diff options
| author | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-07-17 09:56:14 -0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <m.chehab@samsung.com> | 2014-07-17 09:56:14 -0300 |
| commit | 419cb9b34785afba73255802711246ea5c75809b (patch) | |
| tree | 964cef268c9627001ececc4fae45d50385cfe23f /fs/nfsd/nfs4xdr.c | |
| parent | 0ba2aeb6dab80920edd9cf5b93b1ea4d6913b8f3 (diff) | |
| parent | 1795cd9b3a91d4b5473c97f491d63892442212ab (diff) | |
Merge tag 'v3.16-rc5' into HEAD
Docbook creation was broken. We need to move after
v3.16-rc1-3-ga981296f048b in order to get commit
a981296f048b99b0d5bb4d87c732a6cfb35a1c66.
Linux 3.16-rc5
* tag 'v3.16-rc5': (985 commits)
Linux 3.16-rc5
clk: spear3xx: Set proper clock parent of uart1/2
clk: spear3xx: Use proper control register offset
parisc: drop unused defines and header includes
parisc: fix fanotify_mark() syscall on 32bit compat kernel
parisc: add serial ports of C8000/1GHz machine to hardware database
ext4: fix potential null pointer dereference in ext4_free_inode
ext4: fix a potential deadlock in __ext4_es_shrink()
Documenation/laptops: rename and update hpfall.c
DocBook: fix various typos
DocBook: fix mtdnand typos
scripts/kernel-doc: handle object-like macros
Documentation/Changes: clean up mcelog paragraph
ARM: at91: at91sam9x5: add clocks for usb device
phy: omap-usb2: Balance pm_runtime_enable() on probe failure and remove
phy: core: Fix error path in phy_create()
drivers: phy: phy-samsung-usb2.c: Add missing MODULE_DEVICE_TABLE
phy: omap-usb2: fix devm_ioremap_resource error detection code
phy: sun4i: depend on RESET_CONTROLLER
USB: serial: ftdi_sio: Add Infineon Triboard
...
Diffstat (limited to 'fs/nfsd/nfs4xdr.c')
| -rw-r--r-- | fs/nfsd/nfs4xdr.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 2d305a121f37..b56b1cc02718 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -600,7 +600,18 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create READ_BUF(4); create->cr_linklen = be32_to_cpup(p++); READ_BUF(create->cr_linklen); - SAVEMEM(create->cr_linkname, create->cr_linklen); + /* + * The VFS will want a null-terminated string, and + * null-terminating in place isn't safe since this might + * end on a page boundary: + */ + create->cr_linkname = + kmalloc(create->cr_linklen + 1, GFP_KERNEL); + if (!create->cr_linkname) + return nfserr_jukebox; + memcpy(create->cr_linkname, p, create->cr_linklen); + create->cr_linkname[create->cr_linklen] = '\0'; + defer_free(argp, kfree, create->cr_linkname); break; case NF4BLK: case NF4CHR: @@ -2630,7 +2641,7 @@ nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr) { __be32 *p; - p = xdr_reserve_space(xdr, 6); + p = xdr_reserve_space(xdr, 20); if (!p) return NULL; *p++ = htonl(2); @@ -2687,6 +2698,7 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, nfserr = nfserr_toosmall; goto fail; case nfserr_noent: + xdr_truncate_encode(xdr, start_offset); goto skip_entry; default: /* @@ -3266,7 +3278,7 @@ nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd wire_count = htonl(maxcount); write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4); - xdr_truncate_encode(xdr, length_offset + 4 + maxcount); + xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4)); if (maxcount & 3) write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount, &zero, 4 - (maxcount&3)); |