&stp->st_perstateowner, &sop->so_stateids);
2196         list_add(&stp->st_perfile, &fp->fi_stateids);
2197         stp->st_stateowner = sop;
2198         get_nfs4_file(fp);
2199         stp->st_file = fp;
2200         stp->st_stateid.si_boot = boot_time;
2201         stp->st_stateid.si_stateownerid = sop->so_id;
2202         stp->st_stateid.si_fileid = fp->fi_id;
2203         stp->st_stateid.si_generation = 0;
2204         stp->st_access_bmap = 0;
2205         stp->st_deny_bmap = 0;
2206         __set_bit(open->op_share_access & ~NFS4_SHARE_WANT_MASK,
2207                   &stp->st_access_bmap);
2208         __set_bit(open->op_share_deny, &stp->st_deny_bmap);
2209         stp->st_openstp = NULL;
2210 }
2211 
2212 static void
2213 move_to_close_lru(struct nfs4_stateowner *sop)
2214 {
2215         dprintk("NFSD: move_to_close_lru nfs4_stateowner %p\n", sop);
2216 
2217         list_move_tail(&sop->so_close_lru, &close_lru);
2218         sop->so_time = get_seconds();
2219 }
2220 
2221 static int
2222 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner,
2223                                                         clientid_t *clid)
2224 {
2225         return (sop->so_owner.len == owner->len) &&
2226                 0 == memcmp(sop->so_owner.data, owner->data, owner->len) &&
2227                 (sop->so_client->cl_clientid.cl_id == clid->cl_id);
2228 }
2229 
2230 static struct nfs4_stateowner *
2231 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open)
2232 {
2233         struct nfs4_stateowner *so = NULL;
2234 
2235         list_for_each_entry(so, &ownerstr_hashtbl[hashval], so_strhash) {
2236                 if (same_owner_str(so, &open->op_owner, &open->op_clientid))
2237                         return so;
2238         }
2239         return NULL;
2240 }
2241 
2242 /* search file_hashtbl[] for file */
2243 static struct nfs4_file *
2244 find_file(struct inode *ino)
2245 {
2246         unsigned int hashval = file_hashval(ino);
2247         struct nfs4_file *fp;
2248 
2249         spin_lock(&recall_lock);
2250         list_for_each_entry(fp, &file_hashtbl[hashval], fi_hash) {
2251                 if (fp->fi_inode == ino) {
2252                         get_nfs4_file(fp);
2253                         spin_unlock(&recall_lock);
2254                         return fp;
2255                 }
2256         }
2257         spin_unlock(&recall_lock);
2258         return NULL;
2259 }
2260 
2261 static inline int access_valid(u32 x, u32 minorversion)
2262 {
2263         if ((x & NFS4_SHARE_ACCESS_MASK) < NFS4_SHARE_ACCESS_READ)
2264                 return 0;
2265         if ((x & NFS4_SHARE_ACCESS_MASK) > NFS4_SHARE_ACCESS_BOTH)
2266                 return 0;
2267         x &= ~NFS4_SHARE_ACCESS_MASK;
2268         if (minorversion && x) {
2269                 if ((x & NFS4_SHARE_WANT_MASK) > NFS4_SHARE_WANT_CANCEL)
2270                         return 0;
2271                 if ((x & NFS4_SHARE_WHEN_MASK) > NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED)
2272                         return 0;
2273                 x &= ~(NFS4_SHARE_WANT_MASK | NFS4_SHARE_WHEN_MASK);
2274         }
2275         if (x)
2276                 return 0;
2277         return 1;
2278 }
2279 
2280 static inline int deny_valid(u32 x)
2281 {
2282         /* Note: unlike access bits, deny bits may be zero. */
2283         return x <= NFS4_SHARE_DENY_BOTH;
2284 }
2285 
2286 /*
2287  * Called to check deny when READ with all zero stateid or
2288  * WRITE with all zero or all one stateid
2289  */
2290 static __be32
2291 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
2292 {
2293         struct inode *ino = current_fh->fh_dentry->d_inode;
2294         struct nfs4_file *fp;
2295         struct nfs4_stateid *stp;
2296         __be32 ret;
2297 
2298         dprintk("NFSD: nfs4_share_conflict\n");
2299 
2300         fp = find_file(ino);
2301         if (!fp)
2302                 return nfs_ok;
2303         ret = nfserr_locked;
2304         /* Search for conflicting share reservations */
2305         list_for_each_entry(stp, &fp->fi_stateids, st_perfile) {
2306                 if (test_bit(deny_type, &stp->st_deny_bmap) ||
2307                     test_bit(NFS4_SHARE_DENY_BOTH, &stp->st_deny_bmap))
2308                         goto out;
2309         }
2310         ret = nfs_ok;
2311 out:
2312         put_nfs4_file(fp);
2313         return ret;
2314 }
2315 
2316 static inline void
2317 nfs4_file_downgrade(struct nfs4_file *fp, unsigned int share_access)
2318 {
2319         if (share_access & NFS4_SHARE_ACCESS_WRITE)
2320                 nfs4_file_put_access(fp, O_WRONLY);
2321         if (share_access & NFS4_SHARE_ACCESS_READ)
2322                 nfs4_file_put_access(fp, O_RDONLY);
2323 }
2324 
2325 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
2326 {
2327         /* We're assuming the state code never drops its reference
2328          * without first removing the lease.  Since we're in this lease
2329          * callback (and since the lease code is serialized by the kernel
2330          * lock) we know the server hasn't removed the lease yet, we know
2331          * it's safe to take a reference: */
2332         atomic_inc(&dp->dl_count);
2333 
2334         list_add_tail(&dp->dl_recall_lru, &del_recall_lru);
2335 
2336         /* only place dl_time is set. protected by lock_flocks*/
2337         dp->dl_time = get_seconds();
2338 
2339         nfsd4_cb_recall(dp);
2340 }
2341 
2342 /* Called from break_lease() with lock_flocks() held. */
2343 static void nfsd_break_deleg_cb(struct file_lock *fl)
2344 {
2345         struct nfs4_file *fp = (struct nfs4_file *)fl->fl_owner;
2346         struct nfs4_delegation *dp;
2347 
2348         BUG_ON(!fp);
2349         /* We assume break_lease is only called once per lease: */
2350         BUG_ON(fp->fi_had_conflict);
2351         /*
2352          * We don't want the locks code to timeout the lease for us;
2353          * we'll remove it ourself if a delegation isn't returned
2354          * in time:
2355          */
2356         fl->fl_break_time = 0;
2357 
2358         spin_lock(&recall_lock);
2359         fp->fi_had_conflict = true;
2360         list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
2361                 nfsd_break_one_deleg(dp);
2362         spin_unlock(&recall_lock);
2363 }
2364 
2365 static
2366 int nfsd_change_deleg_cb(struct file_lock **onlist, int arg)
2367 {
2368         if (arg & F_UNLCK)
2369                 return lease_modify(onlist, arg);
2370         else
2371                 return -EAGAIN;
2372 }
2373 
2374 static const struct lock_manager_operations nfsd_lease_mng_ops = {
2375         .fl_break = nfsd_break_deleg_cb,
2376         .fl_change = nfsd_change_deleg_cb,
2377 };
2378 
2379 
2380 __be32
2381 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
2382                     struct nfsd4_open *open)
2383 {
2384         clientid_t *clientid = &open->op_clientid;
2385         struct nfs4_client *clp = NULL;
2386         unsigned int strhashval;
2387         struct nfs4_stateowner *sop = NULL;
2388 
2389         if (!check_name(open->op_owner))
2390                 return nfserr_inval;
2391 
2392         if (STALE_CLIENTID(&open->op_clientid))
2393                 return nfserr_stale_clientid;
2394 
2395         strhashval = ownerstr_hashval(clientid->cl_id, open->op_owner);
2396         sop = find_openstateowner_str(strhashval, open);
2397         open->op_stateowner = sop;
2398         if (!sop) {
2399                 /* Make sure the client's lease hasn't expired. */
2400                 clp = find_confirmed_client(clientid);
2401                 if (clp == NULL)
2402                         return nfserr_expired;
2403                 goto renew;
2404         }
2405         /* When sessions are used, skip open sequenceid processing */
2406         if (nfsd4_has_session(cstate))
2407                 goto renew;
2408         if (!sop->so_confirmed) {
2409                 /* Replace unconfirmed owners without checking for replay. */
2410                 clp = sop->so_client;
2411                 release_openowner(sop);
2412                 open->op_stateowner = NULL;
2413                 goto renew;
2414         }
2415         if (open->op_seqid == sop->so_seqid - 1) {
2416                 if (sop->so_replay.rp_buflen)
2417                         return nfserr_replay_me;
2418                 /* The original OPEN failed so spectacularly
2419                  * that we don't even have replay data saved!
2420                  * Therefore, we have no choice but to continue
2421                  * processing this OPEN; presumably, we'll
2422                  * fail again for the same reason.
2423                  */
2424                 dprintk("nfsd4_process_open1: replay with no replay cache\n");
2425                 goto renew;
2426         }
2427         if (open->op_seqid != sop->so_seqid)
2428                 return nfserr_bad_seqid;
2429 renew:
2430         if (open->op_stateowner == NULL) {
2431                 sop = alloc_init_open_stateowner(strhashval, clp, open);
2432                 if (sop == NULL)
2433                         return nfserr_resource;
2434                 open->op_stateowner = sop;
2435         }
2436         list_del_init(&sop->so_close_lru);
2437         renew_client(sop->so_client);
2438         return nfs_ok;
2439 }
2440 
2441 static inline __be32
2442 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
2443 {
2444         if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
2445                 return nfserr_openmode;
2446         else
2447                 return nfs_ok;
2448 }
2449 
2450 static struct nfs4_delegation *
2451 find_delegation_file(struct nfs4_file *fp, stateid_t *stid)
2452 {
2453         struct nfs4_delegation *dp;
2454 
2455         spin_lock(&recall_lock);
2456         list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
2457                 if (dp->dl_stateid.si_stateownerid == stid->si_stateownerid) {
2458                         spin_unlock(&recall_lock);
2459                         return dp;
2460                 }
2461         spin_unlock(&recall_lock);
2462         return NULL;
2463 }
2464 
2465 int share_access_to_flags(u32 share_access)
2466 {
2467         share_access &= ~NFS4_SHARE_WANT_MASK;
2468 
2469         return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
2470 }
2471 
2472 static __be32
2473 nfs4_check_deleg(struct nfs4_file *fp, struct nfsd4_open *open,
2474                 struct nfs4_delegation **dp)
2475 {
2476         int flags;
2477         __be32 status = nfserr_bad_stateid;
2478 
2479         *dp = find_delegation_file(fp, &open->op_delegate_stateid);
2480         if (*dp == NULL)
2481                 goto out;
2482         flags = share_access_to_flags(open->op_share_access);
2483         status = nfs4_check_delegmode(*dp, flags);
2484         if (status)
2485                 *dp = NULL;
2486 out:
2487         if (open->op_claim_type != NFS4_OPEN_CLAIM_DELEGATE_CUR)
2488                 return nfs_ok;
2489         if (status)
2490                 return status;
2491         open->op_stateowner->so_confirmed = 1;
2492         return nfs_ok;
2493 }
2494 
2495 static __be32
2496 nfs4_check_open(struct nfs4_file *fp, struct nfsd4_open *open, struct nfs4_stateid **stpp)
2497 {
2498         struct nfs4_stateid *local;
2499         __be32 status = nfserr_share_denied;
2500         struct nfs4_stateowner *sop = open->op_stateowner;
2501 
2502         list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
2503                 /* ignore lock owners */
2504                 if (local->st_stateowner->so_is_open_owner == 0)
2505                         continue;
2506                 /* remember if we have seen this open owner */
2507                 if (local->st_stateowner == sop)
2508                         *stpp = local;
2509                 /* check for conflicting share reservations */
2510                 if (!test_share(local, open))
2511                         goto out;
2512         }
2513         status = 0;
2514 out:
2515         return status;
2516 }
2517 
2518 static inline struct nfs4_stateid *
2519 nfs4_alloc_stateid(void)
2520 {
2521         return kmem_cache_alloc(stateid_slab, GFP_KERNEL);
2522 }
2523 
2524 static inline int nfs4_access_to_access(u32 nfs4_access)
2525 {
2526         int flags = 0;
2527 
2528         if (nfs4_access & NFS4_SHARE_ACCESS_READ)
2529                 flags |= NFSD_MAY_READ;
2530         if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
2531                 flags |= NFSD_MAY_WRITE;
2532         return flags;
2533 }
2534 
2535 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file
2536 *fp, struct svc_fh *cur_fh, u32 nfs4_access)
2537 {
2538         __be32 status;
2539         int oflag = nfs4_access_to_omode(nfs4_access);
2540         int access = nfs4_access_to_access(nfs4_access);
2541 
2542         if (!fp->fi_fds[oflag]) {
2543                 status = nfsd_open(rqstp, cur_fh, S_IFREG, access,
2544                         &fp->fi_fds[oflag]);
2545                 if (status)
2546                         return status;
2547         }
2548         nfs4_file_get_access(fp, oflag);
2549 
2550         return nfs_ok;
2551 }
2552 
2553 static __be32
2554 nfs4_new_open(struct svc_rqst *rqstp, struct nfs4_stateid **stpp,
2555                 struct nfs4_file *fp, struct svc_fh *cur_fh,
2556                 struct nfsd4_open *open)
2557 {
2558         struct nfs4_stateid *stp;
2559         __be32 status;
2560 
2561         stp = nfs4_alloc_stateid();
2562         if (stp == NULL)
2563                 return nfserr_resource;
2564 
2565         status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open->op_share_access);
2566         if (status) {
2567                 kmem_cache_free(stateid_slab, stp);
2568                 return status;
2569         }
2570         *stpp = stp;
2571         return 0;
2572 }
2573 
2574 static inline __be32
2575 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
2576                 struct nfsd4_open *open)
2577 {
2578         struct iattr iattr = {
2579                 .ia_valid = ATTR_SIZE,
2580                 .ia_size = 0,
2581         };
2582         if (!open->op_truncate)
2583                 return 0;
2584         if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
2585                 return nfserr_inval;
2586         return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
2587 }
2588 
2589 static __be32
2590 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_stateid *stp, struct nfsd4_open *open)
2591 {
2592         u32 op_share_access = open->op_share_access & ~NFS4_SHARE_WANT_MASK;
2593         bool new_access;
2594         __be32 status;
2595 
2596         new_access = !test_bit(op_share_access, &stp->st_access_bmap);
2597         if (new_access) {
2598                 status = nfs4_get_vfs_file(rqstp, fp, cur_fh, op_share_access);
2599                 if (status)
2600                         return status;
2601         }
2602         status = nfsd4_truncate(rqstp, cur_fh, open);
2603         if (status) {
2604                 if (new_access) {
2605                         int oflag = nfs4_access_to_omode(new_access);
2606                         nfs4_file_put_access(fp, oflag);
2607                 }
2608                 return status;
2609         }
2610         /* remember the open */
2611         __set_bit(op_share_access, &stp->st_access_bmap);
2612         __set_bit(open->op_share_deny, &stp->st_deny_bmap);
2613 
2614         return nfs_ok;
2615 }
2616 
2617 
2618 static void
2619 nfs4_set_claim_prev(struct nfsd4_open *open)
2620 {
2621         open->op_stateowner->so_confirmed = 1;
2622         open->op_stateowner->so_client->cl_firststate = 1;
2623 }
2624 
2625 /* Should we give out recallable state?: */
2626 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
2627 {
2628         if (clp->cl_cb_state == NFSD4_CB_UP)
2629                 return true;
2630         /*
2631          * In the sessions case, since we don't have to establish a
2632          * separate connection for callbacks, we assume it's OK
2633          * until we hear otherwise:
2634          */
2635         return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
2636 }
2637 
2638 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_delegation *dp, int flag)
2639 {
2640         struct file_lock *fl;
2641 
2642         fl = locks_alloc_lock();
2643         if (!fl)
2644                 return NULL;
2645         locks_init_lock(fl);
2646         fl->fl_lmops = &nfsd_lease_mng_ops;
2647         fl->fl_flags = FL_LEASE;
2648         fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
2649         fl->fl_end = OFFSET_MAX;
2650         fl->fl_owner = (fl_owner_t)(dp->dl_file);
2651         fl->fl_pid = current->tgid;
2652         return fl;
2653 }
2654 
2655 static int nfs4_setlease(struct nfs4_delegation *dp, int flag)
2656 {
2657         struct nfs4_file *fp = dp->dl_file;
2658         struct file_lock *fl;
2659         int status;
2660 
2661         fl = nfs4_alloc_init_lease(dp, flag);
2662         if (!fl)
2663                 return -ENOMEM;
2664         fl->fl_file = find_readable_file(fp);
2665         list_add(&dp->dl_perclnt, &dp->dl_client->cl_delegations);
2666         status = vfs_setlease(fl->fl_file, fl->fl_type, &fl);
2667         if (status) {
2668                 list_del_init(&dp->dl_perclnt);
2669                 locks_free_lock(fl);
2670                 return -ENOMEM;
2671         }
2672         fp->fi_lease = fl;
2673         fp->fi_deleg_file = fl->fl_file;
2674         get_file(fp->fi_deleg_file);
2675         atomic_set(&fp->fi_delegees, 1);
2676         list_add(&dp->dl_perfile, &fp->fi_delegations);
2677         return 0;
2678 }
2679 
2680 static int nfs4_set_delegation(struct nfs4_delegation *dp, int flag)
2681 {
2682         struct nfs4_file *fp = dp->dl_file;
2683 
2684         if (!fp->fi_lease)
2685                 return nfs4_setlease(dp, flag);
2686         spin_lock(&recall_lock);
2687         if (fp->fi_had_conflict) {
2688                 spin_unlock(&recall_lock);
2689                 return -EAGAIN;
2690         }
2691         atomic_inc(&fp->fi_delegees);
2692         list_add(&dp->dl_perfile, &fp->fi_delegations);
2693         spin_unlock(&recall_lock);
2694         list_add(&dp->dl_perclnt, &dp->dl_client->cl_delegations);
2695         return 0;
2696 }
2697 
2698 /*
2699  * Attempt to hand out a delegation.
2700  */
2701 static void
2702 nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open, struct nfs4_stateid *stp)
2703 {
2704         struct nfs4_delegation *dp;
2705         struct nfs4_stateowner *sop = stp->st_stateowner;
2706         int cb_up;
2707         int status, flag = 0;
2708 
2709         cb_up = nfsd4_cb_channel_good(sop->so_client);
2710         flag = NFS4_OPEN_DELEGATE_NONE;
2711         open->op_recall = 0;
2712         switch (open->op_claim_type) {
2713                 case NFS4_OPEN_CLAIM_PREVIOUS:
2714                         if (!cb_up)
2715                                 open->op_recall = 1;
2716                         flag = open->op_delegate_type;
2717                         if (flag == NFS4_OPEN_DELEGATE_NONE)
2718                                 goto out;
2719                         break;
2720                 case NFS4_OPEN_CLAIM_NULL:
2721                         /* Let's not give out any delegations till everyone's
2722                          * had the chance to reclaim theirs.... */
2723                         if (locks_in_grace())
2724                                 goto out;
2725                         if (!cb_up || !sop->so_confirmed)
2726                                 goto out;
2727                         if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
2728                                 flag = NFS4_OPEN_DELEGATE_WRITE;
2729                         else
2730                                 flag = NFS4_OPEN_DELEGATE_READ;
2731                         break;
2732                 default:
2733                         goto out;
2734         }
2735 
2736         dp = alloc_init_deleg(sop->so_client, stp, fh, flag);
2737         if (dp == NULL)
2738                 goto out_no_deleg;
2739         status = nfs4_set_delegation(dp, flag);
2740         if (status)
2741                 goto out_free;
2742 
2743         memcpy(&open->op_delegate_stateid, &dp->dl_stateid, sizeof(dp->dl_stateid));
2744 
2745         dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",
2746                 STATEID_VAL(&dp->dl_stateid));
2747 out:
2748         if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS
2749                         && flag == NFS4_OPEN_DELEGATE_NONE
2750                         && open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE)
2751                 dprintk("NFSD: WARNING: refusing delegation reclaim\n");
2752         open->op_delegate_type = flag;
2753         return;
2754 out_free:
2755         nfs4_put_delegation(dp);
2756 out_no_deleg:
2757         flag = NFS4_OPEN_DELEGATE_NONE;
2758         goto out;
2759 }
2760 
2761 /*
2762  * called with nfs4_lock_state() held.
2763  */
2764 __be32
2765 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
2766 {
2767         struct nfsd4_compoundres *resp = rqstp->rq_resp;
2768         struct nfs4_file *fp = NULL;
2769         struct inode *ino = current_fh->fh_dentry->d_inode;
2770         struct nfs4_stateid *stp = NULL;
2771         struct nfs4_delegation *dp = NULL;
2772         __be32 status;
2773 
2774         status = nfserr_inval;
2775         if (!access_valid(open->op_share_access, resp->cstate.minorversion)
2776                         || !deny_valid(open->op_share_deny))
2777                 goto out;
2778         /*
2779          * Lookup file; if found, lookup stateid and check open request,
2780          * and check for delegations in the process of being recalled.
2781          * If not found, create the nfs4_file struct
2782          */
2783         fp = find_file(ino);
2784         if (fp) {
2785                 if ((status = nfs4_check_open(fp, open, &stp)))
2786                         goto out;
2787                 status = nfs4_check_deleg(fp, open, &dp);
2788                 if (status)
2789                         goto out;
2790         } else {
2791                 status = nfserr_bad_stateid;
2792                 if (open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR)
2793                         goto out;
2794                 status = nfserr_resource;
2795                 fp = alloc_init_file(ino);
2796                 if (fp == NULL)
2797                         goto out;
2798         }
2799 
2800         /*
2801          * OPEN the file, or upgrade an existing OPEN.
2802          * If truncate fails, the OPEN fails.
2803          */
2804         if (stp) {
2805                 /* Stateid was found, this is an OPEN upgrade */
2806                 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
2807                 if (status)
2808                         goto out;
2809                 update_stateid(&stp->st_stateid);
2810         } else {
2811                 status = nfs4_new_open(rqstp, &stp, fp, current_fh, open);
2812                 if (status)
2813                         goto out;
2814                 init_stateid(stp, fp, open);
2815                 status = nfsd4_truncate(rqstp, current_fh, open);
2816                 if (status) {
2817                         release_open_stateid(stp);
2818                         goto out;
2819                 }
2820                 if (nfsd4_has_session(&resp->cstate))
2821                         update_stateid(&stp->st_stateid);
2822         }
2823         memcpy(&open->op_stateid, &stp->st_stateid, sizeof(stateid_t));
2824 
2825         if (nfsd4_has_session(&resp->cstate))
2826                 open->op_stateowner->so_confirmed = 1;
2827 
2828         /*
2829         * Attempt to hand out a delegation. No error return, because the
2830         * OPEN succeeds even if we fail.
2831         */
2832         nfs4_open_delegation(current_fh, open, stp);
2833 
2834         status = nfs_ok;
2835 
2836         dprintk("%s: stateid=" STATEID_FMT "\n", __func__,
2837                 STATEID_VAL(&stp->st_stateid));
2838 out:
2839         if (fp)
2840                 put_nfs4_file(fp);
2841         if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
2842                 nfs4_set_claim_prev(open);
2843         /*
2844         * To finish the open response, we just need to set the rflags.
2845         */
2846         open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
2847         if (!open->op_stateowner->so_confirmed &&
2848             !nfsd4_has_session(&resp->cstate))
2849                 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
2850 
2851         return status;
2852 }
2853 
2854 __be32
2855 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
2856             clientid_t *clid)
2857 {
2858         struct nfs4_client *clp;
2859         __be32 status;
2860 
2861         nfs4_lock_state();
2862         dprintk("process_renew(%08x/%08x): starting\n", 
2863                         clid->cl_boot, clid->cl_id);
2864         status = nfserr_stale_clientid;
2865         if (STALE_CLIENTID(clid))
2866                 goto out;
2867         clp = find_confirmed_client(clid);
2868         status = nfserr_expired;
2869         if (clp == NULL) {
2870                 /* We assume the client took too long to RENEW. */
2871                 dprintk("nfsd4_renew: clientid not found!\n");
2872                 goto out;
2873         }
2874         renew_client(clp);
2875         status = nfserr_cb_path_down;
2876         if (!list_empty(&clp->cl_delegations)
2877                         && clp->cl_cb_state != NFSD4_CB_UP)
2878                 goto out;
2879         status = nfs_ok;
2880 out:
2881         nfs4_unlock_state();
2882         return status;
2883 }
2884 
2885 struct lock_manager nfsd4_manager = {
2886 };
2887 
2888 static void
2889 nfsd4_end_grace(void)
2890 {
2891         dprintk("NFSD: end of grace period\n");
2892         nfsd4_recdir_purge_old();
2893         locks_end_grace(&nfsd4_manager);
2894         /*
2895          * Now that every NFSv4 client has had the chance to recover and
2896          * to see the (possibly new, possibly shorter) lease time, we
2897          * can safely set the next grace time to the current lease time:
2898          */
2899         nfsd4_grace = nfsd4_lease;
2900 }
2901 
2902 static time_t
2903 nfs4_laundromat(void)
2904 {
2905         struct nfs4_client *clp;
2906         struct nfs4_stateowner *sop;
2907         struct nfs4_delegation *dp;
2908         struct list_head *pos, *next, reaplist;
2909         time_t cutoff = get_seconds() - nfsd4_lease;
2910         time_t t, clientid_val = nfsd4_lease;
2911         time_t u, test_val = nfsd4_lease;
2912 
2913         nfs4_lock_state();
2914 
2915         dprintk("NFSD: laundromat service - starting\n");
2916         if (locks_in_grace())
2917                 nfsd4_end_grace();
2918         INIT_LIST_HEAD(&reaplist);
2919         spin_lock(&client_lock);
2920         list_for_each_safe(pos, next, &client_lru) {
2921                 clp = list_entry(pos, struct nfs4_client, cl_lru);
2922                 if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) {
2923                         t = clp->cl_time - cutoff;
2924                         if (clientid_val > t)
2925                                 clientid_val = t;
2926                         break;
2927                 }
2928                 if (atomic_read(&clp->cl_refcount)) {
2929                         dprintk("NFSD: client in use (clientid %08x)\n",
2930                                 clp->cl_clientid.cl_id);
2931                         continue;
2932                 }
2933                 unhash_client_locked(clp);
2934                 list_add(&clp->cl_lru, &reaplist);
2935         }
2936         spin_unlock(&client_lock);
2937         list_for_each_safe(pos, next, &reaplist) {
2938                 clp = list_entry(pos, struct nfs4_client, cl_lru);
2939                 dprintk("NFSD: purging unused client (clientid %08x)\n",
2940                         clp->cl_clientid.cl_id);
2941                 nfsd4_remove_clid_dir(clp);
2942                 expire_client(clp);
2943         }
2944         spin_lock(&recall_lock);
2945         list_for_each_safe(pos, next, &del_recall_lru) {
2946                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
2947                 if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) {
2948                         u = dp->dl_time - cutoff;
2949                         if (test_val > u)
2950                                 test_val = u;
2951                         break;
2952                 }
2953                 list_move(&dp->dl_recall_lru, &reaplist);
2954         }
2955         spin_unlock(&recall_lock);
2956         list_for_each_safe(pos, next, &reaplist) {
2957                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
2958                 list_del_init(&dp->dl_recall_lru);
2959                 unhash_delegation(dp);
2960         }
2961         test_val = nfsd4_lease;
2962         list_for_each_safe(pos, next, &close_lru) {
2963                 sop = list_entry(pos, struct nfs4_stateowner, so_close_lru);
2964                 if (time_after((unsigned long)sop->so_time, (unsigned long)cutoff)) {
2965                         u = sop->so_time - cutoff;
2966                         if (test_val > u)
2967                                 test_val = u;
2968                         break;
2969                 }
2970                 dprintk("NFSD: purging unused open stateowner (so_id %d)\n",
2971                         sop->so_id);
2972                 release_openowner(sop);
2973         }
2974         if (clientid_val < NFSD_LAUNDROMAT_MINTIMEOUT)
2975                 clientid_val = NFSD_LAUNDROMAT_MINTIMEOUT;
2976         nfs4_unlock_state();
2977         return clientid_val;
2978 }
2979 
2980 static struct workqueue_struct *laundry_wq;
2981 static void laundromat_main(struct work_struct *);
2982 static DECLARE_DELAYED_WORK(laundromat_work, laundromat_main);
2983 
2984 static void
2985 laundromat_main(struct work_struct *not_used)
2986 {
2987         time_t t;
2988 
2989         t = nfs4_laundromat();
2990         dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t);
2991         queue_delayed_work(laundry_wq, &laundromat_work, t*HZ);
2992 }
2993 
2994 static struct nfs4_stateowner *
2995 search_close_lru(u32 st_id, int flags)
2996 {
2997         struct nfs4_stateowner *local = NULL;
2998 
2999         if (flags & CLOSE_STATE) {
3000                 list_for_each_entry(local, &close_lru, so_close_lru) {
3001                         if (local->so_id == st_id)
3002                                 return local;
3003                 }
3004         }
3005         return NULL;
3006 }
3007 
3008 static inline int
3009 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stateid *stp)
3010 {
3011         return fhp->fh_dentry->d_inode != stp->st_file->fi_inode;
3012 }
3013 
3014 static int
3015 STALE_STATEID(stateid_t *stateid)
3016 {
3017         if (stateid->si_boot == boot_time)
3018                 return 0;
3019         dprintk("NFSD: stale stateid " STATEID_FMT "!\n",
3020                 STATEID_VAL(stateid));
3021         return 1;
3022 }
3023 
3024 static inline int
3025 access_permit_read(unsigned long access_bmap)
3026 {
3027         return test_bit(NFS4_SHARE_ACCESS_READ, &access_bmap) ||
3028                 test_bit(NFS4_SHARE_ACCESS_BOTH, &access_bmap) ||
3029                 test_bit(NFS4_SHARE_ACCESS_WRITE, &access_bmap);
3030 }
3031 
3032 static inline int
3033 access_permit_write(unsigned long access_bmap)
3034 {
3035         return test_bit(NFS4_SHARE_ACCESS_WRITE, &access_bmap) ||
3036                 test_bit(NFS4_SHARE_ACCESS_BOTH, &access_bmap);
3037 }
3038 
3039 static
3040 __be32 nfs4_check_openmode(struct nfs4_stateid *stp, int flags)
3041 {
3042         __be32 status = nfserr_openmode;
3043 
3044         /* For lock stateid's, we test the parent open, not the lock: */
3045         if (stp->st_openstp)
3046                 stp = stp->st_openstp;
3047         if ((flags & WR_STATE) && (!access_permit_write(stp->st_access_bmap)))
3048                 goto out;
3049         if ((flags & RD_STATE) && (!access_permit_read(stp->st_access_bmap)))
3050                 goto out;
3051         status = nfs_ok;
3052 out:
3053         return status;
3054 }
3055 
3056 static inline __be32
3057 check_special_stateids(svc_fh *current_fh, stateid_t *stateid, int flags)
3058 {
3059         if (ONE_STATEID(stateid) && (flags & RD_STATE))
3060                 return nfs_ok;
3061         else if (locks_in_grace()) {
3062                 /* Answer in remaining cases depends on existence of
3063                  * conflicting state; so we must wait out the grace period. */
3064                 return nfserr_grace;
3065         } else if (flags & WR_STATE)
3066                 return nfs4_share_conflict(current_fh,
3067                                 NFS4_SHARE_DENY_WRITE);
3068         else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
3069                 return nfs4_share_conflict(current_fh,
3070                                 NFS4_SHARE_DENY_READ);
3071 }
3072 
3073 /*
3074  * Allow READ/WRITE during grace period on recovered state only for files
3075  * that are not able to provide mandatory locking.
3076  */
3077 static inline int
3078 grace_disallows_io(struct inode *inode)
3079 {
3080         return locks_in_grace() && mandatory_lock(inode);
3081 }
3082 
3083 static int check_stateid_generation(stateid_t *in, stateid_t *ref, int flags)
3084 {
3085         /*
3086          * When sessions are used the stateid generation number is ignored
3087          * when it is zero.
3088          */
3089         if ((flags & HAS_SESSION) && in->si_generation == 0)
3090                 goto out;
3091 
3092         /* If the client sends us a stateid from the future, it's buggy: */
3093         if (in->si_generation > ref->si_generation)
3094                 return nfserr_bad_stateid;
3095         /*
3096          * The following, however, can happen.  For example, if the
3097          * client sends an open and some IO at the same time, the open
3098          * may bump si_generation while the IO is still in flight.
3099          * Thanks to hard links and renames, the client never knows what
3100          * file an open will affect.  So it could avoid that situation
3101          * only by serializing all opens and IO from the same open
3102          * owner.  To recover from the old_stateid error, the client
3103          * will just have to retry the IO:
3104          */
3105         if (in->si_generation < ref->si_generation)
3106                 return nfserr_old_stateid;
3107 out:
3108         return nfs_ok;
3109 }
3110 
3111 static int is_delegation_stateid(stateid_t *stateid)
3112 {
3113         return stateid->si_fileid == 0;
3114 }
3115 
3116 /*
3117 * Checks for stateid operations
3118 */
3119 __be32
3120 nfs4_preprocess_stateid_op(struct nfsd4_compound_state *cstate,
3121                            stateid_t *stateid, int flags, struct file **filpp)
3122 {
3123         struct nfs4_stateid *stp = NULL;
3124         struct nfs4_delegation *dp = NULL;
3125         struct svc_fh *current_fh = &cstate->current_fh;
3126         struct inode *ino = current_fh->fh_dentry->d_inode;
3127         __be32 status;
3128 
3129         if (filpp)
3130                 *filpp = NULL;
3131 
3132         if (grace_disallows_io(ino))
3133                 return nfserr_grace;
3134 
3135         if (nfsd4_has_session(cstate))
3136                 flags |= HAS_SESSION;
3137 
3138         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3139                 return check_special_stateids(current_fh, stateid, flags);
3140 
3141         status = nfserr_stale_stateid;
3142         if (STALE_STATEID(stateid)) 
3143                 goto out;
3144 
3145         /*
3146          * We assume that any stateid that has the current boot time,
3147          * but that we can't find, is expired:
3148          */
3149         status = nfserr_expired;
3150         if (is_delegation_stateid(stateid)) {
3151                 dp = find_delegation_stateid(ino, stateid);
3152                 if (!dp)
3153                         goto out;
3154                 status = check_stateid_generation(stateid, &dp->dl_stateid,
3155                                                   flags);
3156                 if (status)
3157                         goto out;
3158                 status = nfs4_check_delegmode(dp, flags);
3159                 if (status)
3160                         goto out;
3161                 renew_client(dp->dl_client);
3162                 if (filpp) {
3163                         *filpp = dp->dl_file->fi_deleg_file;
3164                         BUG_ON(!*filpp);
3165                 }
3166         } else { /* open or lock stateid */
3167                 stp = find_stateid(stateid, flags);
3168                 if (!stp)
3169                         goto out;
3170                 status = nfserr_bad_stateid;
3171                 if (nfs4_check_fh(current_fh, stp))
3172                         goto out;
3173                 if (!stp->st_stateowner->so_confirmed)
3174                         goto out;
3175                 status = check_stateid_generation(stateid, &stp->st_stateid,
3176                                                   flags);
3177                 if (status)
3178                         goto out;
3179                 status = nfs4_check_openmode(stp, flags);
3180                 if (status)
3181                         goto out;
3182                 renew_client(stp->st_stateowner->so_client);
3183                 if (filpp) {
3184                         if (flags & RD_STATE)
3185                                 *filpp = find_readable_file(stp->st_file);
3186                         else
3187                                 *filpp = find_writeable_file(stp->st_file);
3188                 }
3189         }
3190         status = nfs_ok;
3191 out:
3192         return status;
3193 }
3194 
3195 static inline int
3196 setlkflg (int type)
3197 {
3198         return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
3199                 RD_STATE : WR_STATE;
3200 }
3201 
3202 /* 
3203  * Checks for sequence id mutating operations. 
3204  */
3205 static __be32
3206 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
3207                          stateid_t *stateid, int flags,
3208                          struct nfs4_stateowner **sopp,
3209                          struct nfs4_stateid **stpp, struct nfsd4_lock *lock)
3210 {
3211         struct nfs4_stateid *stp;
3212         struct nfs4_stateowner *sop;
3213         struct svc_fh *current_fh = &cstate->current_fh;
3214         __be32 status;
3215 
3216         dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__,
3217                 seqid, STATEID_VAL(stateid));
3218 
3219         *stpp = NULL;
3220         *sopp = NULL;
3221 
3222         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) {
3223                 dprintk("NFSD: preprocess_seqid_op: magic stateid!\n");
3224                 return nfserr_bad_stateid;
3225         }
3226 
3227         if (STALE_STATEID(stateid))
3228                 return nfserr_stale_stateid;
3229 
3230         if (nfsd4_has_session(cstate))
3231                 flags |= HAS_SESSION;
3232 
3233         /*
3234         * We return BAD_STATEID if filehandle doesn't match stateid, 
3235         * the confirmed flag is incorrecly set, or the generation 
3236         * number is incorrect.  
3237         */
3238         stp = find_stateid(stateid, flags);
3239         if (stp == NULL) {
3240                 /*
3241                  * Also, we should make sure this isn't just the result of
3242                  * a replayed close:
3243                  */
3244                 sop = search_close_lru(stateid->si_stateownerid, flags);
3245                 /* It's not stale; let's assume it's expired: */
3246                 if (sop == NULL)
3247                         return nfserr_expired;
3248                 *sopp = sop;
3249                 goto check_replay;
3250         }
3251 
3252         *stpp = stp;
3253         *sopp = sop = stp->st_stateowner;
3254 
3255         if (lock) {
3256                 clientid_t *lockclid = &lock->v.new.clientid;
3257                 struct nfs4_client *clp = sop->so_client;
3258                 int lkflg = 0;
3259                 __be32 status;
3260 
3261                 lkflg = setlkflg(lock->lk_type);
3262 
3263                 if (lock->lk_is_new) {
3264                         if (!sop->so_is_open_owner)
3265                                 return nfserr_bad_stateid;
3266                         if (!(flags & HAS_SESSION) &&
3267                             !same_clid(&clp->cl_clientid, lockclid))
3268                                 return nfserr_bad_stateid;
3269                         /* stp is the open stateid */
3270                         status = nfs4_check_openmode(stp, lkflg);
3271                         if (status)
3272                                 return status;
3273                 } else {
3274                         /* stp is the lock stateid */
3275                         status = nfs4_check_openmode(stp->st_openstp, lkflg);
3276                         if (status)
3277                                 return status;
3278                }
3279         }
3280 
3281         if (nfs4_check_fh(current_fh, stp)) {
3282                 dprintk("NFSD: preprocess_seqid_op: fh-stateid mismatch!\n");
3283                 return nfserr_bad_stateid;
3284         }
3285 
3286         /*
3287         *  We now validate the seqid and stateid generation numbers.
3288         *  For the moment, we ignore the possibility of 
3289         *  generation number wraparound.
3290         */
3291         if (!(flags & HAS_SESSION) && seqid != sop->so_seqid)
3292                 goto check_replay;
3293 
3294         if (sop->so_confirmed && flags & CONFIRM) {
3295                 dprintk("NFSD: preprocess_seqid_op: expected"
3296                                 " unconfirmed stateowner!\n");
3297                 return nfserr_bad_stateid;
3298         }
3299         if (!sop->so_confirmed && !(flags & CONFIRM)) {
3300                 dprintk("NFSD: preprocess_seqid_op: stateowner not"
3301                                 " confirmed yet!\n");
3302                 return nfserr_bad_stateid;
3303         }
3304         status = check_stateid_generation(stateid, &stp->st_stateid, flags);
3305         if (status)
3306                 return status;
3307         renew_client(sop->so_client);
3308         return nfs_ok;
3309 
3310 check_replay:
3311         if (seqid == sop->so_seqid - 1) {
3312                 dprintk("NFSD: preprocess_seqid_op: retransmission?\n");
3313                 /* indicate replay to calling function */
3314                 return nfserr_replay_me;
3315         }
3316         dprintk("NFSD: preprocess_seqid_op: bad seqid (expected %d, got %d)\n",
3317                         sop->so_seqid, seqid);
3318         *sopp = NULL;
3319         return nfserr_bad_seqid;
3320 }
3321 
3322 __be32
3323 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3324                    struct nfsd4_open_confirm *oc)
3325 {
3326         __be32 status;
3327         struct nfs4_stateowner *sop;
3328         struct nfs4_stateid *stp;
3329 
3330         dprintk("NFSD: nfsd4_open_confirm on file %.*s\n",
3331                         (int)cstate->current_fh.fh_dentry->d_name.len,
3332                         cstate->current_fh.fh_dentry->d_name.name);
3333 
3334         status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
3335         if (status)
3336                 return status;
3337 
3338         nfs4_lock_state();
3339 
3340         if ((status = nfs4_preprocess_seqid_op(cstate,
3341                                         oc->oc_seqid, &oc->oc_req_stateid,
3342                                         CONFIRM | OPEN_STATE,
3343                                         &oc->oc_stateowner, &stp, NULL)))
3344                 goto out; 
3345 
3346         sop = oc->oc_stateowner;
3347         sop->so_confirmed = 1;
3348         update_stateid(&stp->st_stateid);
3349         memcpy(&oc->oc_resp_stateid, &stp->st_stateid, sizeof(stateid_t));
3350         dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
3351                 __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stateid));
3352 
3353         nfsd4_create_clid_dir(sop->so_client);
3354 out:
3355         if (oc->oc_stateowner) {
3356                 nfs4_get_stateowner(oc->oc_stateowner);
3357                 cstate->replay_owner = oc->oc_stateowner;
3358         }
3359         nfs4_unlock_state();
3360         return status;
3361 }
3362 
3363 
3364 /*
3365  * unset all bits in union bitmap (bmap) that
3366  * do not exist in share (from successful OPEN_DOWNGRADE)
3367  */
3368 static void
3369 reset_union_bmap_access(unsigned long access, unsigned long *bmap)
3370 {
3371         int i;
3372         for (i = 1; i < 4; i++) {
3373                 if ((i & access) != i)
3374                         __clear_bit(i, bmap);
3375         }
3376 }
3377 
3378 static void
3379 reset_union_bmap_deny(unsigned long deny, unsigned long *bmap)
3380 {
3381         int i;
3382         for (i = 0; i < 4; i++) {
3383                 if ((i & deny) != i)
3384                         __clear_bit(i, bmap);
3385         }
3386 }
3387 
3388 __be32
3389 nfsd4_open_downgrade(struct svc_rqst *rqstp,
3390                      struct nfsd4_compound_state *cstate,
3391                      struct nfsd4_open_downgrade *od)
3392 {
3393         __be32 status;
3394         struct nfs4_stateid *stp;
3395         unsigned int share_access;
3396 
3397         dprintk("NFSD: nfsd4_open_downgrade on file %.*s\n", 
3398                         (int)cstate->current_fh.fh_dentry->d_name.len,
3399                         cstate->current_fh.fh_dentry->d_name.name);
3400 
3401         if (!access_valid(od->od_share_access, cstate->minorversion)
3402                         || !deny_valid(od->od_share_deny))
3403                 return nfserr_inval;
3404 
3405         nfs4_lock_state();
3406         if ((status = nfs4_preprocess_seqid_op(cstate,
3407                                         od->od_seqid,
3408                                         &od->od_stateid, 
3409                                         OPEN_STATE,
3410                                         &od->od_stateowner, &stp, NULL)))
3411                 goto out; 
3412 
3413         status = nfserr_inval;
3414         if (!test_bit(od->od_share_access, &stp->st_access_bmap)) {
3415                 dprintk("NFSD:access not a subset current bitmap: 0x%lx, input access=%08x\n",
3416                         stp->st_access_bmap, od->od_share_access);
3417                 goto out;
3418         }
3419         if (!test_bit(od->od_share_deny, &stp->st_deny_bmap)) {
3420                 dprintk("NFSD:deny not a subset current bitmap: 0x%lx, input deny=%08x\n",
3421                         stp->st_deny_bmap, od->od_share_deny);
3422                 goto out;
3423         }
3424         set_access(&share_access, stp->st_access_bmap);
3425         nfs4_file_downgrade(stp->st_file, share_access & ~od->od_share_access);
3426 
3427         reset_union_bmap_access(od->od_share_access, &stp->st_access_bmap);
3428         reset_union_bmap_deny(od->od_share_deny, &stp->st_deny_bmap);
3429 
3430         update_stateid(&stp->st_stateid);
3431         memcpy(&od->od_stateid, &stp->st_stateid, sizeof(stateid_t));
3432         status = nfs_ok;
3433 out:
3434         if (od->od_stateowner) {
3435                 nfs4_get_stateowner(od->od_stateowner);
3436                 cstate->replay_owner = od->od_stateowner;
3437         }
3438         nfs4_unlock_state();
3439         return status;
3440 }
3441 
3442 /*
3443  * nfs4_unlock_state() called after encode
3444  */
3445 __be32
3446 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3447             struct nfsd4_close *close)
3448 {
3449         __be32 status;
3450         struct nfs4_stateid *stp;
3451 
3452         dprintk("NFSD: nfsd4_close on file %.*s\n", 
3453                         (int)cstate->current_fh.fh_dentry->d_name.len,
3454                         cstate->current_fh.fh_dentry->d_name.name);
3455 
3456         nfs4_lock_state();
3457         /* check close_lru for replay */
3458         if ((status = nfs4_preprocess_seqid_op(cstate,
3459                                         close->cl_seqid,
3460                                         &close->cl_stateid, 
3461                                         OPEN_STATE | CLOSE_STATE,
3462                                         &close->cl_stateowner, &stp, NULL)))
3463                 goto out; 
3464         status = nfs_ok;
3465         update_stateid(&stp->st_stateid);
3466         memcpy(&close->cl_stateid, &stp->st_stateid, sizeof(stateid_t));
3467 
3468         /* release_stateid() calls nfsd_close() if needed */
3469         release_open_stateid(stp);
3470 
3471         /* place unused nfs4_stateowners on so_close_lru list to be
3472          * released by the laundromat service after the lease period
3473          * to enable us to handle CLOSE replay
3474          */
3475         if (list_empty(&close->cl_stateowner->so_stateids))
3476                 move_to_close_lru(close->cl_stateowner);
3477 out:
3478         if (close->cl_stateowner) {
3479                 nfs4_get_stateowner(close->cl_stateowner);
3480                 cstate->replay_owner = close->cl_stateowner;
3481         }
3482         nfs4_unlock_state();
3483         return status;
3484 }
3485 
3486 __be32
3487 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3488                   struct nfsd4_delegreturn *dr)
3489 {
3490         struct nfs4_delegation *dp;
3491         stateid_t *stateid = &dr->dr_stateid;
3492         struct inode *inode;
3493         __be32 status;
3494         int flags = 0;
3495 
3496         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
3497                 return status;
3498         inode = cstate->current_fh.fh_dentry->d_inode;
3499 
3500         if (nfsd4_has_session(cstate))
3501                 flags |= HAS_SESSION;
3502         nfs4_lock_state();
3503         status = nfserr_bad_stateid;
3504         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3505                 goto out;
3506         status = nfserr_stale_stateid;
3507         if (STALE_STATEID(stateid))
3508                 goto out;
3509         status = nfserr_bad_stateid;
3510         if (!is_delegation_stateid(stateid))
3511                 goto out;
3512         status = nfserr_expired;
3513         dp = find_delegation_stateid(inode, stateid);
3514         if (!dp)
3515                 goto out;
3516         status = check_stateid_generation(stateid, &dp->dl_stateid, flags);
3517         if (status)
3518                 goto out;
3519         renew_client(dp->dl_client);
3520 
3521         unhash_delegation(dp);
3522 out:
3523         nfs4_unlock_state();
3524 
3525         return status;
3526 }
3527 
3528 
3529 /* 
3530  * Lock owner state (byte-range locks)
3531  */
3532 #define LOFF_OVERFLOW(start, len)      ((u64)(len) > ~(u64)(start))
3533 #define LOCK_HASH_BITS              8
3534 #define LOCK_HASH_SIZE             (1 << LOCK_HASH_BITS)
3535 #define LOCK_HASH_MASK             (LOCK_HASH_SIZE - 1)
3536 
3537 static inline u64
3538 end_offset(u64 start, u64 len)
3539 {
3540         u64 end;
3541 
3542         end = start + len;
3543         return end >= start ? end: NFS4_MAX_UINT64;
3544 }
3545 
3546 /* last octet in a range */
3547 static inline u64
3548 last_byte_offset(u64 start, u64 len)
3549 {
3550         u64 end;
3551 
3552         BUG_ON(!len);
3553         end = start + len;
3554         return end > start ? end - 1: NFS4_MAX_UINT64;
3555 }
3556 
3557 #define lockownerid_hashval(id) \
3558         ((id) & LOCK_HASH_MASK)
3559 
3560 static inline unsigned int
3561 lock_ownerstr_hashval(struct inode *inode, u32 cl_id,
3562                 struct xdr_netobj *ownername)
3563 {
3564         return (file_hashval(inode) + cl_id
3565                         + opaque_hashval(ownername->data, ownername->len))
3566                 & LOCK_HASH_MASK;
3567 }
3568 
3569 static struct list_head lock_ownerid_hashtbl[LOCK_HASH_SIZE];
3570 static struct list_head lock_ownerstr_hashtbl[LOCK_HASH_SIZE];
3571 static struct list_head lockstateid_hashtbl[STATEID_HASH_SIZE];
3572 
3573 static struct nfs4_stateid *
3574 find_stateid(stateid_t *stid, int flags)
3575 {
3576         struct nfs4_stateid *local;
3577         u32 st_id = stid->si_stateownerid;
3578         u32 f_id = stid->si_fileid;
3579         unsigned int hashval;
3580 
3581         dprintk("NFSD: find_stateid flags 0x%x\n",flags);
3582         if (flags & (LOCK_STATE | RD_STATE | WR_STATE)) {
3583                 hashval = stateid_hashval(st_id, f_id);
3584                 list_for_each_entry(local, &lockstateid_hashtbl[hashval], st_hash) {
3585                         if ((local->st_stateid.si_stateownerid == st_id) &&
3586                             (local->st_stateid.si_fileid == f_id))
3587                                 return local;
3588                 }
3589         } 
3590 
3591         if (flags & (OPEN_STATE | RD_STATE | WR_STATE)) {
3592                 hashval = stateid_hashval(st_id, f_id);
3593                 list_for_each_entry(local, &stateid_hashtbl[hashval], st_hash) {
3594                         if ((local->st_stateid.si_stateownerid == st_id) &&
3595                             (local->st_stateid.si_fileid == f_id))
3596                                 return local;
3597                 }
3598         }
3599         return NULL;
3600 }
3601 
3602 static struct nfs4_delegation *
3603 find_delegation_stateid(struct inode *ino, stateid_t *stid)
3604 {
3605         struct nfs4_file *fp;
3606         struct nfs4_delegation *dl;
3607 
3608         dprintk("NFSD: %s: stateid=" STATEID_FMT "\n", __func__,
3609                 STATEID_VAL(stid));
3610 
3611         fp = find_file(ino);
3612         if (!fp)
3613                 return NULL;
3614         dl = find_delegation_file(fp, stid);
3615         put_nfs4_file(fp);
3616         return dl;
3617 }
3618 
3619 /*
3620  * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
3621  * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
3622  * byte, because of sign extension problems.  Since NFSv4 calls for 64-bit
3623  * locking, this prevents us from being completely protocol-compliant.  The
3624  * real solution to this problem is to start using unsigned file offsets in
3625  * the VFS, but this is a very deep change!
3626  */
3627 static inline void
3628 nfs4_transform_lock_offset(struct file_lock *lock)
3629 {
3630         if (lock->fl_start < 0)
3631                 lock->fl_start = OFFSET_MAX;
3632         if (lock->fl_end < 0)
3633                 lock->fl_end = OFFSET_MAX;
3634 }
3635 
3636 /* Hack!: For now, we're defining this just so we can use a pointer to it
3637  * as a unique cookie to identify our (NFSv4's) posix locks. */
3638 static const struct lock_manager_operations nfsd_posix_mng_ops  = {
3639 };
3640 
3641 static inline void
3642 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
3643 {
3644         struct nfs4_stateowner *sop;
3645 
3646         if (fl->fl_lmops == &nfsd_posix_mng_ops) {
3647                 sop = (struct nfs4_stateowner *) fl->fl_owner;
3648                 kref_get(&sop->so_ref);
3649                 deny->ld_sop = sop;
3650                 deny->ld_clientid = sop->so_client->cl_clientid;
3651         } else {
3652                 deny->ld_sop = NULL;
3653                 deny->ld_clientid.cl_boot = 0;
3654                 deny->ld_clientid.cl_id = 0;
3655         }
3656         deny->ld_start = fl->fl_start;
3657         deny->ld_length = NFS4_MAX_UINT64;
3658         if (fl->fl_end != NFS4_MAX_UINT64)
3659                 deny->ld_length = fl->fl_end - fl->fl_start + 1;        
3660         deny->ld_type = NFS4_READ_LT;
3661         if (fl->fl_type != F_RDLCK)
3662                 deny->ld_type = NFS4_WRITE_LT;
3663 }
3664 
3665 static struct nfs4_stateowner *
3666 find_lockstateowner_str(struct inode *inode, clientid_t *clid,
3667                 struct xdr_netobj *owner)
3668 {
3669         unsigned int hashval = lock_ownerstr_hashval(inode, clid->cl_id, owner);
3670         struct nfs4_stateowner *op;
3671 
3672         list_for_each_entry(op, &lock_ownerstr_hashtbl[hashval], so_strhash) {
3673                 if (same_owner_str(op, owner, clid))
3674                         return op;
3675         }
3676         return NULL;
3677 }
3678 
3679 /*
3680  * Alloc a lock owner structure.
3681  * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 
3682  * occurred. 
3683  *
3684  * strhashval = lock_ownerstr_hashval 
3685  */
3686 
3687 static struct nfs4_stateowner *
3688 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfs4_stateid *open_stp, struct nfsd4_lock *lock) {
3689         struct nfs4_stateowner *sop;
3690         struct nfs4_replay *rp;
3691         unsigned int idhashval;
3692 
3693         if (!(sop = alloc_stateowner(&lock->lk_new_owner)))
3694                 return NULL;
3695         idhashval = lockownerid_hashval(current_ownerid);
3696         INIT_LIST_HEAD(&sop->so_idhash);
3697         INIT_LIST_HEAD(&sop->so_strhash);
3698         INIT_LIST_HEAD(&sop->so_perclient);
3699         INIT_LIST_HEAD(&sop->so_stateids);
3700         INIT_LIST_HEAD(&sop->so_perstateid);
3701         INIT_LIST_HEAD(&sop->so_close_lru); /* not used */
3702         sop->so_time = 0;
3703         list_add(&sop->so_idhash, &lock_ownerid_hashtbl[idhashval]);
3704         list_add(&sop->so_strhash, &lock_ownerstr_hashtbl[strhashval]);
3705         list_add(&sop->so_perstateid, &open_stp->st_lockowners);
3706         sop->so_is_open_owner = 0;
3707         sop->so_id = current_ownerid++;
3708         sop->so_client = clp;
3709         /* It is the openowner seqid that will be incremented in encode in the
3710          * case of new lockowners; so increment the lock seqid manually: */
3711         sop->so_seqid = lock->lk_new_lock_seqid + 1;
3712         sop->so_confirmed = 1;
3713         rp = &sop->so_replay;
3714         rp->rp_status = nfserr_serverfault;
3715         rp->rp_buflen = 0;
3716         rp->rp_buf = rp->rp_ibuf;
3717         return sop;
3718 }
3719 
3720 static struct nfs4_stateid *
3721 alloc_init_lock_stateid(struct nfs4_stateowner *sop, struct nfs4_file *fp, struct nfs4_stateid *open_stp)
3722 {
3723         struct nfs4_stateid *stp;
3724         unsigned int hashval = stateid_hashval(sop->so_id, fp->fi_id);
3725 
3726         stp = nfs4_alloc_stateid();
3727         if (stp == NULL)
3728                 goto out;
3729         INIT_LIST_HEAD(&stp->st_hash);
3730         INIT_LIST_HEAD(&stp->st_perfile);
3731         INIT_LIST_HEAD(&stp->st_perstateowner);
3732         INIT_LIST_HEAD(&stp->st_lockowners); /* not used */
3733         list_add(&stp->st_hash, &lockstateid_hashtbl[hashval]);
3734         list_add(&stp->st_perfile, &fp->fi_stateids);
3735         list_add(&stp->st_perstateowner, &sop->so_stateids);
3736         stp->st_stateowner = sop;
3737         get_nfs4_file(fp);
3738         stp->st_file = fp;
3739         stp->st_stateid.si_boot = boot_time;
3740         stp->st_stateid.si_stateownerid = sop->so_id;
3741         stp->st_stateid.si_fileid = fp->fi_id;
3742         stp->st_stateid.si_generation = 0;
3743         stp->st_access_bmap = 0;
3744         stp->st_deny_bmap = open_stp->st_deny_bmap;
3745         stp->st_openstp = open_stp;
3746 
3747 out:
3748         return stp;
3749 }
3750 
3751 static int
3752 check_lock_length(u64 offset, u64 length)
3753 {
3754         return ((length == 0)  || ((length != NFS4_MAX_UINT64) &&
3755              LOFF_OVERFLOW(offset, length)));
3756 }
3757 
3758 static void get_lock_access(struct nfs4_stateid *lock_stp, u32 access)
3759 {
3760         struct nfs4_file *fp = lock_stp->st_file;
3761         int oflag = nfs4_access_to_omode(access);
3762 
3763         if (test_bit(access, &lock_stp->st_access_bmap))
3764                 return;
3765         nfs4_file_get_access(fp, oflag);
3766         __set_bit(access, &lock_stp->st_access_bmap);
3767 }
3768 
3769 /*
3770  *  LOCK operation 
3771  */
3772 __be32
3773 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3774            struct nfsd4_lock *lock)
3775 {
3776         struct nfs4_stateowner *open_sop = NULL;
3777         struct nfs4_stateowner *lock_sop = NULL;
3778         struct nfs4_stateid *lock_stp;
3779         struct nfs4_file *fp;
3780         struct file *filp = NULL;
3781         struct file_lock file_lock;
3782         struct file_lock conflock;
3783         __be32 status = 0;
3784         unsigned int strhashval;
3785         int err;
3786 
3787         dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
3788                 (long long) lock->lk_offset,
3789                 (long long) lock->lk_length);
3790 
3791         if (check_lock_length(lock->lk_offset, lock->lk_length))
3792                  return nfserr_inval;
3793 
3794         if ((status = fh_verify(rqstp, &cstate->current_fh,
3795                                 S_IFREG, NFSD_MAY_LOCK))) {
3796                 dprintk("NFSD: nfsd4_lock: permission denied!\n");
3797                 return status;
3798         }
3799 
3800         nfs4_lock_state();
3801 
3802         if (lock->lk_is_new) {
3803                 /*
3804                  * Client indicates that this is a new lockowner.
3805                  * Use open owner and open stateid to create lock owner and
3806                  * lock stateid.
3807                  */
3808                 struct nfs4_stateid *open_stp = NULL;
3809                 
3810                 status = nfserr_stale_clientid;
3811                 if (!nfsd4_has_session(cstate) &&
3812                     STALE_CLIENTID(&lock->lk_new_clientid))
3813                         goto out;
3814 
3815                 /* validate and update open stateid and open seqid */
3816                 status = nfs4_preprocess_seqid_op(cstate,
3817                                         lock->lk_new_open_seqid,
3818                                         &lock->lk_new_open_stateid,
3819                                         OPEN_STATE,
3820                                         &lock->lk_replay_owner, &open_stp,
3821                                         lock);
3822                 if (status)
3823                         goto out;
3824                 open_sop = lock->lk_replay_owner;
3825                 /* create lockowner and lock stateid */
3826                 fp = open_stp->st_file;
3827                 strhashval = lock_ownerstr_hashval(fp->fi_inode, 
3828                                 open_sop->so_client->cl_clientid.cl_id, 
3829                                 &lock->v.new.owner);
3830                 /* XXX: Do we need to check for duplicate stateowners on
3831                  * the same file, or should they just be allowed (and
3832                  * create new stateids)? */
3833                 status = nfserr_resource;
3834                 lock_sop = alloc_init_lock_stateowner(strhashval,
3835                                 open_sop->so_client, open_stp, lock);
3836                 if (lock_sop == NULL)
3837                         goto out;
3838                 lock_stp = alloc_init_lock_stateid(lock_sop, fp, open_stp);
3839                 if (lock_stp == NULL)
3840                         goto out;
3841         } else {
3842                 /* lock (lock owner + lock stateid) already exists */
3843                 status = nfs4_preprocess_seqid_op(cstate,
3844                                        lock->lk_old_lock_seqid, 
3845                                        &lock->lk_old_lock_stateid, 
3846                                        LOCK_STATE,
3847                                        &lock->lk_replay_owner, &lock_stp, lock);
3848                 if (status)
3849                         goto out;
3850                 lock_sop = lock->lk_replay_owner;
3851                 fp = lock_stp->st_file;
3852         }
3853         /* lock->lk_replay_owner and lock_stp have been created or found */
3854 
3855         status = nfserr_grace;
3856         if (locks_in_grace() && !lock->lk_reclaim)
3857                 goto out;
3858         status = nfserr_no_grace;
3859         if (!locks_in_grace() && lock->lk_reclaim)
3860                 goto out;
3861 
3862         locks_init_lock(&file_lock);
3863         switch (lock->lk_type) {
3864                 case NFS4_READ_LT:
3865                 case NFS4_READW_LT:
3866                         filp = find_readable_file(lock_stp->st_file);
3867                         if (filp)
3868                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
3869                         file_lock.fl_type = F_RDLCK;
3870                         break;
3871                 case NFS4_WRITE_LT:
3872                 case NFS4_WRITEW_LT:
3873                         filp = find_writeable_file(lock_stp->st_file);
3874                         if (filp)
3875                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
3876                         file_lock.fl_type = F_WRLCK;
3877                         break;
3878                 default:
3879                         status = nfserr_inval;
3880                 goto out;
3881         }
3882         if (!filp) {
3883                 status = nfserr_openmode;
3884                 goto out;
3885         }
3886         file_lock.fl_owner = (fl_owner_t)lock_sop;
3887         file_lock.fl_pid = current->tgid;
3888         file_lock.fl_file = filp;
3889         file_lock.fl_flags = FL_POSIX;
3890         file_lock.fl_lmops = &nfsd_posix_mng_ops;
3891 
3892         file_lock.fl_start = lock->lk_offset;
3893         file_lock.fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
3894         nfs4_transform_lock_offset(&file_lock);
3895 
3896         /*
3897         * Try to lock the file in the VFS.
3898         * Note: locks.c uses the BKL to protect the inode's lock list.
3899         */
3900 
3901         err = vfs_lock_file(filp, F_SETLK, &file_lock, &conflock);
3902         switch (-err) {
3903         case 0: /* success! */
3904                 update_stateid(&lock_stp->st_stateid);
3905                 memcpy(&lock->lk_resp_stateid, &lock_stp->st_stateid, 
3906                                 sizeof(stateid_t));
3907                 status = 0;
3908                 break;
3909         case (EAGAIN):          /* conflock holds conflicting lock */
3910                 status = nfserr_denied;
3911                 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
3912                 nfs4_set_lock_denied(&conflock, &lock->lk_denied);
3913                 break;
3914         case (EDEADLK):
3915                 status = nfserr_deadlock;
3916                 break;
3917         default:        
3918                 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
3919                 status = nfserr_resource;
3920                 break;
3921         }
3922 out:
3923         if (status && lock->lk_is_new && lock_sop)
3924                 release_lockowner(lock_sop);
3925         if (lock->lk_replay_owner) {
3926                 nfs4_get_stateowner(lock->lk_replay_owner);
3927                 cstate->replay_owner = lock->lk_replay_owner;
3928         }
3929         nfs4_unlock_state();
3930         return status;
3931 }
3932 
3933 /*
3934  * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
3935  * so we do a temporary open here just to get an open file to pass to
3936  * vfs_test_lock.  (Arguably perhaps test_lock should be done with an
3937  * inode operation.)
3938  */
3939 static int nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
3940 {
3941         struct file *file;
3942         int err;
3943 
3944         err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file);
3945         if (err)
3946                 return err;
3947         err = vfs_test_lock(file, lock);
3948         nfsd_close(file);
3949         return err;
3950 }
3951 
3952 /*
3953  * LOCKT operation
3954  */
3955 __be32
3956 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3957             struct nfsd4_lockt *lockt)
3958 {
3959         struct inode *inode;
3960         struct file_lock file_lock;
3961         int error;
3962         __be32 status;
3963 
3964         if (locks_in_grace())
3965                 return nfserr_grace;
3966 
3967         if (check_lock_length(lockt->lt_offset, lockt->lt_length))
3968                  return nfserr_inval;
3969 
3970         lockt->lt_stateowner = NULL;
3971         nfs4_lock_state();
3972 
3973         status = nfserr_stale_clientid;
3974         if (!nfsd4_has_session(cstate) && STALE_CLIENTID(&lockt->lt_clientid))
3975                 goto out;
3976 
3977         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) {
3978                 dprintk("NFSD: nfsd4_lockt: fh_verify() failed!\n");
3979                 if (status == nfserr_symlink)
3980                         status = nfserr_inval;
3981                 goto out;
3982         }
3983 
3984         inode = cstate->current_fh.fh_dentry->d_inode;
3985         locks_init_lock(&file_lock);
3986         switch (lockt->lt_type) {
3987                 case NFS4_READ_LT:
3988                 case NFS4_READW_LT:
3989                         file_lock.fl_type = F_RDLCK;
3990                 break;
3991                 case NFS4_WRITE_LT:
3992                 case NFS4_WRITEW_LT:
3993                         file_lock.fl_type = F_WRLCK;
3994                 break;
3995                 default:
3996                         dprintk("NFSD: nfs4_lockt: bad lock type!\n");
3997                         status = nfserr_inval;
3998                 goto out;
3999         }
4000 
4001         lockt->lt_stateowner = find_lockstateowner_str(inode,
4002                         &lockt->lt_clientid, &lockt->lt_owner);
4003         if (lockt->lt_stateowner)
4004                 file_lock.fl_owner = (fl_owner_t)lockt->lt_stateowner;
4005         file_lock.fl_pid = current->tgid;
4006         file_lock.fl_flags = FL_POSIX;
4007 
4008         file_lock.fl_start = lockt->lt_offset;
4009         file_lock.fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
4010 
4011         nfs4_transform_lock_offset(&file_lock);
4012 
4013         status = nfs_ok;
4014         error = nfsd_test_lock(rqstp, &cstate->current_fh, &file_lock);
4015         if (error) {
4016                 status = nfserrno(error);
4017                 goto out;
4018         }
4019         if (file_lock.fl_type != F_UNLCK) {
4020                 status = nfserr_denied;
4021                 nfs4_set_lock_denied(&file_lock, &lockt->lt_denied);
4022         }
4023 out:
4024         nfs4_unlock_state();
4025         return status;
4026 }
4027 
4028 __be32
4029 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4030             struct nfsd4_locku *locku)
4031 {
4032         struct nfs4_stateid *stp;
4033         struct file *filp = NULL;
4034         struct file_lock file_lock;
4035         __be32 status;
4036         int err;
4037                                                         
4038         dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
4039                 (long long) locku->lu_offset,
4040                 (long long) locku->lu_length);
4041 
4042         if (check_lock_length(locku->lu_offset, locku->lu_length))
4043                  return nfserr_inval;
4044 
4045         nfs4_lock_state();
4046                                                                                 
4047         if ((status = nfs4_preprocess_seqid_op(cstate,
4048                                         locku->lu_seqid, 
4049                                         &locku->lu_stateid, 
4050                                         LOCK_STATE,
4051                                         &locku->lu_stateowner, &stp, NULL)))
4052                 goto out;
4053 
4054         filp = find_any_file(stp->st_file);
4055         if (!filp) {
4056                 status = nfserr_lock_range;
4057                 goto out;
4058         }
4059         BUG_ON(!filp);
4060         locks_init_lock(&file_lock);
4061         file_lock.fl_type = F_UNLCK;
4062         file_lock.fl_owner = (fl_owner_t) locku->lu_stateowner;
4063         file_lock.fl_pid = current->tgid;
4064         file_lock.fl_file = filp;
4065         file_lock.fl_flags = FL_POSIX; 
4066         file_lock.fl_lmops = &nfsd_posix_mng_ops;
4067         file_lock.fl_start = locku->lu_offset;
4068 
4069         file_lock.fl_end = last_byte_offset(locku->lu_offset, locku->lu_length);
4070         nfs4_transform_lock_offset(&file_lock);
4071 
4072         /*
4073         *  Try to unlock the file in the VFS.
4074         */
4075         err = vfs_lock_file(filp, F_SETLK, &file_lock, NULL);
4076         if (err) {
4077                 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
4078                 goto out_nfserr;
4079         }
4080         /*
4081         * OK, unlock succeeded; the only thing left to do is update the stateid.
4082         */
4083         update_stateid(&stp->st_stateid);
4084         memcpy(&locku->lu_stateid, &stp->st_stateid, sizeof(stateid_t));
4085 
4086 out:
4087         if (locku->lu_stateowner) {
4088                 nfs4_get_stateowner(locku->lu_stateowner);
4089                 cstate->replay_owner = locku->lu_stateowner;
4090         }
4091         nfs4_unlock_state();
4092         return status;
4093 
4094 out_nfserr:
4095         status = nfserrno(err);
4096         goto out;
4097 }
4098 
4099 /*
4100  * returns
4101  *      1: locks held by lockowner
4102  *      0: no locks held by lockowner
4103  */
4104 static int
4105 check_for_locks(struct nfs4_file *filp, struct nfs4_stateowner *lowner)
4106 {
4107         struct file_lock **flpp;
4108         struct inode *inode = filp->fi_inode;
4109         int status = 0;
4110 
4111         lock_flocks();
4112         for (flpp = &inode->i_flock; *flpp != NULL; flpp = &(*flpp)->fl_next) {
4113                 if ((*flpp)->fl_owner == (fl_owner_t)lowner) {
4114                         status = 1;
4115                         goto out;
4116                 }
4117         }
4118 out:
4119         unlock_flocks();
4120         return status;
4121 }
4122 
4123 __be32
4124 nfsd4_release_lockowner(struct svc_rqst *rqstp,
4125                         struct nfsd4_compound_state *cstate,
4126                         struct nfsd4_release_lockowner *rlockowner)
4127 {
4128         clientid_t *clid = &rlockowner->rl_clientid;
4129         struct nfs4_stateowner *sop;
4130         struct nfs4_stateid *stp;
4131         struct xdr_netobj *owner = &rlockowner->rl_owner;
4132         struct list_head matches;
4133         int i;
4134         __be32 status;
4135 
4136         dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
4137                 clid->cl_boot, clid->cl_id);
4138 
4139         /* XXX check for lease expiration */
4140 
4141         status = nfserr_stale_clientid;
4142         if (STALE_CLIENTID(clid))
4143                 return status;
4144 
4145         nfs4_lock_state();
4146 
4147         status = nfserr_locks_held;
4148         /* XXX: we're doing a linear search through all the lockowners.
4149          * Yipes!  For now we'll just hope clients aren't really using
4150          * release_lockowner much, but eventually we have to fix these
4151          * data structures. */
4152         INIT_LIST_HEAD(&matches);
4153         for (i = 0; i < LOCK_HASH_SIZE; i++) {
4154                 list_for_each_entry(sop, &lock_ownerid_hashtbl[i], so_idhash) {
4155                         if (!same_owner_str(sop, owner, clid))
4156                                 continue;
4157                         list_for_each_entry(stp, &sop->so_stateids,
4158                                         st_perstateowner) {
4159                                 if (check_for_locks(stp->st_file, sop))
4160                                         goto out;
4161                                 /* Note: so_perclient unused for lockowners,
4162                                  * so it's OK to fool with here. */
4163                                 list_add(&sop->so_perclient, &matches);
4164                         }
4165                 }
4166         }
4167         /* Clients probably won't expect us to return with some (but not all)
4168          * of the lockowner state released; so don't release any until all
4169          * have been checked. */
4170         status = nfs_ok;
4171         while (!list_empty(&matches)) {
4172                 sop = list_entry(matches.next, struct nfs4_stateowner,
4173                                                                 so_perclient);
4174                 /* unhash_stateowner deletes so_perclient only
4175                  * for openowners. */
4176                 list_del(&sop->so_perclient);
4177                 release_lockowner(sop);
4178         }
4179 out:
4180         nfs4_unlock_state();
4181         return status;
4182 }
4183 
4184 static inline struct nfs4_client_reclaim *
4185 alloc_reclaim(void)
4186 {
4187         return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
4188 }
4189 
4190 int
4191 nfs4_has_reclaimed_state(const char *name, bool use_exchange_id)
4192 {
4193         unsigned int strhashval = clientstr_hashval(name);
4194         struct nfs4_client *clp;
4195 
4196         clp = find_confirmed_client_by_str(name, strhashval);
4197         return clp ? 1 : 0;
4198 }
4199 
4200 /*
4201  * failure => all reset bets are off, nfserr_no_grace...
4202  */
4203 int
4204 nfs4_client_to_reclaim(const char *name)
4205 {
4206         unsigned int strhashval;
4207         struct nfs4_client_reclaim *crp = NULL;
4208 
4209         dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name);
4210         crp = alloc_reclaim();
4211         if (!crp)
4212                 return 0;
4213         strhashval = clientstr_hashval(name);
4214         INIT_LIST_HEAD(&crp->cr_strhash);
4215         list_add(&crp->cr_strhash, &reclaim_str_hashtbl[strhashval]);
4216         memcpy(crp->cr_recdir, name, HEXDIR_LEN);
4217         reclaim_str_hashtbl_size++;
4218         return 1;
4219 }
4220 
4221 static void
4222 nfs4_release_reclaim(void)
4223 {
4224         struct nfs4_client_reclaim *crp = NULL;
4225         int i;
4226 
4227         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4228                 while (!list_empty(&reclaim_str_hashtbl[i])) {
4229                         crp = list_entry(reclaim_str_hashtbl[i].next,
4230                                         struct nfs4_client_reclaim, cr_strhash);
4231                         list_del(&crp->cr_strhash);
4232                         kfree(crp);
4233                         reclaim_str_hashtbl_size--;
4234                 }
4235         }
4236         BUG_ON(reclaim_str_hashtbl_size);
4237 }
4238 
4239 /*
4240  * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
4241 static struct nfs4_client_reclaim *
4242 nfs4_find_reclaim_client(clientid_t *clid)
4243 {
4244         unsigned int strhashval;
4245         struct nfs4_client *clp;
4246         struct nfs4_client_reclaim *crp = NULL;
4247 
4248 
4249         /* find clientid in conf_id_hashtbl */
4250         clp = find_confirmed_client(clid);
4251         if (clp == NULL)
4252                 return NULL;
4253 
4254         dprintk("NFSD: nfs4_find_reclaim_client for %.*s with recdir %s\n",
4255                             clp->cl_name.len, clp->cl_name.data,
4256                             clp->cl_recdir);
4257 
4258         /* find clp->cl_name in reclaim_str_hashtbl */
4259         strhashval = clientstr_hashval(clp->cl_recdir);
4260         list_for_each_entry(crp, &reclaim_str_hashtbl[strhashval], cr_strhash) {
4261                 if (same_name(crp->cr_recdir, clp->cl_recdir)) {
4262                         return crp;
4263                 }
4264         }
4265         return NULL;
4266 }
4267 
4268 /*
4269 * Called from OPEN. Look for clientid in reclaim list.
4270 */
4271 __be32
4272 nfs4_check_open_reclaim(clientid_t *clid)
4273 {
4274         return nfs4_find_reclaim_client(clid) ? nfs_ok : nfserr_reclaim_bad;
4275 }
4276 
4277 /* initialization to perform at module load time: */
4278 
4279 int
4280 nfs4_state_init(void)
4281 {
4282         int i, status;
4283 
4284         status = nfsd4_init_slabs();
4285         if (status)
4286                 return status;
4287         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4288                 INIT_LIST_HEAD(&conf_id_hashtbl[i]);
4289                 INIT_LIST_HEAD(&conf_str_hashtbl[i]);
4290                 INIT_LIST_HEAD(&unconf_str_hashtbl[i]);
4291                 INIT_LIST_HEAD(&unconf_id_hashtbl[i]);
4292                 INIT_LIST_HEAD(&reclaim_str_hashtbl[i]);
4293         }
4294         for (i = 0; i < SESSION_HASH_SIZE; i++)
4295                 INIT_LIST_HEAD(&sessionid_hashtbl[i]);
4296         for (i = 0; i < FILE_HASH_SIZE; i++) {
4297                 INIT_LIST_HEAD(&file_hashtbl[i]);
4298         }
4299         for (i = 0; i < OWNER_HASH_SIZE; i++) {
4300                 INIT_LIST_HEAD(&ownerstr_hashtbl[i]);
4301                 INIT_LIST_HEAD(&ownerid_hashtbl[i]);
4302         }
4303         for (i = 0; i < STATEID_HASH_SIZE; i++) {
4304                 INIT_LIST_HEAD(&stateid_hashtbl[i]);
4305                 INIT_LIST_HEAD(&lockstateid_hashtbl[i]);
4306         }
4307         for (i = 0; i < LOCK_HASH_SIZE; i++) {
4308                 INIT_LIST_HEAD(&lock_ownerid_hashtbl[i]);
4309                 INIT_LIST_HEAD(&lock_ownerstr_hashtbl[i]);
4310         }
4311         memset(&onestateid, ~0, sizeof(stateid_t));
4312         INIT_LIST_HEAD(&close_lru);
4313         INIT_LIST_HEAD(&client_lru);
4314         INIT_LIST_HEAD(&del_recall_lru);
4315         reclaim_str_hashtbl_size = 0;
4316         return 0;
4317 }
4318 
4319 static void
4320 nfsd4_load_reboot_recovery_data(void)
4321 {
4322         int status;
4323 
4324         nfs4_lock_state();
4325         nfsd4_init_recdir(user_recovery_dirname);
4326         status = nfsd4_recdir_load();
4327         nfs4_unlock_state();
4328         if (status)
4329                 printk("NFSD: Failure reading reboot recovery data\n");
4330 }
4331 
4332 /*
4333  * Since the lifetime of a delegation isn't limited to that of an open, a
4334  * client may quite reasonably hang on to a delegation as long as it has
4335  * the inode cached.  This becomes an obvious problem the first time a
4336  * client's inode cache approaches the size of the server's total memory.
4337  *
4338  * For now we avoid this problem by imposing a hard limit on the number
4339  * of delegations, which varies according to the server's memory size.
4340  */
4341 static void
4342 set_max_delegations(void)
4343 {
4344         /*
4345          * Allow at most 4 delegations per megabyte of RAM.  Quick
4346          * estimates suggest that in the worst case (where every delegation
4347          * is for a different inode), a delegation could take about 1.5K,
4348          * giving a worst case usage of about 6% of memory.
4349          */
4350         max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT);
4351 }
4352 
4353 /* initialization to perform when the nfsd service is started: */
4354 
4355 static int
4356 __nfs4_state_start(void)
4357 {
4358         int ret;
4359 
4360         boot_time = get_seconds();
4361         locks_start_grace(&nfsd4_manager);
4362         printk(KERN_INFO "NFSD: starting %ld-second grace period\n",
4363                nfsd4_grace);
4364         ret = set_callback_cred();
4365         if (ret)
4366                 return -ENOMEM;
4367         laundry_wq = create_singlethread_workqueue("nfsd4");
4368         if (laundry_wq == NULL)
4369                 return -ENOMEM;
4370         ret = nfsd4_create_callback_queue();
4371         if (ret)
4372                 goto out_free_laundry;
4373         queue_delayed_work(laundry_wq, &laundromat_work, nfsd4_grace * HZ);
4374         set_max_delegations();
4375         return 0;
4376 out_free_laundry:
4377         destroy_workqueue(laundry_wq);
4378         return ret;
4379 }
4380 
4381 int
4382 nfs4_state_start(void)
4383 {
4384         nfsd4_load_reboot_recovery_data();
4385         return __nfs4_state_start();
4386 }
4387 
4388 static void
4389 __nfs4_state_shutdown(void)
4390 {
4391         int i;
4392         struct nfs4_client *clp = NULL;
4393         struct nfs4_delegation *dp = NULL;
4394         struct list_head *pos, *next, reaplist;
4395 
4396         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4397                 while (!list_empty(&conf_id_hashtbl[i])) {
4398                         clp = list_entry(conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
4399                         expire_client(clp);
4400                 }
4401                 while (!list_empty(&unconf_str_hashtbl[i])) {
4402                         clp = list_entry(unconf_str_hashtbl[i].next, struct nfs4_client, cl_strhash);
4403                         expire_client(clp);
4404                 }
4405         }
4406         INIT_LIST_HEAD(&reaplist);
4407         spin_lock(&recall_lock);
4408         list_for_each_safe(pos, next, &del_recall_lru) {
4409                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4410                 list_move(&dp->dl_recall_lru, &reaplist);
4411         }
4412         spin_unlock(&recall_lock);
4413         list_for_each_safe(pos, next, &reaplist) {
4414                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4415                 list_del_init(&dp->dl_recall_lru);
4416                 unhash_delegation(dp);
4417         }
4418 
4419         nfsd4_shutdown_recdir();
4420 }
4421 
4422 void
4423 nfs4_state_shutdown(void)
4424 {
4425         cancel_delayed_work_sync(&laundromat_work);
4426         destroy_workqueue(laundry_wq);
4427         locks_end_grace(&nfsd4_manager);
4428         nfs4_lock_state();
4429         nfs4_release_reclaim();
4430         __nfs4_state_shutdown();
4431         nfs4_unlock_state();
4432         nfsd4_destroy_callback_queue();
4433 }
4434 
4435 /*
4436  * user_recovery_dirname is protected by the nfsd_mutex since it's only
4437  * accessed when nfsd is starting.
4438  */
4439 static void
4440 nfs4_set_recdir(char *recdir)
4441 {
4442         strcpy(user_recovery_dirname, recdir);
4443 }
4444 
4445 /*
4446  * Change the NFSv4 recovery directory to recdir.
4447  */
4448 int
4449 nfs4_reset_recoverydir(char *recdir)
4450 {
4451         int status;
4452         struct path path;
4453 
4454         status = kern_path(recdir, LOOKUP_FOLLOW, &path);
4455         if (status)
4456                 return status;
4457         status = -ENOTDIR;
4458         if (S_ISDIR(path.dentry->d_inode->i_mode)) {
4459                 nfs4_set_recdir(recdir);
4460                 status = 0;
4461         }
4462         path_put(&path);
4463         return status;
4464 }
4465 
4466 char *
4467 nfs4_recoverydir(void)
4468 {
4469         return user_recovery_dirname;
4470 }
4471 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp