Re: [PATCH] nfsd: fix XDR padding calculation in ff_encode_getdeviceinfo
From: Jeff Layton
Date: Wed May 27 2026 - 15:31:38 EST
On Wed, 2026-05-27 at 15:25 -0400, Chuck Lever wrote:
>
> On Wed, May 27, 2026, at 2:30 PM, Jeff Layton wrote:
> > nfsd4_ff_encode_getdeviceinfo() computes the da_addr_body reservation
> > as 16 + netid_len + addr_len, but the subsequent xdr_encode_opaque()
> > calls emit 8 + round_up(netid_len, 4) + round_up(addr_len, 4) bytes.
> > The mismatch means the declared da_addr_body length exceeds the actual
> > encoded data by 2-8 bytes on every flexfile GETDEVICEINFO reply,
> > leaking stale reply-page content to the client and mis-aligning the
> > subsequent version list decode.
> >
> > Use xdr_align_size() for each string length to match what
> > xdr_encode_opaque() actually writes.
> >
> > Fixes: efcae97fa425 ("NFSD: da_addr_body field missing in some
> > GETDEVICEINFO replies")
> > Assisted-by: kres:claude-opus-4-6
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> > fs/nfsd/flexfilelayoutxdr.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/nfsd/flexfilelayoutxdr.c b/fs/nfsd/flexfilelayoutxdr.c
> > index f9f7e38cba13..7f357dbd1bb1 100644
> > --- a/fs/nfsd/flexfilelayoutxdr.c
> > +++ b/fs/nfsd/flexfilelayoutxdr.c
> > @@ -94,7 +94,8 @@ nfsd4_ff_encode_getdeviceinfo(struct xdr_stream *xdr,
> > }
> >
> > /* len + padding for two strings */
> > - addr_len = 16 + da->netaddr.netid_len + da->netaddr.addr_len;
> > + addr_len = 8 + xdr_align_size(da->netaddr.netid_len) +
> > + xdr_align_size(da->netaddr.addr_len);
> > ver_len = 20;
> >
> > len = 4 + ver_len + 4 + addr_len;
> >
> > ---
> > base-commit: b69fc3eaa867d0caa904634ea7a1b4569411b163
> > change-id: 20260527-pnfs-fixes-23451bb03d57
> >
> > Best regards,
> > --
> > Jeff Layton <jlayton@xxxxxxxxxx>
>
> Fixes tag might/should be 9b9960a0ca47 ? LLM reviews vary on this.
>
> nfsd4_ff_encode_layoutget at fs/nfsd/flexfilelayoutxdr.c:40-41 has the
> same unaligned pattern for UID/GID strings: 8 + uid.len + 8 + gid.len.
> Do you intend to address that calculation as well?
>
> My preference here is to convert to xdrgen instead, but that's a much
> bigger and less back-portable change.
>
Yep, I just saw the Sashiko review for it. I'll fix that one up in a
separate patch.
Cheers,
--
Jeff Layton <jlayton@xxxxxxxxxx>