mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-28 07:13:34 +00:00
SUNRPC: Fix svcxdr_init_encode's buflen calculation
[ Upstream commit1242a87da0
] Commit2825a7f907
("nfsd4: allow encoding across page boundaries") added an explicit computation of the remaining length in the rq_res XDR buffer. The computation appears to suffer from an "off-by-one" bug. Because buflen is too large by one page, XDR encoding can run off the end of the send buffer by eventually trying to use the struct page address in rq_page_end, which always contains NULL. Fixes:bddfdbcddb
("NFSD: Extract the svcxdr_init_encode() helper") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
352cc3597b
commit
47e035f42e
1 changed files with 1 additions and 1 deletions
|
@ -587,7 +587,7 @@ static inline void svcxdr_init_encode(struct svc_rqst *rqstp)
|
||||||
xdr->end = resv->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
|
xdr->end = resv->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
|
||||||
buf->len = resv->iov_len;
|
buf->len = resv->iov_len;
|
||||||
xdr->page_ptr = buf->pages - 1;
|
xdr->page_ptr = buf->pages - 1;
|
||||||
buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages);
|
buf->buflen = PAGE_SIZE * (rqstp->rq_page_end - buf->pages);
|
||||||
buf->buflen -= rqstp->rq_auth_slack;
|
buf->buflen -= rqstp->rq_auth_slack;
|
||||||
xdr->rqst = NULL;
|
xdr->rqst = NULL;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue