Whamcloud - gitweb
LU-12580 lov: fix out of bound usercopy
[fs/lustre-release.git] / lustre / lov / lov_pack.c
1 /*
2  * GPL HEADER START
3  *
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 only,
8  * as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but
11  * WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * General Public License version 2 for more details (a copy is included
14  * in the LICENSE file that accompanied this code).
15  *
16  * You should have received a copy of the GNU General Public License
17  * version 2 along with this program; If not, see
18  * http://www.gnu.org/licenses/gpl-2.0.html
19  *
20  * GPL HEADER END
21  */
22 /*
23  * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Copyright (c) 2011, 2017, Intel Corporation.
27  */
28 /*
29  * This file is part of Lustre, http://www.lustre.org/
30  * Lustre is a trademark of Sun Microsystems, Inc.
31  *
32  * lustre/lov/lov_pack.c
33  *
34  * (Un)packing of OST/MDS requests
35  *
36  * Author: Andreas Dilger <adilger@clusterfs.com>
37  */
38
39 #define DEBUG_SUBSYSTEM S_LOV
40
41 #include <lustre_net.h>
42 #include <lustre_swab.h>
43 #include <obd.h>
44 #include <obd_class.h>
45 #include <obd_support.h>
46
47 #include "lov_cl_internal.h"
48 #include "lov_internal.h"
49
50 void lov_dump_lmm_common(int level, void *lmmp)
51 {
52         struct lov_mds_md *lmm = lmmp;
53         struct ost_id oi;
54
55         lmm_oi_le_to_cpu(&oi, &lmm->lmm_oi);
56         CDEBUG_LIMIT(level, "objid "DOSTID", magic 0x%08x, pattern %#x\n",
57                      POSTID(&oi), le32_to_cpu(lmm->lmm_magic),
58                      le32_to_cpu(lmm->lmm_pattern));
59         CDEBUG_LIMIT(level, "stripe_size %u, stripe_count %u, layout_gen %u\n",
60                      le32_to_cpu(lmm->lmm_stripe_size),
61                      le16_to_cpu(lmm->lmm_stripe_count),
62                      le16_to_cpu(lmm->lmm_layout_gen));
63 }
64
65 static void lov_dump_lmm_objects(int level, struct lov_ost_data *lod,
66                                  int stripe_count)
67 {
68         int i;
69
70         if (stripe_count > LOV_V1_INSANE_STRIPE_COUNT) {
71                 CDEBUG_LIMIT(level,
72                              "bad stripe_count %u > max_stripe_count %u\n",
73                              stripe_count, LOV_V1_INSANE_STRIPE_COUNT);
74                 return;
75         }
76
77         for (i = 0; i < stripe_count; ++i, ++lod) {
78                 struct ost_id oi;
79
80                 ostid_le_to_cpu(&lod->l_ost_oi, &oi);
81                 CDEBUG_LIMIT(level, "stripe %u idx %u subobj "DOSTID"\n", i,
82                              le32_to_cpu(lod->l_ost_idx), POSTID(&oi));
83         }
84 }
85
86 void lov_dump_lmm_v1(int level, struct lov_mds_md_v1 *lmm)
87 {
88         lov_dump_lmm_common(level, lmm);
89         lov_dump_lmm_objects(level, lmm->lmm_objects,
90                              le16_to_cpu(lmm->lmm_stripe_count));
91 }
92
93 void lov_dump_lmm_v3(int level, struct lov_mds_md_v3 *lmm)
94 {
95         lov_dump_lmm_common(level, lmm);
96         CDEBUG_LIMIT(level, "pool_name "LOV_POOLNAMEF"\n", lmm->lmm_pool_name);
97         lov_dump_lmm_objects(level, lmm->lmm_objects,
98                              le16_to_cpu(lmm->lmm_stripe_count));
99 }
100
101 void lov_dump_lmm(int level, void *lmm)
102 {
103         int magic;
104
105         magic = le32_to_cpu(((struct lov_mds_md *)lmm)->lmm_magic);
106         switch (magic) {
107         case LOV_MAGIC_V1:
108                 lov_dump_lmm_v1(level, (struct lov_mds_md_v1 *)lmm);
109                 break;
110         case LOV_MAGIC_V3:
111                 lov_dump_lmm_v3(level, (struct lov_mds_md_v3 *)lmm);
112                 break;
113         default:
114                 CDEBUG_LIMIT(level, "unrecognized lmm_magic %x, assuming %x\n",
115                              magic, LOV_MAGIC_V1);
116                 lov_dump_lmm_common(level, lmm);
117                 break;
118         }
119 }
120
121 /**
122  * Pack LOV striping metadata for disk storage format (in little
123  * endian byte order).
124  *
125  * This follows the getxattr() conventions. If \a buf_size is zero
126  * then return the size needed. If \a buf_size is too small then
127  * return -ERANGE. Otherwise return the size of the result.
128  */
129 ssize_t lov_lsm_pack_v1v3(const struct lov_stripe_md *lsm, void *buf,
130                           size_t buf_size)
131 {
132         struct lov_mds_md_v1 *lmmv1 = buf;
133         struct lov_mds_md_v3 *lmmv3 = buf;
134         struct lov_ost_data_v1 *lmm_objects;
135         size_t lmm_size;
136         unsigned int i;
137
138         ENTRY;
139
140         lmm_size = lov_mds_md_size(lsm->lsm_entries[0]->lsme_stripe_count,
141                                    lsm->lsm_magic);
142         if (buf_size == 0)
143                 RETURN(lmm_size);
144
145         if (buf_size < lmm_size)
146                 RETURN(-ERANGE);
147
148         /*
149          * lmmv1 and lmmv3 point to the same struct and have the
150          * same first fields
151          */
152         lmmv1->lmm_magic = cpu_to_le32(lsm->lsm_magic);
153         lmm_oi_cpu_to_le(&lmmv1->lmm_oi, &lsm->lsm_oi);
154         lmmv1->lmm_stripe_size = cpu_to_le32(
155                                 lsm->lsm_entries[0]->lsme_stripe_size);
156         lmmv1->lmm_stripe_count = cpu_to_le16(
157                                 lsm->lsm_entries[0]->lsme_stripe_count);
158         lmmv1->lmm_pattern = cpu_to_le32(lsm->lsm_entries[0]->lsme_pattern);
159         lmmv1->lmm_layout_gen = cpu_to_le16(lsm->lsm_layout_gen);
160
161         if (lsm->lsm_magic == LOV_MAGIC_V3) {
162                 BUILD_BUG_ON(sizeof(lsm->lsm_entries[0]->lsme_pool_name) !=
163                                     sizeof(lmmv3->lmm_pool_name));
164                 strlcpy(lmmv3->lmm_pool_name,
165                         lsm->lsm_entries[0]->lsme_pool_name,
166                         sizeof(lmmv3->lmm_pool_name));
167                 lmm_objects = lmmv3->lmm_objects;
168         } else {
169                 lmm_objects = lmmv1->lmm_objects;
170         }
171
172         if (lsm->lsm_is_released)
173                 RETURN(lmm_size);
174
175         for (i = 0; i < lsm->lsm_entries[0]->lsme_stripe_count; i++) {
176                 struct lov_oinfo *loi = lsm->lsm_entries[0]->lsme_oinfo[i];
177
178                 ostid_cpu_to_le(&loi->loi_oi, &lmm_objects[i].l_ost_oi);
179                 lmm_objects[i].l_ost_gen = cpu_to_le32(loi->loi_ost_gen);
180                 lmm_objects[i].l_ost_idx = cpu_to_le32(loi->loi_ost_idx);
181         }
182
183         RETURN(lmm_size);
184 }
185
186 ssize_t lov_lsm_pack_foreign(const struct lov_stripe_md *lsm, void *buf,
187                              size_t buf_size)
188 {
189         struct lov_foreign_md *lfm = buf;
190         size_t lfm_size;
191
192         lfm_size = lsm->lsm_foreign_size;
193
194         if (buf_size == 0)
195                 RETURN(lfm_size);
196
197         if (buf_size < lfm_size)
198                 RETURN(-ERANGE);
199
200         /* full foreign LOV is already avail in its cache
201          * no need to translate format fields to little-endian
202          */
203         memcpy(lfm, lsm_foreign(lsm), lsm->lsm_foreign_size);
204
205         RETURN(lfm_size);
206 }
207
208 ssize_t lov_lsm_pack(const struct lov_stripe_md *lsm, void *buf,
209                      size_t buf_size)
210 {
211         struct lov_comp_md_v1 *lcmv1 = buf;
212         struct lov_comp_md_entry_v1 *lcme;
213         struct lov_ost_data_v1 *lmm_objects;
214         size_t lmm_size;
215         unsigned int entry;
216         unsigned int offset;
217         unsigned int size;
218         unsigned int i;
219
220         ENTRY;
221
222         if (lsm->lsm_magic == LOV_MAGIC_V1 || lsm->lsm_magic == LOV_MAGIC_V3)
223                 return lov_lsm_pack_v1v3(lsm, buf, buf_size);
224
225         if (lsm->lsm_magic == LOV_MAGIC_FOREIGN)
226                 return lov_lsm_pack_foreign(lsm, buf, buf_size);
227
228         lmm_size = lov_comp_md_size(lsm);
229         if (buf_size == 0)
230                 RETURN(lmm_size);
231
232         if (buf_size < lmm_size)
233                 RETURN(-ERANGE);
234
235         lcmv1->lcm_magic = cpu_to_le32(lsm->lsm_magic);
236         lcmv1->lcm_size = cpu_to_le32(lmm_size);
237         lcmv1->lcm_layout_gen = cpu_to_le32(lsm->lsm_layout_gen);
238         lcmv1->lcm_flags = cpu_to_le16(lsm->lsm_flags);
239         lcmv1->lcm_mirror_count = cpu_to_le16(lsm->lsm_mirror_count);
240         lcmv1->lcm_entry_count = cpu_to_le16(lsm->lsm_entry_count);
241
242         offset = sizeof(*lcmv1) + sizeof(*lcme) * lsm->lsm_entry_count;
243
244         for (entry = 0; entry < lsm->lsm_entry_count; entry++) {
245                 struct lov_stripe_md_entry *lsme;
246                 struct lov_mds_md *lmm;
247                 __u16 stripe_count;
248
249                 lsme = lsm->lsm_entries[entry];
250                 lcme = &lcmv1->lcm_entries[entry];
251
252                 lcme->lcme_id = cpu_to_le32(lsme->lsme_id);
253                 lcme->lcme_flags = cpu_to_le32(lsme->lsme_flags);
254                 if (lsme->lsme_flags & LCME_FL_NOSYNC)
255                         lcme->lcme_timestamp =
256                                 cpu_to_le64(lsme->lsme_timestamp);
257                 lcme->lcme_extent.e_start =
258                         cpu_to_le64(lsme->lsme_extent.e_start);
259                 lcme->lcme_extent.e_end =
260                         cpu_to_le64(lsme->lsme_extent.e_end);
261                 lcme->lcme_offset = cpu_to_le32(offset);
262
263                 lmm = (struct lov_mds_md *)((char *)lcmv1 + offset);
264                 lmm->lmm_magic = cpu_to_le32(lsme->lsme_magic);
265                 /* lmm->lmm_oi not set */
266                 lmm->lmm_pattern = cpu_to_le32(lsme->lsme_pattern);
267                 lmm->lmm_stripe_size = cpu_to_le32(lsme->lsme_stripe_size);
268                 lmm->lmm_stripe_count = cpu_to_le16(lsme->lsme_stripe_count);
269                 lmm->lmm_layout_gen = cpu_to_le16(lsme->lsme_layout_gen);
270
271                 if (lsme->lsme_magic == LOV_MAGIC_V3) {
272                         struct lov_mds_md_v3 *lmmv3 =
273                                                 (struct lov_mds_md_v3 *)lmm;
274
275                         strlcpy(lmmv3->lmm_pool_name, lsme->lsme_pool_name,
276                                 sizeof(lmmv3->lmm_pool_name));
277                         lmm_objects = lmmv3->lmm_objects;
278                 } else {
279                         lmm_objects =
280                                 ((struct lov_mds_md_v1 *)lmm)->lmm_objects;
281                 }
282
283                 if (lsme_inited(lsme) &&
284                     !(lsme->lsme_pattern & LOV_PATTERN_F_RELEASED))
285                         stripe_count = lsme->lsme_stripe_count;
286                 else
287                         stripe_count = 0;
288
289                 for (i = 0; i < stripe_count; i++) {
290                         struct lov_oinfo *loi = lsme->lsme_oinfo[i];
291
292                         ostid_cpu_to_le(&loi->loi_oi, &lmm_objects[i].l_ost_oi);
293                         lmm_objects[i].l_ost_gen =
294                                         cpu_to_le32(loi->loi_ost_gen);
295                         lmm_objects[i].l_ost_idx =
296                                         cpu_to_le32(loi->loi_ost_idx);
297                 }
298
299                 size = lov_mds_md_size(stripe_count, lsme->lsme_magic);
300                 lcme->lcme_size = cpu_to_le32(size);
301                 offset += size;
302         } /* for each layout component */
303
304         RETURN(lmm_size);
305 }
306
307 /* Find the max stripecount we should use */
308 __u16 lov_get_stripe_count(struct lov_obd *lov, __u32 magic, __u16 stripe_count)
309 {
310         __u32 max_stripes = LOV_MAX_STRIPE_COUNT_OLD;
311
312         if (!stripe_count)
313                 stripe_count = lov->desc.ld_default_stripe_count;
314         if (stripe_count > lov->desc.ld_active_tgt_count)
315                 stripe_count = lov->desc.ld_active_tgt_count;
316         if (!stripe_count)
317                 stripe_count = 1;
318
319         /*
320          * stripe count is based on whether ldiskfs can handle
321          * larger EA sizes
322          */
323         if (lov->lov_ocd.ocd_connect_flags & OBD_CONNECT_MAX_EASIZE &&
324             lov->lov_ocd.ocd_max_easize)
325                 max_stripes = lov_mds_md_max_stripe_count(
326                         lov->lov_ocd.ocd_max_easize, magic);
327
328         if (stripe_count > max_stripes)
329                 stripe_count = max_stripes;
330
331         return stripe_count;
332 }
333
334 int lov_free_memmd(struct lov_stripe_md **lsmp)
335 {
336         struct lov_stripe_md *lsm = *lsmp;
337         int refc;
338
339         *lsmp = NULL;
340         refc = atomic_dec_return(&lsm->lsm_refc);
341         LASSERT(refc >= 0);
342         if (refc == 0)
343                 lsm_free(lsm);
344
345         return refc;
346 }
347
348 /*
349  * Unpack LOV object metadata from disk storage.  It is packed in LE byte
350  * order and is opaque to the networking layer.
351  */
352 struct lov_stripe_md *lov_unpackmd(struct lov_obd *lov, void *buf,
353                                    size_t buf_size)
354 {
355         const struct lsm_operations *op;
356         struct lov_stripe_md *lsm;
357         u32 magic;
358
359         ENTRY;
360
361         if (buf_size < sizeof(magic))
362                 RETURN(ERR_PTR(-EINVAL));
363
364         magic = le32_to_cpu(*(u32 *)buf);
365         op = lsm_op_find(magic);
366         if (!op)
367                 RETURN(ERR_PTR(-EINVAL));
368
369         lsm = op->lsm_unpackmd(lov, buf, buf_size);
370
371         RETURN(lsm);
372 }
373
374 /*
375  * Retrieve object striping information.
376  *
377  * @lump is a pointer to an in-core struct with lmm_ost_count indicating
378  * the maximum number of OST indices which will fit in the user buffer.
379  * lmm_magic must be LOV_USER_MAGIC.
380  *
381  * If @size > 0, User specified limited buffer size, usually the buffer is from
382  * ll_lov_setstripe(), and the buffer can only hold basic layout template info.
383  */
384 int lov_getstripe(const struct lu_env *env, struct lov_object *obj,
385                   struct lov_stripe_md *lsm, struct lov_user_md __user *lump,
386                   size_t size)
387 {
388         /* we use lov_user_md_v3 because it is larger than lov_user_md_v1 */
389         struct lov_mds_md *lmmk, *lmm;
390         struct lov_foreign_md *lfm;
391         struct lov_user_md_v1 lum;
392         size_t lmmk_size, lum_size = 0;
393         ssize_t lmm_size;
394         static bool printed;
395         int rc = 0;
396
397         ENTRY;
398
399         if (lsm->lsm_magic != LOV_MAGIC_V1 && lsm->lsm_magic != LOV_MAGIC_V3 &&
400             lsm->lsm_magic != LOV_MAGIC_COMP_V1 &&
401             lsm->lsm_magic != LOV_MAGIC_FOREIGN) {
402                 CERROR("bad LSM MAGIC: 0x%08X != 0x%08X nor 0x%08X\n",
403                        lsm->lsm_magic, LOV_MAGIC_V1, LOV_MAGIC_V3);
404                 GOTO(out, rc = -EIO);
405         }
406
407         if (!printed) {
408                 LCONSOLE_WARN("%s: using old ioctl(LL_IOC_LOV_GETSTRIPE) on "
409                               DFID", use llapi_layout_get_by_path()\n",
410                               current->comm,
411                               PFID(&obj->lo_cl.co_lu.lo_header->loh_fid));
412                 printed = true;
413         }
414
415         lmmk_size = lov_comp_md_size(lsm);
416
417         OBD_ALLOC_LARGE(lmmk, lmmk_size);
418         if (!lmmk)
419                 GOTO(out, rc = -ENOMEM);
420
421         lmm_size = lov_lsm_pack(lsm, lmmk, lmmk_size);
422         if (lmm_size < 0)
423                 GOTO(out_free, rc = lmm_size);
424
425         if (cpu_to_le32(LOV_MAGIC) != LOV_MAGIC) {
426                 if (lmmk->lmm_magic == cpu_to_le32(LOV_MAGIC_V1) ||
427                     lmmk->lmm_magic == cpu_to_le32(LOV_MAGIC_V3)) {
428                         lustre_swab_lov_mds_md(lmmk);
429                         lustre_swab_lov_user_md_objects(
430                                 (struct lov_user_ost_data *)lmmk->lmm_objects,
431                                 lmmk->lmm_stripe_count);
432                 } else if (lmmk->lmm_magic == cpu_to_le32(LOV_MAGIC_COMP_V1)) {
433                         lustre_swab_lov_comp_md_v1(
434                                         (struct lov_comp_md_v1 *)lmmk);
435                 } else if (lmmk->lmm_magic == cpu_to_le32(LOV_MAGIC_FOREIGN)) {
436                         lfm = (struct lov_foreign_md *)lmmk;
437                         __swab32s(&lfm->lfm_magic);
438                         __swab32s(&lfm->lfm_length);
439                         __swab32s(&lfm->lfm_type);
440                         __swab32s(&lfm->lfm_flags);
441                 }
442         }
443
444         /*
445          * Legacy appication passes limited buffer, we need to figure out
446          * the user buffer size by the passed in lmm_stripe_count.
447          */
448         if (lsm->lsm_magic != LOV_MAGIC_FOREIGN)
449                 if (copy_from_user(&lum, lump, sizeof(struct lov_user_md_v1)))
450                         GOTO(out_free, rc = -EFAULT);
451
452         if (lum.lmm_magic == LOV_USER_MAGIC_V1 ||
453             lum.lmm_magic == LOV_USER_MAGIC_V3)
454                 lum_size = lov_user_md_size(lum.lmm_stripe_count,
455                                             lum.lmm_magic);
456
457         if (lum_size != 0) {
458                 struct lov_mds_md *comp_md = lmmk;
459
460                 /*
461                  * Legacy app (ADIO for instance) treats the layout as V1/V3
462                  * blindly, we'd return a reasonable V1/V3 for them.
463                  */
464                 if (lmmk->lmm_magic == LOV_MAGIC_COMP_V1) {
465                         struct lov_comp_md_v1 *comp_v1;
466                         struct cl_object *cl_obj;
467                         struct cl_attr attr;
468                         int i;
469
470                         attr.cat_size = 0;
471                         cl_obj = cl_object_top(&obj->lo_cl);
472                         cl_object_attr_lock(cl_obj);
473                         cl_object_attr_get(env, cl_obj, &attr);
474                         cl_object_attr_unlock(cl_obj);
475
476                         /*
477                          * return the last instantiated component if file size
478                          * is non-zero, otherwise, return the last component.
479                          */
480                         comp_v1 = (struct lov_comp_md_v1 *)lmmk;
481                         i = attr.cat_size == 0 ? comp_v1->lcm_entry_count : 0;
482                         for (; i < comp_v1->lcm_entry_count; i++) {
483                                 if (!(comp_v1->lcm_entries[i].lcme_flags &
484                                                 LCME_FL_INIT))
485                                         break;
486                         }
487                         if (i > 0)
488                                 i--;
489                         comp_md = (struct lov_mds_md *)((char *)comp_v1 +
490                                         comp_v1->lcm_entries[i].lcme_offset);
491                         lum_size = comp_v1->lcm_entries[i].lcme_size;
492                 }
493
494                 lmm = comp_md;
495                 lmm_size = min(lum_size, lmmk_size);
496         } else {
497                 lmm = lmmk;
498                 lmm_size = lmmk_size;
499         }
500         /**
501          * User specified limited buffer size, usually the buffer is
502          * from ll_lov_setstripe(), and the buffer can only hold basic
503          * layout template info.
504          */
505         if (size == 0 || size > lmm_size)
506                 size = lmm_size;
507         if (copy_to_user(lump, lmm, size))
508                 GOTO(out_free, rc = -EFAULT);
509
510 out_free:
511         OBD_FREE_LARGE(lmmk, lmmk_size);
512 out:
513         RETURN(rc);
514 }