On 23 May 2024, at 4:47, Chen Hanxiao wrote:
> don't return 0 if snd_buf->len really greater than snd_buf->buflen
>
> Signed-off-by: Chen Hanxiao <chenhx.fnst@xxxxxxxxxxx>
Fixes: 0c77668ddb4e ("SUNRPC: Introduce trace points in rpc_auth_gss.ko")
Reviewed-by: Benjamin Coddington <bcodding@xxxxxxxxxx>
more below ..
> ---
> net/sunrpc/auth_gss/auth_gss.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
> index c7af0220f82f..369310909fc9 100644
> --- a/net/sunrpc/auth_gss/auth_gss.c
> +++ b/net/sunrpc/auth_gss/auth_gss.c
> @@ -1875,8 +1875,10 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
> offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
> maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
> /* slack space should prevent this ever happening: */
> - if (unlikely(snd_buf->len > snd_buf->buflen))
> + if (unlikely(snd_buf->len > snd_buf->buflen)) {
> + status = -EIO;
> goto wrap_failed;
Maybe Chuck intended to jump to bad_wrap in 0c77668ddb4e? Interesting that
you found this considering "slack space should prevent this ever happening".
Ben
