aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/nfsd/nfs4xdr.c33
1 files changed, 16 insertions, 17 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index a23fa002e0d0..2d305a121f37 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -98,10 +98,6 @@ xdr_error: \
98 status = nfserr_bad_xdr; \ 98 status = nfserr_bad_xdr; \
99 goto out 99 goto out
100 100
101#define READ64(x) do { \
102 (x) = (u64)ntohl(*p++) << 32; \
103 (x) |= ntohl(*p++); \
104} while (0)
105#define READMEM(x,nbytes) do { \ 101#define READMEM(x,nbytes) do { \
106 x = (char *)p; \ 102 x = (char *)p; \
107 p += XDR_QUADLEN(nbytes); \ 103 p += XDR_QUADLEN(nbytes); \
@@ -269,6 +265,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
269{ 265{
270 int expected_len, len = 0; 266 int expected_len, len = 0;
271 u32 dummy32; 267 u32 dummy32;
268 u64 sec;
272 char *buf; 269 char *buf;
273 270
274 DECODE_HEAD; 271 DECODE_HEAD;
@@ -282,7 +279,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
282 if (bmval[0] & FATTR4_WORD0_SIZE) { 279 if (bmval[0] & FATTR4_WORD0_SIZE) {
283 READ_BUF(8); 280 READ_BUF(8);
284 len += 8; 281 len += 8;
285 READ64(iattr->ia_size); 282 p = xdr_decode_hyper(p, &iattr->ia_size);
286 iattr->ia_valid |= ATTR_SIZE; 283 iattr->ia_valid |= ATTR_SIZE;
287 } 284 }
288 if (bmval[0] & FATTR4_WORD0_ACL) { 285 if (bmval[0] & FATTR4_WORD0_ACL) {
@@ -365,7 +362,8 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
365 all 32 bits of 'nseconds'. */ 362 all 32 bits of 'nseconds'. */
366 READ_BUF(12); 363 READ_BUF(12);
367 len += 12; 364 len += 12;
368 READ64(iattr->ia_atime.tv_sec); 365 p = xdr_decode_hyper(p, &sec);
366 iattr->ia_atime.tv_sec = (time_t)sec;
369 iattr->ia_atime.tv_nsec = be32_to_cpup(p++); 367 iattr->ia_atime.tv_nsec = be32_to_cpup(p++);
370 if (iattr->ia_atime.tv_nsec >= (u32)1000000000) 368 if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
371 return nfserr_inval; 369 return nfserr_inval;
@@ -388,7 +386,8 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
388 all 32 bits of 'nseconds'. */ 386 all 32 bits of 'nseconds'. */
389 READ_BUF(12); 387 READ_BUF(12);
390 len += 12; 388 len += 12;
391 READ64(iattr->ia_mtime.tv_sec); 389 p = xdr_decode_hyper(p, &sec);
390 iattr->ia_mtime.tv_sec = sec;
392 iattr->ia_mtime.tv_nsec = be32_to_cpup(p++); 391 iattr->ia_mtime.tv_nsec = be32_to_cpup(p++);
393 if (iattr->ia_mtime.tv_nsec >= (u32)1000000000) 392 if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
394 return nfserr_inval; 393 return nfserr_inval;
@@ -583,7 +582,7 @@ nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit
583 DECODE_HEAD; 582 DECODE_HEAD;
584 583
585 READ_BUF(12); 584 READ_BUF(12);
586 READ64(commit->co_offset); 585 p = xdr_decode_hyper(p, &commit->co_offset);
587 commit->co_count = be32_to_cpup(p++); 586 commit->co_count = be32_to_cpup(p++);
588 587
589 DECODE_TAIL; 588 DECODE_TAIL;
@@ -671,8 +670,8 @@ nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
671 if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT)) 670 if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
672 goto xdr_error; 671 goto xdr_error;
673 lock->lk_reclaim = be32_to_cpup(p++); 672 lock->lk_reclaim = be32_to_cpup(p++);
674 READ64(lock->lk_offset); 673 p = xdr_decode_hyper(p, &lock->lk_offset);
675 READ64(lock->lk_length); 674 p = xdr_decode_hyper(p, &lock->lk_length);
676 lock->lk_is_new = be32_to_cpup(p++); 675 lock->lk_is_new = be32_to_cpup(p++);
677 676
678 if (lock->lk_is_new) { 677 if (lock->lk_is_new) {
@@ -707,8 +706,8 @@ nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
707 lockt->lt_type = be32_to_cpup(p++); 706 lockt->lt_type = be32_to_cpup(p++);
708 if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT)) 707 if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
709 goto xdr_error; 708 goto xdr_error;
710 READ64(lockt->lt_offset); 709 p = xdr_decode_hyper(p, &lockt->lt_offset);
711 READ64(lockt->lt_length); 710 p = xdr_decode_hyper(p, &lockt->lt_length);
712 COPYMEM(&lockt->lt_clientid, 8); 711 COPYMEM(&lockt->lt_clientid, 8);
713 lockt->lt_owner.len = be32_to_cpup(p++); 712 lockt->lt_owner.len = be32_to_cpup(p++);
714 READ_BUF(lockt->lt_owner.len); 713 READ_BUF(lockt->lt_owner.len);
@@ -731,8 +730,8 @@ nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
731 if (status) 730 if (status)
732 return status; 731 return status;
733 READ_BUF(16); 732 READ_BUF(16);
734 READ64(locku->lu_offset); 733 p = xdr_decode_hyper(p, &locku->lu_offset);
735 READ64(locku->lu_length); 734 p = xdr_decode_hyper(p, &locku->lu_length);
736 735
737 DECODE_TAIL; 736 DECODE_TAIL;
738} 737}
@@ -1018,7 +1017,7 @@ nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1018 if (status) 1017 if (status)
1019 return status; 1018 return status;
1020 READ_BUF(12); 1019 READ_BUF(12);
1021 READ64(read->rd_offset); 1020 p = xdr_decode_hyper(p, &read->rd_offset);
1022 read->rd_length = be32_to_cpup(p++); 1021 read->rd_length = be32_to_cpup(p++);
1023 1022
1024 DECODE_TAIL; 1023 DECODE_TAIL;
@@ -1030,7 +1029,7 @@ nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *read
1030 DECODE_HEAD; 1029 DECODE_HEAD;
1031 1030
1032 READ_BUF(24); 1031 READ_BUF(24);
1033 READ64(readdir->rd_cookie); 1032 p = xdr_decode_hyper(p, &readdir->rd_cookie);
1034 COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data)); 1033 COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1035 readdir->rd_dircount = be32_to_cpup(p++); 1034 readdir->rd_dircount = be32_to_cpup(p++);
1036 readdir->rd_maxcount = be32_to_cpup(p++); 1035 readdir->rd_maxcount = be32_to_cpup(p++);
@@ -1203,7 +1202,7 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1203 if (status) 1202 if (status)
1204 return status; 1203 return status;
1205 READ_BUF(16); 1204 READ_BUF(16);
1206 READ64(write->wr_offset); 1205 p = xdr_decode_hyper(p, &write->wr_offset);
1207 write->wr_stable_how = be32_to_cpup(p++); 1206 write->wr_stable_how = be32_to_cpup(p++);
1208 if (write->wr_stable_how > 2) 1207 if (write->wr_stable_how > 2)
1209 goto xdr_error; 1208 goto xdr_error;