summaryrefslogtreecommitdiffstats
path: root/fs/nfs/nfs4proc.c
diff options
context:
space:
mode:
authorAndy Adamson <andros@netapp.com>2009-04-01 09:22:32 -0400
committerBenny Halevy <bhalevy@panasas.com>2009-06-17 12:24:52 -0700
commit8d35301d7db4165f2430c428865f7b0add47615d (patch)
treea808476a2b38ae440dd66634f776dcd334c13d77 /fs/nfs/nfs4proc.c
parentfc931582c260e53ca5ca23bd70ccc9b2265cca9f (diff)
downloadkernel-crypto-8d35301d7db4165f2430c428865f7b0add47615d.tar.gz
kernel-crypto-8d35301d7db4165f2430c428865f7b0add47615d.tar.xz
kernel-crypto-8d35301d7db4165f2430c428865f7b0add47615d.zip
nfs41: verify session channel attribues
Invalidate the session if the server returns invalid fore or back channel attributes. Use a KERN_WARNING to report the fatal session estabishment error. Signed-off-by: Andy Adamson <andros@netapp.com> [refactor nfs4_verify_channel_attrs] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs/nfs4proc.c')
-rw-r--r--fs/nfs/nfs4proc.c50
1 files changed, 48 insertions, 2 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 7d81d6e5753..4d7a8b9e129 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -4409,6 +4409,51 @@ static void nfs4_init_channel_attrs(struct nfs41_create_session_args *args)
args->bc_attrs.max_reqs);
}
+static int _verify_channel_attr(char *chan, char *attr_name, u32 sent, u32 rcvd)
+{
+ if (rcvd <= sent)
+ return 0;
+ printk(KERN_WARNING "%s: Session INVALID: %s channel %s increased. "
+ "sent=%u rcvd=%u\n", __func__, chan, attr_name, sent, rcvd);
+ return -EINVAL;
+}
+
+#define _verify_fore_channel_attr(_name_) \
+ _verify_channel_attr("fore", #_name_, \
+ args->fc_attrs._name_, \
+ session->fc_attrs._name_)
+
+#define _verify_back_channel_attr(_name_) \
+ _verify_channel_attr("back", #_name_, \
+ args->bc_attrs._name_, \
+ session->bc_attrs._name_)
+
+/*
+ * The server is not allowed to increase the fore channel header pad size,
+ * maximum response size, or maximum number of operations.
+ *
+ * The back channel attributes are only negotiatied down: We send what the
+ * (back channel) server insists upon.
+ */
+static int nfs4_verify_channel_attrs(struct nfs41_create_session_args *args,
+ struct nfs4_session *session)
+{
+ int ret = 0;
+
+ ret |= _verify_fore_channel_attr(headerpadsz);
+ ret |= _verify_fore_channel_attr(max_resp_sz);
+ ret |= _verify_fore_channel_attr(max_ops);
+
+ ret |= _verify_back_channel_attr(headerpadsz);
+ ret |= _verify_back_channel_attr(max_rqst_sz);
+ ret |= _verify_back_channel_attr(max_resp_sz);
+ ret |= _verify_back_channel_attr(max_resp_sz_cached);
+ ret |= _verify_back_channel_attr(max_ops);
+ ret |= _verify_back_channel_attr(max_reqs);
+
+ return ret;
+}
+
static int _nfs4_proc_create_session(struct nfs_client *clp)
{
struct nfs4_session *session = clp->cl_session;
@@ -4431,8 +4476,9 @@ static int _nfs4_proc_create_session(struct nfs_client *clp)
status = rpc_call_sync(session->clp->cl_rpcclient, &msg, 0);
- /* Set the negotiated values in the session's channel_attrs struct */
-
+ if (!status)
+ /* Verify the session's negotiated channel_attrs values */
+ status = nfs4_verify_channel_attrs(&args, session);
if (!status) {
/* Increment the clientid slot sequence id */
clp->cl_seqid++;