[PATCH] CIFS: CIFSSMBRead was returning an invalid pointer in buf on socket error

Thanks to Adrian Bunk for debugging the problem and to Shaggy for
helping find the solution.

Also added a fix for 64K pages we found in loosely-related testing

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 217323b0c8966ae62db2683038adcda6d53dce3b..b41e8b379652b228377f01d1d20bfaa47c3883e8 100644 (file)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1048,13 +1048,14 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon,
                        cifs_small_buf_release(iov[0].iov_base);
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        cifs_buf_release(iov[0].iov_base);
                        cifs_small_buf_release(iov[0].iov_base);
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        cifs_buf_release(iov[0].iov_base);

-       } else /* return buffer to caller to free */ /* BB FIXME how do we tell caller if it is not a large buffer */ {
-               *buf = iov[0].iov_base;
+       } else if(resp_buf_type != CIFS_NO_BUFFER) {
+               /* return buffer to caller to free */ 
+               *buf = iov[0].iov_base;         

                if(resp_buf_type == CIFS_SMALL_BUFFER)
                        *pbuf_type = CIFS_SMALL_BUFFER;
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        *pbuf_type = CIFS_LARGE_BUFFER;
                if(resp_buf_type == CIFS_SMALL_BUFFER)
                        *pbuf_type = CIFS_SMALL_BUFFER;
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        *pbuf_type = CIFS_LARGE_BUFFER;

-       }
+       } /* else no valid buffer on return - leave as null */

 
        /* Note: On -EAGAIN error only caller can retry on handle based calls
                since file handle passed in no longer valid */
 
        /* Note: On -EAGAIN error only caller can retry on handle based calls
                since file handle passed in no longer valid */

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index e488603fb1e77f29c601e7892d6f683d9e43b804..ef5ae6f93c75daa4129128095a0cd0c490d949da 100644 (file)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1795,10 +1795,10 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                           conjunction with 52K kvec constraint on arch with 4K
                           page size  */
 
                           conjunction with 52K kvec constraint on arch with 4K
                           page size  */
 

-               if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
-                       cifs_sb->rsize = PAGE_CACHE_SIZE; 
-                       /* Windows ME does this */
-                       cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
+               if(cifs_sb->rsize < 2048) {
+                       cifs_sb->rsize = 2048; 
+                       /* Windows ME may prefer this */
+                       cFYI(1,("readsize set to minimum 2048"));

                }
                cifs_sb->mnt_uid = volume_info.linux_uid;
                cifs_sb->mnt_gid = volume_info.linux_gid;
                }
                cifs_sb->mnt_uid = volume_info.linux_uid;
                cifs_sb->mnt_gid = volume_info.linux_gid;