Commit 820a803f authored by Jeff Layton's avatar Jeff Layton Committed by Steve French
Browse files

cifs: keep BCC in little-endian format 



This is the same patch as originally posted, just with some merge
conflicts fixed up...

Currently, the ByteCount is usually converted to host-endian on receive.
This is confusing however, as we need to keep two sets of routines for
accessing it, and keep track of when to use each routine. Munging
received packets like this also limits when the signature can be
calulated.

Simplify the code by keeping the received ByteCount in little-endian
format. This allows us to eliminate a set of routines for accessing it
and we can now drop the *_le suffixes from the accessor functions since
that's now implied.

While we're at it, switch all of the places that read the ByteCount
directly to use the get_bcc inline which should also clean up some
unaligned accesses.

Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 0e6e37a7

fs/cifs/cifs_debug.c

+1 −1
Original line number Diff line number Diff line
@@ -63,7 +63,7 @@ void cifs_dump_detail(struct smb_hdr *smb) 
	cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d",

		  smb->Command, smb->Status.CifsError,

		  smb->Flags, smb->Flags2, smb->Mid, smb->Pid);

	cERROR(1, "smb buf %p len %d", smb, smbCalcSize_LE(smb));

	cERROR(1, "smb buf %p len %d", smb, smbCalcSize(smb));

}

fs/cifs/cifspdu.h

+2 −20
Original line number Diff line number Diff line
@@ -435,36 +435,18 @@ struct smb_hdr { 
/* given a pointer to an smb_hdr retrieve the pointer to the byte area */

#define pByteArea(smb_var) (BCC(smb_var) + 2)



/* get the converted ByteCount for a SMB packet and return it */

static inline __u16

get_bcc(struct smb_hdr *hdr)

{

	__u16 *bc_ptr = (__u16 *)BCC(hdr);



	return get_unaligned(bc_ptr);

}



/* get the unconverted ByteCount for a SMB packet and return it */

static inline __u16

get_bcc_le(struct smb_hdr *hdr)

get_bcc(struct smb_hdr *hdr)

{

	__le16 *bc_ptr = (__le16 *)BCC(hdr);



	return get_unaligned_le16(bc_ptr);

}



/* set the ByteCount for a SMB packet in host-byte order */

static inline void

put_bcc(__u16 count, struct smb_hdr *hdr)

{

	__u16 *bc_ptr = (__u16 *)BCC(hdr);



	put_unaligned(count, bc_ptr);

}



/* set the ByteCount for a SMB packet in little-endian */

static inline void

put_bcc_le(__u16 count, struct smb_hdr *hdr)

put_bcc(__u16 count, struct smb_hdr *hdr)

{

	__le16 *bc_ptr = (__le16 *)BCC(hdr);

fs/cifs/cifsproto.h

+0 −1
Original line number Diff line number Diff line
@@ -93,7 +93,6 @@ extern void cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset, 
extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, bool);

extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool);

extern unsigned int smbCalcSize(struct smb_hdr *ptr);

extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);

extern int decode_negTokenInit(unsigned char *security_blob, int length,

			struct TCP_Server_Info *server);

extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len);

fs/cifs/cifssmb.c

+32 −30
Original line number Diff line number Diff line
@@ -582,7 +582,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) 


	if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) &&

		(server->capabilities & CAP_EXTENDED_SECURITY)) {

		count = pSMBr->ByteCount;

		count = get_bcc(&pSMBr->hdr);

		if (count < 16) {

			rc = -EIO;

			goto neg_err_exit;
@@ -736,7 +736,7 @@ CIFSSMBEcho(struct TCP_Server_Info *server) 
	smb->hdr.Tid = 0xffff;

	smb->hdr.WordCount = 1;

	put_unaligned_le16(1, &smb->EchoCount);

	put_bcc_le(1, &smb->hdr);

	put_bcc(1, &smb->hdr);

	smb->Data[0] = 'a';

	inc_rfc1001_len(smb, 3);
@@ -1079,7 +1079,7 @@ PsxCreat: 
	cFYI(1, "copying inode info");

	rc = validate_t2((struct smb_t2_rsp *)pSMBr);



	if (rc || (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP))) {

	if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {

		rc = -EIO;	/* bad smb */

		goto psx_create_err;

	}
@@ -1100,7 +1100,7 @@ PsxCreat: 
		pRetData->Type = cpu_to_le32(-1); /* unknown */

		cFYI(DBG2, "unknown type");

	} else {

		if (pSMBr->ByteCount < sizeof(OPEN_PSX_RSP)

		if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)

					+ sizeof(FILE_UNIX_BASIC_INFO)) {

			cERROR(1, "Open response data too small");

			pRetData->Type = cpu_to_le32(-1);
@@ -1867,7 +1867,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, 
		__u16 data_count;

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < sizeof(struct cifs_posix_lock))) {

		if (rc || get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) {

			rc = -EIO;      /* bad smb */

			goto plk_err_exit;

		}
@@ -2494,7 +2494,7 @@ querySymLinkRetry: 


		rc = validate_t2((struct smb_t2_rsp *)pSMBr);

		/* BB also check enough total bytes returned */

		if (rc || (pSMBr->ByteCount < 2))

		if (rc || get_bcc(&pSMBr->hdr) < 2)

			rc = -EIO;

		else {

			bool is_unicode;
@@ -2576,14 +2576,14 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, 
	} else {		/* decode response */

		__u32 data_offset = le32_to_cpu(pSMBr->DataOffset);

		__u32 data_count = le32_to_cpu(pSMBr->DataCount);

		if ((pSMBr->ByteCount < 2) || (data_offset > 512)) {

		if (get_bcc(&pSMBr->hdr) < 2 || data_offset > 512) {

			/* BB also check enough total bytes returned */

			rc = -EIO;	/* bad smb */

			goto qreparse_out;

		}

		if (data_count && (data_count < 2048)) {

			char *end_of_smb = 2 /* sizeof byte count */ +

				pSMBr->ByteCount + (char *)&pSMBr->ByteCount;

			       get_bcc(&pSMBr->hdr) + (char *)&pSMBr->ByteCount;



			struct reparse_data *reparse_buf =

						(struct reparse_data *)
@@ -2841,8 +2841,8 @@ queryAclRetry: 
		/* decode response */



		rc = validate_t2((struct smb_t2_rsp *)pSMBr);

		if (rc || (pSMBr->ByteCount < 2))

		/* BB also check enough total bytes returned */

		if (rc || get_bcc(&pSMBr->hdr) < 2)

			rc = -EIO;      /* bad smb */

		else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -2991,8 +2991,8 @@ GetExtAttrRetry: 
	} else {

		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);

		if (rc || (pSMBr->ByteCount < 2))

		/* BB also check enough total bytes returned */

		if (rc || get_bcc(&pSMBr->hdr) < 2)

			/* If rc should we check for EOPNOSUPP and

			   disable the srvino flag? or in caller? */

			rc = -EIO;      /* bad smb */
@@ -3067,6 +3067,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, 
	char *end_of_smb;

	__u32 data_count, data_offset, parm_count, parm_offset;

	struct smb_com_ntransact_rsp *pSMBr;

	u16 bcc;



	*pdatalen = 0;

	*pparmlen = 0;
@@ -3076,8 +3077,8 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, 


	pSMBr = (struct smb_com_ntransact_rsp *)buf;



	/* ByteCount was converted from little endian in SendReceive */

	end_of_smb = 2 /* sizeof byte count */ + pSMBr->ByteCount +

	bcc = get_bcc(&pSMBr->hdr);

	end_of_smb = 2 /* sizeof byte count */ + bcc +

			(char *)&pSMBr->ByteCount;



	data_offset = le32_to_cpu(pSMBr->DataOffset);
@@ -3103,7 +3104,7 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, 
			*ppdata, data_count, (data_count + *ppdata),

			end_of_smb, pSMBr);

		return -EINVAL;

	} else if (parm_count + data_count > pSMBr->ByteCount) {

	} else if (parm_count + data_count > bcc) {

		cFYI(1, "parm count and data count larger than SMB");

		return -EINVAL;

	}
@@ -3389,7 +3390,7 @@ QFileInfoRetry: 


		if (rc) /* BB add auto retry on EOPNOTSUPP? */

			rc = -EIO;

		else if (pSMBr->ByteCount < 40)

		else if (get_bcc(&pSMBr->hdr) < 40)

			rc = -EIO;	/* bad smb */

		else if (pFindData) {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -3477,9 +3478,9 @@ QPathInfoRetry: 


		if (rc) /* BB add auto retry on EOPNOTSUPP? */

			rc = -EIO;

		else if (!legacy && (pSMBr->ByteCount < 40))

		else if (!legacy && get_bcc(&pSMBr->hdr) < 40)

			rc = -EIO;	/* bad smb */

		else if (legacy && (pSMBr->ByteCount < 24))

		else if (legacy && get_bcc(&pSMBr->hdr) < 24)

			rc = -EIO;  /* 24 or 26 expected but we do not read

					last field */

		else if (pFindData) {
@@ -3555,7 +3556,7 @@ UnixQFileInfoRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) {

		if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {

			cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n"

				   "Unix Extensions can be disabled on mount "

				   "by specifying the nosfu mount option.");
@@ -3641,7 +3642,7 @@ UnixQPathInfoRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < sizeof(FILE_UNIX_BASIC_INFO))) {

		if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) {

			cERROR(1, "Malformed FILE_UNIX_BASIC_INFO response.\n"

				   "Unix Extensions can be disabled on mount "

				   "by specifying the nosfu mount option.");
@@ -4046,8 +4047,8 @@ GetInodeNumberRetry: 
	} else {

		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);

		if (rc || (pSMBr->ByteCount < 2))

		/* BB also check enough total bytes returned */

		if (rc || get_bcc(&pSMBr->hdr) < 2)

			/* If rc should we check for EOPNOSUPP and

			disable the srvino flag? or in caller? */

			rc = -EIO;      /* bad smb */
@@ -4272,13 +4273,13 @@ getDFSRetry: 
	rc = validate_t2((struct smb_t2_rsp *)pSMBr);



	/* BB Also check if enough total bytes returned? */

	if (rc || (pSMBr->ByteCount < 17)) {

	if (rc || get_bcc(&pSMBr->hdr) < 17) {

		rc = -EIO;      /* bad smb */

		goto GetDFSRefExit;

	}



	cFYI(1, "Decoding GetDFSRefer response BCC: %d  Offset %d",

				pSMBr->ByteCount,

				get_bcc(&pSMBr->hdr),

				le16_to_cpu(pSMBr->t2.DataOffset));



	/* parse returned result into more usable form */
@@ -4344,12 +4345,12 @@ oldQFSInfoRetry: 
	} else {                /* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < 18))

		if (rc || get_bcc(&pSMBr->hdr) < 18)

			rc = -EIO;      /* bad smb */

		else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);

			cFYI(1, "qfsinf resp BCC: %d  Offset %d",

				 pSMBr->ByteCount, data_offset);

				 get_bcc(&pSMBr->hdr), data_offset);



			response_data = (FILE_SYSTEM_ALLOC_INFO *)

				(((char *) &pSMBr->hdr.Protocol) + data_offset);
@@ -4423,7 +4424,7 @@ QFSInfoRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < 24))

		if (rc || get_bcc(&pSMBr->hdr) < 24)

			rc = -EIO;	/* bad smb */

		else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4503,7 +4504,7 @@ QFSAttributeRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < 13)) {

		if (rc || get_bcc(&pSMBr->hdr) < 13) {

			/* BB also check if enough bytes returned */

			rc = -EIO;	/* bad smb */

		} else {
@@ -4574,7 +4575,8 @@ QFSDeviceRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < sizeof(FILE_SYSTEM_DEVICE_INFO)))

		if (rc || get_bcc(&pSMBr->hdr) <

			  sizeof(FILE_SYSTEM_DEVICE_INFO))

			rc = -EIO;	/* bad smb */

		else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4643,7 +4645,7 @@ QFSUnixRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < 13)) {

		if (rc || get_bcc(&pSMBr->hdr) < 13) {

			rc = -EIO;	/* bad smb */

		} else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -4788,7 +4790,7 @@ QFSPosixRetry: 
	} else {		/* decode response */

		rc = validate_t2((struct smb_t2_rsp *)pSMBr);



		if (rc || (pSMBr->ByteCount < 13)) {

		if (rc || get_bcc(&pSMBr->hdr) < 13) {

			rc = -EIO;	/* bad smb */

		} else {

			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
@@ -5517,7 +5519,7 @@ QAllEAsRetry: 
	of these trans2 responses */



	rc = validate_t2((struct smb_t2_rsp *)pSMBr);

	if (rc || (pSMBr->ByteCount < 4)) {

	if (rc || get_bcc(&pSMBr->hdr) < 4) {

		rc = -EIO;	/* bad smb */

		goto QAllEAsOut;

	}

fs/cifs/connect.c

+2 −2
Original line number Diff line number Diff line
@@ -317,12 +317,12 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB) 
	put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);



	/* fix up the BCC */

	byte_count = get_bcc_le(pTargetSMB);

	byte_count = get_bcc(pTargetSMB);

	byte_count += total_in_buf2;

	/* is the result too big for the field? */

	if (byte_count > USHRT_MAX)

		return -EPROTO;

	put_bcc_le(byte_count, pTargetSMB);

	put_bcc(byte_count, pTargetSMB);



	byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);

	byte_count += total_in_buf2;

CRA Git | Maintained and supported by SUSTech CRA and CCSE