diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-02-03 18:30:53 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-02-03 18:50:34 -0500 |
| commit | 331818f1c468a24e581aedcbe52af799366a9dfe (patch) | |
| tree | 9bdbc52833c576e21e83d457d350b5db931ebade /fs/nfs | |
| parent | 7c7ed8ec337bf5f62cc5287a6eb6b2f1b7504c2f (diff) | |
NFSv4: Fix an Oops in the NFSv4 getacl code
Commit bf118a342f10dafe44b14451a1392c3254629a1f (NFSv4: include bitmap
in nfsv4 get acl data) introduces the 'acl_scratch' page for the case
where we may need to decode multi-page data. However it fails to take
into account the fact that the variable may be NULL (for the case where
we're not doing multi-page decode), and it also attaches it to the
encoding xdr_stream rather than the decoding one.
The immediate result is an Oops in nfs4_xdr_enc_getacl due to the
call to page_address() with a NULL page pointer.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Andy Adamson <andros@netapp.com>
Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/nfs')
| -rw-r--r-- | fs/nfs/nfs4proc.c | 8 | ||||
| -rw-r--r-- | fs/nfs/nfs4xdr.c | 5 |
2 files changed, 8 insertions, 5 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index f0c849c98fe4..d202e04aca94 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c | |||
| @@ -3575,8 +3575,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu | |||
| 3575 | } | 3575 | } |
| 3576 | if (npages > 1) { | 3576 | if (npages > 1) { |
| 3577 | /* for decoding across pages */ | 3577 | /* for decoding across pages */ |
| 3578 | args.acl_scratch = alloc_page(GFP_KERNEL); | 3578 | res.acl_scratch = alloc_page(GFP_KERNEL); |
| 3579 | if (!args.acl_scratch) | 3579 | if (!res.acl_scratch) |
| 3580 | goto out_free; | 3580 | goto out_free; |
| 3581 | } | 3581 | } |
| 3582 | args.acl_len = npages * PAGE_SIZE; | 3582 | args.acl_len = npages * PAGE_SIZE; |
| @@ -3612,8 +3612,8 @@ out_free: | |||
| 3612 | for (i = 0; i < npages; i++) | 3612 | for (i = 0; i < npages; i++) |
| 3613 | if (pages[i]) | 3613 | if (pages[i]) |
| 3614 | __free_page(pages[i]); | 3614 | __free_page(pages[i]); |
| 3615 | if (args.acl_scratch) | 3615 | if (res.acl_scratch) |
| 3616 | __free_page(args.acl_scratch); | 3616 | __free_page(res.acl_scratch); |
| 3617 | return ret; | 3617 | return ret; |
| 3618 | } | 3618 | } |
| 3619 | 3619 | ||
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 95e92e438407..33bd8d0f745d 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c | |||
| @@ -2522,7 +2522,6 @@ static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr, | |||
| 2522 | 2522 | ||
| 2523 | xdr_inline_pages(&req->rq_rcv_buf, replen << 2, | 2523 | xdr_inline_pages(&req->rq_rcv_buf, replen << 2, |
| 2524 | args->acl_pages, args->acl_pgbase, args->acl_len); | 2524 | args->acl_pages, args->acl_pgbase, args->acl_len); |
| 2525 | xdr_set_scratch_buffer(xdr, page_address(args->acl_scratch), PAGE_SIZE); | ||
| 2526 | 2525 | ||
| 2527 | encode_nops(&hdr); | 2526 | encode_nops(&hdr); |
| 2528 | } | 2527 | } |
| @@ -6032,6 +6031,10 @@ nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr, | |||
| 6032 | struct compound_hdr hdr; | 6031 | struct compound_hdr hdr; |
| 6033 | int status; | 6032 | int status; |
| 6034 | 6033 | ||
| 6034 | if (res->acl_scratch != NULL) { | ||
| 6035 | void *p = page_address(res->acl_scratch); | ||
| 6036 | xdr_set_scratch_buffer(xdr, p, PAGE_SIZE); | ||
| 6037 | } | ||
| 6035 | status = decode_compound_hdr(xdr, &hdr); | 6038 | status = decode_compound_hdr(xdr, &hdr); |
| 6036 | if (status) | 6039 | if (status) |
| 6037 | goto out; | 6040 | goto out; |