| Message ID | 166593522241.1710.1607659813797998942.stgit@klimt.1015granger.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1,1/3] SUNRPC: Remove unused svc_rqst::rq_lock field | expand |
On Sun, 2022-10-16 at 11:47 -0400, Chuck Lever wrote: > The xdr_stream conversion inadvertently left some code that set the > page_len of the send buffer. The XDR stream encoders should handle > this automatically now. > > This oversight adds garbage past the end of the Reply message. > Clients typically ignore the garbage, but NFSD does not need to send > it, as it leaks stale memory contents onto the wire. > > Fixes: f8cba47344f7 ("NFSD: Update the NFSv2 GETACL result encoder to use struct xdr_stream") > Signed-off-by: Chuck Lever <chuck.lever@oracle.com> > --- > fs/nfsd/nfs2acl.c | 10 ---------- > 1 file changed, 10 deletions(-) > > diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c > index 9edd3c1a30fb..87f224cd30a8 100644 > --- a/fs/nfsd/nfs2acl.c > +++ b/fs/nfsd/nfs2acl.c > @@ -246,7 +246,6 @@ nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr) > struct nfsd3_getaclres *resp = rqstp->rq_resp; > struct dentry *dentry = resp->fh.fh_dentry; > struct inode *inode; > - int w; > > if (!svcxdr_encode_stat(xdr, resp->status)) > return false; > @@ -260,15 +259,6 @@ nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr) > if (xdr_stream_encode_u32(xdr, resp->mask) < 0) > return false; > > - rqstp->rq_res.page_len = w = nfsacl_size( > - (resp->mask & NFS_ACL) ? resp->acl_access : NULL, > - (resp->mask & NFS_DFACL) ? resp->acl_default : NULL); > - while (w > 0) { > - if (!*(rqstp->rq_next_page++)) > - return true; > - w -= PAGE_SIZE; > - } > - > if (!nfs_stream_encode_acl(xdr, inode, resp->acl_access, > resp->mask & NFS_ACL, 0)) > return false; > > That makes a lot more sense now. Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 9edd3c1a30fb..87f224cd30a8 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -246,7 +246,6 @@ nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr) struct nfsd3_getaclres *resp = rqstp->rq_resp; struct dentry *dentry = resp->fh.fh_dentry; struct inode *inode; - int w; if (!svcxdr_encode_stat(xdr, resp->status)) return false; @@ -260,15 +259,6 @@ nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr) if (xdr_stream_encode_u32(xdr, resp->mask) < 0) return false; - rqstp->rq_res.page_len = w = nfsacl_size( - (resp->mask & NFS_ACL) ? resp->acl_access : NULL, - (resp->mask & NFS_DFACL) ? resp->acl_default : NULL); - while (w > 0) { - if (!*(rqstp->rq_next_page++)) - return true; - w -= PAGE_SIZE; - } - if (!nfs_stream_encode_acl(xdr, inode, resp->acl_access, resp->mask & NFS_ACL, 0)) return false;
The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically now. This oversight adds garbage past the end of the Reply message. Clients typically ignore the garbage, but NFSD does not need to send it, as it leaks stale memory contents onto the wire. Fixes: f8cba47344f7 ("NFSD: Update the NFSv2 GETACL result encoder to use struct xdr_stream") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- fs/nfsd/nfs2acl.c | 10 ---------- 1 file changed, 10 deletions(-)