cifs: Remove the RFC1002 header from smb_hdr

+5 -5

fs/smb/client/cifs_debug.c

··· 37 37 data, length, true); 38 38 } 39 39 40 - void cifs_dump_detail(void *buf, struct TCP_Server_Info *server) 40 + void cifs_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server) 41 41 { 42 42 #ifdef CONFIG_CIFS_DEBUG2 43 43 struct smb_hdr *smb = buf; ··· 45 45 cifs_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d Wct: %d\n", 46 46 smb->Command, smb->Status.CifsError, smb->Flags, 47 47 smb->Flags2, smb->Mid, smb->Pid, smb->WordCount); 48 - if (!server->ops->check_message(buf, server->total_read, server)) { 48 + if (!server->ops->check_message(buf, buf_len, server->total_read, server)) { 49 49 cifs_dbg(VFS, "smb buf %p len %u\n", smb, 50 50 server->ops->calc_smb_size(smb)); 51 51 } ··· 79 79 cifs_dbg(VFS, "IsMult: %d IsEnd: %d\n", 80 80 mid_entry->multiRsp, mid_entry->multiEnd); 81 81 if (mid_entry->resp_buf) { 82 - cifs_dump_detail(mid_entry->resp_buf, server); 83 - cifs_dump_mem("existing buf: ", 84 - mid_entry->resp_buf, 62); 82 + cifs_dump_detail(mid_entry->resp_buf, 83 + mid_entry->response_pdu_len, server); 84 + cifs_dump_mem("existing buf: ", mid_entry->resp_buf, 62); 85 85 } 86 86 } 87 87 spin_unlock(&server->mid_queue_lock);

+3 -3

fs/smb/client/cifs_debug.h

··· 15 15 #define pr_fmt(fmt) "CIFS: " fmt 16 16 17 17 void cifs_dump_mem(char *label, void *data, int length); 18 - void cifs_dump_detail(void *buf, struct TCP_Server_Info *ptcp_info); 19 - void cifs_dump_mids(struct TCP_Server_Info *); 18 + void cifs_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server); 19 + void cifs_dump_mids(struct TCP_Server_Info *server); 20 20 extern bool traceSMB; /* flag which enables the function below */ 21 - void dump_smb(void *, int); 21 + void dump_smb(void *buf, int smb_buf_length); 22 22 #define CIFS_INFO 0x01 23 23 #define CIFS_RC 0x02 24 24 #define CIFS_TIMER 0x04

+8 -28

fs/smb/client/cifsencrypt.c

··· 91 91 struct kvec *iov = rqst->rq_iov; 92 92 int n_vec = rqst->rq_nvec; 93 93 94 - /* iov[0] is actual data and not the rfc1002 length for SMB2+ */ 95 - if (!is_smb1(server)) { 96 - if (iov[0].iov_len <= 4) 97 - return -EIO; 98 - i = 0; 99 - } else { 100 - if (n_vec < 2 || iov[0].iov_len != 4) 101 - return -EIO; 102 - i = 1; /* skip rfc1002 length */ 103 - } 104 - 105 - for (; i < n_vec; i++) { 94 + for (i = 0; i < n_vec; i++) { 106 95 if (iov[i].iov_len == 0) 107 96 continue; 108 97 if (iov[i].iov_base == NULL) { ··· 154 165 char smb_signature[20]; 155 166 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 156 167 157 - if (rqst->rq_iov[0].iov_len != 4 || 158 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 159 - return -EIO; 160 - 161 168 if ((cifs_pdu == NULL) || (server == NULL)) 162 169 return -EINVAL; 163 170 ··· 196 211 } 197 212 198 213 /* must be called with server->srv_mutex held */ 199 - int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, 214 + int cifs_sign_smb(struct smb_hdr *cifs_pdu, unsigned int pdu_len, 215 + struct TCP_Server_Info *server, 200 216 __u32 *pexpected_response_sequence_number) 201 217 { 202 - struct kvec iov[2]; 218 + struct kvec iov[1] = { 219 + [0].iov_base = (char *)cifs_pdu, 220 + [0].iov_len = pdu_len, 221 + }; 203 222 204 - iov[0].iov_base = cifs_pdu; 205 - iov[0].iov_len = 4; 206 - iov[1].iov_base = (char *)cifs_pdu + 4; 207 - iov[1].iov_len = be32_to_cpu(cifs_pdu->smb_buf_length); 208 - 209 - return cifs_sign_smbv(iov, 2, server, 223 + return cifs_sign_smbv(iov, ARRAY_SIZE(iov), server, 210 224 pexpected_response_sequence_number); 211 225 } 212 226 ··· 217 233 char server_response_sig[8]; 218 234 char what_we_think_sig_should_be[20]; 219 235 struct smb_hdr *cifs_pdu = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 220 - 221 - if (rqst->rq_iov[0].iov_len != 4 || 222 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 223 - return -EIO; 224 236 225 237 if (cifs_pdu == NULL || server == NULL) 226 238 return -EINVAL;

+12 -11

fs/smb/client/cifsglob.h

··· 346 346 /* map smb to linux error */ 347 347 int (*map_error)(char *, bool); 348 348 /* find mid corresponding to the response message */ 349 - struct mid_q_entry * (*find_mid)(struct TCP_Server_Info *, char *); 350 - void (*dump_detail)(void *buf, struct TCP_Server_Info *ptcp_info); 349 + struct mid_q_entry *(*find_mid)(struct TCP_Server_Info *server, char *buf); 350 + void (*dump_detail)(void *buf, size_t buf_len, struct TCP_Server_Info *ptcp_info); 351 351 void (*clear_stats)(struct cifs_tcon *); 352 352 void (*print_stats)(struct seq_file *m, struct cifs_tcon *); 353 353 void (*dump_share_caps)(struct seq_file *, struct cifs_tcon *); 354 354 /* verify the message */ 355 - int (*check_message)(char *, unsigned int, struct TCP_Server_Info *); 355 + int (*check_message)(char *buf, unsigned int pdu_len, unsigned int len, 356 + struct TCP_Server_Info *server); 356 357 bool (*is_oplock_break)(char *, struct TCP_Server_Info *); 357 358 int (*handle_cancelled_mid)(struct mid_q_entry *, struct TCP_Server_Info *); 358 359 void (*downgrade_oplock)(struct TCP_Server_Info *server, ··· 637 636 638 637 #define HEADER_SIZE(server) (server->vals->header_size) 639 638 #define MAX_HEADER_SIZE(server) (server->vals->max_header_size) 640 - #define HEADER_PREAMBLE_SIZE(server) (server->vals->header_preamble_size) 641 - #define MID_HEADER_SIZE(server) (HEADER_SIZE(server) - 1 - HEADER_PREAMBLE_SIZE(server)) 639 + #define MID_HEADER_SIZE(server) (HEADER_SIZE(server) - 1) 642 640 643 641 /** 644 642 * CIFS superblock mount flags (mnt_cifs_flags) to consider when ··· 832 832 char dns_dom[CIFS_MAX_DOMAINNAME_LEN + 1]; 833 833 }; 834 834 835 - static inline bool is_smb1(struct TCP_Server_Info *server) 835 + static inline bool is_smb1(const struct TCP_Server_Info *server) 836 836 { 837 - return HEADER_PREAMBLE_SIZE(server) != 0; 837 + return server->vals->protocol_id == SMB10_PROT_ID; 838 838 } 839 839 840 840 static inline void cifs_server_lock(struct TCP_Server_Info *server) ··· 973 973 * of kvecs to handle the receive, though that should only need to be done 974 974 * once. 975 975 */ 976 - #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4) 977 - #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4) 976 + #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ)) 977 + #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP)) 978 978 979 979 /* 980 980 * When the server doesn't allow large posix writes, only allow a rsize/wsize 981 981 * of 2^17-1 minus the size of the call header. That allows for a read or 982 982 * write up to the maximum size described by RFC1002. 983 983 */ 984 - #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4) 985 - #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4) 984 + #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ)) 985 + #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP)) 986 986 987 987 /* 988 988 * Windows only supports a max of 60kb reads and 65535 byte writes. Default to ··· 1701 1701 struct task_struct *creator; 1702 1702 void *resp_buf; /* pointer to received SMB header */ 1703 1703 unsigned int resp_buf_size; 1704 + u32 response_pdu_len; 1704 1705 int mid_state; /* wish this were enum but can not pass to wait_event */ 1705 1706 int mid_rc; /* rc for MID_RC */ 1706 1707 __le16 command; /* smb command code */

+1 -1

fs/smb/client/cifspdu.h

··· 90 90 91 91 /* future chained NTCreateXReadX bigger, but for time being NTCreateX biggest */ 92 92 /* among the requests (NTCreateX response is bigger with wct of 34) */ 93 - #define MAX_CIFS_HDR_SIZE 0x58 /* 4 len + 32 hdr + (2*24 wct) + 2 bct + 2 pad */ 93 + #define MAX_CIFS_HDR_SIZE 0x54 /* 32 hdr + (2*24 wct) + 2 bct + 2 pad */ 94 94 #define CIFS_SMALL_PATH 120 /* allows for (448-88)/3 */ 95 95 96 96 /* internal cifs vfs structures */

+25 -26

fs/smb/client/cifsproto.h

··· 111 111 const int flags, const int num_rqst, 112 112 struct smb_rqst *rqst, int *resp_buf_type, 113 113 struct kvec *resp_iov); 114 - extern int SendReceive(const unsigned int /* xid */ , struct cifs_ses *, 115 - struct smb_hdr * /* input */ , 116 - struct smb_hdr * /* out */ , 117 - int * /* bytes returned */ , const int); 118 - extern int SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 119 - char *in_buf, int flags); 114 + int SendReceive(const unsigned int xid, struct cifs_ses *ses, 115 + struct smb_hdr *in_buf, unsigned int in_len, 116 + struct smb_hdr *out_buf, int *pbytes_returned, const int flags); 117 + int SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 118 + char *in_buf, unsigned int in_len, int flags); 120 119 int cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server); 121 - extern struct mid_q_entry *cifs_setup_request(struct cifs_ses *, 122 - struct TCP_Server_Info *, 123 - struct smb_rqst *); 124 - extern struct mid_q_entry *cifs_setup_async_request(struct TCP_Server_Info *, 125 - struct smb_rqst *); 120 + struct mid_q_entry *cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 121 + struct smb_rqst *rqst); 122 + struct mid_q_entry *cifs_setup_async_request(struct TCP_Server_Info *server, 123 + struct smb_rqst *rqst); 126 124 int __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 127 125 struct smb_rqst *rqst); 128 126 extern int cifs_check_receive(struct mid_q_entry *mid, ··· 144 146 struct kvec *, int /* nvec to send */, 145 147 int * /* type of buf returned */, const int flags, 146 148 struct kvec * /* resp vec */); 147 - extern int SendReceiveBlockingLock(const unsigned int xid, 148 - struct cifs_tcon *ptcon, 149 - struct smb_hdr *in_buf, 150 - struct smb_hdr *out_buf, 151 - int *bytes_returned); 149 + int SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 150 + struct smb_hdr *in_buf, unsigned int in_len, 151 + struct smb_hdr *out_buf, int *pbytes_returned); 152 152 153 153 void smb2_query_server_interfaces(struct work_struct *work); 154 154 void ··· 157 161 bool mark_smb_session); 158 162 extern int cifs_reconnect(struct TCP_Server_Info *server, 159 163 bool mark_smb_session); 160 - extern int checkSMB(char *buf, unsigned int len, struct TCP_Server_Info *srvr); 164 + int checkSMB(char *buf, unsigned int pdu_len, unsigned int len, 165 + struct TCP_Server_Info *srvr); 161 166 extern bool is_valid_oplock_break(char *, struct TCP_Server_Info *); 162 167 extern bool backup_cred(struct cifs_sb_info *); 163 168 extern bool is_size_safe_to_change(struct cifsInodeInfo *cifsInode, __u64 eof, ··· 185 188 extern void cifs_set_port(struct sockaddr *addr, const unsigned short int port); 186 189 extern int map_smb_to_linux_error(char *buf, bool logErr); 187 190 extern int map_and_check_smb_error(struct mid_q_entry *mid, bool logErr); 188 - extern void header_assemble(struct smb_hdr *, char /* command */ , 189 - const struct cifs_tcon *, int /* length of 190 - fixed section (word count) in two byte units */); 191 + unsigned int header_assemble(struct smb_hdr *buffer, char smb_command, 192 + const struct cifs_tcon *treeCon, int word_count 193 + /* length of fixed section word count in two byte units */); 191 194 extern int small_smb_init_no_tc(const int smb_cmd, const int wct, 192 195 struct cifs_ses *ses, 193 196 void **request_buf); ··· 562 565 563 566 extern int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server, 564 567 __u32 *pexpected_response_sequence_number); 565 - extern int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *, 566 - __u32 *); 567 - extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *); 568 - extern int cifs_verify_signature(struct smb_rqst *rqst, 569 - struct TCP_Server_Info *server, 570 - __u32 expected_sequence_number); 568 + int cifs_sign_smbv(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, 569 + __u32 *pexpected_response_sequence); 570 + int cifs_sign_smb(struct smb_hdr *cifs_pdu, unsigned int pdu_len, 571 + struct TCP_Server_Info *server, 572 + __u32 *pexpected_response_sequence_number); 573 + int cifs_verify_signature(struct smb_rqst *rqst, 574 + struct TCP_Server_Info *server, 575 + __u32 expected_sequence_number); 571 576 extern int setup_ntlmv2_rsp(struct cifs_ses *, const struct nls_table *); 572 577 extern void cifs_crypto_secmech_release(struct TCP_Server_Info *server); 573 578 extern int calc_seckey(struct cifs_ses *);

+414 -321

fs/smb/client/cifssmb.c

··· 226 226 small_smb_init(int smb_command, int wct, struct cifs_tcon *tcon, 227 227 void **request_buf) 228 228 { 229 + unsigned int in_len; 229 230 int rc; 230 231 231 232 rc = cifs_reconnect_tcon(tcon, smb_command); ··· 239 238 return -ENOMEM; 240 239 } 241 240 242 - header_assemble((struct smb_hdr *) *request_buf, smb_command, 243 - tcon, wct); 241 + in_len = header_assemble((struct smb_hdr *) *request_buf, smb_command, 242 + tcon, wct); 244 243 245 244 if (tcon != NULL) 246 245 cifs_stats_inc(&tcon->num_smbs_sent); 247 246 248 - return 0; 247 + return in_len; 249 248 } 250 249 251 250 int ··· 256 255 struct smb_hdr *buffer; 257 256 258 257 rc = small_smb_init(smb_command, wct, NULL, request_buf); 259 - if (rc) 258 + if (rc < 0) 260 259 return rc; 261 260 262 261 buffer = (struct smb_hdr *)*request_buf; ··· 279 278 __smb_init(int smb_command, int wct, struct cifs_tcon *tcon, 280 279 void **request_buf, void **response_buf) 281 280 { 281 + unsigned int in_len; 282 + 282 283 *request_buf = cifs_buf_get(); 283 284 if (*request_buf == NULL) { 284 285 /* BB should we add a retry in here if not a writepage? */ ··· 293 290 if (response_buf) 294 291 *response_buf = *request_buf; 295 292 296 - header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon, 297 - wct); 293 + in_len = header_assemble((struct smb_hdr *)*request_buf, smb_command, tcon, 294 + wct); 298 295 299 296 if (tcon != NULL) 300 297 cifs_stats_inc(&tcon->num_smbs_sent); 301 298 302 - return 0; 299 + return in_len; 303 300 } 304 301 305 302 /* If the return code is zero, this function must fill in request_buf pointer */ ··· 424 421 { 425 422 SMB_NEGOTIATE_REQ *pSMB; 426 423 SMB_NEGOTIATE_RSP *pSMBr; 424 + unsigned int in_len; 427 425 int rc = 0; 428 426 int bytes_returned; 429 427 int i; ··· 437 433 438 434 rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ , 439 435 (void **) &pSMB, (void **) &pSMBr); 440 - if (rc) 436 + if (rc < 0) 441 437 return rc; 438 + in_len = rc; 442 439 443 440 pSMB->hdr.Mid = get_next_mid(server); 444 441 pSMB->hdr.Flags2 |= SMBFLG2_ERR_STATUS; ··· 463 458 memcpy(&pSMB->DialectsArray[count], protocols[i].name, len); 464 459 count += len; 465 460 } 466 - inc_rfc1001_len(pSMB, count); 461 + in_len += count; 467 462 pSMB->ByteCount = cpu_to_le16(count); 468 463 469 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, 464 + rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, in_len, 470 465 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 471 466 if (rc != 0) 472 467 goto neg_err_exit; ··· 535 530 CIFSSMBTDis(const unsigned int xid, struct cifs_tcon *tcon) 536 531 { 537 532 struct smb_hdr *smb_buffer; 533 + unsigned int in_len; 538 534 int rc = 0; 539 535 540 536 cifs_dbg(FYI, "In tree disconnect\n"); ··· 559 553 560 554 rc = small_smb_init(SMB_COM_TREE_DISCONNECT, 0, tcon, 561 555 (void **)&smb_buffer); 562 - if (rc) 556 + if (rc < 0) 563 557 return rc; 558 + in_len = rc; 564 559 565 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *)smb_buffer, 0); 560 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *)smb_buffer, in_len, 0); 566 561 cifs_small_buf_release(smb_buffer); 567 562 if (rc) 568 563 cifs_dbg(FYI, "Tree disconnect failed %d\n", rc); ··· 598 591 { 599 592 ECHO_REQ *smb; 600 593 int rc = 0; 601 - struct kvec iov[2]; 602 - struct smb_rqst rqst = { .rq_iov = iov, 603 - .rq_nvec = 2 }; 594 + struct kvec iov[1]; 595 + struct smb_rqst rqst = { 596 + .rq_iov = iov, 597 + .rq_nvec = ARRAY_SIZE(iov), 598 + }; 599 + unsigned int in_len; 604 600 605 601 cifs_dbg(FYI, "In echo request\n"); 606 602 607 603 rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb); 608 - if (rc) 604 + if (rc < 0) 609 605 return rc; 606 + in_len = rc; 610 607 611 608 if (server->capabilities & CAP_UNICODE) 612 609 smb->hdr.Flags2 |= SMBFLG2_UNICODE; ··· 621 610 put_unaligned_le16(1, &smb->EchoCount); 622 611 put_bcc(1, &smb->hdr); 623 612 smb->Data[0] = 'a'; 624 - inc_rfc1001_len(smb, 3); 613 + in_len += 3; 625 614 626 - iov[0].iov_len = 4; 615 + iov[0].iov_len = in_len; 627 616 iov[0].iov_base = smb; 628 - iov[1].iov_len = get_rfc1002_len(smb); 629 - iov[1].iov_base = (char *)smb + 4; 630 617 631 618 rc = cifs_call_async(server, &rqst, NULL, cifs_echo_callback, NULL, 632 619 server, CIFS_NON_BLOCKING | CIFS_ECHO_OP, NULL); ··· 640 631 CIFSSMBLogoff(const unsigned int xid, struct cifs_ses *ses) 641 632 { 642 633 LOGOFF_ANDX_REQ *pSMB; 634 + unsigned int in_len; 643 635 int rc = 0; 644 636 645 637 cifs_dbg(FYI, "In SMBLogoff for session disconnect\n"); ··· 663 653 spin_unlock(&ses->chan_lock); 664 654 665 655 rc = small_smb_init(SMB_COM_LOGOFF_ANDX, 2, NULL, (void **)&pSMB); 666 - if (rc) { 656 + if (rc < 0) { 667 657 mutex_unlock(&ses->session_mutex); 668 658 return rc; 669 659 } 660 + in_len = rc; 670 661 671 662 pSMB->hdr.Mid = get_next_mid(ses->server); 672 663 ··· 677 666 pSMB->hdr.Uid = ses->Suid; 678 667 679 668 pSMB->AndXCommand = 0xFF; 680 - rc = SendReceiveNoRsp(xid, ses, (char *) pSMB, 0); 669 + rc = SendReceiveNoRsp(xid, ses, (char *) pSMB, in_len, 0); 681 670 cifs_small_buf_release(pSMB); 682 671 session_already_dead: 683 672 mutex_unlock(&ses->session_mutex); ··· 698 687 TRANSACTION2_SPI_REQ *pSMB = NULL; 699 688 TRANSACTION2_SPI_RSP *pSMBr = NULL; 700 689 struct unlink_psx_rq *pRqD; 690 + unsigned int in_len; 701 691 int name_len; 702 692 int rc = 0; 703 693 int bytes_returned = 0; ··· 708 696 PsxDelete: 709 697 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 710 698 (void **) &pSMBr); 711 - if (rc) 699 + if (rc < 0) 712 700 return rc; 701 + in_len = rc; 713 702 714 703 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 715 704 name_len = ··· 731 718 pSMB->Timeout = 0; 732 719 pSMB->Reserved2 = 0; 733 720 param_offset = offsetof(struct smb_com_transaction2_spi_req, 734 - InformationLevel) - 4; 721 + InformationLevel); 735 722 offset = param_offset + params; 736 723 737 - /* Setup pointer to Request Data (inode type). 738 - * Note that SMB offsets are from the beginning of SMB which is 4 bytes 739 - * in, after RFC1001 field 740 - */ 741 - pRqD = (struct unlink_psx_rq *)((char *)(pSMB) + offset + 4); 724 + /* Setup pointer to Request Data (inode type). */ 725 + pRqD = (struct unlink_psx_rq *)((char *)(pSMB) + offset); 742 726 pRqD->type = cpu_to_le16(type); 743 727 pSMB->ParameterOffset = cpu_to_le16(param_offset); 744 728 pSMB->DataOffset = cpu_to_le16(offset); ··· 750 740 pSMB->TotalParameterCount = pSMB->ParameterCount; 751 741 pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_UNLINK); 752 742 pSMB->Reserved4 = 0; 753 - inc_rfc1001_len(pSMB, byte_count); 743 + in_len += byte_count; 754 744 pSMB->ByteCount = cpu_to_le16(byte_count); 755 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 745 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 756 746 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 757 747 if (rc) 758 748 cifs_dbg(FYI, "Posix delete returned %d\n", rc); ··· 772 762 { 773 763 DELETE_FILE_REQ *pSMB = NULL; 774 764 DELETE_FILE_RSP *pSMBr = NULL; 765 + unsigned int in_len; 775 766 int rc = 0; 776 767 int bytes_returned; 777 768 int name_len; ··· 781 770 DelFileRetry: 782 771 rc = smb_init(SMB_COM_DELETE, 1, tcon, (void **) &pSMB, 783 772 (void **) &pSMBr); 784 - if (rc) 773 + if (rc < 0) 785 774 return rc; 775 + in_len = rc; 786 776 787 777 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 788 778 name_len = cifsConvertToUTF16((__le16 *) pSMB->fileName, name, ··· 797 785 pSMB->SearchAttributes = 798 786 cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM); 799 787 pSMB->BufferFormat = 0x04; 800 - inc_rfc1001_len(pSMB, name_len + 1); 788 + in_len += name_len + 1; 801 789 pSMB->ByteCount = cpu_to_le16(name_len + 1); 802 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 790 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 803 791 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 804 792 cifs_stats_inc(&tcon->stats.cifs_stats.num_deletes); 805 793 if (rc) ··· 818 806 { 819 807 DELETE_DIRECTORY_REQ *pSMB = NULL; 820 808 DELETE_DIRECTORY_RSP *pSMBr = NULL; 809 + unsigned int in_len; 821 810 int rc = 0; 822 811 int bytes_returned; 823 812 int name_len; ··· 828 815 RmDirRetry: 829 816 rc = smb_init(SMB_COM_DELETE_DIRECTORY, 0, tcon, (void **) &pSMB, 830 817 (void **) &pSMBr); 831 - if (rc) 818 + if (rc < 0) 832 819 return rc; 820 + in_len = rc; 833 821 834 822 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 835 823 name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name, ··· 843 829 } 844 830 845 831 pSMB->BufferFormat = 0x04; 846 - inc_rfc1001_len(pSMB, name_len + 1); 832 + in_len += name_len + 1; 847 833 pSMB->ByteCount = cpu_to_le16(name_len + 1); 848 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 834 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 849 835 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 850 836 cifs_stats_inc(&tcon->stats.cifs_stats.num_rmdirs); 851 837 if (rc) ··· 865 851 int rc = 0; 866 852 CREATE_DIRECTORY_REQ *pSMB = NULL; 867 853 CREATE_DIRECTORY_RSP *pSMBr = NULL; 854 + unsigned int in_len; 868 855 int bytes_returned; 869 856 int name_len; 870 857 int remap = cifs_remap(cifs_sb); ··· 874 859 MkDirRetry: 875 860 rc = smb_init(SMB_COM_CREATE_DIRECTORY, 0, tcon, (void **) &pSMB, 876 861 (void **) &pSMBr); 877 - if (rc) 862 + if (rc < 0) 878 863 return rc; 864 + in_len = rc; 879 865 880 866 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 881 867 name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name, ··· 889 873 } 890 874 891 875 pSMB->BufferFormat = 0x04; 892 - inc_rfc1001_len(pSMB, name_len + 1); 876 + in_len += name_len + 1; 893 877 pSMB->ByteCount = cpu_to_le16(name_len + 1); 894 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 878 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 895 879 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 896 880 cifs_stats_inc(&tcon->stats.cifs_stats.num_mkdirs); 897 881 if (rc) ··· 912 896 { 913 897 TRANSACTION2_SPI_REQ *pSMB = NULL; 914 898 TRANSACTION2_SPI_RSP *pSMBr = NULL; 899 + unsigned int in_len; 915 900 int name_len; 916 901 int rc = 0; 917 902 int bytes_returned = 0; ··· 924 907 PsxCreat: 925 908 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 926 909 (void **) &pSMBr); 927 - if (rc) 910 + if (rc < 0) 928 911 return rc; 912 + in_len = rc; 929 913 930 914 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 931 915 name_len = ··· 948 930 pSMB->Timeout = 0; 949 931 pSMB->Reserved2 = 0; 950 932 param_offset = offsetof(struct smb_com_transaction2_spi_req, 951 - InformationLevel) - 4; 933 + InformationLevel); 952 934 offset = param_offset + params; 953 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 954 - pdata = (OPEN_PSX_REQ *)((char *)(pSMB) + offset + 4); 935 + pdata = (OPEN_PSX_REQ *)((char *)(pSMB) + offset); 955 936 pdata->Level = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 956 937 pdata->Permissions = cpu_to_le64(mode); 957 938 pdata->PosixOpenFlags = cpu_to_le32(posix_flags); ··· 968 951 pSMB->TotalParameterCount = pSMB->ParameterCount; 969 952 pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_OPEN); 970 953 pSMB->Reserved4 = 0; 971 - inc_rfc1001_len(pSMB, byte_count); 954 + in_len += byte_count; 972 955 pSMB->ByteCount = cpu_to_le16(byte_count); 973 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 956 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 974 957 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 975 958 if (rc) { 976 959 cifs_dbg(FYI, "Posix create returned %d\n", rc); ··· 986 969 } 987 970 988 971 /* copy return information to pRetData */ 989 - psx_rsp = (OPEN_PSX_RSP *)((char *) &pSMBr->hdr.Protocol 990 - + le16_to_cpu(pSMBr->t2.DataOffset)); 972 + psx_rsp = (OPEN_PSX_RSP *) 973 + ((char *)pSMBr + le16_to_cpu(pSMBr->t2.DataOffset)); 991 974 992 975 *pOplock = le16_to_cpu(psx_rsp->OplockFlags); 993 976 if (netfid) ··· 1007 990 pRetData->Type = cpu_to_le32(-1); 1008 991 goto psx_create_err; 1009 992 } 1010 - memcpy((char *) pRetData, 1011 - (char *)psx_rsp + sizeof(OPEN_PSX_RSP), 1012 - sizeof(FILE_UNIX_BASIC_INFO)); 993 + memcpy(pRetData, 994 + (char *)psx_rsp + sizeof(OPEN_PSX_RSP), 995 + sizeof(*pRetData)); 1013 996 } 1014 997 1015 998 psx_create_err: ··· 1096 1079 int rc; 1097 1080 OPENX_REQ *pSMB = NULL; 1098 1081 OPENX_RSP *pSMBr = NULL; 1082 + unsigned int in_len; 1099 1083 int bytes_returned; 1100 1084 int name_len; 1101 1085 __u16 count; ··· 1104 1086 OldOpenRetry: 1105 1087 rc = smb_init(SMB_COM_OPEN_ANDX, 15, tcon, (void **) &pSMB, 1106 1088 (void **) &pSMBr); 1107 - if (rc) 1089 + if (rc < 0) 1108 1090 return rc; 1091 + in_len = rc; 1109 1092 1110 1093 pSMB->AndXCommand = 0xFF; /* none */ 1111 1094 ··· 1149 1130 pSMB->Sattr = cpu_to_le16(ATTR_HIDDEN | ATTR_SYSTEM | ATTR_DIRECTORY); 1150 1131 pSMB->OpenFunction = cpu_to_le16(convert_disposition(openDisposition)); 1151 1132 count += name_len; 1152 - inc_rfc1001_len(pSMB, count); 1133 + in_len += count; 1153 1134 1154 1135 pSMB->ByteCount = cpu_to_le16(count); 1155 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 1136 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 1156 1137 (struct smb_hdr *)pSMBr, &bytes_returned, 0); 1157 1138 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens); 1158 1139 if (rc) { ··· 1210 1191 int desired_access = oparms->desired_access; 1211 1192 int disposition = oparms->disposition; 1212 1193 const char *path = oparms->path; 1194 + unsigned int in_len; 1213 1195 1214 1196 openRetry: 1215 1197 rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req, 1216 1198 (void **)&rsp); 1217 - if (rc) 1199 + if (rc < 0) 1218 1200 return rc; 1201 + in_len = rc; 1219 1202 1220 1203 /* no commands go after this */ 1221 1204 req->AndXCommand = 0xFF; ··· 1275 1254 req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY; 1276 1255 1277 1256 count += name_len; 1278 - inc_rfc1001_len(req, count); 1257 + in_len += count; 1279 1258 1280 1259 req->ByteCount = cpu_to_le16(count); 1281 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req, 1260 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req, in_len, 1282 1261 (struct smb_hdr *)rsp, &bytes_returned, 0); 1283 1262 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens); 1284 1263 if (rc) { ··· 1324 1303 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 1325 1304 struct TCP_Server_Info *server = tcon->ses->server; 1326 1305 struct smb_rqst rqst = { .rq_iov = rdata->iov, 1327 - .rq_nvec = 2, 1306 + .rq_nvec = 1, 1328 1307 .rq_iter = rdata->subreq.io_iter }; 1329 1308 struct cifs_credits credits = { 1330 1309 .value = 1, ··· 1436 1415 int wct; 1437 1416 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 1438 1417 struct smb_rqst rqst = { .rq_iov = rdata->iov, 1439 - .rq_nvec = 2 }; 1418 + .rq_nvec = 1 }; 1419 + unsigned int in_len; 1440 1420 1441 1421 cifs_dbg(FYI, "%s: offset=%llu bytes=%zu\n", 1442 1422 __func__, rdata->subreq.start, rdata->subreq.len); ··· 1453 1431 } 1454 1432 1455 1433 rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb); 1456 - if (rc) 1434 + if (rc < 0) 1457 1435 return rc; 1436 + in_len = rc; 1458 1437 1459 1438 smb->hdr.Pid = cpu_to_le16((__u16)rdata->req->pid); 1460 1439 smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->req->pid >> 16)); ··· 1479 1456 1480 1457 /* 4 for RFC1001 length + 1 for BCC */ 1481 1458 rdata->iov[0].iov_base = smb; 1482 - rdata->iov[0].iov_len = 4; 1483 - rdata->iov[1].iov_base = (char *)smb + 4; 1484 - rdata->iov[1].iov_len = get_rfc1002_len(smb); 1459 + rdata->iov[0].iov_len = in_len; 1485 1460 1486 1461 trace_smb3_read_enter(rdata->rreq->debug_id, 1487 1462 rdata->subreq.debug_index, ··· 1513 1492 __u16 netfid = io_parms->netfid; 1514 1493 __u64 offset = io_parms->offset; 1515 1494 struct cifs_tcon *tcon = io_parms->tcon; 1495 + unsigned int in_len; 1516 1496 unsigned int count = io_parms->length; 1517 1497 1518 1498 cifs_dbg(FYI, "Reading %d bytes on fid %d\n", count, netfid); ··· 1529 1507 1530 1508 *nbytes = 0; 1531 1509 rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB); 1532 - if (rc) 1510 + if (rc < 0) 1533 1511 return rc; 1512 + in_len = rc; 1534 1513 1535 1514 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1536 1515 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1559 1536 } 1560 1537 1561 1538 iov[0].iov_base = (char *)pSMB; 1562 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 1539 + iov[0].iov_len = in_len; 1563 1540 rc = SendReceive2(xid, tcon->ses, iov, 1, &resp_buf_type, 1564 1541 CIFS_LOG_ERROR, &rsp_iov); 1565 1542 cifs_small_buf_release(pSMB); ··· 1623 1600 __u16 netfid = io_parms->netfid; 1624 1601 __u64 offset = io_parms->offset; 1625 1602 struct cifs_tcon *tcon = io_parms->tcon; 1626 - unsigned int count = io_parms->length; 1603 + unsigned int count = io_parms->length, in_len; 1627 1604 1628 1605 *nbytes = 0; 1629 1606 ··· 1643 1620 1644 1621 rc = smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB, 1645 1622 (void **) &pSMBr); 1646 - if (rc) 1623 + if (rc < 0) 1647 1624 return rc; 1625 + in_len = rc; 1648 1626 1649 1627 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1650 1628 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1678 1654 if (bytes_sent > count) 1679 1655 bytes_sent = count; 1680 1656 pSMB->DataOffset = 1681 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1657 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1682 1658 if (buf) 1683 1659 memcpy(pSMB->Data, buf, bytes_sent); 1684 1660 else if (count != 0) { ··· 1693 1669 1694 1670 pSMB->DataLengthLow = cpu_to_le16(bytes_sent & 0xFFFF); 1695 1671 pSMB->DataLengthHigh = cpu_to_le16(bytes_sent >> 16); 1696 - inc_rfc1001_len(pSMB, byte_count); 1672 + in_len += byte_count; 1697 1673 1698 1674 if (wct == 14) 1699 1675 pSMB->ByteCount = cpu_to_le16(byte_count); ··· 1704 1680 pSMBW->ByteCount = cpu_to_le16(byte_count); 1705 1681 } 1706 1682 1707 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 1683 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 1708 1684 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 1709 1685 cifs_stats_inc(&tcon->stats.cifs_stats.num_writes); 1710 1686 if (rc) { ··· 1815 1791 cifs_async_writev(struct cifs_io_subrequest *wdata) 1816 1792 { 1817 1793 int rc = -EACCES; 1818 - WRITE_REQ *smb = NULL; 1794 + WRITE_REQ *req = NULL; 1819 1795 int wct; 1820 1796 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 1821 - struct kvec iov[2]; 1797 + struct kvec iov[1]; 1822 1798 struct smb_rqst rqst = { }; 1799 + unsigned int in_len; 1823 1800 1824 1801 if (tcon->ses->capabilities & CAP_LARGE_FILES) { 1825 1802 wct = 14; ··· 1833 1808 } 1834 1809 } 1835 1810 1836 - rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&smb); 1837 - if (rc) 1811 + rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&req); 1812 + if (rc < 0) 1838 1813 goto async_writev_out; 1814 + in_len = rc; 1839 1815 1840 - smb->hdr.Pid = cpu_to_le16((__u16)wdata->req->pid); 1841 - smb->hdr.PidHigh = cpu_to_le16((__u16)(wdata->req->pid >> 16)); 1816 + req->hdr.Pid = cpu_to_le16((__u16)wdata->req->pid); 1817 + req->hdr.PidHigh = cpu_to_le16((__u16)(wdata->req->pid >> 16)); 1842 1818 1843 - smb->AndXCommand = 0xFF; /* none */ 1844 - smb->Fid = wdata->req->cfile->fid.netfid; 1845 - smb->OffsetLow = cpu_to_le32(wdata->subreq.start & 0xFFFFFFFF); 1819 + req->AndXCommand = 0xFF; /* none */ 1820 + req->Fid = wdata->req->cfile->fid.netfid; 1821 + req->OffsetLow = cpu_to_le32(wdata->subreq.start & 0xFFFFFFFF); 1846 1822 if (wct == 14) 1847 - smb->OffsetHigh = cpu_to_le32(wdata->subreq.start >> 32); 1848 - smb->Reserved = 0xFFFFFFFF; 1849 - smb->WriteMode = 0; 1850 - smb->Remaining = 0; 1823 + req->OffsetHigh = cpu_to_le32(wdata->subreq.start >> 32); 1824 + req->Reserved = 0xFFFFFFFF; 1825 + req->WriteMode = 0; 1826 + req->Remaining = 0; 1851 1827 1852 - smb->DataOffset = 1853 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1828 + req->DataOffset = 1829 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1854 1830 1855 - /* 4 for RFC1001 length + 1 for BCC */ 1856 - iov[0].iov_len = 4; 1857 - iov[0].iov_base = smb; 1858 - iov[1].iov_len = get_rfc1002_len(smb) + 1; 1859 - iov[1].iov_base = (char *)smb + 4; 1831 + iov[0].iov_base = req; 1832 + iov[0].iov_len = in_len + 1; /* +1 for BCC */ 1860 1833 1861 1834 rqst.rq_iov = iov; 1862 - rqst.rq_nvec = 2; 1835 + rqst.rq_nvec = 1; 1863 1836 rqst.rq_iter = wdata->subreq.io_iter; 1864 1837 1865 1838 cifs_dbg(FYI, "async write at %llu %zu bytes\n", 1866 1839 wdata->subreq.start, wdata->subreq.len); 1867 1840 1868 - smb->DataLengthLow = cpu_to_le16(wdata->subreq.len & 0xFFFF); 1869 - smb->DataLengthHigh = cpu_to_le16(wdata->subreq.len >> 16); 1841 + req->DataLengthLow = cpu_to_le16(wdata->subreq.len & 0xFFFF); 1842 + req->DataLengthHigh = cpu_to_le16(wdata->subreq.len >> 16); 1870 1843 1871 1844 if (wct == 14) { 1872 - inc_rfc1001_len(&smb->hdr, wdata->subreq.len + 1); 1873 - put_bcc(wdata->subreq.len + 1, &smb->hdr); 1845 + in_len += wdata->subreq.len + 1; 1846 + put_bcc(wdata->subreq.len + 1, &req->hdr); 1874 1847 } else { 1875 1848 /* wct == 12 */ 1876 - struct smb_com_writex_req *smbw = 1877 - (struct smb_com_writex_req *)smb; 1878 - inc_rfc1001_len(&smbw->hdr, wdata->subreq.len + 5); 1879 - put_bcc(wdata->subreq.len + 5, &smbw->hdr); 1880 - iov[1].iov_len += 4; /* pad bigger by four bytes */ 1849 + struct smb_com_writex_req *reqw = 1850 + (struct smb_com_writex_req *)req; 1851 + in_len += wdata->subreq.len + 5; 1852 + put_bcc(wdata->subreq.len + 5, &reqw->hdr); 1853 + iov[0].iov_len += 4; /* pad bigger by four bytes */ 1881 1854 } 1882 1855 1883 1856 rc = cifs_call_async(tcon->ses->server, &rqst, NULL, ··· 1885 1862 cifs_stats_inc(&tcon->stats.cifs_stats.num_writes); 1886 1863 1887 1864 async_writev_out: 1888 - cifs_small_buf_release(smb); 1865 + cifs_small_buf_release(req); 1889 1866 out: 1890 1867 if (rc) { 1891 1868 add_credits_and_wake_if(wdata->server, &wdata->credits, 0); ··· 1908 1885 struct cifs_tcon *tcon = io_parms->tcon; 1909 1886 unsigned int count = io_parms->length; 1910 1887 struct kvec rsp_iov; 1888 + unsigned int in_len; 1911 1889 1912 1890 *nbytes = 0; 1913 1891 ··· 1924 1900 } 1925 1901 } 1926 1902 rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **) &pSMB); 1927 - if (rc) 1903 + if (rc < 0) 1928 1904 return rc; 1905 + in_len = rc; 1929 1906 1930 1907 pSMB->hdr.Pid = cpu_to_le16((__u16)pid); 1931 1908 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16)); ··· 1945 1920 pSMB->Remaining = 0; 1946 1921 1947 1922 pSMB->DataOffset = 1948 - cpu_to_le16(offsetof(struct smb_com_write_req, Data) - 4); 1923 + cpu_to_le16(offsetof(struct smb_com_write_req, Data)); 1949 1924 1950 1925 pSMB->DataLengthLow = cpu_to_le16(count & 0xFFFF); 1951 1926 pSMB->DataLengthHigh = cpu_to_le16(count >> 16); 1952 1927 /* header + 1 byte pad */ 1953 - smb_hdr_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 1; 1928 + smb_hdr_len = in_len + 1; 1954 1929 if (wct == 14) 1955 - inc_rfc1001_len(pSMB, count + 1); 1930 + in_len += count + 1; 1956 1931 else /* wct == 12 */ 1957 - inc_rfc1001_len(pSMB, count + 5); /* smb data starts later */ 1932 + in_len += count + 5; /* smb data starts later */ 1958 1933 if (wct == 14) 1959 1934 pSMB->ByteCount = cpu_to_le16(count + 1); 1960 1935 else /* wct == 12 */ /* bigger pad, smaller smb hdr, keep offset ok */ { ··· 2008 1983 LOCK_REQ *pSMB = NULL; 2009 1984 struct kvec iov[2]; 2010 1985 struct kvec rsp_iov; 1986 + unsigned int in_len; 2011 1987 int resp_buf_type; 2012 1988 __u16 count; 2013 1989 ··· 2016 1990 num_lock, num_unlock); 2017 1991 2018 1992 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB); 2019 - if (rc) 1993 + if (rc < 0) 2020 1994 return rc; 1995 + in_len = rc; 2021 1996 2022 1997 pSMB->Timeout = 0; 2023 1998 pSMB->NumberOfLocks = cpu_to_le16(num_lock); ··· 2028 2001 pSMB->Fid = netfid; /* netfid stays le */ 2029 2002 2030 2003 count = (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); 2031 - inc_rfc1001_len(pSMB, count); 2004 + in_len += count; 2032 2005 pSMB->ByteCount = cpu_to_le16(count); 2033 2006 2034 2007 iov[0].iov_base = (char *)pSMB; 2035 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4 - 2008 + iov[0].iov_len = in_len - 2036 2009 (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); 2037 2010 iov[1].iov_base = (char *)buf; 2038 2011 iov[1].iov_len = (num_unlock + num_lock) * sizeof(LOCKING_ANDX_RANGE); ··· 2057 2030 int rc = 0; 2058 2031 LOCK_REQ *pSMB = NULL; 2059 2032 /* LOCK_RSP *pSMBr = NULL; */ /* No response data other than rc to parse */ 2033 + unsigned int in_len; 2060 2034 int bytes_returned; 2061 2035 int flags = 0; 2062 2036 __u16 count; ··· 2066 2038 (int)waitFlag, numLock); 2067 2039 rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB); 2068 2040 2069 - if (rc) 2041 + if (rc < 0) 2070 2042 return rc; 2043 + in_len = rc; 2071 2044 2072 2045 if (lockType == LOCKING_ANDX_OPLOCK_RELEASE) { 2073 2046 /* no response expected */ ··· 2100 2071 /* oplock break */ 2101 2072 count = 0; 2102 2073 } 2103 - inc_rfc1001_len(pSMB, count); 2074 + in_len += count; 2104 2075 pSMB->ByteCount = cpu_to_le16(count); 2105 2076 2106 2077 if (waitFlag) 2107 - rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, 2078 + rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, in_len, 2108 2079 (struct smb_hdr *) pSMB, &bytes_returned); 2109 2080 else 2110 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *)pSMB, flags); 2081 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *)pSMB, in_len, flags); 2111 2082 cifs_small_buf_release(pSMB); 2112 2083 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 2113 2084 if (rc) ··· 2128 2099 struct smb_com_transaction2_sfi_req *pSMB = NULL; 2129 2100 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; 2130 2101 struct cifs_posix_lock *parm_data; 2102 + unsigned int in_len; 2131 2103 int rc = 0; 2132 2104 int timeout = 0; 2133 2105 int bytes_returned = 0; ··· 2140 2110 cifs_dbg(FYI, "Posix Lock\n"); 2141 2111 2142 2112 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 2143 - 2144 - if (rc) 2113 + if (rc < 0) 2145 2114 return rc; 2115 + in_len = rc; 2146 2116 2147 2117 pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB; 2148 2118 ··· 2151 2121 pSMB->Reserved = 0; 2152 2122 pSMB->Flags = 0; 2153 2123 pSMB->Reserved2 = 0; 2154 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 2124 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 2155 2125 offset = param_offset + params; 2156 2126 2157 2127 count = sizeof(struct cifs_posix_lock); ··· 2169 2139 pSMB->TotalDataCount = pSMB->DataCount; 2170 2140 pSMB->TotalParameterCount = pSMB->ParameterCount; 2171 2141 pSMB->ParameterOffset = cpu_to_le16(param_offset); 2172 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2173 - parm_data = (struct cifs_posix_lock *) 2174 - (((char *)pSMB) + offset + 4); 2142 + parm_data = (struct cifs_posix_lock *)(((char *)pSMB) + offset); 2175 2143 2176 2144 parm_data->lock_type = cpu_to_le16(lock_type); 2177 2145 if (waitFlag) { ··· 2187 2159 pSMB->Fid = smb_file_id; 2188 2160 pSMB->InformationLevel = cpu_to_le16(SMB_SET_POSIX_LOCK); 2189 2161 pSMB->Reserved4 = 0; 2190 - inc_rfc1001_len(pSMB, byte_count); 2162 + in_len += byte_count; 2191 2163 pSMB->ByteCount = cpu_to_le16(byte_count); 2192 2164 if (waitFlag) { 2193 - rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, 2165 + rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, in_len, 2194 2166 (struct smb_hdr *) pSMBr, &bytes_returned); 2195 2167 } else { 2196 2168 iov[0].iov_base = (char *)pSMB; 2197 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 2169 + iov[0].iov_len = in_len; 2198 2170 rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */, 2199 2171 &resp_buf_type, timeout, &rsp_iov); 2200 2172 pSMBr = (struct smb_com_transaction2_sfi_rsp *)rsp_iov.iov_base; ··· 2254 2226 { 2255 2227 int rc = 0; 2256 2228 CLOSE_REQ *pSMB = NULL; 2229 + unsigned int in_len; 2230 + 2257 2231 cifs_dbg(FYI, "In CIFSSMBClose\n"); 2258 2232 2259 2233 /* do not retry on dead session on close */ 2260 2234 rc = small_smb_init(SMB_COM_CLOSE, 3, tcon, (void **) &pSMB); 2261 2235 if (rc == -EAGAIN) 2262 2236 return 0; 2263 - if (rc) 2237 + if (rc < 0) 2264 2238 return rc; 2239 + in_len = rc; 2265 2240 2266 2241 pSMB->FileID = (__u16) smb_file_id; 2267 2242 pSMB->LastWriteTime = 0xFFFFFFFF; 2268 2243 pSMB->ByteCount = 0; 2269 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 2244 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 2270 2245 cifs_small_buf_release(pSMB); 2271 2246 cifs_stats_inc(&tcon->stats.cifs_stats.num_closes); 2272 2247 if (rc) { ··· 2291 2260 { 2292 2261 int rc = 0; 2293 2262 FLUSH_REQ *pSMB = NULL; 2263 + unsigned int in_len; 2264 + 2294 2265 cifs_dbg(FYI, "In CIFSSMBFlush\n"); 2295 2266 2296 2267 rc = small_smb_init(SMB_COM_FLUSH, 1, tcon, (void **) &pSMB); 2297 - if (rc) 2268 + if (rc < 0) 2298 2269 return rc; 2270 + in_len = rc; 2299 2271 2300 2272 pSMB->FileID = (__u16) smb_file_id; 2301 2273 pSMB->ByteCount = 0; 2302 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 2274 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 2303 2275 cifs_small_buf_release(pSMB); 2304 2276 cifs_stats_inc(&tcon->stats.cifs_stats.num_flushes); 2305 2277 if (rc) ··· 2319 2285 int rc = 0; 2320 2286 RENAME_REQ *pSMB = NULL; 2321 2287 RENAME_RSP *pSMBr = NULL; 2288 + unsigned int in_len; 2322 2289 int bytes_returned; 2323 2290 int name_len, name_len2; 2324 2291 __u16 count; ··· 2329 2294 renameRetry: 2330 2295 rc = smb_init(SMB_COM_RENAME, 1, tcon, (void **) &pSMB, 2331 2296 (void **) &pSMBr); 2332 - if (rc) 2297 + if (rc < 0) 2333 2298 return rc; 2299 + in_len = rc; 2334 2300 2335 2301 pSMB->BufferFormat = 0x04; 2336 2302 pSMB->SearchAttributes = ··· 2361 2325 } 2362 2326 2363 2327 count = 1 /* 1st signature byte */ + name_len + name_len2; 2364 - inc_rfc1001_len(pSMB, count); 2328 + in_len += count; 2365 2329 pSMB->ByteCount = cpu_to_le16(count); 2366 2330 2367 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2331 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2368 2332 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2369 2333 cifs_stats_inc(&tcon->stats.cifs_stats.num_renames); 2370 2334 if (rc) ··· 2385 2349 struct smb_com_transaction2_sfi_req *pSMB = NULL; 2386 2350 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; 2387 2351 struct set_file_rename *rename_info; 2352 + unsigned int in_len; 2388 2353 char *data_offset; 2389 2354 char dummy_string[30]; 2390 2355 int rc = 0; ··· 2396 2359 cifs_dbg(FYI, "Rename to File by handle\n"); 2397 2360 rc = smb_init(SMB_COM_TRANSACTION2, 15, pTcon, (void **) &pSMB, 2398 2361 (void **) &pSMBr); 2399 - if (rc) 2362 + if (rc < 0) 2400 2363 return rc; 2364 + in_len = rc; 2401 2365 2402 2366 params = 6; 2403 2367 pSMB->MaxSetupCount = 0; ··· 2406 2368 pSMB->Flags = 0; 2407 2369 pSMB->Timeout = 0; 2408 2370 pSMB->Reserved2 = 0; 2409 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 2371 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 2410 2372 offset = param_offset + params; 2411 2373 2412 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2413 - data_offset = (char *)(pSMB) + offset + 4; 2374 + data_offset = (char *)(pSMB) + offset; 2414 2375 rename_info = (struct set_file_rename *) data_offset; 2415 2376 pSMB->MaxParameterCount = cpu_to_le16(2); 2416 2377 pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */ ··· 2445 2408 pSMB->InformationLevel = 2446 2409 cpu_to_le16(SMB_SET_FILE_RENAME_INFORMATION); 2447 2410 pSMB->Reserved4 = 0; 2448 - inc_rfc1001_len(pSMB, byte_count); 2411 + in_len += byte_count; 2449 2412 pSMB->ByteCount = cpu_to_le16(byte_count); 2450 - rc = SendReceive(xid, pTcon->ses, (struct smb_hdr *) pSMB, 2413 + rc = SendReceive(xid, pTcon->ses, (struct smb_hdr *) pSMB, in_len, 2451 2414 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2452 2415 cifs_stats_inc(&pTcon->stats.cifs_stats.num_t2renames); 2453 2416 if (rc) ··· 2469 2432 { 2470 2433 TRANSACTION2_SPI_REQ *pSMB = NULL; 2471 2434 TRANSACTION2_SPI_RSP *pSMBr = NULL; 2435 + unsigned int in_len; 2472 2436 char *data_offset; 2473 2437 int name_len; 2474 2438 int name_len_target; ··· 2481 2443 createSymLinkRetry: 2482 2444 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2483 2445 (void **) &pSMBr); 2484 - if (rc) 2446 + if (rc < 0) 2485 2447 return rc; 2448 + in_len = rc; 2486 2449 2487 2450 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2488 2451 name_len = ··· 2503 2464 pSMB->Timeout = 0; 2504 2465 pSMB->Reserved2 = 0; 2505 2466 param_offset = offsetof(struct smb_com_transaction2_spi_req, 2506 - InformationLevel) - 4; 2467 + InformationLevel); 2507 2468 offset = param_offset + params; 2508 2469 2509 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2510 - data_offset = (char *)pSMB + offset + 4; 2470 + data_offset = (char *)pSMB + offset; 2511 2471 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2512 2472 name_len_target = 2513 2473 cifsConvertToUTF16((__le16 *) data_offset, toName, ··· 2533 2495 pSMB->DataOffset = cpu_to_le16(offset); 2534 2496 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_LINK); 2535 2497 pSMB->Reserved4 = 0; 2536 - inc_rfc1001_len(pSMB, byte_count); 2498 + in_len += byte_count; 2537 2499 pSMB->ByteCount = cpu_to_le16(byte_count); 2538 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2500 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2539 2501 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2540 2502 cifs_stats_inc(&tcon->stats.cifs_stats.num_symlinks); 2541 2503 if (rc) ··· 2557 2519 { 2558 2520 TRANSACTION2_SPI_REQ *pSMB = NULL; 2559 2521 TRANSACTION2_SPI_RSP *pSMBr = NULL; 2522 + unsigned int in_len; 2560 2523 char *data_offset; 2561 2524 int name_len; 2562 2525 int name_len_target; ··· 2569 2530 createHardLinkRetry: 2570 2531 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2571 2532 (void **) &pSMBr); 2572 - if (rc) 2533 + if (rc < 0) 2573 2534 return rc; 2535 + in_len = rc; 2574 2536 2575 2537 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2576 2538 name_len = cifsConvertToUTF16((__le16 *) pSMB->FileName, toName, ··· 2589 2549 pSMB->Timeout = 0; 2590 2550 pSMB->Reserved2 = 0; 2591 2551 param_offset = offsetof(struct smb_com_transaction2_spi_req, 2592 - InformationLevel) - 4; 2552 + InformationLevel); 2593 2553 offset = param_offset + params; 2594 2554 2595 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 2596 - data_offset = (char *)pSMB + offset + 4; 2555 + data_offset = (char *)pSMB + offset; 2597 2556 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2598 2557 name_len_target = 2599 2558 cifsConvertToUTF16((__le16 *) data_offset, fromName, ··· 2618 2579 pSMB->DataOffset = cpu_to_le16(offset); 2619 2580 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_HLINK); 2620 2581 pSMB->Reserved4 = 0; 2621 - inc_rfc1001_len(pSMB, byte_count); 2582 + in_len += byte_count; 2622 2583 pSMB->ByteCount = cpu_to_le16(byte_count); 2623 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2584 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2624 2585 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2625 2586 cifs_stats_inc(&tcon->stats.cifs_stats.num_hardlinks); 2626 2587 if (rc) ··· 2643 2604 int rc = 0; 2644 2605 NT_RENAME_REQ *pSMB = NULL; 2645 2606 RENAME_RSP *pSMBr = NULL; 2607 + unsigned int in_len; 2646 2608 int bytes_returned; 2647 2609 int name_len, name_len2; 2648 2610 __u16 count; ··· 2654 2614 2655 2615 rc = smb_init(SMB_COM_NT_RENAME, 4, tcon, (void **) &pSMB, 2656 2616 (void **) &pSMBr); 2657 - if (rc) 2617 + if (rc < 0) 2658 2618 return rc; 2619 + in_len = rc; 2659 2620 2660 2621 pSMB->SearchAttributes = 2661 2622 cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM | ··· 2690 2649 } 2691 2650 2692 2651 count = 1 /* string type byte */ + name_len + name_len2; 2693 - inc_rfc1001_len(pSMB, count); 2652 + in_len += count; 2694 2653 pSMB->ByteCount = cpu_to_le16(count); 2695 2654 2696 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2655 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2697 2656 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2698 2657 cifs_stats_inc(&tcon->stats.cifs_stats.num_hardlinks); 2699 2658 if (rc) ··· 2714 2673 /* SMB_QUERY_FILE_UNIX_LINK */ 2715 2674 TRANSACTION2_QPI_REQ *pSMB = NULL; 2716 2675 TRANSACTION2_QPI_RSP *pSMBr = NULL; 2676 + unsigned int in_len; 2717 2677 int rc = 0; 2718 2678 int bytes_returned; 2719 2679 int name_len; ··· 2726 2684 querySymLinkRetry: 2727 2685 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 2728 2686 (void **) &pSMBr); 2729 - if (rc) 2687 + if (rc < 0) 2730 2688 return rc; 2689 + in_len = rc; 2731 2690 2732 2691 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 2733 2692 name_len = ··· 2751 2708 pSMB->Timeout = 0; 2752 2709 pSMB->Reserved2 = 0; 2753 2710 pSMB->ParameterOffset = cpu_to_le16(offsetof( 2754 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 2711 + struct smb_com_transaction2_qpi_req, InformationLevel)); 2755 2712 pSMB->DataCount = 0; 2756 2713 pSMB->DataOffset = 0; 2757 2714 pSMB->SetupCount = 1; ··· 2762 2719 pSMB->ParameterCount = pSMB->TotalParameterCount; 2763 2720 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_LINK); 2764 2721 pSMB->Reserved4 = 0; 2765 - inc_rfc1001_len(pSMB, byte_count); 2722 + in_len += byte_count; 2766 2723 pSMB->ByteCount = cpu_to_le16(byte_count); 2767 2724 2768 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 2725 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 2769 2726 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 2770 2727 if (rc) { 2771 2728 cifs_dbg(FYI, "Send error in QuerySymLinkInfo = %d\n", rc); ··· 2813 2770 TRANSACT_IOCTL_REQ *io_req = NULL; 2814 2771 TRANSACT_IOCTL_RSP *io_rsp = NULL; 2815 2772 struct cifs_fid fid; 2773 + unsigned int in_len; 2816 2774 __u32 data_offset, data_count, len; 2817 2775 __u8 *start, *end; 2818 2776 int io_rsp_len; ··· 2845 2801 2846 2802 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, 2847 2803 (void **)&io_req, (void **)&io_rsp); 2848 - if (rc) 2804 + if (rc < 0) 2849 2805 goto error; 2806 + in_len = rc; 2850 2807 2851 2808 io_req->TotalParameterCount = 0; 2852 2809 io_req->TotalDataCount = 0; ··· 2868 2823 io_req->Fid = fid.netfid; 2869 2824 io_req->ByteCount = 0; 2870 2825 2871 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)io_req, 2826 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)io_req, in_len, 2872 2827 (struct smb_hdr *)io_rsp, &io_rsp_len, 0); 2873 2828 if (rc) 2874 2829 goto error; ··· 2942 2897 struct kvec in_iov[2]; 2943 2898 struct kvec out_iov; 2944 2899 struct cifs_fid fid; 2945 - int io_req_len; 2900 + unsigned int in_len; 2946 2901 int oplock = 0; 2947 2902 int buf_type = 0; 2948 2903 int rc; ··· 2998 2953 #endif 2999 2954 3000 2955 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, (void **)&io_req, NULL); 3001 - if (rc) 2956 + if (rc < 0) 3002 2957 goto out_close; 3003 - 3004 - inc_rfc1001_len(io_req, sizeof(io_req->Pad)); 3005 - 3006 - io_req_len = be32_to_cpu(io_req->hdr.smb_buf_length) + sizeof(io_req->hdr.smb_buf_length); 2958 + in_len = rc; 2959 + in_len += sizeof(io_req->Pad); 3007 2960 3008 2961 /* NT IOCTL response contains one-word long output setup buffer with size of output data. */ 3009 2962 io_req->MaxSetupCount = 1; ··· 3015 2972 io_req->ParameterCount = io_req->TotalParameterCount; 3016 2973 io_req->ParameterOffset = cpu_to_le32(0); 3017 2974 io_req->DataCount = io_req->TotalDataCount; 3018 - io_req->DataOffset = cpu_to_le32(offsetof(typeof(*io_req), Data) - 3019 - sizeof(io_req->hdr.smb_buf_length)); 2975 + io_req->DataOffset = cpu_to_le32(offsetof(typeof(*io_req), Data)); 3020 2976 io_req->SetupCount = 4; 3021 2977 io_req->SubCommand = cpu_to_le16(NT_TRANSACT_IOCTL); 3022 2978 io_req->FunctionCode = cpu_to_le32(FSCTL_SET_REPARSE_POINT); ··· 3024 2982 io_req->IsRootFlag = 0; 3025 2983 io_req->ByteCount = cpu_to_le16(le32_to_cpu(io_req->DataCount) + sizeof(io_req->Pad)); 3026 2984 3027 - inc_rfc1001_len(io_req, reparse_iov->iov_len); 3028 - 3029 2985 in_iov[0].iov_base = (char *)io_req; 3030 - in_iov[0].iov_len = io_req_len; 2986 + in_iov[0].iov_len = in_len; 3031 2987 in_iov[1] = *reparse_iov; 3032 2988 rc = SendReceive2(xid, tcon->ses, in_iov, ARRAY_SIZE(in_iov), &buf_type, 3033 2989 CIFS_NO_RSP_BUF, &out_iov); ··· 3057 3017 int bytes_returned; 3058 3018 struct smb_com_transaction_compr_ioctl_req *pSMB; 3059 3019 struct smb_com_transaction_ioctl_rsp *pSMBr; 3020 + unsigned int in_len; 3060 3021 3061 3022 cifs_dbg(FYI, "Set compression for %u\n", fid); 3062 3023 rc = smb_init(SMB_COM_NT_TRANSACT, 23, tcon, (void **) &pSMB, 3063 3024 (void **) &pSMBr); 3064 - if (rc) 3025 + if (rc < 0) 3065 3026 return rc; 3027 + in_len = rc; 3066 3028 3067 3029 pSMB->compression_state = cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 3068 3030 ··· 3078 3036 pSMB->DataCount = cpu_to_le32(2); 3079 3037 pSMB->DataOffset = 3080 3038 cpu_to_le32(offsetof(struct smb_com_transaction_compr_ioctl_req, 3081 - compression_state) - 4); /* 84 */ 3039 + compression_state)); /* 84 */ 3082 3040 pSMB->SetupCount = 4; 3083 3041 pSMB->SubCommand = cpu_to_le16(NT_TRANSACT_IOCTL); 3084 3042 pSMB->ParameterCount = 0; ··· 3088 3046 pSMB->Fid = fid; /* file handle always le */ 3089 3047 /* 3 byte pad, followed by 2 byte compress state */ 3090 3048 pSMB->ByteCount = cpu_to_le16(5); 3091 - inc_rfc1001_len(pSMB, 5); 3049 + in_len += 5; 3092 3050 3093 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3051 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3094 3052 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3095 3053 if (rc) 3096 3054 cifs_dbg(FYI, "Send error in SetCompression = %d\n", rc); ··· 3288 3246 /* SMB_QUERY_POSIX_ACL */ 3289 3247 TRANSACTION2_QPI_REQ *pSMB = NULL; 3290 3248 TRANSACTION2_QPI_RSP *pSMBr = NULL; 3249 + unsigned int in_len; 3291 3250 int rc = 0; 3292 3251 int bytes_returned; 3293 3252 int name_len; ··· 3299 3256 queryAclRetry: 3300 3257 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3301 3258 (void **) &pSMBr); 3302 - if (rc) 3259 + if (rc < 0) 3303 3260 return rc; 3261 + in_len = rc; 3304 3262 3305 3263 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3306 3264 name_len = ··· 3328 3284 pSMB->Reserved2 = 0; 3329 3285 pSMB->ParameterOffset = cpu_to_le16( 3330 3286 offsetof(struct smb_com_transaction2_qpi_req, 3331 - InformationLevel) - 4); 3287 + InformationLevel)); 3332 3288 pSMB->DataCount = 0; 3333 3289 pSMB->DataOffset = 0; 3334 3290 pSMB->SetupCount = 1; ··· 3339 3295 pSMB->ParameterCount = pSMB->TotalParameterCount; 3340 3296 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_POSIX_ACL); 3341 3297 pSMB->Reserved4 = 0; 3342 - inc_rfc1001_len(pSMB, byte_count); 3298 + in_len += byte_count; 3343 3299 pSMB->ByteCount = cpu_to_le16(byte_count); 3344 3300 3345 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3301 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3346 3302 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3347 3303 cifs_stats_inc(&tcon->stats.cifs_stats.num_acl_get); 3348 3304 if (rc) { ··· 3380 3336 { 3381 3337 struct smb_com_transaction2_spi_req *pSMB = NULL; 3382 3338 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 3339 + unsigned int in_len; 3383 3340 char *parm_data; 3384 3341 int name_len; 3385 3342 int rc = 0; ··· 3391 3346 setAclRetry: 3392 3347 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3393 3348 (void **) &pSMBr); 3394 - if (rc) 3349 + if (rc < 0) 3395 3350 return rc; 3351 + in_len = rc; 3396 3352 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3397 3353 name_len = 3398 3354 cifsConvertToUTF16((__le16 *) pSMB->FileName, fileName, ··· 3413 3367 pSMB->Timeout = 0; 3414 3368 pSMB->Reserved2 = 0; 3415 3369 param_offset = offsetof(struct smb_com_transaction2_spi_req, 3416 - InformationLevel) - 4; 3370 + InformationLevel); 3417 3371 offset = param_offset + params; 3418 - parm_data = ((char *)pSMB) + sizeof(pSMB->hdr.smb_buf_length) + offset; 3372 + parm_data = ((char *)pSMB) + offset; 3419 3373 pSMB->ParameterOffset = cpu_to_le16(param_offset); 3420 3374 3421 3375 /* convert to on the wire format for POSIX ACL */ ··· 3436 3390 pSMB->ParameterCount = cpu_to_le16(params); 3437 3391 pSMB->TotalParameterCount = pSMB->ParameterCount; 3438 3392 pSMB->Reserved4 = 0; 3439 - inc_rfc1001_len(pSMB, byte_count); 3393 + in_len += byte_count; 3440 3394 pSMB->ByteCount = cpu_to_le16(byte_count); 3441 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3395 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3442 3396 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3443 3397 if (rc) 3444 3398 cifs_dbg(FYI, "Set POSIX ACL returned %d\n", rc); ··· 3474 3428 int rc = 0; 3475 3429 struct smb_t2_qfi_req *pSMB = NULL; 3476 3430 struct smb_t2_qfi_rsp *pSMBr = NULL; 3431 + unsigned int in_len; 3477 3432 int bytes_returned; 3478 3433 __u16 params, byte_count; 3479 3434 ··· 3485 3438 GetExtAttrRetry: 3486 3439 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3487 3440 (void **) &pSMBr); 3488 - if (rc) 3441 + if (rc < 0) 3489 3442 return rc; 3443 + in_len = rc; 3490 3444 3491 3445 params = 2 /* level */ + 2 /* fid */; 3492 3446 pSMB->t2.TotalDataCount = 0; ··· 3500 3452 pSMB->t2.Timeout = 0; 3501 3453 pSMB->t2.Reserved2 = 0; 3502 3454 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 3503 - Fid) - 4); 3455 + Fid)); 3504 3456 pSMB->t2.DataCount = 0; 3505 3457 pSMB->t2.DataOffset = 0; 3506 3458 pSMB->t2.SetupCount = 1; ··· 3512 3464 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_ATTR_FLAGS); 3513 3465 pSMB->Pad = 0; 3514 3466 pSMB->Fid = netfid; 3515 - inc_rfc1001_len(pSMB, byte_count); 3467 + in_len += byte_count; 3516 3468 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 3517 3469 3518 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3470 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3519 3471 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3520 3472 if (rc) { 3521 3473 cifs_dbg(FYI, "error %d in GetExtAttr\n", rc); ··· 3568 3520 int rc; 3569 3521 __u32 temp_offset; 3570 3522 struct smb_com_ntransact_req *pSMB; 3523 + unsigned int in_len; 3571 3524 3572 3525 rc = small_smb_init(SMB_COM_NT_TRANSACT, 19 + setup_count, tcon, 3573 3526 (void **)&pSMB); 3574 - if (rc) 3527 + if (rc < 0) 3575 3528 return rc; 3529 + in_len = rc; 3576 3530 *ret_buf = (void *)pSMB; 3577 3531 pSMB->Reserved = 0; 3578 3532 pSMB->TotalParameterCount = cpu_to_le32(parm_len); ··· 3583 3533 pSMB->ParameterCount = pSMB->TotalParameterCount; 3584 3534 pSMB->DataCount = pSMB->TotalDataCount; 3585 3535 temp_offset = offsetof(struct smb_com_ntransact_req, Parms) + 3586 - (setup_count * 2) - 4 /* for rfc1001 length itself */; 3536 + (setup_count * 2); 3587 3537 pSMB->ParameterOffset = cpu_to_le32(temp_offset); 3588 3538 pSMB->DataOffset = cpu_to_le32(temp_offset + parm_len); 3589 3539 pSMB->SetupCount = setup_count; /* no need to le convert byte fields */ 3590 3540 pSMB->SubCommand = cpu_to_le16(sub_command); 3591 - return 0; 3541 + return in_len; 3592 3542 } 3593 3543 3594 3544 static int ··· 3654 3604 QUERY_SEC_DESC_REQ *pSMB; 3655 3605 struct kvec iov[1]; 3656 3606 struct kvec rsp_iov; 3607 + unsigned int in_len; 3657 3608 3658 3609 cifs_dbg(FYI, "GetCifsACL\n"); 3659 3610 ··· 3663 3612 3664 3613 rc = smb_init_nttransact(NT_TRANSACT_QUERY_SECURITY_DESC, 0, 3665 3614 8 /* parm len */, tcon, (void **) &pSMB); 3666 - if (rc) 3615 + if (rc < 0) 3667 3616 return rc; 3617 + in_len = rc; 3668 3618 3669 3619 pSMB->MaxParameterCount = cpu_to_le32(4); 3670 3620 /* BB TEST with big acls that might need to be e.g. larger than 16K */ ··· 3673 3621 pSMB->Fid = fid; /* file handle always le */ 3674 3622 pSMB->AclFlags = cpu_to_le32(info); 3675 3623 pSMB->ByteCount = cpu_to_le16(11); /* 3 bytes pad + 8 bytes parm */ 3676 - inc_rfc1001_len(pSMB, 11); 3624 + in_len += 11; 3677 3625 iov[0].iov_base = (char *)pSMB; 3678 - iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4; 3626 + iov[0].iov_len = in_len; 3679 3627 3680 3628 rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, 3681 3629 0, &rsp_iov); ··· 3744 3692 int rc = 0; 3745 3693 int bytes_returned = 0; 3746 3694 SET_SEC_DESC_REQ *pSMB = NULL; 3695 + unsigned int in_len; 3747 3696 void *pSMBr; 3748 3697 3749 3698 setCifsAclRetry: 3750 3699 rc = smb_init(SMB_COM_NT_TRANSACT, 19, tcon, (void **) &pSMB, &pSMBr); 3751 - if (rc) 3700 + if (rc < 0) 3752 3701 return rc; 3702 + in_len = rc; 3753 3703 3754 3704 pSMB->MaxSetupCount = 0; 3755 3705 pSMB->Reserved = 0; 3756 3706 3757 3707 param_count = 8; 3758 - param_offset = offsetof(struct smb_com_transaction_ssec_req, Fid) - 4; 3708 + param_offset = offsetof(struct smb_com_transaction_ssec_req, Fid); 3759 3709 data_count = acllen; 3760 3710 data_offset = param_offset + param_count; 3761 3711 byte_count = 3 /* pad */ + param_count; ··· 3779 3725 pSMB->AclFlags = cpu_to_le32(aclflag); 3780 3726 3781 3727 if (pntsd && acllen) { 3782 - memcpy((char *)pSMBr + offsetof(struct smb_hdr, Protocol) + 3783 - data_offset, pntsd, acllen); 3784 - inc_rfc1001_len(pSMB, byte_count + data_count); 3728 + memcpy((char *)pSMBr + data_offset, pntsd, acllen); 3729 + in_len += byte_count + data_count; 3785 3730 } else 3786 - inc_rfc1001_len(pSMB, byte_count); 3731 + in_len += byte_count; 3787 3732 3788 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3733 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3789 3734 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3790 3735 3791 3736 cifs_dbg(FYI, "SetCIFSACL bytes_returned: %d, rc: %d\n", ··· 3809 3756 { 3810 3757 QUERY_INFORMATION_REQ *pSMB; 3811 3758 QUERY_INFORMATION_RSP *pSMBr; 3759 + unsigned int in_len; 3812 3760 int rc = 0; 3813 3761 int bytes_returned; 3814 3762 int name_len; ··· 3818 3764 QInfRetry: 3819 3765 rc = smb_init(SMB_COM_QUERY_INFORMATION, 0, tcon, (void **) &pSMB, 3820 3766 (void **) &pSMBr); 3821 - if (rc) 3767 + if (rc < 0) 3822 3768 return rc; 3769 + in_len = rc; 3823 3770 3824 3771 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3825 3772 name_len = ··· 3834 3779 } 3835 3780 pSMB->BufferFormat = 0x04; 3836 3781 name_len++; /* account for buffer type byte */ 3837 - inc_rfc1001_len(pSMB, (__u16)name_len); 3782 + in_len += name_len; 3838 3783 pSMB->ByteCount = cpu_to_le16(name_len); 3839 3784 3840 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3785 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3841 3786 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3842 3787 if (rc) { 3843 3788 cifs_dbg(FYI, "Send error in QueryInfo = %d\n", rc); ··· 3876 3821 { 3877 3822 struct smb_t2_qfi_req *pSMB = NULL; 3878 3823 struct smb_t2_qfi_rsp *pSMBr = NULL; 3824 + unsigned int in_len; 3879 3825 int rc = 0; 3880 3826 int bytes_returned; 3881 3827 __u16 params, byte_count; ··· 3884 3828 QFileInfoRetry: 3885 3829 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3886 3830 (void **) &pSMBr); 3887 - if (rc) 3831 + if (rc < 0) 3888 3832 return rc; 3833 + in_len = rc; 3889 3834 3890 3835 params = 2 /* level */ + 2 /* fid */; 3891 3836 pSMB->t2.TotalDataCount = 0; ··· 3899 3842 pSMB->t2.Timeout = 0; 3900 3843 pSMB->t2.Reserved2 = 0; 3901 3844 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 3902 - Fid) - 4); 3845 + Fid)); 3903 3846 pSMB->t2.DataCount = 0; 3904 3847 pSMB->t2.DataOffset = 0; 3905 3848 pSMB->t2.SetupCount = 1; ··· 3911 3854 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_ALL_INFO); 3912 3855 pSMB->Pad = 0; 3913 3856 pSMB->Fid = netfid; 3914 - inc_rfc1001_len(pSMB, byte_count); 3857 + in_len += byte_count; 3915 3858 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 3916 3859 3917 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3860 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 3918 3861 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 3919 3862 if (rc) { 3920 3863 cifs_dbg(FYI, "Send error in QFileInfo = %d\n", rc); ··· 3949 3892 /* level 263 SMB_QUERY_FILE_ALL_INFO */ 3950 3893 TRANSACTION2_QPI_REQ *pSMB = NULL; 3951 3894 TRANSACTION2_QPI_RSP *pSMBr = NULL; 3895 + unsigned int in_len; 3952 3896 int rc = 0; 3953 3897 int bytes_returned; 3954 3898 int name_len; ··· 3959 3901 QPathInfoRetry: 3960 3902 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 3961 3903 (void **) &pSMBr); 3962 - if (rc) 3904 + if (rc < 0) 3963 3905 return rc; 3906 + in_len = rc; 3964 3907 3965 3908 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 3966 3909 name_len = ··· 3984 3925 pSMB->Timeout = 0; 3985 3926 pSMB->Reserved2 = 0; 3986 3927 pSMB->ParameterOffset = cpu_to_le16(offsetof( 3987 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 3928 + struct smb_com_transaction2_qpi_req, InformationLevel)); 3988 3929 pSMB->DataCount = 0; 3989 3930 pSMB->DataOffset = 0; 3990 3931 pSMB->SetupCount = 1; ··· 3998 3939 else 3999 3940 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_ALL_INFO); 4000 3941 pSMB->Reserved4 = 0; 4001 - inc_rfc1001_len(pSMB, byte_count); 3942 + in_len += byte_count; 4002 3943 pSMB->ByteCount = cpu_to_le16(byte_count); 4003 3944 4004 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 3945 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4005 3946 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4006 3947 if (rc) { 4007 3948 cifs_dbg(FYI, "Send error in QPathInfo = %d\n", rc); ··· 4047 3988 { 4048 3989 struct smb_t2_qfi_req *pSMB = NULL; 4049 3990 struct smb_t2_qfi_rsp *pSMBr = NULL; 3991 + unsigned int in_len; 4050 3992 int rc = 0; 4051 3993 int bytes_returned; 4052 3994 __u16 params, byte_count; ··· 4055 3995 UnixQFileInfoRetry: 4056 3996 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4057 3997 (void **) &pSMBr); 4058 - if (rc) 3998 + if (rc < 0) 4059 3999 return rc; 4000 + in_len = rc; 4060 4001 4061 4002 params = 2 /* level */ + 2 /* fid */; 4062 4003 pSMB->t2.TotalDataCount = 0; ··· 4070 4009 pSMB->t2.Timeout = 0; 4071 4010 pSMB->t2.Reserved2 = 0; 4072 4011 pSMB->t2.ParameterOffset = cpu_to_le16(offsetof(struct smb_t2_qfi_req, 4073 - Fid) - 4); 4012 + Fid)); 4074 4013 pSMB->t2.DataCount = 0; 4075 4014 pSMB->t2.DataOffset = 0; 4076 4015 pSMB->t2.SetupCount = 1; ··· 4082 4021 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 4083 4022 pSMB->Pad = 0; 4084 4023 pSMB->Fid = netfid; 4085 - inc_rfc1001_len(pSMB, byte_count); 4024 + in_len += byte_count; 4086 4025 pSMB->t2.ByteCount = cpu_to_le16(byte_count); 4087 4026 4088 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4027 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4089 4028 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4090 4029 if (rc) { 4091 4030 cifs_dbg(FYI, "Send error in UnixQFileInfo = %d\n", rc); ··· 4120 4059 /* SMB_QUERY_FILE_UNIX_BASIC */ 4121 4060 TRANSACTION2_QPI_REQ *pSMB = NULL; 4122 4061 TRANSACTION2_QPI_RSP *pSMBr = NULL; 4062 + unsigned int in_len; 4123 4063 int rc = 0; 4124 4064 int bytes_returned = 0; 4125 4065 int name_len; ··· 4130 4068 UnixQPathInfoRetry: 4131 4069 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4132 4070 (void **) &pSMBr); 4133 - if (rc) 4071 + if (rc < 0) 4134 4072 return rc; 4073 + in_len = rc; 4135 4074 4136 4075 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 4137 4076 name_len = ··· 4155 4092 pSMB->Timeout = 0; 4156 4093 pSMB->Reserved2 = 0; 4157 4094 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4158 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 4095 + struct smb_com_transaction2_qpi_req, InformationLevel)); 4159 4096 pSMB->DataCount = 0; 4160 4097 pSMB->DataOffset = 0; 4161 4098 pSMB->SetupCount = 1; ··· 4166 4103 pSMB->ParameterCount = pSMB->TotalParameterCount; 4167 4104 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC); 4168 4105 pSMB->Reserved4 = 0; 4169 - inc_rfc1001_len(pSMB, byte_count); 4106 + in_len += byte_count; 4170 4107 pSMB->ByteCount = cpu_to_le16(byte_count); 4171 4108 4172 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4109 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4173 4110 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4174 4111 if (rc) { 4175 4112 cifs_dbg(FYI, "Send error in UnixQPathInfo = %d\n", rc); ··· 4206 4143 TRANSACTION2_FFIRST_RSP *pSMBr = NULL; 4207 4144 T2_FFIRST_RSP_PARMS *parms; 4208 4145 struct nls_table *nls_codepage; 4209 - unsigned int lnoff; 4146 + unsigned int in_len, lnoff; 4210 4147 __u16 params, byte_count; 4211 4148 int bytes_returned = 0; 4212 4149 int name_len, remap; ··· 4217 4154 findFirstRetry: 4218 4155 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4219 4156 (void **) &pSMBr); 4220 - if (rc) 4157 + if (rc < 0) 4221 4158 return rc; 4159 + in_len = rc; 4222 4160 4223 4161 nls_codepage = cifs_sb->local_nls; 4224 4162 remap = cifs_remap(cifs_sb); ··· 4279 4215 pSMB->TotalParameterCount = cpu_to_le16(params); 4280 4216 pSMB->ParameterCount = pSMB->TotalParameterCount; 4281 4217 pSMB->ParameterOffset = cpu_to_le16( 4282 - offsetof(struct smb_com_transaction2_ffirst_req, SearchAttributes) 4283 - - 4); 4218 + offsetof(struct smb_com_transaction2_ffirst_req, SearchAttributes)); 4284 4219 pSMB->DataCount = 0; 4285 4220 pSMB->DataOffset = 0; 4286 4221 pSMB->SetupCount = 1; /* one byte, no need to make endian neutral */ ··· 4294 4231 4295 4232 /* BB what should we set StorageType to? Does it matter? BB */ 4296 4233 pSMB->SearchStorageType = 0; 4297 - inc_rfc1001_len(pSMB, byte_count); 4234 + in_len += byte_count; 4298 4235 pSMB->ByteCount = cpu_to_le16(byte_count); 4299 4236 4300 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4237 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4301 4238 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4302 4239 cifs_stats_inc(&tcon->stats.cifs_stats.num_ffirst); 4303 4240 ··· 4356 4293 TRANSACTION2_FNEXT_REQ *pSMB = NULL; 4357 4294 TRANSACTION2_FNEXT_RSP *pSMBr = NULL; 4358 4295 T2_FNEXT_RSP_PARMS *parms; 4359 - unsigned int name_len; 4296 + unsigned int name_len, in_len; 4360 4297 unsigned int lnoff; 4361 4298 __u16 params, byte_count; 4362 4299 char *response_data; ··· 4370 4307 4371 4308 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4372 4309 (void **) &pSMBr); 4373 - if (rc) 4310 + if (rc < 0) 4374 4311 return rc; 4312 + in_len = rc; 4375 4313 4376 4314 params = 14; /* includes 2 bytes of null string, converted to LE below*/ 4377 4315 byte_count = 0; ··· 4385 4321 pSMB->Timeout = 0; 4386 4322 pSMB->Reserved2 = 0; 4387 4323 pSMB->ParameterOffset = cpu_to_le16( 4388 - offsetof(struct smb_com_transaction2_fnext_req,SearchHandle) - 4); 4324 + offsetof(struct smb_com_transaction2_fnext_req, SearchHandle)); 4389 4325 pSMB->DataCount = 0; 4390 4326 pSMB->DataOffset = 0; 4391 4327 pSMB->SetupCount = 1; ··· 4413 4349 byte_count = params + 1 /* pad */ ; 4414 4350 pSMB->TotalParameterCount = cpu_to_le16(params); 4415 4351 pSMB->ParameterCount = pSMB->TotalParameterCount; 4416 - inc_rfc1001_len(pSMB, byte_count); 4352 + in_len += byte_count; 4417 4353 pSMB->ByteCount = cpu_to_le16(byte_count); 4418 4354 4419 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4355 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4420 4356 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4421 4357 cifs_stats_inc(&tcon->stats.cifs_stats.num_fnext); 4422 4358 ··· 4482 4418 { 4483 4419 int rc = 0; 4484 4420 FINDCLOSE_REQ *pSMB = NULL; 4421 + unsigned int in_len; 4485 4422 4486 4423 cifs_dbg(FYI, "In CIFSSMBFindClose\n"); 4487 4424 rc = small_smb_init(SMB_COM_FIND_CLOSE2, 1, tcon, (void **)&pSMB); ··· 4491 4426 as file handle has been closed */ 4492 4427 if (rc == -EAGAIN) 4493 4428 return 0; 4494 - if (rc) 4429 + if (rc < 0) 4495 4430 return rc; 4431 + in_len = rc; 4496 4432 4497 4433 pSMB->FileID = searchHandle; 4498 4434 pSMB->ByteCount = 0; 4499 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 4435 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 4500 4436 cifs_small_buf_release(pSMB); 4501 4437 if (rc) 4502 4438 cifs_dbg(VFS, "Send error in FindClose = %d\n", rc); ··· 4519 4453 int rc = 0; 4520 4454 TRANSACTION2_QPI_REQ *pSMB = NULL; 4521 4455 TRANSACTION2_QPI_RSP *pSMBr = NULL; 4456 + unsigned int in_len; 4522 4457 int name_len, bytes_returned; 4523 4458 __u16 params, byte_count; 4524 4459 ··· 4530 4463 GetInodeNumberRetry: 4531 4464 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4532 4465 (void **) &pSMBr); 4533 - if (rc) 4466 + if (rc < 0) 4534 4467 return rc; 4468 + in_len = rc; 4535 4469 4536 4470 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 4537 4471 name_len = ··· 4556 4488 pSMB->Timeout = 0; 4557 4489 pSMB->Reserved2 = 0; 4558 4490 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4559 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 4491 + struct smb_com_transaction2_qpi_req, InformationLevel)); 4560 4492 pSMB->DataCount = 0; 4561 4493 pSMB->DataOffset = 0; 4562 4494 pSMB->SetupCount = 1; ··· 4567 4499 pSMB->ParameterCount = pSMB->TotalParameterCount; 4568 4500 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FILE_INTERNAL_INFO); 4569 4501 pSMB->Reserved4 = 0; 4570 - inc_rfc1001_len(pSMB, byte_count); 4502 + in_len += byte_count; 4571 4503 pSMB->ByteCount = cpu_to_le16(byte_count); 4572 4504 4573 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4505 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4574 4506 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4575 4507 if (rc) { 4576 4508 cifs_dbg(FYI, "error %d in QueryInternalInfo\n", rc); ··· 4613 4545 /* TRANS2_GET_DFS_REFERRAL */ 4614 4546 TRANSACTION2_GET_DFS_REFER_REQ *pSMB = NULL; 4615 4547 TRANSACTION2_GET_DFS_REFER_RSP *pSMBr = NULL; 4548 + unsigned int in_len; 4616 4549 int rc = 0; 4617 4550 int bytes_returned; 4618 4551 int name_len; ··· 4633 4564 */ 4634 4565 rc = smb_init(SMB_COM_TRANSACTION2, 15, ses->tcon_ipc, 4635 4566 (void **)&pSMB, (void **)&pSMBr); 4636 - if (rc) 4567 + if (rc < 0) 4637 4568 return rc; 4569 + in_len = rc; 4638 4570 4639 4571 /* server pointer checked in called function, 4640 4572 but should never be null here anyway */ ··· 4677 4607 pSMB->Timeout = 0; 4678 4608 pSMB->Reserved2 = 0; 4679 4609 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4680 - struct smb_com_transaction2_get_dfs_refer_req, MaxReferralLevel) - 4); 4610 + struct smb_com_transaction2_get_dfs_refer_req, MaxReferralLevel)); 4681 4611 pSMB->SetupCount = 1; 4682 4612 pSMB->Reserved3 = 0; 4683 4613 pSMB->SubCommand = cpu_to_le16(TRANS2_GET_DFS_REFERRAL); ··· 4685 4615 pSMB->ParameterCount = cpu_to_le16(params); 4686 4616 pSMB->TotalParameterCount = pSMB->ParameterCount; 4687 4617 pSMB->MaxReferralLevel = cpu_to_le16(3); 4688 - inc_rfc1001_len(pSMB, byte_count); 4618 + in_len += byte_count; 4689 4619 pSMB->ByteCount = cpu_to_le16(byte_count); 4690 4620 4691 - rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, 4621 + rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, in_len, 4692 4622 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4693 4623 if (rc) { 4694 4624 cifs_dbg(FYI, "Send error in GetDFSRefer = %d\n", rc); ··· 4730 4660 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4731 4661 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4732 4662 FILE_SYSTEM_ALLOC_INFO *response_data; 4663 + unsigned int in_len; 4733 4664 int rc = 0; 4734 4665 int bytes_returned = 0; 4735 4666 __u16 params, byte_count; ··· 4739 4668 oldQFSInfoRetry: 4740 4669 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4741 4670 (void **) &pSMBr); 4742 - if (rc) 4671 + if (rc < 0) 4743 4672 return rc; 4673 + in_len = rc; 4744 4674 4745 4675 params = 2; /* level */ 4746 4676 pSMB->TotalDataCount = 0; ··· 4756 4684 pSMB->TotalParameterCount = cpu_to_le16(params); 4757 4685 pSMB->ParameterCount = pSMB->TotalParameterCount; 4758 4686 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4759 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4687 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4760 4688 pSMB->DataCount = 0; 4761 4689 pSMB->DataOffset = 0; 4762 4690 pSMB->SetupCount = 1; 4763 4691 pSMB->Reserved3 = 0; 4764 4692 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4765 4693 pSMB->InformationLevel = cpu_to_le16(SMB_INFO_ALLOCATION); 4766 - inc_rfc1001_len(pSMB, byte_count); 4694 + in_len += byte_count; 4767 4695 pSMB->ByteCount = cpu_to_le16(byte_count); 4768 4696 4769 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4697 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4770 4698 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4771 4699 if (rc) { 4772 4700 cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc); ··· 4819 4747 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4820 4748 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4821 4749 FILE_SYSTEM_SIZE_INFO *response_data; 4750 + unsigned int in_len; 4822 4751 int rc = 0; 4823 4752 int bytes_returned = 0; 4824 4753 __u16 params, byte_count; ··· 4828 4755 QFSInfoRetry: 4829 4756 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4830 4757 (void **) &pSMBr); 4831 - if (rc) 4758 + if (rc < 0) 4832 4759 return rc; 4760 + in_len = rc; 4833 4761 4834 4762 params = 2; /* level */ 4835 4763 pSMB->TotalDataCount = 0; ··· 4845 4771 pSMB->TotalParameterCount = cpu_to_le16(params); 4846 4772 pSMB->ParameterCount = pSMB->TotalParameterCount; 4847 4773 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4848 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4774 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4849 4775 pSMB->DataCount = 0; 4850 4776 pSMB->DataOffset = 0; 4851 4777 pSMB->SetupCount = 1; 4852 4778 pSMB->Reserved3 = 0; 4853 4779 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4854 4780 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_SIZE_INFO); 4855 - inc_rfc1001_len(pSMB, byte_count); 4781 + in_len += byte_count; 4856 4782 pSMB->ByteCount = cpu_to_le16(byte_count); 4857 4783 4858 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4784 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4859 4785 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4860 4786 if (rc) { 4861 4787 cifs_dbg(FYI, "Send error in QFSInfo = %d\n", rc); ··· 4907 4833 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4908 4834 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4909 4835 FILE_SYSTEM_ATTRIBUTE_INFO *response_data; 4836 + unsigned int in_len; 4910 4837 int rc = 0; 4911 4838 int bytes_returned = 0; 4912 4839 __u16 params, byte_count; ··· 4916 4841 QFSAttributeRetry: 4917 4842 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4918 4843 (void **) &pSMBr); 4919 - if (rc) 4844 + if (rc < 0) 4920 4845 return rc; 4846 + in_len = rc; 4921 4847 4922 4848 params = 2; /* level */ 4923 4849 pSMB->TotalDataCount = 0; ··· 4934 4858 pSMB->TotalParameterCount = cpu_to_le16(params); 4935 4859 pSMB->ParameterCount = pSMB->TotalParameterCount; 4936 4860 pSMB->ParameterOffset = cpu_to_le16(offsetof( 4937 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4861 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 4938 4862 pSMB->DataCount = 0; 4939 4863 pSMB->DataOffset = 0; 4940 4864 pSMB->SetupCount = 1; 4941 4865 pSMB->Reserved3 = 0; 4942 4866 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 4943 4867 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_ATTRIBUTE_INFO); 4944 - inc_rfc1001_len(pSMB, byte_count); 4868 + in_len += byte_count; 4945 4869 pSMB->ByteCount = cpu_to_le16(byte_count); 4946 4870 4947 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4871 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 4948 4872 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 4949 4873 if (rc) { 4950 4874 cifs_dbg(VFS, "Send error in QFSAttributeInfo = %d\n", rc); ··· 4979 4903 TRANSACTION2_QFSI_REQ *pSMB = NULL; 4980 4904 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 4981 4905 FILE_SYSTEM_DEVICE_INFO *response_data; 4906 + unsigned int in_len; 4982 4907 int rc = 0; 4983 4908 int bytes_returned = 0; 4984 4909 __u16 params, byte_count; ··· 4988 4911 QFSDeviceRetry: 4989 4912 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 4990 4913 (void **) &pSMBr); 4991 - if (rc) 4914 + if (rc < 0) 4992 4915 return rc; 4916 + in_len = rc; 4993 4917 4994 4918 params = 2; /* level */ 4995 4919 pSMB->TotalDataCount = 0; ··· 5006 4928 pSMB->TotalParameterCount = cpu_to_le16(params); 5007 4929 pSMB->ParameterCount = pSMB->TotalParameterCount; 5008 4930 pSMB->ParameterOffset = cpu_to_le16(offsetof( 5009 - struct smb_com_transaction2_qfsi_req, InformationLevel) - 4); 4931 + struct smb_com_transaction2_qfsi_req, InformationLevel)); 5010 4932 5011 4933 pSMB->DataCount = 0; 5012 4934 pSMB->DataOffset = 0; ··· 5014 4936 pSMB->Reserved3 = 0; 5015 4937 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5016 4938 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_FS_DEVICE_INFO); 5017 - inc_rfc1001_len(pSMB, byte_count); 4939 + in_len += byte_count; 5018 4940 pSMB->ByteCount = cpu_to_le16(byte_count); 5019 4941 5020 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 4942 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5021 4943 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5022 4944 if (rc) { 5023 4945 cifs_dbg(FYI, "Send error in QFSDeviceInfo = %d\n", rc); ··· 5052 4974 TRANSACTION2_QFSI_REQ *pSMB = NULL; 5053 4975 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 5054 4976 FILE_SYSTEM_UNIX_INFO *response_data; 4977 + unsigned int in_len; 5055 4978 int rc = 0; 5056 4979 int bytes_returned = 0; 5057 4980 __u16 params, byte_count; ··· 5061 4982 QFSUnixRetry: 5062 4983 rc = smb_init_no_reconnect(SMB_COM_TRANSACTION2, 15, tcon, 5063 4984 (void **) &pSMB, (void **) &pSMBr); 5064 - if (rc) 4985 + if (rc < 0) 5065 4986 return rc; 4987 + in_len = rc; 5066 4988 5067 4989 params = 2; /* level */ 5068 4990 pSMB->TotalDataCount = 0; ··· 5081 5001 pSMB->ParameterCount = cpu_to_le16(params); 5082 5002 pSMB->TotalParameterCount = pSMB->ParameterCount; 5083 5003 pSMB->ParameterOffset = cpu_to_le16(offsetof(struct 5084 - smb_com_transaction2_qfsi_req, InformationLevel) - 4); 5004 + smb_com_transaction2_qfsi_req, InformationLevel)); 5085 5005 pSMB->SetupCount = 1; 5086 5006 pSMB->Reserved3 = 0; 5087 5007 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5088 5008 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_CIFS_UNIX_INFO); 5089 - inc_rfc1001_len(pSMB, byte_count); 5009 + in_len += byte_count; 5090 5010 pSMB->ByteCount = cpu_to_le16(byte_count); 5091 5011 5092 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5012 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5093 5013 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5094 5014 if (rc) { 5095 5015 cifs_dbg(VFS, "Send error in QFSUnixInfo = %d\n", rc); ··· 5123 5043 /* level 0x200 SMB_SET_CIFS_UNIX_INFO */ 5124 5044 TRANSACTION2_SETFSI_REQ *pSMB = NULL; 5125 5045 TRANSACTION2_SETFSI_RSP *pSMBr = NULL; 5046 + unsigned int in_len; 5126 5047 int rc = 0; 5127 5048 int bytes_returned = 0; 5128 5049 __u16 params, param_offset, offset, byte_count; ··· 5133 5052 /* BB switch to small buf init to save memory */ 5134 5053 rc = smb_init_no_reconnect(SMB_COM_TRANSACTION2, 15, tcon, 5135 5054 (void **) &pSMB, (void **) &pSMBr); 5136 - if (rc) 5055 + if (rc < 0) 5137 5056 return rc; 5057 + in_len = rc; 5138 5058 5139 5059 params = 4; /* 2 bytes zero followed by info level. */ 5140 5060 pSMB->MaxSetupCount = 0; ··· 5143 5061 pSMB->Flags = 0; 5144 5062 pSMB->Timeout = 0; 5145 5063 pSMB->Reserved2 = 0; 5146 - param_offset = offsetof(struct smb_com_transaction2_setfsi_req, FileNum) 5147 - - 4; 5064 + param_offset = offsetof(struct smb_com_transaction2_setfsi_req, FileNum); 5148 5065 offset = param_offset + params; 5149 5066 5150 5067 pSMB->MaxParameterCount = cpu_to_le16(4); ··· 5170 5089 pSMB->ClientUnixMinor = cpu_to_le16(CIFS_UNIX_MINOR_VERSION); 5171 5090 pSMB->ClientUnixCap = cpu_to_le64(cap); 5172 5091 5173 - inc_rfc1001_len(pSMB, byte_count); 5092 + in_len += byte_count; 5174 5093 pSMB->ByteCount = cpu_to_le16(byte_count); 5175 5094 5176 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5095 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5177 5096 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5178 5097 if (rc) { 5179 5098 cifs_dbg(VFS, "Send error in SETFSUnixInfo = %d\n", rc); ··· 5200 5119 TRANSACTION2_QFSI_REQ *pSMB = NULL; 5201 5120 TRANSACTION2_QFSI_RSP *pSMBr = NULL; 5202 5121 FILE_SYSTEM_POSIX_INFO *response_data; 5122 + unsigned int in_len; 5203 5123 int rc = 0; 5204 5124 int bytes_returned = 0; 5205 5125 __u16 params, byte_count; ··· 5209 5127 QFSPosixRetry: 5210 5128 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5211 5129 (void **) &pSMBr); 5212 - if (rc) 5130 + if (rc < 0) 5213 5131 return rc; 5132 + in_len = rc; 5214 5133 5215 5134 params = 2; /* level */ 5216 5135 pSMB->TotalDataCount = 0; ··· 5229 5146 pSMB->ParameterCount = cpu_to_le16(params); 5230 5147 pSMB->TotalParameterCount = pSMB->ParameterCount; 5231 5148 pSMB->ParameterOffset = cpu_to_le16(offsetof(struct 5232 - smb_com_transaction2_qfsi_req, InformationLevel) - 4); 5149 + smb_com_transaction2_qfsi_req, InformationLevel)); 5233 5150 pSMB->SetupCount = 1; 5234 5151 pSMB->Reserved3 = 0; 5235 5152 pSMB->SubCommand = cpu_to_le16(TRANS2_QUERY_FS_INFORMATION); 5236 5153 pSMB->InformationLevel = cpu_to_le16(SMB_QUERY_POSIX_FS_INFO); 5237 - inc_rfc1001_len(pSMB, byte_count); 5154 + in_len += byte_count; 5238 5155 pSMB->ByteCount = cpu_to_le16(byte_count); 5239 5156 5240 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5157 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5241 5158 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5242 5159 if (rc) { 5243 5160 cifs_dbg(FYI, "Send error in QFSUnixInfo = %d\n", rc); ··· 5302 5219 struct smb_com_transaction2_spi_req *pSMB = NULL; 5303 5220 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 5304 5221 struct file_end_of_file_info *parm_data; 5222 + unsigned int in_len; 5305 5223 int name_len; 5306 5224 int rc = 0; 5307 5225 int bytes_returned = 0; ··· 5314 5230 SetEOFRetry: 5315 5231 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5316 5232 (void **) &pSMBr); 5317 - if (rc) 5233 + if (rc < 0) 5318 5234 return rc; 5235 + in_len = rc; 5319 5236 5320 5237 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5321 5238 name_len = ··· 5337 5252 pSMB->Timeout = 0; 5338 5253 pSMB->Reserved2 = 0; 5339 5254 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5340 - InformationLevel) - 4; 5255 + InformationLevel); 5341 5256 offset = param_offset + params; 5342 5257 if (set_allocation) { 5343 5258 if (tcon->ses->capabilities & CAP_INFOLEVEL_PASSTHRU) ··· 5369 5284 pSMB->ParameterCount = cpu_to_le16(params); 5370 5285 pSMB->TotalParameterCount = pSMB->ParameterCount; 5371 5286 pSMB->Reserved4 = 0; 5372 - inc_rfc1001_len(pSMB, byte_count); 5287 + in_len += byte_count; 5373 5288 parm_data->FileSize = cpu_to_le64(size); 5374 5289 pSMB->ByteCount = cpu_to_le16(byte_count); 5375 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5290 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5376 5291 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5377 5292 if (rc) 5378 5293 cifs_dbg(FYI, "SetPathInfo (file size) returned %d\n", rc); ··· 5391 5306 { 5392 5307 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5393 5308 struct file_end_of_file_info *parm_data; 5309 + unsigned int in_len; 5394 5310 int rc = 0; 5395 5311 __u16 params, param_offset, offset, byte_count, count; 5396 5312 5397 5313 cifs_dbg(FYI, "SetFileSize (via SetFileInfo) %lld\n", 5398 5314 (long long)size); 5399 5315 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5400 - 5401 - if (rc) 5316 + if (rc < 0) 5402 5317 return rc; 5318 + in_len = rc; 5403 5319 5404 5320 pSMB->hdr.Pid = cpu_to_le16((__u16)cfile->pid); 5405 5321 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(cfile->pid >> 16)); ··· 5411 5325 pSMB->Flags = 0; 5412 5326 pSMB->Timeout = 0; 5413 5327 pSMB->Reserved2 = 0; 5414 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5328 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5415 5329 offset = param_offset + params; 5416 5330 5417 5331 count = sizeof(struct file_end_of_file_info); ··· 5427 5341 pSMB->TotalDataCount = pSMB->DataCount; 5428 5342 pSMB->TotalParameterCount = pSMB->ParameterCount; 5429 5343 pSMB->ParameterOffset = cpu_to_le16(param_offset); 5430 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5431 5344 parm_data = 5432 - (struct file_end_of_file_info *)(((char *)pSMB) + offset + 4); 5345 + (struct file_end_of_file_info *)(((char *)pSMB) + offset); 5433 5346 pSMB->DataOffset = cpu_to_le16(offset); 5434 5347 parm_data->FileSize = cpu_to_le64(size); 5435 5348 pSMB->Fid = cfile->fid.netfid; ··· 5448 5363 cpu_to_le16(SMB_SET_FILE_END_OF_FILE_INFO); 5449 5364 } 5450 5365 pSMB->Reserved4 = 0; 5451 - inc_rfc1001_len(pSMB, byte_count); 5366 + in_len += byte_count; 5452 5367 pSMB->ByteCount = cpu_to_le16(byte_count); 5453 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5368 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5454 5369 cifs_small_buf_release(pSMB); 5455 5370 if (rc) { 5456 5371 cifs_dbg(FYI, "Send error in SetFileInfo (SetFileSize) = %d\n", ··· 5472 5387 SETATTR_REQ *pSMB; 5473 5388 SETATTR_RSP *pSMBr; 5474 5389 struct timespec64 ts; 5390 + unsigned int in_len; 5475 5391 int bytes_returned; 5476 5392 int name_len; 5477 5393 int rc; ··· 5482 5396 retry: 5483 5397 rc = smb_init(SMB_COM_SETATTR, 8, tcon, (void **) &pSMB, 5484 5398 (void **) &pSMBr); 5485 - if (rc) 5399 + if (rc < 0) 5486 5400 return rc; 5401 + in_len = rc; 5487 5402 5488 5403 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5489 5404 name_len = ··· 5506 5419 } 5507 5420 pSMB->BufferFormat = 0x04; 5508 5421 name_len++; /* account for buffer type byte */ 5509 - inc_rfc1001_len(pSMB, (__u16)name_len); 5422 + in_len += name_len; 5510 5423 pSMB->ByteCount = cpu_to_le16(name_len); 5511 5424 5512 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5425 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5513 5426 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5514 5427 if (rc) 5515 5428 cifs_dbg(FYI, "Send error in %s = %d\n", __func__, rc); ··· 5533 5446 const FILE_BASIC_INFO *data, __u16 fid, __u32 pid_of_opener) 5534 5447 { 5535 5448 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5449 + unsigned int in_len; 5536 5450 char *data_offset; 5537 5451 int rc = 0; 5538 5452 __u16 params, param_offset, offset, byte_count, count; 5539 5453 5540 5454 cifs_dbg(FYI, "Set Times (via SetFileInfo)\n"); 5541 5455 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5542 - 5543 - if (rc) 5456 + if (rc < 0) 5544 5457 return rc; 5458 + in_len = rc; 5545 5459 5546 5460 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5547 5461 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5553 5465 pSMB->Flags = 0; 5554 5466 pSMB->Timeout = 0; 5555 5467 pSMB->Reserved2 = 0; 5556 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5468 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5557 5469 offset = param_offset + params; 5558 5470 5559 - data_offset = (char *)pSMB + 5560 - offsetof(struct smb_hdr, Protocol) + offset; 5471 + data_offset = (char *)pSMB + offset; 5561 5472 5562 5473 count = sizeof(FILE_BASIC_INFO); 5563 5474 pSMB->MaxParameterCount = cpu_to_le16(2); ··· 5578 5491 else 5579 5492 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_BASIC_INFO); 5580 5493 pSMB->Reserved4 = 0; 5581 - inc_rfc1001_len(pSMB, byte_count); 5494 + in_len += byte_count; 5582 5495 pSMB->ByteCount = cpu_to_le16(byte_count); 5583 5496 memcpy(data_offset, data, sizeof(FILE_BASIC_INFO)); 5584 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5497 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5585 5498 cifs_small_buf_release(pSMB); 5586 5499 if (rc) 5587 5500 cifs_dbg(FYI, "Send error in Set Time (SetFileInfo) = %d\n", ··· 5598 5511 bool delete_file, __u16 fid, __u32 pid_of_opener) 5599 5512 { 5600 5513 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5514 + unsigned int in_len; 5601 5515 char *data_offset; 5602 5516 int rc = 0; 5603 5517 __u16 params, param_offset, offset, byte_count, count; 5604 5518 5605 5519 cifs_dbg(FYI, "Set File Disposition (via SetFileInfo)\n"); 5606 5520 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5607 - 5608 - if (rc) 5521 + if (rc < 0) 5609 5522 return rc; 5523 + in_len = rc; 5610 5524 5611 5525 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5612 5526 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5618 5530 pSMB->Flags = 0; 5619 5531 pSMB->Timeout = 0; 5620 5532 pSMB->Reserved2 = 0; 5621 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5533 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5622 5534 offset = param_offset + params; 5623 - 5624 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5625 - data_offset = (char *)(pSMB) + offset + 4; 5535 + data_offset = (char *)(pSMB) + offset; 5626 5536 5627 5537 count = 1; 5628 5538 pSMB->MaxParameterCount = cpu_to_le16(2); ··· 5639 5553 pSMB->Fid = fid; 5640 5554 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_DISPOSITION_INFO); 5641 5555 pSMB->Reserved4 = 0; 5642 - inc_rfc1001_len(pSMB, byte_count); 5556 + in_len += byte_count; 5643 5557 pSMB->ByteCount = cpu_to_le16(byte_count); 5644 5558 *data_offset = delete_file ? 1 : 0; 5645 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5559 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5646 5560 cifs_small_buf_release(pSMB); 5647 5561 if (rc) 5648 5562 cifs_dbg(FYI, "Send error in SetFileDisposition = %d\n", rc); ··· 5690 5604 { 5691 5605 TRANSACTION2_SPI_REQ *pSMB = NULL; 5692 5606 TRANSACTION2_SPI_RSP *pSMBr = NULL; 5607 + unsigned int in_len; 5693 5608 int name_len; 5694 5609 int rc = 0; 5695 5610 int bytes_returned = 0; ··· 5703 5616 SetTimesRetry: 5704 5617 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5705 5618 (void **) &pSMBr); 5706 - if (rc) 5619 + if (rc < 0) 5707 5620 return rc; 5621 + in_len = rc; 5708 5622 5709 5623 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5710 5624 name_len = ··· 5728 5640 pSMB->Timeout = 0; 5729 5641 pSMB->Reserved2 = 0; 5730 5642 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5731 - InformationLevel) - 4; 5643 + InformationLevel); 5732 5644 offset = param_offset + params; 5733 5645 data_offset = (char *)pSMB + offsetof(typeof(*pSMB), hdr.Protocol) + offset; 5734 5646 pSMB->ParameterOffset = cpu_to_le16(param_offset); ··· 5747 5659 else 5748 5660 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_BASIC_INFO); 5749 5661 pSMB->Reserved4 = 0; 5750 - inc_rfc1001_len(pSMB, byte_count); 5662 + in_len += byte_count; 5751 5663 memcpy(data_offset, data, sizeof(FILE_BASIC_INFO)); 5752 5664 pSMB->ByteCount = cpu_to_le16(byte_count); 5753 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5665 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5754 5666 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5755 5667 if (rc) 5756 5668 cifs_dbg(FYI, "SetPathInfo (times) returned %d\n", rc); ··· 5820 5732 u16 fid, u32 pid_of_opener) 5821 5733 { 5822 5734 struct smb_com_transaction2_sfi_req *pSMB = NULL; 5735 + unsigned int in_len; 5823 5736 char *data_offset; 5824 5737 int rc = 0; 5825 5738 u16 params, param_offset, offset, byte_count, count; 5826 5739 5827 5740 cifs_dbg(FYI, "Set Unix Info (via SetFileInfo)\n"); 5828 5741 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 5829 - 5830 - if (rc) 5742 + if (rc < 0) 5831 5743 return rc; 5744 + in_len = rc; 5832 5745 5833 5746 pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); 5834 5747 pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); ··· 5840 5751 pSMB->Flags = 0; 5841 5752 pSMB->Timeout = 0; 5842 5753 pSMB->Reserved2 = 0; 5843 - param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid) - 4; 5754 + param_offset = offsetof(struct smb_com_transaction2_sfi_req, Fid); 5844 5755 offset = param_offset + params; 5845 5756 5846 - data_offset = (char *)pSMB + 5847 - offsetof(struct smb_hdr, Protocol) + offset; 5757 + data_offset = (char *)pSMB + offset; 5848 5758 5849 5759 count = sizeof(FILE_UNIX_BASIC_INFO); 5850 5760 ··· 5863 5775 pSMB->Fid = fid; 5864 5776 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_BASIC); 5865 5777 pSMB->Reserved4 = 0; 5866 - inc_rfc1001_len(pSMB, byte_count); 5778 + in_len += byte_count; 5867 5779 pSMB->ByteCount = cpu_to_le16(byte_count); 5868 5780 5869 5781 cifs_fill_unix_set_info((FILE_UNIX_BASIC_INFO *)data_offset, args); 5870 5782 5871 - rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, 0); 5783 + rc = SendReceiveNoRsp(xid, tcon->ses, (char *) pSMB, in_len, 0); 5872 5784 cifs_small_buf_release(pSMB); 5873 5785 if (rc) 5874 5786 cifs_dbg(FYI, "Send error in Set Time (SetFileInfo) = %d\n", ··· 5888 5800 { 5889 5801 TRANSACTION2_SPI_REQ *pSMB = NULL; 5890 5802 TRANSACTION2_SPI_RSP *pSMBr = NULL; 5803 + unsigned int in_len; 5891 5804 int name_len; 5892 5805 int rc = 0; 5893 5806 int bytes_returned = 0; ··· 5899 5810 setPermsRetry: 5900 5811 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5901 5812 (void **) &pSMBr); 5902 - if (rc) 5813 + if (rc < 0) 5903 5814 return rc; 5815 + in_len = rc; 5904 5816 5905 5817 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5906 5818 name_len = ··· 5924 5834 pSMB->Timeout = 0; 5925 5835 pSMB->Reserved2 = 0; 5926 5836 param_offset = offsetof(struct smb_com_transaction2_spi_req, 5927 - InformationLevel) - 4; 5837 + InformationLevel); 5928 5838 offset = param_offset + params; 5929 - /* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */ 5930 - data_offset = (FILE_UNIX_BASIC_INFO *)((char *) pSMB + offset + 4); 5839 + data_offset = (FILE_UNIX_BASIC_INFO *)((char *) pSMB + offset); 5931 5840 memset(data_offset, 0, count); 5932 5841 pSMB->DataOffset = cpu_to_le16(offset); 5933 5842 pSMB->ParameterOffset = cpu_to_le16(param_offset); ··· 5940 5851 pSMB->TotalDataCount = pSMB->DataCount; 5941 5852 pSMB->InformationLevel = cpu_to_le16(SMB_SET_FILE_UNIX_BASIC); 5942 5853 pSMB->Reserved4 = 0; 5943 - inc_rfc1001_len(pSMB, byte_count); 5854 + in_len += byte_count; 5944 5855 5945 5856 cifs_fill_unix_set_info(data_offset, args); 5946 5857 5947 5858 pSMB->ByteCount = cpu_to_le16(byte_count); 5948 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5859 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 5949 5860 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 5950 5861 if (rc) 5951 5862 cifs_dbg(FYI, "SetPathInfo (perms) returned %d\n", rc); ··· 5977 5888 TRANSACTION2_QPI_RSP *pSMBr = NULL; 5978 5889 int remap = cifs_remap(cifs_sb); 5979 5890 struct nls_table *nls_codepage = cifs_sb->local_nls; 5891 + unsigned int in_len; 5980 5892 int rc = 0; 5981 5893 int bytes_returned; 5982 5894 int list_len; ··· 5992 5902 QAllEAsRetry: 5993 5903 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 5994 5904 (void **) &pSMBr); 5995 - if (rc) 5905 + if (rc < 0) 5996 5906 return rc; 5907 + in_len = rc; 5997 5908 5998 5909 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 5999 5910 list_len = ··· 6017 5926 pSMB->Timeout = 0; 6018 5927 pSMB->Reserved2 = 0; 6019 5928 pSMB->ParameterOffset = cpu_to_le16(offsetof( 6020 - struct smb_com_transaction2_qpi_req, InformationLevel) - 4); 5929 + struct smb_com_transaction2_qpi_req, InformationLevel)); 6021 5930 pSMB->DataCount = 0; 6022 5931 pSMB->DataOffset = 0; 6023 5932 pSMB->SetupCount = 1; ··· 6028 5937 pSMB->ParameterCount = pSMB->TotalParameterCount; 6029 5938 pSMB->InformationLevel = cpu_to_le16(SMB_INFO_QUERY_ALL_EAS); 6030 5939 pSMB->Reserved4 = 0; 6031 - inc_rfc1001_len(pSMB, byte_count); 5940 + in_len += byte_count; 6032 5941 pSMB->ByteCount = cpu_to_le16(byte_count); 6033 5942 6034 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 5943 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 6035 5944 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 6036 5945 if (rc) { 6037 5946 cifs_dbg(FYI, "Send error in QueryAllEAs = %d\n", rc); ··· 6163 6072 struct smb_com_transaction2_spi_req *pSMB = NULL; 6164 6073 struct smb_com_transaction2_spi_rsp *pSMBr = NULL; 6165 6074 struct fealist *parm_data; 6075 + unsigned int in_len; 6166 6076 int name_len; 6167 6077 int rc = 0; 6168 6078 int bytes_returned = 0; ··· 6174 6082 SetEARetry: 6175 6083 rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB, 6176 6084 (void **) &pSMBr); 6177 - if (rc) 6085 + if (rc < 0) 6178 6086 return rc; 6087 + in_len = rc; 6179 6088 6180 6089 if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) { 6181 6090 name_len = ··· 6208 6115 pSMB->Timeout = 0; 6209 6116 pSMB->Reserved2 = 0; 6210 6117 param_offset = offsetof(struct smb_com_transaction2_spi_req, 6211 - InformationLevel) - 4; 6118 + InformationLevel); 6212 6119 offset = param_offset + params; 6213 6120 pSMB->InformationLevel = 6214 6121 cpu_to_le16(SMB_SET_FILE_EA); 6215 6122 6216 - parm_data = (void *)pSMB + offsetof(struct smb_hdr, Protocol) + offset; 6123 + parm_data = (void *)pSMB + offset; 6217 6124 pSMB->ParameterOffset = cpu_to_le16(param_offset); 6218 6125 pSMB->DataOffset = cpu_to_le16(offset); 6219 6126 pSMB->SetupCount = 1; ··· 6242 6149 pSMB->ParameterCount = cpu_to_le16(params); 6243 6150 pSMB->TotalParameterCount = pSMB->ParameterCount; 6244 6151 pSMB->Reserved4 = 0; 6245 - inc_rfc1001_len(pSMB, byte_count); 6152 + in_len += byte_count; 6246 6153 pSMB->ByteCount = cpu_to_le16(byte_count); 6247 - rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, 6154 + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, in_len, 6248 6155 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 6249 6156 if (rc) 6250 6157 cifs_dbg(FYI, "SetPathInfo (EA) returned %d\n", rc);

+87 -121

fs/smb/client/cifstransport.c

··· 74 74 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 75 75 unsigned int smb_buf_length) 76 76 { 77 - struct kvec iov[2]; 78 - struct smb_rqst rqst = { .rq_iov = iov, 79 - .rq_nvec = 2 }; 80 - 81 - iov[0].iov_base = smb_buffer; 82 - iov[0].iov_len = 4; 83 - iov[1].iov_base = (char *)smb_buffer + 4; 84 - iov[1].iov_len = smb_buf_length; 77 + struct kvec iov[1] = { 78 + [0].iov_base = smb_buffer, 79 + [0].iov_len = smb_buf_length, 80 + }; 81 + struct smb_rqst rqst = { 82 + .rq_iov = iov, 83 + .rq_nvec = ARRAY_SIZE(iov), 84 + }; 85 85 86 86 return __smb_send_rqst(server, 1, &rqst); 87 87 } ··· 125 125 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 126 126 struct mid_q_entry *mid; 127 127 128 - if (rqst->rq_iov[0].iov_len != 4 || 129 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 130 - return ERR_PTR(-EIO); 131 - 132 128 /* enable signing if server requires it */ 133 129 if (server->sign) 134 130 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; ··· 153 157 */ 154 158 int 155 159 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 156 - char *in_buf, int flags) 160 + char *in_buf, unsigned int in_len, int flags) 157 161 { 158 162 int rc; 159 163 struct kvec iov[1]; ··· 161 165 int resp_buf_type; 162 166 163 167 iov[0].iov_base = in_buf; 164 - iov[0].iov_len = get_rfc1002_len(in_buf) + 4; 168 + iov[0].iov_len = in_len; 165 169 flags |= CIFS_NO_RSP_BUF; 166 170 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 167 171 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); ··· 173 177 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 174 178 bool log_error) 175 179 { 176 - unsigned int len = get_rfc1002_len(mid->resp_buf) + 4; 180 + unsigned int len = mid->response_pdu_len; 177 181 178 182 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 179 183 180 184 /* convert the length into a more usable form */ 181 185 if (server->sign) { 182 - struct kvec iov[2]; 186 + struct kvec iov[1]; 183 187 int rc = 0; 184 188 struct smb_rqst rqst = { .rq_iov = iov, 185 - .rq_nvec = 2 }; 189 + .rq_nvec = ARRAY_SIZE(iov) }; 186 190 187 191 iov[0].iov_base = mid->resp_buf; 188 - iov[0].iov_len = 4; 189 - iov[1].iov_base = (char *)mid->resp_buf + 4; 190 - iov[1].iov_len = len - 4; 192 + iov[0].iov_len = len; 191 193 /* FIXME: add code to kill session */ 192 194 rc = cifs_verify_signature(&rqst, server, 193 195 mid->sequence_number); ··· 206 212 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 207 213 struct mid_q_entry *mid; 208 214 209 - if (rqst->rq_iov[0].iov_len != 4 || 210 - rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 211 - return ERR_PTR(-EIO); 212 - 213 215 rc = allocate_mid(ses, hdr, &mid); 214 216 if (rc) 215 217 return ERR_PTR(rc); ··· 222 232 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 223 233 const int flags, struct kvec *resp_iov) 224 234 { 225 - struct smb_rqst rqst; 226 - struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 227 - int rc; 235 + struct smb_rqst rqst = { 236 + .rq_iov = iov, 237 + .rq_nvec = n_vec, 238 + }; 228 239 229 - if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 230 - new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 231 - GFP_KERNEL); 232 - if (!new_iov) { 233 - /* otherwise cifs_send_recv below sets resp_buf_type */ 234 - *resp_buf_type = CIFS_NO_BUFFER; 235 - return -ENOMEM; 236 - } 237 - } else 238 - new_iov = s_iov; 239 - 240 - /* 1st iov is a RFC1001 length followed by the rest of the packet */ 241 - memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 242 - 243 - new_iov[0].iov_base = new_iov[1].iov_base; 244 - new_iov[0].iov_len = 4; 245 - new_iov[1].iov_base += 4; 246 - new_iov[1].iov_len -= 4; 247 - 248 - memset(&rqst, 0, sizeof(struct smb_rqst)); 249 - rqst.rq_iov = new_iov; 250 - rqst.rq_nvec = n_vec + 1; 251 - 252 - rc = cifs_send_recv(xid, ses, ses->server, 253 - &rqst, resp_buf_type, flags, resp_iov); 254 - if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 255 - kfree(new_iov); 256 - return rc; 240 + return cifs_send_recv(xid, ses, ses->server, 241 + &rqst, resp_buf_type, flags, resp_iov); 257 242 } 258 243 259 244 int 260 245 SendReceive(const unsigned int xid, struct cifs_ses *ses, 261 - struct smb_hdr *in_buf, struct smb_hdr *out_buf, 262 - int *pbytes_returned, const int flags) 246 + struct smb_hdr *in_buf, unsigned int in_len, 247 + struct smb_hdr *out_buf, int *pbytes_returned, const int flags) 263 248 { 264 249 int rc = 0; 265 - struct mid_q_entry *midQ; 266 - unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 267 - struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 250 + struct mid_q_entry *mid; 251 + struct kvec iov = { .iov_base = in_buf, .iov_len = in_len }; 268 252 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 269 253 struct cifs_credits credits = { .value = 1, .instance = 0 }; 270 254 struct TCP_Server_Info *server; 271 255 256 + if (WARN_ON_ONCE(in_len > 0xffffff)) 257 + return -EIO; 272 258 if (ses == NULL) { 273 259 cifs_dbg(VFS, "Null smb session\n"); 274 260 return -EIO; ··· 266 300 to the same server. We may make this configurable later or 267 301 use ses->maxReq */ 268 302 269 - if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 303 + if (in_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 270 304 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 271 - len); 305 + in_len); 272 306 return -EIO; 273 307 } 274 308 ··· 282 316 283 317 cifs_server_lock(server); 284 318 285 - rc = allocate_mid(ses, in_buf, &midQ); 319 + rc = allocate_mid(ses, in_buf, &mid); 286 320 if (rc) { 287 321 cifs_server_unlock(server); 288 322 /* Update # of requests on wire to server */ ··· 290 324 return rc; 291 325 } 292 326 293 - rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 327 + rc = cifs_sign_smb(in_buf, in_len, server, &mid->sequence_number); 294 328 if (rc) { 295 329 cifs_server_unlock(server); 296 330 goto out; 297 331 } 298 332 299 - midQ->mid_state = MID_REQUEST_SUBMITTED; 333 + mid->mid_state = MID_REQUEST_SUBMITTED; 300 334 301 - rc = smb_send(server, in_buf, len); 302 - cifs_save_when_sent(midQ); 335 + rc = smb_send(server, in_buf, in_len); 336 + cifs_save_when_sent(mid); 303 337 304 338 if (rc < 0) 305 339 server->sequence_number -= 2; ··· 309 343 if (rc < 0) 310 344 goto out; 311 345 312 - rc = wait_for_response(server, midQ); 346 + rc = wait_for_response(server, mid); 313 347 if (rc != 0) { 314 - send_cancel(server, &rqst, midQ); 315 - spin_lock(&midQ->mid_lock); 316 - if (midQ->callback) { 348 + send_cancel(server, &rqst, mid); 349 + spin_lock(&mid->mid_lock); 350 + if (mid->callback) { 317 351 /* no longer considered to be "in-flight" */ 318 - midQ->callback = release_mid; 319 - spin_unlock(&midQ->mid_lock); 352 + mid->callback = release_mid; 353 + spin_unlock(&mid->mid_lock); 320 354 add_credits(server, &credits, 0); 321 355 return rc; 322 356 } 323 - spin_unlock(&midQ->mid_lock); 357 + spin_unlock(&mid->mid_lock); 324 358 } 325 359 326 - rc = cifs_sync_mid_result(midQ, server); 360 + rc = cifs_sync_mid_result(mid, server); 327 361 if (rc != 0) { 328 362 add_credits(server, &credits, 0); 329 363 return rc; 330 364 } 331 365 332 - if (!midQ->resp_buf || !out_buf || 333 - midQ->mid_state != MID_RESPONSE_READY) { 366 + if (!mid->resp_buf || !out_buf || 367 + mid->mid_state != MID_RESPONSE_READY) { 334 368 rc = -EIO; 335 369 cifs_server_dbg(VFS, "Bad MID state?\n"); 336 370 goto out; 337 371 } 338 372 339 - *pbytes_returned = get_rfc1002_len(midQ->resp_buf); 340 - memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 341 - rc = cifs_check_receive(midQ, server, 0); 373 + *pbytes_returned = mid->response_pdu_len; 374 + memcpy(out_buf, mid->resp_buf, *pbytes_returned); 375 + rc = cifs_check_receive(mid, server, 0); 342 376 out: 343 - delete_mid(midQ); 377 + delete_mid(mid); 344 378 add_credits(server, &credits, 0); 345 379 346 380 return rc; ··· 351 385 352 386 static int 353 387 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 354 - struct smb_hdr *in_buf, 355 - struct smb_hdr *out_buf) 388 + struct smb_hdr *in_buf, unsigned int in_len, 389 + struct smb_hdr *out_buf) 356 390 { 357 391 int bytes_returned; 358 392 struct cifs_ses *ses = tcon->ses; ··· 367 401 pSMB->Timeout = 0; 368 402 pSMB->hdr.Mid = get_next_mid(ses->server); 369 403 370 - return SendReceive(xid, ses, in_buf, out_buf, 404 + return SendReceive(xid, ses, in_buf, in_len, out_buf, 371 405 &bytes_returned, 0); 372 406 } 373 407 374 - int 375 - SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 376 - struct smb_hdr *in_buf, struct smb_hdr *out_buf, 377 - int *pbytes_returned) 408 + int SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 409 + struct smb_hdr *in_buf, unsigned int in_len, 410 + struct smb_hdr *out_buf, int *pbytes_returned) 378 411 { 379 412 int rc = 0; 380 413 int rstart = 0; 381 - struct mid_q_entry *midQ; 414 + struct mid_q_entry *mid; 382 415 struct cifs_ses *ses; 383 - unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 384 - struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 416 + struct kvec iov = { .iov_base = in_buf, .iov_len = in_len }; 385 417 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 386 418 unsigned int instance; 387 419 struct TCP_Server_Info *server; 388 420 421 + if (WARN_ON_ONCE(in_len > 0xffffff)) 422 + return -EIO; 389 423 if (tcon == NULL || tcon->ses == NULL) { 390 424 cifs_dbg(VFS, "Null smb session\n"); 391 425 return -EIO; ··· 409 443 to the same server. We may make this configurable later or 410 444 use ses->maxReq */ 411 445 412 - if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 446 + if (in_len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 413 447 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 414 - len); 448 + in_len); 415 449 return -EIO; 416 450 } 417 451 ··· 425 459 426 460 cifs_server_lock(server); 427 461 428 - rc = allocate_mid(ses, in_buf, &midQ); 462 + rc = allocate_mid(ses, in_buf, &mid); 429 463 if (rc) { 430 464 cifs_server_unlock(server); 431 465 return rc; 432 466 } 433 467 434 - rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 468 + rc = cifs_sign_smb(in_buf, in_len, server, &mid->sequence_number); 435 469 if (rc) { 436 - delete_mid(midQ); 470 + delete_mid(mid); 437 471 cifs_server_unlock(server); 438 472 return rc; 439 473 } 440 474 441 - midQ->mid_state = MID_REQUEST_SUBMITTED; 442 - rc = smb_send(server, in_buf, len); 443 - cifs_save_when_sent(midQ); 475 + mid->mid_state = MID_REQUEST_SUBMITTED; 476 + rc = smb_send(server, in_buf, in_len); 477 + cifs_save_when_sent(mid); 444 478 445 479 if (rc < 0) 446 480 server->sequence_number -= 2; ··· 448 482 cifs_server_unlock(server); 449 483 450 484 if (rc < 0) { 451 - delete_mid(midQ); 485 + delete_mid(mid); 452 486 return rc; 453 487 } 454 488 455 489 /* Wait for a reply - allow signals to interrupt. */ 456 490 rc = wait_event_interruptible(server->response_q, 457 - (!(midQ->mid_state == MID_REQUEST_SUBMITTED || 458 - midQ->mid_state == MID_RESPONSE_RECEIVED)) || 491 + (!(mid->mid_state == MID_REQUEST_SUBMITTED || 492 + mid->mid_state == MID_RESPONSE_RECEIVED)) || 459 493 ((server->tcpStatus != CifsGood) && 460 494 (server->tcpStatus != CifsNew))); 461 495 462 496 /* Were we interrupted by a signal ? */ 463 497 spin_lock(&server->srv_lock); 464 498 if ((rc == -ERESTARTSYS) && 465 - (midQ->mid_state == MID_REQUEST_SUBMITTED || 466 - midQ->mid_state == MID_RESPONSE_RECEIVED) && 499 + (mid->mid_state == MID_REQUEST_SUBMITTED || 500 + mid->mid_state == MID_RESPONSE_RECEIVED) && 467 501 ((server->tcpStatus == CifsGood) || 468 502 (server->tcpStatus == CifsNew))) { 469 503 spin_unlock(&server->srv_lock); ··· 471 505 if (in_buf->Command == SMB_COM_TRANSACTION2) { 472 506 /* POSIX lock. We send a NT_CANCEL SMB to cause the 473 507 blocking lock to return. */ 474 - rc = send_cancel(server, &rqst, midQ); 508 + rc = send_cancel(server, &rqst, mid); 475 509 if (rc) { 476 - delete_mid(midQ); 510 + delete_mid(mid); 477 511 return rc; 478 512 } 479 513 } else { 480 514 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 481 515 to cause the blocking lock to return. */ 482 516 483 - rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 517 + rc = send_lock_cancel(xid, tcon, in_buf, in_len, out_buf); 484 518 485 519 /* If we get -ENOLCK back the lock may have 486 520 already been removed. Don't exit in this case. */ 487 521 if (rc && rc != -ENOLCK) { 488 - delete_mid(midQ); 522 + delete_mid(mid); 489 523 return rc; 490 524 } 491 525 } 492 526 493 - rc = wait_for_response(server, midQ); 527 + rc = wait_for_response(server, mid); 494 528 if (rc) { 495 - send_cancel(server, &rqst, midQ); 496 - spin_lock(&midQ->mid_lock); 497 - if (midQ->callback) { 529 + send_cancel(server, &rqst, mid); 530 + spin_lock(&mid->mid_lock); 531 + if (mid->callback) { 498 532 /* no longer considered to be "in-flight" */ 499 - midQ->callback = release_mid; 500 - spin_unlock(&midQ->mid_lock); 533 + mid->callback = release_mid; 534 + spin_unlock(&mid->mid_lock); 501 535 return rc; 502 536 } 503 - spin_unlock(&midQ->mid_lock); 537 + spin_unlock(&mid->mid_lock); 504 538 } 505 539 506 540 /* We got the response - restart system call. */ ··· 509 543 } 510 544 spin_unlock(&server->srv_lock); 511 545 512 - rc = cifs_sync_mid_result(midQ, server); 546 + rc = cifs_sync_mid_result(mid, server); 513 547 if (rc != 0) 514 548 return rc; 515 549 516 550 /* rcvd frame is ok */ 517 - if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) { 551 + if (out_buf == NULL || mid->mid_state != MID_RESPONSE_READY) { 518 552 rc = -EIO; 519 553 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 520 554 goto out; 521 555 } 522 556 523 - *pbytes_returned = get_rfc1002_len(midQ->resp_buf); 524 - memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 525 - rc = cifs_check_receive(midQ, server, 0); 557 + *pbytes_returned = mid->response_pdu_len; 558 + memcpy(out_buf, mid->resp_buf, *pbytes_returned); 559 + rc = cifs_check_receive(mid, server, 0); 526 560 out: 527 - delete_mid(midQ); 561 + delete_mid(mid); 528 562 if (rstart && rc == -EACCES) 529 563 return -ERESTARTSYS; 530 564 return rc;

+17 -19

fs/smb/client/connect.c

··· 1155 1155 unsigned int pdu_length = server->pdu_size; 1156 1156 1157 1157 /* make sure this will fit in a large buffer */ 1158 - if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server) - 1159 - HEADER_PREAMBLE_SIZE(server)) { 1158 + if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) { 1160 1159 cifs_server_dbg(VFS, "SMB response too long (%u bytes)\n", pdu_length); 1161 1160 cifs_reconnect(server, true); 1162 1161 return -ECONNABORTED; 1163 1162 } 1164 1163 1165 1164 /* switch to large buffer if too big for a small one */ 1166 - if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) { 1165 + if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE) { 1167 1166 server->large_buf = true; 1168 1167 memcpy(server->bigbuf, buf, server->total_read); 1169 1168 buf = server->bigbuf; ··· 1195 1196 * 48 bytes is enough to display the header and a little bit 1196 1197 * into the payload for debugging purposes. 1197 1198 */ 1198 - rc = server->ops->check_message(buf, server->total_read, server); 1199 + rc = server->ops->check_message(buf, server->pdu_size, 1200 + server->total_read, server); 1199 1201 if (rc) 1200 1202 cifs_dump_mem("Bad SMB: ", buf, 1201 1203 min_t(unsigned int, server->total_read, 48)); ··· 1286 1286 if (length < 0) 1287 1287 continue; 1288 1288 1289 - if (is_smb1(server)) 1290 - server->total_read = length; 1291 - else 1292 - server->total_read = 0; 1289 + server->total_read = 0; 1293 1290 1294 1291 /* 1295 1292 * The right amount was read from socket - 4 bytes, 1296 1293 * so we can now interpret the length field. 1297 1294 */ 1298 - pdu_length = get_rfc1002_len(buf); 1295 + pdu_length = be32_to_cpup(((__be32 *)buf)) & 0xffffff; 1299 1296 1300 1297 cifs_dbg(FYI, "RFC1002 header 0x%x\n", pdu_length); 1301 1298 if (!is_smb_response(server, buf[0])) ··· 1311 1314 } 1312 1315 1313 1316 /* read down to the MID */ 1314 - length = cifs_read_from_socket(server, 1315 - buf + HEADER_PREAMBLE_SIZE(server), 1316 - MID_HEADER_SIZE(server)); 1317 + length = cifs_read_from_socket(server, buf, 1318 + MID_HEADER_SIZE(server)); 1317 1319 if (length < 0) 1318 1320 continue; 1319 1321 server->total_read += length; ··· 1344 1348 bufs[0] = buf; 1345 1349 num_mids = 1; 1346 1350 1351 + if (mids[0]) 1352 + mids[0]->response_pdu_len = pdu_length; 1347 1353 if (!mids[0] || !mids[0]->receive) 1348 1354 length = standard_receive3(server, mids[0]); 1349 1355 else ··· 1404 1406 smb2_add_credits_from_hdr(bufs[i], server); 1405 1407 #ifdef CONFIG_CIFS_DEBUG2 1406 1408 if (server->ops->dump_detail) 1407 - server->ops->dump_detail(bufs[i], 1409 + server->ops->dump_detail(bufs[i], pdu_length, 1408 1410 server); 1409 1411 cifs_dump_mids(server); 1410 1412 #endif /* CIFS_DEBUG2 */ ··· 3997 3999 TCONX_RSP *pSMBr; 3998 4000 unsigned char *bcc_ptr; 3999 4001 int rc = 0; 4000 - int length; 4002 + int length, in_len; 4001 4003 __u16 bytes_left, count; 4002 4004 4003 4005 if (ses == NULL) ··· 4009 4011 4010 4012 smb_buffer_response = smb_buffer; 4011 4013 4012 - header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX, 4013 - NULL /*no tid */, 4 /*wct */); 4014 + in_len = header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX, 4015 + NULL /*no tid */, 4 /*wct */); 4014 4016 4015 4017 smb_buffer->Mid = get_next_mid(ses->server); 4016 4018 smb_buffer->Uid = ses->Suid; ··· 4051 4053 bcc_ptr += strlen("?????"); 4052 4054 bcc_ptr += 1; 4053 4055 count = bcc_ptr - &pSMB->Password[0]; 4054 - be32_add_cpu(&pSMB->hdr.smb_buf_length, count); 4056 + in_len += count; 4055 4057 pSMB->ByteCount = cpu_to_le16(count); 4056 4058 4057 - rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 4058 - 0); 4059 + rc = SendReceive(xid, ses, smb_buffer, in_len, smb_buffer_response, 4060 + &length, 0); 4059 4061 4060 4062 /* above now done in SendReceive */ 4061 4063 if (rc == 0) {

+17 -17

fs/smb/client/misc.c

··· 264 264 265 265 /* NB: MID can not be set if treeCon not passed in, in that 266 266 case it is responsibility of caller to set the mid */ 267 - void 268 - header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , 267 + unsigned int 268 + header_assemble(struct smb_hdr *buffer, char smb_command, 269 269 const struct cifs_tcon *treeCon, int word_count 270 270 /* length of fixed section (word count) in two byte units */) 271 271 { 272 + unsigned int in_len; 272 273 char *temp = (char *) buffer; 273 274 274 275 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */ 275 276 276 - buffer->smb_buf_length = cpu_to_be32( 277 - (2 * word_count) + sizeof(struct smb_hdr) - 278 - 4 /* RFC 1001 length field does not count */ + 279 - 2 /* for bcc field itself */) ; 277 + in_len = (2 * word_count) + sizeof(struct smb_hdr) + 278 + 2 /* for bcc field itself */; 280 279 281 280 buffer->Protocol[0] = 0xFF; 282 281 buffer->Protocol[1] = 'S'; ··· 310 311 311 312 /* endian conversion of flags is now done just before sending */ 312 313 buffer->WordCount = (char) word_count; 313 - return; 314 + return in_len; 314 315 } 315 316 316 317 static int ··· 345 346 } 346 347 347 348 int 348 - checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) 349 + checkSMB(char *buf, unsigned int pdu_len, unsigned int total_read, 350 + struct TCP_Server_Info *server) 349 351 { 350 352 struct smb_hdr *smb = (struct smb_hdr *)buf; 351 - __u32 rfclen = be32_to_cpu(smb->smb_buf_length); 353 + __u32 rfclen = pdu_len; 352 354 __u32 clc_len; /* calculated length */ 353 355 cifs_dbg(FYI, "checkSMB Length: 0x%x, smb_buf_length: 0x%x\n", 354 356 total_read, rfclen); ··· 394 394 return -EIO; 395 395 clc_len = smbCalcSize(smb); 396 396 397 - if (4 + rfclen != total_read) { 398 - cifs_dbg(VFS, "Length read does not match RFC1001 length %d\n", 399 - rfclen); 397 + if (rfclen != total_read) { 398 + cifs_dbg(VFS, "Length read does not match RFC1001 length %d/%d\n", 399 + rfclen, total_read); 400 400 return -EIO; 401 401 } 402 402 403 - if (4 + rfclen != clc_len) { 403 + if (rfclen != clc_len) { 404 404 __u16 mid = get_mid(smb); 405 405 /* check if bcc wrapped around for large read responses */ 406 406 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) { 407 407 /* check if lengths match mod 64K */ 408 - if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) 408 + if (((rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) 409 409 return 0; /* bcc wrapped */ 410 410 } 411 411 cifs_dbg(FYI, "Calculated size %u vs length %u mismatch for mid=%u\n", 412 - clc_len, 4 + rfclen, mid); 412 + clc_len, rfclen, mid); 413 413 414 - if (4 + rfclen < clc_len) { 414 + if (rfclen < clc_len) { 415 415 cifs_dbg(VFS, "RFC1001 size %u smaller than SMB for mid=%u\n", 416 416 rfclen, mid); 417 417 return -EIO; ··· 451 451 (struct smb_com_transaction_change_notify_rsp *)buf; 452 452 struct file_notify_information *pnotify; 453 453 __u32 data_offset = 0; 454 - size_t len = srv->total_read - sizeof(pSMBr->hdr.smb_buf_length); 454 + size_t len = srv->total_read - srv->pdu_size; 455 455 456 456 if (get_bcc(buf) > sizeof(struct file_notify_information)) { 457 457 data_offset = le32_to_cpu(pSMBr->DataOffset);

+5 -3

fs/smb/client/sess.c

··· 1313 1313 struct nls_table *nls_cp; 1314 1314 void (*func)(struct sess_data *); 1315 1315 int result; 1316 + unsigned int in_len; 1316 1317 1317 1318 /* we will send the SMB in three pieces: 1318 1319 * a fixed length beginning part, an optional ··· 1337 1336 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses, 1338 1337 (void **)&smb_buf); 1339 1338 1340 - if (rc) 1339 + if (rc < 0) 1341 1340 return rc; 1342 1341 1342 + sess_data->in_len = rc; 1343 1343 sess_data->iov[0].iov_base = (char *)smb_buf; 1344 - sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4; 1344 + sess_data->iov[0].iov_len = sess_data->in_len; 1345 1345 /* 1346 1346 * This variable will be used to clear the buffer 1347 1347 * allocated above in case of any error in the calling function. ··· 1420 1418 struct kvec rsp_iov = { NULL, 0 }; 1421 1419 1422 1420 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len; 1423 - be32_add_cpu(&smb_buf->smb_buf_length, count); 1421 + sess_data->in_len += count; 1424 1422 put_bcc(count, smb_buf); 1425 1423 1426 1424 rc = SendReceive2(sess_data->xid, sess_data->ses,

+10 -11

fs/smb/client/smb1ops.c

··· 35 35 { 36 36 int rc = 0; 37 37 struct smb_hdr *in_buf = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 38 + unsigned int in_len = rqst->rq_iov[0].iov_len; 38 39 39 - /* -4 for RFC1001 length and +2 for BCC field */ 40 - in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2); 40 + /* +2 for BCC field */ 41 41 in_buf->Command = SMB_COM_NT_CANCEL; 42 42 in_buf->WordCount = 0; 43 43 put_bcc(0, in_buf); 44 44 45 45 cifs_server_lock(server); 46 - rc = cifs_sign_smb(in_buf, server, &mid->sequence_number); 46 + rc = cifs_sign_smb(in_buf, in_len, server, &mid->sequence_number); 47 47 if (rc) { 48 48 cifs_server_unlock(server); 49 49 return rc; ··· 55 55 * after signing here. 56 56 */ 57 57 --server->sequence_number; 58 - rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length)); 58 + rc = smb_send(server, in_buf, in_len); 59 59 if (rc < 0) 60 60 server->sequence_number--; 61 61 ··· 289 289 } 290 290 291 291 static int 292 - coalesce_t2(char *second_buf, struct smb_hdr *target_hdr) 292 + coalesce_t2(char *second_buf, struct smb_hdr *target_hdr, unsigned int *pdu_len) 293 293 { 294 294 struct smb_t2_rsp *pSMBs = (struct smb_t2_rsp *)second_buf; 295 295 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)target_hdr; ··· 355 355 } 356 356 put_bcc(byte_count, target_hdr); 357 357 358 - byte_count = be32_to_cpu(target_hdr->smb_buf_length); 358 + byte_count = *pdu_len; 359 359 byte_count += total_in_src; 360 360 /* don't allow buffer to overflow */ 361 - if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 361 + if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE) { 362 362 cifs_dbg(FYI, "coalesced BCC exceeds buffer size (%u)\n", 363 363 byte_count); 364 364 return -ENOBUFS; 365 365 } 366 - target_hdr->smb_buf_length = cpu_to_be32(byte_count); 366 + *pdu_len = byte_count; 367 367 368 368 /* copy second buffer into end of first buffer */ 369 369 memcpy(data_area_of_tgt, data_area_of_src, total_in_src); ··· 398 398 mid->multiRsp = true; 399 399 if (mid->resp_buf) { 400 400 /* merge response - fix up 1st*/ 401 - malformed = coalesce_t2(buf, mid->resp_buf); 401 + malformed = coalesce_t2(buf, mid->resp_buf, &mid->response_pdu_len); 402 402 if (malformed > 0) 403 403 return true; 404 404 /* All parts received or packet is malformed. */ ··· 461 461 if (!(server->capabilities & CAP_LARGE_WRITE_X) || 462 462 (!(server->capabilities & CAP_UNIX) && server->sign)) 463 463 wsize = min_t(unsigned int, wsize, 464 - server->maxBuf - sizeof(WRITE_REQ) + 4); 464 + server->maxBuf - sizeof(WRITE_REQ)); 465 465 466 466 /* hard limit of CIFS_MAX_WSIZE */ 467 467 wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE); ··· 1487 1487 .exclusive_lock_type = 0, 1488 1488 .shared_lock_type = LOCKING_ANDX_SHARED_LOCK, 1489 1489 .unlock_lock_type = 0, 1490 - .header_preamble_size = 4, 1491 1490 .header_size = sizeof(struct smb_hdr), 1492 1491 .max_header_size = MAX_CIFS_HDR_SIZE, 1493 1492 .read_rsp_size = sizeof(READ_RSP),

+2 -1

fs/smb/client/smb2misc.c

··· 134 134 } 135 135 136 136 int 137 - smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server) 137 + smb2_check_message(char *buf, unsigned int pdu_len, unsigned int len, 138 + struct TCP_Server_Info *server) 138 139 { 139 140 struct TCP_Server_Info *pserver; 140 141 struct smb2_hdr *shdr = (struct smb2_hdr *)buf;

+2 -9

fs/smb/client/smb2ops.c

··· 432 432 } 433 433 434 434 static void 435 - smb2_dump_detail(void *buf, struct TCP_Server_Info *server) 435 + smb2_dump_detail(void *buf, size_t buf_len, struct TCP_Server_Info *server) 436 436 { 437 437 #ifdef CONFIG_CIFS_DEBUG2 438 438 struct smb2_hdr *shdr = (struct smb2_hdr *)buf; ··· 440 440 cifs_server_dbg(VFS, "Cmd: %d Err: 0x%x Flags: 0x%x Mid: %llu Pid: %d\n", 441 441 shdr->Command, shdr->Status, shdr->Flags, shdr->MessageId, 442 442 shdr->Id.SyncId.ProcessId); 443 - if (!server->ops->check_message(buf, server->total_read, server)) { 443 + if (!server->ops->check_message(buf, buf_len, server->total_read, server)) { 444 444 cifs_server_dbg(VFS, "smb buf %p len %u\n", buf, 445 445 server->ops->calc_smb_size(buf)); 446 446 } ··· 5767 5767 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5768 5768 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5769 5769 .header_size = sizeof(struct smb2_hdr), 5770 - .header_preamble_size = 0, 5771 5770 .max_header_size = MAX_SMB2_HDR_SIZE, 5772 5771 .read_rsp_size = sizeof(struct smb2_read_rsp), 5773 5772 .lock_cmd = SMB2_LOCK, ··· 5788 5789 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5789 5790 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5790 5791 .header_size = sizeof(struct smb2_hdr), 5791 - .header_preamble_size = 0, 5792 5792 .max_header_size = MAX_SMB2_HDR_SIZE, 5793 5793 .read_rsp_size = sizeof(struct smb2_read_rsp), 5794 5794 .lock_cmd = SMB2_LOCK, ··· 5808 5810 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5809 5811 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5810 5812 .header_size = sizeof(struct smb2_hdr), 5811 - .header_preamble_size = 0, 5812 5813 .max_header_size = MAX_SMB2_HDR_SIZE, 5813 5814 .read_rsp_size = sizeof(struct smb2_read_rsp), 5814 5815 .lock_cmd = SMB2_LOCK, ··· 5828 5831 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5829 5832 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5830 5833 .header_size = sizeof(struct smb2_hdr), 5831 - .header_preamble_size = 0, 5832 5834 .max_header_size = MAX_SMB2_HDR_SIZE, 5833 5835 .read_rsp_size = sizeof(struct smb2_read_rsp), 5834 5836 .lock_cmd = SMB2_LOCK, ··· 5848 5852 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5849 5853 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5850 5854 .header_size = sizeof(struct smb2_hdr), 5851 - .header_preamble_size = 0, 5852 5855 .max_header_size = MAX_SMB2_HDR_SIZE, 5853 5856 .read_rsp_size = sizeof(struct smb2_read_rsp), 5854 5857 .lock_cmd = SMB2_LOCK, ··· 5868 5873 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5869 5874 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5870 5875 .header_size = sizeof(struct smb2_hdr), 5871 - .header_preamble_size = 0, 5872 5876 .max_header_size = MAX_SMB2_HDR_SIZE, 5873 5877 .read_rsp_size = sizeof(struct smb2_read_rsp), 5874 5878 .lock_cmd = SMB2_LOCK, ··· 5888 5894 .shared_lock_type = SMB2_LOCKFLAG_SHARED, 5889 5895 .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK, 5890 5896 .header_size = sizeof(struct smb2_hdr), 5891 - .header_preamble_size = 0, 5892 5897 .max_header_size = MAX_SMB2_HDR_SIZE, 5893 5898 .read_rsp_size = sizeof(struct smb2_read_rsp), 5894 5899 .lock_cmd = SMB2_LOCK,

+1 -1

fs/smb/client/smb2pdu.c

··· 4532 4532 .rreq_debug_id = rdata->rreq->debug_id, 4533 4533 .rreq_debug_index = rdata->subreq.debug_index, 4534 4534 }; 4535 - struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 }; 4535 + struct smb_rqst rqst = { .rq_iov = &rdata->iov[0], .rq_nvec = 1 }; 4536 4536 unsigned int rreq_debug_id = rdata->rreq->debug_id; 4537 4537 unsigned int subreq_debug_index = rdata->subreq.debug_index; 4538 4538

+1 -1

fs/smb/client/smb2proto.h

··· 21 21 ***************************************************************** 22 22 */ 23 23 extern int map_smb2_to_linux_error(char *buf, bool log_err); 24 - extern int smb2_check_message(char *buf, unsigned int length, 24 + extern int smb2_check_message(char *buf, unsigned int pdu_len, unsigned int length, 25 25 struct TCP_Server_Info *server); 26 26 extern unsigned int smb2_calc_size(void *buf); 27 27 extern char *smb2_get_data_area_len(int *off, int *len,

+37 -44

fs/smb/client/transport.c

··· 289 289 sigfillset(&mask); 290 290 sigprocmask(SIG_BLOCK, &mask, &oldmask); 291 291 292 - /* Generate a rfc1002 marker for SMB2+ */ 293 - if (!is_smb1(server)) { 292 + /* Generate a rfc1002 marker */ 293 + { 294 294 struct kvec hiov = { 295 295 .iov_base = &rfc1002_marker, 296 296 .iov_len = 4 ··· 640 640 return 0; 641 641 } 642 642 643 - int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 643 + int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *mid) 644 644 { 645 645 int error; 646 646 647 647 error = wait_event_state(server->response_q, 648 - midQ->mid_state != MID_REQUEST_SUBMITTED && 649 - midQ->mid_state != MID_RESPONSE_RECEIVED, 648 + mid->mid_state != MID_REQUEST_SUBMITTED && 649 + mid->mid_state != MID_RESPONSE_RECEIVED, 650 650 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 651 651 if (error < 0) 652 652 return -ERESTARTSYS; ··· 866 866 int *resp_buf_type, struct kvec *resp_iov) 867 867 { 868 868 int i, j, optype, rc = 0; 869 - struct mid_q_entry *midQ[MAX_COMPOUND]; 869 + struct mid_q_entry *mid[MAX_COMPOUND]; 870 870 bool cancelled_mid[MAX_COMPOUND] = {false}; 871 871 struct cifs_credits credits[MAX_COMPOUND] = { 872 872 { .value = 0, .instance = 0 } ··· 932 932 } 933 933 934 934 for (i = 0; i < num_rqst; i++) { 935 - midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 936 - if (IS_ERR(midQ[i])) { 935 + mid[i] = server->ops->setup_request(ses, server, &rqst[i]); 936 + if (IS_ERR(mid[i])) { 937 937 revert_current_mid(server, i); 938 938 for (j = 0; j < i; j++) 939 - delete_mid(midQ[j]); 939 + delete_mid(mid[j]); 940 940 cifs_server_unlock(server); 941 941 942 942 /* Update # of requests on wire to server */ 943 943 for (j = 0; j < num_rqst; j++) 944 944 add_credits(server, &credits[j], optype); 945 - return PTR_ERR(midQ[i]); 945 + return PTR_ERR(mid[i]); 946 946 } 947 947 948 - midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 949 - midQ[i]->optype = optype; 948 + mid[i]->mid_state = MID_REQUEST_SUBMITTED; 949 + mid[i]->optype = optype; 950 950 /* 951 951 * Invoke callback for every part of the compound chain 952 952 * to calculate credits properly. Wake up this thread only when 953 953 * the last element is received. 954 954 */ 955 955 if (i < num_rqst - 1) 956 - midQ[i]->callback = cifs_compound_callback; 956 + mid[i]->callback = cifs_compound_callback; 957 957 else 958 - midQ[i]->callback = cifs_compound_last_callback; 958 + mid[i]->callback = cifs_compound_last_callback; 959 959 } 960 960 rc = smb_send_rqst(server, num_rqst, rqst, flags); 961 961 962 962 for (i = 0; i < num_rqst; i++) 963 - cifs_save_when_sent(midQ[i]); 963 + cifs_save_when_sent(mid[i]); 964 964 965 965 if (rc < 0) { 966 966 revert_current_mid(server, num_rqst); ··· 1003 1003 spin_unlock(&ses->ses_lock); 1004 1004 1005 1005 for (i = 0; i < num_rqst; i++) { 1006 - rc = wait_for_response(server, midQ[i]); 1006 + rc = wait_for_response(server, mid[i]); 1007 1007 if (rc != 0) 1008 1008 break; 1009 1009 } 1010 1010 if (rc != 0) { 1011 1011 for (; i < num_rqst; i++) { 1012 1012 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1013 - midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1014 - send_cancel(server, &rqst[i], midQ[i]); 1015 - spin_lock(&midQ[i]->mid_lock); 1016 - midQ[i]->wait_cancelled = true; 1017 - if (midQ[i]->callback) { 1018 - midQ[i]->callback = cifs_cancelled_callback; 1013 + mid[i]->mid, le16_to_cpu(mid[i]->command)); 1014 + send_cancel(server, &rqst[i], mid[i]); 1015 + spin_lock(&mid[i]->mid_lock); 1016 + mid[i]->wait_cancelled = true; 1017 + if (mid[i]->callback) { 1018 + mid[i]->callback = cifs_cancelled_callback; 1019 1019 cancelled_mid[i] = true; 1020 1020 credits[i].value = 0; 1021 1021 } 1022 - spin_unlock(&midQ[i]->mid_lock); 1022 + spin_unlock(&mid[i]->mid_lock); 1023 1023 } 1024 1024 } 1025 1025 ··· 1027 1027 if (rc < 0) 1028 1028 goto out; 1029 1029 1030 - rc = cifs_sync_mid_result(midQ[i], server); 1030 + rc = cifs_sync_mid_result(mid[i], server); 1031 1031 if (rc != 0) { 1032 1032 /* mark this mid as cancelled to not free it below */ 1033 1033 cancelled_mid[i] = true; 1034 1034 goto out; 1035 1035 } 1036 1036 1037 - if (!midQ[i]->resp_buf || 1038 - midQ[i]->mid_state != MID_RESPONSE_READY) { 1037 + if (!mid[i]->resp_buf || 1038 + mid[i]->mid_state != MID_RESPONSE_READY) { 1039 1039 rc = -EIO; 1040 1040 cifs_dbg(FYI, "Bad MID state?\n"); 1041 1041 goto out; 1042 1042 } 1043 1043 1044 - buf = (char *)midQ[i]->resp_buf; 1044 + buf = (char *)mid[i]->resp_buf; 1045 1045 resp_iov[i].iov_base = buf; 1046 - resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1047 - HEADER_PREAMBLE_SIZE(server); 1046 + resp_iov[i].iov_len = mid[i]->resp_buf_size; 1048 1047 1049 - if (midQ[i]->large_buf) 1048 + if (mid[i]->large_buf) 1050 1049 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1051 1050 else 1052 1051 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1053 1052 1054 - rc = server->ops->check_receive(midQ[i], server, 1053 + rc = server->ops->check_receive(mid[i], server, 1055 1054 flags & CIFS_LOG_ERROR); 1056 1055 1057 1056 /* mark it so buf will not be freed by delete_mid */ 1058 1057 if ((flags & CIFS_NO_RSP_BUF) == 0) 1059 - midQ[i]->resp_buf = NULL; 1058 + mid[i]->resp_buf = NULL; 1060 1059 1061 1060 } 1062 1061 ··· 1085 1086 */ 1086 1087 for (i = 0; i < num_rqst; i++) { 1087 1088 if (!cancelled_mid[i]) 1088 - delete_mid(midQ[i]); 1089 + delete_mid(mid[i]); 1089 1090 } 1090 1091 1091 1092 return rc; ··· 1110 1111 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1111 1112 { 1112 1113 unsigned int rfclen = server->pdu_size; 1113 - size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1114 - server->total_read; 1114 + size_t remaining = rfclen - server->total_read; 1115 1115 1116 1116 while (remaining > 0) { 1117 1117 ssize_t length; ··· 1155 1157 unsigned int data_offset, data_len; 1156 1158 struct cifs_io_subrequest *rdata = mid->callback_data; 1157 1159 char *buf = server->smallbuf; 1158 - unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1160 + unsigned int buflen = server->pdu_size; 1159 1161 bool use_rdma_mr = false; 1160 1162 1161 1163 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%zu\n", ··· 1189 1191 1190 1192 /* set up first two iov for signature check and to get credits */ 1191 1193 rdata->iov[0].iov_base = buf; 1192 - rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1193 - rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1194 - rdata->iov[1].iov_len = 1195 - server->total_read - HEADER_PREAMBLE_SIZE(server); 1194 + rdata->iov[0].iov_len = server->total_read; 1196 1195 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1197 1196 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1198 - cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1199 - rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1200 1197 1201 1198 /* Was the SMB read successful? */ 1202 1199 rdata->result = server->ops->map_error(buf, false); ··· 1211 1218 return cifs_readv_discard(server, mid); 1212 1219 } 1213 1220 1214 - data_offset = server->ops->read_data_offset(buf) + 1215 - HEADER_PREAMBLE_SIZE(server); 1221 + data_offset = server->ops->read_data_offset(buf); 1216 1222 if (data_offset < server->total_read) { 1217 1223 /* 1218 1224 * win2k8 sometimes sends an offset of 0 when the read ··· 1240 1248 if (length < 0) 1241 1249 return length; 1242 1250 server->total_read += length; 1251 + rdata->iov[0].iov_len = server->total_read; 1243 1252 } 1244 1253 1245 1254 /* how much data is in the response? */

-3

fs/smb/common/smb2pdu.h

··· 2016 2016 * MS-SMB 2.2.3.1 2017 2017 */ 2018 2018 struct smb_hdr { 2019 - __be32 smb_buf_length; /* BB length is only two (rarely three) bytes, 2020 - with one or two byte "type" preceding it that will be 2021 - zero - we could mask the type byte off */ 2022 2019 __u8 Protocol[4]; 2023 2020 __u8 Command; 2024 2021 union {

-1

fs/smb/common/smbglob.h

··· 26 26 __u32 exclusive_lock_type; 27 27 __u32 shared_lock_type; 28 28 __u32 unlock_lock_type; 29 - size_t header_preamble_size; 30 29 size_t header_size; 31 30 size_t max_header_size; 32 31 size_t read_rsp_size;