Merge branch 'for-3.11' of git://linux-nfs.org/~bfields/linux

	  If unsure, say N.

config NFSD_V4_SECURITY_LABEL

	bool "Provide Security Label support for NFSv4 server"

	depends on NFSD_V4 && SECURITY

	help

	Say Y here if you want enable fine-grained security label attribute

	support for NFS version 4.  Security labels allow security modules like

	SELinux and Smack to label files to facilitate enforcement of their policies.

	Without this an NFSv4 mount will have the same label on each file.

	If you do not wish to enable fine-grained security labels SELinux or

	Smack policies on NFSv4 files, say N.

	WARNING: there is still a chance of backwards-incompatible protocol changes.

	For now we recommend "Y" only for developers and testers."

config NFSD_FAULT_INJECTION

	bool "NFS server manual fault injection"

	depends on NFSD_V4 && DEBUG_KERNEL

#include "current_stateid.h"

#include "netns.h"

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL

#include <linux/security.h>

static inline void

nfsd4_security_inode_setsecctx(struct svc_fh *resfh, struct xdr_netobj *label, u32 *bmval)

{

	struct inode *inode = resfh->fh_dentry->d_inode;

	int status;

	mutex_lock(&inode->i_mutex);

	status = security_inode_setsecctx(resfh->fh_dentry,

		label->data, label->len);

	mutex_unlock(&inode->i_mutex);

	if (status)

		/*

		 * XXX: We should really fail the whole open, but we may

		 * already have created a new file, so it may be too

		 * late.  For now this seems the least of evils:

		 */

		bmval[2] &= ~FATTR4_WORD2_SECURITY_LABEL;

	return;

}

#else

static inline void

nfsd4_security_inode_setsecctx(struct svc_fh *resfh, struct xdr_netobj *label, u32 *bmval)

{ }

#endif

#define NFSDDBG_FACILITY		NFSDDBG_PROC

static u32 nfsd_attrmask[] = {

					(u32 *)open->op_verf.data,

					&open->op_truncate, &open->op_created);

		if (!status && open->op_label.len)

			nfsd4_security_inode_setsecctx(resfh, &open->op_label, open->op_bmval);

		/*

		 * Following rfc 3530 14.2.16, use the returned bitmask

		 * to indicate which attributes we used to store the

	nfsd4_set_open_owner_reply_cache(cstate, open, resfh);

	accmode = NFSD_MAY_NOP;

	if (open->op_created)

	if (open->op_created ||

			open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR)

		accmode |= NFSD_MAY_OWNER_OVERRIDE;

	status = do_open_permission(rqstp, resfh, open, accmode);

	set_change_info(&open->op_cinfo, current_fh);

	if (status)

		goto out;

	if (create->cr_label.len)

		nfsd4_security_inode_setsecctx(&resfh, &create->cr_label, create->cr_bmval);

	if (create->cr_acl != NULL)

		do_set_nfs4_acl(rqstp, &resfh, create->cr_acl,

				create->cr_bmval);

					    setattr->sa_acl);

	if (status)

		goto out;

	if (setattr->sa_label.len)

		status = nfsd4_set_nfs4_label(rqstp, &cstate->current_fh,

				&setattr->sa_label);

	if (status)

		goto out;

	status = nfsd_setattr(rqstp, &cstate->current_fh, &setattr->sa_iattr,

				0, (time_t)0);

out:

static void free_session(struct nfsd4_session *);

void nfsd4_put_session(struct nfsd4_session *ses)

static bool is_session_dead(struct nfsd4_session *ses)

{

	atomic_dec(&ses->se_ref);

	return ses->se_flags & NFS4_SESSION_DEAD;

}

static bool is_session_dead(struct nfsd4_session *ses)

void nfsd4_put_session(struct nfsd4_session *ses)

{

	return ses->se_flags & NFS4_SESSION_DEAD;

	if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))

		free_session(ses);

}

static __be32 mark_session_dead_locked(struct nfsd4_session *ses)

static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)

{

	if (atomic_read(&ses->se_ref))

	if (atomic_read(&ses->se_ref) > ref_held_by_me)

		return nfserr_jukebox;

	ses->se_flags |= NFS4_SESSION_DEAD;

	return nfs_ok;

}

static struct nfs4_delegation *

alloc_init_deleg(struct nfs4_client *clp, struct nfs4_ol_stateid *stp, struct svc_fh *current_fh, u32 type)

alloc_init_deleg(struct nfs4_client *clp, struct nfs4_ol_stateid *stp, struct svc_fh *current_fh)

{

	struct nfs4_delegation *dp;

	struct nfs4_file *fp = stp->st_file;

	dprintk("NFSD alloc_init_deleg\n");

	/*

	 * Major work on the lease subsystem (for example, to support

	 * calbacks on stat) will be required before we can support

	 * write delegations properly.

	 */

	if (type != NFS4_OPEN_DELEGATE_READ)

		return NULL;

	if (fp->fi_had_conflict)

		return NULL;

	if (num_delegations > max_delegations)

	INIT_LIST_HEAD(&dp->dl_recall_lru);

	get_nfs4_file(fp);

	dp->dl_file = fp;

	dp->dl_type = type;

	dp->dl_type = NFS4_OPEN_DELEGATE_READ;

	fh_copy_shallow(&dp->dl_fh, &current_fh->fh_handle);

	dp->dl_time = 0;

	atomic_set(&dp->dl_count, 1);

	target->cr_gid = source->cr_gid;

	target->cr_group_info = source->cr_group_info;

	get_group_info(target->cr_group_info);

	target->cr_gss_mech = source->cr_gss_mech;

	if (source->cr_gss_mech)

		gss_mech_get(source->cr_gss_mech);

	return 0;

}

	return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);

}

static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)

{

	struct svc_cred *cr = &rqstp->rq_cred;

	u32 service;

	service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);

	return service == RPC_GSS_SVC_INTEGRITY ||

	       service == RPC_GSS_SVC_PRIVACY;

}

static bool mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)

{

	struct svc_cred *cr = &rqstp->rq_cred;

	if (!cl->cl_mach_cred)

		return true;

	if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)

		return false;

	if (!svc_rqst_integrity_protected(rqstp))

		return false;

	if (!cr->cr_principal)

		return false;

	return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);

}

static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)

{

	static u32 current_clientid = 1;

	if (exid->flags & ~EXCHGID4_FLAG_MASK_A)

		return nfserr_inval;

	/* Currently only support SP4_NONE */

	switch (exid->spa_how) {

	case SP4_MACH_CRED:

		if (!svc_rqst_integrity_protected(rqstp))

			return nfserr_inval;

	case SP4_NONE:

		break;

	default:				/* checked by xdr code */

		WARN_ON_ONCE(1);

	case SP4_SSV:

		return nfserr_encr_alg_unsupp;

	case SP4_MACH_CRED:

		return nfserr_serverfault;	/* no excuse :-/ */

	}

	/* Cases below refer to rfc 5661 section 18.35.4: */

				status = nfserr_inval;

				goto out;

			}

			if (!mach_creds_match(conf, rqstp)) {

				status = nfserr_wrong_cred;

				goto out;

			}

			if (!creds_match) { /* case 9 */

				status = nfserr_perm;

				goto out;

		status = nfserr_jukebox;

		goto out;

	}

	new->cl_minorversion = 1;

	new->cl_minorversion = cstate->minorversion;

	new->cl_mach_cred = (exid->spa_how == SP4_MACH_CRED);

	gen_clid(new, nn);

	add_to_unconfirmed(new);

	return nfs_ok;

}

static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)

{

	switch (cbs->flavor) {

	case RPC_AUTH_NULL:

	case RPC_AUTH_UNIX:

		return nfs_ok;

	default:

		/*

		 * GSS case: the spec doesn't allow us to return this

		 * error.  But it also doesn't allow us not to support

		 * GSS.

		 * I'd rather this fail hard than return some error the

		 * client might think it can already handle:

		 */

		return nfserr_encr_alg_unsupp;

	}

}

__be32

nfsd4_create_session(struct svc_rqst *rqstp,

		     struct nfsd4_compound_state *cstate,

	if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)

		return nfserr_inval;

	status = nfsd4_check_cb_sec(&cr_ses->cb_sec);

	if (status)

		return status;

	status = check_forechannel_attrs(&cr_ses->fore_channel, nn);

	if (status)

		return status;

	WARN_ON_ONCE(conf && unconf);

	if (conf) {

		status = nfserr_wrong_cred;

		if (!mach_creds_match(conf, rqstp))

			goto out_free_conn;

		cs_slot = &conf->cl_cs_slot;

		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);

		if (status == nfserr_replay_cache) {

			status = nfserr_clid_inuse;

			goto out_free_conn;

		}

		status = nfserr_wrong_cred;

		if (!mach_creds_match(unconf, rqstp))

			goto out_free_conn;

		cs_slot = &unconf->cl_cs_slot;

		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);

		if (status) {

{

	struct nfsd4_session *session = cstate->session;

	struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

	__be32 status;

	status = nfsd4_check_cb_sec(&bc->bc_cb_sec);

	if (status)

		return status;

	spin_lock(&nn->client_lock);

	session->se_cb_prog = bc->bc_cb_program;

	session->se_cb_sec = bc->bc_cb_sec;

	status = nfserr_badsession;

	if (!session)

		goto out;

	status = nfserr_wrong_cred;

	if (!mach_creds_match(session->se_client, rqstp))

		goto out;

	status = nfsd4_map_bcts_dir(&bcts->dir);

	if (status)

		goto out;

{

	struct nfsd4_session *ses;

	__be32 status;

	int ref_held_by_me = 0;

	struct nfsd_net *nn = net_generic(SVC_NET(r), nfsd_net_id);

	nfs4_lock_state();

	if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {

		if (!nfsd4_last_compound_op(r))

			goto out;

		ref_held_by_me++;

	}

	dump_sessionid(__func__, &sessionid->sessionid);

	spin_lock(&nn->client_lock);

	status = nfserr_badsession;

	if (!ses)

		goto out_client_lock;

	status = mark_session_dead_locked(ses);

	if (status)

	status = nfserr_wrong_cred;

	if (!mach_creds_match(ses->se_client, r))

		goto out_client_lock;

	nfsd4_get_session_locked(ses);

	status = mark_session_dead_locked(ses, 1 + ref_held_by_me);

	if (status)

		goto out_put_session;

	unhash_session(ses);

	spin_unlock(&nn->client_lock);

	nfsd4_probe_callback_sync(ses->se_client);

	spin_lock(&nn->client_lock);

	free_session(ses);

	status = nfs_ok;

out_put_session:

	nfsd4_put_session(ses);

out_client_lock:

	spin_unlock(&nn->client_lock);

out:

	return NULL;

}

static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)

static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)

{

	struct nfs4_client *clp = ses->se_client;

	struct nfsd4_conn *c;

	__be32 status = nfs_ok;

	int ret;

	spin_lock(&clp->cl_lock);

	c = __nfsd4_find_conn(new->cn_xprt, ses);

	if (c) {

		spin_unlock(&clp->cl_lock);

		free_conn(new);

		return;

	}

	if (c)

		goto out_free;

	status = nfserr_conn_not_bound_to_session;

	if (clp->cl_mach_cred)

		goto out_free;

	__nfsd4_hash_conn(new, ses);

	spin_unlock(&clp->cl_lock);

	ret = nfsd4_register_conn(new);

	if (ret)

		/* oops; xprt is already down: */

		nfsd4_conn_lost(&new->cn_xpt_user);

	return;

	return nfs_ok;

out_free:

	spin_unlock(&clp->cl_lock);

	free_conn(new);

	return status;

}

static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)

	if (status)

		goto out_put_session;

	nfsd4_sequence_check_conn(conn, session);

	status = nfsd4_sequence_check_conn(conn, session);

	conn = NULL;

	if (status)

		goto out_put_session;

	/* Success! bump slot seqid */

	slot->sl_seqid = seq->seqid;

		status = nfserr_stale_clientid;

		goto out;

	}

	if (!mach_creds_match(clp, rqstp)) {

		status = nfserr_wrong_cred;

		goto out;

	}

	expire_client(clp);

out:

	nfs4_unlock_state();

	return fl;

}

static int nfs4_setlease(struct nfs4_delegation *dp, int flag)

static int nfs4_setlease(struct nfs4_delegation *dp)

{

	struct nfs4_file *fp = dp->dl_file;

	struct file_lock *fl;

	int status;

	fl = nfs4_alloc_init_lease(dp, flag);

	fl = nfs4_alloc_init_lease(dp, NFS4_OPEN_DELEGATE_READ);

	if (!fl)

		return -ENOMEM;

	fl->fl_file = find_readable_file(fp);

	return 0;

}

static int nfs4_set_delegation(struct nfs4_delegation *dp, int flag)

static int nfs4_set_delegation(struct nfs4_delegation *dp)

{

	struct nfs4_file *fp = dp->dl_file;

	if (!fp->fi_lease)

		return nfs4_setlease(dp, flag);

		return nfs4_setlease(dp);

	spin_lock(&recall_lock);

	if (fp->fi_had_conflict) {

		spin_unlock(&recall_lock);

/*

 * Attempt to hand out a delegation.

 *

 * Note we don't support write delegations, and won't until the vfs has

 * proper support for them.

 */

static void

nfs4_open_delegation(struct net *net, struct svc_fh *fh,

	struct nfs4_delegation *dp;

	struct nfs4_openowner *oo = container_of(stp->st_stateowner, struct nfs4_openowner, oo_owner);

	int cb_up;

	int status = 0, flag = 0;

	int status = 0;

	cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);

	flag = NFS4_OPEN_DELEGATE_NONE;

	open->op_recall = 0;

	switch (open->op_claim_type) {

		case NFS4_OPEN_CLAIM_PREVIOUS:

			if (!cb_up)

				open->op_recall = 1;

			flag = open->op_delegate_type;

			if (flag == NFS4_OPEN_DELEGATE_NONE)

				goto out;

			if (open->op_delegate_type != NFS4_OPEN_DELEGATE_READ)

				goto out_no_deleg;

			break;

		case NFS4_OPEN_CLAIM_NULL:

			/* Let's not give out any delegations till everyone's

			 * had the chance to reclaim theirs.... */

			/*

			 * Let's not give out any delegations till everyone's

			 * had the chance to reclaim theirs....

			 */

			if (locks_in_grace(net))

				goto out;

				goto out_no_deleg;

			if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))

				goto out;

				goto out_no_deleg;

			/*

			 * Also, if the file was opened for write or

			 * create, there's a good chance the client's

			 * about to write to it, resulting in an

			 * immediate recall (since we don't support

			 * write delegations):

			 */

			if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)

				flag = NFS4_OPEN_DELEGATE_WRITE;

			else

				flag = NFS4_OPEN_DELEGATE_READ;

				goto out_no_deleg;

			if (open->op_create == NFS4_OPEN_CREATE)

				goto out_no_deleg;

			break;

		default:

			goto out;

			goto out_no_deleg;

	}

	dp = alloc_init_deleg(oo->oo_owner.so_client, stp, fh, flag);

	dp = alloc_init_deleg(oo->oo_owner.so_client, stp, fh);

	if (dp == NULL)

		goto out_no_deleg;

	status = nfs4_set_delegation(dp, flag);

	status = nfs4_set_delegation(dp);

	if (status)

		goto out_free;

	dprintk("NFSD: delegation stateid=" STATEID_FMT "\n",

		STATEID_VAL(&dp->dl_stid.sc_stateid));

out:

	open->op_delegate_type = flag;

	if (flag == NFS4_OPEN_DELEGATE_NONE) {

	open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;

	return;

out_free:

	unhash_stid(&dp->dl_stid);

	nfs4_put_delegation(dp);

out_no_deleg:

	open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE;

	if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&

		    open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE)

	    open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) {

		dprintk("NFSD: WARNING: refusing delegation reclaim\n");

		open->op_recall = 1;

	}

	/* 4.1 client asking for a delegation? */

	if (open->op_deleg_want)

		nfsd4_open_deleg_none_ext(open, status);

	}

	return;

out_free:

	unhash_stid(&dp->dl_stid);

	nfs4_put_delegation(dp);

out_no_deleg:

	flag = NFS4_OPEN_DELEGATE_NONE;

	goto out;

}

static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,

/* Returns true iff a is later than b: */

static bool stateid_generation_after(stateid_t *a, stateid_t *b)

{

	return (s32)a->si_generation - (s32)b->si_generation > 0;

	return (s32)(a->si_generation - b->si_generation) > 0;

}

static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)

nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,

	    struct nfsd4_locku *locku)

{

	struct nfs4_lockowner *lo;

	struct nfs4_ol_stateid *stp;

	struct file *filp = NULL;

	struct file_lock *file_lock = NULL;

		status = nfserr_jukebox;

		goto out;

	}

	lo = lockowner(stp->st_stateowner);

	locks_init_lock(file_lock);

	file_lock->fl_type = F_UNLCK;

	file_lock->fl_owner = (fl_owner_t)lo;

	file_lock->fl_owner = (fl_owner_t)lockowner(stp->st_stateowner);

	file_lock->fl_pid = current->tgid;

	file_lock->fl_file = filp;

	file_lock->fl_flags = FL_POSIX;

	update_stateid(&stp->st_stid.sc_stateid);

	memcpy(&locku->lu_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));

	if (nfsd4_has_session(cstate) && !check_for_locks(stp->st_file, lo)) {

		WARN_ON_ONCE(cstate->replay_owner);

		release_lockowner(lo);

	}

out:

	nfsd4_bump_seqid(cstate, status);

	if (!cstate->replay_owner)

#include "cache.h"

#include "netns.h"

#ifdef CONFIG_NFSD_V4_SECURITY_LABEL

#include <linux/security.h>

#endif

#define NFSDDBG_FACILITY		NFSDDBG_XDR

/*

	}					\

} while (0)

static void next_decode_page(struct nfsd4_compoundargs *argp)

{

	argp->pagelist++;

	argp->p = page_address(argp->pagelist[0]);

	if (argp->pagelen < PAGE_SIZE) {