Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-15 01:24:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cifs: better instrumentation for coalesce_t2

Browse Source 
When coalesce_t2 returns an error, have it throw a cFYI message that
explains the reason. Also rename some variables to clarify what they
represent.

Reported-and-Tested-by: Konstantinos Skarlatos <k.skarlatos@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
Jeff Layton 2012-01-17 13:49:17 -05:00 committed by Steve French
parent 7250170c9e
commit f5fffcee27
1 changed files with 53 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
fs/cifs/connect.c
View File

@ -225,74 +225,90 @@ static int check2ndT2(struct smb_hdr *pSMB)
static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB) static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
{ {
struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond; struct smb_t2_rsp *pSMBs = (struct smb_t2_rsp *)psecond;
struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB; struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
char *data_area_of_target; char *data_area_of_tgt;
char *data_area_of_buf2; char *data_area_of_src;
int remaining; int remaining;
unsigned int byte_count, total_in_buf; unsigned int byte_count, total_in_tgt;
__u16 total_data_size, total_in_buf2; __u16 tgt_total_cnt, src_total_cnt, total_in_src;
total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount); src_total_cnt = get_unaligned_le16(&pSMBs->t2_rsp.TotalDataCount);
tgt_total_cnt = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
if (total_data_size != if (tgt_total_cnt != src_total_cnt)
get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount)) cFYI(1, "total data count of primary and secondary t2 differ "
cFYI(1, "total data size of primary and secondary t2 differ"); "source=%hu target=%hu", src_total_cnt, tgt_total_cnt);
total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount); total_in_tgt = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
remaining = total_data_size - total_in_buf; remaining = tgt_total_cnt - total_in_tgt;
if (remaining < 0) if (remaining < 0) {
cFYI(1, "Server sent too much data. tgt_total_cnt=%hu "
"total_in_tgt=%hu", tgt_total_cnt, total_in_tgt);
return -EPROTO; return -EPROTO;
if (remaining == 0) /* nothing to do, ignore */
return 0;
total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
if (remaining < total_in_buf2) {
cFYI(1, "transact2 2nd response contains too much data");
} }
if (remaining == 0) {
/* nothing to do, ignore */
cFYI(1, "no more data remains");
return 0;
}
total_in_src = get_unaligned_le16(&pSMBs->t2_rsp.DataCount);
if (remaining < total_in_src)
cFYI(1, "transact2 2nd response contains too much data");
/* find end of first SMB data area */ /* find end of first SMB data area */
data_area_of_target = (char *)&pSMBt->hdr.Protocol + data_area_of_tgt = (char *)&pSMBt->hdr.Protocol +
get_unaligned_le16(&pSMBt->t2_rsp.DataOffset); get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
/* validate target area */ /* validate target area */
data_area_of_src = (char *)&pSMBs->hdr.Protocol +
get_unaligned_le16(&pSMBs->t2_rsp.DataOffset);
data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol + data_area_of_tgt += total_in_tgt;
get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
data_area_of_target += total_in_buf; total_in_tgt += total_in_src;
/* copy second buffer into end of first buffer */
total_in_buf += total_in_buf2;
/* is the result too big for the field? */ /* is the result too big for the field? */
if (total_in_buf > USHRT_MAX) if (total_in_tgt > USHRT_MAX) {
cFYI(1, "coalesced DataCount too large (%u)", total_in_tgt);
return -EPROTO; return -EPROTO;
put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount); }
put_unaligned_le16(total_in_tgt, &pSMBt->t2_rsp.DataCount);
/* fix up the BCC */ /* fix up the BCC */
byte_count = get_bcc(pTargetSMB); byte_count = get_bcc(pTargetSMB);
byte_count += total_in_buf2; byte_count += total_in_src;
/* is the result too big for the field? */ /* is the result too big for the field? */
if (byte_count > USHRT_MAX) if (byte_count > USHRT_MAX) {
cFYI(1, "coalesced BCC too large (%u)", byte_count);
return -EPROTO; return -EPROTO;
}
put_bcc(byte_count, pTargetSMB); put_bcc(byte_count, pTargetSMB);
byte_count = be32_to_cpu(pTargetSMB->smb_buf_length); byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
byte_count += total_in_buf2; byte_count += total_in_src;
/* don't allow buffer to overflow */ /* don't allow buffer to overflow */
if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
cFYI(1, "coalesced BCC exceeds buffer size (%u)", byte_count);
return -ENOBUFS; return -ENOBUFS;
}
pTargetSMB->smb_buf_length = cpu_to_be32(byte_count); pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2); /* copy second buffer into end of first buffer */
memcpy(data_area_of_tgt, data_area_of_src, total_in_src);
if (remaining == total_in_buf2) { if (remaining != total_in_src) {
cFYI(1, "found the last secondary response"); /* more responses to go */
return 0; /* we are done */ cFYI(1, "waiting for more secondary responses");
} else /* more responses to go */
return 1; return 1;
}
/* we are done */
cFYI(1, "found the last secondary response");
return 0;
} }
static void static void