diff options
-rw-r--r-- | fs/cifs/cifsencrypt.c | 16 | ||||
-rw-r--r-- | fs/cifs/cifsfs.c | 18 | ||||
-rw-r--r-- | fs/cifs/cifsfs.h | 4 | ||||
-rw-r--r-- | fs/cifs/cifsglob.h | 2 | ||||
-rw-r--r-- | fs/cifs/cifssmb.c | 6 | ||||
-rw-r--r-- | fs/cifs/connect.c | 659 | ||||
-rw-r--r-- | fs/cifs/file.c | 27 | ||||
-rw-r--r-- | fs/cifs/misc.c | 11 | ||||
-rw-r--r-- | fs/cifs/sess.c | 3 |
9 files changed, 370 insertions, 376 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 259991bd211..e76bfeb6826 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
@@ -87,9 +87,15 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, | |||
87 | if ((cifs_pdu == NULL) || (server == NULL)) | 87 | if ((cifs_pdu == NULL) || (server == NULL)) |
88 | return -EINVAL; | 88 | return -EINVAL; |
89 | 89 | ||
90 | if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0) | 90 | if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || |
91 | server->tcpStatus == CifsNeedNegotiate) | ||
91 | return rc; | 92 | return rc; |
92 | 93 | ||
94 | if (!server->session_estab) { | ||
95 | strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); | ||
96 | return rc; | ||
97 | } | ||
98 | |||
93 | cifs_pdu->Signature.Sequence.SequenceNumber = | 99 | cifs_pdu->Signature.Sequence.SequenceNumber = |
94 | cpu_to_le32(server->sequence_number); | 100 | cpu_to_le32(server->sequence_number); |
95 | cifs_pdu->Signature.Sequence.Reserved = 0; | 101 | cifs_pdu->Signature.Sequence.Reserved = 0; |
@@ -178,9 +184,15 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
178 | if ((cifs_pdu == NULL) || (server == NULL)) | 184 | if ((cifs_pdu == NULL) || (server == NULL)) |
179 | return -EINVAL; | 185 | return -EINVAL; |
180 | 186 | ||
181 | if ((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0) | 187 | if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) || |
188 | server->tcpStatus == CifsNeedNegotiate) | ||
182 | return rc; | 189 | return rc; |
183 | 190 | ||
191 | if (!server->session_estab) { | ||
192 | strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8); | ||
193 | return rc; | ||
194 | } | ||
195 | |||
184 | cifs_pdu->Signature.Sequence.SequenceNumber = | 196 | cifs_pdu->Signature.Sequence.SequenceNumber = |
185 | cpu_to_le32(server->sequence_number); | 197 | cpu_to_le32(server->sequence_number); |
186 | cifs_pdu->Signature.Sequence.Reserved = 0; | 198 | cifs_pdu->Signature.Sequence.Reserved = 0; |
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 86551747096..212e5629cc1 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
@@ -86,24 +86,6 @@ extern mempool_t *cifs_sm_req_poolp; | |||
86 | extern mempool_t *cifs_req_poolp; | 86 | extern mempool_t *cifs_req_poolp; |
87 | extern mempool_t *cifs_mid_poolp; | 87 | extern mempool_t *cifs_mid_poolp; |
88 | 88 | ||
89 | void | ||
90 | cifs_sb_active(struct super_block *sb) | ||
91 | { | ||
92 | struct cifs_sb_info *server = CIFS_SB(sb); | ||
93 | |||
94 | if (atomic_inc_return(&server->active) == 1) | ||
95 | atomic_inc(&sb->s_active); | ||
96 | } | ||
97 | |||
98 | void | ||
99 | cifs_sb_deactive(struct super_block *sb) | ||
100 | { | ||
101 | struct cifs_sb_info *server = CIFS_SB(sb); | ||
102 | |||
103 | if (atomic_dec_and_test(&server->active)) | ||
104 | deactivate_super(sb); | ||
105 | } | ||
106 | |||
107 | static int | 89 | static int |
108 | cifs_read_super(struct super_block *sb) | 90 | cifs_read_super(struct super_block *sb) |
109 | { | 91 | { |
diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h index fbd050c8d52..cb71dc1f94d 100644 --- a/fs/cifs/cifsfs.h +++ b/fs/cifs/cifsfs.h | |||
@@ -41,10 +41,6 @@ extern struct file_system_type cifs_fs_type; | |||
41 | extern const struct address_space_operations cifs_addr_ops; | 41 | extern const struct address_space_operations cifs_addr_ops; |
42 | extern const struct address_space_operations cifs_addr_ops_smallbuf; | 42 | extern const struct address_space_operations cifs_addr_ops_smallbuf; |
43 | 43 | ||
44 | /* Functions related to super block operations */ | ||
45 | extern void cifs_sb_active(struct super_block *sb); | ||
46 | extern void cifs_sb_deactive(struct super_block *sb); | ||
47 | |||
48 | /* Functions related to inodes */ | 44 | /* Functions related to inodes */ |
49 | extern const struct inode_operations cifs_dir_inode_ops; | 45 | extern const struct inode_operations cifs_dir_inode_ops; |
50 | extern struct inode *cifs_root_iget(struct super_block *); | 46 | extern struct inode *cifs_root_iget(struct super_block *); |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 1fcf4e5b311..38ce6d44b14 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -942,8 +942,6 @@ GLOBAL_EXTERN spinlock_t siduidlock; | |||
942 | GLOBAL_EXTERN spinlock_t sidgidlock; | 942 | GLOBAL_EXTERN spinlock_t sidgidlock; |
943 | 943 | ||
944 | void cifs_oplock_break(struct work_struct *work); | 944 | void cifs_oplock_break(struct work_struct *work); |
945 | void cifs_oplock_break_get(struct cifsFileInfo *cfile); | ||
946 | void cifs_oplock_break_put(struct cifsFileInfo *cfile); | ||
947 | 945 | ||
948 | extern const struct slow_work_ops cifs_oplock_break_ops; | 946 | extern const struct slow_work_ops cifs_oplock_break_ops; |
949 | 947 | ||
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 1a9fe7f816d..aac37d99a48 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -107,7 +107,7 @@ static void mark_open_files_invalid(struct cifs_tcon *pTcon) | |||
107 | static int | 107 | static int |
108 | cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) | 108 | cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) |
109 | { | 109 | { |
110 | int rc = 0; | 110 | int rc; |
111 | struct cifs_ses *ses; | 111 | struct cifs_ses *ses; |
112 | struct TCP_Server_Info *server; | 112 | struct TCP_Server_Info *server; |
113 | struct nls_table *nls_codepage; | 113 | struct nls_table *nls_codepage; |
@@ -5720,6 +5720,7 @@ CIFSSMBQAllEAs(const int xid, struct cifs_tcon *tcon, | |||
5720 | char *temp_ptr; | 5720 | char *temp_ptr; |
5721 | char *end_of_smb; | 5721 | char *end_of_smb; |
5722 | __u16 params, byte_count, data_offset; | 5722 | __u16 params, byte_count, data_offset; |
5723 | unsigned int ea_name_len = ea_name ? strlen(ea_name) : 0; | ||
5723 | 5724 | ||
5724 | cFYI(1, "In Query All EAs path %s", searchName); | 5725 | cFYI(1, "In Query All EAs path %s", searchName); |
5725 | QAllEAsRetry: | 5726 | QAllEAsRetry: |
@@ -5837,7 +5838,8 @@ QAllEAsRetry: | |||
5837 | } | 5838 | } |
5838 | 5839 | ||
5839 | if (ea_name) { | 5840 | if (ea_name) { |
5840 | if (strncmp(ea_name, temp_ptr, name_len) == 0) { | 5841 | if (ea_name_len == name_len && |
5842 | strncmp(ea_name, temp_ptr, name_len) == 0) { | ||
5841 | temp_ptr += name_len + 1; | 5843 | temp_ptr += name_len + 1; |
5842 | rc = value_len; | 5844 | rc = value_len; |
5843 | if (buf_size == 0) | 5845 | if (buf_size == 0) |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index e66297bad41..80c2e3add3a 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -319,25 +319,328 @@ requeue_echo: | |||
319 | queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL); | 319 | queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL); |
320 | } | 320 | } |
321 | 321 | ||
322 | static bool | ||
323 | allocate_buffers(char **bigbuf, char **smallbuf, unsigned int size, | ||
324 | bool is_large_buf) | ||
325 | { | ||
326 | char *bbuf = *bigbuf, *sbuf = *smallbuf; | ||
327 | |||
328 | if (bbuf == NULL) { | ||
329 | bbuf = (char *)cifs_buf_get(); | ||
330 | if (!bbuf) { | ||
331 | cERROR(1, "No memory for large SMB response"); | ||
332 | msleep(3000); | ||
333 | /* retry will check if exiting */ | ||
334 | return false; | ||
335 | } | ||
336 | } else if (is_large_buf) { | ||
337 | /* we are reusing a dirty large buf, clear its start */ | ||
338 | memset(bbuf, 0, size); | ||
339 | } | ||
340 | |||
341 | if (sbuf == NULL) { | ||
342 | sbuf = (char *)cifs_small_buf_get(); | ||
343 | if (!sbuf) { | ||
344 | cERROR(1, "No memory for SMB response"); | ||
345 | msleep(1000); | ||
346 | /* retry will check if exiting */ | ||
347 | return false; | ||
348 | } | ||
349 | /* beginning of smb buffer is cleared in our buf_get */ | ||
350 | } else { | ||
351 | /* if existing small buf clear beginning */ | ||
352 | memset(sbuf, 0, size); | ||
353 | } | ||
354 | |||
355 | *bigbuf = bbuf; | ||
356 | *smallbuf = sbuf; | ||
357 | |||
358 | return true; | ||
359 | } | ||
360 | |||
361 | static int | ||
362 | read_from_socket(struct TCP_Server_Info *server, struct msghdr *smb_msg, | ||
363 | struct kvec *iov, unsigned int to_read, | ||
364 | unsigned int *ptotal_read, bool is_header_read) | ||
365 | { | ||
366 | int length, rc = 0; | ||
367 | unsigned int total_read; | ||
368 | char *buf = iov->iov_base; | ||
369 | |||
370 | for (total_read = 0; total_read < to_read; total_read += length) { | ||
371 | length = kernel_recvmsg(server->ssocket, smb_msg, iov, 1, | ||
372 | to_read - total_read, 0); | ||
373 | if (server->tcpStatus == CifsExiting) { | ||
374 | /* then will exit */ | ||
375 | rc = 2; | ||
376 | break; | ||
377 | } else if (server->tcpStatus == CifsNeedReconnect) { | ||
378 | cifs_reconnect(server); | ||
379 | /* Reconnect wakes up rspns q */ | ||
380 | /* Now we will reread sock */ | ||
381 | rc = 1; | ||
382 | break; | ||
383 | } else if (length == -ERESTARTSYS || | ||
384 | length == -EAGAIN || | ||
385 | length == -EINTR) { | ||
386 | /* | ||
387 | * Minimum sleep to prevent looping, allowing socket | ||
388 | * to clear and app threads to set tcpStatus | ||
389 | * CifsNeedReconnect if server hung. | ||
390 | */ | ||
391 | usleep_range(1000, 2000); | ||
392 | length = 0; | ||
393 | if (!is_header_read) | ||
394 | continue; | ||
395 | /* Special handling for header read */ | ||
396 | if (total_read) { | ||
397 | iov->iov_base = (to_read - total_read) + | ||
398 | buf; | ||
399 | iov->iov_len = to_read - total_read; | ||
400 | smb_msg->msg_control = NULL; | ||
401 | smb_msg->msg_controllen = 0; | ||
402 | rc = 3; | ||
403 | } else | ||
404 | rc = 1; | ||
405 | break; | ||
406 | } else if (length <= 0) { | ||
407 | cERROR(1, "Received no data, expecting %d", | ||
408 | to_read - total_read); | ||
409 | cifs_reconnect(server); | ||
410 | rc = 1; | ||
411 | break; | ||
412 | } | ||
413 | } | ||
414 | |||
415 | *ptotal_read = total_read; | ||
416 | return rc; | ||
417 | } | ||
418 | |||
419 | static bool | ||
420 | check_rfc1002_header(struct TCP_Server_Info *server, char *buf) | ||
421 | { | ||
422 | char temp = *buf; | ||
423 | unsigned int pdu_length = be32_to_cpu( | ||
424 | ((struct smb_hdr *)buf)->smb_buf_length); | ||
425 | |||
426 | /* | ||
427 | * The first byte big endian of the length field, | ||
428 | * is actually not part of the length but the type | ||
429 | * with the most common, zero, as regular data. | ||
430 | */ | ||
431 | if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) { | ||
432 | return false; | ||
433 | } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) { | ||
434 | cFYI(1, "Good RFC 1002 session rsp"); | ||
435 | return false; | ||
436 | } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) { | ||
437 | /* | ||
438 | * We get this from Windows 98 instead of an error on | ||
439 | * SMB negprot response. | ||
440 | */ | ||
441 | cFYI(1, "Negative RFC1002 Session Response Error 0x%x)", | ||
442 | pdu_length); | ||
443 | /* give server a second to clean up */ | ||
444 | msleep(1000); | ||
445 | /* | ||
446 | * Always try 445 first on reconnect since we get NACK | ||
447 | * on some if we ever connected to port 139 (the NACK | ||
448 | * is since we do not begin with RFC1001 session | ||
449 | * initialize frame). | ||
450 | */ | ||
451 | cifs_set_port((struct sockaddr *) | ||
452 | &server->dstaddr, CIFS_PORT); | ||
453 | cifs_reconnect(server); | ||
454 | wake_up(&server->response_q); | ||
455 | return false; | ||
456 | } else if (temp != (char) 0) { | ||
457 | cERROR(1, "Unknown RFC 1002 frame"); | ||
458 | cifs_dump_mem(" Received Data: ", buf, 4); | ||
459 | cifs_reconnect(server); | ||
460 | return false; | ||
461 | } | ||
462 | |||
463 | /* else we have an SMB response */ | ||
464 | if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) || | ||
465 | (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) { | ||
466 | cERROR(1, "Invalid size SMB length %d pdu_length %d", | ||
467 | 4, pdu_length+4); | ||
468 | cifs_reconnect(server); | ||
469 | wake_up(&server->response_q); | ||
470 | return false; | ||
471 | } | ||
472 | |||
473 | return true; | ||
474 | } | ||
475 | |||
476 | static struct mid_q_entry * | ||
477 | find_cifs_mid(struct TCP_Server_Info *server, struct smb_hdr *buf, | ||
478 | int *length, bool is_large_buf, bool *is_multi_rsp, char **bigbuf) | ||
479 | { | ||
480 | struct mid_q_entry *mid = NULL, *tmp_mid, *ret = NULL; | ||
481 | |||
482 | spin_lock(&GlobalMid_Lock); | ||
483 | list_for_each_entry_safe(mid, tmp_mid, &server->pending_mid_q, qhead) { | ||
484 | if (mid->mid != buf->Mid || | ||
485 | mid->midState != MID_REQUEST_SUBMITTED || | ||
486 | mid->command != buf->Command) | ||
487 | continue; | ||
488 | |||
489 | if (*length == 0 && check2ndT2(buf, server->maxBuf) > 0) { | ||
490 | /* We have a multipart transact2 resp */ | ||
491 | *is_multi_rsp = true; | ||
492 | if (mid->resp_buf) { | ||
493 | /* merge response - fix up 1st*/ | ||
494 | *length = coalesce_t2(buf, mid->resp_buf); | ||
495 | if (*length > 0) { | ||
496 | *length = 0; | ||
497 | mid->multiRsp = true; | ||
498 | break; | ||
499 | } | ||
500 | /* All parts received or packet is malformed. */ | ||
501 | mid->multiEnd = true; | ||
502 | goto multi_t2_fnd; | ||
503 | } | ||
504 | if (!is_large_buf) { | ||
505 | /*FIXME: switch to already allocated largebuf?*/ | ||
506 | cERROR(1, "1st trans2 resp needs bigbuf"); | ||
507 | } else { | ||
508 | /* Have first buffer */ | ||
509 | mid->resp_buf = buf; | ||
510 | mid->largeBuf = true; | ||
511 | *bigbuf = NULL; | ||
512 | } | ||
513 | break; | ||
514 | } | ||
515 | mid->resp_buf = buf; | ||
516 | mid->largeBuf = is_large_buf; | ||
517 | multi_t2_fnd: | ||
518 | if (*length == 0) | ||
519 | mid->midState = MID_RESPONSE_RECEIVED; | ||
520 | else | ||
521 | mid->midState = MID_RESPONSE_MALFORMED; | ||
522 | #ifdef CONFIG_CIFS_STATS2 | ||
523 | mid->when_received = jiffies; | ||
524 | #endif | ||
525 | list_del_init(&mid->qhead); | ||
526 | ret = mid; | ||
527 | break; | ||
528 | } | ||
529 | spin_unlock(&GlobalMid_Lock); | ||
530 | |||
531 | return ret; | ||
532 | } | ||
533 | |||
534 | static void clean_demultiplex_info(struct TCP_Server_Info *server) | ||
535 | { | ||
536 | int length; | ||
537 | |||
538 | /* take it off the list, if it's not already */ | ||
539 | spin_lock(&cifs_tcp_ses_lock); | ||
540 | list_del_init(&server->tcp_ses_list); | ||
541 | spin_unlock(&cifs_tcp_ses_lock); | ||
542 | |||
543 | spin_lock(&GlobalMid_Lock); | ||
544 | server->tcpStatus = CifsExiting; | ||
545 | spin_unlock(&GlobalMid_Lock); | ||
546 | wake_up_all(&server->response_q); | ||
547 | |||
548 | /* | ||
549 | * Check if we have blocked requests that need to free. Note that | ||
550 | * cifs_max_pending is normally 50, but can be set at module install | ||
551 | * time to as little as two. | ||
552 | */ | ||
553 | spin_lock(&GlobalMid_Lock); | ||
554 | if (atomic_read(&server->inFlight) >= cifs_max_pending) | ||
555 | atomic_set(&server->inFlight, cifs_max_pending - 1); | ||
556 | /* | ||
557 | * We do not want to set the max_pending too low or we could end up | ||
558 | * with the counter going negative. | ||
559 | */ | ||
560 | spin_unlock(&GlobalMid_Lock); | ||
561 | /* | ||
562 | * Although there should not be any requests blocked on this queue it | ||
563 | * can not hurt to be paranoid and try to wake up requests that may | ||
564 | * haven been blocked when more than 50 at time were on the wire to the | ||
565 | * same server - they now will see the session is in exit state and get | ||
566 | * out of SendReceive. | ||
567 | */ | ||
568 | wake_up_all(&server->request_q); | ||
569 | /* give those requests time to exit */ | ||
570 | msleep(125); | ||
571 | |||
572 | if (server->ssocket) { | ||
573 | sock_release(server->ssocket); | ||
574 | server->ssocket = NULL; | ||
575 | } | ||
576 | |||
577 | if (!list_empty(&server->pending_mid_q)) { | ||
578 | struct list_head dispose_list; | ||
579 | struct mid_q_entry *mid_entry; | ||
580 | struct list_head *tmp, *tmp2; | ||
581 | |||
582 | INIT_LIST_HEAD(&dispose_list); | ||
583 | spin_lock(&GlobalMid_Lock); | ||
584 | list_for_each_safe(tmp, tmp2, &server->pending_mid_q) { | ||
585 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
586 | cFYI(1, "Clearing mid 0x%x", mid_entry->mid); | ||
587 | mid_entry->midState = MID_SHUTDOWN; | ||
588 | list_move(&mid_entry->qhead, &dispose_list); | ||
589 | } | ||
590 | spin_unlock(&GlobalMid_Lock); | ||
591 | |||
592 | /* now walk dispose list and issue callbacks */ | ||
593 | list_for_each_safe(tmp, tmp2, &dispose_list) { | ||
594 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
595 | cFYI(1, "Callback mid 0x%x", mid_entry->mid); | ||
596 | list_del_init(&mid_entry->qhead); | ||
597 | mid_entry->callback(mid_entry); | ||
598 | } | ||
599 | /* 1/8th of sec is more than enough time for them to exit */ | ||
600 | msleep(125); | ||
601 | } | ||
602 | |||
603 | if (!list_empty(&server->pending_mid_q)) { | ||
604 | /* | ||
605 | * mpx threads have not exited yet give them at least the smb | ||
606 | * send timeout time for long ops. | ||
607 | * | ||
608 | * Due to delays on oplock break requests, we need to wait at | ||
609 | * least 45 seconds before giving up on a request getting a | ||
610 | * response and going ahead and killing cifsd. | ||
611 | */ | ||
612 | cFYI(1, "Wait for exit from demultiplex thread"); | ||
613 | msleep(46000); | ||
614 | /* | ||
615 | * If threads still have not exited they are probably never | ||
616 | * coming home not much else we can do but free the memory. | ||
617 | */ | ||
618 | } | ||
619 | |||
620 | kfree(server->hostname); | ||
621 | kfree(server); | ||
622 | |||
623 | length = atomic_dec_return(&tcpSesAllocCount); | ||
624 | if (length > 0) | ||
625 | mempool_resize(cifs_req_poolp, length + cifs_min_rcv, | ||
626 | GFP_KERNEL); | ||
627 | } | ||
628 | |||
322 | static int | 629 | static int |
323 | cifs_demultiplex_thread(void *p) | 630 | cifs_demultiplex_thread(void *p) |
324 | { | 631 | { |
325 | int length; | 632 | int length; |
326 | struct TCP_Server_Info *server = p; | 633 | struct TCP_Server_Info *server = p; |
327 | unsigned int pdu_length, total_read; | 634 | unsigned int pdu_length, total_read; |
635 | char *buf = NULL, *bigbuf = NULL, *smallbuf = NULL; | ||
328 | struct smb_hdr *smb_buffer = NULL; | 636 | struct smb_hdr *smb_buffer = NULL; |
329 | struct smb_hdr *bigbuf = NULL; | ||
330 | struct smb_hdr *smallbuf = NULL; | ||
331 | struct msghdr smb_msg; | 637 | struct msghdr smb_msg; |
332 | struct kvec iov; | 638 | struct kvec iov; |
333 | struct socket *csocket = server->ssocket; | ||
334 | struct list_head *tmp, *tmp2; | ||
335 | struct task_struct *task_to_wake = NULL; | 639 | struct task_struct *task_to_wake = NULL; |
336 | struct mid_q_entry *mid_entry; | 640 | struct mid_q_entry *mid_entry; |
337 | char temp; | ||
338 | bool isLargeBuf = false; | 641 | bool isLargeBuf = false; |
339 | bool isMultiRsp; | 642 | bool isMultiRsp = false; |
340 | int reconnect; | 643 | int rc; |
341 | 644 | ||
342 | current->flags |= PF_MEMALLOC; | 645 | current->flags |= PF_MEMALLOC; |
343 | cFYI(1, "Demultiplex PID: %d", task_pid_nr(current)); | 646 | cFYI(1, "Demultiplex PID: %d", task_pid_nr(current)); |
@@ -351,35 +654,16 @@ cifs_demultiplex_thread(void *p) | |||
351 | while (server->tcpStatus != CifsExiting) { | 654 | while (server->tcpStatus != CifsExiting) { |
352 | if (try_to_freeze()) | 655 | if (try_to_freeze()) |
353 | continue; | 656 | continue; |
354 | if (bigbuf == NULL) { | ||
355 | bigbuf = cifs_buf_get(); | ||
356 | if (!bigbuf) { | ||
357 | cERROR(1, "No memory for large SMB response"); | ||
358 | msleep(3000); | ||
359 | /* retry will check if exiting */ | ||
360 | continue; | ||
361 | } | ||
362 | } else if (isLargeBuf) { | ||
363 | /* we are reusing a dirty large buf, clear its start */ | ||
364 | memset(bigbuf, 0, sizeof(struct smb_hdr)); | ||
365 | } | ||
366 | 657 | ||
367 | if (smallbuf == NULL) { | 658 | if (!allocate_buffers(&bigbuf, &smallbuf, |
368 | smallbuf = cifs_small_buf_get(); | 659 | sizeof(struct smb_hdr), isLargeBuf)) |
369 | if (!smallbuf) { | 660 | continue; |
370 | cERROR(1, "No memory for SMB response"); | ||
371 | msleep(1000); | ||
372 | /* retry will check if exiting */ | ||
373 | continue; | ||
374 | } | ||
375 | /* beginning of smb buffer is cleared in our buf_get */ | ||
376 | } else /* if existing small buf clear beginning */ | ||
377 | memset(smallbuf, 0, sizeof(struct smb_hdr)); | ||
378 | 661 | ||
379 | isLargeBuf = false; | 662 | isLargeBuf = false; |
380 | isMultiRsp = false; | 663 | isMultiRsp = false; |
381 | smb_buffer = smallbuf; | 664 | smb_buffer = (struct smb_hdr *)smallbuf; |
382 | iov.iov_base = smb_buffer; | 665 | buf = smallbuf; |
666 | iov.iov_base = buf; | ||
383 | iov.iov_len = 4; | 667 | iov.iov_len = 4; |
384 | smb_msg.msg_control = NULL; | 668 | smb_msg.msg_control = NULL; |
385 | smb_msg.msg_controllen = 0; | 669 | smb_msg.msg_controllen = 0; |
@@ -393,158 +677,50 @@ incomplete_rcv: | |||
393 | "Reconnecting...", server->hostname, | 677 | "Reconnecting...", server->hostname, |
394 | (echo_retries * SMB_ECHO_INTERVAL / HZ)); | 678 | (echo_retries * SMB_ECHO_INTERVAL / HZ)); |
395 | cifs_reconnect(server); | 679 | cifs_reconnect(server); |
396 | csocket = server->ssocket; | ||
397 | wake_up(&server->response_q); | 680 | wake_up(&server->response_q); |
398 | continue; | 681 | continue; |
399 | } | 682 | } |
400 | 683 | ||
401 | length = | 684 | rc = read_from_socket(server, &smb_msg, &iov, pdu_length, |
402 | kernel_recvmsg(csocket, &smb_msg, | 685 | &total_read, true /* header read */); |
403 | &iov, 1, pdu_length, 0 /* BB other flags? */); | 686 | if (rc == 3) |
404 | 687 | goto incomplete_rcv; | |
405 | if (server->tcpStatus == CifsExiting) { | 688 | else if (rc == 2) |
406 | break; | 689 | break; |
407 | } else if (server->tcpStatus == CifsNeedReconnect) { | 690 | else if (rc == 1) |
408 | cFYI(1, "Reconnect after server stopped responding"); | ||
409 | cifs_reconnect(server); | ||
410 | cFYI(1, "call to reconnect done"); | ||
411 | csocket = server->ssocket; | ||
412 | continue; | ||
413 | } else if (length == -ERESTARTSYS || | ||
414 | length == -EAGAIN || | ||
415 | length == -EINTR) { | ||
416 | msleep(1); /* minimum sleep to prevent looping | ||
417 | allowing socket to clear and app threads to set | ||
418 | tcpStatus CifsNeedReconnect if server hung */ | ||
419 | if (pdu_length < 4) { | ||
420 | iov.iov_base = (4 - pdu_length) + | ||
421 | (char *)smb_buffer; | ||
422 | iov.iov_len = pdu_length; | ||
423 | smb_msg.msg_control = NULL; | ||
424 | smb_msg.msg_controllen = 0; | ||
425 | goto incomplete_rcv; | ||
426 | } else | ||
427 | continue; | ||
428 | } else if (length <= 0) { | ||
429 | cFYI(1, "Reconnect after unexpected peek error %d", | ||
430 | length); | ||
431 | cifs_reconnect(server); | ||
432 | csocket = server->ssocket; | ||
433 | wake_up(&server->response_q); | ||
434 | continue; | 691 | continue; |
435 | } else if (length < pdu_length) { | ||
436 | cFYI(1, "requested %d bytes but only got %d bytes", | ||
437 | pdu_length, length); | ||
438 | pdu_length -= length; | ||
439 | msleep(1); | ||
440 | goto incomplete_rcv; | ||
441 | } | ||
442 | |||
443 | /* The right amount was read from socket - 4 bytes */ | ||
444 | /* so we can now interpret the length field */ | ||
445 | 692 | ||
446 | /* the first byte big endian of the length field, | 693 | /* |
447 | is actually not part of the length but the type | 694 | * The right amount was read from socket - 4 bytes, |
448 | with the most common, zero, as regular data */ | 695 | * so we can now interpret the length field. |
449 | temp = *((char *) smb_buffer); | 696 | */ |
450 | 697 | ||
451 | /* Note that FC 1001 length is big endian on the wire, | 698 | /* |
452 | but we convert it here so it is always manipulated | 699 | * Note that RFC 1001 length is big endian on the wire, |
453 | as host byte order */ | 700 | * but we convert it here so it is always manipulated |
701 | * as host byte order. | ||
702 | */ | ||
454 | pdu_length = be32_to_cpu(smb_buffer->smb_buf_length); | 703 | pdu_length = be32_to_cpu(smb_buffer->smb_buf_length); |
455 | 704 | ||
456 | cFYI(1, "rfc1002 length 0x%x", pdu_length+4); | 705 | cFYI(1, "rfc1002 length 0x%x", pdu_length+4); |
457 | 706 | if (!check_rfc1002_header(server, buf)) | |
458 | if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) { | ||
459 | continue; | ||
460 | } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) { | ||
461 | cFYI(1, "Good RFC 1002 session rsp"); | ||
462 | continue; | ||
463 | } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) { | ||
464 | /* we get this from Windows 98 instead of | ||
465 | an error on SMB negprot response */ | ||
466 | cFYI(1, "Negative RFC1002 Session Response Error 0x%x)", | ||
467 | pdu_length); | ||
468 | /* give server a second to clean up */ | ||
469 | msleep(1000); | ||
470 | /* always try 445 first on reconnect since we get NACK | ||
471 | * on some if we ever connected to port 139 (the NACK | ||
472 | * is since we do not begin with RFC1001 session | ||
473 | * initialize frame) | ||
474 | */ | ||
475 | cifs_set_port((struct sockaddr *) | ||
476 | &server->dstaddr, CIFS_PORT); | ||
477 | cifs_reconnect(server); | ||
478 | csocket = server->ssocket; | ||
479 | wake_up(&server->response_q); | ||
480 | continue; | ||
481 | } else if (temp != (char) 0) { | ||
482 | cERROR(1, "Unknown RFC 1002 frame"); | ||
483 | cifs_dump_mem(" Received Data: ", (char *)smb_buffer, | ||
484 | length); | ||
485 | cifs_reconnect(server); | ||
486 | csocket = server->ssocket; | ||
487 | continue; | 707 | continue; |
488 | } | ||
489 | |||
490 | /* else we have an SMB response */ | ||
491 | if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) || | ||
492 | (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) { | ||
493 | cERROR(1, "Invalid size SMB length %d pdu_length %d", | ||
494 | length, pdu_length+4); | ||
495 | cifs_reconnect(server); | ||
496 | csocket = server->ssocket; | ||
497 | wake_up(&server->response_q); | ||
498 | continue; | ||
499 | } | ||
500 | 708 | ||
501 | /* else length ok */ | 709 | /* else length ok */ |
502 | reconnect = 0; | ||
503 | |||
504 | if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) { | 710 | if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) { |
505 | isLargeBuf = true; | 711 | isLargeBuf = true; |
506 | memcpy(bigbuf, smallbuf, 4); | 712 | memcpy(bigbuf, smallbuf, 4); |
507 | smb_buffer = bigbuf; | 713 | smb_buffer = (struct smb_hdr *)bigbuf; |
714 | buf = bigbuf; | ||
508 | } | 715 | } |
509 | length = 0; | 716 | |
510 | iov.iov_base = 4 + (char *)smb_buffer; | 717 | iov.iov_base = 4 + buf; |
511 | iov.iov_len = pdu_length; | 718 | iov.iov_len = pdu_length; |
512 | for (total_read = 0; total_read < pdu_length; | 719 | rc = read_from_socket(server, &smb_msg, &iov, pdu_length, |
513 | total_read += length) { | 720 | &total_read, false); |
514 | length = kernel_recvmsg(csocket, &smb_msg, &iov, 1, | 721 | if (rc == 2) |
515 | pdu_length - total_read, 0); | ||
516 | if (server->tcpStatus == CifsExiting) { | ||
517 | /* then will exit */ | ||
518 | reconnect = 2; | ||
519 | break; | ||
520 | } else if (server->tcpStatus == CifsNeedReconnect) { | ||
521 | cifs_reconnect(server); | ||
522 | csocket = server->ssocket; | ||
523 | /* Reconnect wakes up rspns q */ | ||
524 | /* Now we will reread sock */ | ||
525 | reconnect = 1; | ||
526 | break; | ||
527 | } else if (length == -ERESTARTSYS || | ||
528 | length == -EAGAIN || | ||
529 | length == -EINTR) { | ||
530 | msleep(1); /* minimum sleep to prevent looping, | ||
531 | allowing socket to clear and app | ||
532 | threads to set tcpStatus | ||
533 | CifsNeedReconnect if server hung*/ | ||
534 | length = 0; | ||
535 | continue; | ||
536 | } else if (length <= 0) { | ||
537 | cERROR(1, "Received no data, expecting %d", | ||
538 | pdu_length - total_read); | ||
539 | cifs_reconnect(server); | ||
540 | csocket = server->ssocket; | ||
541 | reconnect = 1; | ||
542 | break; | ||
543 | } | ||
544 | } | ||
545 | if (reconnect == 2) | ||
546 | break; | 722 | break; |
547 | else if (reconnect == 1) | 723 | else if (rc == 1) |
548 | continue; | 724 | continue; |
549 | 725 | ||
550 | total_read += 4; /* account for rfc1002 hdr */ | 726 | total_read += 4; /* account for rfc1002 hdr */ |
@@ -562,75 +738,13 @@ incomplete_rcv: | |||
562 | */ | 738 | */ |
563 | length = checkSMB(smb_buffer, smb_buffer->Mid, total_read); | 739 | length = checkSMB(smb_buffer, smb_buffer->Mid, total_read); |
564 | if (length != 0) | 740 | if (length != 0) |
565 | cifs_dump_mem("Bad SMB: ", smb_buffer, | 741 | cifs_dump_mem("Bad SMB: ", buf, |
566 | min_t(unsigned int, total_read, 48)); | 742 | min_t(unsigned int, total_read, 48)); |
567 | 743 | ||
568 | mid_entry = NULL; | ||
569 | server->lstrp = jiffies; | 744 | server->lstrp = jiffies; |
570 | 745 | ||
571 | spin_lock(&GlobalMid_Lock); | 746 | mid_entry = find_cifs_mid(server, smb_buffer, &length, |
572 | list_for_each_safe(tmp, tmp2, &server->pending_mid_q) { | 747 | isLargeBuf, &isMultiRsp, &bigbuf); |
573 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
574 | |||
575 | if (mid_entry->mid != smb_buffer->Mid || | ||
576 | mid_entry->midState != MID_REQUEST_SUBMITTED || | ||
577 | mid_entry->command != smb_buffer->Command) { | ||
578 | mid_entry = NULL; | ||
579 | continue; | ||
580 | } | ||
581 | |||
582 | if (length == 0 && | ||
583 | check2ndT2(smb_buffer, server->maxBuf) > 0) { | ||
584 | /* We have a multipart transact2 resp */ | ||
585 | isMultiRsp = true; | ||
586 | if (mid_entry->resp_buf) { | ||
587 | /* merge response - fix up 1st*/ | ||
588 | length = coalesce_t2(smb_buffer, | ||
589 | mid_entry->resp_buf); | ||
590 | if (length > 0) { | ||
591 | length = 0; | ||
592 | mid_entry->multiRsp = true; | ||
593 | break; | ||
594 | } else { | ||
595 | /* all parts received or | ||
596 | * packet is malformed | ||
597 | */ | ||
598 | mid_entry->multiEnd = true; | ||
599 | goto multi_t2_fnd; | ||
600 | } | ||
601 | } else { | ||
602 | if (!isLargeBuf) { | ||
603 | /* | ||
604 | * FIXME: switch to already | ||
605 | * allocated largebuf? | ||
606 | */ | ||
607 | cERROR(1, "1st trans2 resp " | ||
608 | "needs bigbuf"); | ||
609 | } else { | ||
610 | /* Have first buffer */ | ||
611 | mid_entry->resp_buf = | ||
612 | smb_buffer; | ||
613 | mid_entry->largeBuf = true; | ||
614 | bigbuf = NULL; | ||
615 | } | ||
616 | } | ||
617 | break; | ||
618 | } | ||
619 | mid_entry->resp_buf = smb_buffer; | ||
620 | mid_entry->largeBuf = isLargeBuf; | ||
621 | multi_t2_fnd: | ||
622 | if (length == 0) | ||
623 | mid_entry->midState = MID_RESPONSE_RECEIVED; | ||
624 | else | ||
625 | mid_entry->midState = MID_RESPONSE_MALFORMED; | ||
626 | #ifdef CONFIG_CIFS_STATS2 | ||
627 | mid_entry->when_received = jiffies; | ||
628 | #endif | ||
629 | list_del_init(&mid_entry->qhead); | ||
630 | break; | ||
631 | } | ||
632 | spin_unlock(&GlobalMid_Lock); | ||
633 | |||
634 | if (mid_entry != NULL) { | 748 | if (mid_entry != NULL) { |
635 | mid_entry->callback(mid_entry); | 749 | mid_entry->callback(mid_entry); |
636 | /* Was previous buf put in mpx struct for multi-rsp? */ | 750 | /* Was previous buf put in mpx struct for multi-rsp? */ |
@@ -648,7 +762,7 @@ multi_t2_fnd: | |||
648 | !isMultiRsp) { | 762 | !isMultiRsp) { |
649 | cERROR(1, "No task to wake, unknown frame received! " | 763 | cERROR(1, "No task to wake, unknown frame received! " |
650 | "NumMids %d", atomic_read(&midCount)); | 764 | "NumMids %d", atomic_read(&midCount)); |
651 | cifs_dump_mem("Received Data is: ", (char *)smb_buffer, | 765 | cifs_dump_mem("Received Data is: ", buf, |
652 | sizeof(struct smb_hdr)); | 766 | sizeof(struct smb_hdr)); |
653 | #ifdef CONFIG_CIFS_DEBUG2 | 767 | #ifdef CONFIG_CIFS_DEBUG2 |
654 | cifs_dump_detail(smb_buffer); | 768 | cifs_dump_detail(smb_buffer); |
@@ -658,88 +772,13 @@ multi_t2_fnd: | |||
658 | } | 772 | } |
659 | } /* end while !EXITING */ | 773 | } /* end while !EXITING */ |
660 | 774 | ||
661 | /* take it off the list, if it's not already */ | ||
662 | spin_lock(&cifs_tcp_ses_lock); | ||
663 | list_del_init(&server->tcp_ses_list); | ||
664 | spin_unlock(&cifs_tcp_ses_lock); | ||
665 | |||
666 | spin_lock(&GlobalMid_Lock); | ||
667 | server->tcpStatus = CifsExiting; | ||
668 | spin_unlock(&GlobalMid_Lock); | ||
669 | wake_up_all(&server->response_q); | ||
670 | |||
671 | /* check if we have blocked requests that need to free */ | ||
672 | /* Note that cifs_max_pending is normally 50, but | ||
673 | can be set at module install time to as little as two */ | ||
674 | spin_lock(&GlobalMid_Lock); | ||
675 | if (atomic_read(&server->inFlight) >= cifs_max_pending) | ||
676 | atomic_set(&server->inFlight, cifs_max_pending - 1); | ||
677 | /* We do not want to set the max_pending too low or we | ||
678 | could end up with the counter going negative */ | ||
679 | spin_unlock(&GlobalMid_Lock); | ||
680 | /* Although there should not be any requests blocked on | ||
681 | this queue it can not hurt to be paranoid and try to wake up requests | ||
682 | that may haven been blocked when more than 50 at time were on the wire | ||
683 | to the same server - they now will see the session is in exit state | ||
684 | and get out of SendReceive. */ | ||
685 | wake_up_all(&server->request_q); | ||
686 | /* give those requests time to exit */ | ||
687 | msleep(125); | ||
688 | |||
689 | if (server->ssocket) { | ||
690 | sock_release(csocket); | ||
691 | server->ssocket = NULL; | ||
692 | } | ||
693 | /* buffer usually freed in free_mid - need to free it here on exit */ | 775 | /* buffer usually freed in free_mid - need to free it here on exit */ |
694 | cifs_buf_release(bigbuf); | 776 | cifs_buf_release(bigbuf); |
695 | if (smallbuf) /* no sense logging a debug message if NULL */ | 777 | if (smallbuf) /* no sense logging a debug message if NULL */ |
696 | cifs_small_buf_release(smallbuf); | 778 | cifs_small_buf_release(smallbuf); |
697 | 779 | ||
698 | if (!list_empty(&server->pending_mid_q)) { | ||
699 | struct list_head dispose_list; | ||
700 | |||
701 | INIT_LIST_HEAD(&dispose_list); | ||
702 | spin_lock(&GlobalMid_Lock); | ||
703 | list_for_each_safe(tmp, tmp2, &server->pending_mid_q) { | ||
704 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
705 | cFYI(1, "Clearing mid 0x%x", mid_entry->mid); | ||
706 | mid_entry->midState = MID_SHUTDOWN; | ||
707 | list_move(&mid_entry->qhead, &dispose_list); | ||
708 | } | ||
709 | spin_unlock(&GlobalMid_Lock); | ||
710 | |||
711 | /* now walk dispose list and issue callbacks */ | ||
712 | list_for_each_safe(tmp, tmp2, &dispose_list) { | ||
713 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | ||
714 | cFYI(1, "Callback mid 0x%x", mid_entry->mid); | ||
715 | list_del_init(&mid_entry->qhead); | ||
716 | mid_entry->callback(mid_entry); | ||
717 | } | ||
718 | /* 1/8th of sec is more than enough time for them to exit */ | ||
719 | msleep(125); | ||
720 | } | ||
721 | |||
722 | if (!list_empty(&server->pending_mid_q)) { | ||
723 | /* mpx threads have not exited yet give them | ||
724 | at least the smb send timeout time for long ops */ | ||
725 | /* due to delays on oplock break requests, we need | ||
726 | to wait at least 45 seconds before giving up | ||
727 | on a request getting a response and going ahead | ||
728 | and killing cifsd */ | ||
729 | cFYI(1, "Wait for exit from demultiplex thread"); | ||
730 | msleep(46000); | ||
731 | /* if threads still have not exited they are probably never | ||
732 | coming home not much else we can do but free the memory */ | ||
733 | } | ||
734 | |||
735 | kfree(server->hostname); | ||
736 | task_to_wake = xchg(&server->tsk, NULL); | 780 | task_to_wake = xchg(&server->tsk, NULL); |
737 | kfree(server); | 781 | clean_demultiplex_info(server); |
738 | |||
739 | length = atomic_dec_return(&tcpSesAllocCount); | ||
740 | if (length > 0) | ||
741 | mempool_resize(cifs_req_poolp, length + cifs_min_rcv, | ||
742 | GFP_KERNEL); | ||
743 | 782 | ||
744 | /* if server->tsk was NULL then wait for a signal before exiting */ | 783 | /* if server->tsk was NULL then wait for a signal before exiting */ |
745 | if (!task_to_wake) { | 784 | if (!task_to_wake) { |
@@ -3193,15 +3232,9 @@ mount_fail_check: | |||
3193 | else | 3232 | else |
3194 | cifs_put_tcp_session(srvTcp); | 3233 | cifs_put_tcp_session(srvTcp); |
3195 | bdi_destroy(&cifs_sb->bdi); | 3234 | bdi_destroy(&cifs_sb->bdi); |
3196 | goto out; | ||
3197 | } | 3235 | } |
3198 | 3236 | ||
3199 | /* volume_info->password is freed above when existing session found | ||
3200 | (in which case it is not needed anymore) but when new sesion is created | ||
3201 | the password ptr is put in the new session structure (in which case the | ||
3202 | password will be freed at unmount time) */ | ||
3203 | out: | 3237 | out: |
3204 | /* zero out password before freeing */ | ||
3205 | FreeXid(xid); | 3238 | FreeXid(xid); |
3206 | return rc; | 3239 | return rc; |
3207 | } | 3240 | } |
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 378acdafa35..9f41a10523a 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
@@ -314,6 +314,8 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) | |||
314 | } | 314 | } |
315 | spin_unlock(&cifs_file_list_lock); | 315 | spin_unlock(&cifs_file_list_lock); |
316 | 316 | ||
317 | cancel_work_sync(&cifs_file->oplock_break); | ||
318 | |||
317 | if (!tcon->need_reconnect && !cifs_file->invalidHandle) { | 319 | if (!tcon->need_reconnect && !cifs_file->invalidHandle) { |
318 | int xid, rc; | 320 | int xid, rc; |
319 | 321 | ||
@@ -2418,31 +2420,6 @@ void cifs_oplock_break(struct work_struct *work) | |||
2418 | cinode->clientCanCacheRead ? 1 : 0); | 2420 | cinode->clientCanCacheRead ? 1 : 0); |
2419 | cFYI(1, "Oplock release rc = %d", rc); | 2421 | cFYI(1, "Oplock release rc = %d", rc); |
2420 | } | 2422 | } |
2421 | |||
2422 | /* | ||
2423 | * We might have kicked in before is_valid_oplock_break() | ||
2424 | * finished grabbing reference for us. Make sure it's done by | ||
2425 | * waiting for cifs_file_list_lock. | ||
2426 | */ | ||
2427 | spin_lock(&cifs_file_list_lock); | ||
2428 | spin_unlock(&cifs_file_list_lock); | ||
2429 | |||
2430 | cifs_oplock_break_put(cfile); | ||
2431 | } | ||
2432 | |||
2433 | /* must be called while holding cifs_file_list_lock */ | ||
2434 | void cifs_oplock_break_get(struct cifsFileInfo *cfile) | ||
2435 | { | ||
2436 | cifs_sb_active(cfile->dentry->d_sb); | ||
2437 | cifsFileInfo_get(cfile); | ||
2438 | } | ||
2439 | |||
2440 | void cifs_oplock_break_put(struct cifsFileInfo *cfile) | ||
2441 | { | ||
2442 | struct super_block *sb = cfile->dentry->d_sb; | ||
2443 | |||
2444 | cifsFileInfo_put(cfile); | ||
2445 | cifs_sb_deactive(sb); | ||
2446 | } | 2423 | } |
2447 | 2424 | ||
2448 | const struct address_space_operations cifs_addr_ops = { | 2425 | const struct address_space_operations cifs_addr_ops = { |
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 03a1f491d39..7c169339259 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -585,15 +585,8 @@ is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) | |||
585 | 585 | ||
586 | cifs_set_oplock_level(pCifsInode, | 586 | cifs_set_oplock_level(pCifsInode, |
587 | pSMB->OplockLevel ? OPLOCK_READ : 0); | 587 | pSMB->OplockLevel ? OPLOCK_READ : 0); |
588 | /* | 588 | queue_work(system_nrt_wq, |
589 | * cifs_oplock_break_put() can't be called | 589 | &netfile->oplock_break); |
590 | * from here. Get reference after queueing | ||
591 | * succeeded. cifs_oplock_break() will | ||
592 | * synchronize using cifs_file_list_lock. | ||
593 | */ | ||
594 | if (queue_work(system_nrt_wq, | ||
595 | &netfile->oplock_break)) | ||
596 | cifs_oplock_break_get(netfile); | ||
597 | netfile->oplock_break_cancelled = false; | 590 | netfile->oplock_break_cancelled = false; |
598 | 591 | ||
599 | spin_unlock(&cifs_file_list_lock); | 592 | spin_unlock(&cifs_file_list_lock); |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index d3e619692ee..243d5872051 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -124,7 +124,8 @@ static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB) | |||
124 | /* that we use in next few lines */ | 124 | /* that we use in next few lines */ |
125 | /* Note that header is initialized to zero in header_assemble */ | 125 | /* Note that header is initialized to zero in header_assemble */ |
126 | pSMB->req.AndXCommand = 0xFF; | 126 | pSMB->req.AndXCommand = 0xFF; |
127 | pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf); | 127 | pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32, CIFSMaxBufSize - 4, |
128 | USHRT_MAX)); | ||
128 | pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq); | 129 | pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq); |
129 | pSMB->req.VcNumber = get_next_vcnum(ses); | 130 | pSMB->req.VcNumber = get_next_vcnum(ses); |
130 | 131 | ||