Merge tag 'v6.18-rc1-smb-server-fixes' of git://git.samba.org/ksmbd

int ksmbd_session_rpc_method(struct ksmbd_session *sess, int id)

{

	struct ksmbd_session_rpc *entry;

	int method;

	down_read(&sess->rpc_lock);

	lockdep_assert_held(&sess->rpc_lock);

	entry = xa_load(&sess->rpc_handle_list, id);

	method = entry ? entry->method : 0;

	up_read(&sess->rpc_lock);

	return method;

	return entry ? entry->method : 0;

}

void ksmbd_session_destroy(struct ksmbd_session *sess)

		if (ksmbd_conn_need_reconnect(conn)) {

			rc = -EFAULT;

			ksmbd_user_session_put(sess);

			sess = NULL;

			goto out_err;

		}

	 * pipe without opening it, checking error condition here

	 */

	id = req->VolatileFileId;

	if (!ksmbd_session_rpc_method(sess, id))

	lockdep_assert_not_held(&sess->rpc_lock);

	down_read(&sess->rpc_lock);

	if (!ksmbd_session_rpc_method(sess, id)) {

		up_read(&sess->rpc_lock);

		return -ENOENT;

	}

	up_read(&sess->rpc_lock);

	ksmbd_debug(SMB, "FileInfoClass %u, FileId 0x%llx\n",

		    req->FileInfoClass, req->VolatileFileId);

	nbytes = ksmbd_vfs_read(work, fp, length, &offset, aux_payload_buf);

	if (nbytes < 0) {

		kvfree(aux_payload_buf);

		err = nbytes;

		goto out;

	}

	if (!msg)

		return NULL;

	lockdep_assert_not_held(&sess->rpc_lock);

	down_read(&sess->rpc_lock);

	msg->type = KSMBD_EVENT_RPC_REQUEST;

	req = (struct ksmbd_rpc_command *)msg->payload;

	req->handle = handle;

	req->flags |= KSMBD_RPC_WRITE_METHOD;

	req->payload_sz = payload_sz;

	memcpy(req->payload, payload, payload_sz);

	up_read(&sess->rpc_lock);

	resp = ipc_msg_send_request(msg, req->handle);

	ipc_msg_free(msg);

	if (!msg)

		return NULL;

	lockdep_assert_not_held(&sess->rpc_lock);

	down_read(&sess->rpc_lock);

	msg->type = KSMBD_EVENT_RPC_REQUEST;

	req = (struct ksmbd_rpc_command *)msg->payload;

	req->handle = handle;

	req->flags |= rpc_context_flags(sess);

	req->flags |= KSMBD_RPC_READ_METHOD;

	req->payload_sz = 0;

	up_read(&sess->rpc_lock);

	resp = ipc_msg_send_request(msg, req->handle);

	ipc_msg_free(msg);

	if (!msg)

		return NULL;

	lockdep_assert_not_held(&sess->rpc_lock);

	down_read(&sess->rpc_lock);

	msg->type = KSMBD_EVENT_RPC_REQUEST;

	req = (struct ksmbd_rpc_command *)msg->payload;

	req->handle = handle;

	req->flags |= KSMBD_RPC_IOCTL_METHOD;

	req->payload_sz = payload_sz;

	memcpy(req->payload, payload, payload_sz);

	up_read(&sess->rpc_lock);

	resp = ipc_msg_send_request(msg, req->handle);

	ipc_msg_free(msg);

					     get_buf_page_count(desc_buf, desc_buf_len),

					     msg->sg_list, SG_CHUNK_SIZE);

		if (ret) {

			kfree(msg);

			ret = -ENOMEM;

			goto out;

			goto free_msg;

		}

		ret = get_sg_list(desc_buf, desc_buf_len,

				  msg->sgt.sgl, msg->sgt.orig_nents);

		if (ret < 0) {

			sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE);

			kfree(msg);

			goto out;

		}

		if (ret < 0)

			goto free_table;

		ret = rdma_rw_ctx_init(&msg->rdma_ctx, sc->ib.qp, sc->ib.qp->port,

				       msg->sgt.sgl,

				       is_read ? DMA_FROM_DEVICE : DMA_TO_DEVICE);

		if (ret < 0) {

			pr_err("failed to init rdma_rw_ctx: %d\n", ret);

			sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE);

			kfree(msg);

			goto out;

			goto free_table;

		}

		list_add_tail(&msg->list, &msg_list);

	atomic_add(credits_needed, &sc->rw_io.credits.count);

	wake_up(&sc->rw_io.credits.wait_queue);

	return ret;

free_table:

	sg_free_table_chained(&msg->sgt, SG_CHUNK_SIZE);

free_msg:

	kfree(msg);

	goto out;

}

static int smb_direct_rdma_write(struct ksmbd_transport *t,