+1 -1

fs/smb/client/cached_dir.c

reviewed

··· 176 176 server = cifs_pick_channel(ses); 177 177 178 178 if (!server->ops->new_lease_key) 179 179 - return -EIO; 179 179 + return smb_EIO(smb_eio_trace_no_lease_key); 180 180 181 181 utf16_path = cifs_convert_path_to_utf16(path, cifs_sb); 182 182 if (!utf16_path)

+7 -7

fs/smb/client/cifs_debug.c

reviewed

··· 37 37 data, length, true); 38 38 } 39 39 40 40 - void cifs_dump_detail(void *buf, struct TCP_Server_Info *server) 40 40 + void cifs_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server) 41 41 { 42 42 #ifdef CONFIG_CIFS_DEBUG2 43 43 struct smb_hdr *smb = buf; ··· 45 45 cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d Wct: %d\n", 46 46 smb->Command, smb->Status.CifsError, smb->Flags, 47 47 smb->Flags2, smb->Mid, smb->Pid, smb->WordCount); 48 48 - if (!server->ops->check_message(buf, server->total_read, server)) { 48 48 + if (!server->ops->check_message(buf, buf_len, server->total_read, server)) { 49 49 cifs_dbg(VFS, "smb buf %p len %u\n", smb, 50 50 server->ops->calc_smb_size(smb)); 51 51 } ··· 79 79 cifs_dbg(VFS, "IsMult: %d IsEnd: %d\n", 80 80 mid_entry->multiRsp, mid_entry->multiEnd); 81 81 if (mid_entry->resp_buf) { 82 82 - cifs_dump_detail(mid_entry->resp_buf, server); 83 83 - cifs_dump_mem("existing buf: ", 84 84 - mid_entry->resp_buf, 62); 82 82 + cifs_dump_detail(mid_entry->resp_buf, 83 83 + mid_entry->response_pdu_len, server); 84 84 + cifs_dump_mem("existing buf: ", mid_entry->resp_buf, 62); 85 85 } 86 86 } 87 87 spin_unlock(&server->mid_queue_lock); ··· 1318 1318 }; 1319 1319 1320 1320 #else 1321 1321 - inline void cifs_proc_init(void) 1321 1321 + void cifs_proc_init(void) 1322 1322 { 1323 1323 } 1324 1324 1325 1325 - inline void cifs_proc_clean(void) 1325 1325 + void cifs_proc_clean(void) 1326 1326 { 1327 1327 } 1328 1328 #endif /* PROC_FS */

+3 -3

fs/smb/client/cifs_debug.h

reviewed

··· 15 15 #define pr_fmt(fmt) "CIFS: " fmt 16 16 17 17 void cifs_dump_mem(char *label, void *data, int length); 18 18 - void cifs_dump_detail(void *buf, struct TCP_Server_Info *ptcp_info); 19 19 - void cifs_dump_mids(struct TCP_Server_Info *); 18 18 + void cifs_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server); 19 19 + void cifs_dump_mids(struct TCP_Server_Info *server); 20 20 extern bool traceSMB; /* flag which enables the function below */ 21 21 - void dump_smb(void *, int); 21 21 + void dump_smb(void *buf, int smb_buf_length); 22 22 #define CIFS_INFO 0x01 23 23 #define CIFS_RC 0x02 24 24 #define CIFS_TIMER 0x04

+1

fs/smb/client/cifs_spnego.c

reviewed

··· 159 159 cifs_dbg(FYI, "key description = %s\n", description); 160 160 scoped_with_creds(spnego_cred) 161 161 spnego_key = request_key(&cifs_spnego_key_type, description, ""); 162 162 + trace_smb3_kerberos_auth(server, sesInfo, PTR_ERR_OR_ZERO(spnego_key)); 162 163 163 164 #ifdef CONFIG_CIFS_DEBUG2 164 165 if (cifsFYI && !IS_ERR(spnego_key)) {

-2

fs/smb/client/cifs_spnego.h

reviewed

··· 27 27 uint8_t data[]; 28 28 }; 29 29 30 30 - #ifdef __KERNEL__ 31 30 extern struct key_type cifs_spnego_key_type; 32 31 extern struct key *cifs_get_spnego_key(struct cifs_ses *sesInfo, 33 32 struct TCP_Server_Info *server); 34 34 - #endif /* KERNEL */ 35 33 36 34 #endif /* _CIFS_SPNEGO_H */

-3

fs/smb/client/cifs_unicode.h

reviewed

··· 54 54 #define SFM_MAP_UNI_RSVD 1 55 55 #define SFU_MAP_UNI_RSVD 2 56 56 57 57 - #ifdef __KERNEL__ 58 57 int cifs_from_utf16(char *to, const __le16 *from, int tolen, int fromlen, 59 58 const struct nls_table *cp, int map_type); 60 59 int cifs_utf16_bytes(const __le16 *from, int maxbytes, ··· 68 69 extern __le16 *cifs_strndup_to_utf16(const char *src, const int maxlen, 69 70 int *utf16_len, const struct nls_table *cp, 70 71 int remap); 71 71 - #endif 72 72 - 73 72 wchar_t cifs_toupper(wchar_t in); 74 73 75 74 #endif /* _CIFS_UNICODE_H */

+6 -4

fs/smb/client/cifsacl.c

reviewed

··· 300 300 __func__, sidtype == SIDOWNER ? 'u' : 'g', cid); 301 301 goto out_revert_creds; 302 302 } else if (sidkey->datalen < CIFS_SID_BASE_SIZE) { 303 303 - rc = -EIO; 303 303 + rc = smb_EIO1(smb_eio_trace_malformed_sid_key, sidkey->datalen); 304 304 cifs_dbg(FYI, "%s: Downcall contained malformed key (datalen=%hu)\n", 305 305 __func__, sidkey->datalen); 306 306 goto invalidate_key; ··· 317 317 318 318 ksid_size = CIFS_SID_BASE_SIZE + (ksid->num_subauth * sizeof(__le32)); 319 319 if (ksid_size > sidkey->datalen) { 320 320 - rc = -EIO; 320 320 + rc = smb_EIO2(smb_eio_trace_malformed_ksid_key, 321 321 + ksid_size, sidkey->datalen); 321 322 cifs_dbg(FYI, "%s: Downcall contained malformed key (datalen=%hu, ksid_size=%u)\n", 322 323 __func__, sidkey->datalen, ksid_size); 323 324 goto invalidate_key; ··· 353 352 if (unlikely(psid->num_subauth > SID_MAX_SUB_AUTHORITIES)) { 354 353 cifs_dbg(FYI, "%s: %u subauthorities is too many!\n", 355 354 __func__, psid->num_subauth); 356 356 - return -EIO; 355 355 + return smb_EIO2(smb_eio_trace_sid_too_many_auth, 356 356 + psid->num_subauth, SID_MAX_SUB_AUTHORITIES); 357 357 } 358 358 359 359 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) || ··· 1229 1227 __u32 dacloffset; 1230 1228 1231 1229 if (pntsd == NULL) 1232 1232 - return -EIO; 1230 1230 + return smb_EIO(smb_eio_trace_null_pointers); 1233 1231 1234 1232 owner_sid_ptr = (struct smb_sid *)((char *)pntsd + 1235 1233 le32_to_cpu(pntsd->osidoffset));

+18 -63

fs/smb/client/cifsencrypt.c

reviewed

··· 75 75 struct cifs_calc_sig_ctx *ctx) 76 76 { 77 77 struct iov_iter tmp_iter = *iter; 78 78 - int err = -EIO; 78 78 + size_t did; 79 79 + int err; 79 80 80 80 - if (iterate_and_advance_kernel(&tmp_iter, maxsize, ctx, &err, 81 81 - cifs_sig_step) != maxsize) 82 82 - return err; 81 81 + did = iterate_and_advance_kernel(&tmp_iter, maxsize, ctx, &err, 82 82 + cifs_sig_step); 83 83 + if (did != maxsize) 84 84 + return smb_EIO2(smb_eio_trace_sig_iter, did, maxsize); 83 85 return 0; 84 86 } 85 87 86 88 int __cifs_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 87 89 char *signature, struct cifs_calc_sig_ctx *ctx) 88 90 { 89 89 - int i; 91 91 + struct iov_iter iter; 90 92 ssize_t rc; 91 91 - struct kvec *iov = rqst->rq_iov; 92 92 - int n_vec = rqst->rq_nvec; 93 93 + size_t size = 0; 93 94 94 94 - /* iov[0] is actual data and not the rfc1002 length for SMB2+ */ 95 95 - if (!is_smb1(server)) { 96 96 - if (iov[0].iov_len <= 4) 97 97 - return -EIO; 98 98 - i = 0; 99 99 - } else { 100 100 - if (n_vec < 2 || iov[0].iov_len != 4) 101 101 - return -EIO; 102 102 - i = 1; /* skip rfc1002 length */ 103 103 - } 95 95 + for (int i = 0; i < rqst->rq_nvec; i++) 96 96 + size += rqst->rq_iov[i].iov_len; 104 97 105 105 - for (; i < n_vec; i++) { 106 106 - if (iov[i].iov_len == 0) 107 107 - continue; 108 108 - if (iov[i].iov_base == NULL) { 109 109 - cifs_dbg(VFS, "null iovec entry\n"); 110 110 - return -EIO; 111 111 - } 98 98 + iov_iter_kvec(&iter, ITER_SOURCE, rqst->rq_iov, rqst->rq_nvec, size); 112 99 113 113 - rc = cifs_sig_update(ctx, iov[i].iov_base, iov[i].iov_len); 114 114 - if (rc) { 115 115 - cifs_dbg(VFS, "%s: Could not update with payload\n", 116 116 - __func__); 117 117 - return rc; 118 118 - } 119 119 - } 100 100 + if (iov_iter_count(&iter) <= 4) 101 101 + return smb_EIO2(smb_eio_trace_sig_data_too_small, 102 102 + iov_iter_count(&iter), 4); 103 103 + 104 104 + rc = cifs_sig_iter(&iter, iov_iter_count(&iter), ctx); 105 105 + if (rc < 0) 106 106 + return rc; 120 107 121 108 rc = cifs_sig_iter(&rqst->rq_iter, iov_iter_count(&rqst->rq_iter), ctx); 122 109 if (rc < 0) ··· 152 165 char smb_signature[20]; 153 166 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 154 167 155 155 - if (rqst->rq_iov[0].iov_len != 4 || 156 156 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 157 157 - return -EIO; 158 158 - 159 168 if ((cifs_pdu == NULL) || (server == NULL)) 160 169 return -EINVAL; 161 170 ··· 184 201 return rc; 185 202 } 186 203 187 187 - int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, 188 188 - __u32 *pexpected_response_sequence) 189 189 - { 190 190 - struct smb_rqst rqst = { .rq_iov = iov, 191 191 - .rq_nvec = n_vec }; 192 192 - 193 193 - return cifs_sign_rqst(&rqst, server, pexpected_response_sequence); 194 194 - } 195 195 - 196 196 - /* must be called with server->srv_mutex held */ 197 197 - int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, 198 198 - __u32 *pexpected_response_sequence_number) 199 199 - { 200 200 - struct kvec iov[2]; 201 201 - 202 202 - iov[0].iov_base = cifs_pdu; 203 203 - iov[0].iov_len = 4; 204 204 - iov[1].iov_base = (char *)cifs_pdu + 4; 205 205 - iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length); 206 206 - 207 207 - return cifs_sign_smbv(iov, 2, server, 208 208 - pexpected_response_sequence_number); 209 209 - } 210 210 - 211 204 int cifs_verify_signature(struct smb_rqst *rqst, 212 205 struct TCP_Server_Info *server, 213 206 __u32 expected_sequence_number) ··· 192 233 char server_response_sig[8]; 193 234 char what_we_think_sig_should_be[20]; 194 235 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 195 195 - 196 196 - if (rqst->rq_iov[0].iov_len != 4 || 197 197 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 198 198 - return -EIO; 199 236 200 237 if (cifs_pdu == NULL || server == NULL) 201 238 return -EINVAL;

+6 -7

fs/smb/client/cifsfs.c

reviewed

··· 28 28 #include <linux/splice.h> 29 29 #include <linux/uuid.h> 30 30 #include <linux/xattr.h> 31 31 + #include <linux/mm.h> 32 32 + #include <linux/key-type.h> 31 33 #include <uapi/linux/magic.h> 32 34 #include <net/ipv6.h> 33 35 #include "cifsfs.h" ··· 37 35 #define DECLARE_GLOBALS_HERE 38 36 #include "cifsglob.h" 39 37 #include "cifsproto.h" 38 38 + #include "smb2proto.h" 40 39 #include "cifs_debug.h" 41 40 #include "cifs_fs_sb.h" 42 42 - #include <linux/mm.h> 43 43 - #include <linux/key-type.h> 44 41 #include "cifs_spnego.h" 45 42 #include "fscache.h" 46 43 #ifdef CONFIG_CIFS_DFS_UPCALL ··· 443 442 static struct kmem_cache *cifs_io_subrequest_cachep; 444 443 mempool_t *cifs_sm_req_poolp; 445 444 mempool_t *cifs_req_poolp; 446 446 - mempool_t *cifs_mid_poolp; 445 445 + mempool_t cifs_mid_pool; 447 446 mempool_t cifs_io_request_pool; 448 447 mempool_t cifs_io_subrequest_pool; 449 448 ··· 1017 1016 } else { 1018 1017 cifs_info("Attempting to mount %s\n", old_ctx->source); 1019 1018 } 1020 1020 - 1021 1019 cifs_sb = kzalloc(sizeof(*cifs_sb), GFP_KERNEL); 1022 1020 if (!cifs_sb) 1023 1021 return ERR_PTR(-ENOMEM); ··· 1847 1847 return -ENOMEM; 1848 1848 1849 1849 /* 3 is a reasonable minimum number of simultaneous operations */ 1850 1850 - cifs_mid_poolp = mempool_create_slab_pool(3, cifs_mid_cachep); 1851 1851 - if (cifs_mid_poolp == NULL) { 1850 1850 + if (mempool_init_slab_pool(&cifs_mid_pool, 3, cifs_mid_cachep) < 0) { 1852 1851 kmem_cache_destroy(cifs_mid_cachep); 1853 1852 return -ENOMEM; 1854 1853 } ··· 1857 1858 1858 1859 static void destroy_mids(void) 1859 1860 { 1860 1860 - mempool_destroy(cifs_mid_poolp); 1861 1861 + mempool_exit(&cifs_mid_pool); 1861 1862 kmem_cache_destroy(cifs_mid_cachep); 1862 1863 } 1863 1864

+58 -114

fs/smb/client/cifsglob.h

reviewed

··· 311 311 struct cifs_credits; 312 312 313 313 struct smb_version_operations { 314 314 - int (*send_cancel)(struct TCP_Server_Info *, struct smb_rqst *, 315 315 - struct mid_q_entry *); 314 314 + int (*send_cancel)(struct cifs_ses *ses, struct TCP_Server_Info *server, 315 315 + struct smb_rqst *rqst, struct mid_q_entry *mid, 316 316 + unsigned int xid); 316 317 bool (*compare_fids)(struct cifsFileInfo *, struct cifsFileInfo *); 317 318 /* setup request: allocate mid, sign message */ 318 319 struct mid_q_entry *(*setup_request)(struct cifs_ses *, ··· 347 346 /* map smb to linux error */ 348 347 int (*map_error)(char *, bool); 349 348 /* find mid corresponding to the response message */ 350 350 - struct mid_q_entry * (*find_mid)(struct TCP_Server_Info *, char *); 351 351 - void (*dump_detail)(void *buf, struct TCP_Server_Info *ptcp_info); 349 349 + struct mid_q_entry *(*find_mid)(struct TCP_Server_Info *server, char *buf); 350 350 + void (*dump_detail)(void *buf, size_t buf_len, struct TCP_Server_Info *ptcp_info); 352 351 void (*clear_stats)(struct cifs_tcon *); 353 352 void (*print_stats)(struct seq_file *m, struct cifs_tcon *); 354 353 void (*dump_share_caps)(struct seq_file *, struct cifs_tcon *); 355 354 /* verify the message */ 356 356 - int (*check_message)(char *, unsigned int, struct TCP_Server_Info *); 355 355 + int (*check_message)(char *buf, unsigned int pdu_len, unsigned int len, 356 356 + struct TCP_Server_Info *server); 357 357 bool (*is_oplock_break)(char *, struct TCP_Server_Info *); 358 358 int (*handle_cancelled_mid)(struct mid_q_entry *, struct TCP_Server_Info *); 359 359 void (*downgrade_oplock)(struct TCP_Server_Info *server, ··· 638 636 639 637 #define HEADER_SIZE(server) (server->vals->header_size) 640 638 #define MAX_HEADER_SIZE(server) (server->vals->max_header_size) 641 641 - #define HEADER_PREAMBLE_SIZE(server) (server->vals->header_preamble_size) 642 642 - #define MID_HEADER_SIZE(server) (HEADER_SIZE(server) - 1 - HEADER_PREAMBLE_SIZE(server)) 639 639 + #define MID_HEADER_SIZE(server) (HEADER_SIZE(server) - 1) 643 640 644 641 /** 645 642 * CIFS superblock mount flags (mnt_cifs_flags) to consider when ··· 745 744 struct session_key session_key; 746 745 unsigned long lstrp; /* when we got last response from this server */ 747 746 unsigned long neg_start; /* when negotiate started (jiffies) */ 747 747 + unsigned long reconn_delay; /* when resched session and tcon reconnect */ 748 748 struct cifs_secmech secmech; /* crypto sec mech functs, descriptors */ 749 749 #define CIFS_NEGFLAVOR_UNENCAP 1 /* wct == 17, but no ext_sec */ 750 750 #define CIFS_NEGFLAVOR_EXTENDED 2 /* wct == 17, ext_sec bit set */ ··· 834 832 char dns_dom[CIFS_MAX_DOMAINNAME_LEN + 1]; 835 833 }; 836 834 837 837 - static inline bool is_smb1(struct TCP_Server_Info *server) 835 835 + static inline bool is_smb1(const struct TCP_Server_Info *server) 838 836 { 839 839 - return HEADER_PREAMBLE_SIZE(server) != 0; 837 837 + return server->vals->protocol_id == SMB10_PROT_ID; 840 838 } 841 839 842 840 static inline void cifs_server_lock(struct TCP_Server_Info *server) ··· 975 973 * of kvecs to handle the receive, though that should only need to be done 976 974 * once. 977 975 */ 978 978 - #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4) 979 979 - #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4) 976 976 + #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ)) 977 977 + #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP)) 980 978 981 979 /* 982 980 * When the server doesn't allow large posix writes, only allow a rsize/wsize 983 981 * of 2^17-1 minus the size of the call header. That allows for a read or 984 982 * write up to the maximum size described by RFC1002. 985 983 */ 986 986 - #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4) 987 987 - #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4) 984 984 + #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ)) 985 985 + #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP)) 988 986 989 987 /* 990 988 * Windows only supports a max of 60kb reads and 65535 byte writes. Default to ··· 1661 1659 * Returns zero on a successful receive, or an error. The receive state in 1662 1660 * the TCP_Server_Info will also be updated. 1663 1661 */ 1664 1664 - typedef int (mid_receive_t)(struct TCP_Server_Info *server, 1662 1662 + typedef int (*mid_receive_t)(struct TCP_Server_Info *server, 1665 1663 struct mid_q_entry *mid); 1666 1664 1667 1665 /* ··· 1672 1670 * - it will be called by cifsd, with no locks held 1673 1671 * - the mid will be removed from any lists 1674 1672 */ 1675 1675 - typedef void (mid_callback_t)(struct mid_q_entry *mid); 1673 1673 + typedef void (*mid_callback_t)(struct TCP_Server_Info *srv, struct mid_q_entry *mid); 1676 1674 1677 1675 /* 1678 1676 * This is the protopyte for mid handle function. This is called once the mid 1679 1677 * has been recognized after decryption of the message. 1680 1678 */ 1681 1681 - typedef int (mid_handle_t)(struct TCP_Server_Info *server, 1679 1679 + typedef int (*mid_handle_t)(struct TCP_Server_Info *server, 1682 1680 struct mid_q_entry *mid); 1683 1681 1684 1682 /* one of these for every pending CIFS request to the server */ 1685 1683 struct mid_q_entry { 1686 1684 struct list_head qhead; /* mids waiting on reply from this server */ 1687 1687 - struct kref refcount; 1688 1688 - struct TCP_Server_Info *server; /* server corresponding to this mid */ 1685 1685 + refcount_t refcount; 1689 1686 __u64 mid; /* multiplex id */ 1690 1687 __u16 credits; /* number of credits consumed by this mid */ 1691 1688 __u16 credits_received; /* number of credits from the response */ 1692 1689 __u32 pid; /* process id */ 1693 1690 __u32 sequence_number; /* for CIFS signing */ 1691 1691 + unsigned int sr_flags; /* Flags passed to send_recv() */ 1694 1692 unsigned long when_alloc; /* when mid was created */ 1695 1693 #ifdef CONFIG_CIFS_STATS2 1696 1694 unsigned long when_sent; /* time when smb send finished */ 1697 1695 unsigned long when_received; /* when demux complete (taken off wire) */ 1698 1696 #endif 1699 1699 - mid_receive_t *receive; /* call receive callback */ 1700 1700 - mid_callback_t *callback; /* call completion callback */ 1701 1701 - mid_handle_t *handle; /* call handle mid callback */ 1697 1697 + mid_receive_t receive; /* call receive callback */ 1698 1698 + mid_callback_t callback; /* call completion callback */ 1699 1699 + mid_handle_t handle; /* call handle mid callback */ 1702 1700 void *callback_data; /* general purpose pointer for callback */ 1703 1701 struct task_struct *creator; 1704 1702 void *resp_buf; /* pointer to received SMB header */ 1705 1703 unsigned int resp_buf_size; 1704 1704 + u32 response_pdu_len; 1706 1705 int mid_state; /* wish this were enum but can not pass to wait_event */ 1707 1706 int mid_rc; /* rc for MID_RC */ 1708 1707 __le16 command; /* smb command code */ ··· 1902 1899 #define CIFS_TRANSFORM_REQ 0x0800 /* transform request before sending */ 1903 1900 #define CIFS_NO_SRV_RSP 0x1000 /* there is no server response */ 1904 1901 #define CIFS_COMPRESS_REQ 0x4000 /* compress request before sending */ 1902 1902 + #define CIFS_INTERRUPTIBLE_WAIT 0x8000 /* Interruptible wait (e.g. lock request) */ 1903 1903 + #define CIFS_WINDOWS_LOCK 0x10000 /* We're trying to get a Windows lock */ 1905 1904 1906 1905 /* Security Flags: indicate type of session setup needed */ 1907 1906 #define CIFSSEC_MAY_SIGN 0x00001 ··· 2109 2104 2110 2105 extern mempool_t *cifs_sm_req_poolp; 2111 2106 extern mempool_t *cifs_req_poolp; 2112 2112 - extern mempool_t *cifs_mid_poolp; 2107 2107 + extern mempool_t cifs_mid_pool; 2113 2108 extern mempool_t cifs_io_request_pool; 2114 2109 extern mempool_t cifs_io_subrequest_pool; 2115 2110 ··· 2119 2114 extern struct smb_version_values smb1_values; 2120 2115 extern struct smb_version_operations smb20_operations; 2121 2116 extern struct smb_version_values smb20_values; 2122 2122 - #endif /* CIFS_ALLOW_INSECURE_LEGACY */ 2117 2117 + #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 2123 2118 extern struct smb_version_operations smb21_operations; 2124 2119 extern struct smb_version_values smb21_values; 2125 2120 extern struct smb_version_values smbdefault_values; ··· 2207 2202 dst->FileNameLength = src->FileNameLength; 2208 2203 } 2209 2204 2210 2210 - static inline int cifs_get_num_sgs(const struct smb_rqst *rqst, 2211 2211 - int num_rqst, 2212 2212 - const u8 *sig) 2213 2213 - { 2214 2214 - unsigned int len, skip; 2215 2215 - unsigned int nents = 0; 2216 2216 - unsigned long addr; 2217 2217 - size_t data_size; 2218 2218 - int i, j; 2219 2219 - 2220 2220 - /* 2221 2221 - * The first rqst has a transform header where the first 20 bytes are 2222 2222 - * not part of the encrypted blob. 2223 2223 - */ 2224 2224 - skip = 20; 2225 2225 - 2226 2226 - /* Assumes the first rqst has a transform header as the first iov. 2227 2227 - * I.e. 2228 2228 - * rqst[0].rq_iov[0] is transform header 2229 2229 - * rqst[0].rq_iov[1+] data to be encrypted/decrypted 2230 2230 - * rqst[1+].rq_iov[0+] data to be encrypted/decrypted 2231 2231 - */ 2232 2232 - for (i = 0; i < num_rqst; i++) { 2233 2233 - data_size = iov_iter_count(&rqst[i].rq_iter); 2234 2234 - 2235 2235 - /* We really don't want a mixture of pinned and unpinned pages 2236 2236 - * in the sglist. It's hard to keep track of which is what. 2237 2237 - * Instead, we convert to a BVEC-type iterator higher up. 2238 2238 - */ 2239 2239 - if (data_size && 2240 2240 - WARN_ON_ONCE(user_backed_iter(&rqst[i].rq_iter))) 2241 2241 - return -EIO; 2242 2242 - 2243 2243 - /* We also don't want to have any extra refs or pins to clean 2244 2244 - * up in the sglist. 2245 2245 - */ 2246 2246 - if (data_size && 2247 2247 - WARN_ON_ONCE(iov_iter_extract_will_pin(&rqst[i].rq_iter))) 2248 2248 - return -EIO; 2249 2249 - 2250 2250 - for (j = 0; j < rqst[i].rq_nvec; j++) { 2251 2251 - struct kvec *iov = &rqst[i].rq_iov[j]; 2252 2252 - 2253 2253 - addr = (unsigned long)iov->iov_base + skip; 2254 2254 - if (is_vmalloc_or_module_addr((void *)addr)) { 2255 2255 - len = iov->iov_len - skip; 2256 2256 - nents += DIV_ROUND_UP(offset_in_page(addr) + len, 2257 2257 - PAGE_SIZE); 2258 2258 - } else { 2259 2259 - nents++; 2260 2260 - } 2261 2261 - skip = 0; 2262 2262 - } 2263 2263 - if (data_size) 2264 2264 - nents += iov_iter_npages(&rqst[i].rq_iter, INT_MAX); 2265 2265 - } 2266 2266 - nents += DIV_ROUND_UP(offset_in_page(sig) + SMB2_SIGNATURE_SIZE, PAGE_SIZE); 2267 2267 - return nents; 2268 2268 - } 2269 2269 - 2270 2270 - /* We can not use the normal sg_set_buf() as we will sometimes pass a 2271 2271 - * stack object as buf. 2272 2272 - */ 2273 2273 - static inline void cifs_sg_set_buf(struct sg_table *sgtable, 2274 2274 - const void *buf, 2275 2275 - unsigned int buflen) 2276 2276 - { 2277 2277 - unsigned long addr = (unsigned long)buf; 2278 2278 - unsigned int off = offset_in_page(addr); 2279 2279 - 2280 2280 - addr &= PAGE_MASK; 2281 2281 - if (is_vmalloc_or_module_addr((void *)addr)) { 2282 2282 - do { 2283 2283 - unsigned int len = min_t(unsigned int, buflen, PAGE_SIZE - off); 2284 2284 - 2285 2285 - sg_set_page(&sgtable->sgl[sgtable->nents++], 2286 2286 - vmalloc_to_page((void *)addr), len, off); 2287 2287 - 2288 2288 - off = 0; 2289 2289 - addr += PAGE_SIZE; 2290 2290 - buflen -= len; 2291 2291 - } while (buflen); 2292 2292 - } else { 2293 2293 - sg_set_page(&sgtable->sgl[sgtable->nents++], 2294 2294 - virt_to_page((void *)addr), buflen, off); 2295 2295 - } 2296 2296 - } 2297 2297 - 2298 2205 #define CIFS_OPARMS(_cifs_sb, _tcon, _path, _da, _cd, _co, _mode) \ 2299 2206 ((struct cifs_open_parms) { \ 2300 2207 .tcon = _tcon, \ ··· 2268 2351 * Execute mid callback atomically - ensures callback runs exactly once 2269 2352 * and prevents sleeping in atomic context. 2270 2353 */ 2271 2271 - static inline void mid_execute_callback(struct mid_q_entry *mid) 2354 2354 + static inline void mid_execute_callback(struct TCP_Server_Info *server, 2355 2355 + struct mid_q_entry *mid) 2272 2356 { 2273 2273 - void (*callback)(struct mid_q_entry *mid); 2357 2357 + mid_callback_t callback; 2274 2358 2275 2359 spin_lock(&mid->mid_lock); 2276 2360 callback = mid->callback; ··· 2279 2361 spin_unlock(&mid->mid_lock); 2280 2362 2281 2363 if (callback) 2282 2282 - callback(mid); 2364 2364 + callback(server, mid); 2283 2365 } 2284 2366 2285 2367 #define CIFS_REPARSE_SUPPORT(tcon) \ 2286 2368 ((tcon)->posix_extensions || \ 2287 2369 (le32_to_cpu((tcon)->fsAttrInfo.Attributes) & \ 2288 2370 FILE_SUPPORTS_REPARSE_POINTS)) 2371 2371 + 2372 2372 + struct cifs_calc_sig_ctx { 2373 2373 + struct md5_ctx *md5; 2374 2374 + struct hmac_sha256_ctx *hmac; 2375 2375 + struct shash_desc *shash; 2376 2376 + }; 2377 2377 + 2378 2378 + #define CIFS_RECONN_DELAY_SECS 30 2379 2379 + #define CIFS_MAX_RECONN_DELAY (4 * CIFS_RECONN_DELAY_SECS) 2380 2380 + 2381 2381 + static inline void cifs_queue_server_reconn(struct TCP_Server_Info *server) 2382 2382 + { 2383 2383 + if (!delayed_work_pending(&server->reconnect)) { 2384 2384 + WRITE_ONCE(server->reconn_delay, 0); 2385 2385 + mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 2386 2386 + } 2387 2387 + } 2388 2388 + 2389 2389 + static inline void cifs_requeue_server_reconn(struct TCP_Server_Info *server) 2390 2390 + { 2391 2391 + unsigned long delay = READ_ONCE(server->reconn_delay); 2392 2392 + 2393 2393 + delay = umin(delay + CIFS_RECONN_DELAY_SECS, CIFS_MAX_RECONN_DELAY); 2394 2394 + WRITE_ONCE(server->reconn_delay, delay); 2395 2395 + queue_delayed_work(cifsiod_wq, &server->reconnect, delay * HZ); 2396 2396 + } 2289 2397 2290 2398 #endif /* _CIFS_GLOB_H */

+1 -1

fs/smb/client/cifspdu.h

reviewed

··· 90 90 91 91 /* future chained NTCreateXReadX bigger, but for time being NTCreateX biggest */ 92 92 /* among the requests (NTCreateX response is bigger with wct of 34) */ 93 93 - #define MAX_CIFS_HDR_SIZE 0x58 /* 4 len + 32 hdr + (2*24 wct) + 2 bct + 2 pad */ 93 93 + #define MAX_CIFS_HDR_SIZE 0x54 /* 32 hdr + (2*24 wct) + 2 bct + 2 pad */ 94 94 #define CIFS_SMALL_PATH 120 /* allows for (448-88)/3 */ 95 95 96 96 /* internal cifs vfs structures */

+149 -55

fs/smb/client/cifsproto.h

reviewed

··· 30 30 extern struct smb_hdr *cifs_small_buf_get(void); 31 31 extern void cifs_small_buf_release(void *); 32 32 extern void free_rsp_buf(int, void *); 33 33 - extern int smb_send(struct TCP_Server_Info *, struct smb_hdr *, 34 34 - unsigned int /* length */); 35 33 extern int smb_send_kvec(struct TCP_Server_Info *server, 36 34 struct msghdr *msg, 37 35 size_t *sent); ··· 80 82 struct cifs_sb_info *cifs_sb, 81 83 struct cifs_tcon *tcon, 82 84 int add_treename); 83 83 - extern char *build_wildcard_path_from_dentry(struct dentry *direntry); 84 85 char *cifs_build_devname(char *nodename, const char *prepath); 85 85 - extern void delete_mid(struct mid_q_entry *mid); 86 86 - void __release_mid(struct kref *refcount); 87 87 - extern void cifs_wake_up_task(struct mid_q_entry *mid); 86 86 + void delete_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid); 87 87 + void __release_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid); 88 88 + void cifs_wake_up_task(struct TCP_Server_Info *server, struct mid_q_entry *mid); 88 89 extern int cifs_handle_standard(struct TCP_Server_Info *server, 89 90 struct mid_q_entry *mid); 90 91 extern char *smb3_fs_context_fullpath(const struct smb3_fs_context *ctx, ··· 94 97 extern bool cifs_match_ipaddr(struct sockaddr *srcaddr, struct sockaddr *rhs); 95 98 extern int cifs_discard_remaining_data(struct TCP_Server_Info *server); 96 99 extern int cifs_call_async(struct TCP_Server_Info *server, 97 97 - struct smb_rqst *rqst, 98 98 - mid_receive_t *receive, mid_callback_t *callback, 99 99 - mid_handle_t *handle, void *cbdata, const int flags, 100 100 - const struct cifs_credits *exist_credits); 100 100 + struct smb_rqst *rqst, 101 101 + mid_receive_t receive, mid_callback_t callback, 102 102 + mid_handle_t handle, void *cbdata, const int flags, 103 103 + const struct cifs_credits *exist_credits); 101 104 extern struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses); 102 105 extern int cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 103 106 struct TCP_Server_Info *server, ··· 108 111 const int flags, const int num_rqst, 109 112 struct smb_rqst *rqst, int *resp_buf_type, 110 113 struct kvec *resp_iov); 111 111 - extern int SendReceive(const unsigned int /* xid */ , struct cifs_ses *, 112 112 - struct smb_hdr * /* input */ , 113 113 - struct smb_hdr * /* out */ , 114 114 - int * /* bytes returned */ , const int); 115 115 - extern int SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 116 116 - char *in_buf, int flags); 114 114 + int SendReceive(const unsigned int xid, struct cifs_ses *ses, 115 115 + struct smb_hdr *in_buf, unsigned int in_len, 116 116 + struct smb_hdr *out_buf, int *pbytes_returned, const int flags); 117 117 + int SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 118 118 + char *in_buf, unsigned int in_len, int flags); 117 119 int cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server); 118 118 - extern struct mid_q_entry *cifs_setup_request(struct cifs_ses *, 119 119 - struct TCP_Server_Info *, 120 120 - struct smb_rqst *); 121 121 - extern struct mid_q_entry *cifs_setup_async_request(struct TCP_Server_Info *, 122 122 - struct smb_rqst *); 120 120 + struct mid_q_entry *cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 121 121 + struct smb_rqst *rqst); 122 122 + struct mid_q_entry *cifs_setup_async_request(struct TCP_Server_Info *server, 123 123 + struct smb_rqst *rqst); 123 124 int __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 124 125 struct smb_rqst *rqst); 125 126 extern int cifs_check_receive(struct mid_q_entry *mid, ··· 129 134 struct cifs_credits *credits); 130 135 131 136 static inline int 132 132 - send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 133 133 - struct mid_q_entry *mid) 137 137 + send_cancel(struct cifs_ses *ses, struct TCP_Server_Info *server, 138 138 + struct smb_rqst *rqst, struct mid_q_entry *mid, 139 139 + unsigned int xid) 134 140 { 135 141 return server->ops->send_cancel ? 136 136 - server->ops->send_cancel(server, rqst, mid) : 0; 142 142 + server->ops->send_cancel(ses, server, rqst, mid, xid) : 0; 137 143 } 138 144 139 145 int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ); ··· 142 146 struct kvec *, int /* nvec to send */, 143 147 int * /* type of buf returned */, const int flags, 144 148 struct kvec * /* resp vec */); 145 145 - extern int SendReceiveBlockingLock(const unsigned int xid, 146 146 - struct cifs_tcon *ptcon, 147 147 - struct smb_hdr *in_buf, 148 148 - struct smb_hdr *out_buf, 149 149 - int *bytes_returned); 150 149 151 150 void smb2_query_server_interfaces(struct work_struct *work); 152 151 void ··· 152 161 bool mark_smb_session); 153 162 extern int cifs_reconnect(struct TCP_Server_Info *server, 154 163 bool mark_smb_session); 155 155 - extern int checkSMB(char *buf, unsigned int len, struct TCP_Server_Info *srvr); 164 164 + int checkSMB(char *buf, unsigned int pdu_len, unsigned int len, 165 165 + struct TCP_Server_Info *srvr); 156 166 extern bool is_valid_oplock_break(char *, struct TCP_Server_Info *); 157 167 extern bool backup_cred(struct cifs_sb_info *); 158 168 extern bool is_size_safe_to_change(struct cifsInodeInfo *cifsInode, __u64 eof, 159 169 bool from_readdir); 160 160 - extern void cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset, 161 161 - unsigned int bytes_written); 162 170 void cifs_write_subrequest_terminated(struct cifs_io_subrequest *wdata, ssize_t result); 163 171 extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, int); 164 172 extern int cifs_get_writable_file(struct cifsInodeInfo *cifs_inode, ··· 177 187 extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len); 178 188 extern void cifs_set_port(struct sockaddr *addr, const unsigned short int port); 179 189 extern int map_smb_to_linux_error(char *buf, bool logErr); 180 180 - extern int map_and_check_smb_error(struct mid_q_entry *mid, bool logErr); 181 181 - extern void header_assemble(struct smb_hdr *, char /* command */ , 182 182 - const struct cifs_tcon *, int /* length of 183 183 - fixed section (word count) in two byte units */); 190 190 + extern int map_and_check_smb_error(struct TCP_Server_Info *server, 191 191 + struct mid_q_entry *mid, bool logErr); 192 192 + unsigned int header_assemble(struct smb_hdr *buffer, char smb_command, 193 193 + const struct cifs_tcon *treeCon, int word_count 194 194 + /* length of fixed section word count in two byte units */); 184 195 extern int small_smb_init_no_tc(const int smb_cmd, const int wct, 185 196 struct cifs_ses *ses, 186 197 void **request_buf); 187 187 - extern enum securityEnum select_sectype(struct TCP_Server_Info *server, 188 188 - enum securityEnum requested); 189 198 extern int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses, 190 199 struct TCP_Server_Info *server, 191 200 const struct nls_table *nls_cp); ··· 259 270 __u64 nmode); 260 271 extern unsigned int setup_special_user_owner_ACE(struct smb_ace *pace); 261 272 262 262 - extern void dequeue_mid(struct mid_q_entry *mid, bool malformed); 273 273 + void dequeue_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid, bool malformed); 263 274 extern int cifs_read_from_socket(struct TCP_Server_Info *server, char *buf, 264 275 unsigned int to_read); 265 276 extern ssize_t cifs_discard_from_socket(struct TCP_Server_Info *server, ··· 554 565 555 566 extern int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server, 556 567 __u32 *pexpected_response_sequence_number); 557 557 - extern int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *, 558 558 - __u32 *); 559 559 - extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *); 560 560 - extern int cifs_verify_signature(struct smb_rqst *rqst, 561 561 - struct TCP_Server_Info *server, 562 562 - __u32 expected_sequence_number); 568 568 + int cifs_verify_signature(struct smb_rqst *rqst, 569 569 + struct TCP_Server_Info *server, 570 570 + __u32 expected_sequence_number); 563 571 extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *); 564 572 extern void cifs_crypto_secmech_release(struct TCP_Server_Info *server); 565 573 extern int calc_seckey(struct cifs_ses *); ··· 589 603 const struct nls_table *nls_codepage, int remap); 590 604 extern int CIFSGetExtAttr(const unsigned int xid, struct cifs_tcon *tcon, 591 605 const int netfid, __u64 *pExtAttrBits, __u64 *pMask); 592 592 - #endif /* CIFS_ALLOW_INSECURE_LEGACY */ 606 606 + #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 593 607 extern void cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb); 594 608 extern bool couldbe_mf_symlink(const struct cifs_fattr *fattr); 595 609 extern int check_mf_symlink(unsigned int xid, struct cifs_tcon *tcon, ··· 621 635 struct cifs_sb_info *cifs_sb, 622 636 const unsigned char *path, char *pbuf, 623 637 unsigned int *pbytes_written); 624 624 - struct cifs_calc_sig_ctx { 625 625 - struct md5_ctx *md5; 626 626 - struct hmac_sha256_ctx *hmac; 627 627 - struct shash_desc *shash; 628 628 - }; 629 638 int __cifs_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server, 630 639 char *signature, struct cifs_calc_sig_ctx *ctx); 631 640 enum securityEnum cifs_select_sectype(struct TCP_Server_Info *, ··· 630 649 void cifs_free_hash(struct shash_desc **sdesc); 631 650 632 651 int cifs_try_adding_channels(struct cifs_ses *ses); 652 652 + int smb3_update_ses_channels(struct cifs_ses *ses, struct TCP_Server_Info *server, 653 653 + bool from_reconnect, bool disable_mchan); 633 654 bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface); 634 634 - void cifs_ses_mark_for_reconnect(struct cifs_ses *ses); 635 655 636 656 int 637 657 cifs_ses_get_chan_index(struct cifs_ses *ses, ··· 656 674 cifs_chan_is_iface_active(struct cifs_ses *ses, 657 675 struct TCP_Server_Info *server); 658 676 void 659 659 - cifs_disable_secondary_channels(struct cifs_ses *ses); 677 677 + cifs_decrease_secondary_channels(struct cifs_ses *ses, bool disable_mchan); 660 678 void 661 679 cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server); 662 680 int ··· 759 777 return true; 760 778 } 761 779 762 762 - static inline void release_mid(struct mid_q_entry *mid) 780 780 + static inline void smb_get_mid(struct mid_q_entry *mid) 763 781 { 764 764 - kref_put(&mid->refcount, __release_mid); 782 782 + refcount_inc(&mid->refcount); 783 783 + } 784 784 + 785 785 + static inline void release_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid) 786 786 + { 787 787 + if (refcount_dec_and_test(&mid->refcount)) 788 788 + __release_mid(server, mid); 765 789 } 766 790 767 791 static inline void cifs_free_open_info(struct cifs_open_info_data *data) ··· 775 787 kfree(data->symlink_target); 776 788 free_rsp_buf(data->reparse.io.buftype, data->reparse.io.iov.iov_base); 777 789 memset(data, 0, sizeof(*data)); 790 790 + } 791 791 + 792 792 + static inline int smb_EIO(enum smb_eio_trace trace) 793 793 + { 794 794 + trace_smb3_eio(trace, 0, 0); 795 795 + return -EIO; 796 796 + } 797 797 + 798 798 + static inline int smb_EIO1(enum smb_eio_trace trace, unsigned long info) 799 799 + { 800 800 + trace_smb3_eio(trace, info, 0); 801 801 + return -EIO; 802 802 + } 803 803 + 804 804 + static inline int smb_EIO2(enum smb_eio_trace trace, unsigned long info, unsigned long info2) 805 805 + { 806 806 + trace_smb3_eio(trace, info, info2); 807 807 + return -EIO; 808 808 + } 809 809 + 810 810 + static inline int cifs_get_num_sgs(const struct smb_rqst *rqst, 811 811 + int num_rqst, 812 812 + const u8 *sig) 813 813 + { 814 814 + unsigned int len, skip; 815 815 + unsigned int nents = 0; 816 816 + unsigned long addr; 817 817 + size_t data_size; 818 818 + int i, j; 819 819 + 820 820 + /* 821 821 + * The first rqst has a transform header where the first 20 bytes are 822 822 + * not part of the encrypted blob. 823 823 + */ 824 824 + skip = 20; 825 825 + 826 826 + /* Assumes the first rqst has a transform header as the first iov. 827 827 + * I.e. 828 828 + * rqst[0].rq_iov[0] is transform header 829 829 + * rqst[0].rq_iov[1+] data to be encrypted/decrypted 830 830 + * rqst[1+].rq_iov[0+] data to be encrypted/decrypted 831 831 + */ 832 832 + for (i = 0; i < num_rqst; i++) { 833 833 + data_size = iov_iter_count(&rqst[i].rq_iter); 834 834 + 835 835 + /* We really don't want a mixture of pinned and unpinned pages 836 836 + * in the sglist. It's hard to keep track of which is what. 837 837 + * Instead, we convert to a BVEC-type iterator higher up. 838 838 + */ 839 839 + if (data_size && 840 840 + WARN_ON_ONCE(user_backed_iter(&rqst[i].rq_iter))) 841 841 + return smb_EIO(smb_eio_trace_user_iter); 842 842 + 843 843 + /* We also don't want to have any extra refs or pins to clean 844 844 + * up in the sglist. 845 845 + */ 846 846 + if (data_size && 847 847 + WARN_ON_ONCE(iov_iter_extract_will_pin(&rqst[i].rq_iter))) 848 848 + return smb_EIO(smb_eio_trace_extract_will_pin); 849 849 + 850 850 + for (j = 0; j < rqst[i].rq_nvec; j++) { 851 851 + struct kvec *iov = &rqst[i].rq_iov[j]; 852 852 + 853 853 + addr = (unsigned long)iov->iov_base + skip; 854 854 + if (is_vmalloc_or_module_addr((void *)addr)) { 855 855 + len = iov->iov_len - skip; 856 856 + nents += DIV_ROUND_UP(offset_in_page(addr) + len, 857 857 + PAGE_SIZE); 858 858 + } else { 859 859 + nents++; 860 860 + } 861 861 + skip = 0; 862 862 + } 863 863 + if (data_size) 864 864 + nents += iov_iter_npages(&rqst[i].rq_iter, INT_MAX); 865 865 + } 866 866 + nents += DIV_ROUND_UP(offset_in_page(sig) + SMB2_SIGNATURE_SIZE, PAGE_SIZE); 867 867 + return nents; 868 868 + } 869 869 + 870 870 + /* We can not use the normal sg_set_buf() as we will sometimes pass a 871 871 + * stack object as buf. 872 872 + */ 873 873 + static inline void cifs_sg_set_buf(struct sg_table *sgtable, 874 874 + const void *buf, 875 875 + unsigned int buflen) 876 876 + { 877 877 + unsigned long addr = (unsigned long)buf; 878 878 + unsigned int off = offset_in_page(addr); 879 879 + 880 880 + addr &= PAGE_MASK; 881 881 + if (is_vmalloc_or_module_addr((void *)addr)) { 882 882 + do { 883 883 + unsigned int len = min_t(unsigned int, buflen, PAGE_SIZE - off); 884 884 + 885 885 + sg_set_page(&sgtable->sgl[sgtable->nents++], 886 886 + vmalloc_to_page((void *)addr), len, off); 887 887 + 888 888 + off = 0; 889 889 + addr += PAGE_SIZE; 890 890 + buflen -= len; 891 891 + } while (buflen); 892 892 + } else { 893 893 + sg_set_page(&sgtable->sgl[sgtable->nents++], 894 894 + virt_to_page((void *)addr), buflen, off); 895 895 + } 778 896 } 779 897 780 898 #endif /* _CIFSPROTO_H */

+523 -390

fs/smb/client/cifssmb.c

reviewed

··· 226 226 small_smb_init(int smb_command, int wct, struct cifs_tcon *tcon, 227 227 void **request_buf) 228 228 { 229 229 + unsigned int in_len; 229 230 int rc; 230 231 231 232 rc = cifs_reconnect_tcon(tcon, smb_command); ··· 239 238 return -ENOMEM; 240 239 } 241 240 242 242 - header_assemble((struct smb_hdr *) *request_buf, smb_command, 243 243 - tcon, wct); 241 241 + in_len = header_assemble((struct smb_hdr *) *request_buf, smb_command, 242 242 + tcon, wct); 244 243 245 244 if (tcon != NULL) 246 245 cifs_stats_inc(&tcon->num_smbs_sent); 247 246 248 248 - return 0; 247 247 + return in_len; 249 248 } 250 249 251 250 int ··· 256 255 struct smb_hdr *buffer; 257 256 258 257 rc = small_smb_init(smb_command, wct, NULL, request_buf); 259 259 - if (rc) 258 258 + if (rc < 0) 260 259 return rc; 261 260 262 261 buffer = (struct smb_hdr *)*request_buf; ··· 279 278 __smb_init(int smb_command, int wct, struct cifs_tcon *tcon, 280 279 void **request_buf, void **response_buf) 281 280 { 281 281 + unsigned int in_len; 282 282 + 282 283 *request_buf = cifs_buf_get(); 283 284 if (*request_buf == NULL) { 284 285 /* BB should we add a retry in here if not a writepage? */ ··· 293 290 if (response_buf) 294 291 *response_buf = *request_buf; 295 292 296 296 - header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon, 297 297 - wct); 293 293 + in_len = header_assemble((struct smb_hdr *)*request_buf, smb_command, tcon, 294 294 + wct); 298 295 299 296 if (tcon != NULL) 300 297 cifs_stats_inc(&tcon->num_smbs_sent); 301 298 302 302 - return 0; 299 299 + return in_len; 303 300 } 304 301 305 302 /* If the return code is zero, this function must fill in request_buf pointer */ ··· 373 370 374 371 count = get_bcc(&pSMBr->hdr); 375 372 if (count < SMB1_CLIENT_GUID_SIZE) 376 376 - return -EIO; 373 373 + return smb_EIO2(smb_eio_trace_neg_sec_blob_too_small, 374 374 + count, SMB1_CLIENT_GUID_SIZE); 377 375 378 376 spin_lock(&cifs_tcp_ses_lock); 379 377 if (server->srv_count > 1) { ··· 425 421 { 426 422 SMB_NEGOTIATE_REQ *pSMB; 427 423 SMB_NEGOTIATE_RSP *pSMBr; 424 424 + unsigned int in_len; 428 425 int rc = 0; 429 426 int bytes_returned; 430 427 int i; ··· 433 428 434 429 if (!server) { 435 430 WARN(1, "%s: server is NULL!\n", __func__); 436 436 - return -EIO; 431 431 + return smb_EIO(smb_eio_trace_null_pointers); 437 432 } 438 433 439 434 rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ , 440 435 (void **) &pSMB, (void **) &pSMBr); 441 441 - if (rc) 436 436 + if (rc < 0) 442 437 return rc; 438 438 + in_len = rc; 443 439 444 440 pSMB->hdr.Mid = get_next_mid(server); 445 441 pSMB->hdr.Flags2 |= SMBFLG2_ERR_STATUS; ··· 464 458 memcpy(&pSMB->DialectsArray[count], protocols[i].name, len); 465 459 count += len; 466 460 } 467 467 - inc_rfc1001_len(pSMB, count); 461 461 + in_len += count; 468 462 pSMB->ByteCount = cpu_to_le16(count); 469 463 470 470 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, 464 464 + rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, in_len, 471 465 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 472 466 if (rc != 0) 473 467 goto neg_err_exit; ··· 517 511 server->negflavor = CIFS_NEGFLAVOR_EXTENDED; 518 512 rc = decode_ext_sec_blob(ses, pSMBr); 519 513 } else if (server->sec_mode & SECMODE_PW_ENCRYPT) { 520 520 - rc = -EIO; /* no crypt key only if plain text pwd */ 514 514 + /* no crypt key only if plain text pwd */ 515 515 + rc = smb_EIO(smb_eio_trace_neg_no_crypt_key); 521 516 } else { 522 517 server->negflavor = CIFS_NEGFLAVOR_UNENCAP; 523 518 server->capabilities &= ~CAP_EXTENDED_SECURITY; ··· 537 530 CIFSSMBTDis(const unsigned int xid, struct cifs_tcon *tcon) 538 531 { 539 532 struct smb_hdr *smb_buffer; 533 533 + unsigned int in_len; 540 534 int rc = 0; 541 535 542 536 cifs_dbg(FYI, "In tree disconnect\n"); 543 537 544 538 /* BB: do we need to check this? These should never be NULL. */ 545 539 if ((tcon->ses == NULL) || (tcon->ses->server == NULL)) 546 546 - return -EIO; 540 540 + return smb_EIO(smb_eio_trace_null_pointers); 547 541 548 542 /* 549 543 * No need to return error on this operation if tid invalidated and ··· 555 547 spin_lock(&tcon->ses->chan_lock); 556 548 if ((tcon->need_reconnect) || CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses)) { 557 549 spin_unlock(&tcon->ses->chan_lock); 558 558 - return -EIO; 550 550 + return smb_EIO(smb_eio_trace_tdis_in_reconnect); 559 551 } 560 552 spin_unlock(&tcon->ses->chan_lock); 561 553 562 554 rc = small_smb_init(SMB_COM_TREE_DISCONNECT, 0, tcon, 563 555 (void **)&smb_buffer); 564 564 - if (rc) 556 556 + if (rc < 0) 565 557 return rc; 558 558 + in_len = rc; 566 559 567 567 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *)smb_buffer, 0); 560 560 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *)smb_buffer, in_len, 0); 568 561 cifs_small_buf_release(smb_buffer); 569 562 if (rc) 570 563 cifs_dbg(FYI, "Tree disconnect failed %d\n", rc); ··· 586 577 * FIXME: maybe we should consider checking that the reply matches request? 587 578 */ 588 579 static void 589 589 - cifs_echo_callback(struct mid_q_entry *mid) 580 580 + cifs_echo_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 590 581 { 591 591 - struct TCP_Server_Info *server = mid->callback_data; 592 582 struct cifs_credits credits = { .value = 1, .instance = 0 }; 593 583 594 594 - release_mid(mid); 584 584 + release_mid(server, mid); 595 585 add_credits(server, &credits, CIFS_ECHO_OP); 596 586 } 597 587 ··· 599 591 { 600 592 ECHO_REQ *smb; 601 593 int rc = 0; 602 602 - struct kvec iov[2]; 603 603 - struct smb_rqst rqst = { .rq_iov = iov, 604 604 - .rq_nvec = 2 }; 594 594 + struct kvec iov[1]; 595 595 + struct smb_rqst rqst = { 596 596 + .rq_iov = iov, 597 597 + .rq_nvec = ARRAY_SIZE(iov), 598 598 + }; 599 599 + unsigned int in_len; 605 600 606 601 cifs_dbg(FYI, "In echo request\n"); 607 602 608 603 rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb); 609 609 - if (rc) 604 604 + if (rc < 0) 610 605 return rc; 606 606 + in_len = rc; 611 607 612 608 if (server->capabilities & CAP_UNICODE) 613 609 smb->hdr.Flags2 |= SMBFLG2_UNICODE; ··· 622 610 put_unaligned_le16(1, &smb->EchoCount); 623 611 put_bcc(1, &smb->hdr); 624 612 smb->Data[0] = 'a'; 625 625 - inc_rfc1001_len(smb, 3); 613 613 + in_len += 3; 626 614 627 627 - iov[0].iov_len = 4; 615 615 + iov[0].iov_len = in_len; 628 616 iov[0].iov_base = smb; 629 629 - iov[1].iov_len = get_rfc1002_len(smb); 630 630 - iov[1].iov_base = (char *)smb + 4; 631 617 632 618 rc = cifs_call_async(server, &rqst, NULL, cifs_echo_callback, NULL, 633 619 server, CIFS_NON_BLOCKING | CIFS_ECHO_OP, NULL); ··· 641 631 CIFSSMBLogoff(const unsigned int xid, struct cifs_ses *ses) 642 632 { 643 633 LOGOFF_ANDX_REQ *pSMB; 634 634 + unsigned int in_len; 644 635 int rc = 0; 645 636 646 637 cifs_dbg(FYI, "In SMBLogoff for session disconnect\n"); ··· 652 641 * should probably be a BUG() 653 642 */ 654 643 if (!ses || !ses->server) 655 655 - return -EIO; 644 644 + return smb_EIO(smb_eio_trace_null_pointers); 656 645 657 646 mutex_lock(&ses->session_mutex); 658 647 spin_lock(&ses->chan_lock); ··· 664 653 spin_unlock(&ses->chan_lock); 665 654 666 655 rc = small_smb_init(SMB_COM_LOGOFF_ANDX, 2, NULL, (void **)&pSMB); 667 667 - if (rc) { 656 656 + if (rc < 0) { 668 657 mutex_unlock(&ses->session_mutex); 669 658 return rc; 670 659 } 660 660 + in_len = rc; 671 661 672 662 pSMB->hdr.Mid = get_next_mid(ses->server); 673 663 ··· 678 666 pSMB->hdr.Uid = ses->Suid; 679 667 680 668 pSMB->AndXCommand = 0xFF; 681 681 - rc = SendReceiveNoRsp(xid, ses, (char *) pSMB, 0); 669 669 + rc = SendReceiveNoRsp(xid, ses, (char *) pSMB, in_len, 0); 682 670 cifs_small_buf_release(pSMB); 683 671 session_already_dead: 684 672 mutex_unlock(&ses->session_mutex); ··· 699 687 TRANSACTION2_SPI_REQ *pSMB = NULL; 700 688 TRANSACTION2_SPI_RSP *pSMBr = NULL; 701 689 struct unlink_psx_rq *pRqD; 690 690 + unsigned int in_len; 702 691 int name_len; 703 692 int rc = 0; 704 693 int bytes_returned = 0; ··· 709 696 PsxDelete: 710 697 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 711 698 (void **) &pSMBr); 712 712 - if (rc) 699 699 + if (rc < 0) 713 700 return rc; 701 701 + in_len = rc; 714 702 715 703 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 716 704 name_len = ··· 732 718 pSMB->Timeout = 0; 733 719 pSMB->Reserved2 = 0; 734 720 param_offset = offsetof(struct smb_com_transaction2_spi_req, 735 735 - InformationLevel) - 4; 721 721 + InformationLevel); 736 722 offset = param_offset + params; 737 723 738 738 - /* Setup pointer to Request Data (inode type). 739 739 - * Note that SMB offsets are from the beginning of SMB which is 4 bytes 740 740 - * in, after RFC1001 field 741 741 - */ 742 742 - pRqD = (struct unlink_psx_rq *)((char *)(pSMB) + offset + 4); 724 724 + /* Setup pointer to Request Data (inode type). */ 725 725 + pRqD = (struct unlink_psx_rq *)((char *)(pSMB) + offset); 743 726 pRqD->type = cpu_to_le16(type); 744 727 pSMB->ParameterOffset = cpu_to_le16(param_offset); 745 728 pSMB->DataOffset = cpu_to_le16(offset); ··· 751 740 pSMB->TotalParameterCount = pSMB->ParameterCount; 752 741 pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_UNLINK); 753 742 pSMB->Reserved4 = 0; 754 754 - inc_rfc1001_len(pSMB, byte_count); 743 743 + in_len += byte_count; 755 744 pSMB->ByteCount = cpu_to_le16(byte_count); 756 756 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 745 745 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 757 746 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 758 747 if (rc) 759 748 cifs_dbg(FYI, "Posix delete returned %d\n", rc); ··· 773 762 { 774 763 DELETE_FILE_REQ *pSMB = NULL; 775 764 DELETE_FILE_RSP *pSMBr = NULL; 765 765 + unsigned int in_len; 776 766 int rc = 0; 777 767 int bytes_returned; 778 768 int name_len; ··· 782 770 DelFileRetry: 783 771 rc = smb_init(SMB_COM_DELETE, 1, tcon, (void **) &pSMB, 784 772 (void **) &pSMBr); 785 785 - if (rc) 773 773 + if (rc < 0) 786 774 return rc; 775 775 + in_len = rc; 787 776 788 777 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 789 778 name_len = cifsConvertToUTF16((__le16 *) pSMB->fileName, name, ··· 798 785 pSMB->SearchAttributes = 799 786 cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM); 800 787 pSMB->BufferFormat = 0x04; 801 801 - inc_rfc1001_len(pSMB, name_len + 1); 788 788 + in_len += name_len + 1; 802 789 pSMB->ByteCount = cpu_to_le16(name_len + 1); 803 803 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 790 790 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 804 791 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 805 792 cifs_stats_inc(&tcon->stats.cifs_stats.num_deletes); 806 793 if (rc) ··· 819 806 { 820 807 DELETE_DIRECTORY_REQ *pSMB = NULL; 821 808 DELETE_DIRECTORY_RSP *pSMBr = NULL; 809 809 + unsigned int in_len; 822 810 int rc = 0; 823 811 int bytes_returned; 824 812 int name_len; ··· 829 815 RmDirRetry: 830 816 rc = smb_init(SMB_COM_DELETE_DIRECTORY, 0, tcon, (void **) &pSMB, 831 817 (void **) &pSMBr); 832 832 - if (rc) 818 818 + if (rc < 0) 833 819 return rc; 820 820 + in_len = rc; 834 821 835 822 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 836 823 name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name, ··· 844 829 } 845 830 846 831 pSMB->BufferFormat = 0x04; 847 847 - inc_rfc1001_len(pSMB, name_len + 1); 832 832 + in_len += name_len + 1; 848 833 pSMB->ByteCount = cpu_to_le16(name_len + 1); 849 849 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 834 834 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 850 835 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 851 836 cifs_stats_inc(&tcon->stats.cifs_stats.num_rmdirs); 852 837 if (rc) ··· 866 851 int rc = 0; 867 852 CREATE_DIRECTORY_REQ *pSMB = NULL; 868 853 CREATE_DIRECTORY_RSP *pSMBr = NULL; 854 854 + unsigned int in_len; 869 855 int bytes_returned; 870 856 int name_len; 871 857 int remap = cifs_remap(cifs_sb); ··· 875 859 MkDirRetry: 876 860 rc = smb_init(SMB_COM_CREATE_DIRECTORY, 0, tcon, (void **) &pSMB, 877 861 (void **) &pSMBr); 878 878 - if (rc) 862 862 + if (rc < 0) 879 863 return rc; 864 864 + in_len = rc; 880 865 881 866 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 882 867 name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name, ··· 890 873 } 891 874 892 875 pSMB->BufferFormat = 0x04; 893 893 - inc_rfc1001_len(pSMB, name_len + 1); 876 876 + in_len += name_len + 1; 894 877 pSMB->ByteCount = cpu_to_le16(name_len + 1); 895 895 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 878 878 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 896 879 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 897 880 cifs_stats_inc(&tcon->stats.cifs_stats.num_mkdirs); 898 881 if (rc) ··· 913 896 { 914 897 TRANSACTION2_SPI_REQ *pSMB = NULL; 915 898 TRANSACTION2_SPI_RSP *pSMBr = NULL; 899 899 + unsigned int in_len; 916 900 int name_len; 917 901 int rc = 0; 918 902 int bytes_returned = 0; ··· 925 907 PsxCreat: 926 908 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 927 909 (void **) &pSMBr); 928 928 - if (rc) 910 910 + if (rc < 0) 929 911 return rc; 912 912 + in_len = rc; 930 913 931 914 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 932 915 name_len = ··· 949 930 pSMB->Timeout = 0; 950 931 pSMB->Reserved2 = 0; 951 932 param_offset = offsetof(struct smb_com_transaction2_spi_req, 952 952 - InformationLevel) - 4; 933 933 + InformationLevel); 953 934 offset = param_offset + params; 954 954 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 955 955 - pdata = (OPEN_PSX_REQ *)((char *)(pSMB) + offset + 4); 935 935 + pdata = (OPEN_PSX_REQ *)((char *)(pSMB) + offset); 956 936 pdata->Level = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 957 937 pdata->Permissions = cpu_to_le64(mode); 958 938 pdata->PosixOpenFlags = cpu_to_le32(posix_flags); ··· 969 951 pSMB->TotalParameterCount = pSMB->ParameterCount; 970 952 pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_OPEN); 971 953 pSMB->Reserved4 = 0; 972 972 - inc_rfc1001_len(pSMB, byte_count); 954 954 + in_len += byte_count; 973 955 pSMB->ByteCount = cpu_to_le16(byte_count); 974 974 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 956 956 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 975 957 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 976 958 if (rc) { 977 959 cifs_dbg(FYI, "Posix create returned %d\n", rc); ··· 982 964 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 983 965 984 966 if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) { 985 985 - rc = -EIO; /* bad smb */ 967 967 + rc = smb_EIO2(smb_eio_trace_create_rsp_too_small, 968 968 + get_bcc(&pSMBr->hdr), sizeof(OPEN_PSX_RSP)); 986 969 goto psx_create_err; 987 970 } 988 971 989 972 /* copy return information to pRetData */ 990 990 - psx_rsp = (OPEN_PSX_RSP *)((char *) &pSMBr->hdr.Protocol 991 991 - + le16_to_cpu(pSMBr->t2.DataOffset)); 973 973 + psx_rsp = (OPEN_PSX_RSP *) 974 974 + ((char *)pSMBr + le16_to_cpu(pSMBr->t2.DataOffset)); 992 975 993 976 *pOplock = le16_to_cpu(psx_rsp->OplockFlags); 994 977 if (netfid) ··· 1009 990 pRetData->Type = cpu_to_le32(-1); 1010 991 goto psx_create_err; 1011 992 } 1012 1012 - memcpy((char *) pRetData, 1013 1013 - (char *)psx_rsp + sizeof(OPEN_PSX_RSP), 1014 1014 - sizeof(FILE_UNIX_BASIC_INFO)); 993 993 + memcpy(pRetData, 994 994 + (char *)psx_rsp + sizeof(OPEN_PSX_RSP), 995 995 + sizeof(*pRetData)); 1015 996 } 1016 997 1017 998 psx_create_err: ··· 1098 1079 int rc; 1099 1080 OPENX_REQ *pSMB = NULL; 1100 1081 OPENX_RSP *pSMBr = NULL; 1082 1082 + unsigned int in_len; 1101 1083 int bytes_returned; 1102 1084 int name_len; 1103 1085 __u16 count; ··· 1106 1086 OldOpenRetry: 1107 1087 rc = smb_init(SMB_COM_OPEN_ANDX, 15, tcon, (void **) &pSMB, 1108 1088 (void **) &pSMBr); 1109 1109 - if (rc) 1089 1089 + if (rc < 0) 1110 1090 return rc; 1091 1091 + in_len = rc; 1111 1092 1112 1093 pSMB->AndXCommand = 0xFF; /* none */ 1113 1094 ··· 1151 1130 pSMB->Sattr = cpu_to_le16(ATTR_HIDDEN | ATTR_SYSTEM | ATTR_DIRECTORY); 1152 1131 pSMB->OpenFunction = cpu_to_le16(convert_disposition(openDisposition)); 1153 1132 count += name_len; 1154 1154 - inc_rfc1001_len(pSMB, count); 1133 1133 + in_len += count; 1155 1134 1156 1135 pSMB->ByteCount = cpu_to_le16(count); 1157 1157 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 1136 1136 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 1158 1137 (struct smb_hdr *)pSMBr, &bytes_returned, 0); 1159 1138 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens); 1160 1139 if (rc) { ··· 1212 1191 int desired_access = oparms->desired_access; 1213 1192 int disposition = oparms->disposition; 1214 1193 const char *path = oparms->path; 1194 1194 + unsigned int in_len; 1215 1195 1216 1196 openRetry: 1217 1197 rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req, 1218 1198 (void **)&rsp); 1219 1219 - if (rc) 1199 1199 + if (rc < 0) 1220 1200 return rc; 1201 1201 + in_len = rc; 1221 1202 1222 1203 /* no commands go after this */ 1223 1204 req->AndXCommand = 0xFF; ··· 1277 1254 req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY; 1278 1255 1279 1256 count += name_len; 1280 1280 - inc_rfc1001_len(req, count); 1257 1257 + in_len += count; 1281 1258 1282 1259 req->ByteCount = cpu_to_le16(count); 1283 1283 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req, 1260 1260 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req, in_len, 1284 1261 (struct smb_hdr *)rsp, &bytes_returned, 0); 1285 1262 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens); 1286 1263 if (rc) { ··· 1319 1296 } 1320 1297 1321 1298 static void 1322 1322 - cifs_readv_callback(struct mid_q_entry *mid) 1299 1299 + cifs_readv_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1323 1300 { 1324 1301 struct cifs_io_subrequest *rdata = mid->callback_data; 1325 1302 struct netfs_inode *ictx = netfs_inode(rdata->rreq->inode); 1326 1303 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 1327 1327 - struct TCP_Server_Info *server = tcon->ses->server; 1328 1304 struct smb_rqst rqst = { .rq_iov = rdata->iov, 1329 1329 - .rq_nvec = 2, 1305 1305 + .rq_nvec = 1, 1330 1306 .rq_iter = rdata->subreq.io_iter }; 1331 1307 struct cifs_credits credits = { 1332 1308 .value = 1, ··· 1374 1352 break; 1375 1353 case MID_RESPONSE_MALFORMED: 1376 1354 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_malformed); 1377 1377 - rdata->result = -EIO; 1355 1355 + rdata->result = smb_EIO(smb_eio_trace_read_rsp_malformed); 1378 1356 break; 1379 1357 default: 1380 1358 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_unknown); 1381 1381 - rdata->result = -EIO; 1359 1359 + rdata->result = smb_EIO1(smb_eio_trace_read_mid_state_unknown, 1360 1360 + mid->mid_state); 1382 1361 break; 1383 1362 } 1384 1363 ··· 1397 1374 } else { 1398 1375 size_t trans = rdata->subreq.transferred + rdata->got_bytes; 1399 1376 if (trans < rdata->subreq.len && 1400 1400 - rdata->subreq.start + trans == ictx->remote_i_size) { 1377 1377 + rdata->subreq.start + trans >= ictx->remote_i_size) { 1401 1378 rdata->result = 0; 1402 1379 __set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags); 1403 1380 } else if (rdata->got_bytes > 0) { ··· 1422 1399 rdata->subreq.transferred += rdata->got_bytes; 1423 1400 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_progress); 1424 1401 netfs_read_subreq_terminated(&rdata->subreq); 1425 1425 - release_mid(mid); 1402 1402 + release_mid(server, mid); 1426 1403 add_credits(server, &credits, 0); 1427 1404 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0, 1428 1405 server->credits, server->in_flight, ··· 1438 1415 int wct; 1439 1416 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 1440 1417 struct smb_rqst rqst = { .rq_iov = rdata->iov, 1441 1441 - .rq_nvec = 2 }; 1418 1418 + .rq_nvec = 1 }; 1419 1419 + unsigned int in_len; 1442 1420 1443 1421 cifs_dbg(FYI, "%s: offset=%llu bytes=%zu\n", 1444 1422 __func__, rdata->subreq.start, rdata->subreq.len); ··· 1450 1426 wct = 10; /* old style read */ 1451 1427 if ((rdata->subreq.start >> 32) > 0) { 1452 1428 /* can not handle this big offset for old */ 1453 1453 - return -EIO; 1429 1429 + return smb_EIO(smb_eio_trace_read_too_far); 1454 1430 } 1455 1431 } 1456 1432 1457 1433 rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb); 1458 1458 - if (rc) 1434 1434 + if (rc < 0) 1459 1435 return rc; 1436 1436 + in_len = rc; 1460 1437 1461 1438 smb->hdr.Pid = cpu_to_le16((__u16)rdata->req->pid); 1462 1439 smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->req->pid >> 16)); ··· 1481 1456 1482 1457 /* 4 for RFC1001 length + 1 for BCC */ 1483 1458 rdata->iov[0].iov_base = smb; 1484 1484 - rdata->iov[0].iov_len = 4; 1485 1485 - rdata->iov[1].iov_base = (char *)smb + 4; 1486 1486 - rdata->iov[1].iov_len = get_rfc1002_len(smb); 1459 1459 + rdata->iov[0].iov_len = in_len; 1487 1460 1488 1461 trace_smb3_read_enter(rdata->rreq->debug_id, 1489 1462 rdata->subreq.debug_index, ··· 1515 1492 __u16 netfid = io_parms->netfid; 1516 1493 __u64 offset = io_parms->offset; 1517 1494 struct cifs_tcon *tcon = io_parms->tcon; 1495 1495 + unsigned int in_len; 1518 1496 unsigned int count = io_parms->length; 1519 1497 1520 1498 cifs_dbg(FYI, "Reading %d bytes on fid %d\n", count, netfid); ··· 1525 1501 wct = 10; /* old style read */ 1526 1502 if ((offset >> 32) > 0) { 1527 1503 /* can not handle this big offset for old */ 1528 1528 - return -EIO; 1504 1504 + return smb_EIO(smb_eio_trace_read_too_far); 1529 1505 } 1530 1506 } 1531 1507 1532 1508 *nbytes = 0; 1533 1509 rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB); 1534 1534 - if (rc) 1510 1510 + if (rc < 0) 1535 1511 return rc; 1512 1512 + in_len = rc; 1536 1513 1537 1514 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1538 1515 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1561 1536 } 1562 1537 1563 1538 iov[0].iov_base = (char *)pSMB; 1564 1564 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 1539 1539 + iov[0].iov_len = in_len; 1565 1540 rc = SendReceive2(xid, tcon->ses, iov, 1, &resp_buf_type, 1566 1541 CIFS_LOG_ERROR, &rsp_iov); 1567 1542 cifs_small_buf_release(pSMB); ··· 1580 1555 || (data_length > count)) { 1581 1556 cifs_dbg(FYI, "bad length %d for count %d\n", 1582 1557 data_length, count); 1583 1583 - rc = -EIO; 1558 1558 + rc = smb_EIO2(smb_eio_trace_read_overlarge, 1559 1559 + data_length, count); 1584 1560 *nbytes = 0; 1585 1561 } else { 1586 1562 pReadData = (char *) (&pSMBr->hdr.Protocol) + ··· 1626 1600 __u16 netfid = io_parms->netfid; 1627 1601 __u64 offset = io_parms->offset; 1628 1602 struct cifs_tcon *tcon = io_parms->tcon; 1629 1629 - unsigned int count = io_parms->length; 1603 1603 + unsigned int count = io_parms->length, in_len; 1630 1604 1631 1605 *nbytes = 0; 1632 1606 ··· 1640 1614 wct = 12; 1641 1615 if ((offset >> 32) > 0) { 1642 1616 /* can not handle big offset for old srv */ 1643 1643 - return -EIO; 1617 1617 + return smb_EIO(smb_eio_trace_write_too_far); 1644 1618 } 1645 1619 } 1646 1620 1647 1621 rc = smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB, 1648 1622 (void **) &pSMBr); 1649 1649 - if (rc) 1623 1623 + if (rc < 0) 1650 1624 return rc; 1625 1625 + in_len = rc; 1651 1626 1652 1627 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1653 1628 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1681 1654 if (bytes_sent > count) 1682 1655 bytes_sent = count; 1683 1656 pSMB->DataOffset = 1684 1684 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1657 1657 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1685 1658 if (buf) 1686 1659 memcpy(pSMB->Data, buf, bytes_sent); 1687 1660 else if (count != 0) { ··· 1696 1669 1697 1670 pSMB->DataLengthLow = cpu_to_le16(bytes_sent & 0xFFFF); 1698 1671 pSMB->DataLengthHigh = cpu_to_le16(bytes_sent >> 16); 1699 1699 - inc_rfc1001_len(pSMB, byte_count); 1672 1672 + in_len += byte_count; 1700 1673 1701 1674 if (wct == 14) 1702 1675 pSMB->ByteCount = cpu_to_le16(byte_count); ··· 1707 1680 pSMBW->ByteCount = cpu_to_le16(byte_count); 1708 1681 } 1709 1682 1710 1710 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 1683 1683 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 1711 1684 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 1712 1685 cifs_stats_inc(&tcon->stats.cifs_stats.num_writes); 1713 1686 if (rc) { ··· 1739 1712 * workqueue completion task. 1740 1713 */ 1741 1714 static void 1742 1742 - cifs_writev_callback(struct mid_q_entry *mid) 1715 1715 + cifs_writev_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1743 1716 { 1744 1717 struct cifs_io_subrequest *wdata = mid->callback_data; 1745 1745 - struct TCP_Server_Info *server = wdata->server; 1746 1718 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 1747 1719 WRITE_RSP *smb = (WRITE_RSP *)mid->resp_buf; 1748 1720 struct cifs_credits credits = { ··· 1791 1765 break; 1792 1766 case MID_RESPONSE_MALFORMED: 1793 1767 trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_malformed); 1794 1794 - result = -EIO; 1768 1768 + result = smb_EIO(smb_eio_trace_write_rsp_malformed); 1795 1769 break; 1796 1770 default: 1797 1771 trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_unknown); 1798 1798 - result = -EIO; 1772 1772 + result = smb_EIO1(smb_eio_trace_write_mid_state_unknown, 1773 1773 + mid->mid_state); 1799 1774 break; 1800 1775 } 1801 1776 ··· 1806 1779 0, cifs_trace_rw_credits_write_response_clear); 1807 1780 wdata->credits.value = 0; 1808 1781 cifs_write_subrequest_terminated(wdata, result); 1809 1809 - release_mid(mid); 1782 1782 + release_mid(server, mid); 1810 1783 trace_smb3_rw_credits(credits.rreq_debug_id, credits.rreq_debug_index, 0, 1811 1784 server->credits, server->in_flight, 1812 1785 credits.value, cifs_trace_rw_credits_write_response_add); ··· 1818 1791 cifs_async_writev(struct cifs_io_subrequest *wdata) 1819 1792 { 1820 1793 int rc = -EACCES; 1821 1821 - WRITE_REQ *smb = NULL; 1794 1794 + WRITE_REQ *req = NULL; 1822 1795 int wct; 1823 1796 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 1824 1824 - struct kvec iov[2]; 1797 1797 + struct kvec iov[1]; 1825 1798 struct smb_rqst rqst = { }; 1799 1799 + unsigned int in_len; 1826 1800 1827 1801 if (tcon->ses->capabilities & CAP_LARGE_FILES) { 1828 1802 wct = 14; ··· 1831 1803 wct = 12; 1832 1804 if (wdata->subreq.start >> 32 > 0) { 1833 1805 /* can not handle big offset for old srv */ 1834 1834 - rc = -EIO; 1806 1806 + rc = smb_EIO(smb_eio_trace_write_too_far); 1835 1807 goto out; 1836 1808 } 1837 1809 } 1838 1810 1839 1839 - rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&smb); 1840 1840 - if (rc) 1811 1811 + rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&req); 1812 1812 + if (rc < 0) 1841 1813 goto async_writev_out; 1814 1814 + in_len = rc; 1842 1815 1843 1843 - smb->hdr.Pid = cpu_to_le16((__u16)wdata->req->pid); 1844 1844 - smb->hdr.PidHigh = cpu_to_le16((__u16)(wdata->req->pid >> 16)); 1816 1816 + req->hdr.Pid = cpu_to_le16((__u16)wdata->req->pid); 1817 1817 + req->hdr.PidHigh = cpu_to_le16((__u16)(wdata->req->pid >> 16)); 1845 1818 1846 1846 - smb->AndXCommand = 0xFF; /* none */ 1847 1847 - smb->Fid = wdata->req->cfile->fid.netfid; 1848 1848 - smb->OffsetLow = cpu_to_le32(wdata->subreq.start & 0xFFFFFFFF); 1819 1819 + req->AndXCommand = 0xFF; /* none */ 1820 1820 + req->Fid = wdata->req->cfile->fid.netfid; 1821 1821 + req->OffsetLow = cpu_to_le32(wdata->subreq.start & 0xFFFFFFFF); 1849 1822 if (wct == 14) 1850 1850 - smb->OffsetHigh = cpu_to_le32(wdata->subreq.start >> 32); 1851 1851 - smb->Reserved = 0xFFFFFFFF; 1852 1852 - smb->WriteMode = 0; 1853 1853 - smb->Remaining = 0; 1823 1823 + req->OffsetHigh = cpu_to_le32(wdata->subreq.start >> 32); 1824 1824 + req->Reserved = 0xFFFFFFFF; 1825 1825 + req->WriteMode = 0; 1826 1826 + req->Remaining = 0; 1854 1827 1855 1855 - smb->DataOffset = 1856 1856 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1828 1828 + req->DataOffset = 1829 1829 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1857 1830 1858 1858 - /* 4 for RFC1001 length + 1 for BCC */ 1859 1859 - iov[0].iov_len = 4; 1860 1860 - iov[0].iov_base = smb; 1861 1861 - iov[1].iov_len = get_rfc1002_len(smb) + 1; 1862 1862 - iov[1].iov_base = (char *)smb + 4; 1831 1831 + iov[0].iov_base = req; 1832 1832 + iov[0].iov_len = in_len + 1; /* +1 for BCC */ 1863 1833 1864 1834 rqst.rq_iov = iov; 1865 1865 - rqst.rq_nvec = 2; 1835 1835 + rqst.rq_nvec = 1; 1866 1836 rqst.rq_iter = wdata->subreq.io_iter; 1867 1837 1868 1838 cifs_dbg(FYI, "async write at %llu %zu bytes\n", 1869 1839 wdata->subreq.start, wdata->subreq.len); 1870 1840 1871 1871 - smb->DataLengthLow = cpu_to_le16(wdata->subreq.len & 0xFFFF); 1872 1872 - smb->DataLengthHigh = cpu_to_le16(wdata->subreq.len >> 16); 1841 1841 + req->DataLengthLow = cpu_to_le16(wdata->subreq.len & 0xFFFF); 1842 1842 + req->DataLengthHigh = cpu_to_le16(wdata->subreq.len >> 16); 1873 1843 1874 1844 if (wct == 14) { 1875 1875 - inc_rfc1001_len(&smb->hdr, wdata->subreq.len + 1); 1876 1876 - put_bcc(wdata->subreq.len + 1, &smb->hdr); 1845 1845 + in_len += wdata->subreq.len + 1; 1846 1846 + put_bcc(wdata->subreq.len + 1, &req->hdr); 1877 1847 } else { 1878 1848 /* wct == 12 */ 1879 1879 - struct smb_com_writex_req *smbw = 1880 1880 - (struct smb_com_writex_req *)smb; 1881 1881 - inc_rfc1001_len(&smbw->hdr, wdata->subreq.len + 5); 1882 1882 - put_bcc(wdata->subreq.len + 5, &smbw->hdr); 1883 1883 - iov[1].iov_len += 4; /* pad bigger by four bytes */ 1849 1849 + struct smb_com_writex_req *reqw = 1850 1850 + (struct smb_com_writex_req *)req; 1851 1851 + in_len += wdata->subreq.len + 5; 1852 1852 + put_bcc(wdata->subreq.len + 5, &reqw->hdr); 1853 1853 + iov[0].iov_len += 4; /* pad bigger by four bytes */ 1884 1854 } 1885 1855 1886 1856 rc = cifs_call_async(tcon->ses->server, &rqst, NULL, ··· 1888 1862 cifs_stats_inc(&tcon->stats.cifs_stats.num_writes); 1889 1863 1890 1864 async_writev_out: 1891 1891 - cifs_small_buf_release(smb); 1865 1865 + cifs_small_buf_release(req); 1892 1866 out: 1893 1867 if (rc) { 1894 1868 add_credits_and_wake_if(wdata->server, &wdata->credits, 0); ··· 1911 1885 struct cifs_tcon *tcon = io_parms->tcon; 1912 1886 unsigned int count = io_parms->length; 1913 1887 struct kvec rsp_iov; 1888 1888 + unsigned int in_len; 1914 1889 1915 1890 *nbytes = 0; 1916 1891 ··· 1923 1896 wct = 12; 1924 1897 if ((offset >> 32) > 0) { 1925 1898 /* can not handle big offset for old srv */ 1926 1926 - return -EIO; 1899 1899 + return smb_EIO(smb_eio_trace_write_too_far); 1927 1900 } 1928 1901 } 1929 1902 rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB); 1930 1930 - if (rc) 1903 1903 + if (rc < 0) 1931 1904 return rc; 1905 1905 + in_len = rc; 1932 1906 1933 1907 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1934 1908 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1948 1920 pSMB->Remaining = 0; 1949 1921 1950 1922 pSMB->DataOffset = 1951 1951 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1923 1923 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1952 1924 1953 1925 pSMB->DataLengthLow = cpu_to_le16(count & 0xFFFF); 1954 1926 pSMB->DataLengthHigh = cpu_to_le16(count >> 16); 1955 1927 /* header + 1 byte pad */ 1956 1956 - smb_hdr_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 1; 1928 1928 + smb_hdr_len = in_len + 1; 1957 1929 if (wct == 14) 1958 1958 - inc_rfc1001_len(pSMB, count + 1); 1930 1930 + in_len += count + 1; 1959 1931 else /* wct == 12 */ 1960 1960 - inc_rfc1001_len(pSMB, count + 5); /* smb data starts later */ 1932 1932 + in_len += count + 5; /* smb data starts later */ 1961 1933 if (wct == 14) 1962 1934 pSMB->ByteCount = cpu_to_le16(count + 1); 1963 1935 else /* wct == 12 */ /* bigger pad, smaller smb hdr, keep offset ok */ { ··· 1979 1951 cifs_dbg(FYI, "Send error Write2 = %d\n", rc); 1980 1952 } else if (resp_buf_type == 0) { 1981 1953 /* presumably this can not happen, but best to be safe */ 1982 1982 - rc = -EIO; 1954 1954 + rc = smb_EIO1(smb_eio_trace_write_bad_buf_type, resp_buf_type); 1983 1955 } else { 1984 1956 WRITE_RSP *pSMBr = (WRITE_RSP *)rsp_iov.iov_base; 1985 1957 *nbytes = le16_to_cpu(pSMBr->CountHigh); ··· 2011 1983 LOCK_REQ *pSMB = NULL; 2012 1984 struct kvec iov[2]; 2013 1985 struct kvec rsp_iov; 1986 1986 + unsigned int in_len; 2014 1987 int resp_buf_type; 2015 1988 __u16 count; 2016 1989 ··· 2019 1990 num_lock, num_unlock); 2020 1991 2021 1992 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB); 2022 2022 - if (rc) 1993 1993 + if (rc < 0) 2023 1994 return rc; 1995 1995 + in_len = rc; 2024 1996 2025 1997 pSMB->Timeout = 0; 2026 1998 pSMB->NumberOfLocks = cpu_to_le16(num_lock); ··· 2031 2001 pSMB->Fid = netfid; /* netfid stays le */ 2032 2002 2033 2003 count = (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); 2034 2034 - inc_rfc1001_len(pSMB, count); 2004 2004 + in_len += count; 2035 2005 pSMB->ByteCount = cpu_to_le16(count); 2036 2006 2037 2007 iov[0].iov_base = (char *)pSMB; 2038 2038 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4 - 2008 2008 + iov[0].iov_len = in_len - 2039 2009 (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); 2040 2010 iov[1].iov_base = (char *)buf; 2041 2011 iov[1].iov_len = (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); ··· 2060 2030 int rc = 0; 2061 2031 LOCK_REQ *pSMB = NULL; 2062 2032 /* LOCK_RSP *pSMBr = NULL; */ /* No response data other than rc to parse */ 2033 2033 + unsigned int in_len; 2063 2034 int bytes_returned; 2064 2064 - int flags = 0; 2035 2035 + int flags = CIFS_WINDOWS_LOCK | CIFS_INTERRUPTIBLE_WAIT; 2065 2036 __u16 count; 2066 2037 2067 2038 cifs_dbg(FYI, "CIFSSMBLock timeout %d numLock %d\n", 2068 2039 (int)waitFlag, numLock); 2069 2040 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB); 2070 2041 2071 2071 - if (rc) 2042 2042 + if (rc < 0) 2072 2043 return rc; 2044 2044 + in_len = rc; 2073 2045 2074 2046 if (lockType == LOCKING_ANDX_OPLOCK_RELEASE) { 2075 2047 /* no response expected */ ··· 2103 2071 /* oplock break */ 2104 2072 count = 0; 2105 2073 } 2106 2106 - inc_rfc1001_len(pSMB, count); 2074 2074 + in_len += count; 2107 2075 pSMB->ByteCount = cpu_to_le16(count); 2108 2076 2109 2077 if (waitFlag) 2110 2110 - rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, 2111 2111 - (struct smb_hdr *) pSMB, &bytes_returned); 2078 2078 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2079 2079 + (struct smb_hdr *) pSMB, &bytes_returned, 2080 2080 + flags); 2112 2081 else 2113 2113 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *)pSMB, flags); 2082 2082 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *)pSMB, in_len, flags); 2114 2083 cifs_small_buf_release(pSMB); 2115 2084 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 2116 2085 if (rc) ··· 2132 2099 struct smb_com_transaction2_sfi_req *pSMB = NULL; 2133 2100 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; 2134 2101 struct cifs_posix_lock *parm_data; 2102 2102 + unsigned int in_len; 2135 2103 int rc = 0; 2136 2136 - int timeout = 0; 2104 2104 + int sr_flags = CIFS_INTERRUPTIBLE_WAIT; 2137 2105 int bytes_returned = 0; 2138 2106 int resp_buf_type = 0; 2139 2107 __u16 params, param_offset, offset, byte_count, count; ··· 2144 2110 cifs_dbg(FYI, "Posix Lock\n"); 2145 2111 2146 2112 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 2147 2147 - 2148 2148 - if (rc) 2113 2113 + if (rc < 0) 2149 2114 return rc; 2115 2115 + in_len = rc; 2150 2116 2151 2117 pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB; 2152 2118 ··· 2155 2121 pSMB->Reserved = 0; 2156 2122 pSMB->Flags = 0; 2157 2123 pSMB->Reserved2 = 0; 2158 2158 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 2124 2124 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 2159 2125 offset = param_offset + params; 2160 2126 2161 2127 count = sizeof(struct cifs_posix_lock); ··· 2173 2139 pSMB->TotalDataCount = pSMB->DataCount; 2174 2140 pSMB->TotalParameterCount = pSMB->ParameterCount; 2175 2141 pSMB->ParameterOffset = cpu_to_le16(param_offset); 2176 2176 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2177 2177 - parm_data = (struct cifs_posix_lock *) 2178 2178 - (((char *)pSMB) + offset + 4); 2142 2142 + parm_data = (struct cifs_posix_lock *)(((char *)pSMB) + offset); 2179 2143 2180 2144 parm_data->lock_type = cpu_to_le16(lock_type); 2181 2145 if (waitFlag) { 2182 2182 - timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */ 2146 2146 + sr_flags |= CIFS_BLOCKING_OP; /* blocking operation, no timeout */ 2183 2147 parm_data->lock_flags = cpu_to_le16(1); 2184 2148 pSMB->Timeout = cpu_to_le32(-1); 2185 2149 } else ··· 2191 2159 pSMB->Fid = smb_file_id; 2192 2160 pSMB->InformationLevel = cpu_to_le16(SMB_SET_POSIX_LOCK); 2193 2161 pSMB->Reserved4 = 0; 2194 2194 - inc_rfc1001_len(pSMB, byte_count); 2162 2162 + in_len += byte_count; 2195 2163 pSMB->ByteCount = cpu_to_le16(byte_count); 2196 2164 if (waitFlag) { 2197 2197 - rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, 2198 2198 - (struct smb_hdr *) pSMBr, &bytes_returned); 2165 2165 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2166 2166 + (struct smb_hdr *) pSMBr, &bytes_returned, 2167 2167 + sr_flags); 2199 2168 } else { 2200 2169 iov[0].iov_base = (char *)pSMB; 2201 2201 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 2170 2170 + iov[0].iov_len = in_len; 2202 2171 rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */, 2203 2203 - &resp_buf_type, timeout, &rsp_iov); 2172 2172 + &resp_buf_type, sr_flags, &rsp_iov); 2204 2173 pSMBr = (struct smb_com_transaction2_sfi_rsp *)rsp_iov.iov_base; 2205 2174 } 2206 2175 cifs_small_buf_release(pSMB); ··· 2215 2182 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2216 2183 2217 2184 if (rc || get_bcc(&pSMBr->hdr) < sizeof(*parm_data)) { 2218 2218 - rc = -EIO; /* bad smb */ 2185 2185 + rc = smb_EIO2(smb_eio_trace_lock_bcc_too_small, 2186 2186 + get_bcc(&pSMBr->hdr), sizeof(*parm_data)); 2219 2187 goto plk_err_exit; 2220 2188 } 2221 2189 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 2222 2190 data_count = le16_to_cpu(pSMBr->t2.DataCount); 2223 2191 if (data_count < sizeof(struct cifs_posix_lock)) { 2224 2224 - rc = -EIO; 2192 2192 + rc = smb_EIO2(smb_eio_trace_lock_data_too_small, 2193 2193 + data_count, sizeof(struct cifs_posix_lock)); 2225 2194 goto plk_err_exit; 2226 2195 } 2227 2196 parm_data = (struct cifs_posix_lock *) ··· 2261 2226 { 2262 2227 int rc = 0; 2263 2228 CLOSE_REQ *pSMB = NULL; 2229 2229 + unsigned int in_len; 2230 2230 + 2264 2231 cifs_dbg(FYI, "In CIFSSMBClose\n"); 2265 2232 2266 2233 /* do not retry on dead session on close */ 2267 2234 rc = small_smb_init(SMB_COM_CLOSE, 3, tcon, (void **) &pSMB); 2268 2235 if (rc == -EAGAIN) 2269 2236 return 0; 2270 2270 - if (rc) 2237 2237 + if (rc < 0) 2271 2238 return rc; 2239 2239 + in_len = rc; 2272 2240 2273 2241 pSMB->FileID = (__u16) smb_file_id; 2274 2242 pSMB->LastWriteTime = 0xFFFFFFFF; 2275 2243 pSMB->ByteCount = 0; 2276 2276 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 2244 2244 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 2277 2245 cifs_small_buf_release(pSMB); 2278 2246 cifs_stats_inc(&tcon->stats.cifs_stats.num_closes); 2279 2247 if (rc) { ··· 2298 2260 { 2299 2261 int rc = 0; 2300 2262 FLUSH_REQ *pSMB = NULL; 2263 2263 + unsigned int in_len; 2264 2264 + 2301 2265 cifs_dbg(FYI, "In CIFSSMBFlush\n"); 2302 2266 2303 2267 rc = small_smb_init(SMB_COM_FLUSH, 1, tcon, (void **) &pSMB); 2304 2304 - if (rc) 2268 2268 + if (rc < 0) 2305 2269 return rc; 2270 2270 + in_len = rc; 2306 2271 2307 2272 pSMB->FileID = (__u16) smb_file_id; 2308 2273 pSMB->ByteCount = 0; 2309 2309 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 2274 2274 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 2310 2275 cifs_small_buf_release(pSMB); 2311 2276 cifs_stats_inc(&tcon->stats.cifs_stats.num_flushes); 2312 2277 if (rc) ··· 2326 2285 int rc = 0; 2327 2286 RENAME_REQ *pSMB = NULL; 2328 2287 RENAME_RSP *pSMBr = NULL; 2288 2288 + unsigned int in_len; 2329 2289 int bytes_returned; 2330 2290 int name_len, name_len2; 2331 2291 __u16 count; ··· 2336 2294 renameRetry: 2337 2295 rc = smb_init(SMB_COM_RENAME, 1, tcon, (void **) &pSMB, 2338 2296 (void **) &pSMBr); 2339 2339 - if (rc) 2297 2297 + if (rc < 0) 2340 2298 return rc; 2299 2299 + in_len = rc; 2341 2300 2342 2301 pSMB->BufferFormat = 0x04; 2343 2302 pSMB->SearchAttributes = ··· 2368 2325 } 2369 2326 2370 2327 count = 1 /* 1st signature byte */ + name_len + name_len2; 2371 2371 - inc_rfc1001_len(pSMB, count); 2328 2328 + in_len += count; 2372 2329 pSMB->ByteCount = cpu_to_le16(count); 2373 2330 2374 2374 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2331 2331 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2375 2332 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2376 2333 cifs_stats_inc(&tcon->stats.cifs_stats.num_renames); 2377 2334 if (rc) ··· 2392 2349 struct smb_com_transaction2_sfi_req *pSMB = NULL; 2393 2350 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; 2394 2351 struct set_file_rename *rename_info; 2352 2352 + unsigned int in_len; 2395 2353 char *data_offset; 2396 2354 char dummy_string[30]; 2397 2355 int rc = 0; ··· 2403 2359 cifs_dbg(FYI, "Rename to File by handle\n"); 2404 2360 rc = smb_init(SMB_COM_TRANSACTION2, 15, pTcon, (void **) &pSMB, 2405 2361 (void **) &pSMBr); 2406 2406 - if (rc) 2362 2362 + if (rc < 0) 2407 2363 return rc; 2364 2364 + in_len = rc; 2408 2365 2409 2366 params = 6; 2410 2367 pSMB->MaxSetupCount = 0; ··· 2413 2368 pSMB->Flags = 0; 2414 2369 pSMB->Timeout = 0; 2415 2370 pSMB->Reserved2 = 0; 2416 2416 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 2371 2371 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 2417 2372 offset = param_offset + params; 2418 2373 2419 2419 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2420 2420 - data_offset = (char *)(pSMB) + offset + 4; 2374 2374 + data_offset = (char *)(pSMB) + offset; 2421 2375 rename_info = (struct set_file_rename *) data_offset; 2422 2376 pSMB->MaxParameterCount = cpu_to_le16(2); 2423 2377 pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */ ··· 2452 2408 pSMB->InformationLevel = 2453 2409 cpu_to_le16(SMB_SET_FILE_RENAME_INFORMATION); 2454 2410 pSMB->Reserved4 = 0; 2455 2455 - inc_rfc1001_len(pSMB, byte_count); 2411 2411 + in_len += byte_count; 2456 2412 pSMB->ByteCount = cpu_to_le16(byte_count); 2457 2457 - rc = SendReceive(xid, pTcon->ses, (struct smb_hdr *) pSMB, 2413 2413 + rc = SendReceive(xid, pTcon->ses, (struct smb_hdr *) pSMB, in_len, 2458 2414 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2459 2415 cifs_stats_inc(&pTcon->stats.cifs_stats.num_t2renames); 2460 2416 if (rc) ··· 2476 2432 { 2477 2433 TRANSACTION2_SPI_REQ *pSMB = NULL; 2478 2434 TRANSACTION2_SPI_RSP *pSMBr = NULL; 2435 2435 + unsigned int in_len; 2479 2436 char *data_offset; 2480 2437 int name_len; 2481 2438 int name_len_target; ··· 2488 2443 createSymLinkRetry: 2489 2444 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2490 2445 (void **) &pSMBr); 2491 2491 - if (rc) 2446 2446 + if (rc < 0) 2492 2447 return rc; 2448 2448 + in_len = rc; 2493 2449 2494 2450 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2495 2451 name_len = ··· 2510 2464 pSMB->Timeout = 0; 2511 2465 pSMB->Reserved2 = 0; 2512 2466 param_offset = offsetof(struct smb_com_transaction2_spi_req, 2513 2513 - InformationLevel) - 4; 2467 2467 + InformationLevel); 2514 2468 offset = param_offset + params; 2515 2469 2516 2516 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2517 2517 - data_offset = (char *)pSMB + offset + 4; 2470 2470 + data_offset = (char *)pSMB + offset; 2518 2471 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2519 2472 name_len_target = 2520 2473 cifsConvertToUTF16((__le16 *) data_offset, toName, ··· 2540 2495 pSMB->DataOffset = cpu_to_le16(offset); 2541 2496 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_LINK); 2542 2497 pSMB->Reserved4 = 0; 2543 2543 - inc_rfc1001_len(pSMB, byte_count); 2498 2498 + in_len += byte_count; 2544 2499 pSMB->ByteCount = cpu_to_le16(byte_count); 2545 2545 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2500 2500 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2546 2501 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2547 2502 cifs_stats_inc(&tcon->stats.cifs_stats.num_symlinks); 2548 2503 if (rc) ··· 2564 2519 { 2565 2520 TRANSACTION2_SPI_REQ *pSMB = NULL; 2566 2521 TRANSACTION2_SPI_RSP *pSMBr = NULL; 2522 2522 + unsigned int in_len; 2567 2523 char *data_offset; 2568 2524 int name_len; 2569 2525 int name_len_target; ··· 2576 2530 createHardLinkRetry: 2577 2531 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2578 2532 (void **) &pSMBr); 2579 2579 - if (rc) 2533 2533 + if (rc < 0) 2580 2534 return rc; 2535 2535 + in_len = rc; 2581 2536 2582 2537 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2583 2538 name_len = cifsConvertToUTF16((__le16 *) pSMB->FileName, toName, ··· 2596 2549 pSMB->Timeout = 0; 2597 2550 pSMB->Reserved2 = 0; 2598 2551 param_offset = offsetof(struct smb_com_transaction2_spi_req, 2599 2599 - InformationLevel) - 4; 2552 2552 + InformationLevel); 2600 2553 offset = param_offset + params; 2601 2554 2602 2602 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2603 2603 - data_offset = (char *)pSMB + offset + 4; 2555 2555 + data_offset = (char *)pSMB + offset; 2604 2556 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2605 2557 name_len_target = 2606 2558 cifsConvertToUTF16((__le16 *) data_offset, fromName, ··· 2625 2579 pSMB->DataOffset = cpu_to_le16(offset); 2626 2580 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_HLINK); 2627 2581 pSMB->Reserved4 = 0; 2628 2628 - inc_rfc1001_len(pSMB, byte_count); 2582 2582 + in_len += byte_count; 2629 2583 pSMB->ByteCount = cpu_to_le16(byte_count); 2630 2630 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2584 2584 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2631 2585 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2632 2586 cifs_stats_inc(&tcon->stats.cifs_stats.num_hardlinks); 2633 2587 if (rc) ··· 2650 2604 int rc = 0; 2651 2605 NT_RENAME_REQ *pSMB = NULL; 2652 2606 RENAME_RSP *pSMBr = NULL; 2607 2607 + unsigned int in_len; 2653 2608 int bytes_returned; 2654 2609 int name_len, name_len2; 2655 2610 __u16 count; ··· 2661 2614 2662 2615 rc = smb_init(SMB_COM_NT_RENAME, 4, tcon, (void **) &pSMB, 2663 2616 (void **) &pSMBr); 2664 2664 - if (rc) 2617 2617 + if (rc < 0) 2665 2618 return rc; 2619 2619 + in_len = rc; 2666 2620 2667 2621 pSMB->SearchAttributes = 2668 2622 cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM | ··· 2697 2649 } 2698 2650 2699 2651 count = 1 /* string type byte */ + name_len + name_len2; 2700 2700 - inc_rfc1001_len(pSMB, count); 2652 2652 + in_len += count; 2701 2653 pSMB->ByteCount = cpu_to_le16(count); 2702 2654 2703 2703 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2655 2655 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2704 2656 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2705 2657 cifs_stats_inc(&tcon->stats.cifs_stats.num_hardlinks); 2706 2658 if (rc) ··· 2721 2673 /* SMB_QUERY_FILE_UNIX_LINK */ 2722 2674 TRANSACTION2_QPI_REQ *pSMB = NULL; 2723 2675 TRANSACTION2_QPI_RSP *pSMBr = NULL; 2676 2676 + unsigned int in_len; 2724 2677 int rc = 0; 2725 2678 int bytes_returned; 2726 2679 int name_len; ··· 2733 2684 querySymLinkRetry: 2734 2685 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2735 2686 (void **) &pSMBr); 2736 2736 - if (rc) 2687 2687 + if (rc < 0) 2737 2688 return rc; 2689 2689 + in_len = rc; 2738 2690 2739 2691 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2740 2692 name_len = ··· 2758 2708 pSMB->Timeout = 0; 2759 2709 pSMB->Reserved2 = 0; 2760 2710 pSMB->ParameterOffset = cpu_to_le16(offsetof( 2761 2761 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 2711 2711 + struct smb_com_transaction2_qpi_req, InformationLevel)); 2762 2712 pSMB->DataCount = 0; 2763 2713 pSMB->DataOffset = 0; 2764 2714 pSMB->SetupCount = 1; ··· 2769 2719 pSMB->ParameterCount = pSMB->TotalParameterCount; 2770 2720 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_LINK); 2771 2721 pSMB->Reserved4 = 0; 2772 2772 - inc_rfc1001_len(pSMB, byte_count); 2722 2722 + in_len += byte_count; 2773 2723 pSMB->ByteCount = cpu_to_le16(byte_count); 2774 2724 2775 2775 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2725 2725 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2776 2726 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2777 2727 if (rc) { 2778 2728 cifs_dbg(FYI, "Send error in QuerySymLinkInfo = %d\n", rc); ··· 2782 2732 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2783 2733 /* BB also check enough total bytes returned */ 2784 2734 if (rc || get_bcc(&pSMBr->hdr) < 2) 2785 2785 - rc = -EIO; 2735 2735 + rc = smb_EIO2(smb_eio_trace_qsym_bcc_too_small, 2736 2736 + get_bcc(&pSMBr->hdr), 2); 2786 2737 else { 2787 2738 bool is_unicode; 2788 2739 u16 count = le16_to_cpu(pSMBr->t2.DataCount); ··· 2821 2770 TRANSACT_IOCTL_REQ *io_req = NULL; 2822 2771 TRANSACT_IOCTL_RSP *io_rsp = NULL; 2823 2772 struct cifs_fid fid; 2773 2773 + unsigned int in_len; 2824 2774 __u32 data_offset, data_count, len; 2825 2775 __u8 *start, *end; 2826 2776 int io_rsp_len; ··· 2853 2801 2854 2802 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, 2855 2803 (void **)&io_req, (void **)&io_rsp); 2856 2856 - if (rc) 2804 2804 + if (rc < 0) 2857 2805 goto error; 2806 2806 + in_len = rc; 2858 2807 2859 2808 io_req->TotalParameterCount = 0; 2860 2809 io_req->TotalDataCount = 0; ··· 2876 2823 io_req->Fid = fid.netfid; 2877 2824 io_req->ByteCount = 0; 2878 2825 2879 2879 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)io_req, 2826 2826 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)io_req, in_len, 2880 2827 (struct smb_hdr *)io_rsp, &io_rsp_len, 0); 2881 2828 if (rc) 2882 2829 goto error; ··· 2885 2832 data_count = le32_to_cpu(io_rsp->DataCount); 2886 2833 if (get_bcc(&io_rsp->hdr) < 2 || data_offset > 512 || 2887 2834 !data_count || data_count > 2048) { 2888 2888 - rc = -EIO; 2835 2835 + rc = smb_EIO2(smb_eio_trace_qreparse_sizes_wrong, 2836 2836 + get_bcc(&io_rsp->hdr), data_count); 2889 2837 goto error; 2890 2838 } 2891 2839 2892 2840 /* SetupCount must be 1, otherwise offset to ByteCount is incorrect. */ 2893 2841 if (io_rsp->SetupCount != 1) { 2894 2894 - rc = -EIO; 2842 2842 + rc = smb_EIO2(smb_eio_trace_qreparse_setup_count, 2843 2843 + io_rsp->SetupCount, 1); 2895 2844 goto error; 2896 2845 } 2897 2846 ··· 2903 2848 * Check that we have full FSCTL_GET_REPARSE_POINT buffer. 2904 2849 */ 2905 2850 if (data_count != le16_to_cpu(io_rsp->ReturnedDataLen)) { 2906 2906 - rc = -EIO; 2851 2851 + rc = smb_EIO2(smb_eio_trace_qreparse_ret_datalen, 2852 2852 + data_count, le16_to_cpu(io_rsp->ReturnedDataLen)); 2907 2853 goto error; 2908 2854 } 2909 2855 2910 2856 end = 2 + get_bcc(&io_rsp->hdr) + (__u8 *)&io_rsp->ByteCount; 2911 2857 start = (__u8 *)&io_rsp->hdr.Protocol + data_offset; 2912 2858 if (start >= end) { 2913 2913 - rc = -EIO; 2859 2859 + rc = smb_EIO2(smb_eio_trace_qreparse_data_area, 2860 2860 + (unsigned long)start - (unsigned long)io_rsp, 2861 2861 + (unsigned long)end - (unsigned long)io_rsp); 2914 2862 goto error; 2915 2863 } 2916 2864 ··· 2922 2864 len = sizeof(*buf); 2923 2865 if (data_count < len || 2924 2866 data_count < le16_to_cpu(buf->ReparseDataLength) + len) { 2925 2925 - rc = -EIO; 2867 2867 + rc = smb_EIO2(smb_eio_trace_qreparse_rep_datalen, 2868 2868 + data_count, le16_to_cpu(buf->ReparseDataLength) + len); 2926 2869 goto error; 2927 2870 } 2928 2871 ··· 2956 2897 struct kvec in_iov[2]; 2957 2898 struct kvec out_iov; 2958 2899 struct cifs_fid fid; 2959 2959 - int io_req_len; 2900 2900 + unsigned int in_len; 2960 2901 int oplock = 0; 2961 2902 int buf_type = 0; 2962 2903 int rc; ··· 3012 2953 #endif 3013 2954 3014 2955 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, (void **)&io_req, NULL); 3015 3015 - if (rc) 2956 2956 + if (rc < 0) 3016 2957 goto out_close; 3017 3017 - 3018 3018 - inc_rfc1001_len(io_req, sizeof(io_req->Pad)); 3019 3019 - 3020 3020 - io_req_len = be32_to_cpu(io_req->hdr.smb_buf_length) + sizeof(io_req->hdr.smb_buf_length); 2958 2958 + in_len = rc; 2959 2959 + in_len += sizeof(io_req->Pad); 3021 2960 3022 2961 /* NT IOCTL response contains one-word long output setup buffer with size of output data. */ 3023 2962 io_req->MaxSetupCount = 1; ··· 3029 2972 io_req->ParameterCount = io_req->TotalParameterCount; 3030 2973 io_req->ParameterOffset = cpu_to_le32(0); 3031 2974 io_req->DataCount = io_req->TotalDataCount; 3032 3032 - io_req->DataOffset = cpu_to_le32(offsetof(typeof(*io_req), Data) - 3033 3033 - sizeof(io_req->hdr.smb_buf_length)); 2975 2975 + io_req->DataOffset = cpu_to_le32(offsetof(typeof(*io_req), Data)); 3034 2976 io_req->SetupCount = 4; 3035 2977 io_req->SubCommand = cpu_to_le16(NT_TRANSACT_IOCTL); 3036 2978 io_req->FunctionCode = cpu_to_le32(FSCTL_SET_REPARSE_POINT); ··· 3038 2982 io_req->IsRootFlag = 0; 3039 2983 io_req->ByteCount = cpu_to_le16(le32_to_cpu(io_req->DataCount) + sizeof(io_req->Pad)); 3040 2984 3041 3041 - inc_rfc1001_len(io_req, reparse_iov->iov_len); 3042 3042 - 3043 2985 in_iov[0].iov_base = (char *)io_req; 3044 3044 - in_iov[0].iov_len = io_req_len; 2986 2986 + in_iov[0].iov_len = in_len; 3045 2987 in_iov[1] = *reparse_iov; 3046 2988 rc = SendReceive2(xid, tcon->ses, in_iov, ARRAY_SIZE(in_iov), &buf_type, 3047 2989 CIFS_NO_RSP_BUF, &out_iov); ··· 3071 3017 int bytes_returned; 3072 3018 struct smb_com_transaction_compr_ioctl_req *pSMB; 3073 3019 struct smb_com_transaction_ioctl_rsp *pSMBr; 3020 3020 + unsigned int in_len; 3074 3021 3075 3022 cifs_dbg(FYI, "Set compression for %u\n", fid); 3076 3023 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, (void **) &pSMB, 3077 3024 (void **) &pSMBr); 3078 3078 - if (rc) 3025 3025 + if (rc < 0) 3079 3026 return rc; 3027 3027 + in_len = rc; 3080 3028 3081 3029 pSMB->compression_state = cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 3082 3030 ··· 3092 3036 pSMB->DataCount = cpu_to_le32(2); 3093 3037 pSMB->DataOffset = 3094 3038 cpu_to_le32(offsetof(struct smb_com_transaction_compr_ioctl_req, 3095 3095 - compression_state) - 4); /* 84 */ 3039 3039 + compression_state)); /* 84 */ 3096 3040 pSMB->SetupCount = 4; 3097 3041 pSMB->SubCommand = cpu_to_le16(NT_TRANSACT_IOCTL); 3098 3042 pSMB->ParameterCount = 0; ··· 3102 3046 pSMB->Fid = fid; /* file handle always le */ 3103 3047 /* 3 byte pad, followed by 2 byte compress state */ 3104 3048 pSMB->ByteCount = cpu_to_le16(5); 3105 3105 - inc_rfc1001_len(pSMB, 5); 3049 3049 + in_len += 5; 3106 3050 3107 3107 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3051 3051 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3108 3052 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3109 3053 if (rc) 3110 3054 cifs_dbg(FYI, "Send error in SetCompression = %d\n", rc); ··· 3302 3246 /* SMB_QUERY_POSIX_ACL */ 3303 3247 TRANSACTION2_QPI_REQ *pSMB = NULL; 3304 3248 TRANSACTION2_QPI_RSP *pSMBr = NULL; 3249 3249 + unsigned int in_len; 3305 3250 int rc = 0; 3306 3251 int bytes_returned; 3307 3252 int name_len; ··· 3313 3256 queryAclRetry: 3314 3257 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3315 3258 (void **) &pSMBr); 3316 3316 - if (rc) 3259 3259 + if (rc < 0) 3317 3260 return rc; 3261 3261 + in_len = rc; 3318 3262 3319 3263 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3320 3264 name_len = ··· 3342 3284 pSMB->Reserved2 = 0; 3343 3285 pSMB->ParameterOffset = cpu_to_le16( 3344 3286 offsetof(struct smb_com_transaction2_qpi_req, 3345 3345 - InformationLevel) - 4); 3287 3287 + InformationLevel)); 3346 3288 pSMB->DataCount = 0; 3347 3289 pSMB->DataOffset = 0; 3348 3290 pSMB->SetupCount = 1; ··· 3353 3295 pSMB->ParameterCount = pSMB->TotalParameterCount; 3354 3296 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_POSIX_ACL); 3355 3297 pSMB->Reserved4 = 0; 3356 3356 - inc_rfc1001_len(pSMB, byte_count); 3298 3298 + in_len += byte_count; 3357 3299 pSMB->ByteCount = cpu_to_le16(byte_count); 3358 3300 3359 3359 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3301 3301 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3360 3302 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3361 3303 cifs_stats_inc(&tcon->stats.cifs_stats.num_acl_get); 3362 3304 if (rc) { ··· 3367 3309 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 3368 3310 /* BB also check enough total bytes returned */ 3369 3311 if (rc || get_bcc(&pSMBr->hdr) < 2) 3370 3370 - rc = -EIO; /* bad smb */ 3312 3312 + rc = smb_EIO2(smb_eio_trace_getacl_bcc_too_small, 3313 3313 + get_bcc(&pSMBr->hdr), 2); 3371 3314 else { 3372 3315 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 3373 3316 __u16 count = le16_to_cpu(pSMBr->t2.DataCount); ··· 3395 3336 { 3396 3337 struct smb_com_transaction2_spi_req *pSMB = NULL; 3397 3338 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 3339 3339 + unsigned int in_len; 3398 3340 char *parm_data; 3399 3341 int name_len; 3400 3342 int rc = 0; ··· 3406 3346 setAclRetry: 3407 3347 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3408 3348 (void **) &pSMBr); 3409 3409 - if (rc) 3349 3349 + if (rc < 0) 3410 3350 return rc; 3351 3351 + in_len = rc; 3411 3352 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3412 3353 name_len = 3413 3354 cifsConvertToUTF16((__le16 *) pSMB->FileName, fileName, ··· 3428 3367 pSMB->Timeout = 0; 3429 3368 pSMB->Reserved2 = 0; 3430 3369 param_offset = offsetof(struct smb_com_transaction2_spi_req, 3431 3431 - InformationLevel) - 4; 3370 3370 + InformationLevel); 3432 3371 offset = param_offset + params; 3433 3433 - parm_data = ((char *)pSMB) + sizeof(pSMB->hdr.smb_buf_length) + offset; 3372 3372 + parm_data = ((char *)pSMB) + offset; 3434 3373 pSMB->ParameterOffset = cpu_to_le16(param_offset); 3435 3374 3436 3375 /* convert to on the wire format for POSIX ACL */ ··· 3451 3390 pSMB->ParameterCount = cpu_to_le16(params); 3452 3391 pSMB->TotalParameterCount = pSMB->ParameterCount; 3453 3392 pSMB->Reserved4 = 0; 3454 3454 - inc_rfc1001_len(pSMB, byte_count); 3393 3393 + in_len += byte_count; 3455 3394 pSMB->ByteCount = cpu_to_le16(byte_count); 3456 3456 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3395 3395 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3457 3396 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3458 3397 if (rc) 3459 3398 cifs_dbg(FYI, "Set POSIX ACL returned %d\n", rc); ··· 3489 3428 int rc = 0; 3490 3429 struct smb_t2_qfi_req *pSMB = NULL; 3491 3430 struct smb_t2_qfi_rsp *pSMBr = NULL; 3431 3431 + unsigned int in_len; 3492 3432 int bytes_returned; 3493 3433 __u16 params, byte_count; 3494 3434 ··· 3500 3438 GetExtAttrRetry: 3501 3439 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3502 3440 (void **) &pSMBr); 3503 3503 - if (rc) 3441 3441 + if (rc < 0) 3504 3442 return rc; 3443 3443 + in_len = rc; 3505 3444 3506 3445 params = 2 /* level */ + 2 /* fid */; 3507 3446 pSMB->t2.TotalDataCount = 0; ··· 3515 3452 pSMB->t2.Timeout = 0; 3516 3453 pSMB->t2.Reserved2 = 0; 3517 3454 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 3518 3518 - Fid) - 4); 3455 3455 + Fid)); 3519 3456 pSMB->t2.DataCount = 0; 3520 3457 pSMB->t2.DataOffset = 0; 3521 3458 pSMB->t2.SetupCount = 1; ··· 3527 3464 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_ATTR_FLAGS); 3528 3465 pSMB->Pad = 0; 3529 3466 pSMB->Fid = netfid; 3530 3530 - inc_rfc1001_len(pSMB, byte_count); 3467 3467 + in_len += byte_count; 3531 3468 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 3532 3469 3533 3533 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3470 3470 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3534 3471 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3535 3472 if (rc) { 3536 3473 cifs_dbg(FYI, "error %d in GetExtAttr\n", rc); ··· 3541 3478 if (rc || get_bcc(&pSMBr->hdr) < 2) 3542 3479 /* If rc should we check for EOPNOSUPP and 3543 3480 disable the srvino flag? or in caller? */ 3544 3544 - rc = -EIO; /* bad smb */ 3481 3481 + rc = smb_EIO2(smb_eio_trace_getextattr_bcc_too_small, 3482 3482 + get_bcc(&pSMBr->hdr), 2); 3545 3483 else { 3546 3484 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 3547 3485 __u16 count = le16_to_cpu(pSMBr->t2.DataCount); ··· 3550 3486 3551 3487 if (count != 16) { 3552 3488 cifs_dbg(FYI, "Invalid size ret in GetExtAttr\n"); 3553 3553 - rc = -EIO; 3489 3489 + rc = smb_EIO2(smb_eio_trace_getextattr_inv_size, 3490 3490 + count, 16); 3554 3491 goto GetExtAttrOut; 3555 3492 } 3556 3493 pfinfo = (struct file_chattr_info *) ··· 3585 3520 int rc; 3586 3521 __u32 temp_offset; 3587 3522 struct smb_com_ntransact_req *pSMB; 3523 3523 + unsigned int in_len; 3588 3524 3589 3525 rc = small_smb_init(SMB_COM_NT_TRANSACT, 19 + setup_count, tcon, 3590 3526 (void **)&pSMB); 3591 3591 - if (rc) 3527 3527 + if (rc < 0) 3592 3528 return rc; 3529 3529 + in_len = rc; 3593 3530 *ret_buf = (void *)pSMB; 3594 3531 pSMB->Reserved = 0; 3595 3532 pSMB->TotalParameterCount = cpu_to_le32(parm_len); ··· 3600 3533 pSMB->ParameterCount = pSMB->TotalParameterCount; 3601 3534 pSMB->DataCount = pSMB->TotalDataCount; 3602 3535 temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + 3603 3603 - (setup_count * 2) - 4 /* for rfc1001 length itself */; 3536 3536 + (setup_count * 2); 3604 3537 pSMB->ParameterOffset = cpu_to_le32(temp_offset); 3605 3538 pSMB->DataOffset = cpu_to_le32(temp_offset + parm_len); 3606 3539 pSMB->SetupCount = setup_count; /* no need to le convert byte fields */ 3607 3540 pSMB->SubCommand = cpu_to_le16(sub_command); 3608 3608 - return 0; 3541 3541 + return in_len; 3609 3542 } 3610 3543 3611 3544 static int ··· 3671 3604 QUERY_SEC_DESC_REQ *pSMB; 3672 3605 struct kvec iov[1]; 3673 3606 struct kvec rsp_iov; 3607 3607 + unsigned int in_len; 3674 3608 3675 3609 cifs_dbg(FYI, "GetCifsACL\n"); 3676 3610 ··· 3680 3612 3681 3613 rc = smb_init_nttransact(NT_TRANSACT_QUERY_SECURITY_DESC, 0, 3682 3614 8 /* parm len */, tcon, (void **) &pSMB); 3683 3683 - if (rc) 3615 3615 + if (rc < 0) 3684 3616 return rc; 3617 3617 + in_len = rc; 3685 3618 3686 3619 pSMB->MaxParameterCount = cpu_to_le32(4); 3687 3620 /* BB TEST with big acls that might need to be e.g. larger than 16K */ ··· 3690 3621 pSMB->Fid = fid; /* file handle always le */ 3691 3622 pSMB->AclFlags = cpu_to_le32(info); 3692 3623 pSMB->ByteCount = cpu_to_le16(11); /* 3 bytes pad + 8 bytes parm */ 3693 3693 - inc_rfc1001_len(pSMB, 11); 3624 3624 + in_len += 11; 3694 3625 iov[0].iov_base = (char *)pSMB; 3695 3695 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 3626 3626 + iov[0].iov_len = in_len; 3696 3627 3697 3628 rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, 3698 3629 0, &rsp_iov); ··· 3718 3649 pSMBr, parm, *acl_inf); 3719 3650 3720 3651 if (le32_to_cpu(pSMBr->ParameterCount) != 4) { 3721 3721 - rc = -EIO; /* bad smb */ 3652 3652 + rc = smb_EIO2(smb_eio_trace_getcifsacl_param_count, 3653 3653 + le32_to_cpu(pSMBr->ParameterCount), 4); 3722 3654 *pbuflen = 0; 3723 3655 goto qsec_out; 3724 3656 } ··· 3762 3692 int rc = 0; 3763 3693 int bytes_returned = 0; 3764 3694 SET_SEC_DESC_REQ *pSMB = NULL; 3695 3695 + unsigned int in_len; 3765 3696 void *pSMBr; 3766 3697 3767 3698 setCifsAclRetry: 3768 3699 rc = smb_init(SMB_COM_NT_TRANSACT, 19, tcon, (void **) &pSMB, &pSMBr); 3769 3769 - if (rc) 3700 3700 + if (rc < 0) 3770 3701 return rc; 3702 3702 + in_len = rc; 3771 3703 3772 3704 pSMB->MaxSetupCount = 0; 3773 3705 pSMB->Reserved = 0; 3774 3706 3775 3707 param_count = 8; 3776 3776 - param_offset = offsetof(struct smb_com_transaction_ssec_req, Fid) - 4; 3708 3708 + param_offset = offsetof(struct smb_com_transaction_ssec_req, Fid); 3777 3709 data_count = acllen; 3778 3710 data_offset = param_offset + param_count; 3779 3711 byte_count = 3 /* pad */ + param_count; ··· 3797 3725 pSMB->AclFlags = cpu_to_le32(aclflag); 3798 3726 3799 3727 if (pntsd && acllen) { 3800 3800 - memcpy((char *)pSMBr + offsetof(struct smb_hdr, Protocol) + 3801 3801 - data_offset, pntsd, acllen); 3802 3802 - inc_rfc1001_len(pSMB, byte_count + data_count); 3728 3728 + memcpy((char *)pSMBr + data_offset, pntsd, acllen); 3729 3729 + in_len += byte_count + data_count; 3803 3730 } else 3804 3804 - inc_rfc1001_len(pSMB, byte_count); 3731 3731 + in_len += byte_count; 3805 3732 3806 3806 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3733 3733 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3807 3734 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3808 3735 3809 3736 cifs_dbg(FYI, "SetCIFSACL bytes_returned: %d, rc: %d\n", ··· 3827 3756 { 3828 3757 QUERY_INFORMATION_REQ *pSMB; 3829 3758 QUERY_INFORMATION_RSP *pSMBr; 3759 3759 + unsigned int in_len; 3830 3760 int rc = 0; 3831 3761 int bytes_returned; 3832 3762 int name_len; ··· 3836 3764 QInfRetry: 3837 3765 rc = smb_init(SMB_COM_QUERY_INFORMATION, 0, tcon, (void **) &pSMB, 3838 3766 (void **) &pSMBr); 3839 3839 - if (rc) 3767 3767 + if (rc < 0) 3840 3768 return rc; 3769 3769 + in_len = rc; 3841 3770 3842 3771 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3843 3772 name_len = ··· 3852 3779 } 3853 3780 pSMB->BufferFormat = 0x04; 3854 3781 name_len++; /* account for buffer type byte */ 3855 3855 - inc_rfc1001_len(pSMB, (__u16)name_len); 3782 3782 + in_len += name_len; 3856 3783 pSMB->ByteCount = cpu_to_le16(name_len); 3857 3784 3858 3858 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3785 3785 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3859 3786 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3860 3787 if (rc) { 3861 3788 cifs_dbg(FYI, "Send error in QueryInfo = %d\n", rc); ··· 3877 3804 data->EndOfFile = data->AllocationSize; 3878 3805 data->Attributes = 3879 3806 cpu_to_le32(le16_to_cpu(pSMBr->attr)); 3880 3880 - } else 3881 3881 - rc = -EIO; /* bad buffer passed in */ 3807 3807 + } else { 3808 3808 + /* bad buffer passed in */ 3809 3809 + rc = smb_EIO(smb_eio_trace_null_pointers); 3810 3810 + } 3882 3811 3883 3812 cifs_buf_release(pSMB); 3884 3813 ··· 3896 3821 { 3897 3822 struct smb_t2_qfi_req *pSMB = NULL; 3898 3823 struct smb_t2_qfi_rsp *pSMBr = NULL; 3824 3824 + unsigned int in_len; 3899 3825 int rc = 0; 3900 3826 int bytes_returned; 3901 3827 __u16 params, byte_count; ··· 3904 3828 QFileInfoRetry: 3905 3829 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3906 3830 (void **) &pSMBr); 3907 3907 - if (rc) 3831 3831 + if (rc < 0) 3908 3832 return rc; 3833 3833 + in_len = rc; 3909 3834 3910 3835 params = 2 /* level */ + 2 /* fid */; 3911 3836 pSMB->t2.TotalDataCount = 0; ··· 3919 3842 pSMB->t2.Timeout = 0; 3920 3843 pSMB->t2.Reserved2 = 0; 3921 3844 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 3922 3922 - Fid) - 4); 3845 3845 + Fid)); 3923 3846 pSMB->t2.DataCount = 0; 3924 3847 pSMB->t2.DataOffset = 0; 3925 3848 pSMB->t2.SetupCount = 1; ··· 3931 3854 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_ALL_INFO); 3932 3855 pSMB->Pad = 0; 3933 3856 pSMB->Fid = netfid; 3934 3934 - inc_rfc1001_len(pSMB, byte_count); 3857 3857 + in_len += byte_count; 3935 3858 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 3936 3859 3937 3937 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3860 3860 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3938 3861 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3939 3862 if (rc) { 3940 3863 cifs_dbg(FYI, "Send error in QFileInfo = %d\n", rc); ··· 3942 3865 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 3943 3866 3944 3867 if (rc) /* BB add auto retry on EOPNOTSUPP? */ 3945 3945 - rc = -EIO; 3868 3868 + rc = smb_EIO2(smb_eio_trace_qfileinfo_invalid, 3869 3869 + get_bcc(&pSMBr->hdr), 40); 3946 3870 else if (get_bcc(&pSMBr->hdr) < 40) 3947 3947 - rc = -EIO; /* bad smb */ 3871 3871 + rc = smb_EIO2(smb_eio_trace_qfileinfo_bcc_too_small, 3872 3872 + get_bcc(&pSMBr->hdr), 40); 3948 3873 else if (pFindData) { 3949 3874 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 3950 3875 memcpy((char *) pFindData, ··· 3971 3892 /* level 263 SMB_QUERY_FILE_ALL_INFO */ 3972 3893 TRANSACTION2_QPI_REQ *pSMB = NULL; 3973 3894 TRANSACTION2_QPI_RSP *pSMBr = NULL; 3895 3895 + unsigned int in_len; 3974 3896 int rc = 0; 3975 3897 int bytes_returned; 3976 3898 int name_len; ··· 3981 3901 QPathInfoRetry: 3982 3902 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3983 3903 (void **) &pSMBr); 3984 3984 - if (rc) 3904 3904 + if (rc < 0) 3985 3905 return rc; 3906 3906 + in_len = rc; 3986 3907 3987 3908 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3988 3909 name_len = ··· 4006 3925 pSMB->Timeout = 0; 4007 3926 pSMB->Reserved2 = 0; 4008 3927 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4009 4009 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 3928 3928 + struct smb_com_transaction2_qpi_req, InformationLevel)); 4010 3929 pSMB->DataCount = 0; 4011 3930 pSMB->DataOffset = 0; 4012 3931 pSMB->SetupCount = 1; ··· 4020 3939 else 4021 3940 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_ALL_INFO); 4022 3941 pSMB->Reserved4 = 0; 4023 4023 - inc_rfc1001_len(pSMB, byte_count); 3942 3942 + in_len += byte_count; 4024 3943 pSMB->ByteCount = cpu_to_le16(byte_count); 4025 3944 4026 4026 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3945 3945 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4027 3946 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4028 3947 if (rc) { 4029 3948 cifs_dbg(FYI, "Send error in QPathInfo = %d\n", rc); ··· 4031 3950 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4032 3951 4033 3952 if (rc) /* BB add auto retry on EOPNOTSUPP? */ 4034 4034 - rc = -EIO; 3953 3953 + rc = smb_EIO2(smb_eio_trace_qpathinfo_invalid, 3954 3954 + get_bcc(&pSMBr->hdr), 40); 4035 3955 else if (!legacy && get_bcc(&pSMBr->hdr) < 40) 4036 4036 - rc = -EIO; /* bad smb */ 3956 3956 + rc = smb_EIO2(smb_eio_trace_qpathinfo_bcc_too_small, 3957 3957 + get_bcc(&pSMBr->hdr), 40); 4037 3958 else if (legacy && get_bcc(&pSMBr->hdr) < 24) 4038 4038 - rc = -EIO; /* 24 or 26 expected but we do not read 4039 4039 - last field */ 3959 3959 + /* 24 or 26 expected but we do not read last field */ 3960 3960 + rc = smb_EIO2(smb_eio_trace_qpathinfo_bcc_too_small, 3961 3961 + get_bcc(&pSMBr->hdr), 24); 4040 3962 else if (data) { 4041 3963 int size; 4042 3964 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); ··· 4072 3988 { 4073 3989 struct smb_t2_qfi_req *pSMB = NULL; 4074 3990 struct smb_t2_qfi_rsp *pSMBr = NULL; 3991 3991 + unsigned int in_len; 4075 3992 int rc = 0; 4076 3993 int bytes_returned; 4077 3994 __u16 params, byte_count; ··· 4080 3995 UnixQFileInfoRetry: 4081 3996 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4082 3997 (void **) &pSMBr); 4083 4083 - if (rc) 3998 3998 + if (rc < 0) 4084 3999 return rc; 4000 4000 + in_len = rc; 4085 4001 4086 4002 params = 2 /* level */ + 2 /* fid */; 4087 4003 pSMB->t2.TotalDataCount = 0; ··· 4095 4009 pSMB->t2.Timeout = 0; 4096 4010 pSMB->t2.Reserved2 = 0; 4097 4011 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 4098 4098 - Fid) - 4); 4012 4012 + Fid)); 4099 4013 pSMB->t2.DataCount = 0; 4100 4014 pSMB->t2.DataOffset = 0; 4101 4015 pSMB->t2.SetupCount = 1; ··· 4107 4021 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 4108 4022 pSMB->Pad = 0; 4109 4023 pSMB->Fid = netfid; 4110 4110 - inc_rfc1001_len(pSMB, byte_count); 4024 4024 + in_len += byte_count; 4111 4025 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 4112 4026 4113 4113 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4027 4027 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4114 4028 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4115 4029 if (rc) { 4116 4030 cifs_dbg(FYI, "Send error in UnixQFileInfo = %d\n", rc); ··· 4119 4033 4120 4034 if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) { 4121 4035 cifs_dbg(VFS, "Malformed FILE_UNIX_BASIC_INFO response. Unix Extensions can be disabled on mount by specifying the nosfu mount option.\n"); 4122 4122 - rc = -EIO; /* bad smb */ 4036 4036 + rc = smb_EIO2(smb_eio_trace_unixqfileinfo_bcc_too_small, 4037 4037 + get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO)); 4123 4038 } else { 4124 4039 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4125 4040 memcpy((char *) pFindData, ··· 4146 4059 /* SMB_QUERY_FILE_UNIX_BASIC */ 4147 4060 TRANSACTION2_QPI_REQ *pSMB = NULL; 4148 4061 TRANSACTION2_QPI_RSP *pSMBr = NULL; 4062 4062 + unsigned int in_len; 4149 4063 int rc = 0; 4150 4064 int bytes_returned = 0; 4151 4065 int name_len; ··· 4156 4068 UnixQPathInfoRetry: 4157 4069 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4158 4070 (void **) &pSMBr); 4159 4159 - if (rc) 4071 4071 + if (rc < 0) 4160 4072 return rc; 4073 4073 + in_len = rc; 4161 4074 4162 4075 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 4163 4076 name_len = ··· 4181 4092 pSMB->Timeout = 0; 4182 4093 pSMB->Reserved2 = 0; 4183 4094 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4184 4184 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 4095 4095 + struct smb_com_transaction2_qpi_req, InformationLevel)); 4185 4096 pSMB->DataCount = 0; 4186 4097 pSMB->DataOffset = 0; 4187 4098 pSMB->SetupCount = 1; ··· 4192 4103 pSMB->ParameterCount = pSMB->TotalParameterCount; 4193 4104 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 4194 4105 pSMB->Reserved4 = 0; 4195 4195 - inc_rfc1001_len(pSMB, byte_count); 4106 4106 + in_len += byte_count; 4196 4107 pSMB->ByteCount = cpu_to_le16(byte_count); 4197 4108 4198 4198 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4109 4109 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4199 4110 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4200 4111 if (rc) { 4201 4112 cifs_dbg(FYI, "Send error in UnixQPathInfo = %d\n", rc); ··· 4204 4115 4205 4116 if (rc || get_bcc(&pSMBr->hdr) < sizeof(FILE_UNIX_BASIC_INFO)) { 4206 4117 cifs_dbg(VFS, "Malformed FILE_UNIX_BASIC_INFO response. Unix Extensions can be disabled on mount by specifying the nosfu mount option.\n"); 4207 4207 - rc = -EIO; /* bad smb */ 4118 4118 + rc = smb_EIO2(smb_eio_trace_unixqpathinfo_bcc_too_small, 4119 4119 + get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO)); 4208 4120 } else { 4209 4121 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4210 4122 memcpy((char *) pFindData, ··· 4233 4143 TRANSACTION2_FFIRST_RSP *pSMBr = NULL; 4234 4144 T2_FFIRST_RSP_PARMS *parms; 4235 4145 struct nls_table *nls_codepage; 4236 4236 - unsigned int lnoff; 4146 4146 + unsigned int in_len, lnoff; 4237 4147 __u16 params, byte_count; 4238 4148 int bytes_returned = 0; 4239 4149 int name_len, remap; ··· 4244 4154 findFirstRetry: 4245 4155 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4246 4156 (void **) &pSMBr); 4247 4247 - if (rc) 4157 4157 + if (rc < 0) 4248 4158 return rc; 4159 4159 + in_len = rc; 4249 4160 4250 4161 nls_codepage = cifs_sb->local_nls; 4251 4162 remap = cifs_remap(cifs_sb); ··· 4306 4215 pSMB->TotalParameterCount = cpu_to_le16(params); 4307 4216 pSMB->ParameterCount = pSMB->TotalParameterCount; 4308 4217 pSMB->ParameterOffset = cpu_to_le16( 4309 4309 - offsetof(struct smb_com_transaction2_ffirst_req, SearchAttributes) 4310 4310 - - 4); 4218 4218 + offsetof(struct smb_com_transaction2_ffirst_req, SearchAttributes)); 4311 4219 pSMB->DataCount = 0; 4312 4220 pSMB->DataOffset = 0; 4313 4221 pSMB->SetupCount = 1; /* one byte, no need to make endian neutral */ ··· 4321 4231 4322 4232 /* BB what should we set StorageType to? Does it matter? BB */ 4323 4233 pSMB->SearchStorageType = 0; 4324 4324 - inc_rfc1001_len(pSMB, byte_count); 4234 4234 + in_len += byte_count; 4325 4235 pSMB->ByteCount = cpu_to_le16(byte_count); 4326 4236 4327 4327 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4237 4237 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4328 4238 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4329 4239 cifs_stats_inc(&tcon->stats.cifs_stats.num_ffirst); 4330 4240 ··· 4383 4293 TRANSACTION2_FNEXT_REQ *pSMB = NULL; 4384 4294 TRANSACTION2_FNEXT_RSP *pSMBr = NULL; 4385 4295 T2_FNEXT_RSP_PARMS *parms; 4386 4386 - unsigned int name_len; 4296 4296 + unsigned int name_len, in_len; 4387 4297 unsigned int lnoff; 4388 4298 __u16 params, byte_count; 4389 4299 char *response_data; ··· 4397 4307 4398 4308 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4399 4309 (void **) &pSMBr); 4400 4400 - if (rc) 4310 4310 + if (rc < 0) 4401 4311 return rc; 4312 4312 + in_len = rc; 4402 4313 4403 4314 params = 14; /* includes 2 bytes of null string, converted to LE below*/ 4404 4315 byte_count = 0; ··· 4412 4321 pSMB->Timeout = 0; 4413 4322 pSMB->Reserved2 = 0; 4414 4323 pSMB->ParameterOffset = cpu_to_le16( 4415 4415 - offsetof(struct smb_com_transaction2_fnext_req,SearchHandle) - 4); 4324 4324 + offsetof(struct smb_com_transaction2_fnext_req, SearchHandle)); 4416 4325 pSMB->DataCount = 0; 4417 4326 pSMB->DataOffset = 0; 4418 4327 pSMB->SetupCount = 1; ··· 4440 4349 byte_count = params + 1 /* pad */ ; 4441 4350 pSMB->TotalParameterCount = cpu_to_le16(params); 4442 4351 pSMB->ParameterCount = pSMB->TotalParameterCount; 4443 4443 - inc_rfc1001_len(pSMB, byte_count); 4352 4352 + in_len += byte_count; 4444 4353 pSMB->ByteCount = cpu_to_le16(byte_count); 4445 4354 4446 4446 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4355 4355 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4447 4356 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4448 4357 cifs_stats_inc(&tcon->stats.cifs_stats.num_fnext); 4449 4358 ··· 4509 4418 { 4510 4419 int rc = 0; 4511 4420 FINDCLOSE_REQ *pSMB = NULL; 4421 4421 + unsigned int in_len; 4512 4422 4513 4423 cifs_dbg(FYI, "In CIFSSMBFindClose\n"); 4514 4424 rc = small_smb_init(SMB_COM_FIND_CLOSE2, 1, tcon, (void **)&pSMB); ··· 4518 4426 as file handle has been closed */ 4519 4427 if (rc == -EAGAIN) 4520 4428 return 0; 4521 4521 - if (rc) 4429 4429 + if (rc < 0) 4522 4430 return rc; 4431 4431 + in_len = rc; 4523 4432 4524 4433 pSMB->FileID = searchHandle; 4525 4434 pSMB->ByteCount = 0; 4526 4526 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 4435 4435 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 4527 4436 cifs_small_buf_release(pSMB); 4528 4437 if (rc) 4529 4438 cifs_dbg(VFS, "Send error in FindClose = %d\n", rc); ··· 4546 4453 int rc = 0; 4547 4454 TRANSACTION2_QPI_REQ *pSMB = NULL; 4548 4455 TRANSACTION2_QPI_RSP *pSMBr = NULL; 4456 4456 + unsigned int in_len; 4549 4457 int name_len, bytes_returned; 4550 4458 __u16 params, byte_count; 4551 4459 ··· 4557 4463 GetInodeNumberRetry: 4558 4464 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4559 4465 (void **) &pSMBr); 4560 4560 - if (rc) 4466 4466 + if (rc < 0) 4561 4467 return rc; 4468 4468 + in_len = rc; 4562 4469 4563 4470 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 4564 4471 name_len = ··· 4583 4488 pSMB->Timeout = 0; 4584 4489 pSMB->Reserved2 = 0; 4585 4490 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4586 4586 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 4491 4491 + struct smb_com_transaction2_qpi_req, InformationLevel)); 4587 4492 pSMB->DataCount = 0; 4588 4493 pSMB->DataOffset = 0; 4589 4494 pSMB->SetupCount = 1; ··· 4594 4499 pSMB->ParameterCount = pSMB->TotalParameterCount; 4595 4500 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_INTERNAL_INFO); 4596 4501 pSMB->Reserved4 = 0; 4597 4597 - inc_rfc1001_len(pSMB, byte_count); 4502 4502 + in_len += byte_count; 4598 4503 pSMB->ByteCount = cpu_to_le16(byte_count); 4599 4504 4600 4600 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4505 4505 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4601 4506 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4602 4507 if (rc) { 4603 4508 cifs_dbg(FYI, "error %d in QueryInternalInfo\n", rc); ··· 4608 4513 if (rc || get_bcc(&pSMBr->hdr) < 2) 4609 4514 /* If rc should we check for EOPNOSUPP and 4610 4515 disable the srvino flag? or in caller? */ 4611 4611 - rc = -EIO; /* bad smb */ 4516 4516 + rc = smb_EIO2(smb_eio_trace_getsrvinonum_bcc_too_small, 4517 4517 + get_bcc(&pSMBr->hdr), 2); 4612 4518 else { 4613 4519 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4614 4520 __u16 count = le16_to_cpu(pSMBr->t2.DataCount); ··· 4617 4521 /* BB Do we need a cast or hash here ? */ 4618 4522 if (count < 8) { 4619 4523 cifs_dbg(FYI, "Invalid size ret in QryIntrnlInf\n"); 4620 4620 - rc = -EIO; 4524 4524 + rc = smb_EIO2(smb_eio_trace_getsrvinonum_size, 4525 4525 + count, 8); 4621 4526 goto GetInodeNumOut; 4622 4527 } 4623 4528 pfinfo = (struct file_internal_info *) ··· 4642 4545 /* TRANS2_GET_DFS_REFERRAL */ 4643 4546 TRANSACTION2_GET_DFS_REFER_REQ *pSMB = NULL; 4644 4547 TRANSACTION2_GET_DFS_REFER_RSP *pSMBr = NULL; 4548 4548 + unsigned int in_len; 4645 4549 int rc = 0; 4646 4550 int bytes_returned; 4647 4551 int name_len; ··· 4662 4564 */ 4663 4565 rc = smb_init(SMB_COM_TRANSACTION2, 15, ses->tcon_ipc, 4664 4566 (void **)&pSMB, (void **)&pSMBr); 4665 4665 - if (rc) 4567 4567 + if (rc < 0) 4666 4568 return rc; 4569 4569 + in_len = rc; 4667 4570 4668 4571 /* server pointer checked in called function, 4669 4572 but should never be null here anyway */ ··· 4706 4607 pSMB->Timeout = 0; 4707 4608 pSMB->Reserved2 = 0; 4708 4609 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4709 4709 - struct smb_com_transaction2_get_dfs_refer_req, MaxReferralLevel) - 4); 4610 4610 + struct smb_com_transaction2_get_dfs_refer_req, MaxReferralLevel)); 4710 4611 pSMB->SetupCount = 1; 4711 4612 pSMB->Reserved3 = 0; 4712 4613 pSMB->SubCommand = cpu_to_le16(TRANS2_GET_DFS_REFERRAL); ··· 4714 4615 pSMB->ParameterCount = cpu_to_le16(params); 4715 4616 pSMB->TotalParameterCount = pSMB->ParameterCount; 4716 4617 pSMB->MaxReferralLevel = cpu_to_le16(3); 4717 4717 - inc_rfc1001_len(pSMB, byte_count); 4618 4618 + in_len += byte_count; 4718 4619 pSMB->ByteCount = cpu_to_le16(byte_count); 4719 4620 4720 4720 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, 4621 4621 + rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, in_len, 4721 4622 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4722 4623 if (rc) { 4723 4624 cifs_dbg(FYI, "Send error in GetDFSRefer = %d\n", rc); ··· 4727 4628 4728 4629 /* BB Also check if enough total bytes returned? */ 4729 4630 if (rc || get_bcc(&pSMBr->hdr) < 17) { 4730 4730 - rc = -EIO; /* bad smb */ 4631 4631 + rc = smb_EIO2(smb_eio_trace_getdfsrefer_bcc_too_small, 4632 4632 + get_bcc(&pSMBr->hdr), 17); 4731 4633 goto GetDFSRefExit; 4732 4634 } 4733 4635 ··· 4760 4660 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4761 4661 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4762 4662 FILE_SYSTEM_ALLOC_INFO *response_data; 4663 4663 + unsigned int in_len; 4763 4664 int rc = 0; 4764 4665 int bytes_returned = 0; 4765 4666 __u16 params, byte_count; ··· 4769 4668 oldQFSInfoRetry: 4770 4669 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4771 4670 (void **) &pSMBr); 4772 4772 - if (rc) 4671 4671 + if (rc < 0) 4773 4672 return rc; 4673 4673 + in_len = rc; 4774 4674 4775 4675 params = 2; /* level */ 4776 4676 pSMB->TotalDataCount = 0; ··· 4786 4684 pSMB->TotalParameterCount = cpu_to_le16(params); 4787 4685 pSMB->ParameterCount = pSMB->TotalParameterCount; 4788 4686 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4789 4789 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4687 4687 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4790 4688 pSMB->DataCount = 0; 4791 4689 pSMB->DataOffset = 0; 4792 4690 pSMB->SetupCount = 1; 4793 4691 pSMB->Reserved3 = 0; 4794 4692 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4795 4693 pSMB->InformationLevel = cpu_to_le16(SMB_INFO_ALLOCATION); 4796 4796 - inc_rfc1001_len(pSMB, byte_count); 4694 4694 + in_len += byte_count; 4797 4695 pSMB->ByteCount = cpu_to_le16(byte_count); 4798 4696 4799 4799 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4697 4697 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4800 4698 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4801 4699 if (rc) { 4802 4700 cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc); ··· 4804 4702 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4805 4703 4806 4704 if (rc || get_bcc(&pSMBr->hdr) < 18) 4807 4807 - rc = -EIO; /* bad smb */ 4705 4705 + rc = smb_EIO2(smb_eio_trace_oldqfsinfo_bcc_too_small, 4706 4706 + get_bcc(&pSMBr->hdr), 18); 4808 4707 else { 4809 4708 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4810 4709 cifs_dbg(FYI, "qfsinf resp BCC: %d Offset %d\n", ··· 4850 4747 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4851 4748 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4852 4749 FILE_SYSTEM_SIZE_INFO *response_data; 4750 4750 + unsigned int in_len; 4853 4751 int rc = 0; 4854 4752 int bytes_returned = 0; 4855 4753 __u16 params, byte_count; ··· 4859 4755 QFSInfoRetry: 4860 4756 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4861 4757 (void **) &pSMBr); 4862 4862 - if (rc) 4758 4758 + if (rc < 0) 4863 4759 return rc; 4760 4760 + in_len = rc; 4864 4761 4865 4762 params = 2; /* level */ 4866 4763 pSMB->TotalDataCount = 0; ··· 4876 4771 pSMB->TotalParameterCount = cpu_to_le16(params); 4877 4772 pSMB->ParameterCount = pSMB->TotalParameterCount; 4878 4773 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4879 4879 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4774 4774 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4880 4775 pSMB->DataCount = 0; 4881 4776 pSMB->DataOffset = 0; 4882 4777 pSMB->SetupCount = 1; 4883 4778 pSMB->Reserved3 = 0; 4884 4779 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4885 4780 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_SIZE_INFO); 4886 4886 - inc_rfc1001_len(pSMB, byte_count); 4781 4781 + in_len += byte_count; 4887 4782 pSMB->ByteCount = cpu_to_le16(byte_count); 4888 4783 4889 4889 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4784 4784 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4890 4785 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4891 4786 if (rc) { 4892 4787 cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc); ··· 4894 4789 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 4895 4790 4896 4791 if (rc || get_bcc(&pSMBr->hdr) < 24) 4897 4897 - rc = -EIO; /* bad smb */ 4792 4792 + rc = smb_EIO2(smb_eio_trace_qfsinfo_bcc_too_small, 4793 4793 + get_bcc(&pSMBr->hdr), 24); 4898 4794 else { 4899 4795 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4900 4796 ··· 4939 4833 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4940 4834 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4941 4835 FILE_SYSTEM_ATTRIBUTE_INFO *response_data; 4836 4836 + unsigned int in_len; 4942 4837 int rc = 0; 4943 4838 int bytes_returned = 0; 4944 4839 __u16 params, byte_count; ··· 4948 4841 QFSAttributeRetry: 4949 4842 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4950 4843 (void **) &pSMBr); 4951 4951 - if (rc) 4844 4844 + if (rc < 0) 4952 4845 return rc; 4846 4846 + in_len = rc; 4953 4847 4954 4848 params = 2; /* level */ 4955 4849 pSMB->TotalDataCount = 0; ··· 4966 4858 pSMB->TotalParameterCount = cpu_to_le16(params); 4967 4859 pSMB->ParameterCount = pSMB->TotalParameterCount; 4968 4860 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4969 4969 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4861 4861 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4970 4862 pSMB->DataCount = 0; 4971 4863 pSMB->DataOffset = 0; 4972 4864 pSMB->SetupCount = 1; 4973 4865 pSMB->Reserved3 = 0; 4974 4866 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4975 4867 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_ATTRIBUTE_INFO); 4976 4976 - inc_rfc1001_len(pSMB, byte_count); 4868 4868 + in_len += byte_count; 4977 4869 pSMB->ByteCount = cpu_to_le16(byte_count); 4978 4870 4979 4979 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4871 4871 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4980 4872 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4981 4873 if (rc) { 4982 4874 cifs_dbg(VFS, "Send error in QFSAttributeInfo = %d\n", rc); ··· 4985 4877 4986 4878 if (rc || get_bcc(&pSMBr->hdr) < 13) { 4987 4879 /* BB also check if enough bytes returned */ 4988 4988 - rc = -EIO; /* bad smb */ 4880 4880 + rc = smb_EIO2(smb_eio_trace_qfsattrinfo_bcc_too_small, 4881 4881 + get_bcc(&pSMBr->hdr), 13); 4989 4882 } else { 4990 4883 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 4991 4884 response_data = ··· 5012 4903 TRANSACTION2_QFSI_REQ *pSMB = NULL; 5013 4904 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 5014 4905 FILE_SYSTEM_DEVICE_INFO *response_data; 4906 4906 + unsigned int in_len; 5015 4907 int rc = 0; 5016 4908 int bytes_returned = 0; 5017 4909 __u16 params, byte_count; ··· 5021 4911 QFSDeviceRetry: 5022 4912 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5023 4913 (void **) &pSMBr); 5024 5024 - if (rc) 4914 4914 + if (rc < 0) 5025 4915 return rc; 4916 4916 + in_len = rc; 5026 4917 5027 4918 params = 2; /* level */ 5028 4919 pSMB->TotalDataCount = 0; ··· 5039 4928 pSMB->TotalParameterCount = cpu_to_le16(params); 5040 4929 pSMB->ParameterCount = pSMB->TotalParameterCount; 5041 4930 pSMB->ParameterOffset = cpu_to_le16(offsetof( 5042 5042 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4931 4931 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 5043 4932 5044 4933 pSMB->DataCount = 0; 5045 4934 pSMB->DataOffset = 0; ··· 5047 4936 pSMB->Reserved3 = 0; 5048 4937 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5049 4938 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_DEVICE_INFO); 5050 5050 - inc_rfc1001_len(pSMB, byte_count); 4939 4939 + in_len += byte_count; 5051 4940 pSMB->ByteCount = cpu_to_le16(byte_count); 5052 4941 5053 5053 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4942 4942 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5054 4943 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5055 4944 if (rc) { 5056 4945 cifs_dbg(FYI, "Send error in QFSDeviceInfo = %d\n", rc); ··· 5059 4948 5060 4949 if (rc || get_bcc(&pSMBr->hdr) < 5061 4950 sizeof(FILE_SYSTEM_DEVICE_INFO)) 5062 5062 - rc = -EIO; /* bad smb */ 4951 4951 + rc = smb_EIO2(smb_eio_trace_qfsdevinfo_bcc_too_small, 4952 4952 + get_bcc(&pSMBr->hdr), 4953 4953 + sizeof(FILE_SYSTEM_DEVICE_INFO)); 5063 4954 else { 5064 4955 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 5065 4956 response_data = ··· 5087 4974 TRANSACTION2_QFSI_REQ *pSMB = NULL; 5088 4975 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 5089 4976 FILE_SYSTEM_UNIX_INFO *response_data; 4977 4977 + unsigned int in_len; 5090 4978 int rc = 0; 5091 4979 int bytes_returned = 0; 5092 4980 __u16 params, byte_count; ··· 5096 4982 QFSUnixRetry: 5097 4983 rc = smb_init_no_reconnect(SMB_COM_TRANSACTION2, 15, tcon, 5098 4984 (void **) &pSMB, (void **) &pSMBr); 5099 5099 - if (rc) 4985 4985 + if (rc < 0) 5100 4986 return rc; 4987 4987 + in_len = rc; 5101 4988 5102 4989 params = 2; /* level */ 5103 4990 pSMB->TotalDataCount = 0; ··· 5116 5001 pSMB->ParameterCount = cpu_to_le16(params); 5117 5002 pSMB->TotalParameterCount = pSMB->ParameterCount; 5118 5003 pSMB->ParameterOffset = cpu_to_le16(offsetof(struct 5119 5119 - smb_com_transaction2_qfsi_req, InformationLevel) - 4); 5004 5004 + smb_com_transaction2_qfsi_req, InformationLevel)); 5120 5005 pSMB->SetupCount = 1; 5121 5006 pSMB->Reserved3 = 0; 5122 5007 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5123 5008 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_CIFS_UNIX_INFO); 5124 5124 - inc_rfc1001_len(pSMB, byte_count); 5009 5009 + in_len += byte_count; 5125 5010 pSMB->ByteCount = cpu_to_le16(byte_count); 5126 5011 5127 5127 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5012 5012 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5128 5013 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5129 5014 if (rc) { 5130 5015 cifs_dbg(VFS, "Send error in QFSUnixInfo = %d\n", rc); ··· 5132 5017 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 5133 5018 5134 5019 if (rc || get_bcc(&pSMBr->hdr) < 13) { 5135 5135 - rc = -EIO; /* bad smb */ 5020 5020 + rc = smb_EIO2(smb_eio_trace_qfsunixinfo_bcc_too_small, 5021 5021 + get_bcc(&pSMBr->hdr), 13); 5136 5022 } else { 5137 5023 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 5138 5024 response_data = ··· 5159 5043 /* level 0x200 SMB_SET_CIFS_UNIX_INFO */ 5160 5044 TRANSACTION2_SETFSI_REQ *pSMB = NULL; 5161 5045 TRANSACTION2_SETFSI_RSP *pSMBr = NULL; 5046 5046 + unsigned int in_len; 5162 5047 int rc = 0; 5163 5048 int bytes_returned = 0; 5164 5049 __u16 params, param_offset, offset, byte_count; ··· 5169 5052 /* BB switch to small buf init to save memory */ 5170 5053 rc = smb_init_no_reconnect(SMB_COM_TRANSACTION2, 15, tcon, 5171 5054 (void **) &pSMB, (void **) &pSMBr); 5172 5172 - if (rc) 5055 5055 + if (rc < 0) 5173 5056 return rc; 5057 5057 + in_len = rc; 5174 5058 5175 5059 params = 4; /* 2 bytes zero followed by info level. */ 5176 5060 pSMB->MaxSetupCount = 0; ··· 5179 5061 pSMB->Flags = 0; 5180 5062 pSMB->Timeout = 0; 5181 5063 pSMB->Reserved2 = 0; 5182 5182 - param_offset = offsetof(struct smb_com_transaction2_setfsi_req, FileNum) 5183 5183 - - 4; 5064 5064 + param_offset = offsetof(struct smb_com_transaction2_setfsi_req, FileNum); 5184 5065 offset = param_offset + params; 5185 5066 5186 5067 pSMB->MaxParameterCount = cpu_to_le16(4); ··· 5206 5089 pSMB->ClientUnixMinor = cpu_to_le16(CIFS_UNIX_MINOR_VERSION); 5207 5090 pSMB->ClientUnixCap = cpu_to_le64(cap); 5208 5091 5209 5209 - inc_rfc1001_len(pSMB, byte_count); 5092 5092 + in_len += byte_count; 5210 5093 pSMB->ByteCount = cpu_to_le16(byte_count); 5211 5094 5212 5212 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5095 5095 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5213 5096 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5214 5097 if (rc) { 5215 5098 cifs_dbg(VFS, "Send error in SETFSUnixInfo = %d\n", rc); ··· 5236 5119 TRANSACTION2_QFSI_REQ *pSMB = NULL; 5237 5120 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 5238 5121 FILE_SYSTEM_POSIX_INFO *response_data; 5122 5122 + unsigned int in_len; 5239 5123 int rc = 0; 5240 5124 int bytes_returned = 0; 5241 5125 __u16 params, byte_count; ··· 5245 5127 QFSPosixRetry: 5246 5128 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5247 5129 (void **) &pSMBr); 5248 5248 - if (rc) 5130 5130 + if (rc < 0) 5249 5131 return rc; 5132 5132 + in_len = rc; 5250 5133 5251 5134 params = 2; /* level */ 5252 5135 pSMB->TotalDataCount = 0; ··· 5265 5146 pSMB->ParameterCount = cpu_to_le16(params); 5266 5147 pSMB->TotalParameterCount = pSMB->ParameterCount; 5267 5148 pSMB->ParameterOffset = cpu_to_le16(offsetof(struct 5268 5268 - smb_com_transaction2_qfsi_req, InformationLevel) - 4); 5149 5149 + smb_com_transaction2_qfsi_req, InformationLevel)); 5269 5150 pSMB->SetupCount = 1; 5270 5151 pSMB->Reserved3 = 0; 5271 5152 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5272 5153 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_POSIX_FS_INFO); 5273 5273 - inc_rfc1001_len(pSMB, byte_count); 5154 5154 + in_len += byte_count; 5274 5155 pSMB->ByteCount = cpu_to_le16(byte_count); 5275 5156 5276 5276 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5157 5157 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5277 5158 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5278 5159 if (rc) { 5279 5160 cifs_dbg(FYI, "Send error in QFSUnixInfo = %d\n", rc); ··· 5281 5162 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 5282 5163 5283 5164 if (rc || get_bcc(&pSMBr->hdr) < 13) { 5284 5284 - rc = -EIO; /* bad smb */ 5165 5165 + rc = smb_EIO2(smb_eio_trace_qfsposixinfo_bcc_too_small, 5166 5166 + get_bcc(&pSMBr->hdr), 13); 5285 5167 } else { 5286 5168 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 5287 5169 response_data = ··· 5339 5219 struct smb_com_transaction2_spi_req *pSMB = NULL; 5340 5220 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 5341 5221 struct file_end_of_file_info *parm_data; 5222 5222 + unsigned int in_len; 5342 5223 int name_len; 5343 5224 int rc = 0; 5344 5225 int bytes_returned = 0; ··· 5351 5230 SetEOFRetry: 5352 5231 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5353 5232 (void **) &pSMBr); 5354 5354 - if (rc) 5233 5233 + if (rc < 0) 5355 5234 return rc; 5235 5235 + in_len = rc; 5356 5236 5357 5237 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5358 5238 name_len = ··· 5374 5252 pSMB->Timeout = 0; 5375 5253 pSMB->Reserved2 = 0; 5376 5254 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5377 5377 - InformationLevel) - 4; 5255 5255 + InformationLevel); 5378 5256 offset = param_offset + params; 5379 5257 if (set_allocation) { 5380 5258 if (tcon->ses->capabilities & CAP_INFOLEVEL_PASSTHRU) ··· 5406 5284 pSMB->ParameterCount = cpu_to_le16(params); 5407 5285 pSMB->TotalParameterCount = pSMB->ParameterCount; 5408 5286 pSMB->Reserved4 = 0; 5409 5409 - inc_rfc1001_len(pSMB, byte_count); 5287 5287 + in_len += byte_count; 5410 5288 parm_data->FileSize = cpu_to_le64(size); 5411 5289 pSMB->ByteCount = cpu_to_le16(byte_count); 5412 5412 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5290 5290 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5413 5291 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5414 5292 if (rc) 5415 5293 cifs_dbg(FYI, "SetPathInfo (file size) returned %d\n", rc); ··· 5428 5306 { 5429 5307 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5430 5308 struct file_end_of_file_info *parm_data; 5309 5309 + unsigned int in_len; 5431 5310 int rc = 0; 5432 5311 __u16 params, param_offset, offset, byte_count, count; 5433 5312 5434 5313 cifs_dbg(FYI, "SetFileSize (via SetFileInfo) %lld\n", 5435 5314 (long long)size); 5436 5315 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5437 5437 - 5438 5438 - if (rc) 5316 5316 + if (rc < 0) 5439 5317 return rc; 5318 5318 + in_len = rc; 5440 5319 5441 5320 pSMB->hdr.Pid = cpu_to_le16((__u16)cfile->pid); 5442 5321 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(cfile->pid >> 16)); ··· 5448 5325 pSMB->Flags = 0; 5449 5326 pSMB->Timeout = 0; 5450 5327 pSMB->Reserved2 = 0; 5451 5451 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5328 5328 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5452 5329 offset = param_offset + params; 5453 5330 5454 5331 count = sizeof(struct file_end_of_file_info); ··· 5464 5341 pSMB->TotalDataCount = pSMB->DataCount; 5465 5342 pSMB->TotalParameterCount = pSMB->ParameterCount; 5466 5343 pSMB->ParameterOffset = cpu_to_le16(param_offset); 5467 5467 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5468 5344 parm_data = 5469 5469 - (struct file_end_of_file_info *)(((char *)pSMB) + offset + 4); 5345 5345 + (struct file_end_of_file_info *)(((char *)pSMB) + offset); 5470 5346 pSMB->DataOffset = cpu_to_le16(offset); 5471 5347 parm_data->FileSize = cpu_to_le64(size); 5472 5348 pSMB->Fid = cfile->fid.netfid; ··· 5485 5363 cpu_to_le16(SMB_SET_FILE_END_OF_FILE_INFO); 5486 5364 } 5487 5365 pSMB->Reserved4 = 0; 5488 5488 - inc_rfc1001_len(pSMB, byte_count); 5366 5366 + in_len += byte_count; 5489 5367 pSMB->ByteCount = cpu_to_le16(byte_count); 5490 5490 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5368 5368 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5491 5369 cifs_small_buf_release(pSMB); 5492 5370 if (rc) { 5493 5371 cifs_dbg(FYI, "Send error in SetFileInfo (SetFileSize) = %d\n", ··· 5509 5387 SETATTR_REQ *pSMB; 5510 5388 SETATTR_RSP *pSMBr; 5511 5389 struct timespec64 ts; 5390 5390 + unsigned int in_len; 5512 5391 int bytes_returned; 5513 5392 int name_len; 5514 5393 int rc; ··· 5519 5396 retry: 5520 5397 rc = smb_init(SMB_COM_SETATTR, 8, tcon, (void **) &pSMB, 5521 5398 (void **) &pSMBr); 5522 5522 - if (rc) 5399 5399 + if (rc < 0) 5523 5400 return rc; 5401 5401 + in_len = rc; 5524 5402 5525 5403 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5526 5404 name_len = ··· 5543 5419 } 5544 5420 pSMB->BufferFormat = 0x04; 5545 5421 name_len++; /* account for buffer type byte */ 5546 5546 - inc_rfc1001_len(pSMB, (__u16)name_len); 5422 5422 + in_len += name_len; 5547 5423 pSMB->ByteCount = cpu_to_le16(name_len); 5548 5424 5549 5549 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5425 5425 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5550 5426 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5551 5427 if (rc) 5552 5428 cifs_dbg(FYI, "Send error in %s = %d\n", __func__, rc); ··· 5570 5446 const FILE_BASIC_INFO *data, __u16 fid, __u32 pid_of_opener) 5571 5447 { 5572 5448 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5449 5449 + unsigned int in_len; 5573 5450 char *data_offset; 5574 5451 int rc = 0; 5575 5452 __u16 params, param_offset, offset, byte_count, count; 5576 5453 5577 5454 cifs_dbg(FYI, "Set Times (via SetFileInfo)\n"); 5578 5455 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5579 5579 - 5580 5580 - if (rc) 5456 5456 + if (rc < 0) 5581 5457 return rc; 5458 5458 + in_len = rc; 5582 5459 5583 5460 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5584 5461 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5590 5465 pSMB->Flags = 0; 5591 5466 pSMB->Timeout = 0; 5592 5467 pSMB->Reserved2 = 0; 5593 5593 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5468 5468 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5594 5469 offset = param_offset + params; 5595 5470 5596 5596 - data_offset = (char *)pSMB + 5597 5597 - offsetof(struct smb_hdr, Protocol) + offset; 5471 5471 + data_offset = (char *)pSMB + offset; 5598 5472 5599 5473 count = sizeof(FILE_BASIC_INFO); 5600 5474 pSMB->MaxParameterCount = cpu_to_le16(2); ··· 5615 5491 else 5616 5492 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_BASIC_INFO); 5617 5493 pSMB->Reserved4 = 0; 5618 5618 - inc_rfc1001_len(pSMB, byte_count); 5494 5494 + in_len += byte_count; 5619 5495 pSMB->ByteCount = cpu_to_le16(byte_count); 5620 5496 memcpy(data_offset, data, sizeof(FILE_BASIC_INFO)); 5621 5621 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5497 5497 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5622 5498 cifs_small_buf_release(pSMB); 5623 5499 if (rc) 5624 5500 cifs_dbg(FYI, "Send error in Set Time (SetFileInfo) = %d\n", ··· 5635 5511 bool delete_file, __u16 fid, __u32 pid_of_opener) 5636 5512 { 5637 5513 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5514 5514 + unsigned int in_len; 5638 5515 char *data_offset; 5639 5516 int rc = 0; 5640 5517 __u16 params, param_offset, offset, byte_count, count; 5641 5518 5642 5519 cifs_dbg(FYI, "Set File Disposition (via SetFileInfo)\n"); 5643 5520 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5644 5644 - 5645 5645 - if (rc) 5521 5521 + if (rc < 0) 5646 5522 return rc; 5523 5523 + in_len = rc; 5647 5524 5648 5525 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5649 5526 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5655 5530 pSMB->Flags = 0; 5656 5531 pSMB->Timeout = 0; 5657 5532 pSMB->Reserved2 = 0; 5658 5658 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5533 5533 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5659 5534 offset = param_offset + params; 5660 5660 - 5661 5661 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5662 5662 - data_offset = (char *)(pSMB) + offset + 4; 5535 5535 + data_offset = (char *)(pSMB) + offset; 5663 5536 5664 5537 count = 1; 5665 5538 pSMB->MaxParameterCount = cpu_to_le16(2); ··· 5676 5553 pSMB->Fid = fid; 5677 5554 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_DISPOSITION_INFO); 5678 5555 pSMB->Reserved4 = 0; 5679 5679 - inc_rfc1001_len(pSMB, byte_count); 5556 5556 + in_len += byte_count; 5680 5557 pSMB->ByteCount = cpu_to_le16(byte_count); 5681 5558 *data_offset = delete_file ? 1 : 0; 5682 5682 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5559 5559 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5683 5560 cifs_small_buf_release(pSMB); 5684 5561 if (rc) 5685 5562 cifs_dbg(FYI, "Send error in SetFileDisposition = %d\n", rc); ··· 5727 5604 { 5728 5605 TRANSACTION2_SPI_REQ *pSMB = NULL; 5729 5606 TRANSACTION2_SPI_RSP *pSMBr = NULL; 5607 5607 + unsigned int in_len; 5730 5608 int name_len; 5731 5609 int rc = 0; 5732 5610 int bytes_returned = 0; ··· 5740 5616 SetTimesRetry: 5741 5617 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5742 5618 (void **) &pSMBr); 5743 5743 - if (rc) 5619 5619 + if (rc < 0) 5744 5620 return rc; 5621 5621 + in_len = rc; 5745 5622 5746 5623 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5747 5624 name_len = ··· 5765 5640 pSMB->Timeout = 0; 5766 5641 pSMB->Reserved2 = 0; 5767 5642 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5768 5768 - InformationLevel) - 4; 5643 5643 + InformationLevel); 5769 5644 offset = param_offset + params; 5770 5645 data_offset = (char *)pSMB + offsetof(typeof(*pSMB), hdr.Protocol) + offset; 5771 5646 pSMB->ParameterOffset = cpu_to_le16(param_offset); ··· 5784 5659 else 5785 5660 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_BASIC_INFO); 5786 5661 pSMB->Reserved4 = 0; 5787 5787 - inc_rfc1001_len(pSMB, byte_count); 5662 5662 + in_len += byte_count; 5788 5663 memcpy(data_offset, data, sizeof(FILE_BASIC_INFO)); 5789 5664 pSMB->ByteCount = cpu_to_le16(byte_count); 5790 5790 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5665 5665 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5791 5666 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5792 5667 if (rc) 5793 5668 cifs_dbg(FYI, "SetPathInfo (times) returned %d\n", rc); ··· 5857 5732 u16 fid, u32 pid_of_opener) 5858 5733 { 5859 5734 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5735 5735 + unsigned int in_len; 5860 5736 char *data_offset; 5861 5737 int rc = 0; 5862 5738 u16 params, param_offset, offset, byte_count, count; 5863 5739 5864 5740 cifs_dbg(FYI, "Set Unix Info (via SetFileInfo)\n"); 5865 5741 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5866 5866 - 5867 5867 - if (rc) 5742 5742 + if (rc < 0) 5868 5743 return rc; 5744 5744 + in_len = rc; 5869 5745 5870 5746 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5871 5747 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5877 5751 pSMB->Flags = 0; 5878 5752 pSMB->Timeout = 0; 5879 5753 pSMB->Reserved2 = 0; 5880 5880 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5754 5754 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5881 5755 offset = param_offset + params; 5882 5756 5883 5883 - data_offset = (char *)pSMB + 5884 5884 - offsetof(struct smb_hdr, Protocol) + offset; 5757 5757 + data_offset = (char *)pSMB + offset; 5885 5758 5886 5759 count = sizeof(FILE_UNIX_BASIC_INFO); 5887 5760 ··· 5900 5775 pSMB->Fid = fid; 5901 5776 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_BASIC); 5902 5777 pSMB->Reserved4 = 0; 5903 5903 - inc_rfc1001_len(pSMB, byte_count); 5778 5778 + in_len += byte_count; 5904 5779 pSMB->ByteCount = cpu_to_le16(byte_count); 5905 5780 5906 5781 cifs_fill_unix_set_info((FILE_UNIX_BASIC_INFO *)data_offset, args); 5907 5782 5908 5908 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5783 5783 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5909 5784 cifs_small_buf_release(pSMB); 5910 5785 if (rc) 5911 5786 cifs_dbg(FYI, "Send error in Set Time (SetFileInfo) = %d\n", ··· 5925 5800 { 5926 5801 TRANSACTION2_SPI_REQ *pSMB = NULL; 5927 5802 TRANSACTION2_SPI_RSP *pSMBr = NULL; 5803 5803 + unsigned int in_len; 5928 5804 int name_len; 5929 5805 int rc = 0; 5930 5806 int bytes_returned = 0; ··· 5936 5810 setPermsRetry: 5937 5811 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5938 5812 (void **) &pSMBr); 5939 5939 - if (rc) 5813 5813 + if (rc < 0) 5940 5814 return rc; 5815 5815 + in_len = rc; 5941 5816 5942 5817 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5943 5818 name_len = ··· 5961 5834 pSMB->Timeout = 0; 5962 5835 pSMB->Reserved2 = 0; 5963 5836 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5964 5964 - InformationLevel) - 4; 5837 5837 + InformationLevel); 5965 5838 offset = param_offset + params; 5966 5966 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5967 5967 - data_offset = (FILE_UNIX_BASIC_INFO *)((char *) pSMB + offset + 4); 5839 5839 + data_offset = (FILE_UNIX_BASIC_INFO *)((char *) pSMB + offset); 5968 5840 memset(data_offset, 0, count); 5969 5841 pSMB->DataOffset = cpu_to_le16(offset); 5970 5842 pSMB->ParameterOffset = cpu_to_le16(param_offset); ··· 5977 5851 pSMB->TotalDataCount = pSMB->DataCount; 5978 5852 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_BASIC); 5979 5853 pSMB->Reserved4 = 0; 5980 5980 - inc_rfc1001_len(pSMB, byte_count); 5854 5854 + in_len += byte_count; 5981 5855 5982 5856 cifs_fill_unix_set_info(data_offset, args); 5983 5857 5984 5858 pSMB->ByteCount = cpu_to_le16(byte_count); 5985 5985 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5859 5859 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5986 5860 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5987 5861 if (rc) 5988 5862 cifs_dbg(FYI, "SetPathInfo (perms) returned %d\n", rc); ··· 6014 5888 TRANSACTION2_QPI_RSP *pSMBr = NULL; 6015 5889 int remap = cifs_remap(cifs_sb); 6016 5890 struct nls_table *nls_codepage = cifs_sb->local_nls; 5891 5891 + unsigned int in_len; 6017 5892 int rc = 0; 6018 5893 int bytes_returned; 6019 5894 int list_len; ··· 6029 5902 QAllEAsRetry: 6030 5903 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 6031 5904 (void **) &pSMBr); 6032 6032 - if (rc) 5905 5905 + if (rc < 0) 6033 5906 return rc; 5907 5907 + in_len = rc; 6034 5908 6035 5909 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 6036 5910 list_len = ··· 6054 5926 pSMB->Timeout = 0; 6055 5927 pSMB->Reserved2 = 0; 6056 5928 pSMB->ParameterOffset = cpu_to_le16(offsetof( 6057 6057 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 5929 5929 + struct smb_com_transaction2_qpi_req, InformationLevel)); 6058 5930 pSMB->DataCount = 0; 6059 5931 pSMB->DataOffset = 0; 6060 5932 pSMB->SetupCount = 1; ··· 6065 5937 pSMB->ParameterCount = pSMB->TotalParameterCount; 6066 5938 pSMB->InformationLevel = cpu_to_le16(SMB_INFO_QUERY_ALL_EAS); 6067 5939 pSMB->Reserved4 = 0; 6068 6068 - inc_rfc1001_len(pSMB, byte_count); 5940 5940 + in_len += byte_count; 6069 5941 pSMB->ByteCount = cpu_to_le16(byte_count); 6070 5942 6071 6071 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5943 5943 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 6072 5944 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 6073 5945 if (rc) { 6074 5946 cifs_dbg(FYI, "Send error in QueryAllEAs = %d\n", rc); ··· 6082 5954 6083 5955 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 6084 5956 if (rc || get_bcc(&pSMBr->hdr) < 4) { 6085 6085 - rc = -EIO; /* bad smb */ 5957 5957 + rc = smb_EIO2(smb_eio_trace_qalleas_bcc_too_small, 5958 5958 + get_bcc(&pSMBr->hdr), 4); 6086 5959 goto QAllEAsOut; 6087 5960 } 6088 5961 ··· 6113 5984 end_of_smb = (char *)pByteArea(&pSMBr->hdr) + get_bcc(&pSMBr->hdr); 6114 5985 if ((char *)ea_response_data + list_len > end_of_smb) { 6115 5986 cifs_dbg(FYI, "EA list appears to go beyond SMB\n"); 6116 6116 - rc = -EIO; 5987 5987 + rc = smb_EIO2(smb_eio_trace_qalleas_overlong, 5988 5988 + (unsigned long)ea_response_data + list_len - (unsigned long)pSMBr, 5989 5989 + (unsigned long)end_of_smb - (unsigned long)pSMBr); 6117 5990 goto QAllEAsOut; 6118 5991 } 6119 5992 ··· 6132 6001 /* make sure we can read name_len and value_len */ 6133 6002 if (list_len < 0) { 6134 6003 cifs_dbg(FYI, "EA entry goes beyond length of list\n"); 6135 6135 - rc = -EIO; 6004 6004 + rc = smb_EIO1(smb_eio_trace_qalleas_ea_overlong, list_len); 6136 6005 goto QAllEAsOut; 6137 6006 } 6138 6007 ··· 6141 6010 list_len -= name_len + 1 + value_len; 6142 6011 if (list_len < 0) { 6143 6012 cifs_dbg(FYI, "EA entry goes beyond length of list\n"); 6144 6144 - rc = -EIO; 6013 6013 + rc = smb_EIO1(smb_eio_trace_qalleas_ea_overlong, list_len); 6145 6014 goto QAllEAsOut; 6146 6015 } 6147 6016 ··· 6203 6072 struct smb_com_transaction2_spi_req *pSMB = NULL; 6204 6073 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 6205 6074 struct fealist *parm_data; 6075 6075 + unsigned int in_len; 6206 6076 int name_len; 6207 6077 int rc = 0; 6208 6078 int bytes_returned = 0; ··· 6214 6082 SetEARetry: 6215 6083 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 6216 6084 (void **) &pSMBr); 6217 6217 - if (rc) 6085 6085 + if (rc < 0) 6218 6086 return rc; 6087 6087 + in_len = rc; 6219 6088 6220 6089 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 6221 6090 name_len = ··· 6248 6115 pSMB->Timeout = 0; 6249 6116 pSMB->Reserved2 = 0; 6250 6117 param_offset = offsetof(struct smb_com_transaction2_spi_req, 6251 6251 - InformationLevel) - 4; 6118 6118 + InformationLevel); 6252 6119 offset = param_offset + params; 6253 6120 pSMB->InformationLevel = 6254 6121 cpu_to_le16(SMB_SET_FILE_EA); 6255 6122 6256 6256 - parm_data = (void *)pSMB + offsetof(struct smb_hdr, Protocol) + offset; 6123 6123 + parm_data = (void *)pSMB + offset; 6257 6124 pSMB->ParameterOffset = cpu_to_le16(param_offset); 6258 6125 pSMB->DataOffset = cpu_to_le16(offset); 6259 6126 pSMB->SetupCount = 1; ··· 6282 6149 pSMB->ParameterCount = cpu_to_le16(params); 6283 6150 pSMB->TotalParameterCount = pSMB->ParameterCount; 6284 6151 pSMB->Reserved4 = 0; 6285 6285 - inc_rfc1001_len(pSMB, byte_count); 6152 6152 + in_len += byte_count; 6286 6153 pSMB->ByteCount = cpu_to_le16(byte_count); 6287 6287 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 6154 6154 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 6288 6155 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 6289 6156 if (rc) 6290 6157 cifs_dbg(FYI, "SetPathInfo (EA) returned %d\n", rc);

+40 -342

fs/smb/client/cifstransport.c

reviewed

··· 43 43 return NULL; 44 44 } 45 45 46 46 - temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 46 46 + temp = mempool_alloc(&cifs_mid_pool, GFP_NOFS); 47 47 memset(temp, 0, sizeof(struct mid_q_entry)); 48 48 - kref_init(&temp->refcount); 48 48 + refcount_set(&temp->refcount, 1); 49 49 spin_lock_init(&temp->mid_lock); 50 50 temp->mid = get_mid(smb_buffer); 51 51 temp->pid = current->pid; ··· 54 54 /* easier to use jiffies */ 55 55 /* when mid allocated can be before when sent */ 56 56 temp->when_alloc = jiffies; 57 57 - temp->server = server; 58 57 59 58 /* 60 59 * The default is for the mid to be synchronous, so the ··· 67 68 atomic_inc(&mid_count); 68 69 temp->mid_state = MID_REQUEST_ALLOCATED; 69 70 return temp; 70 70 - } 71 71 - 72 72 - int 73 73 - smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 74 74 - unsigned int smb_buf_length) 75 75 - { 76 76 - struct kvec iov[2]; 77 77 - struct smb_rqst rqst = { .rq_iov = iov, 78 78 - .rq_nvec = 2 }; 79 79 - 80 80 - iov[0].iov_base = smb_buffer; 81 81 - iov[0].iov_len = 4; 82 82 - iov[1].iov_base = (char *)smb_buffer + 4; 83 83 - iov[1].iov_len = smb_buf_length; 84 84 - 85 85 - return __smb_send_rqst(server, 1, &rqst); 86 71 } 87 72 88 73 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, ··· 108 125 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 109 126 struct mid_q_entry *mid; 110 127 111 111 - if (rqst->rq_iov[0].iov_len != 4 || 112 112 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 113 113 - return ERR_PTR(-EIO); 114 114 - 115 128 /* enable signing if server requires it */ 116 129 if (server->sign) 117 130 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; ··· 118 139 119 140 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 120 141 if (rc) { 121 121 - release_mid(mid); 142 142 + release_mid(server, mid); 122 143 return ERR_PTR(rc); 123 144 } 124 145 ··· 136 157 */ 137 158 int 138 159 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 139 139 - char *in_buf, int flags) 160 160 + char *in_buf, unsigned int in_len, int flags) 140 161 { 141 162 int rc; 142 163 struct kvec iov[1]; ··· 144 165 int resp_buf_type; 145 166 146 167 iov[0].iov_base = in_buf; 147 147 - iov[0].iov_len = get_rfc1002_len(in_buf) + 4; 168 168 + iov[0].iov_len = in_len; 148 169 flags |= CIFS_NO_RSP_BUF; 149 170 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 150 171 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); ··· 156 177 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 157 178 bool log_error) 158 179 { 159 159 - unsigned int len = get_rfc1002_len(mid->resp_buf) + 4; 180 180 + unsigned int len = mid->response_pdu_len; 160 181 161 182 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 162 183 163 184 /* convert the length into a more usable form */ 164 185 if (server->sign) { 165 165 - struct kvec iov[2]; 186 186 + struct kvec iov[1]; 166 187 int rc = 0; 167 188 struct smb_rqst rqst = { .rq_iov = iov, 168 168 - .rq_nvec = 2 }; 189 189 + .rq_nvec = ARRAY_SIZE(iov) }; 169 190 170 191 iov[0].iov_base = mid->resp_buf; 171 171 - iov[0].iov_len = 4; 172 172 - iov[1].iov_base = (char *)mid->resp_buf + 4; 173 173 - iov[1].iov_len = len - 4; 192 192 + iov[0].iov_len = len; 174 193 /* FIXME: add code to kill session */ 175 194 rc = cifs_verify_signature(&rqst, server, 176 195 mid->sequence_number); ··· 178 201 } 179 202 180 203 /* BB special case reconnect tid and uid here? */ 181 181 - return map_and_check_smb_error(mid, log_error); 204 204 + return map_and_check_smb_error(server, mid, log_error); 182 205 } 183 206 184 207 struct mid_q_entry * 185 185 - cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 208 208 + cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *server, 186 209 struct smb_rqst *rqst) 187 210 { 188 211 int rc; 189 212 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 190 213 struct mid_q_entry *mid; 191 214 192 192 - if (rqst->rq_iov[0].iov_len != 4 || 193 193 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 194 194 - return ERR_PTR(-EIO); 195 195 - 196 215 rc = allocate_mid(ses, hdr, &mid); 197 216 if (rc) 198 217 return ERR_PTR(rc); 199 199 - rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 218 218 + rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 200 219 if (rc) { 201 201 - delete_mid(mid); 220 220 + delete_mid(server, mid); 202 221 return ERR_PTR(rc); 203 222 } 204 223 return mid; ··· 205 232 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 206 233 const int flags, struct kvec *resp_iov) 207 234 { 208 208 - struct smb_rqst rqst; 209 209 - struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 210 210 - int rc; 235 235 + struct smb_rqst rqst = { 236 236 + .rq_iov = iov, 237 237 + .rq_nvec = n_vec, 238 238 + }; 211 239 212 212 - if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 213 213 - new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 214 214 - GFP_KERNEL); 215 215 - if (!new_iov) { 216 216 - /* otherwise cifs_send_recv below sets resp_buf_type */ 217 217 - *resp_buf_type = CIFS_NO_BUFFER; 218 218 - return -ENOMEM; 219 219 - } 220 220 - } else 221 221 - new_iov = s_iov; 222 222 - 223 223 - /* 1st iov is a RFC1001 length followed by the rest of the packet */ 224 224 - memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 225 225 - 226 226 - new_iov[0].iov_base = new_iov[1].iov_base; 227 227 - new_iov[0].iov_len = 4; 228 228 - new_iov[1].iov_base += 4; 229 229 - new_iov[1].iov_len -= 4; 230 230 - 231 231 - memset(&rqst, 0, sizeof(struct smb_rqst)); 232 232 - rqst.rq_iov = new_iov; 233 233 - rqst.rq_nvec = n_vec + 1; 234 234 - 235 235 - rc = cifs_send_recv(xid, ses, ses->server, 236 236 - &rqst, resp_buf_type, flags, resp_iov); 237 237 - if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 238 238 - kfree(new_iov); 239 239 - return rc; 240 240 + return cifs_send_recv(xid, ses, ses->server, 241 241 + &rqst, resp_buf_type, flags, resp_iov); 240 242 } 241 243 242 244 int 243 245 SendReceive(const unsigned int xid, struct cifs_ses *ses, 244 244 - struct smb_hdr *in_buf, struct smb_hdr *out_buf, 245 245 - int *pbytes_returned, const int flags) 246 246 + struct smb_hdr *in_buf, unsigned int in_len, 247 247 + struct smb_hdr *out_buf, int *pbytes_returned, const int flags) 246 248 { 247 247 - int rc = 0; 248 248 - struct mid_q_entry *midQ; 249 249 - unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 250 250 - struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 251 251 - struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 252 252 - struct cifs_credits credits = { .value = 1, .instance = 0 }; 253 249 struct TCP_Server_Info *server; 250 250 + struct kvec resp_iov = {}; 251 251 + struct kvec iov = { .iov_base = in_buf, .iov_len = in_len }; 252 252 + struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 253 253 + int resp_buf_type; 254 254 + int rc = 0; 254 255 256 256 + if (WARN_ON_ONCE(in_len > 0xffffff)) 257 257 + return smb_EIO1(smb_eio_trace_tx_too_long, in_len); 255 258 if (ses == NULL) { 256 259 cifs_dbg(VFS, "Null smb session\n"); 257 257 - return -EIO; 260 260 + return smb_EIO(smb_eio_trace_null_pointers); 258 261 } 259 262 server = ses->server; 260 263 if (server == NULL) { 261 264 cifs_dbg(VFS, "Null tcp session\n"); 262 262 - return -EIO; 265 265 + return smb_EIO(smb_eio_trace_null_pointers); 263 266 } 264 264 - 265 265 - spin_lock(&server->srv_lock); 266 266 - if (server->tcpStatus == CifsExiting) { 267 267 - spin_unlock(&server->srv_lock); 268 268 - return -ENOENT; 269 269 - } 270 270 - spin_unlock(&server->srv_lock); 271 267 272 268 /* Ensure that we do not send more than 50 overlapping requests 273 269 to the same server. We may make this configurable later or 274 270 use ses->maxReq */ 275 271 276 276 - if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 272 272 + if (in_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 277 273 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 278 278 - len); 279 279 - return -EIO; 274 274 + in_len); 275 275 + return smb_EIO1(smb_eio_trace_tx_too_long, in_len); 280 276 } 281 277 282 282 - rc = wait_for_free_request(server, flags, &credits.instance); 283 283 - if (rc) 284 284 - return rc; 285 285 - 286 286 - /* make sure that we sign in the same order that we send on this socket 287 287 - and avoid races inside tcp sendmsg code that could cause corruption 288 288 - of smb data */ 289 289 - 290 290 - cifs_server_lock(server); 291 291 - 292 292 - rc = allocate_mid(ses, in_buf, &midQ); 293 293 - if (rc) { 294 294 - cifs_server_unlock(server); 295 295 - /* Update # of requests on wire to server */ 296 296 - add_credits(server, &credits, 0); 297 297 - return rc; 298 298 - } 299 299 - 300 300 - rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 301 301 - if (rc) { 302 302 - cifs_server_unlock(server); 303 303 - goto out; 304 304 - } 305 305 - 306 306 - midQ->mid_state = MID_REQUEST_SUBMITTED; 307 307 - 308 308 - rc = smb_send(server, in_buf, len); 309 309 - cifs_save_when_sent(midQ); 310 310 - 278 278 + rc = cifs_send_recv(xid, ses, ses->server, 279 279 + &rqst, &resp_buf_type, flags, &resp_iov); 311 280 if (rc < 0) 312 312 - server->sequence_number -= 2; 313 313 - 314 314 - cifs_server_unlock(server); 315 315 - 316 316 - if (rc < 0) 317 317 - goto out; 318 318 - 319 319 - rc = wait_for_response(server, midQ); 320 320 - if (rc != 0) { 321 321 - send_cancel(server, &rqst, midQ); 322 322 - spin_lock(&midQ->mid_lock); 323 323 - if (midQ->callback) { 324 324 - /* no longer considered to be "in-flight" */ 325 325 - midQ->callback = release_mid; 326 326 - spin_unlock(&midQ->mid_lock); 327 327 - add_credits(server, &credits, 0); 328 328 - return rc; 329 329 - } 330 330 - spin_unlock(&midQ->mid_lock); 331 331 - } 332 332 - 333 333 - rc = cifs_sync_mid_result(midQ, server); 334 334 - if (rc != 0) { 335 335 - add_credits(server, &credits, 0); 336 336 - return rc; 337 337 - } 338 338 - 339 339 - if (!midQ->resp_buf || !out_buf || 340 340 - midQ->mid_state != MID_RESPONSE_READY) { 341 341 - rc = -EIO; 342 342 - cifs_server_dbg(VFS, "Bad MID state?\n"); 343 343 - goto out; 344 344 - } 345 345 - 346 346 - *pbytes_returned = get_rfc1002_len(midQ->resp_buf); 347 347 - memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 348 348 - rc = cifs_check_receive(midQ, server, 0); 349 349 - out: 350 350 - delete_mid(midQ); 351 351 - add_credits(server, &credits, 0); 352 352 - 353 353 - return rc; 354 354 - } 355 355 - 356 356 - /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 357 357 - blocking lock to return. */ 358 358 - 359 359 - static int 360 360 - send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 361 361 - struct smb_hdr *in_buf, 362 362 - struct smb_hdr *out_buf) 363 363 - { 364 364 - int bytes_returned; 365 365 - struct cifs_ses *ses = tcon->ses; 366 366 - LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 367 367 - 368 368 - /* We just modify the current in_buf to change 369 369 - the type of lock from LOCKING_ANDX_SHARED_LOCK 370 370 - or LOCKING_ANDX_EXCLUSIVE_LOCK to 371 371 - LOCKING_ANDX_CANCEL_LOCK. */ 372 372 - 373 373 - pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 374 374 - pSMB->Timeout = 0; 375 375 - pSMB->hdr.Mid = get_next_mid(ses->server); 376 376 - 377 377 - return SendReceive(xid, ses, in_buf, out_buf, 378 378 - &bytes_returned, 0); 379 379 - } 380 380 - 381 381 - int 382 382 - SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 383 383 - struct smb_hdr *in_buf, struct smb_hdr *out_buf, 384 384 - int *pbytes_returned) 385 385 - { 386 386 - int rc = 0; 387 387 - int rstart = 0; 388 388 - struct mid_q_entry *midQ; 389 389 - struct cifs_ses *ses; 390 390 - unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 391 391 - struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 392 392 - struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 393 393 - unsigned int instance; 394 394 - struct TCP_Server_Info *server; 395 395 - 396 396 - if (tcon == NULL || tcon->ses == NULL) { 397 397 - cifs_dbg(VFS, "Null smb session\n"); 398 398 - return -EIO; 399 399 - } 400 400 - ses = tcon->ses; 401 401 - server = ses->server; 402 402 - 403 403 - if (server == NULL) { 404 404 - cifs_dbg(VFS, "Null tcp session\n"); 405 405 - return -EIO; 406 406 - } 407 407 - 408 408 - spin_lock(&server->srv_lock); 409 409 - if (server->tcpStatus == CifsExiting) { 410 410 - spin_unlock(&server->srv_lock); 411 411 - return -ENOENT; 412 412 - } 413 413 - spin_unlock(&server->srv_lock); 414 414 - 415 415 - /* Ensure that we do not send more than 50 overlapping requests 416 416 - to the same server. We may make this configurable later or 417 417 - use ses->maxReq */ 418 418 - 419 419 - if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 420 420 - cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 421 421 - len); 422 422 - return -EIO; 423 423 - } 424 424 - 425 425 - rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 426 426 - if (rc) 427 281 return rc; 428 282 429 429 - /* make sure that we sign in the same order that we send on this socket 430 430 - and avoid races inside tcp sendmsg code that could cause corruption 431 431 - of smb data */ 432 432 - 433 433 - cifs_server_lock(server); 434 434 - 435 435 - rc = allocate_mid(ses, in_buf, &midQ); 436 436 - if (rc) { 437 437 - cifs_server_unlock(server); 438 438 - return rc; 283 283 + if (out_buf) { 284 284 + *pbytes_returned = resp_iov.iov_len; 285 285 + if (resp_iov.iov_len) 286 286 + memcpy(out_buf, resp_iov.iov_base, resp_iov.iov_len); 439 287 } 440 440 - 441 441 - rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 442 442 - if (rc) { 443 443 - delete_mid(midQ); 444 444 - cifs_server_unlock(server); 445 445 - return rc; 446 446 - } 447 447 - 448 448 - midQ->mid_state = MID_REQUEST_SUBMITTED; 449 449 - rc = smb_send(server, in_buf, len); 450 450 - cifs_save_when_sent(midQ); 451 451 - 452 452 - if (rc < 0) 453 453 - server->sequence_number -= 2; 454 454 - 455 455 - cifs_server_unlock(server); 456 456 - 457 457 - if (rc < 0) { 458 458 - delete_mid(midQ); 459 459 - return rc; 460 460 - } 461 461 - 462 462 - /* Wait for a reply - allow signals to interrupt. */ 463 463 - rc = wait_event_interruptible(server->response_q, 464 464 - (!(midQ->mid_state == MID_REQUEST_SUBMITTED || 465 465 - midQ->mid_state == MID_RESPONSE_RECEIVED)) || 466 466 - ((server->tcpStatus != CifsGood) && 467 467 - (server->tcpStatus != CifsNew))); 468 468 - 469 469 - /* Were we interrupted by a signal ? */ 470 470 - spin_lock(&server->srv_lock); 471 471 - if ((rc == -ERESTARTSYS) && 472 472 - (midQ->mid_state == MID_REQUEST_SUBMITTED || 473 473 - midQ->mid_state == MID_RESPONSE_RECEIVED) && 474 474 - ((server->tcpStatus == CifsGood) || 475 475 - (server->tcpStatus == CifsNew))) { 476 476 - spin_unlock(&server->srv_lock); 477 477 - 478 478 - if (in_buf->Command == SMB_COM_TRANSACTION2) { 479 479 - /* POSIX lock. We send a NT_CANCEL SMB to cause the 480 480 - blocking lock to return. */ 481 481 - rc = send_cancel(server, &rqst, midQ); 482 482 - if (rc) { 483 483 - delete_mid(midQ); 484 484 - return rc; 485 485 - } 486 486 - } else { 487 487 - /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 488 488 - to cause the blocking lock to return. */ 489 489 - 490 490 - rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 491 491 - 492 492 - /* If we get -ENOLCK back the lock may have 493 493 - already been removed. Don't exit in this case. */ 494 494 - if (rc && rc != -ENOLCK) { 495 495 - delete_mid(midQ); 496 496 - return rc; 497 497 - } 498 498 - } 499 499 - 500 500 - rc = wait_for_response(server, midQ); 501 501 - if (rc) { 502 502 - send_cancel(server, &rqst, midQ); 503 503 - spin_lock(&midQ->mid_lock); 504 504 - if (midQ->callback) { 505 505 - /* no longer considered to be "in-flight" */ 506 506 - midQ->callback = release_mid; 507 507 - spin_unlock(&midQ->mid_lock); 508 508 - return rc; 509 509 - } 510 510 - spin_unlock(&midQ->mid_lock); 511 511 - } 512 512 - 513 513 - /* We got the response - restart system call. */ 514 514 - rstart = 1; 515 515 - spin_lock(&server->srv_lock); 516 516 - } 517 517 - spin_unlock(&server->srv_lock); 518 518 - 519 519 - rc = cifs_sync_mid_result(midQ, server); 520 520 - if (rc != 0) 521 521 - return rc; 522 522 - 523 523 - /* rcvd frame is ok */ 524 524 - if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) { 525 525 - rc = -EIO; 526 526 - cifs_tcon_dbg(VFS, "Bad MID state?\n"); 527 527 - goto out; 528 528 - } 529 529 - 530 530 - *pbytes_returned = get_rfc1002_len(midQ->resp_buf); 531 531 - memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 532 532 - rc = cifs_check_receive(midQ, server, 0); 533 533 - out: 534 534 - delete_mid(midQ); 535 535 - if (rstart && rc == -EACCES) 536 536 - return -ERESTARTSYS; 288 288 + free_rsp_buf(resp_buf_type, resp_iov.iov_base); 537 289 return rc; 538 290 }

+19 -4

fs/smb/client/compress.c

reviewed

··· 44 44 unsigned int count; 45 45 }; 46 46 47 47 - /** 47 47 + /* 48 48 * has_low_entropy() - Compute Shannon entropy of the sampled data. 49 49 * @bkt: Bytes counts of the sample. 50 50 * @slen: Size of the sample. ··· 82 82 #define BYTE_DIST_BAD 0 83 83 #define BYTE_DIST_GOOD 1 84 84 #define BYTE_DIST_MAYBE 2 85 85 - /** 85 85 + /* 86 86 * calc_byte_distribution() - Compute byte distribution on the sampled data. 87 87 * @bkt: Byte counts of the sample. 88 88 * @slen: Size of the sample. ··· 182 182 return s; 183 183 } 184 184 185 185 - /** 185 185 + /* 186 186 * is_compressible() - Determines if a chunk of data is compressible. 187 187 * @data: Iterator containing uncompressed data. 188 188 * ··· 261 261 return ret; 262 262 } 263 263 264 264 + /* 265 265 + * should_compress() - Determines if a request (write) or the response to a 266 266 + * request (read) should be compressed. 267 267 + * @tcon: tcon of the request is being sent to 268 268 + * @rqst: request to evaluate 269 269 + * 270 270 + * Return: true iff: 271 271 + * - compression was successfully negotiated with server 272 272 + * - server has enabled compression for the share 273 273 + * - it's a read or write request 274 274 + * - (write only) request length is >= SMB_COMPRESS_MIN_LEN 275 275 + * - (write only) is_compressible() returns 1 276 276 + * 277 277 + * Return false otherwise. 278 278 + */ 264 279 bool should_compress(const struct cifs_tcon *tcon, const struct smb_rqst *rq) 265 280 { 266 281 const struct smb2_hdr *shdr = rq->rq_iov->iov_base; ··· 325 310 iter = rq->rq_iter; 326 311 327 312 if (!copy_from_iter_full(src, slen, &iter)) { 328 328 - ret = -EIO; 313 313 + ret = smb_EIO(smb_eio_trace_compress_copy); 329 314 goto err_free; 330 315 } 331 316

+2 -17

fs/smb/client/compress.h

reviewed

··· 29 29 #ifdef CONFIG_CIFS_COMPRESSION 30 30 typedef int (*compress_send_fn)(struct TCP_Server_Info *, int, struct smb_rqst *); 31 31 32 32 - int smb_compress(struct TCP_Server_Info *server, struct smb_rqst *rq, compress_send_fn send_fn); 33 32 34 34 - /** 35 35 - * should_compress() - Determines if a request (write) or the response to a 36 36 - * request (read) should be compressed. 37 37 - * @tcon: tcon of the request is being sent to 38 38 - * @rqst: request to evaluate 39 39 - * 40 40 - * Return: true iff: 41 41 - * - compression was successfully negotiated with server 42 42 - * - server has enabled compression for the share 43 43 - * - it's a read or write request 44 44 - * - (write only) request length is >= SMB_COMPRESS_MIN_LEN 45 45 - * - (write only) is_compressible() returns 1 46 46 - * 47 47 - * Return false otherwise. 48 48 - */ 33 33 + int smb_compress(struct TCP_Server_Info *server, struct smb_rqst *rq, compress_send_fn send_fn); 49 34 bool should_compress(const struct cifs_tcon *tcon, const struct smb_rqst *rq); 50 35 51 51 - /** 36 36 + /* 52 37 * smb_compress_alg_valid() - Validate a compression algorithm. 53 38 * @alg: Compression algorithm to check. 54 39 * @valid_none: Conditional check whether NONE algorithm should be

+51 -45

fs/smb/client/connect.c

reviewed

··· 325 325 cifs_dbg(FYI, "%s: moving mids to private list\n", __func__); 326 326 spin_lock(&server->mid_queue_lock); 327 327 list_for_each_entry_safe(mid, nmid, &server->pending_mid_q, qhead) { 328 328 - kref_get(&mid->refcount); 328 328 + smb_get_mid(mid); 329 329 if (mid->mid_state == MID_REQUEST_SUBMITTED) 330 330 mid->mid_state = MID_RETRY_NEEDED; 331 331 list_move(&mid->qhead, &retry_list); ··· 337 337 cifs_dbg(FYI, "%s: issuing mid callbacks\n", __func__); 338 338 list_for_each_entry_safe(mid, nmid, &retry_list, qhead) { 339 339 list_del_init(&mid->qhead); 340 340 - mid_execute_callback(mid); 341 341 - release_mid(mid); 340 340 + mid_execute_callback(server, mid); 341 341 + release_mid(server, mid); 342 342 } 343 343 } 344 344 ··· 425 425 spin_unlock(&server->srv_lock); 426 426 cifs_swn_reset_server_dstaddr(server); 427 427 cifs_server_unlock(server); 428 428 - mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 428 428 + cifs_queue_server_reconn(server); 429 429 } 430 430 } while (server->tcpStatus == CifsNeedReconnect); 431 431 ··· 564 564 spin_unlock(&server->srv_lock); 565 565 cifs_swn_reset_server_dstaddr(server); 566 566 cifs_server_unlock(server); 567 567 - mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 567 567 + cifs_queue_server_reconn(server); 568 568 } while (server->tcpStatus == CifsNeedReconnect); 569 569 570 570 dfs_cache_noreq_update_tgthint(ref_path, target_hint); ··· 882 882 */ 883 883 spin_lock(&server->mid_queue_lock); 884 884 list_for_each_entry_safe(mid, nmid, &server->pending_mid_q, qhead) { 885 885 - kref_get(&mid->refcount); 885 885 + smb_get_mid(mid); 886 886 list_move(&mid->qhead, &dispose_list); 887 887 mid->deleted_from_q = true; 888 888 } ··· 915 915 list_del_init(&mid->qhead); 916 916 mid->mid_rc = mid_rc; 917 917 mid->mid_state = MID_RC; 918 918 - mid_execute_callback(mid); 919 919 - release_mid(mid); 918 918 + mid_execute_callback(server, mid); 919 919 + release_mid(server, mid); 920 920 } 921 921 922 922 /* ··· 948 948 } 949 949 950 950 void 951 951 - dequeue_mid(struct mid_q_entry *mid, bool malformed) 951 951 + dequeue_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid, bool malformed) 952 952 { 953 953 #ifdef CONFIG_CIFS_STATS2 954 954 mid->when_received = jiffies; 955 955 #endif 956 956 - spin_lock(&mid->server->mid_queue_lock); 956 956 + spin_lock(&server->mid_queue_lock); 957 957 if (!malformed) 958 958 mid->mid_state = MID_RESPONSE_RECEIVED; 959 959 else ··· 963 963 * function has finished processing it is a bug. 964 964 */ 965 965 if (mid->deleted_from_q == true) { 966 966 - spin_unlock(&mid->server->mid_queue_lock); 966 966 + spin_unlock(&server->mid_queue_lock); 967 967 pr_warn_once("trying to dequeue a deleted mid\n"); 968 968 } else { 969 969 list_del_init(&mid->qhead); 970 970 mid->deleted_from_q = true; 971 971 - spin_unlock(&mid->server->mid_queue_lock); 971 971 + spin_unlock(&server->mid_queue_lock); 972 972 } 973 973 } 974 974 ··· 1004 1004 else 1005 1005 server->smallbuf = NULL; 1006 1006 } 1007 1007 - dequeue_mid(mid, malformed); 1007 1007 + dequeue_mid(server, mid, malformed); 1008 1008 } 1009 1009 1010 1010 int ··· 1101 1101 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) { 1102 1102 mid_entry = list_entry(tmp, struct mid_q_entry, qhead); 1103 1103 cifs_dbg(FYI, "Clearing mid %llu\n", mid_entry->mid); 1104 1104 - kref_get(&mid_entry->refcount); 1104 1104 + smb_get_mid(mid_entry); 1105 1105 mid_entry->mid_state = MID_SHUTDOWN; 1106 1106 list_move(&mid_entry->qhead, &dispose_list); 1107 1107 mid_entry->deleted_from_q = true; ··· 1113 1113 mid_entry = list_entry(tmp, struct mid_q_entry, qhead); 1114 1114 cifs_dbg(FYI, "Callback mid %llu\n", mid_entry->mid); 1115 1115 list_del_init(&mid_entry->qhead); 1116 1116 - mid_execute_callback(mid_entry); 1117 1117 - release_mid(mid_entry); 1116 1116 + mid_execute_callback(server, mid_entry); 1117 1117 + release_mid(server, mid_entry); 1118 1118 } 1119 1119 /* 1/8th of sec is more than enough time for them to exit */ 1120 1120 msleep(125); ··· 1155 1155 unsigned int pdu_length = server->pdu_size; 1156 1156 1157 1157 /* make sure this will fit in a large buffer */ 1158 1158 - if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server) - 1159 1159 - HEADER_PREAMBLE_SIZE(server)) { 1158 1158 + if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) { 1160 1159 cifs_server_dbg(VFS, "SMB response too long (%u bytes)\n", pdu_length); 1161 1160 cifs_reconnect(server, true); 1162 1161 return -ECONNABORTED; 1163 1162 } 1164 1163 1165 1164 /* switch to large buffer if too big for a small one */ 1166 1166 - if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) { 1165 1165 + if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE) { 1167 1166 server->large_buf = true; 1168 1167 memcpy(server->bigbuf, buf, server->total_read); 1169 1168 buf = server->bigbuf; ··· 1195 1196 * 48 bytes is enough to display the header and a little bit 1196 1197 * into the payload for debugging purposes. 1197 1198 */ 1198 1198 - rc = server->ops->check_message(buf, server->total_read, server); 1199 1199 + rc = server->ops->check_message(buf, server->pdu_size, 1200 1200 + server->total_read, server); 1199 1201 if (rc) 1200 1202 cifs_dump_mem("Bad SMB: ", buf, 1201 1203 min_t(unsigned int, server->total_read, 48)); ··· 1286 1286 if (length < 0) 1287 1287 continue; 1288 1288 1289 1289 - if (is_smb1(server)) 1290 1290 - server->total_read = length; 1291 1291 - else 1292 1292 - server->total_read = 0; 1289 1289 + server->total_read = 0; 1293 1290 1294 1291 /* 1295 1292 * The right amount was read from socket - 4 bytes, 1296 1293 * so we can now interpret the length field. 1297 1294 */ 1298 1298 - pdu_length = get_rfc1002_len(buf); 1295 1295 + pdu_length = be32_to_cpup(((__be32 *)buf)) & 0xffffff; 1299 1296 1300 1297 cifs_dbg(FYI, "RFC1002 header 0x%x\n", pdu_length); 1301 1298 if (!is_smb_response(server, buf[0])) ··· 1311 1314 } 1312 1315 1313 1316 /* read down to the MID */ 1314 1314 - length = cifs_read_from_socket(server, 1315 1315 - buf + HEADER_PREAMBLE_SIZE(server), 1316 1316 - MID_HEADER_SIZE(server)); 1317 1317 + length = cifs_read_from_socket(server, buf, 1318 1318 + MID_HEADER_SIZE(server)); 1317 1319 if (length < 0) 1318 1320 continue; 1319 1321 server->total_read += length; ··· 1344 1348 bufs[0] = buf; 1345 1349 num_mids = 1; 1346 1350 1351 1351 + if (mids[0]) 1352 1352 + mids[0]->response_pdu_len = pdu_length; 1347 1353 if (!mids[0] || !mids[0]->receive) 1348 1354 length = standard_receive3(server, mids[0]); 1349 1355 else ··· 1355 1357 if (length < 0) { 1356 1358 for (i = 0; i < num_mids; i++) 1357 1359 if (mids[i]) 1358 1358 - release_mid(mids[i]); 1360 1360 + release_mid(server, mids[i]); 1359 1361 continue; 1360 1362 } 1361 1363 ··· 1388 1390 } 1389 1391 1390 1392 if (!mids[i]->multiRsp || mids[i]->multiEnd) 1391 1391 - mid_execute_callback(mids[i]); 1393 1393 + mid_execute_callback(server, mids[i]); 1392 1394 1393 1393 - release_mid(mids[i]); 1395 1395 + release_mid(server, mids[i]); 1394 1396 } else if (server->ops->is_oplock_break && 1395 1397 server->ops->is_oplock_break(bufs[i], 1396 1398 server)) { ··· 1404 1406 smb2_add_credits_from_hdr(bufs[i], server); 1405 1407 #ifdef CONFIG_CIFS_DEBUG2 1406 1408 if (server->ops->dump_detail) 1407 1407 - server->ops->dump_detail(bufs[i], 1409 1409 + server->ops->dump_detail(bufs[i], pdu_length, 1408 1410 server); 1409 1411 cifs_dump_mids(server); 1410 1412 #endif /* CIFS_DEBUG2 */ ··· 3240 3242 if (be16_to_cpu(resp.length) != 0) { 3241 3243 cifs_dbg(VFS, "RFC 1002 positive session response but with invalid non-zero length %u\n", 3242 3244 be16_to_cpu(resp.length)); 3243 3243 - return -EIO; 3245 3245 + return smb_EIO(smb_eio_trace_rx_pos_sess_resp); 3244 3246 } 3245 3247 cifs_dbg(FYI, "RFC 1002 positive session response"); 3246 3248 break; ··· 3279 3281 break; 3280 3282 case RFC1002_INSUFFICIENT_RESOURCE: 3281 3283 /* remote server resource error */ 3284 3284 + smb_EIO(smb_eio_trace_rx_insuff_res); 3282 3285 rc = -EREMOTEIO; 3283 3286 break; 3284 3287 case RFC1002_UNSPECIFIED_ERROR: 3285 3288 default: 3286 3289 /* other/unknown error */ 3287 3287 - rc = -EIO; 3290 3290 + rc = smb_EIO(smb_eio_trace_rx_unspec_error); 3288 3291 break; 3289 3292 } 3290 3293 } else { 3291 3294 cifs_dbg(VFS, "RFC 1002 negative session response\n"); 3292 3292 - rc = -EIO; 3295 3295 + rc = smb_EIO(smb_eio_trace_rx_neg_sess_resp); 3293 3296 } 3294 3297 return rc; 3295 3298 case RFC1002_RETARGET_SESSION_RESPONSE: ··· 3312 3313 return -EMULTIHOP; 3313 3314 default: 3314 3315 cifs_dbg(VFS, "RFC 1002 unknown response type 0x%x\n", resp.type); 3315 3315 - return -EIO; 3316 3316 + return smb_EIO1(smb_eio_trace_rx_unknown_resp, resp.type); 3316 3317 } 3317 3318 3318 3319 server->with_rfc1001 = true; ··· 3926 3927 ctx->prepath = NULL; 3927 3928 3928 3929 out: 3929 3929 - cifs_try_adding_channels(mnt_ctx.ses); 3930 3930 + smb3_update_ses_channels(mnt_ctx.ses, mnt_ctx.server, 3931 3931 + false /* from_reconnect */, 3932 3932 + false /* disable_mchan */); 3930 3933 rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon); 3931 3934 if (rc) 3932 3935 goto error; ··· 4000 3999 TCONX_RSP *pSMBr; 4001 4000 unsigned char *bcc_ptr; 4002 4001 int rc = 0; 4003 4003 - int length; 4002 4002 + int length, in_len; 4004 4003 __u16 bytes_left, count; 4005 4004 4006 4005 if (ses == NULL) 4007 4007 - return -EIO; 4006 4006 + return smb_EIO(smb_eio_trace_null_pointers); 4008 4007 4009 4008 smb_buffer = cifs_buf_get(); 4010 4009 if (smb_buffer == NULL) ··· 4012 4011 4013 4012 smb_buffer_response = smb_buffer; 4014 4013 4015 4015 - header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX, 4016 4016 - NULL /*no tid */, 4 /*wct */); 4014 4014 + in_len = header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX, 4015 4015 + NULL /*no tid */, 4 /*wct */); 4017 4016 4018 4017 smb_buffer->Mid = get_next_mid(ses->server); 4019 4018 smb_buffer->Uid = ses->Suid; ··· 4054 4053 bcc_ptr += strlen("?????"); 4055 4054 bcc_ptr += 1; 4056 4055 count = bcc_ptr - &pSMB->Password[0]; 4057 4057 - be32_add_cpu(&pSMB->hdr.smb_buf_length, count); 4056 4056 + in_len += count; 4058 4057 pSMB->ByteCount = cpu_to_le16(count); 4059 4058 4060 4060 - rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 4061 4061 - 0); 4059 4059 + rc = SendReceive(xid, ses, smb_buffer, in_len, smb_buffer_response, 4060 4060 + &length, 0); 4062 4061 4063 4062 /* above now done in SendReceive */ 4064 4063 if (rc == 0) { ··· 4238 4237 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&pserver->dstaddr; 4239 4238 struct sockaddr_in *addr = (struct sockaddr_in *)&pserver->dstaddr; 4240 4239 bool is_binding = false; 4240 4240 + bool new_ses; 4241 4241 4242 4242 spin_lock(&ses->ses_lock); 4243 4243 + new_ses = ses->ses_status == SES_NEW; 4243 4244 cifs_dbg(FYI, "%s: channel connect bitmap: 0x%lx\n", 4244 4245 __func__, ses->chans_need_reconnect); 4245 4246 ··· 4327 4324 } 4328 4325 4329 4326 if (rc) { 4330 4330 - cifs_server_dbg(VFS, "Send error in SessSetup = %d\n", rc); 4327 4327 + if (new_ses) { 4328 4328 + cifs_server_dbg(VFS, "failed to create a new SMB session with %s: %d\n", 4329 4329 + get_security_type_str(ses->sectype), rc); 4330 4330 + } 4331 4331 spin_lock(&ses->ses_lock); 4332 4332 if (ses->ses_status == SES_IN_SETUP) 4333 4333 ses->ses_status = SES_NEED_RECON;

+4 -4

fs/smb/client/dir.c

reviewed

··· 457 457 458 458 int 459 459 cifs_atomic_open(struct inode *inode, struct dentry *direntry, 460 460 - struct file *file, unsigned oflags, umode_t mode) 460 460 + struct file *file, unsigned int oflags, umode_t mode) 461 461 { 462 462 int rc; 463 463 unsigned int xid; ··· 471 471 struct cifs_open_info_data buf = {}; 472 472 473 473 if (unlikely(cifs_forced_shutdown(CIFS_SB(inode->i_sb)))) 474 474 - return -EIO; 474 474 + return smb_EIO(smb_eio_trace_forced_shutdown); 475 475 476 476 /* 477 477 * Posix open is only called (at lookup time) for file create now. For ··· 589 589 inode, direntry, direntry); 590 590 591 591 if (unlikely(cifs_forced_shutdown(CIFS_SB(inode->i_sb)))) { 592 592 - rc = -EIO; 592 592 + rc = smb_EIO(smb_eio_trace_forced_shutdown); 593 593 goto out_free_xid; 594 594 } 595 595 ··· 631 631 632 632 cifs_sb = CIFS_SB(inode->i_sb); 633 633 if (unlikely(cifs_forced_shutdown(cifs_sb))) 634 634 - return -EIO; 634 634 + return smb_EIO(smb_eio_trace_forced_shutdown); 635 635 636 636 tlink = cifs_sb_tlink(cifs_sb); 637 637 if (IS_ERR(tlink))

-4

fs/smb/client/dns_resolve.h

reviewed

··· 15 15 #include "cifsglob.h" 16 16 #include "cifsproto.h" 17 17 18 18 - #ifdef __KERNEL__ 19 19 - 20 18 int dns_resolve_name(const char *dom, const char *name, 21 19 size_t namelen, struct sockaddr *ip_addr); 22 20 ··· 33 35 34 36 return dns_resolve_name(dom, name, namelen, ip_addr); 35 37 } 36 36 - 37 37 - #endif /* KERNEL */ 38 38 39 39 #endif /* _DNS_RESOLVE_H */

+3 -3

fs/smb/client/file.c

reviewed

··· 118 118 int rc; 119 119 120 120 if (cifs_forced_shutdown(sbi)) { 121 121 - rc = -EIO; 121 121 + rc = smb_EIO(smb_eio_trace_forced_shutdown); 122 122 goto fail; 123 123 } 124 124 ··· 286 286 req->pid = req->cfile->pid; 287 287 } else if (rreq->origin != NETFS_WRITEBACK) { 288 288 WARN_ON_ONCE(1); 289 289 - return -EIO; 289 289 + return smb_EIO1(smb_eio_trace_not_netfs_writeback, rreq->origin); 290 290 } 291 291 292 292 return 0; ··· 1036 1036 cifs_sb = CIFS_SB(inode->i_sb); 1037 1037 if (unlikely(cifs_forced_shutdown(cifs_sb))) { 1038 1038 free_xid(xid); 1039 1039 - return -EIO; 1039 1039 + return smb_EIO(smb_eio_trace_forced_shutdown); 1040 1040 } 1041 1041 1042 1042 tlink = cifs_sb_tlink(cifs_sb);

+99 -19

fs/smb/client/fs_context.c

reviewed

··· 505 505 case Smb_20: 506 506 cifs_errorf(fc, "vers=2.0 mount not permitted when legacy dialects disabled\n"); 507 507 return 1; 508 508 - #endif /* CIFS_ALLOW_INSECURE_LEGACY */ 508 508 + #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 509 509 case Smb_21: 510 510 ctx->ops = &smb21_operations; 511 511 ctx->vals = &smb21_values; ··· 711 711 return 0; 712 712 } 713 713 714 714 + static int smb3_handle_conflicting_options(struct fs_context *fc) 715 715 + { 716 716 + struct smb3_fs_context *ctx = smb3_fc2context(fc); 717 717 + 718 718 + if (ctx->multichannel_specified) { 719 719 + if (ctx->multichannel) { 720 720 + if (!ctx->max_channels_specified) { 721 721 + ctx->max_channels = 2; 722 722 + } else if (ctx->max_channels == 1) { 723 723 + cifs_errorf(fc, 724 724 + "max_channels must be greater than 1 when multichannel is enabled\n"); 725 725 + return -EINVAL; 726 726 + } 727 727 + } else { 728 728 + if (!ctx->max_channels_specified) { 729 729 + ctx->max_channels = 1; 730 730 + } else if (ctx->max_channels > 1) { 731 731 + cifs_errorf(fc, 732 732 + "max_channels must be equal to 1 when multichannel is disabled\n"); 733 733 + return -EINVAL; 734 734 + } 735 735 + } 736 736 + } else { 737 737 + if (ctx->max_channels_specified) { 738 738 + if (ctx->max_channels > 1) 739 739 + ctx->multichannel = true; 740 740 + else 741 741 + ctx->multichannel = false; 742 742 + } else { 743 743 + ctx->multichannel = false; 744 744 + ctx->max_channels = 1; 745 745 + } 746 746 + } 747 747 + 748 748 + //resetting default values as remount doesn't initialize fs_context again 749 749 + ctx->multichannel_specified = false; 750 750 + ctx->max_channels_specified = false; 751 751 + 752 752 + return 0; 753 753 + } 754 754 + 714 755 static void smb3_fs_context_free(struct fs_context *fc); 715 756 static int smb3_fs_context_parse_param(struct fs_context *fc, 716 757 struct fs_parameter *param); 717 758 static int smb3_fs_context_parse_monolithic(struct fs_context *fc, 718 759 void *data); 719 760 static int smb3_get_tree(struct fs_context *fc); 761 761 + static void smb3_sync_ses_chan_max(struct cifs_ses *ses, unsigned int max_channels); 720 762 static int smb3_reconfigure(struct fs_context *fc); 721 763 722 764 static const struct fs_context_operations smb3_fs_context_ops = { ··· 826 784 if (ret < 0) 827 785 break; 828 786 } 787 787 + ret = smb3_handle_conflicting_options(fc); 829 788 830 789 return ret; 831 790 } ··· 1056 1013 return 0; 1057 1014 } 1058 1015 1016 1016 + /* 1017 1017 + * smb3_sync_ses_chan_max - Synchronize the session's maximum channel count 1018 1018 + * @ses: pointer to the old CIFS session structure 1019 1019 + * @max_channels: new maximum number of channels to allow 1020 1020 + * 1021 1021 + * Updates the session's chan_max field to the new value, protecting the update 1022 1022 + * with the session's channel lock. This should be called whenever the maximum 1023 1023 + * allowed channels for a session changes (e.g., after a remount or reconfigure). 1024 1024 + */ 1025 1025 + static void smb3_sync_ses_chan_max(struct cifs_ses *ses, unsigned int max_channels) 1026 1026 + { 1027 1027 + spin_lock(&ses->chan_lock); 1028 1028 + ses->chan_max = max_channels; 1029 1029 + spin_unlock(&ses->chan_lock); 1030 1030 + } 1031 1031 + 1059 1032 static int smb3_reconfigure(struct fs_context *fc) 1060 1033 { 1061 1034 struct smb3_fs_context *ctx = smb3_fc2context(fc); ··· 1154 1095 ses->password2 = new_password2; 1155 1096 } 1156 1097 1157 1157 - mutex_unlock(&ses->session_mutex); 1098 1098 + /* 1099 1099 + * If multichannel or max_channels has changed, update the session's channels accordingly. 1100 1100 + * This may add or remove channels to match the new configuration. 1101 1101 + */ 1102 1102 + if ((ctx->multichannel != cifs_sb->ctx->multichannel) || 1103 1103 + (ctx->max_channels != cifs_sb->ctx->max_channels)) { 1104 1104 + 1105 1105 + /* Synchronize ses->chan_max with the new mount context */ 1106 1106 + smb3_sync_ses_chan_max(ses, ctx->max_channels); 1107 1107 + /* Now update the session's channels to match the new configuration */ 1108 1108 + /* Prevent concurrent scaling operations */ 1109 1109 + spin_lock(&ses->ses_lock); 1110 1110 + if (ses->flags & CIFS_SES_FLAG_SCALE_CHANNELS) { 1111 1111 + spin_unlock(&ses->ses_lock); 1112 1112 + mutex_unlock(&ses->session_mutex); 1113 1113 + return -EINVAL; 1114 1114 + } 1115 1115 + ses->flags |= CIFS_SES_FLAG_SCALE_CHANNELS; 1116 1116 + spin_unlock(&ses->ses_lock); 1117 1117 + 1118 1118 + mutex_unlock(&ses->session_mutex); 1119 1119 + 1120 1120 + rc = smb3_update_ses_channels(ses, ses->server, 1121 1121 + false /* from_reconnect */, 1122 1122 + false /* disable_mchan */); 1123 1123 + 1124 1124 + /* Clear scaling flag after operation */ 1125 1125 + spin_lock(&ses->ses_lock); 1126 1126 + ses->flags &= ~CIFS_SES_FLAG_SCALE_CHANNELS; 1127 1127 + spin_unlock(&ses->ses_lock); 1128 1128 + } else { 1129 1129 + mutex_unlock(&ses->session_mutex); 1130 1130 + } 1158 1131 1159 1132 STEAL_STRING(cifs_sb, ctx, domainname); 1160 1133 STEAL_STRING(cifs_sb, ctx, nodename); ··· 1341 1250 ctx->nodelete = 1; 1342 1251 break; 1343 1252 case Opt_multichannel: 1344 1344 - if (result.negated) { 1253 1253 + ctx->multichannel_specified = true; 1254 1254 + if (result.negated) 1345 1255 ctx->multichannel = false; 1346 1346 - ctx->max_channels = 1; 1347 1347 - } else { 1256 1256 + else 1348 1257 ctx->multichannel = true; 1349 1349 - /* if number of channels not specified, default to 2 */ 1350 1350 - if (ctx->max_channels < 2) 1351 1351 - ctx->max_channels = 2; 1352 1352 - } 1353 1258 break; 1354 1259 case Opt_uid: 1355 1260 ctx->linux_uid = result.uid; ··· 1481 1394 ctx->max_credits = result.uint_32; 1482 1395 break; 1483 1396 case Opt_max_channels: 1397 1397 + ctx->max_channels_specified = true; 1484 1398 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) { 1485 1399 cifs_errorf(fc, "%s: Invalid max_channels value, needs to be 1-%d\n", 1486 1400 __func__, CIFS_MAX_CHANNELS); 1487 1401 goto cifs_parse_mount_err; 1488 1402 } 1489 1403 ctx->max_channels = result.uint_32; 1490 1490 - /* If more than one channel requested ... they want multichan */ 1491 1491 - if (result.uint_32 > 1) 1492 1492 - ctx->multichannel = true; 1493 1404 break; 1494 1405 case Opt_max_cached_dirs: 1495 1406 if (result.uint_32 < 1) { ··· 1905 1820 goto cifs_parse_mount_err; 1906 1821 } 1907 1822 1908 1908 - /* 1909 1909 - * Multichannel is not meaningful if max_channels is 1. 1910 1910 - * Force multichannel to false to ensure consistent configuration. 1911 1911 - */ 1912 1912 - if (ctx->multichannel && ctx->max_channels == 1) 1913 1913 - ctx->multichannel = false; 1914 1914 - 1915 1823 return 0; 1916 1824 1917 1825 cifs_parse_mount_err: ··· 1991 1913 1992 1914 /* default to no multichannel (single server connection) */ 1993 1915 ctx->multichannel = false; 1916 1916 + ctx->multichannel_specified = false; 1917 1917 + ctx->max_channels_specified = false; 1994 1918 ctx->max_channels = 1; 1995 1919 1996 1920 ctx->backupuid_specified = false; /* no backup intent for a user */

+2

fs/smb/client/fs_context.h

reviewed

··· 294 294 bool domainauto:1; 295 295 bool rdma:1; 296 296 bool multichannel:1; 297 297 + bool multichannel_specified:1; /* true if user specified multichannel or nomultichannel */ 298 298 + bool max_channels_specified:1; /* true if user specified max_channels */ 297 299 bool use_client_guid:1; 298 300 /* reuse existing guid for multichannel */ 299 301 u8 client_guid[SMB2_CLIENT_GUID_SIZE];

+7 -7

fs/smb/client/inode.c

reviewed

··· 1952 1952 cifs_dbg(FYI, "cifs_unlink, dir=0x%p, dentry=0x%p\n", dir, dentry); 1953 1953 1954 1954 if (unlikely(cifs_forced_shutdown(cifs_sb))) 1955 1955 - return -EIO; 1955 1955 + return smb_EIO(smb_eio_trace_forced_shutdown); 1956 1956 1957 1957 /* Unhash dentry in advance to prevent any concurrent opens */ 1958 1958 spin_lock(&dentry->d_lock); ··· 2268 2268 2269 2269 cifs_sb = CIFS_SB(inode->i_sb); 2270 2270 if (unlikely(cifs_forced_shutdown(cifs_sb))) 2271 2271 - return ERR_PTR(-EIO); 2271 2271 + return ERR_PTR(smb_EIO(smb_eio_trace_forced_shutdown)); 2272 2272 tlink = cifs_sb_tlink(cifs_sb); 2273 2273 if (IS_ERR(tlink)) 2274 2274 return ERR_CAST(tlink); ··· 2354 2354 2355 2355 cifs_sb = CIFS_SB(inode->i_sb); 2356 2356 if (unlikely(cifs_forced_shutdown(cifs_sb))) { 2357 2357 - rc = -EIO; 2357 2357 + rc = smb_EIO(smb_eio_trace_forced_shutdown); 2358 2358 goto rmdir_exit; 2359 2359 } 2360 2360 ··· 2516 2516 2517 2517 cifs_sb = CIFS_SB(source_dir->i_sb); 2518 2518 if (unlikely(cifs_forced_shutdown(cifs_sb))) 2519 2519 - return -EIO; 2519 2519 + return smb_EIO(smb_eio_trace_forced_shutdown); 2520 2520 2521 2521 /* 2522 2522 * Prevent any concurrent opens on the target by unhashing the dentry. ··· 2901 2901 int rc; 2902 2902 2903 2903 if (unlikely(cifs_forced_shutdown(CIFS_SB(inode->i_sb)))) 2904 2904 - return -EIO; 2904 2904 + return smb_EIO(smb_eio_trace_forced_shutdown); 2905 2905 2906 2906 /* 2907 2907 * We need to be sure that all dirty pages are written and the server ··· 2976 2976 int rc; 2977 2977 2978 2978 if (unlikely(cifs_forced_shutdown(cifs_sb))) 2979 2979 - return -EIO; 2979 2979 + return smb_EIO(smb_eio_trace_forced_shutdown); 2980 2980 2981 2981 /* 2982 2982 * We need to be sure that all dirty pages are written as they ··· 3468 3468 #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 3469 3469 3470 3470 if (unlikely(cifs_forced_shutdown(cifs_sb))) 3471 3471 - return -EIO; 3471 3471 + return smb_EIO(smb_eio_trace_forced_shutdown); 3472 3472 /* 3473 3473 * Avoid setting [cm]time with O_TRUNC to prevent the server from 3474 3474 * disabling automatic timestamp updates as specified in

+6 -4

fs/smb/client/link.c

reviewed

··· 160 160 goto out; 161 161 162 162 if (bytes_written != CIFS_MF_SYMLINK_FILE_SIZE) 163 163 - rc = -EIO; 163 163 + rc = smb_EIO2(smb_eio_trace_symlink_file_size, 164 164 + bytes_written, CIFS_MF_SYMLINK_FILE_SIZE); 164 165 out: 165 166 kfree(buf); 166 167 return rc; ··· 425 424 426 425 /* Make sure we wrote all of the symlink data */ 427 426 if ((rc == 0) && (*pbytes_written != CIFS_MF_SYMLINK_FILE_SIZE)) 428 428 - rc = -EIO; 427 427 + rc = smb_EIO2(smb_eio_trace_short_symlink_write, 428 428 + *pbytes_written, CIFS_MF_SYMLINK_FILE_SIZE); 429 429 430 430 SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); 431 431 ··· 453 451 struct cifsInodeInfo *cifsInode; 454 452 455 453 if (unlikely(cifs_forced_shutdown(cifs_sb))) 456 456 - return -EIO; 454 454 + return smb_EIO(smb_eio_trace_forced_shutdown); 457 455 458 456 tlink = cifs_sb_tlink(cifs_sb); 459 457 if (IS_ERR(tlink)) ··· 555 553 struct inode *newinode = NULL; 556 554 557 555 if (unlikely(cifs_forced_shutdown(cifs_sb))) 558 558 - return -EIO; 556 556 + return smb_EIO(smb_eio_trace_forced_shutdown); 559 557 560 558 page = alloc_dentry_path(); 561 559 if (!page)

+30 -23

fs/smb/client/misc.c

reviewed

··· 18 18 #include "nterr.h" 19 19 #include "cifs_unicode.h" 20 20 #include "smb2pdu.h" 21 21 + #include "smb2proto.h" 21 22 #include "cifsfs.h" 22 23 #ifdef CONFIG_CIFS_DFS_UPCALL 23 24 #include "dns_resolve.h" ··· 265 264 266 265 /* NB: MID can not be set if treeCon not passed in, in that 267 266 case it is responsibility of caller to set the mid */ 268 268 - void 269 269 - header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , 267 267 + unsigned int 268 268 + header_assemble(struct smb_hdr *buffer, char smb_command, 270 269 const struct cifs_tcon *treeCon, int word_count 271 270 /* length of fixed section (word count) in two byte units */) 272 271 { 272 272 + unsigned int in_len; 273 273 char *temp = (char *) buffer; 274 274 275 275 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */ 276 276 277 277 - buffer->smb_buf_length = cpu_to_be32( 278 278 - (2 * word_count) + sizeof(struct smb_hdr) - 279 279 - 4 /* RFC 1001 length field does not count */ + 280 280 - 2 /* for bcc field itself */) ; 277 277 + in_len = (2 * word_count) + sizeof(struct smb_hdr) + 278 278 + 2 /* for bcc field itself */; 281 279 282 280 buffer->Protocol[0] = 0xFF; 283 281 buffer->Protocol[1] = 'S'; ··· 311 311 312 312 /* endian conversion of flags is now done just before sending */ 313 313 buffer->WordCount = (char) word_count; 314 314 - return; 314 314 + return in_len; 315 315 } 316 316 317 317 static int ··· 346 346 } 347 347 348 348 int 349 349 - checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) 349 349 + checkSMB(char *buf, unsigned int pdu_len, unsigned int total_read, 350 350 + struct TCP_Server_Info *server) 350 351 { 351 352 struct smb_hdr *smb = (struct smb_hdr *)buf; 352 352 - __u32 rfclen = be32_to_cpu(smb->smb_buf_length); 353 353 + __u32 rfclen = pdu_len; 353 354 __u32 clc_len; /* calculated length */ 354 355 cifs_dbg(FYI, "checkSMB Length: 0x%x, smb_buf_length: 0x%x\n", 355 356 total_read, rfclen); ··· 380 379 return 0; 381 380 } 382 381 cifs_dbg(VFS, "rcvd invalid byte count (bcc)\n"); 382 382 + return smb_EIO1(smb_eio_trace_rx_inv_bcc, tmp[sizeof(struct smb_hdr)]); 383 383 } else { 384 384 cifs_dbg(VFS, "Length less than smb header size\n"); 385 385 + return smb_EIO2(smb_eio_trace_rx_too_short, 386 386 + total_read, smb->WordCount); 385 387 } 386 386 - return -EIO; 387 388 } else if (total_read < sizeof(*smb) + 2 * smb->WordCount) { 388 389 cifs_dbg(VFS, "%s: can't read BCC due to invalid WordCount(%u)\n", 389 390 __func__, smb->WordCount); 390 390 - return -EIO; 391 391 + return smb_EIO2(smb_eio_trace_rx_check_rsp, 392 392 + total_read, 2 + sizeof(struct smb_hdr)); 391 393 } 392 394 393 395 /* otherwise, there is enough to get to the BCC */ 394 396 if (check_smb_hdr(smb)) 395 395 - return -EIO; 397 397 + return smb_EIO1(smb_eio_trace_rx_rfc1002_magic, *(u32 *)smb->Protocol); 396 398 clc_len = smbCalcSize(smb); 397 399 398 398 - if (4 + rfclen != total_read) { 399 399 - cifs_dbg(VFS, "Length read does not match RFC1001 length %d\n", 400 400 - rfclen); 401 401 - return -EIO; 400 400 + if (rfclen != total_read) { 401 401 + cifs_dbg(VFS, "Length read does not match RFC1001 length %d/%d\n", 402 402 + rfclen, total_read); 403 403 + return smb_EIO2(smb_eio_trace_rx_check_rsp, 404 404 + total_read, rfclen); 402 405 } 403 406 404 404 - if (4 + rfclen != clc_len) { 407 407 + if (rfclen != clc_len) { 405 408 __u16 mid = get_mid(smb); 406 409 /* check if bcc wrapped around for large read responses */ 407 410 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) { 408 411 /* check if lengths match mod 64K */ 409 409 - if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) 412 412 + if (((rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) 410 413 return 0; /* bcc wrapped */ 411 414 } 412 415 cifs_dbg(FYI, "Calculated size %u vs length %u mismatch for mid=%u\n", 413 413 - clc_len, 4 + rfclen, mid); 416 416 + clc_len, rfclen, mid); 414 417 415 415 - if (4 + rfclen < clc_len) { 418 418 + if (rfclen < clc_len) { 416 419 cifs_dbg(VFS, "RFC1001 size %u smaller than SMB for mid=%u\n", 417 420 rfclen, mid); 418 418 - return -EIO; 421 421 + return smb_EIO2(smb_eio_trace_rx_calc_len_too_big, 422 422 + rfclen, clc_len); 419 423 } else if (rfclen > clc_len + 512) { 420 424 /* 421 425 * Some servers (Windows XP in particular) send more ··· 433 427 */ 434 428 cifs_dbg(VFS, "RFC1001 size %u more than 512 bytes larger than SMB for mid=%u\n", 435 429 rfclen, mid); 436 436 - return -EIO; 430 430 + return smb_EIO2(smb_eio_trace_rx_overlong, 431 431 + rfclen, clc_len + 512); 437 432 } 438 433 } 439 434 return 0; ··· 458 451 (struct smb_com_transaction_change_notify_rsp *)buf; 459 452 struct file_notify_information *pnotify; 460 453 __u32 data_offset = 0; 461 461 - size_t len = srv->total_read - sizeof(pSMBr->hdr.smb_buf_length); 454 454 + size_t len = srv->total_read - srv->pdu_size; 462 455 463 456 if (get_bcc(buf) > sizeof(struct file_notify_information)) { 464 457 data_offset = le32_to_cpu(pSMBr->DataOffset);

+8 -3

fs/smb/client/netmisc.c

reviewed

··· 200 200 } 201 201 202 202 /***************************************************************************** 203 203 - convert a NT status code to a dos class/code 203 203 + *convert a NT status code to a dos class/code 204 204 *****************************************************************************/ 205 205 /* NT status -> dos error map */ 206 206 static const struct { ··· 885 885 /* generic corrective action e.g. reconnect SMB session on 886 886 * ERRbaduid could be added */ 887 887 888 888 + if (rc == -EIO) 889 889 + smb_EIO2(smb_eio_trace_smb1_received_error, 890 890 + le32_to_cpu(smb->Status.CifsError), 891 891 + le16_to_cpu(smb->Flags2)); 888 892 return rc; 889 893 } 890 894 891 895 int 892 892 - map_and_check_smb_error(struct mid_q_entry *mid, bool logErr) 896 896 + map_and_check_smb_error(struct TCP_Server_Info *server, 897 897 + struct mid_q_entry *mid, bool logErr) 893 898 { 894 899 int rc; 895 900 struct smb_hdr *smb = (struct smb_hdr *)mid->resp_buf; ··· 909 904 if (class == ERRSRV && code == ERRbaduid) { 910 905 cifs_dbg(FYI, "Server returned 0x%x, reconnecting session...\n", 911 906 code); 912 912 - cifs_signal_cifsd_for_reconnect(mid->server, false); 907 907 + cifs_signal_cifsd_for_reconnect(server, false); 913 908 } 914 909 } 915 910

+1 -1

fs/smb/client/readdir.c

reviewed

··· 775 775 776 776 if (cfile->srch_inf.ntwrk_buf_start == NULL) { 777 777 cifs_dbg(VFS, "ntwrk_buf_start is NULL during readdir\n"); 778 778 - return -EIO; 778 778 + return smb_EIO(smb_eio_trace_null_pointers); 779 779 } 780 780 781 781 end_of_smb = cfile->srch_inf.ntwrk_buf_start +

+33 -20

fs/smb/client/reparse.c

reviewed

··· 732 732 len = le16_to_cpu(buf->ReparseDataLength); 733 733 if (len < sizeof(buf->InodeType)) { 734 734 cifs_dbg(VFS, "srv returned malformed nfs buffer\n"); 735 735 - return -EIO; 735 735 + return smb_EIO2(smb_eio_trace_reparse_nfs_too_short, 736 736 + len, sizeof(buf->InodeType)); 736 737 } 737 738 738 739 len -= sizeof(buf->InodeType); ··· 742 741 case NFS_SPECFILE_LNK: 743 742 if (len == 0 || (len % 2)) { 744 743 cifs_dbg(VFS, "srv returned malformed nfs symlink buffer\n"); 745 745 - return -EIO; 744 744 + return smb_EIO1(smb_eio_trace_reparse_nfs_symbuf, len); 746 745 } 747 746 /* 748 747 * Check that buffer does not contain UTF-16 null codepoint ··· 750 749 */ 751 750 if (UniStrnlen((wchar_t *)buf->DataBuffer, len/2) != len/2) { 752 751 cifs_dbg(VFS, "srv returned null byte in nfs symlink target location\n"); 753 753 - return -EIO; 752 752 + return smb_EIO1(smb_eio_trace_reparse_nfs_nul, len); 754 753 } 755 754 data->symlink_target = cifs_strndup_from_utf16(buf->DataBuffer, 756 755 len, true, ··· 765 764 /* DataBuffer for block and char devices contains two 32-bit numbers */ 766 765 if (len != 8) { 767 766 cifs_dbg(VFS, "srv returned malformed nfs buffer for type: 0x%llx\n", type); 768 768 - return -EIO; 767 767 + return smb_EIO1(smb_eio_trace_reparse_nfs_dev, len); 769 768 } 770 769 break; 771 770 case NFS_SPECFILE_FIFO: ··· 773 772 /* DataBuffer for fifos and sockets is empty */ 774 773 if (len != 0) { 775 774 cifs_dbg(VFS, "srv returned malformed nfs buffer for type: 0x%llx\n", type); 776 776 - return -EIO; 775 775 + return smb_EIO1(smb_eio_trace_reparse_nfs_sockfifo, len); 777 776 } 778 777 break; 779 778 default: ··· 797 796 int abs_path_len; 798 797 char *abs_path; 799 798 int levels; 800 800 - int rc; 799 799 + int rc, ulen; 801 800 int i; 802 801 803 802 /* Check that length it valid */ 804 803 if (!len || (len % 2)) { 805 804 cifs_dbg(VFS, "srv returned malformed symlink buffer\n"); 806 806 - rc = -EIO; 805 805 + rc = smb_EIO1(smb_eio_trace_reparse_native_nul, len); 807 806 goto out; 808 807 } 809 808 ··· 811 810 * Check that buffer does not contain UTF-16 null codepoint 812 811 * because Linux cannot process symlink with null byte. 813 812 */ 814 814 - if (UniStrnlen((wchar_t *)buf, len/2) != len/2) { 813 813 + ulen = UniStrnlen((wchar_t *)buf, len/2); 814 814 + if (ulen != len/2) { 815 815 cifs_dbg(VFS, "srv returned null byte in native symlink target location\n"); 816 816 - rc = -EIO; 816 816 + rc = smb_EIO2(smb_eio_trace_reparse_native_nul, ulen, len); 817 817 goto out; 818 818 } 819 819 ··· 998 996 len = le16_to_cpu(sym->SubstituteNameLength); 999 997 if (offs + 20 > plen || offs + len + 20 > plen) { 1000 998 cifs_dbg(VFS, "srv returned malformed symlink buffer\n"); 1001 1001 - return -EIO; 999 999 + return smb_EIO2(smb_eio_trace_reparse_native_sym_len, 1000 1000 + offs << 16 | len, plen); 1002 1001 } 1003 1002 1004 1003 return smb2_parse_native_symlink(&data->symlink_target, ··· 1022 1019 1023 1020 if (len <= data_offset) { 1024 1021 cifs_dbg(VFS, "srv returned malformed wsl symlink buffer\n"); 1025 1025 - return -EIO; 1022 1022 + return smb_EIO2(smb_eio_trace_reparse_wsl_symbuf, 1023 1023 + len, data_offset); 1026 1024 } 1027 1025 1028 1026 /* MS-FSCC 2.1.2.7 defines layout of the Target field only for Version 2. */ 1029 1029 - if (le32_to_cpu(buf->Version) != 2) { 1030 1030 - cifs_dbg(VFS, "srv returned unsupported wsl symlink version %u\n", le32_to_cpu(buf->Version)); 1031 1031 - return -EIO; 1027 1027 + u32 version = le32_to_cpu(buf->Version); 1028 1028 + 1029 1029 + if (version != 2) { 1030 1030 + cifs_dbg(VFS, "srv returned unsupported wsl symlink version %u\n", version); 1031 1031 + return smb_EIO1(smb_eio_trace_reparse_wsl_ver, version); 1032 1032 } 1033 1033 1034 1034 /* Target for Version 2 is in UTF-8 but without trailing null-term byte */ ··· 1040 1034 * Check that buffer does not contain null byte 1041 1035 * because Linux cannot process symlink with null byte. 1042 1036 */ 1043 1043 - if (strnlen(buf->Target, symname_utf8_len) != symname_utf8_len) { 1037 1037 + size_t ulen = strnlen(buf->Target, symname_utf8_len); 1038 1038 + 1039 1039 + if (ulen != symname_utf8_len) { 1044 1040 cifs_dbg(VFS, "srv returned null byte in wsl symlink target location\n"); 1045 1045 - return -EIO; 1041 1041 + return smb_EIO2(smb_eio_trace_reparse_wsl_ver, 1042 1042 + ulen, symname_utf8_len); 1046 1043 } 1047 1044 symname_utf16 = kzalloc(symname_utf8_len * 2, GFP_KERNEL); 1048 1045 if (!symname_utf16) ··· 1092 1083 case IO_REPARSE_TAG_AF_UNIX: 1093 1084 case IO_REPARSE_TAG_LX_FIFO: 1094 1085 case IO_REPARSE_TAG_LX_CHR: 1095 1095 - case IO_REPARSE_TAG_LX_BLK: 1096 1096 - if (le16_to_cpu(buf->ReparseDataLength) != 0) { 1086 1086 + case IO_REPARSE_TAG_LX_BLK: { 1087 1087 + u16 dlen = le16_to_cpu(buf->ReparseDataLength); 1088 1088 + 1089 1089 + if (dlen != 0) { 1090 1090 + u32 rtag = le32_to_cpu(buf->ReparseTag); 1097 1091 cifs_dbg(VFS, "srv returned malformed buffer for reparse point: 0x%08x\n", 1098 1098 - le32_to_cpu(buf->ReparseTag)); 1099 1099 - return -EIO; 1092 1092 + rtag); 1093 1093 + return smb_EIO2(smb_eio_trace_reparse_data_len, dlen, rtag); 1100 1094 } 1101 1095 return 0; 1096 1096 + } 1102 1097 default: 1103 1098 return -EOPNOTSUPP; 1104 1099 }

+35 -16

fs/smb/client/sess.c

reviewed

··· 265 265 } 266 266 267 267 /* 268 268 - * called when multichannel is disabled by the server. 269 269 - * this always gets called from smb2_reconnect 270 270 - * and cannot get called in parallel threads. 268 268 + * cifs_decrease_secondary_channels - Reduce the number of active secondary channels 269 269 + * @ses: pointer to the CIFS session structure 270 270 + * @disable_mchan: if true, reduce to a single channel; if false, reduce to chan_max 271 271 + * 272 272 + * This function disables and cleans up extra secondary channels for a CIFS session. 273 273 + * If called during reconfiguration, it reduces the channel count to the new maximum (chan_max). 274 274 + * Otherwise, it disables all but the primary channel. 271 275 */ 272 276 void 273 273 - cifs_disable_secondary_channels(struct cifs_ses *ses) 277 277 + cifs_decrease_secondary_channels(struct cifs_ses *ses, bool disable_mchan) 274 278 { 275 279 int i, chan_count; 276 280 struct TCP_Server_Info *server; ··· 285 281 if (chan_count == 1) 286 282 goto done; 287 283 288 288 - ses->chan_count = 1; 284 284 + /* Update the chan_count to the new maximum */ 285 285 + if (disable_mchan) { 286 286 + cifs_dbg(FYI, "server does not support multichannel anymore.\n"); 287 287 + ses->chan_count = 1; 288 288 + } else { 289 289 + ses->chan_count = ses->chan_max; 290 290 + } 289 291 290 290 - /* for all secondary channels reset the need reconnect bit */ 291 291 - ses->chans_need_reconnect &= 1; 292 292 - 293 293 - for (i = 1; i < chan_count; i++) { 292 292 + /* Disable all secondary channels beyond the new chan_count */ 293 293 + for (i = ses->chan_count ; i < chan_count; i++) { 294 294 iface = ses->chans[i].iface; 295 295 server = ses->chans[i].server; 296 296 ··· 324 316 } 325 317 326 318 spin_lock(&ses->chan_lock); 319 319 + } 320 320 + 321 321 + /* For extra secondary channels, reset the need reconnect bit */ 322 322 + if (ses->chan_count == 1) { 323 323 + cifs_dbg(VFS, "Disable all secondary channels\n"); 324 324 + ses->chans_need_reconnect &= 1; 325 325 + } else { 326 326 + cifs_dbg(VFS, "Disable extra secondary channels\n"); 327 327 + ses->chans_need_reconnect &= ((1UL << ses->chan_max) - 1); 327 328 } 328 329 329 330 done: ··· 1330 1313 struct nls_table *nls_cp; 1331 1314 void (*func)(struct sess_data *); 1332 1315 int result; 1316 1316 + unsigned int in_len; 1333 1317 1334 1318 /* we will send the SMB in three pieces: 1335 1319 * a fixed length beginning part, an optional ··· 1354 1336 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses, 1355 1337 (void **)&smb_buf); 1356 1338 1357 1357 - if (rc) 1339 1339 + if (rc < 0) 1358 1340 return rc; 1359 1341 1342 1342 + sess_data->in_len = rc; 1360 1343 sess_data->iov[0].iov_base = (char *)smb_buf; 1361 1361 - sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4; 1344 1344 + sess_data->iov[0].iov_len = sess_data->in_len; 1362 1345 /* 1363 1346 * This variable will be used to clear the buffer 1364 1347 * allocated above in case of any error in the calling function. ··· 1437 1418 struct kvec rsp_iov = { NULL, 0 }; 1438 1419 1439 1420 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len; 1440 1440 - be32_add_cpu(&smb_buf->smb_buf_length, count); 1421 1421 + sess_data->in_len += count; 1441 1422 put_bcc(count, smb_buf); 1442 1423 1443 1424 rc = SendReceive2(sess_data->xid, sess_data->ses, ··· 1520 1501 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1521 1502 1522 1503 if (smb_buf->WordCount != 3) { 1523 1523 - rc = -EIO; 1504 1504 + rc = smb_EIO1(smb_eio_trace_sess_nl2_wcc, smb_buf->WordCount); 1524 1505 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1525 1506 goto out; 1526 1507 } ··· 1646 1627 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1647 1628 1648 1629 if (smb_buf->WordCount != 4) { 1649 1649 - rc = -EIO; 1630 1630 + rc = smb_EIO1(smb_eio_trace_sess_krb_wcc, smb_buf->WordCount); 1650 1631 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1651 1632 goto out_put_spnego_key; 1652 1633 } ··· 1807 1788 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); 1808 1789 1809 1790 if (smb_buf->WordCount != 4) { 1810 1810 - rc = -EIO; 1791 1791 + rc = smb_EIO1(smb_eio_trace_sess_rawnl_neg_wcc, smb_buf->WordCount); 1811 1792 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1812 1793 goto out_free_ntlmsspblob; 1813 1794 } ··· 1897 1878 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1898 1879 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1899 1880 if (smb_buf->WordCount != 4) { 1900 1900 - rc = -EIO; 1881 1881 + rc = smb_EIO1(smb_eio_trace_sess_rawnl_auth_wcc, smb_buf->WordCount); 1901 1882 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1902 1883 goto out_free_ntlmsspblob; 1903 1884 }

+61 -17

fs/smb/client/smb1ops.c

reviewed

··· 30 30 * SMB_COM_NT_CANCEL request and then sends it. 31 31 */ 32 32 static int 33 33 - send_nt_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 34 34 - struct mid_q_entry *mid) 33 33 + send_nt_cancel(struct cifs_ses *ses, struct TCP_Server_Info *server, 34 34 + struct smb_rqst *rqst, struct mid_q_entry *mid, 35 35 + unsigned int xid) 35 36 { 36 36 - int rc = 0; 37 37 struct smb_hdr *in_buf = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 38 38 + struct kvec iov[1]; 39 39 + struct smb_rqst crqst = { .rq_iov = iov, .rq_nvec = 1 }; 40 40 + int rc = 0; 38 41 39 39 - /* -4 for RFC1001 length and +2 for BCC field */ 40 40 - in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2); 42 42 + /* +2 for BCC field */ 41 43 in_buf->Command = SMB_COM_NT_CANCEL; 42 44 in_buf->WordCount = 0; 43 45 put_bcc(0, in_buf); 44 46 47 47 + iov[0].iov_base = in_buf; 48 48 + iov[0].iov_len = sizeof(struct smb_hdr) + 2; 49 49 + 45 50 cifs_server_lock(server); 46 46 - rc = cifs_sign_smb(in_buf, server, &mid->sequence_number); 51 51 + rc = cifs_sign_rqst(&crqst, server, &mid->sequence_number); 47 52 if (rc) { 48 53 cifs_server_unlock(server); 49 54 return rc; ··· 60 55 * after signing here. 61 56 */ 62 57 --server->sequence_number; 63 63 - rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length)); 58 58 + rc = __smb_send_rqst(server, 1, &crqst); 64 59 if (rc < 0) 65 60 server->sequence_number--; 66 61 ··· 70 65 get_mid(in_buf), rc); 71 66 72 67 return rc; 68 68 + } 69 69 + 70 70 + /* 71 71 + * Send a LOCKINGX_CANCEL_LOCK to cause the Windows blocking lock to 72 72 + * return. 73 73 + */ 74 74 + static int 75 75 + send_lock_cancel(struct cifs_ses *ses, struct TCP_Server_Info *server, 76 76 + struct smb_rqst *rqst, struct mid_q_entry *mid, 77 77 + unsigned int xid) 78 78 + { 79 79 + struct smb_hdr *in_buf = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 80 80 + unsigned int in_len = rqst->rq_iov[0].iov_len; 81 81 + LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 82 82 + int rc; 83 83 + 84 84 + /* We just modify the current in_buf to change 85 85 + * the type of lock from LOCKING_ANDX_SHARED_LOCK 86 86 + * or LOCKING_ANDX_EXCLUSIVE_LOCK to 87 87 + * LOCKING_ANDX_CANCEL_LOCK. 88 88 + */ 89 89 + pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 90 90 + pSMB->Timeout = 0; 91 91 + pSMB->hdr.Mid = get_next_mid(ses->server); 92 92 + 93 93 + rc = SendReceive(xid, ses, in_buf, in_len, NULL, NULL, 0); 94 94 + if (rc == -ENOLCK) 95 95 + rc = 0; /* If we get back -ENOLCK, it probably means we managed 96 96 + * to cancel the lock command before it took effect. 97 97 + */ 98 98 + return rc; 99 99 + } 100 100 + 101 101 + static int cifs_send_cancel(struct cifs_ses *ses, struct TCP_Server_Info *server, 102 102 + struct smb_rqst *rqst, struct mid_q_entry *mid, 103 103 + unsigned int xid) 104 104 + { 105 105 + if (mid->sr_flags & CIFS_WINDOWS_LOCK) 106 106 + return send_lock_cancel(ses, server, rqst, mid, xid); 107 107 + return send_nt_cancel(ses, server, rqst, mid, xid); 73 108 } 74 109 75 110 static bool ··· 146 101 if (compare_mid(mid->mid, buf) && 147 102 mid->mid_state == MID_REQUEST_SUBMITTED && 148 103 le16_to_cpu(mid->command) == buf->Command) { 149 149 - kref_get(&mid->refcount); 104 104 + smb_get_mid(mid); 150 105 spin_unlock(&server->mid_queue_lock); 151 106 return mid; 152 107 } ··· 334 289 } 335 290 336 291 static int 337 337 - coalesce_t2(char *second_buf, struct smb_hdr *target_hdr) 292 292 + coalesce_t2(char *second_buf, struct smb_hdr *target_hdr, unsigned int *pdu_len) 338 293 { 339 294 struct smb_t2_rsp *pSMBs = (struct smb_t2_rsp *)second_buf; 340 295 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)target_hdr; ··· 400 355 } 401 356 put_bcc(byte_count, target_hdr); 402 357 403 403 - byte_count = be32_to_cpu(target_hdr->smb_buf_length); 358 358 + byte_count = *pdu_len; 404 359 byte_count += total_in_src; 405 360 /* don't allow buffer to overflow */ 406 406 - if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 361 361 + if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 407 362 cifs_dbg(FYI, "coalesced BCC exceeds buffer size (%u)\n", 408 363 byte_count); 409 364 return -ENOBUFS; 410 365 } 411 411 - target_hdr->smb_buf_length = cpu_to_be32(byte_count); 366 366 + *pdu_len = byte_count; 412 367 413 368 /* copy second buffer into end of first buffer */ 414 369 memcpy(data_area_of_tgt, data_area_of_src, total_in_src); ··· 443 398 mid->multiRsp = true; 444 399 if (mid->resp_buf) { 445 400 /* merge response - fix up 1st*/ 446 446 - malformed = coalesce_t2(buf, mid->resp_buf); 401 401 + malformed = coalesce_t2(buf, mid->resp_buf, &mid->response_pdu_len); 447 402 if (malformed > 0) 448 403 return true; 449 404 /* All parts received or packet is malformed. */ 450 405 mid->multiEnd = true; 451 451 - dequeue_mid(mid, malformed); 406 406 + dequeue_mid(server, mid, malformed); 452 407 return true; 453 408 } 454 409 if (!server->large_buf) { ··· 506 461 if (!(server->capabilities & CAP_LARGE_WRITE_X) || 507 462 (!(server->capabilities & CAP_UNIX) && server->sign)) 508 463 wsize = min_t(unsigned int, wsize, 509 509 - server->maxBuf - sizeof(WRITE_REQ) + 4); 464 464 + server->maxBuf - sizeof(WRITE_REQ)); 510 465 511 466 /* hard limit of CIFS_MAX_WSIZE */ 512 467 wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE); ··· 1438 1393 } 1439 1394 1440 1395 struct smb_version_operations smb1_operations = { 1441 1441 - .send_cancel = send_nt_cancel, 1396 1396 + .send_cancel = cifs_send_cancel, 1442 1397 .compare_fids = cifs_compare_fids, 1443 1398 .setup_request = cifs_setup_request, 1444 1399 .setup_async_request = cifs_setup_async_request, ··· 1532 1487 .exclusive_lock_type = 0, 1533 1488 .shared_lock_type = LOCKING_ANDX_SHARED_LOCK, 1534 1489 .unlock_lock_type = 0, 1535 1535 - .header_preamble_size = 4, 1536 1490 .header_size = sizeof(struct smb_hdr), 1537 1491 .max_header_size = MAX_CIFS_HDR_SIZE, 1538 1492 .read_rsp_size = sizeof(READ_RSP),

+5 -4

fs/smb/client/smb2file.c

reviewed

··· 76 76 return 0; 77 77 78 78 if (!*target) 79 79 - return -EIO; 79 79 + return smb_EIO(smb_eio_trace_null_pointers); 80 80 81 81 len = strlen(*target); 82 82 if (!len) 83 83 - return -EIO; 83 83 + return smb_EIO1(smb_eio_trace_sym_target_len, len); 84 84 85 85 /* 86 86 * If this is directory symlink and it does not have trailing slash then ··· 104 104 * both Windows and Linux systems. So return an error for such symlink. 105 105 */ 106 106 if (!directory && (*target)[len-1] == '/') 107 107 - return -EIO; 107 107 + return smb_EIO(smb_eio_trace_sym_slash); 108 108 109 109 return 0; 110 110 } ··· 140 140 cifs_sb); 141 141 } 142 142 143 143 - int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, __u32 *oplock, void *buf) 143 143 + int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, 144 144 + __u32 *oplock, void *buf) 144 145 { 145 146 int rc; 146 147 __le16 *smb2_path;

+8 -5

fs/smb/client/smb2inode.c

reviewed

··· 21 21 #include "cifs_unicode.h" 22 22 #include "fscache.h" 23 23 #include "smb2glob.h" 24 24 - #include "smb2pdu.h" 25 24 #include "smb2proto.h" 26 25 #include "cached_dir.h" 27 26 #include "../common/smb2status.h" ··· 30 31 struct reparse_data_buffer *buf; 31 32 struct smb2_ioctl_rsp *io = iov->iov_base; 32 33 u32 off, count, len; 34 34 + u16 rdlen; 33 35 34 36 count = le32_to_cpu(io->OutputCount); 35 37 off = le32_to_cpu(io->OutputOffset); 36 38 if (check_add_overflow(off, count, &len) || len > iov->iov_len) 37 37 - return ERR_PTR(-EIO); 39 39 + return ERR_PTR(smb_EIO2(smb_eio_trace_reparse_overlong, 40 40 + off, count)); 38 41 39 42 buf = (struct reparse_data_buffer *)((u8 *)io + off); 40 43 len = sizeof(*buf); 41 41 - if (count < len || count < le16_to_cpu(buf->ReparseDataLength) + len) 42 42 - return ERR_PTR(-EIO); 44 44 + rdlen = le16_to_cpu(buf->ReparseDataLength); 45 45 + 46 46 + if (count < len || count < rdlen + len) 47 47 + return ERR_PTR(smb_EIO2(smb_eio_trace_reparse_rdlen, count, rdlen)); 43 48 return buf; 44 49 } 45 50 ··· 1638 1635 } else { 1639 1636 cifs_tcon_dbg(FYI, "%s: failed to rename '%s' to '%s': %d\n", 1640 1637 __func__, full_path, to_name, rc); 1641 1641 - rc = -EIO; 1638 1638 + rc = smb_EIO1(smb_eio_trace_pend_del_fail, rc); 1642 1639 } 1643 1640 out: 1644 1641 cifs_put_tlink(tlink);

+19 -33

fs/smb/client/smb2maperror.c

reviewed

··· 9 9 */ 10 10 #include <linux/errno.h> 11 11 #include "cifsglob.h" 12 12 + #include "cifsproto.h" 12 13 #include "cifs_debug.h" 13 13 - #include "smb2pdu.h" 14 14 #include "smb2proto.h" 15 15 - #include "../common/smb2status.h" 16 15 #include "smb2glob.h" 16 16 + #include "../common/smb2status.h" 17 17 #include "trace.h" 18 18 19 19 struct status_to_posix_error { ··· 23 23 }; 24 24 25 25 static const struct status_to_posix_error smb2_error_map_table[] = { 26 26 - {STATUS_SUCCESS, 0, "STATUS_SUCCESS"}, 27 27 - {STATUS_WAIT_0, 0, "STATUS_WAIT_0"}, 28 26 {STATUS_WAIT_1, -EIO, "STATUS_WAIT_1"}, 29 27 {STATUS_WAIT_2, -EIO, "STATUS_WAIT_2"}, 30 28 {STATUS_WAIT_3, -EIO, "STATUS_WAIT_3"}, 31 29 {STATUS_WAIT_63, -EIO, "STATUS_WAIT_63"}, 32 32 - {STATUS_ABANDONED, -EIO, "STATUS_ABANDONED"}, 33 33 - {STATUS_ABANDONED_WAIT_0, -EIO, "STATUS_ABANDONED_WAIT_0"}, 30 30 + {STATUS_ABANDONED, -EIO, "STATUS_ABANDONED or STATUS_ABANDONED_WAIT_0"}, 31 31 + {STATUS_ABANDONED_WAIT_0, -EIO, 32 32 + "STATUS_ABANDONED or STATUS_ABANDONED_WAIT_0"}, 34 33 {STATUS_ABANDONED_WAIT_63, -EIO, "STATUS_ABANDONED_WAIT_63"}, 35 34 {STATUS_USER_APC, -EIO, "STATUS_USER_APC"}, 36 35 {STATUS_KERNEL_APC, -EIO, "STATUS_KERNEL_APC"}, ··· 735 736 {STATUS_FS_DRIVER_REQUIRED, -EOPNOTSUPP, "STATUS_FS_DRIVER_REQUIRED"}, 736 737 {STATUS_IMAGE_ALREADY_LOADED_AS_DLL, -EIO, 737 738 "STATUS_IMAGE_ALREADY_LOADED_AS_DLL"}, 739 739 + {STATUS_INVALID_LOCK_RANGE, -EIO, "STATUS_INVALID_LOCK_RANGE"}, 738 740 {STATUS_NETWORK_OPEN_RESTRICTION, -EIO, 739 741 "STATUS_NETWORK_OPEN_RESTRICTION"}, 740 742 {STATUS_NO_USER_SESSION_KEY, -EIO, "STATUS_NO_USER_SESSION_KEY"}, ··· 2298 2298 {STATUS_FWP_LIFETIME_MISMATCH, -EIO, "STATUS_FWP_LIFETIME_MISMATCH"}, 2299 2299 {STATUS_FWP_BUILTIN_OBJECT, -EIO, "STATUS_FWP_BUILTIN_OBJECT"}, 2300 2300 {STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS, -EIO, 2301 2301 - "STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS"}, 2302 2302 - {STATUS_FWP_TOO_MANY_CALLOUTS, -EIO, "STATUS_FWP_TOO_MANY_CALLOUTS"}, 2301 2301 + "STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS or STATUS_FWP_TOO_MANY_CALLOUTS"}, 2302 2302 + {STATUS_FWP_TOO_MANY_CALLOUTS, -EIO, 2303 2303 + "STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS or STATUS_FWP_TOO_MANY_CALLOUTS"}, 2303 2304 {STATUS_FWP_NOTIFICATION_DROPPED, -EIO, 2304 2305 "STATUS_FWP_NOTIFICATION_DROPPED"}, 2305 2306 {STATUS_FWP_TRAFFIC_MISMATCH, -EIO, "STATUS_FWP_TRAFFIC_MISMATCH"}, ··· 2416 2415 {STATUS_IPSEC_INTEGRITY_CHECK_FAILED, -EIO, 2417 2416 "STATUS_IPSEC_INTEGRITY_CHECK_FAILED"}, 2418 2417 {STATUS_IPSEC_CLEAR_TEXT_DROP, -EIO, "STATUS_IPSEC_CLEAR_TEXT_DROP"}, 2419 2419 - {0, 0, NULL} 2418 2418 + {STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP, -EIO, 2419 2419 + "STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP"}, 2420 2420 }; 2421 2421 - 2422 2422 - /***************************************************************************** 2423 2423 - Print an error message from the status code 2424 2424 - *****************************************************************************/ 2425 2425 - static void 2426 2426 - smb2_print_status(__le32 status) 2427 2427 - { 2428 2428 - int idx = 0; 2429 2429 - 2430 2430 - while (smb2_error_map_table[idx].status_string != NULL) { 2431 2431 - if ((smb2_error_map_table[idx].smb2_status) == status) { 2432 2432 - pr_notice("Status code returned 0x%08x %s\n", status, 2433 2433 - smb2_error_map_table[idx].status_string); 2434 2434 - } 2435 2435 - idx++; 2436 2436 - } 2437 2437 - return; 2438 2438 - } 2439 2421 2440 2422 int 2441 2423 map_smb2_to_linux_error(char *buf, bool log_err) ··· 2436 2452 return 0; 2437 2453 } 2438 2454 2439 2439 - /* mask facility */ 2440 2440 - if (log_err && (smb2err != STATUS_MORE_PROCESSING_REQUIRED) && 2441 2441 - (smb2err != STATUS_END_OF_FILE)) 2442 2442 - smb2_print_status(smb2err); 2443 2443 - else if (cifsFYI & CIFS_RC) 2444 2444 - smb2_print_status(smb2err); 2455 2455 + log_err = (log_err && (smb2err != STATUS_MORE_PROCESSING_REQUIRED) && 2456 2456 + (smb2err != STATUS_END_OF_FILE)) || 2457 2457 + (cifsFYI & CIFS_RC); 2445 2458 2446 2459 for (i = 0; i < sizeof(smb2_error_map_table) / 2447 2460 sizeof(struct status_to_posix_error); i++) { 2448 2461 if (smb2_error_map_table[i].smb2_status == smb2err) { 2462 2462 + if (log_err) 2463 2463 + pr_notice("Status code returned 0x%08x %s\n", smb2err, 2464 2464 + smb2_error_map_table[i].status_string); 2449 2465 rc = smb2_error_map_table[i].posix_error; 2450 2466 break; 2451 2467 } ··· 2461 2477 le16_to_cpu(shdr->Command), 2462 2478 le64_to_cpu(shdr->MessageId), 2463 2479 le32_to_cpu(smb2err), rc); 2480 2480 + if (rc == -EIO) 2481 2481 + smb_EIO1(smb_eio_trace_smb2_received_error, le32_to_cpu(smb2err)); 2464 2482 return rc; 2465 2483 }

+2 -1

fs/smb/client/smb2misc.c

reviewed

··· 134 134 } 135 135 136 136 int 137 137 - smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server) 137 137 + smb2_check_message(char *buf, unsigned int pdu_len, unsigned int len, 138 138 + struct TCP_Server_Info *server) 138 139 { 139 140 struct TCP_Server_Info *pserver; 140 141 struct smb2_hdr *shdr = (struct smb2_hdr *)buf;

+40 -38

fs/smb/client/smb2ops.c

reviewed

··· 17 17 #include <uapi/linux/magic.h> 18 18 #include "cifsfs.h" 19 19 #include "cifsglob.h" 20 20 - #include "smb2pdu.h" 21 21 - #include "smb2proto.h" 22 20 #include "cifsproto.h" 21 21 + #include "smb2proto.h" 22 22 + #include "smb2pdu.h" 23 23 #include "cifs_debug.h" 24 24 #include "cifs_unicode.h" 25 25 #include "../common/smb2status.h" ··· 406 406 if ((mid->mid == wire_mid) && 407 407 (mid->mid_state == MID_REQUEST_SUBMITTED) && 408 408 (mid->command == shdr->Command)) { 409 409 - kref_get(&mid->refcount); 409 409 + smb_get_mid(mid); 410 410 if (dequeue) { 411 411 list_del_init(&mid->qhead); 412 412 mid->deleted_from_q = true; ··· 432 432 } 433 433 434 434 static void 435 435 - smb2_dump_detail(void *buf, struct TCP_Server_Info *server) 435 435 + smb2_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server) 436 436 { 437 437 #ifdef CONFIG_CIFS_DEBUG2 438 438 struct smb2_hdr *shdr = (struct smb2_hdr *)buf; ··· 440 440 cifs_server_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Mid: %llu Pid: %d\n", 441 441 shdr->Command, shdr->Status, shdr->Flags, shdr->MessageId, 442 442 shdr->Id.SyncId.ProcessId); 443 443 - if (!server->ops->check_message(buf, server->total_read, server)) { 443 443 + if (!server->ops->check_message(buf, buf_len, server->total_read, server)) { 444 444 cifs_server_dbg(VFS, "smb buf %p len %u\n", buf, 445 445 server->ops->calc_smb_size(buf)); 446 446 } ··· 1046 1046 1047 1047 if (src_size < 8 + name_len + 1 + value_len) { 1048 1048 cifs_dbg(FYI, "EA entry goes beyond length of list\n"); 1049 1049 - rc = -EIO; 1049 1049 + rc = smb_EIO2(smb_eio_trace_ea_overrun, 1050 1050 + src_size, 8 + name_len + 1 + value_len); 1050 1051 goto out; 1051 1052 } 1052 1053 ··· 1608 1607 } 1609 1608 1610 1609 if (!ses || !server) { 1611 1611 - rc = -EIO; 1610 1610 + rc = smb_EIO(smb_eio_trace_null_pointers); 1612 1611 goto free_vars; 1613 1612 } 1614 1613 ··· 1943 1942 if (unlikely(ret_data_len != sizeof(*cc_rsp))) { 1944 1943 cifs_tcon_dbg(VFS, "Copychunk invalid response: size %u/%zu\n", 1945 1944 ret_data_len, sizeof(*cc_rsp)); 1946 1946 - rc = -EIO; 1945 1945 + rc = smb_EIO1(smb_eio_trace_copychunk_inv_rsp, ret_data_len); 1947 1946 goto out; 1948 1947 } 1949 1948 ··· 1953 1952 1954 1953 if (rc == 0) { 1955 1954 /* Check if server claimed to write more than we asked */ 1956 1956 - if (unlikely(!bytes_written || bytes_written > copy_bytes || 1957 1957 - !chunks_written || chunks_written > chunks)) { 1958 1958 - cifs_tcon_dbg(VFS, "Copychunk invalid response: bytes written %u/%u, chunks written %u/%u\n", 1959 1959 - bytes_written, copy_bytes, chunks_written, chunks); 1960 1960 - rc = -EIO; 1955 1955 + if (unlikely(!bytes_written || bytes_written > copy_bytes)) { 1956 1956 + cifs_tcon_dbg(VFS, "Copychunk invalid response: bytes written %u/%u\n", 1957 1957 + bytes_written, copy_bytes); 1958 1958 + rc = smb_EIO2(smb_eio_trace_copychunk_overcopy_b, 1959 1959 + bytes_written, copy_bytes); 1960 1960 + goto out; 1961 1961 + } 1962 1962 + if (unlikely(!chunks_written || chunks_written > chunks)) { 1963 1963 + cifs_tcon_dbg(VFS, "Copychunk invalid response: chunks written %u/%u\n", 1964 1964 + chunks_written, chunks); 1965 1965 + rc = smb_EIO2(smb_eio_trace_copychunk_overcopy_c, 1966 1966 + chunks_written, chunks); 1961 1967 goto out; 1962 1968 } 1963 1969 ··· 3135 3127 } 3136 3128 3137 3129 if (!rc && !dfs_rsp) 3138 3138 - rc = -EIO; 3130 3130 + rc = smb_EIO(smb_eio_trace_dfsref_no_rsp); 3139 3131 if (rc) { 3140 3132 if (!is_retryable_error(rc) && rc != -ENOENT && rc != -EOPNOTSUPP) 3141 3133 cifs_tcon_dbg(FYI, "%s: ioctl error: rc=%d\n", __func__, rc); ··· 4563 4555 buffer, 0, 0, size); 4564 4556 4565 4557 if (!cifs_copy_iter_to_folioq(&old->rq_iter, size, buffer)) { 4566 4566 - rc = -EIO; 4558 4558 + rc = smb_EIO1(smb_eio_trace_tx_copy_iter_to_buf, size); 4567 4559 goto err_free; 4568 4560 } 4569 4561 } ··· 4664 4656 n = copy_folio_to_iter(folio, skip, len, iter); 4665 4657 if (n != len) { 4666 4658 cifs_dbg(VFS, "%s: something went wrong\n", __func__); 4667 4667 - return -EIO; 4659 4659 + return smb_EIO2(smb_eio_trace_rx_copy_to_iter, 4660 4660 + n, len); 4668 4661 } 4669 4662 data_size -= n; 4670 4663 skip = 0; ··· 4725 4716 if (is_offloaded) 4726 4717 mid->mid_state = MID_RESPONSE_RECEIVED; 4727 4718 else 4728 4728 - dequeue_mid(mid, false); 4719 4719 + dequeue_mid(server, mid, false); 4729 4720 return 0; 4730 4721 } 4731 4722 ··· 4748 4739 /* data_offset is beyond the end of smallbuf */ 4749 4740 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 4750 4741 __func__, data_offset); 4751 4751 - rdata->result = -EIO; 4742 4742 + rdata->result = smb_EIO1(smb_eio_trace_rx_overlong, data_offset); 4752 4743 if (is_offloaded) 4753 4744 mid->mid_state = MID_RESPONSE_MALFORMED; 4754 4745 else 4755 4755 - dequeue_mid(mid, rdata->result); 4746 4746 + dequeue_mid(server, mid, rdata->result); 4756 4747 return 0; 4757 4748 } 4758 4749 ··· 4767 4758 /* data offset is beyond the 1st page of response */ 4768 4759 cifs_dbg(FYI, "%s: data offset (%u) beyond 1st page of response\n", 4769 4760 __func__, data_offset); 4770 4770 - rdata->result = -EIO; 4761 4761 + rdata->result = smb_EIO1(smb_eio_trace_rx_overpage, data_offset); 4771 4762 if (is_offloaded) 4772 4763 mid->mid_state = MID_RESPONSE_MALFORMED; 4773 4764 else 4774 4774 - dequeue_mid(mid, rdata->result); 4765 4765 + dequeue_mid(server, mid, rdata->result); 4775 4766 return 0; 4776 4767 } 4777 4768 4778 4769 if (data_len > buffer_len - pad_len) { 4779 4770 /* data_len is corrupt -- discard frame */ 4780 4780 - rdata->result = -EIO; 4771 4771 + rdata->result = smb_EIO1(smb_eio_trace_rx_bad_datalen, data_len); 4781 4772 if (is_offloaded) 4782 4773 mid->mid_state = MID_RESPONSE_MALFORMED; 4783 4774 else 4784 4784 - dequeue_mid(mid, rdata->result); 4775 4775 + dequeue_mid(server, mid, rdata->result); 4785 4776 return 0; 4786 4777 } 4787 4778 ··· 4792 4783 if (is_offloaded) 4793 4784 mid->mid_state = MID_RESPONSE_MALFORMED; 4794 4785 else 4795 4795 - dequeue_mid(mid, rdata->result); 4786 4786 + dequeue_mid(server, mid, rdata->result); 4796 4787 return 0; 4797 4788 } 4798 4789 rdata->got_bytes = buffer_len; ··· 4802 4793 WARN_ONCE(buffer, "read data can be either in buf or in buffer"); 4803 4794 copied = copy_to_iter(buf + data_offset, data_len, &rdata->subreq.io_iter); 4804 4795 if (copied == 0) 4805 4805 - return -EIO; 4796 4796 + return smb_EIO2(smb_eio_trace_rx_copy_to_iter, copied, data_len); 4806 4797 rdata->got_bytes = copied; 4807 4798 } else { 4808 4799 /* read response payload cannot be in both buf and pages */ 4809 4800 WARN_ONCE(1, "buf can not contain only a part of read data"); 4810 4810 - rdata->result = -EIO; 4801 4801 + rdata->result = smb_EIO(smb_eio_trace_rx_both_buf); 4811 4802 if (is_offloaded) 4812 4803 mid->mid_state = MID_RESPONSE_MALFORMED; 4813 4804 else 4814 4814 - dequeue_mid(mid, rdata->result); 4805 4805 + dequeue_mid(server, mid, rdata->result); 4815 4806 return 0; 4816 4807 } 4817 4808 4818 4809 if (is_offloaded) 4819 4810 mid->mid_state = MID_RESPONSE_RECEIVED; 4820 4811 else 4821 4821 - dequeue_mid(mid, false); 4812 4812 + dequeue_mid(server, mid, false); 4822 4813 return 0; 4823 4814 } 4824 4815 ··· 4865 4856 dw->server->ops->is_network_name_deleted(dw->buf, 4866 4857 dw->server); 4867 4858 4868 4868 - mid_execute_callback(mid); 4859 4859 + mid_execute_callback(dw->server, mid); 4869 4860 } else { 4870 4861 spin_lock(&dw->server->srv_lock); 4871 4862 if (dw->server->tcpStatus == CifsNeedReconnect) { ··· 4873 4864 mid->mid_state = MID_RETRY_NEEDED; 4874 4865 spin_unlock(&dw->server->mid_queue_lock); 4875 4866 spin_unlock(&dw->server->srv_lock); 4876 4876 - mid_execute_callback(mid); 4867 4867 + mid_execute_callback(dw->server, mid); 4877 4868 } else { 4878 4869 spin_lock(&dw->server->mid_queue_lock); 4879 4870 mid->mid_state = MID_REQUEST_SUBMITTED; ··· 4884 4875 spin_unlock(&dw->server->srv_lock); 4885 4876 } 4886 4877 } 4887 4887 - release_mid(mid); 4878 4878 + release_mid(dw->server, mid); 4888 4879 } 4889 4880 4890 4881 free_pages: ··· 5776 5767 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5777 5768 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5778 5769 .header_size = sizeof(struct smb2_hdr), 5779 5779 - .header_preamble_size = 0, 5780 5770 .max_header_size = MAX_SMB2_HDR_SIZE, 5781 5771 .read_rsp_size = sizeof(struct smb2_read_rsp), 5782 5772 .lock_cmd = SMB2_LOCK, ··· 5797 5789 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5798 5790 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5799 5791 .header_size = sizeof(struct smb2_hdr), 5800 5800 - .header_preamble_size = 0, 5801 5792 .max_header_size = MAX_SMB2_HDR_SIZE, 5802 5793 .read_rsp_size = sizeof(struct smb2_read_rsp), 5803 5794 .lock_cmd = SMB2_LOCK, ··· 5817 5810 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5818 5811 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5819 5812 .header_size = sizeof(struct smb2_hdr), 5820 5820 - .header_preamble_size = 0, 5821 5813 .max_header_size = MAX_SMB2_HDR_SIZE, 5822 5814 .read_rsp_size = sizeof(struct smb2_read_rsp), 5823 5815 .lock_cmd = SMB2_LOCK, ··· 5837 5831 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5838 5832 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5839 5833 .header_size = sizeof(struct smb2_hdr), 5840 5840 - .header_preamble_size = 0, 5841 5834 .max_header_size = MAX_SMB2_HDR_SIZE, 5842 5835 .read_rsp_size = sizeof(struct smb2_read_rsp), 5843 5836 .lock_cmd = SMB2_LOCK, ··· 5857 5852 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5858 5853 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5859 5854 .header_size = sizeof(struct smb2_hdr), 5860 5860 - .header_preamble_size = 0, 5861 5855 .max_header_size = MAX_SMB2_HDR_SIZE, 5862 5856 .read_rsp_size = sizeof(struct smb2_read_rsp), 5863 5857 .lock_cmd = SMB2_LOCK, ··· 5877 5873 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5878 5874 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5879 5875 .header_size = sizeof(struct smb2_hdr), 5880 5880 - .header_preamble_size = 0, 5881 5876 .max_header_size = MAX_SMB2_HDR_SIZE, 5882 5877 .read_rsp_size = sizeof(struct smb2_read_rsp), 5883 5878 .lock_cmd = SMB2_LOCK, ··· 5897 5894 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5898 5895 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5899 5896 .header_size = sizeof(struct smb2_hdr), 5900 5900 - .header_preamble_size = 0, 5901 5897 .max_header_size = MAX_SMB2_HDR_SIZE, 5902 5898 .read_rsp_size = sizeof(struct smb2_read_rsp), 5903 5899 .lock_cmd = SMB2_LOCK,

+174 -108

fs/smb/client/smb2pdu.c

reviewed

··· 26 26 #include <linux/netfs.h> 27 27 #include <trace/events/netfs.h> 28 28 #include "cifsglob.h" 29 29 - #include "cifsacl.h" 30 29 #include "cifsproto.h" 30 30 + #include "cifsacl.h" 31 31 #include "smb2proto.h" 32 32 #include "cifs_unicode.h" 33 33 #include "cifs_debug.h" ··· 168 168 static int 169 169 cifs_chan_skip_or_disable(struct cifs_ses *ses, 170 170 struct TCP_Server_Info *server, 171 171 - bool from_reconnect) 171 171 + bool from_reconnect, bool disable_mchan) 172 172 { 173 173 struct TCP_Server_Info *pserver; 174 174 unsigned int chan_index; ··· 206 206 return -EHOSTDOWN; 207 207 } 208 208 209 209 - cifs_server_dbg(VFS, 210 210 - "server does not support multichannel anymore. Disable all other channels\n"); 211 211 - cifs_disable_secondary_channels(ses); 212 212 - 209 209 + cifs_decrease_secondary_channels(ses, disable_mchan); 213 210 214 211 return 0; 212 212 + } 213 213 + 214 214 + /* 215 215 + * smb3_update_ses_channels - Synchronize session channels with new configuration 216 216 + * @ses: pointer to the CIFS session structure 217 217 + * @server: pointer to the TCP server info structure 218 218 + * @from_reconnect: indicates if called from reconnect context 219 219 + * @disable_mchan: indicates if called from reconnect to disable multichannel 220 220 + * 221 221 + * Returns 0 on success or error code on failure. 222 222 + * 223 223 + * Outside of reconfigure, this function is called from cifs_mount() during mount 224 224 + * and from reconnect scenarios to adjust channel count when the 225 225 + * server's multichannel support changes. 226 226 + */ 227 227 + int smb3_update_ses_channels(struct cifs_ses *ses, struct TCP_Server_Info *server, 228 228 + bool from_reconnect, bool disable_mchan) 229 229 + { 230 230 + int rc = 0; 231 231 + /* 232 232 + * Manage session channels based on current count vs max: 233 233 + * - If disable requested, skip or disable the channel 234 234 + * - If below max channels, attempt to add more 235 235 + * - If above max channels, skip or disable excess channels 236 236 + */ 237 237 + if (disable_mchan) 238 238 + rc = cifs_chan_skip_or_disable(ses, server, from_reconnect, disable_mchan); 239 239 + else { 240 240 + if (ses->chan_count < ses->chan_max) 241 241 + rc = cifs_try_adding_channels(ses); 242 242 + else if (ses->chan_count > ses->chan_max) 243 243 + rc = cifs_chan_skip_or_disable(ses, server, from_reconnect, disable_mchan); 244 244 + } 245 245 + 246 246 + return rc; 215 247 } 216 248 217 249 static int ··· 281 249 282 250 ses = tcon->ses; 283 251 if (!ses) 284 284 - return -EIO; 252 252 + return smb_EIO(smb_eio_trace_null_pointers); 285 253 spin_lock(&ses->ses_lock); 286 254 if (ses->ses_status == SES_EXITING) { 287 255 spin_unlock(&ses->ses_lock); 288 288 - return -EIO; 256 256 + return smb_EIO(smb_eio_trace_sess_exiting); 289 257 } 290 258 spin_unlock(&ses->ses_lock); 291 259 if (!ses->server || !server) 292 292 - return -EIO; 260 260 + return smb_EIO(smb_eio_trace_null_pointers); 293 261 294 262 spin_lock(&server->srv_lock); 295 263 if (server->tcpStatus == CifsNeedReconnect) { ··· 387 355 */ 388 356 if (ses->chan_count > 1 && 389 357 !(server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { 390 390 - rc = cifs_chan_skip_or_disable(ses, server, 391 391 - from_reconnect); 358 358 + rc = smb3_update_ses_channels(ses, server, 359 359 + from_reconnect, true /* disable_mchan */); 392 360 if (rc) { 393 361 mutex_unlock(&ses->session_mutex); 394 362 goto out; ··· 470 438 * treat this as server not supporting multichannel 471 439 */ 472 440 473 473 - rc = cifs_chan_skip_or_disable(ses, server, 474 474 - from_reconnect); 441 441 + rc = smb3_update_ses_channels(ses, server, 442 442 + from_reconnect, 443 443 + true /* disable_mchan */); 475 444 goto skip_add_channels; 476 445 } else if (rc) 477 446 cifs_tcon_dbg(FYI, "%s: failed to query server interfaces: %d\n", ··· 484 451 if (ses->chan_count == 1) 485 452 cifs_server_dbg(VFS, "supports multichannel now\n"); 486 453 487 487 - cifs_try_adding_channels(ses); 454 454 + smb3_update_ses_channels(ses, server, from_reconnect, 455 455 + false /* disable_mchan */); 488 456 } 489 457 } else { 490 458 mutex_unlock(&ses->session_mutex); ··· 497 463 spin_unlock(&ses->ses_lock); 498 464 499 465 if (smb2_command != SMB2_INTERNAL_CMD) 500 500 - mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 466 466 + cifs_queue_server_reconn(server); 501 467 502 468 atomic_inc(&tconInfoReconnectCount); 503 469 out: ··· 1095 1061 1096 1062 if (!server) { 1097 1063 WARN(1, "%s: server is NULL!\n", __func__); 1098 1098 - return -EIO; 1064 1064 + return smb_EIO(smb_eio_trace_null_pointers); 1099 1065 } 1100 1066 1101 1067 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server, ··· 1139 1105 req->SecurityMode = 0; 1140 1106 1141 1107 req->Capabilities = cpu_to_le32(server->vals->req_capabilities); 1142 1142 - if (ses->chan_max > 1) 1143 1143 - req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1108 1108 + req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1144 1109 1145 1110 /* ClientGUID must be zero for SMB2.02 dialect */ 1146 1111 if (server->vals->protocol_id == SMB20_PROT_ID) ··· 1175 1142 } else if (rc != 0) 1176 1143 goto neg_exit; 1177 1144 1178 1178 - rc = -EIO; 1145 1145 + u16 dialect = le16_to_cpu(rsp->DialectRevision); 1179 1146 if (strcmp(server->vals->version_string, 1180 1147 SMB3ANY_VERSION_STRING) == 0) { 1181 1181 - if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1148 1148 + switch (dialect) { 1149 1149 + case SMB20_PROT_ID: 1182 1150 cifs_server_dbg(VFS, 1183 1151 "SMB2 dialect returned but not requested\n"); 1152 1152 + rc = smb_EIO2(smb_eio_trace_neg_unreq_dialect, dialect, 3); 1184 1153 goto neg_exit; 1185 1185 - } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1154 1154 + case SMB21_PROT_ID: 1186 1155 cifs_server_dbg(VFS, 1187 1156 "SMB2.1 dialect returned but not requested\n"); 1157 1157 + rc = smb_EIO2(smb_eio_trace_neg_unreq_dialect, dialect, 3); 1188 1158 goto neg_exit; 1189 1189 - } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1159 1159 + case SMB311_PROT_ID: 1190 1160 /* ops set to 3.0 by default for default so update */ 1191 1161 server->ops = &smb311_operations; 1192 1162 server->vals = &smb311_values; 1163 1163 + break; 1164 1164 + default: 1165 1165 + break; 1193 1166 } 1194 1167 } else if (strcmp(server->vals->version_string, 1195 1195 - SMBDEFAULT_VERSION_STRING) == 0) { 1196 1196 - if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1168 1168 + SMBDEFAULT_VERSION_STRING) == 0) { 1169 1169 + switch (dialect) { 1170 1170 + case SMB20_PROT_ID: 1197 1171 cifs_server_dbg(VFS, 1198 1172 "SMB2 dialect returned but not requested\n"); 1173 1173 + rc = smb_EIO2(smb_eio_trace_neg_unreq_dialect, dialect, 0); 1199 1174 goto neg_exit; 1200 1200 - } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1175 1175 + case SMB21_PROT_ID: 1201 1176 /* ops set to 3.0 by default for default so update */ 1202 1177 server->ops = &smb21_operations; 1203 1178 server->vals = &smb21_values; 1204 1204 - } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1179 1179 + break; 1180 1180 + case SMB311_PROT_ID: 1205 1181 server->ops = &smb311_operations; 1206 1182 server->vals = &smb311_values; 1183 1183 + break; 1184 1184 + default: 1185 1185 + break; 1207 1186 } 1208 1208 - } else if (le16_to_cpu(rsp->DialectRevision) != 1209 1209 - server->vals->protocol_id) { 1187 1187 + } else if (dialect != server->vals->protocol_id) { 1210 1188 /* if requested single dialect ensure returned dialect matched */ 1211 1189 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n", 1212 1212 - le16_to_cpu(rsp->DialectRevision)); 1190 1190 + dialect); 1191 1191 + rc = smb_EIO2(smb_eio_trace_neg_unreq_dialect, 1192 1192 + dialect, server->vals->protocol_id); 1213 1193 goto neg_exit; 1214 1194 } 1215 1195 1216 1196 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); 1217 1197 1218 1218 - if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) 1198 1198 + switch (dialect) { 1199 1199 + case SMB20_PROT_ID: 1219 1200 cifs_dbg(FYI, "negotiated smb2.0 dialect\n"); 1220 1220 - else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) 1201 1201 + break; 1202 1202 + case SMB21_PROT_ID: 1221 1203 cifs_dbg(FYI, "negotiated smb2.1 dialect\n"); 1222 1222 - else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) 1204 1204 + break; 1205 1205 + case SMB30_PROT_ID: 1223 1206 cifs_dbg(FYI, "negotiated smb3.0 dialect\n"); 1224 1224 - else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) 1207 1207 + break; 1208 1208 + case SMB302_PROT_ID: 1225 1209 cifs_dbg(FYI, "negotiated smb3.02 dialect\n"); 1226 1226 - else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 1210 1210 + break; 1211 1211 + case SMB311_PROT_ID: 1227 1212 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n"); 1228 1228 - else { 1213 1213 + break; 1214 1214 + default: 1229 1215 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n", 1230 1230 - le16_to_cpu(rsp->DialectRevision)); 1216 1216 + dialect); 1217 1217 + rc = smb_EIO1(smb_eio_trace_neg_inval_dialect, dialect); 1231 1218 goto neg_exit; 1232 1219 } 1233 1220 1234 1221 rc = 0; 1235 1235 - server->dialect = le16_to_cpu(rsp->DialectRevision); 1222 1222 + server->dialect = dialect; 1236 1223 1237 1224 /* 1238 1225 * Keep a copy of the hash after negprot. This hash will be ··· 1308 1255 if (rc == 1) 1309 1256 rc = 0; 1310 1257 else if (rc == 0) 1311 1311 - rc = -EIO; 1258 1258 + rc = smb_EIO1(smb_eio_trace_neg_decode_token, rc); 1312 1259 } 1313 1260 1314 1314 - if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1261 1261 + if (server->dialect == SMB311_PROT_ID) { 1315 1262 if (rsp->NegotiateContextCount) 1316 1263 rc = smb311_decode_neg_context(rsp, server, 1317 1264 rsp_iov.iov_len); ··· 1365 1312 1366 1313 pneg_inbuf->Capabilities = 1367 1314 cpu_to_le32(server->vals->req_capabilities); 1368 1368 - if (tcon->ses->chan_max > 1) 1369 1369 - pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1315 1315 + pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1370 1316 1371 1317 memcpy(pneg_inbuf->Guid, server->client_guid, 1372 1318 SMB2_CLIENT_GUID_SIZE); ··· 1423 1371 } else if (rc != 0) { 1424 1372 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n", 1425 1373 rc); 1426 1426 - rc = -EIO; 1374 1374 + rc = smb_EIO1(smb_eio_trace_neg_info_fail, rc); 1427 1375 goto out_free_inbuf; 1428 1376 } 1429 1377 1430 1430 - rc = -EIO; 1431 1378 if (rsplen != sizeof(*pneg_rsp)) { 1432 1379 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n", 1433 1380 rsplen); 1434 1381 1435 1382 /* relax check since Mac returns max bufsize allowed on ioctl */ 1436 1436 - if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp)) 1383 1383 + if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp)) { 1384 1384 + rc = smb_EIO1(smb_eio_trace_neg_bad_rsplen, rsplen); 1437 1385 goto out_free_rsp; 1386 1386 + } 1438 1387 } 1439 1388 1440 1389 /* check validate negotiate info response matches what we got earlier */ 1441 1441 - if (pneg_rsp->Dialect != cpu_to_le16(server->dialect)) 1442 1442 - goto vneg_out; 1390 1390 + u16 dialect = le16_to_cpu(pneg_rsp->Dialect); 1443 1391 1444 1444 - if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode)) 1392 1392 + if (dialect != server->dialect) { 1393 1393 + rc = smb_EIO2(smb_eio_trace_neg_info_dialect, 1394 1394 + dialect, server->dialect); 1445 1395 goto vneg_out; 1396 1396 + } 1397 1397 + 1398 1398 + u16 sec_mode = le16_to_cpu(pneg_rsp->SecurityMode); 1399 1399 + 1400 1400 + if (sec_mode != server->sec_mode) { 1401 1401 + rc = smb_EIO2(smb_eio_trace_neg_info_sec_mode, 1402 1402 + sec_mode, server->sec_mode); 1403 1403 + goto vneg_out; 1404 1404 + } 1446 1405 1447 1406 /* do not validate server guid because not saved at negprot time yet */ 1407 1407 + u32 caps = le32_to_cpu(pneg_rsp->Capabilities); 1448 1408 1449 1449 - if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND | 1450 1450 - SMB2_LARGE_FILES) != server->capabilities) 1409 1409 + if ((caps | SMB2_NT_FIND | 1410 1410 + SMB2_LARGE_FILES) != server->capabilities) { 1411 1411 + rc = smb_EIO2(smb_eio_trace_neg_info_caps, 1412 1412 + caps, server->capabilities); 1451 1413 goto vneg_out; 1414 1414 + } 1452 1415 1453 1416 /* validate negotiate successful */ 1454 1417 rc = 0; ··· 1695 1628 spnego_key = cifs_get_spnego_key(ses, server); 1696 1629 if (IS_ERR(spnego_key)) { 1697 1630 rc = PTR_ERR(spnego_key); 1698 1698 - if (rc == -ENOKEY) 1699 1699 - cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n"); 1700 1631 spnego_key = NULL; 1701 1632 goto out; 1702 1633 } ··· 1823 1758 if (rc) 1824 1759 goto out; 1825 1760 1826 1826 - if (offsetof(struct smb2_sess_setup_rsp, Buffer) != 1827 1827 - le16_to_cpu(rsp->SecurityBufferOffset)) { 1828 1828 - cifs_dbg(VFS, "Invalid security buffer offset %d\n", 1829 1829 - le16_to_cpu(rsp->SecurityBufferOffset)); 1830 1830 - rc = -EIO; 1761 1761 + u16 boff = le16_to_cpu(rsp->SecurityBufferOffset); 1762 1762 + 1763 1763 + if (offsetof(struct smb2_sess_setup_rsp, Buffer) != boff) { 1764 1764 + cifs_dbg(VFS, "Invalid security buffer offset %d\n", boff); 1765 1765 + rc = smb_EIO1(smb_eio_trace_sess_buf_off, boff); 1831 1766 goto out; 1832 1767 } 1833 1768 rc = decode_ntlmssp_challenge(rsp->Buffer, ··· 1981 1916 1982 1917 if (!server) { 1983 1918 WARN(1, "%s: server is NULL!\n", __func__); 1984 1984 - return -EIO; 1919 1919 + return smb_EIO(smb_eio_trace_null_pointers); 1985 1920 } 1986 1921 1987 1922 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL); ··· 2031 1966 2032 1967 cifs_dbg(FYI, "disconnect session %p\n", ses); 2033 1968 2034 2034 - if (ses && (ses->server)) 2035 2035 - server = ses->server; 2036 2036 - else 2037 2037 - return -EIO; 1969 1969 + if (!ses || !ses->server) 1970 1970 + return smb_EIO(smb_eio_trace_null_pointers); 1971 1971 + server = ses->server; 2038 1972 2039 1973 /* no need to send SMB logoff if uid already closed due to reconnect */ 2040 1974 spin_lock(&ses->chan_lock); ··· 2112 2048 cifs_dbg(FYI, "TCON\n"); 2113 2049 2114 2050 if (!server || !tree) 2115 2115 - return -EIO; 2051 2051 + return smb_EIO(smb_eio_trace_null_pointers); 2116 2052 2117 2053 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); 2118 2054 if (unc_path == NULL) ··· 2250 2186 cifs_dbg(FYI, "Tree Disconnect\n"); 2251 2187 2252 2188 if (!ses || !(ses->server)) 2253 2253 - return -EIO; 2189 2189 + return smb_EIO(smb_eio_trace_null_pointers); 2254 2190 2255 2191 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name); 2256 2192 spin_lock(&ses->chan_lock); ··· 2920 2856 return -ENOMEM; 2921 2857 2922 2858 if (!ses || !server) { 2923 2923 - rc = -EIO; 2859 2859 + rc = smb_EIO(smb_eio_trace_null_pointers); 2924 2860 goto err_free_path; 2925 2861 } 2926 2862 ··· 3037 2973 */ 3038 2974 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 3039 2975 if (rsp == NULL) { 3040 3040 - rc = -EIO; 2976 2976 + rc = smb_EIO(smb_eio_trace_mkdir_no_rsp); 3041 2977 kfree(pc_buf); 3042 2978 goto err_free_req; 3043 2979 } ··· 3275 3211 3276 3212 cifs_dbg(FYI, "create/open\n"); 3277 3213 if (!ses || !server) 3278 3278 - return -EIO; 3214 3214 + return smb_EIO(smb_eio_trace_null_pointers); 3279 3215 3280 3216 if (smb3_encryption_required(tcon)) 3281 3217 flags |= CIFS_TRANSFORM_REQ; ··· 3481 3417 int retries = 0, cur_sleep = 1; 3482 3418 3483 3419 if (!tcon) 3484 3484 - return -EIO; 3420 3420 + return smb_EIO(smb_eio_trace_null_pointers); 3485 3421 3486 3422 ses = tcon->ses; 3487 3423 if (!ses) 3488 3488 - return -EIO; 3424 3424 + return smb_EIO(smb_eio_trace_null_pointers); 3489 3425 3490 3426 replay_again: 3491 3427 /* reinitialize for possible replay */ ··· 3493 3429 server = cifs_pick_channel(ses); 3494 3430 3495 3431 if (!server) 3496 3496 - return -EIO; 3432 3432 + return smb_EIO(smb_eio_trace_null_pointers); 3497 3433 3498 3434 cifs_dbg(FYI, "SMB2 IOCTL\n"); 3499 3435 ··· 3556 3492 * warning) 3557 3493 */ 3558 3494 if (rsp == NULL) { 3559 3559 - rc = -EIO; 3495 3495 + rc = smb_EIO(smb_eio_trace_ioctl_no_rsp); 3560 3496 goto ioctl_exit; 3561 3497 } 3562 3498 ··· 3567 3503 goto ioctl_exit; /* server returned no data */ 3568 3504 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { 3569 3505 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); 3506 3506 + rc = smb_EIO2(smb_eio_trace_ioctl_data_len, *plen, rsp_iov.iov_len); 3570 3507 *plen = 0; 3571 3571 - rc = -EIO; 3572 3508 goto ioctl_exit; 3573 3509 } 3574 3510 3575 3575 - if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { 3576 3576 - cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, 3577 3577 - le32_to_cpu(rsp->OutputOffset)); 3511 3511 + u32 outoff = le32_to_cpu(rsp->OutputOffset); 3512 3512 + 3513 3513 + if (rsp_iov.iov_len - *plen < outoff) { 3514 3514 + cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", 3515 3515 + *plen, outoff); 3516 3516 + rc = smb_EIO2(smb_eio_trace_ioctl_out_off, rsp_iov.iov_len - *plen, outoff); 3578 3517 *plen = 0; 3579 3579 - rc = -EIO; 3580 3518 goto ioctl_exit; 3581 3519 } 3582 3520 ··· 3686 3620 cifs_dbg(FYI, "Close\n"); 3687 3621 3688 3622 if (!ses || !server) 3689 3689 - return -EIO; 3623 3623 + return smb_EIO(smb_eio_trace_null_pointers); 3690 3624 3691 3625 if (smb3_encryption_required(tcon)) 3692 3626 flags |= CIFS_TRANSFORM_REQ; ··· 3883 3817 cifs_dbg(FYI, "Query Info\n"); 3884 3818 3885 3819 if (!ses) 3886 3886 - return -EIO; 3820 3820 + return smb_EIO(smb_eio_trace_null_pointers); 3887 3821 3888 3822 replay_again: 3889 3823 /* reinitialize for possible replay */ ··· 3892 3826 server = cifs_pick_channel(ses); 3893 3827 3894 3828 if (!server) 3895 3895 - return -EIO; 3829 3829 + return smb_EIO(smb_eio_trace_null_pointers); 3896 3830 3897 3831 if (smb3_encryption_required(tcon)) 3898 3832 flags |= CIFS_TRANSFORM_REQ; ··· 3979 3913 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */ 3980 3914 int 3981 3915 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3982 3982 - u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen) 3916 3916 + u64 persistent_fid, u64 volatile_fid, 3917 3917 + struct smb311_posix_qinfo *data, u32 *plen) 3983 3918 { 3984 3919 size_t output_len = sizeof(struct smb311_posix_qinfo *) + 3985 3920 (sizeof(struct smb_sid) * 2) + (PATH_MAX * 2); ··· 4078 4011 4079 4012 cifs_dbg(FYI, "change notify\n"); 4080 4013 if (!ses || !server) 4081 4081 - return -EIO; 4014 4014 + return smb_EIO(smb_eio_trace_null_pointers); 4082 4015 4083 4016 if (smb3_encryption_required(tcon)) 4084 4017 flags |= CIFS_TRANSFORM_REQ; ··· 4158 4091 * FIXME: maybe we should consider checking that the reply matches request? 4159 4092 */ 4160 4093 static void 4161 4161 - smb2_echo_callback(struct mid_q_entry *mid) 4094 4094 + smb2_echo_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 4162 4095 { 4163 4163 - struct TCP_Server_Info *server = mid->callback_data; 4164 4096 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf; 4165 4097 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4166 4098 ··· 4169 4103 credits.instance = server->reconnect_instance; 4170 4104 } 4171 4105 4172 4172 - release_mid(mid); 4106 4106 + release_mid(server, mid); 4173 4107 add_credits(server, &credits, CIFS_ECHO_OP); 4174 4108 } 4175 4109 ··· 4314 4248 done: 4315 4249 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n"); 4316 4250 if (resched) 4317 4317 - queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ); 4251 4251 + cifs_requeue_server_reconn(server); 4318 4252 mutex_unlock(&pserver->reconnect_mutex); 4319 4253 4320 4254 /* now we can safely release srv struct */ ··· 4338 4272 server->ops->need_neg(server)) { 4339 4273 spin_unlock(&server->srv_lock); 4340 4274 /* No need to send echo on newly established connections */ 4341 4341 - mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 4275 4275 + cifs_queue_server_reconn(server); 4342 4276 return rc; 4343 4277 } 4344 4278 spin_unlock(&server->srv_lock); ··· 4414 4348 4415 4349 cifs_dbg(FYI, "flush\n"); 4416 4350 if (!ses || !(ses->server)) 4417 4417 - return -EIO; 4351 4351 + return smb_EIO(smb_eio_trace_null_pointers); 4418 4352 4419 4353 if (smb3_encryption_required(tcon)) 4420 4354 flags |= CIFS_TRANSFORM_REQ; ··· 4584 4518 } 4585 4519 4586 4520 static void 4587 4587 - smb2_readv_callback(struct mid_q_entry *mid) 4521 4521 + smb2_readv_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 4588 4522 { 4589 4523 struct cifs_io_subrequest *rdata = mid->callback_data; 4590 4524 struct netfs_inode *ictx = netfs_inode(rdata->rreq->inode); 4591 4525 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 4592 4592 - struct TCP_Server_Info *server = rdata->server; 4593 4593 - struct smb2_hdr *shdr = 4594 4594 - (struct smb2_hdr *)rdata->iov[0].iov_base; 4526 4526 + struct smb2_hdr *shdr = (struct smb2_hdr *)rdata->iov[0].iov_base; 4595 4527 struct cifs_credits credits = { 4596 4528 .value = 0, 4597 4529 .instance = 0, 4598 4530 .rreq_debug_id = rdata->rreq->debug_id, 4599 4531 .rreq_debug_index = rdata->subreq.debug_index, 4600 4532 }; 4601 4601 - struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 }; 4533 4533 + struct smb_rqst rqst = { .rq_iov = &rdata->iov[0], .rq_nvec = 1 }; 4602 4534 unsigned int rreq_debug_id = rdata->rreq->debug_id; 4603 4535 unsigned int subreq_debug_index = rdata->subreq.debug_index; 4604 4536 ··· 4604 4540 rqst.rq_iter = rdata->subreq.io_iter; 4605 4541 } 4606 4542 4607 4607 - WARN_ONCE(rdata->server != mid->server, 4543 4543 + WARN_ONCE(rdata->server != server, 4608 4544 "rdata server %p != mid server %p", 4609 4609 - rdata->server, mid->server); 4545 4545 + rdata->server, server); 4610 4546 4611 4547 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%zu/%zu\n", 4612 4548 __func__, mid->mid, mid->mid_state, rdata->result, ··· 4649 4585 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_malformed); 4650 4586 credits.value = le16_to_cpu(shdr->CreditRequest); 4651 4587 credits.instance = server->reconnect_instance; 4652 4652 - rdata->result = -EIO; 4588 4588 + rdata->result = smb_EIO(smb_eio_trace_read_rsp_malformed); 4653 4589 break; 4654 4590 default: 4655 4591 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_unknown); 4656 4656 - rdata->result = -EIO; 4592 4592 + rdata->result = smb_EIO1(smb_eio_trace_read_mid_state_unknown, 4593 4593 + mid->mid_state); 4657 4594 break; 4658 4595 } 4659 4596 #ifdef CONFIG_CIFS_SMB_DIRECT ··· 4693 4628 } else { 4694 4629 size_t trans = rdata->subreq.transferred + rdata->got_bytes; 4695 4630 if (trans < rdata->subreq.len && 4696 4696 - rdata->subreq.start + trans == ictx->remote_i_size) { 4631 4631 + rdata->subreq.start + trans >= ictx->remote_i_size) { 4697 4632 __set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags); 4698 4633 rdata->result = 0; 4699 4634 } ··· 4708 4643 rdata->subreq.transferred += rdata->got_bytes; 4709 4644 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_progress); 4710 4645 netfs_read_subreq_terminated(&rdata->subreq); 4711 4711 - release_mid(mid); 4646 4646 + release_mid(server, mid); 4712 4647 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0, 4713 4648 server->credits, server->in_flight, 4714 4649 credits.value, cifs_trace_rw_credits_read_response_add); ··· 4863 4798 (*nbytes > io_parms->length)) { 4864 4799 cifs_dbg(FYI, "bad length %d for count %d\n", 4865 4800 *nbytes, io_parms->length); 4866 4866 - rc = -EIO; 4801 4801 + rc = smb_EIO2(smb_eio_trace_read_overlarge, 4802 4802 + *nbytes, io_parms->length); 4867 4803 *nbytes = 0; 4868 4804 } 4869 4805 ··· 4886 4820 * workqueue completion task. 4887 4821 */ 4888 4822 static void 4889 4889 - smb2_writev_callback(struct mid_q_entry *mid) 4823 4823 + smb2_writev_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 4890 4824 { 4891 4825 struct cifs_io_subrequest *wdata = mid->callback_data; 4892 4826 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 4893 4893 - struct TCP_Server_Info *server = wdata->server; 4894 4827 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf; 4895 4828 struct cifs_credits credits = { 4896 4829 .value = 0, ··· 4902 4837 ssize_t result = 0; 4903 4838 size_t written; 4904 4839 4905 4905 - WARN_ONCE(wdata->server != mid->server, 4840 4840 + WARN_ONCE(wdata->server != server, 4906 4841 "wdata server %p != mid server %p", 4907 4907 - wdata->server, mid->server); 4842 4842 + wdata->server, server); 4908 4843 4909 4844 switch (mid->mid_state) { 4910 4845 case MID_RESPONSE_RECEIVED: ··· 4950 4885 trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_malformed); 4951 4886 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4952 4887 credits.instance = server->reconnect_instance; 4953 4953 - result = -EIO; 4888 4888 + result = smb_EIO(smb_eio_trace_write_rsp_malformed); 4954 4889 break; 4955 4890 default: 4956 4891 trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_unknown); 4957 4957 - result = -EIO; 4892 4892 + result = smb_EIO1(smb_eio_trace_write_mid_state_unknown, 4893 4893 + mid->mid_state); 4958 4894 break; 4959 4895 } 4960 4896 #ifdef CONFIG_CIFS_SMB_DIRECT ··· 4995 4929 0, cifs_trace_rw_credits_write_response_clear); 4996 4930 wdata->credits.value = 0; 4997 4931 cifs_write_subrequest_terminated(wdata, result ?: written); 4998 4998 - release_mid(mid); 4932 4932 + release_mid(server, mid); 4999 4933 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0, 5000 4934 server->credits, server->in_flight, 5001 4935 credits.value, cifs_trace_rw_credits_write_response_add); ··· 5598 5532 server = cifs_pick_channel(ses); 5599 5533 5600 5534 if (!ses || !(ses->server)) 5601 5601 - return -EIO; 5535 5535 + return smb_EIO(smb_eio_trace_null_pointers); 5602 5536 5603 5537 if (smb3_encryption_required(tcon)) 5604 5538 flags |= CIFS_TRANSFORM_REQ; ··· 5733 5667 server = cifs_pick_channel(ses); 5734 5668 5735 5669 if (!ses || !server) 5736 5736 - return -EIO; 5670 5670 + return smb_EIO(smb_eio_trace_null_pointers); 5737 5671 5738 5672 if (!num) 5739 5673 return -EINVAL; ··· 5930 5864 cifs_dbg(FYI, "Query FSInfo level %d\n", level); 5931 5865 5932 5866 if ((tcon->ses == NULL) || server == NULL) 5933 5933 - return -EIO; 5867 5867 + return smb_EIO(smb_eio_trace_null_pointers); 5934 5868 5935 5869 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 5936 5870 (void **) &req, &total_len);

+3 -13

fs/smb/client/smb2proto.h

reviewed

··· 9 9 */ 10 10 #ifndef _SMB2PROTO_H 11 11 #define _SMB2PROTO_H 12 12 + 12 13 #include <linux/nls.h> 13 14 #include <linux/key-type.h> 15 15 + #include "cached_dir.h" 14 16 15 17 struct statfs; 16 18 struct smb_rqst; ··· 23 21 ***************************************************************** 24 22 */ 25 23 extern int map_smb2_to_linux_error(char *buf, bool log_err); 26 26 - extern int smb2_check_message(char *buf, unsigned int length, 24 24 + extern int smb2_check_message(char *buf, unsigned int pdu_len, unsigned int length, 27 25 struct TCP_Server_Info *server); 28 26 extern unsigned int smb2_calc_size(void *buf); 29 27 extern char *smb2_get_data_area_len(int *off, int *len, ··· 41 39 struct TCP_Server_Info *server, struct smb_rqst *rqst); 42 40 extern struct cifs_tcon *smb2_find_smb_tcon(struct TCP_Server_Info *server, 43 41 __u64 ses_id, __u32 tid); 44 44 - extern void smb2_echo_request(struct work_struct *work); 45 42 extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode); 46 43 extern bool smb2_is_valid_oplock_break(char *buffer, 47 44 struct TCP_Server_Info *srv); 48 45 extern int smb3_handle_read_data(struct TCP_Server_Info *server, 49 46 struct mid_q_entry *mid); 50 50 - extern int smb2_query_reparse_tag(const unsigned int xid, struct cifs_tcon *tcon, 51 51 - struct cifs_sb_info *cifs_sb, const char *path, 52 52 - __u32 *reparse_tag); 53 47 struct inode *smb2_create_reparse_inode(struct cifs_open_info_data *data, 54 48 struct super_block *sb, 55 49 const unsigned int xid, ··· 298 300 struct kvec *rsp, int *buftype, 299 301 struct cifs_sb_info *cifs_sb); 300 302 /* query path info from the server using SMB311 POSIX extensions*/ 301 301 - int smb311_posix_query_path_info(const unsigned int xid, 302 302 - struct cifs_tcon *tcon, 303 303 - struct cifs_sb_info *cifs_sb, 304 304 - const char *full_path, 305 305 - struct cifs_open_info_data *data); 306 303 int posix_info_parse(const void *beg, const void *end, 307 304 struct smb2_posix_info_parsed *out); 308 305 int posix_info_sid_size(const void *beg, const void *end); 309 309 - int smb2_make_nfs_node(unsigned int xid, struct inode *inode, 310 310 - struct dentry *dentry, struct cifs_tcon *tcon, 311 311 - const char *full_path, umode_t mode, dev_t dev); 312 306 int smb2_rename_pending_delete(const char *full_path, 313 307 struct dentry *dentry, 314 308 const unsigned int xid);

+25 -34

fs/smb/client/smb2transport.c

reviewed

··· 153 153 memcpy(key, ses->auth_key.response, 154 154 SMB2_NTLMV2_SESSKEY_SIZE); 155 155 } else { 156 156 - rc = -EIO; 156 156 + rc = smb_EIO(smb_eio_trace_no_auth_key); 157 157 } 158 158 break; 159 159 default: ··· 653 653 return NULL; 654 654 } 655 655 656 656 - temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 656 656 + temp = mempool_alloc(&cifs_mid_pool, GFP_NOFS); 657 657 memset(temp, 0, sizeof(struct mid_q_entry)); 658 658 - kref_init(&temp->refcount); 658 658 + refcount_set(&temp->refcount, 1); 659 659 spin_lock_init(&temp->mid_lock); 660 660 temp->mid = le64_to_cpu(shdr->MessageId); 661 661 temp->credits = credits > 0 ? credits : 1; 662 662 temp->pid = current->pid; 663 663 temp->command = shdr->Command; /* Always LE */ 664 664 temp->when_alloc = jiffies; 665 665 - temp->server = server; 666 665 667 666 /* 668 667 * The default is for the mid to be synchronous, so the ··· 684 685 smb2_get_mid_entry(struct cifs_ses *ses, struct TCP_Server_Info *server, 685 686 struct smb2_hdr *shdr, struct mid_q_entry **mid) 686 687 { 687 687 - spin_lock(&server->srv_lock); 688 688 - if (server->tcpStatus == CifsExiting) { 689 689 - spin_unlock(&server->srv_lock); 688 688 + switch (READ_ONCE(server->tcpStatus)) { 689 689 + case CifsExiting: 690 690 return -ENOENT; 691 691 - } 692 692 - 693 693 - if (server->tcpStatus == CifsNeedReconnect) { 694 694 - spin_unlock(&server->srv_lock); 691 691 + case CifsNeedReconnect: 695 692 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 696 693 return -EAGAIN; 697 697 - } 698 698 - 699 699 - if (server->tcpStatus == CifsNeedNegotiate && 700 700 - shdr->Command != SMB2_NEGOTIATE) { 701 701 - spin_unlock(&server->srv_lock); 702 702 - return -EAGAIN; 703 703 - } 704 704 - spin_unlock(&server->srv_lock); 705 705 - 706 706 - spin_lock(&ses->ses_lock); 707 707 - if (ses->ses_status == SES_NEW) { 708 708 - if ((shdr->Command != SMB2_SESSION_SETUP) && 709 709 - (shdr->Command != SMB2_NEGOTIATE)) { 710 710 - spin_unlock(&ses->ses_lock); 694 694 + case CifsNeedNegotiate: 695 695 + if (shdr->Command != SMB2_NEGOTIATE) 711 696 return -EAGAIN; 712 712 - } 713 713 - /* else ok - we are setting up session */ 697 697 + break; 698 698 + default: 699 699 + break; 714 700 } 715 701 716 716 - if (ses->ses_status == SES_EXITING) { 717 717 - if (shdr->Command != SMB2_LOGOFF) { 718 718 - spin_unlock(&ses->ses_lock); 702 702 + switch (READ_ONCE(ses->ses_status)) { 703 703 + case SES_NEW: 704 704 + if (shdr->Command != SMB2_SESSION_SETUP && 705 705 + shdr->Command != SMB2_NEGOTIATE) 719 706 return -EAGAIN; 720 720 - } 707 707 + /* else ok - we are setting up session */ 708 708 + break; 709 709 + case SES_EXITING: 710 710 + if (shdr->Command != SMB2_LOGOFF) 711 711 + return -EAGAIN; 721 712 /* else ok - we are shutting down the session */ 713 713 + break; 714 714 + default: 715 715 + break; 722 716 } 723 723 - spin_unlock(&ses->ses_lock); 724 717 725 718 *mid = smb2_mid_entry_alloc(shdr, server); 726 719 if (*mid == NULL) ··· 770 779 rc = smb2_sign_rqst(rqst, server); 771 780 if (rc) { 772 781 revert_current_mid_from_hdr(server, shdr); 773 773 - delete_mid(mid); 782 782 + delete_mid(server, mid); 774 783 return ERR_PTR(rc); 775 784 } 776 785 ··· 804 813 rc = smb2_sign_rqst(rqst, server); 805 814 if (rc) { 806 815 revert_current_mid_from_hdr(server, shdr); 807 807 - release_mid(mid); 816 816 + release_mid(server, mid); 808 817 return ERR_PTR(rc); 809 818 } 810 819

+1

fs/smb/client/trace.c

reviewed

··· 5 5 * Author(s): Steve French <stfrench@microsoft.com> 6 6 */ 7 7 #include "cifsglob.h" 8 8 + #include "cifs_spnego.h" 8 9 #define CREATE_TRACE_POINTS 9 10 #include "trace.h"

+192

fs/smb/client/trace.h

reviewed

··· 20 20 /* 21 21 * Specify enums for tracing information. 22 22 */ 23 23 + #define smb_eio_traces \ 24 24 + EM(smb_eio_trace_compress_copy, "compress_copy") \ 25 25 + EM(smb_eio_trace_copychunk_inv_rsp, "copychunk_inv_rsp") \ 26 26 + EM(smb_eio_trace_copychunk_overcopy_b, "copychunk_overcopy_b") \ 27 27 + EM(smb_eio_trace_copychunk_overcopy_c, "copychunk_overcopy_c") \ 28 28 + EM(smb_eio_trace_create_rsp_too_small, "create_rsp_too_small") \ 29 29 + EM(smb_eio_trace_dfsref_no_rsp, "dfsref_no_rsp") \ 30 30 + EM(smb_eio_trace_ea_overrun, "ea_overrun") \ 31 31 + EM(smb_eio_trace_extract_will_pin, "extract_will_pin") \ 32 32 + EM(smb_eio_trace_forced_shutdown, "forced_shutdown") \ 33 33 + EM(smb_eio_trace_getacl_bcc_too_small, "getacl_bcc_too_small") \ 34 34 + EM(smb_eio_trace_getcifsacl_param_count, "getcifsacl_param_count") \ 35 35 + EM(smb_eio_trace_getdfsrefer_bcc_too_small, "getdfsrefer_bcc_too_small") \ 36 36 + EM(smb_eio_trace_getextattr_bcc_too_small, "getextattr_bcc_too_small") \ 37 37 + EM(smb_eio_trace_getextattr_inv_size, "getextattr_inv_size") \ 38 38 + EM(smb_eio_trace_getsrvinonum_bcc_too_small, "getsrvinonum_bcc_too_small") \ 39 39 + EM(smb_eio_trace_getsrvinonum_size, "getsrvinonum_size") \ 40 40 + EM(smb_eio_trace_ioctl_data_len, "ioctl_data_len") \ 41 41 + EM(smb_eio_trace_ioctl_no_rsp, "ioctl_no_rsp") \ 42 42 + EM(smb_eio_trace_ioctl_out_off, "ioctl_out_off") \ 43 43 + EM(smb_eio_trace_lock_bcc_too_small, "lock_bcc_too_small") \ 44 44 + EM(smb_eio_trace_lock_data_too_small, "lock_data_too_small") \ 45 45 + EM(smb_eio_trace_malformed_ksid_key, "malformed_ksid_key") \ 46 46 + EM(smb_eio_trace_malformed_sid_key, "malformed_sid_key") \ 47 47 + EM(smb_eio_trace_mkdir_no_rsp, "mkdir_no_rsp") \ 48 48 + EM(smb_eio_trace_neg_bad_rsplen, "neg_bad_rsplen") \ 49 49 + EM(smb_eio_trace_neg_decode_token, "neg_decode_token") \ 50 50 + EM(smb_eio_trace_neg_info_caps, "neg_info_caps") \ 51 51 + EM(smb_eio_trace_neg_info_dialect, "neg_info_dialect") \ 52 52 + EM(smb_eio_trace_neg_info_fail, "neg_info_fail") \ 53 53 + EM(smb_eio_trace_neg_info_sec_mode, "neg_info_sec_mode") \ 54 54 + EM(smb_eio_trace_neg_inval_dialect, "neg_inval_dialect") \ 55 55 + EM(smb_eio_trace_neg_no_crypt_key, "neg_no_crypt_key") \ 56 56 + EM(smb_eio_trace_neg_sec_blob_too_small, "neg_sec_blob_too_small") \ 57 57 + EM(smb_eio_trace_neg_unreq_dialect, "neg_unreq_dialect") \ 58 58 + EM(smb_eio_trace_no_auth_key, "no_auth_key") \ 59 59 + EM(smb_eio_trace_no_lease_key, "no_lease_key") \ 60 60 + EM(smb_eio_trace_not_netfs_writeback, "not_netfs_writeback") \ 61 61 + EM(smb_eio_trace_null_pointers, "null_pointers") \ 62 62 + EM(smb_eio_trace_oldqfsinfo_bcc_too_small, "oldqfsinfo_bcc_too_small") \ 63 63 + EM(smb_eio_trace_pend_del_fail, "pend_del_fail") \ 64 64 + EM(smb_eio_trace_qalleas_bcc_too_small, "qalleas_bcc_too_small") \ 65 65 + EM(smb_eio_trace_qalleas_ea_overlong, "qalleas_ea_overlong") \ 66 66 + EM(smb_eio_trace_qalleas_overlong, "qalleas_overlong") \ 67 67 + EM(smb_eio_trace_qfileinfo_bcc_too_small, "qfileinfo_bcc_too_small") \ 68 68 + EM(smb_eio_trace_qfileinfo_invalid, "qfileinfo_invalid") \ 69 69 + EM(smb_eio_trace_qfsattrinfo_bcc_too_small, "qfsattrinfo_bcc_too_small") \ 70 70 + EM(smb_eio_trace_qfsdevinfo_bcc_too_small, "qfsdevinfo_bcc_too_small") \ 71 71 + EM(smb_eio_trace_qfsinfo_bcc_too_small, "qfsinfo_bcc_too_small") \ 72 72 + EM(smb_eio_trace_qfsposixinfo_bcc_too_small, "qfsposixinfo_bcc_too_small") \ 73 73 + EM(smb_eio_trace_qfsunixinfo_bcc_too_small, "qfsunixinfo_bcc_too_small") \ 74 74 + EM(smb_eio_trace_qpathinfo_bcc_too_small, "qpathinfo_bcc_too_small") \ 75 75 + EM(smb_eio_trace_qpathinfo_invalid, "qpathinfo_invalid") \ 76 76 + EM(smb_eio_trace_qreparse_data_area, "qreparse_data_area") \ 77 77 + EM(smb_eio_trace_qreparse_rep_datalen, "qreparse_rep_datalen") \ 78 78 + EM(smb_eio_trace_qreparse_ret_datalen, "qreparse_ret_datalen") \ 79 79 + EM(smb_eio_trace_qreparse_setup_count, "qreparse_setup_count") \ 80 80 + EM(smb_eio_trace_qreparse_sizes_wrong, "qreparse_sizes_wrong") \ 81 81 + EM(smb_eio_trace_qsym_bcc_too_small, "qsym_bcc_too_small") \ 82 82 + EM(smb_eio_trace_read_mid_state_unknown, "read_mid_state_unknown") \ 83 83 + EM(smb_eio_trace_read_overlarge, "read_overlarge") \ 84 84 + EM(smb_eio_trace_read_rsp_malformed, "read_rsp_malformed") \ 85 85 + EM(smb_eio_trace_read_rsp_short, "read_rsp_short") \ 86 86 + EM(smb_eio_trace_read_too_far, "read_too_far") \ 87 87 + EM(smb_eio_trace_reparse_data_len, "reparse_data_len") \ 88 88 + EM(smb_eio_trace_reparse_native_len, "reparse_native_len") \ 89 89 + EM(smb_eio_trace_reparse_native_nul, "reparse_native_nul") \ 90 90 + EM(smb_eio_trace_reparse_native_sym_len, "reparse_native_sym_len") \ 91 91 + EM(smb_eio_trace_reparse_nfs_dev, "reparse_nfs_dev") \ 92 92 + EM(smb_eio_trace_reparse_nfs_nul, "reparse_nfs_nul") \ 93 93 + EM(smb_eio_trace_reparse_nfs_sockfifo, "reparse_nfs_sockfifo") \ 94 94 + EM(smb_eio_trace_reparse_nfs_symbuf, "reparse_nfs_symbuf") \ 95 95 + EM(smb_eio_trace_reparse_nfs_too_short, "reparse_nfs_too_short") \ 96 96 + EM(smb_eio_trace_reparse_overlong, "reparse_overlong") \ 97 97 + EM(smb_eio_trace_reparse_rdlen, "reparse_rdlen") \ 98 98 + EM(smb_eio_trace_reparse_wsl_nul, "reparse_wsl_nul") \ 99 99 + EM(smb_eio_trace_reparse_wsl_symbuf, "reparse_wsl_symbuf") \ 100 100 + EM(smb_eio_trace_reparse_wsl_ver, "reparse_wsl_ver") \ 101 101 + EM(smb_eio_trace_rx_b_read_short, "rx_b_read_short") \ 102 102 + EM(smb_eio_trace_rx_bad_datalen, "rx_bad_datalen") \ 103 103 + EM(smb_eio_trace_rx_both_buf, "rx_both_buf") \ 104 104 + EM(smb_eio_trace_rx_calc_len_too_big, "rx_calc_len_too_big") \ 105 105 + EM(smb_eio_trace_rx_check_rsp, "rx_check_rsp") \ 106 106 + EM(smb_eio_trace_rx_copy_to_iter, "rx_copy_to_iter") \ 107 107 + EM(smb_eio_trace_rx_insuff_res, "rx_insuff_res") \ 108 108 + EM(smb_eio_trace_rx_inv_bcc, "rx_inv_bcc") \ 109 109 + EM(smb_eio_trace_rx_mid_unready, "rx_mid_unready") \ 110 110 + EM(smb_eio_trace_rx_neg_sess_resp, "rx_neg_sess_resp") \ 111 111 + EM(smb_eio_trace_rx_overlong, "rx_overlong") \ 112 112 + EM(smb_eio_trace_rx_overpage, "rx_overpage") \ 113 113 + EM(smb_eio_trace_rx_pos_sess_resp, "rx_pos_sess_resp") \ 114 114 + EM(smb_eio_trace_rx_rfc1002_magic, "rx_rfc1002_magic") \ 115 115 + EM(smb_eio_trace_rx_sync_mid_invalid, "rx_sync_mid_invalid") \ 116 116 + EM(smb_eio_trace_rx_sync_mid_malformed, "rx_sync_mid_malformed") \ 117 117 + EM(smb_eio_trace_rx_too_short, "rx_too_short") \ 118 118 + EM(smb_eio_trace_rx_trans2_extract, "rx_trans2_extract") \ 119 119 + EM(smb_eio_trace_rx_unknown_resp, "rx_unknown_resp") \ 120 120 + EM(smb_eio_trace_rx_unspec_error, "rx_unspec_error") \ 121 121 + EM(smb_eio_trace_sess_buf_off, "sess_buf_off") \ 122 122 + EM(smb_eio_trace_sess_exiting, "sess_exiting") \ 123 123 + EM(smb_eio_trace_sess_krb_wcc, "sess_krb_wcc") \ 124 124 + EM(smb_eio_trace_sess_nl2_wcc, "sess_nl2_wcc") \ 125 125 + EM(smb_eio_trace_sess_rawnl_auth_wcc, "sess_rawnl_auth_wcc") \ 126 126 + EM(smb_eio_trace_sess_rawnl_neg_wcc, "sess_rawnl_neg_wcc") \ 127 127 + EM(smb_eio_trace_short_symlink_write, "short_symlink_write") \ 128 128 + EM(smb_eio_trace_sid_too_many_auth, "sid_too_many_auth") \ 129 129 + EM(smb_eio_trace_sig_data_too_small, "sig_data_too_small") \ 130 130 + EM(smb_eio_trace_sig_iter, "sig_iter") \ 131 131 + EM(smb_eio_trace_smb1_received_error, "smb1_received_error") \ 132 132 + EM(smb_eio_trace_smb2_received_error, "smb2_received_error") \ 133 133 + EM(smb_eio_trace_sym_slash, "sym_slash") \ 134 134 + EM(smb_eio_trace_sym_target_len, "sym_target_len") \ 135 135 + EM(smb_eio_trace_symlink_file_size, "symlink_file_size") \ 136 136 + EM(smb_eio_trace_tdis_in_reconnect, "tdis_in_reconnect") \ 137 137 + EM(smb_eio_trace_tx_chained_async, "tx_chained_async") \ 138 138 + EM(smb_eio_trace_tx_compress_failed, "tx_compress_failed") \ 139 139 + EM(smb_eio_trace_tx_copy_iter_to_buf, "tx_copy_iter_to_buf") \ 140 140 + EM(smb_eio_trace_tx_copy_to_buf, "tx_copy_to_buf") \ 141 141 + EM(smb_eio_trace_tx_max_compound, "tx_max_compound") \ 142 142 + EM(smb_eio_trace_tx_miscopy_to_buf, "tx_miscopy_to_buf") \ 143 143 + EM(smb_eio_trace_tx_need_transform, "tx_need_transform") \ 144 144 + EM(smb_eio_trace_tx_too_long, "sr_too_long") \ 145 145 + EM(smb_eio_trace_unixqfileinfo_bcc_too_small, "unixqfileinfo_bcc_too_small") \ 146 146 + EM(smb_eio_trace_unixqpathinfo_bcc_too_small, "unixqpathinfo_bcc_too_small") \ 147 147 + EM(smb_eio_trace_user_iter, "user_iter") \ 148 148 + EM(smb_eio_trace_write_bad_buf_type, "write_bad_buf_type") \ 149 149 + EM(smb_eio_trace_write_mid_state_unknown, "write_mid_state_unknown") \ 150 150 + EM(smb_eio_trace_write_rsp_malformed, "write_rsp_malformed") \ 151 151 + E_(smb_eio_trace_write_too_far, "write_too_far") 152 152 + 23 153 #define smb3_rw_credits_traces \ 24 154 EM(cifs_trace_rw_credits_call_readv_adjust, "rd-call-adj") \ 25 155 EM(cifs_trace_rw_credits_call_writev_adjust, "wr-call-adj") \ ··· 209 79 #define EM(a, b) a, 210 80 #define E_(a, b) a 211 81 82 82 + enum smb_eio_trace { smb_eio_traces } __mode(byte); 212 83 enum smb3_rw_credits_trace { smb3_rw_credits_traces } __mode(byte); 213 84 enum smb3_tcon_ref_trace { smb3_tcon_ref_traces } __mode(byte); 214 85 ··· 223 92 #define EM(a, b) TRACE_DEFINE_ENUM(a); 224 93 #define E_(a, b) TRACE_DEFINE_ENUM(a); 225 94 95 95 + smb_eio_traces; 226 96 smb3_rw_credits_traces; 227 97 smb3_tcon_ref_traces; 228 98 ··· 1692 1560 DEFINE_SMB3_CREDIT_EVENT(overflow_credits); 1693 1561 DEFINE_SMB3_CREDIT_EVENT(set_credits); 1694 1562 1563 1563 + TRACE_EVENT(smb3_kerberos_auth, 1564 1564 + TP_PROTO(struct TCP_Server_Info *server, 1565 1565 + struct cifs_ses *ses, 1566 1566 + int rc), 1567 1567 + TP_ARGS(server, ses, rc), 1568 1568 + TP_STRUCT__entry( 1569 1569 + __field(pid_t, pid) 1570 1570 + __field(uid_t, uid) 1571 1571 + __field(uid_t, cruid) 1572 1572 + __string(host, server->hostname) 1573 1573 + __string(user, ses->user_name) 1574 1574 + __array(__u8, addr, sizeof(struct sockaddr_storage)) 1575 1575 + __array(char, sec, sizeof("ntlmsspi")) 1576 1576 + __array(char, upcall_target, sizeof("mount")) 1577 1577 + __field(int, rc) 1578 1578 + ), 1579 1579 + TP_fast_assign( 1580 1580 + __entry->pid = current->pid; 1581 1581 + __entry->uid = from_kuid_munged(&init_user_ns, ses->linux_uid); 1582 1582 + __entry->cruid = from_kuid_munged(&init_user_ns, ses->cred_uid); 1583 1583 + __assign_str(host); 1584 1584 + __assign_str(user); 1585 1585 + memcpy(__entry->addr, &server->dstaddr, sizeof(__entry->addr)); 1586 1586 + 1587 1587 + if (server->sec_kerberos) 1588 1588 + memcpy(__entry->sec, "krb5", sizeof("krb5")); 1589 1589 + else if (server->sec_mskerberos) 1590 1590 + memcpy(__entry->sec, "mskrb5", sizeof("mskrb5")); 1591 1591 + else if (server->sec_iakerb) 1592 1592 + memcpy(__entry->sec, "iakerb", sizeof("iakerb")); 1593 1593 + else 1594 1594 + memcpy(__entry->sec, "krb5", sizeof("krb5")); 1595 1595 + 1596 1596 + if (ses->upcall_target == UPTARGET_MOUNT) 1597 1597 + memcpy(__entry->upcall_target, "mount", sizeof("mount")); 1598 1598 + else 1599 1599 + memcpy(__entry->upcall_target, "app", sizeof("app")); 1600 1600 + __entry->rc = rc; 1601 1601 + ), 1602 1602 + TP_printk("vers=%d host=%s ip=%pISpsfc sec=%s uid=%d cruid=%d user=%s pid=%d upcall_target=%s err=%d", 1603 1603 + CIFS_SPNEGO_UPCALL_VERSION, __get_str(host), __entry->addr, 1604 1604 + __entry->sec, __entry->uid, __entry->cruid, __get_str(user), 1605 1605 + __entry->pid, __entry->upcall_target, __entry->rc)) 1695 1606 1696 1607 TRACE_EVENT(smb3_tcon_ref, 1697 1608 TP_PROTO(unsigned int tcon_debug_id, int ref, ··· 1791 1616 __entry->server_credits, __entry->in_flight) 1792 1617 ); 1793 1618 1619 1619 + TRACE_EVENT(smb3_eio, 1620 1620 + TP_PROTO(enum smb_eio_trace trace, unsigned long info, unsigned long info2), 1621 1621 + TP_ARGS(trace, info, info2), 1622 1622 + TP_STRUCT__entry( 1623 1623 + __field(enum smb_eio_trace, trace) 1624 1624 + __field(unsigned long, info) 1625 1625 + __field(unsigned long, info2) 1626 1626 + ), 1627 1627 + TP_fast_assign( 1628 1628 + __entry->trace = trace; 1629 1629 + __entry->info = info; 1630 1630 + __entry->info2 = info2; 1631 1631 + ), 1632 1632 + TP_printk("%s info=%lx,%lx", 1633 1633 + __print_symbolic(__entry->trace, smb_eio_traces), 1634 1634 + __entry->info, __entry->info2) 1635 1635 + ); 1794 1636 1795 1637 #undef EM 1796 1638 #undef E_

+92 -88

fs/smb/client/transport.c

reviewed

··· 32 32 #include "compress.h" 33 33 34 34 void 35 35 - cifs_wake_up_task(struct mid_q_entry *mid) 35 35 + cifs_wake_up_task(struct TCP_Server_Info *server, struct mid_q_entry *mid) 36 36 { 37 37 if (mid->mid_state == MID_RESPONSE_RECEIVED) 38 38 mid->mid_state = MID_RESPONSE_READY; 39 39 wake_up_process(mid->callback_data); 40 40 } 41 41 42 42 - void __release_mid(struct kref *refcount) 42 42 + void __release_mid(struct TCP_Server_Info *server, struct mid_q_entry *midEntry) 43 43 { 44 44 - struct mid_q_entry *midEntry = 45 45 - container_of(refcount, struct mid_q_entry, refcount); 46 44 #ifdef CONFIG_CIFS_STATS2 47 47 - __le16 command = midEntry->server->vals->lock_cmd; 45 45 + __le16 command = server->vals->lock_cmd; 48 46 __u16 smb_cmd = le16_to_cpu(midEntry->command); 49 47 unsigned long now; 50 48 unsigned long roundtrip_time; 51 49 #endif 52 52 - struct TCP_Server_Info *server = midEntry->server; 53 50 54 51 if (midEntry->resp_buf && (midEntry->wait_cancelled) && 55 52 (midEntry->mid_state == MID_RESPONSE_RECEIVED || ··· 113 116 #endif 114 117 put_task_struct(midEntry->creator); 115 118 116 116 - mempool_free(midEntry, cifs_mid_poolp); 119 119 + mempool_free(midEntry, &cifs_mid_pool); 117 120 } 118 121 119 122 void 120 120 - delete_mid(struct mid_q_entry *mid) 123 123 + delete_mid(struct TCP_Server_Info *server, struct mid_q_entry *mid) 121 124 { 122 122 - spin_lock(&mid->server->mid_queue_lock); 123 123 - if (mid->deleted_from_q == false) { 125 125 + spin_lock(&server->mid_queue_lock); 126 126 + 127 127 + if (!mid->deleted_from_q) { 124 128 list_del_init(&mid->qhead); 125 129 mid->deleted_from_q = true; 126 130 } 127 127 - spin_unlock(&mid->server->mid_queue_lock); 131 131 + spin_unlock(&server->mid_queue_lock); 128 132 129 129 - release_mid(mid); 133 133 + release_mid(server, mid); 130 134 } 131 135 132 136 /* ··· 287 289 sigfillset(&mask); 288 290 sigprocmask(SIG_BLOCK, &mask, &oldmask); 289 291 290 290 - /* Generate a rfc1002 marker for SMB2+ */ 291 291 - if (!is_smb1(server)) { 292 292 + /* Generate a rfc1002 marker */ 293 293 + { 292 294 struct kvec hiov = { 293 295 .iov_base = &rfc1002_marker, 294 296 .iov_len = 4 ··· 402 404 return __smb_send_rqst(server, num_rqst, rqst); 403 405 404 406 if (WARN_ON_ONCE(num_rqst > MAX_COMPOUND - 1)) 405 405 - return -EIO; 407 407 + return smb_EIO1(smb_eio_trace_tx_max_compound, num_rqst); 406 408 407 409 if (!server->ops->init_transform_rq) { 408 410 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 409 409 - return -EIO; 411 411 + return smb_EIO(smb_eio_trace_tx_need_transform); 410 412 } 411 413 412 414 new_rqst[0].rq_iov = &iov; ··· 638 640 return 0; 639 641 } 640 642 641 641 - int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 643 643 + int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *mid) 642 644 { 645 645 + unsigned int sleep_state = TASK_KILLABLE; 643 646 int error; 644 647 648 648 + if (mid->sr_flags & CIFS_INTERRUPTIBLE_WAIT) 649 649 + sleep_state = TASK_INTERRUPTIBLE; 650 650 + 645 651 error = wait_event_state(server->response_q, 646 646 - midQ->mid_state != MID_REQUEST_SUBMITTED && 647 647 - midQ->mid_state != MID_RESPONSE_RECEIVED, 648 648 - (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 652 652 + mid->mid_state != MID_REQUEST_SUBMITTED && 653 653 + mid->mid_state != MID_RESPONSE_RECEIVED, 654 654 + (sleep_state | TASK_FREEZABLE_UNSAFE)); 649 655 if (error < 0) 650 656 return -ERESTARTSYS; 651 657 ··· 662 660 */ 663 661 int 664 662 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 665 665 - mid_receive_t *receive, mid_callback_t *callback, 666 666 - mid_handle_t *handle, void *cbdata, const int flags, 663 663 + mid_receive_t receive, mid_callback_t callback, 664 664 + mid_handle_t handle, void *cbdata, const int flags, 667 665 const struct cifs_credits *exist_credits) 668 666 { 669 667 int rc; ··· 703 701 return PTR_ERR(mid); 704 702 } 705 703 704 704 + mid->sr_flags = flags; 706 705 mid->receive = receive; 707 706 mid->callback = callback; 708 707 mid->callback_data = cbdata; ··· 725 722 if (rc < 0) { 726 723 revert_current_mid(server, mid->credits); 727 724 server->sequence_number -= 2; 728 728 - delete_mid(mid); 725 725 + delete_mid(server, mid); 729 726 } 730 727 731 728 cifs_server_unlock(server); ··· 753 750 rc = -EAGAIN; 754 751 break; 755 752 case MID_RESPONSE_MALFORMED: 756 756 - rc = -EIO; 753 753 + rc = smb_EIO(smb_eio_trace_rx_sync_mid_malformed); 757 754 break; 758 755 case MID_SHUTDOWN: 759 756 rc = -EHOSTDOWN; ··· 769 766 spin_unlock(&server->mid_queue_lock); 770 767 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 771 768 __func__, mid->mid, mid->mid_state); 772 772 - rc = -EIO; 769 769 + rc = smb_EIO1(smb_eio_trace_rx_sync_mid_invalid, mid->mid_state); 773 770 goto sync_mid_done; 774 771 } 775 772 spin_unlock(&server->mid_queue_lock); 776 773 777 774 sync_mid_done: 778 778 - release_mid(mid); 775 775 + release_mid(server, mid); 779 776 return rc; 780 777 } 781 778 782 779 static void 783 783 - cifs_compound_callback(struct mid_q_entry *mid) 780 780 + cifs_compound_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 784 781 { 785 785 - struct TCP_Server_Info *server = mid->server; 786 782 struct cifs_credits credits = { 787 783 .value = server->ops->get_credits(mid), 788 784 .instance = server->reconnect_instance, ··· 794 792 } 795 793 796 794 static void 797 797 - cifs_compound_last_callback(struct mid_q_entry *mid) 795 795 + cifs_compound_last_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 798 796 { 799 799 - cifs_compound_callback(mid); 800 800 - cifs_wake_up_task(mid); 797 797 + cifs_compound_callback(server, mid); 798 798 + cifs_wake_up_task(server, mid); 801 799 } 802 800 803 801 static void 804 804 - cifs_cancelled_callback(struct mid_q_entry *mid) 802 802 + cifs_cancelled_callback(struct TCP_Server_Info *server, struct mid_q_entry *mid) 805 803 { 806 806 - cifs_compound_callback(mid); 807 807 - release_mid(mid); 804 804 + cifs_compound_callback(server, mid); 805 805 + release_mid(server, mid); 808 806 } 809 807 810 808 /* ··· 868 866 int *resp_buf_type, struct kvec *resp_iov) 869 867 { 870 868 int i, j, optype, rc = 0; 871 871 - struct mid_q_entry *midQ[MAX_COMPOUND]; 869 869 + struct mid_q_entry *mid[MAX_COMPOUND]; 872 870 bool cancelled_mid[MAX_COMPOUND] = {false}; 873 871 struct cifs_credits credits[MAX_COMPOUND] = { 874 872 { .value = 0, .instance = 0 } ··· 883 881 884 882 if (!ses || !ses->server || !server) { 885 883 cifs_dbg(VFS, "Null session\n"); 886 886 - return -EIO; 884 884 + return smb_EIO(smb_eio_trace_null_pointers); 887 885 } 888 886 889 887 spin_lock(&server->srv_lock); ··· 934 932 } 935 933 936 934 for (i = 0; i < num_rqst; i++) { 937 937 - midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 938 938 - if (IS_ERR(midQ[i])) { 935 935 + mid[i] = server->ops->setup_request(ses, server, &rqst[i]); 936 936 + if (IS_ERR(mid[i])) { 939 937 revert_current_mid(server, i); 940 938 for (j = 0; j < i; j++) 941 941 - delete_mid(midQ[j]); 939 939 + delete_mid(server, mid[j]); 942 940 cifs_server_unlock(server); 943 941 944 942 /* Update # of requests on wire to server */ 945 943 for (j = 0; j < num_rqst; j++) 946 944 add_credits(server, &credits[j], optype); 947 947 - return PTR_ERR(midQ[i]); 945 945 + return PTR_ERR(mid[i]); 948 946 } 949 947 950 950 - midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 951 951 - midQ[i]->optype = optype; 948 948 + mid[i]->sr_flags = flags; 949 949 + mid[i]->mid_state = MID_REQUEST_SUBMITTED; 950 950 + mid[i]->optype = optype; 952 951 /* 953 952 * Invoke callback for every part of the compound chain 954 953 * to calculate credits properly. Wake up this thread only when 955 954 * the last element is received. 956 955 */ 957 956 if (i < num_rqst - 1) 958 958 - midQ[i]->callback = cifs_compound_callback; 957 957 + mid[i]->callback = cifs_compound_callback; 959 958 else 960 960 - midQ[i]->callback = cifs_compound_last_callback; 959 959 + mid[i]->callback = cifs_compound_last_callback; 961 960 } 962 961 rc = smb_send_rqst(server, num_rqst, rqst, flags); 963 962 964 963 for (i = 0; i < num_rqst; i++) 965 965 - cifs_save_when_sent(midQ[i]); 964 964 + cifs_save_when_sent(mid[i]); 966 965 967 966 if (rc < 0) { 968 967 revert_current_mid(server, num_rqst); ··· 997 994 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 998 995 spin_unlock(&ses->ses_lock); 999 996 997 997 + if (WARN_ON_ONCE(num_rqst != 1 || !resp_iov)) 998 998 + return -EINVAL; 999 999 + 1000 1000 cifs_server_lock(server); 1001 1001 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 1002 1002 cifs_server_unlock(server); ··· 1009 1003 spin_unlock(&ses->ses_lock); 1010 1004 1011 1005 for (i = 0; i < num_rqst; i++) { 1012 1012 - rc = wait_for_response(server, midQ[i]); 1006 1006 + rc = wait_for_response(server, mid[i]); 1013 1007 if (rc != 0) 1014 1008 break; 1015 1009 } 1016 1010 if (rc != 0) { 1017 1011 for (; i < num_rqst; i++) { 1018 1012 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1019 1019 - midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1020 1020 - send_cancel(server, &rqst[i], midQ[i]); 1021 1021 - spin_lock(&midQ[i]->mid_lock); 1022 1022 - midQ[i]->wait_cancelled = true; 1023 1023 - if (midQ[i]->callback) { 1024 1024 - midQ[i]->callback = cifs_cancelled_callback; 1013 1013 + mid[i]->mid, le16_to_cpu(mid[i]->command)); 1014 1014 + send_cancel(ses, server, &rqst[i], mid[i], xid); 1015 1015 + spin_lock(&mid[i]->mid_lock); 1016 1016 + mid[i]->wait_cancelled = true; 1017 1017 + if (mid[i]->mid_state == MID_REQUEST_SUBMITTED || 1018 1018 + mid[i]->mid_state == MID_RESPONSE_RECEIVED) { 1019 1019 + mid[i]->callback = cifs_cancelled_callback; 1025 1020 cancelled_mid[i] = true; 1026 1021 credits[i].value = 0; 1027 1022 } 1028 1028 - spin_unlock(&midQ[i]->mid_lock); 1023 1023 + spin_unlock(&mid[i]->mid_lock); 1029 1024 } 1030 1025 } 1031 1026 ··· 1034 1027 if (rc < 0) 1035 1028 goto out; 1036 1029 1037 1037 - rc = cifs_sync_mid_result(midQ[i], server); 1030 1030 + rc = cifs_sync_mid_result(mid[i], server); 1038 1031 if (rc != 0) { 1039 1032 /* mark this mid as cancelled to not free it below */ 1040 1033 cancelled_mid[i] = true; 1041 1034 goto out; 1042 1035 } 1043 1036 1044 1044 - if (!midQ[i]->resp_buf || 1045 1045 - midQ[i]->mid_state != MID_RESPONSE_READY) { 1046 1046 - rc = -EIO; 1037 1037 + if (!mid[i]->resp_buf || 1038 1038 + mid[i]->mid_state != MID_RESPONSE_READY) { 1039 1039 + rc = smb_EIO1(smb_eio_trace_rx_mid_unready, mid[i]->mid_state); 1047 1040 cifs_dbg(FYI, "Bad MID state?\n"); 1048 1041 goto out; 1049 1042 } 1050 1043 1051 1051 - buf = (char *)midQ[i]->resp_buf; 1052 1052 - resp_iov[i].iov_base = buf; 1053 1053 - resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1054 1054 - HEADER_PREAMBLE_SIZE(server); 1044 1044 + rc = server->ops->check_receive(mid[i], server, 1045 1045 + flags & CIFS_LOG_ERROR); 1055 1046 1056 1056 - if (midQ[i]->large_buf) 1057 1057 - resp_buf_type[i] = CIFS_LARGE_BUFFER; 1058 1058 - else 1059 1059 - resp_buf_type[i] = CIFS_SMALL_BUFFER; 1047 1047 + if (resp_iov) { 1048 1048 + buf = (char *)mid[i]->resp_buf; 1049 1049 + resp_iov[i].iov_base = buf; 1050 1050 + resp_iov[i].iov_len = mid[i]->resp_buf_size; 1060 1051 1061 1061 - rc = server->ops->check_receive(midQ[i], server, 1062 1062 - flags & CIFS_LOG_ERROR); 1052 1052 + if (mid[i]->large_buf) 1053 1053 + resp_buf_type[i] = CIFS_LARGE_BUFFER; 1054 1054 + else 1055 1055 + resp_buf_type[i] = CIFS_SMALL_BUFFER; 1063 1056 1064 1064 - /* mark it so buf will not be freed by delete_mid */ 1065 1065 - if ((flags & CIFS_NO_RSP_BUF) == 0) 1066 1066 - midQ[i]->resp_buf = NULL; 1067 1067 - 1057 1057 + /* mark it so buf will not be freed by delete_mid */ 1058 1058 + if ((flags & CIFS_NO_RSP_BUF) == 0) 1059 1059 + mid[i]->resp_buf = NULL; 1060 1060 + } 1068 1061 } 1069 1062 1070 1063 /* ··· 1093 1086 */ 1094 1087 for (i = 0; i < num_rqst; i++) { 1095 1088 if (!cancelled_mid[i]) 1096 1096 - delete_mid(midQ[i]); 1089 1089 + delete_mid(server, mid[i]); 1097 1090 } 1098 1091 1099 1092 return rc; ··· 1118 1111 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1119 1112 { 1120 1113 unsigned int rfclen = server->pdu_size; 1121 1121 - size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1122 1122 - server->total_read; 1114 1114 + size_t remaining = rfclen - server->total_read; 1123 1115 1124 1116 while (remaining > 0) { 1125 1117 ssize_t length; ··· 1142 1136 int length; 1143 1137 1144 1138 length = cifs_discard_remaining_data(server); 1145 1145 - dequeue_mid(mid, malformed); 1139 1139 + dequeue_mid(server, mid, malformed); 1146 1140 mid->resp_buf = server->smallbuf; 1147 1141 server->smallbuf = NULL; 1148 1142 return length; ··· 1163 1157 unsigned int data_offset, data_len; 1164 1158 struct cifs_io_subrequest *rdata = mid->callback_data; 1165 1159 char *buf = server->smallbuf; 1166 1166 - unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1160 1160 + unsigned int buflen = server->pdu_size; 1167 1161 bool use_rdma_mr = false; 1168 1162 1169 1163 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%zu\n", ··· 1197 1191 1198 1192 /* set up first two iov for signature check and to get credits */ 1199 1193 rdata->iov[0].iov_base = buf; 1200 1200 - rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1201 1201 - rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1202 1202 - rdata->iov[1].iov_len = 1203 1203 - server->total_read - HEADER_PREAMBLE_SIZE(server); 1194 1194 + rdata->iov[0].iov_len = server->total_read; 1204 1195 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1205 1196 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1206 1206 - cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1207 1207 - rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1208 1197 1209 1198 /* Was the SMB read successful? */ 1210 1199 rdata->result = server->ops->map_error(buf, false); ··· 1215 1214 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1216 1215 __func__, server->total_read, 1217 1216 server->vals->read_rsp_size); 1218 1218 - rdata->result = -EIO; 1217 1217 + rdata->result = smb_EIO2(smb_eio_trace_read_rsp_short, 1218 1218 + server->total_read, server->vals->read_rsp_size); 1219 1219 return cifs_readv_discard(server, mid); 1220 1220 } 1221 1221 1222 1222 - data_offset = server->ops->read_data_offset(buf) + 1223 1223 - HEADER_PREAMBLE_SIZE(server); 1222 1222 + data_offset = server->ops->read_data_offset(buf); 1224 1223 if (data_offset < server->total_read) { 1225 1224 /* 1226 1225 * win2k8 sometimes sends an offset of 0 when the read ··· 1234 1233 /* data_offset is beyond the end of smallbuf */ 1235 1234 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1236 1235 __func__, data_offset); 1237 1237 - rdata->result = -EIO; 1236 1236 + rdata->result = smb_EIO1(smb_eio_trace_read_overlarge, 1237 1237 + data_offset); 1238 1238 return cifs_readv_discard(server, mid); 1239 1239 } 1240 1240 ··· 1250 1248 if (length < 0) 1251 1249 return length; 1252 1250 server->total_read += length; 1251 1251 + rdata->iov[0].iov_len = server->total_read; 1253 1252 } 1254 1253 1255 1254 /* how much data is in the response? */ ··· 1260 1257 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1261 1258 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1262 1259 /* data_len is corrupt -- discard frame */ 1263 1263 - rdata->result = -EIO; 1260 1260 + rdata->result = smb_EIO2(smb_eio_trace_read_rsp_malformed, 1261 1261 + data_offset + data_len, buflen); 1264 1262 return cifs_readv_discard(server, mid); 1265 1263 } 1266 1264 ··· 1283 1279 if (server->total_read < buflen) 1284 1280 return cifs_readv_discard(server, mid); 1285 1281 1286 1286 - dequeue_mid(mid, false); 1282 1282 + dequeue_mid(server, mid, false); 1287 1283 mid->resp_buf = server->smallbuf; 1288 1284 server->smallbuf = NULL; 1289 1285 return length;

+1 -1

fs/smb/client/xattr.c

reviewed

··· 397 397 void *page; 398 398 399 399 if (unlikely(cifs_forced_shutdown(cifs_sb))) 400 400 - return -EIO; 400 400 + return smb_EIO(smb_eio_trace_forced_shutdown); 401 401 402 402 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_XATTR) 403 403 return -EOPNOTSUPP;

-3

fs/smb/common/smb2pdu.h

reviewed

··· 2016 2016 * MS-SMB 2.2.3.1 2017 2017 */ 2018 2018 struct smb_hdr { 2019 2019 - __be32 smb_buf_length; /* BB length is only two (rarely three) bytes, 2020 2020 - with one or two byte "type" preceding it that will be 2021 2021 - zero - we could mask the type byte off */ 2022 2019 __u8 Protocol[4]; 2023 2020 __u8 Command; 2024 2021 union {

+3 -2

fs/smb/common/smb2status.h

reviewed

··· 631 631 #define STATUS_DOMAIN_TRUST_INCONSISTENT cpu_to_le32(0xC000019B) 632 632 #define STATUS_FS_DRIVER_REQUIRED cpu_to_le32(0xC000019C) 633 633 #define STATUS_IMAGE_ALREADY_LOADED_AS_DLL cpu_to_le32(0xC000019D) 634 634 + #define STATUS_INVALID_LOCK_RANGE cpu_to_le32(0xC00001A1) 634 635 #define STATUS_NETWORK_OPEN_RESTRICTION cpu_to_le32(0xC0000201) 635 636 #define STATUS_NO_USER_SESSION_KEY cpu_to_le32(0xC0000202) 636 637 #define STATUS_USER_SESSION_DELETED cpu_to_le32(0xC0000203) ··· 1774 1773 #define STATUS_IPSEC_INVALID_PACKET cpu_to_le32(0xC0360005) 1775 1774 #define STATUS_IPSEC_INTEGRITY_CHECK_FAILED cpu_to_le32(0xC0360006) 1776 1775 #define STATUS_IPSEC_CLEAR_TEXT_DROP cpu_to_le32(0xC0360007) 1777 1777 - #define STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP cpu_to_le32(0xC05D0000) 1778 1778 - #define STATUS_INVALID_LOCK_RANGE cpu_to_le32(0xC00001a1) 1776 1776 + /* See MS-SMB2 3.3.5.4 */ 1777 1777 + #define STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP cpu_to_le32(0xC05D0000)

-1

fs/smb/common/smbglob.h

reviewed

··· 26 26 __u32 exclusive_lock_type; 27 27 __u32 shared_lock_type; 28 28 __u32 unlock_lock_type; 29 29 - size_t header_preamble_size; 30 29 size_t header_size; 31 30 size_t max_header_size; 32 31 size_t read_rsp_size;

+1 -1

fs/smb/server/smb2pdu.c

reviewed

··· 896 896 return STATUS_INVALID_PARAMETER; 897 897 898 898 if (pneg_ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512) 899 899 - return STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP; 899 899 + return STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP; 900 900 901 901 conn->preauth_info->Preauth_HashId = SMB2_PREAUTH_INTEGRITY_SHA512; 902 902 return STATUS_SUCCESS;