1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * linux/fs/nfs/callback_xdr.c |
4 | * |
5 | * Copyright (C) 2004 Trond Myklebust |
6 | * |
7 | * NFSv4 callback encode/decode procedures |
8 | */ |
9 | #include <linux/kernel.h> |
10 | #include <linux/sunrpc/svc.h> |
11 | #include <linux/nfs4.h> |
12 | #include <linux/nfs_fs.h> |
13 | #include <linux/ratelimit.h> |
14 | #include <linux/printk.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/sunrpc/bc_xprt.h> |
17 | #include "nfs4_fs.h" |
18 | #include "callback.h" |
19 | #include "internal.h" |
20 | #include "nfs4session.h" |
21 | #include "nfs4trace.h" |
22 | |
23 | #define CB_OP_TAGLEN_MAXSZ (512) |
24 | #define CB_OP_HDR_RES_MAXSZ (2 * 4) // opcode, status |
25 | #define CB_OP_GETATTR_BITMAP_MAXSZ (4 * 4) // bitmap length, 3 bitmaps |
26 | #define CB_OP_GETATTR_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \ |
27 | CB_OP_GETATTR_BITMAP_MAXSZ + \ |
28 | /* change, size, ctime, mtime */\ |
29 | (2 + 2 + 3 + 3) * 4) |
30 | #define CB_OP_RECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
31 | |
32 | #if defined(CONFIG_NFS_V4_1) |
33 | #define CB_OP_LAYOUTRECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
34 | #define CB_OP_DEVICENOTIFY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
35 | #define CB_OP_SEQUENCE_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \ |
36 | NFS4_MAX_SESSIONID_LEN + \ |
37 | (1 + 3) * 4) // seqid, 3 slotids |
38 | #define CB_OP_RECALLANY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
39 | #define CB_OP_RECALLSLOT_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
40 | #define CB_OP_NOTIFY_LOCK_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
41 | #endif /* CONFIG_NFS_V4_1 */ |
42 | #ifdef CONFIG_NFS_V4_2 |
43 | #define CB_OP_OFFLOAD_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) |
44 | #endif /* CONFIG_NFS_V4_2 */ |
45 | |
46 | #define NFSDBG_FACILITY NFSDBG_CALLBACK |
47 | |
48 | /* Internal error code */ |
49 | #define NFS4ERR_RESOURCE_HDR 11050 |
50 | |
51 | struct callback_op { |
52 | __be32 (*process_op)(void *, void *, struct cb_process_state *); |
53 | __be32 (*decode_args)(struct svc_rqst *, struct xdr_stream *, void *); |
54 | __be32 (*encode_res)(struct svc_rqst *, struct xdr_stream *, |
55 | const void *); |
56 | long res_maxsize; |
57 | }; |
58 | |
59 | static struct callback_op callback_ops[]; |
60 | |
61 | static __be32 nfs4_callback_null(struct svc_rqst *rqstp) |
62 | { |
63 | return htonl(NFS4_OK); |
64 | } |
65 | |
66 | /* |
67 | * svc_process_common() looks for an XDR encoder to know when |
68 | * not to drop a Reply. |
69 | */ |
70 | static bool nfs4_encode_void(struct svc_rqst *rqstp, struct xdr_stream *xdr) |
71 | { |
72 | return true; |
73 | } |
74 | |
75 | static __be32 decode_string(struct xdr_stream *xdr, unsigned int *len, |
76 | const char **str, size_t maxlen) |
77 | { |
78 | ssize_t err; |
79 | |
80 | err = xdr_stream_decode_opaque_inline(xdr, ptr: (void **)str, maxlen); |
81 | if (err < 0) |
82 | return cpu_to_be32(NFS4ERR_RESOURCE); |
83 | *len = err; |
84 | return 0; |
85 | } |
86 | |
87 | static __be32 decode_fh(struct xdr_stream *xdr, struct nfs_fh *fh) |
88 | { |
89 | __be32 *p; |
90 | |
91 | p = xdr_inline_decode(xdr, nbytes: 4); |
92 | if (unlikely(p == NULL)) |
93 | return htonl(NFS4ERR_RESOURCE); |
94 | fh->size = ntohl(*p); |
95 | if (fh->size > NFS4_FHSIZE) |
96 | return htonl(NFS4ERR_BADHANDLE); |
97 | p = xdr_inline_decode(xdr, nbytes: fh->size); |
98 | if (unlikely(p == NULL)) |
99 | return htonl(NFS4ERR_RESOURCE); |
100 | memcpy(&fh->data[0], p, fh->size); |
101 | memset(&fh->data[fh->size], 0, sizeof(fh->data) - fh->size); |
102 | return 0; |
103 | } |
104 | |
105 | static __be32 decode_bitmap(struct xdr_stream *xdr, uint32_t *bitmap) |
106 | { |
107 | __be32 *p; |
108 | unsigned int attrlen; |
109 | |
110 | p = xdr_inline_decode(xdr, nbytes: 4); |
111 | if (unlikely(p == NULL)) |
112 | return htonl(NFS4ERR_RESOURCE); |
113 | attrlen = ntohl(*p); |
114 | p = xdr_inline_decode(xdr, nbytes: attrlen << 2); |
115 | if (unlikely(p == NULL)) |
116 | return htonl(NFS4ERR_RESOURCE); |
117 | if (likely(attrlen > 0)) |
118 | bitmap[0] = ntohl(*p++); |
119 | if (attrlen > 1) |
120 | bitmap[1] = ntohl(*p); |
121 | return 0; |
122 | } |
123 | |
124 | static __be32 decode_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) |
125 | { |
126 | __be32 *p; |
127 | |
128 | p = xdr_inline_decode(xdr, NFS4_STATEID_SIZE); |
129 | if (unlikely(p == NULL)) |
130 | return htonl(NFS4ERR_RESOURCE); |
131 | memcpy(stateid->data, p, NFS4_STATEID_SIZE); |
132 | return 0; |
133 | } |
134 | |
135 | static __be32 decode_delegation_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) |
136 | { |
137 | stateid->type = NFS4_DELEGATION_STATEID_TYPE; |
138 | return decode_stateid(xdr, stateid); |
139 | } |
140 | |
141 | static __be32 decode_compound_hdr_arg(struct xdr_stream *xdr, struct cb_compound_hdr_arg *hdr) |
142 | { |
143 | __be32 *p; |
144 | __be32 status; |
145 | |
146 | status = decode_string(xdr, len: &hdr->taglen, str: &hdr->tag, CB_OP_TAGLEN_MAXSZ); |
147 | if (unlikely(status != 0)) |
148 | return status; |
149 | p = xdr_inline_decode(xdr, nbytes: 12); |
150 | if (unlikely(p == NULL)) |
151 | return htonl(NFS4ERR_RESOURCE); |
152 | hdr->minorversion = ntohl(*p++); |
153 | /* Check for minor version support */ |
154 | if (hdr->minorversion <= NFS4_MAX_MINOR_VERSION) { |
155 | hdr->cb_ident = ntohl(*p++); /* ignored by v4.1 and v4.2 */ |
156 | } else { |
157 | pr_warn_ratelimited("NFS: %s: NFSv4 server callback with " |
158 | "illegal minor version %u!\n" , |
159 | __func__, hdr->minorversion); |
160 | return htonl(NFS4ERR_MINOR_VERS_MISMATCH); |
161 | } |
162 | hdr->nops = ntohl(*p); |
163 | return 0; |
164 | } |
165 | |
166 | static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op) |
167 | { |
168 | __be32 *p; |
169 | p = xdr_inline_decode(xdr, nbytes: 4); |
170 | if (unlikely(p == NULL)) |
171 | return htonl(NFS4ERR_RESOURCE_HDR); |
172 | *op = ntohl(*p); |
173 | return 0; |
174 | } |
175 | |
176 | static __be32 decode_getattr_args(struct svc_rqst *rqstp, |
177 | struct xdr_stream *xdr, void *argp) |
178 | { |
179 | struct cb_getattrargs *args = argp; |
180 | __be32 status; |
181 | |
182 | status = decode_fh(xdr, fh: &args->fh); |
183 | if (unlikely(status != 0)) |
184 | return status; |
185 | return decode_bitmap(xdr, bitmap: args->bitmap); |
186 | } |
187 | |
188 | static __be32 decode_recall_args(struct svc_rqst *rqstp, |
189 | struct xdr_stream *xdr, void *argp) |
190 | { |
191 | struct cb_recallargs *args = argp; |
192 | __be32 *p; |
193 | __be32 status; |
194 | |
195 | status = decode_delegation_stateid(xdr, stateid: &args->stateid); |
196 | if (unlikely(status != 0)) |
197 | return status; |
198 | p = xdr_inline_decode(xdr, nbytes: 4); |
199 | if (unlikely(p == NULL)) |
200 | return htonl(NFS4ERR_RESOURCE); |
201 | args->truncate = ntohl(*p); |
202 | return decode_fh(xdr, fh: &args->fh); |
203 | } |
204 | |
205 | #if defined(CONFIG_NFS_V4_1) |
206 | static __be32 decode_layout_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) |
207 | { |
208 | stateid->type = NFS4_LAYOUT_STATEID_TYPE; |
209 | return decode_stateid(xdr, stateid); |
210 | } |
211 | |
212 | static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp, |
213 | struct xdr_stream *xdr, void *argp) |
214 | { |
215 | struct cb_layoutrecallargs *args = argp; |
216 | __be32 *p; |
217 | __be32 status = 0; |
218 | uint32_t iomode; |
219 | |
220 | p = xdr_inline_decode(xdr, nbytes: 4 * sizeof(uint32_t)); |
221 | if (unlikely(p == NULL)) |
222 | return htonl(NFS4ERR_BADXDR); |
223 | |
224 | args->cbl_layout_type = ntohl(*p++); |
225 | /* Depite the spec's xdr, iomode really belongs in the FILE switch, |
226 | * as it is unusable and ignored with the other types. |
227 | */ |
228 | iomode = ntohl(*p++); |
229 | args->cbl_layoutchanged = ntohl(*p++); |
230 | args->cbl_recall_type = ntohl(*p++); |
231 | |
232 | if (args->cbl_recall_type == RETURN_FILE) { |
233 | args->cbl_range.iomode = iomode; |
234 | status = decode_fh(xdr, fh: &args->cbl_fh); |
235 | if (unlikely(status != 0)) |
236 | return status; |
237 | |
238 | p = xdr_inline_decode(xdr, nbytes: 2 * sizeof(uint64_t)); |
239 | if (unlikely(p == NULL)) |
240 | return htonl(NFS4ERR_BADXDR); |
241 | p = xdr_decode_hyper(p, valp: &args->cbl_range.offset); |
242 | p = xdr_decode_hyper(p, valp: &args->cbl_range.length); |
243 | return decode_layout_stateid(xdr, stateid: &args->cbl_stateid); |
244 | } else if (args->cbl_recall_type == RETURN_FSID) { |
245 | p = xdr_inline_decode(xdr, nbytes: 2 * sizeof(uint64_t)); |
246 | if (unlikely(p == NULL)) |
247 | return htonl(NFS4ERR_BADXDR); |
248 | p = xdr_decode_hyper(p, valp: &args->cbl_fsid.major); |
249 | p = xdr_decode_hyper(p, valp: &args->cbl_fsid.minor); |
250 | } else if (args->cbl_recall_type != RETURN_ALL) |
251 | return htonl(NFS4ERR_BADXDR); |
252 | return 0; |
253 | } |
254 | |
255 | static |
256 | __be32 decode_devicenotify_args(struct svc_rqst *rqstp, |
257 | struct xdr_stream *xdr, |
258 | void *argp) |
259 | { |
260 | struct cb_devicenotifyargs *args = argp; |
261 | uint32_t tmp, n, i; |
262 | __be32 *p; |
263 | __be32 status = 0; |
264 | |
265 | /* Num of device notifications */ |
266 | p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t)); |
267 | if (unlikely(p == NULL)) { |
268 | status = htonl(NFS4ERR_BADXDR); |
269 | goto out; |
270 | } |
271 | n = ntohl(*p++); |
272 | if (n == 0) |
273 | goto out; |
274 | |
275 | args->devs = kmalloc_array(n, size: sizeof(*args->devs), GFP_KERNEL); |
276 | if (!args->devs) { |
277 | status = htonl(NFS4ERR_DELAY); |
278 | goto out; |
279 | } |
280 | |
281 | /* Decode each dev notification */ |
282 | for (i = 0; i < n; i++) { |
283 | struct cb_devicenotifyitem *dev = &args->devs[i]; |
284 | |
285 | p = xdr_inline_decode(xdr, nbytes: (4 * sizeof(uint32_t)) + |
286 | NFS4_DEVICEID4_SIZE); |
287 | if (unlikely(p == NULL)) { |
288 | status = htonl(NFS4ERR_BADXDR); |
289 | goto err; |
290 | } |
291 | |
292 | tmp = ntohl(*p++); /* bitmap size */ |
293 | if (tmp != 1) { |
294 | status = htonl(NFS4ERR_INVAL); |
295 | goto err; |
296 | } |
297 | dev->cbd_notify_type = ntohl(*p++); |
298 | if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE && |
299 | dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) { |
300 | status = htonl(NFS4ERR_INVAL); |
301 | goto err; |
302 | } |
303 | |
304 | tmp = ntohl(*p++); /* opaque size */ |
305 | if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) && |
306 | (tmp != NFS4_DEVICEID4_SIZE + 8)) || |
307 | ((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) && |
308 | (tmp != NFS4_DEVICEID4_SIZE + 4))) { |
309 | status = htonl(NFS4ERR_INVAL); |
310 | goto err; |
311 | } |
312 | dev->cbd_layout_type = ntohl(*p++); |
313 | memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE); |
314 | p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE); |
315 | |
316 | if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) { |
317 | p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t)); |
318 | if (unlikely(p == NULL)) { |
319 | status = htonl(NFS4ERR_BADXDR); |
320 | goto err; |
321 | } |
322 | dev->cbd_immediate = ntohl(*p++); |
323 | } else { |
324 | dev->cbd_immediate = 0; |
325 | } |
326 | |
327 | dprintk("%s: type %d layout 0x%x immediate %d\n" , |
328 | __func__, dev->cbd_notify_type, dev->cbd_layout_type, |
329 | dev->cbd_immediate); |
330 | } |
331 | args->ndevs = n; |
332 | dprintk("%s: ndevs %d\n" , __func__, args->ndevs); |
333 | return 0; |
334 | err: |
335 | kfree(objp: args->devs); |
336 | out: |
337 | args->devs = NULL; |
338 | args->ndevs = 0; |
339 | dprintk("%s: status %d ndevs %d\n" , |
340 | __func__, ntohl(status), args->ndevs); |
341 | return status; |
342 | } |
343 | |
344 | static __be32 decode_sessionid(struct xdr_stream *xdr, |
345 | struct nfs4_sessionid *sid) |
346 | { |
347 | __be32 *p; |
348 | |
349 | p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN); |
350 | if (unlikely(p == NULL)) |
351 | return htonl(NFS4ERR_RESOURCE); |
352 | |
353 | memcpy(sid->data, p, NFS4_MAX_SESSIONID_LEN); |
354 | return 0; |
355 | } |
356 | |
357 | static __be32 decode_rc_list(struct xdr_stream *xdr, |
358 | struct referring_call_list *rc_list) |
359 | { |
360 | __be32 *p; |
361 | int i; |
362 | __be32 status; |
363 | |
364 | status = decode_sessionid(xdr, sid: &rc_list->rcl_sessionid); |
365 | if (status) |
366 | goto out; |
367 | |
368 | status = htonl(NFS4ERR_RESOURCE); |
369 | p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t)); |
370 | if (unlikely(p == NULL)) |
371 | goto out; |
372 | |
373 | rc_list->rcl_nrefcalls = ntohl(*p++); |
374 | if (rc_list->rcl_nrefcalls) { |
375 | p = xdr_inline_decode(xdr, |
376 | nbytes: rc_list->rcl_nrefcalls * 2 * sizeof(uint32_t)); |
377 | if (unlikely(p == NULL)) |
378 | goto out; |
379 | rc_list->rcl_refcalls = kmalloc_array(n: rc_list->rcl_nrefcalls, |
380 | size: sizeof(*rc_list->rcl_refcalls), |
381 | GFP_KERNEL); |
382 | if (unlikely(rc_list->rcl_refcalls == NULL)) |
383 | goto out; |
384 | for (i = 0; i < rc_list->rcl_nrefcalls; i++) { |
385 | rc_list->rcl_refcalls[i].rc_sequenceid = ntohl(*p++); |
386 | rc_list->rcl_refcalls[i].rc_slotid = ntohl(*p++); |
387 | } |
388 | } |
389 | status = 0; |
390 | |
391 | out: |
392 | return status; |
393 | } |
394 | |
395 | static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp, |
396 | struct xdr_stream *xdr, |
397 | void *argp) |
398 | { |
399 | struct cb_sequenceargs *args = argp; |
400 | __be32 *p; |
401 | int i; |
402 | __be32 status; |
403 | |
404 | status = decode_sessionid(xdr, sid: &args->csa_sessionid); |
405 | if (status) |
406 | return status; |
407 | |
408 | p = xdr_inline_decode(xdr, nbytes: 5 * sizeof(uint32_t)); |
409 | if (unlikely(p == NULL)) |
410 | return htonl(NFS4ERR_RESOURCE); |
411 | |
412 | args->csa_addr = svc_addr(rqst: rqstp); |
413 | args->csa_sequenceid = ntohl(*p++); |
414 | args->csa_slotid = ntohl(*p++); |
415 | args->csa_highestslotid = ntohl(*p++); |
416 | args->csa_cachethis = ntohl(*p++); |
417 | args->csa_nrclists = ntohl(*p++); |
418 | args->csa_rclists = NULL; |
419 | if (args->csa_nrclists) { |
420 | args->csa_rclists = kmalloc_array(n: args->csa_nrclists, |
421 | size: sizeof(*args->csa_rclists), |
422 | GFP_KERNEL); |
423 | if (unlikely(args->csa_rclists == NULL)) |
424 | return htonl(NFS4ERR_RESOURCE); |
425 | |
426 | for (i = 0; i < args->csa_nrclists; i++) { |
427 | status = decode_rc_list(xdr, rc_list: &args->csa_rclists[i]); |
428 | if (status) { |
429 | args->csa_nrclists = i; |
430 | goto out_free; |
431 | } |
432 | } |
433 | } |
434 | return 0; |
435 | |
436 | out_free: |
437 | for (i = 0; i < args->csa_nrclists; i++) |
438 | kfree(objp: args->csa_rclists[i].rcl_refcalls); |
439 | kfree(objp: args->csa_rclists); |
440 | return status; |
441 | } |
442 | |
443 | static __be32 decode_recallany_args(struct svc_rqst *rqstp, |
444 | struct xdr_stream *xdr, |
445 | void *argp) |
446 | { |
447 | struct cb_recallanyargs *args = argp; |
448 | uint32_t bitmap[2]; |
449 | __be32 *p, status; |
450 | |
451 | p = xdr_inline_decode(xdr, nbytes: 4); |
452 | if (unlikely(p == NULL)) |
453 | return htonl(NFS4ERR_BADXDR); |
454 | args->craa_objs_to_keep = ntohl(*p++); |
455 | status = decode_bitmap(xdr, bitmap); |
456 | if (unlikely(status)) |
457 | return status; |
458 | args->craa_type_mask = bitmap[0]; |
459 | |
460 | return 0; |
461 | } |
462 | |
463 | static __be32 decode_recallslot_args(struct svc_rqst *rqstp, |
464 | struct xdr_stream *xdr, |
465 | void *argp) |
466 | { |
467 | struct cb_recallslotargs *args = argp; |
468 | __be32 *p; |
469 | |
470 | p = xdr_inline_decode(xdr, nbytes: 4); |
471 | if (unlikely(p == NULL)) |
472 | return htonl(NFS4ERR_BADXDR); |
473 | args->crsa_target_highest_slotid = ntohl(*p++); |
474 | return 0; |
475 | } |
476 | |
477 | static __be32 decode_lockowner(struct xdr_stream *xdr, struct cb_notify_lock_args *args) |
478 | { |
479 | __be32 *p; |
480 | unsigned int len; |
481 | |
482 | p = xdr_inline_decode(xdr, nbytes: 12); |
483 | if (unlikely(p == NULL)) |
484 | return htonl(NFS4ERR_BADXDR); |
485 | |
486 | p = xdr_decode_hyper(p, valp: &args->cbnl_owner.clientid); |
487 | len = be32_to_cpu(*p); |
488 | |
489 | p = xdr_inline_decode(xdr, nbytes: len); |
490 | if (unlikely(p == NULL)) |
491 | return htonl(NFS4ERR_BADXDR); |
492 | |
493 | /* Only try to decode if the length is right */ |
494 | if (len == 20) { |
495 | p += 2; /* skip "lock id:" */ |
496 | args->cbnl_owner.s_dev = be32_to_cpu(*p++); |
497 | xdr_decode_hyper(p, valp: &args->cbnl_owner.id); |
498 | args->cbnl_valid = true; |
499 | } else { |
500 | args->cbnl_owner.s_dev = 0; |
501 | args->cbnl_owner.id = 0; |
502 | args->cbnl_valid = false; |
503 | } |
504 | return 0; |
505 | } |
506 | |
507 | static __be32 decode_notify_lock_args(struct svc_rqst *rqstp, |
508 | struct xdr_stream *xdr, void *argp) |
509 | { |
510 | struct cb_notify_lock_args *args = argp; |
511 | __be32 status; |
512 | |
513 | status = decode_fh(xdr, fh: &args->cbnl_fh); |
514 | if (unlikely(status != 0)) |
515 | return status; |
516 | return decode_lockowner(xdr, args); |
517 | } |
518 | |
519 | #endif /* CONFIG_NFS_V4_1 */ |
520 | #ifdef CONFIG_NFS_V4_2 |
521 | static __be32 decode_write_response(struct xdr_stream *xdr, |
522 | struct cb_offloadargs *args) |
523 | { |
524 | __be32 *p; |
525 | |
526 | /* skip the always zero field */ |
527 | p = xdr_inline_decode(xdr, nbytes: 4); |
528 | if (unlikely(!p)) |
529 | goto out; |
530 | p++; |
531 | |
532 | /* decode count, stable_how, verifier */ |
533 | p = xdr_inline_decode(xdr, nbytes: 8 + 4); |
534 | if (unlikely(!p)) |
535 | goto out; |
536 | p = xdr_decode_hyper(p, valp: &args->wr_count); |
537 | args->wr_writeverf.committed = be32_to_cpup(p); |
538 | p = xdr_inline_decode(xdr, NFS4_VERIFIER_SIZE); |
539 | if (likely(p)) { |
540 | memcpy(&args->wr_writeverf.verifier.data[0], p, |
541 | NFS4_VERIFIER_SIZE); |
542 | return 0; |
543 | } |
544 | out: |
545 | return htonl(NFS4ERR_RESOURCE); |
546 | } |
547 | |
548 | static __be32 decode_offload_args(struct svc_rqst *rqstp, |
549 | struct xdr_stream *xdr, |
550 | void *data) |
551 | { |
552 | struct cb_offloadargs *args = data; |
553 | __be32 *p; |
554 | __be32 status; |
555 | |
556 | /* decode fh */ |
557 | status = decode_fh(xdr, fh: &args->coa_fh); |
558 | if (unlikely(status != 0)) |
559 | return status; |
560 | |
561 | /* decode stateid */ |
562 | status = decode_stateid(xdr, stateid: &args->coa_stateid); |
563 | if (unlikely(status != 0)) |
564 | return status; |
565 | |
566 | /* decode status */ |
567 | p = xdr_inline_decode(xdr, nbytes: 4); |
568 | if (unlikely(!p)) |
569 | goto out; |
570 | args->error = ntohl(*p++); |
571 | if (!args->error) { |
572 | status = decode_write_response(xdr, args); |
573 | if (unlikely(status != 0)) |
574 | return status; |
575 | } else { |
576 | p = xdr_inline_decode(xdr, nbytes: 8); |
577 | if (unlikely(!p)) |
578 | goto out; |
579 | p = xdr_decode_hyper(p, valp: &args->wr_count); |
580 | } |
581 | return 0; |
582 | out: |
583 | return htonl(NFS4ERR_RESOURCE); |
584 | } |
585 | #endif /* CONFIG_NFS_V4_2 */ |
586 | static __be32 encode_string(struct xdr_stream *xdr, unsigned int len, const char *str) |
587 | { |
588 | if (unlikely(xdr_stream_encode_opaque(xdr, str, len) < 0)) |
589 | return cpu_to_be32(NFS4ERR_RESOURCE); |
590 | return 0; |
591 | } |
592 | |
593 | static __be32 encode_attr_bitmap(struct xdr_stream *xdr, const uint32_t *bitmap, size_t sz) |
594 | { |
595 | if (xdr_stream_encode_uint32_array(xdr, array: bitmap, array_size: sz) < 0) |
596 | return cpu_to_be32(NFS4ERR_RESOURCE); |
597 | return 0; |
598 | } |
599 | |
600 | static __be32 encode_attr_change(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t change) |
601 | { |
602 | __be32 *p; |
603 | |
604 | if (!(bitmap[0] & FATTR4_WORD0_CHANGE)) |
605 | return 0; |
606 | p = xdr_reserve_space(xdr, nbytes: 8); |
607 | if (unlikely(!p)) |
608 | return htonl(NFS4ERR_RESOURCE); |
609 | p = xdr_encode_hyper(p, val: change); |
610 | return 0; |
611 | } |
612 | |
613 | static __be32 encode_attr_size(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t size) |
614 | { |
615 | __be32 *p; |
616 | |
617 | if (!(bitmap[0] & FATTR4_WORD0_SIZE)) |
618 | return 0; |
619 | p = xdr_reserve_space(xdr, nbytes: 8); |
620 | if (unlikely(!p)) |
621 | return htonl(NFS4ERR_RESOURCE); |
622 | p = xdr_encode_hyper(p, val: size); |
623 | return 0; |
624 | } |
625 | |
626 | static __be32 encode_attr_time(struct xdr_stream *xdr, const struct timespec64 *time) |
627 | { |
628 | __be32 *p; |
629 | |
630 | p = xdr_reserve_space(xdr, nbytes: 12); |
631 | if (unlikely(!p)) |
632 | return htonl(NFS4ERR_RESOURCE); |
633 | p = xdr_encode_hyper(p, val: time->tv_sec); |
634 | *p = htonl(time->tv_nsec); |
635 | return 0; |
636 | } |
637 | |
638 | static __be32 encode_attr_ctime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time) |
639 | { |
640 | if (!(bitmap[1] & FATTR4_WORD1_TIME_METADATA)) |
641 | return 0; |
642 | return encode_attr_time(xdr,time); |
643 | } |
644 | |
645 | static __be32 encode_attr_mtime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time) |
646 | { |
647 | if (!(bitmap[1] & FATTR4_WORD1_TIME_MODIFY)) |
648 | return 0; |
649 | return encode_attr_time(xdr,time); |
650 | } |
651 | |
652 | static __be32 encode_compound_hdr_res(struct xdr_stream *xdr, struct cb_compound_hdr_res *hdr) |
653 | { |
654 | __be32 status; |
655 | |
656 | hdr->status = xdr_reserve_space(xdr, nbytes: 4); |
657 | if (unlikely(hdr->status == NULL)) |
658 | return htonl(NFS4ERR_RESOURCE); |
659 | status = encode_string(xdr, len: hdr->taglen, str: hdr->tag); |
660 | if (unlikely(status != 0)) |
661 | return status; |
662 | hdr->nops = xdr_reserve_space(xdr, nbytes: 4); |
663 | if (unlikely(hdr->nops == NULL)) |
664 | return htonl(NFS4ERR_RESOURCE); |
665 | return 0; |
666 | } |
667 | |
668 | static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res) |
669 | { |
670 | __be32 *p; |
671 | |
672 | p = xdr_reserve_space(xdr, nbytes: 8); |
673 | if (unlikely(p == NULL)) |
674 | return htonl(NFS4ERR_RESOURCE_HDR); |
675 | *p++ = htonl(op); |
676 | *p = res; |
677 | return 0; |
678 | } |
679 | |
680 | static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr, |
681 | const void *resp) |
682 | { |
683 | const struct cb_getattrres *res = resp; |
684 | __be32 *savep = NULL; |
685 | __be32 status = res->status; |
686 | |
687 | if (unlikely(status != 0)) |
688 | goto out; |
689 | status = encode_attr_bitmap(xdr, bitmap: res->bitmap, ARRAY_SIZE(res->bitmap)); |
690 | if (unlikely(status != 0)) |
691 | goto out; |
692 | status = cpu_to_be32(NFS4ERR_RESOURCE); |
693 | savep = xdr_reserve_space(xdr, nbytes: sizeof(*savep)); |
694 | if (unlikely(!savep)) |
695 | goto out; |
696 | status = encode_attr_change(xdr, bitmap: res->bitmap, change: res->change_attr); |
697 | if (unlikely(status != 0)) |
698 | goto out; |
699 | status = encode_attr_size(xdr, bitmap: res->bitmap, size: res->size); |
700 | if (unlikely(status != 0)) |
701 | goto out; |
702 | status = encode_attr_ctime(xdr, bitmap: res->bitmap, time: &res->ctime); |
703 | if (unlikely(status != 0)) |
704 | goto out; |
705 | status = encode_attr_mtime(xdr, bitmap: res->bitmap, time: &res->mtime); |
706 | *savep = htonl((unsigned int)((char *)xdr->p - (char *)(savep+1))); |
707 | out: |
708 | return status; |
709 | } |
710 | |
711 | #if defined(CONFIG_NFS_V4_1) |
712 | |
713 | static __be32 encode_sessionid(struct xdr_stream *xdr, |
714 | const struct nfs4_sessionid *sid) |
715 | { |
716 | __be32 *p; |
717 | |
718 | p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN); |
719 | if (unlikely(p == NULL)) |
720 | return htonl(NFS4ERR_RESOURCE); |
721 | |
722 | memcpy(p, sid, NFS4_MAX_SESSIONID_LEN); |
723 | return 0; |
724 | } |
725 | |
726 | static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp, |
727 | struct xdr_stream *xdr, |
728 | const void *resp) |
729 | { |
730 | const struct cb_sequenceres *res = resp; |
731 | __be32 *p; |
732 | __be32 status = res->csr_status; |
733 | |
734 | if (unlikely(status != 0)) |
735 | return status; |
736 | |
737 | status = encode_sessionid(xdr, sid: &res->csr_sessionid); |
738 | if (status) |
739 | return status; |
740 | |
741 | p = xdr_reserve_space(xdr, nbytes: 4 * sizeof(uint32_t)); |
742 | if (unlikely(p == NULL)) |
743 | return htonl(NFS4ERR_RESOURCE); |
744 | |
745 | *p++ = htonl(res->csr_sequenceid); |
746 | *p++ = htonl(res->csr_slotid); |
747 | *p++ = htonl(res->csr_highestslotid); |
748 | *p++ = htonl(res->csr_target_highestslotid); |
749 | return 0; |
750 | } |
751 | |
752 | static __be32 |
753 | preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op) |
754 | { |
755 | if (op_nr == OP_CB_SEQUENCE) { |
756 | if (nop != 0) |
757 | return htonl(NFS4ERR_SEQUENCE_POS); |
758 | } else { |
759 | if (nop == 0) |
760 | return htonl(NFS4ERR_OP_NOT_IN_SESSION); |
761 | } |
762 | |
763 | switch (op_nr) { |
764 | case OP_CB_GETATTR: |
765 | case OP_CB_RECALL: |
766 | case OP_CB_SEQUENCE: |
767 | case OP_CB_RECALL_ANY: |
768 | case OP_CB_RECALL_SLOT: |
769 | case OP_CB_LAYOUTRECALL: |
770 | case OP_CB_NOTIFY_DEVICEID: |
771 | case OP_CB_NOTIFY_LOCK: |
772 | *op = &callback_ops[op_nr]; |
773 | break; |
774 | |
775 | case OP_CB_NOTIFY: |
776 | case OP_CB_PUSH_DELEG: |
777 | case OP_CB_RECALLABLE_OBJ_AVAIL: |
778 | case OP_CB_WANTS_CANCELLED: |
779 | return htonl(NFS4ERR_NOTSUPP); |
780 | |
781 | default: |
782 | return htonl(NFS4ERR_OP_ILLEGAL); |
783 | } |
784 | |
785 | return htonl(NFS_OK); |
786 | } |
787 | |
788 | static void nfs4_callback_free_slot(struct nfs4_session *session, |
789 | struct nfs4_slot *slot) |
790 | { |
791 | struct nfs4_slot_table *tbl = &session->bc_slot_table; |
792 | |
793 | spin_lock(lock: &tbl->slot_tbl_lock); |
794 | /* |
795 | * Let the state manager know callback processing done. |
796 | * A single slot, so highest used slotid is either 0 or -1 |
797 | */ |
798 | nfs4_free_slot(tbl, slot); |
799 | spin_unlock(lock: &tbl->slot_tbl_lock); |
800 | } |
801 | |
802 | static void nfs4_cb_free_slot(struct cb_process_state *cps) |
803 | { |
804 | if (cps->slot) { |
805 | nfs4_callback_free_slot(session: cps->clp->cl_session, slot: cps->slot); |
806 | cps->slot = NULL; |
807 | } |
808 | } |
809 | |
810 | #else /* CONFIG_NFS_V4_1 */ |
811 | |
812 | static __be32 |
813 | preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op) |
814 | { |
815 | return htonl(NFS4ERR_MINOR_VERS_MISMATCH); |
816 | } |
817 | |
818 | static void nfs4_cb_free_slot(struct cb_process_state *cps) |
819 | { |
820 | } |
821 | #endif /* CONFIG_NFS_V4_1 */ |
822 | |
823 | #ifdef CONFIG_NFS_V4_2 |
824 | static __be32 |
825 | preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op) |
826 | { |
827 | __be32 status = preprocess_nfs41_op(nop, op_nr, op); |
828 | if (status != htonl(NFS4ERR_OP_ILLEGAL)) |
829 | return status; |
830 | |
831 | if (op_nr == OP_CB_OFFLOAD) { |
832 | *op = &callback_ops[op_nr]; |
833 | return htonl(NFS_OK); |
834 | } else |
835 | return htonl(NFS4ERR_NOTSUPP); |
836 | return htonl(NFS4ERR_OP_ILLEGAL); |
837 | } |
838 | #else /* CONFIG_NFS_V4_2 */ |
839 | static __be32 |
840 | preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op) |
841 | { |
842 | return htonl(NFS4ERR_MINOR_VERS_MISMATCH); |
843 | } |
844 | #endif /* CONFIG_NFS_V4_2 */ |
845 | |
846 | static __be32 |
847 | preprocess_nfs4_op(unsigned int op_nr, struct callback_op **op) |
848 | { |
849 | switch (op_nr) { |
850 | case OP_CB_GETATTR: |
851 | case OP_CB_RECALL: |
852 | *op = &callback_ops[op_nr]; |
853 | break; |
854 | default: |
855 | return htonl(NFS4ERR_OP_ILLEGAL); |
856 | } |
857 | |
858 | return htonl(NFS_OK); |
859 | } |
860 | |
861 | static __be32 process_op(int nop, struct svc_rqst *rqstp, |
862 | struct cb_process_state *cps) |
863 | { |
864 | struct xdr_stream *xdr_out = &rqstp->rq_res_stream; |
865 | struct callback_op *op = &callback_ops[0]; |
866 | unsigned int op_nr; |
867 | __be32 status; |
868 | long maxlen; |
869 | __be32 res; |
870 | |
871 | status = decode_op_hdr(xdr: &rqstp->rq_arg_stream, op: &op_nr); |
872 | if (unlikely(status)) |
873 | return status; |
874 | |
875 | switch (cps->minorversion) { |
876 | case 0: |
877 | status = preprocess_nfs4_op(op_nr, op: &op); |
878 | break; |
879 | case 1: |
880 | status = preprocess_nfs41_op(nop, op_nr, op: &op); |
881 | break; |
882 | case 2: |
883 | status = preprocess_nfs42_op(nop, op_nr, op: &op); |
884 | break; |
885 | default: |
886 | status = htonl(NFS4ERR_MINOR_VERS_MISMATCH); |
887 | } |
888 | |
889 | if (status == htonl(NFS4ERR_OP_ILLEGAL)) |
890 | op_nr = OP_CB_ILLEGAL; |
891 | if (status) |
892 | goto encode_hdr; |
893 | |
894 | if (cps->drc_status) { |
895 | status = cps->drc_status; |
896 | goto encode_hdr; |
897 | } |
898 | |
899 | maxlen = xdr_out->end - xdr_out->p; |
900 | if (maxlen > 0 && maxlen < PAGE_SIZE) { |
901 | status = op->decode_args(rqstp, &rqstp->rq_arg_stream, |
902 | rqstp->rq_argp); |
903 | if (likely(status == 0)) |
904 | status = op->process_op(rqstp->rq_argp, rqstp->rq_resp, |
905 | cps); |
906 | } else |
907 | status = htonl(NFS4ERR_RESOURCE); |
908 | |
909 | encode_hdr: |
910 | res = encode_op_hdr(xdr: xdr_out, op: op_nr, res: status); |
911 | if (unlikely(res)) |
912 | return res; |
913 | if (op->encode_res != NULL && status == 0) |
914 | status = op->encode_res(rqstp, xdr_out, rqstp->rq_resp); |
915 | return status; |
916 | } |
917 | |
918 | /* |
919 | * Decode, process and encode a COMPOUND |
920 | */ |
921 | static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) |
922 | { |
923 | struct cb_compound_hdr_arg hdr_arg = { 0 }; |
924 | struct cb_compound_hdr_res hdr_res = { NULL }; |
925 | struct cb_process_state cps = { |
926 | .drc_status = 0, |
927 | .clp = NULL, |
928 | .net = SVC_NET(rqstp), |
929 | }; |
930 | unsigned int nops = 0; |
931 | __be32 status; |
932 | |
933 | status = decode_compound_hdr_arg(xdr: &rqstp->rq_arg_stream, hdr: &hdr_arg); |
934 | if (status == htonl(NFS4ERR_RESOURCE)) |
935 | return rpc_garbage_args; |
936 | |
937 | if (hdr_arg.minorversion == 0) { |
938 | cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident); |
939 | if (!cps.clp) { |
940 | trace_nfs_cb_no_clp(xid: rqstp->rq_xid, cb_ident: hdr_arg.cb_ident); |
941 | goto out_invalidcred; |
942 | } |
943 | if (!check_gss_callback_principal(cps.clp, rqstp)) { |
944 | trace_nfs_cb_badprinc(xid: rqstp->rq_xid, cb_ident: hdr_arg.cb_ident); |
945 | nfs_put_client(cps.clp); |
946 | goto out_invalidcred; |
947 | } |
948 | } |
949 | |
950 | cps.minorversion = hdr_arg.minorversion; |
951 | hdr_res.taglen = hdr_arg.taglen; |
952 | hdr_res.tag = hdr_arg.tag; |
953 | if (encode_compound_hdr_res(xdr: &rqstp->rq_res_stream, hdr: &hdr_res) != 0) { |
954 | if (cps.clp) |
955 | nfs_put_client(cps.clp); |
956 | return rpc_system_err; |
957 | } |
958 | while (status == 0 && nops != hdr_arg.nops) { |
959 | status = process_op(nop: nops, rqstp, cps: &cps); |
960 | nops++; |
961 | } |
962 | |
963 | /* Buffer overflow in decode_ops_hdr or encode_ops_hdr. Return |
964 | * resource error in cb_compound status without returning op */ |
965 | if (unlikely(status == htonl(NFS4ERR_RESOURCE_HDR))) { |
966 | status = htonl(NFS4ERR_RESOURCE); |
967 | nops--; |
968 | } |
969 | |
970 | *hdr_res.status = status; |
971 | *hdr_res.nops = htonl(nops); |
972 | nfs4_cb_free_slot(cps: &cps); |
973 | nfs_put_client(cps.clp); |
974 | return rpc_success; |
975 | |
976 | out_invalidcred: |
977 | pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n" ); |
978 | rqstp->rq_auth_stat = rpc_autherr_badcred; |
979 | return rpc_success; |
980 | } |
981 | |
982 | static int |
983 | nfs_callback_dispatch(struct svc_rqst *rqstp) |
984 | { |
985 | const struct svc_procedure *procp = rqstp->rq_procinfo; |
986 | |
987 | *rqstp->rq_accept_statp = procp->pc_func(rqstp); |
988 | return 1; |
989 | } |
990 | |
991 | /* |
992 | * Define NFS4 callback COMPOUND ops. |
993 | */ |
994 | static struct callback_op callback_ops[] = { |
995 | [0] = { |
996 | .res_maxsize = CB_OP_HDR_RES_MAXSZ, |
997 | }, |
998 | [OP_CB_GETATTR] = { |
999 | .process_op = nfs4_callback_getattr, |
1000 | .decode_args = decode_getattr_args, |
1001 | .encode_res = encode_getattr_res, |
1002 | .res_maxsize = CB_OP_GETATTR_RES_MAXSZ, |
1003 | }, |
1004 | [OP_CB_RECALL] = { |
1005 | .process_op = nfs4_callback_recall, |
1006 | .decode_args = decode_recall_args, |
1007 | .res_maxsize = CB_OP_RECALL_RES_MAXSZ, |
1008 | }, |
1009 | #if defined(CONFIG_NFS_V4_1) |
1010 | [OP_CB_LAYOUTRECALL] = { |
1011 | .process_op = nfs4_callback_layoutrecall, |
1012 | .decode_args = decode_layoutrecall_args, |
1013 | .res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ, |
1014 | }, |
1015 | [OP_CB_NOTIFY_DEVICEID] = { |
1016 | .process_op = nfs4_callback_devicenotify, |
1017 | .decode_args = decode_devicenotify_args, |
1018 | .res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ, |
1019 | }, |
1020 | [OP_CB_SEQUENCE] = { |
1021 | .process_op = nfs4_callback_sequence, |
1022 | .decode_args = decode_cb_sequence_args, |
1023 | .encode_res = encode_cb_sequence_res, |
1024 | .res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ, |
1025 | }, |
1026 | [OP_CB_RECALL_ANY] = { |
1027 | .process_op = nfs4_callback_recallany, |
1028 | .decode_args = decode_recallany_args, |
1029 | .res_maxsize = CB_OP_RECALLANY_RES_MAXSZ, |
1030 | }, |
1031 | [OP_CB_RECALL_SLOT] = { |
1032 | .process_op = nfs4_callback_recallslot, |
1033 | .decode_args = decode_recallslot_args, |
1034 | .res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ, |
1035 | }, |
1036 | [OP_CB_NOTIFY_LOCK] = { |
1037 | .process_op = nfs4_callback_notify_lock, |
1038 | .decode_args = decode_notify_lock_args, |
1039 | .res_maxsize = CB_OP_NOTIFY_LOCK_RES_MAXSZ, |
1040 | }, |
1041 | #endif /* CONFIG_NFS_V4_1 */ |
1042 | #ifdef CONFIG_NFS_V4_2 |
1043 | [OP_CB_OFFLOAD] = { |
1044 | .process_op = nfs4_callback_offload, |
1045 | .decode_args = decode_offload_args, |
1046 | .res_maxsize = CB_OP_OFFLOAD_RES_MAXSZ, |
1047 | }, |
1048 | #endif /* CONFIG_NFS_V4_2 */ |
1049 | }; |
1050 | |
1051 | /* |
1052 | * Define NFS4 callback procedures |
1053 | */ |
1054 | static const struct svc_procedure nfs4_callback_procedures1[] = { |
1055 | [CB_NULL] = { |
1056 | .pc_func = nfs4_callback_null, |
1057 | .pc_encode = nfs4_encode_void, |
1058 | .pc_xdrressize = 1, |
1059 | .pc_name = "NULL" , |
1060 | }, |
1061 | [CB_COMPOUND] = { |
1062 | .pc_func = nfs4_callback_compound, |
1063 | .pc_encode = nfs4_encode_void, |
1064 | .pc_argsize = 256, |
1065 | .pc_argzero = 256, |
1066 | .pc_ressize = 256, |
1067 | .pc_xdrressize = NFS4_CALLBACK_BUFSIZE, |
1068 | .pc_name = "COMPOUND" , |
1069 | } |
1070 | }; |
1071 | |
1072 | static DEFINE_PER_CPU_ALIGNED(unsigned long, |
1073 | nfs4_callback_count1[ARRAY_SIZE(nfs4_callback_procedures1)]); |
1074 | const struct svc_version nfs4_callback_version1 = { |
1075 | .vs_vers = 1, |
1076 | .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1), |
1077 | .vs_proc = nfs4_callback_procedures1, |
1078 | .vs_count = nfs4_callback_count1, |
1079 | .vs_xdrsize = NFS4_CALLBACK_XDRSIZE, |
1080 | .vs_dispatch = nfs_callback_dispatch, |
1081 | .vs_hidden = true, |
1082 | .vs_need_cong_ctrl = true, |
1083 | }; |
1084 | |
1085 | static DEFINE_PER_CPU_ALIGNED(unsigned long, |
1086 | nfs4_callback_count4[ARRAY_SIZE(nfs4_callback_procedures1)]); |
1087 | const struct svc_version nfs4_callback_version4 = { |
1088 | .vs_vers = 4, |
1089 | .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1), |
1090 | .vs_proc = nfs4_callback_procedures1, |
1091 | .vs_count = nfs4_callback_count4, |
1092 | .vs_xdrsize = NFS4_CALLBACK_XDRSIZE, |
1093 | .vs_dispatch = nfs_callback_dispatch, |
1094 | .vs_hidden = true, |
1095 | .vs_need_cong_ctrl = true, |
1096 | }; |
1097 | |