1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/nfs/callback_xdr.c 4 * 5 * Copyright (C) 2004 Trond Myklebust 6 * 7 * NFSv4 callback encode/decode procedures 8 */ 9 #include <linux/kernel.h> 10 #include <linux/sunrpc/svc.h> 11 #include <linux/nfs4.h> 12 #include <linux/nfs_fs.h> 13 #include <linux/ratelimit.h> 14 #include <linux/printk.h> 15 #include <linux/slab.h> 16 #include <linux/sunrpc/bc_xprt.h> 17 #include "nfs4_fs.h" 18 #include "callback.h" 19 #include "internal.h" 20 #include "nfs4session.h" 21 #include "nfs4trace.h" 22 23 #define CB_OP_TAGLEN_MAXSZ (512) 24 #define CB_OP_HDR_RES_MAXSZ (2 * 4) // opcode, status 25 #define CB_OP_GETATTR_BITMAP_MAXSZ (4 * 4) // bitmap length, 3 bitmaps 26 #define CB_OP_GETATTR_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \ 27 CB_OP_GETATTR_BITMAP_MAXSZ + \ 28 /* change, size, atime, ctime, 29 * mtime, deleg_atime, deleg_mtime */\ 30 (2 + 2 + 3 + 3 + 3 + 3 + 3) * 4) 31 #define CB_OP_RECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 32 33 #if defined(CONFIG_NFS_V4_1) 34 #define CB_OP_LAYOUTRECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 35 #define CB_OP_DEVICENOTIFY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 36 #define CB_OP_SEQUENCE_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \ 37 NFS4_MAX_SESSIONID_LEN + \ 38 (1 + 3) * 4) // seqid, 3 slotids 39 #define CB_OP_RECALLANY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 40 #define CB_OP_RECALLSLOT_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 41 #define CB_OP_NOTIFY_LOCK_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 42 #endif /* CONFIG_NFS_V4_1 */ 43 #ifdef CONFIG_NFS_V4_2 44 #define CB_OP_OFFLOAD_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ) 45 #endif /* CONFIG_NFS_V4_2 */ 46 47 #define NFSDBG_FACILITY NFSDBG_CALLBACK 48 49 /* Internal error code */ 50 #define NFS4ERR_RESOURCE_HDR 11050 51 52 struct callback_op { 53 __be32 (*process_op)(void *, void *, struct cb_process_state *); 54 __be32 (*decode_args)(struct svc_rqst *, struct xdr_stream *, void *); 55 __be32 (*encode_res)(struct svc_rqst *, struct xdr_stream *, 56 const void *); 57 long res_maxsize; 58 }; 59 60 static struct callback_op callback_ops[]; 61 62 static __be32 nfs4_callback_null(struct svc_rqst *rqstp) 63 { 64 return htonl(NFS4_OK); 65 } 66 67 /* 68 * svc_process_common() looks for an XDR encoder to know when 69 * not to drop a Reply. 70 */ 71 static bool nfs4_encode_void(struct svc_rqst *rqstp, struct xdr_stream *xdr) 72 { 73 return true; 74 } 75 76 static __be32 decode_string(struct xdr_stream *xdr, unsigned int *len, 77 const char **str, size_t maxlen) 78 { 79 ssize_t err; 80 81 err = xdr_stream_decode_opaque_inline(xdr, (void **)str, maxlen); 82 if (err < 0) 83 return cpu_to_be32(NFS4ERR_RESOURCE); 84 *len = err; 85 return 0; 86 } 87 88 static __be32 decode_fh(struct xdr_stream *xdr, struct nfs_fh *fh) 89 { 90 __be32 *p; 91 92 p = xdr_inline_decode(xdr, 4); 93 if (unlikely(p == NULL)) 94 return htonl(NFS4ERR_RESOURCE); 95 fh->size = ntohl(*p); 96 if (fh->size > NFS4_FHSIZE) 97 return htonl(NFS4ERR_BADHANDLE); 98 p = xdr_inline_decode(xdr, fh->size); 99 if (unlikely(p == NULL)) 100 return htonl(NFS4ERR_RESOURCE); 101 memcpy(&fh->data[0], p, fh->size); 102 memset(&fh->data[fh->size], 0, sizeof(fh->data) - fh->size); 103 return 0; 104 } 105 106 static __be32 decode_bitmap(struct xdr_stream *xdr, uint32_t *bitmap) 107 { 108 __be32 *p; 109 unsigned int attrlen; 110 111 p = xdr_inline_decode(xdr, 4); 112 if (unlikely(p == NULL)) 113 return htonl(NFS4ERR_RESOURCE); 114 attrlen = ntohl(*p); 115 p = xdr_inline_decode(xdr, attrlen << 2); 116 if (unlikely(p == NULL)) 117 return htonl(NFS4ERR_RESOURCE); 118 if (likely(attrlen > 0)) 119 bitmap[0] = ntohl(*p++); 120 if (attrlen > 1) 121 bitmap[1] = ntohl(*p); 122 return 0; 123 } 124 125 static __be32 decode_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) 126 { 127 __be32 *p; 128 129 p = xdr_inline_decode(xdr, NFS4_STATEID_SIZE); 130 if (unlikely(p == NULL)) 131 return htonl(NFS4ERR_RESOURCE); 132 memcpy(stateid->data, p, NFS4_STATEID_SIZE); 133 return 0; 134 } 135 136 static __be32 decode_delegation_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) 137 { 138 stateid->type = NFS4_DELEGATION_STATEID_TYPE; 139 return decode_stateid(xdr, stateid); 140 } 141 142 static __be32 decode_compound_hdr_arg(struct xdr_stream *xdr, struct cb_compound_hdr_arg *hdr) 143 { 144 __be32 *p; 145 __be32 status; 146 147 status = decode_string(xdr, &hdr->taglen, &hdr->tag, CB_OP_TAGLEN_MAXSZ); 148 if (unlikely(status != 0)) 149 return status; 150 p = xdr_inline_decode(xdr, 12); 151 if (unlikely(p == NULL)) 152 return htonl(NFS4ERR_RESOURCE); 153 hdr->minorversion = ntohl(*p++); 154 /* Check for minor version support */ 155 if (hdr->minorversion <= NFS4_MAX_MINOR_VERSION) { 156 hdr->cb_ident = ntohl(*p++); /* ignored by v4.1 and v4.2 */ 157 } else { 158 pr_warn_ratelimited("NFS: %s: NFSv4 server callback with " 159 "illegal minor version %u!\n", 160 __func__, hdr->minorversion); 161 return htonl(NFS4ERR_MINOR_VERS_MISMATCH); 162 } 163 hdr->nops = ntohl(*p); 164 return 0; 165 } 166 167 static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op) 168 { 169 __be32 *p; 170 p = xdr_inline_decode(xdr, 4); 171 if (unlikely(p == NULL)) 172 return htonl(NFS4ERR_RESOURCE_HDR); 173 *op = ntohl(*p); 174 return 0; 175 } 176 177 static __be32 decode_getattr_args(struct svc_rqst *rqstp, 178 struct xdr_stream *xdr, void *argp) 179 { 180 struct cb_getattrargs *args = argp; 181 __be32 status; 182 183 status = decode_fh(xdr, &args->fh); 184 if (unlikely(status != 0)) 185 return status; 186 return decode_bitmap(xdr, args->bitmap); 187 } 188 189 static __be32 decode_recall_args(struct svc_rqst *rqstp, 190 struct xdr_stream *xdr, void *argp) 191 { 192 struct cb_recallargs *args = argp; 193 __be32 *p; 194 __be32 status; 195 196 status = decode_delegation_stateid(xdr, &args->stateid); 197 if (unlikely(status != 0)) 198 return status; 199 p = xdr_inline_decode(xdr, 4); 200 if (unlikely(p == NULL)) 201 return htonl(NFS4ERR_RESOURCE); 202 args->truncate = ntohl(*p); 203 return decode_fh(xdr, &args->fh); 204 } 205 206 #if defined(CONFIG_NFS_V4_1) 207 static __be32 decode_layout_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid) 208 { 209 stateid->type = NFS4_LAYOUT_STATEID_TYPE; 210 return decode_stateid(xdr, stateid); 211 } 212 213 static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp, 214 struct xdr_stream *xdr, void *argp) 215 { 216 struct cb_layoutrecallargs *args = argp; 217 __be32 *p; 218 __be32 status = 0; 219 uint32_t iomode; 220 221 p = xdr_inline_decode(xdr, 4 * sizeof(uint32_t)); 222 if (unlikely(p == NULL)) 223 return htonl(NFS4ERR_BADXDR); 224 225 args->cbl_layout_type = ntohl(*p++); 226 /* Depite the spec's xdr, iomode really belongs in the FILE switch, 227 * as it is unusable and ignored with the other types. 228 */ 229 iomode = ntohl(*p++); 230 args->cbl_layoutchanged = ntohl(*p++); 231 args->cbl_recall_type = ntohl(*p++); 232 233 if (args->cbl_recall_type == RETURN_FILE) { 234 args->cbl_range.iomode = iomode; 235 status = decode_fh(xdr, &args->cbl_fh); 236 if (unlikely(status != 0)) 237 return status; 238 239 p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t)); 240 if (unlikely(p == NULL)) 241 return htonl(NFS4ERR_BADXDR); 242 p = xdr_decode_hyper(p, &args->cbl_range.offset); 243 p = xdr_decode_hyper(p, &args->cbl_range.length); 244 return decode_layout_stateid(xdr, &args->cbl_stateid); 245 } else if (args->cbl_recall_type == RETURN_FSID) { 246 p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t)); 247 if (unlikely(p == NULL)) 248 return htonl(NFS4ERR_BADXDR); 249 p = xdr_decode_hyper(p, &args->cbl_fsid.major); 250 p = xdr_decode_hyper(p, &args->cbl_fsid.minor); 251 } else if (args->cbl_recall_type != RETURN_ALL) 252 return htonl(NFS4ERR_BADXDR); 253 return 0; 254 } 255 256 static 257 __be32 decode_devicenotify_args(struct svc_rqst *rqstp, 258 struct xdr_stream *xdr, 259 void *argp) 260 { 261 struct cb_devicenotifyargs *args = argp; 262 uint32_t tmp, n, i; 263 __be32 *p; 264 __be32 status = 0; 265 266 /* Num of device notifications */ 267 p = xdr_inline_decode(xdr, sizeof(uint32_t)); 268 if (unlikely(p == NULL)) { 269 status = htonl(NFS4ERR_BADXDR); 270 goto out; 271 } 272 n = ntohl(*p++); 273 if (n == 0) 274 goto out; 275 276 args->devs = kmalloc_array(n, sizeof(*args->devs), GFP_KERNEL); 277 if (!args->devs) { 278 status = htonl(NFS4ERR_DELAY); 279 goto out; 280 } 281 282 /* Decode each dev notification */ 283 for (i = 0; i < n; i++) { 284 struct cb_devicenotifyitem *dev = &args->devs[i]; 285 286 p = xdr_inline_decode(xdr, (4 * sizeof(uint32_t)) + 287 NFS4_DEVICEID4_SIZE); 288 if (unlikely(p == NULL)) { 289 status = htonl(NFS4ERR_BADXDR); 290 goto err; 291 } 292 293 tmp = ntohl(*p++); /* bitmap size */ 294 if (tmp != 1) { 295 status = htonl(NFS4ERR_INVAL); 296 goto err; 297 } 298 dev->cbd_notify_type = ntohl(*p++); 299 if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE && 300 dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) { 301 status = htonl(NFS4ERR_INVAL); 302 goto err; 303 } 304 305 tmp = ntohl(*p++); /* opaque size */ 306 if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) && 307 (tmp != NFS4_DEVICEID4_SIZE + 8)) || 308 ((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) && 309 (tmp != NFS4_DEVICEID4_SIZE + 4))) { 310 status = htonl(NFS4ERR_INVAL); 311 goto err; 312 } 313 dev->cbd_layout_type = ntohl(*p++); 314 memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE); 315 p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE); 316 317 if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) { 318 p = xdr_inline_decode(xdr, sizeof(uint32_t)); 319 if (unlikely(p == NULL)) { 320 status = htonl(NFS4ERR_BADXDR); 321 goto err; 322 } 323 dev->cbd_immediate = ntohl(*p++); 324 } else { 325 dev->cbd_immediate = 0; 326 } 327 328 dprintk("%s: type %d layout 0x%x immediate %d\n", 329 __func__, dev->cbd_notify_type, dev->cbd_layout_type, 330 dev->cbd_immediate); 331 } 332 args->ndevs = n; 333 dprintk("%s: ndevs %d\n", __func__, args->ndevs); 334 return 0; 335 err: 336 kfree(args->devs); 337 out: 338 args->devs = NULL; 339 args->ndevs = 0; 340 dprintk("%s: status %d ndevs %d\n", 341 __func__, ntohl(status), args->ndevs); 342 return status; 343 } 344 345 static __be32 decode_sessionid(struct xdr_stream *xdr, 346 struct nfs4_sessionid *sid) 347 { 348 __be32 *p; 349 350 p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN); 351 if (unlikely(p == NULL)) 352 return htonl(NFS4ERR_RESOURCE); 353 354 memcpy(sid->data, p, NFS4_MAX_SESSIONID_LEN); 355 return 0; 356 } 357 358 static __be32 decode_rc_list(struct xdr_stream *xdr, 359 struct referring_call_list *rc_list) 360 { 361 __be32 *p; 362 int i; 363 __be32 status; 364 365 status = decode_sessionid(xdr, &rc_list->rcl_sessionid); 366 if (status) 367 goto out; 368 369 status = htonl(NFS4ERR_RESOURCE); 370 p = xdr_inline_decode(xdr, sizeof(uint32_t)); 371 if (unlikely(p == NULL)) 372 goto out; 373 374 rc_list->rcl_nrefcalls = ntohl(*p++); 375 if (rc_list->rcl_nrefcalls) { 376 p = xdr_inline_decode(xdr, 377 rc_list->rcl_nrefcalls * 2 * sizeof(uint32_t)); 378 if (unlikely(p == NULL)) 379 goto out; 380 rc_list->rcl_refcalls = kmalloc_array(rc_list->rcl_nrefcalls, 381 sizeof(*rc_list->rcl_refcalls), 382 GFP_KERNEL); 383 if (unlikely(rc_list->rcl_refcalls == NULL)) 384 goto out; 385 for (i = 0; i < rc_list->rcl_nrefcalls; i++) { 386 rc_list->rcl_refcalls[i].rc_sequenceid = ntohl(*p++); 387 rc_list->rcl_refcalls[i].rc_slotid = ntohl(*p++); 388 } 389 } 390 status = 0; 391 392 out: 393 return status; 394 } 395 396 static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp, 397 struct xdr_stream *xdr, 398 void *argp) 399 { 400 struct cb_sequenceargs *args = argp; 401 __be32 *p; 402 int i; 403 __be32 status; 404 405 status = decode_sessionid(xdr, &args->csa_sessionid); 406 if (status) 407 return status; 408 409 p = xdr_inline_decode(xdr, 5 * sizeof(uint32_t)); 410 if (unlikely(p == NULL)) 411 return htonl(NFS4ERR_RESOURCE); 412 413 args->csa_addr = svc_addr(rqstp); 414 args->csa_sequenceid = ntohl(*p++); 415 args->csa_slotid = ntohl(*p++); 416 args->csa_highestslotid = ntohl(*p++); 417 args->csa_cachethis = ntohl(*p++); 418 args->csa_nrclists = ntohl(*p++); 419 args->csa_rclists = NULL; 420 if (args->csa_nrclists) { 421 args->csa_rclists = kmalloc_array(args->csa_nrclists, 422 sizeof(*args->csa_rclists), 423 GFP_KERNEL); 424 if (unlikely(args->csa_rclists == NULL)) 425 return htonl(NFS4ERR_RESOURCE); 426 427 for (i = 0; i < args->csa_nrclists; i++) { 428 status = decode_rc_list(xdr, &args->csa_rclists[i]); 429 if (status) { 430 args->csa_nrclists = i; 431 goto out_free; 432 } 433 } 434 } 435 return 0; 436 437 out_free: 438 for (i = 0; i < args->csa_nrclists; i++) 439 kfree(args->csa_rclists[i].rcl_refcalls); 440 kfree(args->csa_rclists); 441 return status; 442 } 443 444 static __be32 decode_recallany_args(struct svc_rqst *rqstp, 445 struct xdr_stream *xdr, 446 void *argp) 447 { 448 struct cb_recallanyargs *args = argp; 449 uint32_t bitmap[2]; 450 __be32 *p, status; 451 452 p = xdr_inline_decode(xdr, 4); 453 if (unlikely(p == NULL)) 454 return htonl(NFS4ERR_BADXDR); 455 args->craa_objs_to_keep = ntohl(*p++); 456 status = decode_bitmap(xdr, bitmap); 457 if (unlikely(status)) 458 return status; 459 args->craa_type_mask = bitmap[0]; 460 461 return 0; 462 } 463 464 static __be32 decode_recallslot_args(struct svc_rqst *rqstp, 465 struct xdr_stream *xdr, 466 void *argp) 467 { 468 struct cb_recallslotargs *args = argp; 469 __be32 *p; 470 471 p = xdr_inline_decode(xdr, 4); 472 if (unlikely(p == NULL)) 473 return htonl(NFS4ERR_BADXDR); 474 args->crsa_target_highest_slotid = ntohl(*p++); 475 return 0; 476 } 477 478 static __be32 decode_lockowner(struct xdr_stream *xdr, struct cb_notify_lock_args *args) 479 { 480 __be32 *p; 481 unsigned int len; 482 483 p = xdr_inline_decode(xdr, 12); 484 if (unlikely(p == NULL)) 485 return htonl(NFS4ERR_BADXDR); 486 487 p = xdr_decode_hyper(p, &args->cbnl_owner.clientid); 488 len = be32_to_cpu(*p); 489 490 p = xdr_inline_decode(xdr, len); 491 if (unlikely(p == NULL)) 492 return htonl(NFS4ERR_BADXDR); 493 494 /* Only try to decode if the length is right */ 495 if (len == 20) { 496 p += 2; /* skip "lock id:" */ 497 args->cbnl_owner.s_dev = be32_to_cpu(*p++); 498 xdr_decode_hyper(p, &args->cbnl_owner.id); 499 args->cbnl_valid = true; 500 } else { 501 args->cbnl_owner.s_dev = 0; 502 args->cbnl_owner.id = 0; 503 args->cbnl_valid = false; 504 } 505 return 0; 506 } 507 508 static __be32 decode_notify_lock_args(struct svc_rqst *rqstp, 509 struct xdr_stream *xdr, void *argp) 510 { 511 struct cb_notify_lock_args *args = argp; 512 __be32 status; 513 514 status = decode_fh(xdr, &args->cbnl_fh); 515 if (unlikely(status != 0)) 516 return status; 517 return decode_lockowner(xdr, args); 518 } 519 520 #endif /* CONFIG_NFS_V4_1 */ 521 #ifdef CONFIG_NFS_V4_2 522 static __be32 decode_write_response(struct xdr_stream *xdr, 523 struct cb_offloadargs *args) 524 { 525 __be32 *p; 526 527 /* skip the always zero field */ 528 p = xdr_inline_decode(xdr, 4); 529 if (unlikely(!p)) 530 goto out; 531 p++; 532 533 /* decode count, stable_how, verifier */ 534 p = xdr_inline_decode(xdr, 8 + 4); 535 if (unlikely(!p)) 536 goto out; 537 p = xdr_decode_hyper(p, &args->wr_count); 538 args->wr_writeverf.committed = be32_to_cpup(p); 539 p = xdr_inline_decode(xdr, NFS4_VERIFIER_SIZE); 540 if (likely(p)) { 541 memcpy(&args->wr_writeverf.verifier.data[0], p, 542 NFS4_VERIFIER_SIZE); 543 return 0; 544 } 545 out: 546 return htonl(NFS4ERR_RESOURCE); 547 } 548 549 static __be32 decode_offload_args(struct svc_rqst *rqstp, 550 struct xdr_stream *xdr, 551 void *data) 552 { 553 struct cb_offloadargs *args = data; 554 __be32 *p; 555 __be32 status; 556 557 /* decode fh */ 558 status = decode_fh(xdr, &args->coa_fh); 559 if (unlikely(status != 0)) 560 return status; 561 562 /* decode stateid */ 563 status = decode_stateid(xdr, &args->coa_stateid); 564 if (unlikely(status != 0)) 565 return status; 566 567 /* decode status */ 568 p = xdr_inline_decode(xdr, 4); 569 if (unlikely(!p)) 570 goto out; 571 args->error = ntohl(*p++); 572 if (!args->error) { 573 status = decode_write_response(xdr, args); 574 if (unlikely(status != 0)) 575 return status; 576 } else { 577 p = xdr_inline_decode(xdr, 8); 578 if (unlikely(!p)) 579 goto out; 580 p = xdr_decode_hyper(p, &args->wr_count); 581 } 582 return 0; 583 out: 584 return htonl(NFS4ERR_RESOURCE); 585 } 586 #endif /* CONFIG_NFS_V4_2 */ 587 static __be32 encode_string(struct xdr_stream *xdr, unsigned int len, const char *str) 588 { 589 if (unlikely(xdr_stream_encode_opaque(xdr, str, len) < 0)) 590 return cpu_to_be32(NFS4ERR_RESOURCE); 591 return 0; 592 } 593 594 static __be32 encode_attr_bitmap(struct xdr_stream *xdr, const uint32_t *bitmap, size_t sz) 595 { 596 if (xdr_stream_encode_uint32_array(xdr, bitmap, sz) < 0) 597 return cpu_to_be32(NFS4ERR_RESOURCE); 598 return 0; 599 } 600 601 static __be32 encode_attr_change(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t change) 602 { 603 __be32 *p; 604 605 if (!(bitmap[0] & FATTR4_WORD0_CHANGE)) 606 return 0; 607 p = xdr_reserve_space(xdr, 8); 608 if (unlikely(!p)) 609 return htonl(NFS4ERR_RESOURCE); 610 p = xdr_encode_hyper(p, change); 611 return 0; 612 } 613 614 static __be32 encode_attr_size(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t size) 615 { 616 __be32 *p; 617 618 if (!(bitmap[0] & FATTR4_WORD0_SIZE)) 619 return 0; 620 p = xdr_reserve_space(xdr, 8); 621 if (unlikely(!p)) 622 return htonl(NFS4ERR_RESOURCE); 623 p = xdr_encode_hyper(p, size); 624 return 0; 625 } 626 627 static __be32 encode_attr_time(struct xdr_stream *xdr, const struct timespec64 *time) 628 { 629 __be32 *p; 630 631 p = xdr_reserve_space(xdr, 12); 632 if (unlikely(!p)) 633 return htonl(NFS4ERR_RESOURCE); 634 p = xdr_encode_hyper(p, time->tv_sec); 635 *p = htonl(time->tv_nsec); 636 return 0; 637 } 638 639 static __be32 encode_attr_atime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time) 640 { 641 if (!(bitmap[1] & FATTR4_WORD1_TIME_ACCESS)) 642 return 0; 643 return encode_attr_time(xdr,time); 644 } 645 646 static __be32 encode_attr_ctime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time) 647 { 648 if (!(bitmap[1] & FATTR4_WORD1_TIME_METADATA)) 649 return 0; 650 return encode_attr_time(xdr,time); 651 } 652 653 static __be32 encode_attr_mtime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time) 654 { 655 if (!(bitmap[1] & FATTR4_WORD1_TIME_MODIFY)) 656 return 0; 657 return encode_attr_time(xdr,time); 658 } 659 660 static __be32 encode_attr_delegatime(struct xdr_stream *xdr, 661 const uint32_t *bitmap, 662 const struct timespec64 *time) 663 { 664 if (!(bitmap[2] & FATTR4_WORD2_TIME_DELEG_ACCESS)) 665 return 0; 666 return encode_attr_time(xdr,time); 667 } 668 669 static __be32 encode_attr_delegmtime(struct xdr_stream *xdr, 670 const uint32_t *bitmap, 671 const struct timespec64 *time) 672 { 673 if (!(bitmap[2] & FATTR4_WORD2_TIME_DELEG_MODIFY)) 674 return 0; 675 return encode_attr_time(xdr,time); 676 } 677 678 static __be32 encode_compound_hdr_res(struct xdr_stream *xdr, struct cb_compound_hdr_res *hdr) 679 { 680 __be32 status; 681 682 hdr->status = xdr_reserve_space(xdr, 4); 683 if (unlikely(hdr->status == NULL)) 684 return htonl(NFS4ERR_RESOURCE); 685 status = encode_string(xdr, hdr->taglen, hdr->tag); 686 if (unlikely(status != 0)) 687 return status; 688 hdr->nops = xdr_reserve_space(xdr, 4); 689 if (unlikely(hdr->nops == NULL)) 690 return htonl(NFS4ERR_RESOURCE); 691 return 0; 692 } 693 694 static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res) 695 { 696 __be32 *p; 697 698 p = xdr_reserve_space(xdr, 8); 699 if (unlikely(p == NULL)) 700 return htonl(NFS4ERR_RESOURCE_HDR); 701 *p++ = htonl(op); 702 *p = res; 703 return 0; 704 } 705 706 static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr, 707 const void *resp) 708 { 709 const struct cb_getattrres *res = resp; 710 __be32 *savep = NULL; 711 __be32 status = res->status; 712 713 if (unlikely(status != 0)) 714 goto out; 715 status = encode_attr_bitmap(xdr, res->bitmap, ARRAY_SIZE(res->bitmap)); 716 if (unlikely(status != 0)) 717 goto out; 718 status = cpu_to_be32(NFS4ERR_RESOURCE); 719 savep = xdr_reserve_space(xdr, sizeof(*savep)); 720 if (unlikely(!savep)) 721 goto out; 722 status = encode_attr_change(xdr, res->bitmap, res->change_attr); 723 if (unlikely(status != 0)) 724 goto out; 725 status = encode_attr_size(xdr, res->bitmap, res->size); 726 if (unlikely(status != 0)) 727 goto out; 728 status = encode_attr_atime(xdr, res->bitmap, &res->atime); 729 if (unlikely(status != 0)) 730 goto out; 731 status = encode_attr_ctime(xdr, res->bitmap, &res->ctime); 732 if (unlikely(status != 0)) 733 goto out; 734 status = encode_attr_mtime(xdr, res->bitmap, &res->mtime); 735 if (unlikely(status != 0)) 736 goto out; 737 status = encode_attr_delegatime(xdr, res->bitmap, &res->atime); 738 if (unlikely(status != 0)) 739 goto out; 740 status = encode_attr_delegmtime(xdr, res->bitmap, &res->mtime); 741 *savep = htonl((unsigned int)((char *)xdr->p - (char *)(savep+1))); 742 out: 743 return status; 744 } 745 746 #if defined(CONFIG_NFS_V4_1) 747 748 static __be32 encode_sessionid(struct xdr_stream *xdr, 749 const struct nfs4_sessionid *sid) 750 { 751 __be32 *p; 752 753 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN); 754 if (unlikely(p == NULL)) 755 return htonl(NFS4ERR_RESOURCE); 756 757 memcpy(p, sid, NFS4_MAX_SESSIONID_LEN); 758 return 0; 759 } 760 761 static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp, 762 struct xdr_stream *xdr, 763 const void *resp) 764 { 765 const struct cb_sequenceres *res = resp; 766 __be32 *p; 767 __be32 status = res->csr_status; 768 769 if (unlikely(status != 0)) 770 return status; 771 772 status = encode_sessionid(xdr, &res->csr_sessionid); 773 if (status) 774 return status; 775 776 p = xdr_reserve_space(xdr, 4 * sizeof(uint32_t)); 777 if (unlikely(p == NULL)) 778 return htonl(NFS4ERR_RESOURCE); 779 780 *p++ = htonl(res->csr_sequenceid); 781 *p++ = htonl(res->csr_slotid); 782 *p++ = htonl(res->csr_highestslotid); 783 *p++ = htonl(res->csr_target_highestslotid); 784 return 0; 785 } 786 787 static __be32 788 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op) 789 { 790 if (op_nr == OP_CB_SEQUENCE) { 791 if (nop != 0) 792 return htonl(NFS4ERR_SEQUENCE_POS); 793 } else { 794 if (nop == 0) 795 return htonl(NFS4ERR_OP_NOT_IN_SESSION); 796 } 797 798 switch (op_nr) { 799 case OP_CB_GETATTR: 800 case OP_CB_RECALL: 801 case OP_CB_SEQUENCE: 802 case OP_CB_RECALL_ANY: 803 case OP_CB_RECALL_SLOT: 804 case OP_CB_LAYOUTRECALL: 805 case OP_CB_NOTIFY_DEVICEID: 806 case OP_CB_NOTIFY_LOCK: 807 *op = &callback_ops[op_nr]; 808 break; 809 810 case OP_CB_NOTIFY: 811 case OP_CB_PUSH_DELEG: 812 case OP_CB_RECALLABLE_OBJ_AVAIL: 813 case OP_CB_WANTS_CANCELLED: 814 return htonl(NFS4ERR_NOTSUPP); 815 816 default: 817 return htonl(NFS4ERR_OP_ILLEGAL); 818 } 819 820 return htonl(NFS_OK); 821 } 822 823 static void nfs4_callback_free_slot(struct nfs4_session *session, 824 struct nfs4_slot *slot) 825 { 826 struct nfs4_slot_table *tbl = &session->bc_slot_table; 827 828 spin_lock(&tbl->slot_tbl_lock); 829 /* 830 * Let the state manager know callback processing done. 831 * A single slot, so highest used slotid is either 0 or -1 832 */ 833 nfs4_free_slot(tbl, slot); 834 spin_unlock(&tbl->slot_tbl_lock); 835 } 836 837 static void nfs4_cb_free_slot(struct cb_process_state *cps) 838 { 839 if (cps->slot) { 840 nfs4_callback_free_slot(cps->clp->cl_session, cps->slot); 841 cps->slot = NULL; 842 } 843 } 844 845 #else /* CONFIG_NFS_V4_1 */ 846 847 static __be32 848 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op) 849 { 850 return htonl(NFS4ERR_MINOR_VERS_MISMATCH); 851 } 852 853 static void nfs4_cb_free_slot(struct cb_process_state *cps) 854 { 855 } 856 #endif /* CONFIG_NFS_V4_1 */ 857 858 #ifdef CONFIG_NFS_V4_2 859 static __be32 860 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op) 861 { 862 __be32 status = preprocess_nfs41_op(nop, op_nr, op); 863 if (status != htonl(NFS4ERR_OP_ILLEGAL)) 864 return status; 865 866 if (op_nr == OP_CB_OFFLOAD) { 867 *op = &callback_ops[op_nr]; 868 return htonl(NFS_OK); 869 } else 870 return htonl(NFS4ERR_NOTSUPP); 871 return htonl(NFS4ERR_OP_ILLEGAL); 872 } 873 #else /* CONFIG_NFS_V4_2 */ 874 static __be32 875 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op) 876 { 877 return htonl(NFS4ERR_MINOR_VERS_MISMATCH); 878 } 879 #endif /* CONFIG_NFS_V4_2 */ 880 881 static __be32 882 preprocess_nfs4_op(unsigned int op_nr, struct callback_op **op) 883 { 884 switch (op_nr) { 885 case OP_CB_GETATTR: 886 case OP_CB_RECALL: 887 *op = &callback_ops[op_nr]; 888 break; 889 default: 890 return htonl(NFS4ERR_OP_ILLEGAL); 891 } 892 893 return htonl(NFS_OK); 894 } 895 896 static __be32 process_op(int nop, struct svc_rqst *rqstp, 897 struct cb_process_state *cps) 898 { 899 struct xdr_stream *xdr_out = &rqstp->rq_res_stream; 900 struct callback_op *op = &callback_ops[0]; 901 unsigned int op_nr; 902 __be32 status; 903 long maxlen; 904 __be32 res; 905 906 status = decode_op_hdr(&rqstp->rq_arg_stream, &op_nr); 907 if (unlikely(status)) 908 return status; 909 910 switch (cps->minorversion) { 911 case 0: 912 status = preprocess_nfs4_op(op_nr, &op); 913 break; 914 case 1: 915 status = preprocess_nfs41_op(nop, op_nr, &op); 916 break; 917 case 2: 918 status = preprocess_nfs42_op(nop, op_nr, &op); 919 break; 920 default: 921 status = htonl(NFS4ERR_MINOR_VERS_MISMATCH); 922 } 923 924 if (status == htonl(NFS4ERR_OP_ILLEGAL)) 925 op_nr = OP_CB_ILLEGAL; 926 if (status) 927 goto encode_hdr; 928 929 if (cps->drc_status) { 930 status = cps->drc_status; 931 goto encode_hdr; 932 } 933 934 maxlen = xdr_out->end - xdr_out->p; 935 if (maxlen > 0 && maxlen < PAGE_SIZE) { 936 status = op->decode_args(rqstp, &rqstp->rq_arg_stream, 937 rqstp->rq_argp); 938 if (likely(status == 0)) 939 status = op->process_op(rqstp->rq_argp, rqstp->rq_resp, 940 cps); 941 } else 942 status = htonl(NFS4ERR_RESOURCE); 943 944 encode_hdr: 945 res = encode_op_hdr(xdr_out, op_nr, status); 946 if (unlikely(res)) 947 return res; 948 if (op->encode_res != NULL && status == 0) 949 status = op->encode_res(rqstp, xdr_out, rqstp->rq_resp); 950 return status; 951 } 952 953 /* 954 * Decode, process and encode a COMPOUND 955 */ 956 static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) 957 { 958 struct cb_compound_hdr_arg hdr_arg = { 0 }; 959 struct cb_compound_hdr_res hdr_res = { NULL }; 960 struct cb_process_state cps = { 961 .drc_status = 0, 962 .clp = NULL, 963 .net = SVC_NET(rqstp), 964 }; 965 unsigned int nops = 0; 966 __be32 status; 967 968 status = decode_compound_hdr_arg(&rqstp->rq_arg_stream, &hdr_arg); 969 if (status == htonl(NFS4ERR_RESOURCE)) 970 return rpc_garbage_args; 971 972 if (hdr_arg.minorversion == 0) { 973 cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident); 974 if (!cps.clp) { 975 trace_nfs_cb_no_clp(rqstp->rq_xid, hdr_arg.cb_ident); 976 goto out_invalidcred; 977 } 978 if (!check_gss_callback_principal(cps.clp, rqstp)) { 979 trace_nfs_cb_badprinc(rqstp->rq_xid, hdr_arg.cb_ident); 980 nfs_put_client(cps.clp); 981 goto out_invalidcred; 982 } 983 } 984 985 cps.minorversion = hdr_arg.minorversion; 986 hdr_res.taglen = hdr_arg.taglen; 987 hdr_res.tag = hdr_arg.tag; 988 if (encode_compound_hdr_res(&rqstp->rq_res_stream, &hdr_res) != 0) { 989 if (cps.clp) 990 nfs_put_client(cps.clp); 991 return rpc_system_err; 992 } 993 while (status == 0 && nops != hdr_arg.nops) { 994 status = process_op(nops, rqstp, &cps); 995 nops++; 996 } 997 998 /* Buffer overflow in decode_ops_hdr or encode_ops_hdr. Return 999 * resource error in cb_compound status without returning op */ 1000 if (unlikely(status == htonl(NFS4ERR_RESOURCE_HDR))) { 1001 status = htonl(NFS4ERR_RESOURCE); 1002 nops--; 1003 } 1004 1005 if (svc_is_backchannel(rqstp) && cps.clp) { 1006 rqstp->bc_to_initval = cps.clp->cl_rpcclient->cl_timeout->to_initval; 1007 rqstp->bc_to_retries = cps.clp->cl_rpcclient->cl_timeout->to_retries; 1008 } 1009 1010 *hdr_res.status = status; 1011 *hdr_res.nops = htonl(nops); 1012 nfs4_cb_free_slot(&cps); 1013 nfs_put_client(cps.clp); 1014 return rpc_success; 1015 1016 out_invalidcred: 1017 pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n"); 1018 rqstp->rq_auth_stat = rpc_autherr_badcred; 1019 return rpc_success; 1020 } 1021 1022 static int 1023 nfs_callback_dispatch(struct svc_rqst *rqstp) 1024 { 1025 const struct svc_procedure *procp = rqstp->rq_procinfo; 1026 1027 *rqstp->rq_accept_statp = procp->pc_func(rqstp); 1028 return 1; 1029 } 1030 1031 /* 1032 * Define NFS4 callback COMPOUND ops. 1033 */ 1034 static struct callback_op callback_ops[] = { 1035 [0] = { 1036 .res_maxsize = CB_OP_HDR_RES_MAXSZ, 1037 }, 1038 [OP_CB_GETATTR] = { 1039 .process_op = nfs4_callback_getattr, 1040 .decode_args = decode_getattr_args, 1041 .encode_res = encode_getattr_res, 1042 .res_maxsize = CB_OP_GETATTR_RES_MAXSZ, 1043 }, 1044 [OP_CB_RECALL] = { 1045 .process_op = nfs4_callback_recall, 1046 .decode_args = decode_recall_args, 1047 .res_maxsize = CB_OP_RECALL_RES_MAXSZ, 1048 }, 1049 #if defined(CONFIG_NFS_V4_1) 1050 [OP_CB_LAYOUTRECALL] = { 1051 .process_op = nfs4_callback_layoutrecall, 1052 .decode_args = decode_layoutrecall_args, 1053 .res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ, 1054 }, 1055 [OP_CB_NOTIFY_DEVICEID] = { 1056 .process_op = nfs4_callback_devicenotify, 1057 .decode_args = decode_devicenotify_args, 1058 .res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ, 1059 }, 1060 [OP_CB_SEQUENCE] = { 1061 .process_op = nfs4_callback_sequence, 1062 .decode_args = decode_cb_sequence_args, 1063 .encode_res = encode_cb_sequence_res, 1064 .res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ, 1065 }, 1066 [OP_CB_RECALL_ANY] = { 1067 .process_op = nfs4_callback_recallany, 1068 .decode_args = decode_recallany_args, 1069 .res_maxsize = CB_OP_RECALLANY_RES_MAXSZ, 1070 }, 1071 [OP_CB_RECALL_SLOT] = { 1072 .process_op = nfs4_callback_recallslot, 1073 .decode_args = decode_recallslot_args, 1074 .res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ, 1075 }, 1076 [OP_CB_NOTIFY_LOCK] = { 1077 .process_op = nfs4_callback_notify_lock, 1078 .decode_args = decode_notify_lock_args, 1079 .res_maxsize = CB_OP_NOTIFY_LOCK_RES_MAXSZ, 1080 }, 1081 #endif /* CONFIG_NFS_V4_1 */ 1082 #ifdef CONFIG_NFS_V4_2 1083 [OP_CB_OFFLOAD] = { 1084 .process_op = nfs4_callback_offload, 1085 .decode_args = decode_offload_args, 1086 .res_maxsize = CB_OP_OFFLOAD_RES_MAXSZ, 1087 }, 1088 #endif /* CONFIG_NFS_V4_2 */ 1089 }; 1090 1091 /* 1092 * Define NFS4 callback procedures 1093 */ 1094 static const struct svc_procedure nfs4_callback_procedures1[] = { 1095 [CB_NULL] = { 1096 .pc_func = nfs4_callback_null, 1097 .pc_encode = nfs4_encode_void, 1098 .pc_xdrressize = 1, 1099 .pc_name = "NULL", 1100 }, 1101 [CB_COMPOUND] = { 1102 .pc_func = nfs4_callback_compound, 1103 .pc_encode = nfs4_encode_void, 1104 .pc_argsize = 256, 1105 .pc_argzero = 256, 1106 .pc_ressize = 256, 1107 .pc_xdrressize = NFS4_CALLBACK_BUFSIZE, 1108 .pc_name = "COMPOUND", 1109 } 1110 }; 1111 1112 static DEFINE_PER_CPU_ALIGNED(unsigned long, 1113 nfs4_callback_count1[ARRAY_SIZE(nfs4_callback_procedures1)]); 1114 const struct svc_version nfs4_callback_version1 = { 1115 .vs_vers = 1, 1116 .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1), 1117 .vs_proc = nfs4_callback_procedures1, 1118 .vs_count = nfs4_callback_count1, 1119 .vs_xdrsize = NFS4_CALLBACK_XDRSIZE, 1120 .vs_dispatch = nfs_callback_dispatch, 1121 .vs_hidden = true, 1122 .vs_need_cong_ctrl = true, 1123 }; 1124 1125 static DEFINE_PER_CPU_ALIGNED(unsigned long, 1126 nfs4_callback_count4[ARRAY_SIZE(nfs4_callback_procedures1)]); 1127 const struct svc_version nfs4_callback_version4 = { 1128 .vs_vers = 4, 1129 .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1), 1130 .vs_proc = nfs4_callback_procedures1, 1131 .vs_count = nfs4_callback_count4, 1132 .vs_xdrsize = NFS4_CALLBACK_XDRSIZE, 1133 .vs_dispatch = nfs_callback_dispatch, 1134 .vs_hidden = true, 1135 .vs_need_cong_ctrl = true, 1136 }; 1137