• Weston Andros Adamson's avatar
    NFSv4.1: Don't decode skipped layoutgets · 085b7a45
    Weston Andros Adamson authored
    layoutget's prepare hook can call rpc_exit with status = NFS4_OK (0).
    Because of this, nfs4_proc_layoutget can't depend on a 0 status to mean
    that the RPC was successfully sent, received and parsed.
    
    To fix this, use the result's len member to see if parsing took place.
    
    This fixes the following OOPS -- calling xdr_init_decode() with a buffer length
    0 doesn't set the stream's 'p' member and ends up using uninitialized memory
    in filelayout_decode_layout.
    
    BUG: unable to handle kernel paging request at 0000000000008050
    IP: [<ffffffff81282e78>] memcpy+0x18/0x120
    PGD 0
    Oops: 0000 [#1] SMP
    last sysfs file: /sys/devices/pci0000:00/0000:00:11.0/0000:02:01.0/irq
    CPU 1
    Modules linked in: nfs_layout_nfsv41_files nfs lockd fscache auth_rpcgss nfs_acl autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 dm_mirror dm_region_hash dm_log dm_mod ppdev parport_pc parport snd_ens1371 snd_rawmidi snd_ac97_codec ac97_bus snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000 microcode vmware_balloon i2c_piix4 i2c_core sg shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix mptspi mptscsih mptbase scsi_transport_spi [last unloaded: speedstep_lib]
    
    Pid: 1665, comm: flush-0:22 Not tainted 2.6.32-356-test-2 #2 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
    RIP: 0010:[<ffffffff81282e78>]  [<ffffffff81282e78>] memcpy+0x18/0x120
    RSP: 0018:ffff88003dfab588  EFLAGS: 00010206
    RAX: ffff88003dc42000 RBX: ffff88003dfab610 RCX: 0000000000000009
    RDX: 000000003f807ff0 RSI: 0000000000008050 RDI: ffff88003dc42000
    RBP: ffff88003dfab5b0 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000024
    R13: ffff88003dc42000 R14: ffff88003f808030 R15: ffff88003dfab6a0
    FS:  0000000000000000(0000) GS:ffff880003420000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
    CR2: 0000000000008050 CR3: 000000003bc92000 CR4: 00000000001407e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process flush-0:22 (pid: 1665, threadinfo ffff88003dfaa000, task ffff880037f77540)
    Stack:
    ffffffffa0398ac1 ffff8800397c5940 ffff88003dfab610 ffff88003dfab6a0
    <d> ffff88003dfab5d0 ffff88003dfab680 ffffffffa01c150b ffffea0000d82e70
    <d> 000000508116713b 0000000000000000 0000000000000000 0000000000000000
    Call Trace:
    [<ffffffffa0398ac1>] ? xdr_inline_decode+0xb1/0x120 [sunrpc]
    [<ffffffffa01c150b>] filelayout_decode_layout+0xeb/0x350 [nfs_layout_nfsv41_files]
    [<ffffffffa01c17fc>] filelayout_alloc_lseg+0x8c/0x3c0 [nfs_layout_nfsv41_files]
    [<ffffffff8150e6ce>] ? __wait_on_bit+0x7e/0x90
    Signed-off-by: default avatarWeston Andros Adamson <dros@netapp.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    Cc: stable@vger.kernel.org
    085b7a45
nfs4proc.c 183 KB