9p: use kvzalloc for readdir buffer

The readdir buffer is sized to msize, so kzalloc() can fail under
fragmentation with a page allocation failure in v9fs_alloc_rdir_buf()
/ v9fs_dir_readdir_dotl().

The buffer is only a response sink and is never pack_sg_list()'d,
so kvzalloc() is safe for all transports, unlike the fcall buffers
fixed in e21d451a82f3 ("9p: Use kvmalloc for message buffers on
supported transports").

Signed-off-by: Pierre Barre <pierre@barre.sh>
Message-ID: <20260512132032.369281-1-pierre@barre.sh>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

diff --git a/fs/9p/vfs_dir.c b/fs/9p/vfs_dir.c
index e0d34e4e9076e3b1a6c5ed07a3e009a50c9fa2a9..e82f60c1c854733cc9ac9fa09520c530f34f05e9 100644 (file)
--- a/fs/9p/vfs_dir.c
+++ b/fs/9p/vfs_dir.c
@@ -70,7 +70,7 @@ static struct p9_rdir *v9fs_alloc_rdir_buf(struct file *filp, int buflen)
        struct p9_fid *fid = filp->private_data;
 
        if (!fid->rdir)
-               fid->rdir = kzalloc(sizeof(struct p9_rdir) + buflen, GFP_KERNEL);
+               fid->rdir = kvzalloc(sizeof(struct p9_rdir) + buflen, GFP_KERNEL);
        return fid->rdir;
 }
 

diff --git a/net/9p/client.c b/net/9p/client.c
index f0dcf252af7e12328aef2d637c117ab9acee1766..b7d9479100377e9ba1116651f9f3becf19bc8510 100644 (file)
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -765,7 +765,7 @@ static void p9_fid_destroy(struct p9_fid *fid)
        spin_lock_irqsave(&clnt->lock, flags);
        idr_remove(&clnt->fids, fid->fid);
        spin_unlock_irqrestore(&clnt->lock, flags);
-       kfree(fid->rdir);
+       kvfree(fid->rdir);
        kfree(fid);
 }