CIFS: Fix too big maxBuf size for SMB3 mounts

commit 2365c4ea upstream. SMB3 servers can respond with MaxTransactSize of more than 4M that can cause a memory allocation error returned from kmalloc in a lock codepath. Also the client doesn't support multicredit requests now and allows buffer sizes of 65536 bytes only. Set MaxTransactSize to this maximum supported value. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CIFS: Fix too big maxBuf size for SMB3 mounts
commit 2365c4ea upstream. SMB3 servers can respond with MaxTransactSize of more than 4M that can cause a memory allocation error returned from kmalloc in a lock codepath. Also the client doesn't support multicredit requests now and allows buffer sizes of 65536 bytes only. Set MaxTransactSize to this maximum supported value. Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
32c36d88 · Pavel Shilovsky · Greg Kroah-Hartman · 9f0afafe · 32c36d88 · 32c36d88
Commit 32c36d88 authored Feb 14, 2014 by Pavel Shilovsky Committed by Greg Kroah-Hartman Mar 06, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 10 deletions

fs/cifs/smb2glob.h fs/cifs/smb2glob.h +3 -0

fs/cifs/smb2ops.c fs/cifs/smb2ops.c +4 -10

fs/cifs/smb2pdu.c fs/cifs/smb2pdu.c +3 -0

No files found.
--- a/fs/cifs/smb2glob.h
+++ b/fs/cifs/smb2glob.h
@@ -55,4 +55,7 @@
 #define SMB2_NTLMV2_SESSKEY_SIZE (16)
 #define SMB2_HMACSHA256_SIZE (32)
+/* Maximum buffer size value we can send with 1 credit */
+#define SMB2_MAX_BUFFER_SIZE 65536
 #endif	/* _SMB2_GLOB_H */
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -181,11 +181,8 @@ smb2_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
 	/* start with specified wsize, or default */
 	wsize = volume_info->wsize ? volume_info->wsize : CIFS_DEFAULT_IOSIZE;
 	wsize = min_t(unsigned int, wsize, server->max_write);
-	/*
+	/* set it to the maximum buffer size value we can send with 1 credit */
-	 * limit write size to 2 ** 16, because we don't support multicredit
+	wsize = min_t(unsigned int, wsize, SMB2_MAX_BUFFER_SIZE);
-	 * requests now.
-	 */
-	wsize = min_t(unsigned int, wsize, 2 << 15);
 	return wsize;
 }
@@ -199,11 +196,8 @@ smb2_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
 	/* start with specified rsize, or default */
 	rsize = volume_info->rsize ? volume_info->rsize : CIFS_DEFAULT_IOSIZE;
 	rsize = min_t(unsigned int, rsize, server->max_read);
-	/*
+	/* set it to the maximum buffer size value we can send with 1 credit */
-	 * limit write size to 2 ** 16, because we don't support multicredit
+	rsize = min_t(unsigned int, rsize, SMB2_MAX_BUFFER_SIZE);
-	 * requests now.
-	 */
-	rsize = min_t(unsigned int, rsize, 2 << 15);
 	return rsize;
 }

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -408,6 +408,9 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 	server->dialect = le16_to_cpu(rsp->DialectRevision);
 	server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
+	/* set it to the maximum buffer size value we can send with 1 credit */
+	server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
+			       SMB2_MAX_BUFFER_SIZE);
 	server->max_read = le32_to_cpu(rsp->MaxReadSize);
 	server->max_write = le32_to_cpu(rsp->MaxWriteSize);
 	/* BB Do we need to validate the SecurityMode? */