NFSv4: Catch and trace server filehandle encoding errors

If the server returns a filehandle with an invalid length, then trace
that, and return an EREMOTEIO error.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
index 83ad62c81fc73105ae96ee20098f3be48ae1d77f..e6eca1d7481b8951c593844a7b8fa4ab87ab1f23 100644 (file)
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -433,7 +433,7 @@ static int decode_nfs_fh3(struct xdr_stream *xdr, struct nfs_fh *fh)
        if (unlikely(!p))
                return -EIO;
        length = be32_to_cpup(p++);
-       if (unlikely(length > NFS3_FHSIZE))
+       if (unlikely(length > NFS3_FHSIZE || length == 0))
                goto out_toobig;
        p = xdr_inline_decode(xdr, length);
        if (unlikely(!p))
@@ -442,7 +442,7 @@ static int decode_nfs_fh3(struct xdr_stream *xdr, struct nfs_fh *fh)
        memcpy(fh->data, p, length);
        return 0;
 out_toobig:
-       dprintk("NFS: file handle size (%u) too big\n", length);
+       trace_nfs_xdr_bad_filehandle(xdr, NFSERR_BADHANDLE);
        return -E2BIG;
 }
 

diff --git a/fs/nfs/nfs4trace.h b/fs/nfs/nfs4trace.h
index 114983a706e9549ab39d9d2e1a18c7fdf018188c..2ef75caad6dabfaa7c62ae6e72faf1751286931d 100644 (file)
--- a/fs/nfs/nfs4trace.h
+++ b/fs/nfs/nfs4trace.h
@@ -745,6 +745,7 @@ DECLARE_EVENT_CLASS(nfs4_xdr_event,
                        ), \
                        TP_ARGS(xdr, op, error))
 DEFINE_NFS4_XDR_EVENT(nfs4_xdr_status);
+DEFINE_NFS4_XDR_EVENT(nfs4_xdr_bad_filehandle);
 
 DECLARE_EVENT_CLASS(nfs4_cb_error_class,
                TP_PROTO(

diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index ee7a7a132acc4026fa656432f1bb5ed7ba04ce9f..3d7e10c2659716032c7e1b3dcbab65aced35512a 100644 (file)
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -3495,8 +3495,11 @@ static int decode_attr_filehandle(struct xdr_stream *xdr, uint32_t *bitmap, stru
                if (unlikely(!p))
                        return -EIO;
                len = be32_to_cpup(p);
-               if (len > NFS4_FHSIZE)
-                       return -EIO;
+               if (len > NFS4_FHSIZE || len == 0) {
+                       trace_nfs4_xdr_bad_filehandle(xdr, OP_READDIR,
+                                                     NFS4ERR_BADHANDLE);
+                       return -EREMOTEIO;
+               }
                p = xdr_inline_decode(xdr, len);
                if (unlikely(!p))
                        return -EIO;
@@ -4952,8 +4955,10 @@ static int decode_getfh(struct xdr_stream *xdr, struct nfs_fh *fh)
        if (unlikely(!p))
                return -EIO;
        len = be32_to_cpup(p);
-       if (len > NFS4_FHSIZE)
-               return -EIO;
+       if (len > NFS4_FHSIZE || len == 0) {
+               trace_nfs4_xdr_bad_filehandle(xdr, OP_GETFH, NFS4ERR_BADHANDLE);
+               return -EREMOTEIO;
+       }
        fh->size = len;
        p = xdr_inline_decode(xdr, len);
        if (unlikely(!p))

diff --git a/fs/nfs/nfstrace.c b/fs/nfs/nfstrace.c
index a90b363500c22f76c6865d22c2db513ecbb9523f..5d1bfccbb4dabc4cb1693ecf3464bfd6fa3423e8 100644 (file)
--- a/fs/nfs/nfstrace.c
+++ b/fs/nfs/nfstrace.c
@@ -12,3 +12,4 @@
 EXPORT_TRACEPOINT_SYMBOL_GPL(nfs_fsync_enter);
 EXPORT_TRACEPOINT_SYMBOL_GPL(nfs_fsync_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(nfs_xdr_status);
+EXPORT_TRACEPOINT_SYMBOL_GPL(nfs_xdr_bad_filehandle);

diff --git a/fs/nfs/nfstrace.h b/fs/nfs/nfstrace.h
index 45eda4db42fd0cc78c9f70692c337f4c96a9315c..eb1ef3462e84200d74d6753df6f0c17c3f34e894 100644 (file)
--- a/fs/nfs/nfstrace.h
+++ b/fs/nfs/nfstrace.h
@@ -1451,6 +1451,7 @@ DECLARE_EVENT_CLASS(nfs_xdr_event,
                        ), \
                        TP_ARGS(xdr, error))
 DEFINE_NFS_XDR_EVENT(nfs_xdr_status);
+DEFINE_NFS_XDR_EVENT(nfs_xdr_bad_filehandle);
 
 #endif /* _TRACE_NFS_H */