| From: Scott Mayhew <smayhew@redhat.com> |
| Date: Mon, 7 May 2018 09:01:08 -0400 |
| Subject: nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir |
| |
| commit 9c2ece6ef67e9d376f32823086169b489c422ed0 upstream. |
| |
| nfsd4_readdir_rsize restricts rd_maxcount to svc_max_payload when |
| estimating the size of the readdir reply, but nfsd_encode_readdir |
| restricts it to INT_MAX when encoding the reply. This can result in log |
| messages like "kernel: RPC request reserved 32896 but used 1049444". |
| |
| Restrict rd_dircount similarly (no reason it should be larger than |
| svc_max_payload). |
| |
| Signed-off-by: Scott Mayhew <smayhew@redhat.com> |
| Signed-off-by: J. Bruce Fields <bfields@redhat.com> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| fs/nfsd/nfs4xdr.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/fs/nfsd/nfs4xdr.c |
| +++ b/fs/nfsd/nfs4xdr.c |
| @@ -3343,7 +3343,8 @@ nfsd4_encode_readdir(struct nfsd4_compou |
| nfserr = nfserr_resource; |
| goto err_no_verf; |
| } |
| - maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX); |
| + maxcount = svc_max_payload(resp->rqstp); |
| + maxcount = min_t(u32, readdir->rd_maxcount, maxcount); |
| /* |
| * Note the rfc defines rd_maxcount as the size of the |
| * READDIR4resok structure, which includes the verifier above |
| @@ -3357,7 +3358,7 @@ nfsd4_encode_readdir(struct nfsd4_compou |
| |
| /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */ |
| if (!readdir->rd_dircount) |
| - readdir->rd_dircount = INT_MAX; |
| + readdir->rd_dircount = svc_max_payload(resp->rqstp); |
| |
| readdir->xdr = xdr; |
| readdir->rd_maxcount = maxcount; |