summaryrefslogtreecommitdiffstats
path: root/fs/cifs/transport.c
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-12-08 20:50:24 +0000
committerSteve French <sfrench@us.ibm.com>2008-12-26 02:29:11 +0000
commit6d9c6d543165d1d492602c1371cb019040093584 (patch)
tree3d6dd213995db201d84dfa1f1e5410edef9dab13 /fs/cifs/transport.c
parent00e485b0198ea4f509341373f1d9adb0a5977a2f (diff)
downloadkernel-crypto-6d9c6d543165d1d492602c1371cb019040093584.tar.gz
kernel-crypto-6d9c6d543165d1d492602c1371cb019040093584.tar.xz
kernel-crypto-6d9c6d543165d1d492602c1371cb019040093584.zip
[CIFS] In SendReceive, move consistency check out of the mutexed region
inbuf->smb_buf_length does not change in in wait_for_free_request() or in allocate_mid(), so we can check it early. Signed-off-by: Volker Lendecke <vl@samba.org> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/transport.c')
-rw-r--r--fs/cifs/transport.c31
1 files changed, 12 insertions, 19 deletions
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 4d076be46d9..e80210693ff 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
to the same server. We may make this configurable later or
use ses->maxReq */
+ if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
+ cERROR(1, ("Illegal length, greater than maximum frame, %d",
+ in_buf->smb_buf_length));
+ return -EIO;
+ }
+
rc = wait_for_free_request(ses, long_op);
if (rc)
return rc;
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
return rc;
}
- if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
- cERROR(1, ("Illegal length, greater than maximum frame, %d",
- in_buf->smb_buf_length));
- DeleteMidQEntry(midQ);
- mutex_unlock(&ses->server->srv_mutex);
- /* Update # of requests on wire to server */
- atomic_dec(&ses->server->inFlight);
- wake_up(&ses->server->request_q);
- return -EIO;
- }
-
rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
midQ->midState = MID_REQUEST_SUBMITTED;
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
to the same server. We may make this configurable later or
use ses->maxReq */
+ if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
+ cERROR(1, ("Illegal length, greater than maximum frame, %d",
+ in_buf->smb_buf_length));
+ return -EIO;
+ }
+
rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
if (rc)
return rc;
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
return rc;
}
- if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
- mutex_unlock(&ses->server->srv_mutex);
- cERROR(1, ("Illegal length, greater than maximum frame, %d",
- in_buf->smb_buf_length));
- DeleteMidQEntry(midQ);
- return -EIO;
- }
-
rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
midQ->midState = MID_REQUEST_SUBMITTED;