On 2011-02-23 08:48, Chuck Lever wrote: > > On Feb 22, 2011, at 2:43 PM, Benny Halevy wrote: > >> Fix bug introduced in patch >> 85a56480 NFSD: Update XDR decoders in NFSv4 callback client >> >> Although decode_cb_sequence4resok ignores highest slotid and target highest slotid >> it must account for their space in their xdr stream when calling xdr_inline_decode > > The real problem is that decoding for the next operation in the compound will start too early in the buffer, because we didn't account for the ignored 8 bytes here, yes? Right on the spot. Benny > > Reviewed-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > >> Cc: Chuck Lever <chuck.lever@xxxxxxxxxx> >> Signed-off-by: Benny Halevy <bhalevy@xxxxxxxxxxx> >> --- >> fs/nfsd/nfs4callback.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c >> index da54498..d046bdb 100644 >> --- a/fs/nfsd/nfs4callback.c >> +++ b/fs/nfsd/nfs4callback.c >> @@ -592,7 +592,7 @@ static int decode_cb_sequence4resok(struct xdr_stream *xdr, >> * If the server returns different values for sessionID, slotID or >> * sequence number, the server is looney tunes. >> */ >> - p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN + 4 + 4); >> + p = xdr_inline_decode(xdr, NFS4_MAX_SESSIONID_LEN + 4 + 4 + 4 + 4); >> if (unlikely(p == NULL)) >> goto out_overflow; >> memcpy(id.data, p, NFS4_MAX_SESSIONID_LEN); >> -- >> 1.7.3.4 >> > > -- > Chuck Lever > chuck[dot]lever[at]oracle[dot]com > > > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
