On Sat, Jul 02, 2011 at 05:02:54PM +0800, Mi Jinlong wrote: > This patch just check request's size when it consists SEQUENCE. > > Signed-off-by: Mi Jinlong <mijinlong@xxxxxxxxxxxxxx> > --- > fs/nfsd/nfs4state.c | 16 ++++++++++++++++ > 1 files changed, 16 insertions(+), 0 deletions(-) > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > index e98f3c2..17e30bf 100644 > --- a/fs/nfsd/nfs4state.c > +++ b/fs/nfsd/nfs4state.c > @@ -1736,6 +1736,21 @@ static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_sess > return args->opcnt > session->se_fchannel.maxops; > } > > +static int nfsd4_check_request_size(struct nfsd4_compoundargs *args, > + struct nfsd4_session *session) > +{ > + struct xdr_buf *xb = &args->rqstp->rq_arg; > + > + /* Only SEQUENCE operation */ > + if (args->opcnt == 1) > + return 0; Do we need this special check? Sure, it's possible that a crazy client could set se_fchannel.maxreq_sz too small, and then we'd get a failure here even when they only sent a single sequence. Such a client gets what it deserves. Seems OK otherwise. Of course, dealing with the maximum response size is going to be the difficult part. --b. > + > + if (xb->len > session->se_fchannel.maxreq_sz) > + return nfserr_req_too_big; > + > + return 0; > +} > + > __be32 > nfsd4_sequence(struct svc_rqst *rqstp, > struct nfsd4_compound_state *cstate, > @@ -1804,6 +1819,7 @@ nfsd4_sequence(struct svc_rqst *rqstp, > cstate->slot = slot; > cstate->session = session; > > + status = nfsd4_check_request_size(rqstp->rq_argp, session); > out: > /* Hold a session reference until done processing the compound. */ > if (cstate->session) { > -- > 1.7.5.4 > > > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html