linux/fs/nfs
Chuck Lever 6c2190b3fc NFS: Fix listxattr receive buffer size
Certain NFSv4.2/RDMA tests fail with v5.9-rc1.

rpcrdma_convert_kvec() runs off the end of the rl_segments array
because rq_rcv_buf.tail[0].iov_len holds a very large positive
value. The resultant kernel memory corruption is enough to crash
the client system.

Callers of rpc_prepare_reply_pages() must reserve an extra XDR_UNIT
in the maximum decode size for a possible XDR pad of the contents
of the xdr_buf's pages. That guarantees the allocated receive buffer
will be large enough to accommodate the usual contents plus that XDR
pad word.

encode_op_hdr() cannot add that extra word. If it does,
xdr_inline_pages() underruns the length of the tail iovec.

Fixes: 3e1f02123f ("NFSv4.2: add client side XDR handling for extended attributes")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2020-11-12 10:41:26 -05:00
..
blocklayout treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
filelayout treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
flexfilelayout pNFS/flexfiles: Be consistent about mirror index types 2020-09-21 12:06:27 -04:00
cache_lib.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
cache_lib.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
callback_proc.c NFSv4: Add support for CB_RECALL_ANY for flexfiles layouts 2020-03-16 08:34:30 -04:00
callback_xdr.c NFS4: Report callback authentication errors 2020-01-15 10:54:31 -05:00
callback.c SUNRPC: Cache the process user cred in the RPC server listener 2019-04-24 09:46:35 -04:00
callback.h NFSv4: Add support for CB_RECALL_ANY for flexfiles layouts 2020-03-16 08:34:30 -04:00
client.c NFSv4.2: query the server for extended attribute support 2020-07-13 17:52:45 -04:00
delegation.c NFS: Beware when dereferencing the delegation cred 2020-04-03 18:26:02 -04:00
delegation.h NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation() 2020-02-13 16:18:50 -05:00
dir.c nfs: Fix security label length not being reset 2020-09-16 12:25:14 -04:00
direct.c NFS client updates for Linux 5.9 2020-08-15 08:26:55 -07:00
dns_resolve.c NFS: remove duplicate headers 2020-05-27 10:10:12 -04:00
dns_resolve.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
export.c NFS: Add a tracepoint in nfs_fh_to_dentry() 2019-11-03 21:28:46 -05:00
file.c NFS client updates for Linux 5.9 2020-08-15 08:26:55 -07:00
fs_context.c NFS Client Updates for Linux 5.10 2020-10-20 13:26:30 -07:00
fscache-index.c nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
fscache.c NFSv4: Fix fscache cookie aux_data to ensure change_attr is included 2020-05-08 22:20:24 +01:00
fscache.h nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
getroot.c NFS: Ensure security label is set for root inode 2020-03-30 19:56:50 -04:00
inode.c Merge branch 'xattr-devel' 2020-07-17 10:35:48 -04:00
internal.h mm/writeback: discard NR_UNSTABLE_NFS, use NR_WRITEBACK instead 2020-06-02 10:59:08 -07:00
io.c NFS: Fix up documentation warnings 2019-02-20 15:14:21 -05:00
iostat.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig Documentation: nfsroot.rst: Fix references to nfsroot.rst 2020-03-02 13:11:46 -07:00
Makefile NFSv4.2: add client side xattr caching. 2020-07-13 17:52:46 -04:00
mount_clnt.c NFSv3: fix rpc receive buffer size for MOUNT call 2020-05-14 18:42:44 -04:00
namespace.c NFS: fix nfs_path in case of a rename retry 2020-10-06 10:21:18 -04:00
netns.h NFS: Add sysfs support for per-container identifier 2019-07-06 14:54:49 -04:00
nfs2super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs2xdr.c nfs: remove timespec from xdr_encode_nfstime 2020-01-15 10:54:30 -05:00
nfs3_fs.h NFS: Additional refactoring for fs_context conversion 2020-01-15 10:15:17 -05:00
nfs3acl.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
nfs3client.c NFS: Additional refactoring for fs_context conversion 2020-01-15 10:15:17 -05:00
nfs3proc.c NFS: move dprintk after nfs_alloc_fattr in nfs3_proc_lookup 2020-05-27 10:08:26 -04:00
nfs3super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs3xdr.c NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() 2020-01-15 10:54:32 -05:00
nfs4_fs.h NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE 2020-10-02 08:43:09 -04:00
nfs4client.c NFS: Add READ_PLUS data segment support 2020-10-07 14:28:39 -04:00
nfs4file.c The one new feature this time, from Anna Schumaker, is READ_PLUS, which 2020-10-22 09:44:27 -07:00
nfs4getroot.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfs4idmap.c NFS: Only reference user namespace from nfs4idmap struct instead of cred 2020-10-13 15:56:54 -04:00
nfs4idmap.h
nfs4namespace.c nfs: Fix memory leak of export_path 2020-06-26 08:43:14 -04:00
nfs4proc.c NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag 2020-10-16 09:28:43 -04:00
nfs4renewd.c NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals 2020-02-04 12:27:55 -05:00
nfs4session.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nfs4session.h NFSv4.1: Bump the default callback session slot count to 16 2019-03-02 16:25:26 -05:00
nfs4state.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
nfs4super.c NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy 2020-10-21 10:31:20 -04:00
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-01-18 15:10:47 -05:00
nfs4trace.c pNFS/flexfiles: Add tracing for layout errors 2020-01-15 10:54:33 -05:00
nfs4trace.h NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE 2020-10-02 08:43:09 -04:00
nfs4xdr.c NFS: Add READ_PLUS data segment support 2020-10-07 14:28:39 -04:00
nfs42.h NFSv4.2: add the extended attribute proc functions. 2020-07-13 17:52:45 -04:00
nfs42proc.c NFSv4.2: fix client's attribute cache management for copy_file_range 2020-09-16 12:25:14 -04:00
nfs42xattr.c NFSv4.2: fix failure to unregister shrinker 2020-11-12 10:40:02 -05:00
nfs42xdr.c NFS: Fix listxattr receive buffer size 2020-11-12 10:41:26 -05:00
nfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfsroot.c nfsroot: Default mount option should ask for built-in NFS version 2020-11-02 10:29:03 -05:00
nfstrace.c NFS: Add trace events to report non-zero NFS status codes 2019-02-13 12:03:21 -05:00
nfstrace.h nfs: define and use the NFS_INO_INVALID_XATTR flag 2020-07-13 17:52:45 -04:00
pagelist.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
pnfs_dev.c NFS/flexfiles: Speed up read failover when DSes are down 2019-03-01 22:37:38 -05:00
pnfs_nfs.c NFS/pnfs: Don't use RPC_TASK_CRED_NOREF with pnfs 2020-05-13 09:55:36 -04:00
pnfs.c nfs: fix spellint typo in pnfs.c 2020-09-24 10:42:49 -04:00
pnfs.h NFS: Fix flexfiles read failover 2020-08-12 11:20:29 -04:00
proc.c NFS: Add softreval behaviour to nfs_lookup_revalidate() 2020-01-24 16:51:13 -05:00
read.c NFS: Trace short NFS READs 2020-06-11 13:33:48 -04:00
super.c The one new feature this time, from Anna Schumaker, is READ_PLUS, which 2020-10-22 09:44:27 -07:00
symlink.c nfs: pass the correct prototype to read_cache_page 2019-05-09 16:26:57 -04:00
sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sysfs.c NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
sysfs.h NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
unlink.c NFS: Avoid referencing the cred twice in async rename/unlink 2020-03-16 08:34:29 -04:00
write.c mm/writeback: discard NR_UNSTABLE_NFS, use NR_WRITEBACK instead 2020-06-02 10:59:08 -07:00