From: Dave Jones <davej@redhat.com>

Remove a local 1k array.


---

 25-akpm/net/sunrpc/auth_gss/auth_gss.c |   25 +++++++++++++++++++------
 1 files changed, 19 insertions(+), 6 deletions(-)

diff -puN net/sunrpc/auth_gss/auth_gss.c~nfs4-stack-reduction net/sunrpc/auth_gss/auth_gss.c
--- 25/net/sunrpc/auth_gss/auth_gss.c~nfs4-stack-reduction	2004-05-16 01:57:05.510764264 -0700
+++ 25-akpm/net/sunrpc/auth_gss/auth_gss.c	2004-05-16 02:00:21.141023944 -0700
@@ -426,13 +426,13 @@ gss_pipe_upcall(struct file *filp, struc
 	return mlen;
 }
 
+#define MSG_BUF_SIZE	1024
+
 static ssize_t
 gss_pipe_downcall(struct file *filp, const char *src, size_t mlen)
 {
-	char buf[1024];
 	struct xdr_netobj obj = {
 		.len	= mlen,
-		.data	= buf,
 	};
 	struct inode *inode = filp->f_dentry->d_inode;
 	struct rpc_inode *rpci = RPC_I(inode);
@@ -448,11 +448,19 @@ gss_pipe_downcall(struct file *filp, con
 	int err;
 	int gss_err;
 
-	if (mlen > sizeof(buf))
+	obj.data = kmalloc(MSG_BUF_SIZE, GFP_NOFS);
+	if (!obj.data)
+		return -ENOMEM;
+
+	if (mlen > MSG_BUF_SIZE) {
+		kfree(obj.data);
 		return -ENOSPC;
-	left = copy_from_user(buf, src, mlen);
-	if (left)
-		return -EFAULT;
+	}
+	left = copy_from_user(obj.data, src, mlen);
+	if (left) {
+		err = -EFAULT;
+		goto out;
+	}
 	clnt = rpci->private;
 	atomic_inc(&clnt->cl_users);
 	auth = clnt->cl_auth;
@@ -477,15 +485,20 @@ gss_pipe_downcall(struct file *filp, con
 	} else
 		spin_unlock(&gss_auth->lock);
 	rpc_release_client(clnt);
+	kfree (obj.data);
 	return mlen;
 err:
 	if (ctx)
 		gss_destroy_ctx(ctx);
 	rpc_release_client(clnt);
 	dprintk("RPC: gss_pipe_downcall returning %d\n", err);
+out:
+	kfree(obj.data);
 	return err;
 }
 
+#undef MSG_BUF_SIZE
+
 static void
 gss_pipe_release(struct inode *inode)
 {

_