net/9p: Handle error in zero copy request correctly for 9p2000.u

	if (!p9_is_proto_dotl(c)) {

		/* Error is reported in string format */

		uint16_t len;

		/* 7 = header size for RERROR, 2 is the size of string len; */

		int inline_len = in_hdrlen - (7 + 2);

		int len;

		/* 7 = header size for RERROR; */

		int inline_len = in_hdrlen - 7;

		/* Read the size of error string */

		err = p9pdu_readf(req->rc, c->proto_version, "w", &len);

		if (err)

			goto out_err;

		ename = kmalloc(len + 1, GFP_NOFS);

		if (!ename) {

			err = -ENOMEM;

			goto out_err;

		}

		if (len <= inline_len) {

			/* We have error in protocol buffer itself */

			if (pdu_read(req->rc, ename, len)) {

		len =  req->rc->size - req->rc->offset;

		if (len > (P9_ZC_HDR_SZ - 7)) {

			err = -EFAULT;

				goto out_free;

			goto out_err;

		}

		} else {

			/*

			 *  Part of the data is in user space buffer.

			 */

			if (pdu_read(req->rc, ename, inline_len)) {

				err = -EFAULT;

				goto out_free;

			}

		ename = &req->rc->sdata[req->rc->offset];

		if (len > inline_len) {

			/* We have error in external buffer */

			if (kern_buf) {

				memcpy(ename + inline_len, uidata,

				       len - inline_len);

						     uidata, len - inline_len);

				if (err) {

					err = -EFAULT;

					goto out_free;

					goto out_err;

				}

			}

		}

		ename[len] = 0;

		if (p9_is_proto_dotu(c)) {

			/* For dotu we also have error code */

			err = p9pdu_readf(req->rc,

					  c->proto_version, "d", &ecode);

		ename = NULL;

		err = p9pdu_readf(req->rc, c->proto_version, "s?d",

				  &ename, &ecode);

		if (err)

				goto out_free;

			goto out_err;

		if (p9_is_proto_dotu(c))

			err = -ecode;

		}

		if (!err || !IS_ERR_VALUE(err)) {

			err = p9_errstr2errno(ename, strlen(ename));

	}

	return err;

out_free:

	kfree(ename);

out_err:

	p9_debug(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);

	return err;