From fc1794c5b04f5322bad05385cd91b52ec85aab72 Mon Sep 17 00:00:00 2001 From: Fred Isaman Date: Thu, 6 Jan 2011 11:36:27 +0000 Subject: pnfs: check that partial LAYOUTGET return is ignored Either a bad server reply, or our ignoring of multiple array segments in a reply, can cause a reply to not meet our requirements. Ensure that we ignore such replies. Signed-off-by: Fred Isaman Signed-off-by: Trond Myklebust --- fs/nfs/pnfs.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'fs/nfs/pnfs.c') diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c index c00b673261f9..cd9906415a14 100644 --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -660,6 +660,17 @@ pnfs_layout_process(struct nfs4_layoutget *lgp) struct inode *ino = lo->plh_inode; int status = 0; + /* Verify we got what we asked for. + * Note that because the xdr parsing only accepts a single + * element array, this can fail even if the server is behaving + * correctly. + */ + if (lgp->args.range.iomode > res->range.iomode || + res->range.offset != 0 || + res->range.length != NFS4_MAX_UINT64) { + status = -EINVAL; + goto out; + } /* Inject layout blob into I/O device driver */ lseg = NFS_SERVER(ino)->pnfs_curr_ld->alloc_lseg(lo, res); if (!lseg || IS_ERR(lseg)) { -- cgit v1.2.3