From patchwork Sat Jul 9 02:19:56 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mi Jinlong X-Patchwork-Id: 957802 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p692GxTZ007598 for ; Sat, 9 Jul 2011 02:17:00 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752206Ab1GICQ6 (ORCPT ); Fri, 8 Jul 2011 22:16:58 -0400 Received: from cn.fujitsu.com ([222.73.24.84]:62722 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1750962Ab1GICQ6 (ORCPT ); Fri, 8 Jul 2011 22:16:58 -0400 Received: from tang.cn.fujitsu.com (tang.cn.fujitsu.com [10.167.250.3]) by song.cn.fujitsu.com (Postfix) with ESMTP id 43258170028; Sat, 9 Jul 2011 10:16:55 +0800 (CST) Received: from mailserver.fnst.cn.fujitsu.com (tang.cn.fujitsu.com [127.0.0.1]) by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id p692GsWB018976; Sat, 9 Jul 2011 10:16:54 +0800 Received: from [127.0.0.1] ([10.167.225.24]) by mailserver.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.1FP4) with ESMTP id 2011070910161533-786966 ; Sat, 9 Jul 2011 10:16:15 +0800 Message-ID: <4E17BACC.8030901@cn.fujitsu.com> Date: Sat, 09 Jul 2011 10:19:56 +0800 From: Mi Jinlong User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: "J. Bruce Fields" CC: NFS Subject: [PATCH 2/2 v3] nfsd41: check the size of request References: <4E0EDEBE.8040902@cn.fujitsu.com> <20110706164306.GC30349@fieldses.org> <4E16CA48.3030308@cn.fujitsu.com> <20110708200319.GC13886@fieldses.org> In-Reply-To: <20110708200319.GC13886@fieldses.org> X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release 8.5.1FP4|July 25, 2010) at 2011-07-09 10:16:15, Serialize by Router on mailserver/fnst(Release 8.5.1FP4|July 25, 2010) at 2011-07-09 10:16:15, Serialize complete at 2011-07-09 10:16:15 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Sat, 09 Jul 2011 02:17:01 +0000 (UTC) This patch checks request's size when it consists SEQUENCE. Also modifies the format of some function which length exceed 80. v3: remove the check about only SEQUENCE operation. check the size immediately after find session. modify some function's format which length exceed 80. Signed-off-by: Mi Jinlong --- fs/nfsd/nfs4state.c | 24 ++++++++++++++++++++---- 1 files changed, 20 insertions(+), 4 deletions(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index e98f3c2..9cce11c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -1645,7 +1645,8 @@ __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, return status; } -static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid) +static bool nfsd4_compound_in_session(struct nfsd4_session *session, + struct nfs4_sessionid *sid) { if (!session) return 0; @@ -1695,7 +1696,8 @@ out: return status; } -static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s) +static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, + struct nfsd4_session *s) { struct nfsd4_conn *c; @@ -1707,7 +1709,8 @@ static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_s return NULL; } -static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses) +static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, + struct nfsd4_session *ses) { struct nfs4_client *clp = ses->se_client; struct nfsd4_conn *c; @@ -1729,13 +1732,22 @@ static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_sessi return; } -static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session) +static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, + struct nfsd4_session *session) { struct nfsd4_compoundargs *args = rqstp->rq_argp; return args->opcnt > session->se_fchannel.maxops; } +static bool nfsd4_request_too_big(struct svc_rqst *rqstp, + struct nfsd4_session *session) +{ + struct xdr_buf *xb = &rqstp->rq_arg; + + return xb->len > session->se_fchannel.maxreq_sz; +} + __be32 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, @@ -1768,6 +1780,10 @@ nfsd4_sequence(struct svc_rqst *rqstp, if (nfsd4_session_too_many_ops(rqstp, session)) goto out; + status = nfserr_req_too_big; + if (nfsd4_request_too_big(rqstp, session)) + goto out; + status = nfserr_badslot; if (seq->slotid >= session->se_fchannel.maxreqs) goto out;