| Message ID | 20220118193341.2684379-1-dan.aloni@vastdata.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | NFS: fix an infinite request retry in an off-by-one last page read | expand |
On Tue, 2022-01-18 at 21:33 +0200, Dan Aloni wrote: > Due to change 8cfb9015280d ("NFS: Always provide aligned buffers to > the > RPC read layers"), a read of 0xfff is aligned up to server rsize of > 0x1000. > > As a result, in a test where the server has a file of size > 0x7fffffffffffffff, and the client tries to read from the offset > 0x7ffffffffffff000, the read causes loff_t overflow in the server and > it > returns an NFS code of EINVAL to the client. The client as a result > indefinitely retries the request. > > This fixes the issue by cancelling the alignment for that case. > NACK. This would be a server bug, not a client bug. The NFS protocol has no notion of signed offsets, and doesn't use loff_t.
diff --git a/fs/nfs/read.c b/fs/nfs/read.c index 08d6cc57cbc3..d6fac5e4d3f4 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -296,16 +296,19 @@ readpage_async_filler(void *data, struct page *page) struct inode *inode = page_file_mapping(page)->host; unsigned int rsize = NFS_SERVER(inode)->rsize; struct nfs_page *new; - unsigned int len, aligned_len; + unsigned int len, request_len; int error; len = nfs_page_length(page); if (len == 0) return nfs_return_empty_page(page); - aligned_len = min_t(unsigned int, ALIGN(len, rsize), PAGE_SIZE); + if (likely(page_index(page) != (LLONG_MAX >> PAGE_SHIFT))) + request_len = min_t(unsigned int, ALIGN(len, rsize), PAGE_SIZE); + else + request_len = len; - new = nfs_create_request(desc->ctx, page, 0, aligned_len); + new = nfs_create_request(desc->ctx, page, 0, request_len); if (IS_ERR(new)) goto out_error;
Due to change 8cfb9015280d ("NFS: Always provide aligned buffers to the RPC read layers"), a read of 0xfff is aligned up to server rsize of 0x1000. As a result, in a test where the server has a file of size 0x7fffffffffffffff, and the client tries to read from the offset 0x7ffffffffffff000, the read causes loff_t overflow in the server and it returns an NFS code of EINVAL to the client. The client as a result indefinitely retries the request. This fixes the issue by cancelling the alignment for that case. Fixes: 8cfb9015280d ("NFS: Always provide aligned buffers to the RPC read layers") Signed-off-by: Dan Aloni <dan.aloni@vastdata.com> --- fs/nfs/read.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)