| Message ID | 166171264105.21449.17586756015319208200.stgit@manet.1015granger.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fixes for server-side xdr_stream overhaul | expand |
On Sun, 2022-08-28 at 14:50 -0400, Chuck Lever wrote: > Replace the check for buffer over/underflow with a helper that is > commonly used for this purpose. The helper also sets xdr->nwords > correctly after successfully linearizing the symlink argument into > the stream's scratch buffer. > > Signed-off-by: Chuck Lever <chuck.lever@oracle.com> > --- > fs/nfsd/nfs3xdr.c | 14 +++----------- > 1 file changed, 3 insertions(+), 11 deletions(-) > > diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c > index 0293b8d65f10..71e32cf28885 100644 > --- a/fs/nfsd/nfs3xdr.c > +++ b/fs/nfsd/nfs3xdr.c > @@ -616,8 +616,6 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) > { > struct nfsd3_symlinkargs *args = rqstp->rq_argp; > struct kvec *head = rqstp->rq_arg.head; > - struct kvec *tail = rqstp->rq_arg.tail; > - size_t remaining; > > if (!svcxdr_decode_diropargs3(xdr, &args->ffh, &args->fname, &args->flen)) > return false; > @@ -626,16 +624,10 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) > if (xdr_stream_decode_u32(xdr, &args->tlen) < 0) > return false; > > - /* request sanity */ > - remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; > - remaining -= xdr_stream_pos(xdr); > - if (remaining < xdr_align_size(args->tlen)) > - return false; > - > - args->first.iov_base = xdr->p; > + /* symlink_data */ > args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); > - > - return true; > + args->first.iov_base = xdr_inline_decode(xdr, args->tlen); > + return args->first.iov_base != NULL; > } > > bool > > Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 0293b8d65f10..71e32cf28885 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -616,8 +616,6 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) { struct nfsd3_symlinkargs *args = rqstp->rq_argp; struct kvec *head = rqstp->rq_arg.head; - struct kvec *tail = rqstp->rq_arg.tail; - size_t remaining; if (!svcxdr_decode_diropargs3(xdr, &args->ffh, &args->fname, &args->flen)) return false; @@ -626,16 +624,10 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) if (xdr_stream_decode_u32(xdr, &args->tlen) < 0) return false; - /* request sanity */ - remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; - remaining -= xdr_stream_pos(xdr); - if (remaining < xdr_align_size(args->tlen)) - return false; - - args->first.iov_base = xdr->p; + /* symlink_data */ args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); - - return true; + args->first.iov_base = xdr_inline_decode(xdr, args->tlen); + return args->first.iov_base != NULL; } bool
Replace the check for buffer over/underflow with a helper that is commonly used for this purpose. The helper also sets xdr->nwords correctly after successfully linearizing the symlink argument into the stream's scratch buffer. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- fs/nfsd/nfs3xdr.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-)