mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
NFSv4: include bitmap in nfsv4 get acl data
The NFSv4 bitmap size is unbounded: a server can return an arbitrary
sized bitmap in an FATTR4_WORD0_ACL request. Replace using the
nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server
with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data
xdr length to the (cached) acl page data.
This is a general solution to commit e5012d1f
"NFSv4.1: update
nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead
when getting ACLs.
Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr
was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved.
Cc: stable@kernel.org
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
3476f114ad
commit
bf118a342f
5 changed files with 89 additions and 48 deletions
|
@ -3426,19 +3426,6 @@ static inline int nfs4_server_supports_acls(struct nfs_server *server)
|
||||||
*/
|
*/
|
||||||
#define NFS4ACL_MAXPAGES (XATTR_SIZE_MAX >> PAGE_CACHE_SHIFT)
|
#define NFS4ACL_MAXPAGES (XATTR_SIZE_MAX >> PAGE_CACHE_SHIFT)
|
||||||
|
|
||||||
static void buf_to_pages(const void *buf, size_t buflen,
|
|
||||||
struct page **pages, unsigned int *pgbase)
|
|
||||||
{
|
|
||||||
const void *p = buf;
|
|
||||||
|
|
||||||
*pgbase = offset_in_page(buf);
|
|
||||||
p -= *pgbase;
|
|
||||||
while (p < buf + buflen) {
|
|
||||||
*(pages++) = virt_to_page(p);
|
|
||||||
p += PAGE_CACHE_SIZE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int buf_to_pages_noslab(const void *buf, size_t buflen,
|
static int buf_to_pages_noslab(const void *buf, size_t buflen,
|
||||||
struct page **pages, unsigned int *pgbase)
|
struct page **pages, unsigned int *pgbase)
|
||||||
{
|
{
|
||||||
|
@ -3535,9 +3522,19 @@ out:
|
||||||
nfs4_set_cached_acl(inode, acl);
|
nfs4_set_cached_acl(inode, acl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The getxattr API returns the required buffer length when called with a
|
||||||
|
* NULL buf. The NFSv4 acl tool then calls getxattr again after allocating
|
||||||
|
* the required buf. On a NULL buf, we send a page of data to the server
|
||||||
|
* guessing that the ACL request can be serviced by a page. If so, we cache
|
||||||
|
* up to the page of ACL data, and the 2nd call to getxattr is serviced by
|
||||||
|
* the cache. If not so, we throw away the page, and cache the required
|
||||||
|
* length. The next getxattr call will then produce another round trip to
|
||||||
|
* the server, this time with the input buf of the required size.
|
||||||
|
*/
|
||||||
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
|
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
|
||||||
{
|
{
|
||||||
struct page *pages[NFS4ACL_MAXPAGES];
|
struct page *pages[NFS4ACL_MAXPAGES] = {NULL, };
|
||||||
struct nfs_getaclargs args = {
|
struct nfs_getaclargs args = {
|
||||||
.fh = NFS_FH(inode),
|
.fh = NFS_FH(inode),
|
||||||
.acl_pages = pages,
|
.acl_pages = pages,
|
||||||
|
@ -3552,41 +3549,60 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu
|
||||||
.rpc_argp = &args,
|
.rpc_argp = &args,
|
||||||
.rpc_resp = &res,
|
.rpc_resp = &res,
|
||||||
};
|
};
|
||||||
struct page *localpage = NULL;
|
int ret = -ENOMEM, npages, i, acl_len = 0;
|
||||||
int ret;
|
|
||||||
|
|
||||||
if (buflen < PAGE_SIZE) {
|
npages = (buflen + PAGE_SIZE - 1) >> PAGE_SHIFT;
|
||||||
/* As long as we're doing a round trip to the server anyway,
|
/* As long as we're doing a round trip to the server anyway,
|
||||||
* let's be prepared for a page of acl data. */
|
* let's be prepared for a page of acl data. */
|
||||||
localpage = alloc_page(GFP_KERNEL);
|
if (npages == 0)
|
||||||
resp_buf = page_address(localpage);
|
npages = 1;
|
||||||
if (localpage == NULL)
|
|
||||||
return -ENOMEM;
|
for (i = 0; i < npages; i++) {
|
||||||
args.acl_pages[0] = localpage;
|
pages[i] = alloc_page(GFP_KERNEL);
|
||||||
args.acl_pgbase = 0;
|
if (!pages[i])
|
||||||
args.acl_len = PAGE_SIZE;
|
goto out_free;
|
||||||
} else {
|
|
||||||
resp_buf = buf;
|
|
||||||
buf_to_pages(buf, buflen, args.acl_pages, &args.acl_pgbase);
|
|
||||||
}
|
}
|
||||||
ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode), &msg, &args.seq_args, &res.seq_res, 0);
|
if (npages > 1) {
|
||||||
|
/* for decoding across pages */
|
||||||
|
args.acl_scratch = alloc_page(GFP_KERNEL);
|
||||||
|
if (!args.acl_scratch)
|
||||||
|
goto out_free;
|
||||||
|
}
|
||||||
|
args.acl_len = npages * PAGE_SIZE;
|
||||||
|
args.acl_pgbase = 0;
|
||||||
|
/* Let decode_getfacl know not to fail if the ACL data is larger than
|
||||||
|
* the page we send as a guess */
|
||||||
|
if (buf == NULL)
|
||||||
|
res.acl_flags |= NFS4_ACL_LEN_REQUEST;
|
||||||
|
resp_buf = page_address(pages[0]);
|
||||||
|
|
||||||
|
dprintk("%s buf %p buflen %ld npages %d args.acl_len %ld\n",
|
||||||
|
__func__, buf, buflen, npages, args.acl_len);
|
||||||
|
ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode),
|
||||||
|
&msg, &args.seq_args, &res.seq_res, 0);
|
||||||
if (ret)
|
if (ret)
|
||||||
goto out_free;
|
goto out_free;
|
||||||
if (res.acl_len > args.acl_len)
|
|
||||||
nfs4_write_cached_acl(inode, NULL, res.acl_len);
|
acl_len = res.acl_len - res.acl_data_offset;
|
||||||
|
if (acl_len > args.acl_len)
|
||||||
|
nfs4_write_cached_acl(inode, NULL, acl_len);
|
||||||
else
|
else
|
||||||
nfs4_write_cached_acl(inode, resp_buf, res.acl_len);
|
nfs4_write_cached_acl(inode, resp_buf + res.acl_data_offset,
|
||||||
|
acl_len);
|
||||||
if (buf) {
|
if (buf) {
|
||||||
ret = -ERANGE;
|
ret = -ERANGE;
|
||||||
if (res.acl_len > buflen)
|
if (acl_len > buflen)
|
||||||
goto out_free;
|
goto out_free;
|
||||||
if (localpage)
|
_copy_from_pages(buf, pages, res.acl_data_offset,
|
||||||
memcpy(buf, resp_buf, res.acl_len);
|
res.acl_len);
|
||||||
}
|
}
|
||||||
ret = res.acl_len;
|
ret = acl_len;
|
||||||
out_free:
|
out_free:
|
||||||
if (localpage)
|
for (i = 0; i < npages; i++)
|
||||||
__free_page(localpage);
|
if (pages[i])
|
||||||
|
__free_page(pages[i]);
|
||||||
|
if (args.acl_scratch)
|
||||||
|
__free_page(args.acl_scratch);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3617,6 +3633,8 @@ static ssize_t nfs4_proc_get_acl(struct inode *inode, void *buf, size_t buflen)
|
||||||
nfs_zap_acl_cache(inode);
|
nfs_zap_acl_cache(inode);
|
||||||
ret = nfs4_read_cached_acl(inode, buf, buflen);
|
ret = nfs4_read_cached_acl(inode, buf, buflen);
|
||||||
if (ret != -ENOENT)
|
if (ret != -ENOENT)
|
||||||
|
/* -ENOENT is returned if there is no ACL or if there is an ACL
|
||||||
|
* but no cached acl data, just the acl length */
|
||||||
return ret;
|
return ret;
|
||||||
return nfs4_get_acl_uncached(inode, buf, buflen);
|
return nfs4_get_acl_uncached(inode, buf, buflen);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2517,11 +2517,13 @@ static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr,
|
||||||
encode_compound_hdr(xdr, req, &hdr);
|
encode_compound_hdr(xdr, req, &hdr);
|
||||||
encode_sequence(xdr, &args->seq_args, &hdr);
|
encode_sequence(xdr, &args->seq_args, &hdr);
|
||||||
encode_putfh(xdr, args->fh, &hdr);
|
encode_putfh(xdr, args->fh, &hdr);
|
||||||
replen = hdr.replen + op_decode_hdr_maxsz + nfs4_fattr_bitmap_maxsz + 1;
|
replen = hdr.replen + op_decode_hdr_maxsz + 1;
|
||||||
encode_getattr_two(xdr, FATTR4_WORD0_ACL, 0, &hdr);
|
encode_getattr_two(xdr, FATTR4_WORD0_ACL, 0, &hdr);
|
||||||
|
|
||||||
xdr_inline_pages(&req->rq_rcv_buf, replen << 2,
|
xdr_inline_pages(&req->rq_rcv_buf, replen << 2,
|
||||||
args->acl_pages, args->acl_pgbase, args->acl_len);
|
args->acl_pages, args->acl_pgbase, args->acl_len);
|
||||||
|
xdr_set_scratch_buffer(xdr, page_address(args->acl_scratch), PAGE_SIZE);
|
||||||
|
|
||||||
encode_nops(&hdr);
|
encode_nops(&hdr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4957,17 +4959,18 @@ decode_restorefh(struct xdr_stream *xdr)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
|
static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
|
||||||
size_t *acl_len)
|
struct nfs_getaclres *res)
|
||||||
{
|
{
|
||||||
__be32 *savep;
|
__be32 *savep, *bm_p;
|
||||||
uint32_t attrlen,
|
uint32_t attrlen,
|
||||||
bitmap[3] = {0};
|
bitmap[3] = {0};
|
||||||
struct kvec *iov = req->rq_rcv_buf.head;
|
struct kvec *iov = req->rq_rcv_buf.head;
|
||||||
int status;
|
int status;
|
||||||
|
|
||||||
*acl_len = 0;
|
res->acl_len = 0;
|
||||||
if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0)
|
if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
bm_p = xdr->p;
|
||||||
if ((status = decode_attr_bitmap(xdr, bitmap)) != 0)
|
if ((status = decode_attr_bitmap(xdr, bitmap)) != 0)
|
||||||
goto out;
|
goto out;
|
||||||
if ((status = decode_attr_length(xdr, &attrlen, &savep)) != 0)
|
if ((status = decode_attr_length(xdr, &attrlen, &savep)) != 0)
|
||||||
|
@ -4979,18 +4982,30 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
|
||||||
size_t hdrlen;
|
size_t hdrlen;
|
||||||
u32 recvd;
|
u32 recvd;
|
||||||
|
|
||||||
|
/* The bitmap (xdr len + bitmaps) and the attr xdr len words
|
||||||
|
* are stored with the acl data to handle the problem of
|
||||||
|
* variable length bitmaps.*/
|
||||||
|
xdr->p = bm_p;
|
||||||
|
res->acl_data_offset = be32_to_cpup(bm_p) + 2;
|
||||||
|
res->acl_data_offset <<= 2;
|
||||||
|
|
||||||
/* We ignore &savep and don't do consistency checks on
|
/* We ignore &savep and don't do consistency checks on
|
||||||
* the attr length. Let userspace figure it out.... */
|
* the attr length. Let userspace figure it out.... */
|
||||||
hdrlen = (u8 *)xdr->p - (u8 *)iov->iov_base;
|
hdrlen = (u8 *)xdr->p - (u8 *)iov->iov_base;
|
||||||
|
attrlen += res->acl_data_offset;
|
||||||
recvd = req->rq_rcv_buf.len - hdrlen;
|
recvd = req->rq_rcv_buf.len - hdrlen;
|
||||||
if (attrlen > recvd) {
|
if (attrlen > recvd) {
|
||||||
dprintk("NFS: server cheating in getattr"
|
if (res->acl_flags & NFS4_ACL_LEN_REQUEST) {
|
||||||
" acl reply: attrlen %u > recvd %u\n",
|
/* getxattr interface called with a NULL buf */
|
||||||
|
res->acl_len = attrlen;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
dprintk("NFS: acl reply: attrlen %u > recvd %u\n",
|
||||||
attrlen, recvd);
|
attrlen, recvd);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
xdr_read_pages(xdr, attrlen);
|
xdr_read_pages(xdr, attrlen);
|
||||||
*acl_len = attrlen;
|
res->acl_len = attrlen;
|
||||||
} else
|
} else
|
||||||
status = -EOPNOTSUPP;
|
status = -EOPNOTSUPP;
|
||||||
|
|
||||||
|
@ -6028,7 +6043,7 @@ nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
|
||||||
status = decode_putfh(xdr);
|
status = decode_putfh(xdr);
|
||||||
if (status)
|
if (status)
|
||||||
goto out;
|
goto out;
|
||||||
status = decode_getacl(xdr, rqstp, &res->acl_len);
|
status = decode_getacl(xdr, rqstp, res);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
return status;
|
return status;
|
||||||
|
|
|
@ -602,11 +602,16 @@ struct nfs_getaclargs {
|
||||||
size_t acl_len;
|
size_t acl_len;
|
||||||
unsigned int acl_pgbase;
|
unsigned int acl_pgbase;
|
||||||
struct page ** acl_pages;
|
struct page ** acl_pages;
|
||||||
|
struct page * acl_scratch;
|
||||||
struct nfs4_sequence_args seq_args;
|
struct nfs4_sequence_args seq_args;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* getxattr ACL interface flags */
|
||||||
|
#define NFS4_ACL_LEN_REQUEST 0x0001 /* zero length getxattr buffer */
|
||||||
struct nfs_getaclres {
|
struct nfs_getaclres {
|
||||||
size_t acl_len;
|
size_t acl_len;
|
||||||
|
size_t acl_data_offset;
|
||||||
|
int acl_flags;
|
||||||
struct nfs4_sequence_res seq_res;
|
struct nfs4_sequence_res seq_res;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -191,6 +191,8 @@ extern int xdr_decode_array2(struct xdr_buf *buf, unsigned int base,
|
||||||
struct xdr_array2_desc *desc);
|
struct xdr_array2_desc *desc);
|
||||||
extern int xdr_encode_array2(struct xdr_buf *buf, unsigned int base,
|
extern int xdr_encode_array2(struct xdr_buf *buf, unsigned int base,
|
||||||
struct xdr_array2_desc *desc);
|
struct xdr_array2_desc *desc);
|
||||||
|
extern void _copy_from_pages(char *p, struct page **pages, size_t pgbase,
|
||||||
|
size_t len);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Provide some simple tools for XDR buffer overflow-checking etc.
|
* Provide some simple tools for XDR buffer overflow-checking etc.
|
||||||
|
|
|
@ -296,7 +296,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
|
||||||
* Copies data into an arbitrary memory location from an array of pages
|
* Copies data into an arbitrary memory location from an array of pages
|
||||||
* The copy is assumed to be non-overlapping.
|
* The copy is assumed to be non-overlapping.
|
||||||
*/
|
*/
|
||||||
static void
|
void
|
||||||
_copy_from_pages(char *p, struct page **pages, size_t pgbase, size_t len)
|
_copy_from_pages(char *p, struct page **pages, size_t pgbase, size_t len)
|
||||||
{
|
{
|
||||||
struct page **pgfrom;
|
struct page **pgfrom;
|
||||||
|
@ -324,6 +324,7 @@ _copy_from_pages(char *p, struct page **pages, size_t pgbase, size_t len)
|
||||||
|
|
||||||
} while ((len -= copy) != 0);
|
} while ((len -= copy) != 0);
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(_copy_from_pages);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* xdr_shrink_bufhead
|
* xdr_shrink_bufhead
|
||||||
|
|
Loading…
Reference in a new issue