1 /*
2  * linux/net/sunrpc/xdr.c
3  *
4  * Generic XDR support.
5  *
6  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
7  */
8 
9 #include <linux/module.h>
10 #include <linux/slab.h>
11 #include <linux/types.h>
12 #include <linux/string.h>
13 #include <linux/kernel.h>
14 #include <linux/pagemap.h>
15 #include <linux/errno.h>
16 #include <linux/sunrpc/xdr.h>
17 #include <linux/sunrpc/msg_prot.h>
18 
19 /*
20  * XDR functions for basic NFS types
21  */
22 __be32 *
xdr_encode_netobj(__be32 * p,const struct xdr_netobj * obj)23 xdr_encode_netobj(__be32 *p, const struct xdr_netobj *obj)
24 {
25 	unsigned int	quadlen = XDR_QUADLEN(obj->len);
26 
27 	p[quadlen] = 0;		/* zero trailing bytes */
28 	*p++ = cpu_to_be32(obj->len);
29 	memcpy(p, obj->data, obj->len);
30 	return p + XDR_QUADLEN(obj->len);
31 }
32 EXPORT_SYMBOL_GPL(xdr_encode_netobj);
33 
34 __be32 *
xdr_decode_netobj(__be32 * p,struct xdr_netobj * obj)35 xdr_decode_netobj(__be32 *p, struct xdr_netobj *obj)
36 {
37 	unsigned int	len;
38 
39 	if ((len = be32_to_cpu(*p++)) > XDR_MAX_NETOBJ)
40 		return NULL;
41 	obj->len  = len;
42 	obj->data = (u8 *) p;
43 	return p + XDR_QUADLEN(len);
44 }
45 EXPORT_SYMBOL_GPL(xdr_decode_netobj);
46 
47 /**
48  * xdr_encode_opaque_fixed - Encode fixed length opaque data
49  * @p: pointer to current position in XDR buffer.
50  * @ptr: pointer to data to encode (or NULL)
51  * @nbytes: size of data.
52  *
53  * Copy the array of data of length nbytes at ptr to the XDR buffer
54  * at position p, then align to the next 32-bit boundary by padding
55  * with zero bytes (see RFC1832).
56  * Note: if ptr is NULL, only the padding is performed.
57  *
58  * Returns the updated current XDR buffer position
59  *
60  */
xdr_encode_opaque_fixed(__be32 * p,const void * ptr,unsigned int nbytes)61 __be32 *xdr_encode_opaque_fixed(__be32 *p, const void *ptr, unsigned int nbytes)
62 {
63 	if (likely(nbytes != 0)) {
64 		unsigned int quadlen = XDR_QUADLEN(nbytes);
65 		unsigned int padding = (quadlen << 2) - nbytes;
66 
67 		if (ptr != NULL)
68 			memcpy(p, ptr, nbytes);
69 		if (padding != 0)
70 			memset((char *)p + nbytes, 0, padding);
71 		p += quadlen;
72 	}
73 	return p;
74 }
75 EXPORT_SYMBOL_GPL(xdr_encode_opaque_fixed);
76 
77 /**
78  * xdr_encode_opaque - Encode variable length opaque data
79  * @p: pointer to current position in XDR buffer.
80  * @ptr: pointer to data to encode (or NULL)
81  * @nbytes: size of data.
82  *
83  * Returns the updated current XDR buffer position
84  */
xdr_encode_opaque(__be32 * p,const void * ptr,unsigned int nbytes)85 __be32 *xdr_encode_opaque(__be32 *p, const void *ptr, unsigned int nbytes)
86 {
87 	*p++ = cpu_to_be32(nbytes);
88 	return xdr_encode_opaque_fixed(p, ptr, nbytes);
89 }
90 EXPORT_SYMBOL_GPL(xdr_encode_opaque);
91 
92 __be32 *
xdr_encode_string(__be32 * p,const char * string)93 xdr_encode_string(__be32 *p, const char *string)
94 {
95 	return xdr_encode_array(p, string, strlen(string));
96 }
97 EXPORT_SYMBOL_GPL(xdr_encode_string);
98 
99 __be32 *
xdr_decode_string_inplace(__be32 * p,char ** sp,unsigned int * lenp,unsigned int maxlen)100 xdr_decode_string_inplace(__be32 *p, char **sp,
101 			  unsigned int *lenp, unsigned int maxlen)
102 {
103 	u32 len;
104 
105 	len = be32_to_cpu(*p++);
106 	if (len > maxlen)
107 		return NULL;
108 	*lenp = len;
109 	*sp = (char *) p;
110 	return p + XDR_QUADLEN(len);
111 }
112 EXPORT_SYMBOL_GPL(xdr_decode_string_inplace);
113 
114 /**
115  * xdr_terminate_string - '\0'-terminate a string residing in an xdr_buf
116  * @buf: XDR buffer where string resides
117  * @len: length of string, in bytes
118  *
119  */
120 void
xdr_terminate_string(struct xdr_buf * buf,const u32 len)121 xdr_terminate_string(struct xdr_buf *buf, const u32 len)
122 {
123 	char *kaddr;
124 
125 	kaddr = kmap_atomic(buf->pages[0]);
126 	kaddr[buf->page_base + len] = '\0';
127 	kunmap_atomic(kaddr);
128 }
129 EXPORT_SYMBOL_GPL(xdr_terminate_string);
130 
131 void
xdr_inline_pages(struct xdr_buf * xdr,unsigned int offset,struct page ** pages,unsigned int base,unsigned int len)132 xdr_inline_pages(struct xdr_buf *xdr, unsigned int offset,
133 		 struct page **pages, unsigned int base, unsigned int len)
134 {
135 	struct kvec *head = xdr->head;
136 	struct kvec *tail = xdr->tail;
137 	char *buf = (char *)head->iov_base;
138 	unsigned int buflen = head->iov_len;
139 
140 	head->iov_len  = offset;
141 
142 	xdr->pages = pages;
143 	xdr->page_base = base;
144 	xdr->page_len = len;
145 
146 	tail->iov_base = buf + offset;
147 	tail->iov_len = buflen - offset;
148 
149 	xdr->buflen += len;
150 }
151 EXPORT_SYMBOL_GPL(xdr_inline_pages);
152 
153 /*
154  * Helper routines for doing 'memmove' like operations on a struct xdr_buf
155  */
156 
157 /**
158  * _shift_data_right_pages
159  * @pages: vector of pages containing both the source and dest memory area.
160  * @pgto_base: page vector address of destination
161  * @pgfrom_base: page vector address of source
162  * @len: number of bytes to copy
163  *
164  * Note: the addresses pgto_base and pgfrom_base are both calculated in
165  *       the same way:
166  *            if a memory area starts at byte 'base' in page 'pages[i]',
167  *            then its address is given as (i << PAGE_SHIFT) + base
168  * Also note: pgfrom_base must be < pgto_base, but the memory areas
169  * 	they point to may overlap.
170  */
171 static void
_shift_data_right_pages(struct page ** pages,size_t pgto_base,size_t pgfrom_base,size_t len)172 _shift_data_right_pages(struct page **pages, size_t pgto_base,
173 		size_t pgfrom_base, size_t len)
174 {
175 	struct page **pgfrom, **pgto;
176 	char *vfrom, *vto;
177 	size_t copy;
178 
179 	BUG_ON(pgto_base <= pgfrom_base);
180 
181 	pgto_base += len;
182 	pgfrom_base += len;
183 
184 	pgto = pages + (pgto_base >> PAGE_SHIFT);
185 	pgfrom = pages + (pgfrom_base >> PAGE_SHIFT);
186 
187 	pgto_base &= ~PAGE_MASK;
188 	pgfrom_base &= ~PAGE_MASK;
189 
190 	do {
191 		/* Are any pointers crossing a page boundary? */
192 		if (pgto_base == 0) {
193 			pgto_base = PAGE_SIZE;
194 			pgto--;
195 		}
196 		if (pgfrom_base == 0) {
197 			pgfrom_base = PAGE_SIZE;
198 			pgfrom--;
199 		}
200 
201 		copy = len;
202 		if (copy > pgto_base)
203 			copy = pgto_base;
204 		if (copy > pgfrom_base)
205 			copy = pgfrom_base;
206 		pgto_base -= copy;
207 		pgfrom_base -= copy;
208 
209 		vto = kmap_atomic(*pgto);
210 		if (*pgto != *pgfrom) {
211 			vfrom = kmap_atomic(*pgfrom);
212 			memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
213 			kunmap_atomic(vfrom);
214 		} else
215 			memmove(vto + pgto_base, vto + pgfrom_base, copy);
216 		flush_dcache_page(*pgto);
217 		kunmap_atomic(vto);
218 
219 	} while ((len -= copy) != 0);
220 }
221 
222 /**
223  * _copy_to_pages
224  * @pages: array of pages
225  * @pgbase: page vector address of destination
226  * @p: pointer to source data
227  * @len: length
228  *
229  * Copies data from an arbitrary memory location into an array of pages
230  * The copy is assumed to be non-overlapping.
231  */
232 static void
_copy_to_pages(struct page ** pages,size_t pgbase,const char * p,size_t len)233 _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
234 {
235 	struct page **pgto;
236 	char *vto;
237 	size_t copy;
238 
239 	pgto = pages + (pgbase >> PAGE_SHIFT);
240 	pgbase &= ~PAGE_MASK;
241 
242 	for (;;) {
243 		copy = PAGE_SIZE - pgbase;
244 		if (copy > len)
245 			copy = len;
246 
247 		vto = kmap_atomic(*pgto);
248 		memcpy(vto + pgbase, p, copy);
249 		kunmap_atomic(vto);
250 
251 		len -= copy;
252 		if (len == 0)
253 			break;
254 
255 		pgbase += copy;
256 		if (pgbase == PAGE_SIZE) {
257 			flush_dcache_page(*pgto);
258 			pgbase = 0;
259 			pgto++;
260 		}
261 		p += copy;
262 	}
263 	flush_dcache_page(*pgto);
264 }
265 
266 /**
267  * _copy_from_pages
268  * @p: pointer to destination
269  * @pages: array of pages
270  * @pgbase: offset of source data
271  * @len: length
272  *
273  * Copies data into an arbitrary memory location from an array of pages
274  * The copy is assumed to be non-overlapping.
275  */
276 void
_copy_from_pages(char * p,struct page ** pages,size_t pgbase,size_t len)277 _copy_from_pages(char *p, struct page **pages, size_t pgbase, size_t len)
278 {
279 	struct page **pgfrom;
280 	char *vfrom;
281 	size_t copy;
282 
283 	pgfrom = pages + (pgbase >> PAGE_SHIFT);
284 	pgbase &= ~PAGE_MASK;
285 
286 	do {
287 		copy = PAGE_SIZE - pgbase;
288 		if (copy > len)
289 			copy = len;
290 
291 		vfrom = kmap_atomic(*pgfrom);
292 		memcpy(p, vfrom + pgbase, copy);
293 		kunmap_atomic(vfrom);
294 
295 		pgbase += copy;
296 		if (pgbase == PAGE_SIZE) {
297 			pgbase = 0;
298 			pgfrom++;
299 		}
300 		p += copy;
301 
302 	} while ((len -= copy) != 0);
303 }
304 EXPORT_SYMBOL_GPL(_copy_from_pages);
305 
306 /**
307  * xdr_shrink_bufhead
308  * @buf: xdr_buf
309  * @len: bytes to remove from buf->head[0]
310  *
311  * Shrinks XDR buffer's header kvec buf->head[0] by
312  * 'len' bytes. The extra data is not lost, but is instead
313  * moved into the inlined pages and/or the tail.
314  */
315 static void
xdr_shrink_bufhead(struct xdr_buf * buf,size_t len)316 xdr_shrink_bufhead(struct xdr_buf *buf, size_t len)
317 {
318 	struct kvec *head, *tail;
319 	size_t copy, offs;
320 	unsigned int pglen = buf->page_len;
321 
322 	tail = buf->tail;
323 	head = buf->head;
324 
325 	WARN_ON_ONCE(len > head->iov_len);
326 	if (len > head->iov_len)
327 		len = head->iov_len;
328 
329 	/* Shift the tail first */
330 	if (tail->iov_len != 0) {
331 		if (tail->iov_len > len) {
332 			copy = tail->iov_len - len;
333 			memmove((char *)tail->iov_base + len,
334 					tail->iov_base, copy);
335 		}
336 		/* Copy from the inlined pages into the tail */
337 		copy = len;
338 		if (copy > pglen)
339 			copy = pglen;
340 		offs = len - copy;
341 		if (offs >= tail->iov_len)
342 			copy = 0;
343 		else if (copy > tail->iov_len - offs)
344 			copy = tail->iov_len - offs;
345 		if (copy != 0)
346 			_copy_from_pages((char *)tail->iov_base + offs,
347 					buf->pages,
348 					buf->page_base + pglen + offs - len,
349 					copy);
350 		/* Do we also need to copy data from the head into the tail ? */
351 		if (len > pglen) {
352 			offs = copy = len - pglen;
353 			if (copy > tail->iov_len)
354 				copy = tail->iov_len;
355 			memcpy(tail->iov_base,
356 					(char *)head->iov_base +
357 					head->iov_len - offs,
358 					copy);
359 		}
360 	}
361 	/* Now handle pages */
362 	if (pglen != 0) {
363 		if (pglen > len)
364 			_shift_data_right_pages(buf->pages,
365 					buf->page_base + len,
366 					buf->page_base,
367 					pglen - len);
368 		copy = len;
369 		if (len > pglen)
370 			copy = pglen;
371 		_copy_to_pages(buf->pages, buf->page_base,
372 				(char *)head->iov_base + head->iov_len - len,
373 				copy);
374 	}
375 	head->iov_len -= len;
376 	buf->buflen -= len;
377 	/* Have we truncated the message? */
378 	if (buf->len > buf->buflen)
379 		buf->len = buf->buflen;
380 }
381 
382 /**
383  * xdr_shrink_pagelen
384  * @buf: xdr_buf
385  * @len: bytes to remove from buf->pages
386  *
387  * Shrinks XDR buffer's page array buf->pages by
388  * 'len' bytes. The extra data is not lost, but is instead
389  * moved into the tail.
390  */
391 static void
xdr_shrink_pagelen(struct xdr_buf * buf,size_t len)392 xdr_shrink_pagelen(struct xdr_buf *buf, size_t len)
393 {
394 	struct kvec *tail;
395 	size_t copy;
396 	unsigned int pglen = buf->page_len;
397 	unsigned int tailbuf_len;
398 
399 	tail = buf->tail;
400 	BUG_ON (len > pglen);
401 
402 	tailbuf_len = buf->buflen - buf->head->iov_len - buf->page_len;
403 
404 	/* Shift the tail first */
405 	if (tailbuf_len != 0) {
406 		unsigned int free_space = tailbuf_len - tail->iov_len;
407 
408 		if (len < free_space)
409 			free_space = len;
410 		tail->iov_len += free_space;
411 
412 		copy = len;
413 		if (tail->iov_len > len) {
414 			char *p = (char *)tail->iov_base + len;
415 			memmove(p, tail->iov_base, tail->iov_len - len);
416 		} else
417 			copy = tail->iov_len;
418 		/* Copy from the inlined pages into the tail */
419 		_copy_from_pages((char *)tail->iov_base,
420 				buf->pages, buf->page_base + pglen - len,
421 				copy);
422 	}
423 	buf->page_len -= len;
424 	buf->buflen -= len;
425 	/* Have we truncated the message? */
426 	if (buf->len > buf->buflen)
427 		buf->len = buf->buflen;
428 }
429 
430 void
xdr_shift_buf(struct xdr_buf * buf,size_t len)431 xdr_shift_buf(struct xdr_buf *buf, size_t len)
432 {
433 	xdr_shrink_bufhead(buf, len);
434 }
435 EXPORT_SYMBOL_GPL(xdr_shift_buf);
436 
437 /**
438  * xdr_stream_pos - Return the current offset from the start of the xdr_stream
439  * @xdr: pointer to struct xdr_stream
440  */
xdr_stream_pos(const struct xdr_stream * xdr)441 unsigned int xdr_stream_pos(const struct xdr_stream *xdr)
442 {
443 	return (unsigned int)(XDR_QUADLEN(xdr->buf->len) - xdr->nwords) << 2;
444 }
445 EXPORT_SYMBOL_GPL(xdr_stream_pos);
446 
447 /**
448  * xdr_init_encode - Initialize a struct xdr_stream for sending data.
449  * @xdr: pointer to xdr_stream struct
450  * @buf: pointer to XDR buffer in which to encode data
451  * @p: current pointer inside XDR buffer
452  *
453  * Note: at the moment the RPC client only passes the length of our
454  *	 scratch buffer in the xdr_buf's header kvec. Previously this
455  *	 meant we needed to call xdr_adjust_iovec() after encoding the
456  *	 data. With the new scheme, the xdr_stream manages the details
457  *	 of the buffer length, and takes care of adjusting the kvec
458  *	 length for us.
459  */
xdr_init_encode(struct xdr_stream * xdr,struct xdr_buf * buf,__be32 * p)460 void xdr_init_encode(struct xdr_stream *xdr, struct xdr_buf *buf, __be32 *p)
461 {
462 	struct kvec *iov = buf->head;
463 	int scratch_len = buf->buflen - buf->page_len - buf->tail[0].iov_len;
464 
465 	xdr_set_scratch_buffer(xdr, NULL, 0);
466 	BUG_ON(scratch_len < 0);
467 	xdr->buf = buf;
468 	xdr->iov = iov;
469 	xdr->p = (__be32 *)((char *)iov->iov_base + iov->iov_len);
470 	xdr->end = (__be32 *)((char *)iov->iov_base + scratch_len);
471 	BUG_ON(iov->iov_len > scratch_len);
472 
473 	if (p != xdr->p && p != NULL) {
474 		size_t len;
475 
476 		BUG_ON(p < xdr->p || p > xdr->end);
477 		len = (char *)p - (char *)xdr->p;
478 		xdr->p = p;
479 		buf->len += len;
480 		iov->iov_len += len;
481 	}
482 }
483 EXPORT_SYMBOL_GPL(xdr_init_encode);
484 
485 /**
486  * xdr_commit_encode - Ensure all data is written to buffer
487  * @xdr: pointer to xdr_stream
488  *
489  * We handle encoding across page boundaries by giving the caller a
490  * temporary location to write to, then later copying the data into
491  * place; xdr_commit_encode does that copying.
492  *
493  * Normally the caller doesn't need to call this directly, as the
494  * following xdr_reserve_space will do it.  But an explicit call may be
495  * required at the end of encoding, or any other time when the xdr_buf
496  * data might be read.
497  */
xdr_commit_encode(struct xdr_stream * xdr)498 void xdr_commit_encode(struct xdr_stream *xdr)
499 {
500 	int shift = xdr->scratch.iov_len;
501 	void *page;
502 
503 	if (shift == 0)
504 		return;
505 	page = page_address(*xdr->page_ptr);
506 	memcpy(xdr->scratch.iov_base, page, shift);
507 	memmove(page, page + shift, (void *)xdr->p - page);
508 	xdr->scratch.iov_len = 0;
509 }
510 EXPORT_SYMBOL_GPL(xdr_commit_encode);
511 
xdr_get_next_encode_buffer(struct xdr_stream * xdr,size_t nbytes)512 static __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr,
513 		size_t nbytes)
514 {
515 	static __be32 *p;
516 	int space_left;
517 	int frag1bytes, frag2bytes;
518 
519 	if (nbytes > PAGE_SIZE)
520 		return NULL; /* Bigger buffers require special handling */
521 	if (xdr->buf->len + nbytes > xdr->buf->buflen)
522 		return NULL; /* Sorry, we're totally out of space */
523 	frag1bytes = (xdr->end - xdr->p) << 2;
524 	frag2bytes = nbytes - frag1bytes;
525 	if (xdr->iov)
526 		xdr->iov->iov_len += frag1bytes;
527 	else
528 		xdr->buf->page_len += frag1bytes;
529 	xdr->page_ptr++;
530 	xdr->iov = NULL;
531 	/*
532 	 * If the last encode didn't end exactly on a page boundary, the
533 	 * next one will straddle boundaries.  Encode into the next
534 	 * page, then copy it back later in xdr_commit_encode.  We use
535 	 * the "scratch" iov to track any temporarily unused fragment of
536 	 * space at the end of the previous buffer:
537 	 */
538 	xdr->scratch.iov_base = xdr->p;
539 	xdr->scratch.iov_len = frag1bytes;
540 	p = page_address(*xdr->page_ptr);
541 	/*
542 	 * Note this is where the next encode will start after we've
543 	 * shifted this one back:
544 	 */
545 	xdr->p = (void *)p + frag2bytes;
546 	space_left = xdr->buf->buflen - xdr->buf->len;
547 	xdr->end = (void *)p + min_t(int, space_left, PAGE_SIZE);
548 	xdr->buf->page_len += frag2bytes;
549 	xdr->buf->len += nbytes;
550 	return p;
551 }
552 
553 /**
554  * xdr_reserve_space - Reserve buffer space for sending
555  * @xdr: pointer to xdr_stream
556  * @nbytes: number of bytes to reserve
557  *
558  * Checks that we have enough buffer space to encode 'nbytes' more
559  * bytes of data. If so, update the total xdr_buf length, and
560  * adjust the length of the current kvec.
561  */
xdr_reserve_space(struct xdr_stream * xdr,size_t nbytes)562 __be32 * xdr_reserve_space(struct xdr_stream *xdr, size_t nbytes)
563 {
564 	__be32 *p = xdr->p;
565 	__be32 *q;
566 
567 	xdr_commit_encode(xdr);
568 	/* align nbytes on the next 32-bit boundary */
569 	nbytes += 3;
570 	nbytes &= ~3;
571 	q = p + (nbytes >> 2);
572 	if (unlikely(q > xdr->end || q < p))
573 		return xdr_get_next_encode_buffer(xdr, nbytes);
574 	xdr->p = q;
575 	if (xdr->iov)
576 		xdr->iov->iov_len += nbytes;
577 	else
578 		xdr->buf->page_len += nbytes;
579 	xdr->buf->len += nbytes;
580 	return p;
581 }
582 EXPORT_SYMBOL_GPL(xdr_reserve_space);
583 
584 /**
585  * xdr_truncate_encode - truncate an encode buffer
586  * @xdr: pointer to xdr_stream
587  * @len: new length of buffer
588  *
589  * Truncates the xdr stream, so that xdr->buf->len == len,
590  * and xdr->p points at offset len from the start of the buffer, and
591  * head, tail, and page lengths are adjusted to correspond.
592  *
593  * If this means moving xdr->p to a different buffer, we assume that
594  * that the end pointer should be set to the end of the current page,
595  * except in the case of the head buffer when we assume the head
596  * buffer's current length represents the end of the available buffer.
597  *
598  * This is *not* safe to use on a buffer that already has inlined page
599  * cache pages (as in a zero-copy server read reply), except for the
600  * simple case of truncating from one position in the tail to another.
601  *
602  */
xdr_truncate_encode(struct xdr_stream * xdr,size_t len)603 void xdr_truncate_encode(struct xdr_stream *xdr, size_t len)
604 {
605 	struct xdr_buf *buf = xdr->buf;
606 	struct kvec *head = buf->head;
607 	struct kvec *tail = buf->tail;
608 	int fraglen;
609 	int new;
610 
611 	if (len > buf->len) {
612 		WARN_ON_ONCE(1);
613 		return;
614 	}
615 	xdr_commit_encode(xdr);
616 
617 	fraglen = min_t(int, buf->len - len, tail->iov_len);
618 	tail->iov_len -= fraglen;
619 	buf->len -= fraglen;
620 	if (tail->iov_len) {
621 		xdr->p = tail->iov_base + tail->iov_len;
622 		WARN_ON_ONCE(!xdr->end);
623 		WARN_ON_ONCE(!xdr->iov);
624 		return;
625 	}
626 	WARN_ON_ONCE(fraglen);
627 	fraglen = min_t(int, buf->len - len, buf->page_len);
628 	buf->page_len -= fraglen;
629 	buf->len -= fraglen;
630 
631 	new = buf->page_base + buf->page_len;
632 
633 	xdr->page_ptr = buf->pages + (new >> PAGE_SHIFT);
634 
635 	if (buf->page_len) {
636 		xdr->p = page_address(*xdr->page_ptr);
637 		xdr->end = (void *)xdr->p + PAGE_SIZE;
638 		xdr->p = (void *)xdr->p + (new % PAGE_SIZE);
639 		WARN_ON_ONCE(xdr->iov);
640 		return;
641 	}
642 	if (fraglen) {
643 		xdr->end = head->iov_base + head->iov_len;
644 		xdr->page_ptr--;
645 	}
646 	/* (otherwise assume xdr->end is already set) */
647 	head->iov_len = len;
648 	buf->len = len;
649 	xdr->p = head->iov_base + head->iov_len;
650 	xdr->iov = buf->head;
651 }
652 EXPORT_SYMBOL(xdr_truncate_encode);
653 
654 /**
655  * xdr_restrict_buflen - decrease available buffer space
656  * @xdr: pointer to xdr_stream
657  * @newbuflen: new maximum number of bytes available
658  *
659  * Adjust our idea of how much space is available in the buffer.
660  * If we've already used too much space in the buffer, returns -1.
661  * If the available space is already smaller than newbuflen, returns 0
662  * and does nothing.  Otherwise, adjusts xdr->buf->buflen to newbuflen
663  * and ensures xdr->end is set at most offset newbuflen from the start
664  * of the buffer.
665  */
xdr_restrict_buflen(struct xdr_stream * xdr,int newbuflen)666 int xdr_restrict_buflen(struct xdr_stream *xdr, int newbuflen)
667 {
668 	struct xdr_buf *buf = xdr->buf;
669 	int left_in_this_buf = (void *)xdr->end - (void *)xdr->p;
670 	int end_offset = buf->len + left_in_this_buf;
671 
672 	if (newbuflen < 0 || newbuflen < buf->len)
673 		return -1;
674 	if (newbuflen > buf->buflen)
675 		return 0;
676 	if (newbuflen < end_offset)
677 		xdr->end = (void *)xdr->end + newbuflen - end_offset;
678 	buf->buflen = newbuflen;
679 	return 0;
680 }
681 EXPORT_SYMBOL(xdr_restrict_buflen);
682 
683 /**
684  * xdr_write_pages - Insert a list of pages into an XDR buffer for sending
685  * @xdr: pointer to xdr_stream
686  * @pages: list of pages
687  * @base: offset of first byte
688  * @len: length of data in bytes
689  *
690  */
xdr_write_pages(struct xdr_stream * xdr,struct page ** pages,unsigned int base,unsigned int len)691 void xdr_write_pages(struct xdr_stream *xdr, struct page **pages, unsigned int base,
692 		 unsigned int len)
693 {
694 	struct xdr_buf *buf = xdr->buf;
695 	struct kvec *iov = buf->tail;
696 	buf->pages = pages;
697 	buf->page_base = base;
698 	buf->page_len = len;
699 
700 	iov->iov_base = (char *)xdr->p;
701 	iov->iov_len  = 0;
702 	xdr->iov = iov;
703 
704 	if (len & 3) {
705 		unsigned int pad = 4 - (len & 3);
706 
707 		BUG_ON(xdr->p >= xdr->end);
708 		iov->iov_base = (char *)xdr->p + (len & 3);
709 		iov->iov_len  += pad;
710 		len += pad;
711 		*xdr->p++ = 0;
712 	}
713 	buf->buflen += len;
714 	buf->len += len;
715 }
716 EXPORT_SYMBOL_GPL(xdr_write_pages);
717 
xdr_set_iov(struct xdr_stream * xdr,struct kvec * iov,unsigned int len)718 static void xdr_set_iov(struct xdr_stream *xdr, struct kvec *iov,
719 		unsigned int len)
720 {
721 	if (len > iov->iov_len)
722 		len = iov->iov_len;
723 	xdr->p = (__be32*)iov->iov_base;
724 	xdr->end = (__be32*)(iov->iov_base + len);
725 	xdr->iov = iov;
726 	xdr->page_ptr = NULL;
727 }
728 
xdr_set_page_base(struct xdr_stream * xdr,unsigned int base,unsigned int len)729 static int xdr_set_page_base(struct xdr_stream *xdr,
730 		unsigned int base, unsigned int len)
731 {
732 	unsigned int pgnr;
733 	unsigned int maxlen;
734 	unsigned int pgoff;
735 	unsigned int pgend;
736 	void *kaddr;
737 
738 	maxlen = xdr->buf->page_len;
739 	if (base >= maxlen)
740 		return -EINVAL;
741 	maxlen -= base;
742 	if (len > maxlen)
743 		len = maxlen;
744 
745 	base += xdr->buf->page_base;
746 
747 	pgnr = base >> PAGE_SHIFT;
748 	xdr->page_ptr = &xdr->buf->pages[pgnr];
749 	kaddr = page_address(*xdr->page_ptr);
750 
751 	pgoff = base & ~PAGE_MASK;
752 	xdr->p = (__be32*)(kaddr + pgoff);
753 
754 	pgend = pgoff + len;
755 	if (pgend > PAGE_SIZE)
756 		pgend = PAGE_SIZE;
757 	xdr->end = (__be32*)(kaddr + pgend);
758 	xdr->iov = NULL;
759 	return 0;
760 }
761 
xdr_set_next_page(struct xdr_stream * xdr)762 static void xdr_set_next_page(struct xdr_stream *xdr)
763 {
764 	unsigned int newbase;
765 
766 	newbase = (1 + xdr->page_ptr - xdr->buf->pages) << PAGE_SHIFT;
767 	newbase -= xdr->buf->page_base;
768 
769 	if (xdr_set_page_base(xdr, newbase, PAGE_SIZE) < 0)
770 		xdr_set_iov(xdr, xdr->buf->tail, xdr->nwords << 2);
771 }
772 
xdr_set_next_buffer(struct xdr_stream * xdr)773 static bool xdr_set_next_buffer(struct xdr_stream *xdr)
774 {
775 	if (xdr->page_ptr != NULL)
776 		xdr_set_next_page(xdr);
777 	else if (xdr->iov == xdr->buf->head) {
778 		if (xdr_set_page_base(xdr, 0, PAGE_SIZE) < 0)
779 			xdr_set_iov(xdr, xdr->buf->tail, xdr->nwords << 2);
780 	}
781 	return xdr->p != xdr->end;
782 }
783 
784 /**
785  * xdr_init_decode - Initialize an xdr_stream for decoding data.
786  * @xdr: pointer to xdr_stream struct
787  * @buf: pointer to XDR buffer from which to decode data
788  * @p: current pointer inside XDR buffer
789  */
xdr_init_decode(struct xdr_stream * xdr,struct xdr_buf * buf,__be32 * p)790 void xdr_init_decode(struct xdr_stream *xdr, struct xdr_buf *buf, __be32 *p)
791 {
792 	xdr->buf = buf;
793 	xdr->scratch.iov_base = NULL;
794 	xdr->scratch.iov_len = 0;
795 	xdr->nwords = XDR_QUADLEN(buf->len);
796 	if (buf->head[0].iov_len != 0)
797 		xdr_set_iov(xdr, buf->head, buf->len);
798 	else if (buf->page_len != 0)
799 		xdr_set_page_base(xdr, 0, buf->len);
800 	else
801 		xdr_set_iov(xdr, buf->head, buf->len);
802 	if (p != NULL && p > xdr->p && xdr->end >= p) {
803 		xdr->nwords -= p - xdr->p;
804 		xdr->p = p;
805 	}
806 }
807 EXPORT_SYMBOL_GPL(xdr_init_decode);
808 
809 /**
810  * xdr_init_decode_pages - Initialize an xdr_stream for decoding into pages
811  * @xdr: pointer to xdr_stream struct
812  * @buf: pointer to XDR buffer from which to decode data
813  * @pages: list of pages to decode into
814  * @len: length in bytes of buffer in pages
815  */
xdr_init_decode_pages(struct xdr_stream * xdr,struct xdr_buf * buf,struct page ** pages,unsigned int len)816 void xdr_init_decode_pages(struct xdr_stream *xdr, struct xdr_buf *buf,
817 			   struct page **pages, unsigned int len)
818 {
819 	memset(buf, 0, sizeof(*buf));
820 	buf->pages =  pages;
821 	buf->page_len =  len;
822 	buf->buflen =  len;
823 	buf->len = len;
824 	xdr_init_decode(xdr, buf, NULL);
825 }
826 EXPORT_SYMBOL_GPL(xdr_init_decode_pages);
827 
__xdr_inline_decode(struct xdr_stream * xdr,size_t nbytes)828 static __be32 * __xdr_inline_decode(struct xdr_stream *xdr, size_t nbytes)
829 {
830 	unsigned int nwords = XDR_QUADLEN(nbytes);
831 	__be32 *p = xdr->p;
832 	__be32 *q = p + nwords;
833 
834 	if (unlikely(nwords > xdr->nwords || q > xdr->end || q < p))
835 		return NULL;
836 	xdr->p = q;
837 	xdr->nwords -= nwords;
838 	return p;
839 }
840 
841 /**
842  * xdr_set_scratch_buffer - Attach a scratch buffer for decoding data.
843  * @xdr: pointer to xdr_stream struct
844  * @buf: pointer to an empty buffer
845  * @buflen: size of 'buf'
846  *
847  * The scratch buffer is used when decoding from an array of pages.
848  * If an xdr_inline_decode() call spans across page boundaries, then
849  * we copy the data into the scratch buffer in order to allow linear
850  * access.
851  */
xdr_set_scratch_buffer(struct xdr_stream * xdr,void * buf,size_t buflen)852 void xdr_set_scratch_buffer(struct xdr_stream *xdr, void *buf, size_t buflen)
853 {
854 	xdr->scratch.iov_base = buf;
855 	xdr->scratch.iov_len = buflen;
856 }
857 EXPORT_SYMBOL_GPL(xdr_set_scratch_buffer);
858 
xdr_copy_to_scratch(struct xdr_stream * xdr,size_t nbytes)859 static __be32 *xdr_copy_to_scratch(struct xdr_stream *xdr, size_t nbytes)
860 {
861 	__be32 *p;
862 	char *cpdest = xdr->scratch.iov_base;
863 	size_t cplen = (char *)xdr->end - (char *)xdr->p;
864 
865 	if (nbytes > xdr->scratch.iov_len)
866 		return NULL;
867 	p = __xdr_inline_decode(xdr, cplen);
868 	if (p == NULL)
869 		return NULL;
870 	memcpy(cpdest, p, cplen);
871 	cpdest += cplen;
872 	nbytes -= cplen;
873 	if (!xdr_set_next_buffer(xdr))
874 		return NULL;
875 	p = __xdr_inline_decode(xdr, nbytes);
876 	if (p == NULL)
877 		return NULL;
878 	memcpy(cpdest, p, nbytes);
879 	return xdr->scratch.iov_base;
880 }
881 
882 /**
883  * xdr_inline_decode - Retrieve XDR data to decode
884  * @xdr: pointer to xdr_stream struct
885  * @nbytes: number of bytes of data to decode
886  *
887  * Check if the input buffer is long enough to enable us to decode
888  * 'nbytes' more bytes of data starting at the current position.
889  * If so return the current pointer, then update the current
890  * pointer position.
891  */
xdr_inline_decode(struct xdr_stream * xdr,size_t nbytes)892 __be32 * xdr_inline_decode(struct xdr_stream *xdr, size_t nbytes)
893 {
894 	__be32 *p;
895 
896 	if (nbytes == 0)
897 		return xdr->p;
898 	if (xdr->p == xdr->end && !xdr_set_next_buffer(xdr))
899 		return NULL;
900 	p = __xdr_inline_decode(xdr, nbytes);
901 	if (p != NULL)
902 		return p;
903 	return xdr_copy_to_scratch(xdr, nbytes);
904 }
905 EXPORT_SYMBOL_GPL(xdr_inline_decode);
906 
xdr_align_pages(struct xdr_stream * xdr,unsigned int len)907 static unsigned int xdr_align_pages(struct xdr_stream *xdr, unsigned int len)
908 {
909 	struct xdr_buf *buf = xdr->buf;
910 	struct kvec *iov;
911 	unsigned int nwords = XDR_QUADLEN(len);
912 	unsigned int cur = xdr_stream_pos(xdr);
913 
914 	if (xdr->nwords == 0)
915 		return 0;
916 	/* Realign pages to current pointer position */
917 	iov  = buf->head;
918 	if (iov->iov_len > cur) {
919 		xdr_shrink_bufhead(buf, iov->iov_len - cur);
920 		xdr->nwords = XDR_QUADLEN(buf->len - cur);
921 	}
922 
923 	if (nwords > xdr->nwords) {
924 		nwords = xdr->nwords;
925 		len = nwords << 2;
926 	}
927 	if (buf->page_len <= len)
928 		len = buf->page_len;
929 	else if (nwords < xdr->nwords) {
930 		/* Truncate page data and move it into the tail */
931 		xdr_shrink_pagelen(buf, buf->page_len - len);
932 		xdr->nwords = XDR_QUADLEN(buf->len - cur);
933 	}
934 	return len;
935 }
936 
937 /**
938  * xdr_read_pages - Ensure page-based XDR data to decode is aligned at current pointer position
939  * @xdr: pointer to xdr_stream struct
940  * @len: number of bytes of page data
941  *
942  * Moves data beyond the current pointer position from the XDR head[] buffer
943  * into the page list. Any data that lies beyond current position + "len"
944  * bytes is moved into the XDR tail[].
945  *
946  * Returns the number of XDR encoded bytes now contained in the pages
947  */
xdr_read_pages(struct xdr_stream * xdr,unsigned int len)948 unsigned int xdr_read_pages(struct xdr_stream *xdr, unsigned int len)
949 {
950 	struct xdr_buf *buf = xdr->buf;
951 	struct kvec *iov;
952 	unsigned int nwords;
953 	unsigned int end;
954 	unsigned int padding;
955 
956 	len = xdr_align_pages(xdr, len);
957 	if (len == 0)
958 		return 0;
959 	nwords = XDR_QUADLEN(len);
960 	padding = (nwords << 2) - len;
961 	xdr->iov = iov = buf->tail;
962 	/* Compute remaining message length.  */
963 	end = ((xdr->nwords - nwords) << 2) + padding;
964 	if (end > iov->iov_len)
965 		end = iov->iov_len;
966 
967 	/*
968 	 * Position current pointer at beginning of tail, and
969 	 * set remaining message length.
970 	 */
971 	xdr->p = (__be32 *)((char *)iov->iov_base + padding);
972 	xdr->end = (__be32 *)((char *)iov->iov_base + end);
973 	xdr->page_ptr = NULL;
974 	xdr->nwords = XDR_QUADLEN(end - padding);
975 	return len;
976 }
977 EXPORT_SYMBOL_GPL(xdr_read_pages);
978 
979 /**
980  * xdr_enter_page - decode data from the XDR page
981  * @xdr: pointer to xdr_stream struct
982  * @len: number of bytes of page data
983  *
984  * Moves data beyond the current pointer position from the XDR head[] buffer
985  * into the page list. Any data that lies beyond current position + "len"
986  * bytes is moved into the XDR tail[]. The current pointer is then
987  * repositioned at the beginning of the first XDR page.
988  */
xdr_enter_page(struct xdr_stream * xdr,unsigned int len)989 void xdr_enter_page(struct xdr_stream *xdr, unsigned int len)
990 {
991 	len = xdr_align_pages(xdr, len);
992 	/*
993 	 * Position current pointer at beginning of tail, and
994 	 * set remaining message length.
995 	 */
996 	if (len != 0)
997 		xdr_set_page_base(xdr, 0, len);
998 }
999 EXPORT_SYMBOL_GPL(xdr_enter_page);
1000 
1001 static struct kvec empty_iov = {.iov_base = NULL, .iov_len = 0};
1002 
1003 void
xdr_buf_from_iov(struct kvec * iov,struct xdr_buf * buf)1004 xdr_buf_from_iov(struct kvec *iov, struct xdr_buf *buf)
1005 {
1006 	buf->head[0] = *iov;
1007 	buf->tail[0] = empty_iov;
1008 	buf->page_len = 0;
1009 	buf->buflen = buf->len = iov->iov_len;
1010 }
1011 EXPORT_SYMBOL_GPL(xdr_buf_from_iov);
1012 
1013 /**
1014  * xdr_buf_subsegment - set subbuf to a portion of buf
1015  * @buf: an xdr buffer
1016  * @subbuf: the result buffer
1017  * @base: beginning of range in bytes
1018  * @len: length of range in bytes
1019  *
1020  * sets @subbuf to an xdr buffer representing the portion of @buf of
1021  * length @len starting at offset @base.
1022  *
1023  * @buf and @subbuf may be pointers to the same struct xdr_buf.
1024  *
1025  * Returns -1 if base of length are out of bounds.
1026  */
1027 int
xdr_buf_subsegment(struct xdr_buf * buf,struct xdr_buf * subbuf,unsigned int base,unsigned int len)1028 xdr_buf_subsegment(struct xdr_buf *buf, struct xdr_buf *subbuf,
1029 			unsigned int base, unsigned int len)
1030 {
1031 	subbuf->buflen = subbuf->len = len;
1032 	if (base < buf->head[0].iov_len) {
1033 		subbuf->head[0].iov_base = buf->head[0].iov_base + base;
1034 		subbuf->head[0].iov_len = min_t(unsigned int, len,
1035 						buf->head[0].iov_len - base);
1036 		len -= subbuf->head[0].iov_len;
1037 		base = 0;
1038 	} else {
1039 		base -= buf->head[0].iov_len;
1040 		subbuf->head[0].iov_len = 0;
1041 	}
1042 
1043 	if (base < buf->page_len) {
1044 		subbuf->page_len = min(buf->page_len - base, len);
1045 		base += buf->page_base;
1046 		subbuf->page_base = base & ~PAGE_MASK;
1047 		subbuf->pages = &buf->pages[base >> PAGE_SHIFT];
1048 		len -= subbuf->page_len;
1049 		base = 0;
1050 	} else {
1051 		base -= buf->page_len;
1052 		subbuf->page_len = 0;
1053 	}
1054 
1055 	if (base < buf->tail[0].iov_len) {
1056 		subbuf->tail[0].iov_base = buf->tail[0].iov_base + base;
1057 		subbuf->tail[0].iov_len = min_t(unsigned int, len,
1058 						buf->tail[0].iov_len - base);
1059 		len -= subbuf->tail[0].iov_len;
1060 		base = 0;
1061 	} else {
1062 		base -= buf->tail[0].iov_len;
1063 		subbuf->tail[0].iov_len = 0;
1064 	}
1065 
1066 	if (base || len)
1067 		return -1;
1068 	return 0;
1069 }
1070 EXPORT_SYMBOL_GPL(xdr_buf_subsegment);
1071 
1072 /**
1073  * xdr_buf_trim - lop at most "len" bytes off the end of "buf"
1074  * @buf: buf to be trimmed
1075  * @len: number of bytes to reduce "buf" by
1076  *
1077  * Trim an xdr_buf by the given number of bytes by fixing up the lengths. Note
1078  * that it's possible that we'll trim less than that amount if the xdr_buf is
1079  * too small, or if (for instance) it's all in the head and the parser has
1080  * already read too far into it.
1081  */
xdr_buf_trim(struct xdr_buf * buf,unsigned int len)1082 void xdr_buf_trim(struct xdr_buf *buf, unsigned int len)
1083 {
1084 	size_t cur;
1085 	unsigned int trim = len;
1086 
1087 	if (buf->tail[0].iov_len) {
1088 		cur = min_t(size_t, buf->tail[0].iov_len, trim);
1089 		buf->tail[0].iov_len -= cur;
1090 		trim -= cur;
1091 		if (!trim)
1092 			goto fix_len;
1093 	}
1094 
1095 	if (buf->page_len) {
1096 		cur = min_t(unsigned int, buf->page_len, trim);
1097 		buf->page_len -= cur;
1098 		trim -= cur;
1099 		if (!trim)
1100 			goto fix_len;
1101 	}
1102 
1103 	if (buf->head[0].iov_len) {
1104 		cur = min_t(size_t, buf->head[0].iov_len, trim);
1105 		buf->head[0].iov_len -= cur;
1106 		trim -= cur;
1107 	}
1108 fix_len:
1109 	buf->len -= (len - trim);
1110 }
1111 EXPORT_SYMBOL_GPL(xdr_buf_trim);
1112 
__read_bytes_from_xdr_buf(struct xdr_buf * subbuf,void * obj,unsigned int len)1113 static void __read_bytes_from_xdr_buf(struct xdr_buf *subbuf, void *obj, unsigned int len)
1114 {
1115 	unsigned int this_len;
1116 
1117 	this_len = min_t(unsigned int, len, subbuf->head[0].iov_len);
1118 	memcpy(obj, subbuf->head[0].iov_base, this_len);
1119 	len -= this_len;
1120 	obj += this_len;
1121 	this_len = min_t(unsigned int, len, subbuf->page_len);
1122 	if (this_len)
1123 		_copy_from_pages(obj, subbuf->pages, subbuf->page_base, this_len);
1124 	len -= this_len;
1125 	obj += this_len;
1126 	this_len = min_t(unsigned int, len, subbuf->tail[0].iov_len);
1127 	memcpy(obj, subbuf->tail[0].iov_base, this_len);
1128 }
1129 
1130 /* obj is assumed to point to allocated memory of size at least len: */
read_bytes_from_xdr_buf(struct xdr_buf * buf,unsigned int base,void * obj,unsigned int len)1131 int read_bytes_from_xdr_buf(struct xdr_buf *buf, unsigned int base, void *obj, unsigned int len)
1132 {
1133 	struct xdr_buf subbuf;
1134 	int status;
1135 
1136 	status = xdr_buf_subsegment(buf, &subbuf, base, len);
1137 	if (status != 0)
1138 		return status;
1139 	__read_bytes_from_xdr_buf(&subbuf, obj, len);
1140 	return 0;
1141 }
1142 EXPORT_SYMBOL_GPL(read_bytes_from_xdr_buf);
1143 
__write_bytes_to_xdr_buf(struct xdr_buf * subbuf,void * obj,unsigned int len)1144 static void __write_bytes_to_xdr_buf(struct xdr_buf *subbuf, void *obj, unsigned int len)
1145 {
1146 	unsigned int this_len;
1147 
1148 	this_len = min_t(unsigned int, len, subbuf->head[0].iov_len);
1149 	memcpy(subbuf->head[0].iov_base, obj, this_len);
1150 	len -= this_len;
1151 	obj += this_len;
1152 	this_len = min_t(unsigned int, len, subbuf->page_len);
1153 	if (this_len)
1154 		_copy_to_pages(subbuf->pages, subbuf->page_base, obj, this_len);
1155 	len -= this_len;
1156 	obj += this_len;
1157 	this_len = min_t(unsigned int, len, subbuf->tail[0].iov_len);
1158 	memcpy(subbuf->tail[0].iov_base, obj, this_len);
1159 }
1160 
1161 /* obj is assumed to point to allocated memory of size at least len: */
write_bytes_to_xdr_buf(struct xdr_buf * buf,unsigned int base,void * obj,unsigned int len)1162 int write_bytes_to_xdr_buf(struct xdr_buf *buf, unsigned int base, void *obj, unsigned int len)
1163 {
1164 	struct xdr_buf subbuf;
1165 	int status;
1166 
1167 	status = xdr_buf_subsegment(buf, &subbuf, base, len);
1168 	if (status != 0)
1169 		return status;
1170 	__write_bytes_to_xdr_buf(&subbuf, obj, len);
1171 	return 0;
1172 }
1173 EXPORT_SYMBOL_GPL(write_bytes_to_xdr_buf);
1174 
1175 int
xdr_decode_word(struct xdr_buf * buf,unsigned int base,u32 * obj)1176 xdr_decode_word(struct xdr_buf *buf, unsigned int base, u32 *obj)
1177 {
1178 	__be32	raw;
1179 	int	status;
1180 
1181 	status = read_bytes_from_xdr_buf(buf, base, &raw, sizeof(*obj));
1182 	if (status)
1183 		return status;
1184 	*obj = be32_to_cpu(raw);
1185 	return 0;
1186 }
1187 EXPORT_SYMBOL_GPL(xdr_decode_word);
1188 
1189 int
xdr_encode_word(struct xdr_buf * buf,unsigned int base,u32 obj)1190 xdr_encode_word(struct xdr_buf *buf, unsigned int base, u32 obj)
1191 {
1192 	__be32	raw = cpu_to_be32(obj);
1193 
1194 	return write_bytes_to_xdr_buf(buf, base, &raw, sizeof(obj));
1195 }
1196 EXPORT_SYMBOL_GPL(xdr_encode_word);
1197 
1198 /* If the netobj starting offset bytes from the start of xdr_buf is contained
1199  * entirely in the head or the tail, set object to point to it; otherwise
1200  * try to find space for it at the end of the tail, copy it there, and
1201  * set obj to point to it. */
xdr_buf_read_netobj(struct xdr_buf * buf,struct xdr_netobj * obj,unsigned int offset)1202 int xdr_buf_read_netobj(struct xdr_buf *buf, struct xdr_netobj *obj, unsigned int offset)
1203 {
1204 	struct xdr_buf subbuf;
1205 
1206 	if (xdr_decode_word(buf, offset, &obj->len))
1207 		return -EFAULT;
1208 	if (xdr_buf_subsegment(buf, &subbuf, offset + 4, obj->len))
1209 		return -EFAULT;
1210 
1211 	/* Is the obj contained entirely in the head? */
1212 	obj->data = subbuf.head[0].iov_base;
1213 	if (subbuf.head[0].iov_len == obj->len)
1214 		return 0;
1215 	/* ..or is the obj contained entirely in the tail? */
1216 	obj->data = subbuf.tail[0].iov_base;
1217 	if (subbuf.tail[0].iov_len == obj->len)
1218 		return 0;
1219 
1220 	/* use end of tail as storage for obj:
1221 	 * (We don't copy to the beginning because then we'd have
1222 	 * to worry about doing a potentially overlapping copy.
1223 	 * This assumes the object is at most half the length of the
1224 	 * tail.) */
1225 	if (obj->len > buf->buflen - buf->len)
1226 		return -ENOMEM;
1227 	if (buf->tail[0].iov_len != 0)
1228 		obj->data = buf->tail[0].iov_base + buf->tail[0].iov_len;
1229 	else
1230 		obj->data = buf->head[0].iov_base + buf->head[0].iov_len;
1231 	__read_bytes_from_xdr_buf(&subbuf, obj->data, obj->len);
1232 	return 0;
1233 }
1234 EXPORT_SYMBOL_GPL(xdr_buf_read_netobj);
1235 
1236 /* Returns 0 on success, or else a negative error code. */
1237 static int
xdr_xcode_array2(struct xdr_buf * buf,unsigned int base,struct xdr_array2_desc * desc,int encode)1238 xdr_xcode_array2(struct xdr_buf *buf, unsigned int base,
1239 		 struct xdr_array2_desc *desc, int encode)
1240 {
1241 	char *elem = NULL, *c;
1242 	unsigned int copied = 0, todo, avail_here;
1243 	struct page **ppages = NULL;
1244 	int err;
1245 
1246 	if (encode) {
1247 		if (xdr_encode_word(buf, base, desc->array_len) != 0)
1248 			return -EINVAL;
1249 	} else {
1250 		if (xdr_decode_word(buf, base, &desc->array_len) != 0 ||
1251 		    desc->array_len > desc->array_maxlen ||
1252 		    (unsigned long) base + 4 + desc->array_len *
1253 				    desc->elem_size > buf->len)
1254 			return -EINVAL;
1255 	}
1256 	base += 4;
1257 
1258 	if (!desc->xcode)
1259 		return 0;
1260 
1261 	todo = desc->array_len * desc->elem_size;
1262 
1263 	/* process head */
1264 	if (todo && base < buf->head->iov_len) {
1265 		c = buf->head->iov_base + base;
1266 		avail_here = min_t(unsigned int, todo,
1267 				   buf->head->iov_len - base);
1268 		todo -= avail_here;
1269 
1270 		while (avail_here >= desc->elem_size) {
1271 			err = desc->xcode(desc, c);
1272 			if (err)
1273 				goto out;
1274 			c += desc->elem_size;
1275 			avail_here -= desc->elem_size;
1276 		}
1277 		if (avail_here) {
1278 			if (!elem) {
1279 				elem = kmalloc(desc->elem_size, GFP_KERNEL);
1280 				err = -ENOMEM;
1281 				if (!elem)
1282 					goto out;
1283 			}
1284 			if (encode) {
1285 				err = desc->xcode(desc, elem);
1286 				if (err)
1287 					goto out;
1288 				memcpy(c, elem, avail_here);
1289 			} else
1290 				memcpy(elem, c, avail_here);
1291 			copied = avail_here;
1292 		}
1293 		base = buf->head->iov_len;  /* align to start of pages */
1294 	}
1295 
1296 	/* process pages array */
1297 	base -= buf->head->iov_len;
1298 	if (todo && base < buf->page_len) {
1299 		unsigned int avail_page;
1300 
1301 		avail_here = min(todo, buf->page_len - base);
1302 		todo -= avail_here;
1303 
1304 		base += buf->page_base;
1305 		ppages = buf->pages + (base >> PAGE_SHIFT);
1306 		base &= ~PAGE_MASK;
1307 		avail_page = min_t(unsigned int, PAGE_SIZE - base,
1308 					avail_here);
1309 		c = kmap(*ppages) + base;
1310 
1311 		while (avail_here) {
1312 			avail_here -= avail_page;
1313 			if (copied || avail_page < desc->elem_size) {
1314 				unsigned int l = min(avail_page,
1315 					desc->elem_size - copied);
1316 				if (!elem) {
1317 					elem = kmalloc(desc->elem_size,
1318 						       GFP_KERNEL);
1319 					err = -ENOMEM;
1320 					if (!elem)
1321 						goto out;
1322 				}
1323 				if (encode) {
1324 					if (!copied) {
1325 						err = desc->xcode(desc, elem);
1326 						if (err)
1327 							goto out;
1328 					}
1329 					memcpy(c, elem + copied, l);
1330 					copied += l;
1331 					if (copied == desc->elem_size)
1332 						copied = 0;
1333 				} else {
1334 					memcpy(elem + copied, c, l);
1335 					copied += l;
1336 					if (copied == desc->elem_size) {
1337 						err = desc->xcode(desc, elem);
1338 						if (err)
1339 							goto out;
1340 						copied = 0;
1341 					}
1342 				}
1343 				avail_page -= l;
1344 				c += l;
1345 			}
1346 			while (avail_page >= desc->elem_size) {
1347 				err = desc->xcode(desc, c);
1348 				if (err)
1349 					goto out;
1350 				c += desc->elem_size;
1351 				avail_page -= desc->elem_size;
1352 			}
1353 			if (avail_page) {
1354 				unsigned int l = min(avail_page,
1355 					    desc->elem_size - copied);
1356 				if (!elem) {
1357 					elem = kmalloc(desc->elem_size,
1358 						       GFP_KERNEL);
1359 					err = -ENOMEM;
1360 					if (!elem)
1361 						goto out;
1362 				}
1363 				if (encode) {
1364 					if (!copied) {
1365 						err = desc->xcode(desc, elem);
1366 						if (err)
1367 							goto out;
1368 					}
1369 					memcpy(c, elem + copied, l);
1370 					copied += l;
1371 					if (copied == desc->elem_size)
1372 						copied = 0;
1373 				} else {
1374 					memcpy(elem + copied, c, l);
1375 					copied += l;
1376 					if (copied == desc->elem_size) {
1377 						err = desc->xcode(desc, elem);
1378 						if (err)
1379 							goto out;
1380 						copied = 0;
1381 					}
1382 				}
1383 			}
1384 			if (avail_here) {
1385 				kunmap(*ppages);
1386 				ppages++;
1387 				c = kmap(*ppages);
1388 			}
1389 
1390 			avail_page = min(avail_here,
1391 				 (unsigned int) PAGE_SIZE);
1392 		}
1393 		base = buf->page_len;  /* align to start of tail */
1394 	}
1395 
1396 	/* process tail */
1397 	base -= buf->page_len;
1398 	if (todo) {
1399 		c = buf->tail->iov_base + base;
1400 		if (copied) {
1401 			unsigned int l = desc->elem_size - copied;
1402 
1403 			if (encode)
1404 				memcpy(c, elem + copied, l);
1405 			else {
1406 				memcpy(elem + copied, c, l);
1407 				err = desc->xcode(desc, elem);
1408 				if (err)
1409 					goto out;
1410 			}
1411 			todo -= l;
1412 			c += l;
1413 		}
1414 		while (todo) {
1415 			err = desc->xcode(desc, c);
1416 			if (err)
1417 				goto out;
1418 			c += desc->elem_size;
1419 			todo -= desc->elem_size;
1420 		}
1421 	}
1422 	err = 0;
1423 
1424 out:
1425 	kfree(elem);
1426 	if (ppages)
1427 		kunmap(*ppages);
1428 	return err;
1429 }
1430 
1431 int
xdr_decode_array2(struct xdr_buf * buf,unsigned int base,struct xdr_array2_desc * desc)1432 xdr_decode_array2(struct xdr_buf *buf, unsigned int base,
1433 		  struct xdr_array2_desc *desc)
1434 {
1435 	if (base >= buf->len)
1436 		return -EINVAL;
1437 
1438 	return xdr_xcode_array2(buf, base, desc, 0);
1439 }
1440 EXPORT_SYMBOL_GPL(xdr_decode_array2);
1441 
1442 int
xdr_encode_array2(struct xdr_buf * buf,unsigned int base,struct xdr_array2_desc * desc)1443 xdr_encode_array2(struct xdr_buf *buf, unsigned int base,
1444 		  struct xdr_array2_desc *desc)
1445 {
1446 	if ((unsigned long) base + 4 + desc->array_len * desc->elem_size >
1447 	    buf->head->iov_len + buf->page_len + buf->tail->iov_len)
1448 		return -EINVAL;
1449 
1450 	return xdr_xcode_array2(buf, base, desc, 1);
1451 }
1452 EXPORT_SYMBOL_GPL(xdr_encode_array2);
1453 
1454 int
xdr_process_buf(struct xdr_buf * buf,unsigned int offset,unsigned int len,int (* actor)(struct scatterlist *,void *),void * data)1455 xdr_process_buf(struct xdr_buf *buf, unsigned int offset, unsigned int len,
1456 		int (*actor)(struct scatterlist *, void *), void *data)
1457 {
1458 	int i, ret = 0;
1459 	unsigned int page_len, thislen, page_offset;
1460 	struct scatterlist      sg[1];
1461 
1462 	sg_init_table(sg, 1);
1463 
1464 	if (offset >= buf->head[0].iov_len) {
1465 		offset -= buf->head[0].iov_len;
1466 	} else {
1467 		thislen = buf->head[0].iov_len - offset;
1468 		if (thislen > len)
1469 			thislen = len;
1470 		sg_set_buf(sg, buf->head[0].iov_base + offset, thislen);
1471 		ret = actor(sg, data);
1472 		if (ret)
1473 			goto out;
1474 		offset = 0;
1475 		len -= thislen;
1476 	}
1477 	if (len == 0)
1478 		goto out;
1479 
1480 	if (offset >= buf->page_len) {
1481 		offset -= buf->page_len;
1482 	} else {
1483 		page_len = buf->page_len - offset;
1484 		if (page_len > len)
1485 			page_len = len;
1486 		len -= page_len;
1487 		page_offset = (offset + buf->page_base) & (PAGE_SIZE - 1);
1488 		i = (offset + buf->page_base) >> PAGE_SHIFT;
1489 		thislen = PAGE_SIZE - page_offset;
1490 		do {
1491 			if (thislen > page_len)
1492 				thislen = page_len;
1493 			sg_set_page(sg, buf->pages[i], thislen, page_offset);
1494 			ret = actor(sg, data);
1495 			if (ret)
1496 				goto out;
1497 			page_len -= thislen;
1498 			i++;
1499 			page_offset = 0;
1500 			thislen = PAGE_SIZE;
1501 		} while (page_len != 0);
1502 		offset = 0;
1503 	}
1504 	if (len == 0)
1505 		goto out;
1506 	if (offset < buf->tail[0].iov_len) {
1507 		thislen = buf->tail[0].iov_len - offset;
1508 		if (thislen > len)
1509 			thislen = len;
1510 		sg_set_buf(sg, buf->tail[0].iov_base + offset, thislen);
1511 		ret = actor(sg, data);
1512 		len -= thislen;
1513 	}
1514 	if (len != 0)
1515 		ret = -EINVAL;
1516 out:
1517 	return ret;
1518 }
1519 EXPORT_SYMBOL_GPL(xdr_process_buf);
1520 
1521 /**
1522  * xdr_stream_decode_opaque - Decode variable length opaque
1523  * @xdr: pointer to xdr_stream
1524  * @ptr: location to store opaque data
1525  * @size: size of storage buffer @ptr
1526  *
1527  * Return values:
1528  *   On success, returns size of object stored in *@ptr
1529  *   %-EBADMSG on XDR buffer overflow
1530  *   %-EMSGSIZE on overflow of storage buffer @ptr
1531  */
xdr_stream_decode_opaque(struct xdr_stream * xdr,void * ptr,size_t size)1532 ssize_t xdr_stream_decode_opaque(struct xdr_stream *xdr, void *ptr, size_t size)
1533 {
1534 	ssize_t ret;
1535 	void *p;
1536 
1537 	ret = xdr_stream_decode_opaque_inline(xdr, &p, size);
1538 	if (ret <= 0)
1539 		return ret;
1540 	memcpy(ptr, p, ret);
1541 	return ret;
1542 }
1543 EXPORT_SYMBOL_GPL(xdr_stream_decode_opaque);
1544 
1545 /**
1546  * xdr_stream_decode_opaque_dup - Decode and duplicate variable length opaque
1547  * @xdr: pointer to xdr_stream
1548  * @ptr: location to store pointer to opaque data
1549  * @maxlen: maximum acceptable object size
1550  * @gfp_flags: GFP mask to use
1551  *
1552  * Return values:
1553  *   On success, returns size of object stored in *@ptr
1554  *   %-EBADMSG on XDR buffer overflow
1555  *   %-EMSGSIZE if the size of the object would exceed @maxlen
1556  *   %-ENOMEM on memory allocation failure
1557  */
xdr_stream_decode_opaque_dup(struct xdr_stream * xdr,void ** ptr,size_t maxlen,gfp_t gfp_flags)1558 ssize_t xdr_stream_decode_opaque_dup(struct xdr_stream *xdr, void **ptr,
1559 		size_t maxlen, gfp_t gfp_flags)
1560 {
1561 	ssize_t ret;
1562 	void *p;
1563 
1564 	ret = xdr_stream_decode_opaque_inline(xdr, &p, maxlen);
1565 	if (ret > 0) {
1566 		*ptr = kmemdup(p, ret, gfp_flags);
1567 		if (*ptr != NULL)
1568 			return ret;
1569 		ret = -ENOMEM;
1570 	}
1571 	*ptr = NULL;
1572 	return ret;
1573 }
1574 EXPORT_SYMBOL_GPL(xdr_stream_decode_opaque_dup);
1575 
1576 /**
1577  * xdr_stream_decode_string - Decode variable length string
1578  * @xdr: pointer to xdr_stream
1579  * @str: location to store string
1580  * @size: size of storage buffer @str
1581  *
1582  * Return values:
1583  *   On success, returns length of NUL-terminated string stored in *@str
1584  *   %-EBADMSG on XDR buffer overflow
1585  *   %-EMSGSIZE on overflow of storage buffer @str
1586  */
xdr_stream_decode_string(struct xdr_stream * xdr,char * str,size_t size)1587 ssize_t xdr_stream_decode_string(struct xdr_stream *xdr, char *str, size_t size)
1588 {
1589 	ssize_t ret;
1590 	void *p;
1591 
1592 	ret = xdr_stream_decode_opaque_inline(xdr, &p, size);
1593 	if (ret > 0) {
1594 		memcpy(str, p, ret);
1595 		str[ret] = '\0';
1596 		return strlen(str);
1597 	}
1598 	*str = '\0';
1599 	return ret;
1600 }
1601 EXPORT_SYMBOL_GPL(xdr_stream_decode_string);
1602 
1603 /**
1604  * xdr_stream_decode_string_dup - Decode and duplicate variable length string
1605  * @xdr: pointer to xdr_stream
1606  * @str: location to store pointer to string
1607  * @maxlen: maximum acceptable string length
1608  * @gfp_flags: GFP mask to use
1609  *
1610  * Return values:
1611  *   On success, returns length of NUL-terminated string stored in *@ptr
1612  *   %-EBADMSG on XDR buffer overflow
1613  *   %-EMSGSIZE if the size of the string would exceed @maxlen
1614  *   %-ENOMEM on memory allocation failure
1615  */
xdr_stream_decode_string_dup(struct xdr_stream * xdr,char ** str,size_t maxlen,gfp_t gfp_flags)1616 ssize_t xdr_stream_decode_string_dup(struct xdr_stream *xdr, char **str,
1617 		size_t maxlen, gfp_t gfp_flags)
1618 {
1619 	void *p;
1620 	ssize_t ret;
1621 
1622 	ret = xdr_stream_decode_opaque_inline(xdr, &p, maxlen);
1623 	if (ret > 0) {
1624 		char *s = kmalloc(ret + 1, gfp_flags);
1625 		if (s != NULL) {
1626 			memcpy(s, p, ret);
1627 			s[ret] = '\0';
1628 			*str = s;
1629 			return strlen(s);
1630 		}
1631 		ret = -ENOMEM;
1632 	}
1633 	*str = NULL;
1634 	return ret;
1635 }
1636 EXPORT_SYMBOL_GPL(xdr_stream_decode_string_dup);
1637