* [PATCH] sunrpc: do array overrun check in svc_recv before allocating pages
@ 2012-05-04 15:44 Jeff Layton
2012-05-09 16:06 ` J. Bruce Fields
0 siblings, 1 reply; 2+ messages in thread
From: Jeff Layton @ 2012-05-04 15:44 UTC (permalink / raw)
To: bfields; +Cc: linux-nfs
There's little point in waiting until after we allocate all of the pages
to see if we're going to overrun the array. In the event that this
calculation is really off we could end up scribbling over a bunch of
memory and make it tougher to debug.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
net/sunrpc/svc_xprt.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index 4bda09d..8195c6a 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -601,6 +601,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
/* now allocate needed pages. If we get a failure, sleep briefly */
pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
+ BUG_ON(pages >= RPCSVC_MAXPAGES);
for (i = 0; i < pages ; i++)
while (rqstp->rq_pages[i] == NULL) {
struct page *p = alloc_page(GFP_KERNEL);
@@ -615,7 +616,6 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
rqstp->rq_pages[i] = p;
}
rqstp->rq_pages[i++] = NULL; /* this might be seen in nfs_read_actor */
- BUG_ON(pages >= RPCSVC_MAXPAGES);
/* Make arg->head point to first page and arg->pages point to rest */
arg = &rqstp->rq_arg;
--
1.7.7.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] sunrpc: do array overrun check in svc_recv before allocating pages
2012-05-04 15:44 [PATCH] sunrpc: do array overrun check in svc_recv before allocating pages Jeff Layton
@ 2012-05-09 16:06 ` J. Bruce Fields
0 siblings, 0 replies; 2+ messages in thread
From: J. Bruce Fields @ 2012-05-09 16:06 UTC (permalink / raw)
To: Jeff Layton; +Cc: linux-nfs
On Fri, May 04, 2012 at 11:44:12AM -0400, Jeff Layton wrote:
> There's little point in waiting until after we allocate all of the pages
> to see if we're going to overrun the array. In the event that this
> calculation is really off we could end up scribbling over a bunch of
> memory and make it tougher to debug.
OK, thanks.--b.
>
> Signed-off-by: Jeff Layton <jlayton@redhat.com>
> ---
> net/sunrpc/svc_xprt.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
> index 4bda09d..8195c6a 100644
> --- a/net/sunrpc/svc_xprt.c
> +++ b/net/sunrpc/svc_xprt.c
> @@ -601,6 +601,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
>
> /* now allocate needed pages. If we get a failure, sleep briefly */
> pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
> + BUG_ON(pages >= RPCSVC_MAXPAGES);
> for (i = 0; i < pages ; i++)
> while (rqstp->rq_pages[i] == NULL) {
> struct page *p = alloc_page(GFP_KERNEL);
> @@ -615,7 +616,6 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
> rqstp->rq_pages[i] = p;
> }
> rqstp->rq_pages[i++] = NULL; /* this might be seen in nfs_read_actor */
> - BUG_ON(pages >= RPCSVC_MAXPAGES);
>
> /* Make arg->head point to first page and arg->pages point to rest */
> arg = &rqstp->rq_arg;
> --
> 1.7.7.6
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-05-09 16:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-04 15:44 [PATCH] sunrpc: do array overrun check in svc_recv before allocating pages Jeff Layton
2012-05-09 16:06 ` J. Bruce Fields
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).