mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 01:51:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/nfsd
History
Chuck Lever 640f87c190 NFSD: Protect against send buffer overflow in NFSv3 READDIR 
Since before the git era, NFSD has conserved the number of pages
held by each nfsd thread by combining the RPC receive and send
buffers into a single array of pages. This works because there are
no cases where an operation needs a large RPC Call message and a
large RPC Reply message at the same time.

Once an RPC Call has been received, svc_process() updates
svc_rqst::rq_res to describe the part of rq_pages that can be
used for constructing the Reply. This means that the send buffer
(rq_res) shrinks when the received RPC record containing the RPC
Call is large.

A client can force this shrinkage on TCP by sending a correctly-
formed RPC Call header contained in an RPC record that is
excessively large. The full maximum payload size cannot be
constructed in that case.

Thanks to Aleksi Illikainen and Kari Hulkko for uncovering this
issue.

Reported-by: Ben Ronallo <Benjamin.Ronallo@synopsys.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2022-09-26 14:02:26 -04:00
..
acl.h NFSD: add posix ACLs to struct nfsd_attrs 2022-08-04 10:28:03 -04:00
auth.c
auth.h
blocklayout.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
blocklayoutxdr.c
blocklayoutxdr.h
cache.h
current_stateid.h
export.c fs: add is_idmapped_mnt() helper 2021-12-03 18:44:06 +01:00
export.h
fault_inject.c
filecache.c NFSD 6.0 Release Notes 2022-08-09 14:56:49 -07:00
filecache.h NFSD: Ensure nf_inode is never dereferenced 2022-07-29 20:16:56 -04:00
flexfilelayout.c nfsd: use correct format characters 2022-03-17 19:47:38 -04:00
flexfilelayoutxdr.c
flexfilelayoutxdr.h
idmap.h
Kconfig NFSD: Remove CONFIG_NFSD_V3 2022-03-11 10:25:14 -05:00
lockd.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
Makefile NFSD: Remove CONFIG_NFSD_V3 2022-03-11 10:25:14 -05:00
netns.h NFSD: limit the number of v4 clients to 1024 per 1GB of system memory 2022-07-29 20:16:56 -04:00
nfs2acl.c NFSD: use (un)lock_inode instead of fh_(un)lock for file operations 2022-08-04 10:28:41 -04:00
nfs3acl.c NFSD: use (un)lock_inode instead of fh_(un)lock for file operations 2022-08-04 10:28:41 -04:00
nfs3proc.c NFSD: Protect against send buffer overflow in NFSv3 READDIR 2022-09-26 14:02:26 -04:00
nfs3xdr.c NFSD: Deprecate NFS_OFFSET_MAX 2022-02-09 09:24:40 -05:00
nfs4acl.c NFSD: add posix ACLs to struct nfsd_attrs 2022-08-04 10:28:03 -04:00
nfs4callback.c NFSD: Move copy offload callback arguments into a separate structure 2022-07-29 20:17:00 -04:00
nfs4idmap.c NFSD: move from strlcpy with unused retval to strscpy 2022-09-26 14:02:20 -04:00
nfs4layouts.c nfsd: fix using the correct variable for sizeof() 2022-03-20 12:49:38 -04:00
nfs4proc.c NFSD: remove redundant variable status 2022-09-26 14:02:21 -04:00
nfs4recover.c nfsd: Propagate some error code returned by memdup_user() 2022-09-26 14:02:22 -04:00
nfs4state.c NFSD: use (un)lock_inode instead of fh_(un)lock for file operations 2022-08-04 10:28:41 -04:00
nfs4xdr.c NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND 2022-09-26 14:02:25 -04:00
nfscache.c mm: shrinkers: provide shrinkers with names 2022-07-03 18:08:40 -07:00
nfsctl.c nfsd: silence extraneous printk on nfsd.ko insertion 2022-07-29 20:16:56 -04:00
nfsd.h NFSD: limit the number of v4 clients to 1024 per 1GB of system memory 2022-07-29 20:16:56 -04:00
nfsfh.c NFSD: discard fh_locked flag and fh_lock/fh_unlock 2022-08-04 10:28:48 -04:00
nfsfh.h NFSD: discard fh_locked flag and fh_lock/fh_unlock 2022-08-04 10:28:48 -04:00
nfsproc.c NFSD: Protect against send buffer overflow in NFSv2 READDIR 2022-09-26 14:02:26 -04:00
nfssvc.c NFSD: move from strlcpy with unused retval to strscpy 2022-09-26 14:02:20 -04:00
nfsxdr.c SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
pnfs.h
state.h NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND 2022-09-26 14:02:25 -04:00
stats.c nfsd: make nfsd_stats.th_cnt atomic_t 2021-12-13 13:42:51 -05:00
stats.h nfsd: make nfsd_stats.th_cnt atomic_t 2021-12-13 13:42:51 -05:00
trace.c
trace.h NFSD: Move nfsd_file_trace_alloc() tracepoint 2022-07-29 20:16:07 -04:00
vfs.c fix for nfsd regression caused by iov_iter stuff this window 2022-09-13 15:11:38 +02:00
vfs.h NFSD: add posix ACLs to struct nfsd_attrs 2022-08-04 10:28:03 -04:00
xdr.h NFSD: prevent underflow in nfssvc_decode_writeargs() 2022-03-15 09:35:56 -04:00
xdr3.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
xdr4.h NFSD: verify the opened dentry after setting a delegation 2022-07-29 20:17:00 -04:00
xdr4cb.h