1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/fs/nfs/fs_context.c
4 *
5 * Copyright (C) 1992 Rick Sladkey
6 * Conversion to new mount api Copyright (C) David Howells
7 *
8 * NFS mount handling.
9 *
10 * Split from fs/nfs/super.c by David Howells <dhowells@redhat.com>
11 */
12
13 #include <linux/compat.h>
14 #include <linux/module.h>
15 #include <linux/fs.h>
16 #include <linux/fs_context.h>
17 #include <linux/fs_parser.h>
18 #include <linux/nfs_fs.h>
19 #include <linux/nfs_mount.h>
20 #include <linux/nfs4_mount.h>
21
22 #include <net/handshake.h>
23
24 #include "nfs.h"
25 #include "internal.h"
26
27 #include "nfstrace.h"
28
29 #define NFSDBG_FACILITY NFSDBG_MOUNT
30
31 #if IS_ENABLED(CONFIG_NFS_V3)
32 #define NFS_DEFAULT_VERSION 3
33 #else
34 #define NFS_DEFAULT_VERSION 2
35 #endif
36
37 #define NFS_MAX_CONNECTIONS 16
38
39 enum nfs_param {
40 Opt_ac,
41 Opt_acdirmax,
42 Opt_acdirmin,
43 Opt_acl,
44 Opt_acregmax,
45 Opt_acregmin,
46 Opt_actimeo,
47 Opt_addr,
48 Opt_bg,
49 Opt_bsize,
50 Opt_clientaddr,
51 Opt_cto,
52 Opt_alignwrite,
53 Opt_fatal_neterrors,
54 Opt_fg,
55 Opt_fscache,
56 Opt_fscache_flag,
57 Opt_hard,
58 Opt_intr,
59 Opt_local_lock,
60 Opt_lock,
61 Opt_lookupcache,
62 Opt_migration,
63 Opt_minorversion,
64 Opt_mountaddr,
65 Opt_mounthost,
66 Opt_mountport,
67 Opt_mountproto,
68 Opt_mountvers,
69 Opt_namelen,
70 Opt_nconnect,
71 Opt_max_connect,
72 Opt_port,
73 Opt_posix,
74 Opt_proto,
75 Opt_rdirplus,
76 Opt_rdirplus_none,
77 Opt_rdirplus_force,
78 Opt_rdma,
79 Opt_resvport,
80 Opt_retrans,
81 Opt_retry,
82 Opt_rsize,
83 Opt_sec,
84 Opt_sharecache,
85 Opt_sloppy,
86 Opt_soft,
87 Opt_softerr,
88 Opt_softreval,
89 Opt_source,
90 Opt_tcp,
91 Opt_timeo,
92 Opt_trunkdiscovery,
93 Opt_udp,
94 Opt_v,
95 Opt_vers,
96 Opt_wsize,
97 Opt_write,
98 Opt_xprtsec,
99 };
100
101 enum {
102 Opt_fatal_neterrors_default,
103 Opt_fatal_neterrors_enetunreach,
104 Opt_fatal_neterrors_none,
105 };
106
107 static const struct constant_table nfs_param_enums_fatal_neterrors[] = {
108 { "default", Opt_fatal_neterrors_default },
109 { "ENETDOWN:ENETUNREACH", Opt_fatal_neterrors_enetunreach },
110 { "ENETUNREACH:ENETDOWN", Opt_fatal_neterrors_enetunreach },
111 { "none", Opt_fatal_neterrors_none },
112 {}
113 };
114
115 enum {
116 Opt_local_lock_all,
117 Opt_local_lock_flock,
118 Opt_local_lock_none,
119 Opt_local_lock_posix,
120 };
121
122 static const struct constant_table nfs_param_enums_local_lock[] = {
123 { "all", Opt_local_lock_all },
124 { "flock", Opt_local_lock_flock },
125 { "posix", Opt_local_lock_posix },
126 { "none", Opt_local_lock_none },
127 {}
128 };
129
130 enum {
131 Opt_lookupcache_all,
132 Opt_lookupcache_none,
133 Opt_lookupcache_positive,
134 };
135
136 static const struct constant_table nfs_param_enums_lookupcache[] = {
137 { "all", Opt_lookupcache_all },
138 { "none", Opt_lookupcache_none },
139 { "pos", Opt_lookupcache_positive },
140 { "positive", Opt_lookupcache_positive },
141 {}
142 };
143
144 enum {
145 Opt_write_lazy,
146 Opt_write_eager,
147 Opt_write_wait,
148 };
149
150 static const struct constant_table nfs_param_enums_write[] = {
151 { "lazy", Opt_write_lazy },
152 { "eager", Opt_write_eager },
153 { "wait", Opt_write_wait },
154 {}
155 };
156
157 static const struct fs_parameter_spec nfs_fs_parameters[] = {
158 fsparam_flag_no("ac", Opt_ac),
159 fsparam_u32 ("acdirmax", Opt_acdirmax),
160 fsparam_u32 ("acdirmin", Opt_acdirmin),
161 fsparam_flag_no("acl", Opt_acl),
162 fsparam_u32 ("acregmax", Opt_acregmax),
163 fsparam_u32 ("acregmin", Opt_acregmin),
164 fsparam_u32 ("actimeo", Opt_actimeo),
165 fsparam_string("addr", Opt_addr),
166 fsparam_flag ("bg", Opt_bg),
167 fsparam_u32 ("bsize", Opt_bsize),
168 fsparam_string("clientaddr", Opt_clientaddr),
169 fsparam_flag_no("cto", Opt_cto),
170 fsparam_flag_no("alignwrite", Opt_alignwrite),
171 fsparam_enum("fatal_neterrors", Opt_fatal_neterrors,
172 nfs_param_enums_fatal_neterrors),
173 fsparam_flag ("fg", Opt_fg),
174 fsparam_flag_no("fsc", Opt_fscache_flag),
175 fsparam_string("fsc", Opt_fscache),
176 fsparam_flag ("hard", Opt_hard),
177 __fsparam(NULL, "intr", Opt_intr,
178 fs_param_neg_with_no|fs_param_deprecated, NULL),
179 fsparam_enum ("local_lock", Opt_local_lock, nfs_param_enums_local_lock),
180 fsparam_flag_no("lock", Opt_lock),
181 fsparam_enum ("lookupcache", Opt_lookupcache, nfs_param_enums_lookupcache),
182 fsparam_flag_no("migration", Opt_migration),
183 fsparam_u32 ("minorversion", Opt_minorversion),
184 fsparam_string("mountaddr", Opt_mountaddr),
185 fsparam_string("mounthost", Opt_mounthost),
186 fsparam_u32 ("mountport", Opt_mountport),
187 fsparam_string("mountproto", Opt_mountproto),
188 fsparam_u32 ("mountvers", Opt_mountvers),
189 fsparam_u32 ("namlen", Opt_namelen),
190 fsparam_u32 ("nconnect", Opt_nconnect),
191 fsparam_u32 ("max_connect", Opt_max_connect),
192 fsparam_string("nfsvers", Opt_vers),
193 fsparam_u32 ("port", Opt_port),
194 fsparam_flag_no("posix", Opt_posix),
195 fsparam_string("proto", Opt_proto),
196 fsparam_flag_no("rdirplus", Opt_rdirplus), // rdirplus|nordirplus
197 fsparam_string("rdirplus", Opt_rdirplus), // rdirplus=...
198 fsparam_flag ("rdma", Opt_rdma),
199 fsparam_flag_no("resvport", Opt_resvport),
200 fsparam_u32 ("retrans", Opt_retrans),
201 fsparam_string("retry", Opt_retry),
202 fsparam_u32 ("rsize", Opt_rsize),
203 fsparam_string("sec", Opt_sec),
204 fsparam_flag_no("sharecache", Opt_sharecache),
205 fsparam_flag ("sloppy", Opt_sloppy),
206 fsparam_flag ("soft", Opt_soft),
207 fsparam_flag ("softerr", Opt_softerr),
208 fsparam_flag ("softreval", Opt_softreval),
209 fsparam_string("source", Opt_source),
210 fsparam_flag ("tcp", Opt_tcp),
211 fsparam_u32 ("timeo", Opt_timeo),
212 fsparam_flag_no("trunkdiscovery", Opt_trunkdiscovery),
213 fsparam_flag ("udp", Opt_udp),
214 fsparam_flag ("v2", Opt_v),
215 fsparam_flag ("v3", Opt_v),
216 fsparam_flag ("v4", Opt_v),
217 fsparam_flag ("v4.0", Opt_v),
218 fsparam_flag ("v4.1", Opt_v),
219 fsparam_flag ("v4.2", Opt_v),
220 fsparam_string("vers", Opt_vers),
221 fsparam_enum ("write", Opt_write, nfs_param_enums_write),
222 fsparam_u32 ("wsize", Opt_wsize),
223 fsparam_string("xprtsec", Opt_xprtsec),
224 {}
225 };
226
227 enum {
228 Opt_vers_2,
229 Opt_vers_3,
230 Opt_vers_4,
231 Opt_vers_4_0,
232 Opt_vers_4_1,
233 Opt_vers_4_2,
234 };
235
236 static const struct constant_table nfs_vers_tokens[] = {
237 { "2", Opt_vers_2 },
238 { "3", Opt_vers_3 },
239 { "4", Opt_vers_4 },
240 { "4.0", Opt_vers_4_0 },
241 { "4.1", Opt_vers_4_1 },
242 { "4.2", Opt_vers_4_2 },
243 {}
244 };
245
246 enum {
247 Opt_xprt_rdma,
248 Opt_xprt_rdma6,
249 Opt_xprt_tcp,
250 Opt_xprt_tcp6,
251 Opt_xprt_udp,
252 Opt_xprt_udp6,
253 nr__Opt_xprt
254 };
255
256 static const struct constant_table nfs_xprt_protocol_tokens[] = {
257 { "rdma", Opt_xprt_rdma },
258 { "rdma6", Opt_xprt_rdma6 },
259 { "tcp", Opt_xprt_tcp },
260 { "tcp6", Opt_xprt_tcp6 },
261 { "udp", Opt_xprt_udp },
262 { "udp6", Opt_xprt_udp6 },
263 {}
264 };
265
266 enum {
267 Opt_sec_krb5,
268 Opt_sec_krb5i,
269 Opt_sec_krb5p,
270 Opt_sec_lkey,
271 Opt_sec_lkeyi,
272 Opt_sec_lkeyp,
273 Opt_sec_none,
274 Opt_sec_spkm,
275 Opt_sec_spkmi,
276 Opt_sec_spkmp,
277 Opt_sec_sys,
278 nr__Opt_sec
279 };
280
281 static const struct constant_table nfs_secflavor_tokens[] = {
282 { "krb5", Opt_sec_krb5 },
283 { "krb5i", Opt_sec_krb5i },
284 { "krb5p", Opt_sec_krb5p },
285 { "lkey", Opt_sec_lkey },
286 { "lkeyi", Opt_sec_lkeyi },
287 { "lkeyp", Opt_sec_lkeyp },
288 { "none", Opt_sec_none },
289 { "null", Opt_sec_none },
290 { "spkm3", Opt_sec_spkm },
291 { "spkm3i", Opt_sec_spkmi },
292 { "spkm3p", Opt_sec_spkmp },
293 { "sys", Opt_sec_sys },
294 {}
295 };
296
297 enum {
298 Opt_xprtsec_none,
299 Opt_xprtsec_tls,
300 Opt_xprtsec_mtls,
301 nr__Opt_xprtsec
302 };
303
304 static const struct constant_table nfs_xprtsec_policies[] = {
305 { "none", Opt_xprtsec_none },
306 { "tls", Opt_xprtsec_tls },
307 { "mtls", Opt_xprtsec_mtls },
308 {}
309 };
310
311 static const struct constant_table nfs_rdirplus_tokens[] = {
312 { "none", Opt_rdirplus_none },
313 { "force", Opt_rdirplus_force },
314 {}
315 };
316
317 /*
318 * Sanity-check a server address provided by the mount command.
319 *
320 * Address family must be initialized, and address must not be
321 * the ANY address for that family.
322 */
nfs_verify_server_address(struct sockaddr_storage * addr)323 static int nfs_verify_server_address(struct sockaddr_storage *addr)
324 {
325 switch (addr->ss_family) {
326 case AF_INET: {
327 struct sockaddr_in *sa = (struct sockaddr_in *)addr;
328 return sa->sin_addr.s_addr != htonl(INADDR_ANY);
329 }
330 case AF_INET6: {
331 struct in6_addr *sa = &((struct sockaddr_in6 *)addr)->sin6_addr;
332 return !ipv6_addr_any(sa);
333 }
334 }
335
336 return 0;
337 }
338
339 #ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
nfs_server_transport_udp_invalid(const struct nfs_fs_context * ctx)340 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx)
341 {
342 return true;
343 }
344 #else
nfs_server_transport_udp_invalid(const struct nfs_fs_context * ctx)345 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx)
346 {
347 if (ctx->version == 4)
348 return true;
349 return false;
350 }
351 #endif
352
353 /*
354 * Sanity check the NFS transport protocol.
355 */
nfs_validate_transport_protocol(struct fs_context * fc,struct nfs_fs_context * ctx)356 static int nfs_validate_transport_protocol(struct fs_context *fc,
357 struct nfs_fs_context *ctx)
358 {
359 switch (ctx->nfs_server.protocol) {
360 case XPRT_TRANSPORT_UDP:
361 if (nfs_server_transport_udp_invalid(ctx))
362 goto out_invalid_transport_udp;
363 break;
364 case XPRT_TRANSPORT_TCP:
365 case XPRT_TRANSPORT_RDMA:
366 break;
367 default:
368 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
369 }
370
371 if (ctx->xprtsec.policy != RPC_XPRTSEC_NONE)
372 switch (ctx->nfs_server.protocol) {
373 case XPRT_TRANSPORT_TCP:
374 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP_TLS;
375 break;
376 default:
377 goto out_invalid_xprtsec_policy;
378 }
379
380 return 0;
381 out_invalid_transport_udp:
382 return nfs_invalf(fc, "NFS: Unsupported transport protocol udp");
383 out_invalid_xprtsec_policy:
384 return nfs_invalf(fc, "NFS: Transport does not support xprtsec");
385 }
386
387 /*
388 * For text based NFSv2/v3 mounts, the mount protocol transport default
389 * settings should depend upon the specified NFS transport.
390 */
nfs_set_mount_transport_protocol(struct nfs_fs_context * ctx)391 static void nfs_set_mount_transport_protocol(struct nfs_fs_context *ctx)
392 {
393 if (ctx->mount_server.protocol == XPRT_TRANSPORT_UDP ||
394 ctx->mount_server.protocol == XPRT_TRANSPORT_TCP)
395 return;
396 switch (ctx->nfs_server.protocol) {
397 case XPRT_TRANSPORT_UDP:
398 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP;
399 break;
400 case XPRT_TRANSPORT_TCP:
401 case XPRT_TRANSPORT_RDMA:
402 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP;
403 }
404 }
405
406 /*
407 * Add 'flavor' to 'auth_info' if not already present.
408 * Returns true if 'flavor' ends up in the list, false otherwise
409 */
nfs_auth_info_add(struct fs_context * fc,struct nfs_auth_info * auth_info,rpc_authflavor_t flavor)410 static int nfs_auth_info_add(struct fs_context *fc,
411 struct nfs_auth_info *auth_info,
412 rpc_authflavor_t flavor)
413 {
414 unsigned int i;
415 unsigned int max_flavor_len = ARRAY_SIZE(auth_info->flavors);
416
417 /* make sure this flavor isn't already in the list */
418 for (i = 0; i < auth_info->flavor_len; i++) {
419 if (flavor == auth_info->flavors[i])
420 return 0;
421 }
422
423 if (auth_info->flavor_len + 1 >= max_flavor_len)
424 return nfs_invalf(fc, "NFS: too many sec= flavors");
425
426 auth_info->flavors[auth_info->flavor_len++] = flavor;
427 return 0;
428 }
429
430 /*
431 * Parse the value of the 'sec=' option.
432 */
nfs_parse_security_flavors(struct fs_context * fc,struct fs_parameter * param)433 static int nfs_parse_security_flavors(struct fs_context *fc,
434 struct fs_parameter *param)
435 {
436 struct nfs_fs_context *ctx = nfs_fc2context(fc);
437 rpc_authflavor_t pseudoflavor;
438 char *string = param->string, *p;
439 int ret;
440
441 trace_nfs_mount_assign(param->key, string);
442
443 while ((p = strsep(&string, ":")) != NULL) {
444 if (!*p)
445 continue;
446 switch (lookup_constant(nfs_secflavor_tokens, p, -1)) {
447 case Opt_sec_none:
448 pseudoflavor = RPC_AUTH_NULL;
449 break;
450 case Opt_sec_sys:
451 pseudoflavor = RPC_AUTH_UNIX;
452 break;
453 case Opt_sec_krb5:
454 pseudoflavor = RPC_AUTH_GSS_KRB5;
455 break;
456 case Opt_sec_krb5i:
457 pseudoflavor = RPC_AUTH_GSS_KRB5I;
458 break;
459 case Opt_sec_krb5p:
460 pseudoflavor = RPC_AUTH_GSS_KRB5P;
461 break;
462 case Opt_sec_lkey:
463 pseudoflavor = RPC_AUTH_GSS_LKEY;
464 break;
465 case Opt_sec_lkeyi:
466 pseudoflavor = RPC_AUTH_GSS_LKEYI;
467 break;
468 case Opt_sec_lkeyp:
469 pseudoflavor = RPC_AUTH_GSS_LKEYP;
470 break;
471 case Opt_sec_spkm:
472 pseudoflavor = RPC_AUTH_GSS_SPKM;
473 break;
474 case Opt_sec_spkmi:
475 pseudoflavor = RPC_AUTH_GSS_SPKMI;
476 break;
477 case Opt_sec_spkmp:
478 pseudoflavor = RPC_AUTH_GSS_SPKMP;
479 break;
480 default:
481 return nfs_invalf(fc, "NFS: sec=%s option not recognized", p);
482 }
483
484 ret = nfs_auth_info_add(fc, &ctx->auth_info, pseudoflavor);
485 if (ret < 0)
486 return ret;
487 }
488
489 return 0;
490 }
491
nfs_parse_xprtsec_policy(struct fs_context * fc,struct fs_parameter * param)492 static int nfs_parse_xprtsec_policy(struct fs_context *fc,
493 struct fs_parameter *param)
494 {
495 struct nfs_fs_context *ctx = nfs_fc2context(fc);
496
497 trace_nfs_mount_assign(param->key, param->string);
498
499 switch (lookup_constant(nfs_xprtsec_policies, param->string, -1)) {
500 case Opt_xprtsec_none:
501 ctx->xprtsec.policy = RPC_XPRTSEC_NONE;
502 break;
503 case Opt_xprtsec_tls:
504 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_ANON;
505 break;
506 case Opt_xprtsec_mtls:
507 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_X509;
508 break;
509 default:
510 return nfs_invalf(fc, "NFS: Unrecognized transport security policy");
511 }
512 return 0;
513 }
514
nfs_parse_version_string(struct fs_context * fc,const char * string)515 static int nfs_parse_version_string(struct fs_context *fc,
516 const char *string)
517 {
518 struct nfs_fs_context *ctx = nfs_fc2context(fc);
519
520 ctx->flags &= ~NFS_MOUNT_VER3;
521 switch (lookup_constant(nfs_vers_tokens, string, -1)) {
522 case Opt_vers_2:
523 ctx->version = 2;
524 break;
525 case Opt_vers_3:
526 ctx->flags |= NFS_MOUNT_VER3;
527 ctx->version = 3;
528 break;
529 case Opt_vers_4:
530 /* Backward compatibility option. In future,
531 * the mount program should always supply
532 * a NFSv4 minor version number.
533 */
534 ctx->version = 4;
535 break;
536 case Opt_vers_4_0:
537 ctx->version = 4;
538 ctx->minorversion = 0;
539 break;
540 case Opt_vers_4_1:
541 ctx->version = 4;
542 ctx->minorversion = 1;
543 break;
544 case Opt_vers_4_2:
545 ctx->version = 4;
546 ctx->minorversion = 2;
547 break;
548 default:
549 return nfs_invalf(fc, "NFS: Unsupported NFS version");
550 }
551 return 0;
552 }
553
554 /*
555 * Parse a single mount parameter.
556 */
nfs_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)557 static int nfs_fs_context_parse_param(struct fs_context *fc,
558 struct fs_parameter *param)
559 {
560 struct fs_parse_result result;
561 struct nfs_fs_context *ctx = nfs_fc2context(fc);
562 unsigned short protofamily, mountfamily;
563 unsigned int len;
564 int ret, opt;
565
566 trace_nfs_mount_option(param);
567
568 opt = fs_parse(fc, nfs_fs_parameters, param, &result);
569 if (opt < 0)
570 return (opt == -ENOPARAM && ctx->sloppy) ? 1 : opt;
571
572 if (fc->security)
573 ctx->has_sec_mnt_opts = 1;
574
575 switch (opt) {
576 case Opt_source:
577 if (fc->source)
578 return nfs_invalf(fc, "NFS: Multiple sources not supported");
579 fc->source = param->string;
580 param->string = NULL;
581 break;
582
583 /*
584 * boolean options: foo/nofoo
585 */
586 case Opt_soft:
587 ctx->flags |= NFS_MOUNT_SOFT;
588 ctx->flags &= ~NFS_MOUNT_SOFTERR;
589 break;
590 case Opt_softerr:
591 ctx->flags |= NFS_MOUNT_SOFTERR | NFS_MOUNT_SOFTREVAL;
592 ctx->flags &= ~NFS_MOUNT_SOFT;
593 break;
594 case Opt_hard:
595 ctx->flags &= ~(NFS_MOUNT_SOFT |
596 NFS_MOUNT_SOFTERR |
597 NFS_MOUNT_SOFTREVAL);
598 break;
599 case Opt_softreval:
600 if (result.negated)
601 ctx->flags &= ~NFS_MOUNT_SOFTREVAL;
602 else
603 ctx->flags |= NFS_MOUNT_SOFTREVAL;
604 break;
605 case Opt_posix:
606 if (result.negated)
607 ctx->flags &= ~NFS_MOUNT_POSIX;
608 else
609 ctx->flags |= NFS_MOUNT_POSIX;
610 break;
611 case Opt_cto:
612 if (result.negated)
613 ctx->flags |= NFS_MOUNT_NOCTO;
614 else
615 ctx->flags &= ~NFS_MOUNT_NOCTO;
616 break;
617 case Opt_trunkdiscovery:
618 if (result.negated)
619 ctx->flags &= ~NFS_MOUNT_TRUNK_DISCOVERY;
620 else
621 ctx->flags |= NFS_MOUNT_TRUNK_DISCOVERY;
622 break;
623 case Opt_alignwrite:
624 if (result.negated)
625 ctx->flags |= NFS_MOUNT_NO_ALIGNWRITE;
626 else
627 ctx->flags &= ~NFS_MOUNT_NO_ALIGNWRITE;
628 break;
629 case Opt_ac:
630 if (result.negated)
631 ctx->flags |= NFS_MOUNT_NOAC;
632 else
633 ctx->flags &= ~NFS_MOUNT_NOAC;
634 break;
635 case Opt_lock:
636 if (result.negated) {
637 ctx->lock_status = NFS_LOCK_NOLOCK;
638 ctx->flags |= NFS_MOUNT_NONLM;
639 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL);
640 } else {
641 ctx->lock_status = NFS_LOCK_LOCK;
642 ctx->flags &= ~NFS_MOUNT_NONLM;
643 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL);
644 }
645 break;
646 case Opt_udp:
647 ctx->flags &= ~NFS_MOUNT_TCP;
648 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
649 break;
650 case Opt_tcp:
651 case Opt_rdma:
652 ctx->flags |= NFS_MOUNT_TCP; /* for side protocols */
653 ret = xprt_find_transport_ident(param->key);
654 if (ret < 0)
655 goto out_bad_transport;
656 ctx->nfs_server.protocol = ret;
657 break;
658 case Opt_acl:
659 if (result.negated)
660 ctx->flags |= NFS_MOUNT_NOACL;
661 else
662 ctx->flags &= ~NFS_MOUNT_NOACL;
663 break;
664 case Opt_rdirplus:
665 if (result.negated) {
666 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS;
667 ctx->flags |= NFS_MOUNT_NORDIRPLUS;
668 } else if (!param->string) {
669 ctx->flags &= ~(NFS_MOUNT_NORDIRPLUS | NFS_MOUNT_FORCE_RDIRPLUS);
670 } else {
671 switch (lookup_constant(nfs_rdirplus_tokens, param->string, -1)) {
672 case Opt_rdirplus_none:
673 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS;
674 ctx->flags |= NFS_MOUNT_NORDIRPLUS;
675 break;
676 case Opt_rdirplus_force:
677 ctx->flags &= ~NFS_MOUNT_NORDIRPLUS;
678 ctx->flags |= NFS_MOUNT_FORCE_RDIRPLUS;
679 break;
680 default:
681 goto out_invalid_value;
682 }
683 }
684 break;
685 case Opt_sharecache:
686 if (result.negated)
687 ctx->flags |= NFS_MOUNT_UNSHARED;
688 else
689 ctx->flags &= ~NFS_MOUNT_UNSHARED;
690 break;
691 case Opt_resvport:
692 if (result.negated)
693 ctx->flags |= NFS_MOUNT_NORESVPORT;
694 else
695 ctx->flags &= ~NFS_MOUNT_NORESVPORT;
696 break;
697 case Opt_fscache_flag:
698 if (result.negated)
699 ctx->options &= ~NFS_OPTION_FSCACHE;
700 else
701 ctx->options |= NFS_OPTION_FSCACHE;
702 kfree(ctx->fscache_uniq);
703 ctx->fscache_uniq = NULL;
704 break;
705 case Opt_fscache:
706 trace_nfs_mount_assign(param->key, param->string);
707 ctx->options |= NFS_OPTION_FSCACHE;
708 kfree(ctx->fscache_uniq);
709 ctx->fscache_uniq = param->string;
710 param->string = NULL;
711 break;
712 case Opt_migration:
713 if (result.negated)
714 ctx->options &= ~NFS_OPTION_MIGRATION;
715 else
716 ctx->options |= NFS_OPTION_MIGRATION;
717 break;
718
719 /*
720 * options that take numeric values
721 */
722 case Opt_port:
723 if (result.uint_32 > USHRT_MAX)
724 goto out_of_bounds;
725 ctx->nfs_server.port = result.uint_32;
726 break;
727 case Opt_rsize:
728 ctx->rsize = result.uint_32;
729 break;
730 case Opt_wsize:
731 ctx->wsize = result.uint_32;
732 break;
733 case Opt_bsize:
734 ctx->bsize = result.uint_32;
735 break;
736 case Opt_timeo:
737 if (result.uint_32 < 1 || result.uint_32 > INT_MAX)
738 goto out_of_bounds;
739 ctx->timeo = result.uint_32;
740 break;
741 case Opt_retrans:
742 if (result.uint_32 > INT_MAX)
743 goto out_of_bounds;
744 ctx->retrans = result.uint_32;
745 break;
746 case Opt_acregmin:
747 ctx->acregmin = result.uint_32;
748 break;
749 case Opt_acregmax:
750 ctx->acregmax = result.uint_32;
751 break;
752 case Opt_acdirmin:
753 ctx->acdirmin = result.uint_32;
754 break;
755 case Opt_acdirmax:
756 ctx->acdirmax = result.uint_32;
757 break;
758 case Opt_actimeo:
759 ctx->acregmin = result.uint_32;
760 ctx->acregmax = result.uint_32;
761 ctx->acdirmin = result.uint_32;
762 ctx->acdirmax = result.uint_32;
763 break;
764 case Opt_namelen:
765 ctx->namlen = result.uint_32;
766 break;
767 case Opt_mountport:
768 if (result.uint_32 > USHRT_MAX)
769 goto out_of_bounds;
770 ctx->mount_server.port = result.uint_32;
771 break;
772 case Opt_mountvers:
773 if (result.uint_32 < NFS_MNT_VERSION ||
774 result.uint_32 > NFS_MNT3_VERSION)
775 goto out_of_bounds;
776 ctx->mount_server.version = result.uint_32;
777 break;
778 case Opt_minorversion:
779 if (result.uint_32 > NFS4_MAX_MINOR_VERSION)
780 goto out_of_bounds;
781 ctx->minorversion = result.uint_32;
782 break;
783
784 /*
785 * options that take text values
786 */
787 case Opt_v:
788 ret = nfs_parse_version_string(fc, param->key + 1);
789 if (ret < 0)
790 return ret;
791 break;
792 case Opt_vers:
793 if (!param->string)
794 goto out_invalid_value;
795 trace_nfs_mount_assign(param->key, param->string);
796 ret = nfs_parse_version_string(fc, param->string);
797 if (ret < 0)
798 return ret;
799 break;
800 case Opt_sec:
801 ret = nfs_parse_security_flavors(fc, param);
802 if (ret < 0)
803 return ret;
804 break;
805 case Opt_xprtsec:
806 ret = nfs_parse_xprtsec_policy(fc, param);
807 if (ret < 0)
808 return ret;
809 break;
810
811 case Opt_proto:
812 if (!param->string)
813 goto out_invalid_value;
814 trace_nfs_mount_assign(param->key, param->string);
815 protofamily = AF_INET;
816 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) {
817 case Opt_xprt_udp6:
818 protofamily = AF_INET6;
819 fallthrough;
820 case Opt_xprt_udp:
821 ctx->flags &= ~NFS_MOUNT_TCP;
822 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
823 break;
824 case Opt_xprt_tcp6:
825 protofamily = AF_INET6;
826 fallthrough;
827 case Opt_xprt_tcp:
828 ctx->flags |= NFS_MOUNT_TCP;
829 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
830 break;
831 case Opt_xprt_rdma6:
832 protofamily = AF_INET6;
833 fallthrough;
834 case Opt_xprt_rdma:
835 /* vector side protocols to TCP */
836 ctx->flags |= NFS_MOUNT_TCP;
837 ret = xprt_find_transport_ident(param->string);
838 if (ret < 0)
839 goto out_bad_transport;
840 ctx->nfs_server.protocol = ret;
841 break;
842 default:
843 goto out_bad_transport;
844 }
845
846 ctx->protofamily = protofamily;
847 break;
848
849 case Opt_mountproto:
850 if (!param->string)
851 goto out_invalid_value;
852 trace_nfs_mount_assign(param->key, param->string);
853 mountfamily = AF_INET;
854 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) {
855 case Opt_xprt_udp6:
856 mountfamily = AF_INET6;
857 fallthrough;
858 case Opt_xprt_udp:
859 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP;
860 break;
861 case Opt_xprt_tcp6:
862 mountfamily = AF_INET6;
863 fallthrough;
864 case Opt_xprt_tcp:
865 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP;
866 break;
867 case Opt_xprt_rdma: /* not used for side protocols */
868 default:
869 goto out_bad_transport;
870 }
871 ctx->mountfamily = mountfamily;
872 break;
873
874 case Opt_addr:
875 trace_nfs_mount_assign(param->key, param->string);
876 len = rpc_pton(fc->net_ns, param->string, param->size,
877 &ctx->nfs_server.address,
878 sizeof(ctx->nfs_server._address));
879 if (len == 0)
880 goto out_invalid_address;
881 ctx->nfs_server.addrlen = len;
882 break;
883 case Opt_clientaddr:
884 trace_nfs_mount_assign(param->key, param->string);
885 kfree(ctx->client_address);
886 ctx->client_address = param->string;
887 param->string = NULL;
888 break;
889 case Opt_mounthost:
890 trace_nfs_mount_assign(param->key, param->string);
891 kfree(ctx->mount_server.hostname);
892 ctx->mount_server.hostname = param->string;
893 param->string = NULL;
894 break;
895 case Opt_mountaddr:
896 trace_nfs_mount_assign(param->key, param->string);
897 len = rpc_pton(fc->net_ns, param->string, param->size,
898 &ctx->mount_server.address,
899 sizeof(ctx->mount_server._address));
900 if (len == 0)
901 goto out_invalid_address;
902 ctx->mount_server.addrlen = len;
903 break;
904 case Opt_nconnect:
905 trace_nfs_mount_assign(param->key, param->string);
906 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_CONNECTIONS)
907 goto out_of_bounds;
908 ctx->nfs_server.nconnect = result.uint_32;
909 break;
910 case Opt_max_connect:
911 trace_nfs_mount_assign(param->key, param->string);
912 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_TRANSPORTS)
913 goto out_of_bounds;
914 ctx->nfs_server.max_connect = result.uint_32;
915 break;
916 case Opt_fatal_neterrors:
917 trace_nfs_mount_assign(param->key, param->string);
918 switch (result.uint_32) {
919 case Opt_fatal_neterrors_default:
920 if (fc->net_ns != &init_net)
921 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
922 else
923 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL;
924 break;
925 case Opt_fatal_neterrors_enetunreach:
926 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
927 break;
928 case Opt_fatal_neterrors_none:
929 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL;
930 break;
931 default:
932 goto out_invalid_value;
933 }
934 break;
935 case Opt_lookupcache:
936 trace_nfs_mount_assign(param->key, param->string);
937 switch (result.uint_32) {
938 case Opt_lookupcache_all:
939 ctx->flags &= ~(NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE);
940 break;
941 case Opt_lookupcache_positive:
942 ctx->flags &= ~NFS_MOUNT_LOOKUP_CACHE_NONE;
943 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG;
944 break;
945 case Opt_lookupcache_none:
946 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE;
947 break;
948 default:
949 goto out_invalid_value;
950 }
951 break;
952 case Opt_local_lock:
953 trace_nfs_mount_assign(param->key, param->string);
954 switch (result.uint_32) {
955 case Opt_local_lock_all:
956 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK |
957 NFS_MOUNT_LOCAL_FCNTL);
958 break;
959 case Opt_local_lock_flock:
960 ctx->flags |= NFS_MOUNT_LOCAL_FLOCK;
961 break;
962 case Opt_local_lock_posix:
963 ctx->flags |= NFS_MOUNT_LOCAL_FCNTL;
964 break;
965 case Opt_local_lock_none:
966 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK |
967 NFS_MOUNT_LOCAL_FCNTL);
968 break;
969 default:
970 goto out_invalid_value;
971 }
972 break;
973 case Opt_write:
974 trace_nfs_mount_assign(param->key, param->string);
975 switch (result.uint_32) {
976 case Opt_write_lazy:
977 ctx->flags &=
978 ~(NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT);
979 break;
980 case Opt_write_eager:
981 ctx->flags |= NFS_MOUNT_WRITE_EAGER;
982 ctx->flags &= ~NFS_MOUNT_WRITE_WAIT;
983 break;
984 case Opt_write_wait:
985 ctx->flags |=
986 NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT;
987 break;
988 default:
989 goto out_invalid_value;
990 }
991 break;
992
993 /*
994 * Special options
995 */
996 case Opt_sloppy:
997 ctx->sloppy = true;
998 break;
999 }
1000
1001 return 0;
1002
1003 out_invalid_value:
1004 return nfs_invalf(fc, "NFS: Bad mount option value specified");
1005 out_invalid_address:
1006 return nfs_invalf(fc, "NFS: Bad IP address specified");
1007 out_of_bounds:
1008 return nfs_invalf(fc, "NFS: Value for '%s' out of range", param->key);
1009 out_bad_transport:
1010 return nfs_invalf(fc, "NFS: Unrecognized transport protocol");
1011 }
1012
1013 /*
1014 * Split fc->source into "hostname:export_path".
1015 *
1016 * The leftmost colon demarks the split between the server's hostname
1017 * and the export path. If the hostname starts with a left square
1018 * bracket, then it may contain colons.
1019 *
1020 * Note: caller frees hostname and export path, even on error.
1021 */
nfs_parse_source(struct fs_context * fc,size_t maxnamlen,size_t maxpathlen)1022 static int nfs_parse_source(struct fs_context *fc,
1023 size_t maxnamlen, size_t maxpathlen)
1024 {
1025 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1026 const char *dev_name = fc->source;
1027 size_t len;
1028 const char *end;
1029
1030 if (unlikely(!dev_name || !*dev_name))
1031 return -EINVAL;
1032
1033 /* Is the host name protected with square brakcets? */
1034 if (*dev_name == '[') {
1035 end = strchr(++dev_name, ']');
1036 if (end == NULL || end[1] != ':')
1037 goto out_bad_devname;
1038
1039 len = end - dev_name;
1040 end++;
1041 } else {
1042 const char *comma;
1043
1044 end = strchr(dev_name, ':');
1045 if (end == NULL)
1046 goto out_bad_devname;
1047 len = end - dev_name;
1048
1049 /* kill possible hostname list: not supported */
1050 comma = memchr(dev_name, ',', len);
1051 if (comma)
1052 len = comma - dev_name;
1053 }
1054
1055 if (len > maxnamlen)
1056 goto out_hostname;
1057
1058 kfree(ctx->nfs_server.hostname);
1059
1060 /* N.B. caller will free nfs_server.hostname in all cases */
1061 ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL);
1062 if (!ctx->nfs_server.hostname)
1063 goto out_nomem;
1064 len = strlen(++end);
1065 if (len > maxpathlen)
1066 goto out_path;
1067 ctx->nfs_server.export_path = kmemdup_nul(end, len, GFP_KERNEL);
1068 if (!ctx->nfs_server.export_path)
1069 goto out_nomem;
1070
1071 trace_nfs_mount_path(ctx->nfs_server.export_path);
1072 return 0;
1073
1074 out_bad_devname:
1075 return nfs_invalf(fc, "NFS: device name not in host:path format");
1076 out_nomem:
1077 nfs_errorf(fc, "NFS: not enough memory to parse device name");
1078 return -ENOMEM;
1079 out_hostname:
1080 nfs_errorf(fc, "NFS: server hostname too long");
1081 return -ENAMETOOLONG;
1082 out_path:
1083 nfs_errorf(fc, "NFS: export pathname too long");
1084 return -ENAMETOOLONG;
1085 }
1086
is_remount_fc(struct fs_context * fc)1087 static inline bool is_remount_fc(struct fs_context *fc)
1088 {
1089 return fc->root != NULL;
1090 }
1091
1092 /*
1093 * Parse monolithic NFS2/NFS3 mount data
1094 * - fills in the mount root filehandle
1095 *
1096 * For option strings, user space handles the following behaviors:
1097 *
1098 * + DNS: mapping server host name to IP address ("addr=" option)
1099 *
1100 * + failure mode: how to behave if a mount request can't be handled
1101 * immediately ("fg/bg" option)
1102 *
1103 * + retry: how often to retry a mount request ("retry=" option)
1104 *
1105 * + breaking back: trying proto=udp after proto=tcp, v2 after v3,
1106 * mountproto=tcp after mountproto=udp, and so on
1107 */
nfs23_parse_monolithic(struct fs_context * fc,struct nfs_mount_data * data)1108 static int nfs23_parse_monolithic(struct fs_context *fc,
1109 struct nfs_mount_data *data)
1110 {
1111 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1112 struct nfs_fh *mntfh = ctx->mntfh;
1113 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1114 int extra_flags = NFS_MOUNT_LEGACY_INTERFACE;
1115 int ret;
1116
1117 if (data == NULL)
1118 goto out_no_data;
1119
1120 ctx->version = NFS_DEFAULT_VERSION;
1121 switch (data->version) {
1122 case 1:
1123 data->namlen = 0;
1124 fallthrough;
1125 case 2:
1126 data->bsize = 0;
1127 fallthrough;
1128 case 3:
1129 if (data->flags & NFS_MOUNT_VER3)
1130 goto out_no_v3;
1131 data->root.size = NFS2_FHSIZE;
1132 memcpy(data->root.data, data->old_root.data, NFS2_FHSIZE);
1133 /* Turn off security negotiation */
1134 extra_flags |= NFS_MOUNT_SECFLAVOUR;
1135 fallthrough;
1136 case 4:
1137 if (data->flags & NFS_MOUNT_SECFLAVOUR)
1138 goto out_no_sec;
1139 fallthrough;
1140 case 5:
1141 memset(data->context, 0, sizeof(data->context));
1142 fallthrough;
1143 case 6:
1144 if (data->flags & NFS_MOUNT_VER3) {
1145 if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
1146 goto out_invalid_fh;
1147 mntfh->size = data->root.size;
1148 ctx->version = 3;
1149 } else {
1150 mntfh->size = NFS2_FHSIZE;
1151 ctx->version = 2;
1152 }
1153
1154
1155 memcpy(mntfh->data, data->root.data, mntfh->size);
1156 if (mntfh->size < sizeof(mntfh->data))
1157 memset(mntfh->data + mntfh->size, 0,
1158 sizeof(mntfh->data) - mntfh->size);
1159
1160 /*
1161 * for proto == XPRT_TRANSPORT_UDP, which is what uses
1162 * to_exponential, implying shift: limit the shift value
1163 * to BITS_PER_LONG (majortimeo is unsigned long)
1164 */
1165 if (!(data->flags & NFS_MOUNT_TCP)) /* this will be UDP */
1166 if (data->retrans >= 64) /* shift value is too large */
1167 goto out_invalid_data;
1168
1169 /*
1170 * Translate to nfs_fs_context, which nfs_fill_super
1171 * can deal with.
1172 */
1173 ctx->flags = data->flags & NFS_MOUNT_FLAGMASK;
1174 ctx->flags |= extra_flags;
1175 ctx->rsize = data->rsize;
1176 ctx->wsize = data->wsize;
1177 ctx->timeo = data->timeo;
1178 ctx->retrans = data->retrans;
1179 ctx->acregmin = data->acregmin;
1180 ctx->acregmax = data->acregmax;
1181 ctx->acdirmin = data->acdirmin;
1182 ctx->acdirmax = data->acdirmax;
1183 ctx->need_mount = false;
1184
1185 if (!is_remount_fc(fc)) {
1186 memcpy(sap, &data->addr, sizeof(data->addr));
1187 ctx->nfs_server.addrlen = sizeof(data->addr);
1188 ctx->nfs_server.port = ntohs(data->addr.sin_port);
1189 }
1190
1191 if (sap->ss_family != AF_INET ||
1192 !nfs_verify_server_address(sap))
1193 goto out_no_address;
1194
1195 if (!(data->flags & NFS_MOUNT_TCP))
1196 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
1197 /* N.B. caller will free nfs_server.hostname in all cases */
1198 ctx->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL);
1199 if (!ctx->nfs_server.hostname)
1200 goto out_nomem;
1201
1202 ctx->namlen = data->namlen;
1203 ctx->bsize = data->bsize;
1204
1205 if (data->flags & NFS_MOUNT_SECFLAVOUR)
1206 ctx->selected_flavor = data->pseudoflavor;
1207 else
1208 ctx->selected_flavor = RPC_AUTH_UNIX;
1209
1210 if (!(data->flags & NFS_MOUNT_NONLM))
1211 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK|
1212 NFS_MOUNT_LOCAL_FCNTL);
1213 else
1214 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK|
1215 NFS_MOUNT_LOCAL_FCNTL);
1216
1217 /*
1218 * The legacy version 6 binary mount data from userspace has a
1219 * field used only to transport selinux information into the
1220 * kernel. To continue to support that functionality we
1221 * have a touch of selinux knowledge here in the NFS code. The
1222 * userspace code converted context=blah to just blah so we are
1223 * converting back to the full string selinux understands.
1224 */
1225 if (data->context[0]){
1226 #ifdef CONFIG_SECURITY_SELINUX
1227 int ret;
1228
1229 data->context[NFS_MAX_CONTEXT_LEN] = '\0';
1230 ret = vfs_parse_fs_string(fc, "context",
1231 data->context, strlen(data->context));
1232 if (ret < 0)
1233 return ret;
1234 #else
1235 return -EINVAL;
1236 #endif
1237 }
1238
1239 break;
1240 default:
1241 goto generic;
1242 }
1243
1244 ret = nfs_validate_transport_protocol(fc, ctx);
1245 if (ret)
1246 return ret;
1247
1248 ctx->skip_reconfig_option_check = true;
1249 return 0;
1250
1251 generic:
1252 return generic_parse_monolithic(fc, data);
1253
1254 out_no_data:
1255 if (is_remount_fc(fc)) {
1256 ctx->skip_reconfig_option_check = true;
1257 return 0;
1258 }
1259 return nfs_invalf(fc, "NFS: mount program didn't pass any mount data");
1260
1261 out_no_v3:
1262 return nfs_invalf(fc, "NFS: nfs_mount_data version does not support v3");
1263
1264 out_no_sec:
1265 return nfs_invalf(fc, "NFS: nfs_mount_data version supports only AUTH_SYS");
1266
1267 out_nomem:
1268 return -ENOMEM;
1269
1270 out_no_address:
1271 return nfs_invalf(fc, "NFS: mount program didn't pass remote address");
1272
1273 out_invalid_fh:
1274 return nfs_invalf(fc, "NFS: invalid root filehandle");
1275
1276 out_invalid_data:
1277 return nfs_invalf(fc, "NFS: invalid binary mount data");
1278 }
1279
1280 #if IS_ENABLED(CONFIG_NFS_V4)
1281 struct compat_nfs_string {
1282 compat_uint_t len;
1283 compat_uptr_t data;
1284 };
1285
compat_nfs_string(struct nfs_string * dst,struct compat_nfs_string * src)1286 static inline void compat_nfs_string(struct nfs_string *dst,
1287 struct compat_nfs_string *src)
1288 {
1289 dst->data = compat_ptr(src->data);
1290 dst->len = src->len;
1291 }
1292
1293 struct compat_nfs4_mount_data_v1 {
1294 compat_int_t version;
1295 compat_int_t flags;
1296 compat_int_t rsize;
1297 compat_int_t wsize;
1298 compat_int_t timeo;
1299 compat_int_t retrans;
1300 compat_int_t acregmin;
1301 compat_int_t acregmax;
1302 compat_int_t acdirmin;
1303 compat_int_t acdirmax;
1304 struct compat_nfs_string client_addr;
1305 struct compat_nfs_string mnt_path;
1306 struct compat_nfs_string hostname;
1307 compat_uint_t host_addrlen;
1308 compat_uptr_t host_addr;
1309 compat_int_t proto;
1310 compat_int_t auth_flavourlen;
1311 compat_uptr_t auth_flavours;
1312 };
1313
nfs4_compat_mount_data_conv(struct nfs4_mount_data * data)1314 static void nfs4_compat_mount_data_conv(struct nfs4_mount_data *data)
1315 {
1316 struct compat_nfs4_mount_data_v1 *compat =
1317 (struct compat_nfs4_mount_data_v1 *)data;
1318
1319 /* copy the fields backwards */
1320 data->auth_flavours = compat_ptr(compat->auth_flavours);
1321 data->auth_flavourlen = compat->auth_flavourlen;
1322 data->proto = compat->proto;
1323 data->host_addr = compat_ptr(compat->host_addr);
1324 data->host_addrlen = compat->host_addrlen;
1325 compat_nfs_string(&data->hostname, &compat->hostname);
1326 compat_nfs_string(&data->mnt_path, &compat->mnt_path);
1327 compat_nfs_string(&data->client_addr, &compat->client_addr);
1328 data->acdirmax = compat->acdirmax;
1329 data->acdirmin = compat->acdirmin;
1330 data->acregmax = compat->acregmax;
1331 data->acregmin = compat->acregmin;
1332 data->retrans = compat->retrans;
1333 data->timeo = compat->timeo;
1334 data->wsize = compat->wsize;
1335 data->rsize = compat->rsize;
1336 data->flags = compat->flags;
1337 data->version = compat->version;
1338 }
1339
1340 /*
1341 * Validate NFSv4 mount options
1342 */
nfs4_parse_monolithic(struct fs_context * fc,struct nfs4_mount_data * data)1343 static int nfs4_parse_monolithic(struct fs_context *fc,
1344 struct nfs4_mount_data *data)
1345 {
1346 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1347 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1348 int ret;
1349 char *c;
1350
1351 if (!data) {
1352 if (is_remount_fc(fc))
1353 goto done;
1354 return nfs_invalf(fc,
1355 "NFS4: mount program didn't pass any mount data");
1356 }
1357
1358 ctx->version = 4;
1359
1360 if (data->version != 1)
1361 return generic_parse_monolithic(fc, data);
1362
1363 if (in_compat_syscall())
1364 nfs4_compat_mount_data_conv(data);
1365
1366 if (data->host_addrlen > sizeof(ctx->nfs_server.address))
1367 goto out_no_address;
1368 if (data->host_addrlen == 0)
1369 goto out_no_address;
1370 ctx->nfs_server.addrlen = data->host_addrlen;
1371 if (copy_from_user(sap, data->host_addr, data->host_addrlen))
1372 return -EFAULT;
1373 if (!nfs_verify_server_address(sap))
1374 goto out_no_address;
1375 ctx->nfs_server.port = ntohs(((struct sockaddr_in *)sap)->sin_port);
1376
1377 if (data->auth_flavourlen) {
1378 rpc_authflavor_t pseudoflavor;
1379
1380 if (data->auth_flavourlen > 1)
1381 goto out_inval_auth;
1382 if (copy_from_user(&pseudoflavor, data->auth_flavours,
1383 sizeof(pseudoflavor)))
1384 return -EFAULT;
1385 ctx->selected_flavor = pseudoflavor;
1386 } else {
1387 ctx->selected_flavor = RPC_AUTH_UNIX;
1388 }
1389
1390 c = strndup_user(data->hostname.data, NFS4_MAXNAMLEN);
1391 if (IS_ERR(c))
1392 return PTR_ERR(c);
1393 ctx->nfs_server.hostname = c;
1394
1395 c = strndup_user(data->mnt_path.data, NFS4_MAXPATHLEN);
1396 if (IS_ERR(c))
1397 return PTR_ERR(c);
1398 ctx->nfs_server.export_path = c;
1399 trace_nfs_mount_path(c);
1400
1401 c = strndup_user(data->client_addr.data, 16);
1402 if (IS_ERR(c))
1403 return PTR_ERR(c);
1404 ctx->client_address = c;
1405
1406 /*
1407 * Translate to nfs_fs_context, which nfs_fill_super
1408 * can deal with.
1409 */
1410
1411 ctx->flags = data->flags & NFS4_MOUNT_FLAGMASK;
1412 ctx->rsize = data->rsize;
1413 ctx->wsize = data->wsize;
1414 ctx->timeo = data->timeo;
1415 ctx->retrans = data->retrans;
1416 ctx->acregmin = data->acregmin;
1417 ctx->acregmax = data->acregmax;
1418 ctx->acdirmin = data->acdirmin;
1419 ctx->acdirmax = data->acdirmax;
1420 ctx->nfs_server.protocol = data->proto;
1421 ret = nfs_validate_transport_protocol(fc, ctx);
1422 if (ret)
1423 return ret;
1424 done:
1425 ctx->skip_reconfig_option_check = true;
1426 return 0;
1427
1428 out_inval_auth:
1429 return nfs_invalf(fc, "NFS4: Invalid number of RPC auth flavours %d",
1430 data->auth_flavourlen);
1431
1432 out_no_address:
1433 return nfs_invalf(fc, "NFS4: mount program didn't pass remote address");
1434 }
1435 #endif
1436
1437 /*
1438 * Parse a monolithic block of data from sys_mount().
1439 */
nfs_fs_context_parse_monolithic(struct fs_context * fc,void * data)1440 static int nfs_fs_context_parse_monolithic(struct fs_context *fc,
1441 void *data)
1442 {
1443 if (fc->fs_type == &nfs_fs_type)
1444 return nfs23_parse_monolithic(fc, data);
1445
1446 #if IS_ENABLED(CONFIG_NFS_V4)
1447 if (fc->fs_type == &nfs4_fs_type)
1448 return nfs4_parse_monolithic(fc, data);
1449 #endif
1450
1451 return nfs_invalf(fc, "NFS: Unsupported monolithic data version");
1452 }
1453
1454 /*
1455 * Validate the preparsed information in the config.
1456 */
nfs_fs_context_validate(struct fs_context * fc)1457 static int nfs_fs_context_validate(struct fs_context *fc)
1458 {
1459 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1460 struct nfs_subversion *nfs_mod;
1461 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1462 int max_namelen = PAGE_SIZE;
1463 int max_pathlen = NFS_MAXPATHLEN;
1464 int port = 0;
1465 int ret;
1466
1467 if (!fc->source)
1468 goto out_no_device_name;
1469
1470 /* Check for sanity first. */
1471 if (ctx->minorversion && ctx->version != 4)
1472 goto out_minorversion_mismatch;
1473
1474 if (ctx->options & NFS_OPTION_MIGRATION &&
1475 (ctx->version != 4 || ctx->minorversion != 0))
1476 goto out_migration_misuse;
1477
1478 /* Verify that any proto=/mountproto= options match the address
1479 * families in the addr=/mountaddr= options.
1480 */
1481 if (ctx->protofamily != AF_UNSPEC &&
1482 ctx->protofamily != ctx->nfs_server.address.sa_family)
1483 goto out_proto_mismatch;
1484
1485 if (ctx->mountfamily != AF_UNSPEC) {
1486 if (ctx->mount_server.addrlen) {
1487 if (ctx->mountfamily != ctx->mount_server.address.sa_family)
1488 goto out_mountproto_mismatch;
1489 } else {
1490 if (ctx->mountfamily != ctx->nfs_server.address.sa_family)
1491 goto out_mountproto_mismatch;
1492 }
1493 }
1494
1495 if (!nfs_verify_server_address(sap))
1496 goto out_no_address;
1497
1498 ret = nfs_validate_transport_protocol(fc, ctx);
1499 if (ret)
1500 return ret;
1501
1502 if (ctx->version == 4) {
1503 if (IS_ENABLED(CONFIG_NFS_V4)) {
1504 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
1505 port = NFS_RDMA_PORT;
1506 else
1507 port = NFS_PORT;
1508 max_namelen = NFS4_MAXNAMLEN;
1509 max_pathlen = NFS4_MAXPATHLEN;
1510 ctx->flags &= ~(NFS_MOUNT_NONLM | NFS_MOUNT_NOACL |
1511 NFS_MOUNT_VER3 | NFS_MOUNT_LOCAL_FLOCK |
1512 NFS_MOUNT_LOCAL_FCNTL);
1513 } else {
1514 goto out_v4_not_compiled;
1515 }
1516 } else {
1517 nfs_set_mount_transport_protocol(ctx);
1518 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
1519 port = NFS_RDMA_PORT;
1520 }
1521
1522 nfs_set_port(sap, &ctx->nfs_server.port, port);
1523
1524 ret = nfs_parse_source(fc, max_namelen, max_pathlen);
1525 if (ret < 0)
1526 return ret;
1527
1528 /* Load the NFS protocol module if we haven't done so yet */
1529 if (!ctx->nfs_mod) {
1530 nfs_mod = find_nfs_version(ctx->version);
1531 if (IS_ERR(nfs_mod)) {
1532 ret = PTR_ERR(nfs_mod);
1533 goto out_version_unavailable;
1534 }
1535 ctx->nfs_mod = nfs_mod;
1536 }
1537
1538 /* Ensure the filesystem context has the correct fs_type */
1539 if (fc->fs_type != ctx->nfs_mod->nfs_fs) {
1540 module_put(fc->fs_type->owner);
1541 __module_get(ctx->nfs_mod->nfs_fs->owner);
1542 fc->fs_type = ctx->nfs_mod->nfs_fs;
1543 }
1544 return 0;
1545
1546 out_no_device_name:
1547 return nfs_invalf(fc, "NFS: Device name not specified");
1548 out_v4_not_compiled:
1549 nfs_errorf(fc, "NFS: NFSv4 is not compiled into kernel");
1550 return -EPROTONOSUPPORT;
1551 out_no_address:
1552 return nfs_invalf(fc, "NFS: mount program didn't pass remote address");
1553 out_mountproto_mismatch:
1554 return nfs_invalf(fc, "NFS: Mount server address does not match mountproto= option");
1555 out_proto_mismatch:
1556 return nfs_invalf(fc, "NFS: Server address does not match proto= option");
1557 out_minorversion_mismatch:
1558 return nfs_invalf(fc, "NFS: Mount option vers=%u does not support minorversion=%u",
1559 ctx->version, ctx->minorversion);
1560 out_migration_misuse:
1561 return nfs_invalf(fc, "NFS: 'Migration' not supported for this NFS version");
1562 out_version_unavailable:
1563 nfs_errorf(fc, "NFS: Version unavailable");
1564 return ret;
1565 }
1566
1567 /*
1568 * Create an NFS superblock by the appropriate method.
1569 */
nfs_get_tree(struct fs_context * fc)1570 static int nfs_get_tree(struct fs_context *fc)
1571 {
1572 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1573 int err = nfs_fs_context_validate(fc);
1574
1575 if (err)
1576 return err;
1577 if (!ctx->internal)
1578 return ctx->nfs_mod->rpc_ops->try_get_tree(fc);
1579 else
1580 return nfs_get_tree_common(fc);
1581 }
1582
1583 /*
1584 * Handle duplication of a configuration. The caller copied *src into *sc, but
1585 * it can't deal with resource pointers in the filesystem context, so we have
1586 * to do that. We need to clear pointers, copy data or get extra refs as
1587 * appropriate.
1588 */
nfs_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)1589 static int nfs_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
1590 {
1591 struct nfs_fs_context *src = nfs_fc2context(src_fc), *ctx;
1592
1593 ctx = kmemdup(src, sizeof(struct nfs_fs_context), GFP_KERNEL);
1594 if (!ctx)
1595 return -ENOMEM;
1596
1597 ctx->mntfh = nfs_alloc_fhandle();
1598 if (!ctx->mntfh) {
1599 kfree(ctx);
1600 return -ENOMEM;
1601 }
1602 nfs_copy_fh(ctx->mntfh, src->mntfh);
1603
1604 get_nfs_version(ctx->nfs_mod);
1605 ctx->client_address = NULL;
1606 ctx->mount_server.hostname = NULL;
1607 ctx->nfs_server.export_path = NULL;
1608 ctx->nfs_server.hostname = NULL;
1609 ctx->fscache_uniq = NULL;
1610 ctx->clone_data.fattr = NULL;
1611 fc->fs_private = ctx;
1612 return 0;
1613 }
1614
nfs_fs_context_free(struct fs_context * fc)1615 static void nfs_fs_context_free(struct fs_context *fc)
1616 {
1617 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1618
1619 if (ctx) {
1620 if (ctx->server)
1621 nfs_free_server(ctx->server);
1622 if (ctx->nfs_mod)
1623 put_nfs_version(ctx->nfs_mod);
1624 kfree(ctx->client_address);
1625 kfree(ctx->mount_server.hostname);
1626 kfree(ctx->nfs_server.export_path);
1627 kfree(ctx->nfs_server.hostname);
1628 kfree(ctx->fscache_uniq);
1629 nfs_free_fhandle(ctx->mntfh);
1630 nfs_free_fattr(ctx->clone_data.fattr);
1631 kfree(ctx);
1632 }
1633 }
1634
1635 static const struct fs_context_operations nfs_fs_context_ops = {
1636 .free = nfs_fs_context_free,
1637 .dup = nfs_fs_context_dup,
1638 .parse_param = nfs_fs_context_parse_param,
1639 .parse_monolithic = nfs_fs_context_parse_monolithic,
1640 .get_tree = nfs_get_tree,
1641 .reconfigure = nfs_reconfigure,
1642 };
1643
1644 /*
1645 * Prepare superblock configuration. We use the namespaces attached to the
1646 * context. This may be the current process's namespaces, or it may be a
1647 * container's namespaces.
1648 */
nfs_init_fs_context(struct fs_context * fc)1649 static int nfs_init_fs_context(struct fs_context *fc)
1650 {
1651 struct nfs_fs_context *ctx;
1652
1653 ctx = kzalloc(sizeof(struct nfs_fs_context), GFP_KERNEL);
1654 if (unlikely(!ctx))
1655 return -ENOMEM;
1656
1657 ctx->mntfh = nfs_alloc_fhandle();
1658 if (unlikely(!ctx->mntfh)) {
1659 kfree(ctx);
1660 return -ENOMEM;
1661 }
1662
1663 ctx->protofamily = AF_UNSPEC;
1664 ctx->mountfamily = AF_UNSPEC;
1665 ctx->mount_server.port = NFS_UNSPEC_PORT;
1666
1667 if (fc->root) {
1668 /* reconfigure, start with the current config */
1669 struct nfs_server *nfss = fc->root->d_sb->s_fs_info;
1670 struct net *net = nfss->nfs_client->cl_net;
1671
1672 ctx->flags = nfss->flags;
1673 ctx->rsize = nfss->rsize;
1674 ctx->wsize = nfss->wsize;
1675 ctx->retrans = nfss->client->cl_timeout->to_retries;
1676 ctx->selected_flavor = nfss->client->cl_auth->au_flavor;
1677 ctx->acregmin = nfss->acregmin / HZ;
1678 ctx->acregmax = nfss->acregmax / HZ;
1679 ctx->acdirmin = nfss->acdirmin / HZ;
1680 ctx->acdirmax = nfss->acdirmax / HZ;
1681 ctx->timeo = 10U * nfss->client->cl_timeout->to_initval / HZ;
1682 ctx->nfs_server.port = nfss->port;
1683 ctx->nfs_server.addrlen = nfss->nfs_client->cl_addrlen;
1684 ctx->version = nfss->nfs_client->rpc_ops->version;
1685 ctx->minorversion = nfss->nfs_client->cl_minorversion;
1686
1687 memcpy(&ctx->nfs_server._address, &nfss->nfs_client->cl_addr,
1688 ctx->nfs_server.addrlen);
1689
1690 if (fc->net_ns != net) {
1691 put_net(fc->net_ns);
1692 fc->net_ns = get_net(net);
1693 }
1694
1695 ctx->nfs_mod = nfss->nfs_client->cl_nfs_mod;
1696 get_nfs_version(ctx->nfs_mod);
1697 } else {
1698 /* defaults */
1699 ctx->timeo = NFS_UNSPEC_TIMEO;
1700 ctx->retrans = NFS_UNSPEC_RETRANS;
1701 ctx->acregmin = NFS_DEF_ACREGMIN;
1702 ctx->acregmax = NFS_DEF_ACREGMAX;
1703 ctx->acdirmin = NFS_DEF_ACDIRMIN;
1704 ctx->acdirmax = NFS_DEF_ACDIRMAX;
1705 ctx->nfs_server.port = NFS_UNSPEC_PORT;
1706 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
1707 ctx->selected_flavor = RPC_AUTH_MAXFLAVOR;
1708 ctx->minorversion = 0;
1709 ctx->need_mount = true;
1710 ctx->xprtsec.policy = RPC_XPRTSEC_NONE;
1711 ctx->xprtsec.cert_serial = TLS_NO_CERT;
1712 ctx->xprtsec.privkey_serial = TLS_NO_PRIVKEY;
1713
1714 if (fc->net_ns != &init_net)
1715 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
1716
1717 fc->s_iflags |= SB_I_STABLE_WRITES;
1718 }
1719 fc->fs_private = ctx;
1720 fc->ops = &nfs_fs_context_ops;
1721 return 0;
1722 }
1723
1724 struct file_system_type nfs_fs_type = {
1725 .owner = THIS_MODULE,
1726 .name = "nfs",
1727 .init_fs_context = nfs_init_fs_context,
1728 .parameters = nfs_fs_parameters,
1729 .kill_sb = nfs_kill_super,
1730 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
1731 };
1732 MODULE_ALIAS_FS("nfs");
1733 EXPORT_SYMBOL_GPL(nfs_fs_type);
1734
1735 #if IS_ENABLED(CONFIG_NFS_V4)
1736 struct file_system_type nfs4_fs_type = {
1737 .owner = THIS_MODULE,
1738 .name = "nfs4",
1739 .init_fs_context = nfs_init_fs_context,
1740 .parameters = nfs_fs_parameters,
1741 .kill_sb = nfs_kill_super,
1742 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
1743 };
1744 MODULE_ALIAS_FS("nfs4");
1745 MODULE_ALIAS("nfs4");
1746 EXPORT_SYMBOL_GPL(nfs4_fs_type);
1747 #endif /* CONFIG_NFS_V4 */
1748