Skip to content

Commit

Permalink
ksmbd: fix race condition from parallel smb2 logoff requests
Browse files Browse the repository at this point in the history 
If parallel smb2 logoff requests come in before closing door, running
request count becomes more than 1 even though connection status is set to
KSMBD_SESS_NEED_RECONNECT. It can't get condition true, and sleep forever.
This patch fix race condition problem by returning error if connection
status was already set to KSMBD_SESS_NEED_RECONNECT.

Reported-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
  • Loading branch information
Namjae Jeon authored and Steve French committed Oct 5, 2023
1 parent c698134 commit 7ca9da7
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions fs/smb/server/smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2164,17 +2164,17 @@ int smb2_session_logoff(struct ksmbd_work *work)

ksmbd_debug(SMB, "request\n");

sess_id = le64_to_cpu(req->hdr.SessionId);

rsp->StructureSize = cpu_to_le16(4);
err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_logoff_rsp));
if (err) {
rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
ksmbd_conn_lock(conn);
if (!ksmbd_conn_good(conn)) {
ksmbd_conn_unlock(conn);
rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
smb2_set_err_rsp(work);
return err;
return -ENOENT;
}

sess_id = le64_to_cpu(req->hdr.SessionId);
ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_RECONNECT);
ksmbd_conn_unlock(conn);

ksmbd_close_session_fds(work);
ksmbd_conn_wait_idle(conn, sess_id);

Expand All @@ -2196,6 +2196,14 @@ int smb2_session_logoff(struct ksmbd_work *work)
ksmbd_free_user(sess->user);
sess->user = NULL;
ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_NEGOTIATE);

rsp->StructureSize = cpu_to_le16(4);
err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_logoff_rsp));
if (err) {
rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
smb2_set_err_rsp(work);
return err;
}
return 0;
}

Expand Down

0 comments on commit 7ca9da7

Please sign in to comment.