#define NFS3_wccstat_sz (1+NFS3_wcc_data_sz)
#define NFS3_lookupres_sz (1+NFS3_fh_sz+(2 * NFS3_post_op_attr_sz))
#define NFS3_accessres_sz (1+NFS3_post_op_attr_sz+1)
-#define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz)
+#define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz+1)
#define NFS3_readres_sz (1+NFS3_post_op_attr_sz+3)
#define NFS3_writeres_sz (1+NFS3_wcc_data_sz+4)
#define NFS3_createres_sz (1+NFS3_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz)
static inline u32 *
xdr_decode_fhandle(u32 *p, struct nfs_fh *fh)
{
- /*
- * Zero all nonused bytes
- */
- memset((u8 *)fh, 0, sizeof(*fh));
if ((fh->size = ntohl(*p++)) <= NFS3_FHSIZE) {
memcpy(fh->data, p, fh->size);
return p + XDR_QUADLEN(fh->size);
}
static inline u32 *
-xdr_encode_sattr(u32 *p, struct iattr *attr)
+xdr_encode_sattr(u32 *p, struct iattr *attr, int tagxid)
{
if (attr->ia_valid & ATTR_MODE) {
*p++ = xdr_one;
} else {
*p++ = xdr_zero;
}
- if (attr->ia_valid & ATTR_UID || attr->ia_valid & ATTR_XID) {
+ if (attr->ia_valid & ATTR_UID ||
+ (tagxid && (attr->ia_valid & ATTR_XID))) {
*p++ = xdr_one;
- *p++ = htonl(XIDINO_UID(attr->ia_uid, attr->ia_xid));
+ *p++ = htonl(XIDINO_UID(tagxid, attr->ia_uid, attr->ia_xid));
} else {
*p++ = xdr_zero;
}
- if (attr->ia_valid & ATTR_GID || attr->ia_valid & ATTR_XID) {
+ if (attr->ia_valid & ATTR_GID ||
+ (tagxid && (attr->ia_valid & ATTR_XID))) {
*p++ = xdr_one;
- *p++ = htonl(XIDINO_GID(attr->ia_gid, attr->ia_xid));
+ *p++ = htonl(XIDINO_GID(tagxid, attr->ia_gid, attr->ia_xid));
} else {
*p++ = xdr_zero;
}
nfs3_xdr_sattrargs(struct rpc_rqst *req, u32 *p, struct nfs3_sattrargs *args)
{
p = xdr_encode_fhandle(p, args->fh);
- p = xdr_encode_sattr(p, args->sattr);
+ p = xdr_encode_sattr(p, args->sattr,
+ req->rq_task->tk_client->cl_tagxid);
*p++ = htonl(args->guard);
if (args->guard)
p = xdr_encode_time3(p, &args->guardtime);
*p++ = args->verifier[0];
*p++ = args->verifier[1];
} else
- p = xdr_encode_sattr(p, args->sattr);
+ p = xdr_encode_sattr(p, args->sattr,
+ req->rq_task->tk_client->cl_tagxid);
req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
return 0;
{
p = xdr_encode_fhandle(p, args->fh);
p = xdr_encode_array(p, args->name, args->len);
- p = xdr_encode_sattr(p, args->sattr);
+ p = xdr_encode_sattr(p, args->sattr,
+ req->rq_task->tk_client->cl_tagxid);
req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
return 0;
}
{
p = xdr_encode_fhandle(p, args->fromfh);
p = xdr_encode_array(p, args->fromname, args->fromlen);
- p = xdr_encode_sattr(p, args->sattr);
+ p = xdr_encode_sattr(p, args->sattr,
+ req->rq_task->tk_client->cl_tagxid);
p = xdr_encode_array(p, args->topath, args->tolen);
req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
return 0;
p = xdr_encode_fhandle(p, args->fh);
p = xdr_encode_array(p, args->name, args->len);
*p++ = htonl(args->type);
- p = xdr_encode_sattr(p, args->sattr);
+ p = xdr_encode_sattr(p, args->sattr,
+ req->rq_task->tk_client->cl_tagxid);
if (args->type == NF3CHR || args->type == NF3BLK) {
*p++ = htonl(MAJOR(args->rdev));
*p++ = htonl(MINOR(args->rdev));
nfs3_xdr_readdirres(struct rpc_rqst *req, u32 *p, struct nfs3_readdirres *res)
{
struct xdr_buf *rcvbuf = &req->rq_rcv_buf;
- struct iovec *iov = rcvbuf->head;
+ struct kvec *iov = rcvbuf->head;
struct page **page;
int hdrlen, recvd;
int status, nr;
nfs3_xdr_readlinkargs(struct rpc_rqst *req, u32 *p, struct nfs3_readlinkargs *args)
{
struct rpc_auth *auth = req->rq_task->tk_auth;
- unsigned int count = args->count - 5;
unsigned int replen;
p = xdr_encode_fhandle(p, args->fh);
/* Inline the page array */
replen = (RPC_REPHDRSIZE + auth->au_rslack + NFS3_readlinkres_sz) << 2;
- xdr_inline_pages(&req->rq_rcv_buf, replen, args->pages, 0, count);
+ xdr_inline_pages(&req->rq_rcv_buf, replen, args->pages, args->pgbase, args->pglen);
return 0;
}
nfs3_xdr_readlinkres(struct rpc_rqst *req, u32 *p, struct nfs_fattr *fattr)
{
struct xdr_buf *rcvbuf = &req->rq_rcv_buf;
- struct iovec *iov = rcvbuf->head;
- unsigned int hdrlen;
- u32 *strlen, len;
- char *string;
+ struct kvec *iov = rcvbuf->head;
+ int hdrlen, len, recvd;
+ char *kaddr;
int status;
status = ntohl(*p++);
if (status != 0)
return -nfs_stat_to_errno(status);
+ /* Convert length of symlink */
+ len = ntohl(*p++);
+ if (len >= rcvbuf->page_len || len <= 0) {
+ dprintk(KERN_WARNING "nfs: server returned giant symlink!\n");
+ return -ENAMETOOLONG;
+ }
+
hdrlen = (u8 *) p - (u8 *) iov->iov_base;
- if (iov->iov_len > hdrlen) {
+ if (iov->iov_len < hdrlen) {
+ printk(KERN_WARNING "NFS: READLINK reply header overflowed:"
+ "length %d > %Zu\n", hdrlen, iov->iov_len);
+ return -errno_NFSERR_IO;
+ } else if (iov->iov_len != hdrlen) {
dprintk("NFS: READLINK header is short. iovec will be shifted.\n");
xdr_shift_buf(rcvbuf, iov->iov_len - hdrlen);
}
-
- strlen = (u32*)kmap_atomic(rcvbuf->pages[0], KM_USER0);
- /* Convert length of symlink */
- len = ntohl(*strlen);
- if (len > rcvbuf->page_len) {
- dprintk(KERN_WARNING "nfs: server returned giant symlink!\n");
- kunmap_atomic(strlen, KM_USER0);
- return -ENAMETOOLONG;
+ recvd = req->rq_rcv_buf.len - hdrlen;
+ if (recvd < len) {
+ printk(KERN_WARNING "NFS: server cheating in readlink reply: "
+ "count %u > recvd %u\n", len, recvd);
+ return -EIO;
}
- *strlen = len;
+
/* NULL terminate the string we got */
- string = (char *)(strlen + 1);
- string[len] = '\0';
- kunmap_atomic(strlen, KM_USER0);
+ kaddr = (char*)kmap_atomic(rcvbuf->pages[0], KM_USER0);
+ kaddr[len+rcvbuf->page_base] = '\0';
+ kunmap_atomic(kaddr, KM_USER0);
return 0;
}
static int
nfs3_xdr_readres(struct rpc_rqst *req, u32 *p, struct nfs_readres *res)
{
- struct iovec *iov = req->rq_rcv_buf.head;
+ struct kvec *iov = req->rq_rcv_buf.head;
int status, count, ocount, recvd, hdrlen;
status = ntohl(*p++);