diff options
author | Jeff Layton <jlayton@redhat.com> | 2011-01-29 07:02:28 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2011-01-31 04:38:15 +0000 |
commit | 92a4e0f0169498867ecb19c2244510dd4beba149 (patch) | |
tree | 031011d451bf3d19813fbbceabceacfb9ce76db8 /fs/ncpfs/dir.c | |
parent | d804d41d163c0975d2890c82d7135ada7a2f23a4 (diff) | |
download | op-kernel-dev-92a4e0f0169498867ecb19c2244510dd4beba149.zip op-kernel-dev-92a4e0f0169498867ecb19c2244510dd4beba149.tar.gz |
cifs: force a reconnect if there are too many MIDs in flight
Currently, we allow the pending_mid_q to grow without bound with
SIGKILL'ed processes. This could eventually be a DoS'able problem. An
unprivileged user could a process that does a long-running call and then
SIGKILL it.
If he can also intercept the NT_CANCEL calls or the replies from the
server, then the pending_mid_q could grow very large, possibly even to
2^16 entries which might leave GetNextMid in an infinite loop. Fix this
by imposing a hard limit of 32k calls per server. If we cross that
limit, set the tcpStatus to CifsNeedReconnect to force cifsd to
eventually reconnect the socket and clean out the pending_mid_q.
While we're at it, clean up the function a bit and eliminate an
unnecessary NULL pointer check.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/ncpfs/dir.c')
0 files changed, 0 insertions, 0 deletions