Linux NFS development
 help / color / mirror / Atom feed
* [PATCH 1/2] nfsd: don't ignore high bits of copy count
@ 2021-03-19  0:03 J. Bruce Fields
  2021-03-19  0:03 ` [PATCH 2/2] nfsd: COPY with length 0 should copy to end of file J. Bruce Fields
  0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2021-03-19  0:03 UTC (permalink / raw)
  To: Chuck Lever; +Cc: linux-nfs, J. Bruce Fields

From: "J. Bruce Fields" <bfields@redhat.com>

Note size_t is 32-bit on a 32-bit architecture, but cp_count is defined
by the protocol to be 64 bit, so we could be turning a large copy into a
0-length copy here.

Reported-by: <radchenkoy@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 fs/nfsd/nfs4proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index b749033e467f..5419342df360 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1383,7 +1383,7 @@ static void nfsd4_init_copy_res(struct nfsd4_copy *copy, bool sync)
 static ssize_t _nfsd_copy_file_range(struct nfsd4_copy *copy)
 {
 	ssize_t bytes_copied = 0;
-	size_t bytes_total = copy->cp_count;
+	u64 bytes_total = copy->cp_count;
 	u64 src_pos = copy->cp_src_pos;
 	u64 dst_pos = copy->cp_dst_pos;
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-22 14:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-19  0:03 [PATCH 1/2] nfsd: don't ignore high bits of copy count J. Bruce Fields
2021-03-19  0:03 ` [PATCH 2/2] nfsd: COPY with length 0 should copy to end of file J. Bruce Fields
2021-03-22 14:23   ` Chuck Lever III

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox