Re: [PATCH] SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>,
	Anna Schumaker <anna.schumaker@netapp.com>,
	Chuck Lever <chuck.lever@oracle.com>,
	"David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	NeilBrown <neilb@suse.de>, Alexey Dobriyan <adobriyan@gmail.com>,
	Roberto Bergantinos Corpas <rbergant@redhat.com>,
	"open list:NFS, SUNRPC,
	AND LOCKD CLIENTS"  <linux-nfs@vger.kernel.org>,
	"open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
Date: Mon, 19 Oct 2020 11:23:01 -0400	[thread overview]
Message-ID: <20201019152301.GC32403@fieldses.org> (raw)
In-Reply-To: <20201019114229.52973-1-martijn.de.gouw@prodrive-technologies.com>

On Mon, Oct 19, 2020 at 01:42:27PM +0200, Martijn de Gouw wrote:
> When the passed token is longer than 4032 bytes, the remaining part
> of the token must be copied from the rqstp->rq_arg.pages. But the
> copy must make sure it happens in a consecutive way.

Thanks.  Apologies, but I don't immediately see where the copy is
non-consecutive.  What exactly is the bug in the existing code?

--b.

> 
> Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
> ---
>  net/sunrpc/auth_gss/svcauth_gss.c | 27 +++++++++++++++++----------
>  1 file changed, 17 insertions(+), 10 deletions(-)
> 
> diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
> index 258b04372f85..bd4678db9d76 100644
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -1147,9 +1147,9 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
>  			       struct gssp_in_token *in_token)
>  {
>  	struct kvec *argv = &rqstp->rq_arg.head[0];
> -	unsigned int page_base, length;
> -	int pages, i, res;
> -	size_t inlen;
> +	unsigned int length, pgto_offs, pgfrom_offs;
> +	int pages, i, res, pgto, pgfrom;
> +	size_t inlen, to_offs, from_offs;
>  
>  	res = gss_read_common_verf(gc, argv, authp, in_handle);
>  	if (res)
> @@ -1177,17 +1177,24 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
>  	memcpy(page_address(in_token->pages[0]), argv->iov_base, length);
>  	inlen -= length;
>  
> -	i = 1;
> -	page_base = rqstp->rq_arg.page_base;
> +	to_offs = length;
> +	from_offs = rqstp->rq_arg.page_base;
>  	while (inlen) {
> -		length = min_t(unsigned int, inlen, PAGE_SIZE);
> -		memcpy(page_address(in_token->pages[i]),
> -		       page_address(rqstp->rq_arg.pages[i]) + page_base,
> +		pgto = to_offs >> PAGE_SHIFT;
> +		pgfrom = from_offs >> PAGE_SHIFT;
> +		pgto_offs = to_offs & ~PAGE_MASK;
> +		pgfrom_offs = from_offs & ~PAGE_MASK;
> +
> +		length = min_t(unsigned int, inlen,
> +			 min_t(unsigned int, PAGE_SIZE - pgto_offs,
> +			       PAGE_SIZE - pgfrom_offs));
> +		memcpy(page_address(in_token->pages[pgto]) + pgto_offs,
> +		       page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
>  		       length);
>  
> +		to_offs += length;
> +		from_offs += length;
>  		inlen -= length;
> -		page_base = 0;
> -		i++;
>  	}
>  	return 0;
>  }
> -- 
> 2.20.1

next prev parent reply	other threads:[~2020-10-19 15:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-19 11:42 [PATCH] SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() Martijn de Gouw
2020-10-19 15:23 ` J. Bruce Fields [this message]
2020-10-19 15:46   ` Martijn de Gouw
2020-10-19 22:04     ` J. Bruce Fields
2020-10-20  7:16       ` Martijn de Gouw
2020-10-21 17:29         ` Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201019152301.GC32403@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=adobriyan@gmail.com \
    --cc=anna.schumaker@netapp.com \
    --cc=arnd@arndb.de \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=martijn.de.gouw@prodrive-technologies.com \
    --cc=neilb@suse.de \
    --cc=netdev@vger.kernel.org \
    --cc=rbergant@redhat.com \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.