From: cel@kernel.org
To: Neil Brown <neilb@suse.de>, Jeff Layton <jlayton@kernel.org>,
Olga Kornievskaia <okorniev@redhat.com>,
Dai Ngo <dai.ngo@oracle.com>, Tom Talpey <tom@talpey.com>
Cc: <linux-nfs@vger.kernel.org>,
Rick Macklem <rick.macklem@gmail.com>,
Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v2 2/2] SUNRPC: Document validity guarantees of the pointer returned by reserve_space
Date: Mon, 23 Dec 2024 13:07:27 -0500 [thread overview]
Message-ID: <20241223180724.1804-6-cel@kernel.org> (raw)
In-Reply-To: <20241223180724.1804-4-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
A subtlety of this API is that if the @nbytes region traverses a
page boundary, the next __xdr_commit_encode will shift the data item
in the XDR encode buffer. This makes the returned pointer point to
something else, leading to unexpected behavior.
There are a few cases where the caller saves the returned pointer
and then later uses it to insert a computed value into an earlier
part of the stream. This can be safe only if either:
- the data item is guaranteed to be in the XDR buffer's head, and
thus is not ever going to be near a page boundary, or
- the data item is no larger than 4 octets, since XDR alignment
rules require all data items to start on 4-octet boundaries
But that safety is only an artifact of the current implementation.
It would be less brittle if these "safe" uses were eventually
replaced.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
net/sunrpc/xdr.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 62e07c330a66..f198bb043e2f 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -1097,6 +1097,9 @@ static noinline __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr,
* Checks that we have enough buffer space to encode 'nbytes' more
* bytes of data. If so, update the total xdr_buf length, and
* adjust the length of the current kvec.
+ *
+ * The returned pointer is valid only until the next call to
+ * xdr_reserve_space() or xdr_commit_encode() on this stream.
*/
__be32 * xdr_reserve_space(struct xdr_stream *xdr, size_t nbytes)
{
--
2.47.0
next prev parent reply other threads:[~2024-12-23 18:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-23 18:07 [PATCH v2 0/2] Fix XDR encoding near page boundaries cel
2024-12-23 18:07 ` [PATCH v2 1/2] NFSD: Encode COMPOUND operation status on " cel
2024-12-23 23:46 ` Rick Macklem
2024-12-24 23:19 ` NeilBrown
2024-12-25 15:53 ` Chuck Lever
2024-12-23 18:07 ` cel [this message]
2024-12-23 23:22 ` [PATCH v2 0/2] Fix XDR encoding near " Rick Macklem
2024-12-24 14:16 ` Chuck Lever
2024-12-24 15:50 ` Rick Macklem
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241223180724.1804-6-cel@kernel.org \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=okorniev@redhat.com \
--cc=rick.macklem@gmail.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.