diff options
| author | Dave Airlie <airlied@redhat.com> | 2012-10-02 09:19:32 +1000 |
|---|---|---|
| committer | Dave Airlie <airlied@redhat.com> | 2012-10-02 09:19:32 +1000 |
| commit | 8c98449ad316ba95a8f0a3ee3eaeb03dcd7f9ccc (patch) | |
| tree | 575c51d772059012eeffc301597589ed7c391321 /fs/nfs/nfs4xdr.c | |
| parent | 7facf16690dc4160e5ff605271704183ff56b2d9 (diff) | |
| parent | f531dcb23f9a5c6ad77e451459df965dc9a0c0c8 (diff) | |
Merge branch 'for-airlied' of git://people.freedesktop.org/~danvet/drm-intel into drm-next
Last pile of stuff for 3.7, essentially just a bunch of bigger fixes and a
few less intrusive features:
- cpu freq interface in sysfs from Ben
- cpu edp fixes and some related cleanups
- write-combining ptes for pre-gen6 (Chris)
- basic CADL support (Peter Wu), this fixes quite a few issues with
backlights ...
- rework of the gem backing pages handling (preps for stolen mem handling)
from Chris
- some more cleanup-fallout from the modeset-rework
On top of that I've done a backmerge of -rc7(since the conflicts got too
messy and I've pushed out broken merged trees too often). I've also
included 3 fixes on top of what QA beat on:
- Fix for a infoframe handling regression in 3.5 - infoframe blows up too
often and 3.6 is pretty much done, so I'd like to merge that through
-next and the stable process and give it more exposure before it lands
in a stable tree.
- ioctl cosmetics^Wspelling fix in the structs (userspace won't be
affected, since all existing userspace uses private copies of the ioctl
struct definitions, and the struct layout itself is abi compatible).
- Bugfix for a regression introduced in this pull's testing cycle.
* 'for-airlied' of git://people.freedesktop.org/~danvet/drm-intel: (695 commits)
drm/i915: Wrap external callers to IPS state with appropriate locks
drm/i915: s/cacheing/caching/
drm/i915: make sure we write all the DIP data bytes
drm/i915: BUG() on unexpected HDMI register
...
Diffstat (limited to 'fs/nfs/nfs4xdr.c')
| -rw-r--r-- | fs/nfs/nfs4xdr.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 1bfbd67c556..8dba6bd4855 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -5072,18 +5072,14 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req, * are stored with the acl data to handle the problem of * variable length bitmaps.*/ res->acl_data_offset = xdr_stream_pos(xdr) - pg_offset; - - /* We ignore &savep and don't do consistency checks on - * the attr length. Let userspace figure it out.... */ res->acl_len = attrlen; - if (attrlen > (xdr->nwords << 2)) { - if (res->acl_flags & NFS4_ACL_LEN_REQUEST) { - /* getxattr interface called with a NULL buf */ - goto out; - } + + /* Check for receive buffer overflow */ + if (res->acl_len > (xdr->nwords << 2) || + res->acl_len + res->acl_data_offset > xdr->buf->page_len) { + res->acl_flags |= NFS4_ACL_TRUNC; dprintk("NFS: acl reply: attrlen %u > page_len %u\n", attrlen, xdr->nwords << 2); - return -EINVAL; } } else status = -EOPNOTSUPP; @@ -6229,7 +6225,8 @@ static int nfs4_xdr_dec_open(struct rpc_rqst *rqstp, struct xdr_stream *xdr, status = decode_open(xdr, res); if (status) goto out; - if (decode_getfh(xdr, &res->fh) != 0) + status = decode_getfh(xdr, &res->fh); + if (status) goto out; decode_getfattr(xdr, res->f_attr, res->server); out: |