From patchwork Sun Nov 21 19:21:21 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Trond Myklebust <Trond.Myklebust@netapp.com>
X-Patchwork-Id: 346101
X-Patchwork-Delegate: Trond.Myklebust@netapp.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oALJLpoA014641
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sun, 21 Nov 2010 19:21:56 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751369Ab0KUTVu (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Sun, 21 Nov 2010 14:21:50 -0500
Received: from mx2.netapp.com ([216.240.18.37]:39506 "EHLO mx2.netapp.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754883Ab0KUTVq (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Sun, 21 Nov 2010 14:21:46 -0500
X-IronPort-AV: E=Sophos;i="4.59,232,1288594800"; d="scan'208";a="485296823"
Received: from smtp1.corp.netapp.com ([10.57.156.124])
	by mx2-out.netapp.com with ESMTP; 21 Nov 2010 11:21:34 -0800
Received: from heimdal.trondhjem.org.com ([10.58.57.137])
	by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id
	oALJLTjc027910; Sun, 21 Nov 2010 11:21:33 -0800 (PST)
From: Trond Myklebust <Trond.Myklebust@netapp.com>
To: linux-nfs@vger.kernel.org
Subject: [PATCH 7/8] NFS: Correct the array bound calculation in
	nfs_readdir_add_to_array
Date: Sun, 21 Nov 2010 14:21:21 -0500
Message-Id: <1290367282-5445-7-git-send-email-Trond.Myklebust@netapp.com>
X-Mailer: git-send-email 1.7.3.2
In-Reply-To: <1290367282-5445-6-git-send-email-Trond.Myklebust@netapp.com>
References: <1290367282-5445-1-git-send-email-Trond.Myklebust@netapp.com>
	<1290367282-5445-2-git-send-email-Trond.Myklebust@netapp.com>
	<1290367282-5445-3-git-send-email-Trond.Myklebust@netapp.com>
	<1290367282-5445-4-git-send-email-Trond.Myklebust@netapp.com>
	<1290367282-5445-5-git-send-email-Trond.Myklebust@netapp.com>
	<1290367282-5445-6-git-send-email-Trond.Myklebust@netapp.com>
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]);
	Sun, 21 Nov 2010 19:21:57 +0000 (UTC)


diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index ddc2e43..ced7291 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -171,8 +171,6 @@ struct nfs_cache_array {
 	struct nfs_cache_array_entry array[0];
 };
 
-#define MAX_READDIR_ARRAY ((PAGE_SIZE - sizeof(struct nfs_cache_array)) / sizeof(struct nfs_cache_array_entry))
-
 typedef __be32 * (*decode_dirent_t)(struct xdr_stream *, struct nfs_entry *, struct nfs_server *, int);
 typedef struct {
 	struct file	*file;
@@ -257,11 +255,14 @@ int nfs_readdir_add_to_array(struct nfs_entry *entry, struct page *page)
 
 	if (IS_ERR(array))
 		return PTR_ERR(array);
+
+	cache_entry = &array->array[array->size];
+
+	/* Check that this entry lies within the page bounds */
 	ret = -ENOSPC;
-	if (array->size >= MAX_READDIR_ARRAY)
+	if ((char *)&cache_entry[1] - (char *)page_address(page) > PAGE_SIZE)
 		goto out;
 
-	cache_entry = &array->array[array->size];
 	cache_entry->cookie = entry->prev_cookie;
 	cache_entry->ino = entry->ino;
 	ret = nfs_readdir_make_qstr(&cache_entry->string, entry->name, entry->len);