summaryrefslogtreecommitdiffstats
path: root/fs/ncpfs/dir.c
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2011-01-29 07:02:28 -0500
committerSteve French <sfrench@us.ibm.com>2011-01-31 04:38:15 +0000
commit92a4e0f0169498867ecb19c2244510dd4beba149 (patch)
tree031011d451bf3d19813fbbceabceacfb9ce76db8 /fs/ncpfs/dir.c
parentd804d41d163c0975d2890c82d7135ada7a2f23a4 (diff)
downloadop-kernel-dev-92a4e0f0169498867ecb19c2244510dd4beba149.zip
op-kernel-dev-92a4e0f0169498867ecb19c2244510dd4beba149.tar.gz
cifs: force a reconnect if there are too many MIDs in flight
Currently, we allow the pending_mid_q to grow without bound with SIGKILL'ed processes. This could eventually be a DoS'able problem. An unprivileged user could a process that does a long-running call and then SIGKILL it. If he can also intercept the NT_CANCEL calls or the replies from the server, then the pending_mid_q could grow very large, possibly even to 2^16 entries which might leave GetNextMid in an infinite loop. Fix this by imposing a hard limit of 32k calls per server. If we cross that limit, set the tcpStatus to CifsNeedReconnect to force cifsd to eventually reconnect the socket and clean out the pending_mid_q. While we're at it, clean up the function a bit and eliminate an unnecessary NULL pointer check. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/ncpfs/dir.c')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud