NFSD: Fix .pc_release method for NFSv2

nfsd_release_fhandle() assumes that rqstp->rq_resp always points to
an nfsd_fhandle struct. In fact, no NFSv2 procedure uses struct
nfsd_fhandle as its response structure.

So far that has been "safe" to do because the res structs put the
resp->fh field at that same offset as struct nfsd_fhandle. I don't
think that's a guarantee, though, and there is certainly nothing
preventing a developer from altering the fields in those structures.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c
index 2a4c417..c349e1d 100644 (file)
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -611,7 +611,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_getattr,
                .pc_decode = nfssvc_decode_fhandle,
                .pc_encode = nfssvc_encode_attrstat,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_attrstat,
                .pc_argsize = sizeof(struct nfsd_fhandle),
                .pc_ressize = sizeof(struct nfsd_attrstat),
                .pc_cachetype = RC_NOCACHE,
@@ -621,7 +621,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_setattr,
                .pc_decode = nfssvc_decode_sattrargs,
                .pc_encode = nfssvc_encode_attrstat,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_attrstat,
                .pc_argsize = sizeof(struct nfsd_sattrargs),
                .pc_ressize = sizeof(struct nfsd_attrstat),
                .pc_cachetype = RC_REPLBUFF,
@@ -640,7 +640,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_lookup,
                .pc_decode = nfssvc_decode_diropargs,
                .pc_encode = nfssvc_encode_diropres,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_diropres,
                .pc_argsize = sizeof(struct nfsd_diropargs),
                .pc_ressize = sizeof(struct nfsd_diropres),
                .pc_cachetype = RC_NOCACHE,
@@ -659,7 +659,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_read,
                .pc_decode = nfssvc_decode_readargs,
                .pc_encode = nfssvc_encode_readres,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_readres,
                .pc_argsize = sizeof(struct nfsd_readargs),
                .pc_ressize = sizeof(struct nfsd_readres),
                .pc_cachetype = RC_NOCACHE,
@@ -678,7 +678,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_write,
                .pc_decode = nfssvc_decode_writeargs,
                .pc_encode = nfssvc_encode_attrstat,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_attrstat,
                .pc_argsize = sizeof(struct nfsd_writeargs),
                .pc_ressize = sizeof(struct nfsd_attrstat),
                .pc_cachetype = RC_REPLBUFF,
@@ -688,7 +688,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_create,
                .pc_decode = nfssvc_decode_createargs,
                .pc_encode = nfssvc_encode_diropres,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_diropres,
                .pc_argsize = sizeof(struct nfsd_createargs),
                .pc_ressize = sizeof(struct nfsd_diropres),
                .pc_cachetype = RC_REPLBUFF,
@@ -734,7 +734,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_func = nfsd_proc_mkdir,
                .pc_decode = nfssvc_decode_createargs,
                .pc_encode = nfssvc_encode_diropres,
-               .pc_release = nfssvc_release_fhandle,
+               .pc_release = nfssvc_release_diropres,
                .pc_argsize = sizeof(struct nfsd_createargs),
                .pc_ressize = sizeof(struct nfsd_diropres),
                .pc_cachetype = RC_REPLBUFF,

diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
index b51fe51..39c004e 100644 (file)
--- a/fs/nfsd/nfsxdr.c
+++ b/fs/nfsd/nfsxdr.c
@@ -561,10 +561,23 @@ nfssvc_encode_entry(void *ccdv, const char *name,
 /*
  * XDR release functions
  */
-void
-nfssvc_release_fhandle(struct svc_rqst *rqstp)
+void nfssvc_release_attrstat(struct svc_rqst *rqstp)
 {
-       struct nfsd_fhandle *resp = rqstp->rq_resp;
+       struct nfsd_attrstat *resp = rqstp->rq_resp;
+
+       fh_put(&resp->fh);
+}
+
+void nfssvc_release_diropres(struct svc_rqst *rqstp)
+{
+       struct nfsd_diropres *resp = rqstp->rq_resp;
+
+       fh_put(&resp->fh);
+}
+
+void nfssvc_release_readres(struct svc_rqst *rqstp)
+{
+       struct nfsd_readres *resp = rqstp->rq_resp;
 
        fh_put(&resp->fh);
 }

diff --git a/fs/nfsd/xdr.h b/fs/nfsd/xdr.h
index ea7cca3..3d3e16d 100644 (file)
--- a/fs/nfsd/xdr.h
+++ b/fs/nfsd/xdr.h
@@ -156,7 +156,9 @@ int nfssvc_encode_readdirres(struct svc_rqst *, __be32 *);
 int nfssvc_encode_entry(void *, const char *name,
                        int namlen, loff_t offset, u64 ino, unsigned int);
 
-void nfssvc_release_fhandle(struct svc_rqst *);
+void nfssvc_release_attrstat(struct svc_rqst *rqstp);
+void nfssvc_release_diropres(struct svc_rqst *rqstp);
+void nfssvc_release_readres(struct svc_rqst *rqstp);
 
 /* Helper functions for NFSv2 ACL code */
 __be32 *nfs2svc_encode_fattr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp, struct kstat *stat);