Re: [PATCH] nfsd: fix XDR padding calculation in ff_encode_getdeviceinfo

From: Chuck Lever

Date: Wed May 27 2026 - 15:28:54 EST



On Wed, May 27, 2026, at 2:30 PM, Jeff Layton wrote:
> nfsd4_ff_encode_getdeviceinfo() computes the da_addr_body reservation
> as 16 + netid_len + addr_len, but the subsequent xdr_encode_opaque()
> calls emit 8 + round_up(netid_len, 4) + round_up(addr_len, 4) bytes.
> The mismatch means the declared da_addr_body length exceeds the actual
> encoded data by 2-8 bytes on every flexfile GETDEVICEINFO reply,
> leaking stale reply-page content to the client and mis-aligning the
> subsequent version list decode.
>
> Use xdr_align_size() for each string length to match what
> xdr_encode_opaque() actually writes.
>
> Fixes: efcae97fa425 ("NFSD: da_addr_body field missing in some
> GETDEVICEINFO replies")
> Assisted-by: kres:claude-opus-4-6
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/nfsd/flexfilelayoutxdr.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/nfsd/flexfilelayoutxdr.c b/fs/nfsd/flexfilelayoutxdr.c
> index f9f7e38cba13..7f357dbd1bb1 100644
> --- a/fs/nfsd/flexfilelayoutxdr.c
> +++ b/fs/nfsd/flexfilelayoutxdr.c
> @@ -94,7 +94,8 @@ nfsd4_ff_encode_getdeviceinfo(struct xdr_stream *xdr,
> }
>
> /* len + padding for two strings */
> - addr_len = 16 + da->netaddr.netid_len + da->netaddr.addr_len;
> + addr_len = 8 + xdr_align_size(da->netaddr.netid_len) +
> + xdr_align_size(da->netaddr.addr_len);
> ver_len = 20;
>
> len = 4 + ver_len + 4 + addr_len;
>
> ---
> base-commit: b69fc3eaa867d0caa904634ea7a1b4569411b163
> change-id: 20260527-pnfs-fixes-23451bb03d57
>
> Best regards,
> --
> Jeff Layton <jlayton@xxxxxxxxxx>

Fixes tag might/should be 9b9960a0ca47 ? LLM reviews vary on this.

nfsd4_ff_encode_layoutget at fs/nfsd/flexfilelayoutxdr.c:40-41 has the
same unaligned pattern for UID/GID strings: 8 + uid.len + 8 + gid.len.
Do you intend to address that calculation as well?

My preference here is to convert to xdrgen instead, but that's a much
bigger and less back-portable change.


--
Chuck Lever