diff mbox series

cifs: Fix kernel oops when traceSMB is enabled

Message ID 20180614203408.20818-1-paulo@paulo.ac
State New
Headers show
Series cifs: Fix kernel oops when traceSMB is enabled | expand

Commit Message

Paulo Alcantara (SUSE) June 14, 2018, 8:34 p.m. UTC
When traceSMB is enabled through 'echo 1 > /proc/fs/cifs/traceSMB', after a
mount, the following oops is triggered:

[   27.137943] BUG: unable to handle kernel paging request at
ffff8800f80c268b
[   27.143396] PGD 2c6b067 P4D 2c6b067 PUD 0
[   27.145386] Oops: 0000 [#1] SMP PTI
[   27.146186] CPU: 2 PID: 2655 Comm: mount.cifs Not tainted 4.17.0+ #39
[   27.147174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
1.0.0-prebuilt.qemu-project.org 04/01/2014
[   27.148969] RIP: 0010:hex_dump_to_buffer+0x413/0x4b0
[   27.149738] Code: 48 8b 44 24 08 31 db 45 31 d2 48 89 6c 24 18 44 89
6c 24 24 48 c7 c1 78 b5 23 82 4c 89 64 24 10 44 89 d5 41 89 dc 4c 8d 58
02 <44> 0f b7 00 4d 89 dd eb 1f 83 c5 01 41 01 c4 41 39 ef 0f 84 48 fe
[   27.152396] RSP: 0018:ffffc9000058f8c0 EFLAGS: 00010246
[   27.153129] RAX: ffff8800f80c268b RBX: 0000000000000000 RCX:
ffffffff8223b578
[   27.153867] RDX: 0000000000000000 RSI: ffffffff81a55496 RDI:
0000000000000008
[   27.154612] RBP: 0000000000000000 R08: 0000000000000020 R09:
0000000000000083
[   27.155355] R10: 0000000000000000 R11: ffff8800f80c268d R12:
0000000000000000
[   27.156101] R13: 0000000000000002 R14: ffffc9000058f94d R15:
0000000000000008
[   27.156838] FS:  00007f1693a6b740(0000) GS:ffff88007fd00000(0000)
knlGS:0000000000000000
[   27.158354] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.159093] CR2: ffff8800f80c268b CR3: 00000000798fa001 CR4:
0000000000360ee0
[   27.159892] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[   27.160661] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[   27.161464] Call Trace:
[   27.162123]  print_hex_dump+0xd3/0x160
[   27.162814] journal-offline (2658) used greatest stack depth: 13144
bytes left
[   27.162824]  ? __release_sock+0x60/0xd0
[   27.165344]  ? tcp_sendmsg+0x31/0x40
[   27.166177]  dump_smb+0x39/0x40
[   27.166972]  ? vsnprintf+0x236/0x490
[   27.167807]  __smb_send_rqst.constprop.12+0x103/0x430
[   27.168554]  ? apic_timer_interrupt+0xa/0x20
[   27.169306]  smb_send_rqst+0x48/0xc0
[   27.169984]  cifs_send_recv+0xda/0x420
[   27.170639]  SMB2_negotiate+0x23d/0xfa0
[   27.171301]  ? vsnprintf+0x236/0x490
[   27.171961]  ? smb2_negotiate+0x19/0x30
[   27.172586]  smb2_negotiate+0x19/0x30
[   27.173257]  cifs_negotiate_protocol+0x70/0xd0
[   27.173935]  ? kstrdup+0x43/0x60
[   27.174551]  cifs_get_smb_ses+0x295/0xbe0
[   27.175260]  ? lock_timer_base+0x67/0x80
[   27.175936]  ? __internal_add_timer+0x1a/0x50
[   27.176575]  ? add_timer+0x10f/0x230
[   27.177267]  cifs_mount+0x101/0x1190
[   27.177940]  ? cifs_smb3_do_mount+0x144/0x5c0
[   27.178575]  cifs_smb3_do_mount+0x144/0x5c0
[   27.179270]  mount_fs+0x35/0x150
[   27.179930]  vfs_kern_mount.part.28+0x54/0xf0
[   27.180567]  do_mount+0x5ad/0xc40
[   27.181234]  ? kmem_cache_alloc_trace+0xed/0x1a0
[   27.181916]  ksys_mount+0x80/0xd0
[   27.182535]  __x64_sys_mount+0x21/0x30
[   27.183220]  do_syscall_64+0x4e/0x100
[   27.183882]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   27.184535] RIP: 0033:0x7f169339055a
[   27.185192] Code: 48 8b 0d 41 d9 2b 00 f7 d8 64 89 01 48 83 c8 ff c3
66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0e d9 2b 00 f7 d8 64 89 01 48
[   27.187268] RSP: 002b:00007fff7b44eb58 EFLAGS: 00000202 ORIG_RAX:
00000000000000a5
[   27.188515] RAX: ffffffffffffffda RBX: 00007f1693a7e70e RCX:
00007f169339055a
[   27.189244] RDX: 000055b9f97f64e5 RSI: 000055b9f97f652c RDI:
00007fff7b45074f
[   27.189974] RBP: 000055b9fb8c9260 R08: 000055b9fb8ca8f0 R09:
0000000000000000
[   27.190721] R10: 0000000000000000 R11: 0000000000000202 R12:
000055b9fb8ca8f0
[   27.191429] R13: 0000000000000000 R14: 00007f1693a7c000 R15:
00007f1693a7e91d
[   27.192167] Modules linked in:
[   27.192797] CR2: ffff8800f80c268b
[   27.193435] ---[ end trace 67404c618badf323 ]---

The problem was that dump_smb() had been called with an invalid pointer,
that is, in __smb_send_rqst(), iov[1] doesn't exist (n_vec == 1).

This patch fixes it by relying on the n_vec value to dump out the smb
packets.

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
---
 fs/cifs/transport.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

ronnie sahlberg June 14, 2018, 8:48 p.m. UTC | #1
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>

Awesome find Paolo!

On Fri, Jun 15, 2018 at 6:34 AM, Paulo Alcantara <paulo@paulo.ac> wrote:
> When traceSMB is enabled through 'echo 1 > /proc/fs/cifs/traceSMB', after a
> mount, the following oops is triggered:
>
> [   27.137943] BUG: unable to handle kernel paging request at
> ffff8800f80c268b
> [   27.143396] PGD 2c6b067 P4D 2c6b067 PUD 0
> [   27.145386] Oops: 0000 [#1] SMP PTI
> [   27.146186] CPU: 2 PID: 2655 Comm: mount.cifs Not tainted 4.17.0+ #39
> [   27.147174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
> 1.0.0-prebuilt.qemu-project.org 04/01/2014
> [   27.148969] RIP: 0010:hex_dump_to_buffer+0x413/0x4b0
> [   27.149738] Code: 48 8b 44 24 08 31 db 45 31 d2 48 89 6c 24 18 44 89
> 6c 24 24 48 c7 c1 78 b5 23 82 4c 89 64 24 10 44 89 d5 41 89 dc 4c 8d 58
> 02 <44> 0f b7 00 4d 89 dd eb 1f 83 c5 01 41 01 c4 41 39 ef 0f 84 48 fe
> [   27.152396] RSP: 0018:ffffc9000058f8c0 EFLAGS: 00010246
> [   27.153129] RAX: ffff8800f80c268b RBX: 0000000000000000 RCX:
> ffffffff8223b578
> [   27.153867] RDX: 0000000000000000 RSI: ffffffff81a55496 RDI:
> 0000000000000008
> [   27.154612] RBP: 0000000000000000 R08: 0000000000000020 R09:
> 0000000000000083
> [   27.155355] R10: 0000000000000000 R11: ffff8800f80c268d R12:
> 0000000000000000
> [   27.156101] R13: 0000000000000002 R14: ffffc9000058f94d R15:
> 0000000000000008
> [   27.156838] FS:  00007f1693a6b740(0000) GS:ffff88007fd00000(0000)
> knlGS:0000000000000000
> [   27.158354] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   27.159093] CR2: ffff8800f80c268b CR3: 00000000798fa001 CR4:
> 0000000000360ee0
> [   27.159892] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [   27.160661] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
> 0000000000000400
> [   27.161464] Call Trace:
> [   27.162123]  print_hex_dump+0xd3/0x160
> [   27.162814] journal-offline (2658) used greatest stack depth: 13144
> bytes left
> [   27.162824]  ? __release_sock+0x60/0xd0
> [   27.165344]  ? tcp_sendmsg+0x31/0x40
> [   27.166177]  dump_smb+0x39/0x40
> [   27.166972]  ? vsnprintf+0x236/0x490
> [   27.167807]  __smb_send_rqst.constprop.12+0x103/0x430
> [   27.168554]  ? apic_timer_interrupt+0xa/0x20
> [   27.169306]  smb_send_rqst+0x48/0xc0
> [   27.169984]  cifs_send_recv+0xda/0x420
> [   27.170639]  SMB2_negotiate+0x23d/0xfa0
> [   27.171301]  ? vsnprintf+0x236/0x490
> [   27.171961]  ? smb2_negotiate+0x19/0x30
> [   27.172586]  smb2_negotiate+0x19/0x30
> [   27.173257]  cifs_negotiate_protocol+0x70/0xd0
> [   27.173935]  ? kstrdup+0x43/0x60
> [   27.174551]  cifs_get_smb_ses+0x295/0xbe0
> [   27.175260]  ? lock_timer_base+0x67/0x80
> [   27.175936]  ? __internal_add_timer+0x1a/0x50
> [   27.176575]  ? add_timer+0x10f/0x230
> [   27.177267]  cifs_mount+0x101/0x1190
> [   27.177940]  ? cifs_smb3_do_mount+0x144/0x5c0
> [   27.178575]  cifs_smb3_do_mount+0x144/0x5c0
> [   27.179270]  mount_fs+0x35/0x150
> [   27.179930]  vfs_kern_mount.part.28+0x54/0xf0
> [   27.180567]  do_mount+0x5ad/0xc40
> [   27.181234]  ? kmem_cache_alloc_trace+0xed/0x1a0
> [   27.181916]  ksys_mount+0x80/0xd0
> [   27.182535]  __x64_sys_mount+0x21/0x30
> [   27.183220]  do_syscall_64+0x4e/0x100
> [   27.183882]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [   27.184535] RIP: 0033:0x7f169339055a
> [   27.185192] Code: 48 8b 0d 41 d9 2b 00 f7 d8 64 89 01 48 83 c8 ff c3
> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f
> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0e d9 2b 00 f7 d8 64 89 01 48
> [   27.187268] RSP: 002b:00007fff7b44eb58 EFLAGS: 00000202 ORIG_RAX:
> 00000000000000a5
> [   27.188515] RAX: ffffffffffffffda RBX: 00007f1693a7e70e RCX:
> 00007f169339055a
> [   27.189244] RDX: 000055b9f97f64e5 RSI: 000055b9f97f652c RDI:
> 00007fff7b45074f
> [   27.189974] RBP: 000055b9fb8c9260 R08: 000055b9fb8ca8f0 R09:
> 0000000000000000
> [   27.190721] R10: 0000000000000000 R11: 0000000000000202 R12:
> 000055b9fb8ca8f0
> [   27.191429] R13: 0000000000000000 R14: 00007f1693a7c000 R15:
> 00007f1693a7e91d
> [   27.192167] Modules linked in:
> [   27.192797] CR2: ffff8800f80c268b
> [   27.193435] ---[ end trace 67404c618badf323 ]---
>
> The problem was that dump_smb() had been called with an invalid pointer,
> that is, in __smb_send_rqst(), iov[1] doesn't exist (n_vec == 1).
>
> This patch fixes it by relying on the n_vec value to dump out the smb
> packets.
>
> Signed-off-by: Paulo Alcantara <palcantara@suse.de>
> ---
>  fs/cifs/transport.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
> index 13c244dfb3c1..a3ea42a4cb98 100644
> --- a/fs/cifs/transport.c
> +++ b/fs/cifs/transport.c
> @@ -281,17 +281,17 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
>                 send_length += 4;
>         }
>
> +       cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
> +
>         for (j = 0; j < num_rqst; j++) {
>                 iov = rqst[j].rq_iov;
>                 n_vec = rqst[j].rq_nvec;
>
> -               cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
> -               dump_smb(iov[0].iov_base, iov[0].iov_len);
> -               dump_smb(iov[1].iov_base, iov[1].iov_len);
> -
>                 size = 0;
> -               for (i = 0; i < n_vec; i++)
> +               for (i = 0; i < n_vec; i++) {
> +                       dump_smb(iov[i].iov_base, iov[i].iov_len);
>                         size += iov[i].iov_len;
> +               }
>
>                 iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC,
>                               iov, n_vec, size);
> --
> 2.17.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Steve French June 14, 2018, 8:55 p.m. UTC | #2
Yes - good job. Merged into cifs-2.6.git for-next

On Thu, Jun 14, 2018 at 3:48 PM, ronnie sahlberg
<ronniesahlberg@gmail.com> wrote:
> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
>
> Awesome find Paolo!
>
> On Fri, Jun 15, 2018 at 6:34 AM, Paulo Alcantara <paulo@paulo.ac> wrote:
>> When traceSMB is enabled through 'echo 1 > /proc/fs/cifs/traceSMB', after a
>> mount, the following oops is triggered:
>>
>> [   27.137943] BUG: unable to handle kernel paging request at
>> ffff8800f80c268b
>> [   27.143396] PGD 2c6b067 P4D 2c6b067 PUD 0
>> [   27.145386] Oops: 0000 [#1] SMP PTI
>> [   27.146186] CPU: 2 PID: 2655 Comm: mount.cifs Not tainted 4.17.0+ #39
>> [   27.147174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
>> 1.0.0-prebuilt.qemu-project.org 04/01/2014
>> [   27.148969] RIP: 0010:hex_dump_to_buffer+0x413/0x4b0
>> [   27.149738] Code: 48 8b 44 24 08 31 db 45 31 d2 48 89 6c 24 18 44 89
>> 6c 24 24 48 c7 c1 78 b5 23 82 4c 89 64 24 10 44 89 d5 41 89 dc 4c 8d 58
>> 02 <44> 0f b7 00 4d 89 dd eb 1f 83 c5 01 41 01 c4 41 39 ef 0f 84 48 fe
>> [   27.152396] RSP: 0018:ffffc9000058f8c0 EFLAGS: 00010246
>> [   27.153129] RAX: ffff8800f80c268b RBX: 0000000000000000 RCX:
>> ffffffff8223b578
>> [   27.153867] RDX: 0000000000000000 RSI: ffffffff81a55496 RDI:
>> 0000000000000008
>> [   27.154612] RBP: 0000000000000000 R08: 0000000000000020 R09:
>> 0000000000000083
>> [   27.155355] R10: 0000000000000000 R11: ffff8800f80c268d R12:
>> 0000000000000000
>> [   27.156101] R13: 0000000000000002 R14: ffffc9000058f94d R15:
>> 0000000000000008
>> [   27.156838] FS:  00007f1693a6b740(0000) GS:ffff88007fd00000(0000)
>> knlGS:0000000000000000
>> [   27.158354] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [   27.159093] CR2: ffff8800f80c268b CR3: 00000000798fa001 CR4:
>> 0000000000360ee0
>> [   27.159892] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [   27.160661] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [   27.161464] Call Trace:
>> [   27.162123]  print_hex_dump+0xd3/0x160
>> [   27.162814] journal-offline (2658) used greatest stack depth: 13144
>> bytes left
>> [   27.162824]  ? __release_sock+0x60/0xd0
>> [   27.165344]  ? tcp_sendmsg+0x31/0x40
>> [   27.166177]  dump_smb+0x39/0x40
>> [   27.166972]  ? vsnprintf+0x236/0x490
>> [   27.167807]  __smb_send_rqst.constprop.12+0x103/0x430
>> [   27.168554]  ? apic_timer_interrupt+0xa/0x20
>> [   27.169306]  smb_send_rqst+0x48/0xc0
>> [   27.169984]  cifs_send_recv+0xda/0x420
>> [   27.170639]  SMB2_negotiate+0x23d/0xfa0
>> [   27.171301]  ? vsnprintf+0x236/0x490
>> [   27.171961]  ? smb2_negotiate+0x19/0x30
>> [   27.172586]  smb2_negotiate+0x19/0x30
>> [   27.173257]  cifs_negotiate_protocol+0x70/0xd0
>> [   27.173935]  ? kstrdup+0x43/0x60
>> [   27.174551]  cifs_get_smb_ses+0x295/0xbe0
>> [   27.175260]  ? lock_timer_base+0x67/0x80
>> [   27.175936]  ? __internal_add_timer+0x1a/0x50
>> [   27.176575]  ? add_timer+0x10f/0x230
>> [   27.177267]  cifs_mount+0x101/0x1190
>> [   27.177940]  ? cifs_smb3_do_mount+0x144/0x5c0
>> [   27.178575]  cifs_smb3_do_mount+0x144/0x5c0
>> [   27.179270]  mount_fs+0x35/0x150
>> [   27.179930]  vfs_kern_mount.part.28+0x54/0xf0
>> [   27.180567]  do_mount+0x5ad/0xc40
>> [   27.181234]  ? kmem_cache_alloc_trace+0xed/0x1a0
>> [   27.181916]  ksys_mount+0x80/0xd0
>> [   27.182535]  __x64_sys_mount+0x21/0x30
>> [   27.183220]  do_syscall_64+0x4e/0x100
>> [   27.183882]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> [   27.184535] RIP: 0033:0x7f169339055a
>> [   27.185192] Code: 48 8b 0d 41 d9 2b 00 f7 d8 64 89 01 48 83 c8 ff c3
>> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f
>> 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0e d9 2b 00 f7 d8 64 89 01 48
>> [   27.187268] RSP: 002b:00007fff7b44eb58 EFLAGS: 00000202 ORIG_RAX:
>> 00000000000000a5
>> [   27.188515] RAX: ffffffffffffffda RBX: 00007f1693a7e70e RCX:
>> 00007f169339055a
>> [   27.189244] RDX: 000055b9f97f64e5 RSI: 000055b9f97f652c RDI:
>> 00007fff7b45074f
>> [   27.189974] RBP: 000055b9fb8c9260 R08: 000055b9fb8ca8f0 R09:
>> 0000000000000000
>> [   27.190721] R10: 0000000000000000 R11: 0000000000000202 R12:
>> 000055b9fb8ca8f0
>> [   27.191429] R13: 0000000000000000 R14: 00007f1693a7c000 R15:
>> 00007f1693a7e91d
>> [   27.192167] Modules linked in:
>> [   27.192797] CR2: ffff8800f80c268b
>> [   27.193435] ---[ end trace 67404c618badf323 ]---
>>
>> The problem was that dump_smb() had been called with an invalid pointer,
>> that is, in __smb_send_rqst(), iov[1] doesn't exist (n_vec == 1).
>>
>> This patch fixes it by relying on the n_vec value to dump out the smb
>> packets.
>>
>> Signed-off-by: Paulo Alcantara <palcantara@suse.de>
>> ---
>>  fs/cifs/transport.c | 10 +++++-----
>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
>> index 13c244dfb3c1..a3ea42a4cb98 100644
>> --- a/fs/cifs/transport.c
>> +++ b/fs/cifs/transport.c
>> @@ -281,17 +281,17 @@ __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
>>                 send_length += 4;
>>         }
>>
>> +       cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
>> +
>>         for (j = 0; j < num_rqst; j++) {
>>                 iov = rqst[j].rq_iov;
>>                 n_vec = rqst[j].rq_nvec;
>>
>> -               cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
>> -               dump_smb(iov[0].iov_base, iov[0].iov_len);
>> -               dump_smb(iov[1].iov_base, iov[1].iov_len);
>> -
>>                 size = 0;
>> -               for (i = 0; i < n_vec; i++)
>> +               for (i = 0; i < n_vec; i++) {
>> +                       dump_smb(iov[i].iov_base, iov[i].iov_len);
>>                         size += iov[i].iov_len;
>> +               }
>>
>>                 iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC,
>>                               iov, n_vec, size);
>> --
>> 2.17.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox series

Patch

diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 13c244dfb3c1..a3ea42a4cb98 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -281,17 +281,17 @@  __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
 		send_length += 4;
 	}
 
+	cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
+
 	for (j = 0; j < num_rqst; j++) {
 		iov = rqst[j].rq_iov;
 		n_vec = rqst[j].rq_nvec;
 
-		cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
-		dump_smb(iov[0].iov_base, iov[0].iov_len);
-		dump_smb(iov[1].iov_base, iov[1].iov_len);
-
 		size = 0;
-		for (i = 0; i < n_vec; i++)
+		for (i = 0; i < n_vec; i++) {
+			dump_smb(iov[i].iov_base, iov[i].iov_len);
 			size += iov[i].iov_len;
+		}
 
 		iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC,
 			      iov, n_vec, size);