blob: 509d6db9d531ec05fbf66e12e1146739d9548bbc [file] [log] [blame]
From 38394161a210f50eea4a705593027e267c61c806 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <>
Date: Thu, 11 Jun 2020 11:21:19 +0900
Subject: [PATCH] smb3: add indatalen that can be a non-zero value to
calculation of credit charge in smb2 ioctl
commit ebf57440ec59a36e1fc5fe91e31d66ae0d1662d0 upstream.
Some of tests in xfstests failed with cifsd kernel server since commit
e80ddeb2f70e. cifsd kernel server validates credit charge from client
by calculating it base on max((InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse)) according to specification.
MS-SMB2 specification describe credit charge calculation of smb2 ioctl :
If Connection.SupportsMultiCredit is TRUE, the server MUST validate
CreditCharge based on the maximum of (InputCount + OutputCount) and
(MaxInputResponse + MaxOutputResponse), as specified in section
If the validation fails, it MUST fail the IOCTL request with
This patch add indatalen that can be a non-zero value to calculation of
credit charge in SMB2_ioctl_init().
Fixes: e80ddeb2f70e ("smb3: fix incorrect number of credits when ioctl
MaxOutputResponse > 64K")
Cc: Stable <>
Reviewed-by: Aurelien Aptel <>
Cc: Steve French <>
Signed-off-by: Namjae Jeon <>
Signed-off-by: Steve French <>
Signed-off-by: Paul Gortmaker <>
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 6e93e8eebc69..bfc8a7d38a8b 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2633,7 +2633,9 @@ SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst,
* response size smaller.
req->MaxOutputResponse = cpu_to_le32(max_response_size);
- req->sync_hdr.CreditCharge = cpu_to_le16(DIV_ROUND_UP(max_response_size, SMB2_MAX_BUFFER_SIZE));
+ req->sync_hdr.CreditCharge =
+ cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
if (is_fsctl)
req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);