From 88fada87cd37764b689d72565a75045dfa681e83 Mon Sep 17 00:00:00 2001
From: Steve French <sfrench@us.ibm.com>
Date: Wed, 9 Apr 2008 20:55:31 +0000
Subject: [PATCH] --- yaml --- r: 92945 b: refs/heads/master c:
 cce246ee5f3c7f4d3539ea41d13feb7a07859145 h: refs/heads/master i:   92943:
 39312c27e6a0783cfed0186fa9adcf71acba7b0e v: v3

---
 [refs]                  |  2 +-
 trunk/fs/cifs/cifsacl.c | 14 ++++++++------
 trunk/fs/cifs/cifsacl.h |  1 +
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/[refs] b/[refs]
index ef0073ee3076..08100e39898a 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 35028d71116926008f5c19b8fcb00aacaabf5eab
+refs/heads/master: cce246ee5f3c7f4d3539ea41d13feb7a07859145
diff --git a/trunk/fs/cifs/cifsacl.c b/trunk/fs/cifs/cifsacl.c
index 1cb5b0a9f2ac..e99d4faf5f02 100644
--- a/trunk/fs/cifs/cifsacl.c
+++ b/trunk/fs/cifs/cifsacl.c
@@ -516,7 +516,7 @@ static int parse_sec_desc(struct cifs_ntsd *pntsd, int acl_len,
 
 /* Convert permission bits from mode to equivalent CIFS ACL */
 static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
-				int acl_len, struct inode *inode, __u64 nmode)
+				struct inode *inode, __u64 nmode)
 {
 	int rc = 0;
 	__u32 dacloffset;
@@ -692,14 +692,14 @@ void acl_to_uid_mode(struct inode *inode, const char *path, const __u16 *pfid)
 int mode_to_acl(struct inode *inode, const char *path, __u64 nmode)
 {
 	int rc = 0;
-	__u32 acllen = 0;
+	__u32 secdesclen = 0;
 	struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */
 	struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */
 
 	cFYI(DBG2, ("set ACL from mode for %s", path));
 
 	/* Get the security descriptor */
-	pntsd = get_cifs_acl(&acllen, inode, path, NULL);
+	pntsd = get_cifs_acl(&secdesclen, inode, path, NULL);
 
 	/* Add three ACEs for owner, group, everyone getting rid of
 	   other ACEs as chmod disables ACEs and set the security descriptor */
@@ -709,20 +709,22 @@ int mode_to_acl(struct inode *inode, const char *path, __u64 nmode)
 		   set security descriptor request security descriptor
 		   parameters, and secuirty descriptor itself */
 
-		pnntsd = kmalloc(acllen, GFP_KERNEL);
+		secdesclen = secdesclen < DEFSECDESCLEN ?
+					DEFSECDESCLEN : secdesclen;
+		pnntsd = kmalloc(secdesclen, GFP_KERNEL);
 		if (!pnntsd) {
 			cERROR(1, ("Unable to allocate security descriptor"));
 			kfree(pntsd);
 			return (-ENOMEM);
 		}
 
-		rc = build_sec_desc(pntsd, pnntsd, acllen, inode, nmode);
+		rc = build_sec_desc(pntsd, pnntsd, inode, nmode);
 
 		cFYI(DBG2, ("build_sec_desc rc: %d", rc));
 
 		if (!rc) {
 			/* Set the security descriptor */
-			rc = set_cifs_acl(pnntsd, acllen, inode, path);
+			rc = set_cifs_acl(pnntsd, secdesclen, inode, path);
 			cFYI(DBG2, ("set_cifs_acl rc: %d", rc));
 		}
 
diff --git a/trunk/fs/cifs/cifsacl.h b/trunk/fs/cifs/cifsacl.h
index 93a7c3462ea2..6c8096cf5155 100644
--- a/trunk/fs/cifs/cifsacl.h
+++ b/trunk/fs/cifs/cifsacl.h
@@ -27,6 +27,7 @@
 #define NUM_SUBAUTHS 5 /* number of sub authority fields */
 #define NUM_WK_SIDS 7 /* number of well known sids */
 #define SIDNAMELENGTH 20 /* long enough for the ones we care about */
+#define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */
 
 #define READ_BIT        0x4
 #define WRITE_BIT       0x2