Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: Chuck Lever <chuck.lever@oracle.com>
To: linux-nfs@vger.kernel.org
Subject: [PATCH v3 10/85] NFSD: Change the way the expected length of a fattr4 is checked
Date: Mon, 23 Nov 2020 15:04:51 -0500
Message-ID: <160616189193.51996.3348726953277601601.stgit@klimt.1015granger.net> (raw)
In-Reply-To: <160616177104.51996.14915419165992024951.stgit@klimt.1015granger.net>

Because the fattr4 is now managed in an xdr_stream, all that is
needed is to store the initial position of the stream before
decoding the attribute list. Then the actual length of the list
is computed using the final stream position, after decoding is
complete.

No behavior change is expected.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/nfsd/nfs4xdr.c |   34 +++++++++++-----------------------
 1 file changed, 11 insertions(+), 23 deletions(-)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index de7408adb7c6..6dae8b0a5f0f 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -250,7 +250,8 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 		   struct iattr *iattr, struct nfs4_acl **acl,
 		   struct xdr_netobj *label, int *umask)
 {
-	int expected_len, len = 0;
+	unsigned int starting_pos;
+	u32 attrlist4_count;
 	u32 dummy32;
 	char *buf;
 
@@ -267,12 +268,12 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 		return nfserr_attrnotsupp;
 	}
 
-	READ_BUF(4);
-	expected_len = be32_to_cpup(p++);
+	if (xdr_stream_decode_u32(argp->xdr, &attrlist4_count) < 0)
+		return nfserr_bad_xdr;
+	starting_pos = xdr_stream_pos(argp->xdr);
 
 	if (bmval[0] & FATTR4_WORD0_SIZE) {
 		READ_BUF(8);
-		len += 8;
 		p = xdr_decode_hyper(p, &iattr->ia_size);
 		iattr->ia_valid |= ATTR_SIZE;
 	}
@@ -280,7 +281,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 		u32 nace;
 		struct nfs4_ace *ace;
 
-		READ_BUF(4); len += 4;
+		READ_BUF(4);
 		nace = be32_to_cpup(p++);
 
 		if (nace > xdr_stream_remaining(argp->xdr) / sizeof(struct nfs4_ace))
@@ -297,13 +298,12 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 
 		(*acl)->naces = nace;
 		for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
-			READ_BUF(16); len += 16;
+			READ_BUF(16);
 			ace->type = be32_to_cpup(p++);
 			ace->flag = be32_to_cpup(p++);
 			ace->access_mask = be32_to_cpup(p++);
 			dummy32 = be32_to_cpup(p++);
 			READ_BUF(dummy32);
-			len += XDR_QUADLEN(dummy32) << 2;
 			READMEM(buf, dummy32);
 			ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
 			status = nfs_ok;
@@ -322,17 +322,14 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 		*acl = NULL;
 	if (bmval[1] & FATTR4_WORD1_MODE) {
 		READ_BUF(4);
-		len += 4;
 		iattr->ia_mode = be32_to_cpup(p++);
 		iattr->ia_mode &= (S_IFMT | S_IALLUGO);
 		iattr->ia_valid |= ATTR_MODE;
 	}
 	if (bmval[1] & FATTR4_WORD1_OWNER) {
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++);
 		READ_BUF(dummy32);
-		len += (XDR_QUADLEN(dummy32) << 2);
 		READMEM(buf, dummy32);
 		if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
 			return status;
@@ -340,10 +337,8 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 	}
 	if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++);
 		READ_BUF(dummy32);
-		len += (XDR_QUADLEN(dummy32) << 2);
 		READMEM(buf, dummy32);
 		if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
 			return status;
@@ -351,11 +346,9 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 	}
 	if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++);
 		switch (dummy32) {
 		case NFS4_SET_TO_CLIENT_TIME:
-			len += 12;
 			status = nfsd4_decode_time(argp, &iattr->ia_atime);
 			if (status)
 				return status;
@@ -370,11 +363,9 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 	}
 	if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++);
 		switch (dummy32) {
 		case NFS4_SET_TO_CLIENT_TIME:
-			len += 12;
 			status = nfsd4_decode_time(argp, &iattr->ia_mtime);
 			if (status)
 				return status;
@@ -392,18 +383,14 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 	if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) &&
 	    bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++); /* lfs: we don't use it */
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++); /* pi: we don't use it either */
 		READ_BUF(4);
-		len += 4;
 		dummy32 = be32_to_cpup(p++);
 		READ_BUF(dummy32);
 		if (dummy32 > NFS4_MAXLABELLEN)
 			return nfserr_badlabel;
-		len += (XDR_QUADLEN(dummy32) << 2);
 		READMEM(buf, dummy32);
 		label->len = dummy32;
 		label->data = svcxdr_dupstr(argp, buf, dummy32);
@@ -414,15 +401,16 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
 		if (!umask)
 			goto xdr_error;
 		READ_BUF(8);
-		len += 8;
 		dummy32 = be32_to_cpup(p++);
 		iattr->ia_mode = dummy32 & (S_IFMT | S_IALLUGO);
 		dummy32 = be32_to_cpup(p++);
 		*umask = dummy32 & S_IRWXUGO;
 		iattr->ia_valid |= ATTR_MODE;
 	}
-	if (len != expected_len)
-		goto xdr_error;
+
+	/* request sanity: did attrlist4 contain the expected number of words? */
+	if (attrlist4_count != xdr_stream_pos(argp->xdr) - starting_pos)
+		return nfserr_bad_xdr;
 
 	DECODE_TAIL;
 }



  parent reply index

Thread overview: 86+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-23 20:03 [PATCH v3 00/85] Update NFSD XDR functions Chuck Lever
2020-11-23 20:04 ` [PATCH v3 01/85] SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer() Chuck Lever
2020-11-23 20:04 ` [PATCH v3 02/85] SUNRPC: Prepare for xdr_stream-style decoding on the server-side Chuck Lever
2020-11-23 20:04 ` [PATCH v3 03/85] NFSD: Add common helpers to decode void args and encode void results Chuck Lever
2020-11-23 20:04 ` [PATCH v3 04/85] NFSD: Add tracepoints in nfsd_dispatch() Chuck Lever
2020-11-23 20:04 ` [PATCH v3 05/85] NFSD: Add tracepoints in Chuck Lever
2020-11-23 20:04 ` [PATCH v3 06/85] NFSD: Replace the internals of the READ_BUF() macro Chuck Lever
2020-11-23 20:04 ` [PATCH v3 07/85] NFSD: Replace READ* macros in nfsd4_decode_access() Chuck Lever
2020-11-23 20:04 ` [PATCH v3 08/85] NFSD: Replace READ* macros in nfsd4_decode_close() Chuck Lever
2020-11-23 20:04 ` [PATCH v3 09/85] NFSD: Replace READ* macros in nfsd4_decode_commit() Chuck Lever
2020-11-23 20:04 ` Chuck Lever [this message]
2020-11-23 20:04 ` [PATCH v3 11/85] NFSD: Replace READ* macros that decode the fattr4 size attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 12/85] NFSD: Replace READ* macros that decode the fattr4 acl attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 13/85] NFSD: Replace READ* macros that decode the fattr4 mode attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 14/85] NFSD: Replace READ* macros that decode the fattr4 owner attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 15/85] NFSD: Replace READ* macros that decode the fattr4 owner_group attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 16/85] NFSD: Replace READ* macros that decode the fattr4 time_set attributes Chuck Lever
2020-11-23 20:05 ` [PATCH v3 17/85] NFSD: Replace READ* macros that decode the fattr4 security label attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 18/85] NFSD: Replace READ* macros that decode the fattr4 umask attribute Chuck Lever
2020-11-23 20:05 ` [PATCH v3 19/85] NFSD: Replace READ* macros in nfsd4_decode_fattr() Chuck Lever
2020-11-23 20:05 ` [PATCH v3 20/85] NFSD: Replace READ* macros in nfsd4_decode_create() Chuck Lever
2020-11-23 20:05 ` [PATCH v3 21/85] NFSD: Replace READ* macros in nfsd4_decode_delegreturn() Chuck Lever
2020-11-23 20:05 ` [PATCH v3 22/85] NFSD: Replace READ* macros in nfsd4_decode_getattr() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 23/85] NFSD: Replace READ* macros in nfsd4_decode_link() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 24/85] NFSD: Relocate nfsd4_decode_opaque() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 25/85] NFSD: Add helpers to decode a clientid4 and an NFSv4 state owner Chuck Lever
2020-11-23 20:06 ` [PATCH v3 26/85] NFSD: Add helper for decoding locker4 Chuck Lever
2020-11-23 20:06 ` [PATCH v3 27/85] NFSD: Replace READ* macros in nfsd4_decode_lock() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 28/85] NFSD: Replace READ* macros in nfsd4_decode_lockt() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 29/85] NFSD: Replace READ* macros in nfsd4_decode_locku() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 30/85] NFSD: Replace READ* macros in nfsd4_decode_lookup() Chuck Lever
2020-11-23 20:06 ` [PATCH v3 31/85] NFSD: Add helper to decode NFSv4 verifiers Chuck Lever
2020-11-23 20:06 ` [PATCH v3 32/85] NFSD: Add helper to decode OPEN's createhow4 argument Chuck Lever
2020-11-23 20:06 ` [PATCH v3 33/85] NFSD: Add helper to decode OPEN's openflag4 argument Chuck Lever
2020-11-23 20:06 ` [PATCH v3 34/85] NFSD: Replace READ* macros in nfsd4_decode_share_access() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 35/85] NFSD: Replace READ* macros in nfsd4_decode_share_deny() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 36/85] NFSD: Add helper to decode OPEN's open_claim4 argument Chuck Lever
2020-11-23 20:07 ` [PATCH v3 37/85] NFSD: Replace READ* macros in nfsd4_decode_open() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 38/85] NFSD: Replace READ* macros in nfsd4_decode_open_confirm() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 39/85] NFSD: Replace READ* macros in nfsd4_decode_open_downgrade() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 40/85] NFSD: Replace READ* macros in nfsd4_decode_putfh() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 41/85] NFSD: Replace READ* macros in nfsd4_decode_read() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 42/85] NFSD: Replace READ* macros in nfsd4_decode_readdir() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 43/85] NFSD: Replace READ* macros in nfsd4_decode_remove() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 44/85] NFSD: Replace READ* macros in nfsd4_decode_rename() Chuck Lever
2020-11-23 20:07 ` [PATCH v3 45/85] NFSD: Replace READ* macros in nfsd4_decode_renew() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 46/85] NFSD: Replace READ* macros in nfsd4_decode_secinfo() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 47/85] NFSD: Replace READ* macros in nfsd4_decode_setattr() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 48/85] NFSD: Replace READ* macros in nfsd4_decode_setclientid() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 49/85] NFSD: Replace READ* macros in nfsd4_decode_setclientid_confirm() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 50/85] NFSD: Replace READ* macros in nfsd4_decode_verify() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 51/85] NFSD: Replace READ* macros in nfsd4_decode_write() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 52/85] NFSD: Replace READ* macros in nfsd4_decode_release_lockowner() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 53/85] NFSD: Replace READ* macros in nfsd4_decode_cb_sec() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 54/85] NFSD: Replace READ* macros in nfsd4_decode_backchannel_ctl() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 55/85] NFSD: Replace READ* macros in nfsd4_decode_bind_conn_to_session() Chuck Lever
2020-11-23 20:08 ` [PATCH v3 56/85] NFSD: Add a separate decoder to handle state_protect_ops Chuck Lever
2020-11-23 20:08 ` [PATCH v3 57/85] NFSD: Add a separate decoder for ssv_sp_parms Chuck Lever
2020-11-23 20:09 ` [PATCH v3 58/85] NFSD: Add a helper to decode state_protect4_a Chuck Lever
2020-11-23 20:09 ` [PATCH v3 59/85] NFSD: Add a helper to decode nfs_impl_id4 Chuck Lever
2020-11-23 20:09 ` [PATCH v3 60/85] NFSD: Add a helper to decode channel_attrs4 Chuck Lever
2020-11-23 20:09 ` [PATCH v3 61/85] NFSD: Replace READ* macros in nfsd4_decode_create_session() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 62/85] NFSD: Replace READ* macros in nfsd4_decode_destroy_session() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 63/85] NFSD: Replace READ* macros in nfsd4_decode_free_stateid() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 64/85] NFSD: Replace READ* macros in nfsd4_decode_getdeviceinfo() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 65/85] NFSD: Replace READ* macros in nfsd4_decode_layoutcommit() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 66/85] NFSD: Replace READ* macros in nfsd4_decode_layoutget() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 67/85] NFSD: Replace READ* macros in nfsd4_decode_layoutreturn() Chuck Lever
2020-11-23 20:09 ` [PATCH v3 68/85] NFSD: Replace READ* macros in nfsd4_decode_secinfo_no_name() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 69/85] NFSD: Replace READ* macros in nfsd4_decode_sequence() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 70/85] NFSD: Replace READ* macros in nfsd4_decode_test_stateid() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 71/85] NFSD: Replace READ* macros in nfsd4_decode_destroy_clientid() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 72/85] NFSD: Replace READ* macros in nfsd4_decode_reclaim_complete() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 73/85] NFSD: Replace READ* macros in nfsd4_decode_fallocate() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 74/85] NFSD: Replace READ* macros in nfsd4_decode_nl4_server() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 75/85] NFSD: Replace READ* macros in nfsd4_decode_copy() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 76/85] NFSD: Replace READ* macros in nfsd4_decode_copy_notify() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 77/85] NFSD: Replace READ* macros in nfsd4_decode_offload_status() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 78/85] NFSD: Replace READ* macros in nfsd4_decode_seek() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 79/85] NFSD: Replace READ* macros in nfsd4_decode_clone() Chuck Lever
2020-11-23 20:10 ` [PATCH v3 80/85] NFSD: Replace READ* macros in nfsd4_decode_xattr_name() Chuck Lever
2020-11-23 20:11 ` [PATCH v3 81/85] NFSD: Replace READ* macros in nfsd4_decode_setxattr() Chuck Lever
2020-11-23 20:11 ` [PATCH v3 82/85] NFSD: Replace READ* macros in nfsd4_decode_listxattrs() Chuck Lever
2020-11-23 20:11 ` [PATCH v3 83/85] NFSD: Make nfsd4_ops::opnum a u32 Chuck Lever
2020-11-23 20:11 ` [PATCH v3 84/85] NFSD: Replace READ* macros in nfsd4_decode_compound() Chuck Lever
2020-11-23 20:11 ` [PATCH v3 85/85] NFSD: Remove macros that are no longer used Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=160616189193.51996.3348726953277601601.stgit@klimt.1015granger.net \
    --to=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git