Eric Lee / smarc-ti-linux-kernel

08 Jan, 2015

1 commit

  • 49a068f82   rpc: fix xdr_truncate_encode to handle buffer ending on page boundary ... Browse Code »

    A struct xdr_stream at a page boundary might point to the end of one
    page or the beginning of the next, but xdr_truncate_encode isn't
    prepared to handle the former.

    This can cause corruption of NFSv4 READDIR replies in the case that a
    readdir entry that would have exceeded the client's dircount/maxcount
    limit would have ended exactly on a 4k page boundary. You're more
    likely to hit this case on large directories.

    Other xdr_truncate_encode callers are probably also affected.

    Reported-by: Holger Hoffstätte
    Tested-by: Holger Hoffstätte
    Fixes: 3e19ce762b53 "rpc: xdr_truncate_encode"
    Cc: stable@vger.kernel.org
    Signed-off-by: J. Bruce Fields

    J. Bruce Fields
     

24 Oct, 2014

2 commits

18 Jul, 2014

1 commit

07 Jun, 2014

1 commit

  • 05638dc73   nfsd4: simplify server xdr->next_page use ... Browse Code »
    26

    The rpc code makes available to the NFS server an array of pages to
    encod into. The server represents its reply as an xdr buf, with the
    head pointing into the first page in that array, the pages ** array
    starting just after that, and the tail (if any) sharing any leftover
    space in the page used by the head.

    While encoding, we use xdr_stream->page_ptr to keep track of which page
    we're currently using.

    Currently we set xdr_stream->page_ptr to buf->pages, which makes the
    head a weird exception to the rule that page_ptr always points to the
    page we're currently encoding into. So, instead set it to buf->pages -
    1 (the page actually containing the head), and remove the need for a
    little unintuitive logic in xdr_get_next_encode_buffer() and
    xdr_truncate_encode.

    Signed-off-by: J. Bruce Fields

    J. Bruce Fields
     

31 May, 2014

3 commits

29 Mar, 2014

1 commit

  • de4aee2e0   rpc: Allow xdr_buf_subsegment to operate in-place ... Browse Code »

    Allow

    xdr_buf_subsegment(&buf, &buf, base, len)

    to modify an xdr_buf in-place.

    Also, none of the callers need the iov_base of head or tail to be zeroed
    out.

    Also add documentation.

    (As it turns out, I'm not really using this new guarantee, but it seems
    a simple way to make this function a bit more robust.)

    Signed-off-by: J. Bruce Fields

    J. Bruce Fields
     

29 Aug, 2013

1 commit

  • 347e2233b   SUNRPC: Fix memory corruption issue on 32-bit highmem systems ... Browse Code »

    Some architectures, such as ARM-32 do not return the same base address
    when you call kmap_atomic() twice on the same page.
    This causes problems for the memmove() call in the XDR helper routine
    "_shift_data_right_pages()", since it defeats the detection of
    overlapping memory ranges, and has been seen to corrupt memory.

    The fix is to distinguish between the case where we're doing an
    inter-page copy or not. In the former case of we know that the memory
    ranges cannot possibly overlap, so we can additionally micro-optimise
    by replacing memmove() with memcpy().

    Reported-by: Mark Young
    Reported-by: Matt Craighead
    Cc: Bruce Fields
    Cc: stable@vger.kernel.org
    Signed-off-by: Trond Myklebust
    Tested-by: Matt Craighead

    Trond Myklebust
     

09 Feb, 2013

1 commit

  • 4c190e2f9   sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer ... Browse Code »
    4

    When GSSAPI integrity signatures are in use, or when we're using GSSAPI
    privacy with the v2 token format, there is a trailing checksum on the
    xdr_buf that is returned.

    It's checked during the authentication stage, and afterward nothing
    cares about it. Ordinarily, it's not a problem since the XDR code
    generally ignores it, but it will be when we try to compute a checksum
    over the buffer to help prevent XID collisions in the duplicate reply
    cache.

    Fix the code to trim off the checksums after verifying them. Note that
    in unwrap_integ_data, we must avoid trying to reverify the checksum if
    the request was deferred since it will no longer be present when it's
    revisited.

    Signed-off-by: Jeff Layton

    Jeff Layton
     

05 Nov, 2012

1 commit

29 Sep, 2012

1 commit

27 Sep, 2012

1 commit

31 Jul, 2012

1 commit

  • 1fad1e9a7   Merge tag 'nfs-for-3.6-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs ... Browse Code »

    Pull NFS client updates from Trond Myklebust:
    "Features include:
    - More preparatory patches for modularising NFSv2/v3/v4. Split out
    the various NFSv2/v3/v4-specific code into separate files
    - More preparation for the NFSv4 migration code
    - Ensure that OPEN(O_CREATE) observes the pNFS mds threshold
    parameters
    - pNFS fast failover when the data servers are down
    - Various cleanups and debugging patches"

    * tag 'nfs-for-3.6-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (67 commits)
    nfs: fix fl_type tests in NFSv4 code
    NFS: fix pnfs regression with directio writes
    NFS: fix pnfs regression with directio reads
    sunrpc: clnt: Add missing braces
    nfs: fix stub return type warnings
    NFS: exit_nfs_v4() shouldn't be an __exit function
    SUNRPC: Add a missing spin_unlock to gss_mech_list_pseudoflavors
    NFS: Split out NFS v4 client functions
    NFS: Split out the NFS v4 filesystem types
    NFS: Create a single nfs_clone_super() function
    NFS: Split out NFS v4 server creating code
    NFS: Initialize the NFS v4 client from init_nfs_v4()
    NFS: Move the v4 getroot code to nfs4getroot.c
    NFS: Split out NFS v4 file operations
    NFS: Initialize v4 sysctls from nfs_init_v4()
    NFS: Create an init_nfs_v4() function
    NFS: Split out NFS v4 inode operations
    NFS: Split out NFS v3 inode operations
    NFS: Split out NFS v2 inode operations
    NFS: Clean up nfs4_proc_setclientid() and friends
    ...

    Linus Torvalds
     

11 Jul, 2012

1 commit

29 Jun, 2012

9 commits

27 Jun, 2012

1 commit

16 Apr, 2012

1 commit

20 Mar, 2012

1 commit

05 Jan, 2012

1 commit

  • bf118a342   NFSv4: include bitmap in nfsv4 get acl data ... Browse Code »
    4

    The NFSv4 bitmap size is unbounded: a server can return an arbitrary
    sized bitmap in an FATTR4_WORD0_ACL request. Replace using the
    nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server
    with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data
    xdr length to the (cached) acl page data.

    This is a general solution to commit e5012d1f "NFSv4.1: update
    nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead
    when getting ACLs.

    Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr
    was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved.

    Cc: stable@kernel.org
    Signed-off-by: Andy Adamson
    Signed-off-by: Trond Myklebust

    Andy Adamson
     

15 Jul, 2011

1 commit

30 May, 2011

1 commit

11 Jan, 2011

1 commit

  • 6650239a4   NFS: Don't use vm_map_ram() in readdir ... Browse Code »

    vm_map_ram() is not available on NOMMU platforms, and causes trouble
    on incoherrent architectures such as ARM when we access the page data
    through both the direct and the virtual mapping.

    The alternative is to use the direct mapping to access page data
    for the case when we are not crossing a page boundary, but to copy
    the data into a linear scratch buffer when we are accessing data
    that spans page boundaries.

    Signed-off-by: Trond Myklebust
    Tested-by: Marc Kleine-Budde
    Cc: stable@kernel.org [2.6.37]

    Trond Myklebust
     

24 Oct, 2010

1 commit

22 Sep, 2010

1 commit

30 Aug, 2010

5 commits

15 May, 2010

1 commit