diff options
author | Volker Lendecke <vl@samba.org> | 2008-12-08 15:50:24 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-12-25 21:29:11 -0500 |
commit | 6d9c6d543165d1d492602c1371cb019040093584 (patch) | |
tree | 3d6dd213995db201d84dfa1f1e5410edef9dab13 | |
parent | 00e485b0198ea4f509341373f1d9adb0a5977a2f (diff) |
[CIFS] In SendReceive, move consistency check out of the mutexed region
inbuf->smb_buf_length does not change in in wait_for_free_request() or in
allocate_mid(), so we can check it early.
Signed-off-by: Volker Lendecke <vl@samba.org>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/transport.c | 31 |
1 files changed, 12 insertions, 19 deletions
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 4d076be46d90..e80210693ff7 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c | |||
@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, | |||
687 | to the same server. We may make this configurable later or | 687 | to the same server. We may make this configurable later or |
688 | use ses->maxReq */ | 688 | use ses->maxReq */ |
689 | 689 | ||
690 | if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { | ||
691 | cERROR(1, ("Illegal length, greater than maximum frame, %d", | ||
692 | in_buf->smb_buf_length)); | ||
693 | return -EIO; | ||
694 | } | ||
695 | |||
690 | rc = wait_for_free_request(ses, long_op); | 696 | rc = wait_for_free_request(ses, long_op); |
691 | if (rc) | 697 | if (rc) |
692 | return rc; | 698 | return rc; |
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, | |||
706 | return rc; | 712 | return rc; |
707 | } | 713 | } |
708 | 714 | ||
709 | if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { | ||
710 | cERROR(1, ("Illegal length, greater than maximum frame, %d", | ||
711 | in_buf->smb_buf_length)); | ||
712 | DeleteMidQEntry(midQ); | ||
713 | mutex_unlock(&ses->server->srv_mutex); | ||
714 | /* Update # of requests on wire to server */ | ||
715 | atomic_dec(&ses->server->inFlight); | ||
716 | wake_up(&ses->server->request_q); | ||
717 | return -EIO; | ||
718 | } | ||
719 | |||
720 | rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); | 715 | rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); |
721 | 716 | ||
722 | midQ->midState = MID_REQUEST_SUBMITTED; | 717 | midQ->midState = MID_REQUEST_SUBMITTED; |
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, | |||
925 | to the same server. We may make this configurable later or | 920 | to the same server. We may make this configurable later or |
926 | use ses->maxReq */ | 921 | use ses->maxReq */ |
927 | 922 | ||
923 | if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { | ||
924 | cERROR(1, ("Illegal length, greater than maximum frame, %d", | ||
925 | in_buf->smb_buf_length)); | ||
926 | return -EIO; | ||
927 | } | ||
928 | |||
928 | rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); | 929 | rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); |
929 | if (rc) | 930 | if (rc) |
930 | return rc; | 931 | return rc; |
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, | |||
941 | return rc; | 942 | return rc; |
942 | } | 943 | } |
943 | 944 | ||
944 | if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { | ||
945 | mutex_unlock(&ses->server->srv_mutex); | ||
946 | cERROR(1, ("Illegal length, greater than maximum frame, %d", | ||
947 | in_buf->smb_buf_length)); | ||
948 | DeleteMidQEntry(midQ); | ||
949 | return -EIO; | ||
950 | } | ||
951 | |||
952 | rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); | 945 | rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); |
953 | 946 | ||
954 | midQ->midState = MID_REQUEST_SUBMITTED; | 947 | midQ->midState = MID_REQUEST_SUBMITTED; |