]> git.ipfire.org Git - people/arne_f/kernel.git/blame - net/9p/protocol.c
projects / people / arne_f / kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
9p: do not trust pdu content for stat item size
[people/arne_f/kernel.git] / net / 9p / protocol.c
CommitLineData
ace51c4d
EVH		 1/*
2 * net/9p/protocol.c
3 *
4 * 9P Protocol Support Code
5 *
6 * Copyright (C) 2008 by Eric Van Hensbergen <ericvh@gmail.com>
7 *
8 * Base on code from Anthony Liguori <aliguori@us.ibm.com>
9 * Copyright (C) 2008 by IBM, Corp.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to:
22 * Free Software Foundation
23 * 51 Franklin Street, Fifth Floor
24 * Boston, MA 02111-1301 USA
25 *
26 */
27
28#include <linux/module.h>
29#include <linux/errno.h>
01b0c5cf 30#include <linux/kernel.h>
51a87c55 31#include <linux/uaccess.h>
5a0e3ad6 32#include <linux/slab.h>
e7f4b8f1 33#include <linux/sched.h>
01b0c5cf 34#include <linux/stddef.h>
beeebc92 35#include <linux/types.h>
4f3b35c1 36#include <linux/uio.h>
ace51c4d
EVH		 37#include <net/9p/9p.h>
38#include <net/9p/client.h>
39#include "protocol.h"
40
348b5901
AK		 41#include <trace/events/9p.h>
42
ace51c4d 43static int
342fee1d 44p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...);
ace51c4d
EVH		 45
46void p9stat_free(struct p9_wstat *stbuf)
47{
48 kfree(stbuf->name);
0cf4fa79 49 stbuf->name = NULL;
ace51c4d 50 kfree(stbuf->uid);
0cf4fa79 51 stbuf->uid = NULL;
ace51c4d 52 kfree(stbuf->gid);
0cf4fa79 53 stbuf->gid = NULL;
ace51c4d 54 kfree(stbuf->muid);
0cf4fa79 55 stbuf->muid = NULL;
ace51c4d 56 kfree(stbuf->extension);
0cf4fa79 57 stbuf->extension = NULL;
ace51c4d
EVH		 58}
59EXPORT_SYMBOL(p9stat_free);
60
abfa034e 61size_t pdu_read(struct p9_fcall *pdu, void *data, size_t size)
ace51c4d 62{
01b0c5cf 63 size_t len = min(pdu->size - pdu->offset, size);
ace51c4d
EVH		 64 memcpy(data, &pdu->sdata[pdu->offset], len);
65 pdu->offset += len;
66 return size - len;
67}
68
69static size_t pdu_write(struct p9_fcall *pdu, const void *data, size_t size)
70{
01b0c5cf 71 size_t len = min(pdu->capacity - pdu->size, size);
ace51c4d
EVH		 72 memcpy(&pdu->sdata[pdu->size], data, len);
73 pdu->size += len;
74 return size - len;
75}
76
51a87c55 77static size_t
4f3b35c1 78pdu_write_u(struct p9_fcall *pdu, struct iov_iter *from, size_t size)
51a87c55 79{
01b0c5cf 80 size_t len = min(pdu->capacity - pdu->size, size);
4f3b35c1
AV		 81 struct iov_iter i = *from;
82 if (copy_from_iter(&pdu->sdata[pdu->size], len, &i) != len)
7b3bb3fe 83 len = 0;
51a87c55
EVH		 84
85 pdu->size += len;
86 return size - len;
87}
88
ace51c4d
EVH		 89/*
90 b - int8_t
91 w - int16_t
92 d - int32_t
93 q - int64_t
94 s - string
97fc8b1e
EB		 95 u - numeric uid
96 g - numeric gid
ace51c4d
EVH		 97 S - stat
98 Q - qid
99 D - data blob (int32_t size followed by void *, results are not freed)
100 T - array of strings (int16_t count, followed by strings)
101 R - array of qids (int16_t count, followed by qids)
f0853122 102 A - stat for 9p2000.L (p9_stat_dotl)
ace51c4d
EVH		 103 ? - if optional = 1, continue parsing
104*/
105
106static int
342fee1d
SK		 107p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
108 va_list ap)
ace51c4d
EVH		 109{
110 const char *ptr;
111 int errcode = 0;
112
113 for (ptr = fmt; *ptr; ptr++) {
114 switch (*ptr) {
115 case 'b':{
116 int8_t *val = va_arg(ap, int8_t *);
117 if (pdu_read(pdu, val, sizeof(*val))) {
118 errcode = -EFAULT;
119 break;
120 }
121 }
122 break;
123 case 'w':{
124 int16_t *val = va_arg(ap, int16_t *);
beeebc92
EVH		 125 __le16 le_val;
126 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
ace51c4d
EVH		 127 errcode = -EFAULT;
128 break;
129 }
beeebc92 130 *val = le16_to_cpu(le_val);
ace51c4d
EVH		 131 }
132 break;
133 case 'd':{
134 int32_t *val = va_arg(ap, int32_t *);
beeebc92
EVH		 135 __le32 le_val;
136 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
ace51c4d
EVH		 137 errcode = -EFAULT;
138 break;
139 }
beeebc92 140 *val = le32_to_cpu(le_val);
ace51c4d
EVH		 141 }
142 break;
143 case 'q':{
144 int64_t *val = va_arg(ap, int64_t *);
beeebc92
EVH		 145 __le64 le_val;
146 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
ace51c4d
EVH		 147 errcode = -EFAULT;
148 break;
149 }
beeebc92 150 *val = le64_to_cpu(le_val);
ace51c4d
EVH		 151 }
152 break;
153 case 's':{
e45c5405 154 char **sptr = va_arg(ap, char **);
219fd58b 155 uint16_t len;
ace51c4d 156
342fee1d
SK		 157 errcode = p9pdu_readf(pdu, proto_version,
158 "w", &len);
ace51c4d
EVH		 159 if (errcode)
160 break;
161
eeff66ef 162 *sptr = kmalloc(len + 1, GFP_NOFS);
e45c5405 163 if (*sptr == NULL) {
ace51c4d
EVH		 164 errcode = -EFAULT;
165 break;
166 }
219fd58b 167 if (pdu_read(pdu, *sptr, len)) {
ace51c4d 168 errcode = -EFAULT;
e45c5405
EVH		 169 kfree(*sptr);
170 *sptr = NULL;
ace51c4d 171 } else
219fd58b 172 (*sptr)[len] = 0;
ace51c4d
EVH		 173 }
174 break;
97fc8b1e
EB		 175 case 'u': {
176 kuid_t *uid = va_arg(ap, kuid_t *);
177 __le32 le_val;
178 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
179 errcode = -EFAULT;
180 break;
181 }
182 *uid = make_kuid(&init_user_ns,
183 le32_to_cpu(le_val));
184 } break;
185 case 'g': {
186 kgid_t *gid = va_arg(ap, kgid_t *);
187 __le32 le_val;
188 if (pdu_read(pdu, &le_val, sizeof(le_val))) {
189 errcode = -EFAULT;
190 break;
191 }
192 *gid = make_kgid(&init_user_ns,
193 le32_to_cpu(le_val));
194 } break;
ace51c4d
EVH		 195 case 'Q':{
196 struct p9_qid *qid =
197 va_arg(ap, struct p9_qid *);
198
342fee1d 199 errcode = p9pdu_readf(pdu, proto_version, "bdq",
ace51c4d
EVH		 200 &qid->type, &qid->version,
201 &qid->path);
202 }
203 break;
204 case 'S':{
205 struct p9_wstat *stbuf =
206 va_arg(ap, struct p9_wstat *);
207
f0a0ac2e 208 memset(stbuf, 0, sizeof(struct p9_wstat));
447c5094
EB		 209 stbuf->n_uid = stbuf->n_muid = INVALID_UID;
210 stbuf->n_gid = INVALID_GID;
211
ace51c4d 212 errcode =
342fee1d 213 p9pdu_readf(pdu, proto_version,
447c5094 214 "wwdQdddqssss?sugu",
ace51c4d
EVH		 215 &stbuf->size, &stbuf->type,
216 &stbuf->dev, &stbuf->qid,
217 &stbuf->mode, &stbuf->atime,
218 &stbuf->mtime, &stbuf->length,
219 &stbuf->name, &stbuf->uid,
220 &stbuf->gid, &stbuf->muid,
221 &stbuf->extension,
222 &stbuf->n_uid, &stbuf->n_gid,
223 &stbuf->n_muid);
224 if (errcode)
225 p9stat_free(stbuf);
226 }
227 break;
228 case 'D':{
219fd58b 229 uint32_t *count = va_arg(ap, uint32_t *);
ace51c4d
EVH		 230 void **data = va_arg(ap, void **);
231
232 errcode =
342fee1d 233 p9pdu_readf(pdu, proto_version, "d", count);
ace51c4d
EVH		 234 if (!errcode) {
235 *count =
219fd58b 236 min_t(uint32_t, *count,
01b0c5cf 237 pdu->size - pdu->offset);
ace51c4d
EVH		 238 *data = &pdu->sdata[pdu->offset];
239 }
240 }
241 break;
242 case 'T':{
b76225e2 243 uint16_t *nwname = va_arg(ap, uint16_t *);
ace51c4d
EVH		 244 char ***wnames = va_arg(ap, char ***);
245
342fee1d
SK		 246 errcode = p9pdu_readf(pdu, proto_version,
247 "w", nwname);
ace51c4d
EVH		 248 if (!errcode) {
249 *wnames =
250 kmalloc(sizeof(char *) * *nwname,
eeff66ef 251 GFP_NOFS);
ace51c4d
EVH		 252 if (!*wnames)
253 errcode = -ENOMEM;
254 }
255
256 if (!errcode) {
257 int i;
258
259 for (i = 0; i < *nwname; i++) {
260 errcode =
342fee1d
SK		 261 p9pdu_readf(pdu,
262 proto_version,
ace51c4d
EVH		 263 "s",
264 &(*wnames)[i]);
265 if (errcode)
266 break;
267 }
268 }
269
270 if (errcode) {
271 if (*wnames) {
272 int i;
273
274 for (i = 0; i < *nwname; i++)
275 kfree((*wnames)[i]);
276 }
277 kfree(*wnames);
278 *wnames = NULL;
279 }
280 }
281 break;
282 case 'R':{
6250a8ba 283 uint16_t *nwqid = va_arg(ap, uint16_t *);
ace51c4d
EVH		 284 struct p9_qid **wqids =
285 va_arg(ap, struct p9_qid **);
286
287 *wqids = NULL;
288
289 errcode =
342fee1d 290 p9pdu_readf(pdu, proto_version, "w", nwqid);
ace51c4d
EVH		 291 if (!errcode) {
292 *wqids =
293 kmalloc(*nwqid *
294 sizeof(struct p9_qid),
eeff66ef 295 GFP_NOFS);
ace51c4d
EVH		 296 if (*wqids == NULL)
297 errcode = -ENOMEM;
298 }
299
300 if (!errcode) {
301 int i;
302
303 for (i = 0; i < *nwqid; i++) {
304 errcode =
342fee1d
SK		 305 p9pdu_readf(pdu,
306 proto_version,
ace51c4d
EVH		 307 "Q",
308 &(*wqids)[i]);
309 if (errcode)
310 break;
311 }
312 }
313
314 if (errcode) {
315 kfree(*wqids);
316 *wqids = NULL;
317 }
318 }
319 break;
f0853122
SK		 320 case 'A': {
321 struct p9_stat_dotl *stbuf =
322 va_arg(ap, struct p9_stat_dotl *);
323
324 memset(stbuf, 0, sizeof(struct p9_stat_dotl));
325 errcode =
326 p9pdu_readf(pdu, proto_version,
447c5094 327 "qQdugqqqqqqqqqqqqqqq",
f0853122
SK		 328 &stbuf->st_result_mask,
329 &stbuf->qid,
330 &stbuf->st_mode,
331 &stbuf->st_uid, &stbuf->st_gid,
332 &stbuf->st_nlink,
333 &stbuf->st_rdev, &stbuf->st_size,
334 &stbuf->st_blksize, &stbuf->st_blocks,
335 &stbuf->st_atime_sec,
336 &stbuf->st_atime_nsec,
337 &stbuf->st_mtime_sec,
338 &stbuf->st_mtime_nsec,
339 &stbuf->st_ctime_sec,
340 &stbuf->st_ctime_nsec,
341 &stbuf->st_btime_sec,
342 &stbuf->st_btime_nsec,
343 &stbuf->st_gen,
344 &stbuf->st_data_version);
345 }
346 break;
ace51c4d 347 case '?':
c56e4acf
SK		 348 if ((proto_version != p9_proto_2000u) &&
349 (proto_version != p9_proto_2000L))
ace51c4d
EVH		 350 return 0;
351 break;
352 default:
353 BUG();
354 break;
355 }
356
357 if (errcode)
358 break;
359 }
360
361 return errcode;
362}
363
364int
342fee1d
SK		 365p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
366 va_list ap)
ace51c4d
EVH		 367{
368 const char *ptr;
369 int errcode = 0;
370
371 for (ptr = fmt; *ptr; ptr++) {
372 switch (*ptr) {
373 case 'b':{
374 int8_t val = va_arg(ap, int);
375 if (pdu_write(pdu, &val, sizeof(val)))
376 errcode = -EFAULT;
377 }
378 break;
379 case 'w':{
beeebc92 380 __le16 val = cpu_to_le16(va_arg(ap, int));
ace51c4d
EVH		 381 if (pdu_write(pdu, &val, sizeof(val)))
382 errcode = -EFAULT;
383 }
384 break;
385 case 'd':{
beeebc92 386 __le32 val = cpu_to_le32(va_arg(ap, int32_t));
ace51c4d
EVH		 387 if (pdu_write(pdu, &val, sizeof(val)))
388 errcode = -EFAULT;
389 }
390 break;
391 case 'q':{
beeebc92 392 __le64 val = cpu_to_le64(va_arg(ap, int64_t));
ace51c4d
EVH		 393 if (pdu_write(pdu, &val, sizeof(val)))
394 errcode = -EFAULT;
395 }
396 break;
397 case 's':{
e45c5405 398 const char *sptr = va_arg(ap, const char *);
219fd58b 399 uint16_t len = 0;
e45c5405 400 if (sptr)
d31bb4f0 401 len = min_t(size_t, strlen(sptr),
219fd58b 402 USHRT_MAX);
ace51c4d 403
342fee1d
SK		 404 errcode = p9pdu_writef(pdu, proto_version,
405 "w", len);
e45c5405 406 if (!errcode && pdu_write(pdu, sptr, len))
ace51c4d
EVH		 407 errcode = -EFAULT;
408 }
409 break;
97fc8b1e
EB		 410 case 'u': {
411 kuid_t uid = va_arg(ap, kuid_t);
412 __le32 val = cpu_to_le32(
413 from_kuid(&init_user_ns, uid));
414 if (pdu_write(pdu, &val, sizeof(val)))
415 errcode = -EFAULT;
416 } break;
417 case 'g': {
418 kgid_t gid = va_arg(ap, kgid_t);
419 __le32 val = cpu_to_le32(
420 from_kgid(&init_user_ns, gid));
421 if (pdu_write(pdu, &val, sizeof(val)))
422 errcode = -EFAULT;
423 } break;
ace51c4d
EVH		 424 case 'Q':{
425 const struct p9_qid *qid =
426 va_arg(ap, const struct p9_qid *);
427 errcode =
342fee1d 428 p9pdu_writef(pdu, proto_version, "bdq",
ace51c4d
EVH		 429 qid->type, qid->version,
430 qid->path);
431 } break;
432 case 'S':{
433 const struct p9_wstat *stbuf =
434 va_arg(ap, const struct p9_wstat *);
435 errcode =
342fee1d 436 p9pdu_writef(pdu, proto_version,
447c5094 437 "wwdQdddqssss?sugu",
ace51c4d 438 stbuf->size, stbuf->type,
51a87c55 439 stbuf->dev, &stbuf->qid,
ace51c4d
EVH		 440 stbuf->mode, stbuf->atime,
441 stbuf->mtime, stbuf->length,
442 stbuf->name, stbuf->uid,
443 stbuf->gid, stbuf->muid,
444 stbuf->extension, stbuf->n_uid,
445 stbuf->n_gid, stbuf->n_muid);
446 } break;
4f3b35c1 447 case 'V':{
6250a8ba 448 uint32_t count = va_arg(ap, uint32_t);
4f3b35c1
AV		 449 struct iov_iter *from =
450 va_arg(ap, struct iov_iter *);
342fee1d
SK		 451 errcode = p9pdu_writef(pdu, proto_version, "d",
452 count);
4f3b35c1 453 if (!errcode && pdu_write_u(pdu, from, count))
51a87c55
EVH		 454 errcode = -EFAULT;
455 }
456 break;
ace51c4d 457 case 'T':{
b76225e2 458 uint16_t nwname = va_arg(ap, int);
ace51c4d
EVH		 459 const char **wnames = va_arg(ap, const char **);
460
342fee1d
SK		 461 errcode = p9pdu_writef(pdu, proto_version, "w",
462 nwname);
ace51c4d
EVH		 463 if (!errcode) {
464 int i;
465
466 for (i = 0; i < nwname; i++) {
467 errcode =
342fee1d
SK		 468 p9pdu_writef(pdu,
469 proto_version,
ace51c4d
EVH		 470 "s",
471 wnames[i]);
472 if (errcode)
473 break;
474 }
475 }
476 }
477 break;
478 case 'R':{
6250a8ba 479 uint16_t nwqid = va_arg(ap, int);
ace51c4d
EVH		 480 struct p9_qid *wqids =
481 va_arg(ap, struct p9_qid *);
482
342fee1d
SK		 483 errcode = p9pdu_writef(pdu, proto_version, "w",
484 nwqid);
ace51c4d
EVH		 485 if (!errcode) {
486 int i;
487
488 for (i = 0; i < nwqid; i++) {
489 errcode =
342fee1d
SK		 490 p9pdu_writef(pdu,
491 proto_version,
ace51c4d
EVH		 492 "Q",
493 &wqids[i]);
494 if (errcode)
495 break;
496 }
497 }
498 }
499 break;
87d7845a
SK		 500 case 'I':{
501 struct p9_iattr_dotl *p9attr = va_arg(ap,
502 struct p9_iattr_dotl *);
503
504 errcode = p9pdu_writef(pdu, proto_version,
447c5094 505 "ddugqqqqq",
87d7845a
SK		 506 p9attr->valid,
507 p9attr->mode,
508 p9attr->uid,
509 p9attr->gid,
510 p9attr->size,
511 p9attr->atime_sec,
512 p9attr->atime_nsec,
513 p9attr->mtime_sec,
514 p9attr->mtime_nsec);
515 }
516 break;
ace51c4d 517 case '?':
c56e4acf
SK		 518 if ((proto_version != p9_proto_2000u) &&
519 (proto_version != p9_proto_2000L))
ace51c4d
EVH		 520 return 0;
521 break;
522 default:
523 BUG();
524 break;
525 }
526
527 if (errcode)
528 break;
529 }
530
531 return errcode;
532}
533
342fee1d 534int p9pdu_readf(struct p9_fcall *pdu, int proto_version, const char *fmt, ...)
ace51c4d
EVH		 535{
536 va_list ap;
537 int ret;
538
539 va_start(ap, fmt);
342fee1d 540 ret = p9pdu_vreadf(pdu, proto_version, fmt, ap);
ace51c4d
EVH		 541 va_end(ap);
542
543 return ret;
544}
545
546static int
342fee1d 547p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...)
ace51c4d
EVH		 548{
549 va_list ap;
550 int ret;
551
552 va_start(ap, fmt);
342fee1d 553 ret = p9pdu_vwritef(pdu, proto_version, fmt, ap);
ace51c4d
EVH		 554 va_end(ap);
555
556 return ret;
557}
51a87c55 558
348b5901 559int p9stat_read(struct p9_client *clnt, char *buf, int len, struct p9_wstat *st)
02da398b
EVH		 560{
561 struct p9_fcall fake_pdu;
e7f4b8f1 562 int ret;
02da398b
EVH		 563
564 fake_pdu.size = len;
565 fake_pdu.capacity = len;
566 fake_pdu.sdata = buf;
567 fake_pdu.offset = 0;
568
348b5901 569 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "S", st);
e7f4b8f1 570 if (ret) {
5d385153 571 p9_debug(P9_DEBUG_9P, "<<< p9stat_read failed: %d\n", ret);
348b5901 572 trace_9p_protocol_dump(clnt, &fake_pdu);
fea7d0d3 573 return ret;
e7f4b8f1
EVH		 574 }
575
fea7d0d3 576 return fake_pdu.offset;
02da398b
EVH		 577}
578EXPORT_SYMBOL(p9stat_read);
579
51a87c55
EVH		 580int p9pdu_prepare(struct p9_fcall *pdu, int16_t tag, int8_t type)
581{
9bb6c10a 582 pdu->id = type;
51a87c55
EVH		 583 return p9pdu_writef(pdu, 0, "dbw", 0, type, tag);
584}
585
348b5901 586int p9pdu_finalize(struct p9_client *clnt, struct p9_fcall *pdu)
51a87c55
EVH		 587{
588 int size = pdu->size;
589 int err;
590
591 pdu->size = 0;
592 err = p9pdu_writef(pdu, 0, "d", size);
593 pdu->size = size;
594
348b5901 595 trace_9p_protocol_dump(clnt, pdu);
5d385153
JP		 596 p9_debug(P9_DEBUG_9P, ">>> size=%d type: %d tag: %d\n",
597 pdu->size, pdu->id, pdu->tag);
e7f4b8f1 598
51a87c55
EVH		 599 return err;
600}
601
602void p9pdu_reset(struct p9_fcall *pdu)
603{
604 pdu->offset = 0;
605 pdu->size = 0;
606}
7751bdb3 607
348b5901
AK		 608int p9dirent_read(struct p9_client *clnt, char *buf, int len,
609 struct p9_dirent *dirent)
7751bdb3
SK		 610{
611 struct p9_fcall fake_pdu;
612 int ret;
613 char *nameptr;
614
615 fake_pdu.size = len;
616 fake_pdu.capacity = len;
617 fake_pdu.sdata = buf;
618 fake_pdu.offset = 0;
619
348b5901
AK		 620 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "Qqbs", &dirent->qid,
621 &dirent->d_off, &dirent->d_type, &nameptr);
7751bdb3 622 if (ret) {
5d385153 623 p9_debug(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret);
348b5901 624 trace_9p_protocol_dump(clnt, &fake_pdu);
7751bdb3
SK		 625 goto out;
626 }
627
628 strcpy(dirent->d_name, nameptr);
1b0bcbcf 629 kfree(nameptr);
7751bdb3
SK		 630
631out:
632 return fake_pdu.offset;
633}
634EXPORT_SYMBOL(p9dirent_read);
Arne's tree of linux kernel.