From patchwork Mon Mar 10 15:34:55 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 3803881 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id BD8159F1CD for ; Mon, 10 Mar 2014 15:35:06 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D83892021F for ; Mon, 10 Mar 2014 15:35:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 037B9201D5 for ; Mon, 10 Mar 2014 15:35:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754020AbaCJPfD (ORCPT ); Mon, 10 Mar 2014 11:35:03 -0400 Received: from mail-qa0-f49.google.com ([209.85.216.49]:44653 "EHLO mail-qa0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754019AbaCJPfC (ORCPT ); Mon, 10 Mar 2014 11:35:02 -0400 Received: by mail-qa0-f49.google.com with SMTP id cm18so2819767qab.8 for ; Mon, 10 Mar 2014 08:35:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=HgcNcZS4h73oNWp+UiVWOCBv3O43lkqTLDMxDwPNYmE=; b=Y/zYx9gtbBCI73zbBoVOxbTdp2yMiNOnjG4IsibZqehNWuRbhWC1AcN5vVUv3y4Ksl WfOfL5SGG2Vzif3Ooy0wJODVXM3siiTAM02Xe7+1ieADKKb9J3hoGNQjrtjHkw4Z4dSp 1gwwwh6oH95wcZ2A1ncQLVaM99sKdC7gWTE4cl3MeuekXFxfo4VG3SpjOo+vqXJWTViB 742rQeZ6jl/U7xo0629qOHRqCeOgf4y2NRVsX8QxtkOhhAx/sfwveMxuyZRdhR5JZ/tH MmzC5t0gRNCV7HcgYPkPVsBO45cC1zCaRCqLer7R/CDK8CH5B3xEuruujj1m0fjmApNQ kULA== X-Gm-Message-State: ALoCoQltNjX/WfstAP4YwhvyiG7i2fZz++Cc3OYyWNP1qpcXvcW+2ENpgVLKb/qPLFlZJeppsO3i X-Received: by 10.229.89.65 with SMTP id d1mr11822668qcm.14.1394465701136; Mon, 10 Mar 2014 08:35:01 -0700 (PDT) Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d]) by mx.google.com with ESMTPSA id x8sm54195788qam.20.2014.03.10.08.34.59 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Mar 2014 08:35:00 -0700 (PDT) From: Jeff Layton To: bfields@fieldses.org Cc: linux-nfs@vger.kernel.org Subject: [PATCH] svcrpc: explicitly reject compounds that are not padded out to 4-byte multiple Date: Mon, 10 Mar 2014 11:34:55 -0400 Message-Id: <1394465695-727-1-git-send-email-jlayton@redhat.com> X-Mailer: git-send-email 1.8.5.3 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We have a WARN_ON in the nfsd4_decode_write() that tells us when the client has sent a request that is not padded out properly according to RFC4506. A WARN_ON really isn't appropriate in this case though since this indicates a client bug, not a server one. Move this check out to the top-level compound decoder and have it just explicitly return an error. Also add a dprintk() that shows the client address and xid to help track down clients and frames that trigger it. Signed-off-by: Jeff Layton --- fs/nfsd/nfs4xdr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 63f2395c57ed..3a491dade169 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1222,7 +1222,6 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write) } write->wr_head.iov_base = p; write->wr_head.iov_len = avail; - WARN_ON(avail != (XDR_QUADLEN(avail) << 2)); write->wr_pagelist = argp->pagelist; len = XDR_QUADLEN(write->wr_buflen) << 2; @@ -3691,6 +3690,12 @@ int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp) int nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args) { + if (rqstp->rq_arg.head[0].iov_len % 4) { + /* client is nuts */ + dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)", + __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid)); + return 0; + } args->p = p; args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len; args->pagelist = rqstp->rq_arg.pages;