CIFS: avoid using MID 0xFFFF

commit 03d9a9fe3f3aec508e485dd3dcfa1e99933b4bdb upstream. According to MS-CIFS specification MID 0xFFFF should not be used by the CIFS client, but we actually do. Besides, this has proven to cause races leading to oops between SendReceive2/cifs_demultiplex_thread. On SMB1, MID is a 2 byte value easy to reach in CurrentMid which may conflict with an oplock break notification request coming from server Signed-off-by: N Roberto Bergantinos Corpas <rbergant@redhat.com> Reviewed-by: N Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: N Aurelien Aptel <aaptel@suse.com> Signed-off-by: N Steve French <stfrench@microsoft.com> CC: Stable <stable@vger.kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CIFS: avoid using MID 0xFFFF
commit 03d9a9fe3f3aec508e485dd3dcfa1e99933b4bdb upstream. According to MS-CIFS specification MID 0xFFFF should not be used by the CIFS client, but we actually do. Besides, this has proven to cause races leading to oops between SendReceive2/cifs_demultiplex_thread. On SMB1, MID is a 2 byte value easy to reach in CurrentMid which may conflict with an oplock break notification request coming from server Signed-off-by: N Roberto Bergantinos Corpas <rbergant@redhat.com> Reviewed-by: N Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: N Aurelien Aptel <aaptel@suse.com> Signed-off-by: N Steve French <stfrench@microsoft.com> CC: Stable <stable@vger.kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
71cf8816 · Roberto Bergantinos Corpas · Greg Kroah-Hartman · 42927455 · 71cf8816
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

fs/cifs/smb1ops.c fs/cifs/smb1ops.c +3 -0

未找到文件。
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -183,6 +183,9 @@ cifs_get_next_mid(struct TCP_Server_Info *server)
 	/* we do not want to loop forever */
 	last_mid = cur_mid;
 	cur_mid++;
+	/* avoid 0xFFFF MID */
+	if (cur_mid == 0xffff)
+		cur_mid++;

 	/*
 	 * This nested loop looks more expensive than it is.