xref: /linux/fs/nfs/callback_xdr.c (revision 2bc46b3ad3c15165f91459b07ff8682478683194)
1 /*
2  * linux/fs/nfs/callback_xdr.c
3  *
4  * Copyright (C) 2004 Trond Myklebust
5  *
6  * NFSv4 callback encode/decode procedures
7  */
8 #include <linux/kernel.h>
9 #include <linux/sunrpc/svc.h>
10 #include <linux/nfs4.h>
11 #include <linux/nfs_fs.h>
12 #include <linux/ratelimit.h>
13 #include <linux/printk.h>
14 #include <linux/slab.h>
15 #include <linux/sunrpc/bc_xprt.h>
16 #include "nfs4_fs.h"
17 #include "callback.h"
18 #include "internal.h"
19 #include "nfs4session.h"
20 
21 #define CB_OP_TAGLEN_MAXSZ		(512)
22 #define CB_OP_HDR_RES_MAXSZ		(2 * 4) // opcode, status
23 #define CB_OP_GETATTR_BITMAP_MAXSZ	(4 * 4) // bitmap length, 3 bitmaps
24 #define CB_OP_GETATTR_RES_MAXSZ		(CB_OP_HDR_RES_MAXSZ + \
25 					 CB_OP_GETATTR_BITMAP_MAXSZ + \
26 					 /* change, size, ctime, mtime */\
27 					 (2 + 2 + 3 + 3) * 4)
28 #define CB_OP_RECALL_RES_MAXSZ		(CB_OP_HDR_RES_MAXSZ)
29 
30 #if defined(CONFIG_NFS_V4_1)
31 #define CB_OP_LAYOUTRECALL_RES_MAXSZ	(CB_OP_HDR_RES_MAXSZ)
32 #define CB_OP_DEVICENOTIFY_RES_MAXSZ	(CB_OP_HDR_RES_MAXSZ)
33 #define CB_OP_SEQUENCE_RES_MAXSZ	(CB_OP_HDR_RES_MAXSZ + \
34 					 NFS4_MAX_SESSIONID_LEN + \
35 					 (1 + 3) * 4) // seqid, 3 slotids
36 #define CB_OP_RECALLANY_RES_MAXSZ	(CB_OP_HDR_RES_MAXSZ)
37 #define CB_OP_RECALLSLOT_RES_MAXSZ	(CB_OP_HDR_RES_MAXSZ)
38 #endif /* CONFIG_NFS_V4_1 */
39 
40 #define NFSDBG_FACILITY NFSDBG_CALLBACK
41 
42 /* Internal error code */
43 #define NFS4ERR_RESOURCE_HDR	11050
44 
45 typedef __be32 (*callback_process_op_t)(void *, void *,
46 					struct cb_process_state *);
47 typedef __be32 (*callback_decode_arg_t)(struct svc_rqst *, struct xdr_stream *, void *);
48 typedef __be32 (*callback_encode_res_t)(struct svc_rqst *, struct xdr_stream *, void *);
49 
50 
51 struct callback_op {
52 	callback_process_op_t process_op;
53 	callback_decode_arg_t decode_args;
54 	callback_encode_res_t encode_res;
55 	long res_maxsize;
56 };
57 
58 static struct callback_op callback_ops[];
59 
60 static __be32 nfs4_callback_null(struct svc_rqst *rqstp, void *argp, void *resp)
61 {
62 	return htonl(NFS4_OK);
63 }
64 
65 static int nfs4_decode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
66 {
67 	return xdr_argsize_check(rqstp, p);
68 }
69 
70 static int nfs4_encode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
71 {
72 	return xdr_ressize_check(rqstp, p);
73 }
74 
75 static __be32 *read_buf(struct xdr_stream *xdr, int nbytes)
76 {
77 	__be32 *p;
78 
79 	p = xdr_inline_decode(xdr, nbytes);
80 	if (unlikely(p == NULL))
81 		printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed!\n");
82 	return p;
83 }
84 
85 static __be32 decode_string(struct xdr_stream *xdr, unsigned int *len, const char **str)
86 {
87 	__be32 *p;
88 
89 	p = read_buf(xdr, 4);
90 	if (unlikely(p == NULL))
91 		return htonl(NFS4ERR_RESOURCE);
92 	*len = ntohl(*p);
93 
94 	if (*len != 0) {
95 		p = read_buf(xdr, *len);
96 		if (unlikely(p == NULL))
97 			return htonl(NFS4ERR_RESOURCE);
98 		*str = (const char *)p;
99 	} else
100 		*str = NULL;
101 
102 	return 0;
103 }
104 
105 static __be32 decode_fh(struct xdr_stream *xdr, struct nfs_fh *fh)
106 {
107 	__be32 *p;
108 
109 	p = read_buf(xdr, 4);
110 	if (unlikely(p == NULL))
111 		return htonl(NFS4ERR_RESOURCE);
112 	fh->size = ntohl(*p);
113 	if (fh->size > NFS4_FHSIZE)
114 		return htonl(NFS4ERR_BADHANDLE);
115 	p = read_buf(xdr, fh->size);
116 	if (unlikely(p == NULL))
117 		return htonl(NFS4ERR_RESOURCE);
118 	memcpy(&fh->data[0], p, fh->size);
119 	memset(&fh->data[fh->size], 0, sizeof(fh->data) - fh->size);
120 	return 0;
121 }
122 
123 static __be32 decode_bitmap(struct xdr_stream *xdr, uint32_t *bitmap)
124 {
125 	__be32 *p;
126 	unsigned int attrlen;
127 
128 	p = read_buf(xdr, 4);
129 	if (unlikely(p == NULL))
130 		return htonl(NFS4ERR_RESOURCE);
131 	attrlen = ntohl(*p);
132 	p = read_buf(xdr, attrlen << 2);
133 	if (unlikely(p == NULL))
134 		return htonl(NFS4ERR_RESOURCE);
135 	if (likely(attrlen > 0))
136 		bitmap[0] = ntohl(*p++);
137 	if (attrlen > 1)
138 		bitmap[1] = ntohl(*p);
139 	return 0;
140 }
141 
142 static __be32 decode_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
143 {
144 	__be32 *p;
145 
146 	p = read_buf(xdr, NFS4_STATEID_SIZE);
147 	if (unlikely(p == NULL))
148 		return htonl(NFS4ERR_RESOURCE);
149 	memcpy(stateid->data, p, NFS4_STATEID_SIZE);
150 	return 0;
151 }
152 
153 static __be32 decode_delegation_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
154 {
155 	stateid->type = NFS4_DELEGATION_STATEID_TYPE;
156 	return decode_stateid(xdr, stateid);
157 }
158 
159 static __be32 decode_compound_hdr_arg(struct xdr_stream *xdr, struct cb_compound_hdr_arg *hdr)
160 {
161 	__be32 *p;
162 	__be32 status;
163 
164 	status = decode_string(xdr, &hdr->taglen, &hdr->tag);
165 	if (unlikely(status != 0))
166 		return status;
167 	/* We do not like overly long tags! */
168 	if (hdr->taglen > CB_OP_TAGLEN_MAXSZ) {
169 		printk("NFS: NFSv4 CALLBACK %s: client sent tag of length %u\n",
170 				__func__, hdr->taglen);
171 		return htonl(NFS4ERR_RESOURCE);
172 	}
173 	p = read_buf(xdr, 12);
174 	if (unlikely(p == NULL))
175 		return htonl(NFS4ERR_RESOURCE);
176 	hdr->minorversion = ntohl(*p++);
177 	/* Check for minor version support */
178 	if (hdr->minorversion <= NFS4_MAX_MINOR_VERSION) {
179 		hdr->cb_ident = ntohl(*p++); /* ignored by v4.1 and v4.2 */
180 	} else {
181 		pr_warn_ratelimited("NFS: %s: NFSv4 server callback with "
182 			"illegal minor version %u!\n",
183 			__func__, hdr->minorversion);
184 		return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
185 	}
186 	hdr->nops = ntohl(*p);
187 	dprintk("%s: minorversion %d nops %d\n", __func__,
188 		hdr->minorversion, hdr->nops);
189 	return 0;
190 }
191 
192 static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op)
193 {
194 	__be32 *p;
195 	p = read_buf(xdr, 4);
196 	if (unlikely(p == NULL))
197 		return htonl(NFS4ERR_RESOURCE_HDR);
198 	*op = ntohl(*p);
199 	return 0;
200 }
201 
202 static __be32 decode_getattr_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, struct cb_getattrargs *args)
203 {
204 	__be32 status;
205 
206 	status = decode_fh(xdr, &args->fh);
207 	if (unlikely(status != 0))
208 		goto out;
209 	status = decode_bitmap(xdr, args->bitmap);
210 out:
211 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
212 	return status;
213 }
214 
215 static __be32 decode_recall_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, struct cb_recallargs *args)
216 {
217 	__be32 *p;
218 	__be32 status;
219 
220 	status = decode_delegation_stateid(xdr, &args->stateid);
221 	if (unlikely(status != 0))
222 		goto out;
223 	p = read_buf(xdr, 4);
224 	if (unlikely(p == NULL)) {
225 		status = htonl(NFS4ERR_RESOURCE);
226 		goto out;
227 	}
228 	args->truncate = ntohl(*p);
229 	status = decode_fh(xdr, &args->fh);
230 out:
231 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
232 	return status;
233 }
234 
235 #if defined(CONFIG_NFS_V4_1)
236 static __be32 decode_layout_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
237 {
238 	stateid->type = NFS4_LAYOUT_STATEID_TYPE;
239 	return decode_stateid(xdr, stateid);
240 }
241 
242 static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp,
243 				       struct xdr_stream *xdr,
244 				       struct cb_layoutrecallargs *args)
245 {
246 	__be32 *p;
247 	__be32 status = 0;
248 	uint32_t iomode;
249 
250 	p = read_buf(xdr, 4 * sizeof(uint32_t));
251 	if (unlikely(p == NULL)) {
252 		status = htonl(NFS4ERR_BADXDR);
253 		goto out;
254 	}
255 
256 	args->cbl_layout_type = ntohl(*p++);
257 	/* Depite the spec's xdr, iomode really belongs in the FILE switch,
258 	 * as it is unusable and ignored with the other types.
259 	 */
260 	iomode = ntohl(*p++);
261 	args->cbl_layoutchanged = ntohl(*p++);
262 	args->cbl_recall_type = ntohl(*p++);
263 
264 	if (args->cbl_recall_type == RETURN_FILE) {
265 		args->cbl_range.iomode = iomode;
266 		status = decode_fh(xdr, &args->cbl_fh);
267 		if (unlikely(status != 0))
268 			goto out;
269 
270 		p = read_buf(xdr, 2 * sizeof(uint64_t));
271 		if (unlikely(p == NULL)) {
272 			status = htonl(NFS4ERR_BADXDR);
273 			goto out;
274 		}
275 		p = xdr_decode_hyper(p, &args->cbl_range.offset);
276 		p = xdr_decode_hyper(p, &args->cbl_range.length);
277 		status = decode_layout_stateid(xdr, &args->cbl_stateid);
278 		if (unlikely(status != 0))
279 			goto out;
280 	} else if (args->cbl_recall_type == RETURN_FSID) {
281 		p = read_buf(xdr, 2 * sizeof(uint64_t));
282 		if (unlikely(p == NULL)) {
283 			status = htonl(NFS4ERR_BADXDR);
284 			goto out;
285 		}
286 		p = xdr_decode_hyper(p, &args->cbl_fsid.major);
287 		p = xdr_decode_hyper(p, &args->cbl_fsid.minor);
288 	} else if (args->cbl_recall_type != RETURN_ALL) {
289 		status = htonl(NFS4ERR_BADXDR);
290 		goto out;
291 	}
292 	dprintk("%s: ltype 0x%x iomode %d changed %d recall_type %d\n",
293 		__func__,
294 		args->cbl_layout_type, iomode,
295 		args->cbl_layoutchanged, args->cbl_recall_type);
296 out:
297 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
298 	return status;
299 }
300 
301 static
302 __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
303 				struct xdr_stream *xdr,
304 				struct cb_devicenotifyargs *args)
305 {
306 	__be32 *p;
307 	__be32 status = 0;
308 	u32 tmp;
309 	int n, i;
310 	args->ndevs = 0;
311 
312 	/* Num of device notifications */
313 	p = read_buf(xdr, sizeof(uint32_t));
314 	if (unlikely(p == NULL)) {
315 		status = htonl(NFS4ERR_BADXDR);
316 		goto out;
317 	}
318 	n = ntohl(*p++);
319 	if (n <= 0)
320 		goto out;
321 	if (n > ULONG_MAX / sizeof(*args->devs)) {
322 		status = htonl(NFS4ERR_BADXDR);
323 		goto out;
324 	}
325 
326 	args->devs = kmalloc_array(n, sizeof(*args->devs), GFP_KERNEL);
327 	if (!args->devs) {
328 		status = htonl(NFS4ERR_DELAY);
329 		goto out;
330 	}
331 
332 	/* Decode each dev notification */
333 	for (i = 0; i < n; i++) {
334 		struct cb_devicenotifyitem *dev = &args->devs[i];
335 
336 		p = read_buf(xdr, (4 * sizeof(uint32_t)) + NFS4_DEVICEID4_SIZE);
337 		if (unlikely(p == NULL)) {
338 			status = htonl(NFS4ERR_BADXDR);
339 			goto err;
340 		}
341 
342 		tmp = ntohl(*p++);	/* bitmap size */
343 		if (tmp != 1) {
344 			status = htonl(NFS4ERR_INVAL);
345 			goto err;
346 		}
347 		dev->cbd_notify_type = ntohl(*p++);
348 		if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE &&
349 		    dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) {
350 			status = htonl(NFS4ERR_INVAL);
351 			goto err;
352 		}
353 
354 		tmp = ntohl(*p++);	/* opaque size */
355 		if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) &&
356 		     (tmp != NFS4_DEVICEID4_SIZE + 8)) ||
357 		    ((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) &&
358 		     (tmp != NFS4_DEVICEID4_SIZE + 4))) {
359 			status = htonl(NFS4ERR_INVAL);
360 			goto err;
361 		}
362 		dev->cbd_layout_type = ntohl(*p++);
363 		memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE);
364 		p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE);
365 
366 		if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) {
367 			p = read_buf(xdr, sizeof(uint32_t));
368 			if (unlikely(p == NULL)) {
369 				status = htonl(NFS4ERR_BADXDR);
370 				goto err;
371 			}
372 			dev->cbd_immediate = ntohl(*p++);
373 		} else {
374 			dev->cbd_immediate = 0;
375 		}
376 
377 		args->ndevs++;
378 
379 		dprintk("%s: type %d layout 0x%x immediate %d\n",
380 			__func__, dev->cbd_notify_type, dev->cbd_layout_type,
381 			dev->cbd_immediate);
382 	}
383 out:
384 	dprintk("%s: status %d ndevs %d\n",
385 		__func__, ntohl(status), args->ndevs);
386 	return status;
387 err:
388 	kfree(args->devs);
389 	goto out;
390 }
391 
392 static __be32 decode_sessionid(struct xdr_stream *xdr,
393 				 struct nfs4_sessionid *sid)
394 {
395 	__be32 *p;
396 
397 	p = read_buf(xdr, NFS4_MAX_SESSIONID_LEN);
398 	if (unlikely(p == NULL))
399 		return htonl(NFS4ERR_RESOURCE);
400 
401 	memcpy(sid->data, p, NFS4_MAX_SESSIONID_LEN);
402 	return 0;
403 }
404 
405 static __be32 decode_rc_list(struct xdr_stream *xdr,
406 			       struct referring_call_list *rc_list)
407 {
408 	__be32 *p;
409 	int i;
410 	__be32 status;
411 
412 	status = decode_sessionid(xdr, &rc_list->rcl_sessionid);
413 	if (status)
414 		goto out;
415 
416 	status = htonl(NFS4ERR_RESOURCE);
417 	p = read_buf(xdr, sizeof(uint32_t));
418 	if (unlikely(p == NULL))
419 		goto out;
420 
421 	rc_list->rcl_nrefcalls = ntohl(*p++);
422 	if (rc_list->rcl_nrefcalls) {
423 		p = read_buf(xdr,
424 			     rc_list->rcl_nrefcalls * 2 * sizeof(uint32_t));
425 		if (unlikely(p == NULL))
426 			goto out;
427 		rc_list->rcl_refcalls = kmalloc_array(rc_list->rcl_nrefcalls,
428 						sizeof(*rc_list->rcl_refcalls),
429 						GFP_KERNEL);
430 		if (unlikely(rc_list->rcl_refcalls == NULL))
431 			goto out;
432 		for (i = 0; i < rc_list->rcl_nrefcalls; i++) {
433 			rc_list->rcl_refcalls[i].rc_sequenceid = ntohl(*p++);
434 			rc_list->rcl_refcalls[i].rc_slotid = ntohl(*p++);
435 		}
436 	}
437 	status = 0;
438 
439 out:
440 	return status;
441 }
442 
443 static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
444 					struct xdr_stream *xdr,
445 					struct cb_sequenceargs *args)
446 {
447 	__be32 *p;
448 	int i;
449 	__be32 status;
450 
451 	status = decode_sessionid(xdr, &args->csa_sessionid);
452 	if (status)
453 		goto out;
454 
455 	status = htonl(NFS4ERR_RESOURCE);
456 	p = read_buf(xdr, 5 * sizeof(uint32_t));
457 	if (unlikely(p == NULL))
458 		goto out;
459 
460 	args->csa_addr = svc_addr(rqstp);
461 	args->csa_sequenceid = ntohl(*p++);
462 	args->csa_slotid = ntohl(*p++);
463 	args->csa_highestslotid = ntohl(*p++);
464 	args->csa_cachethis = ntohl(*p++);
465 	args->csa_nrclists = ntohl(*p++);
466 	args->csa_rclists = NULL;
467 	if (args->csa_nrclists) {
468 		args->csa_rclists = kmalloc_array(args->csa_nrclists,
469 						  sizeof(*args->csa_rclists),
470 						  GFP_KERNEL);
471 		if (unlikely(args->csa_rclists == NULL))
472 			goto out;
473 
474 		for (i = 0; i < args->csa_nrclists; i++) {
475 			status = decode_rc_list(xdr, &args->csa_rclists[i]);
476 			if (status) {
477 				args->csa_nrclists = i;
478 				goto out_free;
479 			}
480 		}
481 	}
482 	status = 0;
483 
484 	dprintk("%s: sessionid %x:%x:%x:%x sequenceid %u slotid %u "
485 		"highestslotid %u cachethis %d nrclists %u\n",
486 		__func__,
487 		((u32 *)&args->csa_sessionid)[0],
488 		((u32 *)&args->csa_sessionid)[1],
489 		((u32 *)&args->csa_sessionid)[2],
490 		((u32 *)&args->csa_sessionid)[3],
491 		args->csa_sequenceid, args->csa_slotid,
492 		args->csa_highestslotid, args->csa_cachethis,
493 		args->csa_nrclists);
494 out:
495 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
496 	return status;
497 
498 out_free:
499 	for (i = 0; i < args->csa_nrclists; i++)
500 		kfree(args->csa_rclists[i].rcl_refcalls);
501 	kfree(args->csa_rclists);
502 	goto out;
503 }
504 
505 static __be32 decode_recallany_args(struct svc_rqst *rqstp,
506 				      struct xdr_stream *xdr,
507 				      struct cb_recallanyargs *args)
508 {
509 	uint32_t bitmap[2];
510 	__be32 *p, status;
511 
512 	p = read_buf(xdr, 4);
513 	if (unlikely(p == NULL))
514 		return htonl(NFS4ERR_BADXDR);
515 	args->craa_objs_to_keep = ntohl(*p++);
516 	status = decode_bitmap(xdr, bitmap);
517 	if (unlikely(status))
518 		return status;
519 	args->craa_type_mask = bitmap[0];
520 
521 	return 0;
522 }
523 
524 static __be32 decode_recallslot_args(struct svc_rqst *rqstp,
525 					struct xdr_stream *xdr,
526 					struct cb_recallslotargs *args)
527 {
528 	__be32 *p;
529 
530 	p = read_buf(xdr, 4);
531 	if (unlikely(p == NULL))
532 		return htonl(NFS4ERR_BADXDR);
533 	args->crsa_target_highest_slotid = ntohl(*p++);
534 	return 0;
535 }
536 
537 #endif /* CONFIG_NFS_V4_1 */
538 
539 static __be32 encode_string(struct xdr_stream *xdr, unsigned int len, const char *str)
540 {
541 	__be32 *p;
542 
543 	p = xdr_reserve_space(xdr, 4 + len);
544 	if (unlikely(p == NULL))
545 		return htonl(NFS4ERR_RESOURCE);
546 	xdr_encode_opaque(p, str, len);
547 	return 0;
548 }
549 
550 #define CB_SUPPORTED_ATTR0 (FATTR4_WORD0_CHANGE|FATTR4_WORD0_SIZE)
551 #define CB_SUPPORTED_ATTR1 (FATTR4_WORD1_TIME_METADATA|FATTR4_WORD1_TIME_MODIFY)
552 static __be32 encode_attr_bitmap(struct xdr_stream *xdr, const uint32_t *bitmap, __be32 **savep)
553 {
554 	__be32 bm[2];
555 	__be32 *p;
556 
557 	bm[0] = htonl(bitmap[0] & CB_SUPPORTED_ATTR0);
558 	bm[1] = htonl(bitmap[1] & CB_SUPPORTED_ATTR1);
559 	if (bm[1] != 0) {
560 		p = xdr_reserve_space(xdr, 16);
561 		if (unlikely(p == NULL))
562 			return htonl(NFS4ERR_RESOURCE);
563 		*p++ = htonl(2);
564 		*p++ = bm[0];
565 		*p++ = bm[1];
566 	} else if (bm[0] != 0) {
567 		p = xdr_reserve_space(xdr, 12);
568 		if (unlikely(p == NULL))
569 			return htonl(NFS4ERR_RESOURCE);
570 		*p++ = htonl(1);
571 		*p++ = bm[0];
572 	} else {
573 		p = xdr_reserve_space(xdr, 8);
574 		if (unlikely(p == NULL))
575 			return htonl(NFS4ERR_RESOURCE);
576 		*p++ = htonl(0);
577 	}
578 	*savep = p;
579 	return 0;
580 }
581 
582 static __be32 encode_attr_change(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t change)
583 {
584 	__be32 *p;
585 
586 	if (!(bitmap[0] & FATTR4_WORD0_CHANGE))
587 		return 0;
588 	p = xdr_reserve_space(xdr, 8);
589 	if (unlikely(!p))
590 		return htonl(NFS4ERR_RESOURCE);
591 	p = xdr_encode_hyper(p, change);
592 	return 0;
593 }
594 
595 static __be32 encode_attr_size(struct xdr_stream *xdr, const uint32_t *bitmap, uint64_t size)
596 {
597 	__be32 *p;
598 
599 	if (!(bitmap[0] & FATTR4_WORD0_SIZE))
600 		return 0;
601 	p = xdr_reserve_space(xdr, 8);
602 	if (unlikely(!p))
603 		return htonl(NFS4ERR_RESOURCE);
604 	p = xdr_encode_hyper(p, size);
605 	return 0;
606 }
607 
608 static __be32 encode_attr_time(struct xdr_stream *xdr, const struct timespec *time)
609 {
610 	__be32 *p;
611 
612 	p = xdr_reserve_space(xdr, 12);
613 	if (unlikely(!p))
614 		return htonl(NFS4ERR_RESOURCE);
615 	p = xdr_encode_hyper(p, time->tv_sec);
616 	*p = htonl(time->tv_nsec);
617 	return 0;
618 }
619 
620 static __be32 encode_attr_ctime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec *time)
621 {
622 	if (!(bitmap[1] & FATTR4_WORD1_TIME_METADATA))
623 		return 0;
624 	return encode_attr_time(xdr,time);
625 }
626 
627 static __be32 encode_attr_mtime(struct xdr_stream *xdr, const uint32_t *bitmap, const struct timespec *time)
628 {
629 	if (!(bitmap[1] & FATTR4_WORD1_TIME_MODIFY))
630 		return 0;
631 	return encode_attr_time(xdr,time);
632 }
633 
634 static __be32 encode_compound_hdr_res(struct xdr_stream *xdr, struct cb_compound_hdr_res *hdr)
635 {
636 	__be32 status;
637 
638 	hdr->status = xdr_reserve_space(xdr, 4);
639 	if (unlikely(hdr->status == NULL))
640 		return htonl(NFS4ERR_RESOURCE);
641 	status = encode_string(xdr, hdr->taglen, hdr->tag);
642 	if (unlikely(status != 0))
643 		return status;
644 	hdr->nops = xdr_reserve_space(xdr, 4);
645 	if (unlikely(hdr->nops == NULL))
646 		return htonl(NFS4ERR_RESOURCE);
647 	return 0;
648 }
649 
650 static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res)
651 {
652 	__be32 *p;
653 
654 	p = xdr_reserve_space(xdr, 8);
655 	if (unlikely(p == NULL))
656 		return htonl(NFS4ERR_RESOURCE_HDR);
657 	*p++ = htonl(op);
658 	*p = res;
659 	return 0;
660 }
661 
662 static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr, const struct cb_getattrres *res)
663 {
664 	__be32 *savep = NULL;
665 	__be32 status = res->status;
666 
667 	if (unlikely(status != 0))
668 		goto out;
669 	status = encode_attr_bitmap(xdr, res->bitmap, &savep);
670 	if (unlikely(status != 0))
671 		goto out;
672 	status = encode_attr_change(xdr, res->bitmap, res->change_attr);
673 	if (unlikely(status != 0))
674 		goto out;
675 	status = encode_attr_size(xdr, res->bitmap, res->size);
676 	if (unlikely(status != 0))
677 		goto out;
678 	status = encode_attr_ctime(xdr, res->bitmap, &res->ctime);
679 	if (unlikely(status != 0))
680 		goto out;
681 	status = encode_attr_mtime(xdr, res->bitmap, &res->mtime);
682 	*savep = htonl((unsigned int)((char *)xdr->p - (char *)(savep+1)));
683 out:
684 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
685 	return status;
686 }
687 
688 #if defined(CONFIG_NFS_V4_1)
689 
690 static __be32 encode_sessionid(struct xdr_stream *xdr,
691 				 const struct nfs4_sessionid *sid)
692 {
693 	__be32 *p;
694 
695 	p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN);
696 	if (unlikely(p == NULL))
697 		return htonl(NFS4ERR_RESOURCE);
698 
699 	memcpy(p, sid, NFS4_MAX_SESSIONID_LEN);
700 	return 0;
701 }
702 
703 static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp,
704 				       struct xdr_stream *xdr,
705 				       const struct cb_sequenceres *res)
706 {
707 	__be32 *p;
708 	__be32 status = res->csr_status;
709 
710 	if (unlikely(status != 0))
711 		goto out;
712 
713 	status = encode_sessionid(xdr, &res->csr_sessionid);
714 	if (status)
715 		goto out;
716 
717 	p = xdr_reserve_space(xdr, 4 * sizeof(uint32_t));
718 	if (unlikely(p == NULL))
719 		return htonl(NFS4ERR_RESOURCE);
720 
721 	*p++ = htonl(res->csr_sequenceid);
722 	*p++ = htonl(res->csr_slotid);
723 	*p++ = htonl(res->csr_highestslotid);
724 	*p++ = htonl(res->csr_target_highestslotid);
725 out:
726 	dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
727 	return status;
728 }
729 
730 static __be32
731 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
732 {
733 	if (op_nr == OP_CB_SEQUENCE) {
734 		if (nop != 0)
735 			return htonl(NFS4ERR_SEQUENCE_POS);
736 	} else {
737 		if (nop == 0)
738 			return htonl(NFS4ERR_OP_NOT_IN_SESSION);
739 	}
740 
741 	switch (op_nr) {
742 	case OP_CB_GETATTR:
743 	case OP_CB_RECALL:
744 	case OP_CB_SEQUENCE:
745 	case OP_CB_RECALL_ANY:
746 	case OP_CB_RECALL_SLOT:
747 	case OP_CB_LAYOUTRECALL:
748 	case OP_CB_NOTIFY_DEVICEID:
749 		*op = &callback_ops[op_nr];
750 		break;
751 
752 	case OP_CB_NOTIFY:
753 	case OP_CB_PUSH_DELEG:
754 	case OP_CB_RECALLABLE_OBJ_AVAIL:
755 	case OP_CB_WANTS_CANCELLED:
756 	case OP_CB_NOTIFY_LOCK:
757 		return htonl(NFS4ERR_NOTSUPP);
758 
759 	default:
760 		return htonl(NFS4ERR_OP_ILLEGAL);
761 	}
762 
763 	return htonl(NFS_OK);
764 }
765 
766 static void nfs4_callback_free_slot(struct nfs4_session *session,
767 		struct nfs4_slot *slot)
768 {
769 	struct nfs4_slot_table *tbl = &session->bc_slot_table;
770 
771 	spin_lock(&tbl->slot_tbl_lock);
772 	/*
773 	 * Let the state manager know callback processing done.
774 	 * A single slot, so highest used slotid is either 0 or -1
775 	 */
776 	nfs4_free_slot(tbl, slot);
777 	nfs4_slot_tbl_drain_complete(tbl);
778 	spin_unlock(&tbl->slot_tbl_lock);
779 }
780 
781 static void nfs4_cb_free_slot(struct cb_process_state *cps)
782 {
783 	if (cps->slot) {
784 		nfs4_callback_free_slot(cps->clp->cl_session, cps->slot);
785 		cps->slot = NULL;
786 	}
787 }
788 
789 #else /* CONFIG_NFS_V4_1 */
790 
791 static __be32
792 preprocess_nfs41_op(int nop, unsigned int op_nr, struct callback_op **op)
793 {
794 	return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
795 }
796 
797 static void nfs4_cb_free_slot(struct cb_process_state *cps)
798 {
799 }
800 #endif /* CONFIG_NFS_V4_1 */
801 
802 #ifdef CONFIG_NFS_V4_2
803 static __be32
804 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
805 {
806 	__be32 status = preprocess_nfs41_op(nop, op_nr, op);
807 	if (status != htonl(NFS4ERR_OP_ILLEGAL))
808 		return status;
809 
810 	if (op_nr == OP_CB_OFFLOAD)
811 		return htonl(NFS4ERR_NOTSUPP);
812 	return htonl(NFS4ERR_OP_ILLEGAL);
813 }
814 #else /* CONFIG_NFS_V4_2 */
815 static __be32
816 preprocess_nfs42_op(int nop, unsigned int op_nr, struct callback_op **op)
817 {
818 	return htonl(NFS4ERR_MINOR_VERS_MISMATCH);
819 }
820 #endif /* CONFIG_NFS_V4_2 */
821 
822 static __be32
823 preprocess_nfs4_op(unsigned int op_nr, struct callback_op **op)
824 {
825 	switch (op_nr) {
826 	case OP_CB_GETATTR:
827 	case OP_CB_RECALL:
828 		*op = &callback_ops[op_nr];
829 		break;
830 	default:
831 		return htonl(NFS4ERR_OP_ILLEGAL);
832 	}
833 
834 	return htonl(NFS_OK);
835 }
836 
837 static __be32 process_op(int nop, struct svc_rqst *rqstp,
838 		struct xdr_stream *xdr_in, void *argp,
839 		struct xdr_stream *xdr_out, void *resp,
840 		struct cb_process_state *cps)
841 {
842 	struct callback_op *op = &callback_ops[0];
843 	unsigned int op_nr;
844 	__be32 status;
845 	long maxlen;
846 	__be32 res;
847 
848 	dprintk("%s: start\n", __func__);
849 	status = decode_op_hdr(xdr_in, &op_nr);
850 	if (unlikely(status))
851 		return status;
852 
853 	dprintk("%s: minorversion=%d nop=%d op_nr=%u\n",
854 		__func__, cps->minorversion, nop, op_nr);
855 
856 	switch (cps->minorversion) {
857 	case 0:
858 		status = preprocess_nfs4_op(op_nr, &op);
859 		break;
860 	case 1:
861 		status = preprocess_nfs41_op(nop, op_nr, &op);
862 		break;
863 	case 2:
864 		status = preprocess_nfs42_op(nop, op_nr, &op);
865 		break;
866 	default:
867 		status = htonl(NFS4ERR_MINOR_VERS_MISMATCH);
868 	}
869 
870 	if (status == htonl(NFS4ERR_OP_ILLEGAL))
871 		op_nr = OP_CB_ILLEGAL;
872 	if (status)
873 		goto encode_hdr;
874 
875 	if (cps->drc_status) {
876 		status = cps->drc_status;
877 		goto encode_hdr;
878 	}
879 
880 	maxlen = xdr_out->end - xdr_out->p;
881 	if (maxlen > 0 && maxlen < PAGE_SIZE) {
882 		status = op->decode_args(rqstp, xdr_in, argp);
883 		if (likely(status == 0))
884 			status = op->process_op(argp, resp, cps);
885 	} else
886 		status = htonl(NFS4ERR_RESOURCE);
887 
888 encode_hdr:
889 	res = encode_op_hdr(xdr_out, op_nr, status);
890 	if (unlikely(res))
891 		return res;
892 	if (op->encode_res != NULL && status == 0)
893 		status = op->encode_res(rqstp, xdr_out, resp);
894 	dprintk("%s: done, status = %d\n", __func__, ntohl(status));
895 	return status;
896 }
897 
898 /*
899  * Decode, process and encode a COMPOUND
900  */
901 static __be32 nfs4_callback_compound(struct svc_rqst *rqstp, void *argp, void *resp)
902 {
903 	struct cb_compound_hdr_arg hdr_arg = { 0 };
904 	struct cb_compound_hdr_res hdr_res = { NULL };
905 	struct xdr_stream xdr_in, xdr_out;
906 	__be32 *p, status;
907 	struct cb_process_state cps = {
908 		.drc_status = 0,
909 		.clp = NULL,
910 		.net = SVC_NET(rqstp),
911 	};
912 	unsigned int nops = 0;
913 
914 	dprintk("%s: start\n", __func__);
915 
916 	xdr_init_decode(&xdr_in, &rqstp->rq_arg, rqstp->rq_arg.head[0].iov_base);
917 
918 	p = (__be32*)((char *)rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len);
919 	xdr_init_encode(&xdr_out, &rqstp->rq_res, p);
920 
921 	status = decode_compound_hdr_arg(&xdr_in, &hdr_arg);
922 	if (status == htonl(NFS4ERR_RESOURCE))
923 		return rpc_garbage_args;
924 
925 	if (hdr_arg.minorversion == 0) {
926 		cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident);
927 		if (!cps.clp || !check_gss_callback_principal(cps.clp, rqstp))
928 			return rpc_drop_reply;
929 	}
930 
931 	cps.minorversion = hdr_arg.minorversion;
932 	hdr_res.taglen = hdr_arg.taglen;
933 	hdr_res.tag = hdr_arg.tag;
934 	if (encode_compound_hdr_res(&xdr_out, &hdr_res) != 0)
935 		return rpc_system_err;
936 
937 	while (status == 0 && nops != hdr_arg.nops) {
938 		status = process_op(nops, rqstp, &xdr_in,
939 				    argp, &xdr_out, resp, &cps);
940 		nops++;
941 	}
942 
943 	/* Buffer overflow in decode_ops_hdr or encode_ops_hdr. Return
944 	* resource error in cb_compound status without returning op */
945 	if (unlikely(status == htonl(NFS4ERR_RESOURCE_HDR))) {
946 		status = htonl(NFS4ERR_RESOURCE);
947 		nops--;
948 	}
949 
950 	*hdr_res.status = status;
951 	*hdr_res.nops = htonl(nops);
952 	nfs4_cb_free_slot(&cps);
953 	nfs_put_client(cps.clp);
954 	dprintk("%s: done, status = %u\n", __func__, ntohl(status));
955 	return rpc_success;
956 }
957 
958 /*
959  * Define NFS4 callback COMPOUND ops.
960  */
961 static struct callback_op callback_ops[] = {
962 	[0] = {
963 		.res_maxsize = CB_OP_HDR_RES_MAXSZ,
964 	},
965 	[OP_CB_GETATTR] = {
966 		.process_op = (callback_process_op_t)nfs4_callback_getattr,
967 		.decode_args = (callback_decode_arg_t)decode_getattr_args,
968 		.encode_res = (callback_encode_res_t)encode_getattr_res,
969 		.res_maxsize = CB_OP_GETATTR_RES_MAXSZ,
970 	},
971 	[OP_CB_RECALL] = {
972 		.process_op = (callback_process_op_t)nfs4_callback_recall,
973 		.decode_args = (callback_decode_arg_t)decode_recall_args,
974 		.res_maxsize = CB_OP_RECALL_RES_MAXSZ,
975 	},
976 #if defined(CONFIG_NFS_V4_1)
977 	[OP_CB_LAYOUTRECALL] = {
978 		.process_op = (callback_process_op_t)nfs4_callback_layoutrecall,
979 		.decode_args =
980 			(callback_decode_arg_t)decode_layoutrecall_args,
981 		.res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ,
982 	},
983 	[OP_CB_NOTIFY_DEVICEID] = {
984 		.process_op = (callback_process_op_t)nfs4_callback_devicenotify,
985 		.decode_args =
986 			(callback_decode_arg_t)decode_devicenotify_args,
987 		.res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ,
988 	},
989 	[OP_CB_SEQUENCE] = {
990 		.process_op = (callback_process_op_t)nfs4_callback_sequence,
991 		.decode_args = (callback_decode_arg_t)decode_cb_sequence_args,
992 		.encode_res = (callback_encode_res_t)encode_cb_sequence_res,
993 		.res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ,
994 	},
995 	[OP_CB_RECALL_ANY] = {
996 		.process_op = (callback_process_op_t)nfs4_callback_recallany,
997 		.decode_args = (callback_decode_arg_t)decode_recallany_args,
998 		.res_maxsize = CB_OP_RECALLANY_RES_MAXSZ,
999 	},
1000 	[OP_CB_RECALL_SLOT] = {
1001 		.process_op = (callback_process_op_t)nfs4_callback_recallslot,
1002 		.decode_args = (callback_decode_arg_t)decode_recallslot_args,
1003 		.res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ,
1004 	},
1005 #endif /* CONFIG_NFS_V4_1 */
1006 };
1007 
1008 /*
1009  * Define NFS4 callback procedures
1010  */
1011 static struct svc_procedure nfs4_callback_procedures1[] = {
1012 	[CB_NULL] = {
1013 		.pc_func = nfs4_callback_null,
1014 		.pc_decode = (kxdrproc_t)nfs4_decode_void,
1015 		.pc_encode = (kxdrproc_t)nfs4_encode_void,
1016 		.pc_xdrressize = 1,
1017 	},
1018 	[CB_COMPOUND] = {
1019 		.pc_func = nfs4_callback_compound,
1020 		.pc_encode = (kxdrproc_t)nfs4_encode_void,
1021 		.pc_argsize = 256,
1022 		.pc_ressize = 256,
1023 		.pc_xdrressize = NFS4_CALLBACK_BUFSIZE,
1024 	}
1025 };
1026 
1027 struct svc_version nfs4_callback_version1 = {
1028 	.vs_vers = 1,
1029 	.vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1030 	.vs_proc = nfs4_callback_procedures1,
1031 	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1032 	.vs_dispatch = NULL,
1033 	.vs_hidden = 1,
1034 };
1035 
1036 struct svc_version nfs4_callback_version4 = {
1037 	.vs_vers = 4,
1038 	.vs_nproc = ARRAY_SIZE(nfs4_callback_procedures1),
1039 	.vs_proc = nfs4_callback_procedures1,
1040 	.vs_xdrsize = NFS4_CALLBACK_XDRSIZE,
1041 	.vs_dispatch = NULL,
1042 	.vs_hidden = 1,
1043 };
1044