tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
NFS: Remove print_overflow_msg()
This issue is now captured by a trace point in the RPC client.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
authored by
Chuck Lever
and committed by
Anna Schumaker
eb72f484
7be9cea3
+219
-600
-14
fs/lockd/clnt4xdr.c
-14
fs/lockd/clnt4xdr.c
···
75
75
}
76
76
77
77
/*
78
-
* Handle decode buffer overflows out-of-line.
79
-
*/
80
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
81
-
{
82
-
dprintk("lockd: %s prematurely hit the end of our receive buffer. "
83
-
"Remaining buffer length is %tu words.\n",
84
-
func, xdr->end - xdr->p);
85
-
}
86
-
87
-
88
-
/*
89
78
* Encode/decode NLMv4 basic data types
90
79
*
91
80
* Basic NLMv4 data types are defined in Appendix II, section 6.1.4
···
165
176
dprintk("NFS: returned cookie was too long: %u\n", length);
166
177
return -EIO;
167
178
out_overflow:
168
-
print_overflow_msg(__func__, xdr);
169
179
return -EIO;
170
180
}
171
181
···
224
236
__func__, be32_to_cpup(p));
225
237
return -EIO;
226
238
out_overflow:
227
-
print_overflow_msg(__func__, xdr);
228
239
return -EIO;
229
240
}
230
241
···
296
309
out:
297
310
return error;
298
311
out_overflow:
299
-
print_overflow_msg(__func__, xdr);
300
312
return -EIO;
301
313
}
302
314
-14
fs/lockd/clntxdr.c
-14
fs/lockd/clntxdr.c
···
71
71
}
72
72
73
73
/*
74
-
* Handle decode buffer overflows out-of-line.
75
-
*/
76
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
77
-
{
78
-
dprintk("lockd: %s prematurely hit the end of our receive buffer. "
79
-
"Remaining buffer length is %tu words.\n",
80
-
func, xdr->end - xdr->p);
81
-
}
82
-
83
-
84
-
/*
85
74
* Encode/decode NLMv3 basic data types
86
75
*
87
76
* Basic NLMv3 data types are not defined in an IETF standards
···
162
173
dprintk("NFS: returned cookie was too long: %u\n", length);
163
174
return -EIO;
164
175
out_overflow:
165
-
print_overflow_msg(__func__, xdr);
166
176
return -EIO;
167
177
}
168
178
···
219
231
__func__, be32_to_cpup(p));
220
232
return -EIO;
221
233
out_overflow:
222
-
print_overflow_msg(__func__, xdr);
223
234
return -EIO;
224
235
}
225
236
···
290
303
out:
291
304
return error;
292
305
out_overflow:
293
-
print_overflow_msg(__func__, xdr);
294
306
return -EIO;
295
307
}
296
308
+25
-34
fs/nfs/callback_xdr.c
+25
-34
fs/nfs/callback_xdr.c
···
72
72
return xdr_ressize_check(rqstp, p);
73
73
}
74
74
75
-
static __be32 *read_buf(struct xdr_stream *xdr, size_t nbytes)
76
-
{
77
-
__be32 *p;
78
-
79
-
p = xdr_inline_decode(xdr, nbytes);
80
-
if (unlikely(p == NULL))
81
-
printk(KERN_WARNING "NFS: NFSv4 callback reply buffer overflowed!\n");
82
-
return p;
83
-
}
84
-
85
75
static __be32 decode_string(struct xdr_stream *xdr, unsigned int *len,
86
76
const char **str, size_t maxlen)
87
77
{
···
88
98
{
89
99
__be32 *p;
90
100
91
-
p = read_buf(xdr, 4);
101
+
p = xdr_inline_decode(xdr, 4);
92
102
if (unlikely(p == NULL))
93
103
return htonl(NFS4ERR_RESOURCE);
94
104
fh->size = ntohl(*p);
95
105
if (fh->size > NFS4_FHSIZE)
96
106
return htonl(NFS4ERR_BADHANDLE);
97
-
p = read_buf(xdr, fh->size);
107
+
p = xdr_inline_decode(xdr, fh->size);
98
108
if (unlikely(p == NULL))
99
109
return htonl(NFS4ERR_RESOURCE);
100
110
memcpy(&fh->data[0], p, fh->size);
···
107
117
__be32 *p;
108
118
unsigned int attrlen;
109
119
110
-
p = read_buf(xdr, 4);
120
+
p = xdr_inline_decode(xdr, 4);
111
121
if (unlikely(p == NULL))
112
122
return htonl(NFS4ERR_RESOURCE);
113
123
attrlen = ntohl(*p);
114
-
p = read_buf(xdr, attrlen << 2);
124
+
p = xdr_inline_decode(xdr, attrlen << 2);
115
125
if (unlikely(p == NULL))
116
126
return htonl(NFS4ERR_RESOURCE);
117
127
if (likely(attrlen > 0))
···
125
135
{
126
136
__be32 *p;
127
137
128
-
p = read_buf(xdr, NFS4_STATEID_SIZE);
138
+
p = xdr_inline_decode(xdr, NFS4_STATEID_SIZE);
129
139
if (unlikely(p == NULL))
130
140
return htonl(NFS4ERR_RESOURCE);
131
141
memcpy(stateid->data, p, NFS4_STATEID_SIZE);
···
146
156
status = decode_string(xdr, &hdr->taglen, &hdr->tag, CB_OP_TAGLEN_MAXSZ);
147
157
if (unlikely(status != 0))
148
158
return status;
149
-
p = read_buf(xdr, 12);
159
+
p = xdr_inline_decode(xdr, 12);
150
160
if (unlikely(p == NULL))
151
161
return htonl(NFS4ERR_RESOURCE);
152
162
hdr->minorversion = ntohl(*p++);
···
166
176
static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op)
167
177
{
168
178
__be32 *p;
169
-
p = read_buf(xdr, 4);
179
+
p = xdr_inline_decode(xdr, 4);
170
180
if (unlikely(p == NULL))
171
181
return htonl(NFS4ERR_RESOURCE_HDR);
172
182
*op = ntohl(*p);
···
195
205
status = decode_delegation_stateid(xdr, &args->stateid);
196
206
if (unlikely(status != 0))
197
207
return status;
198
-
p = read_buf(xdr, 4);
208
+
p = xdr_inline_decode(xdr, 4);
199
209
if (unlikely(p == NULL))
200
210
return htonl(NFS4ERR_RESOURCE);
201
211
args->truncate = ntohl(*p);
···
217
227
__be32 status = 0;
218
228
uint32_t iomode;
219
229
220
-
p = read_buf(xdr, 4 * sizeof(uint32_t));
230
+
p = xdr_inline_decode(xdr, 4 * sizeof(uint32_t));
221
231
if (unlikely(p == NULL))
222
232
return htonl(NFS4ERR_BADXDR);
223
233
···
235
245
if (unlikely(status != 0))
236
246
return status;
237
247
238
-
p = read_buf(xdr, 2 * sizeof(uint64_t));
248
+
p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t));
239
249
if (unlikely(p == NULL))
240
250
return htonl(NFS4ERR_BADXDR);
241
251
p = xdr_decode_hyper(p, &args->cbl_range.offset);
242
252
p = xdr_decode_hyper(p, &args->cbl_range.length);
243
253
return decode_layout_stateid(xdr, &args->cbl_stateid);
244
254
} else if (args->cbl_recall_type == RETURN_FSID) {
245
-
p = read_buf(xdr, 2 * sizeof(uint64_t));
255
+
p = xdr_inline_decode(xdr, 2 * sizeof(uint64_t));
246
256
if (unlikely(p == NULL))
247
257
return htonl(NFS4ERR_BADXDR);
248
258
p = xdr_decode_hyper(p, &args->cbl_fsid.major);
···
265
275
args->ndevs = 0;
266
276
267
277
/* Num of device notifications */
268
-
p = read_buf(xdr, sizeof(uint32_t));
278
+
p = xdr_inline_decode(xdr, sizeof(uint32_t));
269
279
if (unlikely(p == NULL)) {
270
280
status = htonl(NFS4ERR_BADXDR);
271
281
goto out;
···
288
298
for (i = 0; i < n; i++) {
289
299
struct cb_devicenotifyitem *dev = &args->devs[i];
290
300
291
-
p = read_buf(xdr, (4 * sizeof(uint32_t)) + NFS4_DEVICEID4_SIZE);
301
+
p = xdr_inline_decode(xdr, (4 * sizeof(uint32_t)) +
302
+
NFS4_DEVICEID4_SIZE);
292
303
if (unlikely(p == NULL)) {
293
304
status = htonl(NFS4ERR_BADXDR);
294
305
goto err;
···
320
329
p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE);
321
330
322
331
if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) {
323
-
p = read_buf(xdr, sizeof(uint32_t));
332
+
p = xdr_inline_decode(xdr, sizeof(uint32_t));
324
333
if (unlikely(p == NULL)) {
325
334
status = htonl(NFS4ERR_BADXDR);
326
335
goto err;
···
350
359
{
351
360
__be32 *p;
352
361
353
-
p = read_buf(xdr, NFS4_MAX_SESSIONID_LEN);
362
+
p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN);
354
363
if (unlikely(p == NULL))
355
364
return htonl(NFS4ERR_RESOURCE);
356
365
···
370
379
goto out;
371
380
372
381
status = htonl(NFS4ERR_RESOURCE);
373
-
p = read_buf(xdr, sizeof(uint32_t));
382
+
p = xdr_inline_decode(xdr, sizeof(uint32_t));
374
383
if (unlikely(p == NULL))
375
384
goto out;
376
385
377
386
rc_list->rcl_nrefcalls = ntohl(*p++);
378
387
if (rc_list->rcl_nrefcalls) {
379
-
p = read_buf(xdr,
388
+
p = xdr_inline_decode(xdr,
380
389
rc_list->rcl_nrefcalls * 2 * sizeof(uint32_t));
381
390
if (unlikely(p == NULL))
382
391
goto out;
···
409
418
if (status)
410
419
return status;
411
420
412
-
p = read_buf(xdr, 5 * sizeof(uint32_t));
421
+
p = xdr_inline_decode(xdr, 5 * sizeof(uint32_t));
413
422
if (unlikely(p == NULL))
414
423
return htonl(NFS4ERR_RESOURCE);
415
424
···
452
461
uint32_t bitmap[2];
453
462
__be32 *p, status;
454
463
455
-
p = read_buf(xdr, 4);
464
+
p = xdr_inline_decode(xdr, 4);
456
465
if (unlikely(p == NULL))
457
466
return htonl(NFS4ERR_BADXDR);
458
467
args->craa_objs_to_keep = ntohl(*p++);
···
471
480
struct cb_recallslotargs *args = argp;
472
481
__be32 *p;
473
482
474
-
p = read_buf(xdr, 4);
483
+
p = xdr_inline_decode(xdr, 4);
475
484
if (unlikely(p == NULL))
476
485
return htonl(NFS4ERR_BADXDR);
477
486
args->crsa_target_highest_slotid = ntohl(*p++);
···
483
492
__be32 *p;
484
493
unsigned int len;
485
494
486
-
p = read_buf(xdr, 12);
495
+
p = xdr_inline_decode(xdr, 12);
487
496
if (unlikely(p == NULL))
488
497
return htonl(NFS4ERR_BADXDR);
489
498
490
499
p = xdr_decode_hyper(p, &args->cbnl_owner.clientid);
491
500
len = be32_to_cpu(*p);
492
501
493
-
p = read_buf(xdr, len);
502
+
p = xdr_inline_decode(xdr, len);
494
503
if (unlikely(p == NULL))
495
504
return htonl(NFS4ERR_BADXDR);
496
505
···
528
537
__be32 *p;
529
538
530
539
/* skip the always zero field */
531
-
p = read_buf(xdr, 4);
540
+
p = xdr_inline_decode(xdr, 4);
532
541
if (unlikely(!p))
533
542
goto out;
534
543
p++;
···
568
577
return status;
569
578
570
579
/* decode status */
571
-
p = read_buf(xdr, 4);
580
+
p = xdr_inline_decode(xdr, 4);
572
581
if (unlikely(!p))
573
582
goto out;
574
583
args->error = ntohl(*p++);
+24
-60
fs/nfs/nfs2xdr.c
+24
-60
fs/nfs/nfs2xdr.c
···
80
80
}
81
81
82
82
/*
83
-
* Handle decode buffer overflows out-of-line.
84
-
*/
85
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
86
-
{
87
-
dprintk("NFS: %s prematurely hit the end of our receive buffer. "
88
-
"Remaining buffer length is %tu words.\n",
89
-
func, xdr->end - xdr->p);
90
-
}
91
-
92
-
93
-
/*
94
83
* Encode/decode NFSv2 basic data types
95
84
*
96
85
* Basic NFSv2 data types are defined in section 2.3 of RFC 1094:
···
99
110
__be32 *p;
100
111
101
112
p = xdr_inline_decode(xdr, 4);
102
-
if (unlikely(p == NULL))
103
-
goto out_overflow;
113
+
if (unlikely(!p))
114
+
return -EIO;
104
115
count = be32_to_cpup(p);
105
116
recvd = xdr_read_pages(xdr, count);
106
117
if (unlikely(count > recvd))
···
114
125
"count %u > recvd %u\n", count, recvd);
115
126
count = recvd;
116
127
goto out;
117
-
out_overflow:
118
-
print_overflow_msg(__func__, xdr);
119
-
return -EIO;
120
128
}
121
129
122
130
/*
···
143
157
__be32 *p;
144
158
145
159
p = xdr_inline_decode(xdr, 4);
146
-
if (unlikely(p == NULL))
147
-
goto out_overflow;
160
+
if (unlikely(!p))
161
+
return -EIO;
148
162
*status = be32_to_cpup(p);
149
163
return 0;
150
-
out_overflow:
151
-
print_overflow_msg(__func__, xdr);
152
-
return -EIO;
153
164
}
154
165
155
166
/*
···
188
205
__be32 *p;
189
206
190
207
p = xdr_inline_decode(xdr, NFS2_FHSIZE);
191
-
if (unlikely(p == NULL))
192
-
goto out_overflow;
208
+
if (unlikely(!p))
209
+
return -EIO;
193
210
fh->size = NFS2_FHSIZE;
194
211
memcpy(fh->data, p, NFS2_FHSIZE);
195
212
return 0;
196
-
out_overflow:
197
-
print_overflow_msg(__func__, xdr);
198
-
return -EIO;
199
213
}
200
214
201
215
/*
···
262
282
__be32 *p;
263
283
264
284
p = xdr_inline_decode(xdr, NFS_fattr_sz << 2);
265
-
if (unlikely(p == NULL))
266
-
goto out_overflow;
285
+
if (unlikely(!p))
286
+
return -EIO;
267
287
268
288
fattr->valid |= NFS_ATTR_FATTR_V2;
269
289
···
305
325
out_gid:
306
326
dprintk("NFS: returned invalid gid\n");
307
327
return -EINVAL;
308
-
out_overflow:
309
-
print_overflow_msg(__func__, xdr);
310
-
return -EIO;
311
328
}
312
329
313
330
/*
···
393
416
u32 count;
394
417
395
418
p = xdr_inline_decode(xdr, 4);
396
-
if (unlikely(p == NULL))
397
-
goto out_overflow;
419
+
if (unlikely(!p))
420
+
return -EIO;
398
421
count = be32_to_cpup(p);
399
422
if (count > NFS3_MAXNAMLEN)
400
423
goto out_nametoolong;
401
424
p = xdr_inline_decode(xdr, count);
402
-
if (unlikely(p == NULL))
403
-
goto out_overflow;
425
+
if (unlikely(!p))
426
+
return -EIO;
404
427
*name = (const char *)p;
405
428
*length = count;
406
429
return 0;
407
430
out_nametoolong:
408
431
dprintk("NFS: returned filename too long: %u\n", count);
409
432
return -ENAMETOOLONG;
410
-
out_overflow:
411
-
print_overflow_msg(__func__, xdr);
412
-
return -EIO;
413
433
}
414
434
415
435
/*
···
429
455
__be32 *p;
430
456
431
457
p = xdr_inline_decode(xdr, 4);
432
-
if (unlikely(p == NULL))
433
-
goto out_overflow;
458
+
if (unlikely(!p))
459
+
return -EIO;
434
460
length = be32_to_cpup(p);
435
461
if (unlikely(length >= xdr->buf->page_len || length > NFS_MAXPATHLEN))
436
462
goto out_size;
···
445
471
out_cheating:
446
472
dprintk("NFS: server cheating in pathname result: "
447
473
"length %u > received %u\n", length, recvd);
448
-
return -EIO;
449
-
out_overflow:
450
-
print_overflow_msg(__func__, xdr);
451
474
return -EIO;
452
475
}
453
476
···
922
951
int error;
923
952
924
953
p = xdr_inline_decode(xdr, 4);
925
-
if (unlikely(p == NULL))
926
-
goto out_overflow;
954
+
if (unlikely(!p))
955
+
return -EAGAIN;
927
956
if (*p++ == xdr_zero) {
928
957
p = xdr_inline_decode(xdr, 4);
929
-
if (unlikely(p == NULL))
930
-
goto out_overflow;
958
+
if (unlikely(!p))
959
+
return -EAGAIN;
931
960
if (*p++ == xdr_zero)
932
961
return -EAGAIN;
933
962
entry->eof = 1;
···
935
964
}
936
965
937
966
p = xdr_inline_decode(xdr, 4);
938
-
if (unlikely(p == NULL))
939
-
goto out_overflow;
967
+
if (unlikely(!p))
968
+
return -EAGAIN;
940
969
entry->ino = be32_to_cpup(p);
941
970
942
971
error = decode_filename_inline(xdr, &entry->name, &entry->len);
···
949
978
*/
950
979
entry->prev_cookie = entry->cookie;
951
980
p = xdr_inline_decode(xdr, 4);
952
-
if (unlikely(p == NULL))
953
-
goto out_overflow;
981
+
if (unlikely(!p))
982
+
return -EAGAIN;
954
983
entry->cookie = be32_to_cpup(p);
955
984
956
985
entry->d_type = DT_UNKNOWN;
957
986
958
987
return 0;
959
-
960
-
out_overflow:
961
-
print_overflow_msg(__func__, xdr);
962
-
return -EAGAIN;
963
988
}
964
989
965
990
/*
···
1019
1052
__be32 *p;
1020
1053
1021
1054
p = xdr_inline_decode(xdr, NFS_info_sz << 2);
1022
-
if (unlikely(p == NULL))
1023
-
goto out_overflow;
1055
+
if (unlikely(!p))
1056
+
return -EIO;
1024
1057
result->tsize = be32_to_cpup(p++);
1025
1058
result->bsize = be32_to_cpup(p++);
1026
1059
result->blocks = be32_to_cpup(p++);
1027
1060
result->bfree = be32_to_cpup(p++);
1028
1061
result->bavail = be32_to_cpup(p);
1029
1062
return 0;
1030
-
out_overflow:
1031
-
print_overflow_msg(__func__, xdr);
1032
-
return -EIO;
1033
1063
}
1034
1064
1035
1065
static int nfs2_xdr_dec_statfsres(struct rpc_rqst *req, struct xdr_stream *xdr,
+47
-116
fs/nfs/nfs3xdr.c
+47
-116
fs/nfs/nfs3xdr.c
···
119
119
}
120
120
121
121
/*
122
-
* Handle decode buffer overflows out-of-line.
123
-
*/
124
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
125
-
{
126
-
dprintk("NFS: %s prematurely hit the end of our receive buffer. "
127
-
"Remaining buffer length is %tu words.\n",
128
-
func, xdr->end - xdr->p);
129
-
}
130
-
131
-
132
-
/*
133
122
* Encode/decode NFSv3 basic data types
134
123
*
135
124
* Basic NFSv3 data types are defined in section 2.5 of RFC 1813:
···
140
151
__be32 *p;
141
152
142
153
p = xdr_inline_decode(xdr, 4);
143
-
if (unlikely(p == NULL))
144
-
goto out_overflow;
154
+
if (unlikely(!p))
155
+
return -EIO;
145
156
*value = be32_to_cpup(p);
146
157
return 0;
147
-
out_overflow:
148
-
print_overflow_msg(__func__, xdr);
149
-
return -EIO;
150
158
}
151
159
152
160
static int decode_uint64(struct xdr_stream *xdr, u64 *value)
···
151
165
__be32 *p;
152
166
153
167
p = xdr_inline_decode(xdr, 8);
154
-
if (unlikely(p == NULL))
155
-
goto out_overflow;
168
+
if (unlikely(!p))
169
+
return -EIO;
156
170
xdr_decode_hyper(p, value);
157
171
return 0;
158
-
out_overflow:
159
-
print_overflow_msg(__func__, xdr);
160
-
return -EIO;
161
172
}
162
173
163
174
/*
···
194
211
u32 count;
195
212
196
213
p = xdr_inline_decode(xdr, 4);
197
-
if (unlikely(p == NULL))
198
-
goto out_overflow;
214
+
if (unlikely(!p))
215
+
return -EIO;
199
216
count = be32_to_cpup(p);
200
217
if (count > NFS3_MAXNAMLEN)
201
218
goto out_nametoolong;
202
219
p = xdr_inline_decode(xdr, count);
203
-
if (unlikely(p == NULL))
204
-
goto out_overflow;
220
+
if (unlikely(!p))
221
+
return -EIO;
205
222
*name = (const char *)p;
206
223
*length = count;
207
224
return 0;
···
209
226
out_nametoolong:
210
227
dprintk("NFS: returned filename too long: %u\n", count);
211
228
return -ENAMETOOLONG;
212
-
out_overflow:
213
-
print_overflow_msg(__func__, xdr);
214
-
return -EIO;
215
229
}
216
230
217
231
/*
···
229
249
__be32 *p;
230
250
231
251
p = xdr_inline_decode(xdr, 4);
232
-
if (unlikely(p == NULL))
233
-
goto out_overflow;
252
+
if (unlikely(!p))
253
+
return -EIO;
234
254
count = be32_to_cpup(p);
235
255
if (unlikely(count >= xdr->buf->page_len || count > NFS3_MAXPATHLEN))
236
256
goto out_nametoolong;
···
246
266
out_cheating:
247
267
dprintk("NFS: server cheating in pathname result: "
248
268
"count %u > recvd %u\n", count, recvd);
249
-
return -EIO;
250
-
out_overflow:
251
-
print_overflow_msg(__func__, xdr);
252
269
return -EIO;
253
270
}
254
271
···
280
303
__be32 *p;
281
304
282
305
p = xdr_inline_decode(xdr, NFS3_COOKIEVERFSIZE);
283
-
if (unlikely(p == NULL))
284
-
goto out_overflow;
306
+
if (unlikely(!p))
307
+
return -EIO;
285
308
memcpy(verifier, p, NFS3_COOKIEVERFSIZE);
286
309
return 0;
287
-
out_overflow:
288
-
print_overflow_msg(__func__, xdr);
289
-
return -EIO;
290
310
}
291
311
292
312
/*
···
304
330
__be32 *p;
305
331
306
332
p = xdr_inline_decode(xdr, NFS3_WRITEVERFSIZE);
307
-
if (unlikely(p == NULL))
308
-
goto out_overflow;
333
+
if (unlikely(!p))
334
+
return -EIO;
309
335
memcpy(verifier->data, p, NFS3_WRITEVERFSIZE);
310
336
return 0;
311
-
out_overflow:
312
-
print_overflow_msg(__func__, xdr);
313
-
return -EIO;
314
337
}
315
338
316
339
/*
···
335
364
__be32 *p;
336
365
337
366
p = xdr_inline_decode(xdr, 4);
338
-
if (unlikely(p == NULL))
339
-
goto out_overflow;
367
+
if (unlikely(!p))
368
+
return -EIO;
340
369
*status = be32_to_cpup(p);
341
370
return 0;
342
-
out_overflow:
343
-
print_overflow_msg(__func__, xdr);
344
-
return -EIO;
345
371
}
346
372
347
373
/*
···
421
453
__be32 *p;
422
454
423
455
p = xdr_inline_decode(xdr, 4);
424
-
if (unlikely(p == NULL))
425
-
goto out_overflow;
456
+
if (unlikely(!p))
457
+
return -EIO;
426
458
length = be32_to_cpup(p++);
427
459
if (unlikely(length > NFS3_FHSIZE))
428
460
goto out_toobig;
429
461
p = xdr_inline_decode(xdr, length);
430
-
if (unlikely(p == NULL))
431
-
goto out_overflow;
462
+
if (unlikely(!p))
463
+
return -EIO;
432
464
fh->size = length;
433
465
memcpy(fh->data, p, length);
434
466
return 0;
435
467
out_toobig:
436
468
dprintk("NFS: file handle size (%u) too big\n", length);
437
469
return -E2BIG;
438
-
out_overflow:
439
-
print_overflow_msg(__func__, xdr);
440
-
return -EIO;
441
470
}
442
471
443
472
static void zero_nfs_fh3(struct nfs_fh *fh)
···
620
655
__be32 *p;
621
656
622
657
p = xdr_inline_decode(xdr, NFS3_fattr_sz << 2);
623
-
if (unlikely(p == NULL))
624
-
goto out_overflow;
658
+
if (unlikely(!p))
659
+
return -EIO;
625
660
626
661
p = xdr_decode_ftype3(p, &fmode);
627
662
···
655
690
out_gid:
656
691
dprintk("NFS: returned invalid gid\n");
657
692
return -EINVAL;
658
-
out_overflow:
659
-
print_overflow_msg(__func__, xdr);
660
-
return -EIO;
661
693
}
662
694
663
695
/*
···
672
710
__be32 *p;
673
711
674
712
p = xdr_inline_decode(xdr, 4);
675
-
if (unlikely(p == NULL))
676
-
goto out_overflow;
713
+
if (unlikely(!p))
714
+
return -EIO;
677
715
if (*p != xdr_zero)
678
716
return decode_fattr3(xdr, fattr);
679
717
return 0;
680
-
out_overflow:
681
-
print_overflow_msg(__func__, xdr);
682
-
return -EIO;
683
718
}
684
719
685
720
/*
···
692
733
__be32 *p;
693
734
694
735
p = xdr_inline_decode(xdr, NFS3_wcc_attr_sz << 2);
695
-
if (unlikely(p == NULL))
696
-
goto out_overflow;
736
+
if (unlikely(!p))
737
+
return -EIO;
697
738
698
739
fattr->valid |= NFS_ATTR_FATTR_PRESIZE
699
740
| NFS_ATTR_FATTR_PRECHANGE
···
706
747
fattr->pre_change_attr = nfs_timespec_to_change_attr(&fattr->pre_ctime);
707
748
708
749
return 0;
709
-
out_overflow:
710
-
print_overflow_msg(__func__, xdr);
711
-
return -EIO;
712
750
}
713
751
714
752
/*
···
729
773
__be32 *p;
730
774
731
775
p = xdr_inline_decode(xdr, 4);
732
-
if (unlikely(p == NULL))
733
-
goto out_overflow;
776
+
if (unlikely(!p))
777
+
return -EIO;
734
778
if (*p != xdr_zero)
735
779
return decode_wcc_attr(xdr, fattr);
736
780
return 0;
737
-
out_overflow:
738
-
print_overflow_msg(__func__, xdr);
739
-
return -EIO;
740
781
}
741
782
742
783
static int decode_wcc_data(struct xdr_stream *xdr, struct nfs_fattr *fattr)
···
761
808
static int decode_post_op_fh3(struct xdr_stream *xdr, struct nfs_fh *fh)
762
809
{
763
810
__be32 *p = xdr_inline_decode(xdr, 4);
764
-
if (unlikely(p == NULL))
765
-
goto out_overflow;
811
+
if (unlikely(!p))
812
+
return -EIO;
766
813
if (*p != xdr_zero)
767
814
return decode_nfs_fh3(xdr, fh);
768
815
zero_nfs_fh3(fh);
769
816
return 0;
770
-
out_overflow:
771
-
print_overflow_msg(__func__, xdr);
772
-
return -EIO;
773
817
}
774
818
775
819
/*
···
1593
1643
__be32 *p;
1594
1644
1595
1645
p = xdr_inline_decode(xdr, 4 + 4 + 4);
1596
-
if (unlikely(p == NULL))
1597
-
goto out_overflow;
1646
+
if (unlikely(!p))
1647
+
return -EIO;
1598
1648
count = be32_to_cpup(p++);
1599
1649
eof = be32_to_cpup(p++);
1600
1650
ocount = be32_to_cpup(p++);
···
1617
1667
count = recvd;
1618
1668
eof = 0;
1619
1669
goto out;
1620
-
out_overflow:
1621
-
print_overflow_msg(__func__, xdr);
1622
-
return -EIO;
1623
1670
}
1624
1671
1625
1672
static int nfs3_xdr_dec_read3res(struct rpc_rqst *req, struct xdr_stream *xdr,
···
1678
1731
__be32 *p;
1679
1732
1680
1733
p = xdr_inline_decode(xdr, 4 + 4);
1681
-
if (unlikely(p == NULL))
1682
-
goto out_overflow;
1734
+
if (unlikely(!p))
1735
+
return -EIO;
1683
1736
result->count = be32_to_cpup(p++);
1684
1737
result->verf->committed = be32_to_cpup(p++);
1685
1738
if (unlikely(result->verf->committed > NFS_FILE_SYNC))
1686
1739
goto out_badvalue;
1687
1740
if (decode_writeverf3(xdr, &result->verf->verifier))
1688
-
goto out_eio;
1741
+
return -EIO;
1689
1742
return result->count;
1690
1743
out_badvalue:
1691
1744
dprintk("NFS: bad stable_how value: %u\n", result->verf->committed);
1692
-
return -EIO;
1693
-
out_overflow:
1694
-
print_overflow_msg(__func__, xdr);
1695
-
out_eio:
1696
1745
return -EIO;
1697
1746
}
1698
1747
···
1953
2010
u64 new_cookie;
1954
2011
1955
2012
p = xdr_inline_decode(xdr, 4);
1956
-
if (unlikely(p == NULL))
1957
-
goto out_overflow;
2013
+
if (unlikely(!p))
2014
+
return -EAGAIN;
1958
2015
if (*p == xdr_zero) {
1959
2016
p = xdr_inline_decode(xdr, 4);
1960
-
if (unlikely(p == NULL))
1961
-
goto out_overflow;
2017
+
if (unlikely(!p))
2018
+
return -EAGAIN;
1962
2019
if (*p == xdr_zero)
1963
2020
return -EAGAIN;
1964
2021
entry->eof = 1;
···
1994
2051
1995
2052
/* In fact, a post_op_fh3: */
1996
2053
p = xdr_inline_decode(xdr, 4);
1997
-
if (unlikely(p == NULL))
1998
-
goto out_overflow;
2054
+
if (unlikely(!p))
2055
+
return -EAGAIN;
1999
2056
if (*p != xdr_zero) {
2000
2057
error = decode_nfs_fh3(xdr, entry->fh);
2001
2058
if (unlikely(error)) {
···
2012
2069
2013
2070
return 0;
2014
2071
2015
-
out_overflow:
2016
-
print_overflow_msg(__func__, xdr);
2017
-
return -EAGAIN;
2018
2072
out_truncated:
2019
2073
dprintk("NFS: directory entry contains invalid file handle\n");
2020
2074
*entry = old;
···
2123
2183
__be32 *p;
2124
2184
2125
2185
p = xdr_inline_decode(xdr, 8 * 6 + 4);
2126
-
if (unlikely(p == NULL))
2127
-
goto out_overflow;
2186
+
if (unlikely(!p))
2187
+
return -EIO;
2128
2188
p = xdr_decode_size3(p, &result->tbytes);
2129
2189
p = xdr_decode_size3(p, &result->fbytes);
2130
2190
p = xdr_decode_size3(p, &result->abytes);
···
2133
2193
xdr_decode_size3(p, &result->afiles);
2134
2194
/* ignore invarsec */
2135
2195
return 0;
2136
-
out_overflow:
2137
-
print_overflow_msg(__func__, xdr);
2138
-
return -EIO;
2139
2196
}
2140
2197
2141
2198
static int nfs3_xdr_dec_fsstat3res(struct rpc_rqst *req,
···
2192
2255
__be32 *p;
2193
2256
2194
2257
p = xdr_inline_decode(xdr, 4 * 7 + 8 + 8 + 4);
2195
-
if (unlikely(p == NULL))
2196
-
goto out_overflow;
2258
+
if (unlikely(!p))
2259
+
return -EIO;
2197
2260
result->rtmax = be32_to_cpup(p++);
2198
2261
result->rtpref = be32_to_cpup(p++);
2199
2262
result->rtmult = be32_to_cpup(p++);
···
2207
2270
/* ignore properties */
2208
2271
result->lease_time = 0;
2209
2272
return 0;
2210
-
out_overflow:
2211
-
print_overflow_msg(__func__, xdr);
2212
-
return -EIO;
2213
2273
}
2214
2274
2215
2275
static int nfs3_xdr_dec_fsinfo3res(struct rpc_rqst *req,
···
2262
2328
__be32 *p;
2263
2329
2264
2330
p = xdr_inline_decode(xdr, 4 * 6);
2265
-
if (unlikely(p == NULL))
2266
-
goto out_overflow;
2331
+
if (unlikely(!p))
2332
+
return -EIO;
2267
2333
result->max_link = be32_to_cpup(p++);
2268
2334
result->max_namelen = be32_to_cpup(p);
2269
2335
/* ignore remaining fields */
2270
2336
return 0;
2271
-
out_overflow:
2272
-
print_overflow_msg(__func__, xdr);
2273
-
return -EIO;
2274
2337
}
2275
2338
2276
2339
static int nfs3_xdr_dec_pathconf3res(struct rpc_rqst *req,
+5
-16
fs/nfs/nfs42xdr.c
+5
-16
fs/nfs/nfs42xdr.c
···
394
394
395
395
p = xdr_inline_decode(xdr, 4);
396
396
if (unlikely(!p))
397
-
goto out_overflow;
397
+
return -EIO;
398
398
count = be32_to_cpup(p);
399
399
if (count > 1)
400
400
return -EREMOTEIO;
···
402
402
status = decode_opaque_fixed(xdr, &res->stateid,
403
403
NFS4_STATEID_SIZE);
404
404
if (unlikely(status))
405
-
goto out_overflow;
405
+
return -EIO;
406
406
}
407
407
p = xdr_inline_decode(xdr, 8 + 4);
408
408
if (unlikely(!p))
409
-
goto out_overflow;
409
+
return -EIO;
410
410
p = xdr_decode_hyper(p, &res->count);
411
411
res->verifier.committed = be32_to_cpup(p);
412
412
return decode_verifier(xdr, &res->verifier.verifier);
413
-
414
-
out_overflow:
415
-
print_overflow_msg(__func__, xdr);
416
-
return -EIO;
417
413
}
418
414
419
415
static int decode_copy_requirements(struct xdr_stream *xdr,
···
418
422
419
423
p = xdr_inline_decode(xdr, 4 + 4);
420
424
if (unlikely(!p))
421
-
goto out_overflow;
425
+
return -EIO;
422
426
423
427
res->consecutive = be32_to_cpup(p++);
424
428
res->synchronous = be32_to_cpup(p++);
425
429
return 0;
426
-
out_overflow:
427
-
print_overflow_msg(__func__, xdr);
428
-
return -EIO;
429
430
}
430
431
431
432
static int decode_copy(struct xdr_stream *xdr, struct nfs42_copy_res *res)
···
467
474
468
475
p = xdr_inline_decode(xdr, 4 + 8);
469
476
if (unlikely(!p))
470
-
goto out_overflow;
477
+
return -EIO;
471
478
472
479
res->sr_eof = be32_to_cpup(p++);
473
480
p = xdr_decode_hyper(p, &res->sr_offset);
474
481
return 0;
475
-
476
-
out_overflow:
477
-
print_overflow_msg(__func__, xdr);
478
-
return -EIO;
479
482
}
480
483
481
484
static int decode_layoutstats(struct xdr_stream *xdr)
+118
-333
fs/nfs/nfs4xdr.c
+118
-333
fs/nfs/nfs4xdr.c
···
3144
3144
}
3145
3145
#endif /* CONFIG_NFS_V4_1 */
3146
3146
3147
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
3148
-
{
3149
-
dprintk("nfs: %s: prematurely hit end of receive buffer. "
3150
-
"Remaining buffer length is %tu words.\n",
3151
-
func, xdr->end - xdr->p);
3152
-
}
3153
-
3154
3147
static int decode_opaque_inline(struct xdr_stream *xdr, unsigned int *len, char **string)
3155
3148
{
3156
3149
ssize_t ret = xdr_stream_decode_opaque_inline(xdr, (void **)string,
3157
3150
NFS4_OPAQUE_LIMIT);
3158
-
if (unlikely(ret < 0)) {
3159
-
if (ret == -EBADMSG)
3160
-
print_overflow_msg(__func__, xdr);
3151
+
if (unlikely(ret < 0))
3161
3152
return -EIO;
3162
-
}
3163
3153
*len = ret;
3164
3154
return 0;
3165
3155
}
···
3160
3170
3161
3171
p = xdr_inline_decode(xdr, 8);
3162
3172
if (unlikely(!p))
3163
-
goto out_overflow;
3173
+
return -EIO;
3164
3174
hdr->status = be32_to_cpup(p++);
3165
3175
hdr->taglen = be32_to_cpup(p);
3166
3176
3167
3177
p = xdr_inline_decode(xdr, hdr->taglen + 4);
3168
3178
if (unlikely(!p))
3169
-
goto out_overflow;
3179
+
return -EIO;
3170
3180
hdr->tag = (char *)p;
3171
3181
p += XDR_QUADLEN(hdr->taglen);
3172
3182
hdr->nops = be32_to_cpup(p);
3173
3183
if (unlikely(hdr->nops < 1))
3174
3184
return nfs4_stat_to_errno(hdr->status);
3175
3185
return 0;
3176
-
out_overflow:
3177
-
print_overflow_msg(__func__, xdr);
3178
-
return -EIO;
3179
3186
}
3180
3187
3181
3188
static bool __decode_op_hdr(struct xdr_stream *xdr, enum nfs_opnum4 expected,
···
3201
3214
*nfs_retval = -EREMOTEIO;
3202
3215
return false;
3203
3216
out_overflow:
3204
-
print_overflow_msg(__func__, xdr);
3205
3217
*nfs_retval = -EIO;
3206
3218
return false;
3207
3219
}
···
3221
3235
char *str;
3222
3236
3223
3237
p = xdr_inline_decode(xdr, 12);
3224
-
if (likely(p))
3225
-
return decode_opaque_inline(xdr, &strlen, &str);
3226
-
print_overflow_msg(__func__, xdr);
3227
-
return -EIO;
3238
+
if (unlikely(!p))
3239
+
return -EIO;
3240
+
return decode_opaque_inline(xdr, &strlen, &str);
3228
3241
}
3229
3242
3230
3243
static ssize_t
···
3234
3249
ret = xdr_stream_decode_uint32_array(xdr, bitmap, sz);
3235
3250
if (likely(ret >= 0))
3236
3251
return ret;
3237
-
if (ret == -EMSGSIZE)
3238
-
return sz;
3239
-
print_overflow_msg(__func__, xdr);
3240
-
return -EIO;
3252
+
if (ret != -EMSGSIZE)
3253
+
return -EIO;
3254
+
return sz;
3241
3255
}
3242
3256
3243
3257
static int decode_attr_bitmap(struct xdr_stream *xdr, uint32_t *bitmap)
···
3252
3268
3253
3269
p = xdr_inline_decode(xdr, 4);
3254
3270
if (unlikely(!p))
3255
-
goto out_overflow;
3271
+
return -EIO;
3256
3272
*attrlen = be32_to_cpup(p);
3257
3273
*savep = xdr_stream_pos(xdr);
3258
3274
return 0;
3259
-
out_overflow:
3260
-
print_overflow_msg(__func__, xdr);
3261
-
return -EIO;
3262
3275
}
3263
3276
3264
3277
static int decode_attr_supported(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *bitmask)
···
3284
3303
if (likely(bitmap[0] & FATTR4_WORD0_TYPE)) {
3285
3304
p = xdr_inline_decode(xdr, 4);
3286
3305
if (unlikely(!p))
3287
-
goto out_overflow;
3306
+
return -EIO;
3288
3307
*type = be32_to_cpup(p);
3289
3308
if (*type < NF4REG || *type > NF4NAMEDATTR) {
3290
3309
dprintk("%s: bad type %d\n", __func__, *type);
···
3295
3314
}
3296
3315
dprintk("%s: type=0%o\n", __func__, nfs_type2fmt[*type]);
3297
3316
return ret;
3298
-
out_overflow:
3299
-
print_overflow_msg(__func__, xdr);
3300
-
return -EIO;
3301
3317
}
3302
3318
3303
3319
static int decode_attr_fh_expire_type(struct xdr_stream *xdr,
···
3308
3330
if (likely(bitmap[0] & FATTR4_WORD0_FH_EXPIRE_TYPE)) {
3309
3331
p = xdr_inline_decode(xdr, 4);
3310
3332
if (unlikely(!p))
3311
-
goto out_overflow;
3333
+
return -EIO;
3312
3334
*type = be32_to_cpup(p);
3313
3335
bitmap[0] &= ~FATTR4_WORD0_FH_EXPIRE_TYPE;
3314
3336
}
3315
3337
dprintk("%s: expire type=0x%x\n", __func__, *type);
3316
3338
return 0;
3317
-
out_overflow:
3318
-
print_overflow_msg(__func__, xdr);
3319
-
return -EIO;
3320
3339
}
3321
3340
3322
3341
static int decode_attr_change(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *change)
···
3327
3352
if (likely(bitmap[0] & FATTR4_WORD0_CHANGE)) {
3328
3353
p = xdr_inline_decode(xdr, 8);
3329
3354
if (unlikely(!p))
3330
-
goto out_overflow;
3355
+
return -EIO;
3331
3356
xdr_decode_hyper(p, change);
3332
3357
bitmap[0] &= ~FATTR4_WORD0_CHANGE;
3333
3358
ret = NFS_ATTR_FATTR_CHANGE;
···
3335
3360
dprintk("%s: change attribute=%Lu\n", __func__,
3336
3361
(unsigned long long)*change);
3337
3362
return ret;
3338
-
out_overflow:
3339
-
print_overflow_msg(__func__, xdr);
3340
-
return -EIO;
3341
3363
}
3342
3364
3343
3365
static int decode_attr_size(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *size)
···
3348
3376
if (likely(bitmap[0] & FATTR4_WORD0_SIZE)) {
3349
3377
p = xdr_inline_decode(xdr, 8);
3350
3378
if (unlikely(!p))
3351
-
goto out_overflow;
3379
+
return -EIO;
3352
3380
xdr_decode_hyper(p, size);
3353
3381
bitmap[0] &= ~FATTR4_WORD0_SIZE;
3354
3382
ret = NFS_ATTR_FATTR_SIZE;
3355
3383
}
3356
3384
dprintk("%s: file size=%Lu\n", __func__, (unsigned long long)*size);
3357
3385
return ret;
3358
-
out_overflow:
3359
-
print_overflow_msg(__func__, xdr);
3360
-
return -EIO;
3361
3386
}
3362
3387
3363
3388
static int decode_attr_link_support(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3367
3398
if (likely(bitmap[0] & FATTR4_WORD0_LINK_SUPPORT)) {
3368
3399
p = xdr_inline_decode(xdr, 4);
3369
3400
if (unlikely(!p))
3370
-
goto out_overflow;
3401
+
return -EIO;
3371
3402
*res = be32_to_cpup(p);
3372
3403
bitmap[0] &= ~FATTR4_WORD0_LINK_SUPPORT;
3373
3404
}
3374
3405
dprintk("%s: link support=%s\n", __func__, *res == 0 ? "false" : "true");
3375
3406
return 0;
3376
-
out_overflow:
3377
-
print_overflow_msg(__func__, xdr);
3378
-
return -EIO;
3379
3407
}
3380
3408
3381
3409
static int decode_attr_symlink_support(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3385
3419
if (likely(bitmap[0] & FATTR4_WORD0_SYMLINK_SUPPORT)) {
3386
3420
p = xdr_inline_decode(xdr, 4);
3387
3421
if (unlikely(!p))
3388
-
goto out_overflow;
3422
+
return -EIO;
3389
3423
*res = be32_to_cpup(p);
3390
3424
bitmap[0] &= ~FATTR4_WORD0_SYMLINK_SUPPORT;
3391
3425
}
3392
3426
dprintk("%s: symlink support=%s\n", __func__, *res == 0 ? "false" : "true");
3393
3427
return 0;
3394
-
out_overflow:
3395
-
print_overflow_msg(__func__, xdr);
3396
-
return -EIO;
3397
3428
}
3398
3429
3399
3430
static int decode_attr_fsid(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs_fsid *fsid)
···
3405
3442
if (likely(bitmap[0] & FATTR4_WORD0_FSID)) {
3406
3443
p = xdr_inline_decode(xdr, 16);
3407
3444
if (unlikely(!p))
3408
-
goto out_overflow;
3445
+
return -EIO;
3409
3446
p = xdr_decode_hyper(p, &fsid->major);
3410
3447
xdr_decode_hyper(p, &fsid->minor);
3411
3448
bitmap[0] &= ~FATTR4_WORD0_FSID;
···
3415
3452
(unsigned long long)fsid->major,
3416
3453
(unsigned long long)fsid->minor);
3417
3454
return ret;
3418
-
out_overflow:
3419
-
print_overflow_msg(__func__, xdr);
3420
-
return -EIO;
3421
3455
}
3422
3456
3423
3457
static int decode_attr_lease_time(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3427
3467
if (likely(bitmap[0] & FATTR4_WORD0_LEASE_TIME)) {
3428
3468
p = xdr_inline_decode(xdr, 4);
3429
3469
if (unlikely(!p))
3430
-
goto out_overflow;
3470
+
return -EIO;
3431
3471
*res = be32_to_cpup(p);
3432
3472
bitmap[0] &= ~FATTR4_WORD0_LEASE_TIME;
3433
3473
}
3434
3474
dprintk("%s: file size=%u\n", __func__, (unsigned int)*res);
3435
3475
return 0;
3436
-
out_overflow:
3437
-
print_overflow_msg(__func__, xdr);
3438
-
return -EIO;
3439
3476
}
3440
3477
3441
3478
static int decode_attr_error(struct xdr_stream *xdr, uint32_t *bitmap, int32_t *res)
···
3444
3487
if (likely(bitmap[0] & FATTR4_WORD0_RDATTR_ERROR)) {
3445
3488
p = xdr_inline_decode(xdr, 4);
3446
3489
if (unlikely(!p))
3447
-
goto out_overflow;
3490
+
return -EIO;
3448
3491
bitmap[0] &= ~FATTR4_WORD0_RDATTR_ERROR;
3449
3492
*res = -be32_to_cpup(p);
3450
3493
}
3451
3494
return 0;
3452
-
out_overflow:
3453
-
print_overflow_msg(__func__, xdr);
3454
-
return -EIO;
3455
3495
}
3456
3496
3457
3497
static int decode_attr_exclcreat_supported(struct xdr_stream *xdr,
···
3480
3526
if (likely(bitmap[0] & FATTR4_WORD0_FILEHANDLE)) {
3481
3527
p = xdr_inline_decode(xdr, 4);
3482
3528
if (unlikely(!p))
3483
-
goto out_overflow;
3529
+
return -EIO;
3484
3530
len = be32_to_cpup(p);
3485
3531
if (len > NFS4_FHSIZE)
3486
3532
return -EIO;
3487
3533
p = xdr_inline_decode(xdr, len);
3488
3534
if (unlikely(!p))
3489
-
goto out_overflow;
3535
+
return -EIO;
3490
3536
if (fh != NULL) {
3491
3537
memcpy(fh->data, p, len);
3492
3538
fh->size = len;
···
3494
3540
bitmap[0] &= ~FATTR4_WORD0_FILEHANDLE;
3495
3541
}
3496
3542
return 0;
3497
-
out_overflow:
3498
-
print_overflow_msg(__func__, xdr);
3499
-
return -EIO;
3500
3543
}
3501
3544
3502
3545
static int decode_attr_aclsupport(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3506
3555
if (likely(bitmap[0] & FATTR4_WORD0_ACLSUPPORT)) {
3507
3556
p = xdr_inline_decode(xdr, 4);
3508
3557
if (unlikely(!p))
3509
-
goto out_overflow;
3558
+
return -EIO;
3510
3559
*res = be32_to_cpup(p);
3511
3560
bitmap[0] &= ~FATTR4_WORD0_ACLSUPPORT;
3512
3561
}
3513
3562
dprintk("%s: ACLs supported=%u\n", __func__, (unsigned int)*res);
3514
3563
return 0;
3515
-
out_overflow:
3516
-
print_overflow_msg(__func__, xdr);
3517
-
return -EIO;
3518
3564
}
3519
3565
3520
3566
static int decode_attr_fileid(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *fileid)
···
3525
3577
if (likely(bitmap[0] & FATTR4_WORD0_FILEID)) {
3526
3578
p = xdr_inline_decode(xdr, 8);
3527
3579
if (unlikely(!p))
3528
-
goto out_overflow;
3580
+
return -EIO;
3529
3581
xdr_decode_hyper(p, fileid);
3530
3582
bitmap[0] &= ~FATTR4_WORD0_FILEID;
3531
3583
ret = NFS_ATTR_FATTR_FILEID;
3532
3584
}
3533
3585
dprintk("%s: fileid=%Lu\n", __func__, (unsigned long long)*fileid);
3534
3586
return ret;
3535
-
out_overflow:
3536
-
print_overflow_msg(__func__, xdr);
3537
-
return -EIO;
3538
3587
}
3539
3588
3540
3589
static int decode_attr_mounted_on_fileid(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *fileid)
···
3545
3600
if (likely(bitmap[1] & FATTR4_WORD1_MOUNTED_ON_FILEID)) {
3546
3601
p = xdr_inline_decode(xdr, 8);
3547
3602
if (unlikely(!p))
3548
-
goto out_overflow;
3603
+
return -EIO;
3549
3604
xdr_decode_hyper(p, fileid);
3550
3605
bitmap[1] &= ~FATTR4_WORD1_MOUNTED_ON_FILEID;
3551
3606
ret = NFS_ATTR_FATTR_MOUNTED_ON_FILEID;
3552
3607
}
3553
3608
dprintk("%s: fileid=%Lu\n", __func__, (unsigned long long)*fileid);
3554
3609
return ret;
3555
-
out_overflow:
3556
-
print_overflow_msg(__func__, xdr);
3557
-
return -EIO;
3558
3610
}
3559
3611
3560
3612
static int decode_attr_files_avail(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
3565
3623
if (likely(bitmap[0] & FATTR4_WORD0_FILES_AVAIL)) {
3566
3624
p = xdr_inline_decode(xdr, 8);
3567
3625
if (unlikely(!p))
3568
-
goto out_overflow;
3626
+
return -EIO;
3569
3627
xdr_decode_hyper(p, res);
3570
3628
bitmap[0] &= ~FATTR4_WORD0_FILES_AVAIL;
3571
3629
}
3572
3630
dprintk("%s: files avail=%Lu\n", __func__, (unsigned long long)*res);
3573
3631
return status;
3574
-
out_overflow:
3575
-
print_overflow_msg(__func__, xdr);
3576
-
return -EIO;
3577
3632
}
3578
3633
3579
3634
static int decode_attr_files_free(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
3584
3645
if (likely(bitmap[0] & FATTR4_WORD0_FILES_FREE)) {
3585
3646
p = xdr_inline_decode(xdr, 8);
3586
3647
if (unlikely(!p))
3587
-
goto out_overflow;
3648
+
return -EIO;
3588
3649
xdr_decode_hyper(p, res);
3589
3650
bitmap[0] &= ~FATTR4_WORD0_FILES_FREE;
3590
3651
}
3591
3652
dprintk("%s: files free=%Lu\n", __func__, (unsigned long long)*res);
3592
3653
return status;
3593
-
out_overflow:
3594
-
print_overflow_msg(__func__, xdr);
3595
-
return -EIO;
3596
3654
}
3597
3655
3598
3656
static int decode_attr_files_total(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
3603
3667
if (likely(bitmap[0] & FATTR4_WORD0_FILES_TOTAL)) {
3604
3668
p = xdr_inline_decode(xdr, 8);
3605
3669
if (unlikely(!p))
3606
-
goto out_overflow;
3670
+
return -EIO;
3607
3671
xdr_decode_hyper(p, res);
3608
3672
bitmap[0] &= ~FATTR4_WORD0_FILES_TOTAL;
3609
3673
}
3610
3674
dprintk("%s: files total=%Lu\n", __func__, (unsigned long long)*res);
3611
3675
return status;
3612
-
out_overflow:
3613
-
print_overflow_msg(__func__, xdr);
3614
-
return -EIO;
3615
3676
}
3616
3677
3617
3678
static int decode_pathname(struct xdr_stream *xdr, struct nfs4_pathname *path)
···
3619
3686
3620
3687
p = xdr_inline_decode(xdr, 4);
3621
3688
if (unlikely(!p))
3622
-
goto out_overflow;
3689
+
return -EIO;
3623
3690
n = be32_to_cpup(p);
3624
3691
if (n == 0)
3625
3692
goto root_path;
···
3651
3718
dprintk(" status %d", status);
3652
3719
status = -EIO;
3653
3720
goto out;
3654
-
out_overflow:
3655
-
print_overflow_msg(__func__, xdr);
3656
-
return -EIO;
3657
3721
}
3658
3722
3659
3723
static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs4_fs_locations *res)
···
3675
3745
goto out;
3676
3746
p = xdr_inline_decode(xdr, 4);
3677
3747
if (unlikely(!p))
3678
-
goto out_overflow;
3748
+
goto out_eio;
3679
3749
n = be32_to_cpup(p);
3680
3750
if (n <= 0)
3681
3751
goto out_eio;
···
3688
3758
loc = &res->locations[res->nlocations];
3689
3759
p = xdr_inline_decode(xdr, 4);
3690
3760
if (unlikely(!p))
3691
-
goto out_overflow;
3761
+
goto out_eio;
3692
3762
m = be32_to_cpup(p);
3693
3763
3694
3764
dprintk("%s: servers:\n", __func__);
···
3726
3796
out:
3727
3797
dprintk("%s: fs_locations done, error = %d\n", __func__, status);
3728
3798
return status;
3729
-
out_overflow:
3730
-
print_overflow_msg(__func__, xdr);
3731
3799
out_eio:
3732
3800
status = -EIO;
3733
3801
goto out;
···
3742
3814
if (likely(bitmap[0] & FATTR4_WORD0_MAXFILESIZE)) {
3743
3815
p = xdr_inline_decode(xdr, 8);
3744
3816
if (unlikely(!p))
3745
-
goto out_overflow;
3817
+
return -EIO;
3746
3818
xdr_decode_hyper(p, res);
3747
3819
bitmap[0] &= ~FATTR4_WORD0_MAXFILESIZE;
3748
3820
}
3749
3821
dprintk("%s: maxfilesize=%Lu\n", __func__, (unsigned long long)*res);
3750
3822
return status;
3751
-
out_overflow:
3752
-
print_overflow_msg(__func__, xdr);
3753
-
return -EIO;
3754
3823
}
3755
3824
3756
3825
static int decode_attr_maxlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *maxlink)
···
3761
3836
if (likely(bitmap[0] & FATTR4_WORD0_MAXLINK)) {
3762
3837
p = xdr_inline_decode(xdr, 4);
3763
3838
if (unlikely(!p))
3764
-
goto out_overflow;
3839
+
return -EIO;
3765
3840
*maxlink = be32_to_cpup(p);
3766
3841
bitmap[0] &= ~FATTR4_WORD0_MAXLINK;
3767
3842
}
3768
3843
dprintk("%s: maxlink=%u\n", __func__, *maxlink);
3769
3844
return status;
3770
-
out_overflow:
3771
-
print_overflow_msg(__func__, xdr);
3772
-
return -EIO;
3773
3845
}
3774
3846
3775
3847
static int decode_attr_maxname(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *maxname)
···
3780
3858
if (likely(bitmap[0] & FATTR4_WORD0_MAXNAME)) {
3781
3859
p = xdr_inline_decode(xdr, 4);
3782
3860
if (unlikely(!p))
3783
-
goto out_overflow;
3861
+
return -EIO;
3784
3862
*maxname = be32_to_cpup(p);
3785
3863
bitmap[0] &= ~FATTR4_WORD0_MAXNAME;
3786
3864
}
3787
3865
dprintk("%s: maxname=%u\n", __func__, *maxname);
3788
3866
return status;
3789
-
out_overflow:
3790
-
print_overflow_msg(__func__, xdr);
3791
-
return -EIO;
3792
3867
}
3793
3868
3794
3869
static int decode_attr_maxread(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3800
3881
uint64_t maxread;
3801
3882
p = xdr_inline_decode(xdr, 8);
3802
3883
if (unlikely(!p))
3803
-
goto out_overflow;
3884
+
return -EIO;
3804
3885
xdr_decode_hyper(p, &maxread);
3805
3886
if (maxread > 0x7FFFFFFF)
3806
3887
maxread = 0x7FFFFFFF;
···
3809
3890
}
3810
3891
dprintk("%s: maxread=%lu\n", __func__, (unsigned long)*res);
3811
3892
return status;
3812
-
out_overflow:
3813
-
print_overflow_msg(__func__, xdr);
3814
-
return -EIO;
3815
3893
}
3816
3894
3817
3895
static int decode_attr_maxwrite(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
···
3823
3907
uint64_t maxwrite;
3824
3908
p = xdr_inline_decode(xdr, 8);
3825
3909
if (unlikely(!p))
3826
-
goto out_overflow;
3910
+
return -EIO;
3827
3911
xdr_decode_hyper(p, &maxwrite);
3828
3912
if (maxwrite > 0x7FFFFFFF)
3829
3913
maxwrite = 0x7FFFFFFF;
···
3832
3916
}
3833
3917
dprintk("%s: maxwrite=%lu\n", __func__, (unsigned long)*res);
3834
3918
return status;
3835
-
out_overflow:
3836
-
print_overflow_msg(__func__, xdr);
3837
-
return -EIO;
3838
3919
}
3839
3920
3840
3921
static int decode_attr_mode(struct xdr_stream *xdr, uint32_t *bitmap, umode_t *mode)
···
3846
3933
if (likely(bitmap[1] & FATTR4_WORD1_MODE)) {
3847
3934
p = xdr_inline_decode(xdr, 4);
3848
3935
if (unlikely(!p))
3849
-
goto out_overflow;
3936
+
return -EIO;
3850
3937
tmp = be32_to_cpup(p);
3851
3938
*mode = tmp & ~S_IFMT;
3852
3939
bitmap[1] &= ~FATTR4_WORD1_MODE;
···
3854
3941
}
3855
3942
dprintk("%s: file mode=0%o\n", __func__, (unsigned int)*mode);
3856
3943
return ret;
3857
-
out_overflow:
3858
-
print_overflow_msg(__func__, xdr);
3859
-
return -EIO;
3860
3944
}
3861
3945
3862
3946
static int decode_attr_nlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *nlink)
···
3867
3957
if (likely(bitmap[1] & FATTR4_WORD1_NUMLINKS)) {
3868
3958
p = xdr_inline_decode(xdr, 4);
3869
3959
if (unlikely(!p))
3870
-
goto out_overflow;
3960
+
return -EIO;
3871
3961
*nlink = be32_to_cpup(p);
3872
3962
bitmap[1] &= ~FATTR4_WORD1_NUMLINKS;
3873
3963
ret = NFS_ATTR_FATTR_NLINK;
3874
3964
}
3875
3965
dprintk("%s: nlink=%u\n", __func__, (unsigned int)*nlink);
3876
3966
return ret;
3877
-
out_overflow:
3878
-
print_overflow_msg(__func__, xdr);
3879
-
return -EIO;
3880
3967
}
3881
3968
3882
3969
static ssize_t decode_nfs4_string(struct xdr_stream *xdr,
···
3918
4011
return NFS_ATTR_FATTR_OWNER;
3919
4012
}
3920
4013
out:
3921
-
if (len != -EBADMSG)
3922
-
return 0;
3923
-
print_overflow_msg(__func__, xdr);
3924
-
return -EIO;
4014
+
if (len == -EBADMSG)
4015
+
return -EIO;
4016
+
return 0;
3925
4017
}
3926
4018
3927
4019
static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap,
···
3952
4046
return NFS_ATTR_FATTR_GROUP;
3953
4047
}
3954
4048
out:
3955
-
if (len != -EBADMSG)
3956
-
return 0;
3957
-
print_overflow_msg(__func__, xdr);
3958
-
return -EIO;
4049
+
if (len == -EBADMSG)
4050
+
return -EIO;
4051
+
return 0;
3959
4052
}
3960
4053
3961
4054
static int decode_attr_rdev(struct xdr_stream *xdr, uint32_t *bitmap, dev_t *rdev)
···
3971
4066
3972
4067
p = xdr_inline_decode(xdr, 8);
3973
4068
if (unlikely(!p))
3974
-
goto out_overflow;
4069
+
return -EIO;
3975
4070
major = be32_to_cpup(p++);
3976
4071
minor = be32_to_cpup(p);
3977
4072
tmp = MKDEV(major, minor);
···
3982
4077
}
3983
4078
dprintk("%s: rdev=(0x%x:0x%x)\n", __func__, major, minor);
3984
4079
return ret;
3985
-
out_overflow:
3986
-
print_overflow_msg(__func__, xdr);
3987
-
return -EIO;
3988
4080
}
3989
4081
3990
4082
static int decode_attr_space_avail(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
3995
4093
if (likely(bitmap[1] & FATTR4_WORD1_SPACE_AVAIL)) {
3996
4094
p = xdr_inline_decode(xdr, 8);
3997
4095
if (unlikely(!p))
3998
-
goto out_overflow;
4096
+
return -EIO;
3999
4097
xdr_decode_hyper(p, res);
4000
4098
bitmap[1] &= ~FATTR4_WORD1_SPACE_AVAIL;
4001
4099
}
4002
4100
dprintk("%s: space avail=%Lu\n", __func__, (unsigned long long)*res);
4003
4101
return status;
4004
-
out_overflow:
4005
-
print_overflow_msg(__func__, xdr);
4006
-
return -EIO;
4007
4102
}
4008
4103
4009
4104
static int decode_attr_space_free(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
4014
4115
if (likely(bitmap[1] & FATTR4_WORD1_SPACE_FREE)) {
4015
4116
p = xdr_inline_decode(xdr, 8);
4016
4117
if (unlikely(!p))
4017
-
goto out_overflow;
4118
+
return -EIO;
4018
4119
xdr_decode_hyper(p, res);
4019
4120
bitmap[1] &= ~FATTR4_WORD1_SPACE_FREE;
4020
4121
}
4021
4122
dprintk("%s: space free=%Lu\n", __func__, (unsigned long long)*res);
4022
4123
return status;
4023
-
out_overflow:
4024
-
print_overflow_msg(__func__, xdr);
4025
-
return -EIO;
4026
4124
}
4027
4125
4028
4126
static int decode_attr_space_total(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
···
4033
4137
if (likely(bitmap[1] & FATTR4_WORD1_SPACE_TOTAL)) {
4034
4138
p = xdr_inline_decode(xdr, 8);
4035
4139
if (unlikely(!p))
4036
-
goto out_overflow;
4140
+
return -EIO;
4037
4141
xdr_decode_hyper(p, res);
4038
4142
bitmap[1] &= ~FATTR4_WORD1_SPACE_TOTAL;
4039
4143
}
4040
4144
dprintk("%s: space total=%Lu\n", __func__, (unsigned long long)*res);
4041
4145
return status;
4042
-
out_overflow:
4043
-
print_overflow_msg(__func__, xdr);
4044
-
return -EIO;
4045
4146
}
4046
4147
4047
4148
static int decode_attr_space_used(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *used)
···
4052
4159
if (likely(bitmap[1] & FATTR4_WORD1_SPACE_USED)) {
4053
4160
p = xdr_inline_decode(xdr, 8);
4054
4161
if (unlikely(!p))
4055
-
goto out_overflow;
4162
+
return -EIO;
4056
4163
xdr_decode_hyper(p, used);
4057
4164
bitmap[1] &= ~FATTR4_WORD1_SPACE_USED;
4058
4165
ret = NFS_ATTR_FATTR_SPACE_USED;
···
4060
4167
dprintk("%s: space used=%Lu\n", __func__,
4061
4168
(unsigned long long)*used);
4062
4169
return ret;
4063
-
out_overflow:
4064
-
print_overflow_msg(__func__, xdr);
4065
-
return -EIO;
4066
4170
}
4067
4171
4068
4172
static __be32 *
···
4079
4189
4080
4190
p = xdr_inline_decode(xdr, nfstime4_maxsz << 2);
4081
4191
if (unlikely(!p))
4082
-
goto out_overflow;
4192
+
return -EIO;
4083
4193
xdr_decode_nfstime4(p, time);
4084
4194
return 0;
4085
-
out_overflow:
4086
-
print_overflow_msg(__func__, xdr);
4087
-
return -EIO;
4088
4195
}
4089
4196
4090
4197
static int decode_attr_time_access(struct xdr_stream *xdr, uint32_t *bitmap, struct timespec *time)
···
4152
4265
if (likely(bitmap[2] & FATTR4_WORD2_SECURITY_LABEL)) {
4153
4266
p = xdr_inline_decode(xdr, 4);
4154
4267
if (unlikely(!p))
4155
-
goto out_overflow;
4268
+
return -EIO;
4156
4269
lfs = be32_to_cpup(p++);
4157
4270
p = xdr_inline_decode(xdr, 4);
4158
4271
if (unlikely(!p))
4159
-
goto out_overflow;
4272
+
return -EIO;
4160
4273
pi = be32_to_cpup(p++);
4161
4274
p = xdr_inline_decode(xdr, 4);
4162
4275
if (unlikely(!p))
4163
-
goto out_overflow;
4276
+
return -EIO;
4164
4277
len = be32_to_cpup(p++);
4165
4278
p = xdr_inline_decode(xdr, len);
4166
4279
if (unlikely(!p))
4167
-
goto out_overflow;
4280
+
return -EIO;
4168
4281
if (len < NFS4_MAXLABELLEN) {
4169
4282
if (label) {
4170
4283
memcpy(label->label, p, len);
···
4182
4295
dprintk("%s: label=%s, len=%d, PI=%d, LFS=%d\n", __func__,
4183
4296
(char *)label->label, label->len, label->pi, label->lfs);
4184
4297
return status;
4185
-
4186
-
out_overflow:
4187
-
print_overflow_msg(__func__, xdr);
4188
-
return -EIO;
4189
4298
}
4190
4299
4191
4300
static int decode_attr_time_modify(struct xdr_stream *xdr, uint32_t *bitmap, struct timespec *time)
···
4225
4342
4226
4343
p = xdr_inline_decode(xdr, 20);
4227
4344
if (unlikely(!p))
4228
-
goto out_overflow;
4345
+
return -EIO;
4229
4346
cinfo->atomic = be32_to_cpup(p++);
4230
4347
p = xdr_decode_hyper(p, &cinfo->before);
4231
4348
xdr_decode_hyper(p, &cinfo->after);
4232
4349
return 0;
4233
-
out_overflow:
4234
-
print_overflow_msg(__func__, xdr);
4235
-
return -EIO;
4236
4350
}
4237
4351
4238
4352
static int decode_access(struct xdr_stream *xdr, u32 *supported, u32 *access)
···
4243
4363
return status;
4244
4364
p = xdr_inline_decode(xdr, 8);
4245
4365
if (unlikely(!p))
4246
-
goto out_overflow;
4366
+
return -EIO;
4247
4367
supp = be32_to_cpup(p++);
4248
4368
acc = be32_to_cpup(p);
4249
4369
*supported = supp;
4250
4370
*access = acc;
4251
4371
return 0;
4252
-
out_overflow:
4253
-
print_overflow_msg(__func__, xdr);
4254
-
return -EIO;
4255
4372
}
4256
4373
4257
4374
static int decode_opaque_fixed(struct xdr_stream *xdr, void *buf, size_t len)
4258
4375
{
4259
4376
ssize_t ret = xdr_stream_decode_opaque_fixed(xdr, buf, len);
4260
-
if (unlikely(ret < 0)) {
4261
-
print_overflow_msg(__func__, xdr);
4377
+
if (unlikely(ret < 0))
4262
4378
return -EIO;
4263
-
}
4264
4379
return 0;
4265
4380
}
4266
4381
···
4335
4460
return status;
4336
4461
p = xdr_inline_decode(xdr, 4);
4337
4462
if (unlikely(!p))
4338
-
goto out_overflow;
4463
+
return -EIO;
4339
4464
bmlen = be32_to_cpup(p);
4340
4465
p = xdr_inline_decode(xdr, bmlen << 2);
4341
4466
if (likely(p))
4342
4467
return 0;
4343
-
out_overflow:
4344
-
print_overflow_msg(__func__, xdr);
4345
4468
return -EIO;
4346
4469
}
4347
4470
···
4447
4574
if (likely(bitmap[0] & hint_bit)) {
4448
4575
p = xdr_inline_decode(xdr, 8);
4449
4576
if (unlikely(!p))
4450
-
goto out_overflow;
4577
+
return -EIO;
4451
4578
xdr_decode_hyper(p, res);
4452
4579
}
4453
4580
return 0;
4454
-
out_overflow:
4455
-
print_overflow_msg(__func__, xdr);
4456
-
return -EIO;
4457
4581
}
4458
4582
4459
4583
static int decode_first_threshold_item4(struct xdr_stream *xdr,
···
4463
4593
4464
4594
/* layout type */
4465
4595
p = xdr_inline_decode(xdr, 4);
4466
-
if (unlikely(!p)) {
4467
-
print_overflow_msg(__func__, xdr);
4596
+
if (unlikely(!p))
4468
4597
return -EIO;
4469
-
}
4470
4598
res->l_type = be32_to_cpup(p);
4471
4599
4472
4600
/* thi_hintset bitmap */
···
4522
4654
return -EREMOTEIO;
4523
4655
p = xdr_inline_decode(xdr, 4);
4524
4656
if (unlikely(!p))
4525
-
goto out_overflow;
4657
+
return -EIO;
4526
4658
num = be32_to_cpup(p);
4527
4659
if (num == 0)
4528
4660
return 0;
···
4535
4667
bitmap[2] &= ~FATTR4_WORD2_MDSTHRESHOLD;
4536
4668
}
4537
4669
return status;
4538
-
out_overflow:
4539
-
print_overflow_msg(__func__, xdr);
4540
-
return -EIO;
4541
4670
}
4542
4671
4543
4672
static int decode_getfattr_attrs(struct xdr_stream *xdr, uint32_t *bitmap,
···
4722
4857
4723
4858
p = xdr_inline_decode(xdr, 4);
4724
4859
if (unlikely(!p))
4725
-
goto out_overflow;
4860
+
return -EIO;
4726
4861
fsinfo->nlayouttypes = be32_to_cpup(p);
4727
4862
4728
4863
/* pNFS is not supported by the underlying file system */
···
4732
4867
/* Decode and set first layout type, move xdr->p past unused types */
4733
4868
p = xdr_inline_decode(xdr, fsinfo->nlayouttypes * 4);
4734
4869
if (unlikely(!p))
4735
-
goto out_overflow;
4870
+
return -EIO;
4736
4871
4737
4872
/* If we get too many, then just cap it at the max */
4738
4873
if (fsinfo->nlayouttypes > NFS_MAX_LAYOUT_TYPES) {
···
4744
4879
for(i = 0; i < fsinfo->nlayouttypes; ++i)
4745
4880
fsinfo->layouttype[i] = be32_to_cpup(p++);
4746
4881
return 0;
4747
-
out_overflow:
4748
-
print_overflow_msg(__func__, xdr);
4749
-
return -EIO;
4750
4882
}
4751
4883
4752
4884
/*
···
4777
4915
*res = 0;
4778
4916
if (bitmap[2] & FATTR4_WORD2_LAYOUT_BLKSIZE) {
4779
4917
p = xdr_inline_decode(xdr, 4);
4780
-
if (unlikely(!p)) {
4781
-
print_overflow_msg(__func__, xdr);
4918
+
if (unlikely(!p))
4782
4919
return -EIO;
4783
-
}
4784
4920
*res = be32_to_cpup(p);
4785
4921
bitmap[2] &= ~FATTR4_WORD2_LAYOUT_BLKSIZE;
4786
4922
}
···
4797
4937
*res = 0;
4798
4938
if (bitmap[2] & FATTR4_WORD2_CLONE_BLKSIZE) {
4799
4939
p = xdr_inline_decode(xdr, 4);
4800
-
if (unlikely(!p)) {
4801
-
print_overflow_msg(__func__, xdr);
4940
+
if (unlikely(!p))
4802
4941
return -EIO;
4803
-
}
4804
4942
*res = be32_to_cpup(p);
4805
4943
bitmap[2] &= ~FATTR4_WORD2_CLONE_BLKSIZE;
4806
4944
}
···
4874
5016
4875
5017
p = xdr_inline_decode(xdr, 4);
4876
5018
if (unlikely(!p))
4877
-
goto out_overflow;
5019
+
return -EIO;
4878
5020
len = be32_to_cpup(p);
4879
5021
if (len > NFS4_FHSIZE)
4880
5022
return -EIO;
4881
5023
fh->size = len;
4882
5024
p = xdr_inline_decode(xdr, len);
4883
5025
if (unlikely(!p))
4884
-
goto out_overflow;
5026
+
return -EIO;
4885
5027
memcpy(fh->data, p, len);
4886
5028
return 0;
4887
-
out_overflow:
4888
-
print_overflow_msg(__func__, xdr);
4889
-
return -EIO;
4890
5029
}
4891
5030
4892
5031
static int decode_link(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
···
4907
5052
4908
5053
p = xdr_inline_decode(xdr, 32); /* read 32 bytes */
4909
5054
if (unlikely(!p))
4910
-
goto out_overflow;
5055
+
return -EIO;
4911
5056
p = xdr_decode_hyper(p, &offset); /* read 2 8-byte long words */
4912
5057
p = xdr_decode_hyper(p, &length);
4913
5058
type = be32_to_cpup(p++); /* 4 byte read */
···
4924
5069
p = xdr_decode_hyper(p, &clientid); /* read 8 bytes */
4925
5070
namelen = be32_to_cpup(p); /* read 4 bytes */ /* have read all 32 bytes now */
4926
5071
p = xdr_inline_decode(xdr, namelen); /* variable size field */
4927
-
if (likely(p))
4928
-
return -NFS4ERR_DENIED;
4929
-
out_overflow:
4930
-
print_overflow_msg(__func__, xdr);
4931
-
return -EIO;
5072
+
if (likely(!p))
5073
+
return -EIO;
5074
+
return -NFS4ERR_DENIED;
4932
5075
}
4933
5076
4934
5077
static int decode_lock(struct xdr_stream *xdr, struct nfs_lock_res *res)
···
4995
5142
4996
5143
p = xdr_inline_decode(xdr, 12);
4997
5144
if (unlikely(!p))
4998
-
goto out_overflow;
5145
+
return -EIO;
4999
5146
limit_type = be32_to_cpup(p++);
5000
5147
switch (limit_type) {
5001
5148
case NFS4_LIMIT_SIZE:
···
5009
5156
maxsize >>= PAGE_SHIFT;
5010
5157
*pagemod_limit = min_t(u64, maxsize, ULONG_MAX);
5011
5158
return 0;
5012
-
out_overflow:
5013
-
print_overflow_msg(__func__, xdr);
5014
-
return -EIO;
5015
5159
}
5016
5160
5017
5161
static int decode_rw_delegation(struct xdr_stream *xdr,
···
5023
5173
return status;
5024
5174
p = xdr_inline_decode(xdr, 4);
5025
5175
if (unlikely(!p))
5026
-
goto out_overflow;
5176
+
return -EIO;
5027
5177
res->do_recall = be32_to_cpup(p);
5028
5178
5029
5179
switch (delegation_type) {
···
5036
5186
return -EIO;
5037
5187
}
5038
5188
return decode_ace(xdr, NULL);
5039
-
out_overflow:
5040
-
print_overflow_msg(__func__, xdr);
5041
-
return -EIO;
5042
5189
}
5043
5190
5044
5191
static int decode_no_delegation(struct xdr_stream *xdr, struct nfs_openres *res)
···
5045
5198
5046
5199
p = xdr_inline_decode(xdr, 4);
5047
5200
if (unlikely(!p))
5048
-
goto out_overflow;
5201
+
return -EIO;
5049
5202
why_no_delegation = be32_to_cpup(p);
5050
5203
switch (why_no_delegation) {
5051
5204
case WND4_CONTENTION:
···
5054
5207
/* Ignore for now */
5055
5208
}
5056
5209
return 0;
5057
-
out_overflow:
5058
-
print_overflow_msg(__func__, xdr);
5059
-
return -EIO;
5060
5210
}
5061
5211
5062
5212
static int decode_delegation(struct xdr_stream *xdr, struct nfs_openres *res)
···
5063
5219
5064
5220
p = xdr_inline_decode(xdr, 4);
5065
5221
if (unlikely(!p))
5066
-
goto out_overflow;
5222
+
return -EIO;
5067
5223
delegation_type = be32_to_cpup(p);
5068
5224
res->delegation_type = 0;
5069
5225
switch (delegation_type) {
···
5075
5231
case NFS4_OPEN_DELEGATE_NONE_EXT:
5076
5232
return decode_no_delegation(xdr, res);
5077
5233
}
5078
-
return -EIO;
5079
-
out_overflow:
5080
-
print_overflow_msg(__func__, xdr);
5081
5234
return -EIO;
5082
5235
}
5083
5236
···
5097
5256
5098
5257
p = xdr_inline_decode(xdr, 8);
5099
5258
if (unlikely(!p))
5100
-
goto out_overflow;
5259
+
return -EIO;
5101
5260
res->rflags = be32_to_cpup(p++);
5102
5261
bmlen = be32_to_cpup(p);
5103
5262
if (bmlen > 10)
···
5105
5264
5106
5265
p = xdr_inline_decode(xdr, bmlen << 2);
5107
5266
if (unlikely(!p))
5108
-
goto out_overflow;
5267
+
return -EIO;
5109
5268
savewords = min_t(uint32_t, bmlen, NFS4_BITMAP_SIZE);
5110
5269
for (i = 0; i < savewords; ++i)
5111
5270
res->attrset[i] = be32_to_cpup(p++);
···
5115
5274
return decode_delegation(xdr, res);
5116
5275
xdr_error:
5117
5276
dprintk("%s: Bitmap too large! Length = %u\n", __func__, bmlen);
5118
-
return -EIO;
5119
-
out_overflow:
5120
-
print_overflow_msg(__func__, xdr);
5121
5277
return -EIO;
5122
5278
}
5123
5279
···
5164
5326
return status;
5165
5327
p = xdr_inline_decode(xdr, 8);
5166
5328
if (unlikely(!p))
5167
-
goto out_overflow;
5329
+
return -EIO;
5168
5330
eof = be32_to_cpup(p++);
5169
5331
count = be32_to_cpup(p);
5170
5332
recvd = xdr_read_pages(xdr, count);
···
5177
5339
res->eof = eof;
5178
5340
res->count = count;
5179
5341
return 0;
5180
-
out_overflow:
5181
-
print_overflow_msg(__func__, xdr);
5182
-
return -EIO;
5183
5342
}
5184
5343
5185
5344
static int decode_readdir(struct xdr_stream *xdr, struct rpc_rqst *req, struct nfs4_readdir_res *readdir)
···
5209
5374
/* Convert length of symlink */
5210
5375
p = xdr_inline_decode(xdr, 4);
5211
5376
if (unlikely(!p))
5212
-
goto out_overflow;
5377
+
return -EIO;
5213
5378
len = be32_to_cpup(p);
5214
5379
if (len >= rcvbuf->page_len || len <= 0) {
5215
5380
dprintk("nfs: server returned giant symlink!\n");
···
5230
5395
*/
5231
5396
xdr_terminate_string(rcvbuf, len);
5232
5397
return 0;
5233
-
out_overflow:
5234
-
print_overflow_msg(__func__, xdr);
5235
-
return -EIO;
5236
5398
}
5237
5399
5238
5400
static int decode_remove(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
···
5332
5500
return status;
5333
5501
if (decode_bitmap4(xdr, NULL, 0) >= 0)
5334
5502
return 0;
5335
-
print_overflow_msg(__func__, xdr);
5336
5503
return -EIO;
5337
5504
}
5338
5505
···
5343
5512
5344
5513
p = xdr_inline_decode(xdr, 8);
5345
5514
if (unlikely(!p))
5346
-
goto out_overflow;
5515
+
return -EIO;
5347
5516
opnum = be32_to_cpup(p++);
5348
5517
if (opnum != OP_SETCLIENTID) {
5349
5518
dprintk("nfs: decode_setclientid: Server returned operation"
···
5354
5523
if (nfserr == NFS_OK) {
5355
5524
p = xdr_inline_decode(xdr, 8 + NFS4_VERIFIER_SIZE);
5356
5525
if (unlikely(!p))
5357
-
goto out_overflow;
5526
+
return -EIO;
5358
5527
p = xdr_decode_hyper(p, &res->clientid);
5359
5528
memcpy(res->confirm.data, p, NFS4_VERIFIER_SIZE);
5360
5529
} else if (nfserr == NFSERR_CLID_INUSE) {
···
5363
5532
/* skip netid string */
5364
5533
p = xdr_inline_decode(xdr, 4);
5365
5534
if (unlikely(!p))
5366
-
goto out_overflow;
5535
+
return -EIO;
5367
5536
len = be32_to_cpup(p);
5368
5537
p = xdr_inline_decode(xdr, len);
5369
5538
if (unlikely(!p))
5370
-
goto out_overflow;
5539
+
return -EIO;
5371
5540
5372
5541
/* skip uaddr string */
5373
5542
p = xdr_inline_decode(xdr, 4);
5374
5543
if (unlikely(!p))
5375
-
goto out_overflow;
5544
+
return -EIO;
5376
5545
len = be32_to_cpup(p);
5377
5546
p = xdr_inline_decode(xdr, len);
5378
5547
if (unlikely(!p))
5379
-
goto out_overflow;
5548
+
return -EIO;
5380
5549
return -NFSERR_CLID_INUSE;
5381
5550
} else
5382
5551
return nfs4_stat_to_errno(nfserr);
5383
5552
5384
5553
return 0;
5385
-
out_overflow:
5386
-
print_overflow_msg(__func__, xdr);
5387
-
return -EIO;
5388
5554
}
5389
5555
5390
5556
static int decode_setclientid_confirm(struct xdr_stream *xdr)
···
5400
5572
5401
5573
p = xdr_inline_decode(xdr, 8);
5402
5574
if (unlikely(!p))
5403
-
goto out_overflow;
5575
+
return -EIO;
5404
5576
res->count = be32_to_cpup(p++);
5405
5577
res->verf->committed = be32_to_cpup(p++);
5406
5578
return decode_write_verifier(xdr, &res->verf->verifier);
5407
-
out_overflow:
5408
-
print_overflow_msg(__func__, xdr);
5409
-
return -EIO;
5410
5579
}
5411
5580
5412
5581
static int decode_delegreturn(struct xdr_stream *xdr)
···
5419
5594
5420
5595
p = xdr_inline_decode(xdr, 4);
5421
5596
if (unlikely(!p))
5422
-
goto out_overflow;
5597
+
return -EIO;
5423
5598
oid_len = be32_to_cpup(p);
5424
5599
if (oid_len > GSS_OID_MAX_LEN)
5425
-
goto out_err;
5600
+
return -EINVAL;
5426
5601
5427
5602
p = xdr_inline_decode(xdr, oid_len);
5428
5603
if (unlikely(!p))
5429
-
goto out_overflow;
5604
+
return -EIO;
5430
5605
memcpy(flavor->flavor_info.oid.data, p, oid_len);
5431
5606
flavor->flavor_info.oid.len = oid_len;
5432
5607
5433
5608
p = xdr_inline_decode(xdr, 8);
5434
5609
if (unlikely(!p))
5435
-
goto out_overflow;
5610
+
return -EIO;
5436
5611
flavor->flavor_info.qop = be32_to_cpup(p++);
5437
5612
flavor->flavor_info.service = be32_to_cpup(p);
5438
5613
5439
5614
return 0;
5440
-
5441
-
out_overflow:
5442
-
print_overflow_msg(__func__, xdr);
5443
-
return -EIO;
5444
-
out_err:
5445
-
return -EINVAL;
5446
5615
}
5447
5616
5448
5617
static int decode_secinfo_common(struct xdr_stream *xdr, struct nfs4_secinfo_res *res)
···
5448
5629
5449
5630
p = xdr_inline_decode(xdr, 4);
5450
5631
if (unlikely(!p))
5451
-
goto out_overflow;
5632
+
return -EIO;
5452
5633
5453
5634
res->flavors->num_flavors = 0;
5454
5635
num_flavors = be32_to_cpup(p);
···
5460
5641
5461
5642
p = xdr_inline_decode(xdr, 4);
5462
5643
if (unlikely(!p))
5463
-
goto out_overflow;
5644
+
return -EIO;
5464
5645
sec_flavor->flavor = be32_to_cpup(p);
5465
5646
5466
5647
if (sec_flavor->flavor == RPC_AUTH_GSS) {
···
5474
5655
status = 0;
5475
5656
out:
5476
5657
return status;
5477
-
out_overflow:
5478
-
print_overflow_msg(__func__, xdr);
5479
-
return -EIO;
5480
5658
}
5481
5659
5482
5660
static int decode_secinfo(struct xdr_stream *xdr, struct nfs4_secinfo_res *res)
···
5527
5711
5528
5712
p = xdr_inline_decode(xdr, 8);
5529
5713
if (unlikely(!p))
5530
-
goto out_overflow;
5714
+
return -EIO;
5531
5715
xdr_decode_hyper(p, &res->clientid);
5532
5716
p = xdr_inline_decode(xdr, 12);
5533
5717
if (unlikely(!p))
5534
-
goto out_overflow;
5718
+
return -EIO;
5535
5719
res->seqid = be32_to_cpup(p++);
5536
5720
res->flags = be32_to_cpup(p++);
5537
5721
···
5555
5739
/* server_owner4.so_minor_id */
5556
5740
p = xdr_inline_decode(xdr, 8);
5557
5741
if (unlikely(!p))
5558
-
goto out_overflow;
5742
+
return -EIO;
5559
5743
p = xdr_decode_hyper(p, &res->server_owner->minor_id);
5560
5744
5561
5745
/* server_owner4.so_major_id */
···
5575
5759
/* Implementation Id */
5576
5760
p = xdr_inline_decode(xdr, 4);
5577
5761
if (unlikely(!p))
5578
-
goto out_overflow;
5762
+
return -EIO;
5579
5763
impl_id_count = be32_to_cpup(p++);
5580
5764
5581
5765
if (impl_id_count) {
···
5594
5778
/* nii_date */
5595
5779
p = xdr_inline_decode(xdr, 12);
5596
5780
if (unlikely(!p))
5597
-
goto out_overflow;
5781
+
return -EIO;
5598
5782
p = xdr_decode_hyper(p, &res->impl_id->date.seconds);
5599
5783
res->impl_id->date.nseconds = be32_to_cpup(p);
5600
5784
5601
5785
/* if there's more than one entry, ignore the rest */
5602
5786
}
5603
5787
return 0;
5604
-
out_overflow:
5605
-
print_overflow_msg(__func__, xdr);
5606
-
return -EIO;
5607
5788
}
5608
5789
5609
5790
static int decode_chan_attrs(struct xdr_stream *xdr,
···
5611
5798
5612
5799
p = xdr_inline_decode(xdr, 28);
5613
5800
if (unlikely(!p))
5614
-
goto out_overflow;
5801
+
return -EIO;
5615
5802
val = be32_to_cpup(p++); /* headerpadsz */
5616
5803
if (val)
5617
5804
return -EINVAL; /* no support for header padding yet */
···
5629
5816
if (nr_attrs == 1) {
5630
5817
p = xdr_inline_decode(xdr, 4); /* skip rdma_attrs */
5631
5818
if (unlikely(!p))
5632
-
goto out_overflow;
5819
+
return -EIO;
5633
5820
}
5634
5821
return 0;
5635
-
out_overflow:
5636
-
print_overflow_msg(__func__, xdr);
5637
-
return -EIO;
5638
5822
}
5639
5823
5640
5824
static int decode_sessionid(struct xdr_stream *xdr, struct nfs4_sessionid *sid)
···
5654
5844
/* dir flags, rdma mode bool */
5655
5845
p = xdr_inline_decode(xdr, 8);
5656
5846
if (unlikely(!p))
5657
-
goto out_overflow;
5847
+
return -EIO;
5658
5848
5659
5849
res->dir = be32_to_cpup(p++);
5660
5850
if (res->dir == 0 || res->dir > NFS4_CDFS4_BOTH)
···
5665
5855
res->use_conn_in_rdma_mode = true;
5666
5856
5667
5857
return 0;
5668
-
out_overflow:
5669
-
print_overflow_msg(__func__, xdr);
5670
-
return -EIO;
5671
5858
}
5672
5859
5673
5860
static int decode_create_session(struct xdr_stream *xdr,
···
5682
5875
/* seqid, flags */
5683
5876
p = xdr_inline_decode(xdr, 8);
5684
5877
if (unlikely(!p))
5685
-
goto out_overflow;
5878
+
return -EIO;
5686
5879
res->seqid = be32_to_cpup(p++);
5687
5880
res->flags = be32_to_cpup(p);
5688
5881
···
5691
5884
if (!status)
5692
5885
status = decode_chan_attrs(xdr, &res->bc_attrs);
5693
5886
return status;
5694
-
out_overflow:
5695
-
print_overflow_msg(__func__, xdr);
5696
-
return -EIO;
5697
5887
}
5698
5888
5699
5889
static int decode_destroy_session(struct xdr_stream *xdr, void *dummy)
···
5771
5967
res->sr_status = status;
5772
5968
return status;
5773
5969
out_overflow:
5774
-
print_overflow_msg(__func__, xdr);
5775
5970
status = -EIO;
5776
5971
goto out_err;
5777
5972
#else /* CONFIG_NFS_V4_1 */
···
5798
5995
if (status == -ETOOSMALL) {
5799
5996
p = xdr_inline_decode(xdr, 4);
5800
5997
if (unlikely(!p))
5801
-
goto out_overflow;
5998
+
return -EIO;
5802
5999
pdev->mincount = be32_to_cpup(p);
5803
6000
dprintk("%s: Min count too small. mincnt = %u\n",
5804
6001
__func__, pdev->mincount);
···
5808
6005
5809
6006
p = xdr_inline_decode(xdr, 8);
5810
6007
if (unlikely(!p))
5811
-
goto out_overflow;
6008
+
return -EIO;
5812
6009
type = be32_to_cpup(p++);
5813
6010
if (type != pdev->layout_type) {
5814
6011
dprintk("%s: layout mismatch req: %u pdev: %u\n",
···
5822
6019
*/
5823
6020
pdev->mincount = be32_to_cpup(p);
5824
6021
if (xdr_read_pages(xdr, pdev->mincount) != pdev->mincount)
5825
-
goto out_overflow;
6022
+
return -EIO;
5826
6023
5827
6024
/* Parse notification bitmap, verifying that it is zero. */
5828
6025
p = xdr_inline_decode(xdr, 4);
5829
6026
if (unlikely(!p))
5830
-
goto out_overflow;
6027
+
return -EIO;
5831
6028
len = be32_to_cpup(p);
5832
6029
if (len) {
5833
6030
uint32_t i;
5834
6031
5835
6032
p = xdr_inline_decode(xdr, 4 * len);
5836
6033
if (unlikely(!p))
5837
-
goto out_overflow;
6034
+
return -EIO;
5838
6035
5839
6036
res->notification = be32_to_cpup(p++);
5840
6037
for (i = 1; i < len; i++) {
···
5846
6043
}
5847
6044
}
5848
6045
return 0;
5849
-
out_overflow:
5850
-
print_overflow_msg(__func__, xdr);
5851
-
return -EIO;
5852
6046
}
5853
6047
5854
6048
static int decode_layoutget(struct xdr_stream *xdr, struct rpc_rqst *req,
···
5915
6115
res->status = status;
5916
6116
return status;
5917
6117
out_overflow:
5918
-
print_overflow_msg(__func__, xdr);
5919
6118
status = -EIO;
5920
6119
goto out;
5921
6120
}
···
5930
6131
return status;
5931
6132
p = xdr_inline_decode(xdr, 4);
5932
6133
if (unlikely(!p))
5933
-
goto out_overflow;
6134
+
return -EIO;
5934
6135
res->lrs_present = be32_to_cpup(p);
5935
6136
if (res->lrs_present)
5936
6137
status = decode_layout_stateid(xdr, &res->stateid);
5937
6138
else
5938
6139
nfs4_stateid_copy(&res->stateid, &invalid_stateid);
5939
6140
return status;
5940
-
out_overflow:
5941
-
print_overflow_msg(__func__, xdr);
5942
-
return -EIO;
5943
6141
}
5944
6142
5945
6143
static int decode_layoutcommit(struct xdr_stream *xdr,
···
5954
6158
5955
6159
p = xdr_inline_decode(xdr, 4);
5956
6160
if (unlikely(!p))
5957
-
goto out_overflow;
6161
+
return -EIO;
5958
6162
sizechanged = be32_to_cpup(p);
5959
6163
5960
6164
if (sizechanged) {
5961
6165
/* throw away new size */
5962
6166
p = xdr_inline_decode(xdr, 8);
5963
6167
if (unlikely(!p))
5964
-
goto out_overflow;
6168
+
return -EIO;
5965
6169
}
5966
6170
return 0;
5967
-
out_overflow:
5968
-
print_overflow_msg(__func__, xdr);
5969
-
return -EIO;
5970
6171
}
5971
6172
5972
6173
static int decode_test_stateid(struct xdr_stream *xdr,
···
5979
6186
5980
6187
p = xdr_inline_decode(xdr, 4);
5981
6188
if (unlikely(!p))
5982
-
goto out_overflow;
6189
+
return -EIO;
5983
6190
num_res = be32_to_cpup(p++);
5984
6191
if (num_res != 1)
5985
-
goto out;
6192
+
return -EIO;
5986
6193
5987
6194
p = xdr_inline_decode(xdr, 4);
5988
6195
if (unlikely(!p))
5989
-
goto out_overflow;
6196
+
return -EIO;
5990
6197
res->status = be32_to_cpup(p++);
5991
6198
5992
6199
return status;
5993
-
out_overflow:
5994
-
print_overflow_msg(__func__, xdr);
5995
-
out:
5996
-
return -EIO;
5997
6200
}
5998
6201
5999
6202
static int decode_free_stateid(struct xdr_stream *xdr,
···
7359
7570
uint64_t new_cookie;
7360
7571
__be32 *p = xdr_inline_decode(xdr, 4);
7361
7572
if (unlikely(!p))
7362
-
goto out_overflow;
7573
+
return -EAGAIN;
7363
7574
if (*p == xdr_zero) {
7364
7575
p = xdr_inline_decode(xdr, 4);
7365
7576
if (unlikely(!p))
7366
-
goto out_overflow;
7577
+
return -EAGAIN;
7367
7578
if (*p == xdr_zero)
7368
7579
return -EAGAIN;
7369
7580
entry->eof = 1;
···
7372
7583
7373
7584
p = xdr_inline_decode(xdr, 12);
7374
7585
if (unlikely(!p))
7375
-
goto out_overflow;
7586
+
return -EAGAIN;
7376
7587
p = xdr_decode_hyper(p, &new_cookie);
7377
7588
entry->len = be32_to_cpup(p);
7378
7589
7379
7590
p = xdr_inline_decode(xdr, entry->len);
7380
7591
if (unlikely(!p))
7381
-
goto out_overflow;
7592
+
return -EAGAIN;
7382
7593
entry->name = (const char *) p;
7383
7594
7384
7595
/*
···
7390
7601
entry->fattr->valid = 0;
7391
7602
7392
7603
if (decode_attr_bitmap(xdr, bitmap) < 0)
7393
-
goto out_overflow;
7604
+
return -EAGAIN;
7394
7605
7395
7606
if (decode_attr_length(xdr, &len, &savep) < 0)
7396
-
goto out_overflow;
7607
+
return -EAGAIN;
7397
7608
7398
7609
if (decode_getfattr_attrs(xdr, bitmap, entry->fattr, entry->fh,
7399
7610
NULL, entry->label, entry->server) < 0)
7400
-
goto out_overflow;
7611
+
return -EAGAIN;
7401
7612
if (entry->fattr->valid & NFS_ATTR_FATTR_MOUNTED_ON_FILEID)
7402
7613
entry->ino = entry->fattr->mounted_on_fileid;
7403
7614
else if (entry->fattr->valid & NFS_ATTR_FATTR_FILEID)
···
7411
7622
entry->cookie = new_cookie;
7412
7623
7413
7624
return 0;
7414
-
7415
-
out_overflow:
7416
-
print_overflow_msg(__func__, xdr);
7417
-
return -EAGAIN;
7418
7625
}
7419
7626
7420
7627
/*
-13
fs/nfsd/nfs4callback.c
-13
fs/nfsd/nfs4callback.c
···
60
60
int status;
61
61
};
62
62
63
-
/*
64
-
* Handle decode buffer overflows out-of-line.
65
-
*/
66
-
static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
67
-
{
68
-
dprintk("NFS: %s prematurely hit the end of our receive buffer. "
69
-
"Remaining buffer length is %tu words.\n",
70
-
func, xdr->end - xdr->p);
71
-
}
72
-
73
63
static __be32 *xdr_encode_empty_array(__be32 *p)
74
64
{
75
65
*p++ = xdr_zero;
···
230
240
*status = nfs_cb_stat_to_errno(be32_to_cpup(p));
231
241
return 0;
232
242
out_overflow:
233
-
print_overflow_msg(__func__, xdr);
234
243
return -EIO;
235
244
out_unexpected:
236
245
dprintk("NFSD: Callback server returned operation %d but "
···
298
309
hdr->nops = be32_to_cpup(p);
299
310
return 0;
300
311
out_overflow:
301
-
print_overflow_msg(__func__, xdr);
302
312
return -EIO;
303
313
}
304
314
···
425
437
cb->cb_seq_status = status;
426
438
return status;
427
439
out_overflow:
428
-
print_overflow_msg(__func__, xdr);
429
440
status = -EIO;
430
441
goto out;
431
442
}