diff options
author | Alex Elder <elder@inktank.com> | 2012-08-24 06:22:06 +0200 |
---|---|---|
committer | Alex Elder <elder@inktank.com> | 2012-10-01 21:30:49 +0200 |
commit | 58c17b0e1b2278824aedc5d1201f6a43a38d6a48 (patch) | |
tree | a924fc7450e712bec4ca519d6d8bf8314cb7b3f6 | |
parent | rbd: handle locking inside __rbd_client_find() (diff) | |
download | linux-58c17b0e1b2278824aedc5d1201f6a43a38d6a48.tar.xz linux-58c17b0e1b2278824aedc5d1201f6a43a38d6a48.zip |
rbd: don't over-allocate space for object prefix
In rbd_header_from_disk() the object prefix buffer is sized based on
the maximum size it's block_name equivalent on disk could be.
Instead, only allocate enough to hold null-terminated string from
the on-disk header--or the maximum size of no NUL is found.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
-rw-r--r-- | drivers/block/rbd.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index 15bd3ecbcf34..a27167942a92 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header, struct rbd_image_header_ondisk *ondisk) { u32 snap_count; + size_t len; size_t size; memset(header, 0, sizeof (*header)); snap_count = le32_to_cpu(ondisk->snap_count); - size = sizeof (ondisk->object_prefix) + 1; - header->object_prefix = kmalloc(size, GFP_KERNEL); + len = strnlen(ondisk->object_prefix, sizeof (ondisk->object_prefix)); + header->object_prefix = kmalloc(len + 1, GFP_KERNEL); if (!header->object_prefix) return -ENOMEM; - memcpy(header->object_prefix, ondisk->object_prefix, size - 1); - header->object_prefix[size - 1] = '\0'; + memcpy(header->object_prefix, ondisk->object_prefix, len); + header->object_prefix[len] = '\0'; if (snap_count) { header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); |