nfsd41: check the size of request

Check in SEQUENCE that the request doesn't exceed maxreq_sz for the
given session.

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index fe4ba68886d829eb417244574d64e357d4f000ce..6a471af99dfd93f3ce88b77936dcf74419d7e1d7 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1762,6 +1762,14 @@ static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_sess
        return args->opcnt > session->se_fchannel.maxops;
 }
 
+static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
+                                 struct nfsd4_session *session)
+{
+       struct xdr_buf *xb = &rqstp->rq_arg;
+
+       return xb->len > session->se_fchannel.maxreq_sz;
+}
+
 __be32
 nfsd4_sequence(struct svc_rqst *rqstp,
               struct nfsd4_compound_state *cstate,
@@ -1794,6 +1802,10 @@ nfsd4_sequence(struct svc_rqst *rqstp,
        if (nfsd4_session_too_many_ops(rqstp, session))
                goto out;
 
+       status = nfserr_req_too_big;
+       if (nfsd4_request_too_big(rqstp, session))
+               goto out;
+
        status = nfserr_badslot;
        if (seq->slotid >= session->se_fchannel.maxreqs)
                goto out;