forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/fs/nfsd
History
Neil Brown 9e27d5e674 nfsd4: bug in read_buf 
commit 2bc3c1179c upstream.

When read_buf is called to move over to the next page in the pagelist
of an NFSv4 request, it sets argp->end to essentially a random
number, certainly not an address within the page which argp->p now
points to.  So subsequent calls to READ_BUF will think there is much
more than a page of spare space (the cast to u32 ensures an unsigned
comparison) so we can expect to fall off the end of the second
page.

We never encountered thsi in testing because typically the only
operations which use more than two pages are write-like operations,
which have their own decoding logic.  Something like a getattr after a
write may cross a page boundary, but it would be very unusual for it to
cross another boundary after that.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-05-12 14:57:01 -07:00
..
auth.c CRED: Add some configurable debugging [try #6] 2009-09-02 21:29:01 +10:00
auth.h nfsd: minor fs/nfsd/auth.h cleanup 2008-02-01 16:42:05 -05:00
export.c seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
Kconfig nfsd : Define NFSD only when FILE_LOCKING is enabled 2009-03-18 17:30:48 -04:00
lockd.c nfsd: common grace period control 2008-10-03 16:19:02 -04:00
Makefile knfsd: trivial makefile cleanup 2007-05-09 12:30:54 -07:00
nfs2acl.c nfsd: rename MAY_ flags 2008-06-23 13:02:50 -04:00
nfs3acl.c nfsd: rename MAY_ flags 2008-06-23 13:02:50 -04:00
nfs3proc.c NFS: kill off complicated macro 'PROC' 2009-06-15 19:34:32 -07:00
nfs3xdr.c Fix memory corruption caused by nfsd readdir+ 2009-11-14 12:55:55 -08:00
nfs4acl.c nfsd: Fix sort_pacl in fs/nfsd/nf4acl.c to actually sort groups 2010-01-28 15:01:13 -08:00
nfs4callback.c nfsd41: modify nfsd4.1 backchannel to use new xprt class 2009-09-15 20:52:13 -04:00
nfs4idmap.c headers: utsname.h redux 2009-09-23 18:13:10 -07:00
nfs4proc.c NFSD: Fix a bug in the NFSv4 'supported attrs' mandatory attribute 2009-09-01 20:00:17 -04:00
nfs4recover.c nfsd: silence lockdep warning 2009-05-11 17:23:14 -04:00
nfs4state.c vfs: take f_lock on modifying f_mode after open time 2010-03-15 08:49:37 -07:00
nfs4xdr.c nfsd4: bug in read_buf 2010-05-12 14:57:01 -07:00
nfscache.c knfsd: fix reply cache memory corruption 2009-05-27 14:14:02 -04:00
nfsctl.c const: constify remaining file_operations 2009-10-01 16:11:11 -07:00
nfsfh.c nfsd4: filehandle leak or error exit from fh_compose() 2009-09-04 11:59:32 -04:00
nfsproc.c NFS: kill off complicated macro 'PROC' 2009-06-15 19:34:32 -07:00
nfssvc.c Merge branch 'for-2.6.32' of git://linux-nfs.org/~bfields/linux 2009-09-22 07:54:33 -07:00
nfsxdr.c Use struct path in struct svc_export 2008-02-14 21:17:08 -08:00
stats.c
vfs.c nfsd: make sure data is on disk before calling ->fsync 2010-01-18 10:19:18 -08:00