1. 28 6月, 2014 1 次提交
    • J
      nfsd: fix rare symlink decoding bug · 76f47128
      J. Bruce Fields 提交于
      An NFS operation that creates a new symlink includes the symlink data,
      which is xdr-encoded as a length followed by the data plus 0 to 3 bytes
      of zero-padding as required to reach a 4-byte boundary.
      
      The vfs, on the other hand, wants null-terminated data.
      
      The simple way to handle this would be by copying the data into a newly
      allocated buffer with space for the final null.
      
      The current nfsd_symlink code tries to be more clever by skipping that
      step in the (likely) case where the byte following the string is already
      0.
      
      But that assumes that the byte following the string is ours to look at.
      In fact, it might be the first byte of a page that we can't read, or of
      some object that another task might modify.
      
      Worse, the NFSv4 code tries to fix the problem by actually writing to
      that byte.
      
      In the NFSv2/v3 cases this actually appears to be safe:
      
      	- nfs3svc_decode_symlinkargs explicitly null-terminates the data
      	  (after first checking its length and copying it to a new
      	  page).
      	- NFSv2 limits symlinks to 1k.  The buffer holding the rpc
      	  request is always at least a page, and the link data (and
      	  previous fields) have maximum lengths that prevent the request
      	  from reaching the end of a page.
      
      In the NFSv4 case the CREATE op is potentially just one part of a long
      compound so can end up on the end of a page if you're unlucky.
      
      The minimal fix here is to copy and null-terminate in the NFSv4 case.
      The nfsd_symlink() interface here seems too fragile, though.  It should
      really either do the copy itself every time or just require a
      null-terminated string.
      Reported-by: NJeff Layton <jlayton@primarydata.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      76f47128
  2. 07 6月, 2014 1 次提交
    • J
      nfsd4: simplify server xdr->next_page use · 05638dc7
      J. Bruce Fields 提交于
      The rpc code makes available to the NFS server an array of pages to
      encod into.  The server represents its reply as an xdr buf, with the
      head pointing into the first page in that array, the pages ** array
      starting just after that, and the tail (if any) sharing any leftover
      space in the page used by the head.
      
      While encoding, we use xdr_stream->page_ptr to keep track of which page
      we're currently using.
      
      Currently we set xdr_stream->page_ptr to buf->pages, which makes the
      head a weird exception to the rule that page_ptr always points to the
      page we're currently encoding into.  So, instead set it to buf->pages -
      1 (the page actually containing the head), and remove the need for a
      little unintuitive logic in xdr_get_next_encode_buffer() and
      xdr_truncate_encode.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      05638dc7
  3. 05 6月, 2014 2 次提交
  4. 31 5月, 2014 10 次提交
  5. 29 5月, 2014 3 次提交
  6. 27 5月, 2014 1 次提交
  7. 23 5月, 2014 8 次提交
  8. 07 5月, 2014 1 次提交
  9. 30 3月, 2014 1 次提交
    • K
      NFSD: Clear wcc data between compound ops · 2336745e
      Kinglong Mee 提交于
      Testing NFS4.0 by pynfs, I got some messeages as,
      "nfsd: inode locked twice during operation."
      
      When one compound RPC contains two or more ops that locks
      the filehandle,the second op will cause the message.
      
      As two SETATTR ops, after the first SETATTR, nfsd will not call
      fh_put() to release current filehandle, it means filehandle have
      unlocked with fh_post_saved = 1.
      The second SETATTR find fh_post_saved = 1, and printk the message.
      
      v2: introduce helper fh_clear_wcc().
      Signed-off-by: NKinglong Mee <kinglongmee@gmail.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      2336745e
  10. 29 3月, 2014 2 次提交
  11. 28 3月, 2014 1 次提交
  12. 28 1月, 2014 2 次提交
  13. 26 1月, 2014 1 次提交
  14. 08 1月, 2014 1 次提交
  15. 04 1月, 2014 1 次提交
  16. 03 1月, 2014 1 次提交
  17. 08 8月, 2013 1 次提交
  18. 13 7月, 2013 1 次提交
    • J
      nfsd4: fix minorversion support interface · 35f7a14f
      J. Bruce Fields 提交于
      You can turn on or off support for minorversions using e.g.
      
      	echo "-4.2" >/proc/fs/nfsd/versions
      
      However, the current implementation is a little wonky.  For example, the
      above will turn off 4.2 support, but it will also turn *on* 4.1 support.
      
      This didn't matter as long as we only had 2 minorversions, which was
      true till very recently.
      
      And do a little cleanup here.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      35f7a14f
  19. 02 7月, 2013 1 次提交