Patch "NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN" has been added to the 5.4-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 8 Sep 2023 19:37:20 -0400

This is a note to let you know that I've just added the patch titled

    NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nfs-guard-against-readdir-loop-when-entry-names-exce.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 22831374e4e032750d083ed1821659ccc0cbb77b
Author: Benjamin Coddington <bcodding@xxxxxxxxxx>
Date:   Tue Aug 22 14:22:38 2023 -0400

    NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
    
    [ Upstream commit f67b55b6588bcf9316a1e6e8d529100a5aa3ebe6 ]
    
    Commit 64cfca85bacd asserts the only valid return values for
    nfs2/3_decode_dirent should not include -ENAMETOOLONG, but for a server
    that sends a filename3 which exceeds MAXNAMELEN in a READDIR response the
    client's behavior will be to endlessly retry the operation.
    
    We could map -ENAMETOOLONG into -EBADCOOKIE, but that would produce
    truncated listings without any error.  The client should return an error
    for this case to clearly assert that the server implementation must be
    corrected.
    
    Fixes: 64cfca85bacd ("NFS: Return valid errors from nfs2/3_decode_dirent()")
    Signed-off-by: Benjamin Coddington <bcodding@xxxxxxxxxx>
    Signed-off-by: Anna Schumaker <Anna.Schumaker@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c
index af557dc2cfe1d..6b783e2d28554 100644
--- a/fs/nfs/nfs2xdr.c
+++ b/fs/nfs/nfs2xdr.c
@@ -953,7 +953,7 @@ int nfs2_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry,
 
 	error = decode_filename_inline(xdr, &entry->name, &entry->len);
 	if (unlikely(error))
-		return -EAGAIN;
+		return error == -ENAMETOOLONG ? -ENAMETOOLONG : -EAGAIN;
 
 	/*
 	 * The type (size and byte order) of nfscookie isn't defined in
diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
index 84369d51353a5..6d8768ce370d2 100644
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -1991,7 +1991,7 @@ int nfs3_decode_dirent(struct xdr_stream *xdr, struct nfs_entry *entry,
 
 	error = decode_inline_filename3(xdr, &entry->name, &entry->len);
 	if (unlikely(error))
-		return -EAGAIN;
+		return error == -ENAMETOOLONG ? -ENAMETOOLONG : -EAGAIN;
 
 	error = decode_cookie3(xdr, &new_cookie);
 	if (unlikely(error))






