android_kernel_oneplus_msm8998/net/sunrpc at 9b1dcbc8cf4679ecf090b343ac31bda6e55ddabe - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Chuck Lever 9b1dcbc8cf xprtrdma: Store RDMA credits in unsigned variables Dan Carpenter's static checker pointed out: net/sunrpc/xprtrdma/rpc_rdma.c:879 rpcrdma_reply_handler() warn: can 'credits' be negative? "credits" is defined as an int. The credits value comes from the server as a 32-bit unsigned integer. A malicious or broken server can plant a large unsigned integer in that field which would result in an underflow in the following logic, potentially triggering a deadlock of the mount point by blocking the client from issuing more RPC requests. net/sunrpc/xprtrdma/rpc_rdma.c: 876 credits = be32_to_cpu(headerp->rm_credit); 877 if (credits == 0) 878 credits = 1; /* don't deadlock */ 879 else if (credits > r_xprt->rx_buf.rb_max_requests) 880 credits = r_xprt->rx_buf.rb_max_requests; 881 882 cwnd = xprt->cwnd; 883 xprt->cwnd = credits << RPC_CWNDSHIFT; 884 if (xprt->cwnd > cwnd) 885 xprt_release_rqst_cong(rqst->rq_task); Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: `eba8ff660b` ("xprtrdma: Move credit update to RPC . . .") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>		2015-02-23 16:54:04 -05:00
..
auth_gss	sunrpc: move rq_splice_ok flag into rq_flags	2014-12-09 11:22:21 -05:00
xprtrdma	xprtrdma: Store RDMA credits in unsigned variables	2015-02-23 16:54:04 -05:00
addr.c	replace strict_strto calls	2014-07-12 18:45:49 -04:00
auth.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
auth_generic.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
auth_null.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
auth_unix.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
backchannel_rqst.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
bc_svc.c	SUNRPC: remove BUG_ON from bc_send	2012-11-04 14:43:41 -05:00
cache.c	sunrpc/cache: convert to use string_escape_str()	2014-12-09 11:30:20 -05:00
clnt.c	sunrpc: add debugfs file for displaying client rpc_task queue	2014-11-27 13:14:51 -05:00
debugfs.c	sunrpc: add a debugfs rpc_xprt directory with an info file in it	2014-11-27 13:14:52 -05:00
Kconfig	sunrpc: add debugfs file for displaying client rpc_task queue	2014-11-27 13:14:51 -05:00
Makefile	sunrpc: add debugfs file for displaying client rpc_task queue	2014-11-27 13:14:51 -05:00
netns.h	Merge branch 'for-3.14' of git://linux-nfs.org/~bfields/linux	2014-01-30 10:18:43 -08:00
rpc_pipe.c	rpc_pipe: Drop memory allocation cast	2014-07-12 18:43:44 -04:00
rpcb_clnt.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
sched.c	sunrpc: eliminate RPC_TRACEPOINTS	2014-11-24 17:33:12 -05:00
socklib.c	net: Save software checksum complete	2014-06-11 15:46:13 -07:00
stats.c	SUNRPC: serialize iostats updates	2014-11-25 16:22:15 -05:00
sunrpc.h	SUNRPC: track whether a request is coming from a loop-back interface.	2014-05-22 15:59:18 -04:00
sunrpc_syms.c	sunrpc: add debugfs file for displaying client rpc_task queue	2014-11-27 13:14:51 -05:00
svc.c	sunrpc: convert to lockless lookup of queued server threads	2014-12-09 11:22:22 -05:00
svc_xprt.c	sunrpc: only call test_bit once in svc_xprt_received	2014-12-09 11:29:14 -05:00
svcauth.c	nfsd4: better reservation of head space for krb5	2014-05-30 17:32:17 -04:00
svcauth_unix.c	svcrpc: fix failures to handle -1 uid's	2013-07-08 17:27:23 -04:00
svcsock.c	sunrpc: move rq_local field to rq_flags	2014-12-09 11:21:21 -05:00
sysctl.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00
timer.c	net: cleanup unsigned to unsigned int	2012-04-15 12:44:40 -04:00
xdr.c	rpc: fix xdr_truncate_encode to handle buffer ending on page boundary	2015-01-07 14:03:58 -05:00
xprt.c	sunrpc: add a debugfs rpc_xprt directory with an info file in it	2014-11-27 13:14:52 -05:00
xprtsock.c	sunrpc: eliminate RPC_DEBUG	2014-11-24 17:31:46 -05:00