diff options
Diffstat (limited to 'fs/nfs/nfs3xdr.c')
| -rw-r--r-- | fs/nfs/nfs3xdr.c | 196 |
1 files changed, 99 insertions, 97 deletions
diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c index 9769704f8ce6..d9a5e832c257 100644 --- a/fs/nfs/nfs3xdr.c +++ b/fs/nfs/nfs3xdr.c | |||
| @@ -100,6 +100,13 @@ static const umode_t nfs_type2fmt[] = { | |||
| 100 | [NF3FIFO] = S_IFIFO, | 100 | [NF3FIFO] = S_IFIFO, |
| 101 | }; | 101 | }; |
| 102 | 102 | ||
| 103 | static void print_overflow_msg(const char *func, const struct xdr_stream *xdr) | ||
| 104 | { | ||
| 105 | dprintk("nfs: %s: prematurely hit end of receive buffer. " | ||
| 106 | "Remaining buffer length is %tu words.\n", | ||
| 107 | func, xdr->end - xdr->p); | ||
| 108 | } | ||
| 109 | |||
| 103 | /* | 110 | /* |
| 104 | * Common NFS XDR functions as inlines | 111 | * Common NFS XDR functions as inlines |
| 105 | */ | 112 | */ |
| @@ -119,6 +126,29 @@ xdr_decode_fhandle(__be32 *p, struct nfs_fh *fh) | |||
| 119 | return NULL; | 126 | return NULL; |
| 120 | } | 127 | } |
| 121 | 128 | ||
| 129 | static inline __be32 * | ||
| 130 | xdr_decode_fhandle_stream(struct xdr_stream *xdr, struct nfs_fh *fh) | ||
| 131 | { | ||
| 132 | __be32 *p; | ||
| 133 | p = xdr_inline_decode(xdr, 4); | ||
| 134 | if (unlikely(!p)) | ||
| 135 | goto out_overflow; | ||
| 136 | fh->size = ntohl(*p++); | ||
| 137 | |||
| 138 | if (fh->size <= NFS3_FHSIZE) { | ||
| 139 | p = xdr_inline_decode(xdr, fh->size); | ||
| 140 | if (unlikely(!p)) | ||
| 141 | goto out_overflow; | ||
| 142 | memcpy(fh->data, p, fh->size); | ||
| 143 | return p + XDR_QUADLEN(fh->size); | ||
| 144 | } | ||
| 145 | return NULL; | ||
| 146 | |||
| 147 | out_overflow: | ||
| 148 | print_overflow_msg(__func__, xdr); | ||
| 149 | return ERR_PTR(-EIO); | ||
| 150 | } | ||
| 151 | |||
| 122 | /* | 152 | /* |
| 123 | * Encode/decode time. | 153 | * Encode/decode time. |
| 124 | */ | 154 | */ |
| @@ -241,6 +271,26 @@ xdr_decode_post_op_attr(__be32 *p, struct nfs_fattr *fattr) | |||
| 241 | } | 271 | } |
| 242 | 272 | ||
| 243 | static inline __be32 * | 273 | static inline __be32 * |
| 274 | xdr_decode_post_op_attr_stream(struct xdr_stream *xdr, struct nfs_fattr *fattr) | ||
| 275 | { | ||
| 276 | __be32 *p; | ||
| 277 | |||
| 278 | p = xdr_inline_decode(xdr, 4); | ||
| 279 | if (unlikely(!p)) | ||
| 280 | goto out_overflow; | ||
| 281 | if (ntohl(*p++)) { | ||
| 282 | p = xdr_inline_decode(xdr, 84); | ||
| 283 | if (unlikely(!p)) | ||
| 284 | goto out_overflow; | ||
| 285 | p = xdr_decode_fattr(p, fattr); | ||
| 286 | } | ||
| 287 | return p; | ||
| 288 | out_overflow: | ||
| 289 | print_overflow_msg(__func__, xdr); | ||
| 290 | return ERR_PTR(-EIO); | ||
| 291 | } | ||
| 292 | |||
| 293 | static inline __be32 * | ||
| 244 | xdr_decode_pre_op_attr(__be32 *p, struct nfs_fattr *fattr) | 294 | xdr_decode_pre_op_attr(__be32 *p, struct nfs_fattr *fattr) |
| 245 | { | 295 | { |
| 246 | if (*p++) | 296 | if (*p++) |
| @@ -442,12 +492,12 @@ nfs3_xdr_mknodargs(struct rpc_rqst *req, __be32 *p, struct nfs3_mknodargs *args) | |||
| 442 | * Encode RENAME arguments | 492 | * Encode RENAME arguments |
| 443 | */ | 493 | */ |
| 444 | static int | 494 | static int |
| 445 | nfs3_xdr_renameargs(struct rpc_rqst *req, __be32 *p, struct nfs3_renameargs *args) | 495 | nfs3_xdr_renameargs(struct rpc_rqst *req, __be32 *p, struct nfs_renameargs *args) |
| 446 | { | 496 | { |
| 447 | p = xdr_encode_fhandle(p, args->fromfh); | 497 | p = xdr_encode_fhandle(p, args->old_dir); |
| 448 | p = xdr_encode_array(p, args->fromname, args->fromlen); | 498 | p = xdr_encode_array(p, args->old_name->name, args->old_name->len); |
| 449 | p = xdr_encode_fhandle(p, args->tofh); | 499 | p = xdr_encode_fhandle(p, args->new_dir); |
| 450 | p = xdr_encode_array(p, args->toname, args->tolen); | 500 | p = xdr_encode_array(p, args->new_name->name, args->new_name->len); |
| 451 | req->rq_slen = xdr_adjust_iovec(req->rq_svec, p); | 501 | req->rq_slen = xdr_adjust_iovec(req->rq_svec, p); |
| 452 | return 0; | 502 | return 0; |
| 453 | } | 503 | } |
| @@ -504,9 +554,8 @@ nfs3_xdr_readdirres(struct rpc_rqst *req, __be32 *p, struct nfs3_readdirres *res | |||
| 504 | struct kvec *iov = rcvbuf->head; | 554 | struct kvec *iov = rcvbuf->head; |
| 505 | struct page **page; | 555 | struct page **page; |
| 506 | size_t hdrlen; | 556 | size_t hdrlen; |
| 507 | u32 len, recvd, pglen; | 557 | u32 recvd, pglen; |
| 508 | int status, nr = 0; | 558 | int status, nr = 0; |
| 509 | __be32 *entry, *end, *kaddr; | ||
| 510 | 559 | ||
| 511 | status = ntohl(*p++); | 560 | status = ntohl(*p++); |
| 512 | /* Decode post_op_attrs */ | 561 | /* Decode post_op_attrs */ |
| @@ -536,99 +585,38 @@ nfs3_xdr_readdirres(struct rpc_rqst *req, __be32 *p, struct nfs3_readdirres *res | |||
| 536 | if (pglen > recvd) | 585 | if (pglen > recvd) |
| 537 | pglen = recvd; | 586 | pglen = recvd; |
| 538 | page = rcvbuf->pages; | 587 | page = rcvbuf->pages; |
| 539 | kaddr = p = kmap_atomic(*page, KM_USER0); | ||
| 540 | end = (__be32 *)((char *)p + pglen); | ||
| 541 | entry = p; | ||
| 542 | |||
| 543 | /* Make sure the packet actually has a value_follows and EOF entry */ | ||
| 544 | if ((entry + 1) > end) | ||
| 545 | goto short_pkt; | ||
| 546 | |||
| 547 | for (; *p++; nr++) { | ||
| 548 | if (p + 3 > end) | ||
| 549 | goto short_pkt; | ||
| 550 | p += 2; /* inode # */ | ||
| 551 | len = ntohl(*p++); /* string length */ | ||
| 552 | p += XDR_QUADLEN(len) + 2; /* name + cookie */ | ||
| 553 | if (len > NFS3_MAXNAMLEN) { | ||
| 554 | dprintk("NFS: giant filename in readdir (len 0x%x)!\n", | ||
| 555 | len); | ||
| 556 | goto err_unmap; | ||
| 557 | } | ||
| 558 | 588 | ||
| 559 | if (res->plus) { | ||
| 560 | /* post_op_attr */ | ||
| 561 | if (p + 2 > end) | ||
| 562 | goto short_pkt; | ||
| 563 | if (*p++) { | ||
| 564 | p += 21; | ||
| 565 | if (p + 1 > end) | ||
| 566 | goto short_pkt; | ||
| 567 | } | ||
| 568 | /* post_op_fh3 */ | ||
| 569 | if (*p++) { | ||
| 570 | if (p + 1 > end) | ||
| 571 | goto short_pkt; | ||
| 572 | len = ntohl(*p++); | ||
| 573 | if (len > NFS3_FHSIZE) { | ||
| 574 | dprintk("NFS: giant filehandle in " | ||
| 575 | "readdir (len 0x%x)!\n", len); | ||
| 576 | goto err_unmap; | ||
| 577 | } | ||
| 578 | p += XDR_QUADLEN(len); | ||
| 579 | } | ||
| 580 | } | ||
| 581 | |||
| 582 | if (p + 2 > end) | ||
| 583 | goto short_pkt; | ||
| 584 | entry = p; | ||
| 585 | } | ||
| 586 | |||
| 587 | /* | ||
| 588 | * Apparently some server sends responses that are a valid size, but | ||
| 589 | * contain no entries, and have value_follows==0 and EOF==0. For | ||
| 590 | * those, just set the EOF marker. | ||
| 591 | */ | ||
| 592 | if (!nr && entry[1] == 0) { | ||
| 593 | dprintk("NFS: readdir reply truncated!\n"); | ||
| 594 | entry[1] = 1; | ||
| 595 | } | ||
| 596 | out: | ||
| 597 | kunmap_atomic(kaddr, KM_USER0); | ||
| 598 | return nr; | 589 | return nr; |
| 599 | short_pkt: | ||
| 600 | /* | ||
| 601 | * When we get a short packet there are 2 possibilities. We can | ||
| 602 | * return an error, or fix up the response to look like a valid | ||
| 603 | * response and return what we have so far. If there are no | ||
| 604 | * entries and the packet was short, then return -EIO. If there | ||
| 605 | * are valid entries in the response, return them and pretend that | ||
| 606 | * the call was successful, but incomplete. The caller can retry the | ||
| 607 | * readdir starting at the last cookie. | ||
| 608 | */ | ||
| 609 | entry[0] = entry[1] = 0; | ||
| 610 | if (!nr) | ||
| 611 | nr = -errno_NFSERR_IO; | ||
| 612 | goto out; | ||
| 613 | err_unmap: | ||
| 614 | nr = -errno_NFSERR_IO; | ||
| 615 | goto out; | ||
| 616 | } | 590 | } |
| 617 | 591 | ||
| 618 | __be32 * | 592 | __be32 * |
| 619 | nfs3_decode_dirent(__be32 *p, struct nfs_entry *entry, int plus) | 593 | nfs3_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry, struct nfs_server *server, int plus) |
| 620 | { | 594 | { |
| 595 | __be32 *p; | ||
| 621 | struct nfs_entry old = *entry; | 596 | struct nfs_entry old = *entry; |
| 622 | 597 | ||
| 623 | if (!*p++) { | 598 | p = xdr_inline_decode(xdr, 4); |
| 624 | if (!*p) | 599 | if (unlikely(!p)) |
| 600 | goto out_overflow; | ||
| 601 | if (!ntohl(*p++)) { | ||
| 602 | p = xdr_inline_decode(xdr, 4); | ||
| 603 | if (unlikely(!p)) | ||
| 604 | goto out_overflow; | ||
| 605 | if (!ntohl(*p++)) | ||
| 625 | return ERR_PTR(-EAGAIN); | 606 | return ERR_PTR(-EAGAIN); |
| 626 | entry->eof = 1; | 607 | entry->eof = 1; |
| 627 | return ERR_PTR(-EBADCOOKIE); | 608 | return ERR_PTR(-EBADCOOKIE); |
| 628 | } | 609 | } |
| 629 | 610 | ||
| 611 | p = xdr_inline_decode(xdr, 12); | ||
| 612 | if (unlikely(!p)) | ||
| 613 | goto out_overflow; | ||
| 630 | p = xdr_decode_hyper(p, &entry->ino); | 614 | p = xdr_decode_hyper(p, &entry->ino); |
| 631 | entry->len = ntohl(*p++); | 615 | entry->len = ntohl(*p++); |
| 616 | |||
| 617 | p = xdr_inline_decode(xdr, entry->len + 8); | ||
| 618 | if (unlikely(!p)) | ||
| 619 | goto out_overflow; | ||
| 632 | entry->name = (const char *) p; | 620 | entry->name = (const char *) p; |
| 633 | p += XDR_QUADLEN(entry->len); | 621 | p += XDR_QUADLEN(entry->len); |
| 634 | entry->prev_cookie = entry->cookie; | 622 | entry->prev_cookie = entry->cookie; |
| @@ -636,10 +624,17 @@ nfs3_decode_dirent(__be32 *p, struct nfs_entry *entry, int plus) | |||
| 636 | 624 | ||
| 637 | if (plus) { | 625 | if (plus) { |
| 638 | entry->fattr->valid = 0; | 626 | entry->fattr->valid = 0; |
| 639 | p = xdr_decode_post_op_attr(p, entry->fattr); | 627 | p = xdr_decode_post_op_attr_stream(xdr, entry->fattr); |
| 628 | if (IS_ERR(p)) | ||
| 629 | goto out_overflow_exit; | ||
| 640 | /* In fact, a post_op_fh3: */ | 630 | /* In fact, a post_op_fh3: */ |
| 631 | p = xdr_inline_decode(xdr, 4); | ||
| 632 | if (unlikely(!p)) | ||
| 633 | goto out_overflow; | ||
| 641 | if (*p++) { | 634 | if (*p++) { |
| 642 | p = xdr_decode_fhandle(p, entry->fh); | 635 | p = xdr_decode_fhandle_stream(xdr, entry->fh); |
| 636 | if (IS_ERR(p)) | ||
| 637 | goto out_overflow_exit; | ||
| 643 | /* Ugh -- server reply was truncated */ | 638 | /* Ugh -- server reply was truncated */ |
| 644 | if (p == NULL) { | 639 | if (p == NULL) { |
| 645 | dprintk("NFS: FH truncated\n"); | 640 | dprintk("NFS: FH truncated\n"); |
| @@ -650,8 +645,18 @@ nfs3_decode_dirent(__be32 *p, struct nfs_entry *entry, int plus) | |||
| 650 | memset((u8*)(entry->fh), 0, sizeof(*entry->fh)); | 645 | memset((u8*)(entry->fh), 0, sizeof(*entry->fh)); |
| 651 | } | 646 | } |
| 652 | 647 | ||
| 653 | entry->eof = !p[0] && p[1]; | 648 | p = xdr_inline_peek(xdr, 8); |
| 649 | if (p != NULL) | ||
| 650 | entry->eof = !p[0] && p[1]; | ||
| 651 | else | ||
| 652 | entry->eof = 0; | ||
| 653 | |||
| 654 | return p; | 654 | return p; |
| 655 | |||
| 656 | out_overflow: | ||
| 657 | print_overflow_msg(__func__, xdr); | ||
| 658 | out_overflow_exit: | ||
| 659 | return ERR_PTR(-EIO); | ||
| 655 | } | 660 | } |
| 656 | 661 | ||
| 657 | /* | 662 | /* |
| @@ -824,7 +829,6 @@ nfs3_xdr_readlinkres(struct rpc_rqst *req, __be32 *p, struct nfs_fattr *fattr) | |||
| 824 | struct kvec *iov = rcvbuf->head; | 829 | struct kvec *iov = rcvbuf->head; |
| 825 | size_t hdrlen; | 830 | size_t hdrlen; |
| 826 | u32 len, recvd; | 831 | u32 len, recvd; |
| 827 | char *kaddr; | ||
| 828 | int status; | 832 | int status; |
| 829 | 833 | ||
| 830 | status = ntohl(*p++); | 834 | status = ntohl(*p++); |
| @@ -857,10 +861,7 @@ nfs3_xdr_readlinkres(struct rpc_rqst *req, __be32 *p, struct nfs_fattr *fattr) | |||
| 857 | return -EIO; | 861 | return -EIO; |
| 858 | } | 862 | } |
| 859 | 863 | ||
| 860 | /* NULL terminate the string we got */ | 864 | xdr_terminate_string(rcvbuf, len); |
| 861 | kaddr = (char*)kmap_atomic(rcvbuf->pages[0], KM_USER0); | ||
| 862 | kaddr[len+rcvbuf->page_base] = '\0'; | ||
| 863 | kunmap_atomic(kaddr, KM_USER0); | ||
| 864 | return 0; | 865 | return 0; |
| 865 | } | 866 | } |
| 866 | 867 | ||
| @@ -970,14 +971,14 @@ nfs3_xdr_createres(struct rpc_rqst *req, __be32 *p, struct nfs3_diropres *res) | |||
| 970 | * Decode RENAME reply | 971 | * Decode RENAME reply |
| 971 | */ | 972 | */ |
| 972 | static int | 973 | static int |
| 973 | nfs3_xdr_renameres(struct rpc_rqst *req, __be32 *p, struct nfs3_renameres *res) | 974 | nfs3_xdr_renameres(struct rpc_rqst *req, __be32 *p, struct nfs_renameres *res) |
| 974 | { | 975 | { |
| 975 | int status; | 976 | int status; |
| 976 | 977 | ||
| 977 | if ((status = ntohl(*p++)) != 0) | 978 | if ((status = ntohl(*p++)) != 0) |
| 978 | status = nfs_stat_to_errno(status); | 979 | status = nfs_stat_to_errno(status); |
| 979 | p = xdr_decode_wcc_data(p, res->fromattr); | 980 | p = xdr_decode_wcc_data(p, res->old_fattr); |
| 980 | p = xdr_decode_wcc_data(p, res->toattr); | 981 | p = xdr_decode_wcc_data(p, res->new_fattr); |
| 981 | return status; | 982 | return status; |
| 982 | } | 983 | } |
| 983 | 984 | ||
| @@ -1043,8 +1044,9 @@ nfs3_xdr_fsinfores(struct rpc_rqst *req, __be32 *p, struct nfs_fsinfo *res) | |||
| 1043 | res->wtmult = ntohl(*p++); | 1044 | res->wtmult = ntohl(*p++); |
| 1044 | res->dtpref = ntohl(*p++); | 1045 | res->dtpref = ntohl(*p++); |
| 1045 | p = xdr_decode_hyper(p, &res->maxfilesize); | 1046 | p = xdr_decode_hyper(p, &res->maxfilesize); |
| 1047 | p = xdr_decode_time3(p, &res->time_delta); | ||
| 1046 | 1048 | ||
| 1047 | /* ignore time_delta and properties */ | 1049 | /* ignore properties */ |
| 1048 | res->lease_time = 0; | 1050 | res->lease_time = 0; |
| 1049 | return 0; | 1051 | return 0; |
| 1050 | } | 1052 | } |