Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 58c17b0e authored by Alex Elder's avatar Alex Elder
Browse files

rbd: don't over-allocate space for object prefix 



In rbd_header_from_disk() the object prefix buffer is sized based on
the maximum size it's block_name equivalent on disk could be.

Instead, only allocate enough to hold null-terminated string from
the on-disk header--or the maximum size of no NUL is found.

Signed-off-by: default avatarAlex Elder <elder@inktank.com>
Reviewed-by: default avatarYehuda Sadeh <yehuda@inktank.com>
parent 1f7ba331

drivers/block/rbd.c

+5 −4
Original line number Diff line number Diff line
@@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header, 
				 struct rbd_image_header_ondisk *ondisk)

{

	u32 snap_count;

	size_t len;

	size_t size;



	memset(header, 0, sizeof (*header));



	snap_count = le32_to_cpu(ondisk->snap_count);



	size = sizeof (ondisk->object_prefix) + 1;

	header->object_prefix = kmalloc(size, GFP_KERNEL);

	len = strnlen(ondisk->object_prefix, sizeof (ondisk->object_prefix));

	header->object_prefix = kmalloc(len + 1, GFP_KERNEL);

	if (!header->object_prefix)

		return -ENOMEM;

	memcpy(header->object_prefix, ondisk->object_prefix, size - 1);

	header->object_prefix[size - 1] = '\0';

	memcpy(header->object_prefix, ondisk->object_prefix, len);

	header->object_prefix[len] = '\0';



	if (snap_count) {

		header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);