nfsd41: error out when client sets maxreq_sz or maxresp_sz too small
authorMi Jinlong <mijinlong@cn.fujitsu.com>
Thu, 14 Jul 2011 06:50:17 +0000 (14:50 +0800)
committerJ. Bruce Fields <bfields@redhat.com>
Fri, 15 Jul 2011 22:58:51 +0000 (18:58 -0400)
According to RFC5661, 18.36.3,

 "if the client selects a value for ca_maxresponsesize such that
  a replier on a channel could never send a response,the server
  SHOULD return NFS4ERR_TOOSMALL in the CREATE_SESSION reply."

So, error out when the client sets a maxreq_sz less than the minimum
possible SEQUENCE request size, or sets a maxresp_sz less than the
minimum possible SEQUENCE reply size.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/nfs4state.c

index e252aa7..fe4ba68 100644 (file)
@@ -1506,6 +1506,29 @@ nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
        return slot->sl_status;
 }
 
+#define NFSD_MIN_REQ_HDR_SEQ_SZ        ((\
+                       2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
+                       1 +     /* MIN tag is length with zero, only length */ \
+                       3 +     /* version, opcount, opcode */ \
+                       XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
+                               /* seqid, slotID, slotID, cache */ \
+                       4 ) * sizeof(__be32))
+
+#define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
+                       2 +     /* verifier: AUTH_NULL, length 0 */\
+                       1 +     /* status */ \
+                       1 +     /* MIN tag is length with zero, only length */ \
+                       3 +     /* opcount, opcode, opstatus*/ \
+                       XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
+                               /* seqid, slotID, slotID, slotID, status */ \
+                       5 ) * sizeof(__be32))
+
+static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs fchannel)
+{
+       return fchannel.maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ
+               || fchannel.maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ;
+}
+
 __be32
 nfsd4_create_session(struct svc_rqst *rqstp,
                     struct nfsd4_compound_state *cstate,
@@ -1574,6 +1597,10 @@ nfsd4_create_session(struct svc_rqst *rqstp,
        cr_ses->flags &= ~SESSION4_PERSIST;
        cr_ses->flags &= ~SESSION4_RDMA;
 
+       status = nfserr_toosmall;
+       if (check_forechannel_attrs(cr_ses->fore_channel))
+               goto out;
+
        status = nfserr_jukebox;
        new = alloc_init_session(rqstp, conf, cr_ses);
        if (!new)