Re: [PATCH v3] net/9p: Fix buffer overflow in USB transport layer

[Christian Schoenebeck]

On Sunday, June 22, 2025 10:39:29 PM CEST asmadeus@xxxxxxxxxxxxx wrote:
[...]
> (... And this made me realize commit 60ece0833b6c ("net/9p: allocate
> appropriate reduced message buffers") likely broke everything for
> 9p/rdma 3 years ago, as rdma is swapping buffers around...
> I guess it doesn't have (m)any users...)

That patch contains an RDMA exception:

@@ -645,9 +664,18 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
        int sigpending, err;
        unsigned long flags;
        struct p9_req_t *req;
+       /* Passing zero for tsize/rsize to p9_client_prepare_req() tells it to
+        * auto determine an appropriate (small) request/response size
+        * according to actual message data being sent. Currently RDMA
+        * transport is excluded from this response message size optimization,
+        * as it would not cope with it, due to its pooled response buffers
+        * (using an optimized request size for RDMA as well though).
+        */
+       const uint tsize = 0;
+       const uint rsize = c->trans_mod->pooled_rbuffers ? c->msize : 0;
 
        va_start(ap, fmt);
-       req = p9_client_prepare_req(c, type, c->msize, c->msize, fmt, ap);
+       req = p9_client_prepare_req(c, type, tsize, rsize, fmt, ap);
        va_end(ap);
        if (IS_ERR(req))
                return req;

/Christian