nfsd4: BUG_ON(!is_spin_locked()) no good on UP kernels
[linux-2.6.git] / fs / nfsd / nfs4state.c
1 /*
2 *  Copyright (c) 2001 The Regents of the University of Michigan.
3 *  All rights reserved.
4 *
5 *  Kendrick Smith <kmsmith@umich.edu>
6 *  Andy Adamson <kandros@umich.edu>
7 *
8 *  Redistribution and use in source and binary forms, with or without
9 *  modification, are permitted provided that the following conditions
10 *  are met:
11 *
12 *  1. Redistributions of source code must retain the above copyright
13 *     notice, this list of conditions and the following disclaimer.
14 *  2. Redistributions in binary form must reproduce the above copyright
15 *     notice, this list of conditions and the following disclaimer in the
16 *     documentation and/or other materials provided with the distribution.
17 *  3. Neither the name of the University nor the names of its
18 *     contributors may be used to endorse or promote products derived
19 *     from this software without specific prior written permission.
20 *
21 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
34
35 #include <linux/file.h>
36 #include <linux/fs.h>
37 #include <linux/slab.h>
38 #include <linux/namei.h>
39 #include <linux/swap.h>
40 #include <linux/pagemap.h>
41 #include <linux/sunrpc/svcauth_gss.h>
42 #include <linux/sunrpc/clnt.h>
43 #include "xdr4.h"
44 #include "vfs.h"
45
46 #define NFSDDBG_FACILITY                NFSDDBG_PROC
47
48 /* Globals */
49 time_t nfsd4_lease = 90;     /* default lease time */
50 time_t nfsd4_grace = 90;
51 static time_t boot_time;
52
53 #define all_ones {{~0,~0},~0}
54 static const stateid_t one_stateid = {
55         .si_generation = ~0,
56         .si_opaque = all_ones,
57 };
58 static const stateid_t zero_stateid = {
59         /* all fields zero */
60 };
61 static const stateid_t currentstateid = {
62         .si_generation = 1,
63 };
64
65 static u64 current_sessionid = 1;
66
67 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
68 #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
69 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
70
71 /* forward declarations */
72 static int check_for_locks(struct nfs4_file *filp, struct nfs4_lockowner *lowner);
73
74 /* Locking: */
75
76 /* Currently used for almost all code touching nfsv4 state: */
77 static DEFINE_MUTEX(client_mutex);
78
79 /*
80  * Currently used for the del_recall_lru and file hash table.  In an
81  * effort to decrease the scope of the client_mutex, this spinlock may
82  * eventually cover more:
83  */
84 static DEFINE_SPINLOCK(recall_lock);
85
86 static struct kmem_cache *openowner_slab = NULL;
87 static struct kmem_cache *lockowner_slab = NULL;
88 static struct kmem_cache *file_slab = NULL;
89 static struct kmem_cache *stateid_slab = NULL;
90 static struct kmem_cache *deleg_slab = NULL;
91
92 void
93 nfs4_lock_state(void)
94 {
95         mutex_lock(&client_mutex);
96 }
97
98 static void free_session(struct kref *);
99
100 /* Must be called under the client_lock */
101 static void nfsd4_put_session_locked(struct nfsd4_session *ses)
102 {
103         kref_put(&ses->se_ref, free_session);
104 }
105
106 static void nfsd4_get_session(struct nfsd4_session *ses)
107 {
108         kref_get(&ses->se_ref);
109 }
110
111 void
112 nfs4_unlock_state(void)
113 {
114         mutex_unlock(&client_mutex);
115 }
116
117 static inline u32
118 opaque_hashval(const void *ptr, int nbytes)
119 {
120         unsigned char *cptr = (unsigned char *) ptr;
121
122         u32 x = 0;
123         while (nbytes--) {
124                 x *= 37;
125                 x += *cptr++;
126         }
127         return x;
128 }
129
130 static struct list_head del_recall_lru;
131
132 static void nfsd4_free_file(struct nfs4_file *f)
133 {
134         kmem_cache_free(file_slab, f);
135 }
136
137 static inline void
138 put_nfs4_file(struct nfs4_file *fi)
139 {
140         if (atomic_dec_and_lock(&fi->fi_ref, &recall_lock)) {
141                 list_del(&fi->fi_hash);
142                 spin_unlock(&recall_lock);
143                 iput(fi->fi_inode);
144                 nfsd4_free_file(fi);
145         }
146 }
147
148 static inline void
149 get_nfs4_file(struct nfs4_file *fi)
150 {
151         atomic_inc(&fi->fi_ref);
152 }
153
154 static int num_delegations;
155 unsigned int max_delegations;
156
157 /*
158  * Open owner state (share locks)
159  */
160
161 /* hash tables for lock and open owners */
162 #define OWNER_HASH_BITS              8
163 #define OWNER_HASH_SIZE             (1 << OWNER_HASH_BITS)
164 #define OWNER_HASH_MASK             (OWNER_HASH_SIZE - 1)
165
166 static unsigned int ownerstr_hashval(u32 clientid, struct xdr_netobj *ownername)
167 {
168         unsigned int ret;
169
170         ret = opaque_hashval(ownername->data, ownername->len);
171         ret += clientid;
172         return ret & OWNER_HASH_MASK;
173 }
174
175 static struct list_head ownerstr_hashtbl[OWNER_HASH_SIZE];
176
177 /* hash table for nfs4_file */
178 #define FILE_HASH_BITS                   8
179 #define FILE_HASH_SIZE                  (1 << FILE_HASH_BITS)
180
181 static unsigned int file_hashval(struct inode *ino)
182 {
183         /* XXX: why are we hashing on inode pointer, anyway? */
184         return hash_ptr(ino, FILE_HASH_BITS);
185 }
186
187 static struct list_head file_hashtbl[FILE_HASH_SIZE];
188
189 static void __nfs4_file_get_access(struct nfs4_file *fp, int oflag)
190 {
191         BUG_ON(!(fp->fi_fds[oflag] || fp->fi_fds[O_RDWR]));
192         atomic_inc(&fp->fi_access[oflag]);
193 }
194
195 static void nfs4_file_get_access(struct nfs4_file *fp, int oflag)
196 {
197         if (oflag == O_RDWR) {
198                 __nfs4_file_get_access(fp, O_RDONLY);
199                 __nfs4_file_get_access(fp, O_WRONLY);
200         } else
201                 __nfs4_file_get_access(fp, oflag);
202 }
203
204 static void nfs4_file_put_fd(struct nfs4_file *fp, int oflag)
205 {
206         if (fp->fi_fds[oflag]) {
207                 fput(fp->fi_fds[oflag]);
208                 fp->fi_fds[oflag] = NULL;
209         }
210 }
211
212 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
213 {
214         if (atomic_dec_and_test(&fp->fi_access[oflag])) {
215                 nfs4_file_put_fd(fp, oflag);
216                 /*
217                  * It's also safe to get rid of the RDWR open *if*
218                  * we no longer have need of the other kind of access
219                  * or if we already have the other kind of open:
220                  */
221                 if (fp->fi_fds[1-oflag]
222                         || atomic_read(&fp->fi_access[1 - oflag]) == 0)
223                         nfs4_file_put_fd(fp, O_RDWR);
224         }
225 }
226
227 static void nfs4_file_put_access(struct nfs4_file *fp, int oflag)
228 {
229         if (oflag == O_RDWR) {
230                 __nfs4_file_put_access(fp, O_RDONLY);
231                 __nfs4_file_put_access(fp, O_WRONLY);
232         } else
233                 __nfs4_file_put_access(fp, oflag);
234 }
235
236 static inline int get_new_stid(struct nfs4_stid *stid)
237 {
238         static int min_stateid = 0;
239         struct idr *stateids = &stid->sc_client->cl_stateids;
240         int new_stid;
241         int error;
242
243         error = idr_get_new_above(stateids, stid, min_stateid, &new_stid);
244         /*
245          * Note: the necessary preallocation was done in
246          * nfs4_alloc_stateid().  The idr code caps the number of
247          * preallocations that can exist at a time, but the state lock
248          * prevents anyone from using ours before we get here:
249          */
250         BUG_ON(error);
251         /*
252          * It shouldn't be a problem to reuse an opaque stateid value.
253          * I don't think it is for 4.1.  But with 4.0 I worry that, for
254          * example, a stray write retransmission could be accepted by
255          * the server when it should have been rejected.  Therefore,
256          * adopt a trick from the sctp code to attempt to maximize the
257          * amount of time until an id is reused, by ensuring they always
258          * "increase" (mod INT_MAX):
259          */
260
261         min_stateid = new_stid+1;
262         if (min_stateid == INT_MAX)
263                 min_stateid = 0;
264         return new_stid;
265 }
266
267 static void init_stid(struct nfs4_stid *stid, struct nfs4_client *cl, unsigned char type)
268 {
269         stateid_t *s = &stid->sc_stateid;
270         int new_id;
271
272         stid->sc_type = type;
273         stid->sc_client = cl;
274         s->si_opaque.so_clid = cl->cl_clientid;
275         new_id = get_new_stid(stid);
276         s->si_opaque.so_id = (u32)new_id;
277         /* Will be incremented before return to client: */
278         s->si_generation = 0;
279 }
280
281 static struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab)
282 {
283         struct idr *stateids = &cl->cl_stateids;
284
285         if (!idr_pre_get(stateids, GFP_KERNEL))
286                 return NULL;
287         /*
288          * Note: if we fail here (or any time between now and the time
289          * we actually get the new idr), we won't need to undo the idr
290          * preallocation, since the idr code caps the number of
291          * preallocated entries.
292          */
293         return kmem_cache_alloc(slab, GFP_KERNEL);
294 }
295
296 static struct nfs4_ol_stateid * nfs4_alloc_stateid(struct nfs4_client *clp)
297 {
298         return openlockstateid(nfs4_alloc_stid(clp, stateid_slab));
299 }
300
301 static struct nfs4_delegation *
302 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_ol_stateid *stp, struct svc_fh *current_fh, u32 type)
303 {
304         struct nfs4_delegation *dp;
305         struct nfs4_file *fp = stp->st_file;
306
307         dprintk("NFSD alloc_init_deleg\n");
308         /*
309          * Major work on the lease subsystem (for example, to support
310          * calbacks on stat) will be required before we can support
311          * write delegations properly.
312          */
313         if (type != NFS4_OPEN_DELEGATE_READ)
314                 return NULL;
315         if (fp->fi_had_conflict)
316                 return NULL;
317         if (num_delegations > max_delegations)
318                 return NULL;
319         dp = delegstateid(nfs4_alloc_stid(clp, deleg_slab));
320         if (dp == NULL)
321                 return dp;
322         init_stid(&dp->dl_stid, clp, NFS4_DELEG_STID);
323         /*
324          * delegation seqid's are never incremented.  The 4.1 special
325          * meaning of seqid 0 isn't meaningful, really, but let's avoid
326          * 0 anyway just for consistency and use 1:
327          */
328         dp->dl_stid.sc_stateid.si_generation = 1;
329         num_delegations++;
330         INIT_LIST_HEAD(&dp->dl_perfile);
331         INIT_LIST_HEAD(&dp->dl_perclnt);
332         INIT_LIST_HEAD(&dp->dl_recall_lru);
333         get_nfs4_file(fp);
334         dp->dl_file = fp;
335         dp->dl_type = type;
336         fh_copy_shallow(&dp->dl_fh, &current_fh->fh_handle);
337         dp->dl_time = 0;
338         atomic_set(&dp->dl_count, 1);
339         INIT_WORK(&dp->dl_recall.cb_work, nfsd4_do_callback_rpc);
340         return dp;
341 }
342
343 void
344 nfs4_put_delegation(struct nfs4_delegation *dp)
345 {
346         if (atomic_dec_and_test(&dp->dl_count)) {
347                 dprintk("NFSD: freeing dp %p\n",dp);
348                 put_nfs4_file(dp->dl_file);
349                 kmem_cache_free(deleg_slab, dp);
350                 num_delegations--;
351         }
352 }
353
354 static void nfs4_put_deleg_lease(struct nfs4_file *fp)
355 {
356         if (atomic_dec_and_test(&fp->fi_delegees)) {
357                 vfs_setlease(fp->fi_deleg_file, F_UNLCK, &fp->fi_lease);
358                 fp->fi_lease = NULL;
359                 fput(fp->fi_deleg_file);
360                 fp->fi_deleg_file = NULL;
361         }
362 }
363
364 static void unhash_stid(struct nfs4_stid *s)
365 {
366         struct idr *stateids = &s->sc_client->cl_stateids;
367
368         idr_remove(stateids, s->sc_stateid.si_opaque.so_id);
369 }
370
371 /* Called under the state lock. */
372 static void
373 unhash_delegation(struct nfs4_delegation *dp)
374 {
375         unhash_stid(&dp->dl_stid);
376         list_del_init(&dp->dl_perclnt);
377         spin_lock(&recall_lock);
378         list_del_init(&dp->dl_perfile);
379         list_del_init(&dp->dl_recall_lru);
380         spin_unlock(&recall_lock);
381         nfs4_put_deleg_lease(dp->dl_file);
382         nfs4_put_delegation(dp);
383 }
384
385 /* 
386  * SETCLIENTID state 
387  */
388
389 /* client_lock protects the client lru list and session hash table */
390 static DEFINE_SPINLOCK(client_lock);
391
392 /* Hash tables for nfs4_clientid state */
393 #define CLIENT_HASH_BITS                 4
394 #define CLIENT_HASH_SIZE                (1 << CLIENT_HASH_BITS)
395 #define CLIENT_HASH_MASK                (CLIENT_HASH_SIZE - 1)
396
397 static unsigned int clientid_hashval(u32 id)
398 {
399         return id & CLIENT_HASH_MASK;
400 }
401
402 static unsigned int clientstr_hashval(const char *name)
403 {
404         return opaque_hashval(name, 8) & CLIENT_HASH_MASK;
405 }
406
407 /*
408  * reclaim_str_hashtbl[] holds known client info from previous reset/reboot
409  * used in reboot/reset lease grace period processing
410  *
411  * conf_id_hashtbl[], and conf_str_hashtbl[] hold confirmed
412  * setclientid_confirmed info. 
413  *
414  * unconf_str_hastbl[] and unconf_id_hashtbl[] hold unconfirmed 
415  * setclientid info.
416  *
417  * client_lru holds client queue ordered by nfs4_client.cl_time
418  * for lease renewal.
419  *
420  * close_lru holds (open) stateowner queue ordered by nfs4_stateowner.so_time
421  * for last close replay.
422  */
423 static struct list_head reclaim_str_hashtbl[CLIENT_HASH_SIZE];
424 static int reclaim_str_hashtbl_size = 0;
425 static struct list_head conf_id_hashtbl[CLIENT_HASH_SIZE];
426 static struct list_head conf_str_hashtbl[CLIENT_HASH_SIZE];
427 static struct list_head unconf_str_hashtbl[CLIENT_HASH_SIZE];
428 static struct list_head unconf_id_hashtbl[CLIENT_HASH_SIZE];
429 static struct list_head client_lru;
430 static struct list_head close_lru;
431
432 /*
433  * We store the NONE, READ, WRITE, and BOTH bits separately in the
434  * st_{access,deny}_bmap field of the stateid, in order to track not
435  * only what share bits are currently in force, but also what
436  * combinations of share bits previous opens have used.  This allows us
437  * to enforce the recommendation of rfc 3530 14.2.19 that the server
438  * return an error if the client attempt to downgrade to a combination
439  * of share bits not explicable by closing some of its previous opens.
440  *
441  * XXX: This enforcement is actually incomplete, since we don't keep
442  * track of access/deny bit combinations; so, e.g., we allow:
443  *
444  *      OPEN allow read, deny write
445  *      OPEN allow both, deny none
446  *      DOWNGRADE allow read, deny none
447  *
448  * which we should reject.
449  */
450 static void
451 set_access(unsigned int *access, unsigned long bmap) {
452         int i;
453
454         *access = 0;
455         for (i = 1; i < 4; i++) {
456                 if (test_bit(i, &bmap))
457                         *access |= i;
458         }
459 }
460
461 static void
462 set_deny(unsigned int *deny, unsigned long bmap) {
463         int i;
464
465         *deny = 0;
466         for (i = 0; i < 4; i++) {
467                 if (test_bit(i, &bmap))
468                         *deny |= i ;
469         }
470 }
471
472 static int
473 test_share(struct nfs4_ol_stateid *stp, struct nfsd4_open *open) {
474         unsigned int access, deny;
475
476         set_access(&access, stp->st_access_bmap);
477         set_deny(&deny, stp->st_deny_bmap);
478         if ((access & open->op_share_deny) || (deny & open->op_share_access))
479                 return 0;
480         return 1;
481 }
482
483 static int nfs4_access_to_omode(u32 access)
484 {
485         switch (access & NFS4_SHARE_ACCESS_BOTH) {
486         case NFS4_SHARE_ACCESS_READ:
487                 return O_RDONLY;
488         case NFS4_SHARE_ACCESS_WRITE:
489                 return O_WRONLY;
490         case NFS4_SHARE_ACCESS_BOTH:
491                 return O_RDWR;
492         }
493         BUG();
494 }
495
496 static void unhash_generic_stateid(struct nfs4_ol_stateid *stp)
497 {
498         list_del(&stp->st_perfile);
499         list_del(&stp->st_perstateowner);
500 }
501
502 static void close_generic_stateid(struct nfs4_ol_stateid *stp)
503 {
504         int i;
505
506         if (stp->st_access_bmap) {
507                 for (i = 1; i < 4; i++) {
508                         if (test_bit(i, &stp->st_access_bmap))
509                                 nfs4_file_put_access(stp->st_file,
510                                                 nfs4_access_to_omode(i));
511                         __clear_bit(i, &stp->st_access_bmap);
512                 }
513         }
514         put_nfs4_file(stp->st_file);
515         stp->st_file = NULL;
516 }
517
518 static void free_generic_stateid(struct nfs4_ol_stateid *stp)
519 {
520         kmem_cache_free(stateid_slab, stp);
521 }
522
523 static void release_lock_stateid(struct nfs4_ol_stateid *stp)
524 {
525         struct file *file;
526
527         unhash_generic_stateid(stp);
528         unhash_stid(&stp->st_stid);
529         file = find_any_file(stp->st_file);
530         if (file)
531                 locks_remove_posix(file, (fl_owner_t)lockowner(stp->st_stateowner));
532         close_generic_stateid(stp);
533         free_generic_stateid(stp);
534 }
535
536 static void unhash_lockowner(struct nfs4_lockowner *lo)
537 {
538         struct nfs4_ol_stateid *stp;
539
540         list_del(&lo->lo_owner.so_strhash);
541         list_del(&lo->lo_perstateid);
542         list_del(&lo->lo_owner_ino_hash);
543         while (!list_empty(&lo->lo_owner.so_stateids)) {
544                 stp = list_first_entry(&lo->lo_owner.so_stateids,
545                                 struct nfs4_ol_stateid, st_perstateowner);
546                 release_lock_stateid(stp);
547         }
548 }
549
550 static void release_lockowner(struct nfs4_lockowner *lo)
551 {
552         unhash_lockowner(lo);
553         nfs4_free_lockowner(lo);
554 }
555
556 static void
557 release_stateid_lockowners(struct nfs4_ol_stateid *open_stp)
558 {
559         struct nfs4_lockowner *lo;
560
561         while (!list_empty(&open_stp->st_lockowners)) {
562                 lo = list_entry(open_stp->st_lockowners.next,
563                                 struct nfs4_lockowner, lo_perstateid);
564                 release_lockowner(lo);
565         }
566 }
567
568 static void unhash_open_stateid(struct nfs4_ol_stateid *stp)
569 {
570         unhash_generic_stateid(stp);
571         release_stateid_lockowners(stp);
572         close_generic_stateid(stp);
573 }
574
575 static void release_open_stateid(struct nfs4_ol_stateid *stp)
576 {
577         unhash_open_stateid(stp);
578         unhash_stid(&stp->st_stid);
579         free_generic_stateid(stp);
580 }
581
582 static void unhash_openowner(struct nfs4_openowner *oo)
583 {
584         struct nfs4_ol_stateid *stp;
585
586         list_del(&oo->oo_owner.so_strhash);
587         list_del(&oo->oo_perclient);
588         while (!list_empty(&oo->oo_owner.so_stateids)) {
589                 stp = list_first_entry(&oo->oo_owner.so_stateids,
590                                 struct nfs4_ol_stateid, st_perstateowner);
591                 release_open_stateid(stp);
592         }
593 }
594
595 static void release_last_closed_stateid(struct nfs4_openowner *oo)
596 {
597         struct nfs4_ol_stateid *s = oo->oo_last_closed_stid;
598
599         if (s) {
600                 unhash_stid(&s->st_stid);
601                 free_generic_stateid(s);
602                 oo->oo_last_closed_stid = NULL;
603         }
604 }
605
606 static void release_openowner(struct nfs4_openowner *oo)
607 {
608         unhash_openowner(oo);
609         list_del(&oo->oo_close_lru);
610         release_last_closed_stateid(oo);
611         nfs4_free_openowner(oo);
612 }
613
614 #define SESSION_HASH_SIZE       512
615 static struct list_head sessionid_hashtbl[SESSION_HASH_SIZE];
616
617 static inline int
618 hash_sessionid(struct nfs4_sessionid *sessionid)
619 {
620         struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
621
622         return sid->sequence % SESSION_HASH_SIZE;
623 }
624
625 #ifdef NFSD_DEBUG
626 static inline void
627 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
628 {
629         u32 *ptr = (u32 *)(&sessionid->data[0]);
630         dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
631 }
632 #else
633 static inline void
634 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
635 {
636 }
637 #endif
638
639
640 static void
641 gen_sessionid(struct nfsd4_session *ses)
642 {
643         struct nfs4_client *clp = ses->se_client;
644         struct nfsd4_sessionid *sid;
645
646         sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
647         sid->clientid = clp->cl_clientid;
648         sid->sequence = current_sessionid++;
649         sid->reserved = 0;
650 }
651
652 /*
653  * The protocol defines ca_maxresponssize_cached to include the size of
654  * the rpc header, but all we need to cache is the data starting after
655  * the end of the initial SEQUENCE operation--the rest we regenerate
656  * each time.  Therefore we can advertise a ca_maxresponssize_cached
657  * value that is the number of bytes in our cache plus a few additional
658  * bytes.  In order to stay on the safe side, and not promise more than
659  * we can cache, those additional bytes must be the minimum possible: 24
660  * bytes of rpc header (xid through accept state, with AUTH_NULL
661  * verifier), 12 for the compound header (with zero-length tag), and 44
662  * for the SEQUENCE op response:
663  */
664 #define NFSD_MIN_HDR_SEQ_SZ  (24 + 12 + 44)
665
666 static void
667 free_session_slots(struct nfsd4_session *ses)
668 {
669         int i;
670
671         for (i = 0; i < ses->se_fchannel.maxreqs; i++)
672                 kfree(ses->se_slots[i]);
673 }
674
675 /*
676  * We don't actually need to cache the rpc and session headers, so we
677  * can allocate a little less for each slot:
678  */
679 static inline int slot_bytes(struct nfsd4_channel_attrs *ca)
680 {
681         return ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
682 }
683
684 static int nfsd4_sanitize_slot_size(u32 size)
685 {
686         size -= NFSD_MIN_HDR_SEQ_SZ; /* We don't cache the rpc header */
687         size = min_t(u32, size, NFSD_SLOT_CACHE_SIZE);
688
689         return size;
690 }
691
692 /*
693  * XXX: If we run out of reserved DRC memory we could (up to a point)
694  * re-negotiate active sessions and reduce their slot usage to make
695  * room for new connections. For now we just fail the create session.
696  */
697 static int nfsd4_get_drc_mem(int slotsize, u32 num)
698 {
699         int avail;
700
701         num = min_t(u32, num, NFSD_MAX_SLOTS_PER_SESSION);
702
703         spin_lock(&nfsd_drc_lock);
704         avail = min_t(int, NFSD_MAX_MEM_PER_SESSION,
705                         nfsd_drc_max_mem - nfsd_drc_mem_used);
706         num = min_t(int, num, avail / slotsize);
707         nfsd_drc_mem_used += num * slotsize;
708         spin_unlock(&nfsd_drc_lock);
709
710         return num;
711 }
712
713 static void nfsd4_put_drc_mem(int slotsize, int num)
714 {
715         spin_lock(&nfsd_drc_lock);
716         nfsd_drc_mem_used -= slotsize * num;
717         spin_unlock(&nfsd_drc_lock);
718 }
719
720 static struct nfsd4_session *alloc_session(int slotsize, int numslots)
721 {
722         struct nfsd4_session *new;
723         int mem, i;
724
725         BUILD_BUG_ON(NFSD_MAX_SLOTS_PER_SESSION * sizeof(struct nfsd4_slot *)
726                         + sizeof(struct nfsd4_session) > PAGE_SIZE);
727         mem = numslots * sizeof(struct nfsd4_slot *);
728
729         new = kzalloc(sizeof(*new) + mem, GFP_KERNEL);
730         if (!new)
731                 return NULL;
732         /* allocate each struct nfsd4_slot and data cache in one piece */
733         for (i = 0; i < numslots; i++) {
734                 mem = sizeof(struct nfsd4_slot) + slotsize;
735                 new->se_slots[i] = kzalloc(mem, GFP_KERNEL);
736                 if (!new->se_slots[i])
737                         goto out_free;
738         }
739         return new;
740 out_free:
741         while (i--)
742                 kfree(new->se_slots[i]);
743         kfree(new);
744         return NULL;
745 }
746
747 static void init_forechannel_attrs(struct nfsd4_channel_attrs *new, struct nfsd4_channel_attrs *req, int numslots, int slotsize)
748 {
749         u32 maxrpc = nfsd_serv->sv_max_mesg;
750
751         new->maxreqs = numslots;
752         new->maxresp_cached = min_t(u32, req->maxresp_cached,
753                                         slotsize + NFSD_MIN_HDR_SEQ_SZ);
754         new->maxreq_sz = min_t(u32, req->maxreq_sz, maxrpc);
755         new->maxresp_sz = min_t(u32, req->maxresp_sz, maxrpc);
756         new->maxops = min_t(u32, req->maxops, NFSD_MAX_OPS_PER_COMPOUND);
757 }
758
759 static void free_conn(struct nfsd4_conn *c)
760 {
761         svc_xprt_put(c->cn_xprt);
762         kfree(c);
763 }
764
765 static void nfsd4_conn_lost(struct svc_xpt_user *u)
766 {
767         struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
768         struct nfs4_client *clp = c->cn_session->se_client;
769
770         spin_lock(&clp->cl_lock);
771         if (!list_empty(&c->cn_persession)) {
772                 list_del(&c->cn_persession);
773                 free_conn(c);
774         }
775         spin_unlock(&clp->cl_lock);
776         nfsd4_probe_callback(clp);
777 }
778
779 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
780 {
781         struct nfsd4_conn *conn;
782
783         conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
784         if (!conn)
785                 return NULL;
786         svc_xprt_get(rqstp->rq_xprt);
787         conn->cn_xprt = rqstp->rq_xprt;
788         conn->cn_flags = flags;
789         INIT_LIST_HEAD(&conn->cn_xpt_user.list);
790         return conn;
791 }
792
793 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
794 {
795         conn->cn_session = ses;
796         list_add(&conn->cn_persession, &ses->se_conns);
797 }
798
799 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
800 {
801         struct nfs4_client *clp = ses->se_client;
802
803         spin_lock(&clp->cl_lock);
804         __nfsd4_hash_conn(conn, ses);
805         spin_unlock(&clp->cl_lock);
806 }
807
808 static int nfsd4_register_conn(struct nfsd4_conn *conn)
809 {
810         conn->cn_xpt_user.callback = nfsd4_conn_lost;
811         return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
812 }
813
814 static __be32 nfsd4_new_conn(struct svc_rqst *rqstp, struct nfsd4_session *ses, u32 dir)
815 {
816         struct nfsd4_conn *conn;
817         int ret;
818
819         conn = alloc_conn(rqstp, dir);
820         if (!conn)
821                 return nfserr_jukebox;
822         nfsd4_hash_conn(conn, ses);
823         ret = nfsd4_register_conn(conn);
824         if (ret)
825                 /* oops; xprt is already down: */
826                 nfsd4_conn_lost(&conn->cn_xpt_user);
827         return nfs_ok;
828 }
829
830 static __be32 nfsd4_new_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_session *ses)
831 {
832         u32 dir = NFS4_CDFC4_FORE;
833
834         if (ses->se_flags & SESSION4_BACK_CHAN)
835                 dir |= NFS4_CDFC4_BACK;
836
837         return nfsd4_new_conn(rqstp, ses, dir);
838 }
839
840 /* must be called under client_lock */
841 static void nfsd4_del_conns(struct nfsd4_session *s)
842 {
843         struct nfs4_client *clp = s->se_client;
844         struct nfsd4_conn *c;
845
846         spin_lock(&clp->cl_lock);
847         while (!list_empty(&s->se_conns)) {
848                 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
849                 list_del_init(&c->cn_persession);
850                 spin_unlock(&clp->cl_lock);
851
852                 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
853                 free_conn(c);
854
855                 spin_lock(&clp->cl_lock);
856         }
857         spin_unlock(&clp->cl_lock);
858 }
859
860 static void free_session(struct kref *kref)
861 {
862         struct nfsd4_session *ses;
863         int mem;
864
865         lockdep_assert_held(&client_lock);
866         ses = container_of(kref, struct nfsd4_session, se_ref);
867         nfsd4_del_conns(ses);
868         spin_lock(&nfsd_drc_lock);
869         mem = ses->se_fchannel.maxreqs * slot_bytes(&ses->se_fchannel);
870         nfsd_drc_mem_used -= mem;
871         spin_unlock(&nfsd_drc_lock);
872         free_session_slots(ses);
873         kfree(ses);
874 }
875
876 void nfsd4_put_session(struct nfsd4_session *ses)
877 {
878         spin_lock(&client_lock);
879         nfsd4_put_session_locked(ses);
880         spin_unlock(&client_lock);
881 }
882
883 static struct nfsd4_session *alloc_init_session(struct svc_rqst *rqstp, struct nfs4_client *clp, struct nfsd4_create_session *cses)
884 {
885         struct nfsd4_session *new;
886         struct nfsd4_channel_attrs *fchan = &cses->fore_channel;
887         int numslots, slotsize;
888         int status;
889         int idx;
890
891         /*
892          * Note decreasing slot size below client's request may
893          * make it difficult for client to function correctly, whereas
894          * decreasing the number of slots will (just?) affect
895          * performance.  When short on memory we therefore prefer to
896          * decrease number of slots instead of their size.
897          */
898         slotsize = nfsd4_sanitize_slot_size(fchan->maxresp_cached);
899         numslots = nfsd4_get_drc_mem(slotsize, fchan->maxreqs);
900         if (numslots < 1)
901                 return NULL;
902
903         new = alloc_session(slotsize, numslots);
904         if (!new) {
905                 nfsd4_put_drc_mem(slotsize, fchan->maxreqs);
906                 return NULL;
907         }
908         init_forechannel_attrs(&new->se_fchannel, fchan, numslots, slotsize);
909
910         new->se_client = clp;
911         gen_sessionid(new);
912
913         INIT_LIST_HEAD(&new->se_conns);
914
915         new->se_cb_seq_nr = 1;
916         new->se_flags = cses->flags;
917         new->se_cb_prog = cses->callback_prog;
918         kref_init(&new->se_ref);
919         idx = hash_sessionid(&new->se_sessionid);
920         spin_lock(&client_lock);
921         list_add(&new->se_hash, &sessionid_hashtbl[idx]);
922         spin_lock(&clp->cl_lock);
923         list_add(&new->se_perclnt, &clp->cl_sessions);
924         spin_unlock(&clp->cl_lock);
925         spin_unlock(&client_lock);
926
927         status = nfsd4_new_conn_from_crses(rqstp, new);
928         /* whoops: benny points out, status is ignored! (err, or bogus) */
929         if (status) {
930                 spin_lock(&client_lock);
931                 free_session(&new->se_ref);
932                 spin_unlock(&client_lock);
933                 return NULL;
934         }
935         if (cses->flags & SESSION4_BACK_CHAN) {
936                 struct sockaddr *sa = svc_addr(rqstp);
937                 /*
938                  * This is a little silly; with sessions there's no real
939                  * use for the callback address.  Use the peer address
940                  * as a reasonable default for now, but consider fixing
941                  * the rpc client not to require an address in the
942                  * future:
943                  */
944                 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
945                 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
946         }
947         nfsd4_probe_callback(clp);
948         return new;
949 }
950
951 /* caller must hold client_lock */
952 static struct nfsd4_session *
953 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid)
954 {
955         struct nfsd4_session *elem;
956         int idx;
957
958         dump_sessionid(__func__, sessionid);
959         idx = hash_sessionid(sessionid);
960         /* Search in the appropriate list */
961         list_for_each_entry(elem, &sessionid_hashtbl[idx], se_hash) {
962                 if (!memcmp(elem->se_sessionid.data, sessionid->data,
963                             NFS4_MAX_SESSIONID_LEN)) {
964                         return elem;
965                 }
966         }
967
968         dprintk("%s: session not found\n", __func__);
969         return NULL;
970 }
971
972 /* caller must hold client_lock */
973 static void
974 unhash_session(struct nfsd4_session *ses)
975 {
976         list_del(&ses->se_hash);
977         spin_lock(&ses->se_client->cl_lock);
978         list_del(&ses->se_perclnt);
979         spin_unlock(&ses->se_client->cl_lock);
980 }
981
982 /* must be called under the client_lock */
983 static inline void
984 renew_client_locked(struct nfs4_client *clp)
985 {
986         if (is_client_expired(clp)) {
987                 dprintk("%s: client (clientid %08x/%08x) already expired\n",
988                         __func__,
989                         clp->cl_clientid.cl_boot,
990                         clp->cl_clientid.cl_id);
991                 return;
992         }
993
994         dprintk("renewing client (clientid %08x/%08x)\n", 
995                         clp->cl_clientid.cl_boot, 
996                         clp->cl_clientid.cl_id);
997         list_move_tail(&clp->cl_lru, &client_lru);
998         clp->cl_time = get_seconds();
999 }
1000
1001 static inline void
1002 renew_client(struct nfs4_client *clp)
1003 {
1004         spin_lock(&client_lock);
1005         renew_client_locked(clp);
1006         spin_unlock(&client_lock);
1007 }
1008
1009 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
1010 static int
1011 STALE_CLIENTID(clientid_t *clid)
1012 {
1013         if (clid->cl_boot == boot_time)
1014                 return 0;
1015         dprintk("NFSD stale clientid (%08x/%08x) boot_time %08lx\n",
1016                 clid->cl_boot, clid->cl_id, boot_time);
1017         return 1;
1018 }
1019
1020 /* 
1021  * XXX Should we use a slab cache ?
1022  * This type of memory management is somewhat inefficient, but we use it
1023  * anyway since SETCLIENTID is not a common operation.
1024  */
1025 static struct nfs4_client *alloc_client(struct xdr_netobj name)
1026 {
1027         struct nfs4_client *clp;
1028
1029         clp = kzalloc(sizeof(struct nfs4_client), GFP_KERNEL);
1030         if (clp == NULL)
1031                 return NULL;
1032         clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
1033         if (clp->cl_name.data == NULL) {
1034                 kfree(clp);
1035                 return NULL;
1036         }
1037         clp->cl_name.len = name.len;
1038         return clp;
1039 }
1040
1041 static inline void
1042 free_client(struct nfs4_client *clp)
1043 {
1044         lockdep_assert_held(&client_lock);
1045         while (!list_empty(&clp->cl_sessions)) {
1046                 struct nfsd4_session *ses;
1047                 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
1048                                 se_perclnt);
1049                 list_del(&ses->se_perclnt);
1050                 nfsd4_put_session_locked(ses);
1051         }
1052         if (clp->cl_cred.cr_group_info)
1053                 put_group_info(clp->cl_cred.cr_group_info);
1054         kfree(clp->cl_principal);
1055         kfree(clp->cl_name.data);
1056         kfree(clp);
1057 }
1058
1059 void
1060 release_session_client(struct nfsd4_session *session)
1061 {
1062         struct nfs4_client *clp = session->se_client;
1063
1064         if (!atomic_dec_and_lock(&clp->cl_refcount, &client_lock))
1065                 return;
1066         if (is_client_expired(clp)) {
1067                 free_client(clp);
1068                 session->se_client = NULL;
1069         } else
1070                 renew_client_locked(clp);
1071         spin_unlock(&client_lock);
1072 }
1073
1074 /* must be called under the client_lock */
1075 static inline void
1076 unhash_client_locked(struct nfs4_client *clp)
1077 {
1078         struct nfsd4_session *ses;
1079
1080         mark_client_expired(clp);
1081         list_del(&clp->cl_lru);
1082         spin_lock(&clp->cl_lock);
1083         list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
1084                 list_del_init(&ses->se_hash);
1085         spin_unlock(&clp->cl_lock);
1086 }
1087
1088 static void
1089 expire_client(struct nfs4_client *clp)
1090 {
1091         struct nfs4_openowner *oo;
1092         struct nfs4_delegation *dp;
1093         struct list_head reaplist;
1094
1095         INIT_LIST_HEAD(&reaplist);
1096         spin_lock(&recall_lock);
1097         while (!list_empty(&clp->cl_delegations)) {
1098                 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
1099                 list_del_init(&dp->dl_perclnt);
1100                 list_move(&dp->dl_recall_lru, &reaplist);
1101         }
1102         spin_unlock(&recall_lock);
1103         while (!list_empty(&reaplist)) {
1104                 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
1105                 unhash_delegation(dp);
1106         }
1107         while (!list_empty(&clp->cl_openowners)) {
1108                 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
1109                 release_openowner(oo);
1110         }
1111         nfsd4_shutdown_callback(clp);
1112         if (clp->cl_cb_conn.cb_xprt)
1113                 svc_xprt_put(clp->cl_cb_conn.cb_xprt);
1114         list_del(&clp->cl_idhash);
1115         list_del(&clp->cl_strhash);
1116         spin_lock(&client_lock);
1117         unhash_client_locked(clp);
1118         if (atomic_read(&clp->cl_refcount) == 0)
1119                 free_client(clp);
1120         spin_unlock(&client_lock);
1121 }
1122
1123 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
1124 {
1125         memcpy(target->cl_verifier.data, source->data,
1126                         sizeof(target->cl_verifier.data));
1127 }
1128
1129 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
1130 {
1131         target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 
1132         target->cl_clientid.cl_id = source->cl_clientid.cl_id; 
1133 }
1134
1135 static void copy_cred(struct svc_cred *target, struct svc_cred *source)
1136 {
1137         target->cr_uid = source->cr_uid;
1138         target->cr_gid = source->cr_gid;
1139         target->cr_group_info = source->cr_group_info;
1140         get_group_info(target->cr_group_info);
1141 }
1142
1143 static int same_name(const char *n1, const char *n2)
1144 {
1145         return 0 == memcmp(n1, n2, HEXDIR_LEN);
1146 }
1147
1148 static int
1149 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
1150 {
1151         return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
1152 }
1153
1154 static int
1155 same_clid(clientid_t *cl1, clientid_t *cl2)
1156 {
1157         return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
1158 }
1159
1160 /* XXX what about NGROUP */
1161 static int
1162 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
1163 {
1164         return cr1->cr_uid == cr2->cr_uid;
1165 }
1166
1167 static void gen_clid(struct nfs4_client *clp)
1168 {
1169         static u32 current_clientid = 1;
1170
1171         clp->cl_clientid.cl_boot = boot_time;
1172         clp->cl_clientid.cl_id = current_clientid++; 
1173 }
1174
1175 static void gen_confirm(struct nfs4_client *clp)
1176 {
1177         __be32 verf[2];
1178         static u32 i;
1179
1180         verf[0] = (__be32)get_seconds();
1181         verf[1] = (__be32)i++;
1182         memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
1183 }
1184
1185 static struct nfs4_stid *find_stateid(struct nfs4_client *cl, stateid_t *t)
1186 {
1187         return idr_find(&cl->cl_stateids, t->si_opaque.so_id);
1188 }
1189
1190 static struct nfs4_stid *find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
1191 {
1192         struct nfs4_stid *s;
1193
1194         s = find_stateid(cl, t);
1195         if (!s)
1196                 return NULL;
1197         if (typemask & s->sc_type)
1198                 return s;
1199         return NULL;
1200 }
1201
1202 static struct nfs4_client *create_client(struct xdr_netobj name, char *recdir,
1203                 struct svc_rqst *rqstp, nfs4_verifier *verf)
1204 {
1205         struct nfs4_client *clp;
1206         struct sockaddr *sa = svc_addr(rqstp);
1207         char *princ;
1208
1209         clp = alloc_client(name);
1210         if (clp == NULL)
1211                 return NULL;
1212
1213         INIT_LIST_HEAD(&clp->cl_sessions);
1214
1215         princ = svc_gss_principal(rqstp);
1216         if (princ) {
1217                 clp->cl_principal = kstrdup(princ, GFP_KERNEL);
1218                 if (clp->cl_principal == NULL) {
1219                         spin_lock(&client_lock);
1220                         free_client(clp);
1221                         spin_unlock(&client_lock);
1222                         return NULL;
1223                 }
1224         }
1225
1226         idr_init(&clp->cl_stateids);
1227         memcpy(clp->cl_recdir, recdir, HEXDIR_LEN);
1228         atomic_set(&clp->cl_refcount, 0);
1229         clp->cl_cb_state = NFSD4_CB_UNKNOWN;
1230         INIT_LIST_HEAD(&clp->cl_idhash);
1231         INIT_LIST_HEAD(&clp->cl_strhash);
1232         INIT_LIST_HEAD(&clp->cl_openowners);
1233         INIT_LIST_HEAD(&clp->cl_delegations);
1234         INIT_LIST_HEAD(&clp->cl_lru);
1235         INIT_LIST_HEAD(&clp->cl_callbacks);
1236         spin_lock_init(&clp->cl_lock);
1237         INIT_WORK(&clp->cl_cb_null.cb_work, nfsd4_do_callback_rpc);
1238         clp->cl_time = get_seconds();
1239         clear_bit(0, &clp->cl_cb_slot_busy);
1240         rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
1241         copy_verf(clp, verf);
1242         rpc_copy_addr((struct sockaddr *) &clp->cl_addr, sa);
1243         clp->cl_flavor = rqstp->rq_flavor;
1244         copy_cred(&clp->cl_cred, &rqstp->rq_cred);
1245         gen_confirm(clp);
1246         clp->cl_cb_session = NULL;
1247         return clp;
1248 }
1249
1250 static void
1251 add_to_unconfirmed(struct nfs4_client *clp, unsigned int strhashval)
1252 {
1253         unsigned int idhashval;
1254
1255         list_add(&clp->cl_strhash, &unconf_str_hashtbl[strhashval]);
1256         idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1257         list_add(&clp->cl_idhash, &unconf_id_hashtbl[idhashval]);
1258         renew_client(clp);
1259 }
1260
1261 static void
1262 move_to_confirmed(struct nfs4_client *clp)
1263 {
1264         unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
1265         unsigned int strhashval;
1266
1267         dprintk("NFSD: move_to_confirm nfs4_client %p\n", clp);
1268         list_move(&clp->cl_idhash, &conf_id_hashtbl[idhashval]);
1269         strhashval = clientstr_hashval(clp->cl_recdir);
1270         list_move(&clp->cl_strhash, &conf_str_hashtbl[strhashval]);
1271         renew_client(clp);
1272 }
1273
1274 static struct nfs4_client *
1275 find_confirmed_client(clientid_t *clid)
1276 {
1277         struct nfs4_client *clp;
1278         unsigned int idhashval = clientid_hashval(clid->cl_id);
1279
1280         list_for_each_entry(clp, &conf_id_hashtbl[idhashval], cl_idhash) {
1281                 if (same_clid(&clp->cl_clientid, clid)) {
1282                         renew_client(clp);
1283                         return clp;
1284                 }
1285         }
1286         return NULL;
1287 }
1288
1289 static struct nfs4_client *
1290 find_unconfirmed_client(clientid_t *clid)
1291 {
1292         struct nfs4_client *clp;
1293         unsigned int idhashval = clientid_hashval(clid->cl_id);
1294
1295         list_for_each_entry(clp, &unconf_id_hashtbl[idhashval], cl_idhash) {
1296                 if (same_clid(&clp->cl_clientid, clid))
1297                         return clp;
1298         }
1299         return NULL;
1300 }
1301
1302 static bool clp_used_exchangeid(struct nfs4_client *clp)
1303 {
1304         return clp->cl_exchange_flags != 0;
1305
1306
1307 static struct nfs4_client *
1308 find_confirmed_client_by_str(const char *dname, unsigned int hashval)
1309 {
1310         struct nfs4_client *clp;
1311
1312         list_for_each_entry(clp, &conf_str_hashtbl[hashval], cl_strhash) {
1313                 if (same_name(clp->cl_recdir, dname))
1314                         return clp;
1315         }
1316         return NULL;
1317 }
1318
1319 static struct nfs4_client *
1320 find_unconfirmed_client_by_str(const char *dname, unsigned int hashval)
1321 {
1322         struct nfs4_client *clp;
1323
1324         list_for_each_entry(clp, &unconf_str_hashtbl[hashval], cl_strhash) {
1325                 if (same_name(clp->cl_recdir, dname))
1326                         return clp;
1327         }
1328         return NULL;
1329 }
1330
1331 static void
1332 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
1333 {
1334         struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
1335         struct sockaddr *sa = svc_addr(rqstp);
1336         u32 scopeid = rpc_get_scope_id(sa);
1337         unsigned short expected_family;
1338
1339         /* Currently, we only support tcp and tcp6 for the callback channel */
1340         if (se->se_callback_netid_len == 3 &&
1341             !memcmp(se->se_callback_netid_val, "tcp", 3))
1342                 expected_family = AF_INET;
1343         else if (se->se_callback_netid_len == 4 &&
1344                  !memcmp(se->se_callback_netid_val, "tcp6", 4))
1345                 expected_family = AF_INET6;
1346         else
1347                 goto out_err;
1348
1349         conn->cb_addrlen = rpc_uaddr2sockaddr(&init_net, se->se_callback_addr_val,
1350                                             se->se_callback_addr_len,
1351                                             (struct sockaddr *)&conn->cb_addr,
1352                                             sizeof(conn->cb_addr));
1353
1354         if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
1355                 goto out_err;
1356
1357         if (conn->cb_addr.ss_family == AF_INET6)
1358                 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
1359
1360         conn->cb_prog = se->se_callback_prog;
1361         conn->cb_ident = se->se_callback_ident;
1362         memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
1363         return;
1364 out_err:
1365         conn->cb_addr.ss_family = AF_UNSPEC;
1366         conn->cb_addrlen = 0;
1367         dprintk(KERN_INFO "NFSD: this client (clientid %08x/%08x) "
1368                 "will not receive delegations\n",
1369                 clp->cl_clientid.cl_boot, clp->cl_clientid.cl_id);
1370
1371         return;
1372 }
1373
1374 /*
1375  * Cache a reply. nfsd4_check_drc_limit() has bounded the cache size.
1376  */
1377 void
1378 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
1379 {
1380         struct nfsd4_slot *slot = resp->cstate.slot;
1381         unsigned int base;
1382
1383         dprintk("--> %s slot %p\n", __func__, slot);
1384
1385         slot->sl_opcnt = resp->opcnt;
1386         slot->sl_status = resp->cstate.status;
1387
1388         slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
1389         if (nfsd4_not_cached(resp)) {
1390                 slot->sl_datalen = 0;
1391                 return;
1392         }
1393         slot->sl_datalen = (char *)resp->p - (char *)resp->cstate.datap;
1394         base = (char *)resp->cstate.datap -
1395                                         (char *)resp->xbuf->head[0].iov_base;
1396         if (read_bytes_from_xdr_buf(resp->xbuf, base, slot->sl_data,
1397                                     slot->sl_datalen))
1398                 WARN("%s: sessions DRC could not cache compound\n", __func__);
1399         return;
1400 }
1401
1402 /*
1403  * Encode the replay sequence operation from the slot values.
1404  * If cachethis is FALSE encode the uncached rep error on the next
1405  * operation which sets resp->p and increments resp->opcnt for
1406  * nfs4svc_encode_compoundres.
1407  *
1408  */
1409 static __be32
1410 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
1411                           struct nfsd4_compoundres *resp)
1412 {
1413         struct nfsd4_op *op;
1414         struct nfsd4_slot *slot = resp->cstate.slot;
1415
1416         /* Encode the replayed sequence operation */
1417         op = &args->ops[resp->opcnt - 1];
1418         nfsd4_encode_operation(resp, op);
1419
1420         /* Return nfserr_retry_uncached_rep in next operation. */
1421         if (args->opcnt > 1 && !(slot->sl_flags & NFSD4_SLOT_CACHETHIS)) {
1422                 op = &args->ops[resp->opcnt++];
1423                 op->status = nfserr_retry_uncached_rep;
1424                 nfsd4_encode_operation(resp, op);
1425         }
1426         return op->status;
1427 }
1428
1429 /*
1430  * The sequence operation is not cached because we can use the slot and
1431  * session values.
1432  */
1433 __be32
1434 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
1435                          struct nfsd4_sequence *seq)
1436 {
1437         struct nfsd4_slot *slot = resp->cstate.slot;
1438         __be32 status;
1439
1440         dprintk("--> %s slot %p\n", __func__, slot);
1441
1442         /* Either returns 0 or nfserr_retry_uncached */
1443         status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
1444         if (status == nfserr_retry_uncached_rep)
1445                 return status;
1446
1447         /* The sequence operation has been encoded, cstate->datap set. */
1448         memcpy(resp->cstate.datap, slot->sl_data, slot->sl_datalen);
1449
1450         resp->opcnt = slot->sl_opcnt;
1451         resp->p = resp->cstate.datap + XDR_QUADLEN(slot->sl_datalen);
1452         status = slot->sl_status;
1453
1454         return status;
1455 }
1456
1457 /*
1458  * Set the exchange_id flags returned by the server.
1459  */
1460 static void
1461 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
1462 {
1463         /* pNFS is not supported */
1464         new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
1465
1466         /* Referrals are supported, Migration is not. */
1467         new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
1468
1469         /* set the wire flags to return to client. */
1470         clid->flags = new->cl_exchange_flags;
1471 }
1472
1473 __be32
1474 nfsd4_exchange_id(struct svc_rqst *rqstp,
1475                   struct nfsd4_compound_state *cstate,
1476                   struct nfsd4_exchange_id *exid)
1477 {
1478         struct nfs4_client *unconf, *conf, *new;
1479         int status;
1480         unsigned int            strhashval;
1481         char                    dname[HEXDIR_LEN];
1482         char                    addr_str[INET6_ADDRSTRLEN];
1483         nfs4_verifier           verf = exid->verifier;
1484         struct sockaddr         *sa = svc_addr(rqstp);
1485
1486         rpc_ntop(sa, addr_str, sizeof(addr_str));
1487         dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
1488                 "ip_addr=%s flags %x, spa_how %d\n",
1489                 __func__, rqstp, exid, exid->clname.len, exid->clname.data,
1490                 addr_str, exid->flags, exid->spa_how);
1491
1492         if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
1493                 return nfserr_inval;
1494
1495         /* Currently only support SP4_NONE */
1496         switch (exid->spa_how) {
1497         case SP4_NONE:
1498                 break;
1499         case SP4_SSV:
1500                 return nfserr_serverfault;
1501         default:
1502                 BUG();                          /* checked by xdr code */
1503         case SP4_MACH_CRED:
1504                 return nfserr_serverfault;      /* no excuse :-/ */
1505         }
1506
1507         status = nfs4_make_rec_clidname(dname, &exid->clname);
1508
1509         if (status)
1510                 goto error;
1511
1512         strhashval = clientstr_hashval(dname);
1513
1514         nfs4_lock_state();
1515         status = nfs_ok;
1516
1517         conf = find_confirmed_client_by_str(dname, strhashval);
1518         if (conf) {
1519                 if (!clp_used_exchangeid(conf)) {
1520                         status = nfserr_clid_inuse; /* XXX: ? */
1521                         goto out;
1522                 }
1523                 if (!same_verf(&verf, &conf->cl_verifier)) {
1524                         /* 18.35.4 case 8 */
1525                         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1526                                 status = nfserr_not_same;
1527                                 goto out;
1528                         }
1529                         /* Client reboot: destroy old state */
1530                         expire_client(conf);
1531                         goto out_new;
1532                 }
1533                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
1534                         /* 18.35.4 case 9 */
1535                         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1536                                 status = nfserr_perm;
1537                                 goto out;
1538                         }
1539                         expire_client(conf);
1540                         goto out_new;
1541                 }
1542                 /*
1543                  * Set bit when the owner id and verifier map to an already
1544                  * confirmed client id (18.35.3).
1545                  */
1546                 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
1547
1548                 /*
1549                  * Falling into 18.35.4 case 2, possible router replay.
1550                  * Leave confirmed record intact and return same result.
1551                  */
1552                 copy_verf(conf, &verf);
1553                 new = conf;
1554                 goto out_copy;
1555         }
1556
1557         /* 18.35.4 case 7 */
1558         if (exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A) {
1559                 status = nfserr_noent;
1560                 goto out;
1561         }
1562
1563         unconf  = find_unconfirmed_client_by_str(dname, strhashval);
1564         if (unconf) {
1565                 /*
1566                  * Possible retry or client restart.  Per 18.35.4 case 4,
1567                  * a new unconfirmed record should be generated regardless
1568                  * of whether any properties have changed.
1569                  */
1570                 expire_client(unconf);
1571         }
1572
1573 out_new:
1574         /* Normal case */
1575         new = create_client(exid->clname, dname, rqstp, &verf);
1576         if (new == NULL) {
1577                 status = nfserr_jukebox;
1578                 goto out;
1579         }
1580
1581         gen_clid(new);
1582         add_to_unconfirmed(new, strhashval);
1583 out_copy:
1584         exid->clientid.cl_boot = new->cl_clientid.cl_boot;
1585         exid->clientid.cl_id = new->cl_clientid.cl_id;
1586
1587         exid->seqid = 1;
1588         nfsd4_set_ex_flags(new, exid);
1589
1590         dprintk("nfsd4_exchange_id seqid %d flags %x\n",
1591                 new->cl_cs_slot.sl_seqid, new->cl_exchange_flags);
1592         status = nfs_ok;
1593
1594 out:
1595         nfs4_unlock_state();
1596 error:
1597         dprintk("nfsd4_exchange_id returns %d\n", ntohl(status));
1598         return status;
1599 }
1600
1601 static int
1602 check_slot_seqid(u32 seqid, u32 slot_seqid, int slot_inuse)
1603 {
1604         dprintk("%s enter. seqid %d slot_seqid %d\n", __func__, seqid,
1605                 slot_seqid);
1606
1607         /* The slot is in use, and no response has been sent. */
1608         if (slot_inuse) {
1609                 if (seqid == slot_seqid)
1610                         return nfserr_jukebox;
1611                 else
1612                         return nfserr_seq_misordered;
1613         }
1614         /* Note unsigned 32-bit arithmetic handles wraparound: */
1615         if (likely(seqid == slot_seqid + 1))
1616                 return nfs_ok;
1617         if (seqid == slot_seqid)
1618                 return nfserr_replay_cache;
1619         return nfserr_seq_misordered;
1620 }
1621
1622 /*
1623  * Cache the create session result into the create session single DRC
1624  * slot cache by saving the xdr structure. sl_seqid has been set.
1625  * Do this for solo or embedded create session operations.
1626  */
1627 static void
1628 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
1629                            struct nfsd4_clid_slot *slot, int nfserr)
1630 {
1631         slot->sl_status = nfserr;
1632         memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
1633 }
1634
1635 static __be32
1636 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
1637                             struct nfsd4_clid_slot *slot)
1638 {
1639         memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
1640         return slot->sl_status;
1641 }
1642
1643 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\
1644                         2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
1645                         1 +     /* MIN tag is length with zero, only length */ \
1646                         3 +     /* version, opcount, opcode */ \
1647                         XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
1648                                 /* seqid, slotID, slotID, cache */ \
1649                         4 ) * sizeof(__be32))
1650
1651 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
1652                         2 +     /* verifier: AUTH_NULL, length 0 */\
1653                         1 +     /* status */ \
1654                         1 +     /* MIN tag is length with zero, only length */ \
1655                         3 +     /* opcount, opcode, opstatus*/ \
1656                         XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
1657                                 /* seqid, slotID, slotID, slotID, status */ \
1658                         5 ) * sizeof(__be32))
1659
1660 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs fchannel)
1661 {
1662         return fchannel.maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ
1663                 || fchannel.maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ;
1664 }
1665
1666 __be32
1667 nfsd4_create_session(struct svc_rqst *rqstp,
1668                      struct nfsd4_compound_state *cstate,
1669                      struct nfsd4_create_session *cr_ses)
1670 {
1671         struct sockaddr *sa = svc_addr(rqstp);
1672         struct nfs4_client *conf, *unconf;
1673         struct nfsd4_session *new;
1674         struct nfsd4_clid_slot *cs_slot = NULL;
1675         bool confirm_me = false;
1676         int status = 0;
1677
1678         if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
1679                 return nfserr_inval;
1680
1681         nfs4_lock_state();
1682         unconf = find_unconfirmed_client(&cr_ses->clientid);
1683         conf = find_confirmed_client(&cr_ses->clientid);
1684
1685         if (conf) {
1686                 cs_slot = &conf->cl_cs_slot;
1687                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1688                 if (status == nfserr_replay_cache) {
1689                         dprintk("Got a create_session replay! seqid= %d\n",
1690                                 cs_slot->sl_seqid);
1691                         /* Return the cached reply status */
1692                         status = nfsd4_replay_create_session(cr_ses, cs_slot);
1693                         goto out;
1694                 } else if (cr_ses->seqid != cs_slot->sl_seqid + 1) {
1695                         status = nfserr_seq_misordered;
1696                         dprintk("Sequence misordered!\n");
1697                         dprintk("Expected seqid= %d but got seqid= %d\n",
1698                                 cs_slot->sl_seqid, cr_ses->seqid);
1699                         goto out;
1700                 }
1701         } else if (unconf) {
1702                 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
1703                     !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
1704                         status = nfserr_clid_inuse;
1705                         goto out;
1706                 }
1707
1708                 cs_slot = &unconf->cl_cs_slot;
1709                 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
1710                 if (status) {
1711                         /* an unconfirmed replay returns misordered */
1712                         status = nfserr_seq_misordered;
1713                         goto out;
1714                 }
1715
1716                 confirm_me = true;
1717                 conf = unconf;
1718         } else {
1719                 status = nfserr_stale_clientid;
1720                 goto out;
1721         }
1722
1723         /*
1724          * XXX: we should probably set this at creation time, and check
1725          * for consistent minorversion use throughout:
1726          */
1727         conf->cl_minorversion = 1;
1728         /*
1729          * We do not support RDMA or persistent sessions
1730          */
1731         cr_ses->flags &= ~SESSION4_PERSIST;
1732         cr_ses->flags &= ~SESSION4_RDMA;
1733
1734         status = nfserr_toosmall;
1735         if (check_forechannel_attrs(cr_ses->fore_channel))
1736                 goto out;
1737
1738         status = nfserr_jukebox;
1739         new = alloc_init_session(rqstp, conf, cr_ses);
1740         if (!new)
1741                 goto out;
1742         status = nfs_ok;
1743         memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
1744                NFS4_MAX_SESSIONID_LEN);
1745         memcpy(&cr_ses->fore_channel, &new->se_fchannel,
1746                 sizeof(struct nfsd4_channel_attrs));
1747         cs_slot->sl_seqid++;
1748         cr_ses->seqid = cs_slot->sl_seqid;
1749
1750         /* cache solo and embedded create sessions under the state lock */
1751         nfsd4_cache_create_session(cr_ses, cs_slot, status);
1752         if (confirm_me)
1753                 move_to_confirmed(conf);
1754 out:
1755         nfs4_unlock_state();
1756         dprintk("%s returns %d\n", __func__, ntohl(status));
1757         return status;
1758 }
1759
1760 static bool nfsd4_last_compound_op(struct svc_rqst *rqstp)
1761 {
1762         struct nfsd4_compoundres *resp = rqstp->rq_resp;
1763         struct nfsd4_compoundargs *argp = rqstp->rq_argp;
1764
1765         return argp->opcnt == resp->opcnt;
1766 }
1767
1768 static __be32 nfsd4_map_bcts_dir(u32 *dir)
1769 {
1770         switch (*dir) {
1771         case NFS4_CDFC4_FORE:
1772         case NFS4_CDFC4_BACK:
1773                 return nfs_ok;
1774         case NFS4_CDFC4_FORE_OR_BOTH:
1775         case NFS4_CDFC4_BACK_OR_BOTH:
1776                 *dir = NFS4_CDFC4_BOTH;
1777                 return nfs_ok;
1778         };
1779         return nfserr_inval;
1780 }
1781
1782 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
1783                      struct nfsd4_compound_state *cstate,
1784                      struct nfsd4_bind_conn_to_session *bcts)
1785 {
1786         __be32 status;
1787
1788         if (!nfsd4_last_compound_op(rqstp))
1789                 return nfserr_not_only_op;
1790         spin_lock(&client_lock);
1791         cstate->session = find_in_sessionid_hashtbl(&bcts->sessionid);
1792         /* Sorta weird: we only need the refcnt'ing because new_conn acquires
1793          * client_lock iself: */
1794         if (cstate->session) {
1795                 nfsd4_get_session(cstate->session);
1796                 atomic_inc(&cstate->session->se_client->cl_refcount);
1797         }
1798         spin_unlock(&client_lock);
1799         if (!cstate->session)
1800                 return nfserr_badsession;
1801
1802         status = nfsd4_map_bcts_dir(&bcts->dir);
1803         if (!status)
1804                 nfsd4_new_conn(rqstp, cstate->session, bcts->dir);
1805         return status;
1806 }
1807
1808 static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
1809 {
1810         if (!session)
1811                 return 0;
1812         return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
1813 }
1814
1815 __be32
1816 nfsd4_destroy_session(struct svc_rqst *r,
1817                       struct nfsd4_compound_state *cstate,
1818                       struct nfsd4_destroy_session *sessionid)
1819 {
1820         struct nfsd4_session *ses;
1821         u32 status = nfserr_badsession;
1822
1823         /* Notes:
1824          * - The confirmed nfs4_client->cl_sessionid holds destroyed sessinid
1825          * - Should we return nfserr_back_chan_busy if waiting for
1826          *   callbacks on to-be-destroyed session?
1827          * - Do we need to clear any callback info from previous session?
1828          */
1829
1830         if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
1831                 if (!nfsd4_last_compound_op(r))
1832                         return nfserr_not_only_op;
1833         }
1834         dump_sessionid(__func__, &sessionid->sessionid);
1835         spin_lock(&client_lock);
1836         ses = find_in_sessionid_hashtbl(&sessionid->sessionid);
1837         if (!ses) {
1838                 spin_unlock(&client_lock);
1839                 goto out;
1840         }
1841
1842         unhash_session(ses);
1843         spin_unlock(&client_lock);
1844
1845         nfs4_lock_state();
1846         nfsd4_probe_callback_sync(ses->se_client);
1847         nfs4_unlock_state();
1848
1849         spin_lock(&client_lock);
1850         nfsd4_del_conns(ses);
1851         nfsd4_put_session_locked(ses);
1852         spin_unlock(&client_lock);
1853         status = nfs_ok;
1854 out:
1855         dprintk("%s returns %d\n", __func__, ntohl(status));
1856         return status;
1857 }
1858
1859 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
1860 {
1861         struct nfsd4_conn *c;
1862
1863         list_for_each_entry(c, &s->se_conns, cn_persession) {
1864                 if (c->cn_xprt == xpt) {
1865                         return c;
1866                 }
1867         }
1868         return NULL;
1869 }
1870
1871 static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
1872 {
1873         struct nfs4_client *clp = ses->se_client;
1874         struct nfsd4_conn *c;
1875         int ret;
1876
1877         spin_lock(&clp->cl_lock);
1878         c = __nfsd4_find_conn(new->cn_xprt, ses);
1879         if (c) {
1880                 spin_unlock(&clp->cl_lock);
1881                 free_conn(new);
1882                 return;
1883         }
1884         __nfsd4_hash_conn(new, ses);
1885         spin_unlock(&clp->cl_lock);
1886         ret = nfsd4_register_conn(new);
1887         if (ret)
1888                 /* oops; xprt is already down: */
1889                 nfsd4_conn_lost(&new->cn_xpt_user);
1890         return;
1891 }
1892
1893 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
1894 {
1895         struct nfsd4_compoundargs *args = rqstp->rq_argp;
1896
1897         return args->opcnt > session->se_fchannel.maxops;
1898 }
1899
1900 static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
1901                                   struct nfsd4_session *session)
1902 {
1903         struct xdr_buf *xb = &rqstp->rq_arg;
1904
1905         return xb->len > session->se_fchannel.maxreq_sz;
1906 }
1907
1908 __be32
1909 nfsd4_sequence(struct svc_rqst *rqstp,
1910                struct nfsd4_compound_state *cstate,
1911                struct nfsd4_sequence *seq)
1912 {
1913         struct nfsd4_compoundres *resp = rqstp->rq_resp;
1914         struct nfsd4_session *session;
1915         struct nfsd4_slot *slot;
1916         struct nfsd4_conn *conn;
1917         int status;
1918
1919         if (resp->opcnt != 1)
1920                 return nfserr_sequence_pos;
1921
1922         /*
1923          * Will be either used or freed by nfsd4_sequence_check_conn
1924          * below.
1925          */
1926         conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
1927         if (!conn)
1928                 return nfserr_jukebox;
1929
1930         spin_lock(&client_lock);
1931         status = nfserr_badsession;
1932         session = find_in_sessionid_hashtbl(&seq->sessionid);
1933         if (!session)
1934                 goto out;
1935
1936         status = nfserr_too_many_ops;
1937         if (nfsd4_session_too_many_ops(rqstp, session))
1938                 goto out;
1939
1940         status = nfserr_req_too_big;
1941         if (nfsd4_request_too_big(rqstp, session))
1942                 goto out;
1943
1944         status = nfserr_badslot;
1945         if (seq->slotid >= session->se_fchannel.maxreqs)
1946                 goto out;
1947
1948         slot = session->se_slots[seq->slotid];
1949         dprintk("%s: slotid %d\n", __func__, seq->slotid);
1950
1951         /* We do not negotiate the number of slots yet, so set the
1952          * maxslots to the session maxreqs which is used to encode
1953          * sr_highest_slotid and the sr_target_slot id to maxslots */
1954         seq->maxslots = session->se_fchannel.maxreqs;
1955
1956         status = check_slot_seqid(seq->seqid, slot->sl_seqid,
1957                                         slot->sl_flags & NFSD4_SLOT_INUSE);
1958         if (status == nfserr_replay_cache) {
1959                 status = nfserr_seq_misordered;
1960                 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
1961                         goto out;
1962                 cstate->slot = slot;
1963                 cstate->session = session;
1964                 /* Return the cached reply status and set cstate->status
1965                  * for nfsd4_proc_compound processing */
1966                 status = nfsd4_replay_cache_entry(resp, seq);
1967                 cstate->status = nfserr_replay_cache;
1968                 goto out;
1969         }
1970         if (status)
1971                 goto out;
1972
1973         nfsd4_sequence_check_conn(conn, session);
1974         conn = NULL;
1975
1976         /* Success! bump slot seqid */
1977         slot->sl_seqid = seq->seqid;
1978         slot->sl_flags |= NFSD4_SLOT_INUSE;
1979         if (seq->cachethis)
1980                 slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
1981         else
1982                 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;
1983
1984         cstate->slot = slot;
1985         cstate->session = session;
1986
1987 out:
1988         /* Hold a session reference until done processing the compound. */
1989         if (cstate->session) {
1990                 struct nfs4_client *clp = session->se_client;
1991
1992                 nfsd4_get_session(cstate->session);
1993                 atomic_inc(&clp->cl_refcount);
1994                 switch (clp->cl_cb_state) {
1995                 case NFSD4_CB_DOWN:
1996                         seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
1997                         break;
1998                 case NFSD4_CB_FAULT:
1999                         seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
2000                         break;
2001                 default:
2002                         seq->status_flags = 0;
2003                 }
2004         }
2005         kfree(conn);
2006         spin_unlock(&client_lock);
2007         dprintk("%s: return %d\n", __func__, ntohl(status));
2008         return status;
2009 }
2010
2011 static inline bool has_resources(struct nfs4_client *clp)
2012 {
2013         return !list_empty(&clp->cl_openowners)
2014                 || !list_empty(&clp->cl_delegations)
2015                 || !list_empty(&clp->cl_sessions);
2016 }
2017
2018 __be32
2019 nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_destroy_clientid *dc)
2020 {
2021         struct nfs4_client *conf, *unconf, *clp;
2022         int status = 0;
2023
2024         nfs4_lock_state();
2025         unconf = find_unconfirmed_client(&dc->clientid);
2026         conf = find_confirmed_client(&dc->clientid);
2027
2028         if (conf) {
2029                 clp = conf;
2030
2031                 if (!is_client_expired(conf) && has_resources(conf)) {
2032                         status = nfserr_clientid_busy;
2033                         goto out;
2034                 }
2035
2036                 /* rfc5661 18.50.3 */
2037                 if (cstate->session && conf == cstate->session->se_client) {
2038                         status = nfserr_clientid_busy;
2039                         goto out;
2040                 }
2041         } else if (unconf)
2042                 clp = unconf;
2043         else {
2044                 status = nfserr_stale_clientid;
2045                 goto out;
2046         }
2047
2048         expire_client(clp);
2049 out:
2050         nfs4_unlock_state();
2051         dprintk("%s return %d\n", __func__, ntohl(status));
2052         return status;
2053 }
2054
2055 __be32
2056 nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
2057 {
2058         int status = 0;
2059
2060         if (rc->rca_one_fs) {
2061                 if (!cstate->current_fh.fh_dentry)
2062                         return nfserr_nofilehandle;
2063                 /*
2064                  * We don't take advantage of the rca_one_fs case.
2065                  * That's OK, it's optional, we can safely ignore it.
2066                  */
2067                  return nfs_ok;
2068         }
2069
2070         nfs4_lock_state();
2071         status = nfserr_complete_already;
2072         if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
2073                              &cstate->session->se_client->cl_flags))
2074                 goto out;
2075
2076         status = nfserr_stale_clientid;
2077         if (is_client_expired(cstate->session->se_client))
2078                 /*
2079                  * The following error isn't really legal.
2080                  * But we only get here if the client just explicitly
2081                  * destroyed the client.  Surely it no longer cares what
2082                  * error it gets back on an operation for the dead
2083                  * client.
2084                  */
2085                 goto out;
2086
2087         status = nfs_ok;
2088         nfsd4_client_record_create(cstate->session->se_client);
2089 out:
2090         nfs4_unlock_state();
2091         return status;
2092 }
2093
2094 __be32
2095 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
2096                   struct nfsd4_setclientid *setclid)
2097 {
2098         struct xdr_netobj       clname = setclid->se_name;
2099         nfs4_verifier           clverifier = setclid->se_verf;
2100         unsigned int            strhashval;
2101         struct nfs4_client      *conf, *unconf, *new;
2102         __be32                  status;
2103         char                    dname[HEXDIR_LEN];
2104         
2105         status = nfs4_make_rec_clidname(dname, &clname);
2106         if (status)
2107                 return status;
2108
2109         /* 
2110          * XXX The Duplicate Request Cache (DRC) has been checked (??)
2111          * We get here on a DRC miss.
2112          */
2113
2114         strhashval = clientstr_hashval(dname);
2115
2116         nfs4_lock_state();
2117         conf = find_confirmed_client_by_str(dname, strhashval);
2118         if (conf) {
2119                 /* RFC 3530 14.2.33 CASE 0: */
2120                 status = nfserr_clid_inuse;
2121                 if (clp_used_exchangeid(conf))
2122                         goto out;
2123                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
2124                         char addr_str[INET6_ADDRSTRLEN];
2125                         rpc_ntop((struct sockaddr *) &conf->cl_addr, addr_str,
2126                                  sizeof(addr_str));
2127                         dprintk("NFSD: setclientid: string in use by client "
2128                                 "at %s\n", addr_str);
2129                         goto out;
2130                 }
2131         }
2132         /*
2133          * section 14.2.33 of RFC 3530 (under the heading "IMPLEMENTATION")
2134          * has a description of SETCLIENTID request processing consisting
2135          * of 5 bullet points, labeled as CASE0 - CASE4 below.
2136          */
2137         unconf = find_unconfirmed_client_by_str(dname, strhashval);
2138         status = nfserr_jukebox;
2139         if (!conf) {
2140                 /*
2141                  * RFC 3530 14.2.33 CASE 4:
2142                  * placed first, because it is the normal case
2143                  */
2144                 if (unconf)
2145                         expire_client(unconf);
2146                 new = create_client(clname, dname, rqstp, &clverifier);
2147                 if (new == NULL)
2148                         goto out;
2149                 gen_clid(new);
2150         } else if (same_verf(&conf->cl_verifier, &clverifier)) {
2151                 /*
2152                  * RFC 3530 14.2.33 CASE 1:
2153                  * probable callback update
2154                  */
2155                 if (unconf) {
2156                         /* Note this is removing unconfirmed {*x***},
2157                          * which is stronger than RFC recommended {vxc**}.
2158                          * This has the advantage that there is at most
2159                          * one {*x***} in either list at any time.
2160                          */
2161                         expire_client(unconf);
2162                 }
2163                 new = create_client(clname, dname, rqstp, &clverifier);
2164                 if (new == NULL)
2165                         goto out;
2166                 copy_clid(new, conf);
2167         } else if (!unconf) {
2168                 /*
2169                  * RFC 3530 14.2.33 CASE 2:
2170                  * probable client reboot; state will be removed if
2171                  * confirmed.
2172                  */
2173                 new = create_client(clname, dname, rqstp, &clverifier);
2174                 if (new == NULL)
2175                         goto out;
2176                 gen_clid(new);
2177         } else {
2178                 /*
2179                  * RFC 3530 14.2.33 CASE 3:
2180                  * probable client reboot; state will be removed if
2181                  * confirmed.
2182                  */
2183                 expire_client(unconf);
2184                 new = create_client(clname, dname, rqstp, &clverifier);
2185                 if (new == NULL)
2186                         goto out;
2187                 gen_clid(new);
2188         }
2189         /*
2190          * XXX: we should probably set this at creation time, and check
2191          * for consistent minorversion use throughout:
2192          */
2193         new->cl_minorversion = 0;
2194         gen_callback(new, setclid, rqstp);
2195         add_to_unconfirmed(new, strhashval);
2196         setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
2197         setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
2198         memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
2199         status = nfs_ok;
2200 out:
2201         nfs4_unlock_state();
2202         return status;
2203 }
2204
2205
2206 /*
2207  * Section 14.2.34 of RFC 3530 (under the heading "IMPLEMENTATION") has
2208  * a description of SETCLIENTID_CONFIRM request processing consisting of 4
2209  * bullets, labeled as CASE1 - CASE4 below.
2210  */
2211 __be32
2212 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
2213                          struct nfsd4_compound_state *cstate,
2214                          struct nfsd4_setclientid_confirm *setclientid_confirm)
2215 {
2216         struct sockaddr *sa = svc_addr(rqstp);
2217         struct nfs4_client *conf, *unconf;
2218         nfs4_verifier confirm = setclientid_confirm->sc_confirm; 
2219         clientid_t * clid = &setclientid_confirm->sc_clientid;
2220         __be32 status;
2221
2222         if (STALE_CLIENTID(clid))
2223                 return nfserr_stale_clientid;
2224         /* 
2225          * XXX The Duplicate Request Cache (DRC) has been checked (??)
2226          * We get here on a DRC miss.
2227          */
2228
2229         nfs4_lock_state();
2230
2231         conf = find_confirmed_client(clid);
2232         unconf = find_unconfirmed_client(clid);
2233
2234         status = nfserr_clid_inuse;
2235         if (conf && !rpc_cmp_addr((struct sockaddr *) &conf->cl_addr, sa))
2236                 goto out;
2237         if (unconf && !rpc_cmp_addr((struct sockaddr *) &unconf->cl_addr, sa))
2238                 goto out;
2239
2240         /*
2241          * section 14.2.34 of RFC 3530 has a description of
2242          * SETCLIENTID_CONFIRM request processing consisting
2243          * of 4 bullet points, labeled as CASE1 - CASE4 below.
2244          */
2245         if (conf && unconf && same_verf(&confirm, &unconf->cl_confirm)) {
2246                 /*
2247                  * RFC 3530 14.2.34 CASE 1:
2248                  * callback update
2249                  */
2250                 if (!same_creds(&conf->cl_cred, &unconf->cl_cred))
2251                         status = nfserr_clid_inuse;
2252                 else {
2253                         nfsd4_change_callback(conf, &unconf->cl_cb_conn);
2254                         nfsd4_probe_callback(conf);
2255                         expire_client(unconf);
2256                         status = nfs_ok;
2257
2258                 }
2259         } else if (conf && !unconf) {
2260                 /*
2261                  * RFC 3530 14.2.34 CASE 2:
2262                  * probable retransmitted request; play it safe and
2263                  * do nothing.
2264                  */
2265                 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred))
2266                         status = nfserr_clid_inuse;
2267                 else
2268                         status = nfs_ok;
2269         } else if (!conf && unconf
2270                         && same_verf(&unconf->cl_confirm, &confirm)) {
2271                 /*
2272                  * RFC 3530 14.2.34 CASE 3:
2273                  * Normal case; new or rebooted client:
2274                  */
2275                 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred)) {
2276                         status = nfserr_clid_inuse;
2277                 } else {
2278                         unsigned int hash =
2279                                 clientstr_hashval(unconf->cl_recdir);
2280                         conf = find_confirmed_client_by_str(unconf->cl_recdir,
2281                                                             hash);
2282                         if (conf) {
2283                                 nfsd4_client_record_remove(conf);
2284                                 expire_client(conf);
2285                         }
2286                         move_to_confirmed(unconf);
2287                         conf = unconf;
2288                         nfsd4_probe_callback(conf);
2289                         status = nfs_ok;
2290                 }
2291         } else if ((!conf || (conf && !same_verf(&conf->cl_confirm, &confirm)))
2292             && (!unconf || (unconf && !same_verf(&unconf->cl_confirm,
2293                                                                 &confirm)))) {
2294                 /*
2295                  * RFC 3530 14.2.34 CASE 4:
2296                  * Client probably hasn't noticed that we rebooted yet.
2297                  */
2298                 status = nfserr_stale_clientid;
2299         } else {
2300                 /* check that we have hit one of the cases...*/
2301                 status = nfserr_clid_inuse;
2302         }
2303 out:
2304         nfs4_unlock_state();
2305         return status;
2306 }
2307
2308 static struct nfs4_file *nfsd4_alloc_file(void)
2309 {
2310         return kmem_cache_alloc(file_slab, GFP_KERNEL);
2311 }
2312
2313 /* OPEN Share state helper functions */
2314 static void nfsd4_init_file(struct nfs4_file *fp, struct inode *ino)
2315 {
2316         unsigned int hashval = file_hashval(ino);
2317
2318         atomic_set(&fp->fi_ref, 1);
2319         INIT_LIST_HEAD(&fp->fi_hash);
2320         INIT_LIST_HEAD(&fp->fi_stateids);
2321         INIT_LIST_HEAD(&fp->fi_delegations);
2322         fp->fi_inode = igrab(ino);
2323         fp->fi_had_conflict = false;
2324         fp->fi_lease = NULL;
2325         memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
2326         memset(fp->fi_access, 0, sizeof(fp->fi_access));
2327         spin_lock(&recall_lock);
2328         list_add(&fp->fi_hash, &file_hashtbl[hashval]);
2329         spin_unlock(&recall_lock);
2330 }
2331
2332 static void
2333 nfsd4_free_slab(struct kmem_cache **slab)
2334 {
2335         if (*slab == NULL)
2336                 return;
2337         kmem_cache_destroy(*slab);
2338         *slab = NULL;
2339 }
2340
2341 void
2342 nfsd4_free_slabs(void)
2343 {
2344         nfsd4_free_slab(&openowner_slab);
2345         nfsd4_free_slab(&lockowner_slab);
2346         nfsd4_free_slab(&file_slab);
2347         nfsd4_free_slab(&stateid_slab);
2348         nfsd4_free_slab(&deleg_slab);
2349 }
2350
2351 int
2352 nfsd4_init_slabs(void)
2353 {
2354         openowner_slab = kmem_cache_create("nfsd4_openowners",
2355                         sizeof(struct nfs4_openowner), 0, 0, NULL);
2356         if (openowner_slab == NULL)
2357                 goto out_nomem;
2358         lockowner_slab = kmem_cache_create("nfsd4_lockowners",
2359                         sizeof(struct nfs4_openowner), 0, 0, NULL);
2360         if (lockowner_slab == NULL)
2361                 goto out_nomem;
2362         file_slab = kmem_cache_create("nfsd4_files",
2363                         sizeof(struct nfs4_file), 0, 0, NULL);
2364         if (file_slab == NULL)
2365                 goto out_nomem;
2366         stateid_slab = kmem_cache_create("nfsd4_stateids",
2367                         sizeof(struct nfs4_ol_stateid), 0, 0, NULL);
2368         if (stateid_slab == NULL)
2369                 goto out_nomem;
2370         deleg_slab = kmem_cache_create("nfsd4_delegations",
2371                         sizeof(struct nfs4_delegation), 0, 0, NULL);
2372         if (deleg_slab == NULL)
2373                 goto out_nomem;
2374         return 0;
2375 out_nomem:
2376         nfsd4_free_slabs();
2377         dprintk("nfsd4: out of memory while initializing nfsv4\n");
2378         return -ENOMEM;
2379 }
2380
2381 void nfs4_free_openowner(struct nfs4_openowner *oo)
2382 {
2383         kfree(oo->oo_owner.so_owner.data);
2384         kmem_cache_free(openowner_slab, oo);
2385 }
2386
2387 void nfs4_free_lockowner(struct nfs4_lockowner *lo)
2388 {
2389         kfree(lo->lo_owner.so_owner.data);
2390         kmem_cache_free(lockowner_slab, lo);
2391 }
2392
2393 static void init_nfs4_replay(struct nfs4_replay *rp)
2394 {
2395         rp->rp_status = nfserr_serverfault;
2396         rp->rp_buflen = 0;
2397         rp->rp_buf = rp->rp_ibuf;
2398 }
2399
2400 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
2401 {
2402         struct nfs4_stateowner *sop;
2403
2404         sop = kmem_cache_alloc(slab, GFP_KERNEL);
2405         if (!sop)
2406                 return NULL;
2407
2408         sop->so_owner.data = kmemdup(owner->data, owner->len, GFP_KERNEL);
2409         if (!sop->so_owner.data) {
2410                 kmem_cache_free(slab, sop);
2411                 return NULL;
2412         }
2413         sop->so_owner.len = owner->len;
2414
2415         INIT_LIST_HEAD(&sop->so_stateids);
2416         sop->so_client = clp;
2417         init_nfs4_replay(&sop->so_replay);
2418         return sop;
2419 }
2420
2421 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
2422 {
2423         list_add(&oo->oo_owner.so_strhash, &ownerstr_hashtbl[strhashval]);
2424         list_add(&oo->oo_perclient, &clp->cl_openowners);
2425 }
2426
2427 static struct nfs4_openowner *
2428 alloc_init_open_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfsd4_open *open) {
2429         struct nfs4_openowner *oo;
2430
2431         oo = alloc_stateowner(openowner_slab, &open->op_owner, clp);
2432         if (!oo)
2433                 return NULL;
2434         oo->oo_owner.so_is_open_owner = 1;
2435         oo->oo_owner.so_seqid = open->op_seqid;
2436         oo->oo_flags = NFS4_OO_NEW;
2437         oo->oo_time = 0;
2438         oo->oo_last_closed_stid = NULL;
2439         INIT_LIST_HEAD(&oo->oo_close_lru);
2440         hash_openowner(oo, clp, strhashval);
2441         return oo;
2442 }
2443
2444 static void init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp, struct nfsd4_open *open) {
2445         struct nfs4_openowner *oo = open->op_openowner;
2446         struct nfs4_client *clp = oo->oo_owner.so_client;
2447
2448         init_stid(&stp->st_stid, clp, NFS4_OPEN_STID);
2449         INIT_LIST_HEAD(&stp->st_lockowners);
2450         list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
2451         list_add(&stp->st_perfile, &fp->fi_stateids);
2452         stp->st_stateowner = &oo->oo_owner;
2453         get_nfs4_file(fp);
2454         stp->st_file = fp;
2455         stp->st_access_bmap = 0;
2456         stp->st_deny_bmap = 0;
2457         __set_bit(open->op_share_access, &stp->st_access_bmap);
2458         __set_bit(open->op_share_deny, &stp->st_deny_bmap);
2459         stp->st_openstp = NULL;
2460 }
2461
2462 static void
2463 move_to_close_lru(struct nfs4_openowner *oo)
2464 {
2465         dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);
2466
2467         list_move_tail(&oo->oo_close_lru, &close_lru);
2468         oo->oo_time = get_seconds();
2469 }
2470
2471 static int
2472 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner,
2473                                                         clientid_t *clid)
2474 {
2475         return (sop->so_owner.len == owner->len) &&
2476                 0 == memcmp(sop->so_owner.data, owner->data, owner->len) &&
2477                 (sop->so_client->cl_clientid.cl_id == clid->cl_id);
2478 }
2479
2480 static struct nfs4_openowner *
2481 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open)
2482 {
2483         struct nfs4_stateowner *so;
2484         struct nfs4_openowner *oo;
2485
2486         list_for_each_entry(so, &ownerstr_hashtbl[hashval], so_strhash) {
2487                 if (!so->so_is_open_owner)
2488                         continue;
2489                 if (same_owner_str(so, &open->op_owner, &open->op_clientid)) {
2490                         oo = openowner(so);
2491                         renew_client(oo->oo_owner.so_client);
2492                         return oo;
2493                 }
2494         }
2495         return NULL;
2496 }
2497
2498 /* search file_hashtbl[] for file */
2499 static struct nfs4_file *
2500 find_file(struct inode *ino)
2501 {
2502         unsigned int hashval = file_hashval(ino);
2503         struct nfs4_file *fp;
2504
2505         spin_lock(&recall_lock);
2506         list_for_each_entry(fp, &file_hashtbl[hashval], fi_hash) {
2507                 if (fp->fi_inode == ino) {
2508                         get_nfs4_file(fp);
2509                         spin_unlock(&recall_lock);
2510                         return fp;
2511                 }
2512         }
2513         spin_unlock(&recall_lock);
2514         return NULL;
2515 }
2516
2517 /*
2518  * Called to check deny when READ with all zero stateid or
2519  * WRITE with all zero or all one stateid
2520  */
2521 static __be32
2522 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
2523 {
2524         struct inode *ino = current_fh->fh_dentry->d_inode;
2525         struct nfs4_file *fp;
2526         struct nfs4_ol_stateid *stp;
2527         __be32 ret;
2528
2529         dprintk("NFSD: nfs4_share_conflict\n");
2530
2531         fp = find_file(ino);
2532         if (!fp)
2533                 return nfs_ok;
2534         ret = nfserr_locked;
2535         /* Search for conflicting share reservations */
2536         list_for_each_entry(stp, &fp->fi_stateids, st_perfile) {
2537                 if (test_bit(deny_type, &stp->st_deny_bmap) ||
2538                     test_bit(NFS4_SHARE_DENY_BOTH, &stp->st_deny_bmap))
2539                         goto out;
2540         }
2541         ret = nfs_ok;
2542 out:
2543         put_nfs4_file(fp);
2544         return ret;
2545 }
2546
2547 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
2548 {
2549         /* We're assuming the state code never drops its reference
2550          * without first removing the lease.  Since we're in this lease
2551          * callback (and since the lease code is serialized by the kernel
2552          * lock) we know the server hasn't removed the lease yet, we know
2553          * it's safe to take a reference: */
2554         atomic_inc(&dp->dl_count);
2555
2556         list_add_tail(&dp->dl_recall_lru, &del_recall_lru);
2557
2558         /* only place dl_time is set. protected by lock_flocks*/
2559         dp->dl_time = get_seconds();
2560
2561         nfsd4_cb_recall(dp);
2562 }
2563
2564 /* Called from break_lease() with lock_flocks() held. */
2565 static void nfsd_break_deleg_cb(struct file_lock *fl)
2566 {
2567         struct nfs4_file *fp = (struct nfs4_file *)fl->fl_owner;
2568         struct nfs4_delegation *dp;
2569
2570         BUG_ON(!fp);
2571         /* We assume break_lease is only called once per lease: */
2572         BUG_ON(fp->fi_had_conflict);
2573         /*
2574          * We don't want the locks code to timeout the lease for us;
2575          * we'll remove it ourself if a delegation isn't returned
2576          * in time:
2577          */
2578         fl->fl_break_time = 0;
2579
2580         spin_lock(&recall_lock);
2581         fp->fi_had_conflict = true;
2582         list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
2583                 nfsd_break_one_deleg(dp);
2584         spin_unlock(&recall_lock);
2585 }
2586
2587 static
2588 int nfsd_change_deleg_cb(struct file_lock **onlist, int arg)
2589 {
2590         if (arg & F_UNLCK)
2591                 return lease_modify(onlist, arg);
2592         else
2593                 return -EAGAIN;
2594 }
2595
2596 static const struct lock_manager_operations nfsd_lease_mng_ops = {
2597         .lm_break = nfsd_break_deleg_cb,
2598         .lm_change = nfsd_change_deleg_cb,
2599 };
2600
2601 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
2602 {
2603         if (nfsd4_has_session(cstate))
2604                 return nfs_ok;
2605         if (seqid == so->so_seqid - 1)
2606                 return nfserr_replay_me;
2607         if (seqid == so->so_seqid)
2608                 return nfs_ok;
2609         return nfserr_bad_seqid;
2610 }
2611
2612 __be32
2613 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
2614                     struct nfsd4_open *open)
2615 {
2616         clientid_t *clientid = &open->op_clientid;
2617         struct nfs4_client *clp = NULL;
2618         unsigned int strhashval;
2619         struct nfs4_openowner *oo = NULL;
2620         __be32 status;
2621
2622         if (STALE_CLIENTID(&open->op_clientid))
2623                 return nfserr_stale_clientid;
2624         /*
2625          * In case we need it later, after we've already created the
2626          * file and don't want to risk a further failure:
2627          */
2628         open->op_file = nfsd4_alloc_file();
2629         if (open->op_file == NULL)
2630                 return nfserr_jukebox;
2631
2632         strhashval = ownerstr_hashval(clientid->cl_id, &open->op_owner);
2633         oo = find_openstateowner_str(strhashval, open);
2634         open->op_openowner = oo;
2635         if (!oo) {
2636                 clp = find_confirmed_client(clientid);
2637                 if (clp == NULL)
2638                         return nfserr_expired;
2639                 goto new_owner;
2640         }
2641         if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
2642                 /* Replace unconfirmed owners without checking for replay. */
2643                 clp = oo->oo_owner.so_client;
2644                 release_openowner(oo);
2645                 open->op_openowner = NULL;
2646                 goto new_owner;
2647         }
2648         status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
2649         if (status)
2650                 return status;
2651         clp = oo->oo_owner.so_client;
2652         goto alloc_stateid;
2653 new_owner:
2654         oo = alloc_init_open_stateowner(strhashval, clp, open);
2655         if (oo == NULL)
2656                 return nfserr_jukebox;
2657         open->op_openowner = oo;
2658 alloc_stateid:
2659         open->op_stp = nfs4_alloc_stateid(clp);
2660         if (!open->op_stp)
2661                 return nfserr_jukebox;
2662         return nfs_ok;
2663 }
2664
2665 static inline __be32
2666 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
2667 {
2668         if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
2669                 return nfserr_openmode;
2670         else
2671                 return nfs_ok;
2672 }
2673
2674 static int share_access_to_flags(u32 share_access)
2675 {
2676         return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
2677 }
2678
2679 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, stateid_t *s)
2680 {
2681         struct nfs4_stid *ret;
2682
2683         ret = find_stateid_by_type(cl, s, NFS4_DELEG_STID);
2684         if (!ret)
2685                 return NULL;
2686         return delegstateid(ret);
2687 }
2688
2689 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
2690 {
2691         return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
2692                open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
2693 }
2694
2695 static __be32
2696 nfs4_check_deleg(struct nfs4_client *cl, struct nfs4_file *fp, struct nfsd4_open *open,
2697                 struct nfs4_delegation **dp)
2698 {
2699         int flags;
2700         __be32 status = nfserr_bad_stateid;
2701
2702         *dp = find_deleg_stateid(cl, &open->op_delegate_stateid);
2703         if (*dp == NULL)
2704                 goto out;
2705         flags = share_access_to_flags(open->op_share_access);
2706         status = nfs4_check_delegmode(*dp, flags);
2707         if (status)
2708                 *dp = NULL;
2709 out:
2710         if (!nfsd4_is_deleg_cur(open))
2711                 return nfs_ok;
2712         if (status)
2713                 return status;
2714         open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
2715         return nfs_ok;
2716 }
2717
2718 static __be32
2719 nfs4_check_open(struct nfs4_file *fp, struct nfsd4_open *open, struct nfs4_ol_stateid **stpp)
2720 {
2721         struct nfs4_ol_stateid *local;
2722         struct nfs4_openowner *oo = open->op_openowner;
2723
2724         list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
2725                 /* ignore lock owners */
2726                 if (local->st_stateowner->so_is_open_owner == 0)
2727                         continue;
2728                 /* remember if we have seen this open owner */
2729                 if (local->st_stateowner == &oo->oo_owner)
2730                         *stpp = local;
2731                 /* check for conflicting share reservations */
2732                 if (!test_share(local, open))
2733                         return nfserr_share_denied;
2734         }
2735         return nfs_ok;
2736 }
2737
2738 static void nfs4_free_stateid(struct nfs4_ol_stateid *s)
2739 {
2740         kmem_cache_free(stateid_slab, s);
2741 }
2742
2743 static inline int nfs4_access_to_access(u32 nfs4_access)
2744 {
2745         int flags = 0;
2746
2747         if (nfs4_access & NFS4_SHARE_ACCESS_READ)
2748                 flags |= NFSD_MAY_READ;
2749         if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
2750                 flags |= NFSD_MAY_WRITE;
2751         return flags;
2752 }
2753
2754 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
2755                 struct svc_fh *cur_fh, struct nfsd4_open *open)
2756 {
2757         __be32 status;
2758         int oflag = nfs4_access_to_omode(open->op_share_access);
2759         int access = nfs4_access_to_access(open->op_share_access);
2760
2761         if (!fp->fi_fds[oflag]) {
2762                 status = nfsd_open(rqstp, cur_fh, S_IFREG, access,
2763                         &fp->fi_fds[oflag]);
2764                 if (status)
2765                         return status;
2766         }
2767         nfs4_file_get_access(fp, oflag);
2768
2769         return nfs_ok;
2770 }
2771
2772 static inline __be32
2773 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
2774                 struct nfsd4_open *open)
2775 {
2776         struct iattr iattr = {
2777                 .ia_valid = ATTR_SIZE,
2778                 .ia_size = 0,
2779         };
2780         if (!open->op_truncate)
2781                 return 0;
2782         if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
2783                 return nfserr_inval;
2784         return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
2785 }
2786
2787 static __be32
2788 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, struct nfsd4_open *open)
2789 {
2790         u32 op_share_access = open->op_share_access;
2791         bool new_access;
2792         __be32 status;
2793
2794         new_access = !test_bit(op_share_access, &stp->st_access_bmap);
2795         if (new_access) {
2796                 status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open);
2797                 if (status)
2798                         return status;
2799         }
2800         status = nfsd4_truncate(rqstp, cur_fh, open);
2801         if (status) {
2802                 if (new_access) {
2803                         int oflag = nfs4_access_to_omode(op_share_access);
2804                         nfs4_file_put_access(fp, oflag);
2805                 }
2806                 return status;
2807         }
2808         /* remember the open */
2809         __set_bit(op_share_access, &stp->st_access_bmap);
2810         __set_bit(open->op_share_deny, &stp->st_deny_bmap);
2811
2812         return nfs_ok;
2813 }
2814
2815
2816 static void
2817 nfs4_set_claim_prev(struct nfsd4_open *open, bool has_session)
2818 {
2819         open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
2820 }
2821
2822 /* Should we give out recallable state?: */
2823 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
2824 {
2825         if (clp->cl_cb_state == NFSD4_CB_UP)
2826                 return true;
2827         /*
2828          * In the sessions case, since we don't have to establish a
2829          * separate connection for callbacks, we assume it's OK
2830          * until we hear otherwise:
2831          */
2832         return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
2833 }
2834
2835 static struct file_lock *nfs4_alloc_init_lease(struct nfs4_delegation *dp, int flag)
2836 {
2837         struct file_lock *fl;
2838
2839         fl = locks_alloc_lock();
2840         if (!fl)
2841                 return NULL;
2842         locks_init_lock(fl);
2843         fl->fl_lmops = &nfsd_lease_mng_ops;
2844         fl->fl_flags = FL_LEASE;
2845         fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
2846         fl->fl_end = OFFSET_MAX;
2847         fl->fl_owner = (fl_owner_t)(dp->dl_file);
2848         fl->fl_pid = current->tgid;
2849         return fl;
2850 }
2851
2852 static int nfs4_setlease(struct nfs4_delegation *dp, int flag)
2853 {
2854         struct nfs4_file *fp = dp->dl_file;
2855         struct file_lock *fl;
2856         int status;
2857
2858         fl = nfs4_alloc_init_lease(dp, flag);
2859         if (!fl)
2860                 return -ENOMEM;
2861         fl->fl_file = find_readable_file(fp);
2862         list_add(&dp->dl_perclnt, &dp->dl_stid.sc_client->cl_delegations);
2863         status = vfs_setlease(fl->fl_file, fl->fl_type, &fl);
2864         if (status) {
2865                 list_del_init(&dp->dl_perclnt);
2866                 locks_free_lock(fl);
2867                 return -ENOMEM;
2868         }
2869         fp->fi_lease = fl;
2870         fp->fi_deleg_file = fl->fl_file;
2871         get_file(fp->fi_deleg_file);
2872         atomic_set(&fp->fi_delegees, 1);
2873         list_add(&dp->dl_perfile, &fp->fi_delegations);
2874         return 0;
2875 }
2876
2877 static int nfs4_set_delegation(struct nfs4_delegation *dp, int flag)
2878 {
2879         struct nfs4_file *fp = dp->dl_file;
2880
2881         if (!fp->fi_lease)
2882                 return nfs4_setlease(dp, flag);
2883         spin_lock(&recall_lock);
2884         if (fp->fi_had_conflict) {
2885                 spin_unlock(&recall_lock);
2886                 return -EAGAIN;
2887         }
2888         atomic_inc(&fp->fi_delegees);
2889         list_add(&dp->dl_perfile, &fp->fi_delegations);
2890         spin_unlock(&recall_lock);
2891         list_add(&dp->dl_perclnt, &dp->dl_stid.sc_client->cl_delegations);
2892         return 0;
2893 }
2894
2895 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status)
2896 {
2897         open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
2898         if (status == -EAGAIN)
2899                 open->op_why_no_deleg = WND4_CONTENTION;
2900         else {
2901                 open->op_why_no_deleg = WND4_RESOURCE;
2902                 switch (open->op_deleg_want) {
2903                 case NFS4_SHARE_WANT_READ_DELEG:
2904                 case NFS4_SHARE_WANT_WRITE_DELEG:
2905                 case NFS4_SHARE_WANT_ANY_DELEG:
2906                         break;
2907                 case NFS4_SHARE_WANT_CANCEL:
2908                         open->op_why_no_deleg = WND4_CANCELLED;
2909                         break;
2910                 case NFS4_SHARE_WANT_NO_DELEG:
2911                         BUG();  /* not supposed to get here */
2912                 }
2913         }
2914 }
2915
2916 /*
2917  * Attempt to hand out a delegation.
2918  */
2919 static void
2920 nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open, struct nfs4_ol_stateid *stp)
2921 {
2922         struct nfs4_delegation *dp;
2923         struct nfs4_openowner *oo = container_of(stp->st_stateowner, struct nfs4_openowner, oo_owner);
2924         int cb_up;
2925         int status = 0, flag = 0;
2926
2927         cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);
2928         flag = NFS4_OPEN_DELEGATE_NONE;
2929         open->op_recall = 0;
2930         switch (open->op_claim_type) {
2931                 case NFS4_OPEN_CLAIM_PREVIOUS:
2932                         if (!cb_up)
2933                                 open->op_recall = 1;
2934                         flag = open->op_delegate_type;
2935                         if (flag == NFS4_OPEN_DELEGATE_NONE)
2936                                 goto out;
2937                         break;
2938                 case NFS4_OPEN_CLAIM_NULL:
2939                         /* Let's not give out any delegations till everyone's
2940                          * had the chance to reclaim theirs.... */
2941                         if (locks_in_grace())
2942                                 goto out;
2943                         if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))
2944                                 goto out;
2945                         if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
2946                                 flag = NFS4_OPEN_DELEGATE_WRITE;
2947                         else
2948                                 flag = NFS4_OPEN_DELEGATE_READ;
2949                         break;
2950                 default:
2951                         goto out;
2952         }
2953
2954         dp = alloc_init_deleg(oo->oo_owner.so_client, stp, fh, flag);
2955         if (dp == NULL)
2956                 goto out_no_deleg;
2957         status = nfs4_set_delegation(dp, flag);
2958         if (status)
2959                 goto out_free;
2960
2961         memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid));
2962
2963         dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",
2964                 STATEID_VAL(&dp->dl_stid.sc_stateid));
2965 out:
2966         open->op_delegate_type = flag;
2967         if (flag == NFS4_OPEN_DELEGATE_NONE) {
2968                 if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&
2969                     open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE)
2970                         dprintk("NFSD: WARNING: refusing delegation reclaim\n");
2971
2972                 /* 4.1 client asking for a delegation? */
2973                 if (open->op_deleg_want)
2974                         nfsd4_open_deleg_none_ext(open, status);
2975         }
2976         return;
2977 out_free:
2978         nfs4_put_delegation(dp);
2979 out_no_deleg:
2980         flag = NFS4_OPEN_DELEGATE_NONE;
2981         goto out;
2982 }
2983
2984 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,
2985                                         struct nfs4_delegation *dp)
2986 {
2987         if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG &&
2988             dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
2989                 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
2990                 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE;
2991         } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG &&
2992                    dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
2993                 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
2994                 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE;
2995         }
2996         /* Otherwise the client must be confused wanting a delegation
2997          * it already has, therefore we don't return
2998          * NFS4_OPEN_DELEGATE_NONE_EXT and reason.
2999          */
3000 }
3001
3002 /*
3003  * called with nfs4_lock_state() held.
3004  */
3005 __be32
3006 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
3007 {
3008         struct nfsd4_compoundres *resp = rqstp->rq_resp;
3009         struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
3010         struct nfs4_file *fp = NULL;
3011         struct inode *ino = current_fh->fh_dentry->d_inode;
3012         struct nfs4_ol_stateid *stp = NULL;
3013         struct nfs4_delegation *dp = NULL;
3014         __be32 status;
3015
3016         /*
3017          * Lookup file; if found, lookup stateid and check open request,
3018          * and check for delegations in the process of being recalled.
3019          * If not found, create the nfs4_file struct
3020          */
3021         fp = find_file(ino);
3022         if (fp) {
3023                 if ((status = nfs4_check_open(fp, open, &stp)))
3024                         goto out;
3025                 status = nfs4_check_deleg(cl, fp, open, &dp);
3026                 if (status)
3027                         goto out;
3028         } else {
3029                 status = nfserr_bad_stateid;
3030                 if (nfsd4_is_deleg_cur(open))
3031                         goto out;
3032                 status = nfserr_jukebox;
3033                 fp = open->op_file;
3034                 open->op_file = NULL;
3035                 nfsd4_init_file(fp, ino);
3036         }
3037
3038         /*
3039          * OPEN the file, or upgrade an existing OPEN.
3040          * If truncate fails, the OPEN fails.
3041          */
3042         if (stp) {
3043                 /* Stateid was found, this is an OPEN upgrade */
3044                 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
3045                 if (status)
3046                         goto out;
3047         } else {
3048                 status = nfs4_get_vfs_file(rqstp, fp, current_fh, open);
3049                 if (status)
3050                         goto out;
3051                 stp = open->op_stp;
3052                 open->op_stp = NULL;
3053                 init_open_stateid(stp, fp, open);
3054                 status = nfsd4_truncate(rqstp, current_fh, open);
3055                 if (status) {
3056                         release_open_stateid(stp);
3057                         goto out;
3058                 }
3059         }
3060         update_stateid(&stp->st_stid.sc_stateid);
3061         memcpy(&open->op_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3062
3063         if (nfsd4_has_session(&resp->cstate)) {
3064                 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
3065
3066                 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
3067                         open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
3068                         open->op_why_no_deleg = WND4_NOT_WANTED;
3069                         goto nodeleg;
3070                 }
3071         }
3072
3073         /*
3074         * Attempt to hand out a delegation. No error return, because the
3075         * OPEN succeeds even if we fail.
3076         */
3077         nfs4_open_delegation(current_fh, open, stp);
3078 nodeleg:
3079         status = nfs_ok;
3080
3081         dprintk("%s: stateid=" STATEID_FMT "\n", __func__,
3082                 STATEID_VAL(&stp->st_stid.sc_stateid));
3083 out:
3084         /* 4.1 client trying to upgrade/downgrade delegation? */
3085         if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp &&
3086             open->op_deleg_want)
3087                 nfsd4_deleg_xgrade_none_ext(open, dp);
3088
3089         if (fp)
3090                 put_nfs4_file(fp);
3091         if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
3092                 nfs4_set_claim_prev(open, nfsd4_has_session(&resp->cstate));
3093         /*
3094         * To finish the open response, we just need to set the rflags.
3095         */
3096         open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
3097         if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED) &&
3098             !nfsd4_has_session(&resp->cstate))
3099                 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
3100
3101         return status;
3102 }
3103
3104 void nfsd4_cleanup_open_state(struct nfsd4_open *open, __be32 status)
3105 {
3106         if (open->op_openowner) {
3107                 struct nfs4_openowner *oo = open->op_openowner;
3108
3109                 if (!list_empty(&oo->oo_owner.so_stateids))
3110                         list_del_init(&oo->oo_close_lru);
3111                 if (oo->oo_flags & NFS4_OO_NEW) {
3112                         if (status) {
3113                                 release_openowner(oo);
3114                                 open->op_openowner = NULL;
3115                         } else
3116                                 oo->oo_flags &= ~NFS4_OO_NEW;
3117                 }
3118         }
3119         if (open->op_file)
3120                 nfsd4_free_file(open->op_file);
3121         if (open->op_stp)
3122                 nfs4_free_stateid(open->op_stp);
3123 }
3124
3125 __be32
3126 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3127             clientid_t *clid)
3128 {
3129         struct nfs4_client *clp;
3130         __be32 status;
3131
3132         nfs4_lock_state();
3133         dprintk("process_renew(%08x/%08x): starting\n", 
3134                         clid->cl_boot, clid->cl_id);
3135         status = nfserr_stale_clientid;
3136         if (STALE_CLIENTID(clid))
3137                 goto out;
3138         clp = find_confirmed_client(clid);
3139         status = nfserr_expired;
3140         if (clp == NULL) {
3141                 /* We assume the client took too long to RENEW. */
3142                 dprintk("nfsd4_renew: clientid not found!\n");
3143                 goto out;
3144         }
3145         status = nfserr_cb_path_down;
3146         if (!list_empty(&clp->cl_delegations)
3147                         && clp->cl_cb_state != NFSD4_CB_UP)
3148                 goto out;
3149         status = nfs_ok;
3150 out:
3151         nfs4_unlock_state();
3152         return status;
3153 }
3154
3155 static struct lock_manager nfsd4_manager = {
3156 };
3157
3158 static void
3159 nfsd4_end_grace(void)
3160 {
3161         dprintk("NFSD: end of grace period\n");
3162         nfsd4_record_grace_done(&init_net, boot_time);
3163         locks_end_grace(&nfsd4_manager);
3164         /*
3165          * Now that every NFSv4 client has had the chance to recover and
3166          * to see the (possibly new, possibly shorter) lease time, we
3167          * can safely set the next grace time to the current lease time:
3168          */
3169         nfsd4_grace = nfsd4_lease;
3170 }
3171
3172 static time_t
3173 nfs4_laundromat(void)
3174 {
3175         struct nfs4_client *clp;
3176         struct nfs4_openowner *oo;
3177         struct nfs4_delegation *dp;
3178         struct list_head *pos, *next, reaplist;
3179         time_t cutoff = get_seconds() - nfsd4_lease;
3180         time_t t, clientid_val = nfsd4_lease;
3181         time_t u, test_val = nfsd4_lease;
3182
3183         nfs4_lock_state();
3184
3185         dprintk("NFSD: laundromat service - starting\n");
3186         if (locks_in_grace())
3187                 nfsd4_end_grace();
3188         INIT_LIST_HEAD(&reaplist);
3189         spin_lock(&client_lock);
3190         list_for_each_safe(pos, next, &client_lru) {
3191                 clp = list_entry(pos, struct nfs4_client, cl_lru);
3192                 if (time_after((unsigned long)clp->cl_time, (unsigned long)cutoff)) {
3193                         t = clp->cl_time - cutoff;
3194                         if (clientid_val > t)
3195                                 clientid_val = t;
3196                         break;
3197                 }
3198                 if (atomic_read(&clp->cl_refcount)) {
3199                         dprintk("NFSD: client in use (clientid %08x)\n",
3200                                 clp->cl_clientid.cl_id);
3201                         continue;
3202                 }
3203                 unhash_client_locked(clp);
3204                 list_add(&clp->cl_lru, &reaplist);
3205         }
3206         spin_unlock(&client_lock);
3207         list_for_each_safe(pos, next, &reaplist) {
3208                 clp = list_entry(pos, struct nfs4_client, cl_lru);
3209                 dprintk("NFSD: purging unused client (clientid %08x)\n",
3210                         clp->cl_clientid.cl_id);
3211                 nfsd4_client_record_remove(clp);
3212                 expire_client(clp);
3213         }
3214         spin_lock(&recall_lock);
3215         list_for_each_safe(pos, next, &del_recall_lru) {
3216                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
3217                 if (time_after((unsigned long)dp->dl_time, (unsigned long)cutoff)) {
3218                         u = dp->dl_time - cutoff;
3219                         if (test_val > u)
3220                                 test_val = u;
3221                         break;
3222                 }
3223                 list_move(&dp->dl_recall_lru, &reaplist);
3224         }
3225         spin_unlock(&recall_lock);
3226         list_for_each_safe(pos, next, &reaplist) {
3227                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
3228                 unhash_delegation(dp);
3229         }
3230         test_val = nfsd4_lease;
3231         list_for_each_safe(pos, next, &close_lru) {
3232                 oo = container_of(pos, struct nfs4_openowner, oo_close_lru);
3233                 if (time_after((unsigned long)oo->oo_time, (unsigned long)cutoff)) {
3234                         u = oo->oo_time - cutoff;
3235                         if (test_val > u)
3236                                 test_val = u;
3237                         break;
3238                 }
3239                 release_openowner(oo);
3240         }
3241         if (clientid_val < NFSD_LAUNDROMAT_MINTIMEOUT)
3242                 clientid_val = NFSD_LAUNDROMAT_MINTIMEOUT;
3243         nfs4_unlock_state();
3244         return clientid_val;
3245 }
3246
3247 static struct workqueue_struct *laundry_wq;
3248 static void laundromat_main(struct work_struct *);
3249 static DECLARE_DELAYED_WORK(laundromat_work, laundromat_main);
3250
3251 static void
3252 laundromat_main(struct work_struct *not_used)
3253 {
3254         time_t t;
3255
3256         t = nfs4_laundromat();
3257         dprintk("NFSD: laundromat_main - sleeping for %ld seconds\n", t);
3258         queue_delayed_work(laundry_wq, &laundromat_work, t*HZ);
3259 }
3260
3261 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_ol_stateid *stp)
3262 {
3263         if (fhp->fh_dentry->d_inode != stp->st_file->fi_inode)
3264                 return nfserr_bad_stateid;
3265         return nfs_ok;
3266 }
3267
3268 static int
3269 STALE_STATEID(stateid_t *stateid)
3270 {
3271         if (stateid->si_opaque.so_clid.cl_boot == boot_time)
3272                 return 0;
3273         dprintk("NFSD: stale stateid " STATEID_FMT "!\n",
3274                 STATEID_VAL(stateid));
3275         return 1;
3276 }
3277
3278 static inline int
3279 access_permit_read(unsigned long access_bmap)
3280 {
3281         return test_bit(NFS4_SHARE_ACCESS_READ, &access_bmap) ||
3282                 test_bit(NFS4_SHARE_ACCESS_BOTH, &access_bmap) ||
3283                 test_bit(NFS4_SHARE_ACCESS_WRITE, &access_bmap);
3284 }
3285
3286 static inline int
3287 access_permit_write(unsigned long access_bmap)
3288 {
3289         return test_bit(NFS4_SHARE_ACCESS_WRITE, &access_bmap) ||
3290                 test_bit(NFS4_SHARE_ACCESS_BOTH, &access_bmap);
3291 }
3292
3293 static
3294 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags)
3295 {
3296         __be32 status = nfserr_openmode;
3297
3298         /* For lock stateid's, we test the parent open, not the lock: */
3299         if (stp->st_openstp)
3300                 stp = stp->st_openstp;
3301         if ((flags & WR_STATE) && (!access_permit_write(stp->st_access_bmap)))
3302                 goto out;
3303         if ((flags & RD_STATE) && (!access_permit_read(stp->st_access_bmap)))
3304                 goto out;
3305         status = nfs_ok;
3306 out:
3307         return status;
3308 }
3309
3310 static inline __be32
3311 check_special_stateids(svc_fh *current_fh, stateid_t *stateid, int flags)
3312 {
3313         if (ONE_STATEID(stateid) && (flags & RD_STATE))
3314                 return nfs_ok;
3315         else if (locks_in_grace()) {
3316                 /* Answer in remaining cases depends on existence of
3317                  * conflicting state; so we must wait out the grace period. */
3318                 return nfserr_grace;
3319         } else if (flags & WR_STATE)
3320                 return nfs4_share_conflict(current_fh,
3321                                 NFS4_SHARE_DENY_WRITE);
3322         else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
3323                 return nfs4_share_conflict(current_fh,
3324                                 NFS4_SHARE_DENY_READ);
3325 }
3326
3327 /*
3328  * Allow READ/WRITE during grace period on recovered state only for files
3329  * that are not able to provide mandatory locking.
3330  */
3331 static inline int
3332 grace_disallows_io(struct inode *inode)
3333 {
3334         return locks_in_grace() && mandatory_lock(inode);
3335 }
3336
3337 /* Returns true iff a is later than b: */
3338 static bool stateid_generation_after(stateid_t *a, stateid_t *b)
3339 {
3340         return (s32)a->si_generation - (s32)b->si_generation > 0;
3341 }
3342
3343 static int check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)
3344 {
3345         /*
3346          * When sessions are used the stateid generation number is ignored
3347          * when it is zero.
3348          */
3349         if (has_session && in->si_generation == 0)
3350                 return nfs_ok;
3351
3352         if (in->si_generation == ref->si_generation)
3353                 return nfs_ok;
3354
3355         /* If the client sends us a stateid from the future, it's buggy: */
3356         if (stateid_generation_after(in, ref))
3357                 return nfserr_bad_stateid;
3358         /*
3359          * However, we could see a stateid from the past, even from a
3360          * non-buggy client.  For example, if the client sends a lock
3361          * while some IO is outstanding, the lock may bump si_generation
3362          * while the IO is still in flight.  The client could avoid that
3363          * situation by waiting for responses on all the IO requests,
3364          * but better performance may result in retrying IO that
3365          * receives an old_stateid error if requests are rarely
3366          * reordered in flight:
3367          */
3368         return nfserr_old_stateid;
3369 }
3370
3371 __be32 nfs4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
3372 {
3373         struct nfs4_stid *s;
3374         struct nfs4_ol_stateid *ols;
3375         __be32 status;
3376
3377         if (STALE_STATEID(stateid))
3378                 return nfserr_stale_stateid;
3379
3380         s = find_stateid(cl, stateid);
3381         if (!s)
3382                  return nfserr_stale_stateid;
3383         status = check_stateid_generation(stateid, &s->sc_stateid, 1);
3384         if (status)
3385                 return status;
3386         if (!(s->sc_type & (NFS4_OPEN_STID | NFS4_LOCK_STID)))
3387                 return nfs_ok;
3388         ols = openlockstateid(s);
3389         if (ols->st_stateowner->so_is_open_owner
3390             && !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
3391                 return nfserr_bad_stateid;
3392         return nfs_ok;
3393 }
3394
3395 static __be32 nfsd4_lookup_stateid(stateid_t *stateid, unsigned char typemask, struct nfs4_stid **s)
3396 {
3397         struct nfs4_client *cl;
3398
3399         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3400                 return nfserr_bad_stateid;
3401         if (STALE_STATEID(stateid))
3402                 return nfserr_stale_stateid;
3403         cl = find_confirmed_client(&stateid->si_opaque.so_clid);
3404         if (!cl)
3405                 return nfserr_expired;
3406         *s = find_stateid_by_type(cl, stateid, typemask);
3407         if (!*s)
3408                 return nfserr_bad_stateid;
3409         return nfs_ok;
3410
3411 }
3412
3413 /*
3414 * Checks for stateid operations
3415 */
3416 __be32
3417 nfs4_preprocess_stateid_op(struct nfsd4_compound_state *cstate,
3418                            stateid_t *stateid, int flags, struct file **filpp)
3419 {
3420         struct nfs4_stid *s;
3421         struct nfs4_ol_stateid *stp = NULL;
3422         struct nfs4_delegation *dp = NULL;
3423         struct svc_fh *current_fh = &cstate->current_fh;
3424         struct inode *ino = current_fh->fh_dentry->d_inode;
3425         __be32 status;
3426
3427         if (filpp)
3428                 *filpp = NULL;
3429
3430         if (grace_disallows_io(ino))
3431                 return nfserr_grace;
3432
3433         if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
3434                 return check_special_stateids(current_fh, stateid, flags);
3435
3436         status = nfsd4_lookup_stateid(stateid, NFS4_DELEG_STID|NFS4_OPEN_STID|NFS4_LOCK_STID, &s);
3437         if (status)
3438                 return status;
3439         status = check_stateid_generation(stateid, &s->sc_stateid, nfsd4_has_session(cstate));
3440         if (status)
3441                 goto out;
3442         switch (s->sc_type) {
3443         case NFS4_DELEG_STID:
3444                 dp = delegstateid(s);
3445                 status = nfs4_check_delegmode(dp, flags);
3446                 if (status)
3447                         goto out;
3448                 if (filpp) {
3449                         *filpp = dp->dl_file->fi_deleg_file;
3450                         BUG_ON(!*filpp);
3451                 }
3452                 break;
3453         case NFS4_OPEN_STID:
3454         case NFS4_LOCK_STID:
3455                 stp = openlockstateid(s);
3456                 status = nfs4_check_fh(current_fh, stp);
3457                 if (status)
3458                         goto out;
3459                 if (stp->st_stateowner->so_is_open_owner
3460                     && !(openowner(stp->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
3461                         goto out;
3462                 status = nfs4_check_openmode(stp, flags);
3463                 if (status)
3464                         goto out;
3465                 if (filpp) {
3466                         if (flags & RD_STATE)
3467                                 *filpp = find_readable_file(stp->st_file);
3468                         else
3469                                 *filpp = find_writeable_file(stp->st_file);
3470                 }
3471                 break;
3472         default:
3473                 return nfserr_bad_stateid;
3474         }
3475         status = nfs_ok;
3476 out:
3477         return status;
3478 }
3479
3480 static __be32
3481 nfsd4_free_lock_stateid(struct nfs4_ol_stateid *stp)
3482 {
3483         if (check_for_locks(stp->st_file, lockowner(stp->st_stateowner)))
3484                 return nfserr_locks_held;
3485         release_lock_stateid(stp);
3486         return nfs_ok;
3487 }
3488
3489 /*
3490  * Test if the stateid is valid
3491  */
3492 __be32
3493 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3494                    struct nfsd4_test_stateid *test_stateid)
3495 {
3496         struct nfsd4_test_stateid_id *stateid;
3497         struct nfs4_client *cl = cstate->session->se_client;
3498
3499         nfs4_lock_state();
3500         list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list)
3501                 stateid->ts_id_status = nfs4_validate_stateid(cl, &stateid->ts_id_stateid);
3502         nfs4_unlock_state();
3503
3504         return nfs_ok;
3505 }
3506
3507 __be32
3508 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3509                    struct nfsd4_free_stateid *free_stateid)
3510 {
3511         stateid_t *stateid = &free_stateid->fr_stateid;
3512         struct nfs4_stid *s;
3513         struct nfs4_client *cl = cstate->session->se_client;
3514         __be32 ret = nfserr_bad_stateid;
3515
3516         nfs4_lock_state();
3517         s = find_stateid(cl, stateid);
3518         if (!s)
3519                 goto out;
3520         switch (s->sc_type) {
3521         case NFS4_DELEG_STID:
3522                 ret = nfserr_locks_held;
3523                 goto out;
3524         case NFS4_OPEN_STID:
3525         case NFS4_LOCK_STID:
3526                 ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
3527                 if (ret)
3528                         goto out;
3529                 if (s->sc_type == NFS4_LOCK_STID)
3530                         ret = nfsd4_free_lock_stateid(openlockstateid(s));
3531                 else
3532                         ret = nfserr_locks_held;
3533                 break;
3534         default:
3535                 ret = nfserr_bad_stateid;
3536         }
3537 out:
3538         nfs4_unlock_state();
3539         return ret;
3540 }
3541
3542 static inline int
3543 setlkflg (int type)
3544 {
3545         return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
3546                 RD_STATE : WR_STATE;
3547 }
3548
3549 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp)
3550 {
3551         struct svc_fh *current_fh = &cstate->current_fh;
3552         struct nfs4_stateowner *sop = stp->st_stateowner;
3553         __be32 status;
3554
3555         status = nfsd4_check_seqid(cstate, sop, seqid);
3556         if (status)
3557                 return status;
3558         if (stp->st_stid.sc_type == NFS4_CLOSED_STID)
3559                 /*
3560                  * "Closed" stateid's exist *only* to return
3561                  * nfserr_replay_me from the previous step.
3562                  */
3563                 return nfserr_bad_stateid;
3564         status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
3565         if (status)
3566                 return status;
3567         return nfs4_check_fh(current_fh, stp);
3568 }
3569
3570 /* 
3571  * Checks for sequence id mutating operations. 
3572  */
3573 static __be32
3574 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
3575                          stateid_t *stateid, char typemask,
3576                          struct nfs4_ol_stateid **stpp)
3577 {
3578         __be32 status;
3579         struct nfs4_stid *s;
3580
3581         dprintk("NFSD: %s: seqid=%d stateid = " STATEID_FMT "\n", __func__,
3582                 seqid, STATEID_VAL(stateid));
3583
3584         *stpp = NULL;
3585         status = nfsd4_lookup_stateid(stateid, typemask, &s);
3586         if (status)
3587                 return status;
3588         *stpp = openlockstateid(s);
3589         cstate->replay_owner = (*stpp)->st_stateowner;
3590
3591         return nfs4_seqid_op_checks(cstate, stateid, seqid, *stpp);
3592 }
3593
3594 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, stateid_t *stateid, struct nfs4_ol_stateid **stpp)
3595 {
3596         __be32 status;
3597         struct nfs4_openowner *oo;
3598
3599         status = nfs4_preprocess_seqid_op(cstate, seqid, stateid,
3600                                                 NFS4_OPEN_STID, stpp);
3601         if (status)
3602                 return status;
3603         oo = openowner((*stpp)->st_stateowner);
3604         if (!(oo->oo_flags & NFS4_OO_CONFIRMED))
3605                 return nfserr_bad_stateid;
3606         return nfs_ok;
3607 }
3608
3609 __be32
3610 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3611                    struct nfsd4_open_confirm *oc)
3612 {
3613         __be32 status;
3614         struct nfs4_openowner *oo;
3615         struct nfs4_ol_stateid *stp;
3616
3617         dprintk("NFSD: nfsd4_open_confirm on file %.*s\n",
3618                         (int)cstate->current_fh.fh_dentry->d_name.len,
3619                         cstate->current_fh.fh_dentry->d_name.name);
3620
3621         status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
3622         if (status)
3623                 return status;
3624
3625         nfs4_lock_state();
3626
3627         status = nfs4_preprocess_seqid_op(cstate,
3628                                         oc->oc_seqid, &oc->oc_req_stateid,
3629                                         NFS4_OPEN_STID, &stp);
3630         if (status)
3631                 goto out;
3632         oo = openowner(stp->st_stateowner);
3633         status = nfserr_bad_stateid;
3634         if (oo->oo_flags & NFS4_OO_CONFIRMED)
3635                 goto out;
3636         oo->oo_flags |= NFS4_OO_CONFIRMED;
3637         update_stateid(&stp->st_stid.sc_stateid);
3638         memcpy(&oc->oc_resp_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3639         dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n",
3640                 __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid));
3641
3642         nfsd4_client_record_create(oo->oo_owner.so_client);
3643         status = nfs_ok;
3644 out:
3645         if (!cstate->replay_owner)
3646                 nfs4_unlock_state();
3647         return status;
3648 }
3649
3650 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access)
3651 {
3652         if (!test_bit(access, &stp->st_access_bmap))
3653                 return;
3654         nfs4_file_put_access(stp->st_file, nfs4_access_to_omode(access));
3655         __clear_bit(access, &stp->st_access_bmap);
3656 }
3657
3658 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access)
3659 {
3660         switch (to_access) {
3661         case NFS4_SHARE_ACCESS_READ:
3662                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE);
3663                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
3664                 break;
3665         case NFS4_SHARE_ACCESS_WRITE:
3666                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ);
3667                 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
3668                 break;
3669         case NFS4_SHARE_ACCESS_BOTH:
3670                 break;
3671         default:
3672                 BUG();
3673         }
3674 }
3675
3676 static void
3677 reset_union_bmap_deny(unsigned long deny, unsigned long *bmap)
3678 {
3679         int i;
3680         for (i = 0; i < 4; i++) {
3681                 if ((i & deny) != i)
3682                         __clear_bit(i, bmap);
3683         }
3684 }
3685
3686 __be32
3687 nfsd4_open_downgrade(struct svc_rqst *rqstp,
3688                      struct nfsd4_compound_state *cstate,
3689                      struct nfsd4_open_downgrade *od)
3690 {
3691         __be32 status;
3692         struct nfs4_ol_stateid *stp;
3693
3694         dprintk("NFSD: nfsd4_open_downgrade on file %.*s\n", 
3695                         (int)cstate->current_fh.fh_dentry->d_name.len,
3696                         cstate->current_fh.fh_dentry->d_name.name);
3697
3698         /* We don't yet support WANT bits: */
3699         if (od->od_deleg_want)
3700                 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__,
3701                         od->od_deleg_want);
3702
3703         nfs4_lock_state();
3704         status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid,
3705                                         &od->od_stateid, &stp);
3706         if (status)
3707                 goto out; 
3708         status = nfserr_inval;
3709         if (!test_bit(od->od_share_access, &stp->st_access_bmap)) {
3710                 dprintk("NFSD:access not a subset current bitmap: 0x%lx, input access=%08x\n",
3711                         stp->st_access_bmap, od->od_share_access);
3712                 goto out;
3713         }
3714         if (!test_bit(od->od_share_deny, &stp->st_deny_bmap)) {
3715                 dprintk("NFSD:deny not a subset current bitmap: 0x%lx, input deny=%08x\n",
3716                         stp->st_deny_bmap, od->od_share_deny);
3717                 goto out;
3718         }
3719         nfs4_stateid_downgrade(stp, od->od_share_access);
3720
3721         reset_union_bmap_deny(od->od_share_deny, &stp->st_deny_bmap);
3722
3723         update_stateid(&stp->st_stid.sc_stateid);
3724         memcpy(&od->od_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3725         status = nfs_ok;
3726 out:
3727         if (!cstate->replay_owner)
3728                 nfs4_unlock_state();
3729         return status;
3730 }
3731
3732 void nfsd4_purge_closed_stateid(struct nfs4_stateowner *so)
3733 {
3734         struct nfs4_openowner *oo;
3735         struct nfs4_ol_stateid *s;
3736
3737         if (!so->so_is_open_owner)
3738                 return;
3739         oo = openowner(so);
3740         s = oo->oo_last_closed_stid;
3741         if (!s)
3742                 return;
3743         if (!(oo->oo_flags & NFS4_OO_PURGE_CLOSE)) {
3744                 /* Release the last_closed_stid on the next seqid bump: */
3745                 oo->oo_flags |= NFS4_OO_PURGE_CLOSE;
3746                 return;
3747         }
3748         oo->oo_flags &= ~NFS4_OO_PURGE_CLOSE;
3749         release_last_closed_stateid(oo);
3750 }
3751
3752 static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
3753 {
3754         unhash_open_stateid(s);
3755         s->st_stid.sc_type = NFS4_CLOSED_STID;
3756 }
3757
3758 /*
3759  * nfs4_unlock_state() called after encode
3760  */
3761 __be32
3762 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3763             struct nfsd4_close *close)
3764 {
3765         __be32 status;
3766         struct nfs4_openowner *oo;
3767         struct nfs4_ol_stateid *stp;
3768
3769         dprintk("NFSD: nfsd4_close on file %.*s\n", 
3770                         (int)cstate->current_fh.fh_dentry->d_name.len,
3771                         cstate->current_fh.fh_dentry->d_name.name);
3772
3773         nfs4_lock_state();
3774         status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid,
3775                                         &close->cl_stateid,
3776                                         NFS4_OPEN_STID|NFS4_CLOSED_STID,
3777                                         &stp);
3778         if (status)
3779                 goto out; 
3780         oo = openowner(stp->st_stateowner);
3781         status = nfs_ok;
3782         update_stateid(&stp->st_stid.sc_stateid);
3783         memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3784
3785         nfsd4_close_open_stateid(stp);
3786         oo->oo_last_closed_stid = stp;
3787
3788         /* place unused nfs4_stateowners on so_close_lru list to be
3789          * released by the laundromat service after the lease period
3790          * to enable us to handle CLOSE replay
3791          */
3792         if (list_empty(&oo->oo_owner.so_stateids))
3793                 move_to_close_lru(oo);
3794 out:
3795         if (!cstate->replay_owner)
3796                 nfs4_unlock_state();
3797         return status;
3798 }
3799
3800 __be32
3801 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3802                   struct nfsd4_delegreturn *dr)
3803 {
3804         struct nfs4_delegation *dp;
3805         stateid_t *stateid = &dr->dr_stateid;
3806         struct nfs4_stid *s;
3807         struct inode *inode;
3808         __be32 status;
3809
3810         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
3811                 return status;
3812         inode = cstate->current_fh.fh_dentry->d_inode;
3813
3814         nfs4_lock_state();
3815         status = nfsd4_lookup_stateid(stateid, NFS4_DELEG_STID, &s);
3816         if (status)
3817                 goto out;
3818         dp = delegstateid(s);
3819         status = check_stateid_generation(stateid, &dp->dl_stid.sc_stateid, nfsd4_has_session(cstate));
3820         if (status)
3821                 goto out;
3822
3823         unhash_delegation(dp);
3824 out:
3825         nfs4_unlock_state();
3826
3827         return status;
3828 }
3829
3830
3831 #define LOFF_OVERFLOW(start, len)      ((u64)(len) > ~(u64)(start))
3832
3833 #define LOCKOWNER_INO_HASH_BITS 8
3834 #define LOCKOWNER_INO_HASH_SIZE (1 << LOCKOWNER_INO_HASH_BITS)
3835 #define LOCKOWNER_INO_HASH_MASK (LOCKOWNER_INO_HASH_SIZE - 1)
3836
3837 static inline u64
3838 end_offset(u64 start, u64 len)
3839 {
3840         u64 end;
3841
3842         end = start + len;
3843         return end >= start ? end: NFS4_MAX_UINT64;
3844 }
3845
3846 /* last octet in a range */
3847 static inline u64
3848 last_byte_offset(u64 start, u64 len)
3849 {
3850         u64 end;
3851
3852         BUG_ON(!len);
3853         end = start + len;
3854         return end > start ? end - 1: NFS4_MAX_UINT64;
3855 }
3856
3857 static unsigned int lockowner_ino_hashval(struct inode *inode, u32 cl_id, struct xdr_netobj *ownername)
3858 {
3859         return (file_hashval(inode) + cl_id
3860                         + opaque_hashval(ownername->data, ownername->len))
3861                 & LOCKOWNER_INO_HASH_MASK;
3862 }
3863
3864 static struct list_head lockowner_ino_hashtbl[LOCKOWNER_INO_HASH_SIZE];
3865
3866 /*
3867  * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
3868  * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
3869  * byte, because of sign extension problems.  Since NFSv4 calls for 64-bit
3870  * locking, this prevents us from being completely protocol-compliant.  The
3871  * real solution to this problem is to start using unsigned file offsets in
3872  * the VFS, but this is a very deep change!
3873  */
3874 static inline void
3875 nfs4_transform_lock_offset(struct file_lock *lock)
3876 {
3877         if (lock->fl_start < 0)
3878                 lock->fl_start = OFFSET_MAX;
3879         if (lock->fl_end < 0)
3880                 lock->fl_end = OFFSET_MAX;
3881 }
3882
3883 /* Hack!: For now, we're defining this just so we can use a pointer to it
3884  * as a unique cookie to identify our (NFSv4's) posix locks. */
3885 static const struct lock_manager_operations nfsd_posix_mng_ops  = {
3886 };
3887
3888 static inline void
3889 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
3890 {
3891         struct nfs4_lockowner *lo;
3892
3893         if (fl->fl_lmops == &nfsd_posix_mng_ops) {
3894                 lo = (struct nfs4_lockowner *) fl->fl_owner;
3895                 deny->ld_owner.data = kmemdup(lo->lo_owner.so_owner.data,
3896                                         lo->lo_owner.so_owner.len, GFP_KERNEL);
3897                 if (!deny->ld_owner.data)
3898                         /* We just don't care that much */
3899                         goto nevermind;
3900                 deny->ld_owner.len = lo->lo_owner.so_owner.len;
3901                 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid;
3902         } else {
3903 nevermind:
3904                 deny->ld_owner.len = 0;
3905                 deny->ld_owner.data = NULL;
3906                 deny->ld_clientid.cl_boot = 0;
3907                 deny->ld_clientid.cl_id = 0;
3908         }
3909         deny->ld_start = fl->fl_start;
3910         deny->ld_length = NFS4_MAX_UINT64;
3911         if (fl->fl_end != NFS4_MAX_UINT64)
3912                 deny->ld_length = fl->fl_end - fl->fl_start + 1;        
3913         deny->ld_type = NFS4_READ_LT;
3914         if (fl->fl_type != F_RDLCK)
3915                 deny->ld_type = NFS4_WRITE_LT;
3916 }
3917
3918 static bool same_lockowner_ino(struct nfs4_lockowner *lo, struct inode *inode, clientid_t *clid, struct xdr_netobj *owner)
3919 {
3920         struct nfs4_ol_stateid *lst;
3921
3922         if (!same_owner_str(&lo->lo_owner, owner, clid))
3923                 return false;
3924         lst = list_first_entry(&lo->lo_owner.so_stateids,
3925                                struct nfs4_ol_stateid, st_perstateowner);
3926         return lst->st_file->fi_inode == inode;
3927 }
3928
3929 static struct nfs4_lockowner *
3930 find_lockowner_str(struct inode *inode, clientid_t *clid,
3931                 struct xdr_netobj *owner)
3932 {
3933         unsigned int hashval = lockowner_ino_hashval(inode, clid->cl_id, owner);
3934         struct nfs4_lockowner *lo;
3935
3936         list_for_each_entry(lo, &lockowner_ino_hashtbl[hashval], lo_owner_ino_hash) {
3937                 if (same_lockowner_ino(lo, inode, clid, owner))
3938                         return lo;
3939         }
3940         return NULL;
3941 }
3942
3943 static void hash_lockowner(struct nfs4_lockowner *lo, unsigned int strhashval, struct nfs4_client *clp, struct nfs4_ol_stateid *open_stp)
3944 {
3945         struct inode *inode = open_stp->st_file->fi_inode;
3946         unsigned int inohash = lockowner_ino_hashval(inode,
3947                         clp->cl_clientid.cl_id, &lo->lo_owner.so_owner);
3948
3949         list_add(&lo->lo_owner.so_strhash, &ownerstr_hashtbl[strhashval]);
3950         list_add(&lo->lo_owner_ino_hash, &lockowner_ino_hashtbl[inohash]);
3951         list_add(&lo->lo_perstateid, &open_stp->st_lockowners);
3952 }
3953
3954 /*
3955  * Alloc a lock owner structure.
3956  * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 
3957  * occurred. 
3958  *
3959  * strhashval = ownerstr_hashval
3960  */
3961
3962 static struct nfs4_lockowner *
3963 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, struct nfs4_ol_stateid *open_stp, struct nfsd4_lock *lock) {
3964         struct nfs4_lockowner *lo;
3965
3966         lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp);
3967         if (!lo)
3968                 return NULL;
3969         INIT_LIST_HEAD(&lo->lo_owner.so_stateids);
3970         lo->lo_owner.so_is_open_owner = 0;
3971         /* It is the openowner seqid that will be incremented in encode in the
3972          * case of new lockowners; so increment the lock seqid manually: */
3973         lo->lo_owner.so_seqid = lock->lk_new_lock_seqid + 1;
3974         hash_lockowner(lo, strhashval, clp, open_stp);
3975         return lo;
3976 }
3977
3978 static struct nfs4_ol_stateid *
3979 alloc_init_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fp, struct nfs4_ol_stateid *open_stp)
3980 {
3981         struct nfs4_ol_stateid *stp;
3982         struct nfs4_client *clp = lo->lo_owner.so_client;
3983
3984         stp = nfs4_alloc_stateid(clp);
3985         if (stp == NULL)
3986                 return NULL;
3987         init_stid(&stp->st_stid, clp, NFS4_LOCK_STID);
3988         list_add(&stp->st_perfile, &fp->fi_stateids);
3989         list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
3990         stp->st_stateowner = &lo->lo_owner;
3991         get_nfs4_file(fp);
3992         stp->st_file = fp;
3993         stp->st_access_bmap = 0;
3994         stp->st_deny_bmap = open_stp->st_deny_bmap;
3995         stp->st_openstp = open_stp;
3996         return stp;
3997 }
3998
3999 static int
4000 check_lock_length(u64 offset, u64 length)
4001 {
4002         return ((length == 0)  || ((length != NFS4_MAX_UINT64) &&
4003              LOFF_OVERFLOW(offset, length)));
4004 }
4005
4006 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access)
4007 {
4008         struct nfs4_file *fp = lock_stp->st_file;
4009         int oflag = nfs4_access_to_omode(access);
4010
4011         if (test_bit(access, &lock_stp->st_access_bmap))
4012                 return;
4013         nfs4_file_get_access(fp, oflag);
4014         __set_bit(access, &lock_stp->st_access_bmap);
4015 }
4016
4017 __be32 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, struct nfs4_ol_stateid *ost, struct nfsd4_lock *lock, struct nfs4_ol_stateid **lst, bool *new)
4018 {
4019         struct nfs4_file *fi = ost->st_file;
4020         struct nfs4_openowner *oo = openowner(ost->st_stateowner);
4021         struct nfs4_client *cl = oo->oo_owner.so_client;
4022         struct nfs4_lockowner *lo;
4023         unsigned int strhashval;
4024
4025         lo = find_lockowner_str(fi->fi_inode, &cl->cl_clientid, &lock->v.new.owner);
4026         if (lo) {
4027                 if (!cstate->minorversion)
4028                         return nfserr_bad_seqid;
4029                 /* XXX: a lockowner always has exactly one stateid: */
4030                 *lst = list_first_entry(&lo->lo_owner.so_stateids,
4031                                 struct nfs4_ol_stateid, st_perstateowner);
4032                 return nfs_ok;
4033         }
4034         strhashval = ownerstr_hashval(cl->cl_clientid.cl_id,
4035                         &lock->v.new.owner);
4036         lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock);
4037         if (lo == NULL)
4038                 return nfserr_jukebox;
4039         *lst = alloc_init_lock_stateid(lo, fi, ost);
4040         if (*lst == NULL) {
4041                 release_lockowner(lo);
4042                 return nfserr_jukebox;
4043         }
4044         *new = true;
4045         return nfs_ok;
4046 }
4047
4048 /*
4049  *  LOCK operation 
4050  */
4051 __be32
4052 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4053            struct nfsd4_lock *lock)
4054 {
4055         struct nfs4_openowner *open_sop = NULL;
4056         struct nfs4_lockowner *lock_sop = NULL;
4057         struct nfs4_ol_stateid *lock_stp;
4058         struct nfs4_file *fp;
4059         struct file *filp = NULL;
4060         struct file_lock file_lock;
4061         struct file_lock conflock;
4062         __be32 status = 0;
4063         bool new_state = false;
4064         int lkflg;
4065         int err;
4066
4067         dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
4068                 (long long) lock->lk_offset,
4069                 (long long) lock->lk_length);
4070
4071         if (check_lock_length(lock->lk_offset, lock->lk_length))
4072                  return nfserr_inval;
4073
4074         if ((status = fh_verify(rqstp, &cstate->current_fh,
4075                                 S_IFREG, NFSD_MAY_LOCK))) {
4076                 dprintk("NFSD: nfsd4_lock: permission denied!\n");
4077                 return status;
4078         }
4079
4080         nfs4_lock_state();
4081
4082         if (lock->lk_is_new) {
4083                 /*
4084                  * Client indicates that this is a new lockowner.
4085                  * Use open owner and open stateid to create lock owner and
4086                  * lock stateid.
4087                  */
4088                 struct nfs4_ol_stateid *open_stp = NULL;
4089
4090                 if (nfsd4_has_session(cstate))
4091                         /* See rfc 5661 18.10.3: given clientid is ignored: */
4092                         memcpy(&lock->v.new.clientid,
4093                                 &cstate->session->se_client->cl_clientid,
4094                                 sizeof(clientid_t));
4095
4096                 status = nfserr_stale_clientid;
4097                 if (STALE_CLIENTID(&lock->lk_new_clientid))
4098                         goto out;
4099
4100                 /* validate and update open stateid and open seqid */
4101                 status = nfs4_preprocess_confirmed_seqid_op(cstate,
4102                                         lock->lk_new_open_seqid,
4103                                         &lock->lk_new_open_stateid,
4104                                         &open_stp);
4105                 if (status)
4106                         goto out;
4107                 open_sop = openowner(open_stp->st_stateowner);
4108                 status = nfserr_bad_stateid;
4109                 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
4110                                                 &lock->v.new.clientid))
4111                         goto out;
4112                 status = lookup_or_create_lock_state(cstate, open_stp, lock,
4113                                                         &lock_stp, &new_state);
4114                 if (status)
4115                         goto out;
4116         } else {
4117                 /* lock (lock owner + lock stateid) already exists */
4118                 status = nfs4_preprocess_seqid_op(cstate,
4119                                        lock->lk_old_lock_seqid,
4120                                        &lock->lk_old_lock_stateid,
4121                                        NFS4_LOCK_STID, &lock_stp);
4122                 if (status)
4123                         goto out;
4124         }
4125         lock_sop = lockowner(lock_stp->st_stateowner);
4126         fp = lock_stp->st_file;
4127
4128         lkflg = setlkflg(lock->lk_type);
4129         status = nfs4_check_openmode(lock_stp, lkflg);
4130         if (status)
4131                 goto out;
4132
4133         status = nfserr_grace;
4134         if (locks_in_grace() && !lock->lk_reclaim)
4135                 goto out;
4136         status = nfserr_no_grace;
4137         if (!locks_in_grace() && lock->lk_reclaim)
4138                 goto out;
4139
4140         locks_init_lock(&file_lock);
4141         switch (lock->lk_type) {
4142                 case NFS4_READ_LT:
4143                 case NFS4_READW_LT:
4144                         filp = find_readable_file(lock_stp->st_file);
4145                         if (filp)
4146                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
4147                         file_lock.fl_type = F_RDLCK;
4148                         break;
4149                 case NFS4_WRITE_LT:
4150                 case NFS4_WRITEW_LT:
4151                         filp = find_writeable_file(lock_stp->st_file);
4152                         if (filp)
4153                                 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
4154                         file_lock.fl_type = F_WRLCK;
4155                         break;
4156                 default:
4157                         status = nfserr_inval;
4158                 goto out;
4159         }
4160         if (!filp) {
4161                 status = nfserr_openmode;
4162                 goto out;
4163         }
4164         file_lock.fl_owner = (fl_owner_t)lock_sop;
4165         file_lock.fl_pid = current->tgid;
4166         file_lock.fl_file = filp;
4167         file_lock.fl_flags = FL_POSIX;
4168         file_lock.fl_lmops = &nfsd_posix_mng_ops;
4169
4170         file_lock.fl_start = lock->lk_offset;
4171         file_lock.fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
4172         nfs4_transform_lock_offset(&file_lock);
4173
4174         /*
4175         * Try to lock the file in the VFS.
4176         * Note: locks.c uses the BKL to protect the inode's lock list.
4177         */
4178
4179         err = vfs_lock_file(filp, F_SETLK, &file_lock, &conflock);
4180         switch (-err) {
4181         case 0: /* success! */
4182                 update_stateid(&lock_stp->st_stid.sc_stateid);
4183                 memcpy(&lock->lk_resp_stateid, &lock_stp->st_stid.sc_stateid, 
4184                                 sizeof(stateid_t));
4185                 status = 0;
4186                 break;
4187         case (EAGAIN):          /* conflock holds conflicting lock */
4188                 status = nfserr_denied;
4189                 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
4190                 nfs4_set_lock_denied(&conflock, &lock->lk_denied);
4191                 break;
4192         case (EDEADLK):
4193                 status = nfserr_deadlock;
4194                 break;
4195         default:
4196                 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
4197                 status = nfserrno(err);
4198                 break;
4199         }
4200 out:
4201         if (status && new_state)
4202                 release_lockowner(lock_sop);
4203         if (!cstate->replay_owner)
4204                 nfs4_unlock_state();
4205         return status;
4206 }
4207
4208 /*
4209  * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
4210  * so we do a temporary open here just to get an open file to pass to
4211  * vfs_test_lock.  (Arguably perhaps test_lock should be done with an
4212  * inode operation.)
4213  */
4214 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
4215 {
4216         struct file *file;
4217         __be32 err = nfsd_open(rqstp, fhp, S_IFREG, NFSD_MAY_READ, &file);
4218         if (!err) {
4219                 err = nfserrno(vfs_test_lock(file, lock));
4220                 nfsd_close(file);
4221         }
4222         return err;
4223 }
4224
4225 /*
4226  * LOCKT operation
4227  */
4228 __be32
4229 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4230             struct nfsd4_lockt *lockt)
4231 {
4232         struct inode *inode;
4233         struct file_lock file_lock;
4234         struct nfs4_lockowner *lo;
4235         __be32 status;
4236
4237         if (locks_in_grace())
4238                 return nfserr_grace;
4239
4240         if (check_lock_length(lockt->lt_offset, lockt->lt_length))
4241                  return nfserr_inval;
4242
4243         nfs4_lock_state();
4244
4245         status = nfserr_stale_clientid;
4246         if (!nfsd4_has_session(cstate) && STALE_CLIENTID(&lockt->lt_clientid))
4247                 goto out;
4248
4249         if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
4250                 goto out;
4251
4252         inode = cstate->current_fh.fh_dentry->d_inode;
4253         locks_init_lock(&file_lock);
4254         switch (lockt->lt_type) {
4255                 case NFS4_READ_LT:
4256                 case NFS4_READW_LT:
4257                         file_lock.fl_type = F_RDLCK;
4258                 break;
4259                 case NFS4_WRITE_LT:
4260                 case NFS4_WRITEW_LT:
4261                         file_lock.fl_type = F_WRLCK;
4262                 break;
4263                 default:
4264                         dprintk("NFSD: nfs4_lockt: bad lock type!\n");
4265                         status = nfserr_inval;
4266                 goto out;
4267         }
4268
4269         lo = find_lockowner_str(inode, &lockt->lt_clientid, &lockt->lt_owner);
4270         if (lo)
4271                 file_lock.fl_owner = (fl_owner_t)lo;
4272         file_lock.fl_pid = current->tgid;
4273         file_lock.fl_flags = FL_POSIX;
4274
4275         file_lock.fl_start = lockt->lt_offset;
4276         file_lock.fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
4277
4278         nfs4_transform_lock_offset(&file_lock);
4279
4280         status = nfsd_test_lock(rqstp, &cstate->current_fh, &file_lock);
4281         if (status)
4282                 goto out;
4283
4284         if (file_lock.fl_type != F_UNLCK) {
4285                 status = nfserr_denied;
4286                 nfs4_set_lock_denied(&file_lock, &lockt->lt_denied);
4287         }
4288 out:
4289         nfs4_unlock_state();
4290         return status;
4291 }
4292
4293 __be32
4294 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4295             struct nfsd4_locku *locku)
4296 {
4297         struct nfs4_ol_stateid *stp;
4298         struct file *filp = NULL;
4299         struct file_lock file_lock;
4300         __be32 status;
4301         int err;
4302                                                         
4303         dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
4304                 (long long) locku->lu_offset,
4305                 (long long) locku->lu_length);
4306
4307         if (check_lock_length(locku->lu_offset, locku->lu_length))
4308                  return nfserr_inval;
4309
4310         nfs4_lock_state();
4311                                                                                 
4312         status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid,
4313                                         &locku->lu_stateid, NFS4_LOCK_STID, &stp);
4314         if (status)
4315                 goto out;
4316         filp = find_any_file(stp->st_file);
4317         if (!filp) {
4318                 status = nfserr_lock_range;
4319                 goto out;
4320         }
4321         BUG_ON(!filp);
4322         locks_init_lock(&file_lock);
4323         file_lock.fl_type = F_UNLCK;
4324         file_lock.fl_owner = (fl_owner_t)lockowner(stp->st_stateowner);
4325         file_lock.fl_pid = current->tgid;
4326         file_lock.fl_file = filp;
4327         file_lock.fl_flags = FL_POSIX; 
4328         file_lock.fl_lmops = &nfsd_posix_mng_ops;
4329         file_lock.fl_start = locku->lu_offset;
4330
4331         file_lock.fl_end = last_byte_offset(locku->lu_offset, locku->lu_length);
4332         nfs4_transform_lock_offset(&file_lock);
4333
4334         /*
4335         *  Try to unlock the file in the VFS.
4336         */
4337         err = vfs_lock_file(filp, F_SETLK, &file_lock, NULL);
4338         if (err) {
4339                 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
4340                 goto out_nfserr;
4341         }
4342         /*
4343         * OK, unlock succeeded; the only thing left to do is update the stateid.
4344         */
4345         update_stateid(&stp->st_stid.sc_stateid);
4346         memcpy(&locku->lu_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
4347
4348 out:
4349         if (!cstate->replay_owner)
4350                 nfs4_unlock_state();
4351         return status;
4352
4353 out_nfserr:
4354         status = nfserrno(err);
4355         goto out;
4356 }
4357
4358 /*
4359  * returns
4360  *      1: locks held by lockowner
4361  *      0: no locks held by lockowner
4362  */
4363 static int
4364 check_for_locks(struct nfs4_file *filp, struct nfs4_lockowner *lowner)
4365 {
4366         struct file_lock **flpp;
4367         struct inode *inode = filp->fi_inode;
4368         int status = 0;
4369
4370         lock_flocks();
4371         for (flpp = &inode->i_flock; *flpp != NULL; flpp = &(*flpp)->fl_next) {
4372                 if ((*flpp)->fl_owner == (fl_owner_t)lowner) {
4373                         status = 1;
4374                         goto out;
4375                 }
4376         }
4377 out:
4378         unlock_flocks();
4379         return status;
4380 }
4381
4382 __be32
4383 nfsd4_release_lockowner(struct svc_rqst *rqstp,
4384                         struct nfsd4_compound_state *cstate,
4385                         struct nfsd4_release_lockowner *rlockowner)
4386 {
4387         clientid_t *clid = &rlockowner->rl_clientid;
4388         struct nfs4_stateowner *sop;
4389         struct nfs4_lockowner *lo;
4390         struct nfs4_ol_stateid *stp;
4391         struct xdr_netobj *owner = &rlockowner->rl_owner;
4392         struct list_head matches;
4393         unsigned int hashval = ownerstr_hashval(clid->cl_id, owner);
4394         __be32 status;
4395
4396         dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
4397                 clid->cl_boot, clid->cl_id);
4398
4399         /* XXX check for lease expiration */
4400
4401         status = nfserr_stale_clientid;
4402         if (STALE_CLIENTID(clid))
4403                 return status;
4404
4405         nfs4_lock_state();
4406
4407         status = nfserr_locks_held;
4408         INIT_LIST_HEAD(&matches);
4409
4410         list_for_each_entry(sop, &ownerstr_hashtbl[hashval], so_strhash) {
4411                 if (sop->so_is_open_owner)
4412                         continue;
4413                 if (!same_owner_str(sop, owner, clid))
4414                         continue;
4415                 list_for_each_entry(stp, &sop->so_stateids,
4416                                 st_perstateowner) {
4417                         lo = lockowner(sop);
4418                         if (check_for_locks(stp->st_file, lo))
4419                                 goto out;
4420                         list_add(&lo->lo_list, &matches);
4421                 }
4422         }
4423         /* Clients probably won't expect us to return with some (but not all)
4424          * of the lockowner state released; so don't release any until all
4425          * have been checked. */
4426         status = nfs_ok;
4427         while (!list_empty(&matches)) {
4428                 lo = list_entry(matches.next, struct nfs4_lockowner,
4429                                                                 lo_list);
4430                 /* unhash_stateowner deletes so_perclient only
4431                  * for openowners. */
4432                 list_del(&lo->lo_list);
4433                 release_lockowner(lo);
4434         }
4435 out:
4436         nfs4_unlock_state();
4437         return status;
4438 }
4439
4440 static inline struct nfs4_client_reclaim *
4441 alloc_reclaim(void)
4442 {
4443         return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
4444 }
4445
4446 int
4447 nfs4_has_reclaimed_state(const char *name, bool use_exchange_id)
4448 {
4449         unsigned int strhashval = clientstr_hashval(name);
4450         struct nfs4_client *clp;
4451
4452         clp = find_confirmed_client_by_str(name, strhashval);
4453         if (!clp)
4454                 return 0;
4455         return test_bit(NFSD4_CLIENT_STABLE, &clp->cl_flags);
4456 }
4457
4458 /*
4459  * failure => all reset bets are off, nfserr_no_grace...
4460  */
4461 int
4462 nfs4_client_to_reclaim(const char *name)
4463 {
4464         unsigned int strhashval;
4465         struct nfs4_client_reclaim *crp = NULL;
4466
4467         dprintk("NFSD nfs4_client_to_reclaim NAME: %.*s\n", HEXDIR_LEN, name);
4468         crp = alloc_reclaim();
4469         if (!crp)
4470                 return 0;
4471         strhashval = clientstr_hashval(name);
4472         INIT_LIST_HEAD(&crp->cr_strhash);
4473         list_add(&crp->cr_strhash, &reclaim_str_hashtbl[strhashval]);
4474         memcpy(crp->cr_recdir, name, HEXDIR_LEN);
4475         reclaim_str_hashtbl_size++;
4476         return 1;
4477 }
4478
4479 void
4480 nfs4_release_reclaim(void)
4481 {
4482         struct nfs4_client_reclaim *crp = NULL;
4483         int i;
4484
4485         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4486                 while (!list_empty(&reclaim_str_hashtbl[i])) {
4487                         crp = list_entry(reclaim_str_hashtbl[i].next,
4488                                         struct nfs4_client_reclaim, cr_strhash);
4489                         list_del(&crp->cr_strhash);
4490                         kfree(crp);
4491                         reclaim_str_hashtbl_size--;
4492                 }
4493         }
4494         BUG_ON(reclaim_str_hashtbl_size);
4495 }
4496
4497 /*
4498  * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
4499 struct nfs4_client_reclaim *
4500 nfsd4_find_reclaim_client(struct nfs4_client *clp)
4501 {
4502         unsigned int strhashval;
4503         struct nfs4_client_reclaim *crp = NULL;
4504
4505         dprintk("NFSD: nfs4_find_reclaim_client for %.*s with recdir %s\n",
4506                             clp->cl_name.len, clp->cl_name.data,
4507                             clp->cl_recdir);
4508
4509         /* find clp->cl_name in reclaim_str_hashtbl */
4510         strhashval = clientstr_hashval(clp->cl_recdir);
4511         list_for_each_entry(crp, &reclaim_str_hashtbl[strhashval], cr_strhash) {
4512                 if (same_name(crp->cr_recdir, clp->cl_recdir)) {
4513                         return crp;
4514                 }
4515         }
4516         return NULL;
4517 }
4518
4519 /*
4520 * Called from OPEN. Look for clientid in reclaim list.
4521 */
4522 __be32
4523 nfs4_check_open_reclaim(clientid_t *clid)
4524 {
4525         struct nfs4_client *clp;
4526
4527         /* find clientid in conf_id_hashtbl */
4528         clp = find_confirmed_client(clid);
4529         if (clp == NULL)
4530                 return nfserr_reclaim_bad;
4531
4532         return nfsd4_client_record_check(clp) ? nfserr_reclaim_bad : nfs_ok;
4533 }
4534
4535 #ifdef CONFIG_NFSD_FAULT_INJECTION
4536
4537 void nfsd_forget_clients(u64 num)
4538 {
4539         struct nfs4_client *clp, *next;
4540         int count = 0;
4541
4542         nfs4_lock_state();
4543         list_for_each_entry_safe(clp, next, &client_lru, cl_lru) {
4544                 nfsd4_client_record_remove(clp);
4545                 expire_client(clp);
4546                 if (++count == num)
4547                         break;
4548         }
4549         nfs4_unlock_state();
4550
4551         printk(KERN_INFO "NFSD: Forgot %d clients", count);
4552 }
4553
4554 static void release_lockowner_sop(struct nfs4_stateowner *sop)
4555 {
4556         release_lockowner(lockowner(sop));
4557 }
4558
4559 static void release_openowner_sop(struct nfs4_stateowner *sop)
4560 {
4561         release_openowner(openowner(sop));
4562 }
4563
4564 static int nfsd_release_n_owners(u64 num, bool is_open_owner,
4565                                 void (*release_sop)(struct nfs4_stateowner *))
4566 {
4567         int i, count = 0;
4568         struct nfs4_stateowner *sop, *next;
4569
4570         for (i = 0; i < OWNER_HASH_SIZE; i++) {
4571                 list_for_each_entry_safe(sop, next, &ownerstr_hashtbl[i], so_strhash) {
4572                         if (sop->so_is_open_owner != is_open_owner)
4573                                 continue;
4574                         release_sop(sop);
4575                         if (++count == num)
4576                                 return count;
4577                 }
4578         }
4579         return count;
4580 }
4581
4582 void nfsd_forget_locks(u64 num)
4583 {
4584         int count;
4585
4586         nfs4_lock_state();
4587         count = nfsd_release_n_owners(num, false, release_lockowner_sop);
4588         nfs4_unlock_state();
4589
4590         printk(KERN_INFO "NFSD: Forgot %d locks", count);
4591 }
4592
4593 void nfsd_forget_openowners(u64 num)
4594 {
4595         int count;
4596
4597         nfs4_lock_state();
4598         count = nfsd_release_n_owners(num, true, release_openowner_sop);
4599         nfs4_unlock_state();
4600
4601         printk(KERN_INFO "NFSD: Forgot %d open owners", count);
4602 }
4603
4604 int nfsd_process_n_delegations(u64 num, void (*deleg_func)(struct nfs4_delegation *))
4605 {
4606         int i, count = 0;
4607         struct nfs4_file *fp, *fnext;
4608         struct nfs4_delegation *dp, *dnext;
4609
4610         for (i = 0; i < FILE_HASH_SIZE; i++) {
4611                 list_for_each_entry_safe(fp, fnext, &file_hashtbl[i], fi_hash) {
4612                         list_for_each_entry_safe(dp, dnext, &fp->fi_delegations, dl_perfile) {
4613                                 deleg_func(dp);
4614                                 if (++count == num)
4615                                         return count;
4616                         }
4617                 }
4618         }
4619
4620         return count;
4621 }
4622
4623 void nfsd_forget_delegations(u64 num)
4624 {
4625         unsigned int count;
4626
4627         nfs4_lock_state();
4628         count = nfsd_process_n_delegations(num, unhash_delegation);
4629         nfs4_unlock_state();
4630
4631         printk(KERN_INFO "NFSD: Forgot %d delegations", count);
4632 }
4633
4634 void nfsd_recall_delegations(u64 num)
4635 {
4636         unsigned int count;
4637
4638         nfs4_lock_state();
4639         spin_lock(&recall_lock);
4640         count = nfsd_process_n_delegations(num, nfsd_break_one_deleg);
4641         spin_unlock(&recall_lock);
4642         nfs4_unlock_state();
4643
4644         printk(KERN_INFO "NFSD: Recalled %d delegations", count);
4645 }
4646
4647 #endif /* CONFIG_NFSD_FAULT_INJECTION */
4648
4649 /* initialization to perform at module load time: */
4650
4651 void
4652 nfs4_state_init(void)
4653 {
4654         int i;
4655
4656         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4657                 INIT_LIST_HEAD(&conf_id_hashtbl[i]);
4658                 INIT_LIST_HEAD(&conf_str_hashtbl[i]);
4659                 INIT_LIST_HEAD(&unconf_str_hashtbl[i]);
4660                 INIT_LIST_HEAD(&unconf_id_hashtbl[i]);
4661                 INIT_LIST_HEAD(&reclaim_str_hashtbl[i]);
4662         }
4663         for (i = 0; i < SESSION_HASH_SIZE; i++)
4664                 INIT_LIST_HEAD(&sessionid_hashtbl[i]);
4665         for (i = 0; i < FILE_HASH_SIZE; i++) {
4666                 INIT_LIST_HEAD(&file_hashtbl[i]);
4667         }
4668         for (i = 0; i < OWNER_HASH_SIZE; i++) {
4669                 INIT_LIST_HEAD(&ownerstr_hashtbl[i]);
4670         }
4671         for (i = 0; i < LOCKOWNER_INO_HASH_SIZE; i++)
4672                 INIT_LIST_HEAD(&lockowner_ino_hashtbl[i]);
4673         INIT_LIST_HEAD(&close_lru);
4674         INIT_LIST_HEAD(&client_lru);
4675         INIT_LIST_HEAD(&del_recall_lru);
4676         reclaim_str_hashtbl_size = 0;
4677 }
4678
4679 /*
4680  * Since the lifetime of a delegation isn't limited to that of an open, a
4681  * client may quite reasonably hang on to a delegation as long as it has
4682  * the inode cached.  This becomes an obvious problem the first time a
4683  * client's inode cache approaches the size of the server's total memory.
4684  *
4685  * For now we avoid this problem by imposing a hard limit on the number
4686  * of delegations, which varies according to the server's memory size.
4687  */
4688 static void
4689 set_max_delegations(void)
4690 {
4691         /*
4692          * Allow at most 4 delegations per megabyte of RAM.  Quick
4693          * estimates suggest that in the worst case (where every delegation
4694          * is for a different inode), a delegation could take about 1.5K,
4695          * giving a worst case usage of about 6% of memory.
4696          */
4697         max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT);
4698 }
4699
4700 /* initialization to perform when the nfsd service is started: */
4701
4702 int
4703 nfs4_state_start(void)
4704 {
4705         int ret;
4706
4707         /*
4708          * FIXME: For now, we hang most of the pernet global stuff off of
4709          * init_net until nfsd is fully containerized. Eventually, we'll
4710          * need to pass a net pointer into this function, take a reference
4711          * to that instead and then do most of the rest of this on a per-net
4712          * basis.
4713          */
4714         get_net(&init_net);
4715         nfsd4_client_tracking_init(&init_net);
4716         boot_time = get_seconds();
4717         locks_start_grace(&nfsd4_manager);
4718         printk(KERN_INFO "NFSD: starting %ld-second grace period\n",
4719                nfsd4_grace);
4720         ret = set_callback_cred();
4721         if (ret) {
4722                 ret = -ENOMEM;
4723                 goto out_recovery;
4724         }
4725         laundry_wq = create_singlethread_workqueue("nfsd4");
4726         if (laundry_wq == NULL) {
4727                 ret = -ENOMEM;
4728                 goto out_recovery;
4729         }
4730         ret = nfsd4_create_callback_queue();
4731         if (ret)
4732                 goto out_free_laundry;
4733         queue_delayed_work(laundry_wq, &laundromat_work, nfsd4_grace * HZ);
4734         set_max_delegations();
4735         return 0;
4736 out_free_laundry:
4737         destroy_workqueue(laundry_wq);
4738 out_recovery:
4739         nfsd4_client_tracking_exit(&init_net);
4740         put_net(&init_net);
4741         return ret;
4742 }
4743
4744 static void
4745 __nfs4_state_shutdown(void)
4746 {
4747         int i;
4748         struct nfs4_client *clp = NULL;
4749         struct nfs4_delegation *dp = NULL;
4750         struct list_head *pos, *next, reaplist;
4751
4752         for (i = 0; i < CLIENT_HASH_SIZE; i++) {
4753                 while (!list_empty(&conf_id_hashtbl[i])) {
4754                         clp = list_entry(conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
4755                         expire_client(clp);
4756                 }
4757                 while (!list_empty(&unconf_str_hashtbl[i])) {
4758                         clp = list_entry(unconf_str_hashtbl[i].next, struct nfs4_client, cl_strhash);
4759                         expire_client(clp);
4760                 }
4761         }
4762         INIT_LIST_HEAD(&reaplist);
4763         spin_lock(&recall_lock);
4764         list_for_each_safe(pos, next, &del_recall_lru) {
4765                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4766                 list_move(&dp->dl_recall_lru, &reaplist);
4767         }
4768         spin_unlock(&recall_lock);
4769         list_for_each_safe(pos, next, &reaplist) {
4770                 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
4771                 unhash_delegation(dp);
4772         }
4773
4774         nfsd4_client_tracking_exit(&init_net);
4775         put_net(&init_net);
4776 }
4777
4778 void
4779 nfs4_state_shutdown(void)
4780 {
4781         cancel_delayed_work_sync(&laundromat_work);
4782         destroy_workqueue(laundry_wq);
4783         locks_end_grace(&nfsd4_manager);
4784         nfs4_lock_state();
4785         __nfs4_state_shutdown();
4786         nfs4_unlock_state();
4787         nfsd4_destroy_callback_queue();
4788 }
4789
4790 static void
4791 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
4792 {
4793         if (HAS_STATE_ID(cstate, CURRENT_STATE_ID_FLAG) && CURRENT_STATEID(stateid))
4794                 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t));
4795 }
4796
4797 static void
4798 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
4799 {
4800         if (cstate->minorversion) {
4801                 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t));
4802                 SET_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
4803         }
4804 }
4805
4806 void
4807 clear_current_stateid(struct nfsd4_compound_state *cstate)
4808 {
4809         CLEAR_STATE_ID(cstate, CURRENT_STATE_ID_FLAG);
4810 }
4811
4812 /*
4813  * functions to set current state id
4814  */
4815 void
4816 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
4817 {
4818         put_stateid(cstate, &odp->od_stateid);
4819 }
4820
4821 void
4822 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, struct nfsd4_open *open)
4823 {
4824         put_stateid(cstate, &open->op_stateid);
4825 }
4826
4827 void
4828 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
4829 {
4830         put_stateid(cstate, &close->cl_stateid);
4831 }
4832
4833 void
4834 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lock)
4835 {
4836         put_stateid(cstate, &lock->lk_resp_stateid);
4837 }
4838
4839 /*
4840  * functions to consume current state id
4841  */
4842
4843 void
4844 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
4845 {
4846         get_stateid(cstate, &odp->od_stateid);
4847 }
4848
4849 void
4850 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, struct nfsd4_delegreturn *drp)
4851 {
4852         get_stateid(cstate, &drp->dr_stateid);
4853 }
4854
4855 void
4856 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, struct nfsd4_free_stateid *fsp)
4857 {
4858         get_stateid(cstate, &fsp->fr_stateid);
4859 }
4860
4861 void
4862 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, struct nfsd4_setattr *setattr)
4863 {
4864         get_stateid(cstate, &setattr->sa_stateid);
4865 }
4866
4867 void
4868 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
4869 {
4870         get_stateid(cstate, &close->cl_stateid);
4871 }
4872
4873 void
4874 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, struct nfsd4_locku *locku)
4875 {
4876         get_stateid(cstate, &locku->lu_stateid);
4877 }
4878
4879 void
4880 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, struct nfsd4_read *read)
4881 {
4882         get_stateid(cstate, &read->rd_stateid);
4883 }
4884
4885 void
4886 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, struct nfsd4_write *write)
4887 {
4888         get_stateid(cstate, &write->wr_stateid);
4889 }