Commit 2412085d authored by Bernd Schubert's avatar Bernd Schubert Committed by Miklos Szeredi
Browse files

fuse: Allocate only namelen buf memory in fuse_notify_ 



fuse_notify_inval_entry and fuse_notify_delete were using fixed allocations
of FUSE_NAME_MAX to hold the file name. Often that large buffers are not
needed as file names might be smaller, so this uses the actual file name
size to do the allocation.

Signed-off-by: default avatarBernd Schubert <bschubert@ddn.com>
Reviewed-by: default avatarJingbo Xu <jefflexu@linux.alibaba.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
parent 9b17cb59

fs/fuse/dev.c

+14 −12
Original line number Diff line number Diff line
@@ -1644,14 +1644,10 @@ static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size, 
				   struct fuse_copy_state *cs)

{

	struct fuse_notify_inval_entry_out outarg;

	int err = -ENOMEM;

	char *buf;

	int err;

	char *buf = NULL;

	struct qstr name;



	buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);

	if (!buf)

		goto err;



	err = -EINVAL;

	if (size < sizeof(outarg))

		goto err;
@@ -1668,6 +1664,11 @@ static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size, 
	if (size != sizeof(outarg) + outarg.namelen + 1)

		goto err;



	err = -ENOMEM;

	buf = kzalloc(outarg.namelen + 1, GFP_KERNEL);

	if (!buf)

		goto err;



	name.name = buf;

	name.len = outarg.namelen;

	err = fuse_copy_one(cs, buf, outarg.namelen + 1);
@@ -1692,14 +1693,10 @@ static int fuse_notify_delete(struct fuse_conn *fc, unsigned int size, 
			      struct fuse_copy_state *cs)

{

	struct fuse_notify_delete_out outarg;

	int err = -ENOMEM;

	char *buf;

	int err;

	char *buf = NULL;

	struct qstr name;



	buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);

	if (!buf)

		goto err;



	err = -EINVAL;

	if (size < sizeof(outarg))

		goto err;
@@ -1716,6 +1713,11 @@ static int fuse_notify_delete(struct fuse_conn *fc, unsigned int size, 
	if (size != sizeof(outarg) + outarg.namelen + 1)

		goto err;



	err = -ENOMEM;

	buf = kzalloc(outarg.namelen + 1, GFP_KERNEL);

	if (!buf)

		goto err;



	name.name = buf;

	name.len = outarg.namelen;

	err = fuse_copy_one(cs, buf, outarg.namelen + 1);