1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-24 17:23:25 -05:00
linux/fs
J. Bruce Fields 15b23ef5d3 nfsd4: fix corruption of NFSv4 read data
The calculation of page_ptr here is wrong in the case the read doesn't
start at an offset that is a multiple of a page.

The result is that nfs4svc_encode_compoundres sets rq_next_page to a
value one too small, and then the loop in svc_free_res_pages may
incorrectly fail to clear a page pointer in rq_respages[].

Pages left in rq_respages[] are available for the next rpc request to
use, so xdr data may be written to that page, which may hold data still
waiting to be transmitted to the client or data in the page cache.

The observed result was silent data corruption seen on an NFSv4 client.

We tag this as "fixing" 05638dc73a because that commit exposed this
bug, though the incorrect calculation predates it.

Particular thanks to Andrea Arcangeli and David Gilbert for analysis and
testing.

Fixes: 05638dc73a "nfsd4: simplify server xdr->next_page use"
Cc: stable@vger.kernel.org
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-09-30 15:57:04 -04:00
..
9p
adfs
affs
afs
autofs4
befs
bfs
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2014-09-19 13:10:53 -07:00
cachefiles fs/cachefiles: add missing \n to kerror conversions 2014-09-26 08:10:35 -07:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2014-08-13 17:43:29 -06:00
cifs Fix mfsymlinks file size check 2014-09-16 06:48:20 -05:00
coda
configfs
cramfs
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
exofs
exportfs
ext2
ext3 ext3: Count internal journal as bsddf overhead in ext3_statfs 2014-08-19 23:16:51 +02:00
ext4 ext4: avoid trying to kfree an ERR_PTR pointer 2014-09-03 09:37:30 -04:00
f2fs f2fs: reposition unlock_new_inode to prevent accessing invalid inode 2014-09-02 00:22:24 -07:00
fat
freevxfs
fscache FS-Cache: refcount becomes corrupt under vma pressure. 2014-09-17 22:41:40 +01:00
fuse fuse: honour max_read and max_write in direct_io mode 2014-09-26 21:16:51 -04:00
gfs2 GFS2: fix d_splice_alias() misuses 2014-09-12 20:58:55 +01:00
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs
isofs isofs: Fix unbounded recursion when processing relocated directories 2014-08-19 18:29:30 +02:00
jbd
jbd2 jbd2: fix descriptor block size handling errors with journal_csum 2014-08-28 22:22:29 -04:00
jffs2
jfs
kernfs
lockd lockd: fix rpcbind crash on lockd startup failure 2014-09-08 12:03:32 -04:00
logfs
minix
ncpfs
nfs NFSv4: Fix another bug in the close/open_downgrade code 2014-09-18 13:04:22 -04:00
nfs_common
nfsd nfsd4: fix corruption of NFSv4 read data 2014-09-30 15:57:04 -04:00
nilfs2 nilfs2: fix data loss with mmap() 2014-09-26 08:10:34 -07:00
nls
notify fs/notify: don't show f_handle if exportfs_encode_inode_fh failed 2014-09-10 15:42:12 -07:00
ntfs
ocfs2 ocfs2/dlm: do not get resource spinlock if lockres is new 2014-09-26 08:10:34 -07:00
omfs
openpromfs
proc mm: softdirty: addresses before VMAs in PTE holes aren't softdirty 2014-09-26 08:10:35 -07:00
pstore
qnx4
qnx6
quota
ramfs
reiserfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2014-08-13 17:45:40 -06:00
romfs
squashfs
sysfs
sysv
ubifs
udf udf: saner calling conventions for udf_new_inode() 2014-09-04 21:37:41 +02:00
ufs ufs: deal with nfsd/iget races 2014-09-26 21:17:52 -04:00
xfs xfs: trim eofblocks before collapse range 2014-09-02 12:12:53 +10:00
aio.c aio: block exit_aio() until all context requests are completed 2014-09-04 16:54:47 -04:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
block_dev.c
buffer.c Fix nasty 32-bit overflow bug in buffer i/o code. 2014-09-22 08:41:16 -07:00
char_dev.c
compat.c
compat_binfmt_elf.c
compat_ioctl.c
coredump.c
dcache.c vfs: Don't exchange "short" filenames unconditionally. 2014-09-27 15:59:39 -04:00
dcookies.c
direct-io.c fuse: honour max_read and max_write in direct_io mode 2014-09-26 21:16:51 -04:00
drop_caches.c
eventfd.c
eventpoll.c eventpoll: fix uninitialized variable in epoll_ctl 2014-09-10 15:42:12 -07:00
exec.c
fcntl.c
fhandle.c
file.c
file_table.c
filesystems.c
fs-writeback.c
fs_pin.c
fs_struct.c
inode.c
internal.h
ioctl.c
Kconfig
Kconfig.binfmt
libfs.c
locks.c locks: pass correct "before" pointer to locks_unlink_lock in generic_add_lease 2014-08-22 09:58:22 -04:00
Makefile
mbcache.c
mount.h
mpage.c
namei.c vfs: workaround gcc <4.6 build error in link_path_walk() 2014-09-16 07:44:54 -07:00
namespace.c fix EBUSY on umount() from MNT_SHRINKABLE 2014-08-30 18:32:05 -04:00
no-block.c
open.c
pipe.c
pnode.c get rid of propagate_umount() mistakenly treating slaves as busy. 2014-08-30 18:31:41 -04:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
select.c
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2014-08-13 17:45:40 -06:00
sync.c Export sync_filesystem() for modular ->remount_fs() use 2014-09-05 08:16:21 -07:00
timerfd.c
utimes.c
xattr.c