From 6d9c6d543165d1d492602c1371cb019040093584 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 8 Dec 2008 20:50:24 +0000 Subject: [CIFS] In SendReceive, move consistency check out of the mutexed region inbuf->smb_buf_length does not change in in wait_for_free_request() or in allocate_mid(), so we can check it early. Signed-off-by: Volker Lendecke Acked-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/transport.c | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) (limited to 'fs/cifs/transport.c') diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 4d076be46d9..e80210693ff 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -687,6 +687,12 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, to the same server. We may make this configurable later or use ses->maxReq */ + if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { + cERROR(1, ("Illegal length, greater than maximum frame, %d", + in_buf->smb_buf_length)); + return -EIO; + } + rc = wait_for_free_request(ses, long_op); if (rc) return rc; @@ -706,17 +712,6 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, return rc; } - if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { - cERROR(1, ("Illegal length, greater than maximum frame, %d", - in_buf->smb_buf_length)); - DeleteMidQEntry(midQ); - mutex_unlock(&ses->server->srv_mutex); - /* Update # of requests on wire to server */ - atomic_dec(&ses->server->inFlight); - wake_up(&ses->server->request_q); - return -EIO; - } - rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); midQ->midState = MID_REQUEST_SUBMITTED; @@ -925,6 +920,12 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, to the same server. We may make this configurable later or use ses->maxReq */ + if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { + cERROR(1, ("Illegal length, greater than maximum frame, %d", + in_buf->smb_buf_length)); + return -EIO; + } + rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); if (rc) return rc; @@ -941,14 +942,6 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, return rc; } - if (in_buf->smb_buf_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { - mutex_unlock(&ses->server->srv_mutex); - cERROR(1, ("Illegal length, greater than maximum frame, %d", - in_buf->smb_buf_length)); - DeleteMidQEntry(midQ); - return -EIO; - } - rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number); midQ->midState = MID_REQUEST_SUBMITTED; -- cgit v1.2.3-70-g09d2