diff options
Diffstat (limited to 'fs/cifs/misc.c')
-rw-r--r-- | fs/cifs/misc.c | 123 |
1 files changed, 101 insertions, 22 deletions
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 20ae4153f791..eba1de917f2a 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -34,8 +34,6 @@ extern mempool_t *cifs_sm_req_poolp; | |||
34 | extern mempool_t *cifs_req_poolp; | 34 | extern mempool_t *cifs_req_poolp; |
35 | extern struct task_struct * oplockThread; | 35 | extern struct task_struct * oplockThread; |
36 | 36 | ||
37 | static __u16 GlobalMid; /* multiplex id - rotating counter */ | ||
38 | |||
39 | /* The xid serves as a useful identifier for each incoming vfs request, | 37 | /* The xid serves as a useful identifier for each incoming vfs request, |
40 | in a similar way to the mid which is useful to track each sent smb, | 38 | in a similar way to the mid which is useful to track each sent smb, |
41 | and CurrentXid can also provide a running counter (although it | 39 | and CurrentXid can also provide a running counter (although it |
@@ -51,6 +49,8 @@ _GetXid(void) | |||
51 | GlobalTotalActiveXid++; | 49 | GlobalTotalActiveXid++; |
52 | if (GlobalTotalActiveXid > GlobalMaxActiveXid) | 50 | if (GlobalTotalActiveXid > GlobalMaxActiveXid) |
53 | GlobalMaxActiveXid = GlobalTotalActiveXid; /* keep high water mark for number of simultaneous vfs ops in our filesystem */ | 51 | GlobalMaxActiveXid = GlobalTotalActiveXid; /* keep high water mark for number of simultaneous vfs ops in our filesystem */ |
52 | if(GlobalTotalActiveXid > 65000) | ||
53 | cFYI(1,("warning: more than 65000 requests active")); | ||
54 | xid = GlobalCurrentXid++; | 54 | xid = GlobalCurrentXid++; |
55 | spin_unlock(&GlobalMid_Lock); | 55 | spin_unlock(&GlobalMid_Lock); |
56 | return xid; | 56 | return xid; |
@@ -218,6 +218,76 @@ cifs_small_buf_release(void *buf_to_free) | |||
218 | return; | 218 | return; |
219 | } | 219 | } |
220 | 220 | ||
221 | /* | ||
222 | Find a free multiplex id (SMB mid). Otherwise there could be | ||
223 | mid collisions which might cause problems, demultiplexing the | ||
224 | wrong response to this request. Multiplex ids could collide if | ||
225 | one of a series requests takes much longer than the others, or | ||
226 | if a very large number of long lived requests (byte range | ||
227 | locks or FindNotify requests) are pending. No more than | ||
228 | 64K-1 requests can be outstanding at one time. If no | ||
229 | mids are available, return zero. A future optimization | ||
230 | could make the combination of mids and uid the key we use | ||
231 | to demultiplex on (rather than mid alone). | ||
232 | In addition to the above check, the cifs demultiplex | ||
233 | code already used the command code as a secondary | ||
234 | check of the frame and if signing is negotiated the | ||
235 | response would be discarded if the mid were the same | ||
236 | but the signature was wrong. Since the mid is not put in the | ||
237 | pending queue until later (when it is about to be dispatched) | ||
238 | we do have to limit the number of outstanding requests | ||
239 | to somewhat less than 64K-1 although it is hard to imagine | ||
240 | so many threads being in the vfs at one time. | ||
241 | */ | ||
242 | __u16 GetNextMid(struct TCP_Server_Info *server) | ||
243 | { | ||
244 | __u16 mid = 0; | ||
245 | __u16 last_mid; | ||
246 | int collision; | ||
247 | |||
248 | if(server == NULL) | ||
249 | return mid; | ||
250 | |||
251 | spin_lock(&GlobalMid_Lock); | ||
252 | last_mid = server->CurrentMid; /* we do not want to loop forever */ | ||
253 | server->CurrentMid++; | ||
254 | /* This nested loop looks more expensive than it is. | ||
255 | In practice the list of pending requests is short, | ||
256 | fewer than 50, and the mids are likely to be unique | ||
257 | on the first pass through the loop unless some request | ||
258 | takes longer than the 64 thousand requests before it | ||
259 | (and it would also have to have been a request that | ||
260 | did not time out) */ | ||
261 | while(server->CurrentMid != last_mid) { | ||
262 | struct list_head *tmp; | ||
263 | struct mid_q_entry *mid_entry; | ||
264 | |||
265 | collision = 0; | ||
266 | if(server->CurrentMid == 0) | ||
267 | server->CurrentMid++; | ||
268 | |||
269 | list_for_each(tmp, &server->pending_mid_q) { | ||
270 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
271 | |||
272 | if ((mid_entry->mid == server->CurrentMid) && | ||
273 | (mid_entry->midState == MID_REQUEST_SUBMITTED)) { | ||
274 | /* This mid is in use, try a different one */ | ||
275 | collision = 1; | ||
276 | break; | ||
277 | } | ||
278 | } | ||
279 | if(collision == 0) { | ||
280 | mid = server->CurrentMid; | ||
281 | break; | ||
282 | } | ||
283 | server->CurrentMid++; | ||
284 | } | ||
285 | spin_unlock(&GlobalMid_Lock); | ||
286 | return mid; | ||
287 | } | ||
288 | |||
289 | /* NB: MID can not be set if treeCon not passed in, in that | ||
290 | case it is responsbility of caller to set the mid */ | ||
221 | void | 291 | void |
222 | header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | 292 | header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , |
223 | const struct cifsTconInfo *treeCon, int word_count | 293 | const struct cifsTconInfo *treeCon, int word_count |
@@ -233,7 +303,8 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
233 | (2 * word_count) + sizeof (struct smb_hdr) - | 303 | (2 * word_count) + sizeof (struct smb_hdr) - |
234 | 4 /* RFC 1001 length field does not count */ + | 304 | 4 /* RFC 1001 length field does not count */ + |
235 | 2 /* for bcc field itself */ ; | 305 | 2 /* for bcc field itself */ ; |
236 | /* Note that this is the only network field that has to be converted to big endian and it is done just before we send it */ | 306 | /* Note that this is the only network field that has to be converted |
307 | to big endian and it is done just before we send it */ | ||
237 | 308 | ||
238 | buffer->Protocol[0] = 0xFF; | 309 | buffer->Protocol[0] = 0xFF; |
239 | buffer->Protocol[1] = 'S'; | 310 | buffer->Protocol[1] = 'S'; |
@@ -245,8 +316,6 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
245 | buffer->Pid = cpu_to_le16((__u16)current->tgid); | 316 | buffer->Pid = cpu_to_le16((__u16)current->tgid); |
246 | buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); | 317 | buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); |
247 | spin_lock(&GlobalMid_Lock); | 318 | spin_lock(&GlobalMid_Lock); |
248 | GlobalMid++; | ||
249 | buffer->Mid = GlobalMid; | ||
250 | spin_unlock(&GlobalMid_Lock); | 319 | spin_unlock(&GlobalMid_Lock); |
251 | if (treeCon) { | 320 | if (treeCon) { |
252 | buffer->Tid = treeCon->tid; | 321 | buffer->Tid = treeCon->tid; |
@@ -256,8 +325,9 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
256 | if (treeCon->ses->capabilities & CAP_STATUS32) { | 325 | if (treeCon->ses->capabilities & CAP_STATUS32) { |
257 | buffer->Flags2 |= SMBFLG2_ERR_STATUS; | 326 | buffer->Flags2 |= SMBFLG2_ERR_STATUS; |
258 | } | 327 | } |
259 | 328 | /* Uid is not converted */ | |
260 | buffer->Uid = treeCon->ses->Suid; /* always in LE format */ | 329 | buffer->Uid = treeCon->ses->Suid; |
330 | buffer->Mid = GetNextMid(treeCon->ses->server); | ||
261 | if(multiuser_mount != 0) { | 331 | if(multiuser_mount != 0) { |
262 | /* For the multiuser case, there are few obvious technically */ | 332 | /* For the multiuser case, there are few obvious technically */ |
263 | /* possible mechanisms to match the local linux user (uid) */ | 333 | /* possible mechanisms to match the local linux user (uid) */ |
@@ -305,6 +375,8 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
305 | } | 375 | } |
306 | if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) | 376 | if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) |
307 | buffer->Flags2 |= SMBFLG2_DFS; | 377 | buffer->Flags2 |= SMBFLG2_DFS; |
378 | if (treeCon->nocase) | ||
379 | buffer->Flags |= SMBFLG_CASELESS; | ||
308 | if((treeCon->ses) && (treeCon->ses->server)) | 380 | if((treeCon->ses) && (treeCon->ses->server)) |
309 | if(treeCon->ses->server->secMode & | 381 | if(treeCon->ses->server->secMode & |
310 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) | 382 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) |
@@ -347,7 +419,8 @@ checkSMBhdr(struct smb_hdr *smb, __u16 mid) | |||
347 | int | 419 | int |
348 | checkSMB(struct smb_hdr *smb, __u16 mid, int length) | 420 | checkSMB(struct smb_hdr *smb, __u16 mid, int length) |
349 | { | 421 | { |
350 | __u32 len = be32_to_cpu(smb->smb_buf_length); | 422 | __u32 len = smb->smb_buf_length; |
423 | __u32 clc_len; /* calculated length */ | ||
351 | cFYI(0, | 424 | cFYI(0, |
352 | ("Entering checkSMB with Length: %x, smb_buf_length: %x ", | 425 | ("Entering checkSMB with Length: %x, smb_buf_length: %x ", |
353 | length, len)); | 426 | length, len)); |
@@ -368,23 +441,29 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) | |||
368 | cERROR(1, | 441 | cERROR(1, |
369 | ("smb_buf_length greater than MaxBufSize")); | 442 | ("smb_buf_length greater than MaxBufSize")); |
370 | cERROR(1, | 443 | cERROR(1, |
371 | ("bad smb detected. Illegal length. The mid=%d", | 444 | ("bad smb detected. Illegal length. mid=%d", |
372 | smb->Mid)); | 445 | smb->Mid)); |
373 | return 1; | 446 | return 1; |
374 | } | 447 | } |
375 | 448 | ||
376 | if (checkSMBhdr(smb, mid)) | 449 | if (checkSMBhdr(smb, mid)) |
377 | return 1; | 450 | return 1; |
378 | 451 | clc_len = smbCalcSize_LE(smb); | |
379 | if ((4 + len != smbCalcSize(smb)) | 452 | if ((4 + len != clc_len) |
380 | || (4 + len != (unsigned int)length)) { | 453 | || (4 + len != (unsigned int)length)) { |
381 | return 0; | 454 | cERROR(1, ("Calculated size 0x%x vs actual length 0x%x", |
382 | } else { | 455 | clc_len, 4 + len)); |
383 | cERROR(1, ("smbCalcSize %x ", smbCalcSize(smb))); | 456 | cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); |
384 | cERROR(1, | 457 | /* Windows XP can return a few bytes too much, presumably |
385 | ("bad smb size detected. The Mid=%d", smb->Mid)); | 458 | an illegal pad, at the end of byte range lock responses |
386 | return 1; | 459 | so we allow for up to eight byte pad, as long as actual |
460 | received length is as long or longer than calculated length */ | ||
461 | if((4+len > clc_len) && (len <= clc_len + 3)) | ||
462 | return 0; | ||
463 | else | ||
464 | return 1; | ||
387 | } | 465 | } |
466 | return 0; | ||
388 | } | 467 | } |
389 | int | 468 | int |
390 | is_valid_oplock_break(struct smb_hdr *buf) | 469 | is_valid_oplock_break(struct smb_hdr *buf) |
@@ -448,9 +527,7 @@ is_valid_oplock_break(struct smb_hdr *buf) | |||
448 | list_for_each(tmp, &GlobalTreeConnectionList) { | 527 | list_for_each(tmp, &GlobalTreeConnectionList) { |
449 | tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); | 528 | tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); |
450 | if (tcon->tid == buf->Tid) { | 529 | if (tcon->tid == buf->Tid) { |
451 | #ifdef CONFIG_CIFS_STATS | 530 | cifs_stats_inc(&tcon->num_oplock_brks); |
452 | atomic_inc(&tcon->num_oplock_brks); | ||
453 | #endif | ||
454 | list_for_each(tmp1,&tcon->openFileList){ | 531 | list_for_each(tmp1,&tcon->openFileList){ |
455 | netfile = list_entry(tmp1,struct cifsFileInfo, | 532 | netfile = list_entry(tmp1,struct cifsFileInfo, |
456 | tlist); | 533 | tlist); |
@@ -603,6 +680,7 @@ cifsConvertToUCS(__le16 * target, const char *source, int maxlen, | |||
603 | int i,j,charlen; | 680 | int i,j,charlen; |
604 | int len_remaining = maxlen; | 681 | int len_remaining = maxlen; |
605 | char src_char; | 682 | char src_char; |
683 | __u16 temp; | ||
606 | 684 | ||
607 | if(!mapChars) | 685 | if(!mapChars) |
608 | return cifs_strtoUCS((wchar_t *) target, source, PATH_MAX, cp); | 686 | return cifs_strtoUCS((wchar_t *) target, source, PATH_MAX, cp); |
@@ -639,13 +717,14 @@ cifsConvertToUCS(__le16 * target, const char *source, int maxlen, | |||
639 | break;*/ | 717 | break;*/ |
640 | default: | 718 | default: |
641 | charlen = cp->char2uni(source+i, | 719 | charlen = cp->char2uni(source+i, |
642 | len_remaining, target+j); | 720 | len_remaining, &temp); |
643 | /* if no match, use question mark, which | 721 | /* if no match, use question mark, which |
644 | at least in some cases servers as wild card */ | 722 | at least in some cases servers as wild card */ |
645 | if(charlen < 1) { | 723 | if(charlen < 1) { |
646 | target[j] = cpu_to_le16(0x003f); | 724 | target[j] = cpu_to_le16(0x003f); |
647 | charlen = 1; | 725 | charlen = 1; |
648 | } | 726 | } else |
727 | target[j] = cpu_to_le16(temp); | ||
649 | len_remaining -= charlen; | 728 | len_remaining -= charlen; |
650 | /* character may take more than one byte in the | 729 | /* character may take more than one byte in the |
651 | the source string, but will take exactly two | 730 | the source string, but will take exactly two |