From: "J. Bruce Fields" <[email protected]>
Note size_t is 32-bit on a 32-bit architecture, but cp_count is defined
by the protocol to be 64 bit, so we could be turning a large copy into a
0-length copy here.
Reported-by: <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
---
fs/nfsd/nfs4proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index b749033e467f..5419342df360 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1383,7 +1383,7 @@ static void nfsd4_init_copy_res(struct nfsd4_copy *copy, bool sync)
static ssize_t _nfsd_copy_file_range(struct nfsd4_copy *copy)
{
ssize_t bytes_copied = 0;
- size_t bytes_total = copy->cp_count;
+ u64 bytes_total = copy->cp_count;
u64 src_pos = copy->cp_src_pos;
u64 dst_pos = copy->cp_dst_pos;
--
2.30.2
From: "J. Bruce Fields" <[email protected]>
From https://tools.ietf.org/html/rfc7862#page-65
A count of 0 (zero) requests that all bytes from ca_src_offset
through EOF be copied to the destination.
Reported-by: <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
---
fs/nfsd/nfs4proc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 5419342df360..62354229f0b0 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1387,6 +1387,9 @@ static ssize_t _nfsd_copy_file_range(struct nfsd4_copy *copy)
u64 src_pos = copy->cp_src_pos;
u64 dst_pos = copy->cp_dst_pos;
+ /* See RFC 7862 p.67: */
+ if (bytes_total == 0)
+ bytes_total = ULLONG_MAX;
do {
if (kthread_should_stop())
break;
--
2.30.2
> On Mar 18, 2021, at 8:03 PM, J. Bruce Fields <[email protected]> wrote:
>
> From: "J. Bruce Fields" <[email protected]>
>
> From https://tools.ietf.org/html/rfc7862#page-65
>
> A count of 0 (zero) requests that all bytes from ca_src_offset
> through EOF be copied to the destination.
>
> Reported-by: <[email protected]>
> Signed-off-by: J. Bruce Fields <[email protected]>
Hi Bruce -
These two have been committed to the for-next topic branch at
git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
> ---
> fs/nfsd/nfs4proc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index 5419342df360..62354229f0b0 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -1387,6 +1387,9 @@ static ssize_t _nfsd_copy_file_range(struct nfsd4_copy *copy)
> u64 src_pos = copy->cp_src_pos;
> u64 dst_pos = copy->cp_dst_pos;
>
> + /* See RFC 7862 p.67: */
> + if (bytes_total == 0)
> + bytes_total = ULLONG_MAX;
> do {
> if (kthread_should_stop())
> break;
> --
> 2.30.2
>
--
Chuck Lever