p9_put_data is called by p9_create_twrite which expects it to return a
non-zero value on error. This was the reason why every p9_client_write
was failing. This patch also adds a check for buffer overflow in
p9_put_data.
Signed-off-by: Abhishek Kulkarni <[email protected]>
---
net/9p/conv.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/net/9p/conv.c b/net/9p/conv.c
index 4454720..7f6db15 100644
--- a/net/9p/conv.c
+++ b/net/9p/conv.c
@@ -451,8 +451,11 @@ p9_put_data(struct cbuf *bufp, const char *data,
int count,
unsigned char **pdata)
{
*pdata = buf_alloc(bufp, count);
+ if (buf_check_overflow(bufp))
+ return -EIO;
+
memmove(*pdata, data, count);
- return count;
+ return 0;
}
static int
Thanks,
-- Abhishek
Acked-by: Latchesar Ionkov <[email protected]>
On Tue, Aug 26, 2008 at 11:30 AM, Abhishek Kulkarni <[email protected]> wrote:
> p9_put_data is called by p9_create_twrite which expects it to return a
> non-zero value on error. This was the reason why every p9_client_write
> was failing. This patch also adds a check for buffer overflow in
> p9_put_data.
>
> Signed-off-by: Abhishek Kulkarni <[email protected]>
> ---
> net/9p/conv.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
> diff --git a/net/9p/conv.c b/net/9p/conv.c
> index 4454720..7f6db15 100644
> --- a/net/9p/conv.c
> +++ b/net/9p/conv.c
> @@ -451,8 +451,11 @@ p9_put_data(struct cbuf *bufp, const char *data,
> int count,
> unsigned char **pdata)
> {
> *pdata = buf_alloc(bufp, count);
> + if (buf_check_overflow(bufp))
> + return -EIO;
> +
> memmove(*pdata, data, count);
> - return count;
> + return 0;
> }
>
> static int
>
>
> Thanks,
> -- Abhishek
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> V9fs-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/v9fs-developer
>
On Tue, Aug 26, 2008 at 10:30 AM, Abhishek Kulkarni <[email protected]> wrote:
> p9_put_data is called by p9_create_twrite which expects it to return a
> non-zero value on error. This was the reason why every p9_client_write
> was failing. This patch also adds a check for buffer overflow in
> p9_put_data.
>
I'm a bit confused about when this is even getting called -- O thought
all writes were following the p9_client_uwrite path?
Also, we do the bufoverflow check in p9_create_write -- so with your
patch aren't we doing this twice?
-eric
> Signed-off-by: Abhishek Kulkarni <[email protected]>
> ---
> net/9p/conv.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
> diff --git a/net/9p/conv.c b/net/9p/conv.c
> index 4454720..7f6db15 100644
> --- a/net/9p/conv.c
> +++ b/net/9p/conv.c
> @@ -451,8 +451,11 @@ p9_put_data(struct cbuf *bufp, const char *data,
> int count,
> unsigned char **pdata)
> {
> *pdata = buf_alloc(bufp, count);
> + if (buf_check_overflow(bufp))
> + return -EIO;
> +
> memmove(*pdata, data, count);
> - return count;
> + return 0;
> }
>
> static int
>
>
> Thanks,
> -- Abhishek
>
>
On Thu, 2008-08-28 at 11:10 -0700, Eric Van Hensbergen wrote:
> On Tue, Aug 26, 2008 at 10:30 AM, Abhishek Kulkarni <[email protected]> wrote:
> > p9_put_data is called by p9_create_twrite which expects it to return a
> > non-zero value on error. This was the reason why every p9_client_write
> > was failing. This patch also adds a check for buffer overflow in
> > p9_put_data.
> >
>
> I'm a bit confused about when this is even getting called -- O thought
> all writes were following the p9_client_uwrite path?
Yes, this bug didn't come up to the surface since p9_create_twrite is
not even being called anywhere in v9fs. I tripped over it when using 9p
for a different module that I am working on.
>
> Also, we do the bufoverflow check in p9_create_write -- so with your
> patch aren't we doing this twice?
>
Yes, but then that makes the "check for error in return value" in
p9_create_twrite useless since memmove is not going to return an error
in any case.
Going with the existing convention however, I think the bufoverflow
check is unnecessary in p9_put_data and so is the check for error on
return.
I'll resubmit a patch.
-- Abhishek
> -eric
>
>
> > Signed-off-by: Abhishek Kulkarni <[email protected]>
> > ---
> > net/9p/conv.c | 5 ++++-
> > 1 files changed, 4 insertions(+), 1 deletions(-)
> > diff --git a/net/9p/conv.c b/net/9p/conv.c
> > index 4454720..7f6db15 100644
> > --- a/net/9p/conv.c
> > +++ b/net/9p/conv.c
> > @@ -451,8 +451,11 @@ p9_put_data(struct cbuf *bufp, const char *data,
> > int count,
> > unsigned char **pdata)
> > {
> > *pdata = buf_alloc(bufp, count);
> > + if (buf_check_overflow(bufp))
> > + return -EIO;
> > +
> > memmove(*pdata, data, count);
> > - return count;
> > + return 0;
> > }
> >
> > static int
> >
> >
> > Thanks,
> > -- Abhishek
> >
> >