FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-08 18:42:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
51f5677777
linux/fs
History
J. Bruce Fields 51f5677777 nfsd: check for oversized NFSv2/v3 arguments 
A client can append random data to the end of an NFSv2 or NFSv3 RPC call
without our complaining; we'll just stop parsing at the end of the
expected data and ignore the rest.

Encoded arguments and replies are stored together in an array of pages,
and if a call is too large it could leave inadequate space for the
reply.  This is normally OK because NFS RPC's typically have either
short arguments and long replies (like READ) or long arguments and short
replies (like WRITE).  But a client that sends an incorrectly long reply
can violate those assumptions.  This was observed to cause crashes.

So, insist that the argument not be any longer than we expect.

Also, several operations increment rq_next_page in the decode routine
before checking the argument size, which can leave rq_next_page pointing
well past the end of the page array, causing trouble later in
svc_free_pages.

As followup we may also want to rewrite the encoding routines to check
more carefully that they aren't running off the end of the page array.

Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2017-04-25 17:25:53 -04:00
..
9p Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 21:44:35 -08:00
adfs
affs
afs afs: Don't wait for page writeback with the page lock held 2017-03-16 16:29:30 +00:00
autofs4
befs
bfs
btrfs Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2017-04-14 16:53:45 -07:00
cachefiles
ceph Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
cifs cifs: Do not send echoes before Negotiate is complete 2017-04-17 15:44:23 -05:00
coda Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
configfs
cramfs
crypto A code cleanup and bugfix for fs/crypto. 2017-03-25 15:36:56 -07:00
debugfs
devpts
dlm net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
ecryptfs Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
efivarfs
efs
exofs
exportfs Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
ext2
ext4 statx: Include a mask for stx_attributes in struct statx 2017-04-03 01:06:00 -04:00
f2fs f2fs: combine nat_bits and free_nid_bitmap cache 2017-03-20 10:00:18 -04:00
fat fat: fix using uninitialized fields of fat_inode/fsinfo_inode 2017-03-09 17:01:10 -08:00
freevxfs
fscache
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2017-03-03 12:14:13 -08:00
gfs2 gfs2: Avoid alignment hole in struct lm_lockname 2017-03-15 10:06:07 -04:00
hfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 21:44:35 -08:00
hfsplus
hostfs
hpfs sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
hugetlbfs hugetlbfs: fix offset overflow in hugetlbfs mmap 2017-04-13 18:24:21 -07:00
isofs
jbd2 jbd2: don't leak memory if setting up journal fails 2017-03-15 15:08:48 -04:00
jffs2 sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
jfs
kernfs kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file() 2017-03-17 10:25:59 +09:00
lockd
minix statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
ncpfs Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
nfs NFS client fixes for 4.11 (part 2) 2017-03-31 12:29:03 -07:00
nfs_common
nfsd nfsd: check for oversized NFSv2/v3 arguments 2017-04-25 17:25:53 -04:00
nilfs2 sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
nls
notify sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
ntfs sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
ocfs2 net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
omfs
openpromfs
orangefs orangefs: free superblock when mount fails 2017-04-15 09:39:31 -07:00
overlayfs overlayfs: remove now unnecessary header file include 2017-03-08 10:42:13 -08:00
proc thp: fix MADV_DONTNEED vs clear soft dirty race 2017-04-13 18:24:21 -07:00
pstore
qnx4
qnx6
quota
ramfs
reiserfs
romfs
squashfs
sysfs sysfs: be careful of error returns from ops->show() 2017-04-08 17:33:32 +02:00
sysv statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
tracefs
ubifs ubifs: Fix O_TMPFILE corner case in ubifs_link() 2017-04-18 23:18:02 +02:00
udf statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
ufs
xfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-04-09 08:26:21 -07:00
aio.c Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
anon_inodes.c
attr.c
bad_inode.c statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
binfmt_aout.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
binfmt_elf_fdpic.c sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h> 2017-03-02 08:42:39 +01:00
binfmt_elf.c sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h> 2017-03-02 08:42:39 +01:00
binfmt_em86.c
binfmt_flat.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
binfmt_misc.c sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
binfmt_script.c
block_dev.c block: Initialize bd_bdi on inode initialization 2017-03-02 08:56:59 -07:00
buffer.c sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency 2017-03-02 08:42:37 +01:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
coredump.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
dax.c dax: fix radix tree insertion race 2017-04-08 00:47:49 -07:00
dcache.c
dcookies.c
direct-io.c
drop_caches.c
eventfd.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
eventpoll.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
exec.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h> 2017-03-02 08:42:35 +01:00
fcntl.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h> 2017-03-02 08:42:35 +01:00
fhandle.c
file_table.c
file.c
filesystems.c
fs_pin.c
fs_struct.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h> 2017-03-02 08:42:35 +01:00
fs-writeback.c writeback: fix memory leak in wb_queue_work() 2017-03-13 08:27:34 -06:00
inode.c
internal.h
ioctl.c sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency 2017-03-02 08:42:37 +01:00
iomap.c iomap: invalidate page caches should be after iomap_dio_complete() in direct write 2017-03-06 09:50:01 -08:00
Kconfig
Kconfig.binfmt
libfs.c Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 11:38:56 -08:00
locks.c
Makefile
mbcache.c
mount.h
mpage.c
namei.c vfs: don't do RCU lookup of empty pathnames 2017-04-15 09:34:52 -07:00
namespace.c sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
no-block.c
nsfs.c nsfs: mark dentry with DCACHE_RCUACCESS 2017-04-19 15:56:24 -07:00
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
read_write.c Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
readdir.c
select.c
seq_file.c
signalfd.c
splice.c Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
stack.c
stat.c statx: Include a mask for stx_attributes in struct statx 2017-04-03 01:06:00 -04:00
statfs.c
super.c
sync.c
timerfd.c
userfaultfd.c userfaultfd: report actual registered features in fdinfo 2017-04-08 00:47:48 -07:00
utimes.c
xattr.c