NFSv4.1/pnfs: Add sanity check for the layout range returned by the server

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
This commit is contained in:
Trond Myklebust 2015-08-25 11:16:13 -04:00
parent 82714bd142
commit 540d9864e1

View File

@ -1561,6 +1561,26 @@ out_unlock:
}
EXPORT_SYMBOL_GPL(pnfs_update_layout);
static bool
pnfs_sanity_check_layout_range(struct pnfs_layout_range *range)
{
switch (range->iomode) {
case IOMODE_READ:
case IOMODE_RW:
break;
default:
return false;
}
if (range->offset == NFS4_MAX_UINT64)
return false;
if (range->length == 0)
return false;
if (range->length != NFS4_MAX_UINT64 &&
range->length > NFS4_MAX_UINT64 - range->offset)
return false;
return true;
}
struct pnfs_layout_segment *
pnfs_layout_process(struct nfs4_layoutget *lgp)
{
@ -1569,7 +1589,10 @@ pnfs_layout_process(struct nfs4_layoutget *lgp)
struct pnfs_layout_segment *lseg;
struct inode *ino = lo->plh_inode;
LIST_HEAD(free_me);
int status = 0;
int status = -EINVAL;
if (!pnfs_sanity_check_layout_range(&res->range))
goto out;
/* Inject layout blob into I/O device driver */
lseg = NFS_SERVER(ino)->pnfs_curr_ld->alloc_lseg(lo, res, lgp->gfp_flags);