Merge tag '9p-3.10-bug-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs

Pull net/9p bug fix from Eric Van Hensbergen: "zero copy error fix" * tag '9p-3.10-bug-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: net/9p: Handle error in zero copy request correctly for 9p2000.u
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-06-10 20:35:25 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-06-10 20:35:25 -0400
commit: 1b79821fe7855c34030bc2f177660874e0a0ab62 (patch)
tree: 0421a6958fabad4a7b25f9bfc6232ed332f1a2c6 /net/9p
parent: ab0296319a8cb970f4e42659472bb40fbfae3e56 (diff)
parent: 6390460af8a672754dd6743f326515e98f52b2a7 (diff)
1 files changed, 18 insertions, 37 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index 8eb75425e6e6..addc116cecf0 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -562,36 +562,19 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
        if (!p9_is_proto_dotl(c)) {
                /* Error is reported in string format */
-                uint16_t len;
+                int len;
-                /* 7 = header size for RERROR, 2 is the size of string len; */
+                /* 7 = header size for RERROR; */
-                int inline_len = in_hdrlen - (7 + 2);
+                int inline_len = in_hdrlen - 7;
-                /* Read the size of error string */
+                len =  req->rc->size - req->rc->offset;
-                err = p9pdu_readf(req->rc, c->proto_version, "w", &len);
+                if (len > (P9_ZC_HDR_SZ - 7)) {
-                if (err)
+                        err = -EFAULT;
-                        goto out_err;
-                ename = kmalloc(len + 1, GFP_NOFS);
-                if (!ename) {
-                        err = -ENOMEM;
                        goto out_err;
                }
-                if (len <= inline_len) {
-                        /* We have error in protocol buffer itself */
-                        if (pdu_read(req->rc, ename, len)) {
-                                err = -EFAULT;
-                                goto out_free;
-                        }
+                ename = &req->rc->sdata[req->rc->offset];
-                } else {
+                if (len > inline_len) {
-                        /*
+                        /* We have error in external buffer */
-                         *  Part of the data is in user space buffer.
-                         */
-                        if (pdu_read(req->rc, ename, inline_len)) {
-                                err = -EFAULT;
-                                goto out_free;
-                        }
                        if (kern_buf) {
                                memcpy(ename + inline_len, uidata,
                                       len - inline_len);
@@ -600,19 +583,19 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
                                                     uidata, len - inline_len);
                                if (err) {
                                        err = -EFAULT;
-                                        goto out_free;
+                                        goto out_err;
                                }
                        }
                }
-                ename[len] = 0;
+                ename = NULL;
-                if (p9_is_proto_dotu(c)) {
+                err = p9pdu_readf(req->rc, c->proto_version, "s?d",
-                        /* For dotu we also have error code */
+                                  &ename, &ecode);
-                        err = p9pdu_readf(req->rc,
+                if (err)
-                                          c->proto_version, "d", &ecode);
+                        goto out_err;
-                        if (err)
-                                goto out_free;
+                if (p9_is_proto_dotu(c))
                        err = -ecode;
-                }
                if (!err || !IS_ERR_VALUE(err)) {
                        err = p9_errstr2errno(ename, strlen(ename));
@@ -628,8 +611,6 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
        }
        return err;
-out_free:
-        kfree(ename);
 out_err:
        p9_debug(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);
        return err;
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-06-10 20:35:25 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-06-10 20:35:25 -0400
commit	1b79821fe7855c34030bc2f177660874e0a0ab62 (patch)
tree	0421a6958fabad4a7b25f9bfc6232ed332f1a2c6 /net/9p
parent	ab0296319a8cb970f4e42659472bb40fbfae3e56 (diff)
parent	6390460af8a672754dd6743f326515e98f52b2a7 (diff)

diff --git a/net/9p/client.c b/net/9p/client.c index 8eb75425e6e6..addc116cecf0 100644 --- a/net/9p/client.c +++ b/net/9p/client.c
@@ -562,36 +562,19 @@ static int p9_check_zc_errors(struct p9_client c, struct p9_req_t req,
562		562
563	if (!p9_is_proto_dotl(c)) {	563	if (!p9_is_proto_dotl(c)) {
564	/* Error is reported in string format */	564	/* Error is reported in string format */
565	uint16_t len;	565	int len;
566	/* 7 = header size for RERROR, 2 is the size of string len; */	566	/* 7 = header size for RERROR; */
567	int inline_len = in_hdrlen - (7 + 2);	567	int inline_len = in_hdrlen - 7;
568		568
569	/* Read the size of error string */	569	len = req->rc->size - req->rc->offset;
570	err = p9pdu_readf(req->rc, c->proto_version, "w", &len);	570	if (len > (P9_ZC_HDR_SZ - 7)) {
571	if (err)	571	err = -EFAULT;
572	goto out_err;
573
574	ename = kmalloc(len + 1, GFP_NOFS);
575	if (!ename) {
576	err = -ENOMEM;
577	goto out_err;	572	goto out_err;
578	}	573	}
579	if (len <= inline_len) {
580	/* We have error in protocol buffer itself */
581	if (pdu_read(req->rc, ename, len)) {
582	err = -EFAULT;
583	goto out_free;
584		574
585	}	575	ename = &req->rc->sdata[req->rc->offset];
586	} else {	576	if (len > inline_len) {
587	/*	577	/* We have error in external buffer */
588	* Part of the data is in user space buffer.
589	*/
590	if (pdu_read(req->rc, ename, inline_len)) {
591	err = -EFAULT;
592	goto out_free;
593
594	}
595	if (kern_buf) {	578	if (kern_buf) {
596	memcpy(ename + inline_len, uidata,	579	memcpy(ename + inline_len, uidata,
597	len - inline_len);	580	len - inline_len);
@@ -600,19 +583,19 @@ static int p9_check_zc_errors(struct p9_client c, struct p9_req_t req,
600	uidata, len - inline_len);	583	uidata, len - inline_len);
601	if (err) {	584	if (err) {
602	err = -EFAULT;	585	err = -EFAULT;
603	goto out_free;	586	goto out_err;
604	}	587	}
605	}	588	}
606	}	589	}
607	ename[len] = 0;	590	ename = NULL;
608	if (p9_is_proto_dotu(c)) {	591	err = p9pdu_readf(req->rc, c->proto_version, "s?d",
609	/* For dotu we also have error code */	592	&ename, &ecode);
610	err = p9pdu_readf(req->rc,	593	if (err)
611	c->proto_version, "d", &ecode);	594	goto out_err;
612	if (err)	595
613	goto out_free;	596	if (p9_is_proto_dotu(c))
614	err = -ecode;	597	err = -ecode;
615	}	598
616	if (!err \|\| !IS_ERR_VALUE(err)) {	599	if (!err \|\| !IS_ERR_VALUE(err)) {
617	err = p9_errstr2errno(ename, strlen(ename));	600	err = p9_errstr2errno(ename, strlen(ename));
618		601
@@ -628,8 +611,6 @@ static int p9_check_zc_errors(struct p9_client c, struct p9_req_t req,
628	}	611	}
629	return err;	612	return err;
630		613
631	out_free:
632	kfree(ename);
633	out_err:	614	out_err:
634	p9_debug(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);	615	p9_debug(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);
635	return err;	616	return err;