SUNRPC: Don't decode beyond the end of the RPC reply message Now that xdr_inline_decode() will automatically cross into the page buffers, we need to ensure that it doesn't exceed the total reply message length. This patch sets up a counter that tracks the number of words remaining in the reply message, and ensures that xdr_inline_decode, xdr_read_pages and xdr_enter_page respect the end of message boundary. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

commit: bfeea1dc1c9238f9e5a17a265489ecd0d19f66bb [log] [tgz]
author: Trond Myklebust <Trond.Myklebust@netapp.com> Wed Jun 20 09:58:35 2012 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> Thu Jun 28 17:20:41 2012 -0400
tree: 009163b2f4c0255599d3c781a833c2dcfaa621ed
parent: 1537693ceaa8d6484f1ce631bec85658bfa9816c [diff] [blame]
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index af70af3..f1e7f88 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h

@@ -205,6 +205,7 @@
 	struct kvec *iov;	/* pointer to the current kvec */
 	struct kvec scratch;	/* Scratch buffer */
 	struct page **page_ptr;	/* pointer to the current page */
+	unsigned int nwords;	/* Remaining decode buffer length */
 };
 
 /*
commit	bfeea1dc1c9238f9e5a17a265489ecd0d19f66bb	[log] [tgz]
author	Trond Myklebust <Trond.Myklebust@netapp.com>	Wed Jun 20 09:58:35 2012 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	Thu Jun 28 17:20:41 2012 -0400
tree	009163b2f4c0255599d3c781a833c2dcfaa621ed
parent	1537693ceaa8d6484f1ce631bec85658bfa9816c [diff] [blame]