From 1622469ccd3267b037e8fde931a29f259de98f66 Mon Sep 17 00:00:00 2001
From: Fred Isaman <iisaman@netapp.com>
Date: Thu, 6 Jan 2011 11:36:27 +0000
Subject: [PATCH] --- yaml --- r: 229233 b: refs/heads/master c:
 fc1794c5b04f5322bad05385cd91b52ec85aab72 h: refs/heads/master i:   229231:
 2729df3f30285e80a992b8bfbb6847600c941856 v: v3

---
 [refs]              |  2 +-
 trunk/fs/nfs/pnfs.c | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 45fd83717f94..2adc4f75b671 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2130ff663633e8a57921779ebfe62fc39d5585ec
+refs/heads/master: fc1794c5b04f5322bad05385cd91b52ec85aab72
diff --git a/trunk/fs/nfs/pnfs.c b/trunk/fs/nfs/pnfs.c
index c00b673261f9..cd9906415a14 100644
--- a/trunk/fs/nfs/pnfs.c
+++ b/trunk/fs/nfs/pnfs.c
@@ -660,6 +660,17 @@ pnfs_layout_process(struct nfs4_layoutget *lgp)
 	struct inode *ino = lo->plh_inode;
 	int status = 0;
 
+	/* Verify we got what we asked for.
+	 * Note that because the xdr parsing only accepts a single
+	 * element array, this can fail even if the server is behaving
+	 * correctly.
+	 */
+	if (lgp->args.range.iomode > res->range.iomode ||
+	    res->range.offset != 0 ||
+	    res->range.length != NFS4_MAX_UINT64) {
+		status = -EINVAL;
+		goto out;
+	}
 	/* Inject layout blob into I/O device driver */
 	lseg = NFS_SERVER(ino)->pnfs_curr_ld->alloc_lseg(lo, res);
 	if (!lseg || IS_ERR(lseg)) {