diff options
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/cifssmb.c | 32 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 11 | ||||
| -rw-r--r-- | fs/cifs/file.c | 2 | ||||
| -rw-r--r-- | fs/cifs/sess.c | 4 |
4 files changed, 18 insertions, 31 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index b7df4bff3aaa..602326fa4a4f 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -453,8 +453,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) | |||
| 453 | } | 453 | } |
| 454 | server->sec_mode = (__u8)le16_to_cpu(rsp->SecurityMode); | 454 | server->sec_mode = (__u8)le16_to_cpu(rsp->SecurityMode); |
| 455 | server->maxReq = le16_to_cpu(rsp->MaxMpxCount); | 455 | server->maxReq = le16_to_cpu(rsp->MaxMpxCount); |
| 456 | server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize), | 456 | server->maxBuf = le16_to_cpu(rsp->MaxBufSize); |
| 457 | (__u32)CIFSMaxBufSize + MAX_CIFS_HDR_SIZE); | ||
| 458 | server->max_vcs = le16_to_cpu(rsp->MaxNumberVcs); | 457 | server->max_vcs = le16_to_cpu(rsp->MaxNumberVcs); |
| 459 | /* even though we do not use raw we might as well set this | 458 | /* even though we do not use raw we might as well set this |
| 460 | accurately, in case we ever find a need for it */ | 459 | accurately, in case we ever find a need for it */ |
| @@ -561,8 +560,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses) | |||
| 561 | little endian */ | 560 | little endian */ |
| 562 | server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount); | 561 | server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount); |
| 563 | /* probably no need to store and check maxvcs */ | 562 | /* probably no need to store and check maxvcs */ |
| 564 | server->maxBuf = min(le32_to_cpu(pSMBr->MaxBufferSize), | 563 | server->maxBuf = le32_to_cpu(pSMBr->MaxBufferSize); |
| 565 | (__u32) CIFSMaxBufSize + MAX_CIFS_HDR_SIZE); | ||
| 566 | server->max_rw = le32_to_cpu(pSMBr->MaxRawSize); | 564 | server->max_rw = le32_to_cpu(pSMBr->MaxRawSize); |
| 567 | cFYI(DBG2, "Max buf = %d", ses->server->maxBuf); | 565 | cFYI(DBG2, "Max buf = %d", ses->server->maxBuf); |
| 568 | server->capabilities = le32_to_cpu(pSMBr->Capabilities); | 566 | server->capabilities = le32_to_cpu(pSMBr->Capabilities); |
| @@ -2812,8 +2810,7 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifs_tcon *tcon, | |||
| 2812 | pSMB->TotalDataCount = 0; | 2810 | pSMB->TotalDataCount = 0; |
| 2813 | pSMB->MaxParameterCount = cpu_to_le32(2); | 2811 | pSMB->MaxParameterCount = cpu_to_le32(2); |
| 2814 | /* BB find exact data count max from sess structure BB */ | 2812 | /* BB find exact data count max from sess structure BB */ |
| 2815 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | 2813 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 2816 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 2817 | pSMB->MaxSetupCount = 4; | 2814 | pSMB->MaxSetupCount = 4; |
| 2818 | pSMB->Reserved = 0; | 2815 | pSMB->Reserved = 0; |
| 2819 | pSMB->ParameterOffset = 0; | 2816 | pSMB->ParameterOffset = 0; |
| @@ -3306,8 +3303,7 @@ smb_init_nttransact(const __u16 sub_command, const int setup_count, | |||
| 3306 | pSMB->Reserved = 0; | 3303 | pSMB->Reserved = 0; |
| 3307 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); | 3304 | pSMB->TotalParameterCount = cpu_to_le32(parm_len); |
| 3308 | pSMB->TotalDataCount = 0; | 3305 | pSMB->TotalDataCount = 0; |
| 3309 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | 3306 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 3310 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 3311 | pSMB->ParameterCount = pSMB->TotalParameterCount; | 3307 | pSMB->ParameterCount = pSMB->TotalParameterCount; |
| 3312 | pSMB->DataCount = pSMB->TotalDataCount; | 3308 | pSMB->DataCount = pSMB->TotalDataCount; |
| 3313 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + | 3309 | temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + |
| @@ -3977,8 +3973,7 @@ findFirstRetry: | |||
| 3977 | params = 12 + name_len /* includes null */ ; | 3973 | params = 12 + name_len /* includes null */ ; |
| 3978 | pSMB->TotalDataCount = 0; /* no EAs */ | 3974 | pSMB->TotalDataCount = 0; /* no EAs */ |
| 3979 | pSMB->MaxParameterCount = cpu_to_le16(10); | 3975 | pSMB->MaxParameterCount = cpu_to_le16(10); |
| 3980 | pSMB->MaxDataCount = cpu_to_le16((tcon->ses->server->maxBuf - | 3976 | pSMB->MaxDataCount = cpu_to_le16(CIFSMaxBufSize & 0xFFFFFF00); |
| 3981 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 3982 | pSMB->MaxSetupCount = 0; | 3977 | pSMB->MaxSetupCount = 0; |
| 3983 | pSMB->Reserved = 0; | 3978 | pSMB->Reserved = 0; |
| 3984 | pSMB->Flags = 0; | 3979 | pSMB->Flags = 0; |
| @@ -4052,8 +4047,7 @@ findFirstRetry: | |||
| 4052 | psrch_inf->index_of_last_entry = 2 /* skip . and .. */ + | 4047 | psrch_inf->index_of_last_entry = 2 /* skip . and .. */ + |
| 4053 | psrch_inf->entries_in_buffer; | 4048 | psrch_inf->entries_in_buffer; |
| 4054 | lnoff = le16_to_cpu(parms->LastNameOffset); | 4049 | lnoff = le16_to_cpu(parms->LastNameOffset); |
| 4055 | if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE < | 4050 | if (CIFSMaxBufSize < lnoff) { |
| 4056 | lnoff) { | ||
| 4057 | cERROR(1, "ignoring corrupt resume name"); | 4051 | cERROR(1, "ignoring corrupt resume name"); |
| 4058 | psrch_inf->last_entry = NULL; | 4052 | psrch_inf->last_entry = NULL; |
| 4059 | return rc; | 4053 | return rc; |
| @@ -4097,9 +4091,7 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon, | |||
| 4097 | byte_count = 0; | 4091 | byte_count = 0; |
| 4098 | pSMB->TotalDataCount = 0; /* no EAs */ | 4092 | pSMB->TotalDataCount = 0; /* no EAs */ |
| 4099 | pSMB->MaxParameterCount = cpu_to_le16(8); | 4093 | pSMB->MaxParameterCount = cpu_to_le16(8); |
| 4100 | pSMB->MaxDataCount = | 4094 | pSMB->MaxDataCount = cpu_to_le16(CIFSMaxBufSize & 0xFFFFFF00); |
| 4101 | cpu_to_le16((tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE) & | ||
| 4102 | 0xFFFFFF00); | ||
| 4103 | pSMB->MaxSetupCount = 0; | 4095 | pSMB->MaxSetupCount = 0; |
| 4104 | pSMB->Reserved = 0; | 4096 | pSMB->Reserved = 0; |
| 4105 | pSMB->Flags = 0; | 4097 | pSMB->Flags = 0; |
| @@ -4181,8 +4173,7 @@ int CIFSFindNext(const int xid, struct cifs_tcon *tcon, | |||
| 4181 | psrch_inf->index_of_last_entry += | 4173 | psrch_inf->index_of_last_entry += |
| 4182 | psrch_inf->entries_in_buffer; | 4174 | psrch_inf->entries_in_buffer; |
| 4183 | lnoff = le16_to_cpu(parms->LastNameOffset); | 4175 | lnoff = le16_to_cpu(parms->LastNameOffset); |
| 4184 | if (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE < | 4176 | if (CIFSMaxBufSize < lnoff) { |
| 4185 | lnoff) { | ||
| 4186 | cERROR(1, "ignoring corrupt resume name"); | 4177 | cERROR(1, "ignoring corrupt resume name"); |
| 4187 | psrch_inf->last_entry = NULL; | 4178 | psrch_inf->last_entry = NULL; |
| 4188 | return rc; | 4179 | return rc; |
| @@ -6035,12 +6026,7 @@ int CIFSSMBNotify(const int xid, struct cifs_tcon *tcon, | |||
| 6035 | pSMB->TotalParameterCount = 0 ; | 6026 | pSMB->TotalParameterCount = 0 ; |
| 6036 | pSMB->TotalDataCount = 0; | 6027 | pSMB->TotalDataCount = 0; |
| 6037 | pSMB->MaxParameterCount = cpu_to_le32(2); | 6028 | pSMB->MaxParameterCount = cpu_to_le32(2); |
| 6038 | /* BB find exact data count max from sess structure BB */ | 6029 | pSMB->MaxDataCount = cpu_to_le32(CIFSMaxBufSize & 0xFFFFFF00); |
| 6039 | pSMB->MaxDataCount = 0; /* same in little endian or be */ | ||
| 6040 | /* BB VERIFY verify which is correct for above BB */ | ||
| 6041 | pSMB->MaxDataCount = cpu_to_le32((tcon->ses->server->maxBuf - | ||
| 6042 | MAX_CIFS_HDR_SIZE) & 0xFFFFFF00); | ||
| 6043 | |||
| 6044 | pSMB->MaxSetupCount = 4; | 6030 | pSMB->MaxSetupCount = 4; |
| 6045 | pSMB->Reserved = 0; | 6031 | pSMB->Reserved = 0; |
| 6046 | pSMB->ParameterOffset = 0; | 6032 | pSMB->ParameterOffset = 0; |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 71beb0201970..a0077a5e0669 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -181,7 +181,7 @@ cifs_reconnect(struct TCP_Server_Info *server) | |||
| 181 | -EINVAL = invalid transact2 | 181 | -EINVAL = invalid transact2 |
| 182 | 182 | ||
| 183 | */ | 183 | */ |
| 184 | static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize) | 184 | static int check2ndT2(struct smb_hdr *pSMB) |
| 185 | { | 185 | { |
| 186 | struct smb_t2_rsp *pSMBt; | 186 | struct smb_t2_rsp *pSMBt; |
| 187 | int remaining; | 187 | int remaining; |
| @@ -214,9 +214,9 @@ static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize) | |||
| 214 | 214 | ||
| 215 | cFYI(1, "missing %d bytes from transact2, check next response", | 215 | cFYI(1, "missing %d bytes from transact2, check next response", |
| 216 | remaining); | 216 | remaining); |
| 217 | if (total_data_size > maxBufSize) { | 217 | if (total_data_size > CIFSMaxBufSize) { |
| 218 | cERROR(1, "TotalDataSize %d is over maximum buffer %d", | 218 | cERROR(1, "TotalDataSize %d is over maximum buffer %d", |
| 219 | total_data_size, maxBufSize); | 219 | total_data_size, CIFSMaxBufSize); |
| 220 | return -EINVAL; | 220 | return -EINVAL; |
| 221 | } | 221 | } |
| 222 | return remaining; | 222 | return remaining; |
| @@ -486,7 +486,7 @@ find_cifs_mid(struct TCP_Server_Info *server, struct smb_hdr *buf, | |||
| 486 | mid->command != buf->Command) | 486 | mid->command != buf->Command) |
| 487 | continue; | 487 | continue; |
| 488 | 488 | ||
| 489 | if (*length == 0 && check2ndT2(buf, server->maxBuf) > 0) { | 489 | if (*length == 0 && check2ndT2(buf) > 0) { |
| 490 | /* We have a multipart transact2 resp */ | 490 | /* We have a multipart transact2 resp */ |
| 491 | *is_multi_rsp = true; | 491 | *is_multi_rsp = true; |
| 492 | if (mid->resp_buf) { | 492 | if (mid->resp_buf) { |
| @@ -3130,8 +3130,7 @@ try_mount_again: | |||
| 3130 | cFYI(DBG2, "no very large read support, rsize now 127K"); | 3130 | cFYI(DBG2, "no very large read support, rsize now 127K"); |
| 3131 | } | 3131 | } |
| 3132 | if (!(tcon->ses->capabilities & CAP_LARGE_READ_X)) | 3132 | if (!(tcon->ses->capabilities & CAP_LARGE_READ_X)) |
| 3133 | cifs_sb->rsize = min(cifs_sb->rsize, | 3133 | cifs_sb->rsize = min(cifs_sb->rsize, CIFSMaxBufSize); |
| 3134 | (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); | ||
| 3135 | 3134 | ||
| 3136 | cifs_sb->wsize = cifs_negotiate_wsize(tcon, volume_info); | 3135 | cifs_sb->wsize = cifs_negotiate_wsize(tcon, volume_info); |
| 3137 | 3136 | ||
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 9f41a10523a1..fd57165f55fa 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
| @@ -1868,7 +1868,7 @@ static ssize_t cifs_read(struct file *file, char *read_data, size_t read_size, | |||
| 1868 | if ((pTcon->ses) && | 1868 | if ((pTcon->ses) && |
| 1869 | !(pTcon->ses->capabilities & CAP_LARGE_FILES)) { | 1869 | !(pTcon->ses->capabilities & CAP_LARGE_FILES)) { |
| 1870 | current_read_size = min_t(const int, current_read_size, | 1870 | current_read_size = min_t(const int, current_read_size, |
| 1871 | pTcon->ses->server->maxBuf - 128); | 1871 | CIFSMaxBufSize); |
| 1872 | } | 1872 | } |
| 1873 | rc = -EAGAIN; | 1873 | rc = -EAGAIN; |
| 1874 | while (rc == -EAGAIN) { | 1874 | while (rc == -EAGAIN) { |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d3e619692ee0..c7d80e24f24e 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -124,7 +124,9 @@ static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB) | |||
| 124 | /* that we use in next few lines */ | 124 | /* that we use in next few lines */ |
| 125 | /* Note that header is initialized to zero in header_assemble */ | 125 | /* Note that header is initialized to zero in header_assemble */ |
| 126 | pSMB->req.AndXCommand = 0xFF; | 126 | pSMB->req.AndXCommand = 0xFF; |
| 127 | pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf); | 127 | pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32, |
| 128 | CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4, | ||
| 129 | USHRT_MAX)); | ||
| 128 | pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq); | 130 | pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq); |
| 129 | pSMB->req.VcNumber = get_next_vcnum(ses); | 131 | pSMB->req.VcNumber = get_next_vcnum(ses); |
| 130 | 132 | ||