iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

3 smb3 client fixes

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmSqNkIACgkQiiy9cAdy
 T1GXsAwAhYUyjlXZLDsmO+9PjKhM9WRM1IO5myy3P396R0Tzq741f8LM7Lx08qc+
 D1701gsnhIrvprem1HjtW6DZzCVnLdpBIYUEnwUr8eDqMpk1VFKug3xSVhIRMih3
 Y30dHTgQ0aCLrrh5XHOWhBHJbpq7Wdlh3q0oi8I36Of8e6tGFNo2wI4ud7no4aIj
 N222dWOs56FXtVAmgEAuc7U2A40ztMOp7FXrbzhK4FwD5kO+pFkqJcLjG6Bk10ph
 Tyg3Wh2TnX+MviOY0xUaN0X50dSoSJPkSUYGkccrIcfVPwEoH7l6j0LNgAVyhG7K
 f5EUbM7Td51a1Znj9wX6U9N0UfO/IOZRDFZ7ACckLBBBEzfKYCgYY5dWJ6aVxZHb
 bB336f1ObvDiocEabS1SMa//sXUjpOy3Tg8etLCYJpqjWYE8nO7lERoBWGWXkUqy
 xO86pGQjYLzkw16R11tzbplv+1HxoGwIuQnOubivv2prn++NZ4Zr2ohBeDlyJc1/
 WwF42UfM
 =F8D0
 -----END PGP SIGNATURE-----

Merge tag '6.5-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6

Pull more smb client updates from Steve French:

 - fix potential use after free in unmount

 - minor cleanup

 - add worker to cleanup stale directory leases

* tag '6.5-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Add a laundromat thread for cached directories
  smb: client: remove redundant pointer 'server'
  cifs: fix session state transition to avoid use-after-free issue
This commit is contained in:
Linus Torvalds 2023-07-09 09:45:32 -07:00
commit 4770353b66
4 changed files with 72 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
fs/smb/client/cached_dir.c
View File

@ -568,6 +568,53 @@ static void free_cached_dir(struct cached_fid *cfid)
kfree(cfid); kfree(cfid);
} }
static int
cifs_cfids_laundromat_thread(void *p)
{
struct cached_fids *cfids = p;
struct cached_fid *cfid, *q;
struct list_head entry;
while (!kthread_should_stop()) {
ssleep(1);
INIT_LIST_HEAD(&entry);
if (kthread_should_stop())
return 0;
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {
if (time_after(jiffies, cfid->time + HZ * 30)) {
list_del(&cfid->entry);
list_add(&cfid->entry, &entry);
cfids->num_entries--;
}
}
spin_unlock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &entry, entry) {
cfid->on_list = false;
list_del(&cfid->entry);
/*
* Cancel, and wait for the work to finish in
* case we are racing with it.
*/
cancel_work_sync(&cfid->lease_break);
if (cfid->has_lease) {
/*
* We lease has not yet been cancelled from
* the server so we need to drop the reference.
*/
spin_lock(&cfids->cfid_list_lock);
cfid->has_lease = false;
spin_unlock(&cfids->cfid_list_lock);
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
}
}
return 0;
}
struct cached_fids *init_cached_dirs(void) struct cached_fids *init_cached_dirs(void)
{ {
struct cached_fids *cfids; struct cached_fids *cfids;
@ -577,6 +624,20 @@ struct cached_fids *init_cached_dirs(void)
return NULL; return NULL;
spin_lock_init(&cfids->cfid_list_lock); spin_lock_init(&cfids->cfid_list_lock);
INIT_LIST_HEAD(&cfids->entries); INIT_LIST_HEAD(&cfids->entries);
/*
* since we're in a cifs function already, we know that
* this will succeed. No need for try_module_get().
*/
__module_get(THIS_MODULE);
cfids->laundromat = kthread_run(cifs_cfids_laundromat_thread,
cfids, "cifsd-cfid-laundromat");
if (IS_ERR(cfids->laundromat)) {
cifs_dbg(VFS, "Failed to start cfids laundromat thread.\n");
kfree(cfids);
module_put(THIS_MODULE);
return NULL;
}
return cfids; return cfids;
} }
@ -589,6 +650,12 @@ void free_cached_dirs(struct cached_fids *cfids)
struct cached_fid *cfid, *q; struct cached_fid *cfid, *q;
LIST_HEAD(entry); LIST_HEAD(entry);
if (cfids->laundromat) {
kthread_stop(cfids->laundromat);
cfids->laundromat = NULL;
module_put(THIS_MODULE);
}
spin_lock(&cfids->cfid_list_lock); spin_lock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &cfids->entries, entry) { list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {
cfid->on_list = false; cfid->on_list = false;

1
fs/smb/client/cached_dir.h
View File

@ -57,6 +57,7 @@ struct cached_fids {
spinlock_t cfid_list_lock; spinlock_t cfid_list_lock;
int num_entries; int num_entries;
struct list_head entries; struct list_head entries;
struct task_struct *laundromat;
}; };
extern struct cached_fids *init_cached_dirs(void); extern struct cached_fids *init_cached_dirs(void);

7
fs/smb/client/connect.c
View File

@ -1967,15 +1967,16 @@ void __cifs_put_smb_ses(struct cifs_ses *ses)
spin_unlock(&cifs_tcp_ses_lock); spin_unlock(&cifs_tcp_ses_lock);
return; return;
} }
spin_lock(&ses->ses_lock);
if (ses->ses_status == SES_GOOD)
ses->ses_status = SES_EXITING;
spin_unlock(&ses->ses_lock);
spin_unlock(&cifs_tcp_ses_lock); spin_unlock(&cifs_tcp_ses_lock);
/* ses_count can never go negative */ /* ses_count can never go negative */
WARN_ON(ses->ses_count < 0); WARN_ON(ses->ses_count < 0);
spin_lock(&ses->ses_lock); spin_lock(&ses->ses_lock);
if (ses->ses_status == SES_GOOD)
ses->ses_status = SES_EXITING;
if (ses->ses_status == SES_EXITING && server->ops->logoff) { if (ses->ses_status == SES_EXITING && server->ops->logoff) {
spin_unlock(&ses->ses_lock); spin_unlock(&ses->ses_lock);
cifs_free_ipc(ses); cifs_free_ipc(ses);

2
fs/smb/client/dfs.c
View File

@ -143,7 +143,6 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx)
struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
char *ref_path = NULL, *full_path = NULL; char *ref_path = NULL, *full_path = NULL;
struct dfs_cache_tgt_iterator *tit; struct dfs_cache_tgt_iterator *tit;
struct TCP_Server_Info *server;
struct cifs_tcon *tcon; struct cifs_tcon *tcon;
char *origin_fullpath = NULL; char *origin_fullpath = NULL;
char sep = CIFS_DIR_SEP(cifs_sb); char sep = CIFS_DIR_SEP(cifs_sb);
@ -214,7 +213,6 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx)
} while (rc == -EREMOTE); } while (rc == -EREMOTE);
if (!rc) { if (!rc) {
server = mnt_ctx->server;
tcon = mnt_ctx->tcon; tcon = mnt_ctx->tcon;
spin_lock(&tcon->tc_lock); spin_lock(&tcon->tc_lock);