Commit b786caa6 authored by Chuck Lever's avatar Chuck Lever
Browse files

NFSD: Insulate nfsd4_encode_secinfo() from page boundaries in the encode buffer 



There's no guarantee that the pointer returned from
xdr_reserve_space() will still point to the correct reserved space
in the encode buffer after one or more intervening calls to
xdr_reserve_space(). It just happens to work with the current
implementation of xdr_reserve_space().

Reviewed-by: default avatarNeilBrown <neilb@suse.de>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 825562bc

fs/nfsd/nfs4xdr.c

+10 −8
Original line number Diff line number Diff line
@@ -4643,13 +4643,13 @@ nfsd4_encode_secinfo4(struct xdr_stream *xdr, rpc_authflavor_t pf, 
}



static __be32

nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)

nfsd4_encode_SECINFO4resok(struct xdr_stream *xdr, struct svc_export *exp)

{

	u32 i, nflavs, supported;

	struct exp_flavor_info *flavs;

	struct exp_flavor_info def_flavs[2];

	__be32 *flavorsp;

	__be32 status;

	unsigned int count_offset;

	__be32 status, wire_count;



	if (exp->ex_nflavors) {

		flavs = exp->ex_flavors;
@@ -4671,8 +4671,8 @@ nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp) 
		}

	}



	flavorsp = xdr_reserve_space(xdr, XDR_UNIT);

	if (!flavorsp)

	count_offset = xdr->buf->len;

	if (unlikely(!xdr_reserve_space(xdr, XDR_UNIT)))

		return nfserr_resource;



	for (i = 0, supported = 0; i < nflavs; i++) {
@@ -4682,7 +4682,9 @@ nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp) 
			return status;

	}



	*flavorsp = cpu_to_be32(supported);

	wire_count = cpu_to_be32(supported);

	write_bytes_to_xdr_buf(xdr->buf, count_offset, &wire_count,

			       XDR_UNIT);

	return 0;

}
@@ -4693,7 +4695,7 @@ nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr, 
	struct nfsd4_secinfo *secinfo = &u->secinfo;

	struct xdr_stream *xdr = resp->xdr;



	return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp);

	return nfsd4_encode_SECINFO4resok(xdr, secinfo->si_exp);

}



static __be32
@@ -4703,7 +4705,7 @@ nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr, 
	struct nfsd4_secinfo_no_name *secinfo = &u->secinfo_no_name;

	struct xdr_stream *xdr = resp->xdr;



	return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp);

	return nfsd4_encode_SECINFO4resok(xdr, secinfo->sin_exp);

}



static __be32