Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
phyus
/
linux-vybrid_public
8
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Browse Source

[CIFS] In SendReceive, move consistency check out of the mutexed region

inbuf->smb_buf_length does not change in in wait_for_free_request() or in
allocate_mid(), so we can check it early.

Signed-off-by: Volker Lendecke <vl@samba.org>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Volker Lendecke 16 năm trước cách đây
mục cha
00e485b019
commit
6d9c6d5431
1 tập tin đã thay đổi với 12 bổ sung19 xóa
Split View Hiển thị tình trạng sai khác
  1. 12 19
      fs/cifs/transport.c

+ 12 - 19
fs/cifs/transport.c
Xem Tập Tin 

@@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
 
 	   to the same server. We may make this configurable later or
 
 	   use ses->maxReq */
 
 
+	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
 
+		cERROR(1, ("Illegal length, greater than maximum frame, %d",
 
+			   in_buf->smb_buf_length));
 
+		return -EIO;
 
+	}
 
+
 
 	rc = wait_for_free_request(ses, long_op);
 
 	if (rc)
 
 		return rc;
 
@@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
 
 		return rc;
 
 	}
 
 
-	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
 
-		cERROR(1, ("Illegal length, greater than maximum frame, %d",
 
-			in_buf->smb_buf_length));
 
-		DeleteMidQEntry(midQ);
 
-		mutex_unlock(&ses->server->srv_mutex);
 
-		/* Update # of requests on wire to server */
 
-		atomic_dec(&ses->server->inFlight);
 
-		wake_up(&ses->server->request_q);
 
-		return -EIO;
 
-	}
 
-
 
 	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
 
 
 	midQ->midState = MID_REQUEST_SUBMITTED;
 
@@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
 
 	   to the same server. We may make this configurable later or
 
 	   use ses->maxReq */
 
 
+	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
 
+		cERROR(1, ("Illegal length, greater than maximum frame, %d",
 
+			   in_buf->smb_buf_length));
 
+		return -EIO;
 
+	}
 
+
 
 	rc = wait_for_free_request(ses, CIFS_BLOCKING_OP);
 
 	if (rc)
 
 		return rc;
 
@@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
 
 		return rc;
 
 	}
 
 
-	if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
 
-		mutex_unlock(&ses->server->srv_mutex);
 
-		cERROR(1, ("Illegal length, greater than maximum frame, %d",
 
-			in_buf->smb_buf_length));
 
-		DeleteMidQEntry(midQ);
 
-		return -EIO;
 
-	}
 
-
 
 	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
 
 
 	midQ->midState = MID_REQUEST_SUBMITTED;