2.6.37-stable review patch. If anyone has any objections, please let us know.
------------------ From: Chuck Lever <[email protected]> commit d1205f87bbb8040c1408bbd9e0a720310b2b0b9b upstream. On recent 2.6.38-rc kernels, connectathon basic test 6 fails on NFSv4 mounts of OpenSolaris with something like: > ./test6: readdir > ./test6: (/mnt/klimt/matisse.test) didn't read expected 'file.12' dir > entry, pass 0 > ./test6: (/mnt/klimt/matisse.test) didn't read expected 'file.82' dir > entry, pass 0 > ./test6: (/mnt/klimt/matisse.test) didn't read expected 'file.164' dir > entry, pass 0 > ./test6: (/mnt/klimt/matisse.test) Test failed with 3 errors > basic tests failed > Tests failed, leaving /mnt/klimt mounted > [cel@matisse cthon04]$ I narrowed the problem down to nfs4_decode_dirent() reporting that the decode buffer had overflowed while decoding the entries for those missing files. verify_attr_len() assumes both it's pointer arguments reside on the same page. When these arguments point to locations on two different pages, verify_attr_len() can report false errors. This can happen now that a large NFSv4 readdir result can span pages. We have reasonably good checking in nfs4_decode_dirent() anyway, so it should be safe to simply remove the extra checking. At a guess, this was introduced by commit 6650239a, "NFS: Don't use vm_map_ram() in readdir". Signed-off-by: Chuck Lever <[email protected]> Signed-off-by: Trond Myklebust <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- fs/nfs/nfs4xdr.c | 3 --- 1 file changed, 3 deletions(-) --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -6212,9 +6212,6 @@ __be32 *nfs4_decode_dirent(struct xdr_st if (entry->fattr->valid & NFS_ATTR_FATTR_TYPE) entry->d_type = nfs_umode_to_dtype(entry->fattr->mode); - if (verify_attr_len(xdr, p, len) < 0) - goto out_overflow; - return p; out_overflow: _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
