From patchwork Thu Mar 11 18:18:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1451456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DxHJv1GvGz9sS8; Fri, 12 Mar 2021 05:19:11 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKPtr-0006Vz-5c; Thu, 11 Mar 2021 18:19:07 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPtp-0006VT-P6 for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:05 +0000 Received: from mail-pl1-f198.google.com ([209.85.214.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPto-0001ap-TO for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:05 +0000 Received: by mail-pl1-f198.google.com with SMTP id i12so11591478plb.13 for ; Thu, 11 Mar 2021 10:19:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IgFMrPFK+9F4ONkFktXpOVkudJdL9RNZVkaR+HQp41A=; b=WcMN6Onvwd7A9ZL3ccxjmfrQNLM/4bXyT9eRmA2WNUP0zG45C67tazyvWSPC0YO1lj iJp620R9HIr2aUr0lm9y4NpfHxH0FMDL2zTmE+lIP8/n94UW7Nt1zXW9xh81lz5Fz2E/ vmoifdcg9PKLD8pmoBcADvOQfx6Np7N6zpiZcB1hhaiO3SSYCf2SlbyqDZ5knuoiOBvg +thQ0VCZqnDNwHyJH4v0E5VqCRnbqVOOFeqt1/setC8H0Vb3LrQj+rwdxNh96obC6m0n kL1Gq98gT2IZVf3F7WUghuWphzpVsQ1HMUCDj0UQWRNttP9Rlwmn2mwlQWQf75Atfp7c ncCQ== X-Gm-Message-State: AOAM5325/3cr0x+gZrQp8SMoubR5DhdOfUGsRBPGSuK2ohYTMCRoOxEG 7ImaE7sTx0sfrHKy7fxONAnSQ8Mb2OQqFWOwVPTrQX4e+/F4Q8irQihSqm69Q8cm5G5U4rVkkMs 2lK91uFO/SYrdHGVyUV0wkKZj5KxIXTAqe3rT+eKv5w== X-Received: by 2002:a62:1ad0:0:b029:1f2:c7b3:3039 with SMTP id a199-20020a621ad00000b02901f2c7b33039mr8889007pfa.30.1615486743148; Thu, 11 Mar 2021 10:19:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJyRpWxml7OxWaVWSlaBn8G5/JJt+QOjyhS9kp0J0NIe0z+MYW4BWUct+qcMno+7fvaQXF7YTA== X-Received: by 2002:a62:1ad0:0:b029:1f2:c7b3:3039 with SMTP id a199-20020a621ad00000b02901f2c7b33039mr8888988pfa.30.1615486742882; Thu, 11 Mar 2021 10:19:02 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id r4sm2926106pjl.15.2021.03.11.10.19.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Mar 2021 10:19:02 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/3] CIFS: Close open handle after interrupted close Date: Thu, 11 Mar 2021 11:18:55 -0700 Message-Id: <20210311181857.10268-2-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210311181857.10268-1-tim.gardner@canonical.com> References: <20210311181857.10268-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pavel Shilovsky BugLink: https://bugs.launchpad.net/bugs/1918714 If Close command is interrupted before sending a request to the server the client ends up leaking an open file handle. This wastes server resources and can potentially block applications that try to remove the file or any directory containing this file. Fix this by putting the close command into a worker queue, so another thread retries it later. Cc: Stable Tested-by: Frank Sorenson Reviewed-by: Ronnie Sahlberg Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French (backported from commit 9150c3adbf24d77cfba37f03639d4a908ca4ac25) [ fs/cifs/smb2pdu.c has had significant changes, so the part of this patch affecting fs/cifs/smb2pdu.c was pieced in where the logic looked correct ] Signed-off-by: Tim Gardner --- fs/cifs/smb2misc.c | 59 ++++++++++++++++++++++++++++++++++----------- fs/cifs/smb2pdu.c | 9 ++++++- fs/cifs/smb2proto.h | 3 +++ 3 files changed, 56 insertions(+), 15 deletions(-) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 0c6e5450ff76..d15ace6151d9 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -674,34 +674,65 @@ smb2_cancelled_close_fid(struct work_struct *work) kfree(cancelled); } +/* Caller should already has an extra reference to @tcon */ +static int +__smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, + __u64 volatile_fid) +{ + struct close_cancelled_open *cancelled; + + cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); + if (!cancelled) + return -ENOMEM; + + cancelled->fid.persistent_fid = persistent_fid; + cancelled->fid.volatile_fid = volatile_fid; + cancelled->tcon = tcon; + INIT_WORK(&cancelled->work, smb2_cancelled_close_fid); + WARN_ON(queue_work(cifsiod_wq, &cancelled->work) == false); + + return 0; +} + +int +smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, + __u64 volatile_fid) +{ + int rc; + + cifs_dbg(FYI, "%s: tc_count=%d\n", __func__, tcon->tc_count); + spin_lock(&cifs_tcp_ses_lock); + tcon->tc_count++; + spin_unlock(&cifs_tcp_ses_lock); + + rc = __smb2_handle_cancelled_close(tcon, persistent_fid, volatile_fid); + if (rc) + cifs_put_tcon(tcon); + + return rc; +} + int smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server) { struct smb2_sync_hdr *sync_hdr = get_sync_hdr(buffer); struct smb2_create_rsp *rsp = (struct smb2_create_rsp *)buffer; struct cifs_tcon *tcon; - struct close_cancelled_open *cancelled; + int rc; if (sync_hdr->Command != SMB2_CREATE || sync_hdr->Status != STATUS_SUCCESS) return 0; - cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); - if (!cancelled) - return -ENOMEM; - tcon = smb2_find_smb_tcon(server, sync_hdr->SessionId, sync_hdr->TreeId); - if (!tcon) { - kfree(cancelled); + if (!tcon) return -ENOENT; - } - cancelled->fid.persistent_fid = rsp->PersistentFileId; - cancelled->fid.volatile_fid = rsp->VolatileFileId; - cancelled->tcon = tcon; - INIT_WORK(&cancelled->work, smb2_cancelled_close_fid); - queue_work(cifsiod_wq, &cancelled->work); + rc = __smb2_handle_cancelled_close(tcon, rsp->PersistentFileId, + rsp->VolatileFileId); + if (rc) + cifs_put_tcon(tcon); - return 0; + return rc; } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ab1df4311a6d..03e4725390d4 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2133,6 +2133,14 @@ SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, rsp = (struct smb2_close_rsp *)rsp_iov.iov_base; if (rc != 0) { + /* retry close in a worker thread if this one is interrupted */ + if (rc == -EINTR) { + int tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid, + volatile_fid); + if (tmp_rc) + cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n", + persistent_fid, tmp_rc); + } cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); goto close_exit; } @@ -2147,7 +2155,6 @@ SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, static int validate_buf(unsigned int offset, unsigned int buffer_length, struct smb2_hdr *hdr, unsigned int min_buf_size) - { unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length); char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr; diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h index 3b8e9c2e55bc..245a2595f1b1 100644 --- a/fs/cifs/smb2proto.h +++ b/fs/cifs/smb2proto.h @@ -180,6 +180,9 @@ extern int SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, extern int SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, const u64 persistent_fid, const u64 volatile_fid, const __u8 oplock_level); +extern int smb2_handle_cancelled_close(struct cifs_tcon *tcon, + __u64 persistent_fid, + __u64 volatile_fid); extern int smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server); void smb2_cancelled_close_fid(struct work_struct *work); From patchwork Thu Mar 11 18:18:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1451457 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DxHJw1XKsz9sVw; Fri, 12 Mar 2021 05:19:12 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKPts-0006WT-B6; Thu, 11 Mar 2021 18:19:08 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPtq-0006Vf-Bb for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:06 +0000 Received: from mail-pj1-f72.google.com ([209.85.216.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPtp-0001au-Na for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:05 +0000 Received: by mail-pj1-f72.google.com with SMTP id e15so7015918pjg.6 for ; Thu, 11 Mar 2021 10:19:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tXIbbI4ZD2+hLNg4nSL/DT6edLGplIubpisKCTyLrMs=; b=sewZrryfykLPSlfVU0HZlZ75ZIkgjgYdya2NwiAw1VXA/h5+NC2hY7+/Oc8uBMzlwg rOnY/HDKK81rCLNPER3OrLgqUJDyPyxhcG3n9uMEOXsx3WnDL8p9Xxj5s2hbutvrzkSn TFl4jEOi4xcasX3vHcmHjj7nYdzvICDKK2HAFkSWGIGXKcjNJxbqHhBmh29xIl4uH2ad SnFNYdHr8kVXrfxWla4VSwmBeAtWVyLArmEqTuh/GL/rwveRwfpYO4dJFb/rlWW3Azcz JNSlEC21W7kx+1YhMZWAjbzeqnS61yzvZ5Ip4lbKupSED6tzvW8i5jhHFPi7g4eBNyIl vorw== X-Gm-Message-State: AOAM533r3koHZBMQkHD8eqsz5oUhiEDeE1/tgX0PziF7uiceXIsRrszc hL9VlXepYlazQk5FcLrARhuBVkcZeuQorBegTh8CBWzK8mNYlXZQRyGoy9R3dXSheU1O/RMY3ds 4UyuChrGMt6nFr9UAkfJqK9xostX5vHgftwlKSHo1bA== X-Received: by 2002:a63:60e:: with SMTP id 14mr8304735pgg.187.1615486743950; Thu, 11 Mar 2021 10:19:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJzMG5CF78c79ab2963kETweQCCMB/Zpxz4ILl38ITnAA5gvyYGEW862djIrFpmOcsvIIIHcVA== X-Received: by 2002:a63:60e:: with SMTP id 14mr8304721pgg.187.1615486743726; Thu, 11 Mar 2021 10:19:03 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id r4sm2926106pjl.15.2021.03.11.10.19.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Mar 2021 10:19:03 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/3] CIFS: Do not miss cancelled OPEN responses Date: Thu, 11 Mar 2021 11:18:56 -0700 Message-Id: <20210311181857.10268-3-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210311181857.10268-1-tim.gardner@canonical.com> References: <20210311181857.10268-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pavel Shilovsky BugLink: https://bugs.launchpad.net/bugs/1918714 When an OPEN command is cancelled we mark a mid as cancelled and let the demultiplex thread process it by closing an open handle. The problem is there is a race between a system call thread and the demultiplex thread and there may be a situation when the mid has been already processed before it is set as cancelled. Fix this by processing cancelled requests when mids are being destroyed which means that there is only one thread referencing a particular mid. Also set mids as cancelled unconditionally on their state. Cc: Stable Tested-by: Frank Sorenson Reviewed-by: Ronnie Sahlberg Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French (backported from commit 7b71843fa7028475b052107664cbe120156a2cfc) [ fs/cifs/transport.c has changed significantly, I pieced in the intended changes to the old function DeleteMidQEntry() ] Signed-off-by: Tim Gardner --- fs/cifs/connect.c | 7 ------- fs/cifs/transport.c | 9 ++++++++- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c96b9d60f625..7f8a65d325b8 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -996,13 +996,6 @@ cifs_demultiplex_thread(void *p) server->lstrp = jiffies; if (mid_entry != NULL) { - if ((mid_entry->mid_flags & MID_WAIT_CANCELLED) && - mid_entry->mid_state == MID_RESPONSE_RECEIVED && - server->ops->handle_cancelled_mid) - server->ops->handle_cancelled_mid( - mid_entry->resp_buf, - server); - if (!mid_entry->multiRsp || mid_entry->multiEnd) mid_entry->callback(mid_entry); diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 22d421054303..143b2de71dec 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -100,6 +100,13 @@ DeleteMidQEntry(struct mid_q_entry *midEntry) __le16 command = midEntry->server->vals->lock_cmd; unsigned long now; #endif + struct TCP_Server_Info *server = midEntry->server; + + if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && + midEntry->mid_state == MID_RESPONSE_RECEIVED && + server->ops->handle_cancelled_mid) + server->ops->handle_cancelled_mid(midEntry->resp_buf, server); + midEntry->mid_state = MID_FREE; atomic_dec(&midCount); if (midEntry->large_buf) @@ -768,8 +775,8 @@ cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, cifs_dbg(FYI, "Cancelling wait for mid %llu\n", midQ->mid); send_cancel(ses->server, rqst, midQ); spin_lock(&GlobalMid_Lock); + midQ->mid_flags |= MID_WAIT_CANCELLED; if (midQ->mid_state == MID_REQUEST_SUBMITTED) { - midQ->mid_flags |= MID_WAIT_CANCELLED; midQ->callback = DeleteMidQEntry; spin_unlock(&GlobalMid_Lock); add_credits(ses->server, 1, optype); From patchwork Thu Mar 11 18:18:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1451458 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DxHJw2kF3z9sW4; Fri, 12 Mar 2021 05:19:12 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKPts-0006Wm-FL; Thu, 11 Mar 2021 18:19:08 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPtq-0006Vr-NA for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:06 +0000 Received: from mail-pj1-f72.google.com ([209.85.216.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKPtq-0001aw-BW for kernel-team@lists.ubuntu.com; Thu, 11 Mar 2021 18:19:06 +0000 Received: by mail-pj1-f72.google.com with SMTP id z21so7009549pjr.9 for ; Thu, 11 Mar 2021 10:19:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=AyM0CeJDVi8hpiH6noByLJLODpUvhoYTJU740JmWOZs=; b=mp8DMIk02D8CHf3HIb/NcY+1S3PTJexR4Mqv/p3SD9mLcdk3vkU/4M1jAZOK/18Lgq K8RXWE+L1Q1dR7tm5dRuUo3sGWQ4tt0h4ymED+7H6S65wl97tblytXc3sz+LQVHFvC/F dZf2vKJzZWIK3IOo2ts1UQ38bNF8KJEDP5o4E5umi1kBMdKrpbjUfpG1futgnskTD8pK S1DBxM5vBmG1x5ibVYNUlANBmmf2YeWV6HOWJlbtn4MtgZfUWdMe32gWQCbsI6D1COdr 2ly1PjlgzgWlATEL+UGWVuE7i4B2YUMoHcsA+sJBw2PS/f4VRrWScKrswulqRsvKC75t fS4A== X-Gm-Message-State: AOAM531NhlNrePT4mr60VC1vPncA0nbFnAlQuBzJSOj0nfzruxUJT6EL FDpJIbKzQ4FmCE1aoVvYAnrSdjKbwMvUwEvCSy5ilpEMTrtdx4fErLml0XNz6vuRJdyUpA129U3 9HBLDw4THNITfolRpvcuIocgPcHuHage7+ZJRG2Fezg== X-Received: by 2002:a17:90a:d3d1:: with SMTP id d17mr9868959pjw.21.1615486744754; Thu, 11 Mar 2021 10:19:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJytUG6IYwl+GAbzRRyp9Lda+pYRl5UJFr1rzsRiS0Wx0jcy/c2683gUavgurrJRtrV89dsDLQ== X-Received: by 2002:a17:90a:d3d1:: with SMTP id d17mr9868942pjw.21.1615486744513; Thu, 11 Mar 2021 10:19:04 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id r4sm2926106pjl.15.2021.03.11.10.19.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Mar 2021 10:19:04 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/3] cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() Date: Thu, 11 Mar 2021 11:18:57 -0700 Message-Id: <20210311181857.10268-4-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210311181857.10268-1-tim.gardner@canonical.com> References: <20210311181857.10268-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Paulo Alcantara (SUSE)" BugLink: https://bugs.launchpad.net/bugs/1918714 __smb2_handle_cancelled_cmd() is called under a spin lock held in cifs_mid_q_entry_release(), so make its memory allocation GFP_ATOMIC. This issue was observed when running xfstests generic/028: [ 1722.589204] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72064 cmd: 5 [ 1722.590687] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72065 cmd: 17 [ 1722.593529] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72066 cmd: 6 [ 1723.039014] BUG: sleeping function called from invalid context at mm/slab.h:565 [ 1723.040710] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 30877, name: cifsd [ 1723.045098] CPU: 3 PID: 30877 Comm: cifsd Not tainted 5.5.0-rc4+ #313 [ 1723.046256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014 [ 1723.048221] Call Trace: [ 1723.048689] dump_stack+0x97/0xe0 [ 1723.049268] ___might_sleep.cold+0xd1/0xe1 [ 1723.050069] kmem_cache_alloc_trace+0x204/0x2b0 [ 1723.051051] __smb2_handle_cancelled_cmd+0x40/0x140 [cifs] [ 1723.052137] smb2_handle_cancelled_mid+0xf6/0x120 [cifs] [ 1723.053247] cifs_mid_q_entry_release+0x44d/0x630 [cifs] [ 1723.054351] ? cifs_reconnect+0x26a/0x1620 [cifs] [ 1723.055325] cifs_demultiplex_thread+0xad4/0x14a0 [cifs] [ 1723.056458] ? cifs_handle_standard+0x2c0/0x2c0 [cifs] [ 1723.057365] ? kvm_sched_clock_read+0x14/0x30 [ 1723.058197] ? sched_clock+0x5/0x10 [ 1723.058838] ? sched_clock_cpu+0x18/0x110 [ 1723.059629] ? lockdep_hardirqs_on+0x17d/0x250 [ 1723.060456] kthread+0x1ab/0x200 [ 1723.061149] ? cifs_handle_standard+0x2c0/0x2c0 [cifs] [ 1723.062078] ? kthread_create_on_node+0xd0/0xd0 [ 1723.062897] ret_from_fork+0x3a/0x50 Signed-off-by: Paulo Alcantara (SUSE) Fixes: 9150c3adbf24 ("CIFS: Close open handle after interrupted close") Cc: Stable Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky (cherry picked from commit 0a5a98863c9debc02387b3d23c46d187756f5e2b) Signed-off-by: Tim Gardner --- fs/cifs/smb2misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index d15ace6151d9..c3a6125ff9cc 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -681,7 +681,7 @@ __smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, { struct close_cancelled_open *cancelled; - cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); + cancelled = kzalloc(sizeof(*cancelled), GFP_ATOMIC); if (!cancelled) return -ENOMEM;