[02/15] cifs: remove rfc1002 header from all SMB2 response structures

Message ID 20180530214348.25589-3-lsahlber@redhat.com
State New
Headers show
Series
  • compounding
Related show

Commit Message

Ronnie Sahlberg May 30, 2018, 9:43 p.m.
Separate out all the 4 byte rfc1002 headers so that they are no longer
part of the SMB2 header structures to prepare for future work to add
compounding support.

Update the smb3 transform header processing that we no longer have
a rfc1002 header at the start of this structure.

Update smb2_readv_callback to accomodate that the first iovector in the
response is no the smb2 header and no longer a rfc1002 header.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/connect.c       |   6 ++-
 fs/cifs/smb2ops.c       | 112 ++++++++++++++++++++++++++++--------------------
 fs/cifs/smb2pdu.c       |  27 +++++-------
 fs/cifs/smb2pdu.h       |   6 ---
 fs/cifs/smb2transport.c |  10 ++---
 5 files changed, 85 insertions(+), 76 deletions(-)

Comments

Steve French May 30, 2018, 10:59 p.m. | #1
This one seemed to break smb3.11 mounts - so I backed out all but the
first in the series till we can verify



On Wed, May 30, 2018 at 4:43 PM, Ronnie Sahlberg <lsahlber@redhat.com> wrote:
> Separate out all the 4 byte rfc1002 headers so that they are no longer
> part of the SMB2 header structures to prepare for future work to add
> compounding support.
>
> Update the smb3 transform header processing that we no longer have
> a rfc1002 header at the start of this structure.
>
> Update smb2_readv_callback to accomodate that the first iovector in the
> response is no the smb2 header and no longer a rfc1002 header.
>
> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
>  fs/cifs/connect.c       |   6 ++-
>  fs/cifs/smb2ops.c       | 112 ++++++++++++++++++++++++++++--------------------
>  fs/cifs/smb2pdu.c       |  27 +++++-------
>  fs/cifs/smb2pdu.h       |   6 ---
>  fs/cifs/smb2transport.c |  10 ++---
>  5 files changed, 85 insertions(+), 76 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 4c0e3f6ae356..34a64719d3e2 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -882,7 +882,11 @@ cifs_demultiplex_thread(void *p)
>                 length = cifs_read_from_socket(server, buf, pdu_length);
>                 if (length < 0)
>                         continue;
> -               server->total_read = length;
> +
> +               if (server->vals->header_preamble_size == 0)
> +                       server->total_read = 0;
> +               else
> +                       server->total_read = length;
>
>                 /*
>                  * The right amount was read from socket - 4 bytes,
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index 7c0edd2ab784..20cc67c3a6d0 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -2144,12 +2144,11 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile)
>  }
>
>  static void
> -fill_transform_hdr(struct TCP_Server_Info *server,
> -                  struct smb2_transform_hdr *tr_hdr, struct smb_rqst *old_rq)
> +fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
> +                  struct smb_rqst *old_rq)
>  {
>         struct smb2_sync_hdr *shdr =
>                         (struct smb2_sync_hdr *)old_rq->rq_iov[1].iov_base;
> -       unsigned int orig_len = get_rfc1002_length(old_rq->rq_iov[0].iov_base);
>
>         memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr));
>         tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
> @@ -2157,8 +2156,6 @@ fill_transform_hdr(struct TCP_Server_Info *server,
>         tr_hdr->Flags = cpu_to_le16(0x01);
>         get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CMM_NONCE);
>         memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
> -       inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - server->vals->header_preamble_size);
> -       inc_rfc1001_len(tr_hdr, orig_len);
>  }
>
>  /* We can not use the normal sg_set_buf() as we will sometimes pass a
> @@ -2170,11 +2167,16 @@ static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
>         sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
>  }
>
> +/* Assumes:
> + * rqst->rq_iov[0]  is rfc1002 length
> + * rqst->rq_iov[1]  is tranform header
> + * rqst->rq_iov[2+] data to be encrypted/decrypted
> + */
>  static struct scatterlist *
>  init_sg(struct smb_rqst *rqst, u8 *sign)
>  {
> -       unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages + 1;
> -       unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;
> +       unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages;
> +       unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
>         struct scatterlist *sg;
>         unsigned int i;
>         unsigned int j;
> @@ -2184,10 +2186,10 @@ init_sg(struct smb_rqst *rqst, u8 *sign)
>                 return NULL;
>
>         sg_init_table(sg, sg_len);
> -       smb2_sg_set_buf(&sg[0], rqst->rq_iov[0].iov_base + 24, assoc_data_len);
> -       for (i = 1; i < rqst->rq_nvec; i++)
> -               smb2_sg_set_buf(&sg[i], rqst->rq_iov[i].iov_base,
> -                                               rqst->rq_iov[i].iov_len);
> +       smb2_sg_set_buf(&sg[0], rqst->rq_iov[1].iov_base + 20, assoc_data_len);
> +       for (i = 1; i < rqst->rq_nvec - 1; i++)
> +               smb2_sg_set_buf(&sg[i], rqst->rq_iov[i+1].iov_base,
> +                                               rqst->rq_iov[i+1].iov_len);
>         for (j = 0; i < sg_len - 1; i++, j++) {
>                 unsigned int len = (j < rqst->rq_npages - 1) ? rqst->rq_pagesz
>                                                         : rqst->rq_tailsz;
> @@ -2219,9 +2221,10 @@ smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 *key)
>  }
>  /*
>   * Encrypt or decrypt @rqst message. @rqst has the following format:
> - * iov[0] - transform header (associate data),
> - * iov[1-N] and pages - data to encrypt.
> - * On success return encrypted data in iov[1-N] and pages, leave iov[0]
> + * iov[0] - rfc1002 length
> + * iov[1] - transform header (associate data),
> + * iov[2-N] and pages - data to encrypt.
> + * On success return encrypted data in iov[2-N] and pages, leave iov[0-1]
>   * untouched.
>   */
>  static int
> @@ -2316,6 +2319,10 @@ crypt_message(struct TCP_Server_Info *server, struct smb_rqst *rqst, int enc)
>         return rc;
>  }
>
> +/*
> + * This is called from smb_send_rqst. At this point we have the rfc1002
> + * header as the first element in the vector.
> + */
>  static int
>  smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
>                        struct smb_rqst *old_rq)
> @@ -2324,6 +2331,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
>         struct page **pages;
>         struct smb2_transform_hdr *tr_hdr;
>         unsigned int npages = old_rq->rq_npages;
> +       unsigned int orig_len = get_rfc1002_length(old_rq->rq_iov[0].iov_base);
>         int i;
>         int rc = -ENOMEM;
>
> @@ -2342,24 +2350,34 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
>                         goto err_free_pages;
>         }
>
> -       iov = kmalloc_array(old_rq->rq_nvec, sizeof(struct kvec), GFP_KERNEL);
> +       /* Make space for one extra iov to hold the transform header */
> +       iov = kmalloc_array(old_rq->rq_nvec + 1, sizeof(struct kvec),
> +                           GFP_KERNEL);
>         if (!iov)
>                 goto err_free_pages;
>
>         /* copy all iovs from the old except the 1st one (rfc1002 length) */
> -       memcpy(&iov[1], &old_rq->rq_iov[1],
> +       memcpy(&iov[2], &old_rq->rq_iov[1],
>                                 sizeof(struct kvec) * (old_rq->rq_nvec - 1));
> +       /* copy the rfc1002 iov */
> +       iov[0].iov_base = old_rq->rq_iov[0].iov_base;
> +       iov[0].iov_len  = old_rq->rq_iov[0].iov_len;
> +
>         new_rq->rq_iov = iov;
> -       new_rq->rq_nvec = old_rq->rq_nvec;
> +       new_rq->rq_nvec = old_rq->rq_nvec + 1;
>
>         tr_hdr = kmalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL);
>         if (!tr_hdr)
>                 goto err_free_iov;
>
> -       /* fill the 1st iov with a transform header */
> -       fill_transform_hdr(server, tr_hdr, old_rq);
> -       new_rq->rq_iov[0].iov_base = tr_hdr;
> -       new_rq->rq_iov[0].iov_len = sizeof(struct smb2_transform_hdr);
> +       /* fill the 2nd iov with a transform header */
> +       fill_transform_hdr(tr_hdr, orig_len, old_rq);
> +       new_rq->rq_iov[1].iov_base = tr_hdr;
> +       new_rq->rq_iov[1].iov_len = sizeof(struct smb2_transform_hdr);
> +
> +       /* Update rfc1002 header */
> +       inc_rfc1001_len(new_rq->rq_iov[0].iov_base,
> +                       sizeof(struct smb2_transform_hdr));
>
>         /* copy pages form the old */
>         for (i = 0; i < npages; i++) {
> @@ -2399,7 +2417,7 @@ smb3_free_transform_rq(struct smb_rqst *rqst)
>                 put_page(rqst->rq_pages[i]);
>         kfree(rqst->rq_pages);
>         /* free transform header */
> -       kfree(rqst->rq_iov[0].iov_base);
> +       kfree(rqst->rq_iov[1].iov_base);
>         kfree(rqst->rq_iov);
>  }
>
> @@ -2416,18 +2434,19 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
>                  unsigned int buf_data_size, struct page **pages,
>                  unsigned int npages, unsigned int page_data_size)
>  {
> -       struct kvec iov[2];
> +       struct kvec iov[3];
>         struct smb_rqst rqst = {NULL};
> -       struct smb2_hdr *hdr;
>         int rc;
>
> -       iov[0].iov_base = buf;
> -       iov[0].iov_len = sizeof(struct smb2_transform_hdr);
> -       iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
> -       iov[1].iov_len = buf_data_size;
> +       iov[0].iov_base = NULL;
> +       iov[0].iov_len = 0;
> +       iov[1].iov_base = buf;
> +       iov[1].iov_len = sizeof(struct smb2_transform_hdr);
> +       iov[2].iov_base = buf + sizeof(struct smb2_transform_hdr);
> +       iov[2].iov_len = buf_data_size;
>
>         rqst.rq_iov = iov;
> -       rqst.rq_nvec = 2;
> +       rqst.rq_nvec = 3;
>         rqst.rq_pages = pages;
>         rqst.rq_npages = npages;
>         rqst.rq_pagesz = PAGE_SIZE;
> @@ -2439,10 +2458,9 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
>         if (rc)
>                 return rc;
>
> -       memmove(buf + server->vals->header_preamble_size, iov[1].iov_base, buf_data_size);
> -       hdr = (struct smb2_hdr *)buf;
> -       hdr->smb2_buf_length = cpu_to_be32(buf_data_size + page_data_size);
> -       server->total_read = buf_data_size + page_data_size + server->vals->header_preamble_size;
> +       memmove(buf + server->vals->header_preamble_size, iov[2].iov_base, buf_data_size);
> +
> +       server->total_read = buf_data_size + page_data_size;
>
>         return rc;
>  }
> @@ -3196,8 +3214,8 @@ struct smb_version_values smb20_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3217,8 +3235,8 @@ struct smb_version_values smb21_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3238,8 +3256,8 @@ struct smb_version_values smb3any_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3259,8 +3277,8 @@ struct smb_version_values smbdefault_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3280,8 +3298,8 @@ struct smb_version_values smb30_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3301,8 +3319,8 @@ struct smb_version_values smb302_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> @@ -3323,8 +3341,8 @@ struct smb_version_values smb311_values = {
>         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
>         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
>         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> -       .header_size = sizeof(struct smb2_hdr),
> -       .header_preamble_size = 4,
> +       .header_size = sizeof(struct smb2_sync_hdr),
> +       .header_preamble_size = 0,
>         .max_header_size = MAX_SMB2_HDR_SIZE,
>         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
>         .lock_cmd = SMB2_LOCK,
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index fd9cc24b86a2..c5f24c71c10d 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -465,12 +465,12 @@ static int decode_encrypt_ctx(struct TCP_Server_Info *server,
>  }
>
>  static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
> -                                    struct TCP_Server_Info *server)
> +                                    struct TCP_Server_Info *server,
> +                                    unsigned int len_of_smb)
>  {
>         struct smb2_neg_context *pctx;
>         unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
>         unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
> -       unsigned int len_of_smb = be32_to_cpu(rsp->hdr.smb2_buf_length);
>         unsigned int len_of_ctxts, i;
>         int rc = 0;
>
> @@ -736,7 +736,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
>  #ifdef CONFIG_CIFS_SMB311
>         if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
>                 if (rsp->NegotiateContextCount)
> -                       rc = smb311_decode_neg_context(rsp, server);
> +                       rc = smb311_decode_neg_context(rsp, server,
> +                                                      rsp_iov.iov_len);
>                 else
>                         cifs_dbg(VFS, "Missing expected negotiate contexts\n");
>         }
> @@ -2014,7 +2015,6 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>  {
>         struct smb2_ioctl_req *req;
>         struct smb2_ioctl_rsp *rsp;
> -       struct smb2_sync_hdr *shdr;
>         struct cifs_ses *ses;
>         struct kvec iov[2];
>         struct kvec rsp_iov;
> @@ -2139,7 +2139,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>                 goto ioctl_exit;
>         }
>
> -       if (get_rfc1002_length(rsp) < le32_to_cpu(rsp->OutputOffset) + *plen) {
> +       if (rsp_iov.iov_len < le32_to_cpu(rsp->OutputOffset) + *plen) {
>                 cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
>                         le32_to_cpu(rsp->OutputOffset));
>                 *plen = 0;
> @@ -2153,8 +2153,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
>                 goto ioctl_exit;
>         }
>
> -       shdr = get_sync_hdr(rsp);
> -       memcpy(*out_data, (char *)shdr + le32_to_cpu(rsp->OutputOffset), *plen);
> +       memcpy(*out_data, (char *)rsp + le32_to_cpu(rsp->OutputOffset), *plen);
>  ioctl_exit:
>         free_rsp_buf(resp_buftype, rsp);
>         return rc;
> @@ -2695,7 +2694,7 @@ smb2_readv_callback(struct mid_q_entry *mid)
>         struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
>         struct TCP_Server_Info *server = tcon->ses->server;
>         struct smb2_sync_hdr *shdr =
> -                               (struct smb2_sync_hdr *)rdata->iov[1].iov_base;
> +                               (struct smb2_sync_hdr *)rdata->iov[0].iov_base;
>         unsigned int credits_received = 1;
>         struct smb_rqst rqst = { .rq_iov = rdata->iov,
>                                  .rq_nvec = 2,
> @@ -2847,7 +2846,6 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
>         int resp_buftype, rc = -EACCES;
>         struct smb2_read_plain_req *req = NULL;
>         struct smb2_read_rsp *rsp = NULL;
> -       struct smb2_sync_hdr *shdr;
>         struct kvec iov[1];
>         struct kvec rsp_iov;
>         unsigned int total_len;
> @@ -2894,10 +2892,8 @@ SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
>                 *nbytes = 0;
>         }
>
> -       shdr = get_sync_hdr(rsp);
> -
>         if (*buf) {
> -               memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes);
> +               memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
>                 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
>         } else if (resp_buftype != CIFS_NO_BUFFER) {
>                 *buf = rsp_iov.iov_base;
> @@ -3339,10 +3335,9 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
>                         cifs_buf_release(srch_inf->ntwrk_buf_start);
>         }
>         srch_inf->ntwrk_buf_start = (char *)rsp;
> -       srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen */ +
> -               (char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset);
> -       /* 4 for rfc1002 length field */
> -       end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr;
> +       srch_inf->srch_entries_start = srch_inf->last_entry =
> +               (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
> +       end_of_smb = rsp_iov.iov_len + (char *)rsp;
>         srch_inf->entries_in_buffer =
>                         num_entries(srch_inf->srch_entries_start, end_of_smb,
>                                     &srch_inf->last_entry, info_buf_size);
> diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
> index 853e5a707276..6ef786519be8 100644
> --- a/fs/cifs/smb2pdu.h
> +++ b/fs/cifs/smb2pdu.h
> @@ -123,9 +123,6 @@ struct smb2_sync_pdu {
>  } __packed;
>
>  struct smb2_hdr {
> -       __be32 smb2_buf_length; /* big endian on wire */
> -                               /* length is only two or three bytes - with */
> -                               /* one or two byte type preceding it that MBZ */
>         struct smb2_sync_hdr sync_hdr;
>  } __packed;
>
> @@ -138,9 +135,6 @@ struct smb2_pdu {
>  #define SMB3_AES128GCM_NONCE 12
>
>  struct smb2_transform_hdr {
> -       __be32 smb2_buf_length; /* big endian on wire */
> -                               /* length is only two or three bytes - with
> -                                one or two byte type preceding it that MBZ */
>         __le32 ProtocolId;      /* 0xFD 'S' 'M' 'B' */
>         __u8   Signature[16];
>         __u8   Nonce[16];
> diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
> index 8806f3f76c1d..2c671123a6bf 100644
> --- a/fs/cifs/smb2transport.c
> +++ b/fs/cifs/smb2transport.c
> @@ -480,7 +480,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
>         unsigned int rc;
>         char server_response_sig[16];
>         struct smb2_sync_hdr *shdr =
> -                       (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
> +                       (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
>
>         if ((shdr->Command == SMB2_NEGOTIATE) ||
>             (shdr->Command == SMB2_SESSION_SETUP) ||
> @@ -605,14 +605,12 @@ smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
>                    bool log_error)
>  {
>         unsigned int len = mid->resp_buf_size;
> -       struct kvec iov[2];
> +       struct kvec iov[1];
>         struct smb_rqst rqst = { .rq_iov = iov,
> -                                .rq_nvec = 2 };
> +                                .rq_nvec = 1 };
>
>         iov[0].iov_base = (char *)mid->resp_buf;
> -       iov[0].iov_len = 4;
> -       iov[1].iov_base = (char *)mid->resp_buf + 4;
> -       iov[1].iov_len = len;
> +       iov[0].iov_len = len;
>
>         dump_smb(mid->resp_buf, min_t(u32, 80, len));
>         /* convert the length into a more usable form */
> --
> 2.13.3
>
Ronnie Sahlberg June 1, 2018, 12:48 a.m. | #2
This was unintentionally unbroken again in 0009
This is the fix for 0002 :

diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 927226a2122f..e7254e386b79 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -800,8 +800,8 @@ cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
 #ifdef CONFIG_CIFS_SMB311
        if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) {
                struct kvec iov = {
-                       .iov_base = buf + 4,
-                       .iov_len = get_rfc1002_length(buf)
+                       .iov_base = buf,
+                       .iov_len = midQ->resp_buf_size
                };
                smb311_update_preauth_hash(ses, &iov, 1);
        }

I will resend the series shortly


----- Original Message -----
> From: "Steve French" <smfrench@gmail.com>
> To: "Ronnie Sahlberg" <lsahlber@redhat.com>
> Cc: "linux-cifs" <linux-cifs@vger.kernel.org>
> Sent: Thursday, 31 May, 2018 8:59:13 AM
> Subject: Re: [PATCH 02/15] cifs: remove rfc1002 header from all SMB2 response structures
> 
> This one seemed to break smb3.11 mounts - so I backed out all but the
> first in the series till we can verify
> 
> 
> 
> On Wed, May 30, 2018 at 4:43 PM, Ronnie Sahlberg <lsahlber@redhat.com> wrote:
> > Separate out all the 4 byte rfc1002 headers so that they are no longer
> > part of the SMB2 header structures to prepare for future work to add
> > compounding support.
> >
> > Update the smb3 transform header processing that we no longer have
> > a rfc1002 header at the start of this structure.
> >
> > Update smb2_readv_callback to accomodate that the first iovector in the
> > response is no the smb2 header and no longer a rfc1002 header.
> >
> > Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> > ---
> >  fs/cifs/connect.c       |   6 ++-
> >  fs/cifs/smb2ops.c       | 112
> >  ++++++++++++++++++++++++++++--------------------
> >  fs/cifs/smb2pdu.c       |  27 +++++-------
> >  fs/cifs/smb2pdu.h       |   6 ---
> >  fs/cifs/smb2transport.c |  10 ++---
> >  5 files changed, 85 insertions(+), 76 deletions(-)
> >
> > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> > index 4c0e3f6ae356..34a64719d3e2 100644
> > --- a/fs/cifs/connect.c
> > +++ b/fs/cifs/connect.c
> > @@ -882,7 +882,11 @@ cifs_demultiplex_thread(void *p)
> >                 length = cifs_read_from_socket(server, buf, pdu_length);
> >                 if (length < 0)
> >                         continue;
> > -               server->total_read = length;
> > +
> > +               if (server->vals->header_preamble_size == 0)
> > +                       server->total_read = 0;
> > +               else
> > +                       server->total_read = length;
> >
> >                 /*
> >                  * The right amount was read from socket - 4 bytes,
> > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> > index 7c0edd2ab784..20cc67c3a6d0 100644
> > --- a/fs/cifs/smb2ops.c
> > +++ b/fs/cifs/smb2ops.c
> > @@ -2144,12 +2144,11 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile)
> >  }
> >
> >  static void
> > -fill_transform_hdr(struct TCP_Server_Info *server,
> > -                  struct smb2_transform_hdr *tr_hdr, struct smb_rqst
> > *old_rq)
> > +fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int
> > orig_len,
> > +                  struct smb_rqst *old_rq)
> >  {
> >         struct smb2_sync_hdr *shdr =
> >                         (struct smb2_sync_hdr *)old_rq->rq_iov[1].iov_base;
> > -       unsigned int orig_len =
> > get_rfc1002_length(old_rq->rq_iov[0].iov_base);
> >
> >         memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr));
> >         tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
> > @@ -2157,8 +2156,6 @@ fill_transform_hdr(struct TCP_Server_Info *server,
> >         tr_hdr->Flags = cpu_to_le16(0x01);
> >         get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CMM_NONCE);
> >         memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
> > -       inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) -
> > server->vals->header_preamble_size);
> > -       inc_rfc1001_len(tr_hdr, orig_len);
> >  }
> >
> >  /* We can not use the normal sg_set_buf() as we will sometimes pass a
> > @@ -2170,11 +2167,16 @@ static inline void smb2_sg_set_buf(struct
> > scatterlist *sg, const void *buf,
> >         sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
> >  }
> >
> > +/* Assumes:
> > + * rqst->rq_iov[0]  is rfc1002 length
> > + * rqst->rq_iov[1]  is tranform header
> > + * rqst->rq_iov[2+] data to be encrypted/decrypted
> > + */
> >  static struct scatterlist *
> >  init_sg(struct smb_rqst *rqst, u8 *sign)
> >  {
> > -       unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages + 1;
> > -       unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) -
> > 24;
> > +       unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages;
> > +       unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) -
> > 20;
> >         struct scatterlist *sg;
> >         unsigned int i;
> >         unsigned int j;
> > @@ -2184,10 +2186,10 @@ init_sg(struct smb_rqst *rqst, u8 *sign)
> >                 return NULL;
> >
> >         sg_init_table(sg, sg_len);
> > -       smb2_sg_set_buf(&sg[0], rqst->rq_iov[0].iov_base + 24,
> > assoc_data_len);
> > -       for (i = 1; i < rqst->rq_nvec; i++)
> > -               smb2_sg_set_buf(&sg[i], rqst->rq_iov[i].iov_base,
> > -                                               rqst->rq_iov[i].iov_len);
> > +       smb2_sg_set_buf(&sg[0], rqst->rq_iov[1].iov_base + 20,
> > assoc_data_len);
> > +       for (i = 1; i < rqst->rq_nvec - 1; i++)
> > +               smb2_sg_set_buf(&sg[i], rqst->rq_iov[i+1].iov_base,
> > +                                               rqst->rq_iov[i+1].iov_len);
> >         for (j = 0; i < sg_len - 1; i++, j++) {
> >                 unsigned int len = (j < rqst->rq_npages - 1) ?
> >                 rqst->rq_pagesz
> >                                                         : rqst->rq_tailsz;
> > @@ -2219,9 +2221,10 @@ smb2_get_enc_key(struct TCP_Server_Info *server,
> > __u64 ses_id, int enc, u8 *key)
> >  }
> >  /*
> >   * Encrypt or decrypt @rqst message. @rqst has the following format:
> > - * iov[0] - transform header (associate data),
> > - * iov[1-N] and pages - data to encrypt.
> > - * On success return encrypted data in iov[1-N] and pages, leave iov[0]
> > + * iov[0] - rfc1002 length
> > + * iov[1] - transform header (associate data),
> > + * iov[2-N] and pages - data to encrypt.
> > + * On success return encrypted data in iov[2-N] and pages, leave iov[0-1]
> >   * untouched.
> >   */
> >  static int
> > @@ -2316,6 +2319,10 @@ crypt_message(struct TCP_Server_Info *server, struct
> > smb_rqst *rqst, int enc)
> >         return rc;
> >  }
> >
> > +/*
> > + * This is called from smb_send_rqst. At this point we have the rfc1002
> > + * header as the first element in the vector.
> > + */
> >  static int
> >  smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst
> >  *new_rq,
> >                        struct smb_rqst *old_rq)
> > @@ -2324,6 +2331,7 @@ smb3_init_transform_rq(struct TCP_Server_Info
> > *server, struct smb_rqst *new_rq,
> >         struct page **pages;
> >         struct smb2_transform_hdr *tr_hdr;
> >         unsigned int npages = old_rq->rq_npages;
> > +       unsigned int orig_len =
> > get_rfc1002_length(old_rq->rq_iov[0].iov_base);
> >         int i;
> >         int rc = -ENOMEM;
> >
> > @@ -2342,24 +2350,34 @@ smb3_init_transform_rq(struct TCP_Server_Info
> > *server, struct smb_rqst *new_rq,
> >                         goto err_free_pages;
> >         }
> >
> > -       iov = kmalloc_array(old_rq->rq_nvec, sizeof(struct kvec),
> > GFP_KERNEL);
> > +       /* Make space for one extra iov to hold the transform header */
> > +       iov = kmalloc_array(old_rq->rq_nvec + 1, sizeof(struct kvec),
> > +                           GFP_KERNEL);
> >         if (!iov)
> >                 goto err_free_pages;
> >
> >         /* copy all iovs from the old except the 1st one (rfc1002 length)
> >         */
> > -       memcpy(&iov[1], &old_rq->rq_iov[1],
> > +       memcpy(&iov[2], &old_rq->rq_iov[1],
> >                                 sizeof(struct kvec) * (old_rq->rq_nvec -
> >                                 1));
> > +       /* copy the rfc1002 iov */
> > +       iov[0].iov_base = old_rq->rq_iov[0].iov_base;
> > +       iov[0].iov_len  = old_rq->rq_iov[0].iov_len;
> > +
> >         new_rq->rq_iov = iov;
> > -       new_rq->rq_nvec = old_rq->rq_nvec;
> > +       new_rq->rq_nvec = old_rq->rq_nvec + 1;
> >
> >         tr_hdr = kmalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL);
> >         if (!tr_hdr)
> >                 goto err_free_iov;
> >
> > -       /* fill the 1st iov with a transform header */
> > -       fill_transform_hdr(server, tr_hdr, old_rq);
> > -       new_rq->rq_iov[0].iov_base = tr_hdr;
> > -       new_rq->rq_iov[0].iov_len = sizeof(struct smb2_transform_hdr);
> > +       /* fill the 2nd iov with a transform header */
> > +       fill_transform_hdr(tr_hdr, orig_len, old_rq);
> > +       new_rq->rq_iov[1].iov_base = tr_hdr;
> > +       new_rq->rq_iov[1].iov_len = sizeof(struct smb2_transform_hdr);
> > +
> > +       /* Update rfc1002 header */
> > +       inc_rfc1001_len(new_rq->rq_iov[0].iov_base,
> > +                       sizeof(struct smb2_transform_hdr));
> >
> >         /* copy pages form the old */
> >         for (i = 0; i < npages; i++) {
> > @@ -2399,7 +2417,7 @@ smb3_free_transform_rq(struct smb_rqst *rqst)
> >                 put_page(rqst->rq_pages[i]);
> >         kfree(rqst->rq_pages);
> >         /* free transform header */
> > -       kfree(rqst->rq_iov[0].iov_base);
> > +       kfree(rqst->rq_iov[1].iov_base);
> >         kfree(rqst->rq_iov);
> >  }
> >
> > @@ -2416,18 +2434,19 @@ decrypt_raw_data(struct TCP_Server_Info *server,
> > char *buf,
> >                  unsigned int buf_data_size, struct page **pages,
> >                  unsigned int npages, unsigned int page_data_size)
> >  {
> > -       struct kvec iov[2];
> > +       struct kvec iov[3];
> >         struct smb_rqst rqst = {NULL};
> > -       struct smb2_hdr *hdr;
> >         int rc;
> >
> > -       iov[0].iov_base = buf;
> > -       iov[0].iov_len = sizeof(struct smb2_transform_hdr);
> > -       iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
> > -       iov[1].iov_len = buf_data_size;
> > +       iov[0].iov_base = NULL;
> > +       iov[0].iov_len = 0;
> > +       iov[1].iov_base = buf;
> > +       iov[1].iov_len = sizeof(struct smb2_transform_hdr);
> > +       iov[2].iov_base = buf + sizeof(struct smb2_transform_hdr);
> > +       iov[2].iov_len = buf_data_size;
> >
> >         rqst.rq_iov = iov;
> > -       rqst.rq_nvec = 2;
> > +       rqst.rq_nvec = 3;
> >         rqst.rq_pages = pages;
> >         rqst.rq_npages = npages;
> >         rqst.rq_pagesz = PAGE_SIZE;
> > @@ -2439,10 +2458,9 @@ decrypt_raw_data(struct TCP_Server_Info *server,
> > char *buf,
> >         if (rc)
> >                 return rc;
> >
> > -       memmove(buf + server->vals->header_preamble_size, iov[1].iov_base,
> > buf_data_size);
> > -       hdr = (struct smb2_hdr *)buf;
> > -       hdr->smb2_buf_length = cpu_to_be32(buf_data_size + page_data_size);
> > -       server->total_read = buf_data_size + page_data_size +
> > server->vals->header_preamble_size;
> > +       memmove(buf + server->vals->header_preamble_size, iov[2].iov_base,
> > buf_data_size);
> > +
> > +       server->total_read = buf_data_size + page_data_size;
> >
> >         return rc;
> >  }
> > @@ -3196,8 +3214,8 @@ struct smb_version_values smb20_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3217,8 +3235,8 @@ struct smb_version_values smb21_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3238,8 +3256,8 @@ struct smb_version_values smb3any_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3259,8 +3277,8 @@ struct smb_version_values smbdefault_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3280,8 +3298,8 @@ struct smb_version_values smb30_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3301,8 +3319,8 @@ struct smb_version_values smb302_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > @@ -3323,8 +3341,8 @@ struct smb_version_values smb311_values = {
> >         .exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
> >         .shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
> >         .unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
> > -       .header_size = sizeof(struct smb2_hdr),
> > -       .header_preamble_size = 4,
> > +       .header_size = sizeof(struct smb2_sync_hdr),
> > +       .header_preamble_size = 0,
> >         .max_header_size = MAX_SMB2_HDR_SIZE,
> >         .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
> >         .lock_cmd = SMB2_LOCK,
> > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> > index fd9cc24b86a2..c5f24c71c10d 100644
> > --- a/fs/cifs/smb2pdu.c
> > +++ b/fs/cifs/smb2pdu.c
> > @@ -465,12 +465,12 @@ static int decode_encrypt_ctx(struct TCP_Server_Info
> > *server,
> >  }
> >
> >  static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
> > -                                    struct TCP_Server_Info *server)
> > +                                    struct TCP_Server_Info *server,
> > +                                    unsigned int len_of_smb)
> >  {
> >         struct smb2_neg_context *pctx;
> >         unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
> >         unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
> > -       unsigned int len_of_smb = be32_to_cpu(rsp->hdr.smb2_buf_length);
> >         unsigned int len_of_ctxts, i;
> >         int rc = 0;
> >
> > @@ -736,7 +736,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses
> > *ses)
> >  #ifdef CONFIG_CIFS_SMB311
> >         if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
> >                 if (rsp->NegotiateContextCount)
> > -                       rc = smb311_decode_neg_context(rsp, server);
> > +                       rc = smb311_decode_neg_context(rsp, server,
> > +                                                      rsp_iov.iov_len);
> >                 else
> >                         cifs_dbg(VFS, "Missing expected negotiate
> >                         contexts\n");
> >         }
> > @@ -2014,7 +2015,6 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon
> > *tcon, u64 persistent_fid,
> >  {
> >         struct smb2_ioctl_req *req;
> >         struct smb2_ioctl_rsp *rsp;
> > -       struct smb2_sync_hdr *shdr;
> >         struct cifs_ses *ses;
> >         struct kvec iov[2];
> >         struct kvec rsp_iov;
> > @@ -2139,7 +2139,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon
> > *tcon, u64 persistent_fid,
> >                 goto ioctl_exit;
> >         }
> >
> > -       if (get_rfc1002_length(rsp) < le32_to_cpu(rsp->OutputOffset) +
> > *plen) {
> > +       if (rsp_iov.iov_len < le32_to_cpu(rsp->OutputOffset) + *plen) {
> >                 cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n",
> >                 *plen,
> >                         le32_to_cpu(rsp->OutputOffset));
> >                 *plen = 0;
> > @@ -2153,8 +2153,7 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon
> > *tcon, u64 persistent_fid,
> >                 goto ioctl_exit;
> >         }
> >
> > -       shdr = get_sync_hdr(rsp);
> > -       memcpy(*out_data, (char *)shdr + le32_to_cpu(rsp->OutputOffset),
> > *plen);
> > +       memcpy(*out_data, (char *)rsp + le32_to_cpu(rsp->OutputOffset),
> > *plen);
> >  ioctl_exit:
> >         free_rsp_buf(resp_buftype, rsp);
> >         return rc;
> > @@ -2695,7 +2694,7 @@ smb2_readv_callback(struct mid_q_entry *mid)
> >         struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
> >         struct TCP_Server_Info *server = tcon->ses->server;
> >         struct smb2_sync_hdr *shdr =
> > -                               (struct smb2_sync_hdr
> > *)rdata->iov[1].iov_base;
> > +                               (struct smb2_sync_hdr
> > *)rdata->iov[0].iov_base;
> >         unsigned int credits_received = 1;
> >         struct smb_rqst rqst = { .rq_iov = rdata->iov,
> >                                  .rq_nvec = 2,
> > @@ -2847,7 +2846,6 @@ SMB2_read(const unsigned int xid, struct
> > cifs_io_parms *io_parms,
> >         int resp_buftype, rc = -EACCES;
> >         struct smb2_read_plain_req *req = NULL;
> >         struct smb2_read_rsp *rsp = NULL;
> > -       struct smb2_sync_hdr *shdr;
> >         struct kvec iov[1];
> >         struct kvec rsp_iov;
> >         unsigned int total_len;
> > @@ -2894,10 +2892,8 @@ SMB2_read(const unsigned int xid, struct
> > cifs_io_parms *io_parms,
> >                 *nbytes = 0;
> >         }
> >
> > -       shdr = get_sync_hdr(rsp);
> > -
> >         if (*buf) {
> > -               memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes);
> > +               memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
> >                 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
> >         } else if (resp_buftype != CIFS_NO_BUFFER) {
> >                 *buf = rsp_iov.iov_base;
> > @@ -3339,10 +3335,9 @@ SMB2_query_directory(const unsigned int xid, struct
> > cifs_tcon *tcon,
> >                         cifs_buf_release(srch_inf->ntwrk_buf_start);
> >         }
> >         srch_inf->ntwrk_buf_start = (char *)rsp;
> > -       srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen
> > */ +
> > -               (char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset);
> > -       /* 4 for rfc1002 length field */
> > -       end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr;
> > +       srch_inf->srch_entries_start = srch_inf->last_entry =
> > +               (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
> > +       end_of_smb = rsp_iov.iov_len + (char *)rsp;
> >         srch_inf->entries_in_buffer =
> >                         num_entries(srch_inf->srch_entries_start,
> >                         end_of_smb,
> >                                     &srch_inf->last_entry, info_buf_size);
> > diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
> > index 853e5a707276..6ef786519be8 100644
> > --- a/fs/cifs/smb2pdu.h
> > +++ b/fs/cifs/smb2pdu.h
> > @@ -123,9 +123,6 @@ struct smb2_sync_pdu {
> >  } __packed;
> >
> >  struct smb2_hdr {
> > -       __be32 smb2_buf_length; /* big endian on wire */
> > -                               /* length is only two or three bytes - with
> > */
> > -                               /* one or two byte type preceding it that
> > MBZ */
> >         struct smb2_sync_hdr sync_hdr;
> >  } __packed;
> >
> > @@ -138,9 +135,6 @@ struct smb2_pdu {
> >  #define SMB3_AES128GCM_NONCE 12
> >
> >  struct smb2_transform_hdr {
> > -       __be32 smb2_buf_length; /* big endian on wire */
> > -                               /* length is only two or three bytes - with
> > -                                one or two byte type preceding it that MBZ
> > */
> >         __le32 ProtocolId;      /* 0xFD 'S' 'M' 'B' */
> >         __u8   Signature[16];
> >         __u8   Nonce[16];
> > diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
> > index 8806f3f76c1d..2c671123a6bf 100644
> > --- a/fs/cifs/smb2transport.c
> > +++ b/fs/cifs/smb2transport.c
> > @@ -480,7 +480,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct
> > TCP_Server_Info *server)
> >         unsigned int rc;
> >         char server_response_sig[16];
> >         struct smb2_sync_hdr *shdr =
> > -                       (struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
> > +                       (struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
> >
> >         if ((shdr->Command == SMB2_NEGOTIATE) ||
> >             (shdr->Command == SMB2_SESSION_SETUP) ||
> > @@ -605,14 +605,12 @@ smb2_check_receive(struct mid_q_entry *mid, struct
> > TCP_Server_Info *server,
> >                    bool log_error)
> >  {
> >         unsigned int len = mid->resp_buf_size;
> > -       struct kvec iov[2];
> > +       struct kvec iov[1];
> >         struct smb_rqst rqst = { .rq_iov = iov,
> > -                                .rq_nvec = 2 };
> > +                                .rq_nvec = 1 };
> >
> >         iov[0].iov_base = (char *)mid->resp_buf;
> > -       iov[0].iov_len = 4;
> > -       iov[1].iov_base = (char *)mid->resp_buf + 4;
> > -       iov[1].iov_len = len;
> > +       iov[0].iov_len = len;
> >
> >         dump_smb(mid->resp_buf, min_t(u32, 80, len));
> >         /* convert the length into a more usable form */
> > --
> > 2.13.3
> >
> 
> 
> 
> --
> Thanks,
> 
> Steve
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 4c0e3f6ae356..34a64719d3e2 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -882,7 +882,11 @@  cifs_demultiplex_thread(void *p)
 		length = cifs_read_from_socket(server, buf, pdu_length);
 		if (length < 0)
 			continue;
-		server->total_read = length;
+
+		if (server->vals->header_preamble_size == 0)
+			server->total_read = 0;
+		else
+			server->total_read = length;
 
 		/*
 		 * The right amount was read from socket - 4 bytes,
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 7c0edd2ab784..20cc67c3a6d0 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -2144,12 +2144,11 @@  smb2_dir_needs_close(struct cifsFileInfo *cfile)
 }
 
 static void
-fill_transform_hdr(struct TCP_Server_Info *server,
-		   struct smb2_transform_hdr *tr_hdr, struct smb_rqst *old_rq)
+fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
+		   struct smb_rqst *old_rq)
 {
 	struct smb2_sync_hdr *shdr =
 			(struct smb2_sync_hdr *)old_rq->rq_iov[1].iov_base;
-	unsigned int orig_len = get_rfc1002_length(old_rq->rq_iov[0].iov_base);
 
 	memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr));
 	tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
@@ -2157,8 +2156,6 @@  fill_transform_hdr(struct TCP_Server_Info *server,
 	tr_hdr->Flags = cpu_to_le16(0x01);
 	get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CMM_NONCE);
 	memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
-	inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - server->vals->header_preamble_size);
-	inc_rfc1001_len(tr_hdr, orig_len);
 }
 
 /* We can not use the normal sg_set_buf() as we will sometimes pass a
@@ -2170,11 +2167,16 @@  static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
 	sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
 }
 
+/* Assumes:
+ * rqst->rq_iov[0]  is rfc1002 length
+ * rqst->rq_iov[1]  is tranform header
+ * rqst->rq_iov[2+] data to be encrypted/decrypted
+ */
 static struct scatterlist *
 init_sg(struct smb_rqst *rqst, u8 *sign)
 {
-	unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages + 1;
-	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 24;
+	unsigned int sg_len = rqst->rq_nvec + rqst->rq_npages;
+	unsigned int assoc_data_len = sizeof(struct smb2_transform_hdr) - 20;
 	struct scatterlist *sg;
 	unsigned int i;
 	unsigned int j;
@@ -2184,10 +2186,10 @@  init_sg(struct smb_rqst *rqst, u8 *sign)
 		return NULL;
 
 	sg_init_table(sg, sg_len);
-	smb2_sg_set_buf(&sg[0], rqst->rq_iov[0].iov_base + 24, assoc_data_len);
-	for (i = 1; i < rqst->rq_nvec; i++)
-		smb2_sg_set_buf(&sg[i], rqst->rq_iov[i].iov_base,
-						rqst->rq_iov[i].iov_len);
+	smb2_sg_set_buf(&sg[0], rqst->rq_iov[1].iov_base + 20, assoc_data_len);
+	for (i = 1; i < rqst->rq_nvec - 1; i++)
+		smb2_sg_set_buf(&sg[i], rqst->rq_iov[i+1].iov_base,
+						rqst->rq_iov[i+1].iov_len);
 	for (j = 0; i < sg_len - 1; i++, j++) {
 		unsigned int len = (j < rqst->rq_npages - 1) ? rqst->rq_pagesz
 							: rqst->rq_tailsz;
@@ -2219,9 +2221,10 @@  smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 *key)
 }
 /*
  * Encrypt or decrypt @rqst message. @rqst has the following format:
- * iov[0] - transform header (associate data),
- * iov[1-N] and pages - data to encrypt.
- * On success return encrypted data in iov[1-N] and pages, leave iov[0]
+ * iov[0] - rfc1002 length
+ * iov[1] - transform header (associate data),
+ * iov[2-N] and pages - data to encrypt.
+ * On success return encrypted data in iov[2-N] and pages, leave iov[0-1]
  * untouched.
  */
 static int
@@ -2316,6 +2319,10 @@  crypt_message(struct TCP_Server_Info *server, struct smb_rqst *rqst, int enc)
 	return rc;
 }
 
+/*
+ * This is called from smb_send_rqst. At this point we have the rfc1002
+ * header as the first element in the vector.
+ */
 static int
 smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
 		       struct smb_rqst *old_rq)
@@ -2324,6 +2331,7 @@  smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
 	struct page **pages;
 	struct smb2_transform_hdr *tr_hdr;
 	unsigned int npages = old_rq->rq_npages;
+	unsigned int orig_len = get_rfc1002_length(old_rq->rq_iov[0].iov_base);
 	int i;
 	int rc = -ENOMEM;
 
@@ -2342,24 +2350,34 @@  smb3_init_transform_rq(struct TCP_Server_Info *server, struct smb_rqst *new_rq,
 			goto err_free_pages;
 	}
 
-	iov = kmalloc_array(old_rq->rq_nvec, sizeof(struct kvec), GFP_KERNEL);
+	/* Make space for one extra iov to hold the transform header */
+	iov = kmalloc_array(old_rq->rq_nvec + 1, sizeof(struct kvec),
+			    GFP_KERNEL);
 	if (!iov)
 		goto err_free_pages;
 
 	/* copy all iovs from the old except the 1st one (rfc1002 length) */
-	memcpy(&iov[1], &old_rq->rq_iov[1],
+	memcpy(&iov[2], &old_rq->rq_iov[1],
 				sizeof(struct kvec) * (old_rq->rq_nvec - 1));
+	/* copy the rfc1002 iov */
+	iov[0].iov_base = old_rq->rq_iov[0].iov_base;
+	iov[0].iov_len  = old_rq->rq_iov[0].iov_len;
+
 	new_rq->rq_iov = iov;
-	new_rq->rq_nvec = old_rq->rq_nvec;
+	new_rq->rq_nvec = old_rq->rq_nvec + 1;
 
 	tr_hdr = kmalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL);
 	if (!tr_hdr)
 		goto err_free_iov;
 
-	/* fill the 1st iov with a transform header */
-	fill_transform_hdr(server, tr_hdr, old_rq);
-	new_rq->rq_iov[0].iov_base = tr_hdr;
-	new_rq->rq_iov[0].iov_len = sizeof(struct smb2_transform_hdr);
+	/* fill the 2nd iov with a transform header */
+	fill_transform_hdr(tr_hdr, orig_len, old_rq);
+	new_rq->rq_iov[1].iov_base = tr_hdr;
+	new_rq->rq_iov[1].iov_len = sizeof(struct smb2_transform_hdr);
+
+	/* Update rfc1002 header */
+	inc_rfc1001_len(new_rq->rq_iov[0].iov_base,
+			sizeof(struct smb2_transform_hdr));
 
 	/* copy pages form the old */
 	for (i = 0; i < npages; i++) {
@@ -2399,7 +2417,7 @@  smb3_free_transform_rq(struct smb_rqst *rqst)
 		put_page(rqst->rq_pages[i]);
 	kfree(rqst->rq_pages);
 	/* free transform header */
-	kfree(rqst->rq_iov[0].iov_base);
+	kfree(rqst->rq_iov[1].iov_base);
 	kfree(rqst->rq_iov);
 }
 
@@ -2416,18 +2434,19 @@  decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
 		 unsigned int buf_data_size, struct page **pages,
 		 unsigned int npages, unsigned int page_data_size)
 {
-	struct kvec iov[2];
+	struct kvec iov[3];
 	struct smb_rqst rqst = {NULL};
-	struct smb2_hdr *hdr;
 	int rc;
 
-	iov[0].iov_base = buf;
-	iov[0].iov_len = sizeof(struct smb2_transform_hdr);
-	iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
-	iov[1].iov_len = buf_data_size;
+	iov[0].iov_base = NULL;
+	iov[0].iov_len = 0;
+	iov[1].iov_base = buf;
+	iov[1].iov_len = sizeof(struct smb2_transform_hdr);
+	iov[2].iov_base = buf + sizeof(struct smb2_transform_hdr);
+	iov[2].iov_len = buf_data_size;
 
 	rqst.rq_iov = iov;
-	rqst.rq_nvec = 2;
+	rqst.rq_nvec = 3;
 	rqst.rq_pages = pages;
 	rqst.rq_npages = npages;
 	rqst.rq_pagesz = PAGE_SIZE;
@@ -2439,10 +2458,9 @@  decrypt_raw_data(struct TCP_Server_Info *server, char *buf,
 	if (rc)
 		return rc;
 
-	memmove(buf + server->vals->header_preamble_size, iov[1].iov_base, buf_data_size);
-	hdr = (struct smb2_hdr *)buf;
-	hdr->smb2_buf_length = cpu_to_be32(buf_data_size + page_data_size);
-	server->total_read = buf_data_size + page_data_size + server->vals->header_preamble_size;
+	memmove(buf + server->vals->header_preamble_size, iov[2].iov_base, buf_data_size);
+
+	server->total_read = buf_data_size + page_data_size;
 
 	return rc;
 }
@@ -3196,8 +3214,8 @@  struct smb_version_values smb20_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3217,8 +3235,8 @@  struct smb_version_values smb21_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3238,8 +3256,8 @@  struct smb_version_values smb3any_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3259,8 +3277,8 @@  struct smb_version_values smbdefault_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3280,8 +3298,8 @@  struct smb_version_values smb30_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3301,8 +3319,8 @@  struct smb_version_values smb302_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
@@ -3323,8 +3341,8 @@  struct smb_version_values smb311_values = {
 	.exclusive_lock_type = SMB2_LOCKFLAG_EXCLUSIVE_LOCK,
 	.shared_lock_type = SMB2_LOCKFLAG_SHARED_LOCK,
 	.unlock_lock_type = SMB2_LOCKFLAG_UNLOCK,
-	.header_size = sizeof(struct smb2_hdr),
-	.header_preamble_size = 4,
+	.header_size = sizeof(struct smb2_sync_hdr),
+	.header_preamble_size = 0,
 	.max_header_size = MAX_SMB2_HDR_SIZE,
 	.read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
 	.lock_cmd = SMB2_LOCK,
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index fd9cc24b86a2..c5f24c71c10d 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -465,12 +465,12 @@  static int decode_encrypt_ctx(struct TCP_Server_Info *server,
 }
 
 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
-				     struct TCP_Server_Info *server)
+				     struct TCP_Server_Info *server,
+				     unsigned int len_of_smb)
 {
 	struct smb2_neg_context *pctx;
 	unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
 	unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
-	unsigned int len_of_smb = be32_to_cpu(rsp->hdr.smb2_buf_length);
 	unsigned int len_of_ctxts, i;
 	int rc = 0;
 
@@ -736,7 +736,8 @@  SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 #ifdef CONFIG_CIFS_SMB311
 	if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
 		if (rsp->NegotiateContextCount)
-			rc = smb311_decode_neg_context(rsp, server);
+			rc = smb311_decode_neg_context(rsp, server,
+						       rsp_iov.iov_len);
 		else
 			cifs_dbg(VFS, "Missing expected negotiate contexts\n");
 	}
@@ -2014,7 +2015,6 @@  SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 {
 	struct smb2_ioctl_req *req;
 	struct smb2_ioctl_rsp *rsp;
-	struct smb2_sync_hdr *shdr;
 	struct cifs_ses *ses;
 	struct kvec iov[2];
 	struct kvec rsp_iov;
@@ -2139,7 +2139,7 @@  SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 		goto ioctl_exit;
 	}
 
-	if (get_rfc1002_length(rsp) < le32_to_cpu(rsp->OutputOffset) + *plen) {
+	if (rsp_iov.iov_len < le32_to_cpu(rsp->OutputOffset) + *plen) {
 		cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
 			le32_to_cpu(rsp->OutputOffset));
 		*plen = 0;
@@ -2153,8 +2153,7 @@  SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
 		goto ioctl_exit;
 	}
 
-	shdr = get_sync_hdr(rsp);
-	memcpy(*out_data, (char *)shdr + le32_to_cpu(rsp->OutputOffset), *plen);
+	memcpy(*out_data, (char *)rsp + le32_to_cpu(rsp->OutputOffset), *plen);
 ioctl_exit:
 	free_rsp_buf(resp_buftype, rsp);
 	return rc;
@@ -2695,7 +2694,7 @@  smb2_readv_callback(struct mid_q_entry *mid)
 	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
 	struct TCP_Server_Info *server = tcon->ses->server;
 	struct smb2_sync_hdr *shdr =
-				(struct smb2_sync_hdr *)rdata->iov[1].iov_base;
+				(struct smb2_sync_hdr *)rdata->iov[0].iov_base;
 	unsigned int credits_received = 1;
 	struct smb_rqst rqst = { .rq_iov = rdata->iov,
 				 .rq_nvec = 2,
@@ -2847,7 +2846,6 @@  SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
 	int resp_buftype, rc = -EACCES;
 	struct smb2_read_plain_req *req = NULL;
 	struct smb2_read_rsp *rsp = NULL;
-	struct smb2_sync_hdr *shdr;
 	struct kvec iov[1];
 	struct kvec rsp_iov;
 	unsigned int total_len;
@@ -2894,10 +2892,8 @@  SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
 		*nbytes = 0;
 	}
 
-	shdr = get_sync_hdr(rsp);
-
 	if (*buf) {
-		memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes);
+		memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
 		free_rsp_buf(resp_buftype, rsp_iov.iov_base);
 	} else if (resp_buftype != CIFS_NO_BUFFER) {
 		*buf = rsp_iov.iov_base;
@@ -3339,10 +3335,9 @@  SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
 			cifs_buf_release(srch_inf->ntwrk_buf_start);
 	}
 	srch_inf->ntwrk_buf_start = (char *)rsp;
-	srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen */ +
-		(char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset);
-	/* 4 for rfc1002 length field */
-	end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr;
+	srch_inf->srch_entries_start = srch_inf->last_entry =
+		(char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
+	end_of_smb = rsp_iov.iov_len + (char *)rsp;
 	srch_inf->entries_in_buffer =
 			num_entries(srch_inf->srch_entries_start, end_of_smb,
 				    &srch_inf->last_entry, info_buf_size);
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 853e5a707276..6ef786519be8 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -123,9 +123,6 @@  struct smb2_sync_pdu {
 } __packed;
 
 struct smb2_hdr {
-	__be32 smb2_buf_length;	/* big endian on wire */
-				/* length is only two or three bytes - with */
-				/* one or two byte type preceding it that MBZ */
 	struct smb2_sync_hdr sync_hdr;
 } __packed;
 
@@ -138,9 +135,6 @@  struct smb2_pdu {
 #define SMB3_AES128GCM_NONCE 12
 
 struct smb2_transform_hdr {
-	__be32 smb2_buf_length;	/* big endian on wire */
-				/* length is only two or three bytes - with
-				 one or two byte type preceding it that MBZ */
 	__le32 ProtocolId;	/* 0xFD 'S' 'M' 'B' */
 	__u8   Signature[16];
 	__u8   Nonce[16];
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 8806f3f76c1d..2c671123a6bf 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -480,7 +480,7 @@  smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
 	unsigned int rc;
 	char server_response_sig[16];
 	struct smb2_sync_hdr *shdr =
-			(struct smb2_sync_hdr *)rqst->rq_iov[1].iov_base;
+			(struct smb2_sync_hdr *)rqst->rq_iov[0].iov_base;
 
 	if ((shdr->Command == SMB2_NEGOTIATE) ||
 	    (shdr->Command == SMB2_SESSION_SETUP) ||
@@ -605,14 +605,12 @@  smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
 		   bool log_error)
 {
 	unsigned int len = mid->resp_buf_size;
-	struct kvec iov[2];
+	struct kvec iov[1];
 	struct smb_rqst rqst = { .rq_iov = iov,
-				 .rq_nvec = 2 };
+				 .rq_nvec = 1 };
 
 	iov[0].iov_base = (char *)mid->resp_buf;
-	iov[0].iov_len = 4;
-	iov[1].iov_base = (char *)mid->resp_buf + 4;
-	iov[1].iov_len = len;
+	iov[0].iov_len = len;
 
 	dump_smb(mid->resp_buf, min_t(u32, 80, len));
 	/* convert the length into a more usable form */