[PATCH v4 8/9] NFSD: Insulate nfsd4_encode_secinfo() from page boundaries in the encode buffer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cel@kernel.org
To: Neil Brown <neilb@suse.de>, Jeff Layton <jlayton@kernel.org>,
	Olga Kornievskaia <okorniev@redhat.com>,
	Dai Ngo <dai.ngo@oracle.com>, Tom Talpey <tom@talpey.com>
Cc: <linux-nfs@vger.kernel.org>,
	Rick Macklem <rick.macklem@gmail.com>,
	j.david.lists@gmail.com, Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v4 8/9] NFSD: Insulate nfsd4_encode_secinfo() from page boundaries in the encode buffer
Date: Mon, 30 Dec 2024 19:28:59 -0500	[thread overview]
Message-ID: <20241231002901.12725-9-cel@kernel.org> (raw)
In-Reply-To: <20241231002901.12725-1-cel@kernel.org>

From: Chuck Lever <chuck.lever@oracle.com>

There's no guarantee that the pointer returned from
xdr_reserve_space() will still point to the correct reserved space
in the encode buffer after one or more intervening calls to
xdr_reserve_space(). It just happens to work with the current
implementation of xdr_reserve_space().

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/nfsd/nfs4xdr.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index a8b99e4796c9..348cd13f9012 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -4642,13 +4642,13 @@ nfsd4_encode_secinfo4(struct xdr_stream *xdr, rpc_authflavor_t pf,
 }
 
 static __be32
-nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
+nfsd4_encode_SECINFO4resok(struct xdr_stream *xdr, struct svc_export *exp)
 {
 	u32 i, nflavs, supported;
 	struct exp_flavor_info *flavs;
 	struct exp_flavor_info def_flavs[2];
-	__be32 *flavorsp;
-	__be32 status;
+	unsigned int count_offset;
+	__be32 status, wire_count;
 
 	if (exp->ex_nflavors) {
 		flavs = exp->ex_flavors;
@@ -4670,8 +4670,8 @@ nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
 		}
 	}
 
-	flavorsp = xdr_reserve_space(xdr, XDR_UNIT);
-	if (!flavorsp)
+	count_offset = xdr_stream_pos(xdr);
+	if (unlikely(!xdr_reserve_space(xdr, XDR_UNIT)))
 		return nfserr_resource;
 
 	for (i = 0, supported = 0; i < nflavs; i++) {
@@ -4681,7 +4681,9 @@ nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
 			return status;
 	}
 
-	*flavorsp = cpu_to_be32(supported);
+	wire_count = cpu_to_be32(supported);
+	write_bytes_to_xdr_buf(xdr->buf, count_offset, &wire_count,
+			       XDR_UNIT);
 	return 0;
 }
 
@@ -4692,7 +4694,7 @@ nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
 	struct nfsd4_secinfo *secinfo = &u->secinfo;
 	struct xdr_stream *xdr = resp->xdr;
 
-	return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp);
+	return nfsd4_encode_SECINFO4resok(xdr, secinfo->si_exp);
 }
 
 static __be32
@@ -4702,7 +4704,7 @@ nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
 	struct nfsd4_secinfo_no_name *secinfo = &u->secinfo_no_name;
 	struct xdr_stream *xdr = resp->xdr;
 
-	return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp);
+	return nfsd4_encode_SECINFO4resok(xdr, secinfo->sin_exp);
 }
 
 static __be32
-- 
2.47.0

next prev parent reply	other threads:[~2024-12-31  0:29 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-31  0:28 [PATCH v4 0/9] Fix XDR encoding near page boundaries cel
2024-12-31  0:28 ` [PATCH v4 1/9] NFSD: Encode COMPOUND operation status on " cel
2024-12-31  0:28 ` [PATCH v4 2/9] NFSD: Insulate nfsd4_encode_read() from page boundaries in the encode buffer cel
2024-12-31  0:28 ` [PATCH v4 3/9] NFSD: Insulate nfsd4_encode_read_plus() " cel
2024-12-31  0:28 ` [PATCH v4 4/9] NFSD: Insulate nfsd4_encode_read_plus_data() " cel
2024-12-31  0:28 ` [PATCH v4 5/9] NFSD: Insulate nfsd4_encode_fattr4() " cel
2024-12-31  0:28 ` [PATCH v4 6/9] NFSD: Insulate nfsd4_encode_readlink() " cel
2024-12-31  0:28 ` [PATCH v4 7/9] NFSD: Refactor nfsd4_do_encode_secinfo() again cel
2024-12-31  0:28 ` cel [this message]
2024-12-31  0:29 ` [PATCH v4 9/9] SUNRPC: Document validity guarantees of the pointer returned by reserve_space cel
2025-01-01 21:49   ` NeilBrown
2025-01-01 23:09     ` Chuck Lever
2025-01-02 13:21   ` Jeff Layton
2025-01-02 13:23 ` [PATCH v4 0/9] Fix XDR encoding near page boundaries Jeff Layton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a8b99e4796c dfblob:348cd13f901 )
 OR (
bs:"[PATCH v4 8/9] NFSD: Insulate nfsd4_encode_secinfo() from page boundaries in the encode buffer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241231002901.12725-9-cel@kernel.org \
    --to=cel@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=dai.ngo@oracle.com \
    --cc=j.david.lists@gmail.com \
    --cc=jlayton@kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    --cc=okorniev@redhat.com \
    --cc=rick.macklem@gmail.com \
    --cc=tom@talpey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.