linux_old1/fs/nfsd
Neil Brown 2bc3c1179c nfsd4: bug in read_buf
When read_buf is called to move over to the next page in the pagelist
of an NFSv4 request, it sets argp->end to essentially a random
number, certainly not an address within the page which argp->p now
points to.  So subsequent calls to READ_BUF will think there is much
more than a page of spare space (the cast to u32 ensures an unsigned
comparison) so we can expect to fall off the end of the second
page.

We never encountered thsi in testing because typically the only
operations which use more than two pages are write-like operations,
which have their own decoding logic.  Something like a getattr after a
write may cross a page boundary, but it would be very unusual for it to
cross another boundary after that.

Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2010-04-26 15:39:08 -04:00
..
Kconfig nfsd : Define NFSD only when FILE_LOCKING is enabled 2009-03-18 17:30:48 -04:00
Makefile knfsd: trivial makefile cleanup 2007-05-09 12:30:54 -07:00
auth.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
auth.h nfsd: minor fs/nfsd/auth.h cleanup 2008-02-01 16:42:05 -05:00
cache.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
export.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
lockd.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfs2acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs3acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs3proc.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfs3xdr.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfs4acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4callback.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4idmap.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4proc.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4recover.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4state.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs4xdr.c nfsd4: bug in read_buf 2010-04-26 15:39:08 -04:00
nfscache.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfsctl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfsd.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfsfh.c nfsd: fix "insecure" export option 2009-12-20 20:19:51 -08:00
nfsfh.h nfsd: move most of nfsfh.h to fs/nfsd 2009-12-15 15:01:46 -05:00
nfsproc.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfssvc.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
nfsxdr.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
state.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
stats.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
vfs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
vfs.h nfsd: move most of nfsfh.h to fs/nfsd 2009-12-15 15:01:46 -05:00
xdr.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
xdr3.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
xdr4.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00