summaryrefslogtreecommitdiff
path: root/fs/nfs
diff options
context:
space:
mode:
authorTrond Myklebust <trond.myklebust@hammerspace.com>2020-12-08 17:03:51 +0300
committerTrond Myklebust <trond.myklebust@hammerspace.com>2020-12-14 14:51:08 +0300
commit7aedc687c9f62e0d22b3231a100030e02344be1a (patch)
tree4f5ae1b2bc0dba4cd3a67cd86c988b121022189e /fs/nfs
parent503b934a752f7e789a5f33217520e0a79f3096ac (diff)
downloadlinux-7aedc687c9f62e0d22b3231a100030e02344be1a.tar.xz
NFSv4.2: Deal with potential READ_PLUS data extent buffer overflow
If the server returns more data than we have buffer space for, then we need to truncate and exit early. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Diffstat (limited to 'fs/nfs')
-rw-r--r--fs/nfs/nfs42xdr.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
index 9ef5261a1a70..8386ca45a43f 100644
--- a/fs/nfs/nfs42xdr.c
+++ b/fs/nfs/nfs42xdr.c
@@ -1026,6 +1026,7 @@ static int decode_deallocate(struct xdr_stream *xdr, struct nfs42_falloc_res *re
}
static int decode_read_plus_data(struct xdr_stream *xdr,
+ struct nfs_pgio_args *args,
struct nfs_pgio_res *res)
{
uint32_t count, recvd;
@@ -1041,8 +1042,12 @@ static int decode_read_plus_data(struct xdr_stream *xdr,
recvd = xdr_align_data(xdr, res->count, xdr_align_size(count));
if (recvd > count)
recvd = count;
+ if (res->count + recvd > args->count) {
+ if (args->count > res->count)
+ res->count += args->count - res->count;
+ return 1;
+ }
res->count += recvd;
-
if (count > recvd)
return 1;
return 0;
@@ -1119,7 +1124,7 @@ static int decode_read_plus(struct xdr_stream *xdr, struct nfs_pgio_res *res)
type = be32_to_cpup(p++);
if (type == NFS4_CONTENT_DATA)
- status = decode_read_plus_data(xdr, res);
+ status = decode_read_plus_data(xdr, args, res);
else if (type == NFS4_CONTENT_HOLE)
status = decode_read_plus_hole(xdr, args, res, &eof);
else