3 files changed, 15 insertions, 34 deletions
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
index 12feac6ee2fd..452334694a5d 100644
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -334,11 +334,8 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
        if (!p)
                return 0;
        p = xdr_decode_hyper(p, &args->offset);
-        args->count = ntohl(*p++);
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
+        args->count = ntohl(*p++);
        len = min(args->count, max_blocksize);
        /* set up the kvec */
@@ -352,7 +349,7 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
                v++;
        }
        args->vlen = v;
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
@@ -544,11 +541,9 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
        p = decode_fh(p, &args->fh);
        if (!p)
                return 0;
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        args->buffer = page_address(*(rqstp->rq_next_page++));
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
@@ -574,14 +569,10 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
        args->verf   = p; p += 2;
        args->dircount = ~0;
        args->count  = ntohl(*p++);
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        args->count  = min_t(u32, args->count, PAGE_SIZE);
        args->buffer = page_address(*(rqstp->rq_next_page++));
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
@@ -599,9 +590,6 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
        args->dircount = ntohl(*p++);
        args->count    = ntohl(*p++);
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        len = args->count = min(args->count, max_blocksize);
        while (len > 0) {
                struct page *p = *(rqstp->rq_next_page++);
@@ -609,7 +597,8 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
                        args->buffer = page_address(p);
                len -= PAGE_SIZE;
        }
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index c453a1998e00..dadb3bf305b2 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1769,6 +1769,12 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
                        opdesc->op_get_currentstateid(cstate, &op->u);
                op->status = opdesc->op_func(rqstp, cstate, &op->u);
+                /* Only from SEQUENCE */
+                if (cstate->status == nfserr_replay_cache) {
+                        dprintk("%s NFS4.1 replay from cache\n", __func__);
+                        status = op->status;
+                        goto out;
+                }
                if (!op->status) {
                        if (opdesc->op_set_currentstateid)
                                opdesc->op_set_currentstateid(cstate, &op->u);
@@ -1779,14 +1785,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
                        if (need_wrongsec_check(rqstp))
                                op->status = check_nfsd_access(current_fh->fh_export, rqstp);
                }
 encode_op:
-                /* Only from SEQUENCE */
-                if (cstate->status == nfserr_replay_cache) {
-                        dprintk("%s NFS4.1 replay from cache\n", __func__);
-                        status = op->status;
-                        goto out;
-                }
                if (op->status == nfserr_replay_me) {
                        op->replay = &cstate->replay_owner->so_replay;
                        nfsd4_encode_replay(&resp->xdr, op);
diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
index 6a4947a3f4fa..de07ff625777 100644
--- a/fs/nfsd/nfsxdr.c
+++ b/fs/nfsd/nfsxdr.c
@@ -257,9 +257,6 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
        len = args->count     = ntohl(*p++);
        p++; /* totalcount - unused */
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
        /* set up somewhere to store response.
@@ -275,7 +272,7 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
                v++;
        }
        args->vlen = v;
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
@@ -365,11 +362,9 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
        p = decode_fh(p, &args->fh);
        if (!p)
                return 0;
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        args->buffer = page_address(*(rqstp->rq_next_page++));
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 int
@@ -407,11 +402,9 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
        args->cookie = ntohl(*p++);
        args->count  = ntohl(*p++);
        args->count  = min_t(u32, args->count, PAGE_SIZE);
-        if (!xdr_argsize_check(rqstp, p))
-                return 0;
        args->buffer = page_address(*(rqstp->rq_next_page++));
-        return 1;
+        return xdr_argsize_check(rqstp, p);
 }
 /*

diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 12feac6ee2fd..452334694a5d 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c
@@ -334,11 +334,8 @@ nfs3svc_decode_readargs(struct svc_rqst rqstp, __be32 p,
334	if (!p)	334	if (!p)
335	return 0;	335	return 0;
336	p = xdr_decode_hyper(p, &args->offset);	336	p = xdr_decode_hyper(p, &args->offset);
337	args->count = ntohl(*p++);
338
339	if (!xdr_argsize_check(rqstp, p))
340	return 0;
341		337
		338	args->count = ntohl(*p++);
342	len = min(args->count, max_blocksize);	339	len = min(args->count, max_blocksize);
343		340
344	/* set up the kvec */	341	/* set up the kvec */
@@ -352,7 +349,7 @@ nfs3svc_decode_readargs(struct svc_rqst rqstp, __be32 p,
352	v++;	349	v++;
353	}	350	}
354	args->vlen = v;	351	args->vlen = v;
355	return 1;	352	return xdr_argsize_check(rqstp, p);
356	}	353	}
357		354
358	int	355	int
@@ -544,11 +541,9 @@ nfs3svc_decode_readlinkargs(struct svc_rqst rqstp, __be32 p,
544	p = decode_fh(p, &args->fh);	541	p = decode_fh(p, &args->fh);
545	if (!p)	542	if (!p)
546	return 0;	543	return 0;
547	if (!xdr_argsize_check(rqstp, p))
548	return 0;
549	args->buffer = page_address(*(rqstp->rq_next_page++));	544	args->buffer = page_address(*(rqstp->rq_next_page++));
550		545
551	return 1;	546	return xdr_argsize_check(rqstp, p);
552	}	547	}
553		548
554	int	549	int
@@ -574,14 +569,10 @@ nfs3svc_decode_readdirargs(struct svc_rqst rqstp, __be32 p,
574	args->verf = p; p += 2;	569	args->verf = p; p += 2;
575	args->dircount = ~0;	570	args->dircount = ~0;
576	args->count = ntohl(*p++);	571	args->count = ntohl(*p++);
577
578	if (!xdr_argsize_check(rqstp, p))
579	return 0;
580
581	args->count = min_t(u32, args->count, PAGE_SIZE);	572	args->count = min_t(u32, args->count, PAGE_SIZE);
582	args->buffer = page_address(*(rqstp->rq_next_page++));	573	args->buffer = page_address(*(rqstp->rq_next_page++));
583		574
584	return 1;	575	return xdr_argsize_check(rqstp, p);
585	}	576	}
586		577
587	int	578	int
@@ -599,9 +590,6 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst rqstp, __be32 p,
599	args->dircount = ntohl(*p++);	590	args->dircount = ntohl(*p++);
600	args->count = ntohl(*p++);	591	args->count = ntohl(*p++);
601		592
602	if (!xdr_argsize_check(rqstp, p))
603	return 0;
604
605	len = args->count = min(args->count, max_blocksize);	593	len = args->count = min(args->count, max_blocksize);
606	while (len > 0) {	594	while (len > 0) {
607	struct page p = (rqstp->rq_next_page++);	595	struct page p = (rqstp->rq_next_page++);
@@ -609,7 +597,8 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst rqstp, __be32 p,
609	args->buffer = page_address(p);	597	args->buffer = page_address(p);
610	len -= PAGE_SIZE;	598	len -= PAGE_SIZE;
611	}	599	}
612	return 1;	600
		601	return xdr_argsize_check(rqstp, p);
613	}	602	}
614		603
615	int	604	int


diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index c453a1998e00..dadb3bf305b2 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c
@@ -1769,6 +1769,12 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
1769	opdesc->op_get_currentstateid(cstate, &op->u);	1769	opdesc->op_get_currentstateid(cstate, &op->u);
1770	op->status = opdesc->op_func(rqstp, cstate, &op->u);	1770	op->status = opdesc->op_func(rqstp, cstate, &op->u);
1771		1771
		1772	/* Only from SEQUENCE */
		1773	if (cstate->status == nfserr_replay_cache) {
		1774	dprintk("%s NFS4.1 replay from cache\n", __func__);
		1775	status = op->status;
		1776	goto out;
		1777	}
1772	if (!op->status) {	1778	if (!op->status) {
1773	if (opdesc->op_set_currentstateid)	1779	if (opdesc->op_set_currentstateid)
1774	opdesc->op_set_currentstateid(cstate, &op->u);	1780	opdesc->op_set_currentstateid(cstate, &op->u);
@@ -1779,14 +1785,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
1779	if (need_wrongsec_check(rqstp))	1785	if (need_wrongsec_check(rqstp))
1780	op->status = check_nfsd_access(current_fh->fh_export, rqstp);	1786	op->status = check_nfsd_access(current_fh->fh_export, rqstp);
1781	}	1787	}
1782
1783	encode_op:	1788	encode_op:
1784	/* Only from SEQUENCE */
1785	if (cstate->status == nfserr_replay_cache) {
1786	dprintk("%s NFS4.1 replay from cache\n", __func__);
1787	status = op->status;
1788	goto out;
1789	}
1790	if (op->status == nfserr_replay_me) {	1789	if (op->status == nfserr_replay_me) {
1791	op->replay = &cstate->replay_owner->so_replay;	1790	op->replay = &cstate->replay_owner->so_replay;
1792	nfsd4_encode_replay(&resp->xdr, op);	1791	nfsd4_encode_replay(&resp->xdr, op);


diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c index 6a4947a3f4fa..de07ff625777 100644 --- a/fs/nfsd/nfsxdr.c +++ b/fs/nfsd/nfsxdr.c
@@ -257,9 +257,6 @@ nfssvc_decode_readargs(struct svc_rqst rqstp, __be32 p,
257	len = args->count = ntohl(*p++);	257	len = args->count = ntohl(*p++);
258	p++; /* totalcount - unused */	258	p++; /* totalcount - unused */
259		259
260	if (!xdr_argsize_check(rqstp, p))
261	return 0;
262
263	len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);	260	len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
264		261
265	/* set up somewhere to store response.	262	/* set up somewhere to store response.
@@ -275,7 +272,7 @@ nfssvc_decode_readargs(struct svc_rqst rqstp, __be32 p,
275	v++;	272	v++;
276	}	273	}
277	args->vlen = v;	274	args->vlen = v;
278	return 1;	275	return xdr_argsize_check(rqstp, p);
279	}	276	}
280		277
281	int	278	int
@@ -365,11 +362,9 @@ nfssvc_decode_readlinkargs(struct svc_rqst rqstp, __be32 p, struct nfsd_readli
365	p = decode_fh(p, &args->fh);	362	p = decode_fh(p, &args->fh);
366	if (!p)	363	if (!p)
367	return 0;	364	return 0;
368	if (!xdr_argsize_check(rqstp, p))
369	return 0;
370	args->buffer = page_address(*(rqstp->rq_next_page++));	365	args->buffer = page_address(*(rqstp->rq_next_page++));
371		366
372	return 1;	367	return xdr_argsize_check(rqstp, p);
373	}	368	}
374		369
375	int	370	int
@@ -407,11 +402,9 @@ nfssvc_decode_readdirargs(struct svc_rqst rqstp, __be32 p,
407	args->cookie = ntohl(*p++);	402	args->cookie = ntohl(*p++);
408	args->count = ntohl(*p++);	403	args->count = ntohl(*p++);
409	args->count = min_t(u32, args->count, PAGE_SIZE);	404	args->count = min_t(u32, args->count, PAGE_SIZE);
410	if (!xdr_argsize_check(rqstp, p))
411	return 0;
412	args->buffer = page_address(*(rqstp->rq_next_page++));	405	args->buffer = page_address(*(rqstp->rq_next_page++));
413		406
414	return 1;	407	return xdr_argsize_check(rqstp, p);
415	}	408	}
416		409
417	/*	410	/*