[PATCH] cifs: Do not interpret oplock break responses as responses to an unrelated command

.. even if the multiplex ids match.

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/cifs/CHANGES

@@ -10,6 +10,8 @@ different users from the same client to the same server. Fix oops in
 cifs_close. Add mount option for remapping reserved characters in
 filenames (also allow recognizing files with created by SFU which have any
 of these seven reserved characters, except backslash, to be recognized).
+Fix invalid transact2 message (we were sometimes trying to interpret
+oplock breaks as SMB responses).
 
 Version 1.31
 ------------

fs/cifs/cifs_debug.c

@@ -111,7 +111,12 @@ cifs_debug_data_read(char *buf, char **beginBuffer, off_t offset,
 					mid_q_entry,
 					qhead);
 				if(mid_entry) {
-					length = sprintf(buf,"State: %d com: %d pid: %d tsk: %p mid %d\n",mid_entry->midState,mid_entry->command,mid_entry->pid,mid_entry->tsk,mid_entry->mid);
+					length = sprintf(buf,"State: %d com: %d pid: %d tsk: %p mid %d\n",
+						mid_entry->midState,
+						(int)mid_entry->command,
+						mid_entry->pid,
+						mid_entry->tsk,
+						mid_entry->mid);
 					buf += length;
 				}
 			}

fs/cifs/cifsglob.h

@@ -313,12 +313,12 @@ struct mid_q_entry {
 	__u16 mid;		/* multiplex id */
 	__u16 pid;		/* process id */
 	__u32 sequence_number;  /* for CIFS signing */
-	__u16 command;		/* smb command code */
 	struct timeval when_sent;	/* time when smb sent */
 	struct cifsSesInfo *ses;	/* smb was sent to this server */
 	struct task_struct *tsk;	/* task waiting for response */
 	struct smb_hdr *resp_buf;	/* response buffer */
 	int midState;	/* wish this were enum but can not pass to wait_event */
+	__u8 command;		/* smb command code */
 };
 
 struct oplock_q_entry {

fs/cifs/connect.c

@@ -361,9 +361,13 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
 							       mid_q_entry,
 							       qhead);
 
-					if ((mid_entry->mid == smb_buffer->Mid) && (mid_entry->midState == MID_REQUEST_SUBMITTED)) {
-						cFYI(1,
-						     (" Mid 0x%x matched - waking up ",mid_entry->mid));
+					if ((mid_entry->mid == smb_buffer->Mid)
+						&& (mid_entry->midState == 
+							MID_REQUEST_SUBMITTED) 
+						&& (mid_entry->command == 
+							smb_buffer->Command)) {
+						cFYI(1,("Found Mid 0x%x wake up"
+							,mid_entry->mid));
 						task_to_wake = mid_entry->tsk;
 						mid_entry->resp_buf =
 						    smb_buffer;

fs/cifs/transport.c

@@ -189,7 +189,6 @@ smb_sendv(struct socket *ssocket, struct smb_hdr *smb_buffer,
 	struct msghdr smb_msg;
 	number_of_pages += 1; /* account for SMB header */
 	struct kvec * piov  = kmalloc(number_of_pages * sizeof(struct kvec));
-	if(i=0;i<num_pages-1;i++
 	unsigned len = smb_buf_length + 4;
 
 	if(ssocket == NULL)