kernel_5.10 no rt

hc

2023-12-11 6778948f9de86c3cfaf36725a7c87dcff9ba247f

 kernel/fs/nfsd/nfs4xdr.c
..
..
@@ -40,6 +40,9 @@
40
40
 #include <linux/utsname.h>
41
41
 #include <linux/pagemap.h>
42
42
 #include <linux/sunrpc/svcauth_gss.h>
43
+#include <linux/sunrpc/addr.h>
44
+#include <linux/xattr.h>
45
+#include <uapi/linux/xattr.h>
43
46
 
44
47
 #include "idmap.h"
45
48
 #include "acl.h"
..
..
@@ -49,6 +52,7 @@
49
52
 #include "cache.h"
50
53
 #include "netns.h"
51
54
 #include "pnfs.h"
55
+#include "filecache.h"
52
56
 
53
57
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
54
58
 #include <linux/security.h>
..
..
@@ -203,6 +207,13 @@
203
207
 	return p;
204
208
 }
205
209
 
210
+static unsigned int compoundargs_bytes_left(struct nfsd4_compoundargs *argp)
211
+{
212
+	unsigned int this = (char *)argp->end - (char *)argp->p;
213
+
214
+	return this + argp->pagelen;
215
+}
216
+
206
217
 static int zero_clientid(clientid_t *clid)
207
218
 {
208
219
 	return (clid->cl_boot == 0) && (clid->cl_id == 0);
..
..
@@ -211,10 +222,10 @@
211
222
 /**
212
223
  * svcxdr_tmpalloc - allocate memory to be freed after compound processing
213
224
  * @argp: NFSv4 compound argument structure
214
- * @p: pointer to be freed (with kfree())
225
+ * @len: length of buffer to allocate
215
226
  *
216
- * Marks @p to be freed when processing the compound operation
217
- * described in @argp finishes.
227
+ * Allocates a buffer of size @len to be freed when processing the compound
228
+ * operation described in @argp finishes.
218
229
  */
219
230
 static void *
220
231
 svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
..
..
@@ -248,6 +259,44 @@
248
259
 	return p;
249
260
 }
250
261
 
262
+static __be32
263
+svcxdr_construct_vector(struct nfsd4_compoundargs *argp, struct kvec *head,
264
+			struct page ***pagelist, u32 buflen)
265
+{
266
+	int avail;
267
+	int len;
268
+	int pages;
269
+
270
+	/* Sorry .. no magic macros for this.. *
271
+	 * READ_BUF(write->wr_buflen);
272
+	 * SAVEMEM(write->wr_buf, write->wr_buflen);
273
+	 */
274
+	avail = (char *)argp->end - (char *)argp->p;
275
+	if (avail + argp->pagelen < buflen) {
276
+		dprintk("NFSD: xdr error (%s:%d)\n",
277
+			       __FILE__, __LINE__);
278
+		return nfserr_bad_xdr;
279
+	}
280
+	head->iov_base = argp->p;
281
+	head->iov_len = avail;
282
+	*pagelist = argp->pagelist;
283
+
284
+	len = XDR_QUADLEN(buflen) << 2;
285
+	if (len >= avail) {
286
+		len -= avail;
287
+
288
+		pages = len >> PAGE_SHIFT;
289
+		argp->pagelist += pages;
290
+		argp->pagelen -= pages * PAGE_SIZE;
291
+		len -= pages * PAGE_SIZE;
292
+
293
+		next_decode_page(argp);
294
+	}
295
+	argp->p += XDR_QUADLEN(len);
296
+
297
+	return 0;
298
+}
299
+
251
300
 /**
252
301
  * savemem - duplicate a chunk of memory for later processing
253
302
  * @argp: NFSv4 compound argument structure to be freed with
..
..
@@ -269,19 +318,13 @@
269
318
 	return ret;
270
319
 }
271
320
 
272
-/*
273
- * We require the high 32 bits of 'seconds' to be 0, and
274
- * we ignore all 32 bits of 'nseconds'.
275
- */
276
321
 static __be32
277
-nfsd4_decode_time(struct nfsd4_compoundargs *argp, struct timespec *tv)
322
+nfsd4_decode_time(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
278
323
 {
279
324
 	DECODE_HEAD;
280
-	u64 sec;
281
325
 
282
326
 	READ_BUF(12);
283
-	p = xdr_decode_hyper(p, &sec);
284
-	tv->tv_sec = sec;
327
+	p = xdr_decode_hyper(p, &tv->tv_sec);
285
328
 	tv->tv_nsec = be32_to_cpup(p++);
286
329
 	if (tv->tv_nsec >= (u32)1000000000)
287
330
 		return nfserr_inval;
..
..
@@ -320,7 +363,6 @@
320
363
 		   struct iattr *iattr, struct nfs4_acl **acl,
321
364
 		   struct xdr_netobj *label, int *umask)
322
365
 {
323
-	struct timespec ts;
324
366
 	int expected_len, len = 0;
325
367
 	u32 dummy32;
326
368
 	char *buf;
..
..
@@ -354,7 +396,12 @@
354
396
 		READ_BUF(4); len += 4;
355
397
 		nace = be32_to_cpup(p++);
356
398
 
357
-		if (nace > NFS4_ACL_MAX)
399
+		if (nace > compoundargs_bytes_left(argp)/20)
400
+			/*
401
+			 * Even with 4-byte names there wouldn't be
402
+			 * space for that many aces; something fishy is
403
+			 * going on:
404
+			 */
358
405
 			return nfserr_fbig;
359
406
 
360
407
 		*acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(nace));
..
..
@@ -422,8 +469,7 @@
422
469
 		switch (dummy32) {
423
470
 		case NFS4_SET_TO_CLIENT_TIME:
424
471
 			len += 12;
425
-			status = nfsd4_decode_time(argp, &ts);
426
-			iattr->ia_atime = timespec_to_timespec64(ts);
472
+			status = nfsd4_decode_time(argp, &iattr->ia_atime);
427
473
 			if (status)
428
474
 				return status;
429
475
 			iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
..
..
@@ -442,8 +488,7 @@
442
488
 		switch (dummy32) {
443
489
 		case NFS4_SET_TO_CLIENT_TIME:
444
490
 			len += 12;
445
-			status = nfsd4_decode_time(argp, &ts);
446
-			iattr->ia_mtime = timespec_to_timespec64(ts);
491
+			status = nfsd4_decode_time(argp, &iattr->ia_mtime);
447
492
 			if (status)
448
493
 				return status;
449
494
 			iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
..
..
@@ -521,6 +566,7 @@
521
566
 static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
522
567
 {
523
568
 	DECODE_HEAD;
569
+	struct user_namespace *userns = nfsd_user_namespace(argp->rqstp);
524
570
 	u32 dummy, uid, gid;
525
571
 	char *machine_name;
526
572
 	int i;
..
..
@@ -563,8 +609,8 @@
563
609
 			dummy = be32_to_cpup(p++);
564
610
 			READ_BUF(dummy * 4);
565
611
 			if (cbs->flavor == (u32)(-1)) {
566
-				kuid_t kuid = make_kuid(&init_user_ns, uid);
567
-				kgid_t kgid = make_kgid(&init_user_ns, gid);
612
+				kuid_t kuid = make_kuid(userns, uid);
613
+				kgid_t kgid = make_kgid(userns, gid);
568
614
 				if (uid_valid(kuid) && gid_valid(kgid)) {
569
615
 					cbs->uid = kuid;
570
616
 					cbs->gid = kgid;
..
..
@@ -1259,8 +1305,6 @@
1259
1305
 static __be32
1260
1306
 nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1261
1307
 {
1262
-	int avail;
1263
-	int len;
1264
1308
 	DECODE_HEAD;
1265
1309
 
1266
1310
 	status = nfsd4_decode_stateid(argp, &write->wr_stateid);
..
..
@@ -1273,34 +1317,10 @@
1273
1317
 		goto xdr_error;
1274
1318
 	write->wr_buflen = be32_to_cpup(p++);
1275
1319
 
1276
-	/* Sorry .. no magic macros for this.. *
1277
-	 * READ_BUF(write->wr_buflen);
1278
-	 * SAVEMEM(write->wr_buf, write->wr_buflen);
1279
-	 */
1280
-	avail = (char*)argp->end - (char*)argp->p;
1281
-	if (avail + argp->pagelen < write->wr_buflen) {
1282
-		dprintk("NFSD: xdr error (%s:%d)\n",
1283
-				__FILE__, __LINE__);
1284
-		goto xdr_error;
1285
-	}
1286
-	write->wr_head.iov_base = p;
1287
-	write->wr_head.iov_len = avail;
1288
-	write->wr_pagelist = argp->pagelist;
1289
-
1290
-	len = XDR_QUADLEN(write->wr_buflen) << 2;
1291
-	if (len >= avail) {
1292
-		int pages;
1293
-
1294
-		len -= avail;
1295
-
1296
-		pages = len >> PAGE_SHIFT;
1297
-		argp->pagelist += pages;
1298
-		argp->pagelen -= pages * PAGE_SIZE;
1299
-		len -= pages * PAGE_SIZE;
1300
-
1301
-		next_decode_page(argp);
1302
-	}
1303
-	argp->p += XDR_QUADLEN(len);
1320
+	status = svcxdr_construct_vector(argp, &write->wr_head,
1321
+					 &write->wr_pagelist, write->wr_buflen);
1322
+	if (status)
1323
+		return status;
1304
1324
 
1305
1325
 	DECODE_TAIL;
1306
1326
 }
..
..
@@ -1397,7 +1417,6 @@
1397
1417
 		goto xdr_error;
1398
1418
 	}
1399
1419
 
1400
-	/* Ignore Implementation ID */
1401
1420
 	READ_BUF(4);    /* nfs_impl_id4 array length */
1402
1421
 	dummy = be32_to_cpup(p++);
1403
1422
 
..
..
@@ -1405,21 +1424,19 @@
1405
1424
 		goto xdr_error;
1406
1425
 
1407
1426
 	if (dummy == 1) {
1408
-		/* nii_domain */
1409
-		READ_BUF(4);
1410
-		dummy = be32_to_cpup(p++);
1411
-		READ_BUF(dummy);
1412
-		p += XDR_QUADLEN(dummy);
1427
+		status = nfsd4_decode_opaque(argp, &exid->nii_domain);
1428
+		if (status)
1429
+			goto xdr_error;
1413
1430
 
1414
1431
 		/* nii_name */
1415
-		READ_BUF(4);
1416
-		dummy = be32_to_cpup(p++);
1417
-		READ_BUF(dummy);
1418
-		p += XDR_QUADLEN(dummy);
1432
+		status = nfsd4_decode_opaque(argp, &exid->nii_name);
1433
+		if (status)
1434
+			goto xdr_error;
1419
1435
 
1420
1436
 		/* nii_date */
1421
-		READ_BUF(12);
1422
-		p += 3;
1437
+		status = nfsd4_decode_time(argp, &exid->nii_time);
1438
+		if (status)
1439
+			goto xdr_error;
1423
1440
 	}
1424
1441
 	DECODE_TAIL;
1425
1442
 }
..
..
@@ -1429,7 +1446,6 @@
1429
1446
 			    struct nfsd4_create_session *sess)
1430
1447
 {
1431
1448
 	DECODE_HEAD;
1432
-	u32 dummy;
1433
1449
 
1434
1450
 	READ_BUF(16);
1435
1451
 	COPYMEM(&sess->clientid, 8);
..
..
@@ -1438,7 +1454,7 @@
1438
1454
 
1439
1455
 	/* Fore channel attrs */
1440
1456
 	READ_BUF(28);
1441
-	dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1457
+	p++; /* headerpadsz is always 0 */
1442
1458
 	sess->fore_channel.maxreq_sz = be32_to_cpup(p++);
1443
1459
 	sess->fore_channel.maxresp_sz = be32_to_cpup(p++);
1444
1460
 	sess->fore_channel.maxresp_cached = be32_to_cpup(p++);
..
..
@@ -1455,7 +1471,7 @@
1455
1471
 
1456
1472
 	/* Back channel attrs */
1457
1473
 	READ_BUF(28);
1458
-	dummy = be32_to_cpup(p++); /* headerpadsz is always 0 */
1474
+	p++; /* headerpadsz is always 0 */
1459
1475
 	sess->back_channel.maxreq_sz = be32_to_cpup(p++);
1460
1476
 	sess->back_channel.maxresp_sz = be32_to_cpup(p++);
1461
1477
 	sess->back_channel.maxresp_cached = be32_to_cpup(p++);
..
..
@@ -1743,11 +1759,47 @@
1743
1759
 	DECODE_TAIL;
1744
1760
 }
1745
1761
 
1762
+static __be32 nfsd4_decode_nl4_server(struct nfsd4_compoundargs *argp,
1763
+				      struct nl4_server *ns)
1764
+{
1765
+	DECODE_HEAD;
1766
+	struct nfs42_netaddr *naddr;
1767
+
1768
+	READ_BUF(4);
1769
+	ns->nl4_type = be32_to_cpup(p++);
1770
+
1771
+	/* currently support for 1 inter-server source server */
1772
+	switch (ns->nl4_type) {
1773
+	case NL4_NETADDR:
1774
+		naddr = &ns->u.nl4_addr;
1775
+
1776
+		READ_BUF(4);
1777
+		naddr->netid_len = be32_to_cpup(p++);
1778
+		if (naddr->netid_len > RPCBIND_MAXNETIDLEN)
1779
+			goto xdr_error;
1780
+
1781
+		READ_BUF(naddr->netid_len + 4); /* 4 for uaddr len */
1782
+		COPYMEM(naddr->netid, naddr->netid_len);
1783
+
1784
+		naddr->addr_len = be32_to_cpup(p++);
1785
+		if (naddr->addr_len > RPCBIND_MAXUADDRLEN)
1786
+			goto xdr_error;
1787
+
1788
+		READ_BUF(naddr->addr_len);
1789
+		COPYMEM(naddr->addr, naddr->addr_len);
1790
+		break;
1791
+	default:
1792
+		goto xdr_error;
1793
+	}
1794
+	DECODE_TAIL;
1795
+}
1796
+
1746
1797
 static __be32
1747
1798
 nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
1748
1799
 {
1749
1800
 	DECODE_HEAD;
1750
-	unsigned int tmp;
1801
+	struct nl4_server *ns_dummy;
1802
+	int i, count;
1751
1803
 
1752
1804
 	status = nfsd4_decode_stateid(argp, &copy->cp_src_stateid);
1753
1805
 	if (status)
..
..
@@ -1762,9 +1814,53 @@
1762
1814
 	p = xdr_decode_hyper(p, &copy->cp_count);
1763
1815
 	p++; /* ca_consecutive: we always do consecutive copies */
1764
1816
 	copy->cp_synchronous = be32_to_cpup(p++);
1765
-	tmp = be32_to_cpup(p); /* Source server list not supported */
1817
+
1818
+	count = be32_to_cpup(p++);
1819
+
1820
+	copy->cp_intra = false;
1821
+	if (count == 0) { /* intra-server copy */
1822
+		copy->cp_intra = true;
1823
+		goto intra;
1824
+	}
1825
+
1826
+	/* decode all the supplied server addresses but use first */
1827
+	status = nfsd4_decode_nl4_server(argp, &copy->cp_src);
1828
+	if (status)
1829
+		return status;
1830
+
1831
+	ns_dummy = kmalloc(sizeof(struct nl4_server), GFP_KERNEL);
1832
+	if (ns_dummy == NULL)
1833
+		return nfserrno(-ENOMEM);
1834
+	for (i = 0; i < count - 1; i++) {
1835
+		status = nfsd4_decode_nl4_server(argp, ns_dummy);
1836
+		if (status) {
1837
+			kfree(ns_dummy);
1838
+			return status;
1839
+		}
1840
+	}
1841
+	kfree(ns_dummy);
1842
+intra:
1766
1843
 
1767
1844
 	DECODE_TAIL;
1845
+}
1846
+
1847
+static __be32
1848
+nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp,
1849
+			    struct nfsd4_offload_status *os)
1850
+{
1851
+	return nfsd4_decode_stateid(argp, &os->stateid);
1852
+}
1853
+
1854
+static __be32
1855
+nfsd4_decode_copy_notify(struct nfsd4_compoundargs *argp,
1856
+			 struct nfsd4_copy_notify *cn)
1857
+{
1858
+	__be32 status;
1859
+
1860
+	status = nfsd4_decode_stateid(argp, &cn->cpn_src_stateid);
1861
+	if (status)
1862
+		return status;
1863
+	return nfsd4_decode_nl4_server(argp, &cn->cpn_dst);
1768
1864
 }
1769
1865
 
1770
1866
 static __be32
..
..
@@ -1781,6 +1877,208 @@
1781
1877
 	seek->seek_whence = be32_to_cpup(p);
1782
1878
 
1783
1879
 	DECODE_TAIL;
1880
+}
1881
+
1882
+/*
1883
+ * XDR data that is more than PAGE_SIZE in size is normally part of a
1884
+ * read or write. However, the size of extended attributes is limited
1885
+ * by the maximum request size, and then further limited by the underlying
1886
+ * filesystem limits. This can exceed PAGE_SIZE (currently, XATTR_SIZE_MAX
1887
+ * is 64k). Since there is no kvec- or page-based interface to xattrs,
1888
+ * and we're not dealing with contiguous pages, we need to do some copying.
1889
+ */
1890
+
1891
+/*
1892
+ * Decode data into buffer. Uses head and pages constructed by
1893
+ * svcxdr_construct_vector.
1894
+ */
1895
+static __be32
1896
+nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct kvec *head,
1897
+		       struct page **pages, char **bufp, u32 buflen)
1898
+{
1899
+	char *tmp, *dp;
1900
+	u32 len;
1901
+
1902
+	if (buflen <= head->iov_len) {
1903
+		/*
1904
+		 * We're in luck, the head has enough space. Just return
1905
+		 * the head, no need for copying.
1906
+		 */
1907
+		*bufp = head->iov_base;
1908
+		return 0;
1909
+	}
1910
+
1911
+	tmp = svcxdr_tmpalloc(argp, buflen);
1912
+	if (tmp == NULL)
1913
+		return nfserr_jukebox;
1914
+
1915
+	dp = tmp;
1916
+	memcpy(dp, head->iov_base, head->iov_len);
1917
+	buflen -= head->iov_len;
1918
+	dp += head->iov_len;
1919
+
1920
+	while (buflen > 0) {
1921
+		len = min_t(u32, buflen, PAGE_SIZE);
1922
+		memcpy(dp, page_address(*pages), len);
1923
+
1924
+		buflen -= len;
1925
+		dp += len;
1926
+		pages++;
1927
+	}
1928
+
1929
+	*bufp = tmp;
1930
+	return 0;
1931
+}
1932
+
1933
+/*
1934
+ * Get a user extended attribute name from the XDR buffer.
1935
+ * It will not have the "user." prefix, so prepend it.
1936
+ * Lastly, check for nul characters in the name.
1937
+ */
1938
+static __be32
1939
+nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
1940
+{
1941
+	DECODE_HEAD;
1942
+	char *name, *sp, *dp;
1943
+	u32 namelen, cnt;
1944
+
1945
+	READ_BUF(4);
1946
+	namelen = be32_to_cpup(p++);
1947
+
1948
+	if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN))
1949
+		return nfserr_nametoolong;
1950
+
1951
+	if (namelen == 0)
1952
+		goto xdr_error;
1953
+
1954
+	READ_BUF(namelen);
1955
+
1956
+	name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1);
1957
+	if (!name)
1958
+		return nfserr_jukebox;
1959
+
1960
+	memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
1961
+
1962
+	/*
1963
+	 * Copy the extended attribute name over while checking for 0
1964
+	 * characters.
1965
+	 */
1966
+	sp = (char *)p;
1967
+	dp = name + XATTR_USER_PREFIX_LEN;
1968
+	cnt = namelen;
1969
+
1970
+	while (cnt-- > 0) {
1971
+		if (*sp == '\0')
1972
+			goto xdr_error;
1973
+		*dp++ = *sp++;
1974
+	}
1975
+	*dp = '\0';
1976
+
1977
+	*namep = name;
1978
+
1979
+	DECODE_TAIL;
1980
+}
1981
+
1982
+/*
1983
+ * A GETXATTR op request comes without a length specifier. We just set the
1984
+ * maximum length for the reply based on XATTR_SIZE_MAX and the maximum
1985
+ * channel reply size. nfsd_getxattr will probe the length of the xattr,
1986
+ * check it against getxa_len, and allocate + return the value.
1987
+ */
1988
+static __be32
1989
+nfsd4_decode_getxattr(struct nfsd4_compoundargs *argp,
1990
+		      struct nfsd4_getxattr *getxattr)
1991
+{
1992
+	__be32 status;
1993
+	u32 maxcount;
1994
+
1995
+	status = nfsd4_decode_xattr_name(argp, &getxattr->getxa_name);
1996
+	if (status)
1997
+		return status;
1998
+
1999
+	maxcount = svc_max_payload(argp->rqstp);
2000
+	maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2001
+
2002
+	getxattr->getxa_len = maxcount;
2003
+
2004
+	return status;
2005
+}
2006
+
2007
+static __be32
2008
+nfsd4_decode_setxattr(struct nfsd4_compoundargs *argp,
2009
+		      struct nfsd4_setxattr *setxattr)
2010
+{
2011
+	DECODE_HEAD;
2012
+	u32 flags, maxcount, size;
2013
+	struct kvec head;
2014
+	struct page **pagelist;
2015
+
2016
+	READ_BUF(4);
2017
+	flags = be32_to_cpup(p++);
2018
+
2019
+	if (flags > SETXATTR4_REPLACE)
2020
+		return nfserr_inval;
2021
+	setxattr->setxa_flags = flags;
2022
+
2023
+	status = nfsd4_decode_xattr_name(argp, &setxattr->setxa_name);
2024
+	if (status)
2025
+		return status;
2026
+
2027
+	maxcount = svc_max_payload(argp->rqstp);
2028
+	maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2029
+
2030
+	READ_BUF(4);
2031
+	size = be32_to_cpup(p++);
2032
+	if (size > maxcount)
2033
+		return nfserr_xattr2big;
2034
+
2035
+	setxattr->setxa_len = size;
2036
+	if (size > 0) {
2037
+		status = svcxdr_construct_vector(argp, &head, &pagelist, size);
2038
+		if (status)
2039
+			return status;
2040
+
2041
+		status = nfsd4_vbuf_from_vector(argp, &head, pagelist,
2042
+		    &setxattr->setxa_buf, size);
2043
+	}
2044
+
2045
+	DECODE_TAIL;
2046
+}
2047
+
2048
+static __be32
2049
+nfsd4_decode_listxattrs(struct nfsd4_compoundargs *argp,
2050
+			struct nfsd4_listxattrs *listxattrs)
2051
+{
2052
+	DECODE_HEAD;
2053
+	u32 maxcount;
2054
+
2055
+	READ_BUF(12);
2056
+	p = xdr_decode_hyper(p, &listxattrs->lsxa_cookie);
2057
+
2058
+	/*
2059
+	 * If the cookie  is too large to have even one user.x attribute
2060
+	 * plus trailing '\0' left in a maximum size buffer, it's invalid.
2061
+	 */
2062
+	if (listxattrs->lsxa_cookie >=
2063
+	    (XATTR_LIST_MAX / (XATTR_USER_PREFIX_LEN + 2)))
2064
+		return nfserr_badcookie;
2065
+
2066
+	maxcount = be32_to_cpup(p++);
2067
+	if (maxcount < 8)
2068
+		/* Always need at least 2 words (length and one character) */
2069
+		return nfserr_inval;
2070
+
2071
+	maxcount = min(maxcount, svc_max_payload(argp->rqstp));
2072
+	listxattrs->lsxa_maxcount = maxcount;
2073
+
2074
+	DECODE_TAIL;
2075
+}
2076
+
2077
+static __be32
2078
+nfsd4_decode_removexattr(struct nfsd4_compoundargs *argp,
2079
+			 struct nfsd4_removexattr *removexattr)
2080
+{
2081
+	return nfsd4_decode_xattr_name(argp, &removexattr->rmxa_name);
1784
2082
 }
1785
2083
 
1786
2084
 static __be32
..
..
@@ -1868,17 +2166,22 @@
1868
2166
 	/* new operations for NFSv4.2 */
1869
2167
 	[OP_ALLOCATE]		= (nfsd4_dec)nfsd4_decode_fallocate,
1870
2168
 	[OP_COPY]		= (nfsd4_dec)nfsd4_decode_copy,
1871
-	[OP_COPY_NOTIFY]	= (nfsd4_dec)nfsd4_decode_notsupp,
2169
+	[OP_COPY_NOTIFY]	= (nfsd4_dec)nfsd4_decode_copy_notify,
1872
2170
 	[OP_DEALLOCATE]		= (nfsd4_dec)nfsd4_decode_fallocate,
1873
2171
 	[OP_IO_ADVISE]		= (nfsd4_dec)nfsd4_decode_notsupp,
1874
2172
 	[OP_LAYOUTERROR]	= (nfsd4_dec)nfsd4_decode_notsupp,
1875
2173
 	[OP_LAYOUTSTATS]	= (nfsd4_dec)nfsd4_decode_notsupp,
1876
-	[OP_OFFLOAD_CANCEL]	= (nfsd4_dec)nfsd4_decode_notsupp,
1877
-	[OP_OFFLOAD_STATUS]	= (nfsd4_dec)nfsd4_decode_notsupp,
1878
-	[OP_READ_PLUS]		= (nfsd4_dec)nfsd4_decode_notsupp,
2174
+	[OP_OFFLOAD_CANCEL]	= (nfsd4_dec)nfsd4_decode_offload_status,
2175
+	[OP_OFFLOAD_STATUS]	= (nfsd4_dec)nfsd4_decode_offload_status,
2176
+	[OP_READ_PLUS]		= (nfsd4_dec)nfsd4_decode_read,
1879
2177
 	[OP_SEEK]		= (nfsd4_dec)nfsd4_decode_seek,
1880
2178
 	[OP_WRITE_SAME]		= (nfsd4_dec)nfsd4_decode_notsupp,
1881
2179
 	[OP_CLONE]		= (nfsd4_dec)nfsd4_decode_clone,
2180
+	/* RFC 8276 extended atributes operations */
2181
+	[OP_GETXATTR]		= (nfsd4_dec)nfsd4_decode_getxattr,
2182
+	[OP_SETXATTR]		= (nfsd4_dec)nfsd4_decode_setxattr,
2183
+	[OP_LISTXATTRS]		= (nfsd4_dec)nfsd4_decode_listxattrs,
2184
+	[OP_REMOVEXATTR]	= (nfsd4_dec)nfsd4_decode_removexattr,
1882
2185
 };
1883
2186
 
1884
2187
 static inline bool
..
..
@@ -1958,7 +2261,7 @@
1958
2261
 		 */
1959
2262
 		cachethis |= nfsd4_cache_this_op(op);
1960
2263
 
1961
-		if (op->opnum == OP_READ) {
2264
+		if (op->opnum == OP_READ || op->opnum == OP_READ_PLUS) {
1962
2265
 			readcount++;
1963
2266
 			readbytes += nfsd4_max_reply(argp->rqstp, op);
1964
2267
 		} else
..
..
@@ -2017,11 +2320,11 @@
2017
2320
  */
2018
2321
 static __be32 *encode_time_delta(__be32 *p, struct inode *inode)
2019
2322
 {
2020
-	struct timespec ts;
2323
+	struct timespec64 ts;
2021
2324
 	u32 ns;
2022
2325
 
2023
2326
 	ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran);
2024
-	ts = ns_to_timespec(ns);
2327
+	ts = ns_to_timespec64(ns);
2025
2328
 
2026
2329
 	p = xdr_encode_hyper(p, ts.tv_sec);
2027
2330
 	*p++ = cpu_to_be32(ts.tv_nsec);
..
..
@@ -2910,6 +3213,15 @@
2910
3213
 	}
2911
3214
 #endif
2912
3215
 
3216
+	if (bmval2 & FATTR4_WORD2_XATTR_SUPPORT) {
3217
+		p = xdr_reserve_space(xdr, 4);
3218
+		if (!p)
3219
+			goto out_resource;
3220
+		err = xattr_supported_namespace(d_inode(dentry),
3221
+						XATTR_USER_PREFIX);
3222
+		*p++ = cpu_to_be32(err == 0);
3223
+	}
3224
+
2913
3225
 	attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
2914
3226
 	write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
2915
3227
 	status = nfs_ok;
..
..
@@ -2984,18 +3296,9 @@
2984
3296
 	__be32 nfserr;
2985
3297
 	int ignore_crossmnt = 0;
2986
3298
 
2987
-	dentry = lookup_one_len_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
3299
+	dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
2988
3300
 	if (IS_ERR(dentry))
2989
3301
 		return nfserrno(PTR_ERR(dentry));
2990
-	if (d_really_is_negative(dentry)) {
2991
-		/*
2992
-		 * we're not holding the i_mutex here, so there's
2993
-		 * a window where this directory entry could have gone
2994
-		 * away.
2995
-		 */
2996
-		dput(dentry);
2997
-		return nfserr_noent;
2998
-	}
2999
3302
 
3000
3303
 	exp_get(exp);
3001
3304
 	/*
..
..
@@ -3224,9 +3527,8 @@
3224
3527
 	if (!p)
3225
3528
 		return nfserr_resource;
3226
3529
 	encode_cinfo(p, &create->cr_cinfo);
3227
-	nfserr = nfsd4_encode_bitmap(xdr, create->cr_bmval[0],
3530
+	return nfsd4_encode_bitmap(xdr, create->cr_bmval[0],
3228
3531
 			create->cr_bmval[1], create->cr_bmval[2]);
3229
-	return 0;
3230
3532
 }
3231
3533
 
3232
3534
 static __be32
..
..
@@ -3458,7 +3760,6 @@
3458
3760
 	struct xdr_stream *xdr = &resp->xdr;
3459
3761
 	struct xdr_buf *buf = xdr->buf;
3460
3762
 	u32 eof;
3461
-	long len;
3462
3763
 	int space_left;
3463
3764
 	__be32 nfserr;
3464
3765
 	__be32 *p = xdr->p - 2;
..
..
@@ -3467,9 +3768,8 @@
3467
3768
 	if (xdr->end - xdr->p < 1)
3468
3769
 		return nfserr_resource;
3469
3770
 
3470
-	len = maxcount;
3471
3771
 	nfserr = nfsd_splice_read(read->rd_rqstp, read->rd_fhp,
3472
-				  file, read->rd_offset, &maxcount);
3772
+				  file, read->rd_offset, &maxcount, &eof);
3473
3773
 	read->rd_length = maxcount;
3474
3774
 	if (nfserr) {
3475
3775
 		/*
..
..
@@ -3480,9 +3780,6 @@
3480
3780
 		buf->page_len = 0;
3481
3781
 		return nfserr;
3482
3782
 	}
3483
-
3484
-	eof = nfsd_eof_on_read(len, maxcount, read->rd_offset,
3485
-				d_inode(read->rd_fhp->fh_dentry)->i_size);
3486
3783
 
3487
3784
 	*(p++) = htonl(eof);
3488
3785
 	*(p++) = htonl(maxcount);
..
..
@@ -3520,57 +3817,34 @@
3520
3817
 {
3521
3818
 	struct xdr_stream *xdr = &resp->xdr;
3522
3819
 	u32 eof;
3523
-	int v;
3524
3820
 	int starting_len = xdr->buf->len - 8;
3525
-	long len;
3526
-	int thislen;
3527
3821
 	__be32 nfserr;
3528
3822
 	__be32 tmp;
3529
-	__be32 *p;
3530
-	u32 zzz = 0;
3531
3823
 	int pad;
3532
3824
 
3533
-	len = maxcount;
3534
-	v = 0;
3825
+	read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, maxcount);
3826
+	if (read->rd_vlen < 0)
3827
+		return nfserr_resource;
3535
3828
 
3536
-	thislen = min_t(long, len, ((void *)xdr->end - (void *)xdr->p));
3537
-	p = xdr_reserve_space(xdr, (thislen+3)&~3);
3538
-	WARN_ON_ONCE(!p);
3539
-	resp->rqstp->rq_vec[v].iov_base = p;
3540
-	resp->rqstp->rq_vec[v].iov_len = thislen;
3541
-	v++;
3542
-	len -= thislen;
3543
-
3544
-	while (len) {
3545
-		thislen = min_t(long, len, PAGE_SIZE);
3546
-		p = xdr_reserve_space(xdr, (thislen+3)&~3);
3547
-		WARN_ON_ONCE(!p);
3548
-		resp->rqstp->rq_vec[v].iov_base = p;
3549
-		resp->rqstp->rq_vec[v].iov_len = thislen;
3550
-		v++;
3551
-		len -= thislen;
3552
-	}
3553
-	read->rd_vlen = v;
3554
-
3555
-	len = maxcount;
3556
3829
 	nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
3557
-			    resp->rqstp->rq_vec, read->rd_vlen, &maxcount);
3830
+			    resp->rqstp->rq_vec, read->rd_vlen, &maxcount,
3831
+			    &eof);
3558
3832
 	read->rd_length = maxcount;
3559
3833
 	if (nfserr)
3560
3834
 		return nfserr;
3561
-	xdr_truncate_encode(xdr, starting_len + 8 + ((maxcount+3)&~3));
3562
-
3563
-	eof = nfsd_eof_on_read(len, maxcount, read->rd_offset,
3564
-				d_inode(read->rd_fhp->fh_dentry)->i_size);
3835
+	if (svc_encode_read_payload(resp->rqstp, starting_len + 8, maxcount))
3836
+		return nfserr_io;
3837
+	xdr_truncate_encode(xdr, starting_len + 8 + xdr_align_size(maxcount));
3565
3838
 
3566
3839
 	tmp = htonl(eof);
3567
3840
 	write_bytes_to_xdr_buf(xdr->buf, starting_len    , &tmp, 4);
3568
3841
 	tmp = htonl(maxcount);
3569
3842
 	write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3570
3843
 
3844
+	tmp = xdr_zero;
3571
3845
 	pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3572
3846
 	write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3573
-								&zzz, pad);
3847
+								&tmp, pad);
3574
3848
 	return 0;
3575
3849
 
3576
3850
 }
..
..
@@ -3581,10 +3855,13 @@
3581
3855
 {
3582
3856
 	unsigned long maxcount;
3583
3857
 	struct xdr_stream *xdr = &resp->xdr;
3584
-	struct file *file = read->rd_filp;
3858
+	struct file *file;
3585
3859
 	int starting_len = xdr->buf->len;
3586
-	struct raparms *ra = NULL;
3587
3860
 	__be32 *p;
3861
+
3862
+	if (nfserr)
3863
+		return nfserr;
3864
+	file = read->rd_nf->nf_file;
3588
3865
 
3589
3866
 	p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3590
3867
 	if (!p) {
..
..
@@ -3594,7 +3871,7 @@
3594
3871
 	if (resp->xdr.buf->page_len &&
3595
3872
 	    test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
3596
3873
 		WARN_ON_ONCE(1);
3597
-		return nfserr_resource;
3874
+		return nfserr_serverfault;
3598
3875
 	}
3599
3876
 	xdr_commit_encode(xdr);
3600
3877
 
..
..
@@ -3603,17 +3880,11 @@
3603
3880
 			 (xdr->buf->buflen - xdr->buf->len));
3604
3881
 	maxcount = min_t(unsigned long, maxcount, read->rd_length);
3605
3882
 
3606
-	if (read->rd_tmp_file)
3607
-		ra = nfsd_init_raparms(file);
3608
-
3609
3883
 	if (file->f_op->splice_read &&
3610
3884
 	    test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags))
3611
3885
 		nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount);
3612
3886
 	else
3613
3887
 		nfserr = nfsd4_encode_readv(resp, read, file, maxcount);
3614
-
3615
-	if (ra)
3616
-		nfsd_put_raparams(file, ra);
3617
3888
 
3618
3889
 	if (nfserr)
3619
3890
 		xdr_truncate_encode(xdr, starting_len);
..
..
@@ -3946,11 +4217,12 @@
3946
4217
 	int major_id_sz;
3947
4218
 	int server_scope_sz;
3948
4219
 	uint64_t minor_id = 0;
4220
+	struct nfsd_net *nn = net_generic(SVC_NET(resp->rqstp), nfsd_net_id);
3949
4221
 
3950
-	major_id = utsname()->nodename;
3951
-	major_id_sz = strlen(major_id);
3952
-	server_scope = utsname()->nodename;
3953
-	server_scope_sz = strlen(server_scope);
4222
+	major_id = nn->nfsd_name;
4223
+	major_id_sz = strlen(nn->nfsd_name);
4224
+	server_scope = nn->nfsd_name;
4225
+	server_scope_sz = strlen(nn->nfsd_name);
3954
4226
 
3955
4227
 	p = xdr_reserve_space(xdr,
3956
4228
 		8 /* eir_clientid */ +
..
..
@@ -4231,15 +4503,27 @@
4231
4503
 #endif /* CONFIG_NFSD_PNFS */
4232
4504
 
4233
4505
 static __be32
4234
-nfsd42_encode_write_res(struct nfsd4_compoundres *resp, struct nfsd42_write_res *write)
4506
+nfsd42_encode_write_res(struct nfsd4_compoundres *resp,
4507
+		struct nfsd42_write_res *write, bool sync)
4235
4508
 {
4236
4509
 	__be32 *p;
4237
-
4238
-	p = xdr_reserve_space(&resp->xdr, 4 + 8 + 4 + NFS4_VERIFIER_SIZE);
4510
+	p = xdr_reserve_space(&resp->xdr, 4);
4239
4511
 	if (!p)
4240
4512
 		return nfserr_resource;
4241
4513
 
4242
-	*p++ = cpu_to_be32(0);
4514
+	if (sync)
4515
+		*p++ = cpu_to_be32(0);
4516
+	else {
4517
+		__be32 nfserr;
4518
+		*p++ = cpu_to_be32(1);
4519
+		nfserr = nfsd4_encode_stateid(&resp->xdr, &write->cb_stateid);
4520
+		if (nfserr)
4521
+			return nfserr;
4522
+	}
4523
+	p = xdr_reserve_space(&resp->xdr, 8 + 4 + NFS4_VERIFIER_SIZE);
4524
+	if (!p)
4525
+		return nfserr_resource;
4526
+
4243
4527
 	p = xdr_encode_hyper(p, write->wr_bytes_written);
4244
4528
 	*p++ = cpu_to_be32(write->wr_stable_how);
4245
4529
 	p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
..
..
@@ -4248,12 +4532,53 @@
4248
4532
 }
4249
4533
 
4250
4534
 static __be32
4535
+nfsd42_encode_nl4_server(struct nfsd4_compoundres *resp, struct nl4_server *ns)
4536
+{
4537
+	struct xdr_stream *xdr = &resp->xdr;
4538
+	struct nfs42_netaddr *addr;
4539
+	__be32 *p;
4540
+
4541
+	p = xdr_reserve_space(xdr, 4);
4542
+	*p++ = cpu_to_be32(ns->nl4_type);
4543
+
4544
+	switch (ns->nl4_type) {
4545
+	case NL4_NETADDR:
4546
+		addr = &ns->u.nl4_addr;
4547
+
4548
+		/* netid_len, netid, uaddr_len, uaddr (port included
4549
+		 * in RPCBIND_MAXUADDRLEN)
4550
+		 */
4551
+		p = xdr_reserve_space(xdr,
4552
+			4 /* netid len */ +
4553
+			(XDR_QUADLEN(addr->netid_len) * 4) +
4554
+			4 /* uaddr len */ +
4555
+			(XDR_QUADLEN(addr->addr_len) * 4));
4556
+		if (!p)
4557
+			return nfserr_resource;
4558
+
4559
+		*p++ = cpu_to_be32(addr->netid_len);
4560
+		p = xdr_encode_opaque_fixed(p, addr->netid,
4561
+					    addr->netid_len);
4562
+		*p++ = cpu_to_be32(addr->addr_len);
4563
+		p = xdr_encode_opaque_fixed(p, addr->addr,
4564
+					addr->addr_len);
4565
+		break;
4566
+	default:
4567
+		WARN_ON_ONCE(ns->nl4_type != NL4_NETADDR);
4568
+		return nfserr_inval;
4569
+	}
4570
+
4571
+	return 0;
4572
+}
4573
+
4574
+static __be32
4251
4575
 nfsd4_encode_copy(struct nfsd4_compoundres *resp, __be32 nfserr,
4252
4576
 		  struct nfsd4_copy *copy)
4253
4577
 {
4254
4578
 	__be32 *p;
4255
4579
 
4256
-	nfserr = nfsd42_encode_write_res(resp, &copy->cp_res);
4580
+	nfserr = nfsd42_encode_write_res(resp, &copy->cp_res,
4581
+			copy->cp_synchronous);
4257
4582
 	if (nfserr)
4258
4583
 		return nfserr;
4259
4584
 
..
..
@@ -4261,6 +4586,205 @@
4261
4586
 	*p++ = xdr_one; /* cr_consecutive */
4262
4587
 	*p++ = cpu_to_be32(copy->cp_synchronous);
4263
4588
 	return 0;
4589
+}
4590
+
4591
+static __be32
4592
+nfsd4_encode_offload_status(struct nfsd4_compoundres *resp, __be32 nfserr,
4593
+			    struct nfsd4_offload_status *os)
4594
+{
4595
+	struct xdr_stream *xdr = &resp->xdr;
4596
+	__be32 *p;
4597
+
4598
+	p = xdr_reserve_space(xdr, 8 + 4);
4599
+	if (!p)
4600
+		return nfserr_resource;
4601
+	p = xdr_encode_hyper(p, os->count);
4602
+	*p++ = cpu_to_be32(0);
4603
+	return nfserr;
4604
+}
4605
+
4606
+static __be32
4607
+nfsd4_encode_read_plus_data(struct nfsd4_compoundres *resp,
4608
+			    struct nfsd4_read *read,
4609
+			    unsigned long *maxcount, u32 *eof,
4610
+			    loff_t *pos)
4611
+{
4612
+	struct xdr_stream *xdr = &resp->xdr;
4613
+	struct file *file = read->rd_nf->nf_file;
4614
+	int starting_len = xdr->buf->len;
4615
+	loff_t hole_pos;
4616
+	__be32 nfserr;
4617
+	__be32 *p, tmp;
4618
+	__be64 tmp64;
4619
+
4620
+	hole_pos = pos ? *pos : vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4621
+	if (hole_pos > read->rd_offset)
4622
+		*maxcount = min_t(unsigned long, *maxcount, hole_pos - read->rd_offset);
4623
+	*maxcount = min_t(unsigned long, *maxcount, (xdr->buf->buflen - xdr->buf->len));
4624
+
4625
+	/* Content type, offset, byte count */
4626
+	p = xdr_reserve_space(xdr, 4 + 8 + 4);
4627
+	if (!p)
4628
+		return nfserr_resource;
4629
+
4630
+	read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, *maxcount);
4631
+	if (read->rd_vlen < 0)
4632
+		return nfserr_resource;
4633
+
4634
+	nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
4635
+			    resp->rqstp->rq_vec, read->rd_vlen, maxcount, eof);
4636
+	if (nfserr)
4637
+		return nfserr;
4638
+	xdr_truncate_encode(xdr, starting_len + 16 + xdr_align_size(*maxcount));
4639
+
4640
+	tmp = htonl(NFS4_CONTENT_DATA);
4641
+	write_bytes_to_xdr_buf(xdr->buf, starting_len,      &tmp,   4);
4642
+	tmp64 = cpu_to_be64(read->rd_offset);
4643
+	write_bytes_to_xdr_buf(xdr->buf, starting_len + 4,  &tmp64, 8);
4644
+	tmp = htonl(*maxcount);
4645
+	write_bytes_to_xdr_buf(xdr->buf, starting_len + 12, &tmp,   4);
4646
+
4647
+	tmp = xdr_zero;
4648
+	write_bytes_to_xdr_buf(xdr->buf, starting_len + 16 + *maxcount, &tmp,
4649
+			       xdr_pad_size(*maxcount));
4650
+	return nfs_ok;
4651
+}
4652
+
4653
+static __be32
4654
+nfsd4_encode_read_plus_hole(struct nfsd4_compoundres *resp,
4655
+			    struct nfsd4_read *read,
4656
+			    unsigned long *maxcount, u32 *eof)
4657
+{
4658
+	struct file *file = read->rd_nf->nf_file;
4659
+	loff_t data_pos = vfs_llseek(file, read->rd_offset, SEEK_DATA);
4660
+	loff_t f_size = i_size_read(file_inode(file));
4661
+	unsigned long count;
4662
+	__be32 *p;
4663
+
4664
+	if (data_pos == -ENXIO)
4665
+		data_pos = f_size;
4666
+	else if (data_pos <= read->rd_offset || (data_pos < f_size && data_pos % PAGE_SIZE))
4667
+		return nfsd4_encode_read_plus_data(resp, read, maxcount, eof, &f_size);
4668
+	count = data_pos - read->rd_offset;
4669
+
4670
+	/* Content type, offset, byte count */
4671
+	p = xdr_reserve_space(&resp->xdr, 4 + 8 + 8);
4672
+	if (!p)
4673
+		return nfserr_resource;
4674
+
4675
+	*p++ = htonl(NFS4_CONTENT_HOLE);
4676
+	 p   = xdr_encode_hyper(p, read->rd_offset);
4677
+	 p   = xdr_encode_hyper(p, count);
4678
+
4679
+	*eof = (read->rd_offset + count) >= f_size;
4680
+	*maxcount = min_t(unsigned long, count, *maxcount);
4681
+	return nfs_ok;
4682
+}
4683
+
4684
+static __be32
4685
+nfsd4_encode_read_plus(struct nfsd4_compoundres *resp, __be32 nfserr,
4686
+		       struct nfsd4_read *read)
4687
+{
4688
+	unsigned long maxcount, count;
4689
+	struct xdr_stream *xdr = &resp->xdr;
4690
+	struct file *file;
4691
+	int starting_len = xdr->buf->len;
4692
+	int last_segment = xdr->buf->len;
4693
+	int segments = 0;
4694
+	__be32 *p, tmp;
4695
+	bool is_data;
4696
+	loff_t pos;
4697
+	u32 eof;
4698
+
4699
+	if (nfserr)
4700
+		return nfserr;
4701
+	file = read->rd_nf->nf_file;
4702
+
4703
+	/* eof flag, segment count */
4704
+	p = xdr_reserve_space(xdr, 4 + 4);
4705
+	if (!p)
4706
+		return nfserr_resource;
4707
+	xdr_commit_encode(xdr);
4708
+
4709
+	maxcount = svc_max_payload(resp->rqstp);
4710
+	maxcount = min_t(unsigned long, maxcount,
4711
+			 (xdr->buf->buflen - xdr->buf->len));
4712
+	maxcount = min_t(unsigned long, maxcount, read->rd_length);
4713
+	count    = maxcount;
4714
+
4715
+	eof = read->rd_offset >= i_size_read(file_inode(file));
4716
+	if (eof)
4717
+		goto out;
4718
+
4719
+	pos = vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4720
+	is_data = pos > read->rd_offset;
4721
+
4722
+	while (count > 0 && !eof) {
4723
+		maxcount = count;
4724
+		if (is_data)
4725
+			nfserr = nfsd4_encode_read_plus_data(resp, read, &maxcount, &eof,
4726
+						segments == 0 ? &pos : NULL);
4727
+		else
4728
+			nfserr = nfsd4_encode_read_plus_hole(resp, read, &maxcount, &eof);
4729
+		if (nfserr)
4730
+			goto out;
4731
+		count -= maxcount;
4732
+		read->rd_offset += maxcount;
4733
+		is_data = !is_data;
4734
+		last_segment = xdr->buf->len;
4735
+		segments++;
4736
+	}
4737
+
4738
+out:
4739
+	if (nfserr && segments == 0)
4740
+		xdr_truncate_encode(xdr, starting_len);
4741
+	else {
4742
+		if (nfserr) {
4743
+			xdr_truncate_encode(xdr, last_segment);
4744
+			nfserr = nfs_ok;
4745
+			eof = 0;
4746
+		}
4747
+		tmp = htonl(eof);
4748
+		write_bytes_to_xdr_buf(xdr->buf, starting_len,     &tmp, 4);
4749
+		tmp = htonl(segments);
4750
+		write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
4751
+	}
4752
+
4753
+	return nfserr;
4754
+}
4755
+
4756
+static __be32
4757
+nfsd4_encode_copy_notify(struct nfsd4_compoundres *resp, __be32 nfserr,
4758
+			 struct nfsd4_copy_notify *cn)
4759
+{
4760
+	struct xdr_stream *xdr = &resp->xdr;
4761
+	__be32 *p;
4762
+
4763
+	if (nfserr)
4764
+		return nfserr;
4765
+
4766
+	/* 8 sec, 4 nsec */
4767
+	p = xdr_reserve_space(xdr, 12);
4768
+	if (!p)
4769
+		return nfserr_resource;
4770
+
4771
+	/* cnr_lease_time */
4772
+	p = xdr_encode_hyper(p, cn->cpn_sec);
4773
+	*p++ = cpu_to_be32(cn->cpn_nsec);
4774
+
4775
+	/* cnr_stateid */
4776
+	nfserr = nfsd4_encode_stateid(xdr, &cn->cpn_cnr_stateid);
4777
+	if (nfserr)
4778
+		return nfserr;
4779
+
4780
+	/* cnr_src.nl_nsvr */
4781
+	p = xdr_reserve_space(xdr, 4);
4782
+	if (!p)
4783
+		return nfserr_resource;
4784
+
4785
+	*p++ = cpu_to_be32(1);
4786
+
4787
+	return nfsd42_encode_nl4_server(resp, &cn->cpn_src);
4264
4788
 }
4265
4789
 
4266
4790
 static __be32
..
..
@@ -4280,6 +4804,241 @@
4280
4804
 nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
4281
4805
 {
4282
4806
 	return nfserr;
4807
+}
4808
+
4809
+/*
4810
+ * Encode kmalloc-ed buffer in to XDR stream.
4811
+ */
4812
+static __be32
4813
+nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen)
4814
+{
4815
+	u32 cplen;
4816
+	__be32 *p;
4817
+
4818
+	cplen = min_t(unsigned long, buflen,
4819
+		      ((void *)xdr->end - (void *)xdr->p));
4820
+	p = xdr_reserve_space(xdr, cplen);
4821
+	if (!p)
4822
+		return nfserr_resource;
4823
+
4824
+	memcpy(p, buf, cplen);
4825
+	buf += cplen;
4826
+	buflen -= cplen;
4827
+
4828
+	while (buflen) {
4829
+		cplen = min_t(u32, buflen, PAGE_SIZE);
4830
+		p = xdr_reserve_space(xdr, cplen);
4831
+		if (!p)
4832
+			return nfserr_resource;
4833
+
4834
+		memcpy(p, buf, cplen);
4835
+
4836
+		if (cplen < PAGE_SIZE) {
4837
+			/*
4838
+			 * We're done, with a length that wasn't page
4839
+			 * aligned, so possibly not word aligned. Pad
4840
+			 * any trailing bytes with 0.
4841
+			 */
4842
+			xdr_encode_opaque_fixed(p, NULL, cplen);
4843
+			break;
4844
+		}
4845
+
4846
+		buflen -= PAGE_SIZE;
4847
+		buf += PAGE_SIZE;
4848
+	}
4849
+
4850
+	return 0;
4851
+}
4852
+
4853
+static __be32
4854
+nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4855
+		      struct nfsd4_getxattr *getxattr)
4856
+{
4857
+	struct xdr_stream *xdr = &resp->xdr;
4858
+	__be32 *p, err;
4859
+
4860
+	p = xdr_reserve_space(xdr, 4);
4861
+	if (!p)
4862
+		return nfserr_resource;
4863
+
4864
+	*p = cpu_to_be32(getxattr->getxa_len);
4865
+
4866
+	if (getxattr->getxa_len == 0)
4867
+		return 0;
4868
+
4869
+	err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf,
4870
+				    getxattr->getxa_len);
4871
+
4872
+	kvfree(getxattr->getxa_buf);
4873
+
4874
+	return err;
4875
+}
4876
+
4877
+static __be32
4878
+nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4879
+		      struct nfsd4_setxattr *setxattr)
4880
+{
4881
+	struct xdr_stream *xdr = &resp->xdr;
4882
+	__be32 *p;
4883
+
4884
+	p = xdr_reserve_space(xdr, 20);
4885
+	if (!p)
4886
+		return nfserr_resource;
4887
+
4888
+	encode_cinfo(p, &setxattr->setxa_cinfo);
4889
+
4890
+	return 0;
4891
+}
4892
+
4893
+/*
4894
+ * See if there are cookie values that can be rejected outright.
4895
+ */
4896
+static __be32
4897
+nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs,
4898
+				u32 *offsetp)
4899
+{
4900
+	u64 cookie = listxattrs->lsxa_cookie;
4901
+
4902
+	/*
4903
+	 * If the cookie is larger than the maximum number we can fit
4904
+	 * in either the buffer we just got back from vfs_listxattr, or,
4905
+	 * XDR-encoded, in the return buffer, it's invalid.
4906
+	 */
4907
+	if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2))
4908
+		return nfserr_badcookie;
4909
+
4910
+	if (cookie > (listxattrs->lsxa_maxcount /
4911
+		      (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4)))
4912
+		return nfserr_badcookie;
4913
+
4914
+	*offsetp = (u32)cookie;
4915
+	return 0;
4916
+}
4917
+
4918
+static __be32
4919
+nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr,
4920
+			struct nfsd4_listxattrs *listxattrs)
4921
+{
4922
+	struct xdr_stream *xdr = &resp->xdr;
4923
+	u32 cookie_offset, count_offset, eof;
4924
+	u32 left, xdrleft, slen, count;
4925
+	u32 xdrlen, offset;
4926
+	u64 cookie;
4927
+	char *sp;
4928
+	__be32 status, tmp;
4929
+	__be32 *p;
4930
+	u32 nuser;
4931
+
4932
+	eof = 1;
4933
+
4934
+	status = nfsd4_listxattr_validate_cookie(listxattrs, &offset);
4935
+	if (status)
4936
+		goto out;
4937
+
4938
+	/*
4939
+	 * Reserve space for the cookie and the name array count. Record
4940
+	 * the offsets to save them later.
4941
+	 */
4942
+	cookie_offset = xdr->buf->len;
4943
+	count_offset = cookie_offset + 8;
4944
+	p = xdr_reserve_space(xdr, 12);
4945
+	if (!p) {
4946
+		status = nfserr_resource;
4947
+		goto out;
4948
+	}
4949
+
4950
+	count = 0;
4951
+	left = listxattrs->lsxa_len;
4952
+	sp = listxattrs->lsxa_buf;
4953
+	nuser = 0;
4954
+
4955
+	xdrleft = listxattrs->lsxa_maxcount;
4956
+
4957
+	while (left > 0 && xdrleft > 0) {
4958
+		slen = strlen(sp);
4959
+
4960
+		/*
4961
+		 * Check if this is a "user." attribute, skip it if not.
4962
+		 */
4963
+		if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
4964
+			goto contloop;
4965
+
4966
+		slen -= XATTR_USER_PREFIX_LEN;
4967
+		xdrlen = 4 + ((slen + 3) & ~3);
4968
+		if (xdrlen > xdrleft) {
4969
+			if (count == 0) {
4970
+				/*
4971
+				 * Can't even fit the first attribute name.
4972
+				 */
4973
+				status = nfserr_toosmall;
4974
+				goto out;
4975
+			}
4976
+			eof = 0;
4977
+			goto wreof;
4978
+		}
4979
+
4980
+		left -= XATTR_USER_PREFIX_LEN;
4981
+		sp += XATTR_USER_PREFIX_LEN;
4982
+		if (nuser++ < offset)
4983
+			goto contloop;
4984
+
4985
+
4986
+		p = xdr_reserve_space(xdr, xdrlen);
4987
+		if (!p) {
4988
+			status = nfserr_resource;
4989
+			goto out;
4990
+		}
4991
+
4992
+		xdr_encode_opaque(p, sp, slen);
4993
+
4994
+		xdrleft -= xdrlen;
4995
+		count++;
4996
+contloop:
4997
+		sp += slen + 1;
4998
+		left -= slen + 1;
4999
+	}
5000
+
5001
+	/*
5002
+	 * If there were user attributes to copy, but we didn't copy
5003
+	 * any, the offset was too large (e.g. the cookie was invalid).
5004
+	 */
5005
+	if (nuser > 0 && count == 0) {
5006
+		status = nfserr_badcookie;
5007
+		goto out;
5008
+	}
5009
+
5010
+wreof:
5011
+	p = xdr_reserve_space(xdr, 4);
5012
+	if (!p) {
5013
+		status = nfserr_resource;
5014
+		goto out;
5015
+	}
5016
+	*p = cpu_to_be32(eof);
5017
+
5018
+	cookie = offset + count;
5019
+
5020
+	write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8);
5021
+	tmp = cpu_to_be32(count);
5022
+	write_bytes_to_xdr_buf(xdr->buf, count_offset, &tmp, 4);
5023
+out:
5024
+	if (listxattrs->lsxa_len)
5025
+		kvfree(listxattrs->lsxa_buf);
5026
+	return status;
5027
+}
5028
+
5029
+static __be32
5030
+nfsd4_encode_removexattr(struct nfsd4_compoundres *resp, __be32 nfserr,
5031
+			 struct nfsd4_removexattr *removexattr)
5032
+{
5033
+	struct xdr_stream *xdr = &resp->xdr;
5034
+	__be32 *p;
5035
+
5036
+	p = xdr_reserve_space(xdr, 20);
5037
+	if (!p)
5038
+		return nfserr_resource;
5039
+
5040
+	p = encode_cinfo(p, &removexattr->rmxa_cinfo);
5041
+	return 0;
4283
5042
 }
4284
5043
 
4285
5044
 typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
..
..
@@ -4360,17 +5119,23 @@
4360
5119
 	/* NFSv4.2 operations */
4361
5120
 	[OP_ALLOCATE]		= (nfsd4_enc)nfsd4_encode_noop,
4362
5121
 	[OP_COPY]		= (nfsd4_enc)nfsd4_encode_copy,
4363
-	[OP_COPY_NOTIFY]	= (nfsd4_enc)nfsd4_encode_noop,
5122
+	[OP_COPY_NOTIFY]	= (nfsd4_enc)nfsd4_encode_copy_notify,
4364
5123
 	[OP_DEALLOCATE]		= (nfsd4_enc)nfsd4_encode_noop,
4365
5124
 	[OP_IO_ADVISE]		= (nfsd4_enc)nfsd4_encode_noop,
4366
5125
 	[OP_LAYOUTERROR]	= (nfsd4_enc)nfsd4_encode_noop,
4367
5126
 	[OP_LAYOUTSTATS]	= (nfsd4_enc)nfsd4_encode_noop,
4368
5127
 	[OP_OFFLOAD_CANCEL]	= (nfsd4_enc)nfsd4_encode_noop,
4369
-	[OP_OFFLOAD_STATUS]	= (nfsd4_enc)nfsd4_encode_noop,
4370
-	[OP_READ_PLUS]		= (nfsd4_enc)nfsd4_encode_noop,
5128
+	[OP_OFFLOAD_STATUS]	= (nfsd4_enc)nfsd4_encode_offload_status,
5129
+	[OP_READ_PLUS]		= (nfsd4_enc)nfsd4_encode_read_plus,
4371
5130
 	[OP_SEEK]		= (nfsd4_enc)nfsd4_encode_seek,
4372
5131
 	[OP_WRITE_SAME]		= (nfsd4_enc)nfsd4_encode_noop,
4373
5132
 	[OP_CLONE]		= (nfsd4_enc)nfsd4_encode_noop,
5133
+
5134
+	/* RFC 8276 extended atributes operations */
5135
+	[OP_GETXATTR]		= (nfsd4_enc)nfsd4_encode_getxattr,
5136
+	[OP_SETXATTR]		= (nfsd4_enc)nfsd4_encode_setxattr,
5137
+	[OP_LISTXATTRS]		= (nfsd4_enc)nfsd4_encode_listxattrs,
5138
+	[OP_REMOVEXATTR]	= (nfsd4_enc)nfsd4_encode_removexattr,
4374
5139
 };
4375
5140
 
4376
5141
 /*
..
..
@@ -4487,8 +5252,6 @@
4487
5252
 	__be32 *p;
4488
5253
 	struct nfs4_replay *rp = op->replay;
4489
5254
 
4490
-	BUG_ON(!rp);
4491
-
4492
5255
 	p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
4493
5256
 	if (!p) {
4494
5257
 		WARN_ON_ONCE(1);
..
..
@@ -4524,6 +5287,12 @@
4524
5287
 }
4525
5288
 
4526
5289
 int
5290
+nfs4svc_decode_voidarg(struct svc_rqst *rqstp, __be32 *p)
5291
+{
5292
+	return 1;
5293
+}
5294
+
5295
+int
4527
5296
 nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p)
4528
5297
 {
4529
5298
 	struct nfsd4_compoundargs *args = rqstp->rq_argp;
..
..
@@ -4550,15 +5319,14 @@
4550
5319
 int
4551
5320
 nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p)
4552
5321
 {
4553
-	/*
4554
-	 * All that remains is to write the tag and operation count...
4555
-	 */
4556
5322
 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
4557
5323
 	struct xdr_buf *buf = resp->xdr.buf;
4558
5324
 
4559
5325
 	WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
4560
5326
 				 buf->tail[0].iov_len);
4561
5327
 
5328
+	*p = resp->cstate.status;
5329
+
4562
5330
 	rqstp->rq_next_page = resp->xdr.page_ptr + 1;
4563
5331
 
4564
5332
 	p = resp->tagp;