Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91c427ac authored by Jeff Layton's avatar Jeff Layton Committed by J. Bruce Fields
Browse files

sunrpc: do array overrun check in svc_recv before allocating pages 



There's little point in waiting until after we allocate all of the pages
to see if we're going to overrun the array. In the event that this
calculation is really off we could end up scribbling over a bunch of
memory and make it tougher to debug.

Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 786185b5

net/sunrpc/svc_xprt.c

+1 −1
Original line number Diff line number Diff line
@@ -601,6 +601,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout) 


	/* now allocate needed pages.  If we get a failure, sleep briefly */

	pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;

	BUG_ON(pages >= RPCSVC_MAXPAGES);

	for (i = 0; i < pages ; i++)

		while (rqstp->rq_pages[i] == NULL) {

			struct page *p = alloc_page(GFP_KERNEL);
@@ -615,7 +616,6 @@ int svc_recv(struct svc_rqst *rqstp, long timeout) 
			rqstp->rq_pages[i] = p;

		}

	rqstp->rq_pages[i++] = NULL; /* this might be seen in nfs_read_actor */

	BUG_ON(pages >= RPCSVC_MAXPAGES);



	/* Make arg->head point to first page and arg->pages point to rest */

	arg = &rqstp->rq_arg;