7  *   Contains the routines for constructing the SMB PDUs themselves
11  /* SMB/CIFS PDU handling routines here - except for leftovers in connect.c   */
65 /* reconnect the socket, tcon, and smb session if needed */
77 	 * tcp and smb session status done differently for those three - in the  in cifs_reconnect_tcon()
167 	 * reconnect the same SMB session  in cifs_reconnect_tcon()
235 /* Allocate and return pointer to an SMB request buffer, and set basic
236    SMB information in the SMB header.  If the return code is zero, this
300     /* potential retries of smb operations it turns out we can determine */  in __smb_init()
352 	/* check for parm and data offset going beyond end of smb */  in validate_t2()
362 	 * less than negotiated smb buffer  in validate_t2()
371 	cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,  in validate_t2()
601 	ECHO_REQ *smb;  in CIFSSMBEcho()  local
609 	rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb);  in CIFSSMBEcho()
614 		smb->hdr.Flags2 |= SMBFLG2_UNICODE;  in CIFSSMBEcho()
617 	smb->hdr.Tid = 0xffff;  in CIFSSMBEcho()
618 	smb->hdr.WordCount = 1;  in CIFSSMBEcho()
619 	put_unaligned_le16(1, &smb->EchoCount);  in CIFSSMBEcho()
620 	put_bcc(1, &smb->hdr);  in CIFSSMBEcho()
621 	smb->Data[0] = 'a';  in CIFSSMBEcho()
622 	inc_rfc1001_len(smb, 3);  in CIFSSMBEcho()
625 	iov[0].iov_base = smb;  in CIFSSMBEcho()
626 	iov[1].iov_len = get_rfc1002_length(smb);  in CIFSSMBEcho()
627 	iov[1].iov_base = (char *)smb + 4;  in CIFSSMBEcho()
634 	cifs_small_buf_release(smb);  in CIFSSMBEcho()
684 		since server closed smb session, no sense reporting  in CIFSSMBLogoff()
734 	 * Note that SMB offsets are from the beginning of SMB which is 4 bytes  in CIFSPOSIXDelFile()
944 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSPOSIXCreate()
976 		rc = -EIO;	/* bad smb */  in CIFSPOSIXCreate()
1317 				cifs_dbg(VFS, "SMB signature verification returned error = %d\n",  in cifs_readv_callback()
1348 	READ_REQ *smb = NULL;  in cifs_async_readv()  local
1367 	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb);  in cifs_async_readv()
1371 	smb->hdr.Pid = cpu_to_le16((__u16)rdata->pid);  in cifs_async_readv()
1372 	smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->pid >> 16));  in cifs_async_readv()
1374 	smb->AndXCommand = 0xFF;	/* none */  in cifs_async_readv()
1375 	smb->Fid = rdata->cfile->fid.netfid;  in cifs_async_readv()
1376 	smb->OffsetLow = cpu_to_le32(rdata->offset & 0xFFFFFFFF);  in cifs_async_readv()
1378 		smb->OffsetHigh = cpu_to_le32(rdata->offset >> 32);  in cifs_async_readv()
1379 	smb->Remaining = 0;  in cifs_async_readv()
1380 	smb->MaxCount = cpu_to_le16(rdata->bytes & 0xFFFF);  in cifs_async_readv()
1381 	smb->MaxCountHigh = cpu_to_le32(rdata->bytes >> 16);  in cifs_async_readv()
1383 		smb->ByteCount = 0;  in cifs_async_readv()
1387 			(struct smb_com_readx_req *)smb;  in cifs_async_readv()
1392 	rdata->iov[0].iov_base = smb;  in cifs_async_readv()
1394 	rdata->iov[1].iov_base = (char *)smb + 4;  in cifs_async_readv()
1395 	rdata->iov[1].iov_len = get_rfc1002_length(smb);  in cifs_async_readv()
1406 	cifs_small_buf_release(smb);  in cifs_async_readv()
1484 		/*check that DataLength would not go beyond end of SMB */  in CIFSSMBRead()
1599 		byte_count = bytes_sent + 5; /* bigger pad, smaller smb hdr */  in CIFSSMBWrite()
1651 	WRITE_RSP *smb = (WRITE_RSP *)mid->resp_buf;  in cifs_writev_callback()  local
1660 		written = le16_to_cpu(smb->CountHigh);  in cifs_writev_callback()
1662 		written += le16_to_cpu(smb->Count);  in cifs_writev_callback()
1697 	WRITE_REQ *smb = NULL;  in cifs_async_writev()  local
1713 	rc = small_smb_init(SMB_COM_WRITE_ANDX, wct, tcon, (void **)&smb);  in cifs_async_writev()
1717 	smb->hdr.Pid = cpu_to_le16((__u16)wdata->pid);  in cifs_async_writev()
1718 	smb->hdr.PidHigh = cpu_to_le16((__u16)(wdata->pid >> 16));  in cifs_async_writev()
1720 	smb->AndXCommand = 0xFF;	/* none */  in cifs_async_writev()
1721 	smb->Fid = wdata->cfile->fid.netfid;  in cifs_async_writev()
1722 	smb->OffsetLow = cpu_to_le32(wdata->offset & 0xFFFFFFFF);  in cifs_async_writev()
1724 		smb->OffsetHigh = cpu_to_le32(wdata->offset >> 32);  in cifs_async_writev()
1725 	smb->Reserved = 0xFFFFFFFF;  in cifs_async_writev()
1726 	smb->WriteMode = 0;  in cifs_async_writev()
1727 	smb->Remaining = 0;  in cifs_async_writev()
1729 	smb->DataOffset =  in cifs_async_writev()
1734 	iov[0].iov_base = smb;  in cifs_async_writev()
1735 	iov[1].iov_len = get_rfc1002_length(smb) + 1;  in cifs_async_writev()
1736 	iov[1].iov_base = (char *)smb + 4;  in cifs_async_writev()
1749 	smb->DataLengthLow = cpu_to_le16(wdata->bytes & 0xFFFF);  in cifs_async_writev()
1750 	smb->DataLengthHigh = cpu_to_le16(wdata->bytes >> 16);  in cifs_async_writev()
1753 		inc_rfc1001_len(&smb->hdr, wdata->bytes + 1);  in cifs_async_writev()
1754 		put_bcc(wdata->bytes + 1, &smb->hdr);  in cifs_async_writev()
1758 				(struct smb_com_writex_req *)smb;  in cifs_async_writev()
1774 	cifs_small_buf_release(smb);  in cifs_async_writev()
1837 		inc_rfc1001_len(pSMB, count + 5); /* smb data starts later */  in CIFSSMBWrite2()
1840 	else /* wct == 12 */ /* bigger pad, smaller smb hdr, keep offset ok */ {  in CIFSSMBWrite2()
2034 	pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */  in CIFSSMBPosixLock()
2047 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBPosixLock()
2090 			rc = -EIO;      /* bad smb */  in CIFSSMBPosixLock()
2279 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBRenameOpenFile()
2283 	pSMB->MaxDataCount = cpu_to_le16(1000); /* BB find max SMB from sess */  in CIFSSMBRenameOpenFile()
2438 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSUnixCreateSymLink()
2523 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSUnixCreateHardLink()
2791 		rc = -EIO;	/* bad smb */  in CIFSSMBQuerySymLink()
2819 			cifs_dbg(FYI, "reparse buf beyond SMB\n");  in CIFSSMBQuerySymLink()
2837 		cifs_dbg(FYI, "reparse buf beyond SMB\n");  in CIFSSMBQuerySymLink()
2952 		/* check if we would go beyond end of SMB */  in cifs_copy_posix_acl()
2966 		/* check if we would go beyond end of SMB */  in cifs_copy_posix_acl()
3046 		/* BB add check to make sure ACL does not overflow SMB */  in ACL_to_cifs_posix()
3123 			rc = -EIO;      /* bad smb */  in CIFSSMBGetPosixACL()
3170 	/* BB find max SMB size from sess */  in CIFSSMBSetPosixACL()
3272 			rc = -EIO;      /* bad smb */  in CIFSGetExtAttr()
3299  * Initialize NT TRANSACT SMB into small smb request buffer.  This assumes that
3366 		cifs_dbg(FYI, "parms start after end of smb\n");  in validate_ntransact()
3369 		cifs_dbg(FYI, "parm end after end of smb\n");  in validate_ntransact()
3372 		cifs_dbg(FYI, "data starts after end of smb\n");  in validate_ntransact()
3375 		cifs_dbg(FYI, "data %p + count %d (%p) past smb end %p start %p\n",  in validate_ntransact()
3380 		cifs_dbg(FYI, "parm count and data count larger than SMB\n");  in validate_ntransact()
3440 		cifs_dbg(FYI, "smb %p parm %p data %p\n",  in CIFSSMBGetCIFSACL()
3444 			rc = -EIO;      /* bad smb */  in CIFSSMBGetCIFSACL()
3662 			rc = -EIO;	/* bad smb */  in CIFSSMBQFileInfo()
3712 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQPathInfo()
3747 			rc = -EIO;	/* bad smb */  in CIFSSMBQPathInfo()
3828 			rc = -EIO;	/* bad smb */  in CIFSSMBUnixQFileInfo()
3879 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBUnixQPathInfo()
3910 			rc = -EIO;	/* bad smb */  in CIFSSMBUnixQPathInfo()
4317 			rc = -EIO;      /* bad smb */  in CIFSGetSrvInodeNumber()
4398 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSGetDFSRefer()
4427 		rc = -EIO;      /* bad smb */  in CIFSGetDFSRefer()
4501 			rc = -EIO;      /* bad smb */  in SMBOldQFSInfo()
4588 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSInfo()
4646 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSAttributeInfo()
4676 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSAttributeInfo()
4716 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSDeviceInfo()
4747 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSDeviceInfo()
4789 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSUnixInfo()
4816 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSUnixInfo()
4865 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBSetFSUnixInfo()
4898 			rc = -EIO;	/* bad smb */  in CIFSSMBSetFSUnixInfo()
4934 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQFSPosixInfo()
4961 			rc = -EIO;	/* bad smb */  in CIFSSMBQFSPosixInfo()
5129 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBSetFileSize()
5140 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBSetFileSize()
5215 	/* BB find max SMB PDU from sess */  in CIFSSMBSetFileInfo()
5275 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBSetFileDisposition()
5280 	/* BB find max SMB PDU from sess */  in CIFSSMBSetFileDisposition()
5373 	/* BB find max SMB PDU from sess structure BB */  in CIFSSMBSetPathInfo()
5501 	/* BB find max SMB PDU from sess */  in CIFSSMBUnixSetFileInfo()
5567 	/* BB find max SMB PDU from sess structure BB */  in CIFSSMBUnixSetPathInfo()
5577 	/* SMB offsets are from the beginning of SMB which is 4 bytes in, after RFC1001 field */  in CIFSSMBUnixSetPathInfo()
5659 	/* BB find exact max SMB PDU from sess structure BB */  in CIFSSMBQAllEAs()
5695 		rc = -EIO;	/* bad smb */  in CIFSSMBQAllEAs()
5705 	/* BB check if start of smb + data_offset > &bcc+ bcc */  in CIFSSMBQAllEAs()
5721 	/* make sure list_len doesn't go past end of SMB */  in CIFSSMBQAllEAs()
5724 		cifs_dbg(FYI, "EA list appears to go beyond SMB\n");  in CIFSSMBQAllEAs()
5848 	/* BB find max SMB PDU from sess */  in CIFSSMBSetEA()
5879 	we need to ensure that it fits within the smb */  in CIFSSMBSetEA()
5882 	     negotiated SMB buffer size BB */  in CIFSSMBSetEA()