diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-25 13:48:29 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-10-25 13:48:29 -0700 |
commit | 74eb94b218d087798a52c0b4f1379b635287a4b8 (patch) | |
tree | 4e467c3014c2b1169f6f71d88cf5d1598f3ce28e /fs/nfs/nfs2xdr.c | |
parent | 7b6181e06841f5ad15c4ff708b967b4db65a64de (diff) | |
parent | 9a84d38031c258a17bb39beed1e500eadee67407 (diff) | |
download | kernel_samsung_smdk4412-74eb94b218d087798a52c0b4f1379b635287a4b8.zip kernel_samsung_smdk4412-74eb94b218d087798a52c0b4f1379b635287a4b8.tar.gz kernel_samsung_smdk4412-74eb94b218d087798a52c0b4f1379b635287a4b8.tar.bz2 |
Merge branch 'nfs-for-2.6.37' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6
* 'nfs-for-2.6.37' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: (67 commits)
SUNRPC: Cleanup duplicate assignment in rpcauth_refreshcred
nfs: fix unchecked value
Ask for time_delta during fsinfo probe
Revalidate caches on lock
SUNRPC: After calling xprt_release(), we must restart from call_reserve
NFSv4: Fix up the 'dircount' hint in encode_readdir
NFSv4: Clean up nfs4_decode_dirent
NFSv4: nfs4_decode_dirent must clear entry->fattr->valid
NFSv4: Fix a regression in decode_getfattr
NFSv4: Fix up decode_attr_filehandle() to handle the case of empty fh pointer
NFS: Ensure we check all allocation return values in new readdir code
NFS: Readdir plus in v4
NFS: introduce generic decode_getattr function
NFS: check xdr_decode for errors
NFS: nfs_readdir_filler catch all errors
NFS: readdir with vmapped pages
NFS: remove page size checking code
NFS: decode_dirent should use an xdr_stream
SUNRPC: Add a helper function xdr_inline_peek
NFS: remove readdir plus limit
...
Diffstat (limited to 'fs/nfs/nfs2xdr.c')
-rw-r--r-- | fs/nfs/nfs2xdr.c | 107 |
1 files changed, 40 insertions, 67 deletions
diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c index db8846a..e6bf457 100644 --- a/fs/nfs/nfs2xdr.c +++ b/fs/nfs/nfs2xdr.c @@ -337,10 +337,10 @@ nfs_xdr_createargs(struct rpc_rqst *req, __be32 *p, struct nfs_createargs *args) static int nfs_xdr_renameargs(struct rpc_rqst *req, __be32 *p, struct nfs_renameargs *args) { - p = xdr_encode_fhandle(p, args->fromfh); - p = xdr_encode_array(p, args->fromname, args->fromlen); - p = xdr_encode_fhandle(p, args->tofh); - p = xdr_encode_array(p, args->toname, args->tolen); + p = xdr_encode_fhandle(p, args->old_dir); + p = xdr_encode_array(p, args->old_name->name, args->old_name->len); + p = xdr_encode_fhandle(p, args->new_dir); + p = xdr_encode_array(p, args->new_name->name, args->new_name->len); req->rq_slen = xdr_adjust_iovec(req->rq_svec, p); return 0; } @@ -423,9 +423,7 @@ nfs_xdr_readdirres(struct rpc_rqst *req, __be32 *p, void *dummy) struct page **page; size_t hdrlen; unsigned int pglen, recvd; - u32 len; int status, nr = 0; - __be32 *end, *entry, *kaddr; if ((status = ntohl(*p++))) return nfs_stat_to_errno(status); @@ -445,80 +443,59 @@ nfs_xdr_readdirres(struct rpc_rqst *req, __be32 *p, void *dummy) if (pglen > recvd) pglen = recvd; page = rcvbuf->pages; - kaddr = p = kmap_atomic(*page, KM_USER0); - end = (__be32 *)((char *)p + pglen); - entry = p; - - /* Make sure the packet actually has a value_follows and EOF entry */ - if ((entry + 1) > end) - goto short_pkt; - - for (; *p++; nr++) { - if (p + 2 > end) - goto short_pkt; - p++; /* fileid */ - len = ntohl(*p++); - p += XDR_QUADLEN(len) + 1; /* name plus cookie */ - if (len > NFS2_MAXNAMLEN) { - dprintk("NFS: giant filename in readdir (len 0x%x)!\n", - len); - goto err_unmap; - } - if (p + 2 > end) - goto short_pkt; - entry = p; - } - - /* - * Apparently some server sends responses that are a valid size, but - * contain no entries, and have value_follows==0 and EOF==0. For - * those, just set the EOF marker. - */ - if (!nr && entry[1] == 0) { - dprintk("NFS: readdir reply truncated!\n"); - entry[1] = 1; - } - out: - kunmap_atomic(kaddr, KM_USER0); return nr; - short_pkt: - /* - * When we get a short packet there are 2 possibilities. We can - * return an error, or fix up the response to look like a valid - * response and return what we have so far. If there are no - * entries and the packet was short, then return -EIO. If there - * are valid entries in the response, return them and pretend that - * the call was successful, but incomplete. The caller can retry the - * readdir starting at the last cookie. - */ - entry[0] = entry[1] = 0; - if (!nr) - nr = -errno_NFSERR_IO; - goto out; -err_unmap: - nr = -errno_NFSERR_IO; - goto out; +} + +static void print_overflow_msg(const char *func, const struct xdr_stream *xdr) +{ + dprintk("nfs: %s: prematurely hit end of receive buffer. " + "Remaining buffer length is %tu words.\n", + func, xdr->end - xdr->p); } __be32 * -nfs_decode_dirent(__be32 *p, struct nfs_entry *entry, int plus) +nfs_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry, struct nfs_server *server, int plus) { - if (!*p++) { - if (!*p) + __be32 *p; + p = xdr_inline_decode(xdr, 4); + if (unlikely(!p)) + goto out_overflow; + if (!ntohl(*p++)) { + p = xdr_inline_decode(xdr, 4); + if (unlikely(!p)) + goto out_overflow; + if (!ntohl(*p++)) return ERR_PTR(-EAGAIN); entry->eof = 1; return ERR_PTR(-EBADCOOKIE); } + p = xdr_inline_decode(xdr, 8); + if (unlikely(!p)) + goto out_overflow; + entry->ino = ntohl(*p++); entry->len = ntohl(*p++); + + p = xdr_inline_decode(xdr, entry->len + 4); + if (unlikely(!p)) + goto out_overflow; entry->name = (const char *) p; p += XDR_QUADLEN(entry->len); entry->prev_cookie = entry->cookie; entry->cookie = ntohl(*p++); - entry->eof = !p[0] && p[1]; + + p = xdr_inline_peek(xdr, 8); + if (p != NULL) + entry->eof = !p[0] && p[1]; + else + entry->eof = 0; return p; + +out_overflow: + print_overflow_msg(__func__, xdr); + return ERR_PTR(-EIO); } /* @@ -596,7 +573,6 @@ nfs_xdr_readlinkres(struct rpc_rqst *req, __be32 *p, void *dummy) struct kvec *iov = rcvbuf->head; size_t hdrlen; u32 len, recvd; - char *kaddr; int status; if ((status = ntohl(*p++))) @@ -623,10 +599,7 @@ nfs_xdr_readlinkres(struct rpc_rqst *req, __be32 *p, void *dummy) return -EIO; } - /* NULL terminate the string we got */ - kaddr = (char *)kmap_atomic(rcvbuf->pages[0], KM_USER0); - kaddr[len+rcvbuf->page_base] = '\0'; - kunmap_atomic(kaddr, KM_USER0); + xdr_terminate_string(rcvbuf, len); return 0; } |