1 files changed, 87 insertions, 4 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 5f22de7b79a9..5c68b4282be9 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -34,15 +34,99 @@
 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
                         unsigned char *p24);
+/* Checks if this is the first smb session to be reconnected after
+   the socket has been reestablished (so we know whether to use vc 0).
+   Called while holding the cifs_tcp_ses_lock, so do not block */
+static bool is_first_ses_reconnect(struct cifsSesInfo *ses)
+{
+        struct list_head *tmp;
+        struct cifsSesInfo *tmp_ses;
+        list_for_each(tmp, &ses->server->smb_ses_list) {
+                tmp_ses = list_entry(tmp, struct cifsSesInfo,
+                                     smb_ses_list);
+                if (tmp_ses->need_reconnect == false)
+                        return false;
+        }
+        /* could not find a session that was already connected,
+           this must be the first one we are reconnecting */
+        return true;
+}
+/*
+ *      vc number 0 is treated specially by some servers, and should be the
+ *      first one we request.  After that we can use vcnumbers up to maxvcs,
+ *      one for each smb session (some Windows versions set maxvcs incorrectly
+ *      so maxvc=1 can be ignored).  If we have too many vcs, we can reuse
+ *      any vc but zero (some servers reset the connection on vcnum zero)
+ *
+ */
+static __le16 get_next_vcnum(struct cifsSesInfo *ses)
+{
+        __u16 vcnum = 0;
+        struct list_head *tmp;
+        struct cifsSesInfo *tmp_ses;
+        __u16 max_vcs = ses->server->max_vcs;
+        __u16 i;
+        int free_vc_found = 0;
+        /* Quoting the MS-SMB specification: "Windows-based SMB servers set this
+        field to one but do not enforce this limit, which allows an SMB client
+        to establish more virtual circuits than allowed by this value ... but
+        other server implementations can enforce this limit." */
+        if (max_vcs < 2)
+                max_vcs = 0xFFFF;
+        write_lock(&cifs_tcp_ses_lock);
+        if ((ses->need_reconnect) && is_first_ses_reconnect(ses))
+                        goto get_vc_num_exit;  /* vcnum will be zero */
+        for (i = ses->server->srv_count - 1; i < max_vcs; i++) {
+                if (i == 0) /* this is the only connection, use vc 0 */
+                        break;
+                free_vc_found = 1;
+                list_for_each(tmp, &ses->server->smb_ses_list) {
+                        tmp_ses = list_entry(tmp, struct cifsSesInfo,
+                                             smb_ses_list);
+                        if (tmp_ses->vcnum == i) {
+                                free_vc_found = 0;
+                                break; /* found duplicate, try next vcnum */
+                        }
+                }
+                if (free_vc_found)
+                        break; /* we found a vcnumber that will work - use it */
+        }
+        if (i == 0)
+                vcnum = 0; /* for most common case, ie if one smb session, use
+                              vc zero.  Also for case when no free vcnum, zero
+                              is safest to send (some clients only send zero) */
+        else if (free_vc_found == 0)
+                vcnum = 1;  /* we can not reuse vc=0 safely, since some servers
+                                reset all uids on that, but 1 is ok. */
+        else
+                vcnum = i;
+        ses->vcnum = vcnum;
+get_vc_num_exit:
+        write_unlock(&cifs_tcp_ses_lock);
+        return le16_to_cpu(vcnum);
+}
 static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB)
 {
        __u32 capabilities = 0;
        /* init fields common to all four types of SessSetup */
-        /* note that header is initialized to zero in header_assemble */
+        /* Note that offsets for first seven fields in req struct are same  */
+        /*      in CIFS Specs so does not matter which of 3 forms of struct */
+        /*      that we use in next few lines                               */
+        /* Note that header is initialized to zero in header_assemble */
        pSMB->req.AndXCommand = 0xFF;
        pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
        pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
+        pSMB->req.VcNumber = get_next_vcnum(ses);
        /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
@@ -71,7 +155,6 @@ static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB)
        if (ses->capabilities & CAP_UNIX)
                capabilities |= CAP_UNIX;
-        /* BB check whether to init vcnum BB */
        return capabilities;
 }
@@ -228,7 +311,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
        kfree(ses->serverOS);
        /* UTF-8 string will not grow more than four times as big as UCS-16 */
-        ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
+        ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverOS != NULL)
                cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
        data += 2 * (len + 1);
@@ -241,7 +324,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
                return rc;
        kfree(ses->serverNOS);
-        ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
+        ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
        if (ses->serverNOS != NULL) {
                cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
                                   nls_cp);

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 5f22de7b79a9..5c68b4282be9 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c
@@ -34,15 +34,99 @@
34	extern void SMBNTencrypt(unsigned char passwd, unsigned char c8,	34	extern void SMBNTencrypt(unsigned char passwd, unsigned char c8,
35	unsigned char *p24);	35	unsigned char *p24);
36		36
		37	/* Checks if this is the first smb session to be reconnected after
		38	the socket has been reestablished (so we know whether to use vc 0).
		39	Called while holding the cifs_tcp_ses_lock, so do not block */
		40	static bool is_first_ses_reconnect(struct cifsSesInfo *ses)
		41	{
		42	struct list_head *tmp;
		43	struct cifsSesInfo *tmp_ses;
		44
		45	list_for_each(tmp, &ses->server->smb_ses_list) {
		46	tmp_ses = list_entry(tmp, struct cifsSesInfo,
		47	smb_ses_list);
		48	if (tmp_ses->need_reconnect == false)
		49	return false;
		50	}
		51	/* could not find a session that was already connected,
		52	this must be the first one we are reconnecting */
		53	return true;
		54	}
		55
		56	/*
		57	* vc number 0 is treated specially by some servers, and should be the
		58	* first one we request. After that we can use vcnumbers up to maxvcs,
		59	* one for each smb session (some Windows versions set maxvcs incorrectly
		60	* so maxvc=1 can be ignored). If we have too many vcs, we can reuse
		61	* any vc but zero (some servers reset the connection on vcnum zero)
		62	*
		63	*/
		64	static __le16 get_next_vcnum(struct cifsSesInfo *ses)
		65	{
		66	__u16 vcnum = 0;
		67	struct list_head *tmp;
		68	struct cifsSesInfo *tmp_ses;
		69	__u16 max_vcs = ses->server->max_vcs;
		70	__u16 i;
		71	int free_vc_found = 0;
		72
		73	/* Quoting the MS-SMB specification: "Windows-based SMB servers set this
		74	field to one but do not enforce this limit, which allows an SMB client
		75	to establish more virtual circuits than allowed by this value ... but
		76	other server implementations can enforce this limit." */
		77	if (max_vcs < 2)
		78	max_vcs = 0xFFFF;
		79
		80	write_lock(&cifs_tcp_ses_lock);
		81	if ((ses->need_reconnect) && is_first_ses_reconnect(ses))
		82	goto get_vc_num_exit; /* vcnum will be zero */
		83	for (i = ses->server->srv_count - 1; i < max_vcs; i++) {
		84	if (i == 0) /* this is the only connection, use vc 0 */
		85	break;
		86
		87	free_vc_found = 1;
		88
		89	list_for_each(tmp, &ses->server->smb_ses_list) {
		90	tmp_ses = list_entry(tmp, struct cifsSesInfo,
		91	smb_ses_list);
		92	if (tmp_ses->vcnum == i) {
		93	free_vc_found = 0;
		94	break; /* found duplicate, try next vcnum */
		95	}
		96	}
		97	if (free_vc_found)
		98	break; /* we found a vcnumber that will work - use it */
		99	}
		100
		101	if (i == 0)
		102	vcnum = 0; /* for most common case, ie if one smb session, use
		103	vc zero. Also for case when no free vcnum, zero
		104	is safest to send (some clients only send zero) */
		105	else if (free_vc_found == 0)
		106	vcnum = 1; /* we can not reuse vc=0 safely, since some servers
		107	reset all uids on that, but 1 is ok. */
		108	else
		109	vcnum = i;
		110	ses->vcnum = vcnum;
		111	get_vc_num_exit:
		112	write_unlock(&cifs_tcp_ses_lock);
		113
		114	return le16_to_cpu(vcnum);
		115	}
		116
37	static __u32 cifs_ssetup_hdr(struct cifsSesInfo ses, SESSION_SETUP_ANDX pSMB)	117	static __u32 cifs_ssetup_hdr(struct cifsSesInfo ses, SESSION_SETUP_ANDX pSMB)
38	{	118	{
39	__u32 capabilities = 0;	119	__u32 capabilities = 0;
40		120
41	/* init fields common to all four types of SessSetup */	121	/* init fields common to all four types of SessSetup */
42	/* note that header is initialized to zero in header_assemble */	122	/* Note that offsets for first seven fields in req struct are same */
		123	/* in CIFS Specs so does not matter which of 3 forms of struct */
		124	/* that we use in next few lines */
		125	/* Note that header is initialized to zero in header_assemble */
43	pSMB->req.AndXCommand = 0xFF;	126	pSMB->req.AndXCommand = 0xFF;
44	pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);	127	pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
45	pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);	128	pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
		129	pSMB->req.VcNumber = get_next_vcnum(ses);
46		130
47	/* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */	131	/* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
48		132
@@ -71,7 +155,6 @@ static __u32 cifs_ssetup_hdr(struct cifsSesInfo ses, SESSION_SETUP_ANDX pSMB)
71	if (ses->capabilities & CAP_UNIX)	155	if (ses->capabilities & CAP_UNIX)
72	capabilities \|= CAP_UNIX;	156	capabilities \|= CAP_UNIX;
73		157
74	/* BB check whether to init vcnum BB */
75	return capabilities;	158	return capabilities;
76	}	159	}
77		160
@@ -228,7 +311,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
228		311
229	kfree(ses->serverOS);	312	kfree(ses->serverOS);
230	/* UTF-8 string will not grow more than four times as big as UCS-16 */	313	/* UTF-8 string will not grow more than four times as big as UCS-16 */
231	ses->serverOS = kzalloc(4 * len, GFP_KERNEL);	314	ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
232	if (ses->serverOS != NULL)	315	if (ses->serverOS != NULL)
233	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);	316	cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp);
234	data += 2 * (len + 1);	317	data += 2 * (len + 1);
@@ -241,7 +324,7 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
241	return rc;	324	return rc;
242		325
243	kfree(ses->serverNOS);	326	kfree(ses->serverNOS);
244	ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */	327	ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL);
245	if (ses->serverNOS != NULL) {	328	if (ses->serverNOS != NULL) {
246	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,	329	cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
247	nls_cp);	330	nls_cp);