[Bug 260293] big counts in LAYOUTRETURN can cause NFS v4 nfsrv_flexlayouterr() to page-fault

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260293] big counts in LAYOUTRETURN can cause NFS v4 nfsrv_flexlayouterr() to page-fault"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 13 Dec 2021 05:30:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260293

Rick Macklem <rmacklem@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |rmacklem@FreeBSD.org
             Status|New                         |Open

--- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> ---
Created attachment 230070
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=230070&action=edit
check against maxcnt when parsing a flex file error reply

This patch decrements maxcnt by the appropriate
number of bytes during parsing and checks to see
if there is data remaining.  If not, it just returns
from nfsrv_flexlayouterr() without further processing.

This should fix the crashes.

Maybe the reporter can check to confirm that the patch
fixes the problem for him?

-- 
You are receiving this mail because:
You are the assignee for the bug.