Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: don't always drop malformed replies on the floor (try #3)
cifs: clean up checks in cifs_echo_request
[CIFS] Do not send SMBEcho requests on new sockets until SMBNegotiate

+34 -10
+3 -1
fs/cifs/cifsglob.h
··· 188 188 /* multiplexed reads or writes */ 189 189 unsigned int maxBuf; /* maxBuf specifies the maximum */ 190 190 /* message size the server can send or receive for non-raw SMBs */ 191 + /* maxBuf is returned by SMB NegotiateProtocol so maxBuf is only 0 */ 192 + /* when socket is setup (and during reconnect) before NegProt sent */ 191 193 unsigned int max_rw; /* maxRw specifies the maximum */ 192 194 /* message size the server can send or receive for */ 193 195 /* SMB_COM_WRITE_RAW or SMB_COM_READ_RAW. */ ··· 654 652 #define MID_REQUEST_SUBMITTED 2 655 653 #define MID_RESPONSE_RECEIVED 4 656 654 #define MID_RETRY_NEEDED 8 /* session closed while this request out */ 657 - #define MID_NO_RESP_NEEDED 0x10 655 + #define MID_RESPONSE_MALFORMED 0x10 658 656 659 657 /* Types of response buffer returned from SendReceive2 */ 660 658 #define CIFS_NO_BUFFER 0 /* Response buffer not returned */
+28 -9
fs/cifs/connect.c
··· 338 338 struct TCP_Server_Info, echo.work); 339 339 340 340 /* 341 - * We cannot send an echo until the NEGOTIATE_PROTOCOL request is done. 342 - * Also, no need to ping if we got a response recently 341 + * We cannot send an echo until the NEGOTIATE_PROTOCOL request is 342 + * done, which is indicated by maxBuf != 0. Also, no need to ping if 343 + * we got a response recently 343 344 */ 344 - if (server->tcpStatus != CifsGood || 345 + if (server->maxBuf == 0 || 345 346 time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ)) 346 347 goto requeue_echo; 347 348 ··· 586 585 total_read += 4; /* account for rfc1002 hdr */ 587 586 588 587 dump_smb(smb_buffer, total_read); 589 - if (checkSMB(smb_buffer, smb_buffer->Mid, total_read)) { 588 + 589 + /* 590 + * We know that we received enough to get to the MID as we 591 + * checked the pdu_length earlier. Now check to see 592 + * if the rest of the header is OK. We borrow the length 593 + * var for the rest of the loop to avoid a new stack var. 594 + * 595 + * 48 bytes is enough to display the header and a little bit 596 + * into the payload for debugging purposes. 597 + */ 598 + length = checkSMB(smb_buffer, smb_buffer->Mid, total_read); 599 + if (length != 0) 590 600 cifs_dump_mem("Bad SMB: ", smb_buffer, 591 - total_read < 48 ? total_read : 48); 592 - continue; 593 - } 601 + min_t(unsigned int, total_read, 48)); 594 602 595 603 mid_entry = NULL; 596 604 server->lstrp = jiffies; ··· 611 601 if ((mid_entry->mid == smb_buffer->Mid) && 612 602 (mid_entry->midState == MID_REQUEST_SUBMITTED) && 613 603 (mid_entry->command == smb_buffer->Command)) { 614 - if (check2ndT2(smb_buffer,server->maxBuf) > 0) { 604 + if (length == 0 && 605 + check2ndT2(smb_buffer, server->maxBuf) > 0) { 615 606 /* We have a multipart transact2 resp */ 616 607 isMultiRsp = true; 617 608 if (mid_entry->resp_buf) { ··· 647 636 mid_entry->resp_buf = smb_buffer; 648 637 mid_entry->largeBuf = isLargeBuf; 649 638 multi_t2_fnd: 650 - mid_entry->midState = MID_RESPONSE_RECEIVED; 639 + if (length == 0) 640 + mid_entry->midState = 641 + MID_RESPONSE_RECEIVED; 642 + else 643 + mid_entry->midState = 644 + MID_RESPONSE_MALFORMED; 651 645 #ifdef CONFIG_CIFS_STATS2 652 646 mid_entry->when_received = jiffies; 653 647 #endif ··· 673 657 else 674 658 smallbuf = NULL; 675 659 } 660 + } else if (length != 0) { 661 + /* response sanity checks failed */ 662 + continue; 676 663 } else if (!is_valid_oplock_break(smb_buffer, server) && 677 664 !isMultiRsp) { 678 665 cERROR(1, "No task to wake, unknown frame received! "
+3
fs/cifs/transport.c
··· 457 457 case MID_RETRY_NEEDED: 458 458 rc = -EAGAIN; 459 459 break; 460 + case MID_RESPONSE_MALFORMED: 461 + rc = -EIO; 462 + break; 460 463 default: 461 464 cERROR(1, "%s: invalid mid state mid=%d state=%d", __func__, 462 465 mid->mid, mid->midState);