commit 8560697b23dc2f405cb463af2b17256a9888129d · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge tag '6.15-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

- Fix hard link lease key problem when close is deferred

- Revert the socket lockdep/refcount workarounds done in cifs.ko now
that it is fixed at the socket layer

* tag '6.15-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
Revert "smb: client: fix TCP timers deadlock after rmmod"
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
smb3 client: fix open hardlink on deferred close file error

Linus Torvalds 9 months ago 8560697b 3088d269

+39 -25

3 changed files

expand all

unified split

smb

client

cifsproto.h

connect.c

file.c

fs/smb/client/cifsproto.h

··· 163 163 extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); 164 164 extern int cifs_get_readable_path(struct cifs_tcon *tcon, const char *name, 165 165 struct cifsFileInfo **ret_file); 166 + extern int cifs_get_hardlink_path(struct cifs_tcon *tcon, struct inode *inode, 167 + struct file *file); 166 168 extern unsigned int smbCalcSize(void *buf); 167 169 extern int decode_negTokenInit(unsigned char *security_blob, int length, 168 170 struct TCP_Server_Info *server);

+9 -25

fs/smb/client/connect.c

··· 300 300 server->ssocket->flags); 301 301 sock_release(server->ssocket); 302 302 server->ssocket = NULL; 303 - put_net(cifs_net_ns(server)); 304 303 } 305 304 server->sequence_number = 0; 306 305 server->session_estab = false; ··· 1073 1074 msleep(125); 1074 1075 if (cifs_rdma_enabled(server)) 1075 1076 smbd_destroy(server); 1076 - 1077 1077 if (server->ssocket) { 1078 1078 sock_release(server->ssocket); 1079 1079 server->ssocket = NULL; 1080 - 1081 - /* Release netns reference for the socket. */ 1082 - put_net(cifs_net_ns(server)); 1083 1080 } 1084 1081 1085 1082 if (!list_empty(&server->pending_mid_q)) { ··· 1123 1128 */ 1124 1129 } 1125 1130 1126 - /* Release netns reference for this server. */ 1127 1131 put_net(cifs_net_ns(server)); 1128 1132 kfree(server->leaf_fullpath); 1129 1133 kfree(server->hostname); ··· 1768 1774 1769 1775 tcp_ses->ops = ctx->ops; 1770 1776 tcp_ses->vals = ctx->vals; 1771 - 1772 - /* Grab netns reference for this server. */ 1773 1777 cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns)); 1774 1778 1775 1779 tcp_ses->sign = ctx->sign; ··· 1895 1903 out_err_crypto_release: 1896 1904 cifs_crypto_secmech_release(tcp_ses); 1897 1905 1898 - /* Release netns reference for this server. */ 1899 1906 put_net(cifs_net_ns(tcp_ses)); 1900 1907 1901 1908 out_err: ··· 1903 1912 cifs_put_tcp_session(tcp_ses->primary_server, false); 1904 1913 kfree(tcp_ses->hostname); 1905 1914 kfree(tcp_ses->leaf_fullpath); 1906 - if (tcp_ses->ssocket) { 1915 + if (tcp_ses->ssocket) 1907 1916 sock_release(tcp_ses->ssocket); 1908 - put_net(cifs_net_ns(tcp_ses)); 1909 - } 1910 1917 kfree(tcp_ses); 1911 1918 } 1912 1919 return ERR_PTR(rc); ··· 3348 3359 socket = server->ssocket; 3349 3360 } else { 3350 3361 struct net *net = cifs_net_ns(server); 3362 + struct sock *sk; 3351 3363 3352 - rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket); 3364 + rc = __sock_create(net, sfamily, SOCK_STREAM, 3365 + IPPROTO_TCP, &server->ssocket, 1); 3353 3366 if (rc < 0) { 3354 3367 cifs_server_dbg(VFS, "Error %d creating socket\n", rc); 3355 3368 return rc; 3356 3369 } 3357 3370 3358 - /* 3359 - * Grab netns reference for the socket. 3360 - * 3361 - * This reference will be released in several situations: 3362 - * - In the failure path before the cifsd thread is started. 3363 - * - In the all place where server->socket is released, it is 3364 - * also set to NULL. 3365 - * - Ultimately in clean_demultiplex_info(), during the final 3366 - * teardown. 3367 - */ 3368 - get_net(net); 3371 + sk = server->ssocket->sk; 3372 + __netns_tracker_free(net, &sk->ns_tracker, false); 3373 + sk->sk_net_refcnt = 1; 3374 + get_net_track(net, &sk->ns_tracker, GFP_KERNEL); 3375 + sock_inuse_add(net, 1); 3369 3376 3370 3377 /* BB other socket options to set KEEPALIVE, NODELAY? */ 3371 3378 cifs_dbg(FYI, "Socket created\n"); ··· 3413 3428 if (rc < 0) { 3414 3429 cifs_dbg(FYI, "Error %d connecting to server\n", rc); 3415 3430 trace_smb3_connect_err(server->hostname, server->conn_id, &server->dstaddr, rc); 3416 - put_net(cifs_net_ns(server)); 3417 3431 sock_release(socket); 3418 3432 server->ssocket = NULL; 3419 3433 return rc;

+28

fs/smb/client/file.c

··· 1007 1007 } else { 1008 1008 _cifsFileInfo_put(cfile, true, false); 1009 1009 } 1010 + } else { 1011 + /* hard link on the defeered close file */ 1012 + rc = cifs_get_hardlink_path(tcon, inode, file); 1013 + if (rc) 1014 + cifs_close_deferred_file(CIFS_I(inode)); 1010 1015 } 1011 1016 1012 1017 if (server->oplocks) ··· 2074 2069 struct list_head *li, *tmp; 2075 2070 list_for_each_safe(li, tmp, source) 2076 2071 list_move(li, dest); 2072 + } 2073 + 2074 + int 2075 + cifs_get_hardlink_path(struct cifs_tcon *tcon, struct inode *inode, 2076 + struct file *file) 2077 + { 2078 + struct cifsFileInfo *open_file = NULL; 2079 + struct cifsInodeInfo *cinode = CIFS_I(inode); 2080 + int rc = 0; 2081 + 2082 + spin_lock(&tcon->open_file_lock); 2083 + spin_lock(&cinode->open_file_lock); 2084 + 2085 + list_for_each_entry(open_file, &cinode->openFileList, flist) { 2086 + if (file->f_flags == open_file->f_flags) { 2087 + rc = -EINVAL; 2088 + break; 2089 + } 2090 + } 2091 + 2092 + spin_unlock(&cinode->open_file_lock); 2093 + spin_unlock(&tcon->open_file_lock); 2094 + return rc; 2077 2095 } 2078 2096 2079 2097 void