From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Andy Adamson <andros@netapp.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: [26/48] NFSv4: include bitmap in nfsv4 get acl data
Date: Mon, 16 Jan 2012 10:44:53 -0800 [thread overview]
Message-ID: <20120116184517.965365790@clark.kroah.org> (raw)
In-Reply-To: <20120116184527.GA11972@kroah.com>
3.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Adamson <andros@netapp.com>
commit bf118a342f10dafe44b14451a1392c3254629a1f upstream.
The NFSv4 bitmap size is unbounded: a server can return an arbitrary
sized bitmap in an FATTR4_WORD0_ACL request. Replace using the
nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server
with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data
xdr length to the (cached) acl page data.
This is a general solution to commit e5012d1f "NFSv4.1: update
nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead
when getting ACLs.
Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr
was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/nfs/nfs4proc.c | 96 ++++++++++++++++++++++++++-------------------
fs/nfs/nfs4xdr.c | 31 ++++++++++----
include/linux/nfs_xdr.h | 5 ++
include/linux/sunrpc/xdr.h | 2
net/sunrpc/xdr.c | 3 -
5 files changed, 89 insertions(+), 48 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3442,19 +3442,6 @@ static inline int nfs4_server_supports_a
*/
#define NFS4ACL_MAXPAGES (XATTR_SIZE_MAX >> PAGE_CACHE_SHIFT)
-static void buf_to_pages(const void *buf, size_t buflen,
- struct page **pages, unsigned int *pgbase)
-{
- const void *p = buf;
-
- *pgbase = offset_in_page(buf);
- p -= *pgbase;
- while (p < buf + buflen) {
- *(pages++) = virt_to_page(p);
- p += PAGE_CACHE_SIZE;
- }
-}
-
static int buf_to_pages_noslab(const void *buf, size_t buflen,
struct page **pages, unsigned int *pgbase)
{
@@ -3551,9 +3538,19 @@ out:
nfs4_set_cached_acl(inode, acl);
}
+/*
+ * The getxattr API returns the required buffer length when called with a
+ * NULL buf. The NFSv4 acl tool then calls getxattr again after allocating
+ * the required buf. On a NULL buf, we send a page of data to the server
+ * guessing that the ACL request can be serviced by a page. If so, we cache
+ * up to the page of ACL data, and the 2nd call to getxattr is serviced by
+ * the cache. If not so, we throw away the page, and cache the required
+ * length. The next getxattr call will then produce another round trip to
+ * the server, this time with the input buf of the required size.
+ */
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
{
- struct page *pages[NFS4ACL_MAXPAGES];
+ struct page *pages[NFS4ACL_MAXPAGES] = {NULL, };
struct nfs_getaclargs args = {
.fh = NFS_FH(inode),
.acl_pages = pages,
@@ -3568,41 +3565,60 @@ static ssize_t __nfs4_get_acl_uncached(s
.rpc_argp = &args,
.rpc_resp = &res,
};
- struct page *localpage = NULL;
- int ret;
+ int ret = -ENOMEM, npages, i, acl_len = 0;
- if (buflen < PAGE_SIZE) {
- /* As long as we're doing a round trip to the server anyway,
- * let's be prepared for a page of acl data. */
- localpage = alloc_page(GFP_KERNEL);
- resp_buf = page_address(localpage);
- if (localpage == NULL)
- return -ENOMEM;
- args.acl_pages[0] = localpage;
- args.acl_pgbase = 0;
- args.acl_len = PAGE_SIZE;
- } else {
- resp_buf = buf;
- buf_to_pages(buf, buflen, args.acl_pages, &args.acl_pgbase);
+ npages = (buflen + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ /* As long as we're doing a round trip to the server anyway,
+ * let's be prepared for a page of acl data. */
+ if (npages == 0)
+ npages = 1;
+
+ for (i = 0; i < npages; i++) {
+ pages[i] = alloc_page(GFP_KERNEL);
+ if (!pages[i])
+ goto out_free;
}
- ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode), &msg, &args.seq_args, &res.seq_res, 0);
+ if (npages > 1) {
+ /* for decoding across pages */
+ args.acl_scratch = alloc_page(GFP_KERNEL);
+ if (!args.acl_scratch)
+ goto out_free;
+ }
+ args.acl_len = npages * PAGE_SIZE;
+ args.acl_pgbase = 0;
+ /* Let decode_getfacl know not to fail if the ACL data is larger than
+ * the page we send as a guess */
+ if (buf == NULL)
+ res.acl_flags |= NFS4_ACL_LEN_REQUEST;
+ resp_buf = page_address(pages[0]);
+
+ dprintk("%s buf %p buflen %ld npages %d args.acl_len %ld\n",
+ __func__, buf, buflen, npages, args.acl_len);
+ ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode),
+ &msg, &args.seq_args, &res.seq_res, 0);
if (ret)
goto out_free;
- if (res.acl_len > args.acl_len)
- nfs4_write_cached_acl(inode, NULL, res.acl_len);
+
+ acl_len = res.acl_len - res.acl_data_offset;
+ if (acl_len > args.acl_len)
+ nfs4_write_cached_acl(inode, NULL, acl_len);
else
- nfs4_write_cached_acl(inode, resp_buf, res.acl_len);
+ nfs4_write_cached_acl(inode, resp_buf + res.acl_data_offset,
+ acl_len);
if (buf) {
ret = -ERANGE;
- if (res.acl_len > buflen)
+ if (acl_len > buflen)
goto out_free;
- if (localpage)
- memcpy(buf, resp_buf, res.acl_len);
+ _copy_from_pages(buf, pages, res.acl_data_offset,
+ res.acl_len);
}
- ret = res.acl_len;
+ ret = acl_len;
out_free:
- if (localpage)
- __free_page(localpage);
+ for (i = 0; i < npages; i++)
+ if (pages[i])
+ __free_page(pages[i]);
+ if (args.acl_scratch)
+ __free_page(args.acl_scratch);
return ret;
}
@@ -3633,6 +3649,8 @@ static ssize_t nfs4_proc_get_acl(struct
nfs_zap_acl_cache(inode);
ret = nfs4_read_cached_acl(inode, buf, buflen);
if (ret != -ENOENT)
+ /* -ENOENT is returned if there is no ACL or if there is an ACL
+ * but no cached acl data, just the acl length */
return ret;
return nfs4_get_acl_uncached(inode, buf, buflen);
}
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -2517,11 +2517,13 @@ static void nfs4_xdr_enc_getacl(struct r
encode_compound_hdr(xdr, req, &hdr);
encode_sequence(xdr, &args->seq_args, &hdr);
encode_putfh(xdr, args->fh, &hdr);
- replen = hdr.replen + op_decode_hdr_maxsz + nfs4_fattr_bitmap_maxsz + 1;
+ replen = hdr.replen + op_decode_hdr_maxsz + 1;
encode_getattr_two(xdr, FATTR4_WORD0_ACL, 0, &hdr);
xdr_inline_pages(&req->rq_rcv_buf, replen << 2,
args->acl_pages, args->acl_pgbase, args->acl_len);
+ xdr_set_scratch_buffer(xdr, page_address(args->acl_scratch), PAGE_SIZE);
+
encode_nops(&hdr);
}
@@ -4957,17 +4959,18 @@ decode_restorefh(struct xdr_stream *xdr)
}
static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
- size_t *acl_len)
+ struct nfs_getaclres *res)
{
- __be32 *savep;
+ __be32 *savep, *bm_p;
uint32_t attrlen,
bitmap[3] = {0};
struct kvec *iov = req->rq_rcv_buf.head;
int status;
- *acl_len = 0;
+ res->acl_len = 0;
if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0)
goto out;
+ bm_p = xdr->p;
if ((status = decode_attr_bitmap(xdr, bitmap)) != 0)
goto out;
if ((status = decode_attr_length(xdr, &attrlen, &savep)) != 0)
@@ -4979,18 +4982,30 @@ static int decode_getacl(struct xdr_stre
size_t hdrlen;
u32 recvd;
+ /* The bitmap (xdr len + bitmaps) and the attr xdr len words
+ * are stored with the acl data to handle the problem of
+ * variable length bitmaps.*/
+ xdr->p = bm_p;
+ res->acl_data_offset = be32_to_cpup(bm_p) + 2;
+ res->acl_data_offset <<= 2;
+
/* We ignore &savep and don't do consistency checks on
* the attr length. Let userspace figure it out.... */
hdrlen = (u8 *)xdr->p - (u8 *)iov->iov_base;
+ attrlen += res->acl_data_offset;
recvd = req->rq_rcv_buf.len - hdrlen;
if (attrlen > recvd) {
- dprintk("NFS: server cheating in getattr"
- " acl reply: attrlen %u > recvd %u\n",
+ if (res->acl_flags & NFS4_ACL_LEN_REQUEST) {
+ /* getxattr interface called with a NULL buf */
+ res->acl_len = attrlen;
+ goto out;
+ }
+ dprintk("NFS: acl reply: attrlen %u > recvd %u\n",
attrlen, recvd);
return -EINVAL;
}
xdr_read_pages(xdr, attrlen);
- *acl_len = attrlen;
+ res->acl_len = attrlen;
} else
status = -EOPNOTSUPP;
@@ -6028,7 +6043,7 @@ nfs4_xdr_dec_getacl(struct rpc_rqst *rqs
status = decode_putfh(xdr);
if (status)
goto out;
- status = decode_getacl(xdr, rqstp, &res->acl_len);
+ status = decode_getacl(xdr, rqstp, res);
out:
return status;
--- a/include/linux/nfs_xdr.h
+++ b/include/linux/nfs_xdr.h
@@ -602,11 +602,16 @@ struct nfs_getaclargs {
size_t acl_len;
unsigned int acl_pgbase;
struct page ** acl_pages;
+ struct page * acl_scratch;
struct nfs4_sequence_args seq_args;
};
+/* getxattr ACL interface flags */
+#define NFS4_ACL_LEN_REQUEST 0x0001 /* zero length getxattr buffer */
struct nfs_getaclres {
size_t acl_len;
+ size_t acl_data_offset;
+ int acl_flags;
struct nfs4_sequence_res seq_res;
};
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -191,6 +191,8 @@ extern int xdr_decode_array2(struct xdr_
struct xdr_array2_desc *desc);
extern int xdr_encode_array2(struct xdr_buf *buf, unsigned int base,
struct xdr_array2_desc *desc);
+extern void _copy_from_pages(char *p, struct page **pages, size_t pgbase,
+ size_t len);
/*
* Provide some simple tools for XDR buffer overflow-checking etc.
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -296,7 +296,7 @@ _copy_to_pages(struct page **pages, size
* Copies data into an arbitrary memory location from an array of pages
* The copy is assumed to be non-overlapping.
*/
-static void
+void
_copy_from_pages(char *p, struct page **pages, size_t pgbase, size_t len)
{
struct page **pgfrom;
@@ -324,6 +324,7 @@ _copy_from_pages(char *p, struct page **
} while ((len -= copy) != 0);
}
+EXPORT_SYMBOL_GPL(_copy_from_pages);
/*
* xdr_shrink_bufhead
next prev parent reply other threads:[~2012-01-16 18:51 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-16 18:45 [00/48] 3.1.10-stable review Greg KH
2012-01-16 18:44 ` [01/48] mtdoops: fix the oops_page_used array size Greg KH
2012-01-16 18:44 ` [02/48] mtd: mtdoops: skip reading initially bad blocks Greg KH
2012-01-16 18:44 ` [03/48] mtd: mtd_blkdevs: dont increase open count on error path Greg KH
2012-01-16 18:44 ` [04/48] mtd: tests: stresstest: bail out if device has not enough eraseblocks Greg KH
2012-01-16 18:44 ` [05/48] drivers/rtc/interface.c: fix alarm rollover when day or month is out-of-range Greg KH
2012-01-16 18:44 ` [06/48] ext4: fix undefined behavior in ext4_fill_flex_info() Greg KH
2012-01-16 18:44 ` [07/48] ALSA: snd-usb-us122l: Delete calls to preempt_disable Greg KH
2012-01-16 18:44 ` [08/48] ALSA: HDA: Fix master control for Cirrus Logic 421X Greg KH
2012-01-16 18:44 ` [09/48] ALSA: HDA: Fix automute for Cirrus Logic 421x Greg KH
2012-01-16 18:44 ` [10/48] ALSA: ice1724 - Check for ac97 to avoid kernel oops Greg KH
2012-01-16 18:44 ` [11/48] ALSA: hda - Use auto-parser for HP laptops with cx20459 codec Greg KH
2012-01-16 18:44 ` [12/48] ALSA: hda - Return the error from get_wcaps_type() for invalid NIDs Greg KH
2012-01-16 18:44 ` [13/48] ALSA: hda - Fix the detection of "Loopback Mixing" control for VIA codecs Greg KH
2012-01-16 18:44 ` [14/48] ALSA: hda - Fix the lost power-setup of seconary pins after PM resume Greg KH
2012-01-16 18:44 ` [15/48] KVM guest: prevent tracing recursion with kvmclock Greg KH
2012-01-16 18:44 ` [16/48] KVM: x86: Prevent starting PIT timers in the absence of irqchip support Greg KH
2012-01-16 18:44 ` [17/48] KVM: Remove ability to assign a device without iommu support Greg KH
2012-01-16 18:44 ` [18/48] KVM: Device assignment permission checks Greg KH
2012-01-16 18:44 ` [19/48] [PATCH] ideapad: Check if acpi already handle backlight power to avoid a page fault Greg KH
2012-01-16 18:44 ` [20/48] drm/radeon/kms: workaround invalid AVI infoframe checksum issue Greg KH
2012-01-16 18:44 ` [21/48] drm/radeon/kms: disable writeback on pre-R300 asics Greg KH
2012-01-16 18:44 ` [22/48] radeon: Fix disabling PCI bus mastering on big endian hosts Greg KH
2012-01-16 18:44 ` [23/48] NFS: Retry mounting NFSROOT Greg KH
2012-01-16 18:44 ` [24/48] NFSv4.1: fix backchannel slotid off-by-one bug Greg KH
2012-01-16 18:44 ` [25/48] NFS - fix recent breakage to NFS error handling Greg KH
2012-01-16 18:44 ` Greg KH [this message]
2012-01-16 18:44 ` [27/48] nfs: fix regression in handling of context= option in NFSv4 Greg KH
2012-01-16 18:44 ` [28/48] HID: bump maximum global item tag report size to 96 bytes Greg KH
2012-01-16 18:44 ` [29/48] HID: wiimote: Select INPUT_FF_MEMLESS Greg KH
2012-01-17 1:55 ` Paul Gortmaker
2012-01-17 6:37 ` David Herrmann
2012-01-17 8:33 ` Dan Carpenter
2012-01-17 17:09 ` Greg KH
2012-01-16 18:44 ` [30/48] UBI: fix missing scrub when there is a bit-flip Greg KH
2012-01-16 18:44 ` [31/48] UBI: fix use-after-free on error path Greg KH
2012-01-16 18:44 ` [32/48] PCI: Fix PCI_EXP_TYPE_RC_EC value Greg KH
2012-01-16 18:45 ` [33/48] PCI: msi: Disable msi interrupts when we initialize a pci device Greg KH
2012-01-16 18:45 ` [34/48] x86/PCI: Ignore CPU non-addressable _CRS reserved memory resources Greg KH
2012-01-16 18:45 ` [35/48] x86/PCI: amd: factor out MMCONFIG discovery Greg KH
2012-01-16 18:45 ` [36/48] x86/PCI: build amd_bus.o only when CONFIG_AMD_NB=y Greg KH
2012-01-16 18:45 ` [37/48] SCSI: mpt2sas: Release spinlock for the raid device list before blocking it Greg KH
2012-01-16 18:45 ` [38/48] SCSI: mpt2sas : Fix for memory allocation error for large host credits Greg KH
2012-01-16 18:45 ` [39/48] xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX Greg KH
2012-01-16 18:45 ` [40/48] md/raid1: perform bad-block tests for WriteMostly devices too Greg KH
2012-01-16 18:45 ` [41/48] ima: free duplicate measurement memory Greg KH
2012-01-16 18:45 ` [42/48] ima: fix invalid memory reference Greg KH
2012-01-16 18:45 ` [43/48] slub: fix a possible memleak in __slab_alloc() Greg KH
2012-01-16 18:45 ` [44/48] PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB Greg KH
2012-01-16 18:45 ` [45/48] rtl8192se: Fix BUG caused by failure to check skb allocation Greg KH
2012-01-16 18:45 ` [46/48] mac80211: fix rx->key NULL pointer dereference in promiscuous mode Greg KH
2012-01-16 18:45 ` [47/48] memcg: add mem_cgroup_replace_page_cache() to fix LRU issue Greg KH
2012-01-16 18:45 ` [48/48] x86: Fix mmap random address range Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120116184517.965365790@clark.kroah.org \
--to=gregkh@suse.de \
--cc=Trond.Myklebust@netapp.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andros@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).