SUNRPC: Document validity guarantees of the pointer returned by reserve_space

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

A subtlety of this API is that if the @nbytes region traverses a
page boundary, the next __xdr_commit_encode will shift the data item
in the XDR encode buffer. This makes the returned pointer point to
something else, leading to unexpected behavior.

There are a few cases where the caller saves the returned pointer
and then later uses it to insert a computed value into an earlier
part of the stream. This can be safe only if either:

- the data item is guaranteed to be in the XDR buffer's head, and
thus is not ever going to be near a page boundary, or
- the data item is no larger than 4 octets, since XDR alignment
rules require all data items to start on 4-octet boundaries

But that safety is only an artifact of the current implementation.
It would be less brittle if these "safe" uses were eventually
replaced.

Reviewed-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

Chuck Lever 1 year ago 1196bdce 4163ee71

1 changed file

expand all

net

sunrpc

xdr.c

net/sunrpc/xdr.c

··· 1097 1097 * Checks that we have enough buffer space to encode 'nbytes' more 1098 1098 * bytes of data. If so, update the total xdr_buf length, and 1099 1099 * adjust the length of the current kvec. 1100 + * 1101 + * The returned pointer is valid only until the next call to 1102 + * xdr_reserve_space() or xdr_commit_encode() on @xdr. The current 1103 + * implementation of this API guarantees that space reserved for a 1104 + * four-byte data item remains valid until @xdr is destroyed, but 1105 + * that might not always be true in the future. 1100 1106 */ 1101 1107 __be32 * xdr_reserve_space(struct xdr_stream *xdr, size_t nbytes) 1102 1108 {

Configure Feed

Configure Feed