From patchwork Tue Aug 23 21:00:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952602 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F9AFC32772 for ; Tue, 23 Aug 2022 21:00:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230099AbiHWVAR (ORCPT ); Tue, 23 Aug 2022 17:00:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229850AbiHWVAM (ORCPT ); Tue, 23 Aug 2022 17:00:12 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECE40785B0 for ; Tue, 23 Aug 2022 14:00:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 471B56159D for ; Tue, 23 Aug 2022 21:00:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 863D0C433B5; Tue, 23 Aug 2022 21:00:08 +0000 (UTC) Subject: [PATCH v1 1/7] SUNRPC: Fix end-of-buffer calculation From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:07 -0400 Message-ID: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Ensure that stream-based argument decoding can't go past the actual end of the receive buffer. xdr_init_decode's calculation of the value of xdr->end over-estimates the end of the buffer because the Linux kernel RPC server code does not remove the size of the RPC header from rqstp->rq_arg before calling the upper layer's dispatcher. The server-side still uses the svc_getnl() macros to decode the RPC call header. These macros reduce the length of the head iov but do not update the total length of the message in the buffer (buf->len). A proper fix for this would be to replace the use of svc_getnl() and friends in the RPC header decoder, but that would be a large and invasive change that would be difficult to backport. Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side") Signed-off-by: Chuck Lever --- include/linux/sunrpc/svc.h | 14 +++++++++++--- include/linux/sunrpc/xdr.h | 12 ++++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h index daecb009c05b..494375313a6f 100644 --- a/include/linux/sunrpc/svc.h +++ b/include/linux/sunrpc/svc.h @@ -544,16 +544,24 @@ static inline void svc_reserve_auth(struct svc_rqst *rqstp, int space) } /** - * svcxdr_init_decode - Prepare an xdr_stream for svc Call decoding + * svcxdr_init_decode - Prepare an xdr_stream for Call decoding * @rqstp: controlling server RPC transaction context * + * This function currently assumes the RPC header in rq_arg has + * already been decoded. Upon return, xdr->p points to the + * location of the upper layer header. */ static inline void svcxdr_init_decode(struct svc_rqst *rqstp) { struct xdr_stream *xdr = &rqstp->rq_arg_stream; - struct kvec *argv = rqstp->rq_arg.head; + struct xdr_buf *buf = &rqstp->rq_arg; + struct kvec *argv = buf->head; - xdr_init_decode(xdr, &rqstp->rq_arg, argv->iov_base, NULL); + /* Reset the argument buffer's length, now that the RPC header + * has been decoded. */ + buf->len = xdr_buf_length(buf); + + xdr_init_decode(xdr, buf, argv->iov_base, NULL); xdr_set_scratch_page(xdr, rqstp->rq_scratch_page); } diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h index 69175029abbb..f6bb215d4029 100644 --- a/include/linux/sunrpc/xdr.h +++ b/include/linux/sunrpc/xdr.h @@ -83,6 +83,18 @@ xdr_buf_init(struct xdr_buf *buf, void *start, size_t len) buf->buflen = len; } +/** + * xdr_buf_length - Return the summed length of @buf's sub-buffers + * @buf: an instantiated xdr_buf + * + * Returns the sum of the lengths of the head kvec, the tail kvec, + * and the page array. + */ +static inline unsigned int xdr_buf_length(const struct xdr_buf *buf) +{ + return buf->head->iov_len + buf->page_len + buf->tail->iov_len; +} + /* * pre-xdr'ed macros. */ From patchwork Tue Aug 23 21:00:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6680C3F6B0 for ; Tue, 23 Aug 2022 21:05:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229900AbiHWVFb (ORCPT ); Tue, 23 Aug 2022 17:05:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230425AbiHWVAT (ORCPT ); Tue, 23 Aug 2022 17:00:19 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FA5D786D7 for ; Tue, 23 Aug 2022 14:00:18 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 7FE61CE1FE7 for ; Tue, 23 Aug 2022 21:00:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D60EEC433D6; Tue, 23 Aug 2022 21:00:14 +0000 (UTC) Subject: [PATCH v1 2/7] NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:13 -0400 Message-ID: <166128841388.2788.9568755346644827020.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Replace the check for buffer over/underflow with a helper that is commonly used for this purpose. The helper also sets xdr->nwords correctly after successfully linearizing the symlink argument into the stream's scratch buffer. Signed-off-by: Chuck Lever --- fs/nfsd/nfs3xdr.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 0293b8d65f10..71e32cf28885 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -616,8 +616,6 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) { struct nfsd3_symlinkargs *args = rqstp->rq_argp; struct kvec *head = rqstp->rq_arg.head; - struct kvec *tail = rqstp->rq_arg.tail; - size_t remaining; if (!svcxdr_decode_diropargs3(xdr, &args->ffh, &args->fname, &args->flen)) return false; @@ -626,16 +624,10 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) if (xdr_stream_decode_u32(xdr, &args->tlen) < 0) return false; - /* request sanity */ - remaining = head->iov_len + rqstp->rq_arg.page_len + tail->iov_len; - remaining -= xdr_stream_pos(xdr); - if (remaining < xdr_align_size(args->tlen)) - return false; - - args->first.iov_base = xdr->p; + /* symlink_data */ args->first.iov_len = head->iov_len - xdr_stream_pos(xdr); - - return true; + args->first.iov_base = xdr_inline_decode(xdr, args->tlen); + return args->first.iov_base != NULL; } bool From patchwork Tue Aug 23 21:00:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952609 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCBC5C32796 for ; Tue, 23 Aug 2022 21:05:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229954AbiHWVFa (ORCPT ); Tue, 23 Aug 2022 17:05:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231296AbiHWVAW (ORCPT ); Tue, 23 Aug 2022 17:00:22 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6350F79605 for ; Tue, 23 Aug 2022 14:00:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 009A4615A6 for ; Tue, 23 Aug 2022 21:00:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3DE67C433D6; Tue, 23 Aug 2022 21:00:21 +0000 (UTC) Subject: [PATCH v1 3/7] NFSD: Check for junk after RPC Call messages From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:20 -0400 Message-ID: <166128842018.2788.3153078415664547122.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org The current RPC server code allows incoming RPC messages up to about a megabyte in size. For TCP, this is based on the size value contained in the RPC record marker. Currently, NFSD ignores anything in the message that is past the end of the encoded RPC Call message. A very large RPC message can arrive with just an NFSv3 LOOKUP operation in it, and NFSD ignores the rest of the message until the next RPC fragment in the TCP stream. That ignored data still consumes pages in the svc_rqst's page array, however. The current arrangement is that each svc_rqst gets about 260 pages, assuming that all supported NFS operations will never require more than a total of 260 pages to decode a Call message and construct its corresponding Reply message. A clever attacker can add garbage at the end of a READ-like request, which generally has a small Call message and a potentially large Reply message with a payload . That makes both the Call message and the Reply message large, and runs the svc_rqst out of pages. At the very least, this can result in a short or empty READ or READDIR result. So, let's teach NFSD to look for such shenanigans and reject any Call where the incoming RPC frame has content remaining in the receive buffer after NFSD has decoded all of the Call arguments. Signed-off-by: Chuck Lever --- fs/nfsd/nfssvc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 4bb5baa17040..5face047ce1a 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -1027,6 +1027,7 @@ nfsd(void *vrqstp) int nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp) { const struct svc_procedure *proc = rqstp->rq_procinfo; + struct xdr_stream *xdr = &rqstp->rq_arg_stream; /* * Give the xdr decoder a chance to change this if it wants @@ -1035,7 +1036,9 @@ int nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp) rqstp->rq_cachetype = proc->pc_cachetype; svcxdr_init_decode(rqstp); - if (!proc->pc_decode(rqstp, &rqstp->rq_arg_stream)) + if (!proc->pc_decode(rqstp, xdr)) + goto out_decode_err; + if (xdr_stream_remaining(xdr)) goto out_decode_err; switch (nfsd_cache_lookup(rqstp)) { From patchwork Tue Aug 23 21:00:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39101C32772 for ; Tue, 23 Aug 2022 21:00:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229954AbiHWVAe (ORCPT ); Tue, 23 Aug 2022 17:00:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48414 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231517AbiHWVAb (ORCPT ); Tue, 23 Aug 2022 17:00:31 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 324987963F for ; Tue, 23 Aug 2022 14:00:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E40D8B81F3B for ; Tue, 23 Aug 2022 21:00:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8FC05C433D6; Tue, 23 Aug 2022 21:00:27 +0000 (UTC) Subject: [PATCH v1 4/7] lockd: Check for junk after RPC Call messages From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:26 -0400 Message-ID: <166128842661.2788.12824170997837980965.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org The current RPC server code allows incoming RPC messages up to about a megabyte in size. For TCP, this is based on the size value contained in the RPC record marker. Currently, lockd ignores anything in the message that is past the end of the encoded RPC Call message. A very large RPC message can arrive with just an NLM LOCK operation in it, and lockd ignores the rest of the message until the next RPC fragment in the TCP stream. That ignored data still consumes pages in the svc_rqst's page array, however. The current arrangement is that each svc_rqst gets about 260 pages, assuming that all supported NLM operations will never require more than a total of 260 pages to decode a Call message and construct its corresponding Reply message. A clever attacker can add garbage at the end of an RPC Call message. At the least, it can result in a short or empty NLM result. So, let's teach lockd to look for such shenanigans and reject any Call where the incoming RPC frame has content remaining in the receive buffer after lockd has decoded the Call arguments. Signed-off-by: Chuck Lever --- fs/lockd/svc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c index 59ef8a1f843f..80b3f1a006f6 100644 --- a/fs/lockd/svc.c +++ b/fs/lockd/svc.c @@ -694,9 +694,12 @@ module_exit(exit_nlm); static int nlmsvc_dispatch(struct svc_rqst *rqstp, __be32 *statp) { const struct svc_procedure *procp = rqstp->rq_procinfo; + struct xdr_stream *xdr = &rqstp->rq_arg_stream; svcxdr_init_decode(rqstp); - if (!procp->pc_decode(rqstp, &rqstp->rq_arg_stream)) + if (!procp->pc_decode(rqstp, xdr)) + goto out_decode_err; + if (xdr_stream_remaining(xdr)) goto out_decode_err; *statp = procp->pc_func(rqstp); From patchwork Tue Aug 23 21:00:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F065C32772 for ; Tue, 23 Aug 2022 21:00:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230270AbiHWVAn (ORCPT ); Tue, 23 Aug 2022 17:00:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230035AbiHWVAh (ORCPT ); Tue, 23 Aug 2022 17:00:37 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5559579A75 for ; Tue, 23 Aug 2022 14:00:36 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 70812B82185 for ; Tue, 23 Aug 2022 21:00:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0A68CC433C1; Tue, 23 Aug 2022 21:00:33 +0000 (UTC) Subject: [PATCH v1 5/7] NFSD: Clean up WRITE arg decoders From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:32 -0400 Message-ID: <166128843291.2788.7684141655548514185.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org xdr_stream_subsegment() already returns a boolean value. Signed-off-by: Chuck Lever --- fs/nfsd/nfs3xdr.c | 4 +--- fs/nfsd/nfsxdr.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 71e32cf28885..3308dd671ef0 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -571,10 +571,8 @@ nfs3svc_decode_writeargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) args->count = max_blocksize; args->len = max_blocksize; } - if (!xdr_stream_subsegment(xdr, &args->payload, args->count)) - return false; - return true; + return xdr_stream_subsegment(xdr, &args->payload, args->count); } bool diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c index aba8520b4b8b..caf6355b18fa 100644 --- a/fs/nfsd/nfsxdr.c +++ b/fs/nfsd/nfsxdr.c @@ -338,10 +338,8 @@ nfssvc_decode_writeargs(struct svc_rqst *rqstp, struct xdr_stream *xdr) return false; if (args->len > NFSSVC_MAXBLKSIZE_V2) return false; - if (!xdr_stream_subsegment(xdr, &args->payload, args->len)) - return false; - return true; + return xdr_stream_subsegment(xdr, &args->payload, args->len); } bool From patchwork Tue Aug 23 21:00:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952605 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA699C32772 for ; Tue, 23 Aug 2022 21:00:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231373AbiHWVAs (ORCPT ); Tue, 23 Aug 2022 17:00:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229955AbiHWVAl (ORCPT ); Tue, 23 Aug 2022 17:00:41 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CE2F49B7A for ; Tue, 23 Aug 2022 14:00:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 089656159D for ; Tue, 23 Aug 2022 21:00:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4E85AC433D6; Tue, 23 Aug 2022 21:00:40 +0000 (UTC) Subject: [PATCH v1 6/7] SUNRPC: Clean up xdr_buf_subsegment's kdoc comment From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:39 -0400 Message-ID: <166128843940.2788.14690289839086531152.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Signed-off-by: Chuck Lever --- net/sunrpc/xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index 482586c23fdd..8ad637ca703e 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -1575,7 +1575,7 @@ EXPORT_SYMBOL_GPL(xdr_buf_from_iov); * * @buf and @subbuf may be pointers to the same struct xdr_buf. * - * Returns -1 if base of length are out of bounds. + * Returns -1 if base or length are out of bounds. */ int xdr_buf_subsegment(const struct xdr_buf *buf, struct xdr_buf *subbuf, unsigned int base, unsigned int len) From patchwork Tue Aug 23 21:00:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 12952606 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FDB4C32772 for ; Tue, 23 Aug 2022 21:01:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230008AbiHWVA7 (ORCPT ); Tue, 23 Aug 2022 17:00:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231202AbiHWVAy (ORCPT ); Tue, 23 Aug 2022 17:00:54 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 763E67AC19 for ; Tue, 23 Aug 2022 14:00:49 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1A4E9B82184 for ; Tue, 23 Aug 2022 21:00:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A656C433C1; Tue, 23 Aug 2022 21:00:46 +0000 (UTC) Subject: [PATCH v1 7/7] SUNRPC: Use the new xdr_buf_length() helper From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Tue, 23 Aug 2022 17:00:45 -0400 Message-ID: <166128844564.2788.14369025982070863998.stgit@manet.1015granger.net> In-Reply-To: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> References: <166128840714.2788.7887913547062461761.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Clean up. Signed-off-by: Chuck Lever --- fs/nfsd/nfs4xdr.c | 3 +-- net/sunrpc/xdr.c | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 1e9690a061ec..26d005c5ec10 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -5426,8 +5426,7 @@ nfs4svc_encode_compoundres(struct svc_rqst *rqstp, struct xdr_stream *xdr) struct xdr_buf *buf = xdr->buf; __be32 *p; - WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len + - buf->tail[0].iov_len); + WARN_ON_ONCE(buf->len != xdr_buf_length(buf)); /* * Send buffer space for the following items is reserved diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index 8ad637ca703e..f77a7d98b294 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -508,9 +508,8 @@ static unsigned int xdr_buf_pages_fill_sparse(const struct xdr_buf *buf, static void xdr_buf_try_expand(struct xdr_buf *buf, unsigned int len) { - struct kvec *head = buf->head; struct kvec *tail = buf->tail; - unsigned int sum = head->iov_len + buf->page_len + tail->iov_len; + unsigned int sum = xdr_buf_length(buf); unsigned int free_space, newlen; if (sum > buf->len) { @@ -2060,7 +2059,7 @@ int xdr_encode_array2(const struct xdr_buf *buf, unsigned int base, struct xdr_array2_desc *desc) { if ((unsigned long) base + 4 + desc->array_len * desc->elem_size > - buf->head->iov_len + buf->page_len + buf->tail->iov_len) + xdr_buf_length(buf)) return -EINVAL; return xdr_xcode_array2(buf, base, desc, 1);