Over TCP, RPC's are preceded by a single 4-byte field telling you how
long the rpc is (in bytes). The spec also allows you to send an RPC in
multiple such records (the high bit of the length field is used to tell
you whether this is the final record).
We've survived for years without supporting this because in practice the
clients we care about don't use it. But the userland rpc libraries do,
and every now and then an experimental client will run into this. (Most
recently I noticed it while trying to write a pynfs check.) And we're
really on the wrong side of the spec here--let's fix this.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
- if (!(svc_sock_final_rec(svsk))) {
- /* FIXME: technically, a record can be fragmented,
- * and non-terminal fragments will not have the top
- * bit set in the fragment length header.
- * But apparently no known nfs clients send fragmented
- * records. */
- net_notice_ratelimited("RPC: multiple fragments per record not supported\n");
- goto err_delete;
- }
-
dprintk("svc: TCP record, %d bytes\n", svc_sock_reclen(svsk));
dprintk("svc: TCP record, %d bytes\n", svc_sock_reclen(svsk));
- if (svc_sock_reclen(svsk) > serv->sv_max_mesg) {
+ if (svc_sock_reclen(svsk) + svsk->sk_datalen >
+ serv->sv_max_mesg) {
net_notice_ratelimited("RPC: fragment too large: 0x%08lx\n",
net_notice_ratelimited("RPC: fragment too large: 0x%08lx\n",
- (unsigned long)svc_sock_reclen(svsk));
+ (unsigned long)svsk->sk_reclen);
+static void svc_tcp_fragment_received(struct svc_sock *svsk)
+{
+ /* If we have more data, signal svc_xprt_enqueue() to try again */
+ if (svc_recv_available(svsk) > sizeof(rpc_fraghdr))
+ set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
+ dprintk("svc: TCP %s record (%d bytes)\n",
+ svc_sock_final_rec(svsk) ? "final" : "nonfinal",
+ svc_sock_reclen(svsk));
+ svsk->sk_tcplen = 0;
+ svsk->sk_reclen = 0;
+}
/*
* Receive data from a TCP socket.
/*
* Receive data from a TCP socket.
goto error;
base = svc_tcp_restore_pages(svsk, rqstp);
goto error;
base = svc_tcp_restore_pages(svsk, rqstp);
- want = svc_sock_reclen(svsk) - base;
+ want = svc_sock_reclen(svsk) - (svsk->sk_tcplen - sizeof(rpc_fraghdr));
vec = rqstp->rq_vec;
pnum = copy_pages_to_kvecs(&vec[0], &rqstp->rq_pages[0],
vec = rqstp->rq_vec;
pnum = copy_pages_to_kvecs(&vec[0], &rqstp->rq_pages[0],
- svc_sock_reclen(svsk));
+ svsk->sk_datalen + want);
rqstp->rq_respages = &rqstp->rq_pages[pnum];
rqstp->rq_respages = &rqstp->rq_pages[pnum];
svsk->sk_tcplen += len;
svsk->sk_datalen += len;
}
svsk->sk_tcplen += len;
svsk->sk_datalen += len;
}
+ if (len != want || !svc_sock_final_rec(svsk)) {
svc_tcp_save_pages(svsk, rqstp);
if (len < 0 && len != -EAGAIN)
goto err_delete;
svc_tcp_save_pages(svsk, rqstp);
if (len < 0 && len != -EAGAIN)
goto err_delete;
- dprintk("svc: incomplete TCP record (%d of %d)\n",
- svsk->sk_tcplen - sizeof(rpc_fraghdr),
- svc_sock_reclen(svsk));
+ if (len == want)
+ svc_tcp_fragment_received(svsk);
+ else
+ dprintk("svc: incomplete TCP record (%ld of %d)\n",
+ svsk->sk_tcplen - sizeof(rpc_fraghdr),
+ svc_sock_reclen(svsk));
goto err_noclose;
}
if (svc_sock_reclen(svsk) < 8)
goto err_delete; /* client is nuts. */
goto err_noclose;
}
if (svc_sock_reclen(svsk) < 8)
goto err_delete; /* client is nuts. */
- rqstp->rq_arg.len = svc_sock_reclen(svsk);
+ rqstp->rq_arg.len = svsk->sk_datalen;
rqstp->rq_arg.page_base = 0;
if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len) {
rqstp->rq_arg.head[0].iov_len = rqstp->rq_arg.len;
rqstp->rq_arg.page_base = 0;
if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len) {
rqstp->rq_arg.head[0].iov_len = rqstp->rq_arg.len;
len = receive_cb_reply(svsk, rqstp);
/* Reset TCP read info */
len = receive_cb_reply(svsk, rqstp);
/* Reset TCP read info */
- svsk->sk_reclen = 0;
- svsk->sk_tcplen = 0;
- /* If we have more data, signal svc_xprt_enqueue() to try again */
- if (svc_recv_available(svsk) > sizeof(rpc_fraghdr))
- set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
+ svc_tcp_fragment_received(svsk);
if (serv->sv_stats)
serv->sv_stats->nettcpcnt++;
if (serv->sv_stats)
serv->sv_stats->nettcpcnt++;
- dprintk("svc: TCP complete record (%d bytes)\n", rqstp->rq_arg.len);
return rqstp->rq_arg.len;
error:
return rqstp->rq_arg.len;
error: