kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/fs/nfs
History
Kinglong Mee 15ae2c7bdc nfs/blocklayout: Fix bad using of page offset in bl_read_pagelist 
Blocklayout uses file offset for the read-back page's offset of first writing,
it's definitely wrong, it writes data to bad address of page that cause userspace
application segment fault. It must be the page base stored in header->args.pgbase.

Also, the pg_offset has no influence with isect and extent length.

Note: The offset of the non-first page is always zero.

Ps: A test program will segment fault at read() as,
#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>

int main(int argc, char **argv)
{
        char buf[2049];
        char *filename = NULL;
        int fd = -1;

        if (argc < 2) {
                printf("Usage: %s filename\n", argv[0]);
                return 0;
        }

        filename = argv[1];
        fd = open(filename, O_RDONLY | O_DIRECT);
        if (fd < 0) {
                printf("Open %s fail: %m\n", filename);
                return 1;
        }

        lseek(fd, 2048, SEEK_SET);
        if (read(fd, buf, sizeof(buf) - 1) != (sizeof(buf) - 1))
                printf("Read 4096 bityes data from %s fail: %m\n", filename);
out:
        close(fd);
        return 0;
}

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2015-10-21 15:55:47 -05:00
..
blocklayout nfs/blocklayout: Fix bad using of page offset in bl_read_pagelist 2015-10-21 15:55:47 -05:00
filelayout nfs/filelayout: Fix NULL reference caused by double freeing of fh_array 2015-09-17 18:10:28 -04:00
flexfilelayout NFSv4.1/flexfiles: Clean up ff_layout_write_done_cb/ff_layout_commit_done_cb 2015-09-02 15:24:54 -07:00
objlayout NFSv4.1/pnfs: Separate out metadata and data consistency for pNFS 2015-03-27 12:39:38 -04:00
cache_lib.c
cache_lib.h
callback.c NFS client updates for Linux 4.3 2015-09-07 14:02:24 -07:00
callback.h NFS: Remove the left function defines in callback.h 2015-10-21 15:49:22 -05:00
callback_proc.c NFS: Remove unneeded NFS_DEBUG checking before define NFSDBG_FACILITY 2015-10-21 15:49:23 -05:00
callback_xdr.c NFS: Return directly if encode_sessionid fail 2015-10-21 15:49:23 -05:00
client.c NFS: Use RPC functions for matching sockaddrs 2015-08-17 13:29:51 -05:00
delegation.c NFSv4: Recovery of recalled read delegations is broken 2015-09-20 22:34:16 -04:00
delegation.h NFSv4: Recovery of recalled read delegations is broken 2015-09-20 22:34:16 -04:00
dir.c NFS: Rename nfs_readdir_free_pagearray() and nfs_readdir_large_page() 2015-08-17 13:29:31 -05:00
direct.c NFS: Skip checking ds_cinfo.buckets when lseg's commit_through_mds is set 2015-09-22 18:09:14 -04:00
dns_resolve.c
dns_resolve.h
file.c NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
fscache-index.c NFS: Fabricate fscache server index key correctly 2014-09-25 21:25:18 -04:00
fscache.c nfs: define nfs_inc_fscache_stats and using it as possible 2014-11-24 20:08:47 -05:00
fscache.h
getroot.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
inode.c Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files" 2015-09-04 16:54:29 -04:00
internal.h NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
iostat.h nfs: define nfs_inc_fscache_stats and using it as possible 2014-11-24 20:08:47 -05:00
Kconfig kernel: conditionally support non-root users, groups and capabilities 2015-04-15 16:35:22 -07:00
Makefile NFS: Rename idmap.c to nfs4idmap.c 2015-04-23 15:16:14 -04:00
mount_clnt.c NFS: Remove unneeded NFS_DEBUG checking before define NFSDBG_FACILITY 2015-10-21 15:49:23 -05:00
namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
netns.h pnfs/blocklayout: serialize GETDEVICEINFO calls 2014-11-12 14:22:52 -05:00
nfs.h
nfs2super.c
nfs2xdr.c nfs: save server READ/WRITE/COMMIT status 2015-02-03 11:06:40 -08:00
nfs3_fs.h nfsv3: introduce nfs3_set_ds_client 2015-02-03 11:06:34 -08:00
nfs3acl.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3client.c nfs: set hostname when creating nfsv3 ds connection 2015-02-03 11:06:38 -08:00
nfs3proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3super.c nfsv3: introduce nfs3_set_ds_client 2015-02-03 11:06:34 -08:00
nfs3xdr.c xprtrdma: Fix large NFS SYMLINK calls 2015-08-05 16:21:28 -04:00
nfs4_fs.h NFS: Remove nfs41_server_notify_{target|highest}_slotid_update() 2015-08-17 13:32:00 -05:00
nfs4client.c NFS: Use RPC functions for matching sockaddrs 2015-08-17 13:29:51 -05:00
nfs4file.c NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
nfs4getroot.c nfs: Remove invalid NFS_ATTR_FATTR_V4_REFERRAL checking in nfs4_get_rootfh 2015-07-01 11:31:22 -04:00
nfs4idmap.c NFS: Combine nfs_idmap_{init|quit}() and nfs_idmap_{init|quit}_keyring() 2015-08-17 13:29:56 -05:00
nfs4idmap.h NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs4proc.c nfs4: reset states to use open_stateid when returning delegation voluntarily 2015-10-02 15:43:07 -04:00
nfs4renewd.c NFSv4.1: Fix an NFSv4.1 state renewal regression 2014-09-30 17:18:42 -04:00
nfs4session.c NFSv4.1: Don't set up a backchannel if the server didn't agree to do so 2015-02-18 12:30:47 -08:00
nfs4session.h NFSv4.1: Clear the old state by our client id before establishing a new lease 2015-03-03 21:52:30 -05:00
nfs4state.c NFSv4: Don't try to reclaim unused state owners 2015-10-02 15:43:07 -04:00
nfs4super.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4sysctl.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4trace.c
nfs4trace.h NFS: Fix a tracepoint NULL-pointer dereference 2015-10-06 18:56:25 -04:00
nfs4xdr.c NFSv4: Express delegation limit in units of pages 2015-09-07 12:36:13 -04:00
nfs42.h nfs42: remove unused declaration 2015-08-25 20:06:56 -04:00
nfs42proc.c nfs: fix v4.2 SEEK on files over 2 gigs 2015-09-17 15:48:23 -04:00
nfs42xdr.c nfs42: decode_layoutstats does not need res parameter 2015-08-25 20:06:56 -04:00
nfsroot.c nfsroot: make nfsroot to accept the 1024 bytes long directory name 2015-10-21 15:49:19 -05:00
nfstrace.c NFSv4: Allow tracing of NFSv4 fsync calls 2015-03-27 12:39:34 -04:00
nfstrace.h NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping 2014-01-27 15:35:56 -05:00
pagelist.c nfs: fix pg_test page count calculation 2015-09-17 15:48:23 -04:00
pnfs.c NFS41: make close wait for layoutreturn 2015-09-23 08:55:32 -04:00
pnfs.h NFS41: make close wait for layoutreturn 2015-09-23 08:55:32 -04:00
pnfs_dev.c NFSv4.1: Don't cache deviceids that have no notifications 2015-03-27 12:32:24 -04:00
pnfs_nfs.c NFS41: fix list splice type 2015-08-20 13:43:53 -05:00
proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
read.c NFS: Do cleanup before resetting pageio read/write to mds 2015-09-20 13:46:45 -04:00
super.c NFS: Remove the left global variable nfs_callback_tcpport 2015-10-21 15:49:22 -05:00
symlink.c don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
sysctl.c nfs: convert use of typedef ctl_table to struct ctl_table 2014-06-06 16:08:16 -07:00
unlink.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
write.c NFS: Fix a write performance regression 2015-10-02 15:43:07 -04:00