08 Jan, 2015
1 commit
-
A struct xdr_stream at a page boundary might point to the end of one
page or the beginning of the next, but xdr_truncate_encode isn't
prepared to handle the former.This can cause corruption of NFSv4 READDIR replies in the case that a
readdir entry that would have exceeded the client's dircount/maxcount
limit would have ended exactly on a 4k page boundary. You're more
likely to hit this case on large directories.Other xdr_truncate_encode callers are probably also affected.
Reported-by: Holger Hoffstätte
Tested-by: Holger Hoffstätte
Fixes: 3e19ce762b53 "rpc: xdr_truncate_encode"
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields
24 Oct, 2014
2 commits
-
Reported-by: Andrea Arcangeli
Signed-off-by: J. Bruce Fields -
Thanks to Andrea Arcangeli for pointing out these checks are
obviously unnecessary given the preceding calculations.Reported-by: Andrea Arcangeli
Signed-off-by: J. Bruce Fields
18 Jul, 2014
1 commit
-
Quell another sparse warning.
Signed-off-by: Trond Myklebust
Signed-off-by: J. Bruce Fields
07 Jun, 2014
1 commit
-
The rpc code makes available to the NFS server an array of pages to
encod into. The server represents its reply as an xdr buf, with the
head pointing into the first page in that array, the pages ** array
starting just after that, and the tail (if any) sharing any leftover
space in the page used by the head.While encoding, we use xdr_stream->page_ptr to keep track of which page
we're currently using.Currently we set xdr_stream->page_ptr to buf->pages, which makes the
head a weird exception to the rule that page_ptr always points to the
page we're currently encoding into. So, instead set it to buf->pages -
1 (the page actually containing the head), and remove the need for a
little unintuitive logic in xdr_get_next_encode_buffer() and
xdr_truncate_encode.Signed-off-by: J. Bruce Fields
31 May, 2014
3 commits
-
With this xdr_reserve_space can help us enforce various limits.
Signed-off-by: J. Bruce Fields
-
After this we can handle for example getattr of very large ACLs.
Read, readdir, readlink are still special cases with their own limits.
Also we can't handle a new operation starting close to the end of a
page.Signed-off-by: J. Bruce Fields
-
This will be used in the server side in a few cases:
- when certain operations (read, readdir, readlink) fail after
encoding a partial response.
- when we run out of space after encoding a partial response.
- in readlink, where we initially reserve PAGE_SIZE bytes for
data, then truncate to the actual size.Signed-off-by: J. Bruce Fields
29 Mar, 2014
1 commit
-
Allow
xdr_buf_subsegment(&buf, &buf, base, len)
to modify an xdr_buf in-place.
Also, none of the callers need the iov_base of head or tail to be zeroed
out.Also add documentation.
(As it turns out, I'm not really using this new guarantee, but it seems
a simple way to make this function a bit more robust.)Signed-off-by: J. Bruce Fields
29 Aug, 2013
1 commit
-
Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().Reported-by: Mark Young
Reported-by: Matt Craighead
Cc: Bruce Fields
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust
Tested-by: Matt Craighead
09 Feb, 2013
1 commit
-
When GSSAPI integrity signatures are in use, or when we're using GSSAPI
privacy with the v2 token format, there is a trailing checksum on the
xdr_buf that is returned.It's checked during the authentication stage, and afterward nothing
cares about it. Ordinarily, it's not a problem since the XDR code
generally ignores it, but it will be when we try to compute a checksum
over the buffer to help prevent XID collisions in the duplicate reply
cache.Fix the code to trim off the checksums after verifying them. Note that
in unwrap_integ_data, we must avoid trying to reverify the checksum if
the request was deferred since it will no longer be present when it's
revisited.Signed-off-by: Jeff Layton
05 Nov, 2012
1 commit
-
Replace bounds checking BUG_ON() with a WARN_ON_ONCE() and resetting
the requested len to the max.Signed-off-by: Weston Andros Adamson
Signed-off-by: Trond Myklebust
29 Sep, 2012
1 commit
-
We only have to call xdr_shrink_pagelen() if the remaining RPC
message does not fit in the page buffer length that we supplied
to xdr_align_pages().Signed-off-by: Trond Myklebust
27 Sep, 2012
1 commit
-
The callers of xdr_align_pages() expect it to return the number of bytes
of actual XDR data remaining in the pages.Signed-off-by: Trond Myklebust
31 Jul, 2012
1 commit
-
Pull NFS client updates from Trond Myklebust:
"Features include:
- More preparatory patches for modularising NFSv2/v3/v4. Split out
the various NFSv2/v3/v4-specific code into separate files
- More preparation for the NFSv4 migration code
- Ensure that OPEN(O_CREATE) observes the pNFS mds threshold
parameters
- pNFS fast failover when the data servers are down
- Various cleanups and debugging patches"* tag 'nfs-for-3.6-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (67 commits)
nfs: fix fl_type tests in NFSv4 code
NFS: fix pnfs regression with directio writes
NFS: fix pnfs regression with directio reads
sunrpc: clnt: Add missing braces
nfs: fix stub return type warnings
NFS: exit_nfs_v4() shouldn't be an __exit function
SUNRPC: Add a missing spin_unlock to gss_mech_list_pseudoflavors
NFS: Split out NFS v4 client functions
NFS: Split out the NFS v4 filesystem types
NFS: Create a single nfs_clone_super() function
NFS: Split out NFS v4 server creating code
NFS: Initialize the NFS v4 client from init_nfs_v4()
NFS: Move the v4 getroot code to nfs4getroot.c
NFS: Split out NFS v4 file operations
NFS: Initialize v4 sysctls from nfs_init_v4()
NFS: Create an init_nfs_v4() function
NFS: Split out NFS v4 inode operations
NFS: Split out NFS v3 inode operations
NFS: Split out NFS v2 inode operations
NFS: Clean up nfs4_proc_setclientid() and friends
...
11 Jul, 2012
1 commit
-
Fix incorrect start markers, wrapped summary lines, missing section
breaks, incorrect separators, and some name mismatches.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller
29 Jun, 2012
9 commits
-
Signed-off-by: Trond Myklebust
-
Use the xdr_align_pages() helper
Signed-off-by: Trond Myklebust
-
Move the page alignment code into a separate helper.
Signed-off-by: Trond Myklebust
-
Signed-off-by: Trond Myklebust
-
Use xdr_stream_pos() instead.
Signed-off-by: Trond Myklebust
-
Add a helper to report the current offset from the start of the
xdr_stream.Signed-off-by: Trond Myklebust
-
Callers of xdr_read_pages() will want to know exactly how much XDR
data is encoded in the pages after the data realignment.Signed-off-by: Trond Myklebust
-
Now that xdr_inline_decode() will automatically cross into the page
buffers, we need to ensure that it doesn't exceed the total reply
message length.This patch sets up a counter that tracks the number of words
remaining in the reply message, and ensures that xdr_inline_decode,
xdr_read_pages and xdr_enter_page respect the end of message boundary.Signed-off-by: Trond Myklebust
-
Remove the 'p' argument, since that is only ever set by xdr_init_decode.
Add sanity checking of 'p' inside xdr_init_decode itself.Signed-off-by: Trond Myklebust
27 Jun, 2012
1 commit
-
Signed-off-by: Trond Myklebust
16 Apr, 2012
1 commit
-
Use of "unsigned int" is preferred to bare "unsigned" in net tree.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
20 Mar, 2012
1 commit
-
Signed-off-by: Cong Wang
05 Jan, 2012
1 commit
-
The NFSv4 bitmap size is unbounded: a server can return an arbitrary
sized bitmap in an FATTR4_WORD0_ACL request. Replace using the
nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server
with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data
xdr length to the (cached) acl page data.This is a general solution to commit e5012d1f "NFSv4.1: update
nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead
when getting ACLs.Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr
was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved.Cc: stable@kernel.org
Signed-off-by: Andy Adamson
Signed-off-by: Trond Myklebust
15 Jul, 2011
1 commit
-
Ensure that the backchannel exports conform to the existing sunrpc
practice.Signed-off-by: Trond Myklebust
30 May, 2011
1 commit
-
Initialize xdr_stream and xdr_buf using an array of page pointers
and length of buffer.Signed-off-by: Benny Halevy
11 Jan, 2011
1 commit
-
vm_map_ram() is not available on NOMMU platforms, and causes trouble
on incoherrent architectures such as ARM when we access the page data
through both the direct and the virtual mapping.The alternative is to use the direct mapping to access page data
for the case when we are not crossing a page boundary, but to copy
the data into a linear scratch buffer when we are accessing data
that spans page boundaries.Signed-off-by: Trond Myklebust
Tested-by: Marc Kleine-Budde
Cc: stable@kernel.org [2.6.37]
24 Oct, 2010
1 commit
-
We sometimes need to be able to read ahead in an xdr_stream without
incrementing the current pointer position.Signed-off-by: Trond Myklebust
22 Sep, 2010
1 commit
-
Clean up: Introduce a helper to '\0'-terminate XDR strings
that are placed in a page in the page cache.Signed-off-by: Chuck Lever
Signed-off-by: Trond Myklebust
30 Aug, 2010
5 commits
-
If we have unused buffer space, then we should make use of that rather
than unnecessarily truncating the message.Signed-off-by: Trond Myklebust
-
The "copy" variable value can be computed using the existing
logic rather than repeating it.Signed-off-by: Benny Halevy
Signed-off-by: Trond Myklebust -
to clean up the code "copy" will be set prior to the block
hence it mustn't be used there.Signed-off-by: Benny Halevy
Signed-off-by: Trond Myklebust -
char *p is used only as a shorthand for tail->iov_base + len in a nested
block. Move it there.Signed-off-by: Benny Halevy
Signed-off-by: Trond Myklebust -
On Jan. 14, 2009, 2:50 +0200, andros@netapp.com wrote:
> From: Andy Adamson
>
> The buflen is reset for all cases at the end of xdr_shrink_pagelen.
> The data left in the tail after xdr_read_pages is not processed when the
> buflen is incorrectly set.Note that in this case we also lose (len - tail->iov_len)
bytes from the buffered data in pages.Reported-by: Andy Adamson
Signed-off-by: Benny Halevy
Signed-off-by: Trond Myklebust
15 May, 2010
1 commit
-
Signed-off-by: Kevin Coffman
Signed-off-by: Steve Dickson
Signed-off-by: Trond Myklebust