From a31b3cffbd8e5d032dcb267bf94ee48d71c1a28b Mon Sep 17 00:00:00 2001 From: Christian Schoenebeck Date: Tue, 22 Nov 2022 20:20:29 +0100 Subject: [PATCH] net/9p: fix response size check in p9_check_errors() Since commit 60ece0833b6c ("net/9p: allocate appropriate reduced message buffers") it is no longer appropriate to check server's response size against msize. Check against the previously allocated buffer capacity instead. - Omit this size check entirely for zero-copy messages, as those always allocate 4k (P9_ZC_HDR_SZ) linear buffers which are not used for actual payload and can be much bigger than 4k. - Replace p9_debug() by pr_err() to make sure this message is always printed in case this error is triggered. - Add 9p message type to error message to ease investigation. Link: https://lkml.kernel.org/r/e0edec84b1c80119ae937ce854b4f5f6dbe2d08c.1669144861.git.linux_oss@crudebyte.com Signed-off-by: Christian Schoenebeck Tested-by: Stefano Stabellini Reported-by: kernel test robot Signed-off-by: Dominique Martinet --- net/9p/client.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/9p/client.c b/net/9p/client.c index a2b4a965a5a99..7b2a997662d9c 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -519,10 +519,9 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req) int ecode; err = p9_parse_header(&req->rc, NULL, &type, NULL, 0); - if (req->rc.size >= c->msize) { - p9_debug(P9_DEBUG_ERROR, - "requested packet size too big: %d\n", - req->rc.size); + if (req->rc.size > req->rc.capacity && !req->rc.zc) { + pr_err("requested packet size too big: %d does not fit %zu (type=%d)\n", + req->rc.size, req->rc.capacity, req->rc.id); return -EIO; } /* dump the response from server -- 2.30.2