aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-12-08 15:50:24 -0500
committerSteve French <sfrench@us.ibm.com>2008-12-25 21:29:11 -0500
commit6d9c6d543165d1d492602c1371cb019040093584 (patch)
tree3d6dd213995db201d84dfa1f1e5410edef9dab13
parent00e485b0198ea4f509341373f1d9adb0a5977a2f (diff)
[CIFS] In SendReceive, move consistency check out of the mutexed region
inbuf->smb_buf_length does not change in in wait_for_free_request() or in allocate_mid(), so we can check it early. Signed-off-by: Volker Lendecke <vl@samba.org> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/transport.c31
1 files changed, 12 insertions, 19 deletions
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 4d076be46d90..e80210693ff7 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
687 to the same server. We may make this configurable later or 687 to the same server. We may make this configurable later or
688 use ses->maxReq */ 688 use ses->maxReq */
689 689
690 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
691 cERROR(1, ("Illegal length, greater than maximum frame, %d",
692 in_buf->smb_buf_length));
693 return -EIO;
694 }
695
690 rc = wait_for_free_request(ses, long_op); 696 rc = wait_for_free_request(ses, long_op);
691 if (rc) 697 if (rc)
692 return rc; 698 return rc;
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
706 return rc; 712 return rc;
707 } 713 }
708 714
709 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
710 cERROR(1, ("Illegal length, greater than maximum frame, %d",
711 in_buf->smb_buf_length));
712 DeleteMidQEntry(midQ);
713 mutex_unlock(&ses->server->srv_mutex);
714 /* Update # of requests on wire to server */
715 atomic_dec(&ses->server->inFlight);
716 wake_up(&ses->server->request_q);
717 return -EIO;
718 }
719
720 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); 715 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
721 716
722 midQ->midState = MID_REQUEST_SUBMITTED; 717 midQ->midState = MID_REQUEST_SUBMITTED;
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
925 to the same server. We may make this configurable later or 920 to the same server. We may make this configurable later or
926 use ses->maxReq */ 921 use ses->maxReq */
927 922
923 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
924 cERROR(1, ("Illegal length, greater than maximum frame, %d",
925 in_buf->smb_buf_length));
926 return -EIO;
927 }
928
928 rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); 929 rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
929 if (rc) 930 if (rc)
930 return rc; 931 return rc;
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
941 return rc; 942 return rc;
942 } 943 }
943 944
944 if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
945 mutex_unlock(&ses->server->srv_mutex);
946 cERROR(1, ("Illegal length, greater than maximum frame, %d",
947 in_buf->smb_buf_length));
948 DeleteMidQEntry(midQ);
949 return -EIO;
950 }
951
952 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); 945 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
953 946
954 midQ->midState = MID_REQUEST_SUBMITTED; 947 midQ->midState = MID_REQUEST_SUBMITTED;