summaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2022-09-01 15:09:59 -0400
committerChuck Lever <chuck.lever@oracle.com>2022-09-26 14:02:26 -0400
commit1242a87da0d8cd2a428e96ca68e7ea899b0f4624 (patch)
tree0b6ec5907606e0c5607c204e47658c62838ff275 /include/linux
parent90bfc37b5ab91c1a6165e3e5cfc49bf04571b762 (diff)
downloadlinux-stable-1242a87da0d8cd2a428e96ca68e7ea899b0f4624.tar.gz
linux-stable-1242a87da0d8cd2a428e96ca68e7ea899b0f4624.tar.bz2
linux-stable-1242a87da0d8cd2a428e96ca68e7ea899b0f4624.zip
SUNRPC: Fix svcxdr_init_encode's buflen calculation
Commit 2825a7f90753 ("nfsd4: allow encoding across page boundaries") added an explicit computation of the remaining length in the rq_res XDR buffer. The computation appears to suffer from an "off-by-one" bug. Because buflen is too large by one page, XDR encoding can run off the end of the send buffer by eventually trying to use the struct page address in rq_page_end, which always contains NULL. Fixes: bddfdbcddbe2 ("NFSD: Extract the svcxdr_init_encode() helper") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/sunrpc/svc.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 5a830b66f059..0ca8a8ffb47e 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -587,7 +587,7 @@ static inline void svcxdr_init_encode(struct svc_rqst *rqstp)
xdr->end = resv->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
buf->len = resv->iov_len;
xdr->page_ptr = buf->pages - 1;
- buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages);
+ buf->buflen = PAGE_SIZE * (rqstp->rq_page_end - buf->pages);
buf->buflen -= rqstp->rq_auth_slack;
xdr->rqst = NULL;
}