CIFS: Fix too big maxBuf size for SMB3 mounts
SMB3 servers can respond with MaxTransactSize of more than 4M that can cause a memory allocation error returned from kmalloc in a lock codepath. Also the client doesn't support multicredit requests now and allows buffer sizes of 65536 bytes only. Set MaxTransactSize to this maximum supported value. Cc: stable@vger.kernel.org # 3.7+ Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
This commit is contained in:
parent
5d81de8e86
commit
2365c4eaf0
3 changed files with 10 additions and 11 deletions
|
@ -57,4 +57,7 @@
|
|||
#define SMB2_CMACAES_SIZE (16)
|
||||
#define SMB3_SIGNKEY_SIZE (16)
|
||||
|
||||
/* Maximum buffer size value we can send with 1 credit */
|
||||
#define SMB2_MAX_BUFFER_SIZE 65536
|
||||
|
||||
#endif /* _SMB2_GLOB_H */
|
||||
|
|
|
@ -182,11 +182,8 @@ smb2_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
|
|||
/* start with specified wsize, or default */
|
||||
wsize = volume_info->wsize ? volume_info->wsize : CIFS_DEFAULT_IOSIZE;
|
||||
wsize = min_t(unsigned int, wsize, server->max_write);
|
||||
/*
|
||||
* limit write size to 2 ** 16, because we don't support multicredit
|
||||
* requests now.
|
||||
*/
|
||||
wsize = min_t(unsigned int, wsize, 2 << 15);
|
||||
/* set it to the maximum buffer size value we can send with 1 credit */
|
||||
wsize = min_t(unsigned int, wsize, SMB2_MAX_BUFFER_SIZE);
|
||||
|
||||
return wsize;
|
||||
}
|
||||
|
@ -200,11 +197,8 @@ smb2_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *volume_info)
|
|||
/* start with specified rsize, or default */
|
||||
rsize = volume_info->rsize ? volume_info->rsize : CIFS_DEFAULT_IOSIZE;
|
||||
rsize = min_t(unsigned int, rsize, server->max_read);
|
||||
/*
|
||||
* limit write size to 2 ** 16, because we don't support multicredit
|
||||
* requests now.
|
||||
*/
|
||||
rsize = min_t(unsigned int, rsize, 2 << 15);
|
||||
/* set it to the maximum buffer size value we can send with 1 credit */
|
||||
rsize = min_t(unsigned int, rsize, SMB2_MAX_BUFFER_SIZE);
|
||||
|
||||
return rsize;
|
||||
}
|
||||
|
|
|
@ -413,7 +413,9 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
|
|||
|
||||
/* SMB2 only has an extended negflavor */
|
||||
server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
|
||||
server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
|
||||
/* set it to the maximum buffer size value we can send with 1 credit */
|
||||
server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
|
||||
SMB2_MAX_BUFFER_SIZE);
|
||||
server->max_read = le32_to_cpu(rsp->MaxReadSize);
|
||||
server->max_write = le32_to_cpu(rsp->MaxWriteSize);
|
||||
/* BB Do we need to validate the SecurityMode? */
|
||||
|
|
Loading…
Reference in a new issue