[linux-cifs-client] [PATCH] cifs: Fix a kernel BUG with remote OS/2 server (try #3)
Jeff Layton
jlayton at samba.org
Wed Mar 31 03:52:26 MDT 2010
On Wed, 31 Mar 2010 12:00:03 +0530
Suresh Jayaraman <sjayaraman at suse.de> wrote:
> (Please consider for -stable once reviewed and accepted).
>
> While chasing a bug report involving a OS/2 server, I noticed the server sets
> pSMBr->CountHigh to a incorrect value even in case of normal writes. This
> results in 'nbytes' being computed wrongly and triggers a kernel BUG at
> mm/filemap.c.
>
> void iov_iter_advance(struct iov_iter *i, size_t bytes)
> {
> BUG_ON(i->count < bytes); <--- BUG here
>
> Why the server is setting 'CountHigh' is not clear but only does so after
> writing 64k bytes. Though this looks like the server bug, the client side
> crash may not be acceptable.
>
> The workaround is to mask off high 16 bits if the number of bytes written as
> returned by the server is greater than the bytes requested by the client as
> suggested by Jeff Layton.
>
> Cc: Jeff Layton <jlayton at samba.org>
> Signed-off-by: Suresh Jayaraman <sjayaraman at suse.de>
> ---
> fs/cifs/cifssmb.c | 16 ++++++++++++++++
> 1 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> index 7cc7f83..7d8ada8 100644
> --- a/fs/cifs/cifssmb.c
> +++ b/fs/cifs/cifssmb.c
> @@ -1517,6 +1517,14 @@ CIFSSMBWrite(const int xid, struct cifsTconInfo *tcon,
> *nbytes = le16_to_cpu(pSMBr->CountHigh);
> *nbytes = (*nbytes) << 16;
> *nbytes += le16_to_cpu(pSMBr->Count);
> +
> + /*
> + * Mask off high 16 bits when bytes written as returned by the
> + * server is greater than bytes requested by the client. Some
> + * OS/2 servers are known to set incorrect CountHigh values.
> + */
> + if (*nbytes > count)
> + *nbytes &= 0xFFFF;
> }
>
> cifs_buf_release(pSMB);
> @@ -1605,6 +1613,14 @@ CIFSSMBWrite2(const int xid, struct cifsTconInfo *tcon,
> *nbytes = le16_to_cpu(pSMBr->CountHigh);
> *nbytes = (*nbytes) << 16;
> *nbytes += le16_to_cpu(pSMBr->Count);
> +
> + /*
> + * Mask off high 16 bits when bytes written as returned by the
> + * server is greater than bytes requested by the client. OS/2
> + * servers are known to set incorrect CountHigh values.
> + */
> + if (*nbytes > count)
> + *nbytes &= 0xFFFF;
> }
>
> /* cifs_small_buf_release(pSMB); */ /* Freed earlier now in SendReceive2 */
>
Looks good to me.
Reviewed-by: Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list