diff mbox

NFSD: fix bad length checking for backchannel

Message ID 52B80C36.8020000@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Kinglong Mee Dec. 23, 2013, 10:11 a.m. UTC 
the length for backchannel checking should be multiplied by sizeof(__be32).

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 fs/nfsd/nfs4state.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

J. Bruce Fields Jan. 3, 2014, 9:57 p.m. UTC | #1 
On Mon, Dec 23, 2013 at 06:11:02PM +0800, Kinglong Mee wrote:
> the length for backchannel checking should be multiplied by sizeof(__be32).

Thanks, applying.

--b.

> 
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
> ---
>  fs/nfsd/nfs4state.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 105d6fa..05f4db8 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -1851,6 +1851,11 @@ static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfs
>  	return nfs_ok;
>  }
>  
> +#define NFSD_CB_MAX_REQ_SZ	((NFS4_enc_cb_recall_sz + \
> +				 RPC_MAX_HEADER_WITH_AUTH) * sizeof(__be32))
> +#define NFSD_CB_MAX_RESP_SZ	((NFS4_dec_cb_recall_sz + \
> +				 RPC_MAX_REPHEADER_WITH_AUTH) * sizeof(__be32))
> +
>  static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
>  {
>  	ca->headerpadsz = 0;
> @@ -1861,9 +1866,9 @@ static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
>  	 * less than 1k.  Tighten up this estimate in the unlikely event
>  	 * it turns out to be a problem for some client:
>  	 */
> -	if (ca->maxreq_sz < NFS4_enc_cb_recall_sz + RPC_MAX_HEADER_WITH_AUTH)
> +	if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
>  		return nfserr_toosmall;
> -	if (ca->maxresp_sz < NFS4_dec_cb_recall_sz + RPC_MAX_REPHEADER_WITH_AUTH)
> +	if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
>  		return nfserr_toosmall;
>  	ca->maxresp_cached = 0;
>  	if (ca->maxops < 2)
> -- 
> 1.8.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 105d6fa..05f4db8 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1851,6 +1851,11 @@  static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfs
 	return nfs_ok;
 }
 
+#define NFSD_CB_MAX_REQ_SZ	((NFS4_enc_cb_recall_sz + \
+				 RPC_MAX_HEADER_WITH_AUTH) * sizeof(__be32))
+#define NFSD_CB_MAX_RESP_SZ	((NFS4_dec_cb_recall_sz + \
+				 RPC_MAX_REPHEADER_WITH_AUTH) * sizeof(__be32))
+
 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
 {
 	ca->headerpadsz = 0;
@@ -1861,9 +1866,9 @@  static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
 	 * less than 1k.  Tighten up this estimate in the unlikely event
 	 * it turns out to be a problem for some client:
 	 */
-	if (ca->maxreq_sz < NFS4_enc_cb_recall_sz + RPC_MAX_HEADER_WITH_AUTH)
+	if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
 		return nfserr_toosmall;
-	if (ca->maxresp_sz < NFS4_dec_cb_recall_sz + RPC_MAX_REPHEADER_WITH_AUTH)
+	if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
 		return nfserr_toosmall;
 	ca->maxresp_cached = 0;
 	if (ca->maxops < 2)