]> git.proxmox.com Git - mirror_zfs.git/blob - module/os/linux/spl/spl-xdr.c
projects / mirror_zfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Replace ZFS on Linux references with OpenZFS
[mirror_zfs.git] / module / os / linux / spl / spl-xdr.c
1 /*
2 * Copyright (c) 2008-2010 Sun Microsystems, Inc.
3 * Written by Ricardo Correia <Ricardo.M.Correia@Sun.COM>
4 *
5 * This file is part of the SPL, Solaris Porting Layer.
6 *
7 * The SPL is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version.
11 *
12 * The SPL is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
19 *
20 * Solaris Porting Layer (SPL) XDR Implementation.
21 */
22
23 #include <linux/string.h>
24 #include <sys/kmem.h>
25 #include <sys/debug.h>
26 #include <sys/types.h>
27 #include <sys/sysmacros.h>
28 #include <rpc/xdr.h>
29
30 /*
31 * SPL's XDR mem implementation.
32 *
33 * This is used by libnvpair to serialize/deserialize the name-value pair data
34 * structures into byte arrays in a well-defined and portable manner.
35 *
36 * These data structures are used by the DMU/ZFS to flexibly manipulate various
37 * information in memory and later serialize it/deserialize it to disk.
38 * Examples of usages include the pool configuration, lists of pool and dataset
39 * properties, etc.
40 *
41 * Reference documentation for the XDR representation and XDR operations can be
42 * found in RFC 1832 and xdr(3), respectively.
43 *
44 * === Implementation shortcomings ===
45 *
46 * It is assumed that the following C types have the following sizes:
47 *
48 * char/unsigned char: 1 byte
49 * short/unsigned short: 2 bytes
50 * int/unsigned int: 4 bytes
51 * longlong_t/u_longlong_t: 8 bytes
52 *
53 * The C standard allows these types to be larger (and in the case of ints,
54 * shorter), so if that is the case on some compiler/architecture, the build
55 * will fail (on purpose).
56 *
57 * If someone wants to fix the code to work properly on such environments, then:
58 *
59 * 1) Preconditions should be added to xdrmem_enc functions to make sure the
60 * caller doesn't pass arguments which exceed the expected range.
61 * 2) Functions which take signed integers should be changed to properly do
62 * sign extension.
63 * 3) For ints with less than 32 bits, well.. I suspect you'll have bigger
64 * problems than this implementation.
65 *
66 * It is also assumed that:
67 *
68 * 1) Chars have 8 bits.
69 * 2) We can always do 32-bit-aligned int memory accesses and byte-aligned
70 * memcpy, memset and memcmp.
71 * 3) Arrays passed to xdr_array() are packed and the compiler/architecture
72 * supports element-sized-aligned memory accesses.
73 * 4) Negative integers are natively stored in two's complement binary
74 * representation.
75 *
76 * No checks are done for the 4 assumptions above, though.
77 *
78 * === Caller expectations ===
79 *
80 * Existing documentation does not describe the semantics of XDR operations very
81 * well. Therefore, some assumptions about failure semantics will be made and
82 * will be described below:
83 *
84 * 1) If any encoding operation fails (e.g., due to lack of buffer space), the
85 * the stream should be considered valid only up to the encoding operation
86 * previous to the one that first failed. However, the stream size as returned
87 * by xdr_control() cannot be considered to be strictly correct (it may be
88 * bigger).
89 *
90 * Putting it another way, if there is an encoding failure it's undefined
91 * whether anything is added to the stream in that operation and therefore
92 * neither xdr_control() nor future encoding operations on the same stream can
93 * be relied upon to produce correct results.
94 *
95 * 2) If a decoding operation fails, it's undefined whether anything will be
96 * decoded into passed buffers/pointers during that operation, or what the
97 * values on those buffers will look like.
98 *
99 * Future decoding operations on the same stream will also have similar
100 * undefined behavior.
101 *
102 * 3) When the first decoding operation fails it is OK to trust the results of
103 * previous decoding operations on the same stream, as long as the caller
104 * expects a failure to be possible (e.g. due to end-of-stream).
105 *
106 * However, this is highly discouraged because the caller should know the
107 * stream size and should be coded to expect any decoding failure to be data
108 * corruption due to hardware, accidental or even malicious causes, which should
109 * be handled gracefully in all cases.
110 *
111 * In very rare situations where there are strong reasons to believe the data
112 * can be trusted to be valid and non-tampered with, then the caller may assume
113 * a decoding failure to be a bug (e.g. due to mismatched data types) and may
114 * fail non-gracefully.
115 *
116 * 4) Non-zero padding bytes will cause the decoding operation to fail.
117 *
118 * 5) Zero bytes on string types will also cause the decoding operation to fail.
119 *
120 * 6) It is assumed that either the pointer to the stream buffer given by the
121 * caller is 32-bit aligned or the architecture supports non-32-bit-aligned int
122 * memory accesses.
123 *
124 * 7) The stream buffer and encoding/decoding buffers/ptrs should not overlap.
125 *
126 * 8) If a caller passes pointers to non-kernel memory (e.g., pointers to user
127 * space or MMIO space), the computer may explode.
128 */
129
130 static struct xdr_ops xdrmem_encode_ops;
131 static struct xdr_ops xdrmem_decode_ops;
132
133 void
134 xdrmem_create(XDR *xdrs, const caddr_t addr, const uint_t size,
135 const enum xdr_op op)
136 {
137 switch (op) {
138 case XDR_ENCODE:
139 xdrs->x_ops = &xdrmem_encode_ops;
140 break;
141 case XDR_DECODE:
142 xdrs->x_ops = &xdrmem_decode_ops;
143 break;
144 default:
145 xdrs->x_ops = NULL; /* Let the caller know we failed */
146 return;
147 }
148
149 xdrs->x_op = op;
150 xdrs->x_addr = addr;
151 xdrs->x_addr_end = addr + size;
152
153 if (xdrs->x_addr_end < xdrs->x_addr) {
154 xdrs->x_ops = NULL;
155 }
156 }
157 EXPORT_SYMBOL(xdrmem_create);
158
159 static bool_t
160 xdrmem_control(XDR *xdrs, int req, void *info)
161 {
162 struct xdr_bytesrec *rec = (struct xdr_bytesrec *)info;
163
164 if (req != XDR_GET_BYTES_AVAIL)
165 return (FALSE);
166
167 rec->xc_is_last_record = TRUE; /* always TRUE in xdrmem streams */
168 rec->xc_num_avail = xdrs->x_addr_end - xdrs->x_addr;
169
170 return (TRUE);
171 }
172
173 static bool_t
174 xdrmem_enc_bytes(XDR *xdrs, caddr_t cp, const uint_t cnt)
175 {
176 uint_t size = roundup(cnt, 4);
177 uint_t pad;
178
179 if (size < cnt)
180 return (FALSE); /* Integer overflow */
181
182 if (xdrs->x_addr > xdrs->x_addr_end)
183 return (FALSE);
184
185 if (xdrs->x_addr_end - xdrs->x_addr < size)
186 return (FALSE);
187
188 memcpy(xdrs->x_addr, cp, cnt);
189
190 xdrs->x_addr += cnt;
191
192 pad = size - cnt;
193 if (pad > 0) {
194 memset(xdrs->x_addr, 0, pad);
195 xdrs->x_addr += pad;
196 }
197
198 return (TRUE);
199 }
200
201 static bool_t
202 xdrmem_dec_bytes(XDR *xdrs, caddr_t cp, const uint_t cnt)
203 {
204 static uint32_t zero = 0;
205 uint_t size = roundup(cnt, 4);
206 uint_t pad;
207
208 if (size < cnt)
209 return (FALSE); /* Integer overflow */
210
211 if (xdrs->x_addr > xdrs->x_addr_end)
212 return (FALSE);
213
214 if (xdrs->x_addr_end - xdrs->x_addr < size)
215 return (FALSE);
216
217 memcpy(cp, xdrs->x_addr, cnt);
218 xdrs->x_addr += cnt;
219
220 pad = size - cnt;
221 if (pad > 0) {
222 /* An inverted memchr() would be useful here... */
223 if (memcmp(&zero, xdrs->x_addr, pad) != 0)
224 return (FALSE);
225
226 xdrs->x_addr += pad;
227 }
228
229 return (TRUE);
230 }
231
232 static bool_t
233 xdrmem_enc_uint32(XDR *xdrs, uint32_t val)
234 {
235 if (xdrs->x_addr + sizeof (uint32_t) > xdrs->x_addr_end)
236 return (FALSE);
237
238 *((uint32_t *)xdrs->x_addr) = cpu_to_be32(val);
239
240 xdrs->x_addr += sizeof (uint32_t);
241
242 return (TRUE);
243 }
244
245 static bool_t
246 xdrmem_dec_uint32(XDR *xdrs, uint32_t *val)
247 {
248 if (xdrs->x_addr + sizeof (uint32_t) > xdrs->x_addr_end)
249 return (FALSE);
250
251 *val = be32_to_cpu(*((uint32_t *)xdrs->x_addr));
252
253 xdrs->x_addr += sizeof (uint32_t);
254
255 return (TRUE);
256 }
257
258 static bool_t
259 xdrmem_enc_char(XDR *xdrs, char *cp)
260 {
261 uint32_t val;
262
263 BUILD_BUG_ON(sizeof (char) != 1);
264 val = *((unsigned char *) cp);
265
266 return (xdrmem_enc_uint32(xdrs, val));
267 }
268
269 static bool_t
270 xdrmem_dec_char(XDR *xdrs, char *cp)
271 {
272 uint32_t val;
273
274 BUILD_BUG_ON(sizeof (char) != 1);
275
276 if (!xdrmem_dec_uint32(xdrs, &val))
277 return (FALSE);
278
279 /*
280 * If any of the 3 other bytes are non-zero then val will be greater
281 * than 0xff and we fail because according to the RFC, this block does
282 * not have a char encoded in it.
283 */
284 if (val > 0xff)
285 return (FALSE);
286
287 *((unsigned char *) cp) = val;
288
289 return (TRUE);
290 }
291
292 static bool_t
293 xdrmem_enc_ushort(XDR *xdrs, unsigned short *usp)
294 {
295 BUILD_BUG_ON(sizeof (unsigned short) != 2);
296
297 return (xdrmem_enc_uint32(xdrs, *usp));
298 }
299
300 static bool_t
301 xdrmem_dec_ushort(XDR *xdrs, unsigned short *usp)
302 {
303 uint32_t val;
304
305 BUILD_BUG_ON(sizeof (unsigned short) != 2);
306
307 if (!xdrmem_dec_uint32(xdrs, &val))
308 return (FALSE);
309
310 /*
311 * Short ints are not in the RFC, but we assume similar logic as in
312 * xdrmem_dec_char().
313 */
314 if (val > 0xffff)
315 return (FALSE);
316
317 *usp = val;
318
319 return (TRUE);
320 }
321
322 static bool_t
323 xdrmem_enc_uint(XDR *xdrs, unsigned *up)
324 {
325 BUILD_BUG_ON(sizeof (unsigned) != 4);
326
327 return (xdrmem_enc_uint32(xdrs, *up));
328 }
329
330 static bool_t
331 xdrmem_dec_uint(XDR *xdrs, unsigned *up)
332 {
333 BUILD_BUG_ON(sizeof (unsigned) != 4);
334
335 return (xdrmem_dec_uint32(xdrs, (uint32_t *)up));
336 }
337
338 static bool_t
339 xdrmem_enc_ulonglong(XDR *xdrs, u_longlong_t *ullp)
340 {
341 BUILD_BUG_ON(sizeof (u_longlong_t) != 8);
342
343 if (!xdrmem_enc_uint32(xdrs, *ullp >> 32))
344 return (FALSE);
345
346 return (xdrmem_enc_uint32(xdrs, *ullp & 0xffffffff));
347 }
348
349 static bool_t
350 xdrmem_dec_ulonglong(XDR *xdrs, u_longlong_t *ullp)
351 {
352 uint32_t low, high;
353
354 BUILD_BUG_ON(sizeof (u_longlong_t) != 8);
355
356 if (!xdrmem_dec_uint32(xdrs, &high))
357 return (FALSE);
358 if (!xdrmem_dec_uint32(xdrs, &low))
359 return (FALSE);
360
361 *ullp = ((u_longlong_t)high << 32) | low;
362
363 return (TRUE);
364 }
365
366 static bool_t
367 xdr_enc_array(XDR *xdrs, caddr_t *arrp, uint_t *sizep, const uint_t maxsize,
368 const uint_t elsize, const xdrproc_t elproc)
369 {
370 uint_t i;
371 caddr_t addr = *arrp;
372
373 if (*sizep > maxsize || *sizep > UINT_MAX / elsize)
374 return (FALSE);
375
376 if (!xdrmem_enc_uint(xdrs, sizep))
377 return (FALSE);
378
379 for (i = 0; i < *sizep; i++) {
380 if (!elproc(xdrs, addr))
381 return (FALSE);
382 addr += elsize;
383 }
384
385 return (TRUE);
386 }
387
388 static bool_t
389 xdr_dec_array(XDR *xdrs, caddr_t *arrp, uint_t *sizep, const uint_t maxsize,
390 const uint_t elsize, const xdrproc_t elproc)
391 {
392 uint_t i, size;
393 bool_t alloc = FALSE;
394 caddr_t addr;
395
396 if (!xdrmem_dec_uint(xdrs, sizep))
397 return (FALSE);
398
399 size = *sizep;
400
401 if (size > maxsize || size > UINT_MAX / elsize)
402 return (FALSE);
403
404 /*
405 * The Solaris man page says: "If *arrp is NULL when decoding,
406 * xdr_array() allocates memory and *arrp points to it".
407 */
408 if (*arrp == NULL) {
409 BUILD_BUG_ON(sizeof (uint_t) > sizeof (size_t));
410
411 *arrp = kmem_alloc(size * elsize, KM_NOSLEEP);
412 if (*arrp == NULL)
413 return (FALSE);
414
415 alloc = TRUE;
416 }
417
418 addr = *arrp;
419
420 for (i = 0; i < size; i++) {
421 if (!elproc(xdrs, addr)) {
422 if (alloc)
423 kmem_free(*arrp, size * elsize);
424 return (FALSE);
425 }
426 addr += elsize;
427 }
428
429 return (TRUE);
430 }
431
432 static bool_t
433 xdr_enc_string(XDR *xdrs, char **sp, const uint_t maxsize)
434 {
435 size_t slen = strlen(*sp);
436 uint_t len;
437
438 if (slen > maxsize)
439 return (FALSE);
440
441 len = slen;
442
443 if (!xdrmem_enc_uint(xdrs, &len))
444 return (FALSE);
445
446 return (xdrmem_enc_bytes(xdrs, *sp, len));
447 }
448
449 static bool_t
450 xdr_dec_string(XDR *xdrs, char **sp, const uint_t maxsize)
451 {
452 uint_t size;
453 bool_t alloc = FALSE;
454
455 if (!xdrmem_dec_uint(xdrs, &size))
456 return (FALSE);
457
458 if (size > maxsize || size > UINT_MAX - 1)
459 return (FALSE);
460
461 /*
462 * Solaris man page: "If *sp is NULL when decoding, xdr_string()
463 * allocates memory and *sp points to it".
464 */
465 if (*sp == NULL) {
466 BUILD_BUG_ON(sizeof (uint_t) > sizeof (size_t));
467
468 *sp = kmem_alloc(size + 1, KM_NOSLEEP);
469 if (*sp == NULL)
470 return (FALSE);
471
472 alloc = TRUE;
473 }
474
475 if (!xdrmem_dec_bytes(xdrs, *sp, size))
476 goto fail;
477
478 if (memchr(*sp, 0, size) != NULL)
479 goto fail;
480
481 (*sp)[size] = '\0';
482
483 return (TRUE);
484
485 fail:
486 if (alloc)
487 kmem_free(*sp, size + 1);
488
489 return (FALSE);
490 }
491
492 static struct xdr_ops xdrmem_encode_ops = {
493 .xdr_control = xdrmem_control,
494 .xdr_char = xdrmem_enc_char,
495 .xdr_u_short = xdrmem_enc_ushort,
496 .xdr_u_int = xdrmem_enc_uint,
497 .xdr_u_longlong_t = xdrmem_enc_ulonglong,
498 .xdr_opaque = xdrmem_enc_bytes,
499 .xdr_string = xdr_enc_string,
500 .xdr_array = xdr_enc_array
501 };
502
503 static struct xdr_ops xdrmem_decode_ops = {
504 .xdr_control = xdrmem_control,
505 .xdr_char = xdrmem_dec_char,
506 .xdr_u_short = xdrmem_dec_ushort,
507 .xdr_u_int = xdrmem_dec_uint,
508 .xdr_u_longlong_t = xdrmem_dec_ulonglong,
509 .xdr_opaque = xdrmem_dec_bytes,
510 .xdr_string = xdr_dec_string,
511 .xdr_array = xdr_dec_array
512 };
ZFS On Linux mirror for PVE