0001
0002
0003
0004
0005
0006
0007
0008
0009 #include <linux/kernel.h>
0010 #include <linux/sunrpc/svc.h>
0011 #include <linux/nfs4.h>
0012 #include <linux/nfs_fs.h>
0013 #include <linux/ratelimit.h>
0014 #include <linux/printk.h>
0015 #include <linux/slab.h>
0016 #include <linux/sunrpc/bc_xprt.h>
0017 #include "nfs4_fs.h"
0018 #include "callback.h"
0019 #include "internal.h"
0020 #include "nfs4session.h"
0021 #include "nfs4trace.h"
0022
0023 #define CB_OP_TAGLEN_MAXSZ (512)
0024 #define CB_OP_HDR_RES_MAXSZ (2 * 4)
0025 #define CB_OP_GETATTR_BITMAP_MAXSZ (4 * 4)
0026 #define CB_OP_GETATTR_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \
0027 CB_OP_GETATTR_BITMAP_MAXSZ + \
0028 \
0029 (2 + 2 + 3 + 3) * 4)
0030 #define CB_OP_RECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0031
0032 #if defined(CONFIG_NFS_V4_1)
0033 #define CB_OP_LAYOUTRECALL_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0034 #define CB_OP_DEVICENOTIFY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0035 #define CB_OP_SEQUENCE_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ + \
0036 NFS4_MAX_SESSIONID_LEN + \
0037 (1 + 3) * 4)
0038 #define CB_OP_RECALLANY_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0039 #define CB_OP_RECALLSLOT_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0040 #define CB_OP_NOTIFY_LOCK_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0041 #endif
0042 #ifdef CONFIG_NFS_V4_2
0043 #define CB_OP_OFFLOAD_RES_MAXSZ (CB_OP_HDR_RES_MAXSZ)
0044 #endif
0045
0046 #define NFSDBG_FACILITY NFSDBG_CALLBACK
0047
0048
0049 #define NFS4ERR_RESOURCE_HDR 11050
0050
0051 struct callback_op {
0052 __be32 (*process_op)(void *, void *, struct cb_process_state *);
0053 __be32 (*decode_args)(struct svc_rqst *, struct xdr_stream *, void *);
0054 __be32 (*encode_res)(struct svc_rqst *, struct xdr_stream *,
0055 const void *);
0056 long res_maxsize;
0057 };
0058
0059 static struct callback_op callback_ops[];
0060
0061 static __be32 nfs4_callback_null(struct svc_rqst *rqstp)
0062 {
0063 return htonl(NFS4_OK);
0064 }
0065
0066
0067
0068
0069
0070 static bool nfs4_encode_void(struct svc_rqst *rqstp, struct xdr_stream *xdr)
0071 {
0072 return true;
0073 }
0074
0075 static __be32 decode_string(struct xdr_stream *xdr, unsigned int *len,
0076 const char **str, size_t maxlen)
0077 {
0078 ssize_t err;
0079
0080 err = xdr_stream_decode_opaque_inline(xdr, (void **)str, maxlen);
0081 if (err < 0)
0082 return cpu_to_be32(NFS4ERR_RESOURCE);
0083 *len = err;
0084 return 0;
0085 }
0086
0087 static __be32 decode_fh(struct xdr_stream *xdr, struct nfs_fh *fh)
0088 {
0089 __be32 *p;
0090
0091 p = xdr_inline_decode(xdr, 4);
0092 if (unlikely(p == NULL))
0093 return htonl(NFS4ERR_RESOURCE);
0094 fh->size = ntohl(*p);
0095 if (fh->size > NFS4_FHSIZE)
0096 return htonl(NFS4ERR_BADHANDLE);
0097 p = xdr_inline_decode(xdr, fh->size);
0098 if (unlikely(p == NULL))
0099 return htonl(NFS4ERR_RESOURCE);
0100 memcpy(&fh->data[0], p, fh->size);
0101 memset(&fh->data[fh->size], 0, sizeof(fh->data) - fh->size);
0102 return 0;
0103 }
0104
0105 static __be32 decode_bitmap(struct xdr_stream *xdr, uint32_t *bitmap)
0106 {
0107 __be32 *p;
0108 unsigned int attrlen;
0109
0110 p = xdr_inline_decode(xdr, 4);
0111 if (unlikely(p == NULL))
0112 return htonl(NFS4ERR_RESOURCE);
0113 attrlen = ntohl(*p);
0114 p = xdr_inline_decode(xdr, attrlen << 2);
0115 if (unlikely(p == NULL))
0116 return htonl(NFS4ERR_RESOURCE);
0117 if (likely(attrlen > 0))
0118 bitmap[0] = ntohl(*p++);
0119 if (attrlen > 1)
0120 bitmap[1] = ntohl(*p);
0121 return 0;
0122 }
0123
0124 static __be32 decode_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
0125 {
0126 __be32 *p;
0127
0128 p = xdr_inline_decode(xdr, NFS4_STATEID_SIZE);
0129 if (unlikely(p == NULL))
0130 return htonl(NFS4ERR_RESOURCE);
0131 memcpy(stateid->data, p, NFS4_STATEID_SIZE);
0132 return 0;
0133 }
0134
0135 static __be32 decode_delegation_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
0136 {
0137 stateid->type = NFS4_DELEGATION_STATEID_TYPE;
0138 return decode_stateid(xdr, stateid);
0139 }
0140
0141 static __be32 decode_compound_hdr_arg(struct xdr_stream *xdr, struct cb_compound_hdr_arg *hdr)
0142 {
0143 __be32 *p;
0144 __be32 status;
0145
0146 status = decode_string(xdr, &hdr->taglen, &hdr->tag, CB_OP_TAGLEN_MAXSZ);
0147 if (unlikely(status != 0))
0148 return status;
0149 p = xdr_inline_decode(xdr, 12);
0150 if (unlikely(p == NULL))
0151 return htonl(NFS4ERR_RESOURCE);
0152 hdr->minorversion = ntohl(*p++);
0153
0154 if (hdr->minorversion <= NFS4_MAX_MINOR_VERSION) {
0155 hdr->cb_ident = ntohl(*p++);
0156 } else {
0157 pr_warn_ratelimited("NFS: %s: NFSv4 server callback with "
0158 "illegal minor version %u!\n",
0159 __func__, hdr->minorversion);
0160 return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
0161 }
0162 hdr->nops = ntohl(*p);
0163 return 0;
0164 }
0165
0166 static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op)
0167 {
0168 __be32 *p;
0169 p = xdr_inline_decode(xdr, 4);
0170 if (unlikely(p == NULL))
0171 return htonl(NFS4ERR_RESOURCE_HDR);
0172 *op = ntohl(*p);
0173 return 0;
0174 }
0175
0176 static __be32 decode_getattr_args(struct svc_rqst *rqstp,
0177 struct xdr_stream *xdr, void *argp)
0178 {
0179 struct cb_getattrargs *args = argp;
0180 __be32 status;
0181
0182 status = decode_fh(xdr, &args->fh);
0183 if (unlikely(status != 0))
0184 return status;
0185 return decode_bitmap(xdr, args->bitmap);
0186 }
0187
0188 static __be32 decode_recall_args(struct svc_rqst *rqstp,
0189 struct xdr_stream *xdr, void *argp)
0190 {
0191 struct cb_recallargs *args = argp;
0192 __be32 *p;
0193 __be32 status;
0194
0195 status = decode_delegation_stateid(xdr, &args->stateid);
0196 if (unlikely(status != 0))
0197 return status;
0198 p = xdr_inline_decode(xdr, 4);
0199 if (unlikely(p == NULL))
0200 return htonl(NFS4ERR_RESOURCE);
0201 args->truncate = ntohl(*p);
0202 return decode_fh(xdr, &args->fh);
0203 }
0204
0205 #if defined(CONFIG_NFS_V4_1)
0206 static __be32 decode_layout_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
0207 {
0208 stateid->type = NFS4_LAYOUT_STATEID_TYPE;
0209 return decode_stateid(xdr, stateid);
0210 }
0211
0212 static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp,
0213 struct xdr_stream *xdr, void *argp)
0214 {
0215 struct cb_layoutrecallargs *args = argp;
0216 __be32 *p;
0217 __be32 status = 0;
0218 uint32_t iomode;
0219
0220 p = xdr_inline_decode(xdr, 4 * sizeof(uint32_t));
0221 if (unlikely(p == NULL))
0222 return htonl(NFS4ERR_BADXDR);
0223
0224 args->cbl_layout_type = ntohl(*p++);
0225
0226
0227
0228 iomode = ntohl(*p++);
0229 args->cbl_layoutchanged = ntohl(*p++);
0230 args->cbl_recall_type = ntohl(*p++);
0231
0232 if (args->cbl_recall_type == RETURN_FILE) {
0233 args->cbl_range.iomode = iomode;
0234 status = decode_fh(xdr, &args->cbl_fh);
0235 if (unlikely(status != 0))
0236 return status;
0237
0238 p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t));
0239 if (unlikely(p == NULL))
0240 return htonl(NFS4ERR_BADXDR);
0241 p = xdr_decode_hyper(p, &args->cbl_range.offset);
0242 p = xdr_decode_hyper(p, &args->cbl_range.length);
0243 return decode_layout_stateid(xdr, &args->cbl_stateid);
0244 } else if (args->cbl_recall_type == RETURN_FSID) {
0245 p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t));
0246 if (unlikely(p == NULL))
0247 return htonl(NFS4ERR_BADXDR);
0248 p = xdr_decode_hyper(p, &args->cbl_fsid.major);
0249 p = xdr_decode_hyper(p, &args->cbl_fsid.minor);
0250 } else if (args->cbl_recall_type != RETURN_ALL)
0251 return htonl(NFS4ERR_BADXDR);
0252 return 0;
0253 }
0254
0255 static
0256 __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
0257 struct xdr_stream *xdr,
0258 void *argp)
0259 {
0260 struct cb_devicenotifyargs *args = argp;
0261 uint32_t tmp, n, i;
0262 __be32 *p;
0263 __be32 status = 0;
0264
0265
0266 p = xdr_inline_decode(xdr, sizeof(uint32_t));
0267 if (unlikely(p == NULL)) {
0268 status = htonl(NFS4ERR_BADXDR);
0269 goto out;
0270 }
0271 n = ntohl(*p++);
0272 if (n == 0)
0273 goto out;
0274
0275 args->devs = kmalloc_array(n, sizeof(*args->devs), GFP_KERNEL);
0276 if (!args->devs) {
0277 status = htonl(NFS4ERR_DELAY);
0278 goto out;
0279 }
0280
0281
0282 for (i = 0; i < n; i++) {
0283 struct cb_devicenotifyitem *dev = &args->devs[i];
0284
0285 p = xdr_inline_decode(xdr, (4 * sizeof(uint32_t)) +
0286 NFS4_DEVICEID4_SIZE);
0287 if (unlikely(p == NULL)) {
0288 status = htonl(NFS4ERR_BADXDR);
0289 goto err;
0290 }
0291
0292 tmp = ntohl(*p++);
0293 if (tmp != 1) {
0294 status = htonl(NFS4ERR_INVAL);
0295 goto err;
0296 }
0297 dev->cbd_notify_type = ntohl(*p++);
0298 if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE &&
0299 dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) {
0300 status = htonl(NFS4ERR_INVAL);
0301 goto err;
0302 }
0303
0304 tmp = ntohl(*p++);
0305 if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) &&
0306 (tmp != NFS4_DEVICEID4_SIZE + 8)) ||
0307 ((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) &&
0308 (tmp != NFS4_DEVICEID4_SIZE + 4))) {
0309 status = htonl(NFS4ERR_INVAL);
0310 goto err;
0311 }
0312 dev->cbd_layout_type = ntohl(*p++);
0313 memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE);
0314 p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE);
0315
0316 if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) {
0317 p = xdr_inline_decode(xdr, sizeof(uint32_t));
0318 if (unlikely(p == NULL)) {
0319 status = htonl(NFS4ERR_BADXDR);
0320 goto err;
0321 }
0322 dev->cbd_immediate = ntohl(*p++);
0323 } else {
0324 dev->cbd_immediate = 0;
0325 }
0326
0327 dprintk("%s: type %d layout 0x%x immediate %d\n",
0328 __func__, dev->cbd_notify_type, dev->cbd_layout_type,
0329 dev->cbd_immediate);
0330 }
0331 args->ndevs = n;
0332 dprintk("%s: ndevs %d\n", __func__, args->ndevs);
0333 return 0;
0334 err:
0335 kfree(args->devs);
0336 out:
0337 args->devs = NULL;
0338 args->ndevs = 0;
0339 dprintk("%s: status %d ndevs %d\n",
0340 __func__, ntohl(status), args->ndevs);
0341 return status;
0342 }
0343
0344 static __be32 decode_sessionid(struct xdr_stream *xdr,
0345 struct nfs4_sessionid *sid)
0346 {
0347 __be32 *p;
0348
0349 p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN);
0350 if (unlikely(p == NULL))
0351 return htonl(NFS4ERR_RESOURCE);
0352
0353 memcpy(sid->data, p, NFS4_MAX_SESSIONID_LEN);
0354 return 0;
0355 }
0356
0357 static __be32 decode_rc_list(struct xdr_stream *xdr,
0358 struct referring_call_list *rc_list)
0359 {
0360 __be32 *p;
0361 int i;
0362 __be32 status;
0363
0364 status = decode_sessionid(xdr, &rc_list->rcl_sessionid);
0365 if (status)
0366 goto out;
0367
0368 status = htonl(NFS4ERR_RESOURCE);
0369 p = xdr_inline_decode(xdr, sizeof(uint32_t));
0370 if (unlikely(p == NULL))
0371 goto out;
0372
0373 rc_list->rcl_nrefcalls = ntohl(*p++);
0374 if (rc_list->rcl_nrefcalls) {
0375 p = xdr_inline_decode(xdr,
0376 rc_list->rcl_nrefcalls * 2 * sizeof(uint32_t));
0377 if (unlikely(p == NULL))
0378 goto out;
0379 rc_list->rcl_refcalls = kmalloc_array(rc_list->rcl_nrefcalls,
0380 sizeof(*rc_list->rcl_refcalls),
0381 GFP_KERNEL);
0382 if (unlikely(rc_list->rcl_refcalls == NULL))
0383 goto out;
0384 for (i = 0; i < rc_list->rcl_nrefcalls; i++) {
0385 rc_list->rcl_refcalls[i].rc_sequenceid = ntohl(*p++);
0386 rc_list->rcl_refcalls[i].rc_slotid = ntohl(*p++);
0387 }
0388 }
0389 status = 0;
0390
0391 out:
0392 return status;
0393 }
0394
0395 static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
0396 struct xdr_stream *xdr,
0397 void *argp)
0398 {
0399 struct cb_sequenceargs *args = argp;
0400 __be32 *p;
0401 int i;
0402 __be32 status;
0403
0404 status = decode_sessionid(xdr, &args->csa_sessionid);
0405 if (status)
0406 return status;
0407
0408 p = xdr_inline_decode(xdr, 5 * sizeof(uint32_t));
0409 if (unlikely(p == NULL))
0410 return htonl(NFS4ERR_RESOURCE);
0411
0412 args->csa_addr = svc_addr(rqstp);
0413 args->csa_sequenceid = ntohl(*p++);
0414 args->csa_slotid = ntohl(*p++);
0415 args->csa_highestslotid = ntohl(*p++);
0416 args->csa_cachethis = ntohl(*p++);
0417 args->csa_nrclists = ntohl(*p++);
0418 args->csa_rclists = NULL;
0419 if (args->csa_nrclists) {
0420 args->csa_rclists = kmalloc_array(args->csa_nrclists,
0421 sizeof(*args->csa_rclists),
0422 GFP_KERNEL);
0423 if (unlikely(args->csa_rclists == NULL))
0424 return htonl(NFS4ERR_RESOURCE);
0425
0426 for (i = 0; i < args->csa_nrclists; i++) {
0427 status = decode_rc_list(xdr, &args->csa_rclists[i]);
0428 if (status) {
0429 args->csa_nrclists = i;
0430 goto out_free;
0431 }
0432 }
0433 }
0434 return 0;
0435
0436 out_free:
0437 for (i = 0; i < args->csa_nrclists; i++)
0438 kfree(args->csa_rclists[i].rcl_refcalls);
0439 kfree(args->csa_rclists);
0440 return status;
0441 }
0442
0443 static __be32 decode_recallany_args(struct svc_rqst *rqstp,
0444 struct xdr_stream *xdr,
0445 void *argp)
0446 {
0447 struct cb_recallanyargs *args = argp;
0448 uint32_t bitmap[2];
0449 __be32 *p, status;
0450
0451 p = xdr_inline_decode(xdr, 4);
0452 if (unlikely(p == NULL))
0453 return htonl(NFS4ERR_BADXDR);
0454 args->craa_objs_to_keep = ntohl(*p++);
0455 status = decode_bitmap(xdr, bitmap);
0456 if (unlikely(status))
0457 return status;
0458 args->craa_type_mask = bitmap[0];
0459
0460 return 0;
0461 }
0462
0463 static __be32 decode_recallslot_args(struct svc_rqst *rqstp,
0464 struct xdr_stream *xdr,
0465 void *argp)
0466 {
0467 struct cb_recallslotargs *args = argp;
0468 __be32 *p;
0469
0470 p = xdr_inline_decode(xdr, 4);
0471 if (unlikely(p == NULL))
0472 return htonl(NFS4ERR_BADXDR);
0473 args->crsa_target_highest_slotid = ntohl(*p++);
0474 return 0;
0475 }
0476
0477 static __be32 decode_lockowner(struct xdr_stream *xdr, struct cb_notify_lock_args *args)
0478 {
0479 __be32 *p;
0480 unsigned int len;
0481
0482 p = xdr_inline_decode(xdr, 12);
0483 if (unlikely(p == NULL))
0484 return htonl(NFS4ERR_BADXDR);
0485
0486 p = xdr_decode_hyper(p, &args->cbnl_owner.clientid);
0487 len = be32_to_cpu(*p);
0488
0489 p = xdr_inline_decode(xdr, len);
0490 if (unlikely(p == NULL))
0491 return htonl(NFS4ERR_BADXDR);
0492
0493
0494 if (len == 20) {
0495 p += 2;
0496 args->cbnl_owner.s_dev = be32_to_cpu(*p++);
0497 xdr_decode_hyper(p, &args->cbnl_owner.id);
0498 args->cbnl_valid = true;
0499 } else {
0500 args->cbnl_owner.s_dev = 0;
0501 args->cbnl_owner.id = 0;
0502 args->cbnl_valid = false;
0503 }
0504 return 0;
0505 }
0506
0507 static __be32 decode_notify_lock_args(struct svc_rqst *rqstp,
0508 struct xdr_stream *xdr, void *argp)
0509 {
0510 struct cb_notify_lock_args *args = argp;
0511 __be32 status;
0512
0513 status = decode_fh(xdr, &args->cbnl_fh);
0514 if (unlikely(status != 0))
0515 return status;
0516 return decode_lockowner(xdr, args);
0517 }
0518
0519 #endif
0520 #ifdef CONFIG_NFS_V4_2
0521 static __be32 decode_write_response(struct xdr_stream *xdr,
0522 struct cb_offloadargs *args)
0523 {
0524 __be32 *p;
0525
0526
0527 p = xdr_inline_decode(xdr, 4);
0528 if (unlikely(!p))
0529 goto out;
0530 p++;
0531
0532
0533 p = xdr_inline_decode(xdr, 8 + 4);
0534 if (unlikely(!p))
0535 goto out;
0536 p = xdr_decode_hyper(p, &args->wr_count);
0537 args->wr_writeverf.committed = be32_to_cpup(p);
0538 p = xdr_inline_decode(xdr, NFS4_VERIFIER_SIZE);
0539 if (likely(p)) {
0540 memcpy(&args->wr_writeverf.verifier.data[0], p,
0541 NFS4_VERIFIER_SIZE);
0542 return 0;
0543 }
0544 out:
0545 return htonl(NFS4ERR_RESOURCE);
0546 }
0547
0548 static __be32 decode_offload_args(struct svc_rqst *rqstp,
0549 struct xdr_stream *xdr,
0550 void *data)
0551 {
0552 struct cb_offloadargs *args = data;
0553 __be32 *p;
0554 __be32 status;
0555
0556
0557 status = decode_fh(xdr, &args->coa_fh);
0558 if (unlikely(status != 0))
0559 return status;
0560
0561
0562 status = decode_stateid(xdr, &args->coa_stateid);
0563 if (unlikely(status != 0))
0564 return status;
0565
0566
0567 p = xdr_inline_decode(xdr, 4);
0568 if (unlikely(!p))
0569 goto out;
0570 args->error = ntohl(*p++);
0571 if (!args->error) {
0572 status = decode_write_response(xdr, args);
0573 if (unlikely(status != 0))
0574 return status;
0575 } else {
0576 p = xdr_inline_decode(xdr, 8);
0577 if (unlikely(!p))
0578 goto out;
0579 p = xdr_decode_hyper(p, &args->wr_count);
0580 }
0581 return 0;
0582 out:
0583 return htonl(NFS4ERR_RESOURCE);
0584 }
0585 #endif
0586 static __be32 encode_string(struct xdr_stream *xdr, unsigned int len, const char *str)
0587 {
0588 if (unlikely(xdr_stream_encode_opaque(xdr, str, len) < 0))
0589 return cpu_to_be32(NFS4ERR_RESOURCE);
0590 return 0;
0591 }
0592
0593 static __be32 encode_attr_bitmap(struct xdr_stream *xdr, const uint32_t *bitmap, size_t sz)
0594 {
0595 if (xdr_stream_encode_uint32_array(xdr, bitmap, sz) < 0)
0596 return cpu_to_be32(NFS4ERR_RESOURCE);
0597 return 0;
0598 }
0599
0600 static __be32 encode_attr_change(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t change)
0601 {
0602 __be32 *p;
0603
0604 if (!(bitmap[0] & FATTR4_WORD0_CHANGE))
0605 return 0;
0606 p = xdr_reserve_space(xdr, 8);
0607 if (unlikely(!p))
0608 return htonl(NFS4ERR_RESOURCE);
0609 p = xdr_encode_hyper(p, change);
0610 return 0;
0611 }
0612
0613 static __be32 encode_attr_size(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t size)
0614 {
0615 __be32 *p;
0616
0617 if (!(bitmap[0] & FATTR4_WORD0_SIZE))
0618 return 0;
0619 p = xdr_reserve_space(xdr, 8);
0620 if (unlikely(!p))
0621 return htonl(NFS4ERR_RESOURCE);
0622 p = xdr_encode_hyper(p, size);
0623 return 0;
0624 }
0625
0626 static __be32 encode_attr_time(struct xdr_stream *xdr, const struct timespec64 *time)
0627 {
0628 __be32 *p;
0629
0630 p = xdr_reserve_space(xdr, 12);
0631 if (unlikely(!p))
0632 return htonl(NFS4ERR_RESOURCE);
0633 p = xdr_encode_hyper(p, time->tv_sec);
0634 *p = htonl(time->tv_nsec);
0635 return 0;
0636 }
0637
0638 static __be32 encode_attr_ctime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time)
0639 {
0640 if (!(bitmap[1] & FATTR4_WORD1_TIME_METADATA))
0641 return 0;
0642 return encode_attr_time(xdr,time);
0643 }
0644
0645 static __be32 encode_attr_mtime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec64 *time)
0646 {
0647 if (!(bitmap[1] & FATTR4_WORD1_TIME_MODIFY))
0648 return 0;
0649 return encode_attr_time(xdr,time);
0650 }
0651
0652 static __be32 encode_compound_hdr_res(struct xdr_stream *xdr, struct cb_compound_hdr_res *hdr)
0653 {
0654 __be32 status;
0655
0656 hdr->status = xdr_reserve_space(xdr, 4);
0657 if (unlikely(hdr->status == NULL))
0658 return htonl(NFS4ERR_RESOURCE);
0659 status = encode_string(xdr, hdr->taglen, hdr->tag);
0660 if (unlikely(status != 0))
0661 return status;
0662 hdr->nops = xdr_reserve_space(xdr, 4);
0663 if (unlikely(hdr->nops == NULL))
0664 return htonl(NFS4ERR_RESOURCE);
0665 return 0;
0666 }
0667
0668 static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res)
0669 {
0670 __be32 *p;
0671
0672 p = xdr_reserve_space(xdr, 8);
0673 if (unlikely(p == NULL))
0674 return htonl(NFS4ERR_RESOURCE_HDR);
0675 *p++ = htonl(op);
0676 *p = res;
0677 return 0;
0678 }
0679
0680 static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr,
0681 const void *resp)
0682 {
0683 const struct cb_getattrres *res = resp;
0684 __be32 *savep = NULL;
0685 __be32 status = res->status;
0686
0687 if (unlikely(status != 0))
0688 goto out;
0689 status = encode_attr_bitmap(xdr, res->bitmap, ARRAY_SIZE(res->bitmap));
0690 if (unlikely(status != 0))
0691 goto out;
0692 status = cpu_to_be32(NFS4ERR_RESOURCE);
0693 savep = xdr_reserve_space(xdr, sizeof(*savep));
0694 if (unlikely(!savep))
0695 goto out;
0696 status = encode_attr_change(xdr, res->bitmap, res->change_attr);
0697 if (unlikely(status != 0))
0698 goto out;
0699 status = encode_attr_size(xdr, res->bitmap, res->size);
0700 if (unlikely(status != 0))
0701 goto out;
0702 status = encode_attr_ctime(xdr, res->bitmap, &res->ctime);
0703 if (unlikely(status != 0))
0704 goto out;
0705 status = encode_attr_mtime(xdr, res->bitmap, &res->mtime);
0706 *savep = htonl((unsigned int)((char *)xdr->p - (char *)(savep+1)));
0707 out:
0708 return status;
0709 }
0710
0711 #if defined(CONFIG_NFS_V4_1)
0712
0713 static __be32 encode_sessionid(struct xdr_stream *xdr,
0714 const struct nfs4_sessionid *sid)
0715 {
0716 __be32 *p;
0717
0718 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN);
0719 if (unlikely(p == NULL))
0720 return htonl(NFS4ERR_RESOURCE);
0721
0722 memcpy(p, sid, NFS4_MAX_SESSIONID_LEN);
0723 return 0;
0724 }
0725
0726 static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp,
0727 struct xdr_stream *xdr,
0728 const void *resp)
0729 {
0730 const struct cb_sequenceres *res = resp;
0731 __be32 *p;
0732 __be32 status = res->csr_status;
0733
0734 if (unlikely(status != 0))
0735 return status;
0736
0737 status = encode_sessionid(xdr, &res->csr_sessionid);
0738 if (status)
0739 return status;
0740
0741 p = xdr_reserve_space(xdr, 4 * sizeof(uint32_t));
0742 if (unlikely(p == NULL))
0743 return htonl(NFS4ERR_RESOURCE);
0744
0745 *p++ = htonl(res->csr_sequenceid);
0746 *p++ = htonl(res->csr_slotid);
0747 *p++ = htonl(res->csr_highestslotid);
0748 *p++ = htonl(res->csr_target_highestslotid);
0749 return 0;
0750 }
0751
0752 static __be32
0753 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
0754 {
0755 if (op_nr == OP_CB_SEQUENCE) {
0756 if (nop != 0)
0757 return htonl(NFS4ERR_SEQUENCE_POS);
0758 } else {
0759 if (nop == 0)
0760 return htonl(NFS4ERR_OP_NOT_IN_SESSION);
0761 }
0762
0763 switch (op_nr) {
0764 case OP_CB_GETATTR:
0765 case OP_CB_RECALL:
0766 case OP_CB_SEQUENCE:
0767 case OP_CB_RECALL_ANY:
0768 case OP_CB_RECALL_SLOT:
0769 case OP_CB_LAYOUTRECALL:
0770 case OP_CB_NOTIFY_DEVICEID:
0771 case OP_CB_NOTIFY_LOCK:
0772 *op = &callback_ops[op_nr];
0773 break;
0774
0775 case OP_CB_NOTIFY:
0776 case OP_CB_PUSH_DELEG:
0777 case OP_CB_RECALLABLE_OBJ_AVAIL:
0778 case OP_CB_WANTS_CANCELLED:
0779 return htonl(NFS4ERR_NOTSUPP);
0780
0781 default:
0782 return htonl(NFS4ERR_OP_ILLEGAL);
0783 }
0784
0785 return htonl(NFS_OK);
0786 }
0787
0788 static void nfs4_callback_free_slot(struct nfs4_session *session,
0789 struct nfs4_slot *slot)
0790 {
0791 struct nfs4_slot_table *tbl = &session->bc_slot_table;
0792
0793 spin_lock(&tbl->slot_tbl_lock);
0794
0795
0796
0797
0798 nfs4_free_slot(tbl, slot);
0799 spin_unlock(&tbl->slot_tbl_lock);
0800 }
0801
0802 static void nfs4_cb_free_slot(struct cb_process_state *cps)
0803 {
0804 if (cps->slot) {
0805 nfs4_callback_free_slot(cps->clp->cl_session, cps->slot);
0806 cps->slot = NULL;
0807 }
0808 }
0809
0810 #else
0811
0812 static __be32
0813 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
0814 {
0815 return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
0816 }
0817
0818 static void nfs4_cb_free_slot(struct cb_process_state *cps)
0819 {
0820 }
0821 #endif
0822
0823 #ifdef CONFIG_NFS_V4_2
0824 static __be32
0825 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
0826 {
0827 __be32 status = preprocess_nfs41_op(nop, op_nr, op);
0828 if (status != htonl(NFS4ERR_OP_ILLEGAL))
0829 return status;
0830
0831 if (op_nr == OP_CB_OFFLOAD) {
0832 *op = &callback_ops[op_nr];
0833 return htonl(NFS_OK);
0834 } else
0835 return htonl(NFS4ERR_NOTSUPP);
0836 return htonl(NFS4ERR_OP_ILLEGAL);
0837 }
0838 #else
0839 static __be32
0840 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
0841 {
0842 return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
0843 }
0844 #endif
0845
0846 static __be32
0847 preprocess_nfs4_op(unsigned int op_nr, struct callback_op **op)
0848 {
0849 switch (op_nr) {
0850 case OP_CB_GETATTR:
0851 case OP_CB_RECALL:
0852 *op = &callback_ops[op_nr];
0853 break;
0854 default:
0855 return htonl(NFS4ERR_OP_ILLEGAL);
0856 }
0857
0858 return htonl(NFS_OK);
0859 }
0860
0861 static __be32 process_op(int nop, struct svc_rqst *rqstp,
0862 struct cb_process_state *cps)
0863 {
0864 struct xdr_stream *xdr_out = &rqstp->rq_res_stream;
0865 struct callback_op *op = &callback_ops[0];
0866 unsigned int op_nr;
0867 __be32 status;
0868 long maxlen;
0869 __be32 res;
0870
0871 status = decode_op_hdr(&rqstp->rq_arg_stream, &op_nr);
0872 if (unlikely(status))
0873 return status;
0874
0875 switch (cps->minorversion) {
0876 case 0:
0877 status = preprocess_nfs4_op(op_nr, &op);
0878 break;
0879 case 1:
0880 status = preprocess_nfs41_op(nop, op_nr, &op);
0881 break;
0882 case 2:
0883 status = preprocess_nfs42_op(nop, op_nr, &op);
0884 break;
0885 default:
0886 status = htonl(NFS4ERR_MINOR_VERS_MISMATCH);
0887 }
0888
0889 if (status == htonl(NFS4ERR_OP_ILLEGAL))
0890 op_nr = OP_CB_ILLEGAL;
0891 if (status)
0892 goto encode_hdr;
0893
0894 if (cps->drc_status) {
0895 status = cps->drc_status;
0896 goto encode_hdr;
0897 }
0898
0899 maxlen = xdr_out->end - xdr_out->p;
0900 if (maxlen > 0 && maxlen < PAGE_SIZE) {
0901 status = op->decode_args(rqstp, &rqstp->rq_arg_stream,
0902 rqstp->rq_argp);
0903 if (likely(status == 0))
0904 status = op->process_op(rqstp->rq_argp, rqstp->rq_resp,
0905 cps);
0906 } else
0907 status = htonl(NFS4ERR_RESOURCE);
0908
0909 encode_hdr:
0910 res = encode_op_hdr(xdr_out, op_nr, status);
0911 if (unlikely(res))
0912 return res;
0913 if (op->encode_res != NULL && status == 0)
0914 status = op->encode_res(rqstp, xdr_out, rqstp->rq_resp);
0915 return status;
0916 }
0917
0918
0919
0920
0921 static __be32 nfs4_callback_compound(struct svc_rqst *rqstp)
0922 {
0923 struct cb_compound_hdr_arg hdr_arg = { 0 };
0924 struct cb_compound_hdr_res hdr_res = { NULL };
0925 struct cb_process_state cps = {
0926 .drc_status = 0,
0927 .clp = NULL,
0928 .net = SVC_NET(rqstp),
0929 };
0930 unsigned int nops = 0;
0931 __be32 status;
0932
0933 status = decode_compound_hdr_arg(&rqstp->rq_arg_stream, &hdr_arg);
0934 if (status == htonl(NFS4ERR_RESOURCE))
0935 return rpc_garbage_args;
0936
0937 if (hdr_arg.minorversion == 0) {
0938 cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident);
0939 if (!cps.clp) {
0940 trace_nfs_cb_no_clp(rqstp->rq_xid, hdr_arg.cb_ident);
0941 goto out_invalidcred;
0942 }
0943 if (!check_gss_callback_principal(cps.clp, rqstp)) {
0944 trace_nfs_cb_badprinc(rqstp->rq_xid, hdr_arg.cb_ident);
0945 nfs_put_client(cps.clp);
0946 goto out_invalidcred;
0947 }
0948 }
0949
0950 cps.minorversion = hdr_arg.minorversion;
0951 hdr_res.taglen = hdr_arg.taglen;
0952 hdr_res.tag = hdr_arg.tag;
0953 if (encode_compound_hdr_res(&rqstp->rq_res_stream, &hdr_res) != 0) {
0954 if (cps.clp)
0955 nfs_put_client(cps.clp);
0956 return rpc_system_err;
0957 }
0958 while (status == 0 && nops != hdr_arg.nops) {
0959 status = process_op(nops, rqstp, &cps);
0960 nops++;
0961 }
0962
0963
0964
0965 if (unlikely(status == htonl(NFS4ERR_RESOURCE_HDR))) {
0966 status = htonl(NFS4ERR_RESOURCE);
0967 nops--;
0968 }
0969
0970 *hdr_res.status = status;
0971 *hdr_res.nops = htonl(nops);
0972 nfs4_cb_free_slot(&cps);
0973 nfs_put_client(cps.clp);
0974 return rpc_success;
0975
0976 out_invalidcred:
0977 pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n");
0978 rqstp->rq_auth_stat = rpc_autherr_badcred;
0979 return rpc_success;
0980 }
0981
0982 static int
0983 nfs_callback_dispatch(struct svc_rqst *rqstp, __be32 *statp)
0984 {
0985 const struct svc_procedure *procp = rqstp->rq_procinfo;
0986
0987 svcxdr_init_decode(rqstp);
0988 svcxdr_init_encode(rqstp);
0989
0990 *statp = procp->pc_func(rqstp);
0991 return 1;
0992 }
0993
0994
0995
0996
0997 static struct callback_op callback_ops[] = {
0998 [0] = {
0999 .res_maxsize = CB_OP_HDR_RES_MAXSZ,
1000 },
1001 [OP_CB_GETATTR] = {
1002 .process_op = nfs4_callback_getattr,
1003 .decode_args = decode_getattr_args,
1004 .encode_res = encode_getattr_res,
1005 .res_maxsize = CB_OP_GETATTR_RES_MAXSZ,
1006 },
1007 [OP_CB_RECALL] = {
1008 .process_op = nfs4_callback_recall,
1009 .decode_args = decode_recall_args,
1010 .res_maxsize = CB_OP_RECALL_RES_MAXSZ,
1011 },
1012 #if defined(CONFIG_NFS_V4_1)
1013 [OP_CB_LAYOUTRECALL] = {
1014 .process_op = nfs4_callback_layoutrecall,
1015 .decode_args = decode_layoutrecall_args,
1016 .res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ,
1017 },
1018 [OP_CB_NOTIFY_DEVICEID] = {
1019 .process_op = nfs4_callback_devicenotify,
1020 .decode_args = decode_devicenotify_args,
1021 .res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ,
1022 },
1023 [OP_CB_SEQUENCE] = {
1024 .process_op = nfs4_callback_sequence,
1025 .decode_args = decode_cb_sequence_args,
1026 .encode_res = encode_cb_sequence_res,
1027 .res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ,
1028 },
1029 [OP_CB_RECALL_ANY] = {
1030 .process_op = nfs4_callback_recallany,
1031 .decode_args = decode_recallany_args,
1032 .res_maxsize = CB_OP_RECALLANY_RES_MAXSZ,
1033 },
1034 [OP_CB_RECALL_SLOT] = {
1035 .process_op = nfs4_callback_recallslot,
1036 .decode_args = decode_recallslot_args,
1037 .res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ,
1038 },
1039 [OP_CB_NOTIFY_LOCK] = {
1040 .process_op = nfs4_callback_notify_lock,
1041 .decode_args = decode_notify_lock_args,
1042 .res_maxsize = CB_OP_NOTIFY_LOCK_RES_MAXSZ,
1043 },
1044 #endif
1045 #ifdef CONFIG_NFS_V4_2
1046 [OP_CB_OFFLOAD] = {
1047 .process_op = nfs4_callback_offload,
1048 .decode_args = decode_offload_args,
1049 .res_maxsize = CB_OP_OFFLOAD_RES_MAXSZ,
1050 },
1051 #endif
1052 };
1053
1054
1055
1056
1057 static const struct svc_procedure nfs4_callback_procedures1[] = {
1058 [CB_NULL] = {
1059 .pc_func = nfs4_callback_null,
1060 .pc_encode = nfs4_encode_void,
1061 .pc_xdrressize = 1,
1062 .pc_name = "NULL",
1063 },
1064 [CB_COMPOUND] = {
1065 .pc_func = nfs4_callback_compound,
1066 .pc_encode = nfs4_encode_void,
1067 .pc_argsize = 256,
1068 .pc_ressize = 256,
1069 .pc_xdrressize = NFS4_CALLBACK_BUFSIZE,
1070 .pc_name = "COMPOUND",
1071 }
1072 };
1073
1074 static unsigned int nfs4_callback_count1[ARRAY_SIZE(nfs4_callback_procedures1)];
1075 const struct svc_version nfs4_callback_version1 = {
1076 .vs_vers = 1,
1077 .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1078 .vs_proc = nfs4_callback_procedures1,
1079 .vs_count = nfs4_callback_count1,
1080 .vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1081 .vs_dispatch = nfs_callback_dispatch,
1082 .vs_hidden = true,
1083 .vs_need_cong_ctrl = true,
1084 };
1085
1086 static unsigned int nfs4_callback_count4[ARRAY_SIZE(nfs4_callback_procedures1)];
1087 const struct svc_version nfs4_callback_version4 = {
1088 .vs_vers = 4,
1089 .vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1090 .vs_proc = nfs4_callback_procedures1,
1091 .vs_count = nfs4_callback_count4,
1092 .vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1093 .vs_dispatch = nfs_callback_dispatch,
1094 .vs_hidden = true,
1095 .vs_need_cong_ctrl = true,
1096 };
