struct nfs_fattr alignment problem in nfs3proc.c

Richard Curnow (Richard.Curnow@superh.com)
Fri, 21 Mar 2003 17:52:06 +0000

In the nfs3_proc_unlink_setup function, there appears to be a bug with
the way kmalloc is used to allocate storage for two structs grouped
together. The second struct ends up with a non 8-byte aligned pointer,
which can cause trouble later (in xdr_decode_fattr) when stores occur to
the u64 fields inside it. The following patch (on 2.4.19) fixes this
problem, though I'm not sure if it's the cleanest fix. (I hit this when
working on the port to SH-5, which is currently baselined on 2.4.19).

--- ../linux-2.4/fs/nfs/nfs3proc.c Fri Jan 3 15:01:17 2003
+++ fs/nfs/nfs3proc.c Fri Mar 21 17:42:38 2003
@@ -294,25 +294,28 @@
nfs_refresh_inode(dir, &dir_attr);
dprintk("NFS reply remove: %d\n", status);
return status;
}

static int
nfs3_proc_unlink_setup(struct rpc_message *msg, struct dentry *dir, struct qstr *name)
{
struct nfs3_diropargs *arg;
struct nfs_fattr *res;
+ int arg_size_8, res_size_8;

- arg = (struct nfs3_diropargs *)kmalloc(sizeof(*arg)+sizeof(*res), GFP_KERNEL);
+ arg_size_8 = (sizeof(*arg) + 7) & ~7;
+ res_size_8 = (sizeof(*res) + 7) & ~7;
+ arg = (struct nfs3_diropargs *)kmalloc(arg_size_8 + res_size_8, GFP_KERNEL);
if (!arg)
return -ENOMEM;
- res = (struct nfs_fattr*)(arg + 1);
+ res = (struct nfs_fattr*)((char *)arg + arg_size_8);
arg->fh = NFS_FH(dir->d_inode);
arg->name = name->name;
arg->len = name->len;
res->valid = 0;
msg->rpc_proc = NFS3PROC_REMOVE;
msg->rpc_argp = arg;
msg->rpc_resp = res;
return 0;
}

-- 
Richard \\\ SuperH Core+Debug Architect /// .. At home ..
  P.    /// richard.curnow@superh.com  ///  rc@rc0.org.uk
Curnow  \\\ http://www.superh.com/    ///  www.rc0.org.uk
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/