diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2019-03-28 14:32:06 +0100 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2019-03-28 14:32:06 +0100 |
commit | 32aca03c2ce868d3412da0bb6ce6798c7bea357e (patch) | |
tree | 01630dc4a6935df99bf7d11d34ff8d384fed86e2 /fs/cifs/smb2file.c | |
parent | cfbbc7703fff59c67761c93a8b1de29a79f9841c (diff) | |
parent | 60771fc402877163d07569addadcf18b86acb455 (diff) |
Merge tag 'v4.9.166' into 4.9-2.3.x-imx
This is the 4.9.166 stable release
Diffstat (limited to 'fs/cifs/smb2file.c')
-rw-r--r-- | fs/cifs/smb2file.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/fs/cifs/smb2file.c b/fs/cifs/smb2file.c index b2aff0c6f22c..dee5250701de 100644 --- a/fs/cifs/smb2file.c +++ b/fs/cifs/smb2file.c @@ -123,12 +123,14 @@ smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock, /* * Accessing maxBuf is racy with cifs_reconnect - need to store value - * and check it for zero before using. + * and check it before using. */ max_buf = tcon->ses->server->maxBuf; - if (!max_buf) + if (max_buf < sizeof(struct smb2_lock_element)) return -EINVAL; + BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE); + max_buf = min_t(unsigned int, max_buf, PAGE_SIZE); max_num = max_buf / sizeof(struct smb2_lock_element); buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL); if (!buf) @@ -265,6 +267,8 @@ smb2_push_mandatory_locks(struct cifsFileInfo *cfile) return -EINVAL; } + BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE); + max_buf = min_t(unsigned int, max_buf, PAGE_SIZE); max_num = max_buf / sizeof(struct smb2_lock_element); buf = kcalloc(max_num, sizeof(struct smb2_lock_element), GFP_KERNEL); if (!buf) { |