| Message ID | 20110826165740.GF3775@shale.localdomain |
|---|---|
| State | Not Applicable, archived |
| Delegated to: | David Miller |
| Headers | show |
On Fri, 26 Aug 2011 19:57:40 +0300, Dan Carpenter <error27@gmail.com> wrote: > The size of things should be unsigned because negative sizes are > silly. My concern is the the limit checks don't take negative values > into consideration in p9_client_create() > if (clnt->msize > clnt->trans_mod->maxsize) > clnt->msize = clnt->trans_mod->maxsize; > and in p9_tag_alloc() > int alloc_msize = min(c->msize, max_size); > > I don't know if this is exported to user space? Hopefully it's not > too late to change this. The change is also needed to make sure large msize value (429496729) works Without the change it cause a server crash with Qemu 9p server. > > Signed-off-by: Dan Carpenter <error27@gmail.com> > > diff --git a/include/net/9p/client.h b/include/net/9p/client.h > index 55ce72c..d479d7d 100644 > --- a/include/net/9p/client.h > +++ b/include/net/9p/client.h > @@ -151,7 +151,7 @@ struct p9_req_t { > > struct p9_client { > spinlock_t lock; /* protect client structure */ > - int msize; > + unsigned int msize; > unsigned char proto_version; > struct p9_trans_module *trans_mod; > enum p9_trans_status status; I applied this with comment update to git://git.kernel.org/pub/scm/linux/kernel/git/kvaneesh/v9fs.git for-upstream-next-merge -aneesh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 08/26/2011 09:57 AM, Dan Carpenter wrote: > The size of things should be unsigned because negative sizes are > silly. My concern is the the limit checks don't take negative values > into consideration in p9_client_create() > if (clnt->msize> clnt->trans_mod->maxsize) > clnt->msize = clnt->trans_mod->maxsize; > and in p9_tag_alloc() > int alloc_msize = min(c->msize, max_size); > > I don't know if this is exported to user space? Hopefully it's not > too late to change this. It is not exported to user space but the other way is true; msize can be populate from mount option. It should be fine. > > Signed-off-by: Dan Carpenter<error27@gmail.com> Reviewed-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> > > diff --git a/include/net/9p/client.h b/include/net/9p/client.h > index 55ce72c..d479d7d 100644 > --- a/include/net/9p/client.h > +++ b/include/net/9p/client.h > @@ -151,7 +151,7 @@ struct p9_req_t { > > struct p9_client { > spinlock_t lock; /* protect client structure */ > - int msize; > + unsigned int msize; > unsigned char proto_version; > struct p9_trans_module *trans_mod; > enum p9_trans_status status; -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/net/9p/client.h b/include/net/9p/client.h index 55ce72c..d479d7d 100644 --- a/include/net/9p/client.h +++ b/include/net/9p/client.h @@ -151,7 +151,7 @@ struct p9_req_t { struct p9_client { spinlock_t lock; /* protect client structure */ - int msize; + unsigned int msize; unsigned char proto_version; struct p9_trans_module *trans_mod; enum p9_trans_status status;
The size of things should be unsigned because negative sizes are silly. My concern is the the limit checks don't take negative values into consideration in p9_client_create() if (clnt->msize > clnt->trans_mod->maxsize) clnt->msize = clnt->trans_mod->maxsize; and in p9_tag_alloc() int alloc_msize = min(c->msize, max_size); I don't know if this is exported to user space? Hopefully it's not too late to change this. Signed-off-by: Dan Carpenter <error27@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html