1 From 9c2ece6ef67e9d376f32823086169b489c422ed0 Mon Sep 17 00:00:00 2001
2 From: Scott Mayhew <smayhew@redhat.com>
3 Date: Mon, 7 May 2018 09:01:08 -0400
4 Subject: nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
6 From: Scott Mayhew <smayhew@redhat.com>
8 commit 9c2ece6ef67e9d376f32823086169b489c422ed0 upstream.
10 nfsd4_readdir_rsize restricts rd_maxcount to svc_max_payload when
11 estimating the size of the readdir reply, but nfsd_encode_readdir
12 restricts it to INT_MAX when encoding the reply. This can result in log
13 messages like "kernel: RPC request reserved 32896 but used 1049444".
15 Restrict rd_dircount similarly (no reason it should be larger than
18 Signed-off-by: Scott Mayhew <smayhew@redhat.com>
19 Cc: stable@vger.kernel.org
20 Signed-off-by: J. Bruce Fields <bfields@redhat.com>
21 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24 fs/nfsd/nfs4xdr.c | 5 +++--
25 1 file changed, 3 insertions(+), 2 deletions(-)
27 --- a/fs/nfsd/nfs4xdr.c
28 +++ b/fs/nfsd/nfs4xdr.c
29 @@ -3645,7 +3645,8 @@ nfsd4_encode_readdir(struct nfsd4_compou
30 nfserr = nfserr_resource;
33 - maxcount = min_t(u32, readdir->rd_maxcount, INT_MAX);
34 + maxcount = svc_max_payload(resp->rqstp);
35 + maxcount = min_t(u32, readdir->rd_maxcount, maxcount);
37 * Note the rfc defines rd_maxcount as the size of the
38 * READDIR4resok structure, which includes the verifier above
39 @@ -3659,7 +3660,7 @@ nfsd4_encode_readdir(struct nfsd4_compou
41 /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
42 if (!readdir->rd_dircount)
43 - readdir->rd_dircount = INT_MAX;
44 + readdir->rd_dircount = svc_max_payload(resp->rqstp);
47 readdir->rd_maxcount = maxcount;