/*
   *   fs/cifs/cifssmb.c
   *

   *   Copyright (C) International Business Machines  Corp., 2002,2010

   *   Author(s): Steve French (sfrench@us.ibm.com)
   *
   *   Contains the routines for constructing the SMB PDUs themselves
   *
   *   This library is free software; you can redistribute it and/or modify
   *   it under the terms of the GNU Lesser General Public License as published
   *   by the Free Software Foundation; either version 2.1 of the License, or
   *   (at your option) any later version.
   *
   *   This library is distributed in the hope that it will be useful,
   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
   *   the GNU Lesser General Public License for more details.
   *
   *   You should have received a copy of the GNU Lesser General Public License
   *   along with this library; if not, write to the Free Software
   *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   */
  
   /* SMB/CIFS PDU handling routines here - except for leftovers in connect.c   */
   /* These are mostly routines that operate on a pathname, or on a tree id     */
   /* (mounted volume), but there are eight handle based routines which must be */

   /* treated slightly differently for reconnection purposes since we never     */
   /* want to reuse a stale file handle and only the caller knows the file info */

  
  #include <linux/fs.h>
  #include <linux/kernel.h>
  #include <linux/vfs.h>

  #include <linux/slab.h>

  #include <linux/posix_acl_xattr.h>

  #include <linux/pagemap.h>

  #include <linux/swap.h>
  #include <linux/task_io_accounting_ops.h>

  #include <asm/uaccess.h>
  #include "cifspdu.h"
  #include "cifsglob.h"

  #include "cifsacl.h"

  #include "cifsproto.h"
  #include "cifs_unicode.h"
  #include "cifs_debug.h"

  #include "fscache.h"

  
  #ifdef CONFIG_CIFS_POSIX
  static struct {
  	int index;
  	char *name;
  } protocols[] = {

  #ifdef CONFIG_CIFS_WEAK_PW_HASH
  	{LANMAN_PROT, "\2LM1.2X002"},

  	{LANMAN2_PROT, "\2LANMAN2.1"},

  #endif /* weak password hashing for legacy clients */

  	{CIFS_PROT, "\2NT LM 0.12"},

  	{POSIX_PROT, "\2POSIX 2"},

  	{BAD_PROT, "\2"}
  };
  #else
  static struct {
  	int index;
  	char *name;
  } protocols[] = {

  #ifdef CONFIG_CIFS_WEAK_PW_HASH
  	{LANMAN_PROT, "\2LM1.2X002"},

  	{LANMAN2_PROT, "\2LANMAN2.1"},

  #endif /* weak password hashing for legacy clients */

  	{CIFS_PROT, "\2NT LM 0.12"},

  	{BAD_PROT, "\2"}
  };
  #endif

  /* define the number of elements in the cifs dialect array */
  #ifdef CONFIG_CIFS_POSIX
  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  #define CIFS_NUM_PROT 4

  #else
  #define CIFS_NUM_PROT 2
  #endif /* CIFS_WEAK_PW_HASH */
  #else /* not posix */
  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  #define CIFS_NUM_PROT 3

  #else
  #define CIFS_NUM_PROT 1
  #endif /* CONFIG_CIFS_WEAK_PW_HASH */
  #endif /* CIFS_POSIX */

  /* Forward declarations */
  static void cifs_readv_complete(struct work_struct *work);

  /* Mark as invalid, all open files on tree connections since they
     were closed when session to server was lost */

  static void mark_open_files_invalid(struct cifs_tcon *pTcon)

  {
  	struct cifsFileInfo *open_file = NULL;

  	struct list_head *tmp;
  	struct list_head *tmp1;

  
  /* list all files open on tree connection and mark them invalid */

  	spin_lock(&cifs_file_list_lock);

  	list_for_each_safe(tmp, tmp1, &pTcon->openFileList) {

  		open_file = list_entry(tmp, struct cifsFileInfo, tlist);

  		open_file->invalidHandle = true;

  		open_file->oplock_break_cancelled = true;

  	}

  	spin_unlock(&cifs_file_list_lock);

  	/* BB Add call to invalidate_inodes(sb) for all superblocks mounted
  	   to this tcon */

  }

  /* reconnect the socket, tcon, and smb session if needed */
  static int

  cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)

  {

  	int rc;

  	struct cifs_ses *ses;

  	struct TCP_Server_Info *server;
  	struct nls_table *nls_codepage;
  
  	/*
  	 * SMBs NegProt, SessSetup, uLogoff do not have tcon yet so check for
  	 * tcp and smb session status done differently for those three - in the
  	 * calling routine
  	 */
  	if (!tcon)
  		return 0;
  
  	ses = tcon->ses;
  	server = ses->server;
  
  	/*
  	 * only tree disconnect, open, and write, (and ulogoff which does not
  	 * have tcon) are allowed as we start force umount
  	 */
  	if (tcon->tidStatus == CifsExiting) {
  		if (smb_command != SMB_COM_WRITE_ANDX &&
  		    smb_command != SMB_COM_OPEN_ANDX &&
  		    smb_command != SMB_COM_TREE_DISCONNECT) {

  			cFYI(1, "can not send cmd %d while umounting",
  				smb_command);

  			return -ENODEV;
  		}
  	}

  	/*
  	 * Give demultiplex thread up to 10 seconds to reconnect, should be
  	 * greater than cifs socket timeout which is 7 seconds
  	 */
  	while (server->tcpStatus == CifsNeedReconnect) {
  		wait_event_interruptible_timeout(server->response_q,

  			(server->tcpStatus != CifsNeedReconnect), 10 * HZ);

  		/* are we still trying to reconnect? */

  		if (server->tcpStatus != CifsNeedReconnect)
  			break;
  
  		/*
  		 * on "soft" mounts we wait once. Hard mounts keep
  		 * retrying until process is killed or server comes
  		 * back on-line
  		 */

  		if (!tcon->retry) {

  			cFYI(1, "gave up waiting on reconnect in smb_init");

  			return -EHOSTDOWN;
  		}
  	}
  
  	if (!ses->need_reconnect && !tcon->need_reconnect)
  		return 0;
  
  	nls_codepage = load_nls_default();
  
  	/*
  	 * need to prevent multiple threads trying to simultaneously
  	 * reconnect the same SMB session
  	 */

  	mutex_lock(&ses->session_mutex);

  	rc = cifs_negotiate_protocol(0, ses);
  	if (rc == 0 && ses->need_reconnect)

  		rc = cifs_setup_session(0, ses, nls_codepage);
  
  	/* do we need to reconnect tcon? */
  	if (rc || !tcon->need_reconnect) {

  		mutex_unlock(&ses->session_mutex);

  		goto out;
  	}
  
  	mark_open_files_invalid(tcon);
  	rc = CIFSTCon(0, ses, tcon->treeName, tcon, nls_codepage);

  	mutex_unlock(&ses->session_mutex);

  	cFYI(1, "reconnect tcon rc = %d", rc);

  
  	if (rc)
  		goto out;
  
  	/*
  	 * FIXME: check if wsize needs updated due to negotiated smb buffer
  	 * 	  size shrinking
  	 */
  	atomic_inc(&tconInfoReconnectCount);
  
  	/* tell server Unix caps we support */
  	if (ses->capabilities & CAP_UNIX)
  		reset_cifs_unix_caps(0, tcon, NULL, NULL);
  
  	/*
  	 * Removed call to reopen open files here. It is safer (and faster) to
  	 * reopen files one at a time as needed in read and write.
  	 *
  	 * FIXME: what about file locks? don't we need to reclaim them ASAP?
  	 */
  
  out:
  	/*
  	 * Check if handle based operation so we know whether we can continue
  	 * or not without returning to caller to reset file handle
  	 */
  	switch (smb_command) {
  	case SMB_COM_READ_ANDX:
  	case SMB_COM_WRITE_ANDX:
  	case SMB_COM_CLOSE:
  	case SMB_COM_FIND_CLOSE2:
  	case SMB_COM_LOCKING_ANDX:
  		rc = -EAGAIN;
  	}
  
  	unload_nls(nls_codepage);
  	return rc;
  }

  /* Allocate and return pointer to an SMB request buffer, and set basic
     SMB information in the SMB header.  If the return code is zero, this
     function must have filled in request_buf pointer */

  static int

  small_smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  		void **request_buf)

  {

  	int rc;

  	rc = cifs_reconnect_tcon(tcon, smb_command);

  	if (rc)

  		return rc;
  
  	*request_buf = cifs_small_buf_get();
  	if (*request_buf == NULL) {
  		/* BB should we add a retry in here if not a writepage? */
  		return -ENOMEM;
  	}

  	header_assemble((struct smb_hdr *) *request_buf, smb_command,

  			tcon, wct);

  	if (tcon != NULL)
  		cifs_stats_inc(&tcon->num_smbs_sent);

  	return 0;

  }

  int

  small_smb_init_no_tc(const int smb_command, const int wct,

  		     struct cifs_ses *ses, void **request_buf)

  {
  	int rc;

  	struct smb_hdr *buffer;

  	rc = small_smb_init(smb_command, wct, NULL, request_buf);

  	if (rc)

  		return rc;

  	buffer = (struct smb_hdr *)*request_buf;

  	buffer->Mid = GetNextMid(ses->server);
  	if (ses->capabilities & CAP_UNICODE)
  		buffer->Flags2 |= SMBFLG2_UNICODE;

  	if (ses->capabilities & CAP_STATUS32)

  		buffer->Flags2 |= SMBFLG2_ERR_STATUS;
  
  	/* uid, tid can stay at zero as set in header assemble */

  	/* BB add support for turning on the signing when

  	this function is used after 1st of session setup requests */
  
  	return rc;
  }

  
  /* If the return code is zero, this function must fill in request_buf pointer */
  static int

  __smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  			void **request_buf, void **response_buf)

  {

  	*request_buf = cifs_buf_get();
  	if (*request_buf == NULL) {
  		/* BB should we add a retry in here if not a writepage? */
  		return -ENOMEM;
  	}
      /* Although the original thought was we needed the response buf for  */
      /* potential retries of smb operations it turns out we can determine */
      /* from the mid flags when the request buffer can be resent without  */
      /* having to use a second distinct buffer for the response */

  	if (response_buf)

  		*response_buf = *request_buf;

  
  	header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon,

  			wct);

  	if (tcon != NULL)
  		cifs_stats_inc(&tcon->num_smbs_sent);

  	return 0;
  }
  
  /* If the return code is zero, this function must fill in request_buf pointer */
  static int

  smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  	 void **request_buf, void **response_buf)
  {
  	int rc;
  
  	rc = cifs_reconnect_tcon(tcon, smb_command);
  	if (rc)
  		return rc;
  
  	return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
  }
  
  static int

  smb_init_no_reconnect(int smb_command, int wct, struct cifs_tcon *tcon,

  			void **request_buf, void **response_buf)
  {
  	if (tcon->ses->need_reconnect || tcon->need_reconnect)
  		return -EHOSTDOWN;
  
  	return __smb_init(smb_command, wct, tcon, request_buf, response_buf);

  }

  static int validate_t2(struct smb_t2_rsp *pSMB)

  {

  	unsigned int total_size;
  
  	/* check for plausible wct */
  	if (pSMB->hdr.WordCount < 10)
  		goto vt2_err;

  	/* check for parm and data offset going beyond end of smb */

  	if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 ||
  	    get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024)
  		goto vt2_err;

  	total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount);
  	if (total_size >= 512)
  		goto vt2_err;

  	/* check that bcc is at least as big as parms + data, and that it is
  	 * less than negotiated smb buffer
  	 */

  	total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount);
  	if (total_size > get_bcc(&pSMB->hdr) ||
  	    total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE)
  		goto vt2_err;
  
  	return 0;
  vt2_err:

  	cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,

  		sizeof(struct smb_t2_rsp) + 16);

  	return -EINVAL;

  }

  static inline void inc_rfc1001_len(void *pSMB, int count)
  {
  	struct smb_hdr *hdr = (struct smb_hdr *)pSMB;
  
  	be32_add_cpu(&hdr->smb_buf_length, count);
  }

  int

  CIFSSMBNegotiate(unsigned int xid, struct cifs_ses *ses)

  {
  	NEGOTIATE_REQ *pSMB;
  	NEGOTIATE_RSP *pSMBr;
  	int rc = 0;
  	int bytes_returned;

  	int i;

  	struct TCP_Server_Info *server;

  	u16 count;

  	unsigned int secFlags;

  	if (ses->server)

  		server = ses->server;
  	else {
  		rc = -EIO;
  		return rc;
  	}
  	rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ ,
  		      (void **) &pSMB, (void **) &pSMBr);
  	if (rc)
  		return rc;

  
  	/* if any of auth flags (ie not sign or seal) are overriden use them */

  	if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))

  		secFlags = ses->overrideSecFlg;  /* BB FIXME fix sign flags? */

  	else /* if override flags set only sign/seal OR them with global auth */

  		secFlags = global_secflags | ses->overrideSecFlg;

  	cFYI(1, "secFlags 0x%x", secFlags);

  	pSMB->hdr.Mid = GetNextMid(server);

  	pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);

  	if ((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)

  		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

  	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {

  		cFYI(1, "Kerberos only mechanism, enable extended security");

  		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

  	} else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)

  		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
  	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {

  		cFYI(1, "NTLMSSP only mechanism, enable extended security");

  		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
  	}

  	count = 0;

  	for (i = 0; i < CIFS_NUM_PROT; i++) {

  		strncpy(pSMB->DialectsArray+count, protocols[i].name, 16);
  		count += strlen(protocols[i].name) + 1;
  		/* null at end of source and target buffers anyway */
  	}

  	inc_rfc1001_len(pSMB, count);

  	pSMB->ByteCount = cpu_to_le16(count);
  
  	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	if (rc != 0)

  		goto neg_err_exit;

  	server->dialect = le16_to_cpu(pSMBr->DialectIndex);
  	cFYI(1, "Dialect: %d", server->dialect);

  	/* Check wct = 1 error case */

  	if ((pSMBr->hdr.WordCount < 13) || (server->dialect == BAD_PROT)) {

  		/* core returns wct = 1, but we do not ask for core - otherwise

  		small wct just comes when dialect index is -1 indicating we

  		could not negotiate a common dialect */
  		rc = -EOPNOTSUPP;
  		goto neg_err_exit;

  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  	} else if ((pSMBr->hdr.WordCount == 13)

  			&& ((server->dialect == LANMAN_PROT)
  				|| (server->dialect == LANMAN2_PROT))) {

  		__s16 tmp;

  		struct lanman_neg_rsp *rsp = (struct lanman_neg_rsp *)pSMBr;

  		if ((secFlags & CIFSSEC_MAY_LANMAN) ||

  			(secFlags & CIFSSEC_MAY_PLNTXT))

  			server->secType = LANMAN;
  		else {

  			cERROR(1, "mount failed weak security disabled"
  				   " in /proc/fs/cifs/SecurityFlags");

  			rc = -EOPNOTSUPP;
  			goto neg_err_exit;

  		}

  		server->sec_mode = (__u8)le16_to_cpu(rsp->SecurityMode);

  		server->maxReq = le16_to_cpu(rsp->MaxMpxCount);

  		server->maxBuf = le16_to_cpu(rsp->MaxBufSize);

  		server->max_vcs = le16_to_cpu(rsp->MaxNumberVcs);

  		/* even though we do not use raw we might as well set this
  		accurately, in case we ever find a need for it */

  		if ((le16_to_cpu(rsp->RawMode) & RAW_ENABLE) == RAW_ENABLE) {

  			server->max_rw = 0xFF00;

  			server->capabilities = CAP_MPX_MODE | CAP_RAW_MODE;
  		} else {

  			server->max_rw = 0;/* do not need to use raw anyway */

  			server->capabilities = CAP_MPX_MODE;
  		}

  		tmp = (__s16)le16_to_cpu(rsp->ServerTimeZone);

  		if (tmp == -1) {

  			/* OS/2 often does not set timezone therefore
  			 * we must use server time to calc time zone.

  			 * Could deviate slightly from the right zone.
  			 * Smallest defined timezone difference is 15 minutes
  			 * (i.e. Nepal).  Rounding up/down is done to match
  			 * this requirement.

  			 */

  			int val, seconds, remain, result;

  			struct timespec ts, utc;
  			utc = CURRENT_TIME;

  			ts = cnvrtDosUnixTm(rsp->SrvTime.Date,
  					    rsp->SrvTime.Time, 0);

  			cFYI(1, "SrvTime %d sec since 1970 (utc: %d) diff: %d",

  				(int)ts.tv_sec, (int)utc.tv_sec,

  				(int)(utc.tv_sec - ts.tv_sec));

  			val = (int)(utc.tv_sec - ts.tv_sec);

  			seconds = abs(val);

  			result = (seconds / MIN_TZ_ADJ) * MIN_TZ_ADJ;

  			remain = seconds % MIN_TZ_ADJ;

  			if (remain >= (MIN_TZ_ADJ / 2))

  				result += MIN_TZ_ADJ;

  			if (val < 0)

  				result = -result;

  			server->timeAdj = result;

  		} else {

  			server->timeAdj = (int)tmp;
  			server->timeAdj *= 60; /* also in seconds */

  		}

  		cFYI(1, "server->timeAdj: %d seconds", server->timeAdj);

  		/* BB get server time for time conversions and add

  		code to use it and timezone since this is not UTC */

  		if (rsp->EncryptionKeyLength ==

  				cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) {

  			memcpy(ses->server->cryptkey, rsp->EncryptionKey,

  				CIFS_CRYPTO_KEY_SIZE);

  		} else if (server->sec_mode & SECMODE_PW_ENCRYPT) {

  			rc = -EIO; /* need cryptkey unless plain text */
  			goto neg_err_exit;
  		}

  		cFYI(1, "LANMAN negotiated");

  		/* we will not end up setting signing flags - as no signing
  		was in LANMAN and server did not return the flags on */
  		goto signing_check;

  #else /* weak security disabled */

  	} else if (pSMBr->hdr.WordCount == 13) {

  		cERROR(1, "mount failed, cifs module not built "
  			  "with CIFS_WEAK_PW_HASH support");

  		rc = -EOPNOTSUPP;

  #endif /* WEAK_PW_HASH */

  		goto neg_err_exit;

  	} else if (pSMBr->hdr.WordCount != 17) {

  		/* unknown wct */
  		rc = -EOPNOTSUPP;
  		goto neg_err_exit;
  	}
  	/* else wct == 17 NTLM */

  	server->sec_mode = pSMBr->SecurityMode;
  	if ((server->sec_mode & SECMODE_USER) == 0)

  		cFYI(1, "share mode security");

  	if ((server->sec_mode & SECMODE_PW_ENCRYPT) == 0)

  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  		if ((secFlags & CIFSSEC_MAY_PLNTXT) == 0)

  #endif /* CIFS_WEAK_PW_HASH */

  			cERROR(1, "Server requests plain text password"
  				  " but client support disabled");

  	if ((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2)

  		server->secType = NTLMv2;

  	else if (secFlags & CIFSSEC_MAY_NTLM)

  		server->secType = NTLM;

  	else if (secFlags & CIFSSEC_MAY_NTLMV2)

  		server->secType = NTLMv2;

  	else if (secFlags & CIFSSEC_MAY_KRB5)
  		server->secType = Kerberos;

  	else if (secFlags & CIFSSEC_MAY_NTLMSSP)

  		server->secType = RawNTLMSSP;

  	else if (secFlags & CIFSSEC_MAY_LANMAN)
  		server->secType = LANMAN;

  	else {
  		rc = -EOPNOTSUPP;

  		cERROR(1, "Invalid security type");

  		goto neg_err_exit;
  	}
  	/* else ... any others ...? */

  
  	/* one byte, so no need to convert this or EncryptionKeyLen from
  	   little endian */
  	server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);
  	/* probably no need to store and check maxvcs */

  	server->maxBuf = le32_to_cpu(pSMBr->MaxBufferSize);

  	server->max_rw = le32_to_cpu(pSMBr->MaxRawSize);

  	cFYI(DBG2, "Max buf = %d", ses->server->maxBuf);

  	server->capabilities = le32_to_cpu(pSMBr->Capabilities);

  	server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone);
  	server->timeAdj *= 60;

  	if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {

  		memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,

  		       CIFS_CRYPTO_KEY_SIZE);

  	} else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
  			server->capabilities & CAP_EXTENDED_SECURITY) &&
  				(pSMBr->EncryptionKeyLength == 0)) {

  		/* decode security blob */

  		count = get_bcc(&pSMBr->hdr);

  		if (count < 16) {

  			rc = -EIO;

  			goto neg_err_exit;
  		}

  		spin_lock(&cifs_tcp_ses_lock);

  		if (server->srv_count > 1) {

  			spin_unlock(&cifs_tcp_ses_lock);

  			if (memcmp(server->server_GUID,
  				   pSMBr->u.extended_response.
  				   GUID, 16) != 0) {

  				cFYI(1, "server UID changed");

  				memcpy(server->server_GUID,

  					pSMBr->u.extended_response.GUID,
  					16);
  			}

  		} else {

  			spin_unlock(&cifs_tcp_ses_lock);

  			memcpy(server->server_GUID,
  			       pSMBr->u.extended_response.GUID, 16);

  		}

  
  		if (count == 16) {
  			server->secType = RawNTLMSSP;

  		} else {
  			rc = decode_negTokenInit(pSMBr->u.extended_response.

  						 SecurityBlob, count - 16,
  						 server);

  			if (rc == 1)

  				rc = 0;

  			else

  				rc = -EINVAL;

  			if (server->secType == Kerberos) {
  				if (!server->sec_kerberos &&
  						!server->sec_mskerberos)
  					rc = -EOPNOTSUPP;
  			} else if (server->secType == RawNTLMSSP) {
  				if (!server->sec_ntlmssp)
  					rc = -EOPNOTSUPP;
  			} else
  					rc = -EOPNOTSUPP;

  		}

  	} else if (server->sec_mode & SECMODE_PW_ENCRYPT) {

  		rc = -EIO; /* no crypt key only if plain text pwd */
  		goto neg_err_exit;

  	} else
  		server->capabilities &= ~CAP_EXTENDED_SECURITY;

  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  signing_check:

  #endif

  	if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {
  		/* MUST_SIGN already includes the MAY_SIGN FLAG
  		   so if this is zero it means that signing is disabled */

  		cFYI(1, "Signing disabled");

  		if (server->sec_mode & SECMODE_SIGN_REQUIRED) {

  			cERROR(1, "Server requires "

  				   "packet signing to be enabled in "

  				   "/proc/fs/cifs/SecurityFlags.");

  			rc = -EOPNOTSUPP;
  		}

  		server->sec_mode &=

  			~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);

  	} else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) {
  		/* signing required */

  		cFYI(1, "Must sign - secFlags 0x%x", secFlags);

  		if ((server->sec_mode &

  			(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) {

  			cERROR(1, "signing required but server lacks support");

  			rc = -EOPNOTSUPP;

  		} else

  			server->sec_mode |= SECMODE_SIGN_REQUIRED;

  	} else {
  		/* signing optional ie CIFSSEC_MAY_SIGN */

  		if ((server->sec_mode & SECMODE_SIGN_REQUIRED) == 0)
  			server->sec_mode &=

  				~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED);

  	}

  
  neg_err_exit:

  	cifs_buf_release(pSMB);

  	cFYI(1, "negprot rc %d", rc);

  	return rc;
  }
  
  int

  CIFSSMBTDis(const int xid, struct cifs_tcon *tcon)

  {
  	struct smb_hdr *smb_buffer;

  	int rc = 0;

  	cFYI(1, "In tree disconnect");

  	/* BB: do we need to check this? These should never be NULL. */
  	if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
  		return -EIO;

  	/*
  	 * No need to return error on this operation if tid invalidated and
  	 * closed on server already e.g. due to tcp session crashing. Also,
  	 * the tcon is no longer on the list, so no need to take lock before
  	 * checking this.
  	 */

  	if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))

  		return 0;

  	rc = small_smb_init(SMB_COM_TREE_DISCONNECT, 0, tcon,

  			    (void **)&smb_buffer);

  	if (rc)

  		return rc;

  
  	rc = SendReceiveNoRsp(xid, tcon->ses, smb_buffer, 0);

  	if (rc)

  		cFYI(1, "Tree disconnect failed %d", rc);

  	/* No need to return error on this operation if tid invalidated and

  	   closed on server already e.g. due to tcp session crashing */

  	if (rc == -EAGAIN)
  		rc = 0;
  
  	return rc;
  }

  /*
   * This is a no-op for now. We're not really interested in the reply, but
   * rather in the fact that the server sent one and that server->lstrp
   * gets updated.
   *
   * FIXME: maybe we should consider checking that the reply matches request?
   */
  static void
  cifs_echo_callback(struct mid_q_entry *mid)
  {
  	struct TCP_Server_Info *server = mid->callback_data;
  
  	DeleteMidQEntry(mid);
  	atomic_dec(&server->inFlight);
  	wake_up(&server->request_q);
  }
  
  int
  CIFSSMBEcho(struct TCP_Server_Info *server)
  {
  	ECHO_REQ *smb;
  	int rc = 0;

  	struct kvec iov;

  
  	cFYI(1, "In echo request");
  
  	rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb);
  	if (rc)
  		return rc;
  
  	/* set up echo request */

  	smb->hdr.Tid = 0xffff;

  	smb->hdr.WordCount = 1;
  	put_unaligned_le16(1, &smb->EchoCount);

  	put_bcc(1, &smb->hdr);

  	smb->Data[0] = 'a';

  	inc_rfc1001_len(smb, 3);

  	iov.iov_base = smb;
  	iov.iov_len = be32_to_cpu(smb->hdr.smb_buf_length) + 4;

  	rc = cifs_call_async(server, &iov, 1, NULL, cifs_echo_callback,
  			     server, true);

  	if (rc)
  		cFYI(1, "Echo request failed: %d", rc);
  
  	cifs_small_buf_release(smb);
  
  	return rc;
  }

  int

  CIFSSMBLogoff(const int xid, struct cifs_ses *ses)

  {

  	LOGOFF_ANDX_REQ *pSMB;
  	int rc = 0;

  	cFYI(1, "In SMBLogoff for session disconnect");

  	/*
  	 * BB: do we need to check validity of ses and server? They should
  	 * always be valid since we have an active reference. If not, that
  	 * should probably be a BUG()
  	 */
  	if (!ses || !ses->server)

  		return -EIO;

  	mutex_lock(&ses->session_mutex);

  	if (ses->need_reconnect)
  		goto session_already_dead; /* no need to send SMBlogoff if uid
  					      already closed due to reconnect */

  	rc = small_smb_init(SMB_COM_LOGOFF_ANDX, 2, NULL, (void **)&pSMB);
  	if (rc) {

  		mutex_unlock(&ses->session_mutex);

  		return rc;
  	}

  	pSMB->hdr.Mid = GetNextMid(ses->server);

  	if (ses->server->sec_mode &

  		   (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
  			pSMB->hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;

  
  	pSMB->hdr.Uid = ses->Suid;
  
  	pSMB->AndXCommand = 0xFF;

  	rc = SendReceiveNoRsp(xid, ses, (struct smb_hdr *) pSMB, 0);

  session_already_dead:

  	mutex_unlock(&ses->session_mutex);

  
  	/* if session dead then we do not need to do ulogoff,

  		since server closed smb session, no sense reporting

  		error */
  	if (rc == -EAGAIN)
  		rc = 0;
  	return rc;
  }
  
  int

  CIFSPOSIXDelFile(const int xid, struct cifs_tcon *tcon, const char *fileName,

  		 __u16 type, const struct nls_table *nls_codepage, int remap)
  {
  	TRANSACTION2_SPI_REQ *pSMB = NULL;
  	TRANSACTION2_SPI_RSP *pSMBr = NULL;
  	struct unlink_psx_rq *pRqD;
  	int name_len;
  	int rc = 0;
  	int bytes_returned = 0;
  	__u16 params, param_offset, offset, byte_count;

  	cFYI(1, "In POSIX delete");

  PsxDelete:
  	rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		name_len =
  		    cifsConvertToUCS((__le16 *) pSMB->FileName, fileName,
  				     PATH_MAX, nls_codepage, remap);
  		name_len++;	/* trailing null */
  		name_len *= 2;
  	} else { /* BB add path length overrun check */
  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->FileName, fileName, name_len);
  	}
  
  	params = 6 + name_len;
  	pSMB->MaxParameterCount = cpu_to_le16(2);
  	pSMB->MaxDataCount = 0; /* BB double check this with jra */
  	pSMB->MaxSetupCount = 0;
  	pSMB->Reserved = 0;
  	pSMB->Flags = 0;
  	pSMB->Timeout = 0;
  	pSMB->Reserved2 = 0;
  	param_offset = offsetof(struct smb_com_transaction2_spi_req,
  				InformationLevel) - 4;
  	offset = param_offset + params;
  
  	/* Setup pointer to Request Data (inode type) */
  	pRqD = (struct unlink_psx_rq *)(((char *)&pSMB->hdr.Protocol) + offset);
  	pRqD->type = cpu_to_le16(type);
  	pSMB->ParameterOffset = cpu_to_le16(param_offset);
  	pSMB->DataOffset = cpu_to_le16(offset);
  	pSMB->SetupCount = 1;
  	pSMB->Reserved3 = 0;
  	pSMB->SubCommand = cpu_to_le16(TRANS2_SET_PATH_INFORMATION);
  	byte_count = 3 /* pad */  + params + sizeof(struct unlink_psx_rq);
  
  	pSMB->DataCount = cpu_to_le16(sizeof(struct unlink_psx_rq));
  	pSMB->TotalDataCount = cpu_to_le16(sizeof(struct unlink_psx_rq));
  	pSMB->ParameterCount = cpu_to_le16(params);
  	pSMB->TotalParameterCount = pSMB->ParameterCount;
  	pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_UNLINK);
  	pSMB->Reserved4 = 0;

  	inc_rfc1001_len(pSMB, byte_count);

  	pSMB->ByteCount = cpu_to_le16(byte_count);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	if (rc)

  		cFYI(1, "Posix delete returned %d", rc);

  	cifs_buf_release(pSMB);
  
  	cifs_stats_inc(&tcon->num_deletes);
  
  	if (rc == -EAGAIN)
  		goto PsxDelete;
  
  	return rc;
  }
  
  int

  CIFSSMBDelFile(const int xid, struct cifs_tcon *tcon, const char *fileName,

  	       const struct nls_table *nls_codepage, int remap)

  {
  	DELETE_FILE_REQ *pSMB = NULL;
  	DELETE_FILE_RSP *pSMBr = NULL;
  	int rc = 0;
  	int bytes_returned;
  	int name_len;
  
  DelFileRetry:
  	rc = smb_init(SMB_COM_DELETE, 1, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		name_len =

  		    cifsConvertToUCS((__le16 *) pSMB->fileName, fileName,

  				     PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->fileName, fileName, name_len);
  	}
  	pSMB->SearchAttributes =
  	    cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM);
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->num_deletes);

  	if (rc)

  		cFYI(1, "Error in RMFile = %d", rc);

  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto DelFileRetry;
  
  	return rc;
  }
  
  int

  CIFSSMBRmDir(const int xid, struct cifs_tcon *tcon, const char *dirName,

  	     const struct nls_table *nls_codepage, int remap)

  {
  	DELETE_DIRECTORY_REQ *pSMB = NULL;
  	DELETE_DIRECTORY_RSP *pSMBr = NULL;
  	int rc = 0;
  	int bytes_returned;
  	int name_len;

  	cFYI(1, "In CIFSSMBRmDir");

  RmDirRetry:
  	rc = smb_init(SMB_COM_DELETE_DIRECTORY, 0, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {

  		name_len = cifsConvertToUCS((__le16 *) pSMB->DirName, dirName,
  					 PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(dirName, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->DirName, dirName, name_len);
  	}
  
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->num_rmdirs);

  	if (rc)

  		cFYI(1, "Error in RMDir = %d", rc);

  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto RmDirRetry;
  	return rc;
  }
  
  int

  CIFSSMBMkDir(const int xid, struct cifs_tcon *tcon,

  	     const char *name, const struct nls_table *nls_codepage, int remap)

  {
  	int rc = 0;
  	CREATE_DIRECTORY_REQ *pSMB = NULL;
  	CREATE_DIRECTORY_RSP *pSMBr = NULL;
  	int bytes_returned;
  	int name_len;

  	cFYI(1, "In CIFSSMBMkDir");

  MkDirRetry:
  	rc = smb_init(SMB_COM_CREATE_DIRECTORY, 0, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {

  		name_len = cifsConvertToUCS((__le16 *) pSMB->DirName, name,

  					    PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(name, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->DirName, name, name_len);
  	}
  
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->num_mkdirs);

  	if (rc)

  		cFYI(1, "Error in Mkdir = %d", rc);

  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto MkDirRetry;
  	return rc;
  }

  int

  CIFSPOSIXCreate(const int xid, struct cifs_tcon *tcon, __u32 posix_flags,

  		__u64 mode, __u16 *netfid, FILE_UNIX_BASIC_INFO *pRetData,

  		__u32 *pOplock, const char *name,

  		const struct nls_table *nls_codepage, int remap)
  {
  	TRANSACTION2_SPI_REQ *pSMB = NULL;
  	TRANSACTION2_SPI_RSP *pSMBr = NULL;
  	int name_len;
  	int rc = 0;
  	int bytes_returned = 0;

  	__u16 params, param_offset, offset, byte_count, count;

  	OPEN_PSX_REQ *pdata;
  	OPEN_PSX_RSP *psx_rsp;

  	cFYI(1, "In POSIX Create");

  PsxCreat:
  	rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		name_len =
  		    cifsConvertToUCS((__le16 *) pSMB->FileName, name,
  				     PATH_MAX, nls_codepage, remap);
  		name_len++;	/* trailing null */
  		name_len *= 2;
  	} else {	/* BB improve the check for buffer overruns BB */
  		name_len = strnlen(name, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->FileName, name, name_len);
  	}
  
  	params = 6 + name_len;
  	count = sizeof(OPEN_PSX_REQ);
  	pSMB->MaxParameterCount = cpu_to_le16(2);
  	pSMB->MaxDataCount = cpu_to_le16(1000);	/* large enough */
  	pSMB->MaxSetupCount = 0;
  	pSMB->Reserved = 0;
  	pSMB->Flags = 0;
  	pSMB->Timeout = 0;
  	pSMB->Reserved2 = 0;
  	param_offset = offsetof(struct smb_com_transaction2_spi_req,

  				InformationLevel) - 4;

  	offset = param_offset + params;

  	pdata = (OPEN_PSX_REQ *)(((char *)&pSMB->hdr.Protocol) + offset);

  	pdata->Level = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC);

  	pdata->Permissions = cpu_to_le64(mode);

  	pdata->PosixOpenFlags = cpu_to_le32(posix_flags);

  	pdata->OpenFlags =  cpu_to_le32(*pOplock);
  	pSMB->ParameterOffset = cpu_to_le16(param_offset);
  	pSMB->DataOffset = cpu_to_le16(offset);
  	pSMB->SetupCount = 1;
  	pSMB->Reserved3 = 0;
  	pSMB->SubCommand = cpu_to_le16(TRANS2_SET_PATH_INFORMATION);
  	byte_count = 3 /* pad */  + params + count;
  
  	pSMB->DataCount = cpu_to_le16(count);
  	pSMB->ParameterCount = cpu_to_le16(params);
  	pSMB->TotalDataCount = pSMB->DataCount;
  	pSMB->TotalParameterCount = pSMB->ParameterCount;
  	pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_OPEN);
  	pSMB->Reserved4 = 0;

  	inc_rfc1001_len(pSMB, byte_count);

  	pSMB->ByteCount = cpu_to_le16(byte_count);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);
  	if (rc) {

  		cFYI(1, "Posix create returned %d", rc);

  		goto psx_create_err;
  	}

  	cFYI(1, "copying inode info");

  	rc = validate_t2((struct smb_t2_rsp *)pSMBr);

  	if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {

  		rc = -EIO;	/* bad smb */
  		goto psx_create_err;
  	}
  
  	/* copy return information to pRetData */

  	psx_rsp = (OPEN_PSX_RSP *)((char *) &pSMBr->hdr.Protocol

  			+ le16_to_cpu(pSMBr->t2.DataOffset));

  	*pOplock = le16_to_cpu(psx_rsp->OplockFlags);

  	if (netfid)

  		*netfid = psx_rsp->Fid;   /* cifs fid stays in le */
  	/* Let caller know file was created so we can set the mode. */
  	/* Do we care about the CreateAction in any other cases? */

  	if (cpu_to_le32(FILE_CREATE) == psx_rsp->CreateAction)

  		*pOplock |= CIFS_CREATE_ACTION;
  	/* check to make sure response data is there */

  	if (psx_rsp->ReturnedLevel != cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC)) {
  		pRetData->Type = cpu_to_le32(-1); /* unknown */

  		cFYI(DBG2, "unknown type");

  	} else {

  		if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)

  					+ sizeof(FILE_UNIX_BASIC_INFO)) {

  			cERROR(1, "Open response data too small");

  			pRetData->Type = cpu_to_le32(-1);

  			goto psx_create_err;
  		}

  		memcpy((char *) pRetData,

  			(char *)psx_rsp + sizeof(OPEN_PSX_RSP),

  			sizeof(FILE_UNIX_BASIC_INFO));

  	}

  
  psx_create_err:
  	cifs_buf_release(pSMB);

  	if (posix_flags & SMB_O_DIRECTORY)
  		cifs_stats_inc(&tcon->num_posixmkdirs);
  	else
  		cifs_stats_inc(&tcon->num_posixopens);

  
  	if (rc == -EAGAIN)
  		goto PsxCreat;

  	return rc;

  }

  static __u16 convert_disposition(int disposition)
  {
  	__u16 ofun = 0;
  
  	switch (disposition) {
  		case FILE_SUPERSEDE:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OTRUNC;
  			break;
  		case FILE_OPEN:
  			ofun = SMBOPEN_OAPPEND;
  			break;
  		case FILE_CREATE:
  			ofun = SMBOPEN_OCREATE;
  			break;
  		case FILE_OPEN_IF:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OAPPEND;
  			break;
  		case FILE_OVERWRITE:
  			ofun = SMBOPEN_OTRUNC;
  			break;
  		case FILE_OVERWRITE_IF:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OTRUNC;
  			break;
  		default:

  			cFYI(1, "unknown disposition %d", disposition);

  			ofun =  SMBOPEN_OAPPEND; /* regular open */
  	}
  	return ofun;
  }

  static int
  access_flags_to_smbopen_mode(const int access_flags)
  {
  	int masked_flags = access_flags & (GENERIC_READ | GENERIC_WRITE);
  
  	if (masked_flags == GENERIC_READ)
  		return SMBOPEN_READ;
  	else if (masked_flags == GENERIC_WRITE)
  		return SMBOPEN_WRITE;
  
  	/* just go for read/write */
  	return SMBOPEN_READWRITE;
  }

  int

  SMBLegacyOpen(const int xid, struct cifs_tcon *tcon,

  	    const char *fileName, const int openDisposition,

  	    const int access_flags, const int create_options, __u16 *netfid,
  	    int *pOplock, FILE_ALL_INFO *pfile_info,

  	    const struct nls_table *nls_codepage, int remap)
  {
  	int rc = -EACCES;
  	OPENX_REQ *pSMB = NULL;
  	OPENX_RSP *pSMBr = NULL;
  	int bytes_returned;
  	int name_len;
  	__u16 count;
  
  OldOpenRetry:
  	rc = smb_init(SMB_COM_OPEN_ANDX, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	pSMB->AndXCommand = 0xFF;       /* none */
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		count = 1;      /* account for one byte pad to word boundary */
  		name_len =
  		   cifsConvertToUCS((__le16 *) (pSMB->fileName + 1),
  				    fileName, PATH_MAX, nls_codepage, remap);
  		name_len++;     /* trailing null */
  		name_len *= 2;
  	} else {                /* BB improve check for buffer overruns BB */
  		count = 0;      /* no pad */
  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;     /* trailing null */
  		strncpy(pSMB->fileName, fileName, name_len);
  	}
  	if (*pOplock & REQ_OPLOCK)
  		pSMB->OpenFlags = cpu_to_le16(REQ_OPLOCK);

  	else if (*pOplock & REQ_BATCHOPLOCK)

  		pSMB->OpenFlags = cpu_to_le16(REQ_BATCHOPLOCK);

  	pSMB->OpenFlags |= cpu_to_le16(REQ_MORE_INFO);

  	pSMB->Mode = cpu_to_le16(access_flags_to_smbopen_mode(access_flags));

  	pSMB->Mode |= cpu_to_le16(0x40); /* deny none */
  	/* set file as system file if special file such
  	   as fifo and server expecting SFU style and
  	   no Unix extensions */

  	if (create_options & CREATE_OPTION_SPECIAL)
  		pSMB->FileAttributes = cpu_to_le16(ATTR_SYSTEM);

  	else /* BB FIXME BB */
  		pSMB->FileAttributes = cpu_to_le16(0/*ATTR_NORMAL*/);

  	if (create_options & CREATE_OPTION_READONLY)
  		pSMB->FileAttributes |= cpu_to_le16(ATTR_READONLY);

  
  	/* BB FIXME BB */

  /*	pSMB->CreateOptions = cpu_to_le32(create_options &
  						 CREATE_OPTIONS_MASK); */

  	/* BB FIXME END BB */

  
  	pSMB->Sattr = cpu_to_le16(ATTR_HIDDEN | ATTR_SYSTEM | ATTR_DIRECTORY);

  	pSMB->OpenFunction = cpu_to_le16(convert_disposition(openDisposition));

  	count += name_len;

  	inc_rfc1001_len(pSMB, count);

  
  	pSMB->ByteCount = cpu_to_le16(count);
  	/* long_op set to 1 to allow for oplock break timeouts */
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,

  			(struct smb_hdr *)pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->num_opens);
  	if (rc) {

  		cFYI(1, "Error in Open = %d", rc);

  	} else {
  	/* BB verify if wct == 15 */

  /*		*pOplock = pSMBr->OplockLevel; */ /* BB take from action field*/

  
  		*netfid = pSMBr->Fid;   /* cifs fid stays in le */
  		/* Let caller know file was created so we can set the mode. */
  		/* Do we care about the CreateAction in any other cases? */
  	/* BB FIXME BB */

  /*		if (cpu_to_le32(FILE_CREATE) == pSMBr->CreateAction)

  			*pOplock |= CIFS_CREATE_ACTION; */
  	/* BB FIXME END */

  		if (pfile_info) {

  			pfile_info->CreationTime = 0; /* BB convert CreateTime*/
  			pfile_info->LastAccessTime = 0; /* BB fixme */
  			pfile_info->LastWriteTime = 0; /* BB fixme */
  			pfile_info->ChangeTime = 0;  /* BB fixme */

  			pfile_info->Attributes =

  				cpu_to_le32(le16_to_cpu(pSMBr->FileAttributes));

  			/* the file_info buf is endian converted by caller */

  			pfile_info->AllocationSize =
  				cpu_to_le64(le32_to_cpu(pSMBr->EndOfFile));
  			pfile_info->EndOfFile = pfile_info->AllocationSize;

  			pfile_info->NumberOfLinks = cpu_to_le32(1);

  			pfile_info->DeletePending = 0;

  		}
  	}
  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto OldOpenRetry;
  	return rc;
  }

  int

  CIFSSMBOpen(const int xid, struct cifs_tcon *tcon,

  	    const char *fileName, const int openDisposition,

  	    const int access_flags, const int create_options, __u16 *netfid,
  	    int *pOplock, FILE_ALL_INFO *pfile_info,

  	    const struct nls_table *nls_codepage, int remap)

  {
  	int rc = -EACCES;
  	OPEN_REQ *pSMB = NULL;
  	OPEN_RSP *pSMBr = NULL;
  	int bytes_returned;
  	int name_len;
  	__u16 count;
  
  openRetry:
  	rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	pSMB->AndXCommand = 0xFF;	/* none */
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		count = 1;	/* account for one byte pad to word boundary */
  		name_len =

  		    cifsConvertToUCS((__le16 *) (pSMB->fileName + 1),

  				     fileName, PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;
  		pSMB->NameLength = cpu_to_le16(name_len);

  	} else {		/* BB improve check for buffer overruns BB */

  		count = 0;	/* no pad */
  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;	/* trailing null */
  		pSMB->NameLength = cpu_to_le16(name_len);
  		strncpy(pSMB->fileName, fileName, name_len);
  	}
  	if (*pOplock & REQ_OPLOCK)
  		pSMB->OpenFlags = cpu_to_le32(REQ_OPLOCK);

  	else if (*pOplock & REQ_BATCHOPLOCK)

  		pSMB->OpenFlags = cpu_to_le32(REQ_BATCHOPLOCK);

  	pSMB->DesiredAccess = cpu_to_le32(access_flags);
  	pSMB->AllocationSize = 0;

  	/* set file as system file if special file such
  	   as fifo and server expecting SFU style and
  	   no Unix extensions */

  	if (create_options & CREATE_OPTION_SPECIAL)

  		pSMB->FileAttributes = cpu_to_le32(ATTR_SYSTEM);
  	else
  		pSMB->FileAttributes = cpu_to_le32(ATTR_NORMAL);

  	/* XP does not handle ATTR_POSIX_SEMANTICS */
  	/* but it helps speed up case sensitive checks for other
  	servers such as Samba */
  	if (tcon->ses->capabilities & CAP_UNIX)
  		pSMB->FileAttributes |= cpu_to_le32(ATTR_POSIX_SEMANTICS);

  	if (create_options & CREATE_OPTION_READONLY)
  		pSMB->FileAttributes |= cpu_to_le32(ATTR_READONLY);

  	pSMB->ShareAccess = cpu_to_le32(FILE_SHARE_ALL);
  	pSMB->CreateDisposition = cpu_to_le32(openDisposition);

  	pSMB->CreateOptions = cpu_to_le32(create_options & CREATE_OPTIONS_MASK);

  	/* BB Expirement with various impersonation levels and verify */
  	pSMB->ImpersonationLevel = cpu_to_le32(SECURITY_IMPERSONATION);

  	pSMB->SecurityFlags =
  	    SECURITY_CONTEXT_TRACKING | SECURITY_EFFECTIVE_ONLY;
  
  	count += name_len;

  	inc_rfc1001_len(pSMB, count);

  
  	pSMB->ByteCount = cpu_to_le16(count);
  	/* long_op set to 1 to allow for oplock break timeouts */
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,

  			(struct smb_hdr *)pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->num_opens);

  	if (rc) {

  		cFYI(1, "Error in Open = %d", rc);

  	} else {

  		*pOplock = pSMBr->OplockLevel; /* 1 byte no need to le_to_cpu */

  		*netfid = pSMBr->Fid;	/* cifs fid stays in le */
  		/* Let caller know file was created so we can set the mode. */
  		/* Do we care about the CreateAction in any other cases? */

  		if (cpu_to_le32(FILE_CREATE) == pSMBr->CreateAction)

  			*pOplock |= CIFS_CREATE_ACTION;

  		if (pfile_info) {

  			memcpy((char *)pfile_info, (char *)&pSMBr->CreationTime,
  				36 /* CreationTime to Attributes */);
  			/* the file_info buf is endian converted by caller */
  			pfile_info->AllocationSize = pSMBr->AllocationSize;
  			pfile_info->EndOfFile = pSMBr->EndOfFile;
  			pfile_info->NumberOfLinks = cpu_to_le32(1);
  			pfile_info->DeletePending = 0;

  		}

  	}

  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto openRetry;
  	return rc;
  }

  struct cifs_readdata *
  cifs_readdata_alloc(unsigned int nr_pages)
  {
  	struct cifs_readdata *rdata;
  
  	/* readdata + 1 kvec for each page */
  	rdata = kzalloc(sizeof(*rdata) +
  			sizeof(struct kvec) * nr_pages, GFP_KERNEL);
  	if (rdata != NULL) {
  		INIT_WORK(&rdata->work, cifs_readv_complete);
  		INIT_LIST_HEAD(&rdata->pages);
  	}
  	return rdata;
  }
  
  void
  cifs_readdata_free(struct cifs_readdata *rdata)
  {
  	cifsFileInfo_put(rdata->cfile);
  	kfree(rdata);
  }
  
  /*
   * Discard any remaining data in the current SMB. To do this, we borrow the
   * current bigbuf.
   */
  static int
  cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
  {
  	READ_RSP *rsp = (READ_RSP *)server->smallbuf;
  	unsigned int rfclen = be32_to_cpu(rsp->hdr.smb_buf_length);
  	int remaining = rfclen + 4 - server->total_read;
  	struct cifs_readdata *rdata = mid->callback_data;
  
  	while (remaining > 0) {
  		int length;
  
  		length = cifs_read_from_socket(server, server->bigbuf,
  				min_t(unsigned int, remaining,
  					CIFSMaxBufSize + MAX_CIFS_HDR_SIZE));
  		if (length < 0)
  			return length;
  		server->total_read += length;
  		remaining -= length;
  	}
  
  	dequeue_mid(mid, rdata->result);
  	return 0;
  }
  
  static int
  cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
  {
  	int length, len;
  	unsigned int data_offset, remaining, data_len;
  	struct cifs_readdata *rdata = mid->callback_data;
  	READ_RSP *rsp = (READ_RSP *)server->smallbuf;
  	unsigned int rfclen = be32_to_cpu(rsp->hdr.smb_buf_length) + 4;
  	u64 eof;
  	pgoff_t eof_index;
  	struct page *page, *tpage;
  
  	cFYI(1, "%s: mid=%u offset=%llu bytes=%u", __func__,
  		mid->mid, rdata->offset, rdata->bytes);
  
  	/*
  	 * read the rest of READ_RSP header (sans Data array), or whatever we
  	 * can if there's not enough data. At this point, we've read down to
  	 * the Mid.
  	 */
  	len = min_t(unsigned int, rfclen, sizeof(*rsp)) -
  			sizeof(struct smb_hdr) + 1;
  
  	rdata->iov[0].iov_base = server->smallbuf + sizeof(struct smb_hdr) - 1;
  	rdata->iov[0].iov_len = len;
  
  	length = cifs_readv_from_socket(server, rdata->iov, 1, len);
  	if (length < 0)
  		return length;
  	server->total_read += length;
  
  	/* Was the SMB read successful? */
  	rdata->result = map_smb_to_linux_error(&rsp->hdr, false);
  	if (rdata->result != 0) {
  		cFYI(1, "%s: server returned error %d", __func__,
  			rdata->result);
  		return cifs_readv_discard(server, mid);
  	}
  
  	/* Is there enough to get to the rest of the READ_RSP header? */
  	if (server->total_read < sizeof(READ_RSP)) {
  		cFYI(1, "%s: server returned short header. got=%u expected=%zu",
  			__func__, server->total_read, sizeof(READ_RSP));
  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}
  
  	data_offset = le16_to_cpu(rsp->DataOffset) + 4;
  	if (data_offset < server->total_read) {
  		/*
  		 * win2k8 sometimes sends an offset of 0 when the read
  		 * is beyond the EOF. Treat it as if the data starts just after
  		 * the header.
  		 */
  		cFYI(1, "%s: data offset (%u) inside read response header",
  			__func__, data_offset);
  		data_offset = server->total_read;
  	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
  		/* data_offset is beyond the end of smallbuf */
  		cFYI(1, "%s: data offset (%u) beyond end of smallbuf",
  			__func__, data_offset);
  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}
  
  	cFYI(1, "%s: total_read=%u data_offset=%u", __func__,
  		server->total_read, data_offset);
  
  	len = data_offset - server->total_read;
  	if (len > 0) {
  		/* read any junk before data into the rest of smallbuf */
  		rdata->iov[0].iov_base = server->smallbuf + server->total_read;
  		rdata->iov[0].iov_len = len;
  		length = cifs_readv_from_socket(server, rdata->iov, 1, len);
  		if (length < 0)
  			return length;
  		server->total_read += length;
  	}
  
  	/* set up first iov for signature check */
  	rdata->iov[0].iov_base = server->smallbuf;
  	rdata->iov[0].iov_len = server->total_read;
  	cFYI(1, "0: iov_base=%p iov_len=%zu",
  		rdata->iov[0].iov_base, rdata->iov[0].iov_len);
  
  	/* how much data is in the response? */
  	data_len = le16_to_cpu(rsp->DataLengthHigh) << 16;
  	data_len += le16_to_cpu(rsp->DataLength);
  	if (data_offset + data_len > rfclen) {
  		/* data_len is corrupt -- discard frame */
  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}
  
  	/* marshal up the page array */
  	len = 0;
  	remaining = data_len;
  	rdata->nr_iov = 1;
  
  	/* determine the eof that the server (probably) has */
  	eof = CIFS_I(rdata->mapping->host)->server_eof;
  	eof_index = eof ? (eof - 1) >> PAGE_CACHE_SHIFT : 0;
  	cFYI(1, "eof=%llu eof_index=%lu", eof, eof_index);
  
  	list_for_each_entry_safe(page, tpage, &rdata->pages, lru) {
  		if (remaining >= PAGE_CACHE_SIZE) {
  			/* enough data to fill the page */
  			rdata->iov[rdata->nr_iov].iov_base = kmap(page);
  			rdata->iov[rdata->nr_iov].iov_len = PAGE_CACHE_SIZE;
  			cFYI(1, "%u: idx=%lu iov_base=%p iov_len=%zu",
  				rdata->nr_iov, page->index,
  				rdata->iov[rdata->nr_iov].iov_base,
  				rdata->iov[rdata->nr_iov].iov_len);
  			++rdata->nr_iov;
  			len += PAGE_CACHE_SIZE;
  			remaining -= PAGE_CACHE_SIZE;
  		} else if (remaining > 0) {
  			/* enough for partial page, fill and zero the rest */
  			rdata->iov[rdata->nr_iov].iov_base = kmap(page);
  			rdata->iov[rdata->nr_iov].iov_len = remaining;
  			cFYI(1, "%u: idx=%lu iov_base=%p iov_len=%zu",
  				rdata->nr_iov, page->index,
  				rdata->iov[rdata->nr_iov].iov_base,
  				rdata->iov[rdata->nr_iov].iov_len);
  			memset(rdata->iov[rdata->nr_iov].iov_base + remaining,
  				'\0', PAGE_CACHE_SIZE - remaining);
  			++rdata->nr_iov;
  			len += remaining;
  			remaining = 0;
  		} else if (page->index > eof_index) {
  			/*
  			 * The VFS will not try to do readahead past the
  			 * i_size, but it's possible that we have outstanding
  			 * writes with gaps in the middle and the i_size hasn't
  			 * caught up yet. Populate those with zeroed out pages
  			 * to prevent the VFS from repeatedly attempting to
  			 * fill them until the writes are flushed.
  			 */
  			zero_user(page, 0, PAGE_CACHE_SIZE);
  			list_del(&page->lru);
  			lru_cache_add_file(page);
  			flush_dcache_page(page);
  			SetPageUptodate(page);
  			unlock_page(page);
  			page_cache_release(page);
  		} else {
  			/* no need to hold page hostage */
  			list_del(&page->lru);
  			lru_cache_add_file(page);
  			unlock_page(page);
  			page_cache_release(page);
  		}
  	}
  
  	/* issue the read if we have any iovecs left to fill */
  	if (rdata->nr_iov > 1) {
  		length = cifs_readv_from_socket(server, &rdata->iov[1],
  						rdata->nr_iov - 1, len);
  		if (length < 0)
  			return length;
  		server->total_read += length;
  	} else {
  		length = 0;
  	}
  
  	rdata->bytes = length;
  
  	cFYI(1, "total_read=%u rfclen=%u remaining=%u", server->total_read,
  		rfclen, remaining);
  
  	/* discard anything left over */
  	if (server->total_read < rfclen)
  		return cifs_readv_discard(server, mid);
  
  	dequeue_mid(mid, false);
  	return length;
  }
  
  static void
  cifs_readv_complete(struct work_struct *work)
  {
  	struct cifs_readdata *rdata = container_of(work,
  						struct cifs_readdata, work);
  	struct page *page, *tpage;
  
  	list_for_each_entry_safe(page, tpage, &rdata->pages, lru) {
  		list_del(&page->lru);
  		lru_cache_add_file(page);

  
  		if (rdata->result == 0) {

  			kunmap(page);

  			flush_dcache_page(page);
  			SetPageUptodate(page);
  		}
  
  		unlock_page(page);
  
  		if (rdata->result == 0)
  			cifs_readpage_to_fscache(rdata->mapping->host, page);
  
  		page_cache_release(page);
  	}
  	cifs_readdata_free(rdata);
  }
  
  static void
  cifs_readv_callback(struct mid_q_entry *mid)
  {
  	struct cifs_readdata *rdata = mid->callback_data;
  	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
  	struct TCP_Server_Info *server = tcon->ses->server;
  
  	cFYI(1, "%s: mid=%u state=%d result=%d bytes=%u", __func__,
  		mid->mid, mid->midState, rdata->result, rdata->bytes);
  
  	switch (mid->midState) {
  	case MID_RESPONSE_RECEIVED:
  		/* result already set, check signature */
  		if (server->sec_mode &
  		    (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
  			if (cifs_verify_signature(rdata->iov, rdata->nr_iov,
  					  server, mid->sequence_number + 1))
  				cERROR(1, "Unexpected SMB signature");
  		}
  		/* FIXME: should this be counted toward the initiating task? */
  		task_io_account_read(rdata->bytes);
  		cifs_stats_bytes_read(tcon, rdata->bytes);
  		break;
  	case MID_REQUEST_SUBMITTED:
  	case MID_RETRY_NEEDED:
  		rdata->result = -EAGAIN;
  		break;
  	default:
  		rdata->result = -EIO;
  	}
  
  	queue_work(system_nrt_wq, &rdata->work);
  	DeleteMidQEntry(mid);
  	atomic_dec(&server->inFlight);
  	wake_up(&server->request_q);
  }
  
  /* cifs_async_readv - send an async write, and set up mid to handle result */
  int
  cifs_async_readv(struct cifs_readdata *rdata)
  {
  	int rc;
  	READ_REQ *smb = NULL;
  	int wct;
  	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
  
  	cFYI(1, "%s: offset=%llu bytes=%u", __func__,
  		rdata->offset, rdata->bytes);
  
  	if (tcon->ses->capabilities & CAP_LARGE_FILES)
  		wct = 12;
  	else {
  		wct = 10; /* old style read */
  		if ((rdata->offset >> 32) > 0)  {
  			/* can not handle this big offset for old */
  			return -EIO;
  		}
  	}
  
  	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb);
  	if (rc)
  		return rc;
  
  	smb->hdr.Pid = cpu_to_le16((__u16)rdata->pid);
  	smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->pid >> 16));
  
  	smb->AndXCommand = 0xFF;	/* none */
  	smb->Fid = rdata->cfile->netfid;
  	smb->OffsetLow = cpu_to_le32(rdata->offset & 0xFFFFFFFF);
  	if (wct == 12)
  		smb->OffsetHigh = cpu_to_le32(rdata->offset >> 32);
  	smb->Remaining = 0;
  	smb->MaxCount = cpu_to_le16(rdata->bytes & 0xFFFF);
  	smb->MaxCountHigh = cpu_to_le32(rdata->bytes >> 16);
  	if (wct == 12)
  		smb->ByteCount = 0;
  	else {
  		/* old style read */
  		struct smb_com_readx_req *smbr =
  			(struct smb_com_readx_req *)smb;
  		smbr->ByteCount = 0;
  	}
  
  	/* 4 for RFC1001 length + 1 for BCC */
  	rdata->iov[0].iov_base = smb;
  	rdata->iov[0].iov_len = be32_to_cpu(smb->hdr.smb_buf_length) + 4;
  
  	rc = cifs_call_async(tcon->ses->server, rdata->iov, 1,
  			     cifs_readv_receive, cifs_readv_callback,
  			     rdata, false);
  
  	if (rc == 0)
  		cifs_stats_inc(&tcon->num_reads);
  
  	cifs_small_buf_release(smb);
  	return rc;
  }

  int

  CIFSSMBRead(const int xid, struct cifs_io_parms *io_parms, unsigned int *nbytes,

  	    char **buf, int *pbuf_type)

  {
  	int rc = -EACCES;
  	READ_REQ *pSMB = NULL;
  	READ_RSP *pSMBr = NULL;
  	char *pReadData = NULL;

  	int wct;

  	int resp_buf_type = 0;
  	struct kvec iov[1];

  	__u32 pid = io_parms->pid;
  	__u16 netfid = io_parms->netfid;
  	__u64 offset = io_parms->offset;

  	struct cifs_tcon *tcon = io_parms->tcon;

  	unsigned int count = io_parms->length;

  	cFYI(1, "Reading %d bytes on fid %d", count, netfid);

  	if (tcon->ses->capabilities & CAP_LARGE_FILES)

  		wct = 12;

  	else {

  		wct = 10; /* old style read */

  		if ((offset >> 32) > 0)  {

  			/* can not handle this big offset for old */
  			return -EIO;
  		}
  	}

  
  	*nbytes = 0;

  	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB);

  	if (rc)
  		return rc;

  	pSMB->hdr.Pid = cpu_to_le16((__u16)pid);
  	pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16));

  	/* tcon and ses pointer are checked in smb_init */
  	if (tcon->ses->server == NULL)
  		return -ECONNABORTED;

  	pSMB->AndXCommand = 0xFF;       /* none */

  	pSMB->Fid = netfid;

  	pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF);

  	if (wct == 12)

  		pSMB->OffsetHigh = cpu_to_le32(offset >> 32);

  	pSMB->Remaining = 0;
  	pSMB->MaxCount = cpu_to_le16(count & 0xFFFF);
  	pSMB->MaxCountHigh = cpu_to_le32(count >> 16);

  	if (wct == 12)

  		pSMB->ByteCount = 0;  /* no need to do le conversion since 0 */
  	else {
  		/* old style read */

  		struct smb_com_readx_req *pSMBW =

  			(struct smb_com_readx_req *)pSMB;

  		pSMBW->ByteCount = 0;

  	}

  
  	iov[0].iov_base = (char *)pSMB;

  	iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4;

  	rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */,

  			 &resp_buf_type, CIFS_LOG_ERROR);

  	cifs_stats_inc(&tcon->num_reads);

  	pSMBr = (READ_RSP *)iov[0].iov_base;

  	if (rc) {

  		cERROR(1, "Send error in read = %d", rc);

  	} else {
  		int data_length = le16_to_cpu(pSMBr->DataLengthHigh);
  		data_length = data_length << 16;
  		data_length += le16_to_cpu(pSMBr->DataLength);
  		*nbytes = data_length;
  
  		/*check that DataLength would not go beyond end of SMB */

  		if ((data_length > CIFSMaxBufSize)

  				|| (data_length > count)) {

  			cFYI(1, "bad length %d for count %d",
  				 data_length, count);

  			rc = -EIO;
  			*nbytes = 0;
  		} else {

  			pReadData = (char *) (&pSMBr->hdr.Protocol) +

  					le16_to_cpu(pSMBr->DataOffset);
  /*			if (rc = copy_to_user(buf, pReadData, data_length)) {

  				cERROR(1, "Faulting on read rc = %d",rc);

  				rc = -EFAULT;

  			}*/ /* can not use copy_to_user when using page cache*/

  			if (*buf)

  				memcpy(*buf, pReadData, data_length);

  		}
  	}

  /*	cifs_small_buf_release(pSMB); */ /* Freed earlier now in SendReceive2 */

  	if (*buf) {
  		if (resp_buf_type == CIFS_SMALL_BUFFER)

  			cifs_small_buf_release(iov[0].iov_base);

  		else if (resp_buf_type == CIFS_LARGE_BUFFER)

  			cifs_buf_release(iov[0].iov_base);

  	} else if (resp_buf_type != CIFS_NO_BUFFER) {

  		/* return buffer to caller to free */
  		*buf = iov[0].iov_base;

  		if (resp_buf_type == CIFS_SMALL_BUFFER)

  			*pbuf_type = CIFS_SMALL_BUFFER;

  		else if (resp_buf_type == CIFS_LARGE_BUFFER)

  			*pbuf_type = CIFS_LARGE_BUFFER;

  	} /* else no valid buffer on return - leave as null */

  
  	/* Note: On -EAGAIN error only caller can retry on handle based calls

  		since file handle passed in no longer valid */
  	return rc;
  }

  int

  CIFSSMBWrite(const int xid, struct cifs_io_parms *io_parms,
  	     unsigned int *nbytes, const char *buf,