From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Scott Mayhew <smayhew@redhat.com>,
"J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 4.9 084/101] nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
Date: Sun, 1 Jul 2018 18:22:10 +0200 [thread overview]
Message-ID: <20180701160800.521759316@linuxfoundation.org> (raw)
In-Reply-To: <20180701160757.138608453@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Scott Mayhew <smayhew@redhat.com>
commit 9c2ece6ef67e9d376f32823086169b489c422ed0 upstream.
nfsd4_readdir_rsize restricts rd_maxcount to svc_max_payload when
estimating the size of the readdir reply, but nfsd_encode_readdir
restricts it to INT_MAX when encoding the reply. This can result in log
messages like "kernel: RPC request reserved 32896 but used 1049444".
Restrict rd_dircount similarly (no reason it should be larger than
svc_max_payload).
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4xdr.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3638,7 +3638,8 @@ nfsd4_encode_readdir(struct nfsd4_compou
nfserr = nfserr_resource;
goto err_no_verf;
}
- maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX);
+ maxcount = svc_max_payload(resp->rqstp);
+ maxcount = min_t(u32, readdir->rd_maxcount, maxcount);
/*
* Note the rfc defines rd_maxcount as the size of the
* READDIR4resok structure, which includes the verifier above
@@ -3652,7 +3653,7 @@ nfsd4_encode_readdir(struct nfsd4_compou
/* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
if (!readdir->rd_dircount)
- readdir->rd_dircount = INT_MAX;
+ readdir->rd_dircount = svc_max_payload(resp->rqstp);
readdir->xdr = xdr;
readdir->rd_maxcount = maxcount;
next prev parent reply other threads:[~2018-07-01 18:05 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-01 16:20 [PATCH 4.9 000/101] 4.9.111-stable review Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 001/101] x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 002/101] x86/mce: Improve error message when kernel cannot recover Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 003/101] x86/mce: Check for alternate indication of machine check recovery on Skylake Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 004/101] x86/mce: Fix incorrect "Machine check from unknown source" message Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 005/101] x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 006/101] x86: Call fixup_exception() before notify_die() in math_error() Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 007/101] m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 008/101] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 009/101] signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 010/101] usb: do not reset if a low-speed or full-speed device timed out Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 012/101] ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Greg Kroah-Hartman
2018-07-01 16:20 ` [PATCH 4.9 013/101] ASoC: cirrus: i2s: Fix LRCLK configuration Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 015/101] clk: renesas: cpg-mssr: Stop using printk format %pCr Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 016/101] lib/vsprintf: Remove atomic-unsafe support for %pCr Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 017/101] mips: ftrace: fix static function graph tracing Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 018/101] branch-check: fix long->int truncation when profiling branches Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 019/101] ipmi:bt: Set the timeout before doing a capabilities check Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 020/101] Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 021/101] fuse: atomic_o_trunc should truncate pagecache Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 022/101] fuse: dont keep dead fuse_conn at fuse_fill_super() Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 023/101] fuse: fix control dir setup and teardown Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 024/101] powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 025/101] powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 026/101] powerpc/ptrace: Fix enforcement of DAWR constraints Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 027/101] powerpc/powernv/ioda2: Remove redundant free of TCE pages Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 028/101] cpuidle: powernv: Fix promotion from snooze if next state disabled Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 029/101] powerpc/fadump: Unregister fadump on kexec down path Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 030/101] ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 031/101] arm64: kpti: Use early_param for kpti= command-line option Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 032/101] arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 033/101] of: unittest: for strings, account for trailing \0 in property length field Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 034/101] IB/qib: Fix DMA api warning with debug kernel Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 035/101] IB/{hfi1, qib}: Add handling of kernel restart Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 036/101] IB/mlx5: Fetch soft WQEs on fatal error state Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 037/101] IB/isert: Fix for lib/dma_debug check_sync warning Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 038/101] IB/isert: fix T10-pi check mask setting Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 039/101] RDMA/mlx4: Discard unknown SQP work requests Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 040/101] mtd: cfi_cmdset_0002: Change write buffer to check correct value Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 041/101] mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 042/101] mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 043/101] mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 044/101] mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 046/101] PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 047/101] PCI: Add ACS quirk for Intel 300 series Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 048/101] PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 049/101] printk: fix possible reuse of va_list variable Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 050/101] MIPS: io: Add barrier after register read in inX() Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 052/101] X.509: unpack RSA signatureValue field from BIT STRING Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 053/101] Btrfs: fix return value on rename exchange failure Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 054/101] Btrfs: fix unexpected cow in run_delalloc_nocow Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 055/101] iio:buffer: make length types match kfifo types Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 056/101] scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 057/101] scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 058/101] scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 059/101] scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 060/101] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 061/101] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 062/101] scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 063/101] scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 064/101] linvdimm, pmem: Preserve read-only setting for pmem devices Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 065/101] clk: at91: PLL recalc_rate() now using cached MUL and DIV values Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 066/101] md: fix two problems with setting the "re-add" device state Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 067/101] rpmsg: smd: do not use mananged resources for endpoints and channels Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 068/101] ubi: fastmap: Cancel work upon detach Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 069/101] ubi: fastmap: Correctly handle interrupted erasures in EBA Greg Kroah-Hartman
2018-09-23 12:49 ` Lars Persson
2018-09-23 12:58 ` Richard Weinberger
2018-09-23 13:49 ` Lars Persson
2018-09-24 6:32 ` Richard Weinberger
2018-09-24 10:50 ` Greg KH
2018-10-09 6:56 ` Lars Persson
2018-07-01 16:21 ` [PATCH 4.9 070/101] UBIFS: Fix potential integer overflow in allocation Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 071/101] backlight: as3711_bl: Fix Device Tree node lookup Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 072/101] backlight: max8925_bl: " Greg Kroah-Hartman
2018-07-01 16:21 ` [PATCH 4.9 073/101] backlight: tps65217_bl: " Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 074/101] mfd: intel-lpss: Program REMAP register in PIO mode Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 075/101] perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 076/101] perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 077/101] perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 078/101] perf intel-pt: Fix MTC timing after overflow Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 079/101] perf intel-pt: Fix "Unexpected indirect branch" error Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 080/101] perf intel-pt: Fix packet decoding of CYC packets Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 081/101] media: v4l2-compat-ioctl32: prevent go past max size Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 082/101] media: cx231xx: Add support for AverMedia DVD EZMaker 7 Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 083/101] media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Greg Kroah-Hartman
2018-07-01 16:22 ` Greg Kroah-Hartman [this message]
2018-07-01 16:22 ` [PATCH 4.9 085/101] NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 086/101] NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 087/101] video: uvesafb: Fix integer overflow in allocation Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 088/101] Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 089/101] pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 090/101] rbd: flush rbd_dev->watch_dwork after watch is unregistered Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 091/101] mm: fix devmem_is_allowed() for sub-page System RAM intersections Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 092/101] xen: Remove unnecessary BUG_ON from __unbind_from_irq() Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 093/101] udf: Detect incorrect directory size Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 094/101] Input: elan_i2c_smbus - fix more potential stack buffer overflows Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 095/101] Input: elantech - enable middle button of touchpads on ThinkPad P52 Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 096/101] Input: elantech - fix V4 report decoding for module with middle key Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 097/101] ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 098/101] ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 099/101] block: Fix transfer when chunk sectors exceeds max Greg Kroah-Hartman
2018-07-01 16:22 ` [PATCH 4.9 100/101] dm thin: handle running out of data space vs concurrent discard Greg Kroah-Hartman
2018-07-01 19:39 ` [PATCH 4.9 000/101] 4.9.111-stable review Nathan Chancellor
2018-07-02 9:57 ` Geert Uytterhoeven
2018-07-02 10:24 ` Greg KH
2018-07-02 16:47 ` Linus Torvalds
2018-07-03 6:33 ` Greg Kroah-Hartman
2018-07-02 13:47 ` Naresh Kamboju
2018-07-02 16:32 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180701160800.521759316@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bfields@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=smayhew@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).