From: Chuck Lever <chuck.lever@oracle.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 01/19] SUNRPC: Fix error return value of svc_addr_len()
Date: Tue, 28 Apr 2009 11:28:47 -0400 [thread overview]
Message-ID: <AB35D779-F289-4F56-ABFC-968E6DDB7D0D@oracle.com> (raw)
In-Reply-To: <20090427235147.GD5108@fieldses.org>
On Apr 27, 2009, at 7:51 PM, J. Bruce Fields wrote:
> On Mon, Apr 27, 2009 at 12:49:07PM -0400, Chuck Lever wrote:
>> On Apr 25, 2009, at 6:17 PM, J. Bruce Fields wrote:
>>> On Thu, Apr 23, 2009 at 07:31:25PM -0400, Chuck Lever wrote:
>>>> The svc_addr_len() helper function returns -EAFNOSUPPORT if it
>>>> doesn't
>>>> recognize the address family of the passed-in socket address.
>>>> However,
>>>> the return type of this function is size_t, which means -
>>>> EAFNOSUPPORT
>>>> is turned into a very large positive value in this case.
>>>>
>>>> The check in svc_udp_recvfrom() to see if the return value is less
>>>> than zero therefore won't work at all.
>>>>
>>>> Additionally, handle_connect_req() passes this value directly to
>>>> memset(). This could cause memset() to clobber a large chunk of
>>>> memory
>>>> if svc_addr_len() has returned an error. Currently the address
>>>> family
>>>> of these addresses, however, is known to be supported long before
>>>> handle_connect_req() is called, so this isn't a real risk.
>>>>
>>>> Change the error return value of svc_addr_len() to zero, which fits
>>>> in
>>>> the range of size_t, and is safer to pass to memset() directly.
>>>>
>>>> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
>>>> ---
>>>>
>>>> include/linux/sunrpc/svc_xprt.h | 5 +++--
>>>> net/sunrpc/svcsock.c | 7 ++++---
>>>> 2 files changed, 7 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/include/linux/sunrpc/svc_xprt.h b/include/linux/
>>>> sunrpc/
>>>> svc_xprt.h
>>>> index 0d9cb6e..d790c52 100644
>>>> --- a/include/linux/sunrpc/svc_xprt.h
>>>> +++ b/include/linux/sunrpc/svc_xprt.h
>>>> @@ -118,7 +118,7 @@ static inline unsigned short
>>>> svc_addr_port(const
>>>> struct sockaddr *sa)
>>>> return 0;
>>>> }
>>>>
>>>> -static inline size_t svc_addr_len(struct sockaddr *sa)
>>>> +static inline size_t svc_addr_len(const struct sockaddr *sa)
>>>> {
>>>> switch (sa->sa_family) {
>>>> case AF_INET:
>>>> @@ -126,7 +126,8 @@ static inline size_t svc_addr_len(struct
>>>> sockaddr *sa)
>>>> case AF_INET6:
>>>> return sizeof(struct sockaddr_in6);
>>>> }
>>>> - return -EAFNOSUPPORT;
>>>> +
>>>
>>> May as well stick a WARN() here too if only as a shorthand way of
>>> documenting that this isn't meant to happen.
>>
>> Sounds reasonable, but:
>>
>> 1. I thought BUG() was the way to document "shouldn't happen," and
>
> That'd be OK too.
>
>>
>> 2. What about all the other static inliney places this "shouldn't
>> happen" ?
>
> Such as?
nlm_cmp_addr(), nlm_privileged_requester(), svc_addr_port(),
nfs_sockaddr_match_ipaddr(), nfs_sockaddr_cmp(), nfs_server_get_key(),
nfs_set_port(), nfs_verify_server_address(), and so on.
> --b.
>
>>
>> I guess we kind of gave up on BUG'ing in all these places.
>>
>>> --b.
>>>
>>>> + return 0;
>>>> }
>>>>
>>>> static inline unsigned short svc_xprt_local_port(const struct
>>>> svc_xprt *xprt)
>>>> diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
>>>> index af31988..8b08328 100644
>>>> --- a/net/sunrpc/svcsock.c
>>>> +++ b/net/sunrpc/svcsock.c
>>>> @@ -426,13 +426,14 @@ static int svc_udp_recvfrom(struct svc_rqst
>>>> *rqstp)
>>>> long all[SVC_PKTINFO_SPACE / sizeof(long)];
>>>> } buffer;
>>>> struct cmsghdr *cmh = &buffer.hdr;
>>>> - int err, len;
>>>> struct msghdr msg = {
>>>> .msg_name = svc_addr(rqstp),
>>>> .msg_control = cmh,
>>>> .msg_controllen = sizeof(buffer),
>>>> .msg_flags = MSG_DONTWAIT,
>>>> };
>>>> + size_t len;
>>>> + int err;
>>>>
>>>> if (test_and_clear_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags))
>>>> /* udp sockets need large rcvbuf as all pending
>>>> @@ -464,8 +465,8 @@ static int svc_udp_recvfrom(struct svc_rqst
>>>> *rqstp)
>>>> return -EAGAIN;
>>>> }
>>>> len = svc_addr_len(svc_addr(rqstp));
>>>> - if (len < 0)
>>>> - return len;
>>>> + if (len == 0)
>>>> + return -EAFNOSUPPORT;
>>>> rqstp->rq_addrlen = len;
>>>> if (skb->tstamp.tv64 == 0) {
>>>> skb->tstamp = ktime_get_real();
>>>>
>>
>> --
>> Chuck Lever
>> chuck[dot]lever[at]oracle[dot]com
>>
>>
>>
>>
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
next prev parent reply other threads:[~2009-04-28 15:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-23 23:31 [PATCH 00/19] Proposed server-side patches for 2.6.31 Chuck Lever
[not found] ` <20090423231550.17283.24432.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-23 23:31 ` [PATCH 01/19] SUNRPC: Fix error return value of svc_addr_len() Chuck Lever
[not found] ` <20090423233124.17283.40252.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-25 22:17 ` J. Bruce Fields
2009-04-27 16:49 ` Chuck Lever
2009-04-27 23:51 ` J. Bruce Fields
2009-04-28 15:28 ` Chuck Lever [this message]
2009-04-28 15:31 ` J. Bruce Fields
2009-04-23 23:31 ` [PATCH 02/19] NFSD: Refactor transport removal out of __write_ports() Chuck Lever
2009-04-23 23:31 ` [PATCH 03/19] NFSD: Refactor transport addition " Chuck Lever
2009-04-23 23:31 ` [PATCH 04/19] NFSD: Refactor portlist socket closing into a helper Chuck Lever
2009-04-23 23:31 ` [PATCH 05/19] NFSD: Refactor socket creation out of __write_ports() Chuck Lever
[not found] ` <20090423233155.17283.37345.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-25 22:40 ` J. Bruce Fields
2009-04-23 23:32 ` [PATCH 06/19] NFSD: Note an additional requirement when passing TCP sockets to portlist Chuck Lever
2009-04-23 23:32 ` [PATCH 07/19] NFSD: Finish refactoring __write_ports() Chuck Lever
2009-04-23 23:32 ` [PATCH 08/19] NFSD: move lockd_up() before svc_addsock() Chuck Lever
2009-04-23 23:32 ` [PATCH 09/19] NFSD: Prevent a buffer overflow in svc_xprt_names() Chuck Lever
[not found] ` <20090423233225.17283.10176.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-27 23:56 ` J. Bruce Fields
2009-04-23 23:32 ` [PATCH 10/19] SUNRPC: pass buffer size to svc_addsock() Chuck Lever
2009-04-23 23:32 ` [PATCH 11/19] SUNRPC: pass buffer size to svc_sock_names() Chuck Lever
2009-04-23 23:32 ` [PATCH 12/19] SUNRPC: Switch one_sock_name() to use snprintf() Chuck Lever
2009-04-23 23:32 ` [PATCH 13/19] SUNRPC: Support PF_INET6 in one_sock_name() Chuck Lever
2009-04-23 23:33 ` [PATCH 14/19] SUNRPC: Clean up one_sock_name() Chuck Lever
2009-04-23 23:33 ` [PATCH 15/19] NFSD: Stricter buffer size checking in write_recoverydir() Chuck Lever
2009-04-23 23:33 ` [PATCH 16/19] NFSD: Stricter buffer size checking in write_versions() Chuck Lever
2009-04-23 23:33 ` [PATCH 17/19] NFSD: Stricter buffer size checking in fs/nfsd/nfsctl.c Chuck Lever
[not found] ` <20090423233325.17283.71127.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-28 16:31 ` J. Bruce Fields
2009-04-28 16:36 ` Chuck Lever
2009-04-28 21:30 ` J. Bruce Fields
2009-04-23 23:33 ` [PATCH 18/19] lockd: Update NSM state from SM_MON replies Chuck Lever
[not found] ` <20090423233332.17283.23011.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-28 16:25 ` J. Bruce Fields
2009-04-28 16:34 ` Chuck Lever
2009-04-28 16:38 ` J. Bruce Fields
2009-04-28 19:11 ` Chuck Lever
2009-05-08 15:19 ` Chuck Lever
2009-05-08 15:33 ` J. Bruce Fields
2009-04-23 23:33 ` [PATCH 19/19] lockd: clean up 64-bit alignment fix in nsm_init_private() Chuck Lever
[not found] ` <20090423233340.17283.29580.stgit-07a7zB5ZJzbwdl/1UfZZQIVfYA8g3rJ/@public.gmane.org>
2009-04-28 16:31 ` J. Bruce Fields
2009-04-28 16:35 ` Chuck Lever
2009-04-28 16:40 ` J. Bruce Fields
2009-04-28 17:24 ` Chuck Lever
2009-04-28 21:36 ` J. Bruce Fields
2009-04-28 22:03 ` Måns Rullgård
[not found] ` <yw1x63gozb9f.fsf-O+uoZmgXk1l54TAoqtyWWQ@public.gmane.org>
2009-04-28 22:14 ` Chuck Lever
2009-04-28 22:11 ` Chuck Lever
2009-04-28 22:23 ` J. Bruce Fields
2009-04-28 22:31 ` Måns Rullgård
[not found] ` <yw1xws94xved.fsf-O+uoZmgXk1l54TAoqtyWWQ@public.gmane.org>
2009-04-28 22:43 ` Chuck Lever
2009-04-28 22:52 ` Måns Rullgård
[not found] ` <yw1xskjsxuff.fsf-O+uoZmgXk1l54TAoqtyWWQ@public.gmane.org>
2009-04-29 15:16 ` Chuck Lever
2009-04-29 18:02 ` Måns Rullgård
2009-04-25 22:14 ` [PATCH 00/19] Proposed server-side patches for 2.6.31 J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AB35D779-F289-4F56-ABFC-968E6DDB7D0D@oracle.com \
--to=chuck.lever@oracle.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox