22 Jun
2025
22 Jun
'25
8:33 p.m.
Greg Kroah-Hartman wrote on Fri, Jun 20, 2025 at 06:56:24AM +0200:
- memcpy(p9_rx_req->rc.sdata, req->buf, req->actual);
- if (req_size > p9_rx_req->rc.capacity) {
dev_err(&cdev->gadget->dev,"%s received data size %u exceeds buffer capacity %zu\n",ep->name, req_size, p9_rx_req->rc.capacity);Do you want a broken device to be able to flood the kernel log? You might want to change this to dev_dbg() instead.
I realize I hadn't replied to this one -- I (still) consider 9p mounts to be somewhat privileged/trusted, so I'm fine flooding kernel logs with a broken device. If the trust model changes (I've been askedto make 9p mountable by non-root users... perhaps after we've caught up with syzcallers reports but not holding my breath) then we can revisit this, but 9p IO errors are rather badly behaved afaik (connection possibly never recovers) so I'd rather the first error stands out.
- p9_rx_req->rc.size = req->actual;
- memcpy(p9_rx_req->rc.sdata, req->buf, req_size);
- p9_client_cb(usb9pfs->client, p9_rx_req, REQ_STATUS_RCVD);
- p9_rx_req->rc.size = req_sizel;
Did this code build properly?
Thanks/sorry for this one as well :/
--
Dominique