Hi,
Kirill A. Shutemov wrote on Tue, Dec 30, 2014 at 02:48:09AM +0200:
> @@ -273,7 +273,7 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
> }
> break;
> case 'R':{
> - int16_t *nwqid = va_arg(ap, int16_t *);
> + uint16_t *nwqid = va_arg(ap, uint16_t *);
> struct p9_qid **wqids =
> va_arg(ap, struct p9_qid **);
>
Good find there!
Given we also have pdu->size, would it make sense to check nwqid through
this?
I'd need to check but I'd assume we should always have, after reading
nwqid, pdu->size - pdu->offset >= *nwqid * 13 (size of qid on the wire)
If not, one of the p9pdu_readf for qids is bound to fail eventually, and
there has been a problem somewhere.
(It should be equal for walk because this ends the pdu, but nothing
forbids a protocol extension that'd add more data after this qid array)
> @@ -448,7 +448,7 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
> }
> break;
> case 'U':{
> - int32_t count = va_arg(ap, int32_t);
> + uint32_t count = va_arg(ap, uint32_t);
> const char __user *udata =
> va_arg(ap, const void __user *);
> errcode = p9pdu_writef(pdu, proto_version, "d",
> @@ -479,7 +479,7 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
> }
> break;
> case 'R':{
> - int16_t nwqid = va_arg(ap, int);
> + uint16_t nwqid = va_arg(ap, int);
> struct p9_qid *wqids =
> va_arg(ap, struct p9_qid *);
Doesn't seem like it can hurt, although I can't see any code leading to
the 'R' case. It's a bit hard to tell.
Anyway, supporting this patch as well, second double-check on read/nwqid
can be added separately if deemed useful!
--
Dominique
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
