rbd: don't over-allocate space for object prefix

In rbd_header_from_disk() the object prefix buffer is sized based on
the maximum size it's block_name equivalent on disk could be.

Instead, only allocate enough to hold null-terminated string from
the on-disk header--or the maximum size of no NUL is found.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>

1 files changed, 5 insertions, 4 deletions

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 15bd3ecbcf34..a27167942a92 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header,
                                  struct rbd_image_header_ondisk *ondisk)
 {
         u32 snap_count;
+        size_t len;
         size_t size;
 
         memset(header, 0, sizeof (*header));
 
         snap_count = le32_to_cpu(ondisk->snap_count);
 
-        size = sizeof (ondisk->object_prefix) + 1;
-        header->object_prefix = kmalloc(size, GFP_KERNEL);
+        len = strnlen(ondisk->object_prefix, sizeof (ondisk->object_prefix));
+        header->object_prefix = kmalloc(len + 1, GFP_KERNEL);
         if (!header->object_prefix)
                 return -ENOMEM;
-        memcpy(header->object_prefix, ondisk->object_prefix, size - 1);
-        header->object_prefix[size - 1] = '\0';
+        memcpy(header->object_prefix, ondisk->object_prefix, len);
+        header->object_prefix[len] = '\0';
 
         if (snap_count) {
                 header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);