diff options
Diffstat (limited to 'fs/cifs/cifssmb.c')
| -rw-r--r-- | fs/cifs/cifssmb.c | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 6d51696dc762..552642a507c4 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -1382,13 +1382,13 @@ openRetry: | |||
| 1382 | if (cpu_to_le32(FILE_CREATE) == pSMBr->CreateAction) | 1382 | if (cpu_to_le32(FILE_CREATE) == pSMBr->CreateAction) |
| 1383 | *pOplock |= CIFS_CREATE_ACTION; | 1383 | *pOplock |= CIFS_CREATE_ACTION; |
| 1384 | if (pfile_info) { | 1384 | if (pfile_info) { |
| 1385 | memcpy((char *)pfile_info, (char *)&pSMBr->CreationTime, | 1385 | memcpy((char *)pfile_info, (char *)&pSMBr->CreationTime, |
| 1386 | 36 /* CreationTime to Attributes */); | 1386 | 36 /* CreationTime to Attributes */); |
| 1387 | /* the file_info buf is endian converted by caller */ | 1387 | /* the file_info buf is endian converted by caller */ |
| 1388 | pfile_info->AllocationSize = pSMBr->AllocationSize; | 1388 | pfile_info->AllocationSize = pSMBr->AllocationSize; |
| 1389 | pfile_info->EndOfFile = pSMBr->EndOfFile; | 1389 | pfile_info->EndOfFile = pSMBr->EndOfFile; |
| 1390 | pfile_info->NumberOfLinks = cpu_to_le32(1); | 1390 | pfile_info->NumberOfLinks = cpu_to_le32(1); |
| 1391 | pfile_info->DeletePending = 0; | 1391 | pfile_info->DeletePending = 0; |
| 1392 | } | 1392 | } |
| 1393 | } | 1393 | } |
| 1394 | 1394 | ||
| @@ -1414,8 +1414,13 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon, const int netfid, | |||
| 1414 | cFYI(1, ("Reading %d bytes on fid %d", count, netfid)); | 1414 | cFYI(1, ("Reading %d bytes on fid %d", count, netfid)); |
| 1415 | if (tcon->ses->capabilities & CAP_LARGE_FILES) | 1415 | if (tcon->ses->capabilities & CAP_LARGE_FILES) |
| 1416 | wct = 12; | 1416 | wct = 12; |
| 1417 | else | 1417 | else { |
| 1418 | wct = 10; /* old style read */ | 1418 | wct = 10; /* old style read */ |
| 1419 | if ((lseek >> 32) > 0) { | ||
| 1420 | /* can not handle this big offset for old */ | ||
| 1421 | return -EIO; | ||
| 1422 | } | ||
| 1423 | } | ||
| 1419 | 1424 | ||
| 1420 | *nbytes = 0; | 1425 | *nbytes = 0; |
| 1421 | rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB); | 1426 | rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB); |
| @@ -1431,8 +1436,6 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon, const int netfid, | |||
| 1431 | pSMB->OffsetLow = cpu_to_le32(lseek & 0xFFFFFFFF); | 1436 | pSMB->OffsetLow = cpu_to_le32(lseek & 0xFFFFFFFF); |
| 1432 | if (wct == 12) | 1437 | if (wct == 12) |
| 1433 | pSMB->OffsetHigh = cpu_to_le32(lseek >> 32); | 1438 | pSMB->OffsetHigh = cpu_to_le32(lseek >> 32); |
| 1434 | else if ((lseek >> 32) > 0) /* can not handle this big offset for old */ | ||
| 1435 | return -EIO; | ||
| 1436 | 1439 | ||
| 1437 | pSMB->Remaining = 0; | 1440 | pSMB->Remaining = 0; |
| 1438 | pSMB->MaxCount = cpu_to_le16(count & 0xFFFF); | 1441 | pSMB->MaxCount = cpu_to_le16(count & 0xFFFF); |
| @@ -1519,8 +1522,13 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon, | |||
| 1519 | 1522 | ||
| 1520 | if (tcon->ses->capabilities & CAP_LARGE_FILES) | 1523 | if (tcon->ses->capabilities & CAP_LARGE_FILES) |
| 1521 | wct = 14; | 1524 | wct = 14; |
| 1522 | else | 1525 | else { |
| 1523 | wct = 12; | 1526 | wct = 12; |
| 1527 | if ((offset >> 32) > 0) { | ||
| 1528 | /* can not handle big offset for old srv */ | ||
| 1529 | return -EIO; | ||
| 1530 | } | ||
| 1531 | } | ||
| 1524 | 1532 | ||
| 1525 | rc = smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB, | 1533 | rc = smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB, |
| 1526 | (void **) &pSMBr); | 1534 | (void **) &pSMBr); |
| @@ -1535,8 +1543,6 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon, | |||
| 1535 | pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF); | 1543 | pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF); |
| 1536 | if (wct == 14) | 1544 | if (wct == 14) |
| 1537 | pSMB->OffsetHigh = cpu_to_le32(offset >> 32); | 1545 | pSMB->OffsetHigh = cpu_to_le32(offset >> 32); |
| 1538 | else if ((offset >> 32) > 0) /* can not handle big offset for old srv */ | ||
| 1539 | return -EIO; | ||
| 1540 | 1546 | ||
| 1541 | pSMB->Reserved = 0xFFFFFFFF; | 1547 | pSMB->Reserved = 0xFFFFFFFF; |
| 1542 | pSMB->WriteMode = 0; | 1548 | pSMB->WriteMode = 0; |
| @@ -1558,7 +1564,7 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon, | |||
| 1558 | pSMB->DataOffset = | 1564 | pSMB->DataOffset = |
| 1559 | cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); | 1565 | cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); |
| 1560 | if (buf) | 1566 | if (buf) |
| 1561 | memcpy(pSMB->Data, buf, bytes_sent); | 1567 | memcpy(pSMB->Data, buf, bytes_sent); |
| 1562 | else if (ubuf) { | 1568 | else if (ubuf) { |
| 1563 | if (copy_from_user(pSMB->Data, ubuf, bytes_sent)) { | 1569 | if (copy_from_user(pSMB->Data, ubuf, bytes_sent)) { |
| 1564 | cifs_buf_release(pSMB); | 1570 | cifs_buf_release(pSMB); |
| @@ -1621,10 +1627,15 @@ CIFSSMBWrite2(const int xid, struct cifsTconInfo *tcon, | |||
| 1621 | 1627 | ||
| 1622 | cFYI(1, ("write2 at %lld %d bytes", (long long)offset, count)); | 1628 | cFYI(1, ("write2 at %lld %d bytes", (long long)offset, count)); |
| 1623 | 1629 | ||
| 1624 | if (tcon->ses->capabilities & CAP_LARGE_FILES) | 1630 | if (tcon->ses->capabilities & CAP_LARGE_FILES) { |
| 1625 | wct = 14; | 1631 | wct = 14; |
| 1626 | else | 1632 | } else { |
| 1627 | wct = 12; | 1633 | wct = 12; |
| 1634 | if ((offset >> 32) > 0) { | ||
| 1635 | /* can not handle big offset for old srv */ | ||
| 1636 | return -EIO; | ||
| 1637 | } | ||
| 1638 | } | ||
| 1628 | rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB); | 1639 | rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB); |
| 1629 | if (rc) | 1640 | if (rc) |
| 1630 | return rc; | 1641 | return rc; |
| @@ -1637,8 +1648,6 @@ CIFSSMBWrite2(const int xid, struct cifsTconInfo *tcon, | |||
| 1637 | pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF); | 1648 | pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF); |
| 1638 | if (wct == 14) | 1649 | if (wct == 14) |
| 1639 | pSMB->OffsetHigh = cpu_to_le32(offset >> 32); | 1650 | pSMB->OffsetHigh = cpu_to_le32(offset >> 32); |
| 1640 | else if ((offset >> 32) > 0) /* can not handle big offset for old srv */ | ||
| 1641 | return -EIO; | ||
| 1642 | pSMB->Reserved = 0xFFFFFFFF; | 1651 | pSMB->Reserved = 0xFFFFFFFF; |
| 1643 | pSMB->WriteMode = 0; | 1652 | pSMB->WriteMode = 0; |
| 1644 | pSMB->Remaining = 0; | 1653 | pSMB->Remaining = 0; |
| @@ -1862,10 +1871,6 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, | |||
| 1862 | rc = -EIO; /* bad smb */ | 1871 | rc = -EIO; /* bad smb */ |
| 1863 | goto plk_err_exit; | 1872 | goto plk_err_exit; |
| 1864 | } | 1873 | } |
| 1865 | if (pLockData == NULL) { | ||
| 1866 | rc = -EINVAL; | ||
| 1867 | goto plk_err_exit; | ||
| 1868 | } | ||
| 1869 | data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 1874 | data_offset = le16_to_cpu(pSMBr->t2.DataOffset); |
| 1870 | data_count = le16_to_cpu(pSMBr->t2.DataCount); | 1875 | data_count = le16_to_cpu(pSMBr->t2.DataCount); |
| 1871 | if (data_count < sizeof(struct cifs_posix_lock)) { | 1876 | if (data_count < sizeof(struct cifs_posix_lock)) { |