| Message ID | 20221118135542.63400-1-asmadeus@codewreck.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp211996wrr;
Fri, 18 Nov 2022 06:05:15 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf5yyGKDclUACv1nUg7d4uy1Xd8+WjJ7drIoAZ3wxCdW1Sn36K80NM1HBSy0WUQikJND+703
X-Received: by 2002:a17:90a:3f89:b0:217:90e0:3f8c with SMTP id
m9-20020a17090a3f8900b0021790e03f8cmr13883525pjc.192.1668780315408;
Fri, 18 Nov 2022 06:05:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668780315; cv=none;
d=google.com; s=arc-20160816;
b=vcO+4O2kz4j+RIirAQkoISeRXSWxYpmIn9Z7+mVr9Hy7exdDNfzM+O/3Cto5eq0iPQ
+6ViDbwaiJGs6gyEofqkadAKciaBIKCIAF6ealHPxkX/iqvrcgb1vB9h+MzhEmHbISH7
frKcdqEon0WK5ldfn3JncF/XeKOU9KbDzFl+Li6uBUiTjLKBUBZWTOLJqkVcqpz2Tnn3
EReq2c2KYlgYfyJDMyyX6jFX7xIHahjjJ67nHVPkArE1B/3lIGlSlu+pRDYHBn//EUi0
gLG/DO4ZHQj8157e89L/bPC7uO4KFPrN8FtnJqJDVlQ4i1PHGdVsnSWQwfxwqPTNh0Mh
rSNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature:dkim-signature;
bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=;
b=N0uUBHY/26ORAlHn/2Hv3NPfcIk3I2P8twylBiWlZmxgs0xE0NKwc9tm4wFgD7yfiF
eJ/T2vpHAPN+K+jQ1oIQR2Wo5vvV25luU+iUG5koLjpg/TC/4rr6jxMjcfKwdQMojOYh
e+Hjfg7DQfs/LZqAPnLcndrSXc/oRF7QwvI3+BADjaYotGH0FemMhVUUaIkZynXNW7jT
tnjQQWRs30wx6khF1e0TdnJ32TrRxnctbT1EsRe89nv56WIfOHUnpEaQPAl+t2MTc1/a
W8/agtKBWd0aVyNgJDozMKC1T0CFWZDgUIV4FNdHMeZRDCXNuQNVVZUVN7d3BOUO/D8Y
rIZw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@codewreck.org header.s=2 header.b=uSvAaMZ0;
dkim=pass header.i=@codewreck.org header.s=2 header.b=XiMNoADA;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
a5-20020a656545000000b00430b00f507dsi4006010pgw.430.2022.11.18.06.04.48;
Fri, 18 Nov 2022 06:05:15 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@codewreck.org header.s=2 header.b=uSvAaMZ0;
dkim=pass header.i=@codewreck.org header.s=2 header.b=XiMNoADA;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=codewreck.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S241768AbiKRN4I (ORCPT <rfc822;kkmonlee@gmail.com> + 99 others);
Fri, 18 Nov 2022 08:56:08 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40780 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S241506AbiKRN4F (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 18 Nov 2022 08:56:05 -0500
Received: from nautica.notk.org (ipv6.notk.org [IPv6:2001:41d0:1:7a93::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3BF1B855
for <linux-kernel@vger.kernel.org>;
Fri, 18 Nov 2022 05:56:04 -0800 (PST)
Received: by nautica.notk.org (Postfix, from userid 108)
id EABC2C021; Fri, 18 Nov 2022 14:56:09 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2;
t=1668779769; bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=;
h=From:To:Cc:Subject:Date:From;
b=uSvAaMZ0OpQj5Glb1zO0fX4Vtf2UxJ5sbZfbsKWIfztAOXVUTsOHzFmFyc0pmE+t5
GQrWZvuuh3a4liNcgeOQwvCoEHFs6y2K7+Yt/77E3yJDKEzFtZGiT3WjkeWt0H/iwl
82ZX0SajJI92Rqi3iomzgjTv9stjt2NyPtAGTpBmygKeGXdJgg8r0vstY/LgzWvsFK
tyAHuR1PD6EHY3hz5GWH16hYAsYjBEYo9IM3arp7YcJD4h/hdUtX38LCkhCSNOORBg
gWmorINpw+gHsHqP1SOebXgTBaNQYE0ydZ5qQRSt1lzWsAO422MKQjywksSUlOO7wg
gFS1rQN5O+GGw==
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
X-Spam-Level:
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
Received: from odin.codewreck.org (localhost [127.0.0.1])
by nautica.notk.org (Postfix) with ESMTPS id 6A553C009;
Fri, 18 Nov 2022 14:55:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codewreck.org; s=2;
t=1668779760; bh=CQZUY2pFucgWJB1sP94KlRMevw8XHM75WorqTLQ5yWo=;
h=From:To:Cc:Subject:Date:From;
b=XiMNoADAAyrOPpLTaJNzk8a4IsyZYtJ+O7/RXIn5s83g068QaP45+jsLpxBpwDnfo
C5+OMLcLzxe40UuXlB7wiAwffKkXW9YveqbrK5IVaa9RH/AuJ8whqMXlyFG0G1UziS
lGWwTs0s8GmziCje641LY3z6twFh3tHcype78ggsA7Hu92Lp+GfQkzjlrmOoK+p19f
X9prWTCp8OX5ByauPLfYvkIsBpzcL4TsnSaOuOqmhi9sac1b6FjPcyKq1PDoBPbiZA
jHzQxFgLOlkWJ36wmqfexu+Y9wAqpdP3vdSONWV9ImJSC9UtKlNy/YWd7WPY3okRFb
62TjSrtWPcbGA==
Received: from localhost (odin.codewreck.org [local])
by odin.codewreck.org (OpenSMTPD) with ESMTPA id 286f58e1;
Fri, 18 Nov 2022 13:55:49 +0000 (UTC)
From: Dominique Martinet <asmadeus@codewreck.org>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: GUO Zihua <guozihua@huawei.com>, linux_oss@crudebyte.com,
v9fs-developer@lists.sourceforge.net, linux-kernel@vger.kernel.org,
Dominique Martinet <asmadeus@codewreck.org>
Subject: [PATCH 1/2] 9p/xen: check logical size for buffer size
Date: Fri, 18 Nov 2022 22:55:41 +0900
Message-Id: <20221118135542.63400-1-asmadeus@codewreck.org>
X-Mailer: git-send-email 2.38.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749842988142198503?=
X-GMAIL-MSGID: =?utf-8?q?1749842988142198503?=
|
| Series |
[1/2] 9p/xen: check logical size for buffer size
|
|
Commit Message
Dominique Martinet
Nov. 18, 2022, 1:55 p.m. UTC
trans_xen did not check the data fits into the buffer before copying
from the xen ring, but we probably should.
Add a check that just skips the request and return an error to
userspace if it did not fit
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
---
This comes more or less as a follow up of a fix for trans_fd:
https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com
Where msize should be replaced by capacity check, except trans_xen
did not actually use to check the size fits at all.
While we normally trust the hypervisor (they can probably do whatever
they want with our memory), a bug in the 9p server is always possible so
sanity checks never hurt, especially now buffers got drastically smaller
with a recent patch.
My setup for xen is unfortunately long dead so I cannot test this:
Stefano, you've tested v9fs xen patches in the past, would you mind
verifying this works as well?
net/9p/trans_xen.c | 9 +++++++++
1 file changed, 9 insertions(+)
Comments
On Fri, 18 Nov 2022, Dominique Martinet wrote: > trans_xen did not check the data fits into the buffer before copying > from the xen ring, but we probably should. > Add a check that just skips the request and return an error to > userspace if it did not fit > > Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> > --- > > This comes more or less as a follow up of a fix for trans_fd: > https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com > Where msize should be replaced by capacity check, except trans_xen > did not actually use to check the size fits at all. > > While we normally trust the hypervisor (they can probably do whatever > they want with our memory), a bug in the 9p server is always possible so > sanity checks never hurt, especially now buffers got drastically smaller > with a recent patch. > > My setup for xen is unfortunately long dead so I cannot test this: > Stefano, you've tested v9fs xen patches in the past, would you mind > verifying this works as well? > > net/9p/trans_xen.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c > index b15c64128c3e..66ceb3b3ae30 100644 > --- a/net/9p/trans_xen.c > +++ b/net/9p/trans_xen.c > @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) > continue; > } > > + if (h.size > req->rc.capacity) { > + dev_warn(&priv->dev->dev, > + "requested packet size too big: %d for tag %d with capacity %zd\n", > + h.size, h.tag, rreq->rc.capacity); "req" instead of "rreq" I made this change and tried the two patches together. Unfortunately I get the following error as soon as I try to write a file: /bin/sh: can't create /mnt/file: Input/output error Next I reverted the second patch and only kept this patch. With that, it worked as usual. It looks like the second patch is the problem. I have not investigated further. > + req->status = REQ_STATUS_ERROR; > + goto recv_error; > + } > + > memcpy(&req->rc, &h, sizeof(h)); > req->rc.offset = 0; > > @@ -217,6 +225,7 @@ static void p9_xen_response(struct work_struct *work) > masked_prod, &masked_cons, > XEN_9PFS_RING_SIZE(ring)); > > +recv_error: > virt_mb(); > cons += h.size; > ring->intf->in_cons = cons; > -- > 2.38.1 >
Thanks a lot, that was fast! Stefano Stabellini wrote on Fri, Nov 18, 2022 at 05:51:46PM -0800: > On Fri, 18 Nov 2022, Dominique Martinet wrote: > > trans_xen did not check the data fits into the buffer before copying > > from the xen ring, but we probably should. > > Add a check that just skips the request and return an error to > > userspace if it did not fit > > > > Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> > > --- > > > > This comes more or less as a follow up of a fix for trans_fd: > > https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com > > Where msize should be replaced by capacity check, except trans_xen > > did not actually use to check the size fits at all. > > > > While we normally trust the hypervisor (they can probably do whatever > > they want with our memory), a bug in the 9p server is always possible so > > sanity checks never hurt, especially now buffers got drastically smaller > > with a recent patch. > > > > My setup for xen is unfortunately long dead so I cannot test this: > > Stefano, you've tested v9fs xen patches in the past, would you mind > > verifying this works as well? > > > > net/9p/trans_xen.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c > > index b15c64128c3e..66ceb3b3ae30 100644 > > --- a/net/9p/trans_xen.c > > +++ b/net/9p/trans_xen.c > > @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) > > continue; > > } > > > > + if (h.size > req->rc.capacity) { > > + dev_warn(&priv->dev->dev, > > + "requested packet size too big: %d for tag %d with capacity %zd\n", > > + h.size, h.tag, rreq->rc.capacity); > > "req" instead of "rreq" ugh, sorry for that. I didn't realize I have NET_9P_XEN=n on this machine ... /facepalm I'm lazy so won't bother sending a v2: https://github.com/martinetd/linux/commit/ebd09c8245aa15f15b273e9733e8ed8991db3682 I'll add your Tested-by tomorrow unless you don't want to :) > I made this change and tried the two patches together. Unfortunately I > get the following error as soon as I try to write a file: > > /bin/sh: can't create /mnt/file: Input/output error > > > Next I reverted the second patch and only kept this patch. With that, it > worked as usual. It looks like the second patch is the problem. I have > not investigated further. Thanks -- it's now obvious I shouldn't send patches without testing before bedtime... I could reproduce easily with virtio as well, this one was silly as well (>= instead of >). . . With another problem when zc requests get involved, as we don't actually allocate more than 4k for the rpc itself. If I adjust it to also check with the zc 'inlen' as follow it appears to work: https://github.com/martinetd/linux/commit/162015a0dac40eccc9e8311a5eb031596ad35e82 But that inlen isn't actually precise, and trans_virtio (the only transport implementing zc rpc) actually takes some liberty with the actual sg size to better fit hardwre, so that doesn't really make sense either and we probably should just trust trans_virtio at this point? This isn't obvious, so I'll just drop this patch for now. Checking witih msize isn't any good but it can wait till we sort it out as transports now all already check this one way or another; I'd like to get the actual fixes out first. (Christian, if you have time to look at it and take over I'd appreciate it, but there's no hurry.) Thanks again and sorry for the bad patches!
On Saturday, November 19, 2022 3:31:41 AM CET Dominique Martinet wrote: [...] > > I made this change and tried the two patches together. Unfortunately I > > get the following error as soon as I try to write a file: > > > > /bin/sh: can't create /mnt/file: Input/output error > > > > > > Next I reverted the second patch and only kept this patch. With that, it > > worked as usual. It looks like the second patch is the problem. I have > > not investigated further. > > Thanks -- it's now obvious I shouldn't send patches without testing > before bedtime... > I could reproduce easily with virtio as well, this one was silly as well > (>= instead of >). . . With another problem when zc requests get > involved, as we don't actually allocate more than 4k for the rpc itself. > > If I adjust it to also check with the zc 'inlen' as follow it appears to > work: > https://github.com/martinetd/linux/commit/162015a0dac40eccc9e8311a5eb031596ad35e82 > But that inlen isn't actually precise, and trans_virtio (the only > transport implementing zc rpc) actually takes some liberty with the > actual sg size to better fit hardwre, so that doesn't really make > sense either and we probably should just trust trans_virtio at this > point? > > This isn't obvious, so I'll just drop this patch for now. > Checking witih msize isn't any good but it can wait till we sort it out > as transports now all already check this one way or another; I'd like to > get the actual fixes out first. > > (Christian, if you have time to look at it and take over I'd appreciate > it, but there's no hurry.) OK, I'll look at this. Best regards, Christian Schoenebeck
On Friday, November 18, 2022 2:55:41 PM CET Dominique Martinet wrote: > trans_xen did not check the data fits into the buffer before copying > from the xen ring, but we probably should. > Add a check that just skips the request and return an error to > userspace if it did not fit > > Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> > --- > > This comes more or less as a follow up of a fix for trans_fd: > https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com > Where msize should be replaced by capacity check, except trans_xen > did not actually use to check the size fits at all. > > While we normally trust the hypervisor (they can probably do whatever > they want with our memory), a bug in the 9p server is always possible so > sanity checks never hurt, especially now buffers got drastically smaller > with a recent patch. > > My setup for xen is unfortunately long dead so I cannot test this: > Stefano, you've tested v9fs xen patches in the past, would you mind > verifying this works as well? > > net/9p/trans_xen.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c > index b15c64128c3e..66ceb3b3ae30 100644 > --- a/net/9p/trans_xen.c > +++ b/net/9p/trans_xen.c > @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) > continue; > } > > + if (h.size > req->rc.capacity) { > + dev_warn(&priv->dev->dev, > + "requested packet size too big: %d for tag %d with capacity %zd\n", > + h.size, h.tag, rreq->rc.capacity); > + req->status = REQ_STATUS_ERROR; > + goto recv_error; > + } > + Looks good (except of s/rreq/req/ mentioned by Stefano already). > memcpy(&req->rc, &h, sizeof(h)); Is that really OK? 1. `h` is of type xen_9pfs_header and declared as packed, whereas `rc` is of type p9_fcall not declared as packed. 2. Probably a bit dangerous to assume the layout of xen_9pfs_header being in sync with the starting layout of p9_fcall without any compile-time assertion? > req->rc.offset = 0; > > @@ -217,6 +225,7 @@ static void p9_xen_response(struct work_struct *work) > masked_prod, &masked_cons, > XEN_9PFS_RING_SIZE(ring)); > > +recv_error: > virt_mb(); > cons += h.size; > ring->intf->in_cons = cons; >
On Mon, 21 Nov 2022, Christian Schoenebeck wrote: > On Friday, November 18, 2022 2:55:41 PM CET Dominique Martinet wrote: > > trans_xen did not check the data fits into the buffer before copying > > from the xen ring, but we probably should. > > Add a check that just skips the request and return an error to > > userspace if it did not fit > > > > Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> > > --- > > > > This comes more or less as a follow up of a fix for trans_fd: > > https://lkml.kernel.org/r/20221117091159.31533-1-guozihua@huawei.com > > Where msize should be replaced by capacity check, except trans_xen > > did not actually use to check the size fits at all. > > > > While we normally trust the hypervisor (they can probably do whatever > > they want with our memory), a bug in the 9p server is always possible so > > sanity checks never hurt, especially now buffers got drastically smaller > > with a recent patch. > > > > My setup for xen is unfortunately long dead so I cannot test this: > > Stefano, you've tested v9fs xen patches in the past, would you mind > > verifying this works as well? > > > > net/9p/trans_xen.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c > > index b15c64128c3e..66ceb3b3ae30 100644 > > --- a/net/9p/trans_xen.c > > +++ b/net/9p/trans_xen.c > > @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) > > continue; > > } > > > > + if (h.size > req->rc.capacity) { > > + dev_warn(&priv->dev->dev, > > + "requested packet size too big: %d for tag %d with capacity %zd\n", > > + h.size, h.tag, rreq->rc.capacity); > > + req->status = REQ_STATUS_ERROR; > > + goto recv_error; > > + } > > + > > Looks good (except of s/rreq/req/ mentioned by Stefano already). > > > memcpy(&req->rc, &h, sizeof(h)); > > Is that really OK? > > 1. `h` is of type xen_9pfs_header and declared as packed, whereas `rc` is of > type p9_fcall not declared as packed. > > 2. Probably a bit dangerous to assume the layout of xen_9pfs_header being in > sync with the starting layout of p9_fcall without any compile-time > assertion? You are right. It would be better to replace the memcpy with: req->rc.size = h.size; req->rc.id = h.id; req->rc.tag = h.tag;
Christian Schoenebeck wrote on Mon, Nov 21, 2022 at 05:35:56PM +0100: > Looks good (except of s/rreq/req/ mentioned by Stefano already). Thanks for the review (I've taken this as a 'reviewed-by' under the assumption of that fix, sorry for being a bit aggressive at collecting these -- I'd rather overcredit work being done than the other way around) I'll send this and the three other commits in my 9p-next branch to Linus tomorrow around this time: https://github.com/martinetd/linux/commits/9p-next > > memcpy(&req->rc, &h, sizeof(h)); > > Is that really OK? > > 1. `h` is of type xen_9pfs_header and declared as packed, whereas `rc` is of > type p9_fcall not declared as packed. > > 2. Probably a bit dangerous to assume the layout of xen_9pfs_header being in > sync with the starting layout of p9_fcall without any compile-time > assertion? I've done this in a follow up that will be sent to Linus later as per Stefano's suggestion.
On Tuesday, November 22, 2022 1:39:39 AM CET Dominique Martinet wrote: > Christian Schoenebeck wrote on Mon, Nov 21, 2022 at 05:35:56PM +0100: > > Looks good (except of s/rreq/req/ mentioned by Stefano already). > > Thanks for the review (I've taken this as a 'reviewed-by' under the > assumption of that fix, sorry for being a bit aggressive at collecting > these -- I'd rather overcredit work being done than the other way around) Yes, you can add my RB of course! > I'll send this and the three other commits in my 9p-next branch to Linus > tomorrow around this time: > https://github.com/martinetd/linux/commits/9p-next > > > > > memcpy(&req->rc, &h, sizeof(h)); > > > > Is that really OK? > > > > 1. `h` is of type xen_9pfs_header and declared as packed, whereas `rc` is of > > type p9_fcall not declared as packed. > > > > 2. Probably a bit dangerous to assume the layout of xen_9pfs_header being in > > sync with the starting layout of p9_fcall without any compile-time > > assertion? > > I've done this in a follow up that will be sent to Linus later as per > Stefano's suggestion. Great, one patch less to send, thanks! :)
diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c index b15c64128c3e..66ceb3b3ae30 100644 --- a/net/9p/trans_xen.c +++ b/net/9p/trans_xen.c @@ -208,6 +208,14 @@ static void p9_xen_response(struct work_struct *work) continue; } + if (h.size > req->rc.capacity) { + dev_warn(&priv->dev->dev, + "requested packet size too big: %d for tag %d with capacity %zd\n", + h.size, h.tag, rreq->rc.capacity); + req->status = REQ_STATUS_ERROR; + goto recv_error; + } + memcpy(&req->rc, &h, sizeof(h)); req->rc.offset = 0; @@ -217,6 +225,7 @@ static void p9_xen_response(struct work_struct *work) masked_prod, &masked_cons, XEN_9PFS_RING_SIZE(ring)); +recv_error: virt_mb(); cons += h.size; ring->intf->in_cons = cons;