1 files changed, 93 insertions, 97 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 9f59887badd2..18d3c7724d6e 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -52,6 +52,9 @@
 #define CIFS_PORT 445
 #define RFC1001_PORT 139
+/* SMB echo "timeout" -- FIXME: tunable? */
+#define SMB_ECHO_INTERVAL (60 * HZ)
 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
                         unsigned char *p24);
@@ -152,6 +155,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
        /* before reconnecting the tcp session, mark the smb session (uid)
                and the tid bad so they are not used until reconnected */
+        cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
        spin_lock(&cifs_tcp_ses_lock);
        list_for_each(tmp, &server->smb_ses_list) {
                ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
@@ -163,7 +167,9 @@ cifs_reconnect(struct TCP_Server_Info *server)
                }
        }
        spin_unlock(&cifs_tcp_ses_lock);
        /* do not want to be sending data on a socket we are freeing */
+        cFYI(1, "%s: tearing down socket", __func__);
        mutex_lock(&server->srv_mutex);
        if (server->ssocket) {
                cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
@@ -180,22 +186,20 @@ cifs_reconnect(struct TCP_Server_Info *server)
        kfree(server->session_key.response);
        server->session_key.response = NULL;
        server->session_key.len = 0;
+        server->lstrp = jiffies;
+        mutex_unlock(&server->srv_mutex);
+        /* mark submitted MIDs for retry and issue callback */
+        cFYI(1, "%s: issuing mid callbacks", __func__);
        spin_lock(&GlobalMid_Lock);
-        list_for_each(tmp, &server->pending_mid_q) {
+        list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
-                mid_entry = list_entry(tmp, struct
+                mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
-                                        mid_q_entry,
+                if (mid_entry->midState == MID_REQUEST_SUBMITTED)
-                                        qhead);
-                if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
-                                /* Mark other intransit requests as needing
-                                   retry so we do not immediately mark the
-                                   session bad again (ie after we reconnect
-                                   below) as they timeout too */
                        mid_entry->midState = MID_RETRY_NEEDED;
-                }
+                list_del_init(&mid_entry->qhead);
+                mid_entry->callback(mid_entry);
        }
        spin_unlock(&GlobalMid_Lock);
-        mutex_unlock(&server->srv_mutex);
        while ((server->tcpStatus != CifsExiting) &&
               (server->tcpStatus != CifsGood)) {
@@ -212,10 +216,9 @@ cifs_reconnect(struct TCP_Server_Info *server)
                        if (server->tcpStatus != CifsExiting)
                                server->tcpStatus = CifsGood;
                        spin_unlock(&GlobalMid_Lock);
-        /*              atomic_set(&server->inFlight,0);*/
-                        wake_up(&server->response_q);
                }
        }
        return rc;
 }
@@ -229,9 +232,8 @@ cifs_reconnect(struct TCP_Server_Info *server)
 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
 {
        struct smb_t2_rsp *pSMBt;
-        int total_data_size;
-        int data_in_this_rsp;
        int remaining;
+        __u16 total_data_size, data_in_this_rsp;
        if (pSMB->Command != SMB_COM_TRANSACTION2)
                return 0;
@@ -245,8 +247,8 @@ static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
        pSMBt = (struct smb_t2_rsp *)pSMB;
-        total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
+        total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
-        data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
+        data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
        remaining = total_data_size - data_in_this_rsp;
@@ -272,21 +274,18 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
 {
        struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
        struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
-        int total_data_size;
-        int total_in_buf;
-        int remaining;
-        int total_in_buf2;
        char *data_area_of_target;
        char *data_area_of_buf2;
-        __u16 byte_count;
+        int remaining;
+        __u16 byte_count, total_data_size, total_in_buf, total_in_buf2;
-        total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
+        total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
-        if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
+        if (total_data_size !=
+            get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
                cFYI(1, "total data size of primary and secondary t2 differ");
-        }
-        total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
+        total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
        remaining = total_data_size - total_in_buf;
@@ -296,28 +295,28 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
        if (remaining == 0) /* nothing to do, ignore */
                return 0;
-        total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
+        total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
        if (remaining < total_in_buf2) {
                cFYI(1, "transact2 2nd response contains too much data");
        }
        /* find end of first SMB data area */
        data_area_of_target = (char *)&pSMBt->hdr.Protocol +
-                                le16_to_cpu(pSMBt->t2_rsp.DataOffset);
+                                get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
        /* validate target area */
-        data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
+        data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
-                                        le16_to_cpu(pSMB2->t2_rsp.DataOffset);
+                                get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
        data_area_of_target += total_in_buf;
        /* copy second buffer into end of first buffer */
        memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
        total_in_buf += total_in_buf2;
-        pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
+        put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
-        byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
+        byte_count = get_bcc_le(pTargetSMB);
        byte_count += total_in_buf2;
-        BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
+        put_bcc_le(byte_count, pTargetSMB);
        byte_count = pTargetSMB->smb_buf_length;
        byte_count += total_in_buf2;
@@ -331,7 +330,26 @@ static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
                return 0; /* we are done */
        } else /* more responses to go */
                return 1;
+}
+static void
+cifs_echo_request(struct work_struct *work)
+{
+        int rc;
+        struct TCP_Server_Info *server = container_of(work,
+                                        struct TCP_Server_Info, echo.work);
+        /* no need to ping if we got a response recently */
+        if (time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
+                goto requeue_echo;
+        rc = CIFSSMBEcho(server);
+        if (rc)
+                cFYI(1, "Unable to send echo request to server: %s",
+                        server->hostname);
+requeue_echo:
+        queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
 }
 static int
@@ -345,8 +363,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
        struct msghdr smb_msg;
        struct kvec iov;
        struct socket *csocket = server->ssocket;
-        struct list_head *tmp;
+        struct list_head *tmp, *tmp2;
-        struct cifsSesInfo *ses;
        struct task_struct *task_to_wake = NULL;
        struct mid_q_entry *mid_entry;
        char temp;
@@ -399,7 +416,20 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
                smb_msg.msg_control = NULL;
                smb_msg.msg_controllen = 0;
                pdu_length = 4; /* enough to get RFC1001 header */
 incomplete_rcv:
+                if (echo_retries > 0 &&
+                    time_after(jiffies, server->lstrp +
+                                        (echo_retries * SMB_ECHO_INTERVAL))) {
+                        cERROR(1, "Server %s has not responded in %d seconds. "
+                                  "Reconnecting...", server->hostname,
+                                  (echo_retries * SMB_ECHO_INTERVAL / HZ));
+                        cifs_reconnect(server);
+                        csocket = server->ssocket;
+                        wake_up(&server->response_q);
+                        continue;
+                }
                length =
                    kernel_recvmsg(csocket, &smb_msg,
                                &iov, 1, pdu_length, 0 /* BB other flags? */);
@@ -559,10 +589,11 @@ incomplete_rcv:
                        continue;
                }
+                mid_entry = NULL;
+                server->lstrp = jiffies;
-                task_to_wake = NULL;
                spin_lock(&GlobalMid_Lock);
-                list_for_each(tmp, &server->pending_mid_q) {
+                list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
                        if ((mid_entry->mid == smb_buffer->Mid) &&
@@ -603,20 +634,19 @@ incomplete_rcv:
                                mid_entry->resp_buf = smb_buffer;
                                mid_entry->largeBuf = isLargeBuf;
 multi_t2_fnd:
-                                task_to_wake = mid_entry->tsk;
                                mid_entry->midState = MID_RESPONSE_RECEIVED;
+                                list_del_init(&mid_entry->qhead);
+                                mid_entry->callback(mid_entry);
 #ifdef CONFIG_CIFS_STATS2
                                mid_entry->when_received = jiffies;
 #endif
-                                /* so we do not time out requests to  server
-                                which is still responding (since server could
-                                be busy but not dead) */
-                                server->lstrp = jiffies;
                                break;
                        }
+                        mid_entry = NULL;
                }
                spin_unlock(&GlobalMid_Lock);
-                if (task_to_wake) {
+                if (mid_entry != NULL) {
                        /* Was previous buf put in mpx struct for multi-rsp? */
                        if (!isMultiRsp) {
                                /* smb buffer will be freed by user thread */
@@ -625,11 +655,10 @@ multi_t2_fnd:
                                else
                                        smallbuf = NULL;
                        }
-                        wake_up_process(task_to_wake);
                } else if (!is_valid_oplock_break(smb_buffer, server) &&
                           !isMultiRsp) {
                        cERROR(1, "No task to wake, unknown frame received! "
-                                   "NumMids %d", midCount.counter);
+                                   "NumMids %d", atomic_read(&midCount));
                        cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
                                      sizeof(struct smb_hdr));
 #ifdef CONFIG_CIFS_DEBUG2
@@ -677,44 +706,16 @@ multi_t2_fnd:
        if (smallbuf) /* no sense logging a debug message if NULL */
                cifs_small_buf_release(smallbuf);
-        /*
+        if (!list_empty(&server->pending_mid_q)) {
-         * BB: we shouldn't have to do any of this. It shouldn't be
-         * possible to exit from the thread with active SMB sessions
-         */
-        spin_lock(&cifs_tcp_ses_lock);
-        if (list_empty(&server->pending_mid_q)) {
-                /* loop through server session structures attached to this and
-                    mark them dead */
-                list_for_each(tmp, &server->smb_ses_list) {
-                        ses = list_entry(tmp, struct cifsSesInfo,
-                                         smb_ses_list);
-                        ses->status = CifsExiting;
-                        ses->server = NULL;
-                }
-                spin_unlock(&cifs_tcp_ses_lock);
-        } else {
-                /* although we can not zero the server struct pointer yet,
-                since there are active requests which may depnd on them,
-                mark the corresponding SMB sessions as exiting too */
-                list_for_each(tmp, &server->smb_ses_list) {
-                        ses = list_entry(tmp, struct cifsSesInfo,
-                                         smb_ses_list);
-                        ses->status = CifsExiting;
-                }
                spin_lock(&GlobalMid_Lock);
-                list_for_each(tmp, &server->pending_mid_q) {
+                list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
-                mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
+                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
-                        if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
+                        cFYI(1, "Clearing Mid 0x%x - issuing callback",
-                                cFYI(1, "Clearing Mid 0x%x - waking up ",
                                         mid_entry->mid);
-                                task_to_wake = mid_entry->tsk;
+                        list_del_init(&mid_entry->qhead);
-                                if (task_to_wake)
+                        mid_entry->callback(mid_entry);
-                                        wake_up_process(task_to_wake);
-                        }
                }
                spin_unlock(&GlobalMid_Lock);
-                spin_unlock(&cifs_tcp_ses_lock);
                /* 1/8th of sec is more than enough time for them to exit */
                msleep(125);
        }
@@ -732,18 +733,6 @@ multi_t2_fnd:
                coming home not much else we can do but free the memory */
        }
-        /* last chance to mark ses pointers invalid
-        if there are any pointing to this (e.g
-        if a crazy root user tried to kill cifsd
-        kernel thread explicitly this might happen) */
-        /* BB: This shouldn't be necessary, see above */
-        spin_lock(&cifs_tcp_ses_lock);
-        list_for_each(tmp, &server->smb_ses_list) {
-                ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
-                ses->server = NULL;
-        }
-        spin_unlock(&cifs_tcp_ses_lock);
        kfree(server->hostname);
        task_to_wake = xchg(&server->tsk, NULL);
        kfree(server);
@@ -1612,6 +1601,8 @@ cifs_put_tcp_session(struct TCP_Server_Info *server)
        list_del_init(&server->tcp_ses_list);
        spin_unlock(&cifs_tcp_ses_lock);
+        cancel_delayed_work_sync(&server->echo);
        spin_lock(&GlobalMid_Lock);
        server->tcpStatus = CifsExiting;
        spin_unlock(&GlobalMid_Lock);
@@ -1701,8 +1692,10 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
                volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
        tcp_ses->session_estab = false;
        tcp_ses->sequence_number = 0;
+        tcp_ses->lstrp = jiffies;
        INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
        INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
+        INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
        /*
         * at this point we are the only ones with the pointer
@@ -1751,6 +1744,9 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
        cifs_fscache_get_client_cookie(tcp_ses);
+        /* queue echo request delayed work */
+        queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
        return tcp_ses;
 out_err_crypto_release:
@@ -2936,8 +2932,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
        TCONX_RSP *pSMBr;
        unsigned char *bcc_ptr;
        int rc = 0;
-        int length, bytes_left;
+        int length;
-        __u16 count;
+        __u16 bytes_left, count;
        if (ses == NULL)
                return -EIO;
@@ -2965,7 +2961,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
                bcc_ptr++;              /* skip password */
                /* already aligned so no need to do it below */
        } else {
-                pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
+                pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
                /* BB FIXME add code to fail this if NTLMv2 or Kerberos
                   specified as required (when that support is added to
                   the vfs in the future) as only NTLM or the much
@@ -2983,7 +2979,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
 #endif /* CIFS_WEAK_PW_HASH */
                SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
-                bcc_ptr += CIFS_SESS_KEY_SIZE;
+                bcc_ptr += CIFS_AUTH_RESP_SIZE;
                if (ses->capabilities & CAP_UNICODE) {
                        /* must align unicode strings */
                        *bcc_ptr = 0; /* null byte password */
@@ -3021,7 +3017,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
        pSMB->ByteCount = cpu_to_le16(count);
        rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
-                         CIFS_STD_OP);
+                         0);
        /* above now done in SendReceive */
        if ((rc == 0) && (tcon != NULL)) {
@@ -3031,7 +3027,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
                tcon->need_reconnect = false;
                tcon->tid = smb_buffer_response->Tid;
                bcc_ptr = pByteArea(smb_buffer_response);
-                bytes_left = BCC(smb_buffer_response);
+                bytes_left = get_bcc(smb_buffer_response);
                length = strnlen(bcc_ptr, bytes_left - 2);
                if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
                        is_unicode = true;

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 9f59887badd2..18d3c7724d6e 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c
@@ -52,6 +52,9 @@
52	#define CIFS_PORT 445	52	#define CIFS_PORT 445
53	#define RFC1001_PORT 139	53	#define RFC1001_PORT 139
54		54
		55	/* SMB echo "timeout" -- FIXME: tunable? */
		56	#define SMB_ECHO_INTERVAL (60 * HZ)
		57
55	extern void SMBNTencrypt(unsigned char passwd, unsigned char c8,	58	extern void SMBNTencrypt(unsigned char passwd, unsigned char c8,
56	unsigned char *p24);	59	unsigned char *p24);
57		60
@@ -152,6 +155,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
152		155
153	/* before reconnecting the tcp session, mark the smb session (uid)	156	/* before reconnecting the tcp session, mark the smb session (uid)
154	and the tid bad so they are not used until reconnected */	157	and the tid bad so they are not used until reconnected */
		158	cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
155	spin_lock(&cifs_tcp_ses_lock);	159	spin_lock(&cifs_tcp_ses_lock);
156	list_for_each(tmp, &server->smb_ses_list) {	160	list_for_each(tmp, &server->smb_ses_list) {
157	ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);	161	ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
@@ -163,7 +167,9 @@ cifs_reconnect(struct TCP_Server_Info *server)
163	}	167	}
164	}	168	}
165	spin_unlock(&cifs_tcp_ses_lock);	169	spin_unlock(&cifs_tcp_ses_lock);
		170
166	/* do not want to be sending data on a socket we are freeing */	171	/* do not want to be sending data on a socket we are freeing */
		172	cFYI(1, "%s: tearing down socket", __func__);
167	mutex_lock(&server->srv_mutex);	173	mutex_lock(&server->srv_mutex);
168	if (server->ssocket) {	174	if (server->ssocket) {
169	cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,	175	cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
@@ -180,22 +186,20 @@ cifs_reconnect(struct TCP_Server_Info *server)
180	kfree(server->session_key.response);	186	kfree(server->session_key.response);
181	server->session_key.response = NULL;	187	server->session_key.response = NULL;
182	server->session_key.len = 0;	188	server->session_key.len = 0;
		189	server->lstrp = jiffies;
		190	mutex_unlock(&server->srv_mutex);
183		191
		192	/* mark submitted MIDs for retry and issue callback */
		193	cFYI(1, "%s: issuing mid callbacks", __func__);
184	spin_lock(&GlobalMid_Lock);	194	spin_lock(&GlobalMid_Lock);
185	list_for_each(tmp, &server->pending_mid_q) {	195	list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
186	mid_entry = list_entry(tmp, struct	196	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
187	mid_q_entry,	197	if (mid_entry->midState == MID_REQUEST_SUBMITTED)
188	qhead);
189	if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
190	/* Mark other intransit requests as needing
191	retry so we do not immediately mark the
192	session bad again (ie after we reconnect
193	below) as they timeout too */
194	mid_entry->midState = MID_RETRY_NEEDED;	198	mid_entry->midState = MID_RETRY_NEEDED;
195	}	199	list_del_init(&mid_entry->qhead);
		200	mid_entry->callback(mid_entry);
196	}	201	}
197	spin_unlock(&GlobalMid_Lock);	202	spin_unlock(&GlobalMid_Lock);
198	mutex_unlock(&server->srv_mutex);
199		203
200	while ((server->tcpStatus != CifsExiting) &&	204	while ((server->tcpStatus != CifsExiting) &&
201	(server->tcpStatus != CifsGood)) {	205	(server->tcpStatus != CifsGood)) {
@@ -212,10 +216,9 @@ cifs_reconnect(struct TCP_Server_Info *server)
212	if (server->tcpStatus != CifsExiting)	216	if (server->tcpStatus != CifsExiting)
213	server->tcpStatus = CifsGood;	217	server->tcpStatus = CifsGood;
214	spin_unlock(&GlobalMid_Lock);	218	spin_unlock(&GlobalMid_Lock);
215	/* atomic_set(&server->inFlight,0);*/
216	wake_up(&server->response_q);
217	}	219	}
218	}	220	}
		221
219	return rc;	222	return rc;
220	}	223	}
221		224
@@ -229,9 +232,8 @@ cifs_reconnect(struct TCP_Server_Info *server)
229	static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)	232	static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
230	{	233	{
231	struct smb_t2_rsp *pSMBt;	234	struct smb_t2_rsp *pSMBt;
232	int total_data_size;
233	int data_in_this_rsp;
234	int remaining;	235	int remaining;
		236	__u16 total_data_size, data_in_this_rsp;
235		237
236	if (pSMB->Command != SMB_COM_TRANSACTION2)	238	if (pSMB->Command != SMB_COM_TRANSACTION2)
237	return 0;	239	return 0;
@@ -245,8 +247,8 @@ static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
245		247
246	pSMBt = (struct smb_t2_rsp *)pSMB;	248	pSMBt = (struct smb_t2_rsp *)pSMB;
247		249
248	total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);	250	total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
249	data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);	251	data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
250		252
251	remaining = total_data_size - data_in_this_rsp;	253	remaining = total_data_size - data_in_this_rsp;
252		254
@@ -272,21 +274,18 @@ static int coalesce_t2(struct smb_hdr psecond, struct smb_hdr pTargetSMB)
272	{	274	{
273	struct smb_t2_rsp pSMB2 = (struct smb_t2_rsp )psecond;	275	struct smb_t2_rsp pSMB2 = (struct smb_t2_rsp )psecond;
274	struct smb_t2_rsp pSMBt = (struct smb_t2_rsp )pTargetSMB;	276	struct smb_t2_rsp pSMBt = (struct smb_t2_rsp )pTargetSMB;
275	int total_data_size;
276	int total_in_buf;
277	int remaining;
278	int total_in_buf2;
279	char *data_area_of_target;	277	char *data_area_of_target;
280	char *data_area_of_buf2;	278	char *data_area_of_buf2;
281	__u16 byte_count;	279	int remaining;
		280	__u16 byte_count, total_data_size, total_in_buf, total_in_buf2;
282		281
283	total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);	282	total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
284		283
285	if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {	284	if (total_data_size !=
		285	get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
286	cFYI(1, "total data size of primary and secondary t2 differ");	286	cFYI(1, "total data size of primary and secondary t2 differ");
287	}
288		287
289	total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);	288	total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
290		289
291	remaining = total_data_size - total_in_buf;	290	remaining = total_data_size - total_in_buf;
292		291
@@ -296,28 +295,28 @@ static int coalesce_t2(struct smb_hdr psecond, struct smb_hdr pTargetSMB)
296	if (remaining == 0) /* nothing to do, ignore */	295	if (remaining == 0) /* nothing to do, ignore */
297	return 0;	296	return 0;
298		297
299	total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);	298	total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
300	if (remaining < total_in_buf2) {	299	if (remaining < total_in_buf2) {
301	cFYI(1, "transact2 2nd response contains too much data");	300	cFYI(1, "transact2 2nd response contains too much data");
302	}	301	}
303		302
304	/* find end of first SMB data area */	303	/* find end of first SMB data area */
305	data_area_of_target = (char *)&pSMBt->hdr.Protocol +	304	data_area_of_target = (char *)&pSMBt->hdr.Protocol +
306	le16_to_cpu(pSMBt->t2_rsp.DataOffset);	305	get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
307	/* validate target area */	306	/* validate target area */
308		307
309	data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +	308	data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
310	le16_to_cpu(pSMB2->t2_rsp.DataOffset);	309	get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
311		310
312	data_area_of_target += total_in_buf;	311	data_area_of_target += total_in_buf;
313		312
314	/* copy second buffer into end of first buffer */	313	/* copy second buffer into end of first buffer */
315	memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);	314	memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
316	total_in_buf += total_in_buf2;	315	total_in_buf += total_in_buf2;
317	pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);	316	put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
318	byte_count = le16_to_cpu(BCC_LE(pTargetSMB));	317	byte_count = get_bcc_le(pTargetSMB);
319	byte_count += total_in_buf2;	318	byte_count += total_in_buf2;
320	BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);	319	put_bcc_le(byte_count, pTargetSMB);
321		320
322	byte_count = pTargetSMB->smb_buf_length;	321	byte_count = pTargetSMB->smb_buf_length;
323	byte_count += total_in_buf2;	322	byte_count += total_in_buf2;
@@ -331,7 +330,26 @@ static int coalesce_t2(struct smb_hdr psecond, struct smb_hdr pTargetSMB)
331	return 0; /* we are done */	330	return 0; /* we are done */
332	} else /* more responses to go */	331	} else /* more responses to go */
333	return 1;	332	return 1;
		333	}
		334
		335	static void
		336	cifs_echo_request(struct work_struct *work)
		337	{
		338	int rc;
		339	struct TCP_Server_Info *server = container_of(work,
		340	struct TCP_Server_Info, echo.work);
		341
		342	/* no need to ping if we got a response recently */
		343	if (time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
		344	goto requeue_echo;
334		345
		346	rc = CIFSSMBEcho(server);
		347	if (rc)
		348	cFYI(1, "Unable to send echo request to server: %s",
		349	server->hostname);
		350
		351	requeue_echo:
		352	queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
335	}	353	}
336		354
337	static int	355	static int
@@ -345,8 +363,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
345	struct msghdr smb_msg;	363	struct msghdr smb_msg;
346	struct kvec iov;	364	struct kvec iov;
347	struct socket *csocket = server->ssocket;	365	struct socket *csocket = server->ssocket;
348	struct list_head *tmp;	366	struct list_head tmp, tmp2;
349	struct cifsSesInfo *ses;
350	struct task_struct *task_to_wake = NULL;	367	struct task_struct *task_to_wake = NULL;
351	struct mid_q_entry *mid_entry;	368	struct mid_q_entry *mid_entry;
352	char temp;	369	char temp;
@@ -399,7 +416,20 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
399	smb_msg.msg_control = NULL;	416	smb_msg.msg_control = NULL;
400	smb_msg.msg_controllen = 0;	417	smb_msg.msg_controllen = 0;
401	pdu_length = 4; /* enough to get RFC1001 header */	418	pdu_length = 4; /* enough to get RFC1001 header */
		419
402	incomplete_rcv:	420	incomplete_rcv:
		421	if (echo_retries > 0 &&
		422	time_after(jiffies, server->lstrp +
		423	(echo_retries * SMB_ECHO_INTERVAL))) {
		424	cERROR(1, "Server %s has not responded in %d seconds. "
		425	"Reconnecting...", server->hostname,
		426	(echo_retries * SMB_ECHO_INTERVAL / HZ));
		427	cifs_reconnect(server);
		428	csocket = server->ssocket;
		429	wake_up(&server->response_q);
		430	continue;
		431	}
		432
403	length =	433	length =
404	kernel_recvmsg(csocket, &smb_msg,	434	kernel_recvmsg(csocket, &smb_msg,
405	&iov, 1, pdu_length, 0 /* BB other flags? */);	435	&iov, 1, pdu_length, 0 /* BB other flags? */);
@@ -559,10 +589,11 @@ incomplete_rcv:
559	continue;	589	continue;
560	}	590	}
561		591
		592	mid_entry = NULL;
		593	server->lstrp = jiffies;
562		594
563	task_to_wake = NULL;
564	spin_lock(&GlobalMid_Lock);	595	spin_lock(&GlobalMid_Lock);
565	list_for_each(tmp, &server->pending_mid_q) {	596	list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
566	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);	597	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
567		598
568	if ((mid_entry->mid == smb_buffer->Mid) &&	599	if ((mid_entry->mid == smb_buffer->Mid) &&
@@ -603,20 +634,19 @@ incomplete_rcv:
603	mid_entry->resp_buf = smb_buffer;	634	mid_entry->resp_buf = smb_buffer;
604	mid_entry->largeBuf = isLargeBuf;	635	mid_entry->largeBuf = isLargeBuf;
605	multi_t2_fnd:	636	multi_t2_fnd:
606	task_to_wake = mid_entry->tsk;
607	mid_entry->midState = MID_RESPONSE_RECEIVED;	637	mid_entry->midState = MID_RESPONSE_RECEIVED;
		638	list_del_init(&mid_entry->qhead);
		639	mid_entry->callback(mid_entry);
608	#ifdef CONFIG_CIFS_STATS2	640	#ifdef CONFIG_CIFS_STATS2
609	mid_entry->when_received = jiffies;	641	mid_entry->when_received = jiffies;
610	#endif	642	#endif
611	/* so we do not time out requests to server
612	which is still responding (since server could
613	be busy but not dead) */
614	server->lstrp = jiffies;
615	break;	643	break;
616	}	644	}
		645	mid_entry = NULL;
617	}	646	}
618	spin_unlock(&GlobalMid_Lock);	647	spin_unlock(&GlobalMid_Lock);
619	if (task_to_wake) {	648
		649	if (mid_entry != NULL) {
620	/* Was previous buf put in mpx struct for multi-rsp? */	650	/* Was previous buf put in mpx struct for multi-rsp? */
621	if (!isMultiRsp) {	651	if (!isMultiRsp) {
622	/* smb buffer will be freed by user thread */	652	/* smb buffer will be freed by user thread */
@@ -625,11 +655,10 @@ multi_t2_fnd:
625	else	655	else
626	smallbuf = NULL;	656	smallbuf = NULL;
627	}	657	}
628	wake_up_process(task_to_wake);
629	} else if (!is_valid_oplock_break(smb_buffer, server) &&	658	} else if (!is_valid_oplock_break(smb_buffer, server) &&
630	!isMultiRsp) {	659	!isMultiRsp) {
631	cERROR(1, "No task to wake, unknown frame received! "	660	cERROR(1, "No task to wake, unknown frame received! "
632	"NumMids %d", midCount.counter);	661	"NumMids %d", atomic_read(&midCount));
633	cifs_dump_mem("Received Data is: ", (char *)smb_buffer,	662	cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
634	sizeof(struct smb_hdr));	663	sizeof(struct smb_hdr));
635	#ifdef CONFIG_CIFS_DEBUG2	664	#ifdef CONFIG_CIFS_DEBUG2
@@ -677,44 +706,16 @@ multi_t2_fnd:
677	if (smallbuf) /* no sense logging a debug message if NULL */	706	if (smallbuf) /* no sense logging a debug message if NULL */
678	cifs_small_buf_release(smallbuf);	707	cifs_small_buf_release(smallbuf);
679		708
680	/*	709	if (!list_empty(&server->pending_mid_q)) {
681	* BB: we shouldn't have to do any of this. It shouldn't be
682	* possible to exit from the thread with active SMB sessions
683	*/
684	spin_lock(&cifs_tcp_ses_lock);
685	if (list_empty(&server->pending_mid_q)) {
686	/* loop through server session structures attached to this and
687	mark them dead */
688	list_for_each(tmp, &server->smb_ses_list) {
689	ses = list_entry(tmp, struct cifsSesInfo,
690	smb_ses_list);
691	ses->status = CifsExiting;
692	ses->server = NULL;
693	}
694	spin_unlock(&cifs_tcp_ses_lock);
695	} else {
696	/* although we can not zero the server struct pointer yet,
697	since there are active requests which may depnd on them,
698	mark the corresponding SMB sessions as exiting too */
699	list_for_each(tmp, &server->smb_ses_list) {
700	ses = list_entry(tmp, struct cifsSesInfo,
701	smb_ses_list);
702	ses->status = CifsExiting;
703	}
704
705	spin_lock(&GlobalMid_Lock);	710	spin_lock(&GlobalMid_Lock);
706	list_for_each(tmp, &server->pending_mid_q) {	711	list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
707	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);	712	mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
708	if (mid_entry->midState == MID_REQUEST_SUBMITTED) {	713	cFYI(1, "Clearing Mid 0x%x - issuing callback",
709	cFYI(1, "Clearing Mid 0x%x - waking up ",
710	mid_entry->mid);	714	mid_entry->mid);
711	task_to_wake = mid_entry->tsk;	715	list_del_init(&mid_entry->qhead);
712	if (task_to_wake)	716	mid_entry->callback(mid_entry);
713	wake_up_process(task_to_wake);
714	}
715	}	717	}
716	spin_unlock(&GlobalMid_Lock);	718	spin_unlock(&GlobalMid_Lock);
717	spin_unlock(&cifs_tcp_ses_lock);
718	/* 1/8th of sec is more than enough time for them to exit */	719	/* 1/8th of sec is more than enough time for them to exit */
719	msleep(125);	720	msleep(125);
720	}	721	}
@@ -732,18 +733,6 @@ multi_t2_fnd:
732	coming home not much else we can do but free the memory */	733	coming home not much else we can do but free the memory */
733	}	734	}
734		735
735	/* last chance to mark ses pointers invalid
736	if there are any pointing to this (e.g
737	if a crazy root user tried to kill cifsd
738	kernel thread explicitly this might happen) */
739	/* BB: This shouldn't be necessary, see above */
740	spin_lock(&cifs_tcp_ses_lock);
741	list_for_each(tmp, &server->smb_ses_list) {
742	ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
743	ses->server = NULL;
744	}
745	spin_unlock(&cifs_tcp_ses_lock);
746
747	kfree(server->hostname);	736	kfree(server->hostname);
748	task_to_wake = xchg(&server->tsk, NULL);	737	task_to_wake = xchg(&server->tsk, NULL);
749	kfree(server);	738	kfree(server);
@@ -1612,6 +1601,8 @@ cifs_put_tcp_session(struct TCP_Server_Info *server)
1612	list_del_init(&server->tcp_ses_list);	1601	list_del_init(&server->tcp_ses_list);
1613	spin_unlock(&cifs_tcp_ses_lock);	1602	spin_unlock(&cifs_tcp_ses_lock);
1614		1603
		1604	cancel_delayed_work_sync(&server->echo);
		1605
1615	spin_lock(&GlobalMid_Lock);	1606	spin_lock(&GlobalMid_Lock);
1616	server->tcpStatus = CifsExiting;	1607	server->tcpStatus = CifsExiting;
1617	spin_unlock(&GlobalMid_Lock);	1608	spin_unlock(&GlobalMid_Lock);
@@ -1701,8 +1692,10 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
1701	volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);	1692	volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1702	tcp_ses->session_estab = false;	1693	tcp_ses->session_estab = false;
1703	tcp_ses->sequence_number = 0;	1694	tcp_ses->sequence_number = 0;
		1695	tcp_ses->lstrp = jiffies;
1704	INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);	1696	INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1705	INIT_LIST_HEAD(&tcp_ses->smb_ses_list);	1697	INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
		1698	INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1706		1699
1707	/*	1700	/*
1708	* at this point we are the only ones with the pointer	1701	* at this point we are the only ones with the pointer
@@ -1751,6 +1744,9 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
1751		1744
1752	cifs_fscache_get_client_cookie(tcp_ses);	1745	cifs_fscache_get_client_cookie(tcp_ses);
1753		1746
		1747	/* queue echo request delayed work */
		1748	queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
		1749
1754	return tcp_ses;	1750	return tcp_ses;
1755		1751
1756	out_err_crypto_release:	1752	out_err_crypto_release:
@@ -2936,8 +2932,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2936	TCONX_RSP *pSMBr;	2932	TCONX_RSP *pSMBr;
2937	unsigned char *bcc_ptr;	2933	unsigned char *bcc_ptr;
2938	int rc = 0;	2934	int rc = 0;
2939	int length, bytes_left;	2935	int length;
2940	__u16 count;	2936	__u16 bytes_left, count;
2941		2937
2942	if (ses == NULL)	2938	if (ses == NULL)
2943	return -EIO;	2939	return -EIO;
@@ -2965,7 +2961,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2965	bcc_ptr++; /* skip password */	2961	bcc_ptr++; /* skip password */
2966	/* already aligned so no need to do it below */	2962	/* already aligned so no need to do it below */
2967	} else {	2963	} else {
2968	pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);	2964	pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
2969	/* BB FIXME add code to fail this if NTLMv2 or Kerberos	2965	/* BB FIXME add code to fail this if NTLMv2 or Kerberos
2970	specified as required (when that support is added to	2966	specified as required (when that support is added to
2971	the vfs in the future) as only NTLM or the much	2967	the vfs in the future) as only NTLM or the much
@@ -2983,7 +2979,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2983	#endif /* CIFS_WEAK_PW_HASH */	2979	#endif /* CIFS_WEAK_PW_HASH */
2984	SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);	2980	SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
2985		2981
2986	bcc_ptr += CIFS_SESS_KEY_SIZE;	2982	bcc_ptr += CIFS_AUTH_RESP_SIZE;
2987	if (ses->capabilities & CAP_UNICODE) {	2983	if (ses->capabilities & CAP_UNICODE) {
2988	/* must align unicode strings */	2984	/* must align unicode strings */
2989	bcc_ptr = 0; / null byte password */	2985	bcc_ptr = 0; / null byte password */
@@ -3021,7 +3017,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3021	pSMB->ByteCount = cpu_to_le16(count);	3017	pSMB->ByteCount = cpu_to_le16(count);
3022		3018
3023	rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,	3019	rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3024	CIFS_STD_OP);	3020	0);
3025		3021
3026	/* above now done in SendReceive */	3022	/* above now done in SendReceive */
3027	if ((rc == 0) && (tcon != NULL)) {	3023	if ((rc == 0) && (tcon != NULL)) {
@@ -3031,7 +3027,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3031	tcon->need_reconnect = false;	3027	tcon->need_reconnect = false;
3032	tcon->tid = smb_buffer_response->Tid;	3028	tcon->tid = smb_buffer_response->Tid;
3033	bcc_ptr = pByteArea(smb_buffer_response);	3029	bcc_ptr = pByteArea(smb_buffer_response);
3034	bytes_left = BCC(smb_buffer_response);	3030	bytes_left = get_bcc(smb_buffer_response);
3035	length = strnlen(bcc_ptr, bytes_left - 2);	3031	length = strnlen(bcc_ptr, bytes_left - 2);
3036	if (smb_buffer->Flags2 & SMBFLG2_UNICODE)	3032	if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3037	is_unicode = true;	3033	is_unicode = true;