Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp5422235pxb; Sun, 7 Nov 2021 11:57:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJxvfHuT7BCIvSWDqhjLV0mDsRZOvBPdPcAjUFV9GX5YrwAY1QtioQmgEA5s9waEUw/IQRgC X-Received: by 2002:a05:6402:d0b:: with SMTP id eb11mr35547800edb.388.1636315076562; Sun, 07 Nov 2021 11:57:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1636315076; cv=none; d=google.com; s=arc-20160816; b=WSLtwxS81Ni1FGz7pph+ADG8LA7VNIMUsjbhlNiLNjep/uu2WX3BcBskSHwtkpEf7M YIlDHHgj7hvP4toLyvsevjKbhtkisIwuy544/FIIP3luiBuzU7W/WxY9BKPkygy77BWl 9Xyco29aB/YLbcqHd0qGM+r8ZLj3Pn+j1gayTFeh5caOyJROqX+JY/b3aEIhcDFe/00N Xg0y6ZecQq54DSfH0WinUO/GkK5v5DO2T80+nNs+HuXSp4iPoy5YeZM2eaNAEh9b0BI9 /oeiLYQSG90X7Jbw0Mvkepz1JbYyFoA8f3pZjqDegDQcrYy6exK0mx5a5ducN2aVxAp6 S7Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Ovnaf2GO0J2bghi1ojnpF5OUCcIMAcq/9eCMov47gL8=; b=d1zxJeJNsUdLvJb1CMp1B7CA3efLzhO3T9sr46GdStVg3yWanQSZm+0/8xAc0Amsom 5/Ej1tY/9i2Y7fKWLXT68YHvBZxzYlrFZOYUUNOxqyPyHITvdpfKGmyd3CM0K4iUNSlp SeL8Gn/7bN1nMa2lwAlenOe/M3ry/1SHec9369qvTDLw261lE3s6dy9AVLH6Hmxg5a6A OKrbnTMuJX/TzOC/AyCYTH2OoeQf/rg0GDDUgr9MYP0cbHEKXYDcgaYIZK03adScrjC6 R4SjS8JNza6AZihXGPAXwqf2KHK3AGG6Hr3UjRjm3IodlWJn0VYh7N7/CrudDsQypoyQ iPVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iqepzabM; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e19si19509891edz.264.2021.11.07.11.57.17; Sun, 07 Nov 2021 11:57:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iqepzabM; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229544AbhKGOmN (ORCPT + 99 others); Sun, 7 Nov 2021 09:42:13 -0500 Received: from mail.kernel.org ([198.145.29.99]:45578 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229520AbhKGOmN (ORCPT ); Sun, 7 Nov 2021 09:42:13 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7D5C561357; Sun, 7 Nov 2021 14:39:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1636295970; bh=0nSploVJ1cezL7P1APkmvJ6I/eScWn2MDBWLQvktk7c=; h=From:To:Cc:Subject:Date:From; b=iqepzabM5HYpfpgbakSyA7nFFx2aXYaB6W1BfAmsHoN/JTk5zNOMbnnL746RcnSlr ap93MkTwwlp6rBrR76aak+jhb5OeWeuss4RpxS2igIZQJQSc25uD/GI4OtaUjogQf6 VGBptodqiRxJTlCOS7Y6WVR2UIcFLl0DFWIKKIRg7zjk9onAWxkIGcL3tmUg8GJxWl 7XMGLzQBS5ArfK4gew7fBdjUO52c2Enc3Xlt8fUAFCJVVsuz7C1zY8qknJXz/x8TCj lEyAve8jfNt8Nn+9qcc9pZ2bErc1AG/CCJldrrGjPUpKfphPPctF9OzCKdz09LldwM lKWaVIpd846Cg== From: trondmy@kernel.org To: rtm@csail.mit.edu Cc: linux-nfs@vger.kernel.org Subject: [PATCH] NFSv4: Sanity check the parameters in nfs41_update_target_slotid() Date: Sun, 7 Nov 2021 09:32:43 -0500 Message-Id: <20211107143243.22653-1-trondmy@kernel.org> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Trond Myklebust Ensure that the values supplied by the server do not exceed the size of the largest allowed slot table. Reported-by: Signed-off-by: Trond Myklebust --- fs/nfs/nfs4session.c | 12 ++++++++---- fs/nfs/nfs4session.h | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/fs/nfs/nfs4session.c b/fs/nfs/nfs4session.c index 4145a0138907..5db460476bf2 100644 --- a/fs/nfs/nfs4session.c +++ b/fs/nfs/nfs4session.c @@ -511,12 +511,16 @@ void nfs41_update_target_slotid(struct nfs4_slot_table *tbl, struct nfs4_slot *slot, struct nfs4_sequence_res *res) { + u32 target_highest_slotid = min(res->sr_target_highest_slotid, + NFS4_MAX_SLOTID); + u32 highest_slotid = min(res->sr_highest_slotid, NFS4_MAX_SLOTID); + spin_lock(&tbl->slot_tbl_lock); - if (!nfs41_is_outlier_target_slotid(tbl, res->sr_target_highest_slotid)) - nfs41_set_target_slotid_locked(tbl, res->sr_target_highest_slotid); + if (!nfs41_is_outlier_target_slotid(tbl, target_highest_slotid)) + nfs41_set_target_slotid_locked(tbl, target_highest_slotid); if (tbl->generation == slot->generation) - nfs41_set_server_slotid_locked(tbl, res->sr_highest_slotid); - nfs41_set_max_slotid_locked(tbl, res->sr_target_highest_slotid); + nfs41_set_server_slotid_locked(tbl, highest_slotid); + nfs41_set_max_slotid_locked(tbl, target_highest_slotid); spin_unlock(&tbl->slot_tbl_lock); } diff --git a/fs/nfs/nfs4session.h b/fs/nfs/nfs4session.h index 3de425f59b3a..351616c61df5 100644 --- a/fs/nfs/nfs4session.h +++ b/fs/nfs/nfs4session.h @@ -12,6 +12,7 @@ #define NFS4_DEF_SLOT_TABLE_SIZE (64U) #define NFS4_DEF_CB_SLOT_TABLE_SIZE (16U) #define NFS4_MAX_SLOT_TABLE (1024U) +#define NFS4_MAX_SLOTID (NFS4_MAX_SLOT_TABLE - 1U) #define NFS4_NO_SLOT ((u32)-1) #if IS_ENABLED(CONFIG_NFS_V4) -- 2.33.1