Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/net/9p/client.c b/net/9p/client.c
- index 18c5271910dc..2225df1ed8fc 100644
- --- a/net/9p/client.c
- +++ b/net/9p/client.c
- @@ -340,7 +340,7 @@ struct p9_req_t *p9_tag_lookup(struct p9_client *c, u16 tag)
- * buffer to read the data into */
- tag++;
- - if(tag >= c->max_tag)
- + if(tag >= c->max_tag)
- return NULL;
- row = tag / P9_ROW_MAXTAG;
- @@ -477,20 +477,11 @@ p9_parse_header(struct p9_fcall *pdu, int32_t *size, int8_t *type, int16_t *tag,
- int err;
- pdu->offset = 0;
- - if (pdu->size == 0)
- - pdu->size = 7;
- err = p9pdu_readf(pdu, 0, "dbw", &r_size, &r_type, &r_tag);
- if (err)
- goto rewind_and_exit;
- - pdu->size = r_size;
- - pdu->id = r_type;
- - pdu->tag = r_tag;
- -
- - p9_debug(P9_DEBUG_9P, "<<< size=%d type: %d tag: %d\n",
- - pdu->size, pdu->id, pdu->tag);
- -
- if (type)
- *type = r_type;
- if (tag)
- @@ -498,6 +489,16 @@ p9_parse_header(struct p9_fcall *pdu, int32_t *size, int8_t *type, int16_t *tag,
- if (size)
- *size = r_size;
- + if (pdu->size != r_size || r_size < 7) {
- + err = -EINVAL;
- + goto rewind_and_exit;
- + }
- +
- + pdu->id = r_type;
- + pdu->tag = r_tag;
- +
- + p9_debug(P9_DEBUG_9P, "<<< size=%d type: %d tag: %d\n",
- + pdu->size, pdu->id, pdu->tag);
- rewind_and_exit:
- if (rewind)
- @@ -524,6 +525,12 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
- int ecode;
- err = p9_parse_header(req->rc, NULL, &type, NULL, 0);
- + if (req->rc->size >= c->msize) {
- + p9_debug(P9_DEBUG_ERROR,
- + "requested packet size too big: %d\n",
- + req->rc->size);
- + return -EIO;
- + }
- /*
- * dump the response from server
- * This should be after check errors which poplulate pdu_fcall.
- @@ -1575,7 +1582,7 @@ p9_client_read(struct p9_fid *fid, u64 offset, struct iov_iter *to, int *err)
- int count = iov_iter_count(to);
- int rsize, non_zc = 0;
- char *dataptr;
- -
- +
- rsize = fid->iounit;
- if (!rsize || rsize > clnt->msize-P9_IOHDRSZ)
- rsize = clnt->msize - P9_IOHDRSZ;
- diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
- index 588bf88c3305..fadf9b43a287 100644
- --- a/net/9p/trans_fd.c
- +++ b/net/9p/trans_fd.c
- @@ -324,7 +324,9 @@ static void p9_read_work(struct work_struct *work)
- if ((!m->req) && (m->rc.offset == m->rc.capacity)) {
- p9_debug(P9_DEBUG_TRANS, "got new header\n");
- - err = p9_parse_header(&m->rc, NULL, NULL, NULL, 0);
- + /* Header size */
- + m->rc.size = 7;
- + err = p9_parse_header(&m->rc, &m->rc.size, NULL, NULL, 0);
- if (err) {
- p9_debug(P9_DEBUG_ERROR,
- "error parsing header: %d\n", err);
- diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
- index 3d414acb7015..2649b2ebf961 100644
- --- a/net/9p/trans_rdma.c
- +++ b/net/9p/trans_rdma.c
- @@ -320,6 +320,7 @@ recv_done(struct ib_cq *cq, struct ib_wc *wc)
- if (wc->status != IB_WC_SUCCESS)
- goto err_out;
- + c->rc->size = wc->byte_len;
- err = p9_parse_header(c->rc, NULL, NULL, &tag, 1);
- if (err)
- goto err_out;
- diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
- index 05006cbb3361..6d515f7ebfaf 100644
- --- a/net/9p/trans_virtio.c
- +++ b/net/9p/trans_virtio.c
- @@ -159,8 +159,10 @@ static void req_done(struct virtqueue *vq)
- spin_unlock_irqrestore(&chan->lock, flags);
- /* Wakeup if anyone waiting for VirtIO ring space. */
- wake_up(chan->vc_wq);
- - if (len)
- + if (len) {
- + req->rc->size = len;
- p9_client_cb(chan->client, req, REQ_STATUS_RCVD);
- + }
- }
- }
- @@ -446,7 +448,7 @@ p9_virtio_zc_request(struct p9_client *client, struct p9_req_t *req,
- out += pack_sg_list_p(chan->sg, out, VIRTQUEUE_NUM,
- out_pages, out_nr_pages, offs, outlen);
- }
- -
- +
- /*
- * Take care of in data
- * For example TREAD have 11.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement