nfsd4: nfsd4_check_resp_size should check against whole buffer

Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 8ce6c8d5ee8a810c9ce7afb186abcfae634ee496..0eeba2199c8c34aed4b18fc437e6fe92657d8bd7 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3762,7 +3762,6 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
 {
        struct xdr_buf *buf = &resp->rqstp->rq_res;
        struct nfsd4_session *session = resp->cstate.session;
-       int slack_bytes = (char *)resp->xdr.end - (char *)resp->xdr.p;
 
        if (nfsd4_has_session(&resp->cstate)) {
                struct nfsd4_slot *slot = resp->cstate.slot;
@@ -3775,7 +3774,7 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
                        return nfserr_rep_too_big_to_cache;
        }
 
-       if (respsize > slack_bytes) {
+       if (buf->len + respsize > buf->buflen) {
                WARN_ON_ONCE(nfsd4_has_session(&resp->cstate));
                return nfserr_resource;
        }