From 3e3d673c75ab7b2084ef4d3a7c92e8f203d7862b Mon Sep 17 00:00:00 2001 From: Oliver Pinter Date: Sat, 29 Mar 2008 16:30:47 +0100 Subject: [PATCH] v2.6.22.21-op1-rc2 add file: patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 add file: patch-2.6.22.y/patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 Signed-off-by: Oliver Pinter --- patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 | 292 +++++++ .../patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 | 909 +++++++++++++++++++++ 2 files changed, 1201 insertions(+) create mode 100644 patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 create mode 100644 patch-2.6.22.y/patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 diff --git a/patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 b/patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 new file mode 100644 index 0000000..212a471 --- /dev/null +++ b/patch-2.6.22.y/chlog-v2.6.22.21-op1-rc2 @@ -0,0 +1,292 @@ +commit 5651fadddd81ecbab1e4fa33878cc8d0b1ddae6c +Author: Oliver Pinter +Date: Sat Mar 29 16:20:25 2008 +0100 + + v2.6.22.21-op1-rc2 + + Signed-off-by: Oliver Pinter + +commit 1ee0bb06edf100344d5b940f58439575863a6187 +Author: andrew.patterson@hp.com +Date: Sat Mar 29 16:18:53 2008 +0100 + + MCA when shutting down tulip quad-NIC + + Shutting down the network causes an MCA because of an IO TLB error when + a DEC quad 10/100 card is in any slot. This problem was originally seen + on an HP rx4640. + + Acked-by: Olaf Kirch + Signed-off-by: Oliver Pinter + + drivers/net/tulip/tulip_core.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit b362b7edb1a3b9ba69eecb0cbd95fd4c4ba96994 +Author: Joe Korty +Date: Wed Mar 5 15:04:59 2008 -0800 + + slab: NUMA slab allocator migration bugfix + + NUMA slab allocator cpu migration bugfix + + The NUMA slab allocator (specifically, cache_alloc_refill) + is not refreshing its local copies of what cpu and what + numa node it is on, when it drops and reacquires the irq + block that it inherited from its caller. As a result + those values become invalid if an attempt to migrate the + process to another numa node occured while the irq block + had been dropped. + + The solution is to make cache_alloc_refill reload these + variables whenever it drops and reacquires the irq block. + + The error is very difficult to hit. When it does occur, + one gets the following oops + stack traceback bits in + check_spinlock_acquired: + + kernel BUG at mm/slab.c:2417 + cache_alloc_refill+0xe6 + kmem_cache_alloc+0xd0 + ... + + This patch was developed against 2.6.23, ported to and + compiled-tested only against 2.6.25-rc4. + + Signed-off-by: Joe Korty + Signed-off-by: Christoph Lameter + Signed-off-by: Oliver Pinter + +commit 078288fc83e496c7965fa10b694353125c349ef7 +Author: NeilBrown +Date: Wed Feb 6 01:40:00 2008 -0800 + + md: fix an occasional deadlock in raid5 + + raid5's 'make_request' function calls generic_make_request on underlying + devices and if we run out of stripe heads, it could end up waiting for one of + those requests to complete. This is bad as recursive calls to + generic_make_request go on a queue and are not even attempted until + make_request completes. + + So: don't make any generic_make_request calls in raid5 make_request until all + waiting has been done. We do this by simply setting STRIPE_HANDLE instead of + calling handle_stripe(). + + If we need more stripe_heads, raid5d will get called to process the pending + stripe_heads which will call generic_make_request from a + + This change by itself causes a performance hit. So add a change so that + raid5_activate_delayed is only called at unplug time, never in raid5. This + seems to bring back the performance numbers. Calling it in raid5d was + sometimes too soon... + + Neil said: + + How about we queue it for 2.6.25-rc1 and then about when -rc2 comes out, + we queue it for 2.6.24.y? + + Acked-by: Dan Williams + Signed-off-by: Neil Brown + Tested-by: dean gaudet + Cc: + Signed-off-by: Andrew Morton + Signed-off-by: Linus Torvalds + Signed-off-by: Oliver Pinter + +commit 70a7cd1e8fbe736b854f39efd98528b7dfd64ee1 +Author: Suresh Jayaraman +Date: Sat Mar 29 16:18:51 2008 +0100 + + Fix sign mount option and sign proc config setting + + Patch mainline: 2.6.23-rc1 + + Backported the fix (2.6.23-rc1) from Steve French. The original patch removes + few commented functions (which are not required) as part of this fix, backport + also does the same to retain compatibility. + + We were checking the wrong (old) global variable to determine + whether to override server and force signing on the SMB + connection. + + Acked-by: Dave Kleikamp + Signed-off-by: Steve French + Signed-off-by: Suresh Jayaraman + Signed-off-by: Oliver Pinter + +commit 982b92285ec9f45e1658c95376f9e1a47ba47090 +Author: Steve French +Date: Tue Nov 13 22:41:37 2007 +0000 + + Fix buffer overflow if server sends corrupt response to small + + [CIFS] Fix buffer overflow if server sends corrupt response to small + request + + In SendReceive() function in transport.c - it memcpy's + message payload into a buffer passed via out_buf param. The function + assumes that all buffers are of size (CIFSMaxBufSize + + MAX_CIFS_HDR_SIZE) , unfortunately it is also called with smaller + (MAX_CIFS_SMALL_BUFFER_SIZE) buffers. There are eight callers + (SMB worker functions) which are primarily affected by this change: + + TreeDisconnect, uLogoff, Close, findClose, SetFileSize, SetFileTimes, + Lock and PosixLock + + CC: Dave Kleikamp + CC: Przemyslaw Wegrzyn + Acked-by: Jeff Layton + Signed-off-by: Steve French + Acked-by: Jeff Mahoney + Signed-off-by: Oliver Pinter + +commit 54ddb8eee828607fb70a553b9473fe671fc2c87e +Author: Oliver Pinter +Date: Tue Feb 26 17:06:12 2008 +0100 + + linux v2.6.22.20-op1-rc1 + + Signed-off-by: Oliver Pinter + +commit dbd68c840f69fe6721fb609d0eb8a5d548e76a99 +Author: Kurt Garloff +Date: Mon Feb 18 21:16:27 2008 +0100 + + make (low) swappiness safer to use + + The patch titled + make swappiness safer to use + has been added to the -mm tree. Its filename is + make-swappiness-safer-to-use.patch + + See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find + out what to do about this + + #Subject: make swappiness safer to use + #From: Andrea Arcangeli + + Swappiness isn't a safe sysctl. Setting it to 0 for example can hang a + system. That's a corner case but even setting it to 10 or lower can waste + enormous amounts of cpu without making much progress. We've customers who + wants to use swappiness but they can't because of the current + implementation (if you change it so the system stops swapping it really + stops swapping and nothing works sane anymore if you really had to swap + something to make progress). + + This patch from Kurt Garloff makes swappiness safer to use (no more huge + cpu usage or hangs with low swappiness values). + + I think the prev_priority can also be nuked since it wastes 4 bytes per + zone (that would be an incremental patch but I wait the nr_scan_[in]active + to be nuked first for similar reasons). Clearly somebody at some point + noticed how broken that thing was and they had to add min(priority, + prev_priority) to give it some reliability, but they didn't go the last + mile to nuke prev_priority too. Calculating distress only in function of + not-racy priority is correct and sure more than enough without having to + add randomness into the equation. + + Patch is tested on older kernels but it compiles and it's quite simple + so... + + Overall I'm not very satisified by the swappiness tweak, since it doesn't + rally do anything with the dirty pagecache that may be inactive. We need + another kind of tweak that controls the inactive scan and tunes the + can_writepage feature (not yet in mainline despite having submitted it a + few times), not only the active one. That new tweak will tell the kernel + how hard to scan the inactive list for pure clean pagecache (something the + mainline kernel isn't capable of yet). We already have that feature + working in all our enterprise kernels with the default reasonable tune, or + they can't even run a readonly backup with tar without triggering huge + write I/O. I think it should be available also in mainline later. + + Cc: Nick Piggin + Signed-off-by: Kurt Garloff + Signed-off-by: Andrea Arcangeli + Signed-off-by: Fengguang Wu + Signed-off-by: Andrew Morton + Signed-off-by: Oliver Pinter + +commit eef55466b00265cfe843ae58edd608a29ad0fc5e +Author: David Howells +Date: Thu Feb 21 16:12:45 2008 +0000 + + MM: Fix macro argument substitution in PageHead() and PageTail() + + Fix macro argument substitution in PageHead() and PageTail() - 'page' should + have brackets surrounding it (commit 6d7779538f765963ced45a3fa4bed7ba8d2c277d). + + Signed-off-by: David Howells + Signed-off-by: Linus Torvalds + Signed-off-by: Oliver Pinter + +commit 2cd082a9a5860afa64b032fc6df230e25d913289 +Author: Thomas Gleixner +Date: Wed Feb 20 00:29:02 2008 +0100 + + genirq: do not leave interupts enabled on free_irq + + commit 89d694b9dbe769ca1004e01db0ca43964806a611 + + The default_disable() function was changed in commit: + + 76d2160147f43f982dfe881404cfde9fd0a9da21 + genirq: do not mask interrupts by default + + It removed the mask function in favour of the default delayed + interrupt disabling. Unfortunately this also broke the shutdown in + free_irq() when the last handler is removed from the interrupt for + those architectures which rely on the default implementations. Now we + can end up with a enabled interrupt line after the last handler was + removed, which can result in spurious interrupts. + + Fix this by adding a default_shutdown function, which is only + installed, when the irqchip implementation does provide neither a + shutdown nor a disable function. + + Pointed-out-by: Michael Hennerich + Signed-off-by: Thomas Gleixner + Acked-by: Ingo Molnar + Tested-by: Michael Hennerich + Signed-off-by: Greg Kroah-Hartman + Signed-off-by: Oliver Pinter + +commit c3bec7bc563415560734d190f33083716bb1cb68 +Author: Ingo Molnar +Date: Fri Feb 15 20:58:22 2008 +0100 + + x86_64: CPA, fix cache attribute inconsistency bug, v2.6.22 backport + + fix CPA cache attribute bug in v2.6.2[234]. When phys_base is nonzero + (when CONFIG_RELOCATABLE=y) then change_page_attr_addr() miscalculates + the secondary alias address by -14 MB (depending on the configured + offset). + + The default 64-bit kernels of Fedora and Ubuntu are affected: + + $ grep RELOCA /boot/config-2.6.23.9-85.fc8 + CONFIG_RELOCATABLE=y + + $ grep RELOC /boot/config-2.6.22-14-generic + CONFIG_RELOCATABLE=y + + and probably on many other distros as well. + + the bug affects all pages in the first 40 MB of physical RAM that + are allocated by some subsystem that does ioremap_nocache() on them: + + if (__pa(address) < KERNEL_TEXT_SIZE) { + + Hence we might leave page table entries with inconsistent cache + attributes around (pages mapped at both UnCacheable and Write-Back), + and we can also set the wrong kernel text pages to UnCacheable. + + the effects of this bug can be random slowdowns and other misbehavior. + If for example AGP allocates its aperture pages into the first 40 MB + of physical RAM, then the -14 MB bug might mark random kernel texto + pages as uncacheable, slowing down a random portion of the 64-bit + kernel until the AGP driver is unloaded. + + Signed-off-by: Ingo Molnar + Acked-by: Thomas Gleixner + Signed-off-by: Oliver Pinter diff --git a/patch-2.6.22.y/patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 b/patch-2.6.22.y/patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 new file mode 100644 index 0000000..bb44aa4 --- /dev/null +++ b/patch-2.6.22.y/patch-v2.6.22.20-op1-v2.6.22.21-op1-rc2 @@ -0,0 +1,909 @@ +diff --git a/Makefile b/Makefile +index 4fdef51..1083af5 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + VERSION = 2 + PATCHLEVEL = 6 + SUBLEVEL = 22 +-EXTRAVERSION = .20-op1 ++EXTRAVERSION = .21-op1-rc2 + NAME = Holy Dancing Manatees, Batman! + + # *DOCUMENTATION* +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index 061375e..81ed88f 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -2525,7 +2525,8 @@ static void raid5_activate_delayed(raid5_conf_t *conf) + atomic_inc(&conf->preread_active_stripes); + list_add_tail(&sh->lru, &conf->handle_list); + } +- } ++ } else ++ blk_plug_device(conf->mddev->queue); + } + + static void activate_bit_delay(raid5_conf_t *conf) +@@ -2949,7 +2950,8 @@ static int make_request(request_queue_t *q, struct bio * bi) + goto retry; + } + finish_wait(&conf->wait_for_overlap, &w); +- handle_stripe(sh, NULL); ++ set_bit(STRIPE_HANDLE, &sh->state); ++ clear_bit(STRIPE_DELAYED, &sh->state); + release_stripe(sh); + } else { + /* cannot get stripe for read-ahead, just give-up */ +@@ -3267,7 +3269,7 @@ static int retry_aligned_read(raid5_conf_t *conf, struct bio *raid_bio) + * During the scan, completed stripes are saved for us by the interrupt + * handler, so that they will not have to wait for our next wakeup. + */ +-static void raid5d (mddev_t *mddev) ++static void raid5d(mddev_t *mddev) + { + struct stripe_head *sh; + raid5_conf_t *conf = mddev_to_conf(mddev); +@@ -3292,12 +3294,6 @@ static void raid5d (mddev_t *mddev) + activate_bit_delay(conf); + } + +- if (list_empty(&conf->handle_list) && +- atomic_read(&conf->preread_active_stripes) < IO_THRESHOLD && +- !blk_queue_plugged(mddev->queue) && +- !list_empty(&conf->delayed_list)) +- raid5_activate_delayed(conf); +- + while ((bio = remove_bio_from_retry(conf))) { + int ok; + spin_unlock_irq(&conf->device_lock); +diff --git a/drivers/net/tulip/tulip_core.c b/drivers/net/tulip/tulip_core.c +index 041af63..4df0284 100644 +--- a/drivers/net/tulip/tulip_core.c ++++ b/drivers/net/tulip/tulip_core.c +@@ -1794,6 +1794,10 @@ static void __devexit tulip_remove_one (struct pci_dev *pdev) + return; + + tp = netdev_priv(dev); ++ ++ /* shoot NIC in the head before deallocating descriptors */ ++ pci_disable_device(tp->pdev); ++ + unregister_netdev(dev); + pci_free_consistent (pdev, + sizeof (struct tulip_rx_desc) * RX_RING_SIZE + +diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c +index 07838b2..d05c108 100644 +--- a/fs/cifs/cifs_debug.c ++++ b/fs/cifs/cifs_debug.c +@@ -901,90 +901,14 @@ security_flags_write(struct file *file, const char __user *buffer, + } + /* flags look ok - update the global security flags for cifs module */ + extended_security = flags; ++ if (extended_security & CIFSSEC_MUST_SIGN) { ++ /* requiring signing implies signing is allowed */ ++ extended_security |= CIFSSEC_MAY_SIGN; ++ cFYI(1, ("packet signing now required")); ++ } else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) { ++ cFYI(1, ("packet signing disabled")); ++ } ++ /* BB should we turn on MAY flags for other MUST options? */ + return count; + } +- +-/* static int +-ntlmv2_enabled_read(char *page, char **start, off_t off, +- int count, int *eof, void *data) +-{ +- int len; +- +- len = sprintf(page, "%d\n", ntlmv2_support); +- +- len -= off; +- *start = page + off; +- +- if (len > count) +- len = count; +- else +- *eof = 1; +- +- if (len < 0) +- len = 0; +- +- return len; +-} +-static int +-ntlmv2_enabled_write(struct file *file, const char __user *buffer, +- unsigned long count, void *data) +-{ +- char c; +- int rc; +- +- rc = get_user(c, buffer); +- if (rc) +- return rc; +- if (c == '0' || c == 'n' || c == 'N') +- ntlmv2_support = 0; +- else if (c == '1' || c == 'y' || c == 'Y') +- ntlmv2_support = 1; +- else if (c == '2') +- ntlmv2_support = 2; +- +- return count; +-} +- +-static int +-packet_signing_enabled_read(char *page, char **start, off_t off, +- int count, int *eof, void *data) +-{ +- int len; +- +- len = sprintf(page, "%d\n", sign_CIFS_PDUs); +- +- len -= off; +- *start = page + off; +- +- if (len > count) +- len = count; +- else +- *eof = 1; +- +- if (len < 0) +- len = 0; +- +- return len; +-} +-static int +-packet_signing_enabled_write(struct file *file, const char __user *buffer, +- unsigned long count, void *data) +-{ +- char c; +- int rc; +- +- rc = get_user(c, buffer); +- if (rc) +- return rc; +- if (c == '0' || c == 'n' || c == 'N') +- sign_CIFS_PDUs = 0; +- else if (c == '1' || c == 'y' || c == 'Y') +- sign_CIFS_PDUs = 1; +- else if (c == '2') +- sign_CIFS_PDUs = 2; +- +- return count; +-} */ +- +- + #endif +diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h +index 23655de..5d6f120 100644 +--- a/fs/cifs/cifsglob.h ++++ b/fs/cifs/cifsglob.h +@@ -442,6 +442,17 @@ struct dir_notify_req { + #define CIFS_LARGE_BUFFER 2 + #define CIFS_IOVEC 4 /* array of response buffers */ + ++/* Type of Request to SendReceive2 */ ++#define CIFS_STD_OP 0 /* normal request timeout */ ++#define CIFS_LONG_OP 1 /* long op (up to 45 sec, oplock time) */ ++#define CIFS_VLONG_OP 2 /* sloow op - can take up to 180 seconds */ ++#define CIFS_BLOCKING_OP 4 /* operation can block */ ++#define CIFS_ASYNC_OP 8 /* do not wait for response */ ++#define CIFS_TIMEOUT_MASK 0x00F /* only one of 5 above set in req */ ++#define CIFS_LOG_ERROR 0x010 /* log NT STATUS if non-zero */ ++#define CIFS_LARGE_BUF_OP 0x020 /* large request buffer */ ++#define CIFS_NO_RESP 0x040 /* no response buffer required */ ++ + /* Security Flags: indicate type of session setup needed */ + #define CIFSSEC_MAY_SIGN 0x00001 + #define CIFSSEC_MAY_NTLM 0x00002 +diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h +index 5d163e2..f324ccc 100644 +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -48,9 +48,11 @@ extern int SendReceive(const unsigned int /* xid */ , struct cifsSesInfo *, + struct smb_hdr * /* input */ , + struct smb_hdr * /* out */ , + int * /* bytes returned */ , const int long_op); ++extern int SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses, ++ struct smb_hdr *in_buf, int flags); + extern int SendReceive2(const unsigned int /* xid */ , struct cifsSesInfo *, + struct kvec *, int /* nvec to send */, +- int * /* type of buf returned */ , const int long_op); ++ int * /* type of buf returned */ , const int flags); + extern int SendReceiveBlockingLock(const unsigned int /* xid */ , + struct cifsTconInfo *, + struct smb_hdr * /* input */ , +diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c +index 57419a1..db8d110 100644 +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -426,11 +426,11 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) + + /* if any of auth flags (ie not sign or seal) are overriden use them */ + if(ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) +- secFlags = ses->overrideSecFlg; ++ secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */ + else /* if override flags set only sign/seal OR them with global auth */ + secFlags = extended_security | ses->overrideSecFlg; + +- cFYI(1,("secFlags 0x%x",secFlags)); ++ cFYI(1, ("secFlags 0x%x", secFlags)); + + pSMB->hdr.Mid = GetNextMid(server); + pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS); +@@ -633,22 +633,32 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) + #ifdef CONFIG_CIFS_WEAK_PW_HASH + signing_check: + #endif +- if(sign_CIFS_PDUs == FALSE) { ++ if ((secFlags & CIFSSEC_MAY_SIGN) == 0) { ++ /* MUST_SIGN already includes the MAY_SIGN FLAG ++ so if this is zero it means that signing is disabled */ ++ cFYI(1, ("Signing disabled")); + if(server->secMode & SECMODE_SIGN_REQUIRED) +- cERROR(1,("Server requires " +- "/proc/fs/cifs/PacketSigningEnabled to be on")); ++ cERROR(1, ("Server requires " ++ "/proc/fs/cifs/PacketSigningEnabled " ++ "to be on")); + server->secMode &= + ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); +- } else if(sign_CIFS_PDUs == 1) { ++ } else if ((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) { ++ /* signing required */ ++ cFYI(1, ("Must sign - secFlags 0x%x", secFlags)); ++ if((server->secMode & ++ (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) { ++ cERROR(1, ++ ("signing required but server lacks support")); ++ } else ++ server->secMode |= SECMODE_SIGN_REQUIRED; ++ } else { ++ /* signing optional ie CIFSSEC_MAY_SIGN */ + if((server->secMode & SECMODE_SIGN_REQUIRED) == 0) +- server->secMode &= ++ server->secMode &= + ~(SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED); +- } else if(sign_CIFS_PDUs == 2) { +- if((server->secMode & +- (SECMODE_SIGN_ENABLED | SECMODE_SIGN_REQUIRED)) == 0) { +- cERROR(1,("signing required but server lacks support")); +- } + } ++ + neg_err_exit: + cifs_buf_release(pSMB); + +@@ -660,9 +670,7 @@ int + CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon) + { + struct smb_hdr *smb_buffer; +- struct smb_hdr *smb_buffer_response; /* BB removeme BB */ + int rc = 0; +- int length; + + cFYI(1, ("In tree disconnect")); + /* +@@ -699,16 +707,12 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon) + if (rc) { + up(&tcon->tconSem); + return rc; +- } else { +- smb_buffer_response = smb_buffer; /* BB removeme BB */ + } +- rc = SendReceive(xid, tcon->ses, smb_buffer, smb_buffer_response, +- &length, 0); ++ ++ rc = SendReceiveNoRsp(xid, tcon->ses, smb_buffer, 0); + if (rc) + cFYI(1, ("Tree disconnect failed %d", rc)); + +- if (smb_buffer) +- cifs_small_buf_release(smb_buffer); + up(&tcon->tconSem); + + /* No need to return error on this operation if tid invalidated and +@@ -722,10 +726,8 @@ CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon) + int + CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses) + { +- struct smb_hdr *smb_buffer_response; + LOGOFF_ANDX_REQ *pSMB; + int rc = 0; +- int length; + + cFYI(1, ("In SMBLogoff for session disconnect")); + if (ses) +@@ -744,8 +746,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses) + return rc; + } + +- smb_buffer_response = (struct smb_hdr *)pSMB; /* BB removeme BB */ +- + if(ses->server) { + pSMB->hdr.Mid = GetNextMid(ses->server); + +@@ -757,8 +757,7 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses) + pSMB->hdr.Uid = ses->Suid; + + pSMB->AndXCommand = 0xFF; +- rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB, +- smb_buffer_response, &length, 0); ++ rc = SendReceiveNoRsp(xid, ses, (struct smb_hdr *) pSMB, 0); + if (ses->server) { + atomic_dec(&ses->server->socketUseCount); + if (atomic_read(&ses->server->socketUseCount) == 0) { +@@ -769,7 +768,6 @@ CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses) + } + } + up(&ses->sesSem); +- cifs_small_buf_release(pSMB); + + /* if session dead then we do not need to do ulogoff, + since server closed smb session, no sense reporting +@@ -1143,7 +1141,7 @@ OldOpenRetry: + pSMB->ByteCount = cpu_to_le16(count); + /* long_op set to 1 to allow for oplock break timeouts */ + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 1); ++ (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP); + cifs_stats_inc(&tcon->num_opens); + if (rc) { + cFYI(1, ("Error in Open = %d", rc)); +@@ -1257,7 +1255,7 @@ openRetry: + pSMB->ByteCount = cpu_to_le16(count); + /* long_op set to 1 to allow for oplock break timeouts */ + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 1); ++ (struct smb_hdr *)pSMBr, &bytes_returned, CIFS_LONG_OP); + cifs_stats_inc(&tcon->num_opens); + if (rc) { + cFYI(1, ("Error in Open = %d", rc)); +@@ -1337,7 +1335,7 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon, + iov[0].iov_len = pSMB->hdr.smb_buf_length + 4; + rc = SendReceive2(xid, tcon->ses, iov, + 1 /* num iovecs */, +- &resp_buf_type, 0); ++ &resp_buf_type, CIFS_STD_OP | CIFS_LOG_ERROR); + cifs_stats_inc(&tcon->num_reads); + pSMBr = (READ_RSP *)iov[0].iov_base; + if (rc) { +@@ -1596,7 +1594,7 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon, + int timeout = 0; + __u16 count; + +- cFYI(1, ("In CIFSSMBLock - timeout %d numLock %d",waitFlag,numLock)); ++ cFYI(1, ("CIFSSMBLock timeout %d numLock %d", waitFlag, numLock)); + rc = small_smb_init(SMB_COM_LOCKING_ANDX, 8, tcon, (void **) &pSMB); + + if (rc) +@@ -1605,10 +1603,10 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon, + pSMBr = (LOCK_RSP *)pSMB; /* BB removeme BB */ + + if(lockType == LOCKING_ANDX_OPLOCK_RELEASE) { +- timeout = -1; /* no response expected */ ++ timeout = CIFS_ASYNC_OP; /* no response expected */ + pSMB->Timeout = 0; + } else if (waitFlag == TRUE) { +- timeout = 3; /* blocking operation, no timeout */ ++ timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */ + pSMB->Timeout = cpu_to_le32(-1);/* blocking - do not time out */ + } else { + pSMB->Timeout = 0; +@@ -1638,15 +1636,16 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon, + if (waitFlag) { + rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, + (struct smb_hdr *) pSMBr, &bytes_returned); ++ cifs_small_buf_release(pSMB); + } else { +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, timeout); ++ rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *)pSMB, ++ timeout); ++ /* SMB buffer freed by function above */ + } + cifs_stats_inc(&tcon->num_locks); + if (rc) { + cFYI(1, ("Send error in Lock = %d", rc)); + } +- cifs_small_buf_release(pSMB); + + /* Note: On -EAGAIN error only caller can retry on handle based calls + since file handle passed in no longer valid */ +@@ -1666,7 +1665,9 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, + int rc = 0; + int timeout = 0; + int bytes_returned = 0; ++ int resp_buf_type = 0; + __u16 params, param_offset, offset, byte_count, count; ++ struct kvec iov[1]; + + cFYI(1, ("Posix Lock")); + +@@ -1710,7 +1711,7 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, + + parm_data->lock_type = cpu_to_le16(lock_type); + if(waitFlag) { +- timeout = 3; /* blocking operation, no timeout */ ++ timeout = CIFS_BLOCKING_OP; /* blocking operation, no timeout */ + parm_data->lock_flags = cpu_to_le16(1); + pSMB->Timeout = cpu_to_le32(-1); + } else +@@ -1730,8 +1731,13 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, + rc = SendReceiveBlockingLock(xid, tcon, (struct smb_hdr *) pSMB, + (struct smb_hdr *) pSMBr, &bytes_returned); + } else { +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, timeout); ++ iov[0].iov_base = (char *)pSMB; ++ iov[0].iov_len = pSMB->hdr.smb_buf_length + 4; ++ rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */, ++ &resp_buf_type, timeout); ++ pSMB = NULL; /* request buf already freed by SendReceive2. Do ++ not try to free it twice below on exit */ ++ pSMBr = (struct smb_com_transaction2_sfi_rsp *)iov[0].iov_base; + } + + if (rc) { +@@ -1766,6 +1772,11 @@ plk_err_exit: + if (pSMB) + cifs_small_buf_release(pSMB); + ++ if (resp_buf_type == CIFS_SMALL_BUFFER) ++ cifs_small_buf_release(iov[0].iov_base); ++ else if (resp_buf_type == CIFS_LARGE_BUFFER) ++ cifs_buf_release(iov[0].iov_base); ++ + /* Note: On -EAGAIN error only caller can retry on handle based calls + since file handle passed in no longer valid */ + +@@ -1778,8 +1789,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id) + { + int rc = 0; + CLOSE_REQ *pSMB = NULL; +- CLOSE_RSP *pSMBr = NULL; +- int bytes_returned; + cFYI(1, ("In CIFSSMBClose")); + + /* do not retry on dead session on close */ +@@ -1789,13 +1798,10 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id) + if (rc) + return rc; + +- pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */ +- + pSMB->FileID = (__u16) smb_file_id; + pSMB->LastWriteTime = 0xFFFFFFFF; + pSMB->ByteCount = 0; +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 0); ++ rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0); + cifs_stats_inc(&tcon->num_closes); + if (rc) { + if(rc!=-EINTR) { +@@ -1804,8 +1810,6 @@ CIFSSMBClose(const int xid, struct cifsTconInfo *tcon, int smb_file_id) + } + } + +- cifs_small_buf_release(pSMB); +- + /* Since session is dead, file will be closed on server already */ + if(rc == -EAGAIN) + rc = 0; +@@ -2989,7 +2993,8 @@ CIFSSMBGetCIFSACL(const int xid, struct cifsTconInfo *tcon, __u16 fid, + iov[0].iov_base = (char *)pSMB; + iov[0].iov_len = pSMB->hdr.smb_buf_length + 4; + +- rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, 0); ++ rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovec */, &buf_type, ++ CIFS_STD_OP); + cifs_stats_inc(&tcon->num_acl_get); + if (rc) { + cFYI(1, ("Send error in QuerySecDesc = %d", rc)); +@@ -3634,8 +3639,6 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle + { + int rc = 0; + FINDCLOSE_REQ *pSMB = NULL; +- CLOSE_RSP *pSMBr = NULL; /* BB removeme BB */ +- int bytes_returned; + + cFYI(1, ("In CIFSSMBFindClose")); + rc = small_smb_init(SMB_COM_FIND_CLOSE2, 1, tcon, (void **)&pSMB); +@@ -3647,16 +3650,13 @@ CIFSFindClose(const int xid, struct cifsTconInfo *tcon, const __u16 searchHandle + if (rc) + return rc; + +- pSMBr = (CLOSE_RSP *)pSMB; /* BB removeme BB */ + pSMB->FileID = searchHandle; + pSMB->ByteCount = 0; +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 0); ++ rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0); + if (rc) { + cERROR(1, ("Send error in FindClose = %d", rc)); + } + cifs_stats_inc(&tcon->num_fclose); +- cifs_small_buf_release(pSMB); + + /* Since session is dead, search handle closed on server already */ + if (rc == -EAGAIN) +@@ -4571,11 +4571,9 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size, + __u16 fid, __u32 pid_of_opener, int SetAllocation) + { + struct smb_com_transaction2_sfi_req *pSMB = NULL; +- struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; + char *data_offset; + struct file_end_of_file_info *parm_data; + int rc = 0; +- int bytes_returned = 0; + __u16 params, param_offset, offset, byte_count, count; + + cFYI(1, ("SetFileSize (via SetFileInfo) %lld", +@@ -4585,8 +4583,6 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size, + if (rc) + return rc; + +- pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB; +- + pSMB->hdr.Pid = cpu_to_le16((__u16)pid_of_opener); + pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid_of_opener >> 16)); + +@@ -4637,17 +4633,13 @@ CIFSSMBSetFileSize(const int xid, struct cifsTconInfo *tcon, __u64 size, + pSMB->Reserved4 = 0; + pSMB->hdr.smb_buf_length += byte_count; + pSMB->ByteCount = cpu_to_le16(byte_count); +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 0); ++ rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0); + if (rc) { + cFYI(1, + ("Send error in SetFileInfo (SetFileSize) = %d", + rc)); + } + +- if (pSMB) +- cifs_small_buf_release(pSMB); +- + /* Note: On -EAGAIN error only caller can retry on handle based calls + since file handle passed in no longer valid */ + +@@ -4665,10 +4657,8 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I + __u16 fid) + { + struct smb_com_transaction2_sfi_req *pSMB = NULL; +- struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; + char *data_offset; + int rc = 0; +- int bytes_returned = 0; + __u16 params, param_offset, offset, byte_count, count; + + cFYI(1, ("Set Times (via SetFileInfo)")); +@@ -4677,8 +4667,6 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I + if (rc) + return rc; + +- pSMBr = (struct smb_com_transaction2_sfi_rsp *)pSMB; +- + /* At this point there is no need to override the current pid + with the pid of the opener, but that could change if we someday + use an existing handle (rather than opening one on the fly) */ +@@ -4718,14 +4706,11 @@ CIFSSMBSetFileTimes(const int xid, struct cifsTconInfo *tcon, const FILE_BASIC_I + pSMB->hdr.smb_buf_length += byte_count; + pSMB->ByteCount = cpu_to_le16(byte_count); + memcpy(data_offset,data,sizeof(FILE_BASIC_INFO)); +- rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, 0); ++ rc = SendReceiveNoRsp(xid, tcon->ses, (struct smb_hdr *) pSMB, 0); + if (rc) { + cFYI(1,("Send error in Set Time (SetFileInfo) = %d",rc)); + } + +- cifs_small_buf_release(pSMB); +- + /* Note: On -EAGAIN error only caller can retry on handle based calls + since file handle passed in no longer valid */ + +@@ -5016,7 +5001,8 @@ int CIFSSMBNotify(const int xid, struct cifsTconInfo *tcon, + pSMB->ByteCount = 0; + + rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB, +- (struct smb_hdr *) pSMBr, &bytes_returned, -1); ++ (struct smb_hdr *)pSMBr, &bytes_returned, ++ CIFS_ASYNC_OP); + if (rc) { + cFYI(1, ("Error in Notify = %d", rc)); + } else { +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index f4e9266..8579c9e 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2273,7 +2273,7 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses, + pSMB->req_no_secext.ByteCount = cpu_to_le16(count); + + rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, +- &bytes_returned, 1); ++ &bytes_returned, CIFS_LONG_OP); + if (rc) { + /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */ + } else if ((smb_buffer_response->WordCount == 3) +@@ -2559,7 +2559,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, + pSMB->req.ByteCount = cpu_to_le16(count); + + rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, +- &bytes_returned, 1); ++ &bytes_returned, CIFS_LONG_OP); + + if (smb_buffer_response->Status.CifsError == + cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED)) +@@ -2985,7 +2985,7 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, + pSMB->req.ByteCount = cpu_to_le16(count); + + rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, +- &bytes_returned, 1); ++ &bytes_returned, CIFS_LONG_OP); + if (rc) { + /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */ + } else if ((smb_buffer_response->WordCount == 3) +@@ -3256,7 +3256,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, + pSMB->hdr.smb_buf_length += count; + pSMB->ByteCount = cpu_to_le16(count); + +- rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0); ++ rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, ++ CIFS_STD_OP); + + /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */ + /* above now done in SendReceive */ +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index 94d5b49..a2c9e7a 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -809,9 +809,9 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data, + xid = GetXid(); + + if (*poffset > file->f_path.dentry->d_inode->i_size) +- long_op = 2; /* writes past end of file can take a long time */ ++ long_op = CIFS_VLONG_OP; /* writes past EOF take long time */ + else +- long_op = 1; ++ long_op = CIFS_LONG_OP; + + for (total_written = 0; write_size > total_written; + total_written += bytes_written) { +@@ -858,7 +858,7 @@ ssize_t cifs_user_write(struct file *file, const char __user *write_data, + } + } else + *poffset += bytes_written; +- long_op = FALSE; /* subsequent writes fast - ++ long_op = CIFS_STD_OP; /* subsequent writes fast - + 15 seconds is plenty */ + } + +@@ -908,9 +908,9 @@ static ssize_t cifs_write(struct file *file, const char *write_data, + xid = GetXid(); + + if (*poffset > file->f_path.dentry->d_inode->i_size) +- long_op = 2; /* writes past end of file can take a long time */ ++ long_op = CIFS_VLONG_OP; /* writes past EOF can be slow */ + else +- long_op = 1; ++ long_op = CIFS_LONG_OP; + + for (total_written = 0; write_size > total_written; + total_written += bytes_written) { +@@ -976,7 +976,7 @@ static ssize_t cifs_write(struct file *file, const char *write_data, + } + } else + *poffset += bytes_written; +- long_op = FALSE; /* subsequent writes fast - ++ long_op = CIFS_STD_OP; /* subsequent writes fast - + 15 seconds is plenty */ + } + +@@ -1276,7 +1276,7 @@ retry: + open_file->netfid, + bytes_to_write, offset, + &bytes_written, iov, n_iov, +- 1); ++ CIFS_LONG_OP); + atomic_dec(&open_file->wrtPending); + if (rc || bytes_written < bytes_to_write) { + cERROR(1,("Write2 ret %d, written = %d", +diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c +index 7584646..9834895 100644 +--- a/fs/cifs/sess.c ++++ b/fs/cifs/sess.c +@@ -489,7 +489,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, + + iov[1].iov_base = str_area; + iov[1].iov_len = count; +- rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type, 0); ++ rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type, ++ CIFS_STD_OP /* not long */ | CIFS_LOG_ERROR); + /* SMB request buf freed in SendReceive2 */ + + cFYI(1,("ssetup rc from sendrecv2 is %d",rc)); +diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c +index 5f46845..473962f 100644 +--- a/fs/cifs/transport.c ++++ b/fs/cifs/transport.c +@@ -308,7 +308,7 @@ smb_send2(struct socket *ssocket, struct kvec *iov, int n_vec, + + static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op) + { +- if(long_op == -1) { ++ if (long_op == CIFS_ASYNC_OP) { + /* oplock breaks must not be held up */ + atomic_inc(&ses->server->inFlight); + } else { +@@ -337,7 +337,7 @@ static int wait_for_free_request(struct cifsSesInfo *ses, const int long_op) + they are allowed to block on server */ + + /* update # of requests on the wire to server */ +- if (long_op < 3) ++ if (long_op != CIFS_BLOCKING_OP) + atomic_inc(&ses->server->inFlight); + spin_unlock(&GlobalMid_Lock); + break; +@@ -416,17 +416,48 @@ static int wait_for_response(struct cifsSesInfo *ses, + } + } + ++ ++/* ++ * ++ * Send an SMB Request. No response info (other than return code) ++ * needs to be parsed. ++ * ++ * flags indicate the type of request buffer and how long to wait ++ * and whether to log NT STATUS code (error) before mapping it to POSIX error ++ * ++ */ ++int ++SendReceiveNoRsp(const unsigned int xid, struct cifsSesInfo *ses, ++ struct smb_hdr *in_buf, int flags) ++{ ++ int rc; ++ struct kvec iov[1]; ++ int resp_buf_type; ++ ++ iov[0].iov_base = (char *)in_buf; ++ iov[0].iov_len = in_buf->smb_buf_length + 4; ++ flags |= CIFS_NO_RESP; ++ rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags); ++#ifdef CONFIG_CIFS_DEBUG2 ++ cFYI(1, ("SendRcvNoR flags %d rc %d", flags, rc)); ++#endif ++ return rc; ++} ++ + int + SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, + struct kvec *iov, int n_vec, int * pRespBufType /* ret */, +- const int long_op) ++ const int flags) + { + int rc = 0; ++ int long_op; + unsigned int receive_len; + unsigned long timeout; + struct mid_q_entry *midQ; + struct smb_hdr *in_buf = iov[0].iov_base; + ++ long_op = flags & CIFS_TIMEOUT_MASK; ++ + *pRespBufType = CIFS_NO_BUFFER; /* no response buf yet */ + + if ((ses == NULL) || (ses->server == NULL)) { +@@ -485,15 +516,22 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, + if(rc < 0) + goto out; + +- if (long_op == -1) +- goto out; +- else if (long_op == 2) /* writes past end of file can take loong time */ ++ if (long_op == CIFS_STD_OP) ++ timeout = 15 * HZ; ++ else if (long_op == CIFS_VLONG_OP) /* e.g. slow writes past EOF */ + timeout = 180 * HZ; +- else if (long_op == 1) ++ else if (long_op == CIFS_LONG_OP) + timeout = 45 * HZ; /* should be greater than + servers oplock break timeout (about 43 seconds) */ +- else +- timeout = 15 * HZ; ++ else if (long_op == CIFS_ASYNC_OP) ++ goto out; ++ else if (long_op == CIFS_BLOCKING_OP) ++ timeout = 0x7FFFFFFF; /* large, but not so large as to wrap */ ++ else { ++ cERROR(1, ("unknown timeout flag %d", long_op)); ++ rc = -EIO; ++ goto out; ++ } + + /* wait for 15 seconds or until woken up due to response arriving or + due to last connection to this server being unmounted */ +@@ -578,8 +616,10 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, + (2 * midQ->resp_buf->WordCount) + 2 /* bcc */ ) + BCC(midQ->resp_buf) = + le16_to_cpu(BCC_LE(midQ->resp_buf)); +- midQ->resp_buf = NULL; /* mark it so will not be freed +- by DeleteMidQEntry */ ++ if ((flags & CIFS_NO_RESP) == 0) ++ midQ->resp_buf = NULL; /* mark it so buf will ++ not be freed by ++ DeleteMidQEntry */ + } else { + rc = -EIO; + cFYI(1,("Bad MID state?")); +@@ -667,17 +707,25 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, + if(rc < 0) + goto out; + +- if (long_op == -1) ++ if (long_op == CIFS_STD_OP) ++ timeout = 15 * HZ; ++ /* wait for 15 seconds or until woken up due to response arriving or ++ due to last connection to this server being unmounted */ ++ else if (long_op == CIFS_ASYNC_OP) + goto out; +- else if (long_op == 2) /* writes past end of file can take loong time */ ++ else if (long_op == CIFS_VLONG_OP) /* writes past EOF can be slow */ + timeout = 180 * HZ; +- else if (long_op == 1) ++ else if (long_op == CIFS_LONG_OP) + timeout = 45 * HZ; /* should be greater than + servers oplock break timeout (about 43 seconds) */ +- else +- timeout = 15 * HZ; +- /* wait for 15 seconds or until woken up due to response arriving or +- due to last connection to this server being unmounted */ ++ else if (long_op == CIFS_BLOCKING_OP) ++ timeout = 0x7FFFFFFF; /* large but no so large as to wrap */ ++ else { ++ cERROR(1, ("unknown timeout flag %d", long_op)); ++ rc = -EIO; ++ goto out; ++ } ++ + if (signal_pending(current)) { + /* if signal pending do not hold up user for full smb timeout + but we still give response a chance to complete */ +@@ -817,7 +865,7 @@ send_lock_cancel(const unsigned int xid, struct cifsTconInfo *tcon, + pSMB->hdr.Mid = GetNextMid(ses->server); + + return SendReceive(xid, ses, in_buf, out_buf, +- &bytes_returned, 0); ++ &bytes_returned, CIFS_STD_OP); + } + + int +@@ -849,7 +897,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, + to the same server. We may make this configurable later or + use ses->maxReq */ + +- rc = wait_for_free_request(ses, 3); ++ rc = wait_for_free_request(ses, CIFS_BLOCKING_OP); + if (rc) + return rc; + +diff --git a/mm/slab.c b/mm/slab.c +index b344e67..42bf493 100644 +--- a/mm/slab.c ++++ b/mm/slab.c +@@ -2933,11 +2933,10 @@ static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags) + struct array_cache *ac; + int node; + +- node = numa_node_id(); +- ++retry: + check_irq_off(); ++ node = numa_node_id(); + ac = cpu_cache_get(cachep); +-retry: + batchcount = ac->batchcount; + if (!ac->touched && batchcount > BATCHREFILL_LIMIT) { + /* -- 2.11.4.GIT