diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2015-07-04 16:17:39 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2015-07-04 16:17:39 -0400 |
commit | 0f1db7dee200127da4c07928189748918c312031 (patch) | |
tree | bd2abe8f6e2929335e9326afa56f06102386c224 /net/9p | |
parent | 67e808fbb0404a12d9b9830a44bbb48d447d8bc9 (diff) | |
download | linux-0f1db7dee200127da4c07928189748918c312031.tar.gz linux-0f1db7dee200127da4c07928189748918c312031.tar.bz2 linux-0f1db7dee200127da4c07928189748918c312031.zip |
9p: cope with bogus responses from server in p9_client_{read,write}
if server claims to have written/read more than we'd told it to,
warn and cap the claimed byte count to avoid advancing more than
we are ready to.
Diffstat (limited to 'net/9p')
-rw-r--r-- | net/9p/client.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/9p/client.c b/net/9p/client.c index 81925b923318..498454b3c06c 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -1583,6 +1583,10 @@ p9_client_read(struct p9_fid *fid, u64 offset, struct iov_iter *to, int *err) p9_free_req(clnt, req); break; } + if (rsize < count) { + pr_err("bogus RREAD count (%d > %d)\n", count, rsize); + count = rsize; + } p9_debug(P9_DEBUG_9P, "<<< RREAD count %d\n", count); if (!count) { @@ -1650,6 +1654,10 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err) p9_free_req(clnt, req); break; } + if (rsize < count) { + pr_err("bogus RWRITE count (%d > %d)\n", count, rsize); + count = rsize; + } p9_debug(P9_DEBUG_9P, "<<< RWRITE count %d\n", count); |