Commit 2907430d authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Fix NFSD oops in readdir

From: Neil Brown <neilb@cse.unsw.edu.au>

If a single readdir entry needs to be split over two pages in the reply, we
first encode it into a new page, and then copy the bits into place.  When
we do this relocation, we have to modify the "offset" pointer to be either
in the first or the second page, as appropriate.

If the pointer should be at the start of the second page, it is currently
put past the end of the first page.

Note that as the offset and whole response is known to be 4byte-aligned,
the offset pointer will never be split over two pages.
parent c9bb1e5d
...@@ -936,7 +936,7 @@ encode_entry(struct readdir_cd *ccd, const char *name, ...@@ -936,7 +936,7 @@ encode_entry(struct readdir_cd *ccd, const char *name,
memmove(tmp, (caddr_t)tmp+len1, len2); memmove(tmp, (caddr_t)tmp+len1, len2);
/* update offset */ /* update offset */
if (((cd->offset - tmp) << 2) <= len1) if (((cd->offset - tmp) << 2) < len1)
cd->offset = p + (cd->offset - tmp); cd->offset = p + (cd->offset - tmp);
else else
cd->offset -= len1 >> 2; cd->offset -= len1 >> 2;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment