NFSv4: Don't use private xdr_stream fields in decode_getacl (cff298c7) · Commits · 方亚芬 / raspberrypi_linux

fs/nfs/nfs4xdr.c

+6 −5

Original line number	Diff line number	Diff line
		@@ -5045,10 +5045,10 @@ static int decode_getacl(struct xdr_stream xdr, struct rpc_rqst req,
		struct nfs_getaclres *res)
		{
		unsigned int savep;
		__be32 *bm_p;
		uint32_t attrlen,
		bitmap[3] = {0};
		int status;
		unsigned int pg_offset;

		res->acl_len = 0;
		if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0)
		@@ -5056,7 +5056,8 @@ static int decode_getacl(struct xdr_stream xdr, struct rpc_rqst req,

		xdr_enter_page(xdr, xdr->buf->page_len);

		bm_p = xdr->p;
		/* Calculate the offset of the page data */
		pg_offset = xdr->buf->head[0].iov_len;

		if ((status = decode_attr_bitmap(xdr, bitmap)) != 0)
		goto out;
		@@ -5070,18 +5071,18 @@ static int decode_getacl(struct xdr_stream xdr, struct rpc_rqst req,
		/* The bitmap (xdr len + bitmaps) and the attr xdr len words
		* are stored with the acl data to handle the problem of
		* variable length bitmaps.*/
		res->acl_data_offset = (xdr->p - bm_p) << 2;
		res->acl_data_offset = xdr_stream_pos(xdr) - pg_offset;

		/* We ignore &savep and don't do consistency checks on
		* the attr length. Let userspace figure it out.... */
		res->acl_len = attrlen;
		if (attrlen + res->acl_data_offset > xdr->buf->page_len) {
		if (attrlen > (xdr->nwords << 2)) {
		if (res->acl_flags & NFS4_ACL_LEN_REQUEST) {
		/* getxattr interface called with a NULL buf */
		goto out;
		}
		dprintk("NFS: acl reply: attrlen %u > page_len %u\n",
		attrlen, xdr->buf->page_len);
		attrlen, xdr->nwords << 2);
		return -EINVAL;
		}
		} else