From patchwork Tue May 30 18:14:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 9755039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 29BE9601D2 for ; Tue, 30 May 2017 18:15:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 16B6A267EC for ; Tue, 30 May 2017 18:15:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0AB1327FA5; Tue, 30 May 2017 18:15:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 846E4267EC for ; Tue, 30 May 2017 18:15:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751168AbdE3SPB (ORCPT ); Tue, 30 May 2017 14:15:01 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:36564 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbdE3SPA (ORCPT ); Tue, 30 May 2017 14:15:00 -0400 Received: by mail-it0-f67.google.com with SMTP id i206so10290891ita.3; Tue, 30 May 2017 11:15:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:from:to:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=ttreHN42QHT7K83enSt3dij8iVr5ToCYXvRk6iIvvnE=; b=pwfnR8xR22quHpT/BZExhqehDpYo6dshozfqA5sSj1iC2VTcdCgSr90c8zktJe5LnA CyWxXZl1VZ2+eEtDvOmUdMaC5xF5jXLYNrdoBDPSI9FsfVGkxfYav9fGsXqJOrPpMYIg mCfWKl9+efdOWH4m9Kars7g7hwAbJ/txiqCsH+uVTWk6s9lrCwRFVHDEIZ9cVx70M0bR wg6bdq0e0zckuoQNkW3aSaiFZvZGszhsR5Z02CgM1rd9AVP9kmvz84IyFa8Pqq6N3q37 Kj9nYmxFumL3tux3ioLifzjt3ifzfZ3kDQV6xvuSep+saXC2wDn5PLCtQAtWUI0MjkYh KS0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:from:to:date:message-id :in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=ttreHN42QHT7K83enSt3dij8iVr5ToCYXvRk6iIvvnE=; b=UPRzjVYN52rPTWDx3D6fj4wh/awNum1f81TTAmUBvXIWU6wwhXbztgeQMnXNHN3+Cm 4rDT2RX4eAOQuP4OuL+IKuUPY2Q0S7VVWrSjVET8jEYiLV8/vKyJjqXVTK4adpB5SOhX t+iX+N+Gq1P5b1o/bpMw7IZQrx7pgCFvL1JrvWNm9EGj29JrIz4aQKnoNVX4M8ZsGCg9 hkfOXB1GBBGA0fy4WwqesjSKT0Ykw/o4VmkheL+SW/gA2lTbUWRBnsnwpCZHqcfDJI7l Cf+YMZYXtDxPRf2hWM5IEt3WwInWJhIpyVahIbzH62/SRa+PHFSSiKwj42J5sxFMFoMk L4Pw== X-Gm-Message-State: AODbwcAQTJzSmUWwitN/MsoqX33WkabDLorYAAMubtyiEWvxP8KGAb/b 9sJhGPyI/+v8ym4z X-Received: by 10.36.90.210 with SMTP id v201mr3152058ita.83.1496168099626; Tue, 30 May 2017 11:14:59 -0700 (PDT) Received: from klimt.1015granger.net (c-68-46-169-226.hsd1.mi.comcast.net. [68.46.169.226]) by smtp.gmail.com with ESMTPSA id 134sm8943218itm.12.2017.05.30.11.14.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 30 May 2017 11:14:59 -0700 (PDT) Subject: [PATCH v1 07/17] svcrdma: Improve Reply chunk sanity checking From: Chuck Lever To: linux-rdma@vger.kernel.org, linux-nfs@vger.kernel.org Date: Tue, 30 May 2017 14:14:58 -0400 Message-ID: <20170530181458.2992.89047.stgit@klimt.1015granger.net> In-Reply-To: <20170530175808.2992.60365.stgit@klimt.1015granger.net> References: <20170530175808.2992.60365.stgit@klimt.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Identify malformed transport headers and unsupported chunk combinations as early as possible. - Ensure that segment lengths are not crazy. - Ensure that the Reply chunk's segment count is not crazy. With a 1KB inline threshold, the largest number of Write segments that can be conveyed is about 60 (for a RDMA_NOMSG Reply message). Signed-off-by: Chuck Lever --- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c index cf8be18..b480893 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c +++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c @@ -217,15 +217,20 @@ static __be32 *xdr_check_write_list(__be32 *p, const __be32 *end) return p; } -static __be32 *xdr_check_reply_chunk(__be32 *p, __be32 *end) +/* Sanity check the Reply chunk. + * + * Sanity checks: + * - Reply chunk does not overflow buffer. + * - Segment size limited by largest NFS data payload. + * + * Returns pointer to the following RPC header. + */ +static __be32 *xdr_check_reply_chunk(__be32 *p, const __be32 *end) { - __be32 *next; - if (*p++ != xdr_zero) { - next = p + 1 + be32_to_cpup(p) * rpcrdma_segment_maxsz; - if (next > end) + p = xdr_check_write_chunk(p, end, MAX_BYTES_SPECIAL_SEG); + if (!p) return NULL; - p = next; } return p; }