7  *   Contains the routines for constructing the SMB PDUs themselves
11  /* SMB/CIFS PDU handling routines here - except for leftovers in connect.c   */
69 /* reconnect the socket, tcon, and smb session if needed */
79 	 * tcp and smb session status done differently for those three - in the  in cifs_reconnect_tcon()
139 	 * reconnect the same SMB session  in cifs_reconnect_tcon()
222 /* Allocate and return pointer to an SMB request buffer, and set basic
223    SMB information in the SMB header.  If the return code is zero, this
287     /* potential retries of smb operations it turns out we can determine */  in __smb_init()
339 	/* check for parm and data offset going beyond end of smb */  in validate_t2()
349 	 * less than negotiated smb buffer  in validate_t2()
358 	cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,  in validate_t2()
588 	ECHO_REQ *smb;  in CIFSSMBEcho()  local
596 	rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb);  in CIFSSMBEcho()
601 		smb->hdr.Flags2 |= SMBFLG2_UNICODE;  in CIFSSMBEcho()
604 	smb->hdr.Tid = 0xffff;  in CIFSSMBEcho()
605 	smb->hdr.WordCount = 1;  in CIFSSMBEcho()
606 	put_unaligned_le16(1, &smb->EchoCount);  in CIFSSMBEcho()
607 	put_bcc(1, &smb->hdr);  in CIFSSMBEcho()
608 	smb->Data[0] = 'a';  in CIFSSMBEcho()
609 	inc_rfc1001_len(smb, 3);  in CIFSSMBEcho()
612 	iov[0].iov_base = smb;  in CIFSSMBEcho()
613 	iov[1].iov_len = get_rfc1002_length(smb);  in CIFSSMBEcho()
614 	iov[1].iov_base = (char *)smb + 4;  in CIFSSMBEcho()
621 	cifs_small_buf_release(smb);  in CIFSSMBEcho()
671 		since server closed smb session, no sense reporting  in CIFSSMBLogoff()
721 	 * Note that SMB offsets are from the beginning of SMB which is 4 bytes  in CIFSPOSIXDelFile()
931 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSPOSIXCreate()
963 		rc = -EIO;	/* bad smb */  in CIFSPOSIXCreate()
1309 				cifs_dbg(VFS, "SMB signature verification returned error = %d\n",  in cifs_readv_callback()
1360 	READ_REQ *smb = NULL;  in cifs_async_readv()  local
1379 	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb);  in cifs_async_readv()
1383 	smb->hdr.Pid = cpu_to_le16((__u16)rdata->req->pid);  in cifs_async_readv()
1384 	smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->req->pid >> 16));  in cifs_async_readv()
1386 	smb->AndXCommand = 0xFF;	/* none */  in cifs_async_readv()
1387 	smb->Fid = rdata->req->cfile->fid.netfid;  in cifs_async_readv()
1388 	smb->OffsetLow = cpu_to_le32(rdata->subreq.start & 0xFFFFFFFF);  in cifs_async_readv()
1390 		smb->OffsetHigh = cpu_to_le32(rdata->subreq.start >> 32);  in cifs_async_readv()
1391 	smb->Remaining = 0;  in cifs_async_readv()
1392 	smb->MaxCount = cpu_to_le16(rdata->subreq.len & 0xFFFF);  in cifs_async_readv()
1393 	smb->MaxCountHigh = cpu_to_le32(rdata->subreq.len >> 16);  in cifs_async_readv()
1395 		smb->ByteCount = 0;  in cifs_async_readv()
1399 			(struct smb_com_readx_req *)smb;  in cifs_async_readv()
1404 	rdata->iov[0].iov_base = smb;  in cifs_async_readv()
1406 	rdata->iov[1].iov_base = (char *)smb + 4;  in cifs_async_readv()
1407 	rdata->iov[1].iov_len = get_rfc1002_length(smb);  in cifs_async_readv()
1414 	cifs_small_buf_release(smb);  in cifs_async_readv()
1492 		/*check that DataLength would not go beyond end of SMB */  in CIFSSMBRead()
1607 		byte_count = bytes_sent + 5; /* bigger pad, smaller smb hdr */  in CIFSSMBWrite()
1659 	WRITE_RSP *smb = (WRITE_RSP *)mid->resp_buf;  in cifs_writev_callback()  local
1675 		written = le16_to_cpu(smb->CountHigh);  in cifs_writev_callback()
1677 		written += le16_to_cpu(smb->Count);  in cifs_writev_callback()
1722 	WRITE_REQ *smb = NULL;  in cifs_async_writev()  local
1739 	rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&smb);  in cifs_async_writev()
1743 	smb->hdr.Pid = cpu_to_le16((__u16)wdata->req->pid);  in cifs_async_writev()
1744 	smb->hdr.PidHigh = cpu_to_le16((__u16)(wdata->req->pid >> 16));  in cifs_async_writev()
1746 	smb->AndXCommand = 0xFF;	/* none */  in cifs_async_writev()
1747 	smb->Fid = wdata->req->cfile->fid.netfid;  in cifs_async_writev()
1748 	smb->OffsetLow = cpu_to_le32(wdata->subreq.start & 0xFFFFFFFF);  in cifs_async_writev()
1750 		smb->OffsetHigh = cpu_to_le32(wdata->subreq.start >> 32);  in cifs_async_writev()
1751 	smb->Reserved = 0xFFFFFFFF;  in cifs_async_writev()
1752 	smb->WriteMode = 0;  in cifs_async_writev()
1753 	smb->Remaining = 0;  in cifs_async_writev()
1755 	smb->DataOffset =  in cifs_async_writev()
1760 	iov[0].iov_base = smb;  in cifs_async_writev()
1761 	iov[1].iov_len = get_rfc1002_length(smb) + 1;  in cifs_async_writev()
1762 	iov[1].iov_base = (char *)smb + 4;  in cifs_async_writev()
1771 	smb->DataLengthLow = cpu_to_le16(wdata->subreq.len & 0xFFFF);  in cifs_async_writev()
1772 	smb->DataLengthHigh = cpu_to_le16(wdata->subreq.len >> 16);  in cifs_async_writev()
1775 		inc_rfc1001_len(&smb->hdr, wdata->subreq.len + 1);  in cifs_async_writev()
1776 		put_bcc(wdata->subreq.len + 1, &smb->hdr);  in cifs_async_writev()
1780 				(struct smb_com_writex_req *)smb;  in cifs_async_writev()
1793 	cifs_small_buf_release(smb);  in cifs_async_writev()
1860 		inc_rfc1001_len(pSMB, count + 5); /* smb data starts later */  in CIFSSMBWrite2()
1863 	else /* wct == 12 */ /* bigger pad, smaller smb hdr, keep offset ok */ {  in CIFSSMBWrite2()
2057 	pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */  in CIFSSMBPosixLock()
2070 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBPosixLock()
2113 			rc = -EIO;      /* bad smb */  in CIFSSMBPosixLock()
2302 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBRenameOpenFile()
2306 	pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */  in CIFSSMBRenameOpenFile()
2398 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSUnixCreateSymLink()
2483 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSUnixCreateHardLink()
2885  * @size_of_data_area: size of SMB we got
2909 		/* check if we would go beyond end of SMB */  in cifs_to_posix_acl()
2923 		/* check if we would go beyond end of SMB */  in cifs_to_posix_acl()
3017 		/* BB add check to make sure ACL does not overflow SMB */  in posix_acl_to_cifs()
3093 			rc = -EIO;      /* bad smb */  in cifs_do_get_acl()
3143 	/* BB find max SMB size from sess */  in cifs_do_set_acl()
3262 			rc = -EIO;      /* bad smb */  in CIFSGetExtAttr()
3289  * Initialize NT TRANSACT SMB into small smb request buffer.  This assumes that
3356 		cifs_dbg(FYI, "parms start after end of smb\n");  in validate_ntransact()
3359 		cifs_dbg(FYI, "parm end after end of smb\n");  in validate_ntransact()
3362 		cifs_dbg(FYI, "data starts after end of smb\n");  in validate_ntransact()
3365 		cifs_dbg(FYI, "data %p + count %d (%p) past smb end %p start %p\n",  in validate_ntransact()
3370 		cifs_dbg(FYI, "parm count and data count larger than SMB\n");  in validate_ntransact()
3430 		cifs_dbg(FYI, "smb %p parm %p data %p\n",  in CIFSSMBGetCIFSACL()
3434 			rc = -EIO;      /* bad smb */  in CIFSSMBGetCIFSACL()
3652 			rc = -EIO;	/* bad smb */  in CIFSSMBQFileInfo()
3702 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQPathInfo()
3737 			rc = -EIO;	/* bad smb */  in CIFSSMBQPathInfo()
3818 			rc = -EIO;	/* bad smb */  in CIFSSMBUnixQFileInfo()
3869 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBUnixQPathInfo()
3900 			rc = -EIO;	/* bad smb */  in CIFSSMBUnixQPathInfo()
4288 			rc = -EIO;      /* bad smb */  in CIFSGetSrvInodeNumber()
4374 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSGetDFSRefer()
4403 		rc = -EIO;      /* bad smb */  in CIFSGetDFSRefer()
4477 			rc = -EIO;      /* bad smb */  in SMBOldQFSInfo()
4564 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSInfo()
4622 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSAttributeInfo()
4652 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSAttributeInfo()
4692 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSDeviceInfo()
4723 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSDeviceInfo()
4765 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSUnixInfo()
4792 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSUnixInfo()
4841 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBSetFSUnixInfo()
4874 			rc = -EIO;	/* bad smb */  in CIFSSMBSetFSUnixInfo()
4910 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSPosixInfo()
4937 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSPosixInfo()
5105 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBSetFileSize()
5116 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBSetFileSize()
5191 	/* BB find max SMB PDU from sess */  in CIFSSMBSetFileInfo()
5251 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBSetFileDisposition()
5256 	/* BB find max SMB PDU from sess */  in CIFSSMBSetFileDisposition()
5350 	/* BB find max SMB PDU from sess structure BB */  in CIFSSMBSetPathInfo()
5478 	/* BB find max SMB PDU from sess */  in CIFSSMBUnixSetFileInfo()
5544 	/* BB find max SMB PDU from sess structure BB */  in CIFSSMBUnixSetPathInfo()
5554 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBUnixSetPathInfo()
5636 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQAllEAs()
5672 		rc = -EIO;	/* bad smb */  in CIFSSMBQAllEAs()
5682 	/* BB check if start of smb + data_offset > &bcc+ bcc */  in CIFSSMBQAllEAs()
5698 	/* make sure list_len doesn't go past end of SMB */  in CIFSSMBQAllEAs()
5701 		cifs_dbg(FYI, "EA list appears to go beyond SMB\n");  in CIFSSMBQAllEAs()
5825 	/* BB find max SMB PDU from sess */  in CIFSSMBSetEA()
5854 	we need to ensure that it fits within the smb */  in CIFSSMBSetEA()
5857 	     negotiated SMB buffer size BB */  in CIFSSMBSetEA()