smb3: fix refcount underflow warning on unmount when no directory leases

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fix refcount underflow warning when unmounting to servers which didn't grant
directory leases.

[ 301.680095] refcount_t: underflow; use-after-free.
[ 301.680192] WARNING: CPU: 1 PID: 3569 at lib/refcount.c:28
refcount_warn_saturate+0xb4/0xf3
...
[ 301.682139] Call Trace:
[ 301.682240] close_shroot+0x97/0xda [cifs]
[ 301.682351] SMB2_tdis+0x7c/0x176 [cifs]
[ 301.682456] ? _get_xid+0x58/0x91 [cifs]
[ 301.682563] cifs_put_tcon.part.0+0x99/0x202 [cifs]
[ 301.682637] ? ida_free+0x99/0x10a
[ 301.682727] ? cifs_umount+0x3d/0x9d [cifs]
[ 301.682829] cifs_put_tlink+0x3a/0x50 [cifs]
[ 301.682929] cifs_umount+0x44/0x9d [cifs]

Fixes: 72e73c78c446 ("cifs: close the shared root handle on tree disconnect")

Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Reported-and-tested-by: Arthur Marsh <arthur.marsh@internode.on.net>

Steve French 6 years ago 28139389 e42617b8

+2 -1

1 changed file

expand all

cifs

smb2pdu.c

+2 -1

fs/cifs/smb2pdu.c

··· 1847 1847 if ((tcon->need_reconnect) || (tcon->ses->need_reconnect)) 1848 1848 return 0; 1849 1849 1850 - close_shroot(&tcon->crfid); 1850 + if (tcon->crfid.is_valid) 1851 + close_shroot(&tcon->crfid); 1851 1852 1852 1853 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req, 1853 1854 &total_len);