Commit 58c17b0e authored by Alex Elder's avatar Alex Elder

rbd: don't over-allocate space for object prefix

In rbd_header_from_disk() the object prefix buffer is sized based on
the maximum size it's block_name equivalent on disk could be.

Instead, only allocate enough to hold null-terminated string from
the on-disk header--or the maximum size of no NUL is found.
Signed-off-by: default avatarAlex Elder <elder@inktank.com>
Reviewed-by: default avatarYehuda Sadeh <yehuda@inktank.com>
parent 1f7ba331
...@@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header, ...@@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header,
struct rbd_image_header_ondisk *ondisk) struct rbd_image_header_ondisk *ondisk)
{ {
u32 snap_count; u32 snap_count;
size_t len;
size_t size; size_t size;
memset(header, 0, sizeof (*header)); memset(header, 0, sizeof (*header));
snap_count = le32_to_cpu(ondisk->snap_count); snap_count = le32_to_cpu(ondisk->snap_count);
size = sizeof (ondisk->object_prefix) + 1; len = strnlen(ondisk->object_prefix, sizeof (ondisk->object_prefix));
header->object_prefix = kmalloc(size, GFP_KERNEL); header->object_prefix = kmalloc(len + 1, GFP_KERNEL);
if (!header->object_prefix) if (!header->object_prefix)
return -ENOMEM; return -ENOMEM;
memcpy(header->object_prefix, ondisk->object_prefix, size - 1); memcpy(header->object_prefix, ondisk->object_prefix, len);
header->object_prefix[size - 1] = '\0'; header->object_prefix[len] = '\0';
if (snap_count) { if (snap_count) {
header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment