On Feb 22, 2011, at 2:43 PM, Benny Halevy wrote: > Fix bug introduced in patch > 85a56480 NFSD: Update XDR decoders in NFSv4 callback client > > Although decode_cb_sequence4resok ignores highest slotid and target highest slotid > it must account for their space in their xdr stream when calling xdr_inline_decode The real problem is that decoding for the next operation in the compound will start too early in the buffer, because we didn't account for the ignored 8 bytes here, yes? Reviewed-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > Cc: Chuck Lever <chuck.lever@xxxxxxxxxx> > Signed-off-by: Benny Halevy <bhalevy@xxxxxxxxxxx> > --- > fs/nfsd/nfs4callback.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c > index da54498..d046bdb 100644 > --- a/fs/nfsd/nfs4callback.c > +++ b/fs/nfsd/nfs4callback.c > @@ -592,7 +592,7 @@ static int decode_cb_sequence4resok(struct xdr_stream *xdr, > * If the server returns different values for sessionID, slotID or > * sequence number, the server is looney tunes. > */ > - p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN + 4 + 4); > + p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN + 4 + 4 + 4 + 4); > if (unlikely(p == NULL)) > goto out_overflow; > memcpy(id.data, p, NFS4_MAX_SESSIONID_LEN); > -- > 1.7.3.4 > -- Chuck Lever chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
