ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
[linux/fpc-iii.git] / net / 9p / protocol.c
blob145f80518064adf4e4ea4b0b3baf992d434e62aa
1 /*
2 * net/9p/protocol.c
4 * 9P Protocol Support Code
6 * Copyright (C) 2008 by Eric Van Hensbergen <ericvh@gmail.com>
8 * Base on code from Anthony Liguori <aliguori@us.ibm.com>
9 * Copyright (C) 2008 by IBM, Corp.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to:
22 * Free Software Foundation
23 * 51 Franklin Street, Fifth Floor
24 * Boston, MA 02111-1301 USA
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/uaccess.h>
32 #include <linux/slab.h>
33 #include <linux/sched.h>
34 #include <linux/stddef.h>
35 #include <linux/types.h>
36 #include <linux/uio.h>
37 #include <net/9p/9p.h>
38 #include <net/9p/client.h>
39 #include "protocol.h"
41 #include <trace/events/9p.h>
43 static int
44 p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...);
46 void p9stat_free(struct p9_wstat *stbuf)
48 kfree(stbuf->name);
49 stbuf->name = NULL;
50 kfree(stbuf->uid);
51 stbuf->uid = NULL;
52 kfree(stbuf->gid);
53 stbuf->gid = NULL;
54 kfree(stbuf->muid);
55 stbuf->muid = NULL;
56 kfree(stbuf->extension);
57 stbuf->extension = NULL;
59 EXPORT_SYMBOL(p9stat_free);
61 size_t pdu_read(struct p9_fcall *pdu, void *data, size_t size)
63 size_t len = min(pdu->size - pdu->offset, size);
64 memcpy(data, &pdu->sdata[pdu->offset], len);
65 pdu->offset += len;
66 return size - len;
69 static size_t pdu_write(struct p9_fcall *pdu, const void *data, size_t size)
71 size_t len = min(pdu->capacity - pdu->size, size);
72 memcpy(&pdu->sdata[pdu->size], data, len);
73 pdu->size += len;
74 return size - len;
77 static size_t
78 pdu_write_u(struct p9_fcall *pdu, struct iov_iter *from, size_t size)
80 size_t len = min(pdu->capacity - pdu->size, size);
81 struct iov_iter i = *from;
82 if (copy_from_iter(&pdu->sdata[pdu->size], len, &i) != len)
83 len = 0;
85 pdu->size += len;
86 return size - len;
90 b - int8_t
91 w - int16_t
92 d - int32_t
93 q - int64_t
94 s - string
95 u - numeric uid
96 g - numeric gid
97 S - stat
98 Q - qid
99 D - data blob (int32_t size followed by void *, results are not freed)
100 T - array of strings (int16_t count, followed by strings)
101 R - array of qids (int16_t count, followed by qids)
102 A - stat for 9p2000.L (p9_stat_dotl)
103 ? - if optional = 1, continue parsing
106 static int
107 p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
108 va_list ap)
110 const char *ptr;
111 int errcode = 0;
113 for (ptr = fmt; *ptr; ptr++) {
114 switch (*ptr) {
115 case 'b':{
116 int8_t *val = va_arg(ap, int8_t *);
117 if (pdu_read(pdu, val, sizeof(*val))) {
118 errcode = -EFAULT;
119 break;
122 break;
123 case 'w':{
124 int16_t *val = va_arg(ap, int16_t *);
125 __le16 le_val;
126 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
127 errcode = -EFAULT;
128 break;
130 *val = le16_to_cpu(le_val);
132 break;
133 case 'd':{
134 int32_t *val = va_arg(ap, int32_t *);
135 __le32 le_val;
136 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
137 errcode = -EFAULT;
138 break;
140 *val = le32_to_cpu(le_val);
142 break;
143 case 'q':{
144 int64_t *val = va_arg(ap, int64_t *);
145 __le64 le_val;
146 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
147 errcode = -EFAULT;
148 break;
150 *val = le64_to_cpu(le_val);
152 break;
153 case 's':{
154 char **sptr = va_arg(ap, char **);
155 uint16_t len;
157 errcode = p9pdu_readf(pdu, proto_version,
158 "w", &len);
159 if (errcode)
160 break;
162 *sptr = kmalloc(len + 1, GFP_NOFS);
163 if (*sptr == NULL) {
164 errcode = -EFAULT;
165 break;
167 if (pdu_read(pdu, *sptr, len)) {
168 errcode = -EFAULT;
169 kfree(*sptr);
170 *sptr = NULL;
171 } else
172 (*sptr)[len] = 0;
174 break;
175 case 'u': {
176 kuid_t *uid = va_arg(ap, kuid_t *);
177 __le32 le_val;
178 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
179 errcode = -EFAULT;
180 break;
182 *uid = make_kuid(&init_user_ns,
183 le32_to_cpu(le_val));
184 } break;
185 case 'g': {
186 kgid_t *gid = va_arg(ap, kgid_t *);
187 __le32 le_val;
188 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
189 errcode = -EFAULT;
190 break;
192 *gid = make_kgid(&init_user_ns,
193 le32_to_cpu(le_val));
194 } break;
195 case 'Q':{
196 struct p9_qid *qid =
197 va_arg(ap, struct p9_qid *);
199 errcode = p9pdu_readf(pdu, proto_version, "bdq",
200 &qid->type, &qid->version,
201 &qid->path);
203 break;
204 case 'S':{
205 struct p9_wstat *stbuf =
206 va_arg(ap, struct p9_wstat *);
208 memset(stbuf, 0, sizeof(struct p9_wstat));
209 stbuf->n_uid = stbuf->n_muid = INVALID_UID;
210 stbuf->n_gid = INVALID_GID;
212 errcode =
213 p9pdu_readf(pdu, proto_version,
214 "wwdQdddqssss?sugu",
215 &stbuf->size, &stbuf->type,
216 &stbuf->dev, &stbuf->qid,
217 &stbuf->mode, &stbuf->atime,
218 &stbuf->mtime, &stbuf->length,
219 &stbuf->name, &stbuf->uid,
220 &stbuf->gid, &stbuf->muid,
221 &stbuf->extension,
222 &stbuf->n_uid, &stbuf->n_gid,
223 &stbuf->n_muid);
224 if (errcode)
225 p9stat_free(stbuf);
227 break;
228 case 'D':{
229 uint32_t *count = va_arg(ap, uint32_t *);
230 void **data = va_arg(ap, void **);
232 errcode =
233 p9pdu_readf(pdu, proto_version, "d", count);
234 if (!errcode) {
235 *count =
236 min_t(uint32_t, *count,
237 pdu->size - pdu->offset);
238 *data = &pdu->sdata[pdu->offset];
241 break;
242 case 'T':{
243 uint16_t *nwname = va_arg(ap, uint16_t *);
244 char ***wnames = va_arg(ap, char ***);
246 errcode = p9pdu_readf(pdu, proto_version,
247 "w", nwname);
248 if (!errcode) {
249 *wnames =
250 kmalloc(sizeof(char *) * *nwname,
251 GFP_NOFS);
252 if (!*wnames)
253 errcode = -ENOMEM;
256 if (!errcode) {
257 int i;
259 for (i = 0; i < *nwname; i++) {
260 errcode =
261 p9pdu_readf(pdu,
262 proto_version,
263 "s",
264 &(*wnames)[i]);
265 if (errcode)
266 break;
270 if (errcode) {
271 if (*wnames) {
272 int i;
274 for (i = 0; i < *nwname; i++)
275 kfree((*wnames)[i]);
277 kfree(*wnames);
278 *wnames = NULL;
281 break;
282 case 'R':{
283 uint16_t *nwqid = va_arg(ap, uint16_t *);
284 struct p9_qid **wqids =
285 va_arg(ap, struct p9_qid **);
287 *wqids = NULL;
289 errcode =
290 p9pdu_readf(pdu, proto_version, "w", nwqid);
291 if (!errcode) {
292 *wqids =
293 kmalloc(*nwqid *
294 sizeof(struct p9_qid),
295 GFP_NOFS);
296 if (*wqids == NULL)
297 errcode = -ENOMEM;
300 if (!errcode) {
301 int i;
303 for (i = 0; i < *nwqid; i++) {
304 errcode =
305 p9pdu_readf(pdu,
306 proto_version,
307 "Q",
308 &(*wqids)[i]);
309 if (errcode)
310 break;
314 if (errcode) {
315 kfree(*wqids);
316 *wqids = NULL;
319 break;
320 case 'A': {
321 struct p9_stat_dotl *stbuf =
322 va_arg(ap, struct p9_stat_dotl *);
324 memset(stbuf, 0, sizeof(struct p9_stat_dotl));
325 errcode =
326 p9pdu_readf(pdu, proto_version,
327 "qQdugqqqqqqqqqqqqqqq",
328 &stbuf->st_result_mask,
329 &stbuf->qid,
330 &stbuf->st_mode,
331 &stbuf->st_uid, &stbuf->st_gid,
332 &stbuf->st_nlink,
333 &stbuf->st_rdev, &stbuf->st_size,
334 &stbuf->st_blksize, &stbuf->st_blocks,
335 &stbuf->st_atime_sec,
336 &stbuf->st_atime_nsec,
337 &stbuf->st_mtime_sec,
338 &stbuf->st_mtime_nsec,
339 &stbuf->st_ctime_sec,
340 &stbuf->st_ctime_nsec,
341 &stbuf->st_btime_sec,
342 &stbuf->st_btime_nsec,
343 &stbuf->st_gen,
344 &stbuf->st_data_version);
346 break;
347 case '?':
348 if ((proto_version != p9_proto_2000u) &&
349 (proto_version != p9_proto_2000L))
350 return 0;
351 break;
352 default:
353 BUG();
354 break;
357 if (errcode)
358 break;
361 return errcode;
365 p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
366 va_list ap)
368 const char *ptr;
369 int errcode = 0;
371 for (ptr = fmt; *ptr; ptr++) {
372 switch (*ptr) {
373 case 'b':{
374 int8_t val = va_arg(ap, int);
375 if (pdu_write(pdu, &val, sizeof(val)))
376 errcode = -EFAULT;
378 break;
379 case 'w':{
380 __le16 val = cpu_to_le16(va_arg(ap, int));
381 if (pdu_write(pdu, &val, sizeof(val)))
382 errcode = -EFAULT;
384 break;
385 case 'd':{
386 __le32 val = cpu_to_le32(va_arg(ap, int32_t));
387 if (pdu_write(pdu, &val, sizeof(val)))
388 errcode = -EFAULT;
390 break;
391 case 'q':{
392 __le64 val = cpu_to_le64(va_arg(ap, int64_t));
393 if (pdu_write(pdu, &val, sizeof(val)))
394 errcode = -EFAULT;
396 break;
397 case 's':{
398 const char *sptr = va_arg(ap, const char *);
399 uint16_t len = 0;
400 if (sptr)
401 len = min_t(size_t, strlen(sptr),
402 USHRT_MAX);
404 errcode = p9pdu_writef(pdu, proto_version,
405 "w", len);
406 if (!errcode && pdu_write(pdu, sptr, len))
407 errcode = -EFAULT;
409 break;
410 case 'u': {
411 kuid_t uid = va_arg(ap, kuid_t);
412 __le32 val = cpu_to_le32(
413 from_kuid(&init_user_ns, uid));
414 if (pdu_write(pdu, &val, sizeof(val)))
415 errcode = -EFAULT;
416 } break;
417 case 'g': {
418 kgid_t gid = va_arg(ap, kgid_t);
419 __le32 val = cpu_to_le32(
420 from_kgid(&init_user_ns, gid));
421 if (pdu_write(pdu, &val, sizeof(val)))
422 errcode = -EFAULT;
423 } break;
424 case 'Q':{
425 const struct p9_qid *qid =
426 va_arg(ap, const struct p9_qid *);
427 errcode =
428 p9pdu_writef(pdu, proto_version, "bdq",
429 qid->type, qid->version,
430 qid->path);
431 } break;
432 case 'S':{
433 const struct p9_wstat *stbuf =
434 va_arg(ap, const struct p9_wstat *);
435 errcode =
436 p9pdu_writef(pdu, proto_version,
437 "wwdQdddqssss?sugu",
438 stbuf->size, stbuf->type,
439 stbuf->dev, &stbuf->qid,
440 stbuf->mode, stbuf->atime,
441 stbuf->mtime, stbuf->length,
442 stbuf->name, stbuf->uid,
443 stbuf->gid, stbuf->muid,
444 stbuf->extension, stbuf->n_uid,
445 stbuf->n_gid, stbuf->n_muid);
446 } break;
447 case 'V':{
448 uint32_t count = va_arg(ap, uint32_t);
449 struct iov_iter *from =
450 va_arg(ap, struct iov_iter *);
451 errcode = p9pdu_writef(pdu, proto_version, "d",
452 count);
453 if (!errcode && pdu_write_u(pdu, from, count))
454 errcode = -EFAULT;
456 break;
457 case 'T':{
458 uint16_t nwname = va_arg(ap, int);
459 const char **wnames = va_arg(ap, const char **);
461 errcode = p9pdu_writef(pdu, proto_version, "w",
462 nwname);
463 if (!errcode) {
464 int i;
466 for (i = 0; i < nwname; i++) {
467 errcode =
468 p9pdu_writef(pdu,
469 proto_version,
470 "s",
471 wnames[i]);
472 if (errcode)
473 break;
477 break;
478 case 'R':{
479 uint16_t nwqid = va_arg(ap, int);
480 struct p9_qid *wqids =
481 va_arg(ap, struct p9_qid *);
483 errcode = p9pdu_writef(pdu, proto_version, "w",
484 nwqid);
485 if (!errcode) {
486 int i;
488 for (i = 0; i < nwqid; i++) {
489 errcode =
490 p9pdu_writef(pdu,
491 proto_version,
492 "Q",
493 &wqids[i]);
494 if (errcode)
495 break;
499 break;
500 case 'I':{
501 struct p9_iattr_dotl *p9attr = va_arg(ap,
502 struct p9_iattr_dotl *);
504 errcode = p9pdu_writef(pdu, proto_version,
505 "ddugqqqqq",
506 p9attr->valid,
507 p9attr->mode,
508 p9attr->uid,
509 p9attr->gid,
510 p9attr->size,
511 p9attr->atime_sec,
512 p9attr->atime_nsec,
513 p9attr->mtime_sec,
514 p9attr->mtime_nsec);
516 break;
517 case '?':
518 if ((proto_version != p9_proto_2000u) &&
519 (proto_version != p9_proto_2000L))
520 return 0;
521 break;
522 default:
523 BUG();
524 break;
527 if (errcode)
528 break;
531 return errcode;
534 int p9pdu_readf(struct p9_fcall *pdu, int proto_version, const char *fmt, ...)
536 va_list ap;
537 int ret;
539 va_start(ap, fmt);
540 ret = p9pdu_vreadf(pdu, proto_version, fmt, ap);
541 va_end(ap);
543 return ret;
546 static int
547 p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...)
549 va_list ap;
550 int ret;
552 va_start(ap, fmt);
553 ret = p9pdu_vwritef(pdu, proto_version, fmt, ap);
554 va_end(ap);
556 return ret;
559 int p9stat_read(struct p9_client *clnt, char *buf, int len, struct p9_wstat *st)
561 struct p9_fcall fake_pdu;
562 int ret;
564 fake_pdu.size = len;
565 fake_pdu.capacity = len;
566 fake_pdu.sdata = buf;
567 fake_pdu.offset = 0;
569 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "S", st);
570 if (ret) {
571 p9_debug(P9_DEBUG_9P, "<<< p9stat_read failed: %d\n", ret);
572 trace_9p_protocol_dump(clnt, &fake_pdu);
575 return ret;
577 EXPORT_SYMBOL(p9stat_read);
579 int p9pdu_prepare(struct p9_fcall *pdu, int16_t tag, int8_t type)
581 pdu->id = type;
582 return p9pdu_writef(pdu, 0, "dbw", 0, type, tag);
585 int p9pdu_finalize(struct p9_client *clnt, struct p9_fcall *pdu)
587 int size = pdu->size;
588 int err;
590 pdu->size = 0;
591 err = p9pdu_writef(pdu, 0, "d", size);
592 pdu->size = size;
594 trace_9p_protocol_dump(clnt, pdu);
595 p9_debug(P9_DEBUG_9P, ">>> size=%d type: %d tag: %d\n",
596 pdu->size, pdu->id, pdu->tag);
598 return err;
601 void p9pdu_reset(struct p9_fcall *pdu)
603 pdu->offset = 0;
604 pdu->size = 0;
607 int p9dirent_read(struct p9_client *clnt, char *buf, int len,
608 struct p9_dirent *dirent)
610 struct p9_fcall fake_pdu;
611 int ret;
612 char *nameptr;
614 fake_pdu.size = len;
615 fake_pdu.capacity = len;
616 fake_pdu.sdata = buf;
617 fake_pdu.offset = 0;
619 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "Qqbs", &dirent->qid,
620 &dirent->d_off, &dirent->d_type, &nameptr);
621 if (ret) {
622 p9_debug(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret);
623 trace_9p_protocol_dump(clnt, &fake_pdu);
624 goto out;
627 strcpy(dirent->d_name, nameptr);
628 kfree(nameptr);
630 out:
631 return fake_pdu.offset;
633 EXPORT_SYMBOL(p9dirent_read);