[PATCH v8 02/11] NFS: validity check for source offset in copy_file_range

* [PATCH v8 02/11] NFS: validity check for source offset in copy_file_range
       [not found] <20181101164523.41812-1-olga.kornievskaia@gmail.com>
@ 2018-11-01 16:45 ` Olga Kornievskaia
  0 siblings, 0 replies; only message in thread
From: Olga Kornievskaia @ 2018-11-01 16:45 UTC (permalink / raw)
  To: trond.myklebust, anna.schumaker, viro, smfrench, miklos
  Cc: linux-nfs, linux-fsdevel, linux-cifs, linux-unionfs

From: Olga Kornievskaia <kolga@netapp.com>

copy_file_range() man page mandates that EINVAL is returned
if the specified range is beyond the end of the file but
currently does not enforce it.

NFS RFC 7832 states that "if the source offset or the source
offset plus count is greater than the size of the source file,
the operation MUST fail with NFS4ERR_INVAL."

>From the NFS community discussion from earlier on
https://www.spinics.net/lists/linux-nfs/msg62627.html
in was thought that offset plus count should instead be a
short read.

In this patch only proposing to enforce the offset check:
Input source offset can not be beyond the end of the file.

Future work in VFS might perform the arguments checks and
we can remove this check.

Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 fs/nfs/nfs4file.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c
index 5a73c90..7838bdf 100644
--- a/fs/nfs/nfs4file.c
+++ b/fs/nfs/nfs4file.c
@@ -135,6 +135,9 @@ static ssize_t nfs4_copy_file_range(struct file *file_in, loff_t pos_in,
 {
 	ssize_t ret;
 
+	if (pos_in >= i_size_read(file_inode(file_in)))
+		return -EINVAL;
+
 	if (file_inode(file_in)->i_sb != file_inode(file_out)->i_sb)
 		return -EXDEV;
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] only message in thread