Quoting James Morris (jmorris@xxxxxxxxx):
...
> +int nfs3_proc_getxattr(struct inode *inode, const char *namespace,
> + const char *name, void *value, size_t size)
> +{
...
> + res.xattr_val_len = size;
> + res.xattr_val = kmalloc(size, GFP_KERNEL);
> + if (!res.xattr_val)
> + return -ENOMEM;
> +
> + dprintk("NFS call getxattr %s%s %zd\n", namespace, name, size);
> +
> + msg.rpc_proc = &server->client_xattr->cl_procinfo[XATTRPROC3_GETXATTR];
> + nfs_fattr_init(&fattr);
> + status = rpc_call_sync(server->client_xattr, &msg, 0);
> +
> + dprintk("NFS reply getxattr: status=%d len=%d\n",
> + status, res.xattr_val_len);
> +
> + switch (status) {
> + case 0:
> + status = nfs_refresh_inode(inode, &fattr);
> + break;
> + case -EPFNOSUPPORT:
> + case -EPROTONOSUPPORT:
> + dprintk("NFS_V3_XATTR extension not supported; disabling\n");
> + server->caps &= ~NFS_CAP_XATTR;
> + case -ENOTSUPP:
> + status = -EOPNOTSUPP;
> + default:
> + goto cleanup;
> + }
> +
> + status = res.xattr_val_len;
> + if (status <= size)
res.xattr_val_len was set to size, as was status, and none of the
3 has been changed, so here status can't be > size can it?
Was this just a safety to prevent overrun, or did you mean to
do some other check? (If a safety, then you'll still return
status > size, but with garbage in value, so i think you'd want
to also change status)
> + memcpy(value, res.xattr_val, status);
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
