[V9fs-developer] Read/Write from bad user space buffer

Commit Message

Aneesh Kumar K.V Oct. 13, 2010, 9:39 a.m. UTC

None

Patch

diff --git a/net/9p/client.c b/net/9p/client.c
index b2b066a..40315f2 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -579,6 +579,9 @@  p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
 	va_start(ap, fmt);
 	err = p9pdu_vwritef(req->tc, c->proto_version, fmt, ap);
 	va_end(ap);
+	if (err)
+		goto reterr;
+
 	p9pdu_finalize(req->tc);
 
 	err = c->trans_mod->request(c, req);
diff --git a/net/9p/protocol.c b/net/9p/protocol.c
index 3acd3af..28b66ed 100644
--- a/net/9p/protocol.c
+++ b/net/9p/protocol.c
@@ -122,9 +122,9 @@  static size_t
 pdu_write_u(struct p9_fcall *pdu, const char __user *udata, size_t size)
 {
 	size_t len = MIN(pdu->capacity - pdu->size, size);
-	int err = copy_from_user(&pdu->sdata[pdu->size], udata, len);
-	if (err)
-		printk(KERN_WARNING "pdu_write_u returning: %d\n", err);
+	if (copy_from_user(&pdu->sdata[pdu->size], udata, len))
+		/* Failed to read a copy_from_user */
+		len = 0;
 
 	pdu->size += len;
 	return size - len;