| Message ID | 160986061812.5532.3122782251888690881.stgit@klimt.1015granger.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Update NFSD XDR functions | expand |
On Tue, Jan 05, 2021 at 10:30:18AM -0500, Chuck Lever wrote: > As part of the update, open code that sanity-checks the size of the > data payload against the length of the RPC Call message has to be > re-implemented to use xdr_stream infrastructure. I'm having a little trouble parsing that. Did you mean "write code"? --b. > > Signed-off-by: Chuck Lever <chuck.lever@oracle.com> > --- > fs/nfsd/nfs3xdr.c | 51 ++++++++++++++++++++------------------------------- > 1 file changed, 20 insertions(+), 31 deletions(-) > > diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c > index ff98eae5db81..0aafb096de91 100644 > --- a/fs/nfsd/nfs3xdr.c > +++ b/fs/nfsd/nfs3xdr.c > @@ -405,52 +405,41 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p) > int > nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p) > { > + struct xdr_stream *xdr = &rqstp->rq_arg_stream; > struct nfsd3_writeargs *args = rqstp->rq_argp; > - unsigned int len, hdr, dlen; > u32 max_blocksize = svc_max_payload(rqstp); > struct kvec *head = rqstp->rq_arg.head; > struct kvec *tail = rqstp->rq_arg.tail; > + size_t remaining; > > - p = decode_fh(p, &args->fh); > - if (!p) > + if (!svcxdr_decode_nfs_fh3(xdr, &args->fh)) > return 0; > - p = xdr_decode_hyper(p, &args->offset); > - > - args->count = ntohl(*p++); > - args->stable = ntohl(*p++); > - len = args->len = ntohl(*p++); > - if ((void *)p > head->iov_base + head->iov_len) > + if (xdr_stream_decode_u64(xdr, &args->offset) < 0) > return 0; > - /* > - * The count must equal the amount of data passed. > - */ > - if (args->count != args->len) > + if (xdr_stream_decode_u32(xdr, &args->count) < 0) > + return 0; > + if (xdr_stream_decode_u32(xdr, &args->stable) < 0) > return 0; > > - /* > - * Check to make sure that we got the right number of > - * bytes. > - */ > - hdr = (void*)p - head->iov_base; > - dlen = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len - hdr; > - /* > - * Round the length of the data which was specified up to > - * the next multiple of XDR units and then compare that > - * against the length which was actually received. > - * Note that when RPCSEC/GSS (for example) is used, the > - * data buffer can be padded so dlen might be larger > - * than required. It must never be smaller. > - */ > - if (dlen < XDR_QUADLEN(len)*4) > + /* opaque data */ > + if (xdr_stream_decode_u32(xdr, &args->len) < 0) > return 0; > > + /* request sanity */ > + if (args->count != args->len) > + return 0; > + remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; > + remaining -= xdr_stream_pos(xdr); > + if (remaining < xdr_align_size(args->len)) > + return 0; > if (args->count > max_blocksize) { > args->count = max_blocksize; > - len = args->len = max_blocksize; > + args->len = max_blocksize; > } > > - args->first.iov_base = (void *)p; > - args->first.iov_len = head->iov_len - hdr; > + args->first.iov_base = xdr->p; > + args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); > + > return 1; > } > >
> On Jan 22, 2021, at 1:47 PM, J. Bruce Fields <bfields@fieldses.org> wrote: > > On Tue, Jan 05, 2021 at 10:30:18AM -0500, Chuck Lever wrote: >> As part of the update, open code that sanity-checks the size of the >> data payload against the length of the RPC Call message has to be >> re-implemented to use xdr_stream infrastructure. > > I'm having a little trouble parsing that. Did you mean "write code"? The WRITE payload size sanity-checking code has to be re-implemented. > --b. > >> >> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> >> --- >> fs/nfsd/nfs3xdr.c | 51 ++++++++++++++++++++------------------------------- >> 1 file changed, 20 insertions(+), 31 deletions(-) >> >> diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c >> index ff98eae5db81..0aafb096de91 100644 >> --- a/fs/nfsd/nfs3xdr.c >> +++ b/fs/nfsd/nfs3xdr.c >> @@ -405,52 +405,41 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p) >> int >> nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p) >> { >> + struct xdr_stream *xdr = &rqstp->rq_arg_stream; >> struct nfsd3_writeargs *args = rqstp->rq_argp; >> - unsigned int len, hdr, dlen; >> u32 max_blocksize = svc_max_payload(rqstp); >> struct kvec *head = rqstp->rq_arg.head; >> struct kvec *tail = rqstp->rq_arg.tail; >> + size_t remaining; >> >> - p = decode_fh(p, &args->fh); >> - if (!p) >> + if (!svcxdr_decode_nfs_fh3(xdr, &args->fh)) >> return 0; >> - p = xdr_decode_hyper(p, &args->offset); >> - >> - args->count = ntohl(*p++); >> - args->stable = ntohl(*p++); >> - len = args->len = ntohl(*p++); >> - if ((void *)p > head->iov_base + head->iov_len) >> + if (xdr_stream_decode_u64(xdr, &args->offset) < 0) >> return 0; >> - /* >> - * The count must equal the amount of data passed. >> - */ >> - if (args->count != args->len) >> + if (xdr_stream_decode_u32(xdr, &args->count) < 0) >> + return 0; >> + if (xdr_stream_decode_u32(xdr, &args->stable) < 0) >> return 0; >> >> - /* >> - * Check to make sure that we got the right number of >> - * bytes. >> - */ >> - hdr = (void*)p - head->iov_base; >> - dlen = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len - hdr; >> - /* >> - * Round the length of the data which was specified up to >> - * the next multiple of XDR units and then compare that >> - * against the length which was actually received. >> - * Note that when RPCSEC/GSS (for example) is used, the >> - * data buffer can be padded so dlen might be larger >> - * than required. It must never be smaller. >> - */ >> - if (dlen < XDR_QUADLEN(len)*4) >> + /* opaque data */ >> + if (xdr_stream_decode_u32(xdr, &args->len) < 0) >> return 0; >> >> + /* request sanity */ >> + if (args->count != args->len) >> + return 0; >> + remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; >> + remaining -= xdr_stream_pos(xdr); >> + if (remaining < xdr_align_size(args->len)) >> + return 0; >> if (args->count > max_blocksize) { >> args->count = max_blocksize; >> - len = args->len = max_blocksize; >> + args->len = max_blocksize; >> } >> >> - args->first.iov_base = (void *)p; >> - args->first.iov_len = head->iov_len - hdr; >> + args->first.iov_base = xdr->p; >> + args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); >> + >> return 1; >> } >> >> -- Chuck Lever
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index ff98eae5db81..0aafb096de91 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -405,52 +405,41 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p) int nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p) { + struct xdr_stream *xdr = &rqstp->rq_arg_stream; struct nfsd3_writeargs *args = rqstp->rq_argp; - unsigned int len, hdr, dlen; u32 max_blocksize = svc_max_payload(rqstp); struct kvec *head = rqstp->rq_arg.head; struct kvec *tail = rqstp->rq_arg.tail; + size_t remaining; - p = decode_fh(p, &args->fh); - if (!p) + if (!svcxdr_decode_nfs_fh3(xdr, &args->fh)) return 0; - p = xdr_decode_hyper(p, &args->offset); - - args->count = ntohl(*p++); - args->stable = ntohl(*p++); - len = args->len = ntohl(*p++); - if ((void *)p > head->iov_base + head->iov_len) + if (xdr_stream_decode_u64(xdr, &args->offset) < 0) return 0; - /* - * The count must equal the amount of data passed. - */ - if (args->count != args->len) + if (xdr_stream_decode_u32(xdr, &args->count) < 0) + return 0; + if (xdr_stream_decode_u32(xdr, &args->stable) < 0) return 0; - /* - * Check to make sure that we got the right number of - * bytes. - */ - hdr = (void*)p - head->iov_base; - dlen = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len - hdr; - /* - * Round the length of the data which was specified up to - * the next multiple of XDR units and then compare that - * against the length which was actually received. - * Note that when RPCSEC/GSS (for example) is used, the - * data buffer can be padded so dlen might be larger - * than required. It must never be smaller. - */ - if (dlen < XDR_QUADLEN(len)*4) + /* opaque data */ + if (xdr_stream_decode_u32(xdr, &args->len) < 0) return 0; + /* request sanity */ + if (args->count != args->len) + return 0; + remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; + remaining -= xdr_stream_pos(xdr); + if (remaining < xdr_align_size(args->len)) + return 0; if (args->count > max_blocksize) { args->count = max_blocksize; - len = args->len = max_blocksize; + args->len = max_blocksize; } - args->first.iov_base = (void *)p; - args->first.iov_len = head->iov_len - hdr; + args->first.iov_base = xdr->p; + args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); + return 1; }
As part of the update, open code that sanity-checks the size of the data payload against the length of the RPC Call message has to be re-implemented to use xdr_stream infrastructure. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- fs/nfsd/nfs3xdr.c | 51 ++++++++++++++++++++------------------------------- 1 file changed, 20 insertions(+), 31 deletions(-)