Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6d9c6d54 authored by Volker Lendecke's avatar Volker Lendecke Committed by Steve French
Browse files

[CIFS] In SendReceive, move consistency check out of the mutexed region 



inbuf->smb_buf_length does not change in in wait_for_free_request() or in
allocate_mid(), so we can check it early.

Signed-off-by: default avatarVolker Lendecke <vl@samba.org>
Acked-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 00e485b0

fs/cifs/transport.c

+12 −19
Original line number Diff line number Diff line
@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, 
	   to the same server. We may make this configurable later or

	   use ses->maxReq */



	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {

		cERROR(1, ("Illegal length, greater than maximum frame, %d",

			   in_buf->smb_buf_length));

		return -EIO;

	}



	rc = wait_for_free_request(ses, long_op);

	if (rc)

		return rc;
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, 
		return rc;

	}



	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {

		cERROR(1, ("Illegal length, greater than maximum frame, %d",

			in_buf->smb_buf_length));

		DeleteMidQEntry(midQ);

		mutex_unlock(&ses->server->srv_mutex);

		/* Update # of requests on wire to server */

		atomic_dec(&ses->server->inFlight);

		wake_up(&ses->server->request_q);

		return -EIO;

	}



	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);



	midQ->midState = MID_REQUEST_SUBMITTED;
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, 
	   to the same server. We may make this configurable later or

	   use ses->maxReq */



	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {

		cERROR(1, ("Illegal length, greater than maximum frame, %d",

			   in_buf->smb_buf_length));

		return -EIO;

	}



	rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);

	if (rc)

		return rc;
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, 
		return rc;

	}



	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {

		mutex_unlock(&ses->server->srv_mutex);

		cERROR(1, ("Illegal length, greater than maximum frame, %d",

			in_buf->smb_buf_length));

		DeleteMidQEntry(midQ);

		return -EIO;

	}



	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);



	midQ->midState = MID_REQUEST_SUBMITTED;