Handle mismatched open calls

	/* verify the message */

	int (*check_message)(char *, unsigned int, struct TCP_Server_Info *);

	bool (*is_oplock_break)(char *, struct TCP_Server_Info *);

	int (*handle_cancelled_mid)(char *, struct TCP_Server_Info *);

	void (*downgrade_oplock)(struct TCP_Server_Info *,

					struct cifsInodeInfo *, bool);

	/* process transaction2 response */

	void *callback_data;	  /* general purpose pointer for callback */

	void *resp_buf;		/* pointer to received SMB header */

	int mid_state;	/* wish this were enum but can not pass to wait_event */

	unsigned int mid_flags;

	__le16 command;		/* smb command code */

	bool large_buf:1;	/* if valid response, is pointer to large buf */

	bool multiRsp:1;	/* multiple trans2 responses for one request  */

	bool decrypted:1;	/* decrypted entry */

};

struct close_cancelled_open {

	struct cifs_fid         fid;

	struct cifs_tcon        *tcon;

	struct work_struct      work;

};

/*	Make code in transport.c a little cleaner by moving

	update of optional stats into function below */

#ifdef CONFIG_CIFS_STATS2

#define   MID_RESPONSE_MALFORMED 0x10

#define   MID_SHUTDOWN		 0x20

/* Flags */

#define   MID_WAIT_CANCELLED	 1 /* Cancelled while waiting for response */

/* Types of response buffer returned from SendReceive2 */

#define   CIFS_NO_BUFFER        0    /* Response buffer not returned */

#define   CIFS_SMALL_BUFFER     1

extern void cifs_wake_up_task(struct mid_q_entry *mid);

extern int cifs_handle_standard(struct TCP_Server_Info *server,

				struct mid_q_entry *mid);

extern int cifs_discard_remaining_data(struct TCP_Server_Info *server);

extern int cifs_discard_remaining_data(struct TCP_Server_Info *server,

				       char *buf);

extern int cifs_call_async(struct TCP_Server_Info *server,

			struct smb_rqst *rqst,

			mid_receive_t *receive, mid_callback_t *callback,

 * current bigbuf.

 */

int

cifs_discard_remaining_data(struct TCP_Server_Info *server)

cifs_discard_remaining_data(struct TCP_Server_Info *server, char *buf)

{

	unsigned int rfclen = get_rfc1002_length(server->smallbuf);

	unsigned int rfclen = get_rfc1002_length(buf);

	int remaining = rfclen + 4 - server->total_read;

	while (remaining > 0) {

	int length;

	struct cifs_readdata *rdata = mid->callback_data;

	length = cifs_discard_remaining_data(server);

	length = cifs_discard_remaining_data(server, mid->resp_buf);

	dequeue_mid(mid, rdata->result);

	return length;

}

	if (server->ops->is_status_pending &&

	    server->ops->is_status_pending(buf, server, 0)) {

		cifs_discard_remaining_data(server);

		cifs_discard_remaining_data(server, buf);

		return -1;

	}

	cifs_dbg(FYI, "0: iov_base=%p iov_len=%u\n",

		 rdata->iov[0].iov_base, server->total_read);

	mid->resp_buf = server->smallbuf;

	server->smallbuf = NULL;

	/* how much data is in the response? */

	data_len = server->ops->read_data_length(buf);

	if (data_offset + data_len > buflen) {

		server->lstrp = jiffies;

		if (mid_entry != NULL) {

			if ((mid_entry->mid_flags & MID_WAIT_CANCELLED) &&

			     mid_entry->mid_state == MID_RESPONSE_RECEIVED &&

					server->ops->handle_cancelled_mid)

				server->ops->handle_cancelled_mid(

							mid_entry->resp_buf,

							server);

			if (!mid_entry->multiRsp || mid_entry->multiEnd)

				mid_entry->callback(mid_entry);

		} else if (!server->ops->is_oplock_break ||

			   !server->ops->is_oplock_break(buf, server)) {

		} else if (server->ops->is_oplock_break &&

			   server->ops->is_oplock_break(buf, server)) {

			cifs_dbg(FYI, "Received oplock break\n");

		} else {

			cifs_dbg(VFS, "No task to wake, unknown frame received! NumMids %d\n",

				 atomic_read(&midCount));

			cifs_dump_mem("Received Data is: ", buf,

	cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n");

	return false;

}

void

smb2_cancelled_close_fid(struct work_struct *work)

{

	struct close_cancelled_open *cancelled = container_of(work,

					struct close_cancelled_open, work);

	cifs_dbg(VFS, "Close unmatched open\n");

	SMB2_close(0, cancelled->tcon, cancelled->fid.persistent_fid,

		   cancelled->fid.volatile_fid);

	cifs_put_tcon(cancelled->tcon);

	kfree(cancelled);

}

int

smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server)

{

	struct smb2_sync_hdr *sync_hdr = get_sync_hdr(buffer);

	struct smb2_create_rsp *rsp = (struct smb2_create_rsp *)buffer;

	struct cifs_tcon *tcon;

	struct close_cancelled_open *cancelled;

	if (sync_hdr->Command != SMB2_CREATE ||

	    sync_hdr->Status != STATUS_SUCCESS)

		return 0;

	cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL);

	if (!cancelled)

		return -ENOMEM;

	tcon = smb2_find_smb_tcon(server, sync_hdr->SessionId,

				  sync_hdr->TreeId);

	if (!tcon) {

		kfree(cancelled);

		return -ENOENT;

	}

	cancelled->fid.persistent_fid = rsp->PersistentFileId;

	cancelled->fid.volatile_fid = rsp->VolatileFileId;

	cancelled->tcon = tcon;

	INIT_WORK(&cancelled->work, smb2_cancelled_close_fid);

	queue_work(cifsiod_wq, &cancelled->work);

	return 0;

}