[PATCH 14/16] NFSv4.2: Deal with potential READ_PLUS data extent buffer overflow

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: trondmy@kernel.org
To: linux-nfs@vger.kernel.org
Subject: [PATCH 14/16] NFSv4.2: Deal with potential READ_PLUS data extent buffer overflow
Date: Wed,  9 Dec 2020 09:47:59 -0500	[thread overview]
Message-ID: <20201209144801.700778-15-trondmy@kernel.org> (raw)
In-Reply-To: <20201209144801.700778-14-trondmy@kernel.org>

From: Trond Myklebust <trond.myklebust@hammerspace.com>

If the server returns more data than we have buffer space for, then
we need to truncate and exit early.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
 fs/nfs/nfs42xdr.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
index 9ef5261a1a70..8386ca45a43f 100644
--- a/fs/nfs/nfs42xdr.c
+++ b/fs/nfs/nfs42xdr.c
@@ -1026,6 +1026,7 @@ static int decode_deallocate(struct xdr_stream *xdr, struct nfs42_falloc_res *re
 }
 
 static int decode_read_plus_data(struct xdr_stream *xdr,
+				 struct nfs_pgio_args *args,
 				 struct nfs_pgio_res *res)
 {
 	uint32_t count, recvd;
@@ -1041,8 +1042,12 @@ static int decode_read_plus_data(struct xdr_stream *xdr,
 	recvd = xdr_align_data(xdr, res->count, xdr_align_size(count));
 	if (recvd > count)
 		recvd = count;
+	if (res->count + recvd > args->count) {
+		if (args->count > res->count)
+			res->count += args->count - res->count;
+		return 1;
+	}
 	res->count += recvd;
-
 	if (count > recvd)
 		return 1;
 	return 0;
@@ -1119,7 +1124,7 @@ static int decode_read_plus(struct xdr_stream *xdr, struct nfs_pgio_res *res)
 
 		type = be32_to_cpup(p++);
 		if (type == NFS4_CONTENT_DATA)
-			status = decode_read_plus_data(xdr, res);
+			status = decode_read_plus_data(xdr, args, res);
 		else if (type == NFS4_CONTENT_HOLE)
 			status = decode_read_plus_hole(xdr, args, res, &eof);
 		else
-- 
2.29.2

next prev parent reply	other threads:[~2020-12-09 14:49 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-09 14:47 [PATCH 00/16] Fixes for the NFSv4.2 READ_PLUS operation trondmy
2020-12-09 14:47 ` [PATCH 01/16] SUNRPC: _shift_data_left/right_pages should check the shift length trondmy
2020-12-09 14:47   ` [PATCH 02/16] SUNRPC: Fixes for xdr_align_data() trondmy
2020-12-09 14:47     ` [PATCH 03/16] SUNRPC: Fix xdr_expand_hole() trondmy
2020-12-09 14:47       ` [PATCH 04/16] SUNRPC: Cleanup xdr_shrink_bufhead() trondmy
2020-12-09 14:47         ` [PATCH 05/16] SUNRPC: _copy_to/from_pages() now check for zero length trondmy
2020-12-09 14:47           ` [PATCH 06/16] SUNRPC: Clean up open coded setting of the xdr_stream 'nwords' field trondmy
2020-12-09 14:47             ` [PATCH 07/16] SUNRPC: Cleanup - constify a number of xdr_buf helpers trondmy
2020-12-09 14:47               ` [PATCH 08/16] SUNRPC: Avoid unnecessary copies in xdr_buf_pages_copy_left/right() trondmy
2020-12-09 14:47                 ` [PATCH 09/16] NFSv4.2: Ensure we always reset the result->count in decode_read_plus() trondmy
2020-12-09 14:47                   ` [PATCH 10/16] NFSv4.2: decode_read_plus_data() must skip padding after data segment trondmy
2020-12-09 14:47                     ` [PATCH 11/16] NFSv4.2: decode_read_plus_hole() needs to check the extent offset trondmy
2020-12-09 14:47                       ` [PATCH 12/16] NFSv4.2: Handle hole lengths that exceed the READ_PLUS read buffer trondmy
2020-12-09 14:47                         ` [PATCH 13/16] NFSv4.2: Don't error when exiting early on a READ_PLUS buffer overflow trondmy
2020-12-09 14:47                           ` trondmy [this message]
2020-12-09 14:48                             ` [PATCH 15/16] nfsd: Fixes for nfsd4_encode_read_plus_data() trondmy
2020-12-09 14:48                               ` [PATCH 16/16] nfsd: Don't set eof on a truncated READ_PLUS trondmy
2020-12-09 16:16                               ` [PATCH 15/16] nfsd: Fixes for nfsd4_encode_read_plus_data() Chuck Lever
2020-12-09 16:39                                 ` Trond Myklebust
2020-12-09 16:57                                   ` Chuck Lever
2020-12-09 17:01                                     ` Trond Myklebust

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9ef5261a1a7 dfblob:8386ca45a43 )
 OR (
bs:"[PATCH 14/16] NFSv4.2: Deal with potential READ_PLUS data extent buffer overflow" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201209144801.700778-15-trondmy@kernel.org \
    --to=trondmy@kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox