HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / nfs / callback_proc.c
blob6f4f68967c310ca1616f37fcea77549c0319374a
1 /*
2 * linux/fs/nfs/callback_proc.c
4 * Copyright (C) 2004 Trond Myklebust
6 * NFSv4 callback procedures
7 */
8 #include <linux/nfs4.h>
9 #include <linux/nfs_fs.h>
10 #include <linux/slab.h>
11 #include <linux/rcupdate.h>
12 #include "nfs4_fs.h"
13 #include "callback.h"
14 #include "delegation.h"
15 #include "internal.h"
16 #include "pnfs.h"
17 #include "nfs4session.h"
18 #include "nfs4trace.h"
20 #define NFSDBG_FACILITY NFSDBG_CALLBACK
22 __be32 nfs4_callback_getattr(struct cb_getattrargs *args,
23 struct cb_getattrres *res,
24 struct cb_process_state *cps)
26 struct nfs_delegation *delegation;
27 struct nfs_inode *nfsi;
28 struct inode *inode;
30 res->status = htonl(NFS4ERR_OP_NOT_IN_SESSION);
31 if (!cps->clp) /* Always set for v4.0. Set in cb_sequence for v4.1 */
32 goto out;
34 res->bitmap[0] = res->bitmap[1] = 0;
35 res->status = htonl(NFS4ERR_BADHANDLE);
37 dprintk_rcu("NFS: GETATTR callback request from %s\n",
38 rpc_peeraddr2str(cps->clp->cl_rpcclient, RPC_DISPLAY_ADDR));
40 inode = nfs_delegation_find_inode(cps->clp, &args->fh);
41 if (inode == NULL) {
42 trace_nfs4_cb_getattr(cps->clp, &args->fh, NULL,
43 -ntohl(res->status));
44 goto out;
46 nfsi = NFS_I(inode);
47 rcu_read_lock();
48 delegation = rcu_dereference(nfsi->delegation);
49 if (delegation == NULL || (delegation->type & FMODE_WRITE) == 0)
50 goto out_iput;
51 res->size = i_size_read(inode);
52 res->change_attr = delegation->change_attr;
53 if (nfsi->nrequests != 0)
54 res->change_attr++;
55 res->ctime = inode->i_ctime;
56 res->mtime = inode->i_mtime;
57 res->bitmap[0] = (FATTR4_WORD0_CHANGE|FATTR4_WORD0_SIZE) &
58 args->bitmap[0];
59 res->bitmap[1] = (FATTR4_WORD1_TIME_METADATA|FATTR4_WORD1_TIME_MODIFY) &
60 args->bitmap[1];
61 res->status = 0;
62 out_iput:
63 rcu_read_unlock();
64 trace_nfs4_cb_getattr(cps->clp, &args->fh, inode, -ntohl(res->status));
65 iput(inode);
66 out:
67 dprintk("%s: exit with status = %d\n", __func__, ntohl(res->status));
68 return res->status;
71 __be32 nfs4_callback_recall(struct cb_recallargs *args, void *dummy,
72 struct cb_process_state *cps)
74 struct inode *inode;
75 __be32 res;
77 res = htonl(NFS4ERR_OP_NOT_IN_SESSION);
78 if (!cps->clp) /* Always set for v4.0. Set in cb_sequence for v4.1 */
79 goto out;
81 dprintk_rcu("NFS: RECALL callback request from %s\n",
82 rpc_peeraddr2str(cps->clp->cl_rpcclient, RPC_DISPLAY_ADDR));
84 res = htonl(NFS4ERR_BADHANDLE);
85 inode = nfs_delegation_find_inode(cps->clp, &args->fh);
86 if (inode == NULL)
87 goto out;
88 /* Set up a helper thread to actually return the delegation */
89 switch (nfs_async_inode_return_delegation(inode, &args->stateid)) {
90 case 0:
91 res = 0;
92 break;
93 case -ENOENT:
94 res = htonl(NFS4ERR_BAD_STATEID);
95 break;
96 default:
97 res = htonl(NFS4ERR_RESOURCE);
99 trace_nfs4_recall_delegation(inode, -ntohl(res));
100 iput(inode);
101 out:
102 dprintk("%s: exit with status = %d\n", __func__, ntohl(res));
103 return res;
106 #if defined(CONFIG_NFS_V4_1)
109 * Lookup a layout by filehandle.
111 * Note: gets a refcount on the layout hdr and on its respective inode.
112 * Caller must put the layout hdr and the inode.
114 * TODO: keep track of all layouts (and delegations) in a hash table
115 * hashed by filehandle.
117 static struct pnfs_layout_hdr * get_layout_by_fh_locked(struct nfs_client *clp,
118 struct nfs_fh *fh, nfs4_stateid *stateid)
120 struct nfs_server *server;
121 struct inode *ino;
122 struct pnfs_layout_hdr *lo;
124 list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) {
125 list_for_each_entry(lo, &server->layouts, plh_layouts) {
126 if (!nfs4_stateid_match_other(&lo->plh_stateid, stateid))
127 continue;
128 if (nfs_compare_fh(fh, &NFS_I(lo->plh_inode)->fh))
129 continue;
130 ino = igrab(lo->plh_inode);
131 if (!ino)
132 break;
133 spin_lock(&ino->i_lock);
134 /* Is this layout in the process of being freed? */
135 if (NFS_I(ino)->layout != lo) {
136 spin_unlock(&ino->i_lock);
137 iput(ino);
138 break;
140 pnfs_get_layout_hdr(lo);
141 spin_unlock(&ino->i_lock);
142 return lo;
146 return NULL;
149 static struct pnfs_layout_hdr * get_layout_by_fh(struct nfs_client *clp,
150 struct nfs_fh *fh, nfs4_stateid *stateid)
152 struct pnfs_layout_hdr *lo;
154 spin_lock(&clp->cl_lock);
155 rcu_read_lock();
156 lo = get_layout_by_fh_locked(clp, fh, stateid);
157 rcu_read_unlock();
158 spin_unlock(&clp->cl_lock);
160 return lo;
163 static u32 initiate_file_draining(struct nfs_client *clp,
164 struct cb_layoutrecallargs *args)
166 struct inode *ino;
167 struct pnfs_layout_hdr *lo;
168 u32 rv = NFS4ERR_NOMATCHING_LAYOUT;
169 LIST_HEAD(free_me_list);
171 lo = get_layout_by_fh(clp, &args->cbl_fh, &args->cbl_stateid);
172 if (!lo)
173 goto out;
175 ino = lo->plh_inode;
177 spin_lock(&ino->i_lock);
178 pnfs_set_layout_stateid(lo, &args->cbl_stateid, true);
179 spin_unlock(&ino->i_lock);
181 pnfs_layoutcommit_inode(ino, false);
183 spin_lock(&ino->i_lock);
184 if (test_bit(NFS_LAYOUT_BULK_RECALL, &lo->plh_flags) ||
185 pnfs_mark_matching_lsegs_invalid(lo, &free_me_list,
186 &args->cbl_range)) {
187 rv = NFS4ERR_DELAY;
188 goto unlock;
191 if (NFS_SERVER(ino)->pnfs_curr_ld->return_range) {
192 NFS_SERVER(ino)->pnfs_curr_ld->return_range(lo,
193 &args->cbl_range);
195 unlock:
196 spin_unlock(&ino->i_lock);
197 pnfs_free_lseg_list(&free_me_list);
198 pnfs_put_layout_hdr(lo);
199 trace_nfs4_cb_layoutrecall_inode(clp, &args->cbl_fh, ino, -rv);
200 iput(ino);
201 out:
202 return rv;
205 static u32 initiate_bulk_draining(struct nfs_client *clp,
206 struct cb_layoutrecallargs *args)
208 int stat;
210 if (args->cbl_recall_type == RETURN_FSID)
211 stat = pnfs_destroy_layouts_byfsid(clp, &args->cbl_fsid, true);
212 else
213 stat = pnfs_destroy_layouts_byclid(clp, true);
214 if (stat != 0)
215 return NFS4ERR_DELAY;
216 return NFS4ERR_NOMATCHING_LAYOUT;
219 static u32 do_callback_layoutrecall(struct nfs_client *clp,
220 struct cb_layoutrecallargs *args)
222 u32 res;
224 dprintk("%s enter, type=%i\n", __func__, args->cbl_recall_type);
225 if (args->cbl_recall_type == RETURN_FILE)
226 res = initiate_file_draining(clp, args);
227 else
228 res = initiate_bulk_draining(clp, args);
229 dprintk("%s returning %i\n", __func__, res);
230 return res;
234 __be32 nfs4_callback_layoutrecall(struct cb_layoutrecallargs *args,
235 void *dummy, struct cb_process_state *cps)
237 u32 res;
239 dprintk("%s: -->\n", __func__);
241 if (cps->clp)
242 res = do_callback_layoutrecall(cps->clp, args);
243 else
244 res = NFS4ERR_OP_NOT_IN_SESSION;
246 dprintk("%s: exit with status = %d\n", __func__, res);
247 return cpu_to_be32(res);
250 static void pnfs_recall_all_layouts(struct nfs_client *clp)
252 struct cb_layoutrecallargs args;
254 /* Pretend we got a CB_LAYOUTRECALL(ALL) */
255 memset(&args, 0, sizeof(args));
256 args.cbl_recall_type = RETURN_ALL;
257 /* FIXME we ignore errors, what should we do? */
258 do_callback_layoutrecall(clp, &args);
261 __be32 nfs4_callback_devicenotify(struct cb_devicenotifyargs *args,
262 void *dummy, struct cb_process_state *cps)
264 int i;
265 __be32 res = 0;
266 struct nfs_client *clp = cps->clp;
267 struct nfs_server *server = NULL;
269 dprintk("%s: -->\n", __func__);
271 if (!clp) {
272 res = cpu_to_be32(NFS4ERR_OP_NOT_IN_SESSION);
273 goto out;
276 for (i = 0; i < args->ndevs; i++) {
277 struct cb_devicenotifyitem *dev = &args->devs[i];
279 if (!server ||
280 server->pnfs_curr_ld->id != dev->cbd_layout_type) {
281 rcu_read_lock();
282 list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link)
283 if (server->pnfs_curr_ld &&
284 server->pnfs_curr_ld->id == dev->cbd_layout_type) {
285 rcu_read_unlock();
286 goto found;
288 rcu_read_unlock();
289 dprintk("%s: layout type %u not found\n",
290 __func__, dev->cbd_layout_type);
291 continue;
294 found:
295 nfs4_delete_deviceid(server->pnfs_curr_ld, clp, &dev->cbd_dev_id);
298 out:
299 kfree(args->devs);
300 dprintk("%s: exit with status = %u\n",
301 __func__, be32_to_cpu(res));
302 return res;
306 * Validate the sequenceID sent by the server.
307 * Return success if the sequenceID is one more than what we last saw on
308 * this slot, accounting for wraparound. Increments the slot's sequence.
310 * We don't yet implement a duplicate request cache, instead we set the
311 * back channel ca_maxresponsesize_cached to zero. This is OK for now
312 * since we only currently implement idempotent callbacks anyway.
314 * We have a single slot backchannel at this time, so we don't bother
315 * checking the used_slots bit array on the table. The lower layer guarantees
316 * a single outstanding callback request at a time.
318 static __be32
319 validate_seqid(struct nfs4_slot_table *tbl, struct cb_sequenceargs * args)
321 struct nfs4_slot *slot;
323 dprintk("%s enter. slotid %u seqid %u\n",
324 __func__, args->csa_slotid, args->csa_sequenceid);
326 if (args->csa_slotid >= NFS41_BC_MAX_CALLBACKS)
327 return htonl(NFS4ERR_BADSLOT);
329 slot = tbl->slots + args->csa_slotid;
330 dprintk("%s slot table seqid: %u\n", __func__, slot->seq_nr);
332 /* Normal */
333 if (likely(args->csa_sequenceid == slot->seq_nr + 1))
334 goto out_ok;
336 /* Replay */
337 if (args->csa_sequenceid == slot->seq_nr) {
338 dprintk("%s seqid %u is a replay\n",
339 __func__, args->csa_sequenceid);
340 /* Signal process_op to set this error on next op */
341 if (args->csa_cachethis == 0)
342 return htonl(NFS4ERR_RETRY_UNCACHED_REP);
344 /* The ca_maxresponsesize_cached is 0 with no DRC */
345 else if (args->csa_cachethis == 1)
346 return htonl(NFS4ERR_REP_TOO_BIG_TO_CACHE);
349 /* Wraparound */
350 if (args->csa_sequenceid == 1 && (slot->seq_nr + 1) == 0) {
351 slot->seq_nr = 1;
352 goto out_ok;
355 /* Misordered request */
356 return htonl(NFS4ERR_SEQ_MISORDERED);
357 out_ok:
358 tbl->highest_used_slotid = args->csa_slotid;
359 return htonl(NFS4_OK);
363 * For each referring call triple, check the session's slot table for
364 * a match. If the slot is in use and the sequence numbers match, the
365 * client is still waiting for a response to the original request.
367 static bool referring_call_exists(struct nfs_client *clp,
368 uint32_t nrclists,
369 struct referring_call_list *rclists)
371 bool status = false;
372 int i, j;
373 struct nfs4_session *session;
374 struct nfs4_slot_table *tbl;
375 struct referring_call_list *rclist;
376 struct referring_call *ref;
379 * XXX When client trunking is implemented, this becomes
380 * a session lookup from within the loop
382 session = clp->cl_session;
383 tbl = &session->fc_slot_table;
385 for (i = 0; i < nrclists; i++) {
386 rclist = &rclists[i];
387 if (memcmp(session->sess_id.data,
388 rclist->rcl_sessionid.data,
389 NFS4_MAX_SESSIONID_LEN) != 0)
390 continue;
392 for (j = 0; j < rclist->rcl_nrefcalls; j++) {
393 ref = &rclist->rcl_refcalls[j];
395 dprintk("%s: sessionid %x:%x:%x:%x sequenceid %u "
396 "slotid %u\n", __func__,
397 ((u32 *)&rclist->rcl_sessionid.data)[0],
398 ((u32 *)&rclist->rcl_sessionid.data)[1],
399 ((u32 *)&rclist->rcl_sessionid.data)[2],
400 ((u32 *)&rclist->rcl_sessionid.data)[3],
401 ref->rc_sequenceid, ref->rc_slotid);
403 spin_lock(&tbl->slot_tbl_lock);
404 status = (test_bit(ref->rc_slotid, tbl->used_slots) &&
405 tbl->slots[ref->rc_slotid].seq_nr ==
406 ref->rc_sequenceid);
407 spin_unlock(&tbl->slot_tbl_lock);
408 if (status)
409 goto out;
413 out:
414 return status;
417 __be32 nfs4_callback_sequence(struct cb_sequenceargs *args,
418 struct cb_sequenceres *res,
419 struct cb_process_state *cps)
421 struct nfs4_slot_table *tbl;
422 struct nfs4_slot *slot;
423 struct nfs_client *clp;
424 int i;
425 __be32 status = htonl(NFS4ERR_BADSESSION);
427 clp = nfs4_find_client_sessionid(cps->net, args->csa_addr,
428 &args->csa_sessionid, cps->minorversion);
429 if (clp == NULL)
430 goto out;
432 if (!(clp->cl_session->flags & SESSION4_BACK_CHAN))
433 goto out;
435 tbl = &clp->cl_session->bc_slot_table;
436 slot = tbl->slots + args->csa_slotid;
438 spin_lock(&tbl->slot_tbl_lock);
439 /* state manager is resetting the session */
440 if (test_bit(NFS4_SLOT_TBL_DRAINING, &tbl->slot_tbl_state)) {
441 status = htonl(NFS4ERR_DELAY);
442 /* Return NFS4ERR_BADSESSION if we're draining the session
443 * in order to reset it.
445 if (test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state))
446 status = htonl(NFS4ERR_BADSESSION);
447 goto out_unlock;
450 memcpy(&res->csr_sessionid, &args->csa_sessionid,
451 sizeof(res->csr_sessionid));
452 res->csr_sequenceid = args->csa_sequenceid;
453 res->csr_slotid = args->csa_slotid;
454 res->csr_highestslotid = NFS41_BC_MAX_CALLBACKS - 1;
455 res->csr_target_highestslotid = NFS41_BC_MAX_CALLBACKS - 1;
457 status = validate_seqid(tbl, args);
458 if (status)
459 goto out_unlock;
461 cps->slotid = args->csa_slotid;
464 * Check for pending referring calls. If a match is found, a
465 * related callback was received before the response to the original
466 * call.
468 if (referring_call_exists(clp, args->csa_nrclists, args->csa_rclists)) {
469 status = htonl(NFS4ERR_DELAY);
470 goto out_unlock;
474 * RFC5661 20.9.3
475 * If CB_SEQUENCE returns an error, then the state of the slot
476 * (sequence ID, cached reply) MUST NOT change.
478 slot->seq_nr++;
479 out_unlock:
480 spin_unlock(&tbl->slot_tbl_lock);
482 out:
483 cps->clp = clp; /* put in nfs4_callback_compound */
484 for (i = 0; i < args->csa_nrclists; i++)
485 kfree(args->csa_rclists[i].rcl_refcalls);
486 kfree(args->csa_rclists);
488 if (status == htonl(NFS4ERR_RETRY_UNCACHED_REP)) {
489 cps->drc_status = status;
490 status = 0;
491 } else
492 res->csr_status = status;
494 trace_nfs4_cb_sequence(args, res, status);
495 dprintk("%s: exit with status = %d res->csr_status %d\n", __func__,
496 ntohl(status), ntohl(res->csr_status));
497 return status;
500 static bool
501 validate_bitmap_values(unsigned long mask)
503 return (mask & ~RCA4_TYPE_MASK_ALL) == 0;
506 __be32 nfs4_callback_recallany(struct cb_recallanyargs *args, void *dummy,
507 struct cb_process_state *cps)
509 __be32 status;
510 fmode_t flags = 0;
512 status = cpu_to_be32(NFS4ERR_OP_NOT_IN_SESSION);
513 if (!cps->clp) /* set in cb_sequence */
514 goto out;
516 dprintk_rcu("NFS: RECALL_ANY callback request from %s\n",
517 rpc_peeraddr2str(cps->clp->cl_rpcclient, RPC_DISPLAY_ADDR));
519 status = cpu_to_be32(NFS4ERR_INVAL);
520 if (!validate_bitmap_values(args->craa_type_mask))
521 goto out;
523 status = cpu_to_be32(NFS4_OK);
524 if (test_bit(RCA4_TYPE_MASK_RDATA_DLG, (const unsigned long *)
525 &args->craa_type_mask))
526 flags = FMODE_READ;
527 if (test_bit(RCA4_TYPE_MASK_WDATA_DLG, (const unsigned long *)
528 &args->craa_type_mask))
529 flags |= FMODE_WRITE;
530 if (test_bit(RCA4_TYPE_MASK_FILE_LAYOUT, (const unsigned long *)
531 &args->craa_type_mask))
532 pnfs_recall_all_layouts(cps->clp);
533 if (flags)
534 nfs_expire_unused_delegation_types(cps->clp, flags);
535 out:
536 dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
537 return status;
540 /* Reduce the fore channel's max_slots to the target value */
541 __be32 nfs4_callback_recallslot(struct cb_recallslotargs *args, void *dummy,
542 struct cb_process_state *cps)
544 struct nfs4_slot_table *fc_tbl;
545 __be32 status;
547 status = htonl(NFS4ERR_OP_NOT_IN_SESSION);
548 if (!cps->clp) /* set in cb_sequence */
549 goto out;
551 dprintk_rcu("NFS: CB_RECALL_SLOT request from %s target highest slotid %u\n",
552 rpc_peeraddr2str(cps->clp->cl_rpcclient, RPC_DISPLAY_ADDR),
553 args->crsa_target_highest_slotid);
555 fc_tbl = &cps->clp->cl_session->fc_slot_table;
557 status = htonl(NFS4_OK);
559 nfs41_set_target_slotid(fc_tbl, args->crsa_target_highest_slotid);
560 nfs41_notify_server(cps->clp);
561 out:
562 dprintk("%s: exit with status = %d\n", __func__, ntohl(status));
563 return status;
565 #endif /* CONFIG_NFS_V4_1 */