~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/nfsd/nfs4state.c

Version: ~ [ linux-5.9 ] ~ [ linux-5.8.14 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.70 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.150 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.200 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.238 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.238 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2 *  Copyright (c) 2001 The Regents of the University of Michigan.
  3 *  All rights reserved.
  4 *
  5 *  Kendrick Smith <kmsmith@umich.edu>
  6 *  Andy Adamson <kandros@umich.edu>
  7 *
  8 *  Redistribution and use in source and binary forms, with or without
  9 *  modification, are permitted provided that the following conditions
 10 *  are met:
 11 *
 12 *  1. Redistributions of source code must retain the above copyright
 13 *     notice, this list of conditions and the following disclaimer.
 14 *  2. Redistributions in binary form must reproduce the above copyright
 15 *     notice, this list of conditions and the following disclaimer in the
 16 *     documentation and/or other materials provided with the distribution.
 17 *  3. Neither the name of the University nor the names of its
 18 *     contributors may be used to endorse or promote products derived
 19 *     from this software without specific prior written permission.
 20 *
 21 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 22 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 23 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 24 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 25 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 26 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 27 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 28 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 29 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 30 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 31 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 32 *
 33 */
 34 
 35 #include <linux/file.h>
 36 #include <linux/fs.h>
 37 #include <linux/slab.h>
 38 #include <linux/namei.h>
 39 #include <linux/swap.h>
 40 #include <linux/pagemap.h>
 41 #include <linux/ratelimit.h>
 42 #include <linux/sunrpc/svcauth_gss.h>
 43 #include <linux/sunrpc/addr.h>
 44 #include <linux/jhash.h>
 45 #include "xdr4.h"
 46 #include "xdr4cb.h"
 47 #include "vfs.h"
 48 #include "current_stateid.h"
 49 
 50 #include "netns.h"
 51 #include "pnfs.h"
 52 
 53 #define NFSDDBG_FACILITY                NFSDDBG_PROC
 54 
 55 #define all_ones {{~0,~0},~0}
 56 static const stateid_t one_stateid = {
 57         .si_generation = ~0,
 58         .si_opaque = all_ones,
 59 };
 60 static const stateid_t zero_stateid = {
 61         /* all fields zero */
 62 };
 63 static const stateid_t currentstateid = {
 64         .si_generation = 1,
 65 };
 66 
 67 static u64 current_sessionid = 1;
 68 
 69 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
 70 #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
 71 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
 72 
 73 /* forward declarations */
 74 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
 75 static void nfs4_free_ol_stateid(struct nfs4_stid *stid);
 76 
 77 /* Locking: */
 78 
 79 /*
 80  * Currently used for the del_recall_lru and file hash table.  In an
 81  * effort to decrease the scope of the client_mutex, this spinlock may
 82  * eventually cover more:
 83  */
 84 static DEFINE_SPINLOCK(state_lock);
 85 
 86 /*
 87  * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for
 88  * the refcount on the open stateid to drop.
 89  */
 90 static DECLARE_WAIT_QUEUE_HEAD(close_wq);
 91 
 92 static struct kmem_cache *openowner_slab;
 93 static struct kmem_cache *lockowner_slab;
 94 static struct kmem_cache *file_slab;
 95 static struct kmem_cache *stateid_slab;
 96 static struct kmem_cache *deleg_slab;
 97 static struct kmem_cache *odstate_slab;
 98 
 99 static void free_session(struct nfsd4_session *);
100 
101 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops;
102 
103 static bool is_session_dead(struct nfsd4_session *ses)
104 {
105         return ses->se_flags & NFS4_SESSION_DEAD;
106 }
107 
108 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)
109 {
110         if (atomic_read(&ses->se_ref) > ref_held_by_me)
111                 return nfserr_jukebox;
112         ses->se_flags |= NFS4_SESSION_DEAD;
113         return nfs_ok;
114 }
115 
116 static bool is_client_expired(struct nfs4_client *clp)
117 {
118         return clp->cl_time == 0;
119 }
120 
121 static __be32 get_client_locked(struct nfs4_client *clp)
122 {
123         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
124 
125         lockdep_assert_held(&nn->client_lock);
126 
127         if (is_client_expired(clp))
128                 return nfserr_expired;
129         atomic_inc(&clp->cl_refcount);
130         return nfs_ok;
131 }
132 
133 /* must be called under the client_lock */
134 static inline void
135 renew_client_locked(struct nfs4_client *clp)
136 {
137         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
138 
139         if (is_client_expired(clp)) {
140                 WARN_ON(1);
141                 printk("%s: client (clientid %08x/%08x) already expired\n",
142                         __func__,
143                         clp->cl_clientid.cl_boot,
144                         clp->cl_clientid.cl_id);
145                 return;
146         }
147 
148         dprintk("renewing client (clientid %08x/%08x)\n",
149                         clp->cl_clientid.cl_boot,
150                         clp->cl_clientid.cl_id);
151         list_move_tail(&clp->cl_lru, &nn->client_lru);
152         clp->cl_time = get_seconds();
153 }
154 
155 static void put_client_renew_locked(struct nfs4_client *clp)
156 {
157         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
158 
159         lockdep_assert_held(&nn->client_lock);
160 
161         if (!atomic_dec_and_test(&clp->cl_refcount))
162                 return;
163         if (!is_client_expired(clp))
164                 renew_client_locked(clp);
165 }
166 
167 static void put_client_renew(struct nfs4_client *clp)
168 {
169         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
170 
171         if (!atomic_dec_and_lock(&clp->cl_refcount, &nn->client_lock))
172                 return;
173         if (!is_client_expired(clp))
174                 renew_client_locked(clp);
175         spin_unlock(&nn->client_lock);
176 }
177 
178 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses)
179 {
180         __be32 status;
181 
182         if (is_session_dead(ses))
183                 return nfserr_badsession;
184         status = get_client_locked(ses->se_client);
185         if (status)
186                 return status;
187         atomic_inc(&ses->se_ref);
188         return nfs_ok;
189 }
190 
191 static void nfsd4_put_session_locked(struct nfsd4_session *ses)
192 {
193         struct nfs4_client *clp = ses->se_client;
194         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
195 
196         lockdep_assert_held(&nn->client_lock);
197 
198         if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))
199                 free_session(ses);
200         put_client_renew_locked(clp);
201 }
202 
203 static void nfsd4_put_session(struct nfsd4_session *ses)
204 {
205         struct nfs4_client *clp = ses->se_client;
206         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
207 
208         spin_lock(&nn->client_lock);
209         nfsd4_put_session_locked(ses);
210         spin_unlock(&nn->client_lock);
211 }
212 
213 static inline struct nfs4_stateowner *
214 nfs4_get_stateowner(struct nfs4_stateowner *sop)
215 {
216         atomic_inc(&sop->so_count);
217         return sop;
218 }
219 
220 static int
221 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner)
222 {
223         return (sop->so_owner.len == owner->len) &&
224                 0 == memcmp(sop->so_owner.data, owner->data, owner->len);
225 }
226 
227 static struct nfs4_openowner *
228 find_openstateowner_str_locked(unsigned int hashval, struct nfsd4_open *open,
229                         struct nfs4_client *clp)
230 {
231         struct nfs4_stateowner *so;
232 
233         lockdep_assert_held(&clp->cl_lock);
234 
235         list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval],
236                             so_strhash) {
237                 if (!so->so_is_open_owner)
238                         continue;
239                 if (same_owner_str(so, &open->op_owner))
240                         return openowner(nfs4_get_stateowner(so));
241         }
242         return NULL;
243 }
244 
245 static struct nfs4_openowner *
246 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open,
247                         struct nfs4_client *clp)
248 {
249         struct nfs4_openowner *oo;
250 
251         spin_lock(&clp->cl_lock);
252         oo = find_openstateowner_str_locked(hashval, open, clp);
253         spin_unlock(&clp->cl_lock);
254         return oo;
255 }
256 
257 static inline u32
258 opaque_hashval(const void *ptr, int nbytes)
259 {
260         unsigned char *cptr = (unsigned char *) ptr;
261 
262         u32 x = 0;
263         while (nbytes--) {
264                 x *= 37;
265                 x += *cptr++;
266         }
267         return x;
268 }
269 
270 static void nfsd4_free_file_rcu(struct rcu_head *rcu)
271 {
272         struct nfs4_file *fp = container_of(rcu, struct nfs4_file, fi_rcu);
273 
274         kmem_cache_free(file_slab, fp);
275 }
276 
277 void
278 put_nfs4_file(struct nfs4_file *fi)
279 {
280         might_lock(&state_lock);
281 
282         if (atomic_dec_and_lock(&fi->fi_ref, &state_lock)) {
283                 hlist_del_rcu(&fi->fi_hash);
284                 spin_unlock(&state_lock);
285                 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate));
286                 WARN_ON_ONCE(!list_empty(&fi->fi_delegations));
287                 call_rcu(&fi->fi_rcu, nfsd4_free_file_rcu);
288         }
289 }
290 
291 static struct file *
292 __nfs4_get_fd(struct nfs4_file *f, int oflag)
293 {
294         if (f->fi_fds[oflag])
295                 return get_file(f->fi_fds[oflag]);
296         return NULL;
297 }
298 
299 static struct file *
300 find_writeable_file_locked(struct nfs4_file *f)
301 {
302         struct file *ret;
303 
304         lockdep_assert_held(&f->fi_lock);
305 
306         ret = __nfs4_get_fd(f, O_WRONLY);
307         if (!ret)
308                 ret = __nfs4_get_fd(f, O_RDWR);
309         return ret;
310 }
311 
312 static struct file *
313 find_writeable_file(struct nfs4_file *f)
314 {
315         struct file *ret;
316 
317         spin_lock(&f->fi_lock);
318         ret = find_writeable_file_locked(f);
319         spin_unlock(&f->fi_lock);
320 
321         return ret;
322 }
323 
324 static struct file *find_readable_file_locked(struct nfs4_file *f)
325 {
326         struct file *ret;
327 
328         lockdep_assert_held(&f->fi_lock);
329 
330         ret = __nfs4_get_fd(f, O_RDONLY);
331         if (!ret)
332                 ret = __nfs4_get_fd(f, O_RDWR);
333         return ret;
334 }
335 
336 static struct file *
337 find_readable_file(struct nfs4_file *f)
338 {
339         struct file *ret;
340 
341         spin_lock(&f->fi_lock);
342         ret = find_readable_file_locked(f);
343         spin_unlock(&f->fi_lock);
344 
345         return ret;
346 }
347 
348 struct file *
349 find_any_file(struct nfs4_file *f)
350 {
351         struct file *ret;
352 
353         spin_lock(&f->fi_lock);
354         ret = __nfs4_get_fd(f, O_RDWR);
355         if (!ret) {
356                 ret = __nfs4_get_fd(f, O_WRONLY);
357                 if (!ret)
358                         ret = __nfs4_get_fd(f, O_RDONLY);
359         }
360         spin_unlock(&f->fi_lock);
361         return ret;
362 }
363 
364 static atomic_long_t num_delegations;
365 unsigned long max_delegations;
366 
367 /*
368  * Open owner state (share locks)
369  */
370 
371 /* hash tables for lock and open owners */
372 #define OWNER_HASH_BITS              8
373 #define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
374 #define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)
375 
376 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername)
377 {
378         unsigned int ret;
379 
380         ret = opaque_hashval(ownername->data, ownername->len);
381         return ret & OWNER_HASH_MASK;
382 }
383 
384 /* hash table for nfs4_file */
385 #define FILE_HASH_BITS                   8
386 #define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)
387 
388 static unsigned int nfsd_fh_hashval(struct knfsd_fh *fh)
389 {
390         return jhash2(fh->fh_base.fh_pad, XDR_QUADLEN(fh->fh_size), 0);
391 }
392 
393 static unsigned int file_hashval(struct knfsd_fh *fh)
394 {
395         return nfsd_fh_hashval(fh) & (FILE_HASH_SIZE - 1);
396 }
397 
398 static struct hlist_head file_hashtbl[FILE_HASH_SIZE];
399 
400 static void
401 __nfs4_file_get_access(struct nfs4_file *fp, u32 access)
402 {
403         lockdep_assert_held(&fp->fi_lock);
404 
405         if (access & NFS4_SHARE_ACCESS_WRITE)
406                 atomic_inc(&fp->fi_access[O_WRONLY]);
407         if (access & NFS4_SHARE_ACCESS_READ)
408                 atomic_inc(&fp->fi_access[O_RDONLY]);
409 }
410 
411 static __be32
412 nfs4_file_get_access(struct nfs4_file *fp, u32 access)
413 {
414         lockdep_assert_held(&fp->fi_lock);
415 
416         /* Does this access mode make sense? */
417         if (access & ~NFS4_SHARE_ACCESS_BOTH)
418                 return nfserr_inval;
419 
420         /* Does it conflict with a deny mode already set? */
421         if ((access & fp->fi_share_deny) != 0)
422                 return nfserr_share_denied;
423 
424         __nfs4_file_get_access(fp, access);
425         return nfs_ok;
426 }
427 
428 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny)
429 {
430         /* Common case is that there is no deny mode. */
431         if (deny) {
432                 /* Does this deny mode make sense? */
433                 if (deny & ~NFS4_SHARE_DENY_BOTH)
434                         return nfserr_inval;
435 
436                 if ((deny & NFS4_SHARE_DENY_READ) &&
437                     atomic_read(&fp->fi_access[O_RDONLY]))
438                         return nfserr_share_denied;
439 
440                 if ((deny & NFS4_SHARE_DENY_WRITE) &&
441                     atomic_read(&fp->fi_access[O_WRONLY]))
442                         return nfserr_share_denied;
443         }
444         return nfs_ok;
445 }
446 
447 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
448 {
449         might_lock(&fp->fi_lock);
450 
451         if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) {
452                 struct file *f1 = NULL;
453                 struct file *f2 = NULL;
454 
455                 swap(f1, fp->fi_fds[oflag]);
456                 if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
457                         swap(f2, fp->fi_fds[O_RDWR]);
458                 spin_unlock(&fp->fi_lock);
459                 if (f1)
460                         fput(f1);
461                 if (f2)
462                         fput(f2);
463         }
464 }
465 
466 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access)
467 {
468         WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH);
469 
470         if (access & NFS4_SHARE_ACCESS_WRITE)
471                 __nfs4_file_put_access(fp, O_WRONLY);
472         if (access & NFS4_SHARE_ACCESS_READ)
473                 __nfs4_file_put_access(fp, O_RDONLY);
474 }
475 
476 /*
477  * Allocate a new open/delegation state counter. This is needed for
478  * pNFS for proper return on close semantics.
479  *
480  * Note that we only allocate it for pNFS-enabled exports, otherwise
481  * all pointers to struct nfs4_clnt_odstate are always NULL.
482  */
483 static struct nfs4_clnt_odstate *
484 alloc_clnt_odstate(struct nfs4_client *clp)
485 {
486         struct nfs4_clnt_odstate *co;
487 
488         co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL);
489         if (co) {
490                 co->co_client = clp;
491                 atomic_set(&co->co_odcount, 1);
492         }
493         return co;
494 }
495 
496 static void
497 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co)
498 {
499         struct nfs4_file *fp = co->co_file;
500 
501         lockdep_assert_held(&fp->fi_lock);
502         list_add(&co->co_perfile, &fp->fi_clnt_odstate);
503 }
504 
505 static inline void
506 get_clnt_odstate(struct nfs4_clnt_odstate *co)
507 {
508         if (co)
509                 atomic_inc(&co->co_odcount);
510 }
511 
512 static void
513 put_clnt_odstate(struct nfs4_clnt_odstate *co)
514 {
515         struct nfs4_file *fp;
516 
517         if (!co)
518                 return;
519 
520         fp = co->co_file;
521         if (atomic_dec_and_lock(&co->co_odcount, &fp->fi_lock)) {
522                 list_del(&co->co_perfile);
523                 spin_unlock(&fp->fi_lock);
524 
525                 nfsd4_return_all_file_layouts(co->co_client, fp);
526                 kmem_cache_free(odstate_slab, co);
527         }
528 }
529 
530 static struct nfs4_clnt_odstate *
531 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new)
532 {
533         struct nfs4_clnt_odstate *co;
534         struct nfs4_client *cl;
535 
536         if (!new)
537                 return NULL;
538 
539         cl = new->co_client;
540 
541         spin_lock(&fp->fi_lock);
542         list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) {
543                 if (co->co_client == cl) {
544                         get_clnt_odstate(co);
545                         goto out;
546                 }
547         }
548         co = new;
549         co->co_file = fp;
550         hash_clnt_odstate_locked(new);
551 out:
552         spin_unlock(&fp->fi_lock);
553         return co;
554 }
555 
556 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl,
557                                          struct kmem_cache *slab)
558 {
559         struct nfs4_stid *stid;
560         int new_id;
561 
562         stid = kmem_cache_zalloc(slab, GFP_KERNEL);
563         if (!stid)
564                 return NULL;
565 
566         idr_preload(GFP_KERNEL);
567         spin_lock(&cl->cl_lock);
568         new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 0, 0, GFP_NOWAIT);
569         spin_unlock(&cl->cl_lock);
570         idr_preload_end();
571         if (new_id < 0)
572                 goto out_free;
573         stid->sc_client = cl;
574         stid->sc_stateid.si_opaque.so_id = new_id;
575         stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid;
576         /* Will be incremented before return to client: */
577         atomic_set(&stid->sc_count, 1);
578         spin_lock_init(&stid->sc_lock);
579 
580         /*
581          * It shouldn't be a problem to reuse an opaque stateid value.
582          * I don't think it is for 4.1.  But with 4.0 I worry that, for
583          * example, a stray write retransmission could be accepted by
584          * the server when it should have been rejected.  Therefore,
585          * adopt a trick from the sctp code to attempt to maximize the
586          * amount of time until an id is reused, by ensuring they always
587          * "increase" (mod INT_MAX):
588          */
589         return stid;
590 out_free:
591         kmem_cache_free(slab, stid);
592         return NULL;
593 }
594 
595 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp)
596 {
597         struct nfs4_stid *stid;
598         struct nfs4_ol_stateid *stp;
599 
600         stid = nfs4_alloc_stid(clp, stateid_slab);
601         if (!stid)
602                 return NULL;
603 
604         stp = openlockstateid(stid);
605         stp->st_stid.sc_free = nfs4_free_ol_stateid;
606         return stp;
607 }
608 
609 static void nfs4_free_deleg(struct nfs4_stid *stid)
610 {
611         kmem_cache_free(deleg_slab, stid);
612         atomic_long_dec(&num_delegations);
613 }
614 
615 /*
616  * When we recall a delegation, we should be careful not to hand it
617  * out again straight away.
618  * To ensure this we keep a pair of bloom filters ('new' and 'old')
619  * in which the filehandles of recalled delegations are "stored".
620  * If a filehandle appear in either filter, a delegation is blocked.
621  * When a delegation is recalled, the filehandle is stored in the "new"
622  * filter.
623  * Every 30 seconds we swap the filters and clear the "new" one,
624  * unless both are empty of course.
625  *
626  * Each filter is 256 bits.  We hash the filehandle to 32bit and use the
627  * low 3 bytes as hash-table indices.
628  *
629  * 'blocked_delegations_lock', which is always taken in block_delegations(),
630  * is used to manage concurrent access.  Testing does not need the lock
631  * except when swapping the two filters.
632  */
633 static DEFINE_SPINLOCK(blocked_delegations_lock);
634 static struct bloom_pair {
635         int     entries, old_entries;
636         time_t  swap_time;
637         int     new; /* index into 'set' */
638         DECLARE_BITMAP(set[2], 256);
639 } blocked_delegations;
640 
641 static int delegation_blocked(struct knfsd_fh *fh)
642 {
643         u32 hash;
644         struct bloom_pair *bd = &blocked_delegations;
645 
646         if (bd->entries == 0)
647                 return 0;
648         if (seconds_since_boot() - bd->swap_time > 30) {
649                 spin_lock(&blocked_delegations_lock);
650                 if (seconds_since_boot() - bd->swap_time > 30) {
651                         bd->entries -= bd->old_entries;
652                         bd->old_entries = bd->entries;
653                         memset(bd->set[bd->new], 0,
654                                sizeof(bd->set[0]));
655                         bd->new = 1-bd->new;
656                         bd->swap_time = seconds_since_boot();
657                 }
658                 spin_unlock(&blocked_delegations_lock);
659         }
660         hash = jhash(&fh->fh_base, fh->fh_size, 0);
661         if (test_bit(hash&255, bd->set[0]) &&
662             test_bit((hash>>8)&255, bd->set[0]) &&
663             test_bit((hash>>16)&255, bd->set[0]))
664                 return 1;
665 
666         if (test_bit(hash&255, bd->set[1]) &&
667             test_bit((hash>>8)&255, bd->set[1]) &&
668             test_bit((hash>>16)&255, bd->set[1]))
669                 return 1;
670 
671         return 0;
672 }
673 
674 static void block_delegations(struct knfsd_fh *fh)
675 {
676         u32 hash;
677         struct bloom_pair *bd = &blocked_delegations;
678 
679         hash = jhash(&fh->fh_base, fh->fh_size, 0);
680 
681         spin_lock(&blocked_delegations_lock);
682         __set_bit(hash&255, bd->set[bd->new]);
683         __set_bit((hash>>8)&255, bd->set[bd->new]);
684         __set_bit((hash>>16)&255, bd->set[bd->new]);
685         if (bd->entries == 0)
686                 bd->swap_time = seconds_since_boot();
687         bd->entries += 1;
688         spin_unlock(&blocked_delegations_lock);
689 }
690 
691 static struct nfs4_delegation *
692 alloc_init_deleg(struct nfs4_client *clp, struct svc_fh *current_fh,
693                  struct nfs4_clnt_odstate *odstate)
694 {
695         struct nfs4_delegation *dp;
696         long n;
697 
698         dprintk("NFSD alloc_init_deleg\n");
699         n = atomic_long_inc_return(&num_delegations);
700         if (n < 0 || n > max_delegations)
701                 goto out_dec;
702         if (delegation_blocked(&current_fh->fh_handle))
703                 goto out_dec;
704         dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab));
705         if (dp == NULL)
706                 goto out_dec;
707 
708         dp->dl_stid.sc_free = nfs4_free_deleg;
709         /*
710          * delegation seqid's are never incremented.  The 4.1 special
711          * meaning of seqid 0 isn't meaningful, really, but let's avoid
712          * 0 anyway just for consistency and use 1:
713          */
714         dp->dl_stid.sc_stateid.si_generation = 1;
715         INIT_LIST_HEAD(&dp->dl_perfile);
716         INIT_LIST_HEAD(&dp->dl_perclnt);
717         INIT_LIST_HEAD(&dp->dl_recall_lru);
718         dp->dl_clnt_odstate = odstate;
719         get_clnt_odstate(odstate);
720         dp->dl_type = NFS4_OPEN_DELEGATE_READ;
721         dp->dl_retries = 1;
722         nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client,
723                       &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL);
724         return dp;
725 out_dec:
726         atomic_long_dec(&num_delegations);
727         return NULL;
728 }
729 
730 void
731 nfs4_put_stid(struct nfs4_stid *s)
732 {
733         struct nfs4_file *fp = s->sc_file;
734         struct nfs4_client *clp = s->sc_client;
735 
736         might_lock(&clp->cl_lock);
737 
738         if (!atomic_dec_and_lock(&s->sc_count, &clp->cl_lock)) {
739                 wake_up_all(&close_wq);
740                 return;
741         }
742         idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
743         spin_unlock(&clp->cl_lock);
744         s->sc_free(s);
745         if (fp)
746                 put_nfs4_file(fp);
747 }
748 
749 void
750 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid)
751 {
752         stateid_t *src = &stid->sc_stateid;
753 
754         spin_lock(&stid->sc_lock);
755         if (unlikely(++src->si_generation == 0))
756                 src->si_generation = 1;
757         memcpy(dst, src, sizeof(*dst));
758         spin_unlock(&stid->sc_lock);
759 }
760 
761 static void nfs4_put_deleg_lease(struct nfs4_file *fp)
762 {
763         struct file *filp = NULL;
764 
765         spin_lock(&fp->fi_lock);
766         if (fp->fi_deleg_file && --fp->fi_delegees == 0)
767                 swap(filp, fp->fi_deleg_file);
768         spin_unlock(&fp->fi_lock);
769 
770         if (filp) {
771                 vfs_setlease(filp, F_UNLCK, NULL, (void **)&fp);
772                 fput(filp);
773         }
774 }
775 
776 void nfs4_unhash_stid(struct nfs4_stid *s)
777 {
778         s->sc_type = 0;
779 }
780 
781 /**
782  * nfs4_get_existing_delegation - Discover if this delegation already exists
783  * @clp:     a pointer to the nfs4_client we're granting a delegation to
784  * @fp:      a pointer to the nfs4_file we're granting a delegation on
785  *
786  * Return:
787  *      On success: NULL if an existing delegation was not found.
788  *
789  *      On error: -EAGAIN if one was previously granted to this nfs4_client
790  *                 for this nfs4_file.
791  *
792  */
793 
794 static int
795 nfs4_get_existing_delegation(struct nfs4_client *clp, struct nfs4_file *fp)
796 {
797         struct nfs4_delegation *searchdp = NULL;
798         struct nfs4_client *searchclp = NULL;
799 
800         lockdep_assert_held(&state_lock);
801         lockdep_assert_held(&fp->fi_lock);
802 
803         list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) {
804                 searchclp = searchdp->dl_stid.sc_client;
805                 if (clp == searchclp) {
806                         return -EAGAIN;
807                 }
808         }
809         return 0;
810 }
811 
812 /**
813  * hash_delegation_locked - Add a delegation to the appropriate lists
814  * @dp:     a pointer to the nfs4_delegation we are adding.
815  * @fp:     a pointer to the nfs4_file we're granting a delegation on
816  *
817  * Return:
818  *      On success: NULL if the delegation was successfully hashed.
819  *
820  *      On error: -EAGAIN if one was previously granted to this
821  *                 nfs4_client for this nfs4_file. Delegation is not hashed.
822  *
823  */
824 
825 static int
826 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp)
827 {
828         int status;
829         struct nfs4_client *clp = dp->dl_stid.sc_client;
830 
831         lockdep_assert_held(&state_lock);
832         lockdep_assert_held(&fp->fi_lock);
833 
834         status = nfs4_get_existing_delegation(clp, fp);
835         if (status)
836                 return status;
837         ++fp->fi_delegees;
838         atomic_inc(&dp->dl_stid.sc_count);
839         dp->dl_stid.sc_type = NFS4_DELEG_STID;
840         list_add(&dp->dl_perfile, &fp->fi_delegations);
841         list_add(&dp->dl_perclnt, &clp->cl_delegations);
842         return 0;
843 }
844 
845 static bool
846 unhash_delegation_locked(struct nfs4_delegation *dp)
847 {
848         struct nfs4_file *fp = dp->dl_stid.sc_file;
849 
850         lockdep_assert_held(&state_lock);
851 
852         if (list_empty(&dp->dl_perfile))
853                 return false;
854 
855         dp->dl_stid.sc_type = NFS4_CLOSED_DELEG_STID;
856         /* Ensure that deleg break won't try to requeue it */
857         ++dp->dl_time;
858         spin_lock(&fp->fi_lock);
859         list_del_init(&dp->dl_perclnt);
860         list_del_init(&dp->dl_recall_lru);
861         list_del_init(&dp->dl_perfile);
862         spin_unlock(&fp->fi_lock);
863         return true;
864 }
865 
866 static void destroy_delegation(struct nfs4_delegation *dp)
867 {
868         bool unhashed;
869 
870         spin_lock(&state_lock);
871         unhashed = unhash_delegation_locked(dp);
872         spin_unlock(&state_lock);
873         if (unhashed) {
874                 put_clnt_odstate(dp->dl_clnt_odstate);
875                 nfs4_put_deleg_lease(dp->dl_stid.sc_file);
876                 nfs4_put_stid(&dp->dl_stid);
877         }
878 }
879 
880 static void revoke_delegation(struct nfs4_delegation *dp)
881 {
882         struct nfs4_client *clp = dp->dl_stid.sc_client;
883 
884         WARN_ON(!list_empty(&dp->dl_recall_lru));
885 
886         put_clnt_odstate(dp->dl_clnt_odstate);
887         nfs4_put_deleg_lease(dp->dl_stid.sc_file);
888 
889         if (clp->cl_minorversion == 0)
890                 nfs4_put_stid(&dp->dl_stid);
891         else {
892                 dp->dl_stid.sc_type = NFS4_REVOKED_DELEG_STID;
893                 spin_lock(&clp->cl_lock);
894                 list_add(&dp->dl_recall_lru, &clp->cl_revoked);
895                 spin_unlock(&clp->cl_lock);
896         }
897 }
898 
899 /* 
900  * SETCLIENTID state 
901  */
902 
903 static unsigned int clientid_hashval(u32 id)
904 {
905         return id & CLIENT_HASH_MASK;
906 }
907 
908 static unsigned int clientstr_hashval(const char *name)
909 {
910         return opaque_hashval(name, 8) & CLIENT_HASH_MASK;
911 }
912 
913 /*
914  * We store the NONE, READ, WRITE, and BOTH bits separately in the
915  * st_{access,deny}_bmap field of the stateid, in order to track not
916  * only what share bits are currently in force, but also what
917  * combinations of share bits previous opens have used.  This allows us
918  * to enforce the recommendation of rfc 3530 14.2.19 that the server
919  * return an error if the client attempt to downgrade to a combination
920  * of share bits not explicable by closing some of its previous opens.
921  *
922  * XXX: This enforcement is actually incomplete, since we don't keep
923  * track of access/deny bit combinations; so, e.g., we allow:
924  *
925  *      OPEN allow read, deny write
926  *      OPEN allow both, deny none
927  *      DOWNGRADE allow read, deny none
928  *
929  * which we should reject.
930  */
931 static unsigned int
932 bmap_to_share_mode(unsigned long bmap) {
933         int i;
934         unsigned int access = 0;
935 
936         for (i = 1; i < 4; i++) {
937                 if (test_bit(i, &bmap))
938                         access |= i;
939         }
940         return access;
941 }
942 
943 /* set share access for a given stateid */
944 static inline void
945 set_access(u32 access, struct nfs4_ol_stateid *stp)
946 {
947         unsigned char mask = 1 << access;
948 
949         WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
950         stp->st_access_bmap |= mask;
951 }
952 
953 /* clear share access for a given stateid */
954 static inline void
955 clear_access(u32 access, struct nfs4_ol_stateid *stp)
956 {
957         unsigned char mask = 1 << access;
958 
959         WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
960         stp->st_access_bmap &= ~mask;
961 }
962 
963 /* test whether a given stateid has access */
964 static inline bool
965 test_access(u32 access, struct nfs4_ol_stateid *stp)
966 {
967         unsigned char mask = 1 << access;
968 
969         return (bool)(stp->st_access_bmap & mask);
970 }
971 
972 /* set share deny for a given stateid */
973 static inline void
974 set_deny(u32 deny, struct nfs4_ol_stateid *stp)
975 {
976         unsigned char mask = 1 << deny;
977 
978         WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
979         stp->st_deny_bmap |= mask;
980 }
981 
982 /* clear share deny for a given stateid */
983 static inline void
984 clear_deny(u32 deny, struct nfs4_ol_stateid *stp)
985 {
986         unsigned char mask = 1 << deny;
987 
988         WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
989         stp->st_deny_bmap &= ~mask;
990 }
991 
992 /* test whether a given stateid is denying specific access */
993 static inline bool
994 test_deny(u32 deny, struct nfs4_ol_stateid *stp)
995 {
996         unsigned char mask = 1 << deny;
997 
998         return (bool)(stp->st_deny_bmap & mask);
999 }
1000 
1001 static int nfs4_access_to_omode(u32 access)
1002 {
1003         switch (access & NFS4_SHARE_ACCESS_BOTH) {
1004         case NFS4_SHARE_ACCESS_READ:
1005                 return O_RDONLY;
1006         case NFS4_SHARE_ACCESS_WRITE:
1007                 return O_WRONLY;
1008         case NFS4_SHARE_ACCESS_BOTH:
1009                 return O_RDWR;
1010         }
1011         WARN_ON_ONCE(1);
1012         return O_RDONLY;
1013 }
1014 
1015 /*
1016  * A stateid that had a deny mode associated with it is being released
1017  * or downgraded. Recalculate the deny mode on the file.
1018  */
1019 static void
1020 recalculate_deny_mode(struct nfs4_file *fp)
1021 {
1022         struct nfs4_ol_stateid *stp;
1023 
1024         spin_lock(&fp->fi_lock);
1025         fp->fi_share_deny = 0;
1026         list_for_each_entry(stp, &fp->fi_stateids, st_perfile)
1027                 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap);
1028         spin_unlock(&fp->fi_lock);
1029 }
1030 
1031 static void
1032 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp)
1033 {
1034         int i;
1035         bool change = false;
1036 
1037         for (i = 1; i < 4; i++) {
1038                 if ((i & deny) != i) {
1039                         change = true;
1040                         clear_deny(i, stp);
1041                 }
1042         }
1043 
1044         /* Recalculate per-file deny mode if there was a change */
1045         if (change)
1046                 recalculate_deny_mode(stp->st_stid.sc_file);
1047 }
1048 
1049 /* release all access and file references for a given stateid */
1050 static void
1051 release_all_access(struct nfs4_ol_stateid *stp)
1052 {
1053         int i;
1054         struct nfs4_file *fp = stp->st_stid.sc_file;
1055 
1056         if (fp && stp->st_deny_bmap != 0)
1057                 recalculate_deny_mode(fp);
1058 
1059         for (i = 1; i < 4; i++) {
1060                 if (test_access(i, stp))
1061                         nfs4_file_put_access(stp->st_stid.sc_file, i);
1062                 clear_access(i, stp);
1063         }
1064 }
1065 
1066 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop)
1067 {
1068         kfree(sop->so_owner.data);
1069         sop->so_ops->so_free(sop);
1070 }
1071 
1072 static void nfs4_put_stateowner(struct nfs4_stateowner *sop)
1073 {
1074         struct nfs4_client *clp = sop->so_client;
1075 
1076         might_lock(&clp->cl_lock);
1077 
1078         if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock))
1079                 return;
1080         sop->so_ops->so_unhash(sop);
1081         spin_unlock(&clp->cl_lock);
1082         nfs4_free_stateowner(sop);
1083 }
1084 
1085 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp)
1086 {
1087         struct nfs4_file *fp = stp->st_stid.sc_file;
1088 
1089         lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock);
1090 
1091         if (list_empty(&stp->st_perfile))
1092                 return false;
1093 
1094         spin_lock(&fp->fi_lock);
1095         list_del_init(&stp->st_perfile);
1096         spin_unlock(&fp->fi_lock);
1097         list_del(&stp->st_perstateowner);
1098         return true;
1099 }
1100 
1101 static void nfs4_free_ol_stateid(struct nfs4_stid *stid)
1102 {
1103         struct nfs4_ol_stateid *stp = openlockstateid(stid);
1104 
1105         put_clnt_odstate(stp->st_clnt_odstate);
1106         release_all_access(stp);
1107         if (stp->st_stateowner)
1108                 nfs4_put_stateowner(stp->st_stateowner);
1109         kmem_cache_free(stateid_slab, stid);
1110 }
1111 
1112 static void nfs4_free_lock_stateid(struct nfs4_stid *stid)
1113 {
1114         struct nfs4_ol_stateid *stp = openlockstateid(stid);
1115         struct nfs4_lockowner *lo = lockowner(stp->st_stateowner);
1116         struct file *file;
1117 
1118         file = find_any_file(stp->st_stid.sc_file);
1119         if (file)
1120                 filp_close(file, (fl_owner_t)lo);
1121         nfs4_free_ol_stateid(stid);
1122 }
1123 
1124 /*
1125  * Put the persistent reference to an already unhashed generic stateid, while
1126  * holding the cl_lock. If it's the last reference, then put it onto the
1127  * reaplist for later destruction.
1128  */
1129 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp,
1130                                        struct list_head *reaplist)
1131 {
1132         struct nfs4_stid *s = &stp->st_stid;
1133         struct nfs4_client *clp = s->sc_client;
1134 
1135         lockdep_assert_held(&clp->cl_lock);
1136 
1137         WARN_ON_ONCE(!list_empty(&stp->st_locks));
1138 
1139         if (!atomic_dec_and_test(&s->sc_count)) {
1140                 wake_up_all(&close_wq);
1141                 return;
1142         }
1143 
1144         idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
1145         list_add(&stp->st_locks, reaplist);
1146 }
1147 
1148 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp)
1149 {
1150         struct nfs4_openowner *oo = openowner(stp->st_openstp->st_stateowner);
1151 
1152         lockdep_assert_held(&oo->oo_owner.so_client->cl_lock);
1153 
1154         list_del_init(&stp->st_locks);
1155         nfs4_unhash_stid(&stp->st_stid);
1156         return unhash_ol_stateid(stp);
1157 }
1158 
1159 static void release_lock_stateid(struct nfs4_ol_stateid *stp)
1160 {
1161         struct nfs4_openowner *oo = openowner(stp->st_openstp->st_stateowner);
1162         bool unhashed;
1163 
1164         spin_lock(&oo->oo_owner.so_client->cl_lock);
1165         unhashed = unhash_lock_stateid(stp);
1166         spin_unlock(&oo->oo_owner.so_client->cl_lock);
1167         if (unhashed)
1168                 nfs4_put_stid(&stp->st_stid);
1169 }
1170 
1171 static void unhash_lockowner_locked(struct nfs4_lockowner *lo)
1172 {
1173         struct nfs4_client *clp = lo->lo_owner.so_client;
1174 
1175         lockdep_assert_held(&clp->cl_lock);
1176 
1177         list_del_init(&lo->lo_owner.so_strhash);
1178 }
1179 
1180 /*
1181  * Free a list of generic stateids that were collected earlier after being
1182  * fully unhashed.
1183  */
1184 static void
1185 free_ol_stateid_reaplist(struct list_head *reaplist)
1186 {
1187         struct nfs4_ol_stateid *stp;
1188         struct nfs4_file *fp;
1189 
1190         might_sleep();
1191 
1192         while (!list_empty(reaplist)) {
1193                 stp = list_first_entry(reaplist, struct nfs4_ol_stateid,
1194                                        st_locks);
1195                 list_del(&stp->st_locks);
1196                 fp = stp->st_stid.sc_file;
1197                 stp->st_stid.sc_free(&stp->st_stid);
1198                 if (fp)
1199                         put_nfs4_file(fp);
1200         }
1201 }
1202 
1203 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp,
1204                                        struct list_head *reaplist)
1205 {
1206         struct nfs4_ol_stateid *stp;
1207 
1208         lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock);
1209 
1210         while (!list_empty(&open_stp->st_locks)) {
1211                 stp = list_entry(open_stp->st_locks.next,
1212                                 struct nfs4_ol_stateid, st_locks);
1213                 WARN_ON(!unhash_lock_stateid(stp));
1214                 put_ol_stateid_locked(stp, reaplist);
1215         }
1216 }
1217 
1218 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp,
1219                                 struct list_head *reaplist)
1220 {
1221         bool unhashed;
1222 
1223         lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
1224 
1225         unhashed = unhash_ol_stateid(stp);
1226         release_open_stateid_locks(stp, reaplist);
1227         return unhashed;
1228 }
1229 
1230 static void release_open_stateid(struct nfs4_ol_stateid *stp)
1231 {
1232         LIST_HEAD(reaplist);
1233 
1234         spin_lock(&stp->st_stid.sc_client->cl_lock);
1235         if (unhash_open_stateid(stp, &reaplist))
1236                 put_ol_stateid_locked(stp, &reaplist);
1237         spin_unlock(&stp->st_stid.sc_client->cl_lock);
1238         free_ol_stateid_reaplist(&reaplist);
1239 }
1240 
1241 static void unhash_openowner_locked(struct nfs4_openowner *oo)
1242 {
1243         struct nfs4_client *clp = oo->oo_owner.so_client;
1244 
1245         lockdep_assert_held(&clp->cl_lock);
1246 
1247         list_del_init(&oo->oo_owner.so_strhash);
1248         list_del_init(&oo->oo_perclient);
1249 }
1250 
1251 static void release_last_closed_stateid(struct nfs4_openowner *oo)
1252 {
1253         struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net,
1254                                           nfsd_net_id);
1255         struct nfs4_ol_stateid *s;
1256 
1257         spin_lock(&nn->client_lock);
1258         s = oo->oo_last_closed_stid;
1259         if (s) {
1260                 list_del_init(&oo->oo_close_lru);
1261                 oo->oo_last_closed_stid = NULL;
1262         }
1263         spin_unlock(&nn->client_lock);
1264         if (s)
1265                 nfs4_put_stid(&s->st_stid);
1266 }
1267 
1268 static void release_openowner(struct nfs4_openowner *oo)
1269 {
1270         struct nfs4_ol_stateid *stp;
1271         struct nfs4_client *clp = oo->oo_owner.so_client;
1272         struct list_head reaplist;
1273 
1274         INIT_LIST_HEAD(&reaplist);
1275 
1276         spin_lock(&clp->cl_lock);
1277         unhash_openowner_locked(oo);
1278         while (!list_empty(&oo->oo_owner.so_stateids)) {
1279                 stp = list_first_entry(&oo->oo_owner.so_stateids,
1280                                 struct nfs4_ol_stateid, st_perstateowner);
1281                 if (unhash_open_stateid(stp, &reaplist))
1282                         put_ol_stateid_locked(stp, &reaplist);
1283         }
1284         spin_unlock(&clp->cl_lock);
1285         free_ol_stateid_reaplist(&reaplist);
1286         release_last_closed_stateid(oo);
1287         nfs4_put_stateowner(&oo->oo_owner);
1288 }
1289 
1290 static inline int
1291 hash_sessionid(struct nfs4_sessionid *sessionid)
1292 {
1293         struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
1294 
1295         return sid->sequence % SESSION_HASH_SIZE;
1296 }
1297 
1298 #ifdef CONFIG_SUNRPC_DEBUG
1299 static inline void
1300 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1301 {
1302         u32 *ptr = (u32 *)(&sessionid->data[0]);
1303         dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
1304 }
1305 #else
1306 static inline void
1307 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1308 {
1309 }
1310 #endif
1311 
1312 /*
1313  * Bump the seqid on cstate->replay_owner, and clear replay_owner if it
1314  * won't be used for replay.
1315  */
1316 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr)
1317 {
1318         struct nfs4_stateowner *so = cstate->replay_owner;
1319 
1320         if (nfserr == nfserr_replay_me)
1321                 return;
1322 
1323         if (!seqid_mutating_err(ntohl(nfserr))) {
1324                 nfsd4_cstate_clear_replay(cstate);
1325                 return;
1326         }
1327         if (!so)
1328                 return;
1329         if (so->so_is_open_owner)
1330                 release_last_closed_stateid(openowner(so));
1331         so->so_seqid++;
1332         return;
1333 }
1334 
1335 static void
1336 gen_sessionid(struct nfsd4_session *ses)
1337 {
1338         struct nfs4_client *clp = ses->se_client;
1339         struct nfsd4_sessionid *sid;
1340 
1341         sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
1342         sid->clientid = clp->cl_clientid;
1343         sid->sequence = current_sessionid++;
1344         sid->reserved = 0;
1345 }
1346 
1347 /*
1348  * The protocol defines ca_maxresponssize_cached to include the size of
1349  * the rpc header, but all we need to cache is the data starting after
1350  * the end of the initial SEQUENCE operation--the rest we regenerate
1351  * each time.  Therefore we can advertise a ca_maxresponssize_cached
1352  * value that is the number of bytes in our cache plus a few additional
1353  * bytes.  In order to stay on the safe side, and not promise more than
1354  * we can cache, those additional bytes must be the minimum possible: 24
1355  * bytes of rpc header (xid through accept state, with AUTH_NULL
1356  * verifier), 12 for the compound header (with zero-length tag), and 44
1357  * for the SEQUENCE op response:
1358  */
1359 #define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)
1360 
1361 static void
1362 free_session_slots(struct nfsd4_session *ses)
1363 {
1364         int i;
1365 
1366         for (i = 0; i < ses->se_fchannel.maxreqs; i++)
1367                 kfree(ses->se_slots[i]);
1368 }
1369 
1370 /*
1371  * We don't actually need to cache the rpc and session headers, so we
1372  * can allocate a little less for each slot:
1373  */
1374 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca)
1375 {
1376         u32 size;
1377 
1378         if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ)
1379                 size = 0;
1380         else
1381                 size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
1382         return size + sizeof(struct nfsd4_slot);
1383 }
1384 
1385 /*
1386  * XXX: If we run out of reserved DRC memory we could (up to a point)
1387  * re-negotiate active sessions and reduce their slot usage to make
1388  * room for new connections. For now we just fail the create session.
1389  */
1390 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca)
1391 {
1392         u32 slotsize = slot_bytes(ca);
1393         u32 num = ca->maxreqs;
1394         int avail;
1395 
1396         spin_lock(&nfsd_drc_lock);
1397         avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION,
1398                     nfsd_drc_max_mem - nfsd_drc_mem_used);
1399         num = min_t(int, num, avail / slotsize);
1400         nfsd_drc_mem_used += num * slotsize;
1401         spin_unlock(&nfsd_drc_lock);
1402 
1403         return num;
1404 }
1405 
1406 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca)
1407 {
1408         int slotsize = slot_bytes(ca);
1409 
1410         spin_lock(&nfsd_drc_lock);
1411         nfsd_drc_mem_used -= slotsize * ca->maxreqs;
1412         spin_unlock(&nfsd_drc_lock);
1413 }
1414 
1415 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs,
1416                                            struct nfsd4_channel_attrs *battrs)
1417 {
1418         int numslots = fattrs->maxreqs;
1419         int slotsize = slot_bytes(fattrs);
1420         struct nfsd4_session *new;
1421         int mem, i;
1422 
1423         BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
1424                         + sizeof(struct nfsd4_session) > PAGE_SIZE);
1425         mem = numslots * sizeof(struct nfsd4_slot *);
1426 
1427         new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
1428         if (!new)
1429                 return NULL;
1430         /* allocate each struct nfsd4_slot and data cache in one piece */
1431         for (i = 0; i < numslots; i++) {
1432                 new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL);
1433                 if (!new->se_slots[i])
1434                         goto out_free;
1435         }
1436 
1437         memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs));
1438         memcpy(&new->se_bchannel, battrs, sizeof(struct nfsd4_channel_attrs));
1439 
1440         return new;
1441 out_free:
1442         while (i--)
1443                 kfree(new->se_slots[i]);
1444         kfree(new);
1445         return NULL;
1446 }
1447 
1448 static void free_conn(struct nfsd4_conn *c)
1449 {
1450         svc_xprt_put(c->cn_xprt);
1451         kfree(c);
1452 }
1453 
1454 static void nfsd4_conn_lost(struct svc_xpt_user *u)
1455 {
1456         struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
1457         struct nfs4_client *clp = c->cn_session->se_client;
1458 
1459         spin_lock(&clp->cl_lock);
1460         if (!list_empty(&c->cn_persession)) {
1461                 list_del(&c->cn_persession);
1462                 free_conn(c);
1463         }
1464         nfsd4_probe_callback(clp);
1465         spin_unlock(&clp->cl_lock);
1466 }
1467 
1468 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
1469 {
1470         struct nfsd4_conn *conn;
1471 
1472         conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
1473         if (!conn)
1474                 return NULL;
1475         svc_xprt_get(rqstp->rq_xprt);
1476         conn->cn_xprt = rqstp->rq_xprt;
1477         conn->cn_flags = flags;
1478         INIT_LIST_HEAD(&conn->cn_xpt_user.list);
1479         return conn;
1480 }
1481 
1482 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
1483 {
1484         conn->cn_session = ses;
1485         list_add(&conn->cn_persession, &ses->se_conns);
1486 }
1487 
1488 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
1489 {
1490         struct nfs4_client *clp = ses->se_client;
1491 
1492         spin_lock(&clp->cl_lock);
1493         __nfsd4_hash_conn(conn, ses);
1494         spin_unlock(&clp->cl_lock);
1495 }
1496 
1497 static int nfsd4_register_conn(struct nfsd4_conn *conn)
1498 {
1499         conn->cn_xpt_user.callback = nfsd4_conn_lost;
1500         return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
1501 }
1502 
1503 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses)
1504 {
1505         int ret;
1506 
1507         nfsd4_hash_conn(conn, ses);
1508         ret = nfsd4_register_conn(conn);
1509         if (ret)
1510                 /* oops; xprt is already down: */
1511                 nfsd4_conn_lost(&conn->cn_xpt_user);
1512         /* We may have gained or lost a callback channel: */
1513         nfsd4_probe_callback_sync(ses->se_client);
1514 }
1515 
1516 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses)
1517 {
1518         u32 dir = NFS4_CDFC4_FORE;
1519 
1520         if (cses->flags & SESSION4_BACK_CHAN)
1521                 dir |= NFS4_CDFC4_BACK;
1522         return alloc_conn(rqstp, dir);
1523 }
1524 
1525 /* must be called under client_lock */
1526 static void nfsd4_del_conns(struct nfsd4_session *s)
1527 {
1528         struct nfs4_client *clp = s->se_client;
1529         struct nfsd4_conn *c;
1530 
1531         spin_lock(&clp->cl_lock);
1532         while (!list_empty(&s->se_conns)) {
1533                 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
1534                 list_del_init(&c->cn_persession);
1535                 spin_unlock(&clp->cl_lock);
1536 
1537                 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
1538                 free_conn(c);
1539 
1540                 spin_lock(&clp->cl_lock);
1541         }
1542         spin_unlock(&clp->cl_lock);
1543 }
1544 
1545 static void __free_session(struct nfsd4_session *ses)
1546 {
1547         free_session_slots(ses);
1548         kfree(ses);
1549 }
1550 
1551 static void free_session(struct nfsd4_session *ses)
1552 {
1553         nfsd4_del_conns(ses);
1554         nfsd4_put_drc_mem(&ses->se_fchannel);
1555         __free_session(ses);
1556 }
1557 
1558 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses)
1559 {
1560         int idx;
1561         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
1562 
1563         new->se_client = clp;
1564         gen_sessionid(new);
1565 
1566         INIT_LIST_HEAD(&new->se_conns);
1567 
1568         new->se_cb_seq_nr = 1;
1569         new->se_flags = cses->flags;
1570         new->se_cb_prog = cses->callback_prog;
1571         new->se_cb_sec = cses->cb_sec;
1572         atomic_set(&new->se_ref, 0);
1573         idx = hash_sessionid(&new->se_sessionid);
1574         list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]);
1575         spin_lock(&clp->cl_lock);
1576         list_add(&new->se_perclnt, &clp->cl_sessions);
1577         spin_unlock(&clp->cl_lock);
1578 
1579         {
1580                 struct sockaddr *sa = svc_addr(rqstp);
1581                 /*
1582                  * This is a little silly; with sessions there's no real
1583                  * use for the callback address.  Use the peer address
1584                  * as a reasonable default for now, but consider fixing
1585                  * the rpc client not to require an address in the
1586                  * future:
1587                  */
1588                 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
1589                 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
1590         }
1591 }
1592 
1593 /* caller must hold client_lock */
1594 static struct nfsd4_session *
1595 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net)
1596 {
1597         struct nfsd4_session *elem;
1598         int idx;
1599         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1600 
1601         lockdep_assert_held(&nn->client_lock);
1602 
1603         dump_sessionid(__func__, sessionid);
1604         idx = hash_sessionid(sessionid);
1605         /* Search in the appropriate list */
1606         list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) {
1607                 if (!memcmp(elem->se_sessionid.data, sessionid->data,
1608                             NFS4_MAX_SESSIONID_LEN)) {
1609                         return elem;
1610                 }
1611         }
1612 
1613         dprintk("%s: session not found\n", __func__);
1614         return NULL;
1615 }
1616 
1617 static struct nfsd4_session *
1618 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net,
1619                 __be32 *ret)
1620 {
1621         struct nfsd4_session *session;
1622         __be32 status = nfserr_badsession;
1623 
1624         session = __find_in_sessionid_hashtbl(sessionid, net);
1625         if (!session)
1626                 goto out;
1627         status = nfsd4_get_session_locked(session);
1628         if (status)
1629                 session = NULL;
1630 out:
1631         *ret = status;
1632         return session;
1633 }
1634 
1635 /* caller must hold client_lock */
1636 static void
1637 unhash_session(struct nfsd4_session *ses)
1638 {
1639         struct nfs4_client *clp = ses->se_client;
1640         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1641 
1642         lockdep_assert_held(&nn->client_lock);
1643 
1644         list_del(&ses->se_hash);
1645         spin_lock(&ses->se_client->cl_lock);
1646         list_del(&ses->se_perclnt);
1647         spin_unlock(&ses->se_client->cl_lock);
1648 }
1649 
1650 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
1651 static int
1652 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn)
1653 {
1654         /*
1655          * We're assuming the clid was not given out from a boot
1656          * precisely 2^32 (about 136 years) before this one.  That seems
1657          * a safe assumption:
1658          */
1659         if (clid->cl_boot == (u32)nn->boot_time)
1660                 return 0;
1661         dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
1662                 clid->cl_boot, clid->cl_id, nn->boot_time);
1663         return 1;
1664 }
1665 
1666 /* 
1667  * XXX Should we use a slab cache ?
1668  * This type of memory management is somewhat inefficient, but we use it
1669  * anyway since SETCLIENTID is not a common operation.
1670  */
1671 static struct nfs4_client *alloc_client(struct xdr_netobj name)
1672 {
1673         struct nfs4_client *clp;
1674         int i;
1675 
1676         clp = kzalloc(sizeof(struct nfs4_client), GFP_KERNEL);
1677         if (clp == NULL)
1678                 return NULL;
1679         clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
1680         if (clp->cl_name.data == NULL)
1681                 goto err_no_name;
1682         clp->cl_ownerstr_hashtbl = kmalloc(sizeof(struct list_head) *
1683                         OWNER_HASH_SIZE, GFP_KERNEL);
1684         if (!clp->cl_ownerstr_hashtbl)
1685                 goto err_no_hashtbl;
1686         for (i = 0; i < OWNER_HASH_SIZE; i++)
1687                 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]);
1688         clp->cl_name.len = name.len;
1689         INIT_LIST_HEAD(&clp->cl_sessions);
1690         idr_init(&clp->cl_stateids);
1691         atomic_set(&clp->cl_refcount, 0);
1692         clp->cl_cb_state = NFSD4_CB_UNKNOWN;
1693         INIT_LIST_HEAD(&clp->cl_idhash);
1694         INIT_LIST_HEAD(&clp->cl_openowners);
1695         INIT_LIST_HEAD(&clp->cl_delegations);
1696         INIT_LIST_HEAD(&clp->cl_lru);
1697         INIT_LIST_HEAD(&clp->cl_revoked);
1698 #ifdef CONFIG_NFSD_PNFS
1699         INIT_LIST_HEAD(&clp->cl_lo_states);
1700 #endif
1701         spin_lock_init(&clp->cl_lock);
1702         rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
1703         return clp;
1704 err_no_hashtbl:
1705         kfree(clp->cl_name.data);
1706 err_no_name:
1707         kfree(clp);
1708         return NULL;
1709 }
1710 
1711 static void
1712 free_client(struct nfs4_client *clp)
1713 {
1714         while (!list_empty(&clp->cl_sessions)) {
1715                 struct nfsd4_session *ses;
1716                 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
1717                                 se_perclnt);
1718                 list_del(&ses->se_perclnt);
1719                 WARN_ON_ONCE(atomic_read(&ses->se_ref));
1720                 free_session(ses);
1721         }
1722         rpc_destroy_wait_queue(&clp->cl_cb_waitq);
1723         free_svc_cred(&clp->cl_cred);
1724         kfree(clp->cl_ownerstr_hashtbl);
1725         kfree(clp->cl_name.data);
1726         idr_destroy(&clp->cl_stateids);
1727         kfree(clp);
1728 }
1729 
1730 /* must be called under the client_lock */
1731 static void
1732 unhash_client_locked(struct nfs4_client *clp)
1733 {
1734         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1735         struct nfsd4_session *ses;
1736 
1737         lockdep_assert_held(&nn->client_lock);
1738 
1739         /* Mark the client as expired! */
1740         clp->cl_time = 0;
1741         /* Make it invisible */
1742         if (!list_empty(&clp->cl_idhash)) {
1743                 list_del_init(&clp->cl_idhash);
1744                 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
1745                         rb_erase(&clp->cl_namenode, &nn->conf_name_tree);
1746                 else
1747                         rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
1748         }
1749         list_del_init(&clp->cl_lru);
1750         spin_lock(&clp->cl_lock);
1751         list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
1752                 list_del_init(&ses->se_hash);
1753         spin_unlock(&clp->cl_lock);
1754 }
1755 
1756 static void
1757 unhash_client(struct nfs4_client *clp)
1758 {
1759         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
1760 
1761         spin_lock(&nn->client_lock);
1762         unhash_client_locked(clp);
1763         spin_unlock(&nn->client_lock);
1764 }
1765 
1766 static __be32 mark_client_expired_locked(struct nfs4_client *clp)
1767 {
1768         if (atomic_read(&clp->cl_refcount))
1769                 return nfserr_jukebox;
1770         unhash_client_locked(clp);
1771         return nfs_ok;
1772 }
1773 
1774 static void
1775 __destroy_client(struct nfs4_client *clp)
1776 {
1777         struct nfs4_openowner *oo;
1778         struct nfs4_delegation *dp;
1779         struct list_head reaplist;
1780 
1781         INIT_LIST_HEAD(&reaplist);
1782         spin_lock(&state_lock);
1783         while (!list_empty(&clp->cl_delegations)) {
1784                 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
1785                 WARN_ON(!unhash_delegation_locked(dp));
1786                 list_add(&dp->dl_recall_lru, &reaplist);
1787         }
1788         spin_unlock(&state_lock);
1789         while (!list_empty(&reaplist)) {
1790                 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
1791                 list_del_init(&dp->dl_recall_lru);
1792                 put_clnt_odstate(dp->dl_clnt_odstate);
1793                 nfs4_put_deleg_lease(dp->dl_stid.sc_file);
1794                 nfs4_put_stid(&dp->dl_stid);
1795         }
1796         while (!list_empty(&clp->cl_revoked)) {
1797                 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru);
1798                 list_del_init(&dp->dl_recall_lru);
1799                 nfs4_put_stid(&dp->dl_stid);
1800         }
1801         while (!list_empty(&clp->cl_openowners)) {
1802                 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
1803                 nfs4_get_stateowner(&oo->oo_owner);
1804                 release_openowner(oo);
1805         }
1806         nfsd4_return_all_client_layouts(clp);
1807         nfsd4_shutdown_callback(clp);
1808         if (clp->cl_cb_conn.cb_xprt)
1809                 svc_xprt_put(clp->cl_cb_conn.cb_xprt);
1810         free_client(clp);
1811 }
1812 
1813 static void
1814 destroy_client(struct nfs4_client *clp)
1815 {
1816         unhash_client(clp);
1817         __destroy_client(clp);
1818 }
1819 
1820 static void expire_client(struct nfs4_client *clp)
1821 {
1822         unhash_client(clp);
1823         nfsd4_client_record_remove(clp);
1824         __destroy_client(clp);
1825 }
1826 
1827 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
1828 {
1829         memcpy(target->cl_verifier.data, source->data,
1830                         sizeof(target->cl_verifier.data));
1831 }
1832 
1833 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
1834 {
1835         target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 
1836         target->cl_clientid.cl_id = source->cl_clientid.cl_id; 
1837 }
1838 
1839 int strdup_if_nonnull(char **target, char *source)
1840 {
1841         if (source) {
1842                 *target = kstrdup(source, GFP_KERNEL);
1843                 if (!*target)
1844                         return -ENOMEM;
1845         } else
1846                 *target = NULL;
1847         return 0;
1848 }
1849 
1850 static int copy_cred(struct svc_cred *target, struct svc_cred *source)
1851 {
1852         int ret;
1853 
1854         ret = strdup_if_nonnull(&target->cr_principal, source->cr_principal);
1855         if (ret)
1856                 return ret;
1857         ret = strdup_if_nonnull(&target->cr_raw_principal,
1858                                         source->cr_raw_principal);
1859         if (ret)
1860                 return ret;
1861         target->cr_flavor = source->cr_flavor;
1862         target->cr_uid = source->cr_uid;
1863         target->cr_gid = source->cr_gid;
1864         target->cr_group_info = source->cr_group_info;
1865         get_group_info(target->cr_group_info);
1866         target->cr_gss_mech = source->cr_gss_mech;
1867         if (source->cr_gss_mech)
1868                 gss_mech_get(source->cr_gss_mech);
1869         return 0;
1870 }
1871 
1872 static int
1873 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2)
1874 {
1875         if (o1->len < o2->len)
1876                 return -1;
1877         if (o1->len > o2->len)
1878                 return 1;
1879         return memcmp(o1->data, o2->data, o1->len);
1880 }
1881 
1882 static int same_name(const char *n1, const char *n2)
1883 {
1884         return 0 == memcmp(n1, n2, HEXDIR_LEN);
1885 }
1886 
1887 static int
1888 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
1889 {
1890         return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
1891 }
1892 
1893 static int
1894 same_clid(clientid_t *cl1, clientid_t *cl2)
1895 {
1896         return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
1897 }
1898 
1899 static bool groups_equal(struct group_info *g1, struct group_info *g2)
1900 {
1901         int i;
1902 
1903         if (g1->ngroups != g2->ngroups)
1904                 return false;
1905         for (i=0; i<g1->ngroups; i++)
1906                 if (!gid_eq(GROUP_AT(g1, i), GROUP_AT(g2, i)))
1907                         return false;
1908         return true;
1909 }
1910 
1911 /*
1912  * RFC 3530 language requires clid_inuse be returned when the
1913  * "principal" associated with a requests differs from that previously
1914  * used.  We use uid, gid's, and gss principal string as our best
1915  * approximation.  We also don't want to allow non-gss use of a client
1916  * established using gss: in theory cr_principal should catch that
1917  * change, but in practice cr_principal can be null even in the gss case
1918  * since gssd doesn't always pass down a principal string.
1919  */
1920 static bool is_gss_cred(struct svc_cred *cr)
1921 {
1922         /* Is cr_flavor one of the gss "pseudoflavors"?: */
1923         return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
1924 }
1925 
1926 
1927 static bool
1928 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
1929 {
1930         if ((is_gss_cred(cr1) != is_gss_cred(cr2))
1931                 || (!uid_eq(cr1->cr_uid, cr2->cr_uid))
1932                 || (!gid_eq(cr1->cr_gid, cr2->cr_gid))
1933                 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
1934                 return false;
1935         if (cr1->cr_principal == cr2->cr_principal)
1936                 return true;
1937         if (!cr1->cr_principal || !cr2->cr_principal)
1938                 return false;
1939         return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);
1940 }
1941 
1942 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)
1943 {
1944         struct svc_cred *cr = &rqstp->rq_cred;
1945         u32 service;
1946 
1947         if (!cr->cr_gss_mech)
1948                 return false;
1949         service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);
1950         return service == RPC_GSS_SVC_INTEGRITY ||
1951                service == RPC_GSS_SVC_PRIVACY;
1952 }
1953 
1954 static bool mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)
1955 {
1956         struct svc_cred *cr = &rqstp->rq_cred;
1957 
1958         if (!cl->cl_mach_cred)
1959                 return true;
1960         if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)
1961                 return false;
1962         if (!svc_rqst_integrity_protected(rqstp))
1963                 return false;
1964         if (cl->cl_cred.cr_raw_principal)
1965                 return 0 == strcmp(cl->cl_cred.cr_raw_principal,
1966                                                 cr->cr_raw_principal);
1967         if (!cr->cr_principal)
1968                 return false;
1969         return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);
1970 }
1971 
1972 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn)
1973 {
1974         __be32 verf[2];
1975 
1976         /*
1977          * This is opaque to client, so no need to byte-swap. Use
1978          * __force to keep sparse happy
1979          */
1980         verf[0] = (__force __be32)get_seconds();
1981         verf[1] = (__force __be32)nn->clverifier_counter++;
1982         memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
1983 }
1984 
1985 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)
1986 {
1987         clp->cl_clientid.cl_boot = nn->boot_time;
1988         clp->cl_clientid.cl_id = nn->clientid_counter++;
1989         gen_confirm(clp, nn);
1990 }
1991 
1992 static struct nfs4_stid *
1993 find_stateid_locked(struct nfs4_client *cl, stateid_t *t)
1994 {
1995         struct nfs4_stid *ret;
1996 
1997         ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id);
1998         if (!ret || !ret->sc_type)
1999                 return NULL;
2000         return ret;
2001 }
2002 
2003 static struct nfs4_stid *
2004 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
2005 {
2006         struct nfs4_stid *s;
2007 
2008         spin_lock(&cl->cl_lock);
2009         s = find_stateid_locked(cl, t);
2010         if (s != NULL) {
2011                 if (typemask & s->sc_type)
2012                         atomic_inc(&s->sc_count);
2013                 else
2014                         s = NULL;
2015         }
2016         spin_unlock(&cl->cl_lock);
2017         return s;
2018 }
2019 
2020 static struct nfs4_client *create_client(struct xdr_netobj name,
2021                 struct svc_rqst *rqstp, nfs4_verifier *verf)
2022 {
2023         struct nfs4_client *clp;
2024         struct sockaddr *sa = svc_addr(rqstp);
2025         int ret;
2026         struct net *net = SVC_NET(rqstp);
2027 
2028         clp = alloc_client(name);
2029         if (clp == NULL)
2030                 return NULL;
2031 
2032         ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred);
2033         if (ret) {
2034                 free_client(clp);
2035                 return NULL;
2036         }
2037         nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL);
2038         clp->cl_time = get_seconds();
2039         clear_bit(0, &clp->cl_cb_slot_busy);
2040         copy_verf(clp, verf);
2041         rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
2042         clp->cl_cb_session = NULL;
2043         clp->net = net;
2044         return clp;
2045 }
2046 
2047 static void
2048 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root)
2049 {
2050         struct rb_node **new = &(root->rb_node), *parent = NULL;
2051         struct nfs4_client *clp;
2052 
2053         while (*new) {
2054                 clp = rb_entry(*new, struct nfs4_client, cl_namenode);
2055                 parent = *new;
2056 
2057                 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0)
2058                         new = &((*new)->rb_left);
2059                 else
2060                         new = &((*new)->rb_right);
2061         }
2062 
2063         rb_link_node(&new_clp->cl_namenode, parent, new);
2064         rb_insert_color(&new_clp->cl_namenode, root);
2065 }
2066 
2067 static struct nfs4_client *
2068 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root)
2069 {
2070         int cmp;
2071         struct rb_node *node = root->rb_node;
2072         struct nfs4_client *clp;
2073 
2074         while (node) {
2075                 clp = rb_entry(node, struct nfs4_client, cl_namenode);
2076                 cmp = compare_blob(&clp->cl_name, name);
2077                 if (cmp > 0)
2078                         node = node->rb_left;
2079                 else if (cmp < 0)
2080                         node = node->rb_right;
2081                 else
2082                         return clp;
2083         }
2084         return NULL;
2085 }
2086 
2087 static void
2088 add_to_unconfirmed(struct nfs4_client *clp)
2089 {
2090         unsigned int idhashval;
2091         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2092 
2093         lockdep_assert_held(&nn->client_lock);
2094 
2095         clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
2096         add_clp_to_name_tree(clp, &nn->unconf_name_tree);
2097         idhashval = clientid_hashval(clp->cl_clientid.cl_id);
2098         list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]);
2099         renew_client_locked(clp);
2100 }
2101 
2102 static void
2103 move_to_confirmed(struct nfs4_client *clp)
2104 {
2105         unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
2106         struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2107 
2108         lockdep_assert_held(&nn->client_lock);
2109 
2110         dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
2111         list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]);
2112         rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
2113         add_clp_to_name_tree(clp, &nn->conf_name_tree);
2114         set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
2115         renew_client_locked(clp);
2116 }
2117 
2118 static struct nfs4_client *
2119 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions)
2120 {
2121         struct nfs4_client *clp;
2122         unsigned int idhashval = clientid_hashval(clid->cl_id);
2123 
2124         list_for_each_entry(clp, &tbl[idhashval], cl_idhash) {
2125                 if (same_clid(&clp->cl_clientid, clid)) {
2126                         if ((bool)clp->cl_minorversion != sessions)
2127                                 return NULL;
2128                         renew_client_locked(clp);
2129                         return clp;
2130                 }
2131         }
2132         return NULL;
2133 }
2134 
2135 static struct nfs4_client *
2136 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
2137 {
2138         struct list_head *tbl = nn->conf_id_hashtbl;
2139 
2140         lockdep_assert_held(&nn->client_lock);
2141         return find_client_in_id_table(tbl, clid, sessions);
2142 }
2143 
2144 static struct nfs4_client *
2145 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
2146 {
2147         struct list_head *tbl = nn->unconf_id_hashtbl;
2148 
2149         lockdep_assert_held(&nn->client_lock);
2150         return find_client_in_id_table(tbl, clid, sessions);
2151 }
2152 
2153 static bool clp_used_exchangeid(struct nfs4_client *clp)
2154 {
2155         return clp->cl_exchange_flags != 0;
2156 } 
2157 
2158 static struct nfs4_client *
2159 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
2160 {
2161         lockdep_assert_held(&nn->client_lock);
2162         return find_clp_in_name_tree(name, &nn->conf_name_tree);
2163 }
2164 
2165 static struct nfs4_client *
2166 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
2167 {
2168         lockdep_assert_held(&nn->client_lock);
2169         return find_clp_in_name_tree(name, &nn->unconf_name_tree);
2170 }
2171 
2172 static void
2173 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
2174 {
2175         struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
2176         struct sockaddr *sa = svc_addr(rqstp);
2177         u32 scopeid = rpc_get_scope_id(sa);
2178         unsigned short expected_family;
2179 
2180         /* Currently, we only support tcp and tcp6 for the callback channel */
2181         if (se->se_callback_netid_len == 3 &&
2182             !memcmp(se->se_callback_netid_val, "tcp", 3))
2183                 expected_family = AF_INET;
2184         else if (se->se_callback_netid_len == 4 &&
2185                  !memcmp(se->se_callback_netid_val, "tcp6", 4))
2186                 expected_family = AF_INET6;
2187         else
2188                 goto out_err;
2189 
2190         conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val,
2191                                             se->se_callback_addr_len,
2192                                             (struct sockaddr *)&conn->cb_addr,
2193                                             sizeof(conn->cb_addr));
2194 
2195         if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
2196                 goto out_err;
2197 
2198         if (conn->cb_addr.ss_family == AF_INET6)
2199                 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
2200 
2201         conn->cb_prog = se->se_callback_prog;
2202         conn->cb_ident = se->se_callback_ident;
2203         memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
2204         return;
2205 out_err:
2206         conn->cb_addr.ss_family = AF_UNSPEC;
2207         conn->cb_addrlen = 0;
2208         dprintk(KERN_INFO "NFSD: this client (clientid %08x/%08x) "
2209                 "will not receive delegations\n",
2210                 clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);
2211 
2212         return;
2213 }
2214 
2215 /*
2216  * Cache a reply. nfsd4_check_resp_size() has bounded the cache size.
2217  */
2218 static void
2219 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
2220 {
2221         struct xdr_buf *buf = resp->xdr.buf;
2222         struct nfsd4_slot *slot = resp->cstate.slot;
2223         unsigned int base;
2224 
2225         dprintk("--> %s slot %p\n", __func__, slot);
2226 
2227         slot->sl_opcnt = resp->opcnt;
2228         slot->sl_status = resp->cstate.status;
2229 
2230         slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
2231         if (nfsd4_not_cached(resp)) {
2232                 slot->sl_datalen = 0;
2233                 return;
2234         }
2235         base = resp->cstate.data_offset;
2236         slot->sl_datalen = buf->len - base;
2237         if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen))
2238                 WARN(1, "%s: sessions DRC could not cache compound\n",
2239                      __func__);
2240         return;
2241 }
2242 
2243 /*
2244  * Encode the replay sequence operation from the slot values.
2245  * If cachethis is FALSE encode the uncached rep error on the next
2246  * operation which sets resp->p and increments resp->opcnt for
2247  * nfs4svc_encode_compoundres.
2248  *
2249  */
2250 static __be32
2251 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
2252                           struct nfsd4_compoundres *resp)
2253 {
2254         struct nfsd4_op *op;
2255         struct nfsd4_slot *slot = resp->cstate.slot;
2256 
2257         /* Encode the replayed sequence operation */
2258         op = &args->ops[resp->opcnt - 1];
2259         nfsd4_encode_operation(resp, op);
2260 
2261         /* Return nfserr_retry_uncached_rep in next operation. */
2262         if (args->opcnt > 1 && !(slot->sl_flags & NFSD4_SLOT_CACHETHIS)) {
2263                 op = &args->ops[resp->opcnt++];
2264                 op->status = nfserr_retry_uncached_rep;
2265                 nfsd4_encode_operation(resp, op);
2266         }
2267         return op->status;
2268 }
2269 
2270 /*
2271  * The sequence operation is not cached because we can use the slot and
2272  * session values.
2273  */
2274 static __be32
2275 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
2276                          struct nfsd4_sequence *seq)
2277 {
2278         struct nfsd4_slot *slot = resp->cstate.slot;
2279         struct xdr_stream *xdr = &resp->xdr;
2280         __be32 *p;
2281         __be32 status;
2282 
2283         dprintk("--> %s slot %p\n", __func__, slot);
2284 
2285         status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
2286         if (status)
2287                 return status;
2288 
2289         p = xdr_reserve_space(xdr, slot->sl_datalen);
2290         if (!p) {
2291                 WARN_ON_ONCE(1);
2292                 return nfserr_serverfault;
2293         }
2294         xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen);
2295         xdr_commit_encode(xdr);
2296 
2297         resp->opcnt = slot->sl_opcnt;
2298         return slot->sl_status;
2299 }
2300 
2301 /*
2302  * Set the exchange_id flags returned by the server.
2303  */
2304 static void
2305 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
2306 {
2307 #ifdef CONFIG_NFSD_PNFS
2308         new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS;
2309 #else
2310         new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
2311 #endif
2312 
2313         /* Referrals are supported, Migration is not. */
2314         new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
2315 
2316         /* set the wire flags to return to client. */
2317         clid->flags = new->cl_exchange_flags;
2318 }
2319 
2320 static bool client_has_openowners(struct nfs4_client *clp)
2321 {
2322         struct nfs4_openowner *oo;
2323 
2324         list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) {
2325                 if (!list_empty(&oo->oo_owner.so_stateids))
2326                         return true;
2327         }
2328         return false;
2329 }
2330 
2331 static bool client_has_state(struct nfs4_client *clp)
2332 {
2333         return client_has_openowners(clp)
2334 #ifdef CONFIG_NFSD_PNFS
2335                 || !list_empty(&clp->cl_lo_states)
2336 #endif
2337                 || !list_empty(&clp->cl_delegations)
2338                 || !list_empty(&clp->cl_sessions);
2339 }
2340 
2341 __be32
2342 nfsd4_exchange_id(struct svc_rqst *rqstp,
2343                   struct nfsd4_compound_state *cstate,
2344                   struct nfsd4_exchange_id *exid)
2345 {
2346         struct nfs4_client *conf, *new;
2347         struct nfs4_client *unconf = NULL;
2348         __be32 status;
2349         char                    addr_str[INET6_ADDRSTRLEN];
2350         nfs4_verifier           verf = exid->verifier;
2351         struct sockaddr         *sa = svc_addr(rqstp);
2352         bool    update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A;
2353         struct nfsd_net         *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2354 
2355         rpc_ntop(sa, addr_str, sizeof(addr_str));
2356         dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
2357                 "ip_addr=%s flags %x, spa_how %d\n",
2358                 __func__, rqstp, exid, exid->clname.len, exid->clname.data,
2359                 addr_str, exid->flags, exid->spa_how);
2360 
2361         if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
2362                 return nfserr_inval;
2363 
2364         new = create_client(exid->clname, rqstp, &verf);
2365         if (new == NULL)
2366                 return nfserr_jukebox;
2367 
2368         switch (exid->spa_how) {
2369         case SP4_MACH_CRED:
2370                 if (!svc_rqst_integrity_protected(rqstp)) {
2371                         status = nfserr_inval;
2372                         goto out_nolock;
2373                 }
2374                 /*
2375                  * Sometimes userspace doesn't give us a principal.
2376                  * Which is a bug, really.  Anyway, we can't enforce
2377                  * MACH_CRED in that case, better to give up now:
2378                  */
2379                 if (!new->cl_cred.cr_principal &&
2380                                         !new->cl_cred.cr_raw_principal) {
2381                         status = nfserr_serverfault;
2382                         goto out_nolock;
2383                 }
2384                 new->cl_mach_cred = true;
2385         case SP4_NONE:
2386                 break;
2387         default:                                /* checked by xdr code */
2388                 WARN_ON_ONCE(1);
2389         case SP4_SSV:
2390                 status = nfserr_encr_alg_unsupp;
2391                 goto out_nolock;
2392         }
2393 
2394         /* Cases below refer to rfc 5661 section 18.35.4: */
2395         spin_lock(&nn->client_lock);
2396         conf = find_confirmed_client_by_name(&exid->clname, nn);
2397         if (conf) {
2398                 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred);
2399                 bool verfs_match = same_verf(&verf, &conf->cl_verifier);
2400 
2401                 if (update) {
2402                         if (!clp_used_exchangeid(conf)) { /* buggy client */
2403                                 status = nfserr_inval;
2404                                 goto out;
2405                         }
2406                         if (!mach_creds_match(conf, rqstp)) {
2407                                 status = nfserr_wrong_cred;
2408                                 goto out;
2409                         }
2410                         if (!creds_match) { /* case 9 */
2411                                 status = nfserr_perm;
2412                                 goto out;
2413                         }
2414                         if (!verfs_match) { /* case 8 */
2415                                 status = nfserr_not_same;
2416                                 goto out;
2417                         }
2418                         /* case 6 */
2419                         exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
2420                         goto out_copy;
2421                 }
2422                 if (!creds_match) { /* case 3 */
2423                         if (client_has_state(conf)) {
2424                                 status = nfserr_clid_inuse;
2425                                 goto out;
2426                         }
2427                         goto out_new;
2428                 }
2429                 if (verfs_match) { /* case 2 */
2430                         conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R;
2431                         goto out_copy;
2432                 }
2433                 /* case 5, client reboot */
2434                 conf = NULL;
2435                 goto out_new;
2436         }
2437 
2438         if (update) { /* case 7 */
2439                 status = nfserr_noent;
2440                 goto out;
2441         }
2442 
2443         unconf  = find_unconfirmed_client_by_name(&exid->clname, nn);
2444         if (unconf) /* case 4, possible retry or client restart */
2445                 unhash_client_locked(unconf);
2446 
2447         /* case 1 (normal case) */
2448 out_new:
2449         if (conf) {
2450                 status = mark_client_expired_locked(conf);
2451                 if (status)
2452                         goto out;
2453         }
2454         new->cl_minorversion = cstate->minorversion;
2455 
2456         gen_clid(new, nn);
2457         add_to_unconfirmed(new);
2458         swap(new, conf);
2459 out_copy:
2460         exid->clientid.cl_boot = conf->cl_clientid.cl_boot;
2461         exid->clientid.cl_id = conf->cl_clientid.cl_id;
2462 
2463         exid->seqid = conf->cl_cs_slot.sl_seqid + 1;
2464         nfsd4_set_ex_flags(conf, exid);
2465 
2466         dprintk("nfsd4_exchange_id seqid %d flags %x\n",
2467                 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags);
2468         status = nfs_ok;
2469 
2470 out:
2471         spin_unlock(&nn->client_lock);
2472 out_nolock:
2473         if (new)
2474                 expire_client(new);
2475         if (unconf)
2476                 expire_client(unconf);
2477         return status;
2478 }
2479 
2480 static __be32
2481 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
2482 {
2483         dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
2484                 slot_seqid);
2485 
2486         /* The slot is in use, and no response has been sent. */
2487         if (slot_inuse) {
2488                 if (seqid == slot_seqid)
2489                         return nfserr_jukebox;
2490                 else
2491                         return nfserr_seq_misordered;
2492         }
2493         /* Note unsigned 32-bit arithmetic handles wraparound: */
2494         if (likely(seqid == slot_seqid + 1))
2495                 return nfs_ok;
2496         if (seqid == slot_seqid)
2497                 return nfserr_replay_cache;
2498         return nfserr_seq_misordered;
2499 }
2500 
2501 /*
2502  * Cache the create session result into the create session single DRC
2503  * slot cache by saving the xdr structure. sl_seqid has been set.
2504  * Do this for solo or embedded create session operations.
2505  */
2506 static void
2507 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
2508                            struct nfsd4_clid_slot *slot, __be32 nfserr)
2509 {
2510         slot->sl_status = nfserr;
2511         memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
2512 }
2513 
2514 static __be32
2515 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
2516                             struct nfsd4_clid_slot *slot)
2517 {
2518         memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
2519         return slot->sl_status;
2520 }
2521 
2522 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\
2523                         2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
2524                         1 +     /* MIN tag is length with zero, only length */ \
2525                         3 +     /* version, opcount, opcode */ \
2526                         XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
2527                                 /* seqid, slotID, slotID, cache */ \
2528                         4 ) * sizeof(__be32))
2529 
2530 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
2531                         2 +     /* verifier: AUTH_NULL, length 0 */\
2532                         1 +     /* status */ \
2533                         1 +     /* MIN tag is length with zero, only length */ \
2534                         3 +     /* opcount, opcode, opstatus*/ \
2535                         XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
2536                                 /* seqid, slotID, slotID, slotID, status */ \
2537                         5 ) * sizeof(__be32))
2538 
2539 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
2540 {
2541         u32 maxrpc = nn->nfsd_serv->sv_max_mesg;
2542 
2543         if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ)
2544                 return nfserr_toosmall;
2545         if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ)
2546                 return nfserr_toosmall;
2547         ca->headerpadsz = 0;
2548         ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc);
2549         ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc);
2550         ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND);
2551         ca->maxresp_cached = min_t(u32, ca->maxresp_cached,
2552                         NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ);
2553         ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION);
2554         /*
2555          * Note decreasing slot size below client's request may make it
2556          * difficult for client to function correctly, whereas
2557          * decreasing the number of slots will (just?) affect
2558          * performance.  When short on memory we therefore prefer to
2559          * decrease number of slots instead of their size.  Clients that
2560          * request larger slots than they need will get poor results:
2561          */
2562         ca->maxreqs = nfsd4_get_drc_mem(ca);
2563         if (!ca->maxreqs)
2564                 return nfserr_jukebox;
2565 
2566         return nfs_ok;
2567 }
2568 
2569 /*
2570  * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now.
2571  * These are based on similar macros in linux/sunrpc/msg_prot.h .
2572  */
2573 #define RPC_MAX_HEADER_WITH_AUTH_SYS \
2574         (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK))
2575 
2576 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \
2577         (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK))
2578 
2579 #define NFSD_CB_MAX_REQ_SZ      ((NFS4_enc_cb_recall_sz + \
2580                                  RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32))
2581 #define NFSD_CB_MAX_RESP_SZ     ((NFS4_dec_cb_recall_sz + \
2582                                  RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \
2583                                  sizeof(__be32))
2584 
2585 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
2586 {
2587         ca->headerpadsz = 0;
2588 
2589         if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
2590                 return nfserr_toosmall;
2591         if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
2592                 return nfserr_toosmall;
2593         ca->maxresp_cached = 0;
2594         if (ca->maxops < 2)
2595                 return nfserr_toosmall;
2596 
2597         return nfs_ok;
2598 }
2599 
2600 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
2601 {
2602         switch (cbs->flavor) {
2603         case RPC_AUTH_NULL:
2604         case RPC_AUTH_UNIX:
2605                 return nfs_ok;
2606         default:
2607                 /*
2608                  * GSS case: the spec doesn't allow us to return this
2609                  * error.  But it also doesn't allow us not to support
2610                  * GSS.
2611                  * I'd rather this fail hard than return some error the
2612                  * client might think it can already handle:
2613                  */
2614                 return nfserr_encr_alg_unsupp;
2615         }
2616 }
2617 
2618 __be32
2619 nfsd4_create_session(struct svc_rqst *rqstp,
2620                      struct nfsd4_compound_state *cstate,
2621                      struct nfsd4_create_session *cr_ses)
2622 {
2623         struct sockaddr *sa = svc_addr(rqstp);
2624         struct nfs4_client *conf, *unconf;
2625         struct nfs4_client *old = NULL;
2626         struct nfsd4_session *new;
2627         struct nfsd4_conn *conn;
2628         struct nfsd4_clid_slot *cs_slot = NULL;
2629         __be32 status = 0;
2630         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2631 
2632         if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
2633                 return nfserr_inval;
2634         status = nfsd4_check_cb_sec(&cr_ses->cb_sec);
2635         if (status)
2636                 return status;
2637         status = check_forechannel_attrs(&cr_ses->fore_channel, nn);
2638         if (status)
2639                 return status;
2640         status = check_backchannel_attrs(&cr_ses->back_channel);
2641         if (status)
2642                 goto out_release_drc_mem;
2643         status = nfserr_jukebox;
2644         new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel);
2645         if (!new)
2646                 goto out_release_drc_mem;
2647         conn = alloc_conn_from_crses(rqstp, cr_ses);
2648         if (!conn)
2649                 goto out_free_session;
2650 
2651         spin_lock(&nn->client_lock);
2652         unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn);
2653         conf = find_confirmed_client(&cr_ses->clientid, true, nn);
2654         WARN_ON_ONCE(conf && unconf);
2655 
2656         if (conf) {
2657                 status = nfserr_wrong_cred;
2658                 if (!mach_creds_match(conf, rqstp))
2659                         goto out_free_conn;
2660                 cs_slot = &conf->cl_cs_slot;
2661                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
2662                 if (status) {
2663                         if (status == nfserr_replay_cache)
2664                                 status = nfsd4_replay_create_session(cr_ses, cs_slot);
2665                         goto out_free_conn;
2666                 }
2667         } else if (unconf) {
2668                 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
2669                     !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
2670                         status = nfserr_clid_inuse;
2671                         goto out_free_conn;
2672                 }
2673                 status = nfserr_wrong_cred;
2674                 if (!mach_creds_match(unconf, rqstp))
2675                         goto out_free_conn;
2676                 cs_slot = &unconf->cl_cs_slot;
2677                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
2678                 if (status) {
2679                         /* an unconfirmed replay returns misordered */
2680                         status = nfserr_seq_misordered;
2681                         goto out_free_conn;
2682                 }
2683                 old = find_confirmed_client_by_name(&unconf->cl_name, nn);
2684                 if (old) {
2685                         status = mark_client_expired_locked(old);
2686                         if (status) {
2687                                 old = NULL;
2688                                 goto out_free_conn;
2689                         }
2690                 }
2691                 move_to_confirmed(unconf);
2692                 conf = unconf;
2693         } else {
2694                 status = nfserr_stale_clientid;
2695                 goto out_free_conn;
2696         }
2697         status = nfs_ok;
2698         /* Persistent sessions are not supported */
2699         cr_ses->flags &= ~SESSION4_PERSIST;
2700         /* Upshifting from TCP to RDMA is not supported */
2701         cr_ses->flags &= ~SESSION4_RDMA;
2702 
2703         init_session(rqstp, new, conf, cr_ses);
2704         nfsd4_get_session_locked(new);
2705 
2706         memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
2707                NFS4_MAX_SESSIONID_LEN);
2708         cs_slot->sl_seqid++;
2709         cr_ses->seqid = cs_slot->sl_seqid;
2710 
2711         /* cache solo and embedded create sessions under the client_lock */
2712         nfsd4_cache_create_session(cr_ses, cs_slot, status);
2713         spin_unlock(&nn->client_lock);
2714         /* init connection and backchannel */
2715         nfsd4_init_conn(rqstp, conn, new);
2716         nfsd4_put_session(new);
2717         if (old)
2718                 expire_client(old);
2719         return status;
2720 out_free_conn:
2721         spin_unlock(&nn->client_lock);
2722         free_conn(conn);
2723         if (old)
2724                 expire_client(old);
2725 out_free_session:
2726         __free_session(new);
2727 out_release_drc_mem:
2728         nfsd4_put_drc_mem(&cr_ses->fore_channel);
2729         return status;
2730 }
2731 
2732 static __be32 nfsd4_map_bcts_dir(u32 *dir)
2733 {
2734         switch (*dir) {
2735         case NFS4_CDFC4_FORE:
2736         case NFS4_CDFC4_BACK:
2737                 return nfs_ok;
2738         case NFS4_CDFC4_FORE_OR_BOTH:
2739         case NFS4_CDFC4_BACK_OR_BOTH:
2740                 *dir = NFS4_CDFC4_BOTH;
2741                 return nfs_ok;
2742         };
2743         return nfserr_inval;
2744 }
2745 
2746 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_backchannel_ctl *bc)
2747 {
2748         struct nfsd4_session *session = cstate->session;
2749         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2750         __be32 status;
2751 
2752         status = nfsd4_check_cb_sec(&bc->bc_cb_sec);
2753         if (status)
2754                 return status;
2755         spin_lock(&nn->client_lock);
2756         session->se_cb_prog = bc->bc_cb_program;
2757         session->se_cb_sec = bc->bc_cb_sec;
2758         spin_unlock(&nn->client_lock);
2759 
2760         nfsd4_probe_callback(session->se_client);
2761 
2762         return nfs_ok;
2763 }
2764 
2765 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
2766                      struct nfsd4_compound_state *cstate,
2767                      struct nfsd4_bind_conn_to_session *bcts)
2768 {
2769         __be32 status;
2770         struct nfsd4_conn *conn;
2771         struct nfsd4_session *session;
2772         struct net *net = SVC_NET(rqstp);
2773         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2774 
2775         if (!nfsd4_last_compound_op(rqstp))
2776                 return nfserr_not_only_op;
2777         spin_lock(&nn->client_lock);
2778         session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status);
2779         spin_unlock(&nn->client_lock);
2780         if (!session)
2781                 goto out_no_session;
2782         status = nfserr_wrong_cred;
2783         if (!mach_creds_match(session->se_client, rqstp))
2784                 goto out;
2785         status = nfsd4_map_bcts_dir(&bcts->dir);
2786         if (status)
2787                 goto out;
2788         conn = alloc_conn(rqstp, bcts->dir);
2789         status = nfserr_jukebox;
2790         if (!conn)
2791                 goto out;
2792         nfsd4_init_conn(rqstp, conn, session);
2793         status = nfs_ok;
2794 out:
2795         nfsd4_put_session(session);
2796 out_no_session:
2797         return status;
2798 }
2799 
2800 static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
2801 {
2802         if (!session)
2803                 return 0;
2804         return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
2805 }
2806 
2807 __be32
2808 nfsd4_destroy_session(struct svc_rqst *r,
2809                       struct nfsd4_compound_state *cstate,
2810                       struct nfsd4_destroy_session *sessionid)
2811 {
2812         struct nfsd4_session *ses;
2813         __be32 status;
2814         int ref_held_by_me = 0;
2815         struct net *net = SVC_NET(r);
2816         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2817 
2818         status = nfserr_not_only_op;
2819         if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
2820                 if (!nfsd4_last_compound_op(r))
2821                         goto out;
2822                 ref_held_by_me++;
2823         }
2824         dump_sessionid(__func__, &sessionid->sessionid);
2825         spin_lock(&nn->client_lock);
2826         ses = find_in_sessionid_hashtbl(&sessionid->sessionid, net, &status);
2827         if (!ses)
2828                 goto out_client_lock;
2829         status = nfserr_wrong_cred;
2830         if (!mach_creds_match(ses->se_client, r))
2831                 goto out_put_session;
2832         status = mark_session_dead_locked(ses, 1 + ref_held_by_me);
2833         if (status)
2834                 goto out_put_session;
2835         unhash_session(ses);
2836         spin_unlock(&nn->client_lock);
2837 
2838         nfsd4_probe_callback_sync(ses->se_client);
2839 
2840         spin_lock(&nn->client_lock);
2841         status = nfs_ok;
2842 out_put_session:
2843         nfsd4_put_session_locked(ses);
2844 out_client_lock:
2845         spin_unlock(&nn->client_lock);
2846 out:
2847         return status;
2848 }
2849 
2850 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
2851 {
2852         struct nfsd4_conn *c;
2853 
2854         list_for_each_entry(c, &s->se_conns, cn_persession) {
2855                 if (c->cn_xprt == xpt) {
2856                         return c;
2857                 }
2858         }
2859         return NULL;
2860 }
2861 
2862 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
2863 {
2864         struct nfs4_client *clp = ses->se_client;
2865         struct nfsd4_conn *c;
2866         __be32 status = nfs_ok;
2867         int ret;
2868 
2869         spin_lock(&clp->cl_lock);
2870         c = __nfsd4_find_conn(new->cn_xprt, ses);
2871         if (c)
2872                 goto out_free;
2873         status = nfserr_conn_not_bound_to_session;
2874         if (clp->cl_mach_cred)
2875                 goto out_free;
2876         __nfsd4_hash_conn(new, ses);
2877         spin_unlock(&clp->cl_lock);
2878         ret = nfsd4_register_conn(new);
2879         if (ret)
2880                 /* oops; xprt is already down: */
2881                 nfsd4_conn_lost(&new->cn_xpt_user);
2882         return nfs_ok;
2883 out_free:
2884         spin_unlock(&clp->cl_lock);
2885         free_conn(new);
2886         return status;
2887 }
2888 
2889 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
2890 {
2891         struct nfsd4_compoundargs *args = rqstp->rq_argp;
2892 
2893         return args->opcnt > session->se_fchannel.maxops;
2894 }
2895 
2896 static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
2897                                   struct nfsd4_session *session)
2898 {
2899         struct xdr_buf *xb = &rqstp->rq_arg;
2900 
2901         return xb->len > session->se_fchannel.maxreq_sz;
2902 }
2903 
2904 __be32
2905 nfsd4_sequence(struct svc_rqst *rqstp,
2906                struct nfsd4_compound_state *cstate,
2907                struct nfsd4_sequence *seq)
2908 {
2909         struct nfsd4_compoundres *resp = rqstp->rq_resp;
2910         struct xdr_stream *xdr = &resp->xdr;
2911         struct nfsd4_session *session;
2912         struct nfs4_client *clp;
2913         struct nfsd4_slot *slot;
2914         struct nfsd4_conn *conn;
2915         __be32 status;
2916         int buflen;
2917         struct net *net = SVC_NET(rqstp);
2918         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2919 
2920         if (resp->opcnt != 1)
2921                 return nfserr_sequence_pos;
2922 
2923         /*
2924          * Will be either used or freed by nfsd4_sequence_check_conn
2925          * below.
2926          */
2927         conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
2928         if (!conn)
2929                 return nfserr_jukebox;
2930 
2931         spin_lock(&nn->client_lock);
2932         session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status);
2933         if (!session)
2934                 goto out_no_session;
2935         clp = session->se_client;
2936 
2937         status = nfserr_too_many_ops;
2938         if (nfsd4_session_too_many_ops(rqstp, session))
2939                 goto out_put_session;
2940 
2941         status = nfserr_req_too_big;
2942         if (nfsd4_request_too_big(rqstp, session))
2943                 goto out_put_session;
2944 
2945         status = nfserr_badslot;
2946         if (seq->slotid >= session->se_fchannel.maxreqs)
2947                 goto out_put_session;
2948 
2949         slot = session->se_slots[seq->slotid];
2950         dprintk("%s: slotid %d\n", __func__, seq->slotid);
2951 
2952         /* We do not negotiate the number of slots yet, so set the
2953          * maxslots to the session maxreqs which is used to encode
2954          * sr_highest_slotid and the sr_target_slot id to maxslots */
2955         seq->maxslots = session->se_fchannel.maxreqs;
2956 
2957         status = check_slot_seqid(seq->seqid, slot->sl_seqid,
2958                                         slot->sl_flags & NFSD4_SLOT_INUSE);
2959         if (status == nfserr_replay_cache) {
2960                 status = nfserr_seq_misordered;
2961                 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
2962                         goto out_put_session;
2963                 cstate->slot = slot;
2964                 cstate->session = session;
2965                 cstate->clp = clp;
2966                 /* Return the cached reply status and set cstate->status
2967                  * for nfsd4_proc_compound processing */
2968                 status = nfsd4_replay_cache_entry(resp, seq);
2969                 cstate->status = nfserr_replay_cache;
2970                 goto out;
2971         }
2972         if (status)
2973                 goto out_put_session;
2974 
2975         status = nfsd4_sequence_check_conn(conn, session);
2976         conn = NULL;
2977         if (status)
2978                 goto out_put_session;
2979 
2980         buflen = (seq->cachethis) ?
2981                         session->se_fchannel.maxresp_cached :
2982                         session->se_fchannel.maxresp_sz;
2983         status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
2984                                     nfserr_rep_too_big;
2985         if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
2986                 goto out_put_session;
2987         svc_reserve(rqstp, buflen);
2988 
2989         status = nfs_ok;
2990         /* Success! bump slot seqid */
2991         slot->sl_seqid = seq->seqid;
2992         slot->sl_flags |= NFSD4_SLOT_INUSE;
2993         if (seq->cachethis)
2994                 slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
2995         else
2996                 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;
2997 
2998         cstate->slot = slot;
2999         cstate->session = session;
3000         cstate->clp = clp;
3001 
3002 out:
3003         switch (clp->cl_cb_state) {
3004         case NFSD4_CB_DOWN:
3005                 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
3006                 break;
3007         case NFSD4_CB_FAULT:
3008                 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
3009                 break;
3010         default:
3011                 seq->status_flags = 0;
3012         }
3013         if (!list_empty(&clp->cl_revoked))
3014                 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED;
3015 out_no_session:
3016         if (conn)
3017                 free_conn(conn);
3018         spin_unlock(&nn->client_lock);
3019         return status;
3020 out_put_session:
3021         nfsd4_put_session_locked(session);
3022         goto out_no_session;
3023 }
3024 
3025 void
3026 nfsd4_sequence_done(struct nfsd4_compoundres *resp)
3027 {
3028         struct nfsd4_compound_state *cs = &resp->cstate;
3029 
3030         if (nfsd4_has_session(cs)) {
3031                 if (cs->status != nfserr_replay_cache) {
3032                         nfsd4_store_cache_entry(resp);
3033                         cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
3034                 }
3035                 /* Drop session reference that was taken in nfsd4_sequence() */
3036                 nfsd4_put_session(cs->session);
3037         } else if (cs->clp)
3038                 put_client_renew(cs->clp);
3039 }
3040 
3041 __be32
3042 nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_destroy_clientid *dc)
3043 {
3044         struct nfs4_client *conf, *unconf;
3045         struct nfs4_client *clp = NULL;
3046         __be32 status = 0;
3047         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3048 
3049         spin_lock(&nn->client_lock);
3050         unconf = find_unconfirmed_client(&dc->clientid, true, nn);
3051         conf = find_confirmed_client(&dc->clientid, true, nn);
3052         WARN_ON_ONCE(conf && unconf);
3053 
3054         if (conf) {
3055                 if (client_has_state(conf)) {
3056                         status = nfserr_clientid_busy;
3057                         goto out;
3058                 }
3059                 status = mark_client_expired_locked(conf);
3060                 if (status)
3061                         goto out;
3062                 clp = conf;
3063         } else if (unconf)
3064                 clp = unconf;
3065         else {
3066                 status = nfserr_stale_clientid;
3067                 goto out;
3068         }
3069         if (!mach_creds_match(clp, rqstp)) {
3070                 clp = NULL;
3071                 status = nfserr_wrong_cred;
3072                 goto out;
3073         }
3074         unhash_client_locked(clp);
3075 out:
3076         spin_unlock(&nn->client_lock);
3077         if (clp)
3078                 expire_client(clp);
3079         return status;
3080 }
3081 
3082 __be32
3083 nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
3084 {
3085         __be32 status = 0;
3086 
3087         if (rc->rca_one_fs) {
3088                 if (!cstate->current_fh.fh_dentry)
3089                         return nfserr_nofilehandle;
3090                 /*
3091                  * We don't take advantage of the rca_one_fs case.
3092                  * That's OK, it's optional, we can safely ignore it.
3093                  */
3094                  return nfs_ok;
3095         }
3096 
3097         status = nfserr_complete_already;
3098         if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
3099                              &cstate->session->se_client->cl_flags))
3100                 goto out;
3101 
3102         status = nfserr_stale_clientid;
3103         if (is_client_expired(cstate->session->se_client))
3104                 /*
3105                  * The following error isn't really legal.
3106                  * But we only get here if the client just explicitly
3107                  * destroyed the client.  Surely it no longer cares what
3108                  * error it gets back on an operation for the dead
3109                  * client.
3110                  */
3111                 goto out;
3112 
3113         status = nfs_ok;
3114         nfsd4_client_record_create(cstate->session->se_client);
3115 out:
3116         return status;
3117 }
3118 
3119 __be32
3120 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3121                   struct nfsd4_setclientid *setclid)
3122 {
3123         struct xdr_netobj       clname = setclid->se_name;
3124         nfs4_verifier           clverifier = setclid->se_verf;
3125         struct nfs4_client      *conf, *new;
3126         struct nfs4_client      *unconf = NULL;
3127         __be32                  status;
3128         struct nfsd_net         *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3129 
3130         new = create_client(clname, rqstp, &clverifier);
3131         if (new == NULL)
3132                 return nfserr_jukebox;
3133         /* Cases below refer to rfc 3530 section 14.2.33: */
3134         spin_lock(&nn->client_lock);
3135         conf = find_confirmed_client_by_name(&clname, nn);
3136         if (conf && client_has_state(conf)) {
3137                 /* case 0: */
3138                 status = nfserr_clid_inuse;
3139                 if (clp_used_exchangeid(conf))
3140                         goto out;
3141                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
3142                         char addr_str[INET6_ADDRSTRLEN];
3143                         rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
3144                                  sizeof(addr_str));
3145                         dprintk("NFSD: setclientid: string in use by client "
3146                                 "at %s\n", addr_str);
3147                         goto out;
3148                 }
3149         }
3150         unconf = find_unconfirmed_client_by_name(&clname, nn);
3151         if (unconf)
3152                 unhash_client_locked(unconf);
3153         if (conf && same_verf(&conf->cl_verifier, &clverifier)) {
3154                 /* case 1: probable callback update */
3155                 copy_clid(new, conf);
3156                 gen_confirm(new, nn);
3157         } else /* case 4 (new client) or cases 2, 3 (client reboot): */
3158                 gen_clid(new, nn);
3159         new->cl_minorversion = 0;
3160         gen_callback(new, setclid, rqstp);
3161         add_to_unconfirmed(new);
3162         setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
3163         setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
3164         memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
3165         new = NULL;
3166         status = nfs_ok;
3167 out:
3168         spin_unlock(&nn->client_lock);
3169         if (new)
3170                 free_client(new);
3171         if (unconf)
3172                 expire_client(unconf);
3173         return status;
3174 }
3175 
3176 
3177 __be32
3178 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
3179                          struct nfsd4_compound_state *cstate,
3180                          struct nfsd4_setclientid_confirm *setclientid_confirm)
3181 {
3182         struct nfs4_client *conf, *unconf;
3183         struct nfs4_client *old = NULL;
3184         nfs4_verifier confirm = setclientid_confirm->sc_confirm; 
3185         clientid_t * clid = &setclientid_confirm->sc_clientid;
3186         __be32 status;
3187         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3188 
3189         if (STALE_CLIENTID(clid, nn))
3190                 return nfserr_stale_clientid;
3191 
3192         spin_lock(&nn->client_lock);
3193         conf = find_confirmed_client(clid, false, nn);
3194         unconf = find_unconfirmed_client(clid, false, nn);
3195         /*
3196          * We try hard to give out unique clientid's, so if we get an
3197          * attempt to confirm the same clientid with a different cred,
3198          * the client may be buggy; this should never happen.
3199          *
3200          * Nevertheless, RFC 7530 recommends INUSE for this case:
3201          */
3202         status = nfserr_clid_inuse;
3203         if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred))
3204                 goto out;
3205         if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred))
3206                 goto out;
3207         /* cases below refer to rfc 3530 section 14.2.34: */
3208         if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
3209                 if (conf && !unconf) /* case 2: probable retransmit */
3210                         status = nfs_ok;
3211                 else /* case 4: client hasn't noticed we rebooted yet? */
3212                         status = nfserr_stale_clientid;
3213                 goto out;
3214         }
3215         status = nfs_ok;
3216         if (conf) { /* case 1: callback update */
3217                 old = unconf;
3218                 unhash_client_locked(old);
3219                 nfsd4_change_callback(conf, &unconf->cl_cb_conn);
3220         } else { /* case 3: normal case; new or rebooted client */
3221                 old = find_confirmed_client_by_name(&unconf->cl_name, nn);
3222                 if (old) {
3223                         status = nfserr_clid_inuse;
3224                         if (client_has_state(old)
3225                                         && !same_creds(&unconf->cl_cred,
3226                                                         &old->cl_cred))
3227                                 goto out;
3228                         status = mark_client_expired_locked(old);
3229                         if (status) {
3230                                 old = NULL;
3231                                 goto out;
3232                         }
3233                 }
3234                 move_to_confirmed(unconf);
3235                 conf = unconf;
3236         }
3237         get_client_locked(conf);
3238         spin_unlock(&nn->client_lock);
3239         nfsd4_probe_callback(conf);
3240         spin_lock(&nn->client_lock);
3241         put_client_renew_locked(conf);
3242 out:
3243         spin_unlock(&nn->client_lock);
3244         if (old)
3245                 expire_client(old);
3246         return status;
3247 }
3248 
3249 static struct nfs4_file *nfsd4_alloc_file(void)
3250 {
3251         return kmem_cache_alloc(file_slab, GFP_KERNEL);
3252 }
3253 
3254 /* OPEN Share state helper functions */
3255 static void nfsd4_init_file(struct knfsd_fh *fh, unsigned int hashval,
3256                                 struct nfs4_file *fp)
3257 {
3258         lockdep_assert_held(&state_lock);
3259 
3260         atomic_set(&fp->fi_ref, 1);
3261         spin_lock_init(&fp->fi_lock);
3262         INIT_LIST_HEAD(&fp->fi_stateids);
3263         INIT_LIST_HEAD(&fp->fi_delegations);
3264         INIT_LIST_HEAD(&fp->fi_clnt_odstate);
3265         fh_copy_shallow(&fp->fi_fhandle, fh);
3266         fp->fi_deleg_file = NULL;
3267         fp->fi_had_conflict = false;
3268         fp->fi_share_deny = 0;
3269         memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
3270         memset(fp->fi_access, 0, sizeof(fp->fi_access));
3271 #ifdef CONFIG_NFSD_PNFS
3272         INIT_LIST_HEAD(&fp->fi_lo_states);
3273         atomic_set(&fp->fi_lo_recalls, 0);
3274 #endif
3275         hlist_add_head_rcu(&fp->fi_hash, &file_hashtbl[hashval]);
3276 }
3277 
3278 void
3279 nfsd4_free_slabs(void)
3280 {
3281         kmem_cache_destroy(odstate_slab);
3282         kmem_cache_destroy(openowner_slab);
3283         kmem_cache_destroy(lockowner_slab);
3284         kmem_cache_destroy(file_slab);
3285         kmem_cache_destroy(stateid_slab);
3286         kmem_cache_destroy(deleg_slab);
3287 }
3288 
3289 int
3290 nfsd4_init_slabs(void)
3291 {
3292         openowner_slab = kmem_cache_create("nfsd4_openowners",
3293                         sizeof(struct nfs4_openowner), 0, 0, NULL);
3294         if (openowner_slab == NULL)
3295                 goto out;
3296         lockowner_slab = kmem_cache_create("nfsd4_lockowners",
3297                         sizeof(struct nfs4_lockowner), 0, 0, NULL);
3298         if (lockowner_slab == NULL)
3299                 goto out_free_openowner_slab;
3300         file_slab = kmem_cache_create("nfsd4_files",
3301                         sizeof(struct nfs4_file), 0, 0, NULL);
3302         if (file_slab == NULL)
3303                 goto out_free_lockowner_slab;
3304         stateid_slab = kmem_cache_create("nfsd4_stateids",
3305                         sizeof(struct nfs4_ol_stateid), 0, 0, NULL);
3306         if (stateid_slab == NULL)
3307                 goto out_free_file_slab;
3308         deleg_slab = kmem_cache_create("nfsd4_delegations",
3309                         sizeof(struct nfs4_delegation), 0, 0, NULL);
3310         if (deleg_slab == NULL)
3311                 goto out_free_stateid_slab;
3312         odstate_slab = kmem_cache_create("nfsd4_odstate",
3313                         sizeof(struct nfs4_clnt_odstate), 0, 0, NULL);
3314         if (odstate_slab == NULL)
3315                 goto out_free_deleg_slab;
3316         return 0;
3317 
3318 out_free_deleg_slab:
3319         kmem_cache_destroy(deleg_slab);
3320 out_free_stateid_slab:
3321         kmem_cache_destroy(stateid_slab);
3322 out_free_file_slab:
3323         kmem_cache_destroy(file_slab);
3324 out_free_lockowner_slab:
3325         kmem_cache_destroy(lockowner_slab);
3326 out_free_openowner_slab:
3327         kmem_cache_destroy(openowner_slab);
3328 out:
3329         dprintk("nfsd4: out of memory while initializing nfsv4\n");
3330         return -ENOMEM;
3331 }
3332 
3333 static void init_nfs4_replay(struct nfs4_replay *rp)
3334 {
3335         rp->rp_status = nfserr_serverfault;
3336         rp->rp_buflen = 0;
3337         rp->rp_buf = rp->rp_ibuf;
3338         mutex_init(&rp->rp_mutex);
3339 }
3340 
3341 static void nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate,
3342                 struct nfs4_stateowner *so)
3343 {
3344         if (!nfsd4_has_session(cstate)) {
3345                 mutex_lock(&so->so_replay.rp_mutex);
3346                 cstate->replay_owner = nfs4_get_stateowner(so);
3347         }
3348 }
3349 
3350 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate)
3351 {
3352         struct nfs4_stateowner *so = cstate->replay_owner;
3353 
3354         if (so != NULL) {
3355                 cstate->replay_owner = NULL;
3356                 mutex_unlock(&so->so_replay.rp_mutex);
3357                 nfs4_put_stateowner(so);
3358         }
3359 }
3360 
3361 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
3362 {
3363         struct nfs4_stateowner *sop;
3364 
3365         sop = kmem_cache_alloc(slab, GFP_KERNEL);
3366         if (!sop)
3367                 return NULL;
3368 
3369         sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL);
3370         if (!sop->so_owner.data) {
3371                 kmem_cache_free(slab, sop);
3372                 return NULL;
3373         }
3374         sop->so_owner.len = owner->len;
3375 
3376         INIT_LIST_HEAD(&sop->so_stateids);
3377         sop->so_client = clp;
3378         init_nfs4_replay(&sop->so_replay);
3379         atomic_set(&sop->so_count, 1);
3380         return sop;
3381 }
3382 
3383 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
3384 {
3385         lockdep_assert_held(&clp->cl_lock);
3386 
3387         list_add(&oo->oo_owner.so_strhash,
3388                  &clp->cl_ownerstr_hashtbl[strhashval]);
3389         list_add(&oo->oo_perclient, &clp->cl_openowners);
3390 }
3391 
3392 static void nfs4_unhash_openowner(struct nfs4_stateowner *so)
3393 {
3394         unhash_openowner_locked(openowner(so));
3395 }
3396 
3397 static void nfs4_free_openowner(struct nfs4_stateowner *so)
3398 {
3399         struct nfs4_openowner *oo = openowner(so);
3400 
3401         kmem_cache_free(openowner_slab, oo);
3402 }
3403 
3404 static const struct nfs4_stateowner_operations openowner_ops = {
3405         .so_unhash =    nfs4_unhash_openowner,
3406         .so_free =      nfs4_free_openowner,
3407 };
3408 
3409 static struct nfs4_ol_stateid *
3410 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
3411 {
3412         struct nfs4_ol_stateid *local, *ret = NULL;
3413         struct nfs4_openowner *oo = open->op_openowner;
3414 
3415         lockdep_assert_held(&fp->fi_lock);
3416 
3417         list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
3418                 /* ignore lock owners */
3419                 if (local->st_stateowner->so_is_open_owner == 0)
3420                         continue;
3421                 if (local->st_stateowner == &oo->oo_owner) {
3422                         ret = local;
3423                         atomic_inc(&ret->st_stid.sc_count);
3424                         break;
3425                 }
3426         }
3427         return ret;
3428 }
3429 
3430 static struct nfs4_openowner *
3431 alloc_init_open_stateowner(unsigned int strhashval, struct nfsd4_open *open,
3432                            struct nfsd4_compound_state *cstate)
3433 {
3434         struct nfs4_client *clp = cstate->clp;
3435         struct nfs4_openowner *oo, *ret;
3436 
3437         oo = alloc_stateowner(openowner_slab, &open->op_owner, clp);
3438         if (!oo)
3439                 return NULL;
3440         oo->oo_owner.so_ops = &openowner_ops;
3441         oo->oo_owner.so_is_open_owner = 1;
3442         oo->oo_owner.so_seqid = open->op_seqid;
3443         oo->oo_flags = 0;
3444         if (nfsd4_has_session(cstate))
3445                 oo->oo_flags |= NFS4_OO_CONFIRMED;
3446         oo->oo_time = 0;
3447         oo->oo_last_closed_stid = NULL;
3448         INIT_LIST_HEAD(&oo->oo_close_lru);
3449         spin_lock(&clp->cl_lock);
3450         ret = find_openstateowner_str_locked(strhashval, open, clp);
3451         if (ret == NULL) {
3452                 hash_openowner(oo, clp, strhashval);
3453                 ret = oo;
3454         } else
3455                 nfs4_free_stateowner(&oo->oo_owner);
3456 
3457         spin_unlock(&clp->cl_lock);
3458         return ret;
3459 }
3460 
3461 static struct nfs4_ol_stateid *
3462 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open)
3463 {
3464 
3465         struct nfs4_openowner *oo = open->op_openowner;
3466         struct nfs4_ol_stateid *retstp = NULL;
3467         struct nfs4_ol_stateid *stp;
3468 
3469         stp = open->op_stp;
3470         /* We are moving these outside of the spinlocks to avoid the warnings */
3471         mutex_init(&stp->st_mutex);
3472         mutex_lock(&stp->st_mutex);
3473 
3474         spin_lock(&oo->oo_owner.so_client->cl_lock);
3475         spin_lock(&fp->fi_lock);
3476 
3477         retstp = nfsd4_find_existing_open(fp, open);
3478         if (retstp)
3479                 goto out_unlock;
3480 
3481         open->op_stp = NULL;
3482         atomic_inc(&stp->st_stid.sc_count);
3483         stp->st_stid.sc_type = NFS4_OPEN_STID;
3484         INIT_LIST_HEAD(&stp->st_locks);
3485         stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner);
3486         get_nfs4_file(fp);
3487         stp->st_stid.sc_file = fp;
3488         stp->st_access_bmap = 0;
3489         stp->st_deny_bmap = 0;
3490         stp->st_openstp = NULL;
3491         list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
3492         list_add(&stp->st_perfile, &fp->fi_stateids);
3493 
3494 out_unlock:
3495         spin_unlock(&fp->fi_lock);
3496         spin_unlock(&oo->oo_owner.so_client->cl_lock);
3497         if (retstp) {
3498                 mutex_lock(&retstp->st_mutex);
3499                 /* To keep mutex tracking happy */
3500                 mutex_unlock(&stp->st_mutex);
3501                 stp = retstp;
3502         }
3503         return stp;
3504 }
3505 
3506 /*
3507  * In the 4.0 case we need to keep the owners around a little while to handle
3508  * CLOSE replay. We still do need to release any file access that is held by
3509  * them before returning however.
3510  */
3511 static void
3512 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net)
3513 {
3514         struct nfs4_ol_stateid *last;
3515         struct nfs4_openowner *oo = openowner(s->st_stateowner);
3516         struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net,
3517                                                 nfsd_net_id);
3518 
3519         dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);
3520 
3521         /*
3522          * We know that we hold one reference via nfsd4_close, and another
3523          * "persistent" reference for the client. If the refcount is higher
3524          * than 2, then there are still calls in progress that are using this
3525          * stateid. We can't put the sc_file reference until they are finished.
3526          * Wait for the refcount to drop to 2. Since it has been unhashed,
3527          * there should be no danger of the refcount going back up again at
3528          * this point.
3529          */
3530         wait_event(close_wq, atomic_read(&s->st_stid.sc_count) == 2);
3531 
3532         release_all_access(s);
3533         if (s->st_stid.sc_file) {
3534                 put_nfs4_file(s->st_stid.sc_file);
3535                 s->st_stid.sc_file = NULL;
3536         }
3537 
3538         spin_lock(&nn->client_lock);
3539         last = oo->oo_last_closed_stid;
3540         oo->oo_last_closed_stid = s;
3541         list_move_tail(&oo->oo_close_lru, &nn->close_lru);
3542         oo->oo_time = get_seconds();
3543         spin_unlock(&nn->client_lock);
3544         if (last)
3545                 nfs4_put_stid(&last->st_stid);
3546 }
3547 
3548 /* search file_hashtbl[] for file */
3549 static struct nfs4_file *
3550 find_file_locked(struct knfsd_fh *fh, unsigned int hashval)
3551 {
3552         struct nfs4_file *fp;
3553 
3554         hlist_for_each_entry_rcu(fp, &file_hashtbl[hashval], fi_hash) {
3555                 if (fh_match(&fp->fi_fhandle, fh)) {
3556                         if (atomic_inc_not_zero(&fp->fi_ref))
3557                                 return fp;
3558                 }
3559         }
3560         return NULL;
3561 }
3562 
3563 struct nfs4_file *
3564 find_file(struct knfsd_fh *fh)
3565 {
3566         struct nfs4_file *fp;
3567         unsigned int hashval = file_hashval(fh);
3568 
3569         rcu_read_lock();
3570         fp = find_file_locked(fh, hashval);
3571         rcu_read_unlock();
3572         return fp;
3573 }
3574 
3575 static struct nfs4_file *
3576 find_or_add_file(struct nfs4_file *new, struct knfsd_fh *fh)
3577 {
3578         struct nfs4_file *fp;
3579         unsigned int hashval = file_hashval(fh);
3580 
3581         rcu_read_lock();
3582         fp = find_file_locked(fh, hashval);
3583         rcu_read_unlock();
3584         if (fp)
3585                 return fp;
3586 
3587         spin_lock(&state_lock);
3588         fp = find_file_locked(fh, hashval);
3589         if (likely(fp == NULL)) {
3590                 nfsd4_init_file(fh, hashval, new);
3591                 fp = new;
3592         }
3593         spin_unlock(&state_lock);
3594 
3595         return fp;
3596 }
3597 
3598 /*
3599  * Called to check deny when READ with all zero stateid or
3600  * WRITE with all zero or all one stateid
3601  */
3602 static __be32
3603 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
3604 {
3605         struct nfs4_file *fp;
3606         __be32 ret = nfs_ok;
3607 
3608         fp = find_file(&current_fh->fh_handle);
3609         if (!fp)
3610                 return ret;
3611         /* Check for conflicting share reservations */
3612         spin_lock(&fp->fi_lock);
3613         if (fp->fi_share_deny & deny_type)
3614                 ret = nfserr_locked;
3615         spin_unlock(&fp->fi_lock);
3616         put_nfs4_file(fp);
3617         return ret;
3618 }
3619 
3620 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb)
3621 {
3622         struct nfs4_delegation *dp = cb_to_delegation(cb);
3623         struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net,
3624                                           nfsd_net_id);
3625 
3626         block_delegations(&dp->dl_stid.sc_file->fi_fhandle);
3627 
3628         /*
3629          * We can't do this in nfsd_break_deleg_cb because it is
3630          * already holding inode->i_lock.
3631          *
3632          * If the dl_time != 0, then we know that it has already been
3633          * queued for a lease break. Don't queue it again.
3634          */
3635         spin_lock(&state_lock);
3636         if (dp->dl_time == 0) {
3637                 dp->dl_time = get_seconds();
3638                 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru);
3639         }
3640         spin_unlock(&state_lock);
3641 }
3642 
3643 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb,
3644                 struct rpc_task *task)
3645 {
3646         struct nfs4_delegation *dp = cb_to_delegation(cb);
3647 
3648         if (dp->dl_stid.sc_type == NFS4_CLOSED_DELEG_STID)
3649                 return 1;
3650 
3651         switch (task->tk_status) {
3652         case 0:
3653                 return 1;
3654         case -EBADHANDLE:
3655         case -NFS4ERR_BAD_STATEID:
3656                 /*
3657                  * Race: client probably got cb_recall before open reply
3658                  * granting delegation.
3659                  */
3660                 if (dp->dl_retries--) {
3661                         rpc_delay(task, 2 * HZ);
3662                         return 0;
3663                 }
3664                 /*FALLTHRU*/
3665         default:
3666                 return -1;
3667         }
3668 }
3669 
3670 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb)
3671 {
3672         struct nfs4_delegation *dp = cb_to_delegation(cb);
3673 
3674         nfs4_put_stid(&dp->dl_stid);
3675 }
3676 
3677 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = {
3678         .prepare        = nfsd4_cb_recall_prepare,
3679         .done           = nfsd4_cb_recall_done,
3680         .release        = nfsd4_cb_recall_release,
3681 };
3682 
3683 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
3684 {
3685         /*
3686          * We're assuming the state code never drops its reference
3687          * without first removing the lease.  Since we're in this lease
3688          * callback (and since the lease code is serialized by the kernel
3689          * lock) we know the server hasn't removed the lease yet, we know
3690          * it's safe to take a reference.
3691          */
3692         atomic_inc(&dp->dl_stid.sc_count);
3693         nfsd4_run_cb(&dp->dl_recall);
3694 }
3695 
3696 /* Called from break_lease() with i_lock held. */
3697 static bool
3698 nfsd_break_deleg_cb(struct file_lock *fl)
3699 {
3700         bool ret = false;
3701         struct nfs4_file *fp = (struct nfs4_file *)fl->fl_owner;
3702         struct nfs4_delegation *dp;
3703 
3704         if (!fp) {
3705                 WARN(1, "(%p)->fl_owner NULL\n", fl);
3706                 return ret;
3707         }
3708         if (fp->fi_had_conflict) {
3709                 WARN(1, "duplicate break on %p\n", fp);
3710                 return ret;
3711         }
3712         /*
3713          * We don't want the locks code to timeout the lease for us;
3714          * we'll remove it ourself if a delegation isn't returned
3715          * in time:
3716          */
3717         fl->fl_break_time = 0;
3718 
3719         spin_lock(&fp->fi_lock);
3720         fp->fi_had_conflict = true;
3721         /*
3722          * If there are no delegations on the list, then return true
3723          * so that the lease code will go ahead and delete it.
3724          */
3725         if (list_empty(&fp->fi_delegations))
3726                 ret = true;
3727         else
3728                 list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
3729                         nfsd_break_one_deleg(dp);
3730         spin_unlock(&fp->fi_lock);
3731         return ret;
3732 }
3733 
3734 static int
3735 nfsd_change_deleg_cb(struct file_lock *onlist, int arg,
3736                      struct list_head *dispose)
3737 {
3738         if (arg & F_UNLCK)
3739                 return lease_modify(onlist, arg, dispose);
3740         else
3741                 return -EAGAIN;
3742 }
3743 
3744 static const struct lock_manager_operations nfsd_lease_mng_ops = {
3745         .lm_break = nfsd_break_deleg_cb,
3746         .lm_change = nfsd_change_deleg_cb,
3747 };
3748 
3749 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
3750 {
3751         if (nfsd4_has_session(cstate))
3752                 return nfs_ok;
3753         if (seqid == so->so_seqid - 1)
3754                 return nfserr_replay_me;
3755         if (seqid == so->so_seqid)
3756                 return nfs_ok;
3757         return nfserr_bad_seqid;
3758 }
3759 
3760 static __be32 lookup_clientid(clientid_t *clid,
3761                 struct nfsd4_compound_state *cstate,
3762                 struct nfsd_net *nn)
3763 {
3764         struct nfs4_client *found;
3765 
3766         if (cstate->clp) {
3767                 found = cstate->clp;
3768                 if (!same_clid(&found->cl_clientid, clid))
3769                         return nfserr_stale_clientid;
3770                 return nfs_ok;
3771         }
3772 
3773         if (STALE_CLIENTID(clid, nn))
3774                 return nfserr_stale_clientid;
3775 
3776         /*
3777          * For v4.1+ we get the client in the SEQUENCE op. If we don't have one
3778          * cached already then we know this is for is for v4.0 and "sessions"
3779          * will be false.
3780          */
3781         WARN_ON_ONCE(cstate->session);
3782         spin_lock(&nn->client_lock);
3783         found = find_confirmed_client(clid, false, nn);
3784         if (!found) {
3785                 spin_unlock(&nn->client_lock);
3786                 return nfserr_expired;
3787         }
3788         atomic_inc(&found->cl_refcount);
3789         spin_unlock(&nn->client_lock);
3790 
3791         /* Cache the nfs4_client in cstate! */
3792         cstate->clp = found;
3793         return nfs_ok;
3794 }
3795 
3796 __be32
3797 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
3798                     struct nfsd4_open *open, struct nfsd_net *nn)
3799 {
3800         clientid_t *clientid = &open->op_clientid;
3801         struct nfs4_client *clp = NULL;
3802         unsigned int strhashval;
3803         struct nfs4_openowner *oo = NULL;
3804         __be32 status;
3805 
3806         if (STALE_CLIENTID(&open->op_clientid, nn))
3807                 return nfserr_stale_clientid;
3808         /*
3809          * In case we need it later, after we've already created the
3810          * file and don't want to risk a further failure:
3811          */
3812         open->op_file = nfsd4_alloc_file();
3813         if (open->op_file == NULL)
3814                 return nfserr_jukebox;
3815 
3816         status = lookup_clientid(clientid, cstate, nn);
3817         if (status)
3818                 return status;
3819         clp = cstate->clp;
3820 
3821         strhashval = ownerstr_hashval(&open->op_owner);
3822         oo = find_openstateowner_str(strhashval, open, clp);
3823         open->op_openowner = oo;
3824         if (!oo) {
3825                 goto new_owner;
3826         }
3827         if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
3828                 /* Replace unconfirmed owners without checking for replay. */
3829                 release_openowner(oo);
3830                 open->op_openowner = NULL;
3831                 goto new_owner;
3832         }
3833         status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
3834         if (status)
3835                 return status;
3836         goto alloc_stateid;
3837 new_owner:
3838         oo = alloc_init_open_stateowner(strhashval, open, cstate);
3839         if (oo == NULL)
3840                 return nfserr_jukebox;
3841         open->op_openowner = oo;
3842 alloc_stateid:
3843         open->op_stp = nfs4_alloc_open_stateid(clp);
3844         if (!open->op_stp)
3845                 return nfserr_jukebox;
3846 
3847         if (nfsd4_has_session(cstate) &&
3848             (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) {
3849                 open->op_odstate = alloc_clnt_odstate(clp);
3850                 if (!open->op_odstate)
3851                         return nfserr_jukebox;
3852         }
3853 
3854         return nfs_ok;
3855 }
3856 
3857 static inline __be32
3858 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
3859 {
3860         if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
3861                 return nfserr_openmode;
3862         else
3863                 return nfs_ok;
3864 }
3865 
3866 static int share_access_to_flags(u32 share_access)
3867 {
3868         return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
3869 }
3870 
3871 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s)
3872 {
3873         struct nfs4_stid *ret;
3874 
3875         ret = find_stateid_by_type(cl, s, NFS4_DELEG_STID);
3876         if (!ret)
3877                 return NULL;
3878         return delegstateid(ret);
3879 }
3880 
3881 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
3882 {
3883         return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
3884                open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
3885 }
3886 
3887 static __be32
3888 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open,
3889                 struct nfs4_delegation **dp)
3890 {
3891         int flags;
3892         __be32 status = nfserr_bad_stateid;
3893         struct nfs4_delegation *deleg;
3894 
3895         deleg = find_deleg_stateid(cl, &open->op_delegate_stateid);
3896         if (deleg == NULL)
3897                 goto out;
3898         flags = share_access_to_flags(open->op_share_access);
3899         status = nfs4_check_delegmode(deleg, flags);
3900         if (status) {
3901                 nfs4_put_stid(&deleg->dl_stid);
3902                 goto out;
3903         }
3904         *dp = deleg;
3905 out:
3906         if (!nfsd4_is_deleg_cur(open))
3907                 return nfs_ok;
3908         if (status)
3909                 return status;
3910         open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
3911         return nfs_ok;
3912 }
3913 
3914 static inline int nfs4_access_to_access(u32 nfs4_access)
3915 {
3916         int flags = 0;
3917 
3918         if (nfs4_access & NFS4_SHARE_ACCESS_READ)
3919                 flags |= NFSD_MAY_READ;
3920         if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
3921                 flags |= NFSD_MAY_WRITE;
3922         return flags;
3923 }
3924 
3925 static inline __be32
3926 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
3927                 struct nfsd4_open *open)
3928 {
3929         struct iattr iattr = {
3930                 .ia_valid = ATTR_SIZE,
3931                 .ia_size = 0,
3932         };
3933         if (!open->op_truncate)
3934                 return 0;
3935         if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
3936                 return nfserr_inval;
3937         return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
3938 }
3939 
3940 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
3941                 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp,
3942                 struct nfsd4_open *open)
3943 {
3944         struct file *filp = NULL;
3945         __be32 status;
3946         int oflag = nfs4_access_to_omode(open->op_share_access);
3947         int access = nfs4_access_to_access(open->op_share_access);
3948         unsigned char old_access_bmap, old_deny_bmap;
3949 
3950         spin_lock(&fp->fi_lock);
3951 
3952         /*
3953          * Are we trying to set a deny mode that would conflict with
3954          * current access?
3955          */
3956         status = nfs4_file_check_deny(fp, open->op_share_deny);
3957         if (status != nfs_ok) {
3958                 spin_unlock(&fp->fi_lock);
3959                 goto out;
3960         }
3961 
3962         /* set access to the file */
3963         status = nfs4_file_get_access(fp, open->op_share_access);
3964         if (status != nfs_ok) {
3965                 spin_unlock(&fp->fi_lock);
3966                 goto out;
3967         }
3968 
3969         /* Set access bits in stateid */
3970         old_access_bmap = stp->st_access_bmap;
3971         set_access(open->op_share_access, stp);
3972 
3973         /* Set new deny mask */
3974         old_deny_bmap = stp->st_deny_bmap;
3975         set_deny(open->op_share_deny, stp);
3976         fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH);
3977 
3978         if (!fp->fi_fds[oflag]) {
3979                 spin_unlock(&fp->fi_lock);
3980                 status = nfsd_open(rqstp, cur_fh, S_IFREG, access, &filp);
3981                 if (status)
3982                         goto out_put_access;
3983                 spin_lock(&fp->fi_lock);
3984                 if (!fp->fi_fds[oflag]) {
3985                         fp->fi_fds[oflag] = filp;
3986                         filp = NULL;
3987                 }
3988         }
3989         spin_unlock(&fp->fi_lock);
3990         if (filp)
3991                 fput(filp);
3992 
3993         status = nfsd4_truncate(rqstp, cur_fh, open);
3994         if (status)
3995                 goto out_put_access;
3996 out:
3997         return status;
3998 out_put_access:
3999         stp->st_access_bmap = old_access_bmap;
4000         nfs4_file_put_access(fp, open->op_share_access);
4001         reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp);
4002         goto out;
4003 }
4004 
4005 static __be32
4006 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
4007 {
4008         __be32 status;
4009         unsigned char old_deny_bmap = stp->st_deny_bmap;
4010 
4011         if (!test_access(open->op_share_access, stp))
4012                 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open);
4013 
4014         /* test and set deny mode */
4015         spin_lock(&fp->fi_lock);
4016         status = nfs4_file_check_deny(fp, open->op_share_deny);
4017         if (status == nfs_ok) {
4018                 set_deny(open->op_share_deny, stp);
4019                 fp->fi_share_deny |=
4020                                 (open->op_share_deny & NFS4_SHARE_DENY_BOTH);
4021         }
4022         spin_unlock(&fp->fi_lock);
4023 
4024         if (status != nfs_ok)
4025                 return status;
4026 
4027         status = nfsd4_truncate(rqstp, cur_fh, open);
4028         if (status != nfs_ok)
4029                 reset_union_bmap_deny(old_deny_bmap, stp);
4030         return status;
4031 }
4032 
4033 /* Should we give out recallable state?: */
4034 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
4035 {
4036         if (clp->cl_cb_state == NFSD4_CB_UP)
4037                 return true;
4038         /*
4039          * In the sessions case, since we don't have to establish a
4040          * separate connection for callbacks, we assume it's OK
4041          * until we hear otherwise:
4042          */
4043         return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
4044 }
4045 
4046 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag)
4047 {
4048         struct file_lock *fl;
4049 
4050         fl = locks_alloc_lock();
4051         if (!fl)
4052                 return NULL;
4053         fl->fl_lmops = &nfsd_lease_mng_ops;
4054         fl->fl_flags = FL_DELEG;
4055         fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
4056         fl->fl_end = OFFSET_MAX;
4057         fl->fl_owner = (fl_owner_t)fp;
4058         fl->fl_pid = current->tgid;
4059         return fl;
4060 }
4061 
4062 /**
4063  * nfs4_setlease - Obtain a delegation by requesting lease from vfs layer
4064  * @dp:   a pointer to the nfs4_delegation we're adding.
4065  *
4066  * Return:
4067  *      On success: Return code will be 0 on success.
4068  *
4069  *      On error: -EAGAIN if there was an existing delegation.
4070  *                 nonzero if there is an error in other cases.
4071  *
4072  */
4073 
4074 static int nfs4_setlease(struct nfs4_delegation *dp)
4075 {
4076         struct nfs4_file *fp = dp->dl_stid.sc_file;
4077         struct file_lock *fl;
4078         struct file *filp;
4079         int status = 0;
4080 
4081         fl = nfs4_alloc_init_lease(fp, NFS4_OPEN_DELEGATE_READ);
4082         if (!fl)
4083                 return -ENOMEM;
4084         filp = find_readable_file(fp);
4085         if (!filp) {
4086                 /* We should always have a readable file here */
4087                 WARN_ON_ONCE(1);
4088                 locks_free_lock(fl);
4089                 return -EBADF;
4090         }
4091         fl->fl_file = filp;
4092         status = vfs_setlease(filp, fl->fl_type, &fl, NULL);
4093         if (fl)
4094                 locks_free_lock(fl);
4095         if (status)
4096                 goto out_fput;
4097         spin_lock(&state_lock);
4098         spin_lock(&fp->fi_lock);
4099         /* Did the lease get broken before we took the lock? */
4100         status = -EAGAIN;
4101         if (fp->fi_had_conflict)
4102                 goto out_unlock;
4103         /* Race breaker */
4104         if (fp->fi_deleg_file) {
4105                 status = hash_delegation_locked(dp, fp);
4106                 goto out_unlock;
4107         }
4108         fp->fi_deleg_file = filp;
4109         fp->fi_delegees = 0;
4110         status = hash_delegation_locked(dp, fp);
4111         spin_unlock(&fp->fi_lock);
4112         spin_unlock(&state_lock);
4113         if (status) {
4114                 /* Should never happen, this is a new fi_deleg_file  */
4115                 WARN_ON_ONCE(1);
4116                 goto out_fput;
4117         }
4118         return 0;
4119 out_unlock:
4120         spin_unlock(&fp->fi_lock);
4121         spin_unlock(&state_lock);
4122 out_fput:
4123         fput(filp);
4124         return status;
4125 }
4126 
4127 static struct nfs4_delegation *
4128 nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh,
4129                     struct nfs4_file *fp, struct nfs4_clnt_odstate *odstate)
4130 {
4131         int status;
4132         struct nfs4_delegation *dp;
4133 
4134         if (fp->fi_had_conflict)
4135                 return ERR_PTR(-EAGAIN);
4136 
4137         spin_lock(&state_lock);
4138         spin_lock(&fp->fi_lock);
4139         status = nfs4_get_existing_delegation(clp, fp);
4140         spin_unlock(&fp->fi_lock);
4141         spin_unlock(&state_lock);
4142 
4143         if (status)
4144                 return ERR_PTR(status);
4145 
4146         dp = alloc_init_deleg(clp, fh, odstate);
4147         if (!dp)
4148                 return ERR_PTR(-ENOMEM);
4149 
4150         get_nfs4_file(fp);
4151         spin_lock(&state_lock);
4152         spin_lock(&fp->fi_lock);
4153         dp->dl_stid.sc_file = fp;
4154         if (!fp->fi_deleg_file) {
4155                 spin_unlock(&fp->fi_lock);
4156                 spin_unlock(&state_lock);
4157                 status = nfs4_setlease(dp);
4158                 goto out;
4159         }
4160         if (fp->fi_had_conflict) {
4161                 status = -EAGAIN;
4162                 goto out_unlock;
4163         }
4164         status = hash_delegation_locked(dp, fp);
4165 out_unlock:
4166         spin_unlock(&fp->fi_lock);
4167         spin_unlock(&state_lock);
4168 out:
4169         if (status) {
4170                 put_clnt_odstate(dp->dl_clnt_odstate);
4171                 nfs4_put_stid(&dp->dl_stid);
4172                 return ERR_PTR(status);
4173         }
4174         return dp;
4175 }
4176 
4177 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status)
4178 {
4179         open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4180         if (status == -EAGAIN)
4181                 open->op_why_no_deleg = WND4_CONTENTION;
4182         else {
4183                 open->op_why_no_deleg = WND4_RESOURCE;
4184                 switch (open->op_deleg_want) {
4185                 case NFS4_SHARE_WANT_READ_DELEG:
4186                 case NFS4_SHARE_WANT_WRITE_DELEG:
4187                 case NFS4_SHARE_WANT_ANY_DELEG:
4188                         break;
4189                 case NFS4_SHARE_WANT_CANCEL:
4190                         open->op_why_no_deleg = WND4_CANCELLED;
4191                         break;
4192                 case NFS4_SHARE_WANT_NO_DELEG:
4193                         WARN_ON_ONCE(1);
4194                 }
4195         }
4196 }
4197 
4198 /*
4199  * Attempt to hand out a delegation.
4200  *
4201  * Note we don't support write delegations, and won't until the vfs has
4202  * proper support for them.
4203  */
4204 static void
4205 nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open,
4206                         struct nfs4_ol_stateid *stp)
4207 {
4208         struct nfs4_delegation *dp;
4209         struct nfs4_openowner *oo = openowner(stp->st_stateowner);
4210         struct nfs4_client *clp = stp->st_stid.sc_client;
4211         int cb_up;
4212         int status = 0;
4213 
4214         cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);
4215         open->op_recall = 0;
4216         switch (open->op_claim_type) {
4217                 case NFS4_OPEN_CLAIM_PREVIOUS:
4218                         if (!cb_up)
4219                                 open->op_recall = 1;
4220                         if (open->op_delegate_type != NFS4_OPEN_DELEGATE_READ)
4221                                 goto out_no_deleg;
4222                         break;
4223                 case NFS4_OPEN_CLAIM_NULL:
4224                 case NFS4_OPEN_CLAIM_FH:
4225                         /*
4226                          * Let's not give out any delegations till everyone's
4227                          * had the chance to reclaim theirs, *and* until
4228                          * NLM locks have all been reclaimed:
4229                          */
4230                         if (locks_in_grace(clp->net))
4231                                 goto out_no_deleg;
4232                         if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))
4233                                 goto out_no_deleg;
4234                         /*
4235                          * Also, if the file was opened for write or
4236                          * create, there's a good chance the client's
4237                          * about to write to it, resulting in an
4238                          * immediate recall (since we don't support
4239                          * write delegations):
4240                          */
4241                         if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
4242                                 goto out_no_deleg;
4243                         if (open->op_create == NFS4_OPEN_CREATE)
4244                                 goto out_no_deleg;
4245                         break;
4246                 default:
4247                         goto out_no_deleg;
4248         }
4249         dp = nfs4_set_delegation(clp, fh, stp->st_stid.sc_file, stp->st_clnt_odstate);
4250         if (IS_ERR(dp))
4251                 goto out_no_deleg;
4252 
4253         memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid));
4254 
4255         dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",
4256                 STATEID_VAL(&dp->dl_stid.sc_stateid));
4257         open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;
4258         nfs4_put_stid(&dp->dl_stid);
4259         return;
4260 out_no_deleg:
4261         open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE;
4262         if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&
4263             open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) {
4264                 dprintk("NFSD: WARNING: refusing delegation reclaim\n");
4265                 open->op_recall = 1;
4266         }
4267 
4268         /* 4.1 client asking for a delegation? */
4269         if (open->op_deleg_want)
4270                 nfsd4_open_deleg_none_ext(open, status);
4271         return;
4272 }
4273 
4274 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,
4275                                         struct nfs4_delegation *dp)
4276 {
4277         if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG &&
4278             dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
4279                 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4280                 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE;
4281         } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG &&
4282                    dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
4283                 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4284                 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE;
4285         }
4286         /* Otherwise the client must be confused wanting a delegation
4287          * it already has, therefore we don't return
4288          * NFS4_OPEN_DELEGATE_NONE_EXT and reason.
4289          */
4290 }
4291 
4292 __be32
4293 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
4294 {
4295         struct nfsd4_compoundres *resp = rqstp->rq_resp;
4296         struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
4297         struct nfs4_file *fp = NULL;
4298         struct nfs4_ol_stateid *stp = NULL;
4299         struct nfs4_delegation *dp = NULL;
4300         __be32 status;
4301 
4302         /*
4303          * Lookup file; if found, lookup stateid and check open request,
4304          * and check for delegations in the process of being recalled.
4305          * If not found, create the nfs4_file struct
4306          */
4307         fp = find_or_add_file(open->op_file, &current_fh->fh_handle);
4308         if (fp != open->op_file) {
4309                 status = nfs4_check_deleg(cl, open, &dp);
4310                 if (status)
4311                         goto out;
4312                 spin_lock(&fp->fi_lock);
4313                 stp = nfsd4_find_existing_open(fp, open);
4314                 spin_unlock(&fp->fi_lock);
4315         } else {
4316                 open->op_file = NULL;
4317                 status = nfserr_bad_stateid;
4318                 if (nfsd4_is_deleg_cur(open))
4319                         goto out;
4320         }
4321 
4322         /*
4323          * OPEN the file, or upgrade an existing OPEN.
4324          * If truncate fails, the OPEN fails.
4325          */
4326         if (stp) {
4327                 /* Stateid was found, this is an OPEN upgrade */
4328                 mutex_lock(&stp->st_mutex);
4329                 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
4330                 if (status) {
4331                         mutex_unlock(&stp->st_mutex);
4332                         goto out;
4333                 }
4334         } else {
4335                 /* stp is returned locked. */
4336                 stp = init_open_stateid(fp, open);
4337                 /* See if we lost the race to some other thread */
4338                 if (stp->st_access_bmap != 0) {
4339                         status = nfs4_upgrade_open(rqstp, fp, current_fh,
4340                                                 stp, open);
4341                         if (status) {
4342                                 mutex_unlock(&stp->st_mutex);
4343                                 goto out;
4344                         }
4345                         goto upgrade_out;
4346                 }
4347                 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
4348                 if (status) {
4349                         mutex_unlock(&stp->st_mutex);
4350                         release_open_stateid(stp);
4351                         goto out;
4352                 }
4353 
4354                 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp,
4355                                                         open->op_odstate);
4356                 if (stp->st_clnt_odstate == open->op_odstate)
4357                         open->op_odstate = NULL;
4358         }
4359 upgrade_out:
4360         nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
4361         mutex_unlock(&stp->st_mutex);
4362 
4363         if (nfsd4_has_session(&resp->cstate)) {
4364                 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
4365                         open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
4366                         open->op_why_no_deleg = WND4_NOT_WANTED;
4367                         goto nodeleg;
4368                 }
4369         }
4370 
4371         /*
4372         * Attempt to hand out a delegation. No error return, because the
4373         * OPEN succeeds even if we fail.
4374         */
4375         nfs4_open_delegation(current_fh, open, stp);
4376 nodeleg:
4377         status = nfs_ok;
4378 
4379         dprintk("%s: stateid=" STATEID_FMT "\n", __func__,
4380                 STATEID_VAL(&stp->st_stid.sc_stateid));
4381 out:
4382         /* 4.1 client trying to upgrade/downgrade delegation? */
4383         if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp &&
4384             open->op_deleg_want)
4385                 nfsd4_deleg_xgrade_none_ext(open, dp);
4386 
4387         if (fp)
4388                 put_nfs4_file(fp);
4389         if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
4390                 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
4391         /*
4392         * To finish the open response, we just need to set the rflags.
4393         */
4394         open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
4395         if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED) &&
4396             !nfsd4_has_session(&resp->cstate))
4397                 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
4398         if (dp)
4399                 nfs4_put_stid(&dp->dl_stid);
4400         if (stp)
4401                 nfs4_put_stid(&stp->st_stid);
4402 
4403         return status;
4404 }
4405 
4406 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
4407                               struct nfsd4_open *open)
4408 {
4409         if (open->op_openowner) {
4410                 struct nfs4_stateowner *so = &open->op_openowner->oo_owner;
4411 
4412                 nfsd4_cstate_assign_replay(cstate, so);
4413                 nfs4_put_stateowner(so);
4414         }
4415         if (open->op_file)
4416                 kmem_cache_free(file_slab, open->op_file);
4417         if (open->op_stp)
4418                 nfs4_put_stid(&open->op_stp->st_stid);
4419         if (open->op_odstate)
4420                 kmem_cache_free(odstate_slab, open->op_odstate);
4421 }
4422 
4423 __be32
4424 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4425             clientid_t *clid)
4426 {
4427         struct nfs4_client *clp;
4428         __be32 status;
4429         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4430 
4431         dprintk("process_renew(%08x/%08x): starting\n", 
4432                         clid->cl_boot, clid->cl_id);
4433         status = lookup_clientid(clid, cstate, nn);
4434         if (status)
4435                 goto out;
4436         clp = cstate->clp;
4437         status = nfserr_cb_path_down;
4438         if (!list_empty(&clp->cl_delegations)
4439                         && clp->cl_cb_state != NFSD4_CB_UP)
4440                 goto out;
4441         status = nfs_ok;
4442 out:
4443         return status;
4444 }
4445 
4446 void
4447 nfsd4_end_grace(struct nfsd_net *nn)
4448 {
4449         /* do nothing if grace period already ended */
4450         if (nn->grace_ended)
4451                 return;
4452 
4453         dprintk("NFSD: end of grace period\n");
4454         nn->grace_ended = true;
4455         /*
4456          * If the server goes down again right now, an NFSv4
4457          * client will still be allowed to reclaim after it comes back up,
4458          * even if it hasn't yet had a chance to reclaim state this time.
4459          *
4460          */
4461         nfsd4_record_grace_done(nn);
4462         /*
4463          * At this point, NFSv4 clients can still reclaim.  But if the
4464          * server crashes, any that have not yet reclaimed will be out
4465          * of luck on the next boot.
4466          *
4467          * (NFSv4.1+ clients are considered to have reclaimed once they
4468          * call RECLAIM_COMPLETE.  NFSv4.0 clients are considered to
4469          * have reclaimed after their first OPEN.)
4470          */
4471         locks_end_grace(&nn->nfsd4_manager);
4472         /*
4473          * At this point, and once lockd and/or any other containers
4474          * exit their grace period, further reclaims will fail and
4475          * regular locking can resume.
4476          */
4477 }
4478 
4479 static time_t
4480 nfs4_laundromat(struct nfsd_net *nn)
4481 {
4482         struct nfs4_client *clp;
4483         struct nfs4_openowner *oo;
4484         struct nfs4_delegation *dp;
4485         struct nfs4_ol_stateid *stp;
4486         struct list_head *pos, *next, reaplist;
4487         time_t cutoff = get_seconds() - nn->nfsd4_lease;
4488         time_t t, new_timeo = nn->nfsd4_lease;
4489 
4490         dprintk("NFSD: laundromat service - starting\n");
4491         nfsd4_end_grace(nn);
4492         INIT_LIST_HEAD(&reaplist);
4493         spin_lock(&nn->client_lock);
4494         list_for_each_safe(pos, next, &nn->client_lru) {
4495                 clp = list_entry(pos, struct nfs4_client, cl_lru);
4496                 if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) {
4497                         t = clp->cl_time - cutoff;
4498                         new_timeo = min(new_timeo, t);
4499                         break;
4500                 }
4501                 if (mark_client_expired_locked(clp)) {
4502                         dprintk("NFSD: client in use (clientid %08x)\n",
4503                                 clp->cl_clientid.cl_id);
4504                         continue;
4505                 }
4506                 list_add(&clp->cl_lru, &reaplist);
4507         }
4508         spin_unlock(&nn->client_lock);
4509         list_for_each_safe(pos, next, &reaplist) {
4510                 clp = list_entry(pos, struct nfs4_client, cl_lru);
4511                 dprintk("NFSD: purging unused client (clientid %08x)\n",
4512                         clp->cl_clientid.cl_id);
4513                 list_del_init(&clp->cl_lru);
4514                 expire_client(clp);
4515         }
4516         spin_lock(&state_lock);
4517         list_for_each_safe(pos, next, &nn->del_recall_lru) {
4518                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4519                 if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) {
4520                         t = dp->dl_time - cutoff;
4521                         new_timeo = min(new_timeo, t);
4522                         break;
4523                 }
4524                 WARN_ON(!unhash_delegation_locked(dp));
4525                 list_add(&dp->dl_recall_lru, &reaplist);
4526         }
4527         spin_unlock(&state_lock);
4528         while (!list_empty(&reaplist)) {
4529                 dp = list_first_entry(&reaplist, struct nfs4_delegation,
4530                                         dl_recall_lru);
4531                 list_del_init(&dp->dl_recall_lru);
4532                 revoke_delegation(dp);
4533         }
4534 
4535         spin_lock(&nn->client_lock);
4536         while (!list_empty(&nn->close_lru)) {
4537                 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner,
4538                                         oo_close_lru);
4539                 if (time_after((unsigned long)oo->oo_time,
4540                                (unsigned long)cutoff)) {
4541                         t = oo->oo_time - cutoff;
4542                         new_timeo = min(new_timeo, t);
4543                         break;
4544                 }
4545                 list_del_init(&oo->oo_close_lru);
4546                 stp = oo->oo_last_closed_stid;
4547                 oo->oo_last_closed_stid = NULL;
4548                 spin_unlock(&nn->client_lock);
4549                 nfs4_put_stid(&stp->st_stid);
4550                 spin_lock(&nn->client_lock);
4551         }
4552         spin_unlock(&nn->client_lock);
4553 
4554         new_timeo = max_t(time_t, new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT);
4555         return new_timeo;
4556 }
4557 
4558 static struct workqueue_struct *laundry_wq;
4559 static void laundromat_main(struct work_struct *);
4560 
4561 static void
4562 laundromat_main(struct work_struct *laundry)
4563 {
4564         time_t t;
4565         struct delayed_work *dwork = to_delayed_work(laundry);
4566         struct nfsd_net *nn = container_of(dwork, struct nfsd_net,
4567                                            laundromat_work);
4568 
4569         t = nfs4_laundromat(nn);
4570         dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t);
4571         queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
4572 }
4573 
4574 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
4575 {
4576         if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
4577                 return nfserr_bad_stateid;
4578         return nfs_ok;
4579 }
4580 
4581 static inline int
4582 access_permit_read(struct nfs4_ol_stateid *stp)
4583 {
4584         return test_access(NFS4_SHARE_ACCESS_READ, stp) ||
4585                 test_access(NFS4_SHARE_ACCESS_BOTH, stp) ||
4586                 test_access(NFS4_SHARE_ACCESS_WRITE, stp);
4587 }
4588 
4589 static inline int
4590 access_permit_write(struct nfs4_ol_stateid *stp)
4591 {
4592         return test_access(NFS4_SHARE_ACCESS_WRITE, stp) ||
4593                 test_access(NFS4_SHARE_ACCESS_BOTH, stp);
4594 }
4595 
4596 static
4597 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags)
4598 {
4599         __be32 status = nfserr_openmode;
4600 
4601         /* For lock stateid's, we test the parent open, not the lock: */
4602         if (stp->st_openstp)
4603                 stp = stp->st_openstp;
4604         if ((flags & WR_STATE) && !access_permit_write(stp))
4605                 goto out;
4606         if ((flags & RD_STATE) && !access_permit_read(stp))
4607                 goto out;
4608         status = nfs_ok;
4609 out:
4610         return status;
4611 }
4612 
4613 static inline __be32
4614 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags)
4615 {
4616         if (ONE_STATEID(stateid) && (flags & RD_STATE))
4617                 return nfs_ok;
4618         else if (opens_in_grace(net)) {
4619                 /* Answer in remaining cases depends on existence of
4620                  * conflicting state; so we must wait out the grace period. */
4621                 return nfserr_grace;
4622         } else if (flags & WR_STATE)
4623                 return nfs4_share_conflict(current_fh,
4624                                 NFS4_SHARE_DENY_WRITE);
4625         else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
4626                 return nfs4_share_conflict(current_fh,
4627                                 NFS4_SHARE_DENY_READ);
4628 }
4629 
4630 /*
4631  * Allow READ/WRITE during grace period on recovered state only for files
4632  * that are not able to provide mandatory locking.
4633  */
4634 static inline int
4635 grace_disallows_io(struct net *net, struct inode *inode)
4636 {
4637         return opens_in_grace(net) && mandatory_lock(inode);
4638 }
4639 
4640 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)
4641 {
4642         /*
4643          * When sessions are used the stateid generation number is ignored
4644          * when it is zero.
4645          */
4646         if (has_session && in->si_generation == 0)
4647                 return nfs_ok;
4648 
4649         if (in->si_generation == ref->si_generation)
4650                 return nfs_ok;
4651 
4652         /* If the client sends us a stateid from the future, it's buggy: */
4653         if (nfsd4_stateid_generation_after(in, ref))
4654                 return nfserr_bad_stateid;
4655         /*
4656          * However, we could see a stateid from the past, even from a
4657          * non-buggy client.  For example, if the client sends a lock
4658          * while some IO is outstanding, the lock may bump si_generation
4659          * while the IO is still in flight.  The client could avoid that
4660          * situation by waiting for responses on all the IO requests,
4661          * but better performance may result in retrying IO that
4662          * receives an old_stateid error if requests are rarely
4663          * reordered in flight:
4664          */
4665         return nfserr_old_stateid;
4666 }
4667 
4668 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols)
4669 {
4670         if (ols->st_stateowner->so_is_open_owner &&
4671             !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
4672                 return nfserr_bad_stateid;
4673         return nfs_ok;
4674 }
4675 
4676 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
4677 {
4678         struct nfs4_stid *s;
4679         __be32 status = nfserr_bad_stateid;
4680 
4681         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
4682                 return status;
4683         /* Client debugging aid. */
4684         if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
4685                 char addr_str[INET6_ADDRSTRLEN];
4686                 rpc_ntop((struct sockaddr *)&cl->cl_addr, addr_str,
4687                                  sizeof(addr_str));
4688                 pr_warn_ratelimited("NFSD: client %s testing state ID "
4689                                         "with incorrect client ID\n", addr_str);
4690                 return status;
4691         }
4692         spin_lock(&cl->cl_lock);
4693         s = find_stateid_locked(cl, stateid);
4694         if (!s)
4695                 goto out_unlock;
4696         status = check_stateid_generation(stateid, &s->sc_stateid, 1);
4697         if (status)
4698                 goto out_unlock;
4699         switch (s->sc_type) {
4700         case NFS4_DELEG_STID:
4701                 status = nfs_ok;
4702                 break;
4703         case NFS4_REVOKED_DELEG_STID:
4704                 status = nfserr_deleg_revoked;
4705                 break;
4706         case NFS4_OPEN_STID:
4707         case NFS4_LOCK_STID:
4708                 status = nfsd4_check_openowner_confirmed(openlockstateid(s));
4709                 break;
4710         default:
4711                 printk("unknown stateid type %x\n", s->sc_type);
4712                 /* Fallthrough */
4713         case NFS4_CLOSED_STID:
4714         case NFS4_CLOSED_DELEG_STID:
4715                 status = nfserr_bad_stateid;
4716         }
4717 out_unlock:
4718         spin_unlock(&cl->cl_lock);
4719         return status;
4720 }
4721 
4722 __be32
4723 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate,
4724                      stateid_t *stateid, unsigned char typemask,
4725                      struct nfs4_stid **s, struct nfsd_net *nn)
4726 {
4727         __be32 status;
4728 
4729         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
4730                 return nfserr_bad_stateid;
4731         status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn);
4732         if (status == nfserr_stale_clientid) {
4733                 if (cstate->session)
4734                         return nfserr_bad_stateid;
4735                 return nfserr_stale_stateid;
4736         }
4737         if (status)
4738                 return status;
4739         *s = find_stateid_by_type(cstate->clp, stateid, typemask);
4740         if (!*s)
4741                 return nfserr_bad_stateid;
4742         return nfs_ok;
4743 }
4744 
4745 static struct file *
4746 nfs4_find_file(struct nfs4_stid *s, int flags)
4747 {
4748         if (!s)
4749                 return NULL;
4750 
4751         switch (s->sc_type) {
4752         case NFS4_DELEG_STID:
4753                 if (WARN_ON_ONCE(!s->sc_file->fi_deleg_file))
4754                         return NULL;
4755                 return get_file(s->sc_file->fi_deleg_file);
4756         case NFS4_OPEN_STID:
4757         case NFS4_LOCK_STID:
4758                 if (flags & RD_STATE)
4759                         return find_readable_file(s->sc_file);
4760                 else
4761                         return find_writeable_file(s->sc_file);
4762                 break;
4763         }
4764 
4765         return NULL;
4766 }
4767 
4768 static __be32
4769 nfs4_check_olstateid(struct svc_fh *fhp, struct nfs4_ol_stateid *ols, int flags)
4770 {
4771         __be32 status;
4772 
4773         status = nfsd4_check_openowner_confirmed(ols);
4774         if (status)
4775                 return status;
4776         return nfs4_check_openmode(ols, flags);
4777 }
4778 
4779 static __be32
4780 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s,
4781                 struct file **filpp, bool *tmp_file, int flags)
4782 {
4783         int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE;
4784         struct file *file;
4785         __be32 status;
4786 
4787         file = nfs4_find_file(s, flags);
4788         if (file) {
4789                 status = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
4790                                 acc | NFSD_MAY_OWNER_OVERRIDE);
4791                 if (status) {
4792                         fput(file);
4793                         return status;
4794                 }
4795 
4796                 *filpp = file;
4797         } else {
4798                 status = nfsd_open(rqstp, fhp, S_IFREG, acc, filpp);
4799                 if (status)
4800                         return status;
4801 
4802                 if (tmp_file)
4803                         *tmp_file = true;
4804         }
4805 
4806         return 0;
4807 }
4808 
4809 /*
4810  * Checks for stateid operations
4811  */
4812 __be32
4813 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
4814                 struct nfsd4_compound_state *cstate, struct svc_fh *fhp,
4815                 stateid_t *stateid, int flags, struct file **filpp, bool *tmp_file)
4816 {
4817         struct inode *ino = d_inode(fhp->fh_dentry);
4818         struct net *net = SVC_NET(rqstp);
4819         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4820         struct nfs4_stid *s = NULL;
4821         __be32 status;
4822 
4823         if (filpp)
4824                 *filpp = NULL;
4825         if (tmp_file)
4826                 *tmp_file = false;
4827 
4828         if (grace_disallows_io(net, ino))
4829                 return nfserr_grace;
4830 
4831         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) {
4832                 status = check_special_stateids(net, fhp, stateid, flags);
4833                 goto done;
4834         }
4835 
4836         status = nfsd4_lookup_stateid(cstate, stateid,
4837                                 NFS4_DELEG_STID|NFS4_OPEN_STID|NFS4_LOCK_STID,
4838                                 &s, nn);
4839         if (status)
4840                 return status;
4841         status = check_stateid_generation(stateid, &s->sc_stateid,
4842                         nfsd4_has_session(cstate));
4843         if (status)
4844                 goto out;
4845 
4846         switch (s->sc_type) {
4847         case NFS4_DELEG_STID:
4848                 status = nfs4_check_delegmode(delegstateid(s), flags);
4849                 break;
4850         case NFS4_OPEN_STID:
4851         case NFS4_LOCK_STID:
4852                 status = nfs4_check_olstateid(fhp, openlockstateid(s), flags);
4853                 break;
4854         default:
4855                 status = nfserr_bad_stateid;
4856                 break;
4857         }
4858         if (status)
4859                 goto out;
4860         status = nfs4_check_fh(fhp, s);
4861 
4862 done:
4863         if (!status && filpp)
4864                 status = nfs4_check_file(rqstp, fhp, s, filpp, tmp_file, flags);
4865 out:
4866         if (s)
4867                 nfs4_put_stid(s);
4868         return status;
4869 }
4870 
4871 /*
4872  * Test if the stateid is valid
4873  */
4874 __be32
4875 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4876                    struct nfsd4_test_stateid *test_stateid)
4877 {
4878         struct nfsd4_test_stateid_id *stateid;
4879         struct nfs4_client *cl = cstate->session->se_client;
4880 
4881         list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list)
4882                 stateid->ts_id_status =
4883                         nfsd4_validate_stateid(cl, &stateid->ts_id_stateid);
4884 
4885         return nfs_ok;
4886 }
4887 
4888 static __be32
4889 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s)
4890 {
4891         struct nfs4_ol_stateid *stp = openlockstateid(s);
4892         __be32 ret;
4893 
4894         mutex_lock(&stp->st_mutex);
4895 
4896         ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
4897         if (ret)
4898                 goto out;
4899 
4900         ret = nfserr_locks_held;
4901         if (check_for_locks(stp->st_stid.sc_file,
4902                             lockowner(stp->st_stateowner)))
4903                 goto out;
4904 
4905         release_lock_stateid(stp);
4906         ret = nfs_ok;
4907 
4908 out:
4909         mutex_unlock(&stp->st_mutex);
4910         nfs4_put_stid(s);
4911         return ret;
4912 }
4913 
4914 __be32
4915 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4916                    struct nfsd4_free_stateid *free_stateid)
4917 {
4918         stateid_t *stateid = &free_stateid->fr_stateid;
4919         struct nfs4_stid *s;
4920         struct nfs4_delegation *dp;
4921         struct nfs4_client *cl = cstate->session->se_client;
4922         __be32 ret = nfserr_bad_stateid;
4923 
4924         spin_lock(&cl->cl_lock);
4925         s = find_stateid_locked(cl, stateid);
4926         if (!s)
4927                 goto out_unlock;
4928         switch (s->sc_type) {
4929         case NFS4_DELEG_STID:
4930                 ret = nfserr_locks_held;
4931                 break;
4932         case NFS4_OPEN_STID:
4933                 ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
4934                 if (ret)
4935                         break;
4936                 ret = nfserr_locks_held;
4937                 break;
4938         case NFS4_LOCK_STID:
4939                 atomic_inc(&s->sc_count);
4940                 spin_unlock(&cl->cl_lock);
4941                 ret = nfsd4_free_lock_stateid(stateid, s);
4942                 goto out;
4943         case NFS4_REVOKED_DELEG_STID:
4944                 dp = delegstateid(s);
4945                 list_del_init(&dp->dl_recall_lru);
4946                 spin_unlock(&cl->cl_lock);
4947                 nfs4_put_stid(s);
4948                 ret = nfs_ok;
4949                 goto out;
4950         /* Default falls through and returns nfserr_bad_stateid */
4951         }
4952 out_unlock:
4953         spin_unlock(&cl->cl_lock);
4954 out:
4955         return ret;
4956 }
4957 
4958 static inline int
4959 setlkflg (int type)
4960 {
4961         return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
4962                 RD_STATE : WR_STATE;
4963 }
4964 
4965 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp)
4966 {
4967         struct svc_fh *current_fh = &cstate->current_fh;
4968         struct nfs4_stateowner *sop = stp->st_stateowner;
4969         __be32 status;
4970 
4971         status = nfsd4_check_seqid(cstate, sop, seqid);
4972         if (status)
4973                 return status;
4974         if (stp->st_stid.sc_type == NFS4_CLOSED_STID
4975                 || stp->st_stid.sc_type == NFS4_REVOKED_DELEG_STID)
4976                 /*
4977                  * "Closed" stateid's exist *only* to return
4978                  * nfserr_replay_me from the previous step, and
4979                  * revoked delegations are kept only for free_stateid.
4980                  */
4981                 return nfserr_bad_stateid;
4982         mutex_lock(&stp->st_mutex);
4983         status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
4984         if (status == nfs_ok)
4985                 status = nfs4_check_fh(current_fh, &stp->st_stid);
4986         if (status != nfs_ok)
4987                 mutex_unlock(&stp->st_mutex);
4988         return status;
4989 }
4990 
4991 /* 
4992  * Checks for sequence id mutating operations. 
4993  */
4994 static __be32
4995 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
4996                          stateid_t *stateid, char typemask,
4997                          struct nfs4_ol_stateid **stpp,
4998                          struct nfsd_net *nn)
4999 {
5000         __be32 status;
5001         struct nfs4_stid *s;
5002         struct nfs4_ol_stateid *stp = NULL;
5003 
5004         dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__,
5005                 seqid, STATEID_VAL(stateid));
5006 
5007         *stpp = NULL;
5008         status = nfsd4_lookup_stateid(cstate, stateid, typemask, &s, nn);
5009         if (status)
5010                 return status;
5011         stp = openlockstateid(s);
5012         nfsd4_cstate_assign_replay(cstate, stp->st_stateowner);
5013 
5014         status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp);
5015         if (!status)
5016                 *stpp = stp;
5017         else
5018                 nfs4_put_stid(&stp->st_stid);
5019         return status;
5020 }
5021 
5022 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
5023                                                  stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn)
5024 {
5025         __be32 status;
5026         struct nfs4_openowner *oo;
5027         struct nfs4_ol_stateid *stp;
5028 
5029         status = nfs4_preprocess_seqid_op(cstate, seqid, stateid,
5030                                                 NFS4_OPEN_STID, &stp, nn);
5031         if (status)
5032                 return status;
5033         oo = openowner(stp->st_stateowner);
5034         if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
5035                 mutex_unlock(&stp->st_mutex);
5036                 nfs4_put_stid(&stp->st_stid);
5037                 return nfserr_bad_stateid;
5038         }
5039         *stpp = stp;
5040         return nfs_ok;
5041 }
5042 
5043 __be32
5044 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5045                    struct nfsd4_open_confirm *oc)
5046 {
5047         __be32 status;
5048         struct nfs4_openowner *oo;
5049         struct nfs4_ol_stateid *stp;
5050         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5051 
5052         dprintk("NFSD: nfsd4_open_confirm on file %pd\n",
5053                         cstate->current_fh.fh_dentry);
5054 
5055         status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
5056         if (status)
5057                 return status;
5058 
5059         status = nfs4_preprocess_seqid_op(cstate,
5060                                         oc->oc_seqid, &oc->oc_req_stateid,
5061                                         NFS4_OPEN_STID, &stp, nn);
5062         if (status)
5063                 goto out;
5064         oo = openowner(stp->st_stateowner);
5065         status = nfserr_bad_stateid;
5066         if (oo->oo_flags & NFS4_OO_CONFIRMED) {
5067                 mutex_unlock(&stp->st_mutex);
5068                 goto put_stateid;
5069         }
5070         oo->oo_flags |= NFS4_OO_CONFIRMED;
5071         nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid);
5072         mutex_unlock(&stp->st_mutex);
5073         dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
5074                 __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid));
5075 
5076         nfsd4_client_record_create(oo->oo_owner.so_client);
5077         status = nfs_ok;
5078 put_stateid:
5079         nfs4_put_stid(&stp->st_stid);
5080 out:
5081         nfsd4_bump_seqid(cstate, status);
5082         return status;
5083 }
5084 
5085 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access)
5086 {
5087         if (!test_access(access, stp))
5088                 return;
5089         nfs4_file_put_access(stp->st_stid.sc_file, access);
5090         clear_access(access, stp);
5091 }
5092 
5093 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access)
5094 {
5095         switch (to_access) {
5096         case NFS4_SHARE_ACCESS_READ:
5097                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE);
5098                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
5099                 break;
5100         case NFS4_SHARE_ACCESS_WRITE:
5101                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ);
5102                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
5103                 break;
5104         case NFS4_SHARE_ACCESS_BOTH:
5105                 break;
5106         default:
5107                 WARN_ON_ONCE(1);
5108         }
5109 }
5110 
5111 __be32
5112 nfsd4_open_downgrade(struct svc_rqst *rqstp,
5113                      struct nfsd4_compound_state *cstate,
5114                      struct nfsd4_open_downgrade *od)
5115 {
5116         __be32 status;
5117         struct nfs4_ol_stateid *stp;
5118         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5119 
5120         dprintk("NFSD: nfsd4_open_downgrade on file %pd\n", 
5121                         cstate->current_fh.fh_dentry);
5122 
5123         /* We don't yet support WANT bits: */
5124         if (od->od_deleg_want)
5125                 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__,
5126                         od->od_deleg_want);
5127 
5128         status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid,
5129                                         &od->od_stateid, &stp, nn);
5130         if (status)
5131                 goto out; 
5132         status = nfserr_inval;
5133         if (!test_access(od->od_share_access, stp)) {
5134                 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n",
5135                         stp->st_access_bmap, od->od_share_access);
5136                 goto put_stateid;
5137         }
5138         if (!test_deny(od->od_share_deny, stp)) {
5139                 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n",
5140                         stp->st_deny_bmap, od->od_share_deny);
5141                 goto put_stateid;
5142         }
5143         nfs4_stateid_downgrade(stp, od->od_share_access);
5144         reset_union_bmap_deny(od->od_share_deny, stp);
5145         nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid);
5146         status = nfs_ok;
5147 put_stateid:
5148         mutex_unlock(&stp->st_mutex);
5149         nfs4_put_stid(&stp->st_stid);
5150 out:
5151         nfsd4_bump_seqid(cstate, status);
5152         return status;
5153 }
5154 
5155 static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
5156 {
5157         struct nfs4_client *clp = s->st_stid.sc_client;
5158         bool unhashed;
5159         LIST_HEAD(reaplist);
5160 
5161         s->st_stid.sc_type = NFS4_CLOSED_STID;
5162         spin_lock(&clp->cl_lock);
5163         unhashed = unhash_open_stateid(s, &reaplist);
5164 
5165         if (clp->cl_minorversion) {
5166                 if (unhashed)
5167                         put_ol_stateid_locked(s, &reaplist);
5168                 spin_unlock(&clp->cl_lock);
5169                 free_ol_stateid_reaplist(&reaplist);
5170         } else {
5171                 spin_unlock(&clp->cl_lock);
5172                 free_ol_stateid_reaplist(&reaplist);
5173                 if (unhashed)
5174                         move_to_close_lru(s, clp->net);
5175         }
5176 }
5177 
5178 /*
5179  * nfs4_unlock_state() called after encode
5180  */
5181 __be32
5182 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5183             struct nfsd4_close *close)
5184 {
5185         __be32 status;
5186         struct nfs4_ol_stateid *stp;
5187         struct net *net = SVC_NET(rqstp);
5188         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5189 
5190         dprintk("NFSD: nfsd4_close on file %pd\n", 
5191                         cstate->current_fh.fh_dentry);
5192 
5193         status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid,
5194                                         &close->cl_stateid,
5195                                         NFS4_OPEN_STID|NFS4_CLOSED_STID,
5196                                         &stp, nn);
5197         nfsd4_bump_seqid(cstate, status);
5198         if (status)
5199                 goto out; 
5200         nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid);
5201         mutex_unlock(&stp->st_mutex);
5202 
5203         nfsd4_close_open_stateid(stp);
5204 
5205         /* put reference from nfs4_preprocess_seqid_op */
5206         nfs4_put_stid(&stp->st_stid);
5207 out:
5208         return status;
5209 }
5210 
5211 __be32
5212 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5213                   struct nfsd4_delegreturn *dr)
5214 {
5215         struct nfs4_delegation *dp;
5216         stateid_t *stateid = &dr->dr_stateid;
5217         struct nfs4_stid *s;
5218         __be32 status;
5219         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5220 
5221         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
5222                 return status;
5223 
5224         status = nfsd4_lookup_stateid(cstate, stateid, NFS4_DELEG_STID, &s, nn);
5225         if (status)
5226                 goto out;
5227         dp = delegstateid(s);
5228         status = check_stateid_generation(stateid, &dp->dl_stid.sc_stateid, nfsd4_has_session(cstate));
5229         if (status)
5230                 goto put_stateid;
5231 
5232         destroy_delegation(dp);
5233 put_stateid:
5234         nfs4_put_stid(&dp->dl_stid);
5235 out:
5236         return status;
5237 }
5238 
5239 static inline u64
5240 end_offset(u64 start, u64 len)
5241 {
5242         u64 end;
5243 
5244         end = start + len;
5245         return end >= start ? end: NFS4_MAX_UINT64;
5246 }
5247 
5248 /* last octet in a range */
5249 static inline u64
5250 last_byte_offset(u64 start, u64 len)
5251 {
5252         u64 end;
5253 
5254         WARN_ON_ONCE(!len);
5255         end = start + len;
5256         return end > start ? end - 1: NFS4_MAX_UINT64;
5257 }
5258 
5259 /*
5260  * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
5261  * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
5262  * byte, because of sign extension problems.  Since NFSv4 calls for 64-bit
5263  * locking, this prevents us from being completely protocol-compliant.  The
5264  * real solution to this problem is to start using unsigned file offsets in
5265  * the VFS, but this is a very deep change!
5266  */
5267 static inline void
5268 nfs4_transform_lock_offset(struct file_lock *lock)
5269 {
5270         if (lock->fl_start < 0)
5271                 lock->fl_start = OFFSET_MAX;
5272         if (lock->fl_end < 0)
5273                 lock->fl_end = OFFSET_MAX;
5274 }
5275 
5276 static fl_owner_t
5277 nfsd4_fl_get_owner(fl_owner_t owner)
5278 {
5279         struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
5280 
5281         nfs4_get_stateowner(&lo->lo_owner);
5282         return owner;
5283 }
5284 
5285 static void
5286 nfsd4_fl_put_owner(fl_owner_t owner)
5287 {
5288         struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
5289 
5290         if (lo)
5291                 nfs4_put_stateowner(&lo->lo_owner);
5292 }
5293 
5294 static const struct lock_manager_operations nfsd_posix_mng_ops  = {
5295         .lm_get_owner = nfsd4_fl_get_owner,
5296         .lm_put_owner = nfsd4_fl_put_owner,
5297 };
5298 
5299 static inline void
5300 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
5301 {
5302         struct nfs4_lockowner *lo;
5303 
5304         if (fl->fl_lmops == &nfsd_posix_mng_ops) {
5305                 lo = (struct nfs4_lockowner *) fl->fl_owner;
5306                 deny->ld_owner.data = kmemdup(lo->lo_owner.so_owner.data,
5307                                         lo->lo_owner.so_owner.len, GFP_KERNEL);
5308                 if (!deny->ld_owner.data)
5309                         /* We just don't care that much */
5310                         goto nevermind;
5311                 deny->ld_owner.len = lo->lo_owner.so_owner.len;
5312                 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid;
5313         } else {
5314 nevermind:
5315                 deny->ld_owner.len = 0;
5316                 deny->ld_owner.data = NULL;
5317                 deny->ld_clientid.cl_boot = 0;
5318                 deny->ld_clientid.cl_id = 0;
5319         }
5320         deny->ld_start = fl->fl_start;
5321         deny->ld_length = NFS4_MAX_UINT64;
5322         if (fl->fl_end != NFS4_MAX_UINT64)
5323                 deny->ld_length = fl->fl_end - fl->fl_start + 1;        
5324         deny->ld_type = NFS4_READ_LT;
5325         if (fl->fl_type != F_RDLCK)
5326                 deny->ld_type = NFS4_WRITE_LT;
5327 }
5328 
5329 static struct nfs4_lockowner *
5330 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner)
5331 {
5332         unsigned int strhashval = ownerstr_hashval(owner);
5333         struct nfs4_stateowner *so;
5334 
5335         lockdep_assert_held(&clp->cl_lock);
5336 
5337         list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval],
5338                             so_strhash) {
5339                 if (so->so_is_open_owner)
5340                         continue;
5341                 if (same_owner_str(so, owner))
5342                         return lockowner(nfs4_get_stateowner(so));
5343         }
5344         return NULL;
5345 }
5346 
5347 static struct nfs4_lockowner *
5348 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner)
5349 {
5350         struct nfs4_lockowner *lo;
5351 
5352         spin_lock(&clp->cl_lock);
5353         lo = find_lockowner_str_locked(clp, owner);
5354         spin_unlock(&clp->cl_lock);
5355         return lo;
5356 }
5357 
5358 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop)
5359 {
5360         unhash_lockowner_locked(lockowner(sop));
5361 }
5362 
5363 static void nfs4_free_lockowner(struct nfs4_stateowner *sop)
5364 {
5365         struct nfs4_lockowner *lo = lockowner(sop);
5366 
5367         kmem_cache_free(lockowner_slab, lo);
5368 }
5369 
5370 static const struct nfs4_stateowner_operations lockowner_ops = {
5371         .so_unhash =    nfs4_unhash_lockowner,
5372         .so_free =      nfs4_free_lockowner,
5373 };
5374 
5375 /*
5376  * Alloc a lock owner structure.
5377  * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 
5378  * occurred. 
5379  *
5380  * strhashval = ownerstr_hashval
5381  */
5382 static struct nfs4_lockowner *
5383 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp,
5384                            struct nfs4_ol_stateid *open_stp,
5385                            struct nfsd4_lock *lock)
5386 {
5387         struct nfs4_lockowner *lo, *ret;
5388 
5389         lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp);
5390         if (!lo)
5391                 return NULL;
5392         INIT_LIST_HEAD(&lo->lo_owner.so_stateids);
5393         lo->lo_owner.so_is_open_owner = 0;
5394         lo->lo_owner.so_seqid = lock->lk_new_lock_seqid;
5395         lo->lo_owner.so_ops = &lockowner_ops;
5396         spin_lock(&clp->cl_lock);
5397         ret = find_lockowner_str_locked(clp, &lock->lk_new_owner);
5398         if (ret == NULL) {
5399                 list_add(&lo->lo_owner.so_strhash,
5400                          &clp->cl_ownerstr_hashtbl[strhashval]);
5401                 ret = lo;
5402         } else
5403                 nfs4_free_stateowner(&lo->lo_owner);
5404 
5405         spin_unlock(&clp->cl_lock);
5406         return ret;
5407 }
5408 
5409 static void
5410 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo,
5411                   struct nfs4_file *fp, struct inode *inode,
5412                   struct nfs4_ol_stateid *open_stp)
5413 {
5414         struct nfs4_client *clp = lo->lo_owner.so_client;
5415 
5416         lockdep_assert_held(&clp->cl_lock);
5417 
5418         atomic_inc(&stp->st_stid.sc_count);
5419         stp->st_stid.sc_type = NFS4_LOCK_STID;
5420         stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner);
5421         get_nfs4_file(fp);
5422         stp->st_stid.sc_file = fp;
5423         stp->st_stid.sc_free = nfs4_free_lock_stateid;
5424         stp->st_access_bmap = 0;
5425         stp->st_deny_bmap = open_stp->st_deny_bmap;
5426         stp->st_openstp = open_stp;
5427         mutex_init(&stp->st_mutex);
5428         list_add(&stp->st_locks, &open_stp->st_locks);
5429         list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
5430         spin_lock(&fp->fi_lock);
5431         list_add(&stp->st_perfile, &fp->fi_stateids);
5432         spin_unlock(&fp->fi_lock);
5433 }
5434 
5435 static struct nfs4_ol_stateid *
5436 find_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fp)
5437 {
5438         struct nfs4_ol_stateid *lst;
5439         struct nfs4_client *clp = lo->lo_owner.so_client;
5440 
5441         lockdep_assert_held(&clp->cl_lock);
5442 
5443         list_for_each_entry(lst, &lo->lo_owner.so_stateids, st_perstateowner) {
5444                 if (lst->st_stid.sc_file == fp) {
5445                         atomic_inc(&lst->st_stid.sc_count);
5446                         return lst;
5447                 }
5448         }
5449         return NULL;
5450 }
5451 
5452 static struct nfs4_ol_stateid *
5453 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi,
5454                             struct inode *inode, struct nfs4_ol_stateid *ost,
5455                             bool *new)
5456 {
5457         struct nfs4_stid *ns = NULL;
5458         struct nfs4_ol_stateid *lst;
5459         struct nfs4_openowner *oo = openowner(ost->st_stateowner);
5460         struct nfs4_client *clp = oo->oo_owner.so_client;
5461 
5462         spin_lock(&clp->cl_lock);
5463         lst = find_lock_stateid(lo, fi);
5464         if (lst == NULL) {
5465                 spin_unlock(&clp->cl_lock);
5466                 ns = nfs4_alloc_stid(clp, stateid_slab);
5467                 if (ns == NULL)
5468                         return NULL;
5469 
5470                 spin_lock(&clp->cl_lock);
5471                 lst = find_lock_stateid(lo, fi);
5472                 if (likely(!lst)) {
5473                         lst = openlockstateid(ns);
5474                         init_lock_stateid(lst, lo, fi, inode, ost);
5475                         ns = NULL;
5476                         *new = true;
5477                 }
5478         }
5479         spin_unlock(&clp->cl_lock);
5480         if (ns)
5481                 nfs4_put_stid(ns);
5482         return lst;
5483 }
5484 
5485 static int
5486 check_lock_length(u64 offset, u64 length)
5487 {
5488         return ((length == 0) || ((length != NFS4_MAX_UINT64) &&
5489                 (length > ~offset)));
5490 }
5491 
5492 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access)
5493 {
5494         struct nfs4_file *fp = lock_stp->st_stid.sc_file;
5495 
5496         lockdep_assert_held(&fp->fi_lock);
5497 
5498         if (test_access(access, lock_stp))
5499                 return;
5500         __nfs4_file_get_access(fp, access);
5501         set_access(access, lock_stp);
5502 }
5503 
5504 static __be32
5505 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
5506                             struct nfs4_ol_stateid *ost,
5507                             struct nfsd4_lock *lock,
5508                             struct nfs4_ol_stateid **plst, bool *new)
5509 {
5510         __be32 status;
5511         struct nfs4_file *fi = ost->st_stid.sc_file;
5512         struct nfs4_openowner *oo = openowner(ost->st_stateowner);
5513         struct nfs4_client *cl = oo->oo_owner.so_client;
5514         struct inode *inode = d_inode(cstate->current_fh.fh_dentry);
5515         struct nfs4_lockowner *lo;
5516         struct nfs4_ol_stateid *lst;
5517         unsigned int strhashval;
5518         bool hashed;
5519 
5520         lo = find_lockowner_str(cl, &lock->lk_new_owner);
5521         if (!lo) {
5522                 strhashval = ownerstr_hashval(&lock->lk_new_owner);
5523                 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock);
5524                 if (lo == NULL)
5525                         return nfserr_jukebox;
5526         } else {
5527                 /* with an existing lockowner, seqids must be the same */
5528                 status = nfserr_bad_seqid;
5529                 if (!cstate->minorversion &&
5530                     lock->lk_new_lock_seqid != lo->lo_owner.so_seqid)
5531                         goto out;
5532         }
5533 
5534 retry:
5535         lst = find_or_create_lock_stateid(lo, fi, inode, ost, new);
5536         if (lst == NULL) {
5537                 status = nfserr_jukebox;
5538                 goto out;
5539         }
5540 
5541         mutex_lock(&lst->st_mutex);
5542 
5543         /* See if it's still hashed to avoid race with FREE_STATEID */
5544         spin_lock(&cl->cl_lock);
5545         hashed = !list_empty(&lst->st_perfile);
5546         spin_unlock(&cl->cl_lock);
5547 
5548         if (!hashed) {
5549                 mutex_unlock(&lst->st_mutex);
5550                 nfs4_put_stid(&lst->st_stid);
5551                 goto retry;
5552         }
5553         status = nfs_ok;
5554         *plst = lst;
5555 out:
5556         nfs4_put_stateowner(&lo->lo_owner);
5557         return status;
5558 }
5559 
5560 /*
5561  *  LOCK operation 
5562  */
5563 __be32
5564 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5565            struct nfsd4_lock *lock)
5566 {
5567         struct nfs4_openowner *open_sop = NULL;
5568         struct nfs4_lockowner *lock_sop = NULL;
5569         struct nfs4_ol_stateid *lock_stp = NULL;
5570         struct nfs4_ol_stateid *open_stp = NULL;
5571         struct nfs4_file *fp;
5572         struct file *filp = NULL;
5573         struct file_lock *file_lock = NULL;
5574         struct file_lock *conflock = NULL;
5575         __be32 status = 0;
5576         int lkflg;
5577         int err;
5578         bool new = false;
5579         struct net *net = SVC_NET(rqstp);
5580         struct nfsd_net *nn = net_generic(net, nfsd_net_id);
5581 
5582         dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
5583                 (long long) lock->lk_offset,
5584                 (long long) lock->lk_length);
5585 
5586         if (check_lock_length(lock->lk_offset, lock->lk_length))
5587                  return nfserr_inval;
5588 
5589         if ((status = fh_verify(rqstp, &cstate->current_fh,
5590                                 S_IFREG, NFSD_MAY_LOCK))) {
5591                 dprintk("NFSD: nfsd4_lock: permission denied!\n");
5592                 return status;
5593         }
5594 
5595         if (lock->lk_is_new) {
5596                 if (nfsd4_has_session(cstate))
5597                         /* See rfc 5661 18.10.3: given clientid is ignored: */
5598                         memcpy(&lock->lk_new_clientid,
5599                                 &cstate->session->se_client->cl_clientid,
5600                                 sizeof(clientid_t));
5601 
5602                 status = nfserr_stale_clientid;
5603                 if (STALE_CLIENTID(&lock->lk_new_clientid, nn))
5604                         goto out;
5605 
5606                 /* validate and update open stateid and open seqid */
5607                 status = nfs4_preprocess_confirmed_seqid_op(cstate,
5608                                         lock->lk_new_open_seqid,
5609                                         &lock->lk_new_open_stateid,
5610                                         &open_stp, nn);
5611                 if (status)
5612                         goto out;
5613                 mutex_unlock(&open_stp->st_mutex);
5614                 open_sop = openowner(open_stp->st_stateowner);
5615                 status = nfserr_bad_stateid;
5616                 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
5617                                                 &lock->lk_new_clientid))
5618                         goto out;
5619                 status = lookup_or_create_lock_state(cstate, open_stp, lock,
5620                                                         &lock_stp, &new);
5621         } else {
5622                 status = nfs4_preprocess_seqid_op(cstate,
5623                                        lock->lk_old_lock_seqid,
5624                                        &lock->lk_old_lock_stateid,
5625                                        NFS4_LOCK_STID, &lock_stp, nn);
5626         }
5627         if (status)
5628                 goto out;
5629         lock_sop = lockowner(lock_stp->st_stateowner);
5630 
5631         lkflg = setlkflg(lock->lk_type);
5632         status = nfs4_check_openmode(lock_stp, lkflg);
5633         if (status)
5634                 goto out;
5635 
5636         status = nfserr_grace;
5637         if (locks_in_grace(net) && !lock->lk_reclaim)
5638                 goto out;
5639         status = nfserr_no_grace;
5640         if (!locks_in_grace(net) && lock->lk_reclaim)
5641                 goto out;
5642 
5643         file_lock = locks_alloc_lock();
5644         if (!file_lock) {
5645                 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
5646                 status = nfserr_jukebox;
5647                 goto out;
5648         }
5649 
5650         fp = lock_stp->st_stid.sc_file;
5651         switch (lock->lk_type) {
5652                 case NFS4_READ_LT:
5653                 case NFS4_READW_LT:
5654                         spin_lock(&fp->fi_lock);
5655                         filp = find_readable_file_locked(fp);
5656                         if (filp)
5657                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
5658                         spin_unlock(&fp->fi_lock);
5659                         file_lock->fl_type = F_RDLCK;
5660                         break;
5661                 case NFS4_WRITE_LT:
5662                 case NFS4_WRITEW_LT:
5663                         spin_lock(&fp->fi_lock);
5664                         filp = find_writeable_file_locked(fp);
5665                         if (filp)
5666                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
5667                         spin_unlock(&fp->fi_lock);
5668                         file_lock->fl_type = F_WRLCK;
5669                         break;
5670                 default:
5671                         status = nfserr_inval;
5672                 goto out;
5673         }
5674         if (!filp) {
5675                 status = nfserr_openmode;
5676                 goto out;
5677         }
5678 
5679         file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner));
5680         file_lock->fl_pid = current->tgid;
5681         file_lock->fl_file = filp;
5682         file_lock->fl_flags = FL_POSIX;
5683         file_lock->fl_lmops = &nfsd_posix_mng_ops;
5684         file_lock->fl_start = lock->lk_offset;
5685         file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
5686         nfs4_transform_lock_offset(file_lock);
5687 
5688         conflock = locks_alloc_lock();
5689         if (!conflock) {
5690                 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
5691                 status = nfserr_jukebox;
5692                 goto out;
5693         }
5694 
5695         err = vfs_lock_file(filp, F_SETLK, file_lock, conflock);
5696         switch (-err) {
5697         case 0: /* success! */
5698                 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid);
5699                 status = 0;
5700                 break;
5701         case (EAGAIN):          /* conflock holds conflicting lock */
5702                 status = nfserr_denied;
5703                 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
5704                 nfs4_set_lock_denied(conflock, &lock->lk_denied);
5705                 break;
5706         case (EDEADLK):
5707                 status = nfserr_deadlock;
5708                 break;
5709         default:
5710                 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
5711                 status = nfserrno(err);
5712                 break;
5713         }
5714 out:
5715         if (filp)
5716                 fput(filp);
5717         if (lock_stp) {
5718                 /* Bump seqid manually if the 4.0 replay owner is openowner */
5719                 if (cstate->replay_owner &&
5720                     cstate->replay_owner != &lock_sop->lo_owner &&
5721                     seqid_mutating_err(ntohl(status)))
5722                         lock_sop->lo_owner.so_seqid++;
5723 
5724                 mutex_unlock(&lock_stp->st_mutex);
5725 
5726                 /*
5727                  * If this is a new, never-before-used stateid, and we are
5728                  * returning an error, then just go ahead and release it.
5729                  */
5730                 if (status && new)
5731                         release_lock_stateid(lock_stp);
5732 
5733                 nfs4_put_stid(&lock_stp->st_stid);
5734         }
5735         if (open_stp)
5736                 nfs4_put_stid(&open_stp->st_stid);
5737         nfsd4_bump_seqid(cstate, status);
5738         if (file_lock)
5739                 locks_free_lock(file_lock);
5740         if (conflock)
5741                 locks_free_lock(conflock);
5742         return status;
5743 }
5744 
5745 /*
5746  * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
5747  * so we do a temporary open here just to get an open file to pass to
5748  * vfs_test_lock.  (Arguably perhaps test_lock should be done with an
5749  * inode operation.)
5750  */
5751 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
5752 {
5753         struct file *file;
5754         __be32 err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file);
5755         if (!err) {
5756                 err = nfserrno(vfs_test_lock(file, lock));
5757                 fput(file);
5758         }
5759         return err;
5760 }
5761 
5762 /*
5763  * LOCKT operation
5764  */
5765 __be32
5766 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5767             struct nfsd4_lockt *lockt)
5768 {
5769         struct file_lock *file_lock = NULL;
5770         struct nfs4_lockowner *lo = NULL;
5771         __be32 status;
5772         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5773 
5774         if (locks_in_grace(SVC_NET(rqstp)))
5775                 return nfserr_grace;
5776 
5777         if (check_lock_length(lockt->lt_offset, lockt->lt_length))
5778                  return nfserr_inval;
5779 
5780         if (!nfsd4_has_session(cstate)) {
5781                 status = lookup_clientid(&lockt->lt_clientid, cstate, nn);
5782                 if (status)
5783                         goto out;
5784         }
5785 
5786         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
5787                 goto out;
5788 
5789         file_lock = locks_alloc_lock();
5790         if (!file_lock) {
5791                 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
5792                 status = nfserr_jukebox;
5793                 goto out;
5794         }
5795 
5796         switch (lockt->lt_type) {
5797                 case NFS4_READ_LT:
5798                 case NFS4_READW_LT:
5799                         file_lock->fl_type = F_RDLCK;
5800                 break;
5801                 case NFS4_WRITE_LT:
5802                 case NFS4_WRITEW_LT:
5803                         file_lock->fl_type = F_WRLCK;
5804                 break;
5805                 default:
5806                         dprintk("NFSD: nfs4_lockt: bad lock type!\n");
5807                         status = nfserr_inval;
5808                 goto out;
5809         }
5810 
5811         lo = find_lockowner_str(cstate->clp, &lockt->lt_owner);
5812         if (lo)
5813                 file_lock->fl_owner = (fl_owner_t)lo;
5814         file_lock->fl_pid = current->tgid;
5815         file_lock->fl_flags = FL_POSIX;
5816 
5817         file_lock->fl_start = lockt->lt_offset;
5818         file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
5819 
5820         nfs4_transform_lock_offset(file_lock);
5821 
5822         status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock);
5823         if (status)
5824                 goto out;
5825 
5826         if (file_lock->fl_type != F_UNLCK) {
5827                 status = nfserr_denied;
5828                 nfs4_set_lock_denied(file_lock, &lockt->lt_denied);
5829         }
5830 out:
5831         if (lo)
5832                 nfs4_put_stateowner(&lo->lo_owner);
5833         if (file_lock)
5834                 locks_free_lock(file_lock);
5835         return status;
5836 }
5837 
5838 __be32
5839 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
5840             struct nfsd4_locku *locku)
5841 {
5842         struct nfs4_ol_stateid *stp;
5843         struct file *filp = NULL;
5844         struct file_lock *file_lock = NULL;
5845         __be32 status;
5846         int err;
5847         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5848 
5849         dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
5850                 (long long) locku->lu_offset,
5851                 (long long) locku->lu_length);
5852 
5853         if (check_lock_length(locku->lu_offset, locku->lu_length))
5854                  return nfserr_inval;
5855 
5856         status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid,
5857                                         &locku->lu_stateid, NFS4_LOCK_STID,
5858                                         &stp, nn);
5859         if (status)
5860                 goto out;
5861         filp = find_any_file(stp->st_stid.sc_file);
5862         if (!filp) {
5863                 status = nfserr_lock_range;
5864                 goto put_stateid;
5865         }
5866         file_lock = locks_alloc_lock();
5867         if (!file_lock) {
5868                 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
5869                 status = nfserr_jukebox;
5870                 goto fput;
5871         }
5872 
5873         file_lock->fl_type = F_UNLCK;
5874         file_lock->fl_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner));
5875         file_lock->fl_pid = current->tgid;
5876         file_lock->fl_file = filp;
5877         file_lock->fl_flags = FL_POSIX;
5878         file_lock->fl_lmops = &nfsd_posix_mng_ops;
5879         file_lock->fl_start = locku->lu_offset;
5880 
5881         file_lock->fl_end = last_byte_offset(locku->lu_offset,
5882                                                 locku->lu_length);
5883         nfs4_transform_lock_offset(file_lock);
5884 
5885         err = vfs_lock_file(filp, F_SETLK, file_lock, NULL);
5886         if (err) {
5887                 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
5888                 goto out_nfserr;
5889         }
5890         nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid);
5891 fput:
5892         fput(filp);
5893 put_stateid:
5894         mutex_unlock(&stp->st_mutex);
5895         nfs4_put_stid(&stp->st_stid);
5896 out:
5897         nfsd4_bump_seqid(cstate, status);
5898         if (file_lock)
5899                 locks_free_lock(file_lock);
5900         return status;
5901 
5902 out_nfserr:
5903         status = nfserrno(err);
5904         goto fput;
5905 }
5906 
5907 /*
5908  * returns
5909  *      true:  locks held by lockowner
5910  *      false: no locks held by lockowner
5911  */
5912 static bool
5913 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
5914 {
5915         struct file_lock *fl;
5916         int status = false;
5917         struct file *filp = find_any_file(fp);
5918         struct inode *inode;
5919         struct file_lock_context *flctx;
5920 
5921         if (!filp) {
5922                 /* Any valid lock stateid should have some sort of access */
5923                 WARN_ON_ONCE(1);
5924                 return status;
5925         }
5926 
5927         inode = file_inode(filp);
5928         flctx = inode->i_flctx;
5929 
5930         if (flctx && !list_empty_careful(&flctx->flc_posix)) {
5931                 spin_lock(&flctx->flc_lock);
5932                 list_for_each_entry(fl, &flctx->flc_posix, fl_list) {
5933                         if (fl->fl_owner == (fl_owner_t)lowner) {
5934                                 status = true;
5935                                 break;
5936                         }
5937                 }
5938                 spin_unlock(&flctx->flc_lock);
5939         }
5940         fput(filp);
5941         return status;
5942 }
5943 
5944 __be32
5945 nfsd4_release_lockowner(struct svc_rqst *rqstp,
5946                         struct nfsd4_compound_state *cstate,
5947                         struct nfsd4_release_lockowner *rlockowner)
5948 {
5949         clientid_t *clid = &rlockowner->rl_clientid;
5950         struct nfs4_stateowner *sop;
5951         struct nfs4_lockowner *lo = NULL;
5952         struct nfs4_ol_stateid *stp;
5953         struct xdr_netobj *owner = &rlockowner->rl_owner;
5954         unsigned int hashval = ownerstr_hashval(owner);
5955         __be32 status;
5956         struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
5957         struct nfs4_client *clp;
5958         LIST_HEAD (reaplist);
5959 
5960         dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
5961                 clid->cl_boot, clid->cl_id);
5962 
5963         status = lookup_clientid(clid, cstate, nn);
5964         if (status)
5965                 return status;
5966 
5967         clp = cstate->clp;
5968         /* Find the matching lock stateowner */
5969         spin_lock(&clp->cl_lock);
5970         list_for_each_entry(sop, &clp->cl_ownerstr_hashtbl[hashval],
5971                             so_strhash) {
5972 
5973                 if (sop->so_is_open_owner || !same_owner_str(sop, owner))
5974                         continue;
5975 
5976                 /* see if there are still any locks associated with it */
5977                 lo = lockowner(sop);
5978                 list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) {
5979                         if (check_for_locks(stp->st_stid.sc_file, lo)) {
5980                                 status = nfserr_locks_held;
5981                                 spin_unlock(&clp->cl_lock);
5982                                 return status;
5983                         }
5984                 }
5985 
5986                 nfs4_get_stateowner(sop);
5987                 break;
5988         }
5989         if (!lo) {
5990                 spin_unlock(&clp->cl_lock);
5991                 return status;
5992         }
5993 
5994         unhash_lockowner_locked(lo);
5995         while (!list_empty(&lo->lo_owner.so_stateids)) {
5996                 stp = list_first_entry(&lo->lo_owner.so_stateids,
5997                                        struct nfs4_ol_stateid,
5998                                        st_perstateowner);
5999                 WARN_ON(!unhash_lock_stateid(stp));
6000                 put_ol_stateid_locked(stp, &reaplist);
6001         }
6002         spin_unlock(&clp->cl_lock);
6003         free_ol_stateid_reaplist(&reaplist);
6004         nfs4_put_stateowner(&lo->lo_owner);
6005 
6006         return status;
6007 }
6008 
6009 static inline struct nfs4_client_reclaim *
6010 alloc_reclaim(void)
6011 {
6012         return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
6013 }
6014 
6015 bool
6016 nfs4_has_reclaimed_state(const char *name, struct nfsd_net *nn)
6017 {
6018         struct nfs4_client_reclaim *crp;
6019 
6020         crp = nfsd4_find_reclaim_client(name, nn);
6021         return (crp && crp->cr_clp);
6022 }
6023 
6024 /*
6025  * failure => all reset bets are off, nfserr_no_grace...
6026  */
6027 struct nfs4_client_reclaim *
6028 nfs4_client_to_reclaim(const char *name, struct nfsd_net *nn)
6029 {
6030         unsigned int strhashval;
6031         struct nfs4_client_reclaim *crp;
6032 
6033         dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name);
6034         crp = alloc_reclaim();
6035         if (crp) {
6036                 strhashval = clientstr_hashval(name);
6037                 INIT_LIST_HEAD(&crp->cr_strhash);
6038                 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]);
6039                 memcpy(crp->cr_recdir, name, HEXDIR_LEN);
6040                 crp->cr_clp = NULL;
6041                 nn->reclaim_str_hashtbl_size++;
6042         }
6043         return crp;
6044 }
6045 
6046 void
6047 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn)
6048 {
6049         list_del(&crp->cr_strhash);
6050         kfree(crp);
6051         nn->reclaim_str_hashtbl_size--;
6052 }
6053 
6054 void
6055 nfs4_release_reclaim(struct nfsd_net *nn)
6056 {
6057         struct nfs4_client_reclaim *crp = NULL;
6058         int i;
6059 
6060         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
6061                 while (!list_empty(&nn->reclaim_str_hashtbl[i])) {
6062                         crp = list_entry(nn->reclaim_str_hashtbl[i].next,
6063                                         struct nfs4_client_reclaim, cr_strhash);
6064                         nfs4_remove_reclaim_record(crp, nn);
6065                 }
6066         }
6067         WARN_ON_ONCE(nn->reclaim_str_hashtbl_size);
6068 }
6069 
6070 /*
6071  * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
6072 struct nfs4_client_reclaim *
6073 nfsd4_find_reclaim_client(const char *recdir, struct nfsd_net *nn)
6074 {
6075         unsigned int strhashval;
6076         struct nfs4_client_reclaim *crp = NULL;
6077 
6078         dprintk("NFSD: nfs4_find_reclaim_client for recdir %s\n", recdir);
6079 
6080         strhashval = clientstr_hashval(recdir);
6081         list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) {
6082                 if (same_name(crp->cr_recdir, recdir)) {
6083                         return crp;
6084                 }
6085         }
6086         return NULL;
6087 }
6088 
6089 /*
6090 * Called from OPEN. Look for clientid in reclaim list.
6091 */
6092 __be32
6093 nfs4_check_open_reclaim(clientid_t *clid,
6094                 struct nfsd4_compound_state *cstate,
6095                 struct nfsd_net *nn)
6096 {
6097         __be32 status;
6098 
6099         /* find clientid in conf_id_hashtbl */
6100         status = lookup_clientid(clid, cstate, nn);
6101         if (status)
6102                 return nfserr_reclaim_bad;
6103 
6104         if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &cstate->clp->cl_flags))
6105                 return nfserr_no_grace;
6106 
6107         if (nfsd4_client_record_check(cstate->clp))
6108                 return nfserr_reclaim_bad;
6109 
6110         return nfs_ok;
6111 }
6112 
6113 #ifdef CONFIG_NFSD_FAULT_INJECTION
6114 static inline void
6115 put_client(struct nfs4_client *clp)
6116 {
6117         atomic_dec(&clp->cl_refcount);
6118 }
6119 
6120 static struct nfs4_client *
6121 nfsd_find_client(struct sockaddr_storage *addr, size_t addr_size)
6122 {
6123         struct nfs4_client *clp;
6124         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6125                                           nfsd_net_id);
6126 
6127         if (!nfsd_netns_ready(nn))
6128                 return NULL;
6129 
6130         list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6131                 if (memcmp(&clp->cl_addr, addr, addr_size) == 0)
6132                         return clp;
6133         }
6134         return NULL;
6135 }
6136 
6137 u64
6138 nfsd_inject_print_clients(void)
6139 {
6140         struct nfs4_client *clp;
6141         u64 count = 0;
6142         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6143                                           nfsd_net_id);
6144         char buf[INET6_ADDRSTRLEN];
6145 
6146         if (!nfsd_netns_ready(nn))
6147                 return 0;
6148 
6149         spin_lock(&nn->client_lock);
6150         list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6151                 rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
6152                 pr_info("NFS Client: %s\n", buf);
6153                 ++count;
6154         }
6155         spin_unlock(&nn->client_lock);
6156 
6157         return count;
6158 }
6159 
6160 u64
6161 nfsd_inject_forget_client(struct sockaddr_storage *addr, size_t addr_size)
6162 {
6163         u64 count = 0;
6164         struct nfs4_client *clp;
6165         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6166                                           nfsd_net_id);
6167 
6168         if (!nfsd_netns_ready(nn))
6169                 return count;
6170 
6171         spin_lock(&nn->client_lock);
6172         clp = nfsd_find_client(addr, addr_size);
6173         if (clp) {
6174                 if (mark_client_expired_locked(clp) == nfs_ok)
6175                         ++count;
6176                 else
6177                         clp = NULL;
6178         }
6179         spin_unlock(&nn->client_lock);
6180 
6181         if (clp)
6182                 expire_client(clp);
6183 
6184         return count;
6185 }
6186 
6187 u64
6188 nfsd_inject_forget_clients(u64 max)
6189 {
6190         u64 count = 0;
6191         struct nfs4_client *clp, *next;
6192         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6193                                                 nfsd_net_id);
6194         LIST_HEAD(reaplist);
6195 
6196         if (!nfsd_netns_ready(nn))
6197                 return count;
6198 
6199         spin_lock(&nn->client_lock);
6200         list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) {
6201                 if (mark_client_expired_locked(clp) == nfs_ok) {
6202                         list_add(&clp->cl_lru, &reaplist);
6203                         if (max != 0 && ++count >= max)
6204                                 break;
6205                 }
6206         }
6207         spin_unlock(&nn->client_lock);
6208 
6209         list_for_each_entry_safe(clp, next, &reaplist, cl_lru)
6210                 expire_client(clp);
6211 
6212         return count;
6213 }
6214 
6215 static void nfsd_print_count(struct nfs4_client *clp, unsigned int count,
6216                              const char *type)
6217 {
6218         char buf[INET6_ADDRSTRLEN];
6219         rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
6220         printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type);
6221 }
6222 
6223 static void
6224 nfsd_inject_add_lock_to_list(struct nfs4_ol_stateid *lst,
6225                              struct list_head *collect)
6226 {
6227         struct nfs4_client *clp = lst->st_stid.sc_client;
6228         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6229                                           nfsd_net_id);
6230 
6231         if (!collect)
6232                 return;
6233 
6234         lockdep_assert_held(&nn->client_lock);
6235         atomic_inc(&clp->cl_refcount);
6236         list_add(&lst->st_locks, collect);
6237 }
6238 
6239 static u64 nfsd_foreach_client_lock(struct nfs4_client *clp, u64 max,
6240                                     struct list_head *collect,
6241                                     bool (*func)(struct nfs4_ol_stateid *))
6242 {
6243         struct nfs4_openowner *oop;
6244         struct nfs4_ol_stateid *stp, *st_next;
6245         struct nfs4_ol_stateid *lst, *lst_next;
6246         u64 count = 0;
6247 
6248         spin_lock(&clp->cl_lock);
6249         list_for_each_entry(oop, &clp->cl_openowners, oo_perclient) {
6250                 list_for_each_entry_safe(stp, st_next,
6251                                 &oop->oo_owner.so_stateids, st_perstateowner) {
6252                         list_for_each_entry_safe(lst, lst_next,
6253                                         &stp->st_locks, st_locks) {
6254                                 if (func) {
6255                                         if (func(lst))
6256                                                 nfsd_inject_add_lock_to_list(lst,
6257                                                                         collect);
6258                                 }
6259                                 ++count;
6260                                 /*
6261                                  * Despite the fact that these functions deal
6262                                  * with 64-bit integers for "count", we must
6263                                  * ensure that it doesn't blow up the
6264                                  * clp->cl_refcount. Throw a warning if we
6265                                  * start to approach INT_MAX here.
6266                                  */
6267                                 WARN_ON_ONCE(count == (INT_MAX / 2));
6268                                 if (count == max)
6269                                         goto out;
6270                         }
6271                 }
6272         }
6273 out:
6274         spin_unlock(&clp->cl_lock);
6275 
6276         return count;
6277 }
6278 
6279 static u64
6280 nfsd_collect_client_locks(struct nfs4_client *clp, struct list_head *collect,
6281                           u64 max)
6282 {
6283         return nfsd_foreach_client_lock(clp, max, collect, unhash_lock_stateid);
6284 }
6285 
6286 static u64
6287 nfsd_print_client_locks(struct nfs4_client *clp)
6288 {
6289         u64 count = nfsd_foreach_client_lock(clp, 0, NULL, NULL);
6290         nfsd_print_count(clp, count, "locked files");
6291         return count;
6292 }
6293 
6294 u64
6295 nfsd_inject_print_locks(void)
6296 {
6297         struct nfs4_client *clp;
6298         u64 count = 0;
6299         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6300                                                 nfsd_net_id);
6301 
6302         if (!nfsd_netns_ready(nn))
6303                 return 0;
6304 
6305         spin_lock(&nn->client_lock);
6306         list_for_each_entry(clp, &nn->client_lru, cl_lru)
6307                 count += nfsd_print_client_locks(clp);
6308         spin_unlock(&nn->client_lock);
6309 
6310         return count;
6311 }
6312 
6313 static void
6314 nfsd_reap_locks(struct list_head *reaplist)
6315 {
6316         struct nfs4_client *clp;
6317         struct nfs4_ol_stateid *stp, *next;
6318 
6319         list_for_each_entry_safe(stp, next, reaplist, st_locks) {
6320                 list_del_init(&stp->st_locks);
6321                 clp = stp->st_stid.sc_client;
6322                 nfs4_put_stid(&stp->st_stid);
6323                 put_client(clp);
6324         }
6325 }
6326 
6327 u64
6328 nfsd_inject_forget_client_locks(struct sockaddr_storage *addr, size_t addr_size)
6329 {
6330         unsigned int count = 0;
6331         struct nfs4_client *clp;
6332         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6333                                                 nfsd_net_id);
6334         LIST_HEAD(reaplist);
6335 
6336         if (!nfsd_netns_ready(nn))
6337                 return count;
6338 
6339         spin_lock(&nn->client_lock);
6340         clp = nfsd_find_client(addr, addr_size);
6341         if (clp)
6342                 count = nfsd_collect_client_locks(clp, &reaplist, 0);
6343         spin_unlock(&nn->client_lock);
6344         nfsd_reap_locks(&reaplist);
6345         return count;
6346 }
6347 
6348 u64
6349 nfsd_inject_forget_locks(u64 max)
6350 {
6351         u64 count = 0;
6352         struct nfs4_client *clp;
6353         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6354                                                 nfsd_net_id);
6355         LIST_HEAD(reaplist);
6356 
6357         if (!nfsd_netns_ready(nn))
6358                 return count;
6359 
6360         spin_lock(&nn->client_lock);
6361         list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6362                 count += nfsd_collect_client_locks(clp, &reaplist, max - count);
6363                 if (max != 0 && count >= max)
6364                         break;
6365         }
6366         spin_unlock(&nn->client_lock);
6367         nfsd_reap_locks(&reaplist);
6368         return count;
6369 }
6370 
6371 static u64
6372 nfsd_foreach_client_openowner(struct nfs4_client *clp, u64 max,
6373                               struct list_head *collect,
6374                               void (*func)(struct nfs4_openowner *))
6375 {
6376         struct nfs4_openowner *oop, *next;
6377         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6378                                                 nfsd_net_id);
6379         u64 count = 0;
6380 
6381         lockdep_assert_held(&nn->client_lock);
6382 
6383         spin_lock(&clp->cl_lock);
6384         list_for_each_entry_safe(oop, next, &clp->cl_openowners, oo_perclient) {
6385                 if (func) {
6386                         func(oop);
6387                         if (collect) {
6388                                 atomic_inc(&clp->cl_refcount);
6389                                 list_add(&oop->oo_perclient, collect);
6390                         }
6391                 }
6392                 ++count;
6393                 /*
6394                  * Despite the fact that these functions deal with
6395                  * 64-bit integers for "count", we must ensure that
6396                  * it doesn't blow up the clp->cl_refcount. Throw a
6397                  * warning if we start to approach INT_MAX here.
6398                  */
6399                 WARN_ON_ONCE(count == (INT_MAX / 2));
6400                 if (count == max)
6401                         break;
6402         }
6403         spin_unlock(&clp->cl_lock);
6404 
6405         return count;
6406 }
6407 
6408 static u64
6409 nfsd_print_client_openowners(struct nfs4_client *clp)
6410 {
6411         u64 count = nfsd_foreach_client_openowner(clp, 0, NULL, NULL);
6412 
6413         nfsd_print_count(clp, count, "openowners");
6414         return count;
6415 }
6416 
6417 static u64
6418 nfsd_collect_client_openowners(struct nfs4_client *clp,
6419                                struct list_head *collect, u64 max)
6420 {
6421         return nfsd_foreach_client_openowner(clp, max, collect,
6422                                                 unhash_openowner_locked);
6423 }
6424 
6425 u64
6426 nfsd_inject_print_openowners(void)
6427 {
6428         struct nfs4_client *clp;
6429         u64 count = 0;
6430         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6431                                                 nfsd_net_id);
6432 
6433         if (!nfsd_netns_ready(nn))
6434                 return 0;
6435 
6436         spin_lock(&nn->client_lock);
6437         list_for_each_entry(clp, &nn->client_lru, cl_lru)
6438                 count += nfsd_print_client_openowners(clp);
6439         spin_unlock(&nn->client_lock);
6440 
6441         return count;
6442 }
6443 
6444 static void
6445 nfsd_reap_openowners(struct list_head *reaplist)
6446 {
6447         struct nfs4_client *clp;
6448         struct nfs4_openowner *oop, *next;
6449 
6450         list_for_each_entry_safe(oop, next, reaplist, oo_perclient) {
6451                 list_del_init(&oop->oo_perclient);
6452                 clp = oop->oo_owner.so_client;
6453                 release_openowner(oop);
6454                 put_client(clp);
6455         }
6456 }
6457 
6458 u64
6459 nfsd_inject_forget_client_openowners(struct sockaddr_storage *addr,
6460                                      size_t addr_size)
6461 {
6462         unsigned int count = 0;
6463         struct nfs4_client *clp;
6464         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6465                                                 nfsd_net_id);
6466         LIST_HEAD(reaplist);
6467 
6468         if (!nfsd_netns_ready(nn))
6469                 return count;
6470 
6471         spin_lock(&nn->client_lock);
6472         clp = nfsd_find_client(addr, addr_size);
6473         if (clp)
6474                 count = nfsd_collect_client_openowners(clp, &reaplist, 0);
6475         spin_unlock(&nn->client_lock);
6476         nfsd_reap_openowners(&reaplist);
6477         return count;
6478 }
6479 
6480 u64
6481 nfsd_inject_forget_openowners(u64 max)
6482 {
6483         u64 count = 0;
6484         struct nfs4_client *clp;
6485         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6486                                                 nfsd_net_id);
6487         LIST_HEAD(reaplist);
6488 
6489         if (!nfsd_netns_ready(nn))
6490                 return count;
6491 
6492         spin_lock(&nn->client_lock);
6493         list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6494                 count += nfsd_collect_client_openowners(clp, &reaplist,
6495                                                         max - count);
6496                 if (max != 0 && count >= max)
6497                         break;
6498         }
6499         spin_unlock(&nn->client_lock);
6500         nfsd_reap_openowners(&reaplist);
6501         return count;
6502 }
6503 
6504 static u64 nfsd_find_all_delegations(struct nfs4_client *clp, u64 max,
6505                                      struct list_head *victims)
6506 {
6507         struct nfs4_delegation *dp, *next;
6508         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6509                                                 nfsd_net_id);
6510         u64 count = 0;
6511 
6512         lockdep_assert_held(&nn->client_lock);
6513 
6514         spin_lock(&state_lock);
6515         list_for_each_entry_safe(dp, next, &clp->cl_delegations, dl_perclnt) {
6516                 if (victims) {
6517                         /*
6518                          * It's not safe to mess with delegations that have a
6519                          * non-zero dl_time. They might have already been broken
6520                          * and could be processed by the laundromat outside of
6521                          * the state_lock. Just leave them be.
6522                          */
6523                         if (dp->dl_time != 0)
6524                                 continue;
6525 
6526                         atomic_inc(&clp->cl_refcount);
6527                         WARN_ON(!unhash_delegation_locked(dp));
6528                         list_add(&dp->dl_recall_lru, victims);
6529                 }
6530                 ++count;
6531                 /*
6532                  * Despite the fact that these functions deal with
6533                  * 64-bit integers for "count", we must ensure that
6534                  * it doesn't blow up the clp->cl_refcount. Throw a
6535                  * warning if we start to approach INT_MAX here.
6536                  */
6537                 WARN_ON_ONCE(count == (INT_MAX / 2));
6538                 if (count == max)
6539                         break;
6540         }
6541         spin_unlock(&state_lock);
6542         return count;
6543 }
6544 
6545 static u64
6546 nfsd_print_client_delegations(struct nfs4_client *clp)
6547 {
6548         u64 count = nfsd_find_all_delegations(clp, 0, NULL);
6549 
6550         nfsd_print_count(clp, count, "delegations");
6551         return count;
6552 }
6553 
6554 u64
6555 nfsd_inject_print_delegations(void)
6556 {
6557         struct nfs4_client *clp;
6558         u64 count = 0;
6559         struct nfsd_net *nn = net_generic(current->nsproxy->net_ns,
6560                                                 nfsd_net_id);
6561 
6562         if (!nfsd_netns_ready(nn))