diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2015-07-04 22:17:39 +0200 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2015-07-04 22:17:39 +0200 |
commit | 0f1db7dee200127da4c07928189748918c312031 (patch) | |
tree | bd2abe8f6e2929335e9326afa56f06102386c224 | |
parent | p9_client_write(): avoid double p9_free_req() (diff) | |
download | linux-0f1db7dee200127da4c07928189748918c312031.tar.xz linux-0f1db7dee200127da4c07928189748918c312031.zip |
9p: cope with bogus responses from server in p9_client_{read,write}
if server claims to have written/read more than we'd told it to,
warn and cap the claimed byte count to avoid advancing more than
we are ready to.
-rw-r--r-- | net/9p/client.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/9p/client.c b/net/9p/client.c index 81925b923318..498454b3c06c 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -1583,6 +1583,10 @@ p9_client_read(struct p9_fid *fid, u64 offset, struct iov_iter *to, int *err) p9_free_req(clnt, req); break; } + if (rsize < count) { + pr_err("bogus RREAD count (%d > %d)\n", count, rsize); + count = rsize; + } p9_debug(P9_DEBUG_9P, "<<< RREAD count %d\n", count); if (!count) { @@ -1650,6 +1654,10 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err) p9_free_req(clnt, req); break; } + if (rsize < count) { + pr_err("bogus RWRITE count (%d > %d)\n", count, rsize); + count = rsize; + } p9_debug(P9_DEBUG_9P, "<<< RWRITE count %d\n", count); |