Skip to content

Commit 1b79821

Browse files
torvaldstorvalds
committed
Merge tag '9p-3.10-bug-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
Pull net/9p bug fix from Eric Van Hensbergen: "zero copy error fix" * tag '9p-3.10-bug-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: net/9p: Handle error in zero copy request correctly for 9p2000.u
2 parents ab02963 + 6390460 commit 1b79821

File tree

1 file changed

+18
-37
lines changed

1 file changed

+18
-37
lines changed

net/9p/client.c

Lines changed: 18 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -562,36 +562,19 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
562562

563563
if (!p9_is_proto_dotl(c)) {
564564
/* Error is reported in string format */
565-
uint16_t len;
566-
/* 7 = header size for RERROR, 2 is the size of string len; */
567-
int inline_len = in_hdrlen - (7 + 2);
565+
int len;
566+
/* 7 = header size for RERROR; */
567+
int inline_len = in_hdrlen - 7;
568568

569-
/* Read the size of error string */
570-
err = p9pdu_readf(req->rc, c->proto_version, "w", &len);
571-
if (err)
572-
goto out_err;
573-
574-
ename = kmalloc(len + 1, GFP_NOFS);
575-
if (!ename) {
576-
err = -ENOMEM;
569+
len = req->rc->size - req->rc->offset;
570+
if (len > (P9_ZC_HDR_SZ - 7)) {
571+
err = -EFAULT;
577572
goto out_err;
578573
}
579-
if (len <= inline_len) {
580-
/* We have error in protocol buffer itself */
581-
if (pdu_read(req->rc, ename, len)) {
582-
err = -EFAULT;
583-
goto out_free;
584574

585-
}
586-
} else {
587-
/*
588-
* Part of the data is in user space buffer.
589-
*/
590-
if (pdu_read(req->rc, ename, inline_len)) {
591-
err = -EFAULT;
592-
goto out_free;
593-
594-
}
575+
ename = &req->rc->sdata[req->rc->offset];
576+
if (len > inline_len) {
577+
/* We have error in external buffer */
595578
if (kern_buf) {
596579
memcpy(ename + inline_len, uidata,
597580
len - inline_len);
@@ -600,19 +583,19 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
600583
uidata, len - inline_len);
601584
if (err) {
602585
err = -EFAULT;
603-
goto out_free;
586+
goto out_err;
604587
}
605588
}
606589
}
607-
ename[len] = 0;
608-
if (p9_is_proto_dotu(c)) {
609-
/* For dotu we also have error code */
610-
err = p9pdu_readf(req->rc,
611-
c->proto_version, "d", &ecode);
612-
if (err)
613-
goto out_free;
590+
ename = NULL;
591+
err = p9pdu_readf(req->rc, c->proto_version, "s?d",
592+
&ename, &ecode);
593+
if (err)
594+
goto out_err;
595+
596+
if (p9_is_proto_dotu(c))
614597
err = -ecode;
615-
}
598+
616599
if (!err || !IS_ERR_VALUE(err)) {
617600
err = p9_errstr2errno(ename, strlen(ename));
618601

@@ -628,8 +611,6 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
628611
}
629612
return err;
630613

631-
out_free:
632-
kfree(ename);
633614
out_err:
634615
p9_debug(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);
635616
return err;

0 commit comments

Comments
 (0)