Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp2469287rwe; Sun, 28 Aug 2022 12:22:25 -0700 (PDT) X-Google-Smtp-Source: AA6agR4dG3IICQ25T8lyTN4S+gyCiK5y0weDvlNIrEeC7yUsIuIa+UJwT570DHyRXwtFR3gl4YDz X-Received: by 2002:a65:5504:0:b0:42a:352d:c79c with SMTP id f4-20020a655504000000b0042a352dc79cmr11728441pgr.58.1661714545484; Sun, 28 Aug 2022 12:22:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661714545; cv=none; d=google.com; s=arc-20160816; b=BV4enSwUSI9gZp+Cq0mta0Uo8MgIrt2l30yLehM74LK4u24J41yb0gii0+UeF+5F1z Ntb1JTJ76uRvs66FSpr3EPL+VkreVPTbNZ+ZC+n785G7AkzGksKHDwFxiL2SBjdLgevL Ku/Vzefyxe7eoRWCk5d7mgJYIWaYdVk7YCp2UuEKzsUrvyhbEwnXC32ewcHV+K8+vR/U 7pNCSQbVR23xaAHw1HH67/vPCAWYnFNLinImVVoPFnJ04Bk0urtGCSVeV4hLPRA/HRwt szZjZKqaTXFMN7r9kGj3v71cGe6zwpXKv266gTqe5tVM0Uc+eK53KAgOW2p3hkslITcw vCig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:date:to:from:subject; bh=po/saQDbK1dSp87nl8ygJ7CMg8Bo0n8YqR/ikOVbv/Q=; b=PfA3cmrBvq5Z+EWyb7MfHOUdvistARO5U21HQlfAA7EgWYMQEvYML7gWdamQT7kOHy egTLIEjVdyN9lvP5cAA+w+dzV2gnSMnLzQvxsc/Y18n9KqKw6S+qK3UqF+exhxkNcDXR QtscF2NJe2IQXHRgEv19Cl41jIg7GUT4XB3fsCfNf/T+QA9LrCscuDYI696SQnJ7NPr5 ZjKt4ypjZc+5gB+R2kfIU4HyE9O2MuzeQGgBaUvMDu6L1w/IbefsMt8e4NDyD+yanXxa JQ9J9ZZtgOBd2ZmMqxBYC2GBieUmPHltHzTS66YUjNJGW1J3+yl+JM9jDLZT935PIq/y Heuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h7-20020a170902b94700b00172a117cbcfsi7036609pls.324.2022.08.28.12.22.12; Sun, 28 Aug 2022 12:22:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229819AbiH1SuT (ORCPT + 99 others); Sun, 28 Aug 2022 14:50:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229547AbiH1SuT (ORCPT ); Sun, 28 Aug 2022 14:50:19 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5A5265E1 for ; Sun, 28 Aug 2022 11:50:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6263360DE7 for ; Sun, 28 Aug 2022 18:50:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 987E7C433D6; Sun, 28 Aug 2022 18:50:16 +0000 (UTC) Subject: [PATCH v2 0/7] Fixes for server-side xdr_stream overhaul From: Chuck Lever To: linux-nfs@vger.kernel.org Date: Sun, 28 Aug 2022 14:50:15 -0400 Message-ID: <166171174172.21449.5036120183381273656.stgit@manet.1015granger.net> User-Agent: StGit/1.5.dev2+g9ce680a5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org I've gotten push-back on the idea of rejecting RPC messages where the RPC record size is larger than the RPC message itself. Therefore that concept has been dropped from this series. I've now been able to reproduce, exactly as it was described, a recently-reported problem with READDIR handling. I've fixed that and also determined that no other legacy NFS operations appear to be vulnerable to this particular issue (within the Linux NFS server). Changes since v1: - Dropped the xdr_buf_length() helper - Replaced 7/7 with patch that cleans up an unneeded use of xdr_buf::len - Dropped the checks for oversized RPC records - Fixed narrow problem with NFSv2 and NFSv3 READDIR processing --- Chuck Lever (7): SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation NFSD: Protect against READDIR send buffer overflow NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks NFSD: Clean up WRITE arg decoders SUNRPC: Fix typo in xdr_buf_subsegment's kdoc comment NFSD: Clean up nfs4svc_encode_compoundres() fs/nfsd/nfs3proc.c | 5 ++--- fs/nfsd/nfs3xdr.c | 18 ++++-------------- fs/nfsd/nfs4xdr.c | 4 ---- fs/nfsd/nfsproc.c | 5 ++--- fs/nfsd/nfsxdr.c | 4 +--- include/linux/sunrpc/svc.h | 19 +++++++++++++++---- net/sunrpc/xdr.c | 2 +- 7 files changed, 25 insertions(+), 32 deletions(-) -- Chuck Lever