On Thu, May 28, 2015 at 5:05 PM, Andreas Grünbacher <andreas.gruenbacher@xxxxxxxxx> wrote: > 2015-05-28 22:50 GMT+02:00 Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>: >> On Thu, May 28, 2015 at 4:33 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: >>> On Fri, Apr 24, 2015 at 01:04:33PM +0200, Andreas Gruenbacher wrote: >>>> The NFSv4 client sends the server GETATTR requests with different sets of >>>> requested attributes depending on the situation. The requested set of >>>> attributes is encoded in a bitmap; the server replies with the set of >>>> attributes it could return. These bitmaps can be several words wide. The >>>> bitmap returned by the server is a subset of the bitmap sent by the client. >>>> >>>> While decoding the reply, the client tries to verify the reply bitmap: it >>>> checks if any previous, unexpected attributes are left in the same word of the >>>> bitmap for each attribute it tries to decode, then it clears the current >>>> attribute's bit in the bitmap for the next decode function. >>>> >>>> The client fails to detect when unexpected attributes are sent after the last >>>> expected attribute in each word in the bitmap. >>> >>> Is it important that the client catch that? >> >> Right. What is the actual problem or bug that this patch is trying to >> fix? Why do we care if a buggy server sends us extra info that we >> didn't ask for? > > I think we do care to correctly decode (and reject) well-formed but illegal > server replies. In this case, when switching to the next word of a bitmap, the > client doesn't check if the previous word has been completely "consumed" yet. > If any attributes are "missed", decoding the attribute values gets out of sync, > garbage is decoded, and the error may be missed. > We already do this kind of check with the existing code. What's wrong with it? Trond -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
