All of lore.kernel.org
 help / color / mirror / Atom feed
From: Olga Kornievskaia <olga.kornievskaia@gmail.com>
To: trond.myklebust@hammerspace.com, anna.schumaker@netapp.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 1/1] NFSv4.2: fix LISTXATTR buffer receive size
Date: Fri, 13 Nov 2020 14:08:51 -0500	[thread overview]
Message-ID: <20201113190851.7817-1-olga.kornievskaia@gmail.com> (raw)

From: Olga Kornievskaia <kolga@netapp.com>

xfstest generic/013 over on a NFSoRDMA over SoftRoCE or iWarp panics
and running with KASAN reports:

[  216.018711] BUG: KASAN: wild-memory-access in rpcrdma_complete_rqst+0x447/0x6e0 [rpcrdma]
[  216.024195] Write of size 12 at addr 0005088000000000 by task kworker/1:1H/480
[  216.028820]
[  216.029776] CPU: 1 PID: 480 Comm: kworker/1:1H Not tainted 5.8.0-rc5+ #37
[  216.034247] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 02/27/2020
[  216.040604] Workqueue: ib-comp-wq ib_cq_poll_work [ib_core]
[  216.043739] Call Trace:
[  216.045014]  dump_stack+0x7c/0xb0
[  216.046757]  ? rpcrdma_complete_rqst+0x447/0x6e0 [rpcrdma]
[  216.050008]  ? rpcrdma_complete_rqst+0x447/0x6e0 [rpcrdma]
[  216.053091]  kasan_report.cold.10+0x6a/0x85
[  216.055703]  ? rpcrdma_complete_rqst+0x447/0x6e0 [rpcrdma]
[  216.058979]  check_memory_region+0x183/0x1e0
[  216.061933]  memcpy+0x38/0x60
[  216.064077]  rpcrdma_complete_rqst+0x447/0x6e0 [rpcrdma]
[  216.067502]  ? rpcrdma_reset_cwnd+0x70/0x70 [rpcrdma]
[  216.070268]  ? recalibrate_cpu_khz+0x10/0x10
[  216.072585]  ? rpcrdma_reply_handler+0x604/0x6e0 [rpcrdma]
[  216.075469]  __ib_process_cq+0xa7/0x220 [ib_core]
[  216.078077]  ib_cq_poll_work+0x31/0xb0 [ib_core]
[  216.080451]  process_one_work+0x387/0x6c0
[  216.082498]  worker_thread+0x57/0x5a0
[  216.084425]  ? process_one_work+0x6c0/0x6c0
[  216.086583]  kthread+0x1ca/0x200
[  216.088775]  ? kthread_create_on_node+0xc0/0xc0
[  216.091847]  ret_from_fork+0x22/0x30

Fixes: 6c2190b3fcbc ("NFS: Fix listxattr receive buffer size")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 fs/nfs/nfs42xdr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
index 6e060a8..e88bc7a 100644
--- a/fs/nfs/nfs42xdr.c
+++ b/fs/nfs/nfs42xdr.c
@@ -196,7 +196,8 @@
 				 1 + nfs4_xattr_name_maxsz + 1)
 #define decode_setxattr_maxsz   (op_decode_hdr_maxsz + decode_change_info_maxsz)
 #define encode_listxattrs_maxsz  (op_encode_hdr_maxsz + 2 + 1)
-#define decode_listxattrs_maxsz  (op_decode_hdr_maxsz + 2 + 1 + 1 + 1)
+#define decode_listxattrs_maxsz  (op_decode_hdr_maxsz + 2 + 1 + 1 + \
+				  XDR_QUADLEN(NFS4_OPAQUE_LIMIT))
 #define encode_removexattr_maxsz (op_encode_hdr_maxsz + 1 + \
 				  nfs4_xattr_name_maxsz)
 #define decode_removexattr_maxsz (op_decode_hdr_maxsz + \
-- 
1.8.3.1


             reply	other threads:[~2020-11-13 19:08 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-13 19:08 Olga Kornievskaia [this message]
2020-11-13 20:34 ` [PATCH 1/1] NFSv4.2: fix LISTXATTR buffer receive size Chuck Lever
2020-11-18 21:44   ` Olga Kornievskaia
2020-11-18 22:16     ` Trond Myklebust
2020-11-19 14:37     ` Chuck Lever
2020-11-19 15:09       ` Olga Kornievskaia
2020-11-19 16:19         ` Chuck Lever
2020-11-19 23:26           ` Frank van der Linden
2020-11-20 16:37             ` Olga Kornievskaia
2020-11-23 16:42               ` Olga Kornievskaia
2020-11-23 17:37                 ` Chuck Lever
2020-11-23 17:59                   ` Olga Kornievskaia
2020-11-23 18:09                     ` Chuck Lever
2020-11-23 23:14                       ` Olga Kornievskaia
2020-11-23 18:20                   ` Frank van der Linden
2020-11-23 17:38                 ` Frank van der Linden
2020-11-23 17:49                   ` Chuck Lever
2020-11-23 17:56                   ` Chuck Lever
2020-11-23 18:05                   ` Olga Kornievskaia
2020-11-23 19:24                   ` [UNVERIFIED SENDER] " Frank van der Linden

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201113190851.7817-1-olga.kornievskaia@gmail.com \
    --to=olga.kornievskaia@gmail.com \
    --cc=anna.schumaker@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.