Re: Patch "lockd: fix decoding of TEST results" has been added to the 4.4-stable tree
From: Greg KH
Date: Sat Dec 07 2019 - 07:14:09 EST
On Fri, Dec 06, 2019 at 04:24:54PM -0500, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> lockd: fix decoding of TEST results
>
> to the 4.4-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> lockd-fix-decoding-of-test-results.patch
> and it can be found in the queue-4.4 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@xxxxxxxxxxxxxxx> know about it.
>
>
>
> commit 66c45912a1133ed5483e1559bad8a5d6bd2f4275
> Author: J. Bruce Fields <bfields@xxxxxxxxxx>
> Date: Mon Nov 26 11:36:52 2018 -0500
>
> lockd: fix decoding of TEST results
>
> [ Upstream commit b8db159239b3f51e2b909859935cc25cb3ff3eed ]
>
> We fail to advance the read pointer when reading the stat.oh field that
> identifies the lock-holder in a TEST result.
>
> This turns out not to matter if the server is knfsd, which always
> returns a zero-length field. But other servers (Ganesha is an example)
> may not do this. The result is bad values in fcntl F_GETLK results.
>
> Fix this.
>
> Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
>
> diff --git a/fs/lockd/clnt4xdr.c b/fs/lockd/clnt4xdr.c
> index d3e40db289302..4fdf8dae0db28 100644
> --- a/fs/lockd/clnt4xdr.c
> +++ b/fs/lockd/clnt4xdr.c
> @@ -127,24 +127,14 @@ static void encode_netobj(struct xdr_stream *xdr,
> static int decode_netobj(struct xdr_stream *xdr,
> struct xdr_netobj *obj)
> {
> - u32 length;
> - __be32 *p;
> + ssize_t ret;
>
> - p = xdr_inline_decode(xdr, 4);
> - if (unlikely(p == NULL))
> - goto out_overflow;
> - length = be32_to_cpup(p++);
> - if (unlikely(length > XDR_MAX_NETOBJ))
> - goto out_size;
> - obj->len = length;
> - obj->data = (u8 *)p;
> + ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data,
> + XDR_MAX_NETOBJ);
> + if (unlikely(ret < 0))
> + return -EIO;
> + obj->len = ret;
> return 0;
> -out_size:
> - dprintk("NFS: returned netobj was too long: %u\n", length);
> - return -EIO;
> -out_overflow:
> - print_overflow_msg(__func__, xdr);
> - return -EIO;
> }
>
> /*
> diff --git a/fs/lockd/clntxdr.c b/fs/lockd/clntxdr.c
> index 3e9f7874b9755..29392d66473c8 100644
> --- a/fs/lockd/clntxdr.c
> +++ b/fs/lockd/clntxdr.c
> @@ -124,24 +124,14 @@ static void encode_netobj(struct xdr_stream *xdr,
> static int decode_netobj(struct xdr_stream *xdr,
> struct xdr_netobj *obj)
> {
> - u32 length;
> - __be32 *p;
> + ssize_t ret;
>
> - p = xdr_inline_decode(xdr, 4);
> - if (unlikely(p == NULL))
> - goto out_overflow;
> - length = be32_to_cpup(p++);
> - if (unlikely(length > XDR_MAX_NETOBJ))
> - goto out_size;
> - obj->len = length;
> - obj->data = (u8 *)p;
> + ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data,
> + XDR_MAX_NETOBJ);
> + if (unlikely(ret < 0))
> + return -EIO;
> + obj->len = ret;
> return 0;
> -out_size:
> - dprintk("NFS: returned netobj was too long: %u\n", length);
> - return -EIO;
> -out_overflow:
> - print_overflow_msg(__func__, xdr);
> - return -EIO;
> }
>
> /*
Breaks the build on 4.4, so I'm dropping it from there :(