diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-09-02 13:58:11 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-09-02 13:58:11 -0400 |
| commit | e77295dc9e6b52281ae85af4068f13752524e9f4 (patch) | |
| tree | fca6b723f6c91f2af79b28f05c05e114720fbe66 /fs | |
| parent | 1136cf11066a32d4ac2a476dac302858d763703d (diff) | |
| parent | 91b80969ba466ba4b915a4a1d03add8c297add3f (diff) | |
Merge branch 'for-2.6.27' of git://linux-nfs.org/~bfields/linux
* 'for-2.6.27' of git://linux-nfs.org/~bfields/linux:
nfsd: fix buffer overrun decoding NFSv4 acl
sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports
nfsd: fix compound state allocation error handling
svcrdma: Fix race between svc_rdma_recvfrom thread and the dto_tasklet
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfsd/nfs4acl.c | 2 | ||||
| -rw-r--r-- | fs/nfsd/nfs4proc.c | 12 |
2 files changed, 7 insertions, 7 deletions
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index b6ed38380ab8..54b8b4140c8f 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c | |||
| @@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt) | |||
| 443 | * enough space for either: | 443 | * enough space for either: |
| 444 | */ | 444 | */ |
| 445 | alloc = sizeof(struct posix_ace_state_array) | 445 | alloc = sizeof(struct posix_ace_state_array) |
| 446 | + cnt*sizeof(struct posix_ace_state); | 446 | + cnt*sizeof(struct posix_user_ace_state); |
| 447 | state->users = kzalloc(alloc, GFP_KERNEL); | 447 | state->users = kzalloc(alloc, GFP_KERNEL); |
| 448 | if (!state->users) | 448 | if (!state->users) |
| 449 | return -ENOMEM; | 449 | return -ENOMEM; |
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 2e51adac65de..e5b51ffafc6c 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c | |||
| @@ -867,11 +867,6 @@ nfsd4_proc_compound(struct svc_rqst *rqstp, | |||
| 867 | int slack_bytes; | 867 | int slack_bytes; |
| 868 | __be32 status; | 868 | __be32 status; |
| 869 | 869 | ||
| 870 | status = nfserr_resource; | ||
| 871 | cstate = cstate_alloc(); | ||
| 872 | if (cstate == NULL) | ||
| 873 | goto out; | ||
| 874 | |||
| 875 | resp->xbuf = &rqstp->rq_res; | 870 | resp->xbuf = &rqstp->rq_res; |
| 876 | resp->p = rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len; | 871 | resp->p = rqstp->rq_res.head[0].iov_base + rqstp->rq_res.head[0].iov_len; |
| 877 | resp->tagp = resp->p; | 872 | resp->tagp = resp->p; |
| @@ -890,6 +885,11 @@ nfsd4_proc_compound(struct svc_rqst *rqstp, | |||
| 890 | if (args->minorversion > NFSD_SUPPORTED_MINOR_VERSION) | 885 | if (args->minorversion > NFSD_SUPPORTED_MINOR_VERSION) |
| 891 | goto out; | 886 | goto out; |
| 892 | 887 | ||
| 888 | status = nfserr_resource; | ||
| 889 | cstate = cstate_alloc(); | ||
| 890 | if (cstate == NULL) | ||
| 891 | goto out; | ||
| 892 | |||
| 893 | status = nfs_ok; | 893 | status = nfs_ok; |
| 894 | while (!status && resp->opcnt < args->opcnt) { | 894 | while (!status && resp->opcnt < args->opcnt) { |
| 895 | op = &args->ops[resp->opcnt++]; | 895 | op = &args->ops[resp->opcnt++]; |
| @@ -957,9 +957,9 @@ encode_op: | |||
| 957 | nfsd4_increment_op_stats(op->opnum); | 957 | nfsd4_increment_op_stats(op->opnum); |
| 958 | } | 958 | } |
| 959 | 959 | ||
| 960 | cstate_free(cstate); | ||
| 960 | out: | 961 | out: |
| 961 | nfsd4_release_compoundargs(args); | 962 | nfsd4_release_compoundargs(args); |
| 962 | cstate_free(cstate); | ||
| 963 | dprintk("nfsv4 compound returned %d\n", ntohl(status)); | 963 | dprintk("nfsv4 compound returned %d\n", ntohl(status)); |
| 964 | return status; | 964 | return status; |
| 965 | } | 965 | } |