mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 09:10:28 +00:00
Fixes for NFS crashes on architectures that require strict alignment.
- Fix nfsm_disct() so that after pulling up data, the remaining data is aligned if necessary. - Fix nfs_clnt_tcp_soupcall() to bcopy() the rpc length out of the mbuf (instead of casting m_data to a uint32). Submitted by: Pyun YongHyeon Reviewed by: Mohan Srinivasan
This commit is contained in:
parent
37b40e499e
commit
0e38f5365b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=148008
|
@ -170,7 +170,7 @@ nfsm_disct(struct mbuf **mdp, caddr_t *dposp, int siz, int left, int how)
|
|||
{
|
||||
struct mbuf *mp, *mp2;
|
||||
int siz2, xfer;
|
||||
caddr_t ptr;
|
||||
caddr_t ptr, npos = NULL;
|
||||
void *ret;
|
||||
|
||||
mp = *mdp;
|
||||
|
@ -192,6 +192,7 @@ nfsm_disct(struct mbuf **mdp, caddr_t *dposp, int siz, int left, int how)
|
|||
MGET(mp2, how, MT_DATA);
|
||||
if (mp2 == NULL)
|
||||
return NULL;
|
||||
mp2->m_len = siz;
|
||||
mp2->m_next = mp->m_next;
|
||||
mp->m_next = mp2;
|
||||
mp->m_len -= left;
|
||||
|
@ -202,6 +203,7 @@ nfsm_disct(struct mbuf **mdp, caddr_t *dposp, int siz, int left, int how)
|
|||
siz2 = siz-left;
|
||||
ptr += left;
|
||||
mp2 = mp->m_next;
|
||||
npos = mtod(mp2, caddr_t);
|
||||
/* Loop around copying up the siz2 bytes */
|
||||
while (siz2 > 0) {
|
||||
if (mp2 == NULL)
|
||||
|
@ -214,12 +216,19 @@ nfsm_disct(struct mbuf **mdp, caddr_t *dposp, int siz, int left, int how)
|
|||
ptr += xfer;
|
||||
siz2 -= xfer;
|
||||
}
|
||||
if (siz2 > 0)
|
||||
if (siz2 > 0) {
|
||||
mp2 = mp2->m_next;
|
||||
if (mp2 != NULL)
|
||||
npos = mtod(mp2, caddr_t);
|
||||
}
|
||||
}
|
||||
mp->m_len = siz;
|
||||
*mdp = mp2;
|
||||
*dposp = mtod(mp2, caddr_t);
|
||||
if (!nfsm_aligned(*dposp, u_int32_t)) {
|
||||
bcopy(*dposp, npos, mp2->m_len);
|
||||
mp2->m_data = npos;
|
||||
*dposp = npos;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -127,4 +127,10 @@ do { \
|
|||
nfsm_dcheck(t1, mrep); \
|
||||
} while (0)
|
||||
|
||||
#ifdef __NO_STRICT_ALIGNMENT
|
||||
#define nfsm_aligned(p, t) 1
|
||||
#else
|
||||
#define nfsm_aligned(p, t) ((((u_long)(p)) & (sizeof(t) - 1)) == 0)
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -814,7 +814,8 @@ nfs_clnt_tcp_soupcall(struct socket *so, void *arg, int waitflag)
|
|||
}
|
||||
if (mp == NULL)
|
||||
panic("nfs_clnt_tcp_soupcall: Got empty mbuf chain from sorecv\n");
|
||||
len = ntohl(*mtod(mp, u_int32_t *)) & ~0x80000000;
|
||||
bcopy(mtod(mp, u_int32_t *), &len, sizeof(len));
|
||||
len = ntohl(len) & ~0x80000000;
|
||||
m_freem(mp);
|
||||
/*
|
||||
* This is SERIOUS! We are out of sync with the sender
|
||||
|
|
Loading…
Reference in a new issue