From: "J. Bruce Fields" <bfields@fieldses.org>
To: Christoph Hellwig <hch@lst.de>
Cc: trond.myklebust@primarydata.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 4/4] nfsd: add SCSI layout support
Date: Tue, 22 Mar 2016 14:56:01 -0400 [thread overview]
Message-ID: <20160322185601.GE4083@fieldses.org> (raw)
In-Reply-To: <20160317215218.GB27078@fieldses.org>
On Thu, Mar 17, 2016 at 05:52:18PM -0400, J. Bruce Fields wrote:
> On Fri, Mar 04, 2016 at 08:46:17PM +0100, Christoph Hellwig wrote:
> > +int
> > +nfsd4_scsi_decode_layoutupdate(__be32 *p, u32 len, struct iomap **iomapp,
> > + u32 block_size)
> > +{
> > + struct iomap *iomaps;
> > + u32 nr_iomaps, expected, i;
> > +
> > + if (len < sizeof(u32)) {
> > + dprintk("%s: extent array too small: %u\n", __func__, len);
> > + return -EINVAL;
> > + }
> > +
> > + nr_iomaps = be32_to_cpup(p++);
> > + expected = sizeof(__be32) + nr_iomaps * PNFS_SCSI_RANGE_SIZE;
> > + if (len != expected) {
>
> You could add any multiple of 2^32/PNFS_SCSI_RANGE_SIZE to nr_iomaps and
> still pass this check. Then you'd probably fail the following kcalloc,
> but best to be paranoid if this is from-the-wire data.
>
> Maybe something like this? (Untested)
OK, I've added this, and also did some minor edits on your patches
(comment typos, split out one bit of code movement into a separate
patch). Results in
git://linux-nfs.org/~bfields/linux.git for-next
I'll send that along soon.
--b.
>
> diff --git a/fs/nfsd/blocklayoutxdr.c b/fs/nfsd/blocklayoutxdr.c
> index ca1883668810..6c3b316f932e 100644
> --- a/fs/nfsd/blocklayoutxdr.c
> +++ b/fs/nfsd/blocklayoutxdr.c
> @@ -105,18 +105,22 @@ nfsd4_block_decode_layoutupdate(__be32 *p, u32 len, struct iomap **iomapp,
> u32 block_size)
> {
> struct iomap *iomaps;
> - u32 nr_iomaps, expected, i;
> + u32 nr_iomaps, i;
>
> if (len < sizeof(u32)) {
> dprintk("%s: extent array too small: %u\n", __func__, len);
> return -EINVAL;
> }
> + len -= sizeof(u32);
> + if (len % PNFS_BLOCK_EXTENT_SIZE) {
> + dprintk("%s: extent array invalid: %u\n", __func__, len);
> + return -EINVAL;
> + }
>
> nr_iomaps = be32_to_cpup(p++);
> - expected = sizeof(__be32) + nr_iomaps * PNFS_BLOCK_EXTENT_SIZE;
> - if (len != expected) {
> + if (nr_iomaps != len / PNFS_BLOCK_EXTENT_SIZE) {
> dprintk("%s: extent array size mismatch: %u/%u\n",
> - __func__, len, expected);
> + __func__, len, nr_iomaps);
> return -EINVAL;
> }
>
> --b.
prev parent reply other threads:[~2016-03-22 18:56 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-04 19:46 pNFS SCSI layout support V2 Christoph Hellwig
2016-03-04 19:46 ` [PATCH 1/4] nfs4.h: add SCSI layout defintions Christoph Hellwig
2016-03-04 19:46 ` [PATCH 2/4] nfs/blocklayout: add SCSI layout support Christoph Hellwig
2016-03-08 22:07 ` J. Bruce Fields
2016-03-08 22:42 ` Trond Myklebust
2016-03-17 21:01 ` J. Bruce Fields
2016-03-18 14:18 ` Trond Myklebust
2016-03-08 22:09 ` J. Bruce Fields
2016-03-04 19:46 ` [PATCH 3/4] nfsd: add a new config option for the block layout driver Christoph Hellwig
2016-03-04 19:46 ` [PATCH 4/4] nfsd: add SCSI layout support Christoph Hellwig
2016-03-08 22:15 ` J. Bruce Fields
2016-03-09 14:48 ` Christoph Hellwig
2016-03-10 22:26 ` J. Bruce Fields
2016-03-11 9:24 ` Christoph Hellwig
2016-03-11 22:52 ` J. Bruce Fields
2016-03-17 21:52 ` J. Bruce Fields
2016-03-22 18:56 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160322185601.GE4083@fieldses.org \
--to=bfields@fieldses.org \
--cc=hch@lst.de \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).