linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dominique Martinet <asmadeus@codewreck.org>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: GUO Zihua <guozihua@huawei.com>,
	linux_oss@crudebyte.com, v9fs-developer@lists.sourceforge.net,
	linux-kernel@vger.kernel.org,
	Dominique Martinet <asmadeus@codewreck.org>
Subject: [PATCH 2/2] 9p: ensure logical size fits allocated size
Date: Fri, 18 Nov 2022 22:55:42 +0900	[thread overview]
Message-ID: <20221118135542.63400-2-asmadeus@codewreck.org> (raw)
In-Reply-To: <20221118135542.63400-1-asmadeus@codewreck.org>

all buffers used to be msize big, but the size can now vary based on
message type and arguments.

Adjut p9_check_error() to check the logical size (request payload) fits
within the allocated size (capacity) rather than msize

Transports normally all check this when the packet is being read, but
might as well stay coherent.

Fixes: 60ece0833b6c ("net/9p: allocate appropriate reduced message buffers")
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
---

I think with the previous patch this is purely redundant, but better
safe than sorry...
The main problem is that if we didn't find this before we already
overflowed a buffer, so this is quite late!

 net/9p/client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/9p/client.c b/net/9p/client.c
index aaa37b07e30a..45dcc9e5d091 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -514,7 +514,7 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
 	int ecode;
 
 	err = p9_parse_header(&req->rc, NULL, &type, NULL, 0);
-	if (req->rc.size >= c->msize) {
+	if (req->rc.size >= req->rc.capacity) {
 		p9_debug(P9_DEBUG_ERROR,
 			 "requested packet size too big: %d\n",
 			 req->rc.size);
-- 
2.38.1


  reply	other threads:[~2022-11-18 13:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-18 13:55 [PATCH 1/2] 9p/xen: check logical size for buffer size Dominique Martinet
2022-11-18 13:55 ` Dominique Martinet [this message]
2022-11-19  1:51 ` Stefano Stabellini
2022-11-19  2:31   ` Dominique Martinet
2022-11-21 14:16     ` Christian Schoenebeck
2022-11-21 16:35 ` Christian Schoenebeck
2022-11-21 23:01   ` Stefano Stabellini
2022-11-22  0:39   ` Dominique Martinet
2022-11-22 10:46     ` Christian Schoenebeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221118135542.63400-2-asmadeus@codewreck.org \
    --to=asmadeus@codewreck.org \
    --cc=guozihua@huawei.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux_oss@crudebyte.com \
    --cc=sstabellini@kernel.org \
    --cc=v9fs-developer@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).