summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2012-05-04 19:44:12 +0400
committerJ. Bruce Fields <bfields@redhat.com>2012-06-01 04:29:41 +0400
commit91c427ac3a61ccabae0fdef53563edf40394b6c9 (patch)
tree66f5aaf373ebef288ed561def0f188f1ac5700d5
parent786185b5f8abefa6a8a16695bb4a59c164d5a071 (diff)
downloadlinux-91c427ac3a61ccabae0fdef53563edf40394b6c9.tar.xz
sunrpc: do array overrun check in svc_recv before allocating pages
There's little point in waiting until after we allocate all of the pages to see if we're going to overrun the array. In the event that this calculation is really off we could end up scribbling over a bunch of memory and make it tougher to debug. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r--net/sunrpc/svc_xprt.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index 4bda09d7e1a4..8195c6acba12 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -601,6 +601,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
/* now allocate needed pages. If we get a failure, sleep briefly */
pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
+ BUG_ON(pages >= RPCSVC_MAXPAGES);
for (i = 0; i < pages ; i++)
while (rqstp->rq_pages[i] == NULL) {
struct page *p = alloc_page(GFP_KERNEL);
@@ -615,7 +616,6 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
rqstp->rq_pages[i] = p;
}
rqstp->rq_pages[i++] = NULL; /* this might be seen in nfs_read_actor */
- BUG_ON(pages >= RPCSVC_MAXPAGES);
/* Make arg->head point to first page and arg->pages point to rest */
arg = &rqstp->rq_arg;