1 files changed, 55 insertions, 44 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 48a0cc17d5c2..afcdf4b76843 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -413,6 +413,18 @@ out_nfserr:
 }
 static __be32
+nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
+{
+        DECODE_HEAD;
+        READ_BUF(sizeof(stateid_t));
+        READ32(sid->si_generation);
+        COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
+        DECODE_TAIL;
+}
+static __be32
 nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
 {
        DECODE_HEAD;
@@ -429,10 +441,9 @@ nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
        DECODE_HEAD;
        close->cl_stateowner = NULL;
-        READ_BUF(4 + sizeof(stateid_t));
+        READ_BUF(4);
        READ32(close->cl_seqid);
-        READ32(close->cl_stateid.si_generation);
+        return nfsd4_decode_stateid(argp, &close->cl_stateid);
-        COPYMEM(&close->cl_stateid.si_opaque, sizeof(stateid_opaque_t));
        DECODE_TAIL;
 }
@@ -493,13 +504,7 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create
 static inline __be32
 nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
 {
-        DECODE_HEAD;
+        return nfsd4_decode_stateid(argp, &dr->dr_stateid);
-        READ_BUF(sizeof(stateid_t));
-        READ32(dr->dr_stateid.si_generation);
-        COPYMEM(&dr->dr_stateid.si_opaque, sizeof(stateid_opaque_t));
-        DECODE_TAIL;
 }
 static inline __be32
@@ -542,20 +547,22 @@ nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
        READ32(lock->lk_is_new);
        if (lock->lk_is_new) {
-                READ_BUF(36);
+                READ_BUF(4);
                READ32(lock->lk_new_open_seqid);
-                READ32(lock->lk_new_open_stateid.si_generation);
+                status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
+                if (status)
-                COPYMEM(&lock->lk_new_open_stateid.si_opaque, sizeof(stateid_opaque_t));
+                        return status;
+                READ_BUF(8 + sizeof(clientid_t));
                READ32(lock->lk_new_lock_seqid);
                COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
                READ32(lock->lk_new_owner.len);
                READ_BUF(lock->lk_new_owner.len);
                READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
        } else {
-                READ_BUF(20);
+                status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
-                READ32(lock->lk_old_lock_stateid.si_generation);
+                if (status)
-                COPYMEM(&lock->lk_old_lock_stateid.si_opaque, sizeof(stateid_opaque_t));
+                        return status;
+                READ_BUF(4);
                READ32(lock->lk_old_lock_seqid);
        }
@@ -587,13 +594,15 @@ nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
        DECODE_HEAD;
        locku->lu_stateowner = NULL;
-        READ_BUF(24 + sizeof(stateid_t));
+        READ_BUF(8);
        READ32(locku->lu_type);
        if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
                goto xdr_error;
        READ32(locku->lu_seqid);
-        READ32(locku->lu_stateid.si_generation);
+        status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
-        COPYMEM(&locku->lu_stateid.si_opaque, sizeof(stateid_opaque_t));
+        if (status)
+                return status;
+        READ_BUF(16);
        READ64(locku->lu_offset);
        READ64(locku->lu_length);
@@ -678,10 +687,10 @@ nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
                READ32(open->op_delegate_type);
                break;
        case NFS4_OPEN_CLAIM_DELEGATE_CUR:
-                READ_BUF(sizeof(stateid_t) + 4);
+                status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
-                READ32(open->op_delegate_stateid.si_generation);
+                if (status)
-                COPYMEM(&open->op_delegate_stateid.si_opaque,
+                        return status;
-                        sizeof(stateid_opaque_t));
+                READ_BUF(4);
                READ32(open->op_fname.len);
                READ_BUF(open->op_fname.len);
                SAVEMEM(open->op_fname.data, open->op_fname.len);
@@ -701,9 +710,10 @@ nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_con
        DECODE_HEAD;
                    
        open_conf->oc_stateowner = NULL;
-        READ_BUF(4 + sizeof(stateid_t));
+        status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
-        READ32(open_conf->oc_req_stateid.si_generation);
+        if (status)
-        COPYMEM(&open_conf->oc_req_stateid.si_opaque, sizeof(stateid_opaque_t));
+                return status;
+        READ_BUF(4);
        READ32(open_conf->oc_seqid);
                                                        
        DECODE_TAIL;
@@ -715,9 +725,10 @@ nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_d
        DECODE_HEAD;
                    
        open_down->od_stateowner = NULL;
-        READ_BUF(12 + sizeof(stateid_t));
+        status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
-        READ32(open_down->od_stateid.si_generation);
+        if (status)
-        COPYMEM(&open_down->od_stateid.si_opaque, sizeof(stateid_opaque_t));
+                return status;
+        READ_BUF(12);
        READ32(open_down->od_seqid);
        READ32(open_down->od_share_access);
        READ32(open_down->od_share_deny);
@@ -745,9 +756,10 @@ nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
 {
        DECODE_HEAD;
-        READ_BUF(sizeof(stateid_t) + 12);
+        status = nfsd4_decode_stateid(argp, &read->rd_stateid);
-        READ32(read->rd_stateid.si_generation);
+        if (status)
-        COPYMEM(&read->rd_stateid.si_opaque, sizeof(stateid_opaque_t));
+                return status;
+        READ_BUF(12);
        READ64(read->rd_offset);
        READ32(read->rd_length);
@@ -836,15 +848,13 @@ nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
 static __be32
 nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
 {
-        DECODE_HEAD;
+        __be32 status;
-        READ_BUF(sizeof(stateid_t));
-        READ32(setattr->sa_stateid.si_generation);
-        COPYMEM(&setattr->sa_stateid.si_opaque, sizeof(stateid_opaque_t));
-        if ((status = nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr, &setattr->sa_acl)))
-                goto out;
-        DECODE_TAIL;
+        status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
+        if (status)
+                return status;
+        return nfsd4_decode_fattr(argp, setattr->sa_bmval,
+                                  &setattr->sa_iattr, &setattr->sa_acl);
 }
 static __be32
@@ -929,9 +939,10 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
        int len;
        DECODE_HEAD;
-        READ_BUF(sizeof(stateid_opaque_t) + 20);
+        status = nfsd4_decode_stateid(argp, &write->wr_stateid);
-        READ32(write->wr_stateid.si_generation);
+        if (status)
-        COPYMEM(&write->wr_stateid.si_opaque, sizeof(stateid_opaque_t));
+                return status;
+        READ_BUF(16);
        READ64(write->wr_offset);
        READ32(write->wr_stable_how);
        if (write->wr_stable_how > 2)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 48a0cc17d5c2..afcdf4b76843 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c
@@ -413,6 +413,18 @@ out_nfserr:
413	}	413	}
414		414
415	static __be32	415	static __be32
		416	nfsd4_decode_stateid(struct nfsd4_compoundargs argp, stateid_t sid)
		417	{
		418	DECODE_HEAD;
		419
		420	READ_BUF(sizeof(stateid_t));
		421	READ32(sid->si_generation);
		422	COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
		423
		424	DECODE_TAIL;
		425	}
		426
		427	static __be32
416	nfsd4_decode_access(struct nfsd4_compoundargs argp, struct nfsd4_access access)	428	nfsd4_decode_access(struct nfsd4_compoundargs argp, struct nfsd4_access access)
417	{	429	{
418	DECODE_HEAD;	430	DECODE_HEAD;
@@ -429,10 +441,9 @@ nfsd4_decode_close(struct nfsd4_compoundargs argp, struct nfsd4_close close)
429	DECODE_HEAD;	441	DECODE_HEAD;
430		442
431	close->cl_stateowner = NULL;	443	close->cl_stateowner = NULL;
432	READ_BUF(4 + sizeof(stateid_t));	444	READ_BUF(4);
433	READ32(close->cl_seqid);	445	READ32(close->cl_seqid);
434	READ32(close->cl_stateid.si_generation);	446	return nfsd4_decode_stateid(argp, &close->cl_stateid);
435	COPYMEM(&close->cl_stateid.si_opaque, sizeof(stateid_opaque_t));
436		447
437	DECODE_TAIL;	448	DECODE_TAIL;
438	}	449	}
@@ -493,13 +504,7 @@ nfsd4_decode_create(struct nfsd4_compoundargs argp, struct nfsd4_create create
493	static inline __be32	504	static inline __be32
494	nfsd4_decode_delegreturn(struct nfsd4_compoundargs argp, struct nfsd4_delegreturn dr)	505	nfsd4_decode_delegreturn(struct nfsd4_compoundargs argp, struct nfsd4_delegreturn dr)
495	{	506	{
496	DECODE_HEAD;	507	return nfsd4_decode_stateid(argp, &dr->dr_stateid);
497
498	READ_BUF(sizeof(stateid_t));
499	READ32(dr->dr_stateid.si_generation);
500	COPYMEM(&dr->dr_stateid.si_opaque, sizeof(stateid_opaque_t));
501
502	DECODE_TAIL;
503	}	508	}
504		509
505	static inline __be32	510	static inline __be32
@@ -542,20 +547,22 @@ nfsd4_decode_lock(struct nfsd4_compoundargs argp, struct nfsd4_lock lock)
542	READ32(lock->lk_is_new);	547	READ32(lock->lk_is_new);
543		548
544	if (lock->lk_is_new) {	549	if (lock->lk_is_new) {
545	READ_BUF(36);	550	READ_BUF(4);
546	READ32(lock->lk_new_open_seqid);	551	READ32(lock->lk_new_open_seqid);
547	READ32(lock->lk_new_open_stateid.si_generation);	552	status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
548		553	if (status)
549	COPYMEM(&lock->lk_new_open_stateid.si_opaque, sizeof(stateid_opaque_t));	554	return status;
		555	READ_BUF(8 + sizeof(clientid_t));
550	READ32(lock->lk_new_lock_seqid);	556	READ32(lock->lk_new_lock_seqid);
551	COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));	557	COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
552	READ32(lock->lk_new_owner.len);	558	READ32(lock->lk_new_owner.len);
553	READ_BUF(lock->lk_new_owner.len);	559	READ_BUF(lock->lk_new_owner.len);
554	READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);	560	READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
555	} else {	561	} else {
556	READ_BUF(20);	562	status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
557	READ32(lock->lk_old_lock_stateid.si_generation);	563	if (status)
558	COPYMEM(&lock->lk_old_lock_stateid.si_opaque, sizeof(stateid_opaque_t));	564	return status;
		565	READ_BUF(4);
559	READ32(lock->lk_old_lock_seqid);	566	READ32(lock->lk_old_lock_seqid);
560	}	567	}
561		568
@@ -587,13 +594,15 @@ nfsd4_decode_locku(struct nfsd4_compoundargs argp, struct nfsd4_locku locku)
587	DECODE_HEAD;	594	DECODE_HEAD;
588		595
589	locku->lu_stateowner = NULL;	596	locku->lu_stateowner = NULL;
590	READ_BUF(24 + sizeof(stateid_t));	597	READ_BUF(8);
591	READ32(locku->lu_type);	598	READ32(locku->lu_type);
592	if ((locku->lu_type < NFS4_READ_LT) \|\| (locku->lu_type > NFS4_WRITEW_LT))	599	if ((locku->lu_type < NFS4_READ_LT) \|\| (locku->lu_type > NFS4_WRITEW_LT))
593	goto xdr_error;	600	goto xdr_error;
594	READ32(locku->lu_seqid);	601	READ32(locku->lu_seqid);
595	READ32(locku->lu_stateid.si_generation);	602	status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
596	COPYMEM(&locku->lu_stateid.si_opaque, sizeof(stateid_opaque_t));	603	if (status)
		604	return status;
		605	READ_BUF(16);
597	READ64(locku->lu_offset);	606	READ64(locku->lu_offset);
598	READ64(locku->lu_length);	607	READ64(locku->lu_length);
599		608
@@ -678,10 +687,10 @@ nfsd4_decode_open(struct nfsd4_compoundargs argp, struct nfsd4_open open)
678	READ32(open->op_delegate_type);	687	READ32(open->op_delegate_type);
679	break;	688	break;
680	case NFS4_OPEN_CLAIM_DELEGATE_CUR:	689	case NFS4_OPEN_CLAIM_DELEGATE_CUR:
681	READ_BUF(sizeof(stateid_t) + 4);	690	status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
682	READ32(open->op_delegate_stateid.si_generation);	691	if (status)
683	COPYMEM(&open->op_delegate_stateid.si_opaque,	692	return status;
684	sizeof(stateid_opaque_t));	693	READ_BUF(4);
685	READ32(open->op_fname.len);	694	READ32(open->op_fname.len);
686	READ_BUF(open->op_fname.len);	695	READ_BUF(open->op_fname.len);
687	SAVEMEM(open->op_fname.data, open->op_fname.len);	696	SAVEMEM(open->op_fname.data, open->op_fname.len);
@@ -701,9 +710,10 @@ nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_con
701	DECODE_HEAD;	710	DECODE_HEAD;
702		711
703	open_conf->oc_stateowner = NULL;	712	open_conf->oc_stateowner = NULL;
704	READ_BUF(4 + sizeof(stateid_t));	713	status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
705	READ32(open_conf->oc_req_stateid.si_generation);	714	if (status)
706	COPYMEM(&open_conf->oc_req_stateid.si_opaque, sizeof(stateid_opaque_t));	715	return status;
		716	READ_BUF(4);
707	READ32(open_conf->oc_seqid);	717	READ32(open_conf->oc_seqid);
708		718
709	DECODE_TAIL;	719	DECODE_TAIL;
@@ -715,9 +725,10 @@ nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_d
715	DECODE_HEAD;	725	DECODE_HEAD;
716		726
717	open_down->od_stateowner = NULL;	727	open_down->od_stateowner = NULL;
718	READ_BUF(12 + sizeof(stateid_t));	728	status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
719	READ32(open_down->od_stateid.si_generation);	729	if (status)
720	COPYMEM(&open_down->od_stateid.si_opaque, sizeof(stateid_opaque_t));	730	return status;
		731	READ_BUF(12);
721	READ32(open_down->od_seqid);	732	READ32(open_down->od_seqid);
722	READ32(open_down->od_share_access);	733	READ32(open_down->od_share_access);
723	READ32(open_down->od_share_deny);	734	READ32(open_down->od_share_deny);
@@ -745,9 +756,10 @@ nfsd4_decode_read(struct nfsd4_compoundargs argp, struct nfsd4_read read)
745	{	756	{
746	DECODE_HEAD;	757	DECODE_HEAD;
747		758
748	READ_BUF(sizeof(stateid_t) + 12);	759	status = nfsd4_decode_stateid(argp, &read->rd_stateid);
749	READ32(read->rd_stateid.si_generation);	760	if (status)
750	COPYMEM(&read->rd_stateid.si_opaque, sizeof(stateid_opaque_t));	761	return status;
		762	READ_BUF(12);
751	READ64(read->rd_offset);	763	READ64(read->rd_offset);
752	READ32(read->rd_length);	764	READ32(read->rd_length);
753		765
@@ -836,15 +848,13 @@ nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
836	static __be32	848	static __be32
837	nfsd4_decode_setattr(struct nfsd4_compoundargs argp, struct nfsd4_setattr setattr)	849	nfsd4_decode_setattr(struct nfsd4_compoundargs argp, struct nfsd4_setattr setattr)
838	{	850	{
839	DECODE_HEAD;	851	__be32 status;
840
841	READ_BUF(sizeof(stateid_t));
842	READ32(setattr->sa_stateid.si_generation);
843	COPYMEM(&setattr->sa_stateid.si_opaque, sizeof(stateid_opaque_t));
844	if ((status = nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr, &setattr->sa_acl)))
845	goto out;
846		852
847	DECODE_TAIL;	853	status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
		854	if (status)
		855	return status;
		856	return nfsd4_decode_fattr(argp, setattr->sa_bmval,
		857	&setattr->sa_iattr, &setattr->sa_acl);
848	}	858	}
849		859
850	static __be32	860	static __be32
@@ -929,9 +939,10 @@ nfsd4_decode_write(struct nfsd4_compoundargs argp, struct nfsd4_write write)
929	int len;	939	int len;
930	DECODE_HEAD;	940	DECODE_HEAD;
931		941
932	READ_BUF(sizeof(stateid_opaque_t) + 20);	942	status = nfsd4_decode_stateid(argp, &write->wr_stateid);
933	READ32(write->wr_stateid.si_generation);	943	if (status)
934	COPYMEM(&write->wr_stateid.si_opaque, sizeof(stateid_opaque_t));	944	return status;
		945	READ_BUF(16);
935	READ64(write->wr_offset);	946	READ64(write->wr_offset);
936	READ32(write->wr_stable_how);	947	READ32(write->wr_stable_how);
937	if (write->wr_stable_how > 2)	948	if (write->wr_stable_how > 2)