callback_xdr.c source code [linux/fs/nfs/callback_xdr.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* linux/fs/nfs/callback_xdr.c
4	*
5	* Copyright (C) 2004 Trond Myklebust
6	*
7	* NFSv4 callback encode/decode procedures
8	*/
9	#include <linux/kernel.h>
10	#include <linux/sunrpc/svc.h>
11	#include <linux/nfs4.h>
12	#include <linux/nfs_fs.h>
13	#include <linux/ratelimit.h>
14	#include <linux/printk.h>
15	#include <linux/slab.h>
16	#include <linux/sunrpc/bc_xprt.h>
17	#include "nfs4_fs.h"
18	#include "callback.h"
19	#include "internal.h"
20	#include "nfs4session.h"
21	#include "nfs4trace.h"
22
23	#define CB_OP_TAGLEN_MAXSZ (512)
24	#define CB_OP_HDR_RES_MAXSZ (2 * 4) // opcode, status
25	#define CB_OP_GETATTR_BITMAP_MAXSZ (4 * 4) // bitmap length, 3 bitmaps
26	#define CB_OP_GETATTR_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \
27	CB_OP_GETATTR_BITMAP_MAXSZ + \
28	/* change, size, ctime, mtime */\
29	(2 + 2 + 3 + 3) * 4)
30	#define CB_OP_RECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
31
32	#if defined(CONFIG_NFS_V4_1)
33	#define CB_OP_LAYOUTRECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
34	#define CB_OP_DEVICENOTIFY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
35	#define CB_OP_SEQUENCE_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \
36	NFS4_MAX_SESSIONID_LEN + \
37	(1 + 3) * 4) // seqid, 3 slotids
38	#define CB_OP_RECALLANY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
39	#define CB_OP_RECALLSLOT_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
40	#define CB_OP_NOTIFY_LOCK_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
41	#endif /* CONFIG_NFS_V4_1 */
42	#ifdef CONFIG_NFS_V4_2
43	#define CB_OP_OFFLOAD_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
44	#endif /* CONFIG_NFS_V4_2 */
45
46	#define NFSDBG_FACILITY NFSDBG_CALLBACK
47
48	/ Internal error code /
49	#define NFS4ERR_RESOURCE_HDR 11050
50
51	struct callback_op {
52	__be32 (process_op)(void* , void* , struct* cb_process_state *);
53	__be32 (decode_args)(struct* svc_rqst , struct* xdr_stream , void* *);
54	__be32 (encode_res)(struct* svc_rqst , struct* xdr_stream *,
55	const void *);
56	long res_maxsize;
57	};
58
59	static struct callback_op callback_ops[];
60
61	static __be32 nfs4_callback_null(struct svc_rqst *rqstp)
62	{
63	return htonl(NFS4_OK);
64	}
65
66	/*
67	* svc_process_common() looks for an XDR encoder to know when
68	* not to drop a Reply.
69	*/
70	static bool nfs4_encode_void(struct svc_rqst rqstp, struct* xdr_stream *xdr)
71	{
72	return true;
73	}
74
75	static __be32 decode_string(struct xdr_stream xdr, unsigned* int *len,
76	const char **str, size_t maxlen)
77	{
78	ssize_t err;
79
80	err = xdr_stream_decode_opaque_inline(xdr, ptr: (void **)str, maxlen);
81	if (err < `0`)
82	return cpu_to_be32(NFS4ERR_RESOURCE);
83	*len = err;
84	return `0`;
85	}
86
87	static __be32 decode_fh(struct xdr_stream xdr, struct* nfs_fh *fh)
88	{
89	__be32 *p;
90
91	p = xdr_inline_decode(xdr, nbytes: `4`);
92	if (unlikely(p == NULL))
93	return htonl(NFS4ERR_RESOURCE);
94	fh->size = ntohl(*p);
95	if (fh->size > NFS4_FHSIZE)
96	return htonl(NFS4ERR_BADHANDLE);
97	p = xdr_inline_decode(xdr, nbytes: fh->size);
98	if (unlikely(p == NULL))
99	return htonl(NFS4ERR_RESOURCE);
100	memcpy(&fh->data[`0`], p, fh->size);
101	memset(&fh->data[fh->size], `0`, sizeof(fh->data) - fh->size);
102	return `0`;
103	}
104
105	static __be32 decode_bitmap(struct xdr_stream xdr, uint32_t bitmap)
106	{
107	__be32 *p;
108	unsigned int attrlen;
109
110	p = xdr_inline_decode(xdr, nbytes: `4`);
111	if (unlikely(p == NULL))
112	return htonl(NFS4ERR_RESOURCE);
113	attrlen = ntohl(*p);
114	p = xdr_inline_decode(xdr, nbytes: attrlen << `2`);
115	if (unlikely(p == NULL))
116	return htonl(NFS4ERR_RESOURCE);
117	if (likely(attrlen > `0`))
118	bitmap[`0`] = ntohl(*p++);
119	if (attrlen > `1`)
120	bitmap[`1`] = ntohl(*p);
121	return `0`;
122	}
123
124	static __be32 decode_stateid(struct xdr_stream xdr, nfs4_stateid stateid)
125	{
126	__be32 *p;
127
128	p = xdr_inline_decode(xdr, NFS4_STATEID_SIZE);
129	if (unlikely(p == NULL))
130	return htonl(NFS4ERR_RESOURCE);
131	memcpy(stateid->data, p, NFS4_STATEID_SIZE);
132	return `0`;
133	}
134
135	static __be32 decode_delegation_stateid(struct xdr_stream xdr, nfs4_stateid stateid)
136	{
137	stateid->type = NFS4_DELEGATION_STATEID_TYPE;
138	return decode_stateid(xdr, stateid);
139	}
140
141	static __be32 decode_compound_hdr_arg(struct xdr_stream xdr, struct* cb_compound_hdr_arg *hdr)
142	{
143	__be32 *p;
144	__be32 status;
145
146	status = decode_string(xdr, len: &hdr->taglen, str: &hdr->tag, CB_OP_TAGLEN_MAXSZ);
147	if (unlikely(status != `0`))
148	return status;
149	p = xdr_inline_decode(xdr, nbytes: `12`);
150	if (unlikely(p == NULL))
151	return htonl(NFS4ERR_RESOURCE);
152	hdr->minorversion = ntohl(*p++);
153	/ Check for minor version support /
154	if (hdr->minorversion <= NFS4_MAX_MINOR_VERSION) {
155	hdr->cb_ident = ntohl(p++); /* ignored by v4.1 and v4.2 /
156	} else {
157	pr_warn_ratelimited("NFS: %s: NFSv4 server callback with "
158	"illegal minor version %u!\n",
159	__func__, hdr->minorversion);
160	return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
161	}
162	hdr->nops = ntohl(*p);
163	return `0`;
164	}
165
166	static __be32 decode_op_hdr(struct xdr_stream xdr, unsigned* int *op)
167	{
168	__be32 *p;
169	p = xdr_inline_decode(xdr, nbytes: `4`);
170	if (unlikely(p == NULL))
171	return htonl(NFS4ERR_RESOURCE_HDR);
172	op = ntohl(p);
173	return `0`;
174	}
175
176	static __be32 decode_getattr_args(struct svc_rqst *rqstp,
177	struct xdr_stream xdr, void* *argp)
178	{
179	struct cb_getattrargs *args = argp;
180	__be32 status;
181
182	status = decode_fh(xdr, fh: &args->fh);
183	if (unlikely(status != `0`))
184	return status;
185	return decode_bitmap(xdr, bitmap: args->bitmap);
186	}
187
188	static __be32 decode_recall_args(struct svc_rqst *rqstp,
189	struct xdr_stream xdr, void* *argp)
190	{
191	struct cb_recallargs *args = argp;
192	__be32 *p;
193	__be32 status;
194
195	status = decode_delegation_stateid(xdr, stateid: &args->stateid);
196	if (unlikely(status != `0`))
197	return status;
198	p = xdr_inline_decode(xdr, nbytes: `4`);
199	if (unlikely(p == NULL))
200	return htonl(NFS4ERR_RESOURCE);
201	args->truncate = ntohl(*p);
202	return decode_fh(xdr, fh: &args->fh);
203	}
204
205	#if defined(CONFIG_NFS_V4_1)
206	static __be32 decode_layout_stateid(struct xdr_stream xdr, nfs4_stateid stateid)
207	{
208	stateid->type = NFS4_LAYOUT_STATEID_TYPE;
209	return decode_stateid(xdr, stateid);
210	}
211
212	static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp,
213	struct xdr_stream xdr, void* *argp)
214	{
215	struct cb_layoutrecallargs *args = argp;
216	__be32 *p;
217	__be32 status = `0`;
218	uint32_t iomode;
219
220	p = xdr_inline_decode(xdr, nbytes: `4` * sizeof(uint32_t));
221	if (unlikely(p == NULL))
222	return htonl(NFS4ERR_BADXDR);
223
224	args->cbl_layout_type = ntohl(*p++);
225	/ Depite the spec's xdr, iomode really belongs in the FILE switch,*
226	* as it is unusable and ignored with the other types.
227	*/
228	iomode = ntohl(*p++);
229	args->cbl_layoutchanged = ntohl(*p++);
230	args->cbl_recall_type = ntohl(*p++);
231
232	if (args->cbl_recall_type == RETURN_FILE) {
233	args->cbl_range.iomode = iomode;
234	status = decode_fh(xdr, fh: &args->cbl_fh);
235	if (unlikely(status != `0`))
236	return status;
237
238	p = xdr_inline_decode(xdr, nbytes: `2` * sizeof(uint64_t));
239	if (unlikely(p == NULL))
240	return htonl(NFS4ERR_BADXDR);
241	p = xdr_decode_hyper(p, valp: &args->cbl_range.offset);
242	p = xdr_decode_hyper(p, valp: &args->cbl_range.length);
243	return decode_layout_stateid(xdr, stateid: &args->cbl_stateid);
244	} else if (args->cbl_recall_type == RETURN_FSID) {
245	p = xdr_inline_decode(xdr, nbytes: `2` * sizeof(uint64_t));
246	if (unlikely(p == NULL))
247	return htonl(NFS4ERR_BADXDR);
248	p = xdr_decode_hyper(p, valp: &args->cbl_fsid.major);
249	p = xdr_decode_hyper(p, valp: &args->cbl_fsid.minor);
250	} else if (args->cbl_recall_type != RETURN_ALL)
251	return htonl(NFS4ERR_BADXDR);
252	return `0`;
253	}
254
255	static
256	__be32 decode_devicenotify_args(struct svc_rqst *rqstp,
257	struct xdr_stream *xdr,
258	void *argp)
259	{
260	struct cb_devicenotifyargs *args = argp;
261	uint32_t tmp, n, i;
262	__be32 *p;
263	__be32 status = `0`;
264
265	/ Num of device notifications /
266	p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t));
267	if (unlikely(p == NULL)) {
268	status = htonl(NFS4ERR_BADXDR);
269	goto out;
270	}
271	n = ntohl(*p++);
272	if (n == `0`)
273	goto out;
274
275	args->devs = kmalloc_array(n, size: sizeof(*args->devs), GFP_KERNEL);
276	if (!args->devs) {
277	status = htonl(NFS4ERR_DELAY);
278	goto out;
279	}
280
281	/ Decode each dev notification /
282	for (i = `0`; i < n; i++) {
283	struct cb_devicenotifyitem *dev = &args->devs[i];
284
285	p = xdr_inline_decode(xdr, nbytes: (`4` * sizeof(uint32_t)) +
286	NFS4_DEVICEID4_SIZE);
287	if (unlikely(p == NULL)) {
288	status = htonl(NFS4ERR_BADXDR);
289	goto err;
290	}
291
292	tmp = ntohl(p++); /* bitmap size /
293	if (tmp != `1`) {
294	status = htonl(NFS4ERR_INVAL);
295	goto err;
296	}
297	dev->cbd_notify_type = ntohl(*p++);
298	if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE &&
299	dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) {
300	status = htonl(NFS4ERR_INVAL);
301	goto err;
302	}
303
304	tmp = ntohl(p++); /* opaque size /
305	if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) &&
306	(tmp != NFS4_DEVICEID4_SIZE + `8`)) \|\|
307	((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) &&
308	(tmp != NFS4_DEVICEID4_SIZE + `4`))) {
309	status = htonl(NFS4ERR_INVAL);
310	goto err;
311	}
312	dev->cbd_layout_type = ntohl(*p++);
313	memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE);
314	p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE);
315
316	if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) {
317	p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t));
318	if (unlikely(p == NULL)) {
319	status = htonl(NFS4ERR_BADXDR);
320	goto err;
321	}
322	dev->cbd_immediate = ntohl(*p++);
323	} else {
324	dev->cbd_immediate = `0`;
325	}
326
327	dprintk("%s: type %d layout 0x%x immediate %d\n",
328	__func__, dev->cbd_notify_type, dev->cbd_layout_type,
329	dev->cbd_immediate);
330	}
331	args->ndevs = n;
332	dprintk("%s: ndevs %d\n", __func__, args->ndevs);
333	return `0`;
334	err:
335	kfree(objp: args->devs);
336	out:
337	args->devs = NULL;
338	args->ndevs = `0`;
339	dprintk("%s: status %d ndevs %d\n",
340	__func__, ntohl(status), args->ndevs);
341	return status;
342	}
343
344	static __be32 decode_sessionid(struct xdr_stream *xdr,
345	struct nfs4_sessionid *sid)
346	{
347	__be32 *p;
348
349	p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN);
350	if (unlikely(p == NULL))
351	return htonl(NFS4ERR_RESOURCE);
352
353	memcpy(sid->data, p, NFS4_MAX_SESSIONID_LEN);
354	return `0`;
355	}
356
357	static __be32 decode_rc_list(struct xdr_stream *xdr,
358	struct referring_call_list *rc_list)
359	{
360	__be32 *p;
361	int i;
362	__be32 status;
363
364	status = decode_sessionid(xdr, sid: &rc_list->rcl_sessionid);
365	if (status)
366	goto out;
367
368	status = htonl(NFS4ERR_RESOURCE);
369	p = xdr_inline_decode(xdr, nbytes: sizeof(uint32_t));
370	if (unlikely(p == NULL))
371	goto out;
372
373	rc_list->rcl_nrefcalls = ntohl(*p++);
374	if (rc_list->rcl_nrefcalls) {
375	p = xdr_inline_decode(xdr,
376	nbytes: rc_list->rcl_nrefcalls * `2` * sizeof(uint32_t));
377	if (unlikely(p == NULL))
378	goto out;
379	rc_list->rcl_refcalls = kmalloc_array(n: rc_list->rcl_nrefcalls,
380	size: sizeof(*rc_list->rcl_refcalls),
381	GFP_KERNEL);
382	if (unlikely(rc_list->rcl_refcalls == NULL))
383	goto out;
384	for (i = `0`; i < rc_list->rcl_nrefcalls; i++) {
385	rc_list->rcl_refcalls[i].rc_sequenceid = ntohl(*p++);
386	rc_list->rcl_refcalls[i].rc_slotid = ntohl(*p++);
387	}
388	}
389	status = `0`;
390
391	out:
392	return status;
393	}
394
395	static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
396	struct xdr_stream *xdr,
397	void *argp)
398	{
399	struct cb_sequenceargs *args = argp;
400	__be32 *p;
401	int i;
402	__be32 status;
403
404	status = decode_sessionid(xdr, sid: &args->csa_sessionid);
405	if (status)
406	return status;
407
408	p = xdr_inline_decode(xdr, nbytes: `5` * sizeof(uint32_t));
409	if (unlikely(p == NULL))
410	return htonl(NFS4ERR_RESOURCE);
411
412	args->csa_addr = svc_addr(rqst: rqstp);
413	args->csa_sequenceid = ntohl(*p++);
414	args->csa_slotid = ntohl(*p++);
415	args->csa_highestslotid = ntohl(*p++);
416	args->csa_cachethis = ntohl(*p++);
417	args->csa_nrclists = ntohl(*p++);
418	args->csa_rclists = NULL;
419	if (args->csa_nrclists) {
420	args->csa_rclists = kmalloc_array(n: args->csa_nrclists,
421	size: sizeof(*args->csa_rclists),
422	GFP_KERNEL);
423	if (unlikely(args->csa_rclists == NULL))
424	return htonl(NFS4ERR_RESOURCE);
425
426	for (i = `0`; i < args->csa_nrclists; i++) {
427	status = decode_rc_list(xdr, rc_list: &args->csa_rclists[i]);
428	if (status) {
429	args->csa_nrclists = i;
430	goto out_free;
431	}
432	}
433	}
434	return `0`;
435
436	out_free:
437	for (i = `0`; i < args->csa_nrclists; i++)
438	kfree(objp: args->csa_rclists[i].rcl_refcalls);
439	kfree(objp: args->csa_rclists);
440	return status;
441	}
442
443	static __be32 decode_recallany_args(struct svc_rqst *rqstp,
444	struct xdr_stream *xdr,
445	void *argp)
446	{
447	struct cb_recallanyargs *args = argp;
448	uint32_t bitmap[`2`];
449	__be32 *p, status;
450
451	p = xdr_inline_decode(xdr, nbytes: `4`);
452	if (unlikely(p == NULL))
453	return htonl(NFS4ERR_BADXDR);
454	args->craa_objs_to_keep = ntohl(*p++);
455	status = decode_bitmap(xdr, bitmap);
456	if (unlikely(status))
457	return status;
458	args->craa_type_mask = bitmap[`0`];
459
460	return `0`;
461	}
462
463	static __be32 decode_recallslot_args(struct svc_rqst *rqstp,
464	struct xdr_stream *xdr,
465	void *argp)
466	{
467	struct cb_recallslotargs *args = argp;
468	__be32 *p;
469
470	p = xdr_inline_decode(xdr, nbytes: `4`);
471	if (unlikely(p == NULL))
472	return htonl(NFS4ERR_BADXDR);
473	args->crsa_target_highest_slotid = ntohl(*p++);
474	return `0`;
475	}
476
477	static __be32 decode_lockowner(struct xdr_stream xdr, struct* cb_notify_lock_args *args)
478	{
479	__be32 *p;
480	unsigned int len;
481
482	p = xdr_inline_decode(xdr, nbytes: `12`);
483	if (unlikely(p == NULL))
484	return htonl(NFS4ERR_BADXDR);
485
486	p = xdr_decode_hyper(p, valp: &args->cbnl_owner.clientid);
487	len = be32_to_cpu(*p);
488
489	p = xdr_inline_decode(xdr, nbytes: len);
490	if (unlikely(p == NULL))
491	return htonl(NFS4ERR_BADXDR);
492
493	/ Only try to decode if the length is right /
494	if (len == `20`) {
495	p += `2`; / skip "lock id:" /
496	args->cbnl_owner.s_dev = be32_to_cpu(*p++);
497	xdr_decode_hyper(p, valp: &args->cbnl_owner.id);
498	args->cbnl_valid = true;
499	} else {
500	args->cbnl_owner.s_dev = `0`;
501	args->cbnl_owner.id = `0`;
502	args->cbnl_valid = false;
503	}
504	return `0`;
505	}
506
507	static __be32 decode_notify_lock_args(struct svc_rqst *rqstp,
508	struct xdr_stream xdr, void* *argp)
509	{
510	struct cb_notify_lock_args *args = argp;
511	__be32 status;
512
513	status = decode_fh(xdr, fh: &args->cbnl_fh);
514	if (unlikely(status != `0`))
515	return status;
516	return decode_lockowner(xdr, args);
517	}
518
519	#endif /* CONFIG_NFS_V4_1 */
520	#ifdef CONFIG_NFS_V4_2
521	static __be32 decode_write_response(struct xdr_stream *xdr,
522	struct cb_offloadargs *args)
523	{
524	__be32 *p;
525
526	/ skip the always zero field /
527	p = xdr_inline_decode(xdr, nbytes: `4`);
528	if (unlikely(!p))
529	goto out;
530	p++;
531
532	/ decode count, stable_how, verifier /
533	p = xdr_inline_decode(xdr, nbytes: `8` + `4`);
534	if (unlikely(!p))
535	goto out;
536	p = xdr_decode_hyper(p, valp: &args->wr_count);
537	args->wr_writeverf.committed = be32_to_cpup(p);
538	p = xdr_inline_decode(xdr, NFS4_VERIFIER_SIZE);
539	if (likely(p)) {
540	memcpy(&args->wr_writeverf.verifier.data[`0`], p,
541	NFS4_VERIFIER_SIZE);
542	return `0`;
543	}
544	out:
545	return htonl(NFS4ERR_RESOURCE);
546	}
547
548	static __be32 decode_offload_args(struct svc_rqst *rqstp,
549	struct xdr_stream *xdr,
550	void *data)
551	{
552	struct cb_offloadargs *args = data;
553	__be32 *p;
554	__be32 status;
555
556	/ decode fh /
557	status = decode_fh(xdr, fh: &args->coa_fh);
558	if (unlikely(status != `0`))
559	return status;
560
561	/ decode stateid /
562	status = decode_stateid(xdr, stateid: &args->coa_stateid);
563	if (unlikely(status != `0`))
564	return status;
565
566	/ decode status /
567	p = xdr_inline_decode(xdr, nbytes: `4`);
568	if (unlikely(!p))
569	goto out;
570	args->error = ntohl(*p++);
571	if (!args->error) {
572	status = decode_write_response(xdr, args);
573	if (unlikely(status != `0`))
574	return status;
575	} else {
576	p = xdr_inline_decode(xdr, nbytes: `8`);
577	if (unlikely(!p))
578	goto out;
579	p = xdr_decode_hyper(p, valp: &args->wr_count);
580	}
581	return `0`;
582	out:
583	return htonl(NFS4ERR_RESOURCE);
584	}
585	#endif /* CONFIG_NFS_V4_2 */
586	static __be32 encode_string(struct xdr_stream xdr, unsigned* int len, const char *str)
587	{
588	if (unlikely(xdr_stream_encode_opaque(xdr, str, len) < `0`))
589	return cpu_to_be32(NFS4ERR_RESOURCE);
590	return `0`;
591	}
592
593	static __be32 encode_attr_bitmap(struct xdr_stream xdr, const* uint32_t *bitmap, size_t sz)
594	{
595	if (xdr_stream_encode_uint32_array(xdr, array: bitmap, array_size: sz) < `0`)
596	return cpu_to_be32(NFS4ERR_RESOURCE);
597	return `0`;
598	}
599
600	static __be32 encode_attr_change(struct xdr_stream xdr, const* uint32_t *bitmap, uint64_t change)
601	{
602	__be32 *p;
603
604	if (!(bitmap[`0`] & FATTR4_WORD0_CHANGE))
605	return `0`;
606	p = xdr_reserve_space(xdr, nbytes: `8`);
607	if (unlikely(!p))
608	return htonl(NFS4ERR_RESOURCE);
609	p = xdr_encode_hyper(p, val: change);
610	return `0`;
611	}
612
613	static __be32 encode_attr_size(struct xdr_stream xdr, const* uint32_t *bitmap, uint64_t size)
614	{
615	__be32 *p;
616
617	if (!(bitmap[`0`] & FATTR4_WORD0_SIZE))
618	return `0`;
619	p = xdr_reserve_space(xdr, nbytes: `8`);
620	if (unlikely(!p))
621	return htonl(NFS4ERR_RESOURCE);
622	p = xdr_encode_hyper(p, val: size);
623	return `0`;
624	}
625
626	static __be32 encode_attr_time(struct xdr_stream xdr, const* struct timespec64 *time)
627	{
628	__be32 *p;
629
630	p = xdr_reserve_space(xdr, nbytes: `12`);
631	if (unlikely(!p))
632	return htonl(NFS4ERR_RESOURCE);
633	p = xdr_encode_hyper(p, val: time->tv_sec);
634	*p = htonl(time->tv_nsec);
635	return `0`;
636	}
637
638	static __be32 encode_attr_ctime(struct xdr_stream xdr, const* uint32_t bitmap, const* struct timespec64 *time)
639	{
640	if (!(bitmap[`1`] & FATTR4_WORD1_TIME_METADATA))
641	return `0`;
642	return encode_attr_time(xdr,time);
643	}
644
645	static __be32 encode_attr_mtime(struct xdr_stream xdr, const* uint32_t bitmap, const* struct timespec64 *time)
646	{
647	if (!(bitmap[`1`] & FATTR4_WORD1_TIME_MODIFY))
648	return `0`;
649	return encode_attr_time(xdr,time);
650	}
651
652	static __be32 encode_compound_hdr_res(struct xdr_stream xdr, struct* cb_compound_hdr_res *hdr)
653	{
654	__be32 status;
655
656	hdr->status = xdr_reserve_space(xdr, nbytes: `4`);
657	if (unlikely(hdr->status == NULL))
658	return htonl(NFS4ERR_RESOURCE);
659	status = encode_string(xdr, len: hdr->taglen, str: hdr->tag);
660	if (unlikely(status != `0`))
661	return status;
662	hdr->nops = xdr_reserve_space(xdr, nbytes: `4`);
663	if (unlikely(hdr->nops == NULL))
664	return htonl(NFS4ERR_RESOURCE);
665	return `0`;
666	}
667
668	static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res)
669	{
670	__be32 *p;
671
672	p = xdr_reserve_space(xdr, nbytes: `8`);
673	if (unlikely(p == NULL))
674	return htonl(NFS4ERR_RESOURCE_HDR);
675	*p++ = htonl(op);
676	*p = res;
677	return `0`;
678	}
679
680	static __be32 encode_getattr_res(struct svc_rqst rqstp, struct* xdr_stream *xdr,
681	const void *resp)
682	{
683	const struct cb_getattrres *res = resp;
684	__be32 *savep = NULL;
685	__be32 status = res->status;
686
687	if (unlikely(status != `0`))
688	goto out;
689	status = encode_attr_bitmap(xdr, bitmap: res->bitmap, ARRAY_SIZE(res->bitmap));
690	if (unlikely(status != `0`))
691	goto out;
692	status = cpu_to_be32(NFS4ERR_RESOURCE);
693	savep = xdr_reserve_space(xdr, nbytes: sizeof(*savep));
694	if (unlikely(!savep))
695	goto out;
696	status = encode_attr_change(xdr, bitmap: res->bitmap, change: res->change_attr);
697	if (unlikely(status != `0`))
698	goto out;
699	status = encode_attr_size(xdr, bitmap: res->bitmap, size: res->size);
700	if (unlikely(status != `0`))
701	goto out;
702	status = encode_attr_ctime(xdr, bitmap: res->bitmap, time: &res->ctime);
703	if (unlikely(status != `0`))
704	goto out;
705	status = encode_attr_mtime(xdr, bitmap: res->bitmap, time: &res->mtime);
706	savep = htonl((unsigned* int)((char )xdr->p - (char* *)(savep+`1`)));
707	out:
708	return status;
709	}
710
711	#if defined(CONFIG_NFS_V4_1)
712
713	static __be32 encode_sessionid(struct xdr_stream *xdr,
714	const struct nfs4_sessionid *sid)
715	{
716	__be32 *p;
717
718	p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN);
719	if (unlikely(p == NULL))
720	return htonl(NFS4ERR_RESOURCE);
721
722	memcpy(p, sid, NFS4_MAX_SESSIONID_LEN);
723	return `0`;
724	}
725
726	static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp,
727	struct xdr_stream *xdr,
728	const void *resp)
729	{
730	const struct cb_sequenceres *res = resp;
731	__be32 *p;
732	__be32 status = res->csr_status;
733
734	if (unlikely(status != `0`))
735	return status;
736
737	status = encode_sessionid(xdr, sid: &res->csr_sessionid);
738	if (status)
739	return status;
740
741	p = xdr_reserve_space(xdr, nbytes: `4` * sizeof(uint32_t));
742	if (unlikely(p == NULL))
743	return htonl(NFS4ERR_RESOURCE);
744
745	*p++ = htonl(res->csr_sequenceid);
746	*p++ = htonl(res->csr_slotid);
747	*p++ = htonl(res->csr_highestslotid);
748	*p++ = htonl(res->csr_target_highestslotid);
749	return `0`;
750	}
751
752	static __be32
753	preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
754	{
755	if (op_nr == OP_CB_SEQUENCE) {
756	if (nop != `0`)
757	return htonl(NFS4ERR_SEQUENCE_POS);
758	} else {
759	if (nop == `0`)
760	return htonl(NFS4ERR_OP_NOT_IN_SESSION);
761	}
762
763	switch (op_nr) {
764	case OP_CB_GETATTR:
765	case OP_CB_RECALL:
766	case OP_CB_SEQUENCE:
767	case OP_CB_RECALL_ANY:
768	case OP_CB_RECALL_SLOT:
769	case OP_CB_LAYOUTRECALL:
770	case OP_CB_NOTIFY_DEVICEID:
771	case OP_CB_NOTIFY_LOCK:
772	*op = &callback_ops[op_nr];
773	break;
774
775	case OP_CB_NOTIFY:
776	case OP_CB_PUSH_DELEG:
777	case OP_CB_RECALLABLE_OBJ_AVAIL:
778	case OP_CB_WANTS_CANCELLED:
779	return htonl(NFS4ERR_NOTSUPP);
780
781	default:
782	return htonl(NFS4ERR_OP_ILLEGAL);
783	}
784
785	return htonl(NFS_OK);
786	}
787
788	static void nfs4_callback_free_slot(struct nfs4_session *session,
789	struct nfs4_slot *slot)
790	{
791	struct nfs4_slot_table *tbl = &session->bc_slot_table;
792
793	spin_lock(lock: &tbl->slot_tbl_lock);
794	/*
795	* Let the state manager know callback processing done.
796	* A single slot, so highest used slotid is either 0 or -1
797	*/
798	nfs4_free_slot(tbl, slot);
799	spin_unlock(lock: &tbl->slot_tbl_lock);
800	}
801
802	static void nfs4_cb_free_slot(struct cb_process_state *cps)
803	{
804	if (cps->slot) {
805	nfs4_callback_free_slot(session: cps->clp->cl_session, slot: cps->slot);
806	cps->slot = NULL;
807	}
808	}
809
810	#else /* CONFIG_NFS_V4_1 */
811
812	static __be32
813	preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
814	{
815	return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
816	}
817
818	static void nfs4_cb_free_slot(struct cb_process_state *cps)
819	{
820	}
821	#endif /* CONFIG_NFS_V4_1 */
822
823	#ifdef CONFIG_NFS_V4_2
824	static __be32
825	preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
826	{
827	__be32 status = preprocess_nfs41_op(nop, op_nr, op);
828	if (status != htonl(NFS4ERR_OP_ILLEGAL))
829	return status;
830
831	if (op_nr == OP_CB_OFFLOAD) {
832	*op = &callback_ops[op_nr];
833	return htonl(NFS_OK);
834	} else
835	return htonl(NFS4ERR_NOTSUPP);
836	return htonl(NFS4ERR_OP_ILLEGAL);
837	}
838	#else /* CONFIG_NFS_V4_2 */
839	static __be32
840	preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
841	{
842	return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
843	}
844	#endif /* CONFIG_NFS_V4_2 */
845
846	static __be32
847	preprocess_nfs4_op(unsigned int op_nr, struct callback_op **op)
848	{
849	switch (op_nr) {
850	case OP_CB_GETATTR:
851	case OP_CB_RECALL:
852	*op = &callback_ops[op_nr];
853	break;
854	default:
855	return htonl(NFS4ERR_OP_ILLEGAL);
856	}
857
858	return htonl(NFS_OK);
859	}
860
861	static __be32 process_op(int nop, struct svc_rqst *rqstp,
862	struct cb_process_state *cps)
863	{
864	struct xdr_stream *xdr_out = &rqstp->rq_res_stream;
865	struct callback_op *op = &callback_ops[`0`];
866	unsigned int op_nr;
867	__be32 status;
868	long maxlen;
869	__be32 res;
870
871	status = decode_op_hdr(xdr: &rqstp->rq_arg_stream, op: &op_nr);
872	if (unlikely(status))
873	return status;
874
875	switch (cps->minorversion) {
876	case `0`:
877	status = preprocess_nfs4_op(op_nr, op: &op);
878	break;
879	case `1`:
880	status = preprocess_nfs41_op(nop, op_nr, op: &op);
881	break;
882	case `2`:
883	status = preprocess_nfs42_op(nop, op_nr, op: &op);
884	break;
885	default:
886	status = htonl(NFS4ERR_MINOR_VERS_MISMATCH);
887	}
888
889	if (status == htonl(NFS4ERR_OP_ILLEGAL))
890	op_nr = OP_CB_ILLEGAL;
891	if (status)
892	goto encode_hdr;
893
894	if (cps->drc_status) {
895	status = cps->drc_status;
896	goto encode_hdr;
897	}
898
899	maxlen = xdr_out->end - xdr_out->p;
900	if (maxlen > `0` && maxlen < PAGE_SIZE) {
901	status = op->decode_args(rqstp, &rqstp->rq_arg_stream,
902	rqstp->rq_argp);
903	if (likely(status == `0`))
904	status = op->process_op(rqstp->rq_argp, rqstp->rq_resp,
905	cps);
906	} else
907	status = htonl(NFS4ERR_RESOURCE);
908
909	encode_hdr:
910	res = encode_op_hdr(xdr: xdr_out, op: op_nr, res: status);
911	if (unlikely(res))
912	return res;
913	if (op->encode_res != NULL && status == `0`)
914	status = op->encode_res(rqstp, xdr_out, rqstp->rq_resp);
915	return status;
916	}
917
918	/*
919	* Decode, process and encode a COMPOUND
920	*/
921	static __be32 nfs4_callback_compound(struct svc_rqst *rqstp)
922	{
923	struct cb_compound_hdr_arg hdr_arg = { `0` };
924	struct cb_compound_hdr_res hdr_res = { NULL };
925	struct cb_process_state cps = {
926	.drc_status = `0`,
927	.clp = NULL,
928	.net = SVC_NET(rqstp),
929	};
930	unsigned int nops = `0`;
931	__be32 status;
932
933	status = decode_compound_hdr_arg(xdr: &rqstp->rq_arg_stream, hdr: &hdr_arg);
934	if (status == htonl(NFS4ERR_RESOURCE))
935	return rpc_garbage_args;
936
937	if (hdr_arg.minorversion == `0`) {
938	cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident);
939	if (!cps.clp) {
940	trace_nfs_cb_no_clp(xid: rqstp->rq_xid, cb_ident: hdr_arg.cb_ident);
941	goto out_invalidcred;
942	}
943	if (!check_gss_callback_principal(cps.clp, rqstp)) {
944	trace_nfs_cb_badprinc(xid: rqstp->rq_xid, cb_ident: hdr_arg.cb_ident);
945	nfs_put_client(cps.clp);
946	goto out_invalidcred;
947	}
948	}
949
950	cps.minorversion = hdr_arg.minorversion;
951	hdr_res.taglen = hdr_arg.taglen;
952	hdr_res.tag = hdr_arg.tag;
953	if (encode_compound_hdr_res(xdr: &rqstp->rq_res_stream, hdr: &hdr_res) != `0`) {
954	if (cps.clp)
955	nfs_put_client(cps.clp);
956	return rpc_system_err;
957	}
958	while (status == `0` && nops != hdr_arg.nops) {
959	status = process_op(nop: nops, rqstp, cps: &cps);
960	nops++;
961	}
962
963	/ Buffer overflow in decode_ops_hdr or encode_ops_hdr. Return*
964	* resource error in cb_compound status without returning op */
965	if (unlikely(status == htonl(NFS4ERR_RESOURCE_HDR))) {
966	status = htonl(NFS4ERR_RESOURCE);
967	nops--;
968	}
969
970	*hdr_res.status = status;
971	*hdr_res.nops = htonl(nops);
972	nfs4_cb_free_slot(cps: &cps);
973	nfs_put_client(cps.clp);
974	return rpc_success;
975
976	out_invalidcred:
977	pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n");
978	rqstp->rq_auth_stat = rpc_autherr_badcred;
979	return rpc_success;
980	}
981
982	static int
983	nfs_callback_dispatch(struct svc_rqst *rqstp)
984	{
985	const struct svc_procedure *procp = rqstp->rq_procinfo;
986
987	*rqstp->rq_accept_statp = procp->pc_func(rqstp);
988	return `1`;
989	}
990
991	/*
992	* Define NFS4 callback COMPOUND ops.
993	*/
994	static struct callback_op callback_ops[] = {
995	[`0`] = {
996	.res_maxsize = CB_OP_HDR_RES_MAXSZ,
997	},
998	[OP_CB_GETATTR] = {
999	.process_op = nfs4_callback_getattr,
1000	.decode_args = decode_getattr_args,
1001	.encode_res = encode_getattr_res,
1002	.res_maxsize = CB_OP_GETATTR_RES_MAXSZ,
1003	},
1004	[OP_CB_RECALL] = {
1005	.process_op = nfs4_callback_recall,
1006	.decode_args = decode_recall_args,
1007	.res_maxsize = CB_OP_RECALL_RES_MAXSZ,
1008	},
1009	#if defined(CONFIG_NFS_V4_1)
1010	[OP_CB_LAYOUTRECALL] = {
1011	.process_op = nfs4_callback_layoutrecall,
1012	.decode_args = decode_layoutrecall_args,
1013	.res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ,
1014	},
1015	[OP_CB_NOTIFY_DEVICEID] = {
1016	.process_op = nfs4_callback_devicenotify,
1017	.decode_args = decode_devicenotify_args,
1018	.res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ,
1019	},
1020	[OP_CB_SEQUENCE] = {
1021	.process_op = nfs4_callback_sequence,
1022	.decode_args = decode_cb_sequence_args,
1023	.encode_res = encode_cb_sequence_res,
1024	.res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ,
1025	},
1026	[OP_CB_RECALL_ANY] = {
1027	.process_op = nfs4_callback_recallany,
1028	.decode_args = decode_recallany_args,
1029	.res_maxsize = CB_OP_RECALLANY_RES_MAXSZ,
1030	},
1031	[OP_CB_RECALL_SLOT] = {
1032	.process_op = nfs4_callback_recallslot,
1033	.decode_args = decode_recallslot_args,
1034	.res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ,
1035	},
1036	[OP_CB_NOTIFY_LOCK] = {
1037	.process_op = nfs4_callback_notify_lock,
1038	.decode_args = decode_notify_lock_args,
1039	.res_maxsize = CB_OP_NOTIFY_LOCK_RES_MAXSZ,
1040	},
1041	#endif /* CONFIG_NFS_V4_1 */
1042	#ifdef CONFIG_NFS_V4_2
1043	[OP_CB_OFFLOAD] = {
1044	.process_op = nfs4_callback_offload,
1045	.decode_args = decode_offload_args,
1046	.res_maxsize = CB_OP_OFFLOAD_RES_MAXSZ,
1047	},
1048	#endif /* CONFIG_NFS_V4_2 */
1049	};
1050
1051	/*
1052	* Define NFS4 callback procedures
1053	*/
1054	static const struct svc_procedure nfs4_callback_procedures1[] = {
1055	[CB_NULL] = {
1056	.pc_func = nfs4_callback_null,
1057	.pc_encode = nfs4_encode_void,
1058	.pc_xdrressize = `1`,
1059	.pc_name = "NULL",
1060	},
1061	[CB_COMPOUND] = {
1062	.pc_func = nfs4_callback_compound,
1063	.pc_encode = nfs4_encode_void,
1064	.pc_argsize = `256`,
1065	.pc_argzero = `256`,
1066	.pc_ressize = `256`,
1067	.pc_xdrressize = NFS4_CALLBACK_BUFSIZE,
1068	.pc_name = "COMPOUND",
1069	}
1070	};
1071
1072	static DEFINE_PER_CPU_ALIGNED(unsigned long,
1073	nfs4_callback_count1[ARRAY_SIZE(nfs4_callback_procedures1)]);
1074	const struct svc_version nfs4_callback_version1 = {
1075	.vs_vers = `1`,
1076	.vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1077	.vs_proc = nfs4_callback_procedures1,
1078	.vs_count = nfs4_callback_count1,
1079	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1080	.vs_dispatch = nfs_callback_dispatch,
1081	.vs_hidden = true,
1082	.vs_need_cong_ctrl = true,
1083	};
1084
1085	static DEFINE_PER_CPU_ALIGNED(unsigned long,
1086	nfs4_callback_count4[ARRAY_SIZE(nfs4_callback_procedures1)]);
1087	const struct svc_version nfs4_callback_version4 = {
1088	.vs_vers = `4`,
1089	.vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1090	.vs_proc = nfs4_callback_procedures1,
1091	.vs_count = nfs4_callback_count4,
1092	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1093	.vs_dispatch = nfs_callback_dispatch,
1094	.vs_hidden = true,
1095	.vs_need_cong_ctrl = true,
1096	};
1097

source code of linux/fs/nfs/callback_xdr.c