commit 8560697b23dc2f405cb463af2b17256a9888129d · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge tag '6.15-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

- Fix hard link lease key problem when close is deferred

- Revert the socket lockdep/refcount workarounds done in cifs.ko now
that it is fixed at the socket layer

* tag '6.15-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
Revert "smb: client: fix TCP timers deadlock after rmmod"
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
smb3 client: fix open hardlink on deferred close file error

Linus Torvalds 9 months ago 8560697b 3088d269

+39 -25

3 changed files

expand all

unified split

smb

client

cifsproto.h

connect.c

file.c

fs/smb/client/cifsproto.h

··· 163 extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); 164 extern int cifs_get_readable_path(struct cifs_tcon *tcon, const char *name, 165 struct cifsFileInfo **ret_file); 166 extern unsigned int smbCalcSize(void *buf); 167 extern int decode_negTokenInit(unsigned char *security_blob, int length, 168 struct TCP_Server_Info *server);

··· 163 extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *, bool); 164 extern int cifs_get_readable_path(struct cifs_tcon *tcon, const char *name, 165 struct cifsFileInfo **ret_file); 166 + extern int cifs_get_hardlink_path(struct cifs_tcon *tcon, struct inode *inode, 167 + struct file *file); 168 extern unsigned int smbCalcSize(void *buf); 169 extern int decode_negTokenInit(unsigned char *security_blob, int length, 170 struct TCP_Server_Info *server);

+9 -25

fs/smb/client/connect.c

··· 300 server->ssocket->flags); 301 sock_release(server->ssocket); 302 server->ssocket = NULL; 303 - put_net(cifs_net_ns(server)); 304 } 305 server->sequence_number = 0; 306 server->session_estab = false; ··· 1073 msleep(125); 1074 if (cifs_rdma_enabled(server)) 1075 smbd_destroy(server); 1076 - 1077 if (server->ssocket) { 1078 sock_release(server->ssocket); 1079 server->ssocket = NULL; 1080 - 1081 - /* Release netns reference for the socket. */ 1082 - put_net(cifs_net_ns(server)); 1083 } 1084 1085 if (!list_empty(&server->pending_mid_q)) { ··· 1123 */ 1124 } 1125 1126 - /* Release netns reference for this server. */ 1127 put_net(cifs_net_ns(server)); 1128 kfree(server->leaf_fullpath); 1129 kfree(server->hostname); ··· 1768 1769 tcp_ses->ops = ctx->ops; 1770 tcp_ses->vals = ctx->vals; 1771 - 1772 - /* Grab netns reference for this server. */ 1773 cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns)); 1774 1775 tcp_ses->sign = ctx->sign; ··· 1895 out_err_crypto_release: 1896 cifs_crypto_secmech_release(tcp_ses); 1897 1898 - /* Release netns reference for this server. */ 1899 put_net(cifs_net_ns(tcp_ses)); 1900 1901 out_err: ··· 1903 cifs_put_tcp_session(tcp_ses->primary_server, false); 1904 kfree(tcp_ses->hostname); 1905 kfree(tcp_ses->leaf_fullpath); 1906 - if (tcp_ses->ssocket) { 1907 sock_release(tcp_ses->ssocket); 1908 - put_net(cifs_net_ns(tcp_ses)); 1909 - } 1910 kfree(tcp_ses); 1911 } 1912 return ERR_PTR(rc); ··· 3348 socket = server->ssocket; 3349 } else { 3350 struct net *net = cifs_net_ns(server); 3351 3352 - rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket); 3353 if (rc < 0) { 3354 cifs_server_dbg(VFS, "Error %d creating socket\n", rc); 3355 return rc; 3356 } 3357 3358 - /* 3359 - * Grab netns reference for the socket. 3360 - * 3361 - * This reference will be released in several situations: 3362 - * - In the failure path before the cifsd thread is started. 3363 - * - In the all place where server->socket is released, it is 3364 - * also set to NULL. 3365 - * - Ultimately in clean_demultiplex_info(), during the final 3366 - * teardown. 3367 - */ 3368 - get_net(net); 3369 3370 /* BB other socket options to set KEEPALIVE, NODELAY? */ 3371 cifs_dbg(FYI, "Socket created\n"); ··· 3413 if (rc < 0) { 3414 cifs_dbg(FYI, "Error %d connecting to server\n", rc); 3415 trace_smb3_connect_err(server->hostname, server->conn_id, &server->dstaddr, rc); 3416 - put_net(cifs_net_ns(server)); 3417 sock_release(socket); 3418 server->ssocket = NULL; 3419 return rc;

··· 300 server->ssocket->flags); 301 sock_release(server->ssocket); 302 server->ssocket = NULL; 303 } 304 server->sequence_number = 0; 305 server->session_estab = false; ··· 1074 msleep(125); 1075 if (cifs_rdma_enabled(server)) 1076 smbd_destroy(server); 1077 if (server->ssocket) { 1078 sock_release(server->ssocket); 1079 server->ssocket = NULL; 1080 } 1081 1082 if (!list_empty(&server->pending_mid_q)) { ··· 1128 */ 1129 } 1130 1131 put_net(cifs_net_ns(server)); 1132 kfree(server->leaf_fullpath); 1133 kfree(server->hostname); ··· 1774 1775 tcp_ses->ops = ctx->ops; 1776 tcp_ses->vals = ctx->vals; 1777 cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns)); 1778 1779 tcp_ses->sign = ctx->sign; ··· 1903 out_err_crypto_release: 1904 cifs_crypto_secmech_release(tcp_ses); 1905 1906 put_net(cifs_net_ns(tcp_ses)); 1907 1908 out_err: ··· 1912 cifs_put_tcp_session(tcp_ses->primary_server, false); 1913 kfree(tcp_ses->hostname); 1914 kfree(tcp_ses->leaf_fullpath); 1915 + if (tcp_ses->ssocket) 1916 sock_release(tcp_ses->ssocket); 1917 kfree(tcp_ses); 1918 } 1919 return ERR_PTR(rc); ··· 3359 socket = server->ssocket; 3360 } else { 3361 struct net *net = cifs_net_ns(server); 3362 + struct sock *sk; 3363 3364 + rc = __sock_create(net, sfamily, SOCK_STREAM, 3365 + IPPROTO_TCP, &server->ssocket, 1); 3366 if (rc < 0) { 3367 cifs_server_dbg(VFS, "Error %d creating socket\n", rc); 3368 return rc; 3369 } 3370 3371 + sk = server->ssocket->sk; 3372 + __netns_tracker_free(net, &sk->ns_tracker, false); 3373 + sk->sk_net_refcnt = 1; 3374 + get_net_track(net, &sk->ns_tracker, GFP_KERNEL); 3375 + sock_inuse_add(net, 1); 3376 3377 /* BB other socket options to set KEEPALIVE, NODELAY? */ 3378 cifs_dbg(FYI, "Socket created\n"); ··· 3428 if (rc < 0) { 3429 cifs_dbg(FYI, "Error %d connecting to server\n", rc); 3430 trace_smb3_connect_err(server->hostname, server->conn_id, &server->dstaddr, rc); 3431 sock_release(socket); 3432 server->ssocket = NULL; 3433 return rc;

+28

fs/smb/client/file.c

··· 1007 } else { 1008 _cifsFileInfo_put(cfile, true, false); 1009 } 1010 } 1011 1012 if (server->oplocks) ··· 2074 struct list_head *li, *tmp; 2075 list_for_each_safe(li, tmp, source) 2076 list_move(li, dest); 2077 } 2078 2079 void

··· 1007 } else { 1008 _cifsFileInfo_put(cfile, true, false); 1009 } 1010 + } else { 1011 + /* hard link on the defeered close file */ 1012 + rc = cifs_get_hardlink_path(tcon, inode, file); 1013 + if (rc) 1014 + cifs_close_deferred_file(CIFS_I(inode)); 1015 } 1016 1017 if (server->oplocks) ··· 2069 struct list_head *li, *tmp; 2070 list_for_each_safe(li, tmp, source) 2071 list_move(li, dest); 2072 + } 2073 + 2074 + int 2075 + cifs_get_hardlink_path(struct cifs_tcon *tcon, struct inode *inode, 2076 + struct file *file) 2077 + { 2078 + struct cifsFileInfo *open_file = NULL; 2079 + struct cifsInodeInfo *cinode = CIFS_I(inode); 2080 + int rc = 0; 2081 + 2082 + spin_lock(&tcon->open_file_lock); 2083 + spin_lock(&cinode->open_file_lock); 2084 + 2085 + list_for_each_entry(open_file, &cinode->openFileList, flist) { 2086 + if (file->f_flags == open_file->f_flags) { 2087 + rc = -EINVAL; 2088 + break; 2089 + } 2090 + } 2091 + 2092 + spin_unlock(&cinode->open_file_lock); 2093 + spin_unlock(&tcon->open_file_lock); 2094 + return rc; 2095 } 2096 2097 void