From patchwork Fri Mar 12 14:26:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1452115 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dxp6V6QdRz9sWm; Sat, 13 Mar 2021 01:26:58 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKikg-0007SR-Ph; Fri, 12 Mar 2021 14:26:54 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKikf-0007S7-9j for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:26:53 +0000 Received: from mail-pf1-f200.google.com ([209.85.210.200]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKike-0004Fz-Tm for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:26:53 +0000 Received: by mail-pf1-f200.google.com with SMTP id 7so14587874pfn.4 for ; Fri, 12 Mar 2021 06:26:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=q4qx7xyLIpP/DJEW0bVdlwdhNbXtJ86l3QV9mYrShUI=; b=p5Emmwpb20zntNEikLjcZPrxJy3K7I93HC0nqQwxtCjfuYvJMZhHtrjVaNBgGD6alq 4FEcH0iNNffnOpdkfxDtMJOpNEwJDqB4uHOfLA2N9WuGtmzW1m1Engx+QU8Bw09BKipq L1YikQ3JUv2pemiO+ZdFjRZ1QVbztqEXVc8EKlesJigmbnhd9PvKYGUCtbRu22vf7K7k tnyoXKsz6BGMlDS6c4G6EYsNxIrVtW71JnfU3Q8W7ARTj4CYKP7NyEjRr35x3rvPOjf7 RRKOLwXIKZDaQultryZGPBYGiFJzgj/RSf1yIdhF/o3PasUA/HMYeGJR7eS7oAVYkXPb deyQ== X-Gm-Message-State: AOAM532O2wynMU9TNFr45XrAWhheQ8IVQYjWATQwzqbn861Wt/uOEqZl veHHfxyKAxKhtxnrlhbIArOSxZkKHFhOsY+5b28Z7UrnvAB8z73yTP6BPbDi98PcPZp/Zf0MYOO 1+zuFShOiLD1SFI+HA1j69JIJzY+7ft10VWxcZ7GkpQ== X-Received: by 2002:a17:902:10a:b029:e2:e8f7:2988 with SMTP id 10-20020a170902010ab02900e2e8f72988mr13691899plb.4.1615559211268; Fri, 12 Mar 2021 06:26:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJxXrBWyiR/+4L71rvG6q5t9kyV8rn0zWBlsxxdNJuiPxvtxa20crG+QfpdPuRWUO9BOvzlN0g== X-Received: by 2002:a17:902:10a:b029:e2:e8f7:2988 with SMTP id 10-20020a170902010ab02900e2e8f72988mr13691890plb.4.1615559211047; Fri, 12 Mar 2021 06:26:51 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id e1sm5765995pfi.175.2021.03.12.06.26.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Mar 2021 06:26:50 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/3] CIFS: Close open handle after interrupted close Date: Fri, 12 Mar 2021 07:26:44 -0700 Message-Id: <20210312142646.32579-2-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210312142646.32579-1-tim.gardner@canonical.com> References: <20210312142646.32579-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pavel Shilovsky BugLink: https://bugs.launchpad.net/bugs/1918714 If Close command is interrupted before sending a request to the server the client ends up leaking an open file handle. This wastes server resources and can potentially block applications that try to remove the file or any directory containing this file. Fix this by putting the close command into a worker queue, so another thread retries it later. Cc: Stable Tested-by: Frank Sorenson Reviewed-by: Ronnie Sahlberg Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French (backported from commit 9150c3adbf24d77cfba37f03639d4a908ca4ac25) [ fs/cifs/smb2pdu.c has had significant changes, so the part of this patch affecting fs/cifs/smb2pdu.c was pieced in where the logic looked correct ] Signed-off-by: Tim Gardner --- v2 - ran scripts/checkpatch.pl and corrected formatting errors. fs/cifs/smb2misc.c | 59 ++++++++++++++++++++++++++++++++++----------- fs/cifs/smb2pdu.c | 11 +++++++-- fs/cifs/smb2proto.h | 3 +++ 3 files changed, 57 insertions(+), 16 deletions(-) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 0c6e5450ff76..d15ace6151d9 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -674,34 +674,65 @@ smb2_cancelled_close_fid(struct work_struct *work) kfree(cancelled); } +/* Caller should already has an extra reference to @tcon */ +static int +__smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, + __u64 volatile_fid) +{ + struct close_cancelled_open *cancelled; + + cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); + if (!cancelled) + return -ENOMEM; + + cancelled->fid.persistent_fid = persistent_fid; + cancelled->fid.volatile_fid = volatile_fid; + cancelled->tcon = tcon; + INIT_WORK(&cancelled->work, smb2_cancelled_close_fid); + WARN_ON(queue_work(cifsiod_wq, &cancelled->work) == false); + + return 0; +} + +int +smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, + __u64 volatile_fid) +{ + int rc; + + cifs_dbg(FYI, "%s: tc_count=%d\n", __func__, tcon->tc_count); + spin_lock(&cifs_tcp_ses_lock); + tcon->tc_count++; + spin_unlock(&cifs_tcp_ses_lock); + + rc = __smb2_handle_cancelled_close(tcon, persistent_fid, volatile_fid); + if (rc) + cifs_put_tcon(tcon); + + return rc; +} + int smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server) { struct smb2_sync_hdr *sync_hdr = get_sync_hdr(buffer); struct smb2_create_rsp *rsp = (struct smb2_create_rsp *)buffer; struct cifs_tcon *tcon; - struct close_cancelled_open *cancelled; + int rc; if (sync_hdr->Command != SMB2_CREATE || sync_hdr->Status != STATUS_SUCCESS) return 0; - cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); - if (!cancelled) - return -ENOMEM; - tcon = smb2_find_smb_tcon(server, sync_hdr->SessionId, sync_hdr->TreeId); - if (!tcon) { - kfree(cancelled); + if (!tcon) return -ENOENT; - } - cancelled->fid.persistent_fid = rsp->PersistentFileId; - cancelled->fid.volatile_fid = rsp->VolatileFileId; - cancelled->tcon = tcon; - INIT_WORK(&cancelled->work, smb2_cancelled_close_fid); - queue_work(cifsiod_wq, &cancelled->work); + rc = __smb2_handle_cancelled_close(tcon, rsp->PersistentFileId, + rsp->VolatileFileId); + if (rc) + cifs_put_tcon(tcon); - return 0; + return rc; } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ab1df4311a6d..04e1cb66baf8 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2133,9 +2133,17 @@ SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, rsp = (struct smb2_close_rsp *)rsp_iov.iov_base; if (rc != 0) { + /* retry close in a worker thread if this one is interrupted */ + if (rc == -EINTR) { + int tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid, + volatile_fid); + if (tmp_rc) + cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n", + persistent_fid, tmp_rc); + } cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); goto close_exit; - } + } /* BB FIXME - decode close response, update inode for caching */ @@ -2147,7 +2155,6 @@ SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, static int validate_buf(unsigned int offset, unsigned int buffer_length, struct smb2_hdr *hdr, unsigned int min_buf_size) - { unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length); char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr; diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h index 3b8e9c2e55bc..245a2595f1b1 100644 --- a/fs/cifs/smb2proto.h +++ b/fs/cifs/smb2proto.h @@ -180,6 +180,9 @@ extern int SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, extern int SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, const u64 persistent_fid, const u64 volatile_fid, const __u8 oplock_level); +extern int smb2_handle_cancelled_close(struct cifs_tcon *tcon, + __u64 persistent_fid, + __u64 volatile_fid); extern int smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server); void smb2_cancelled_close_fid(struct work_struct *work); From patchwork Fri Mar 12 14:26:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1452117 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dxp6Z15nlz9sW1; Sat, 13 Mar 2021 01:27:02 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKikk-0007Tt-Uw; Fri, 12 Mar 2021 14:26:58 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKikg-0007SD-AE for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:26:54 +0000 Received: from mail-pj1-f69.google.com ([209.85.216.69]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKikf-0004GD-TR for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:26:54 +0000 Received: by mail-pj1-f69.google.com with SMTP id dw22so323940pjb.6 for ; Fri, 12 Mar 2021 06:26:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XMVQ6T7L3FgFBiNW3EB7pzp/9wWk9H0Em7v7HYPjg3g=; b=QgYmN2K35qPZXwUnnb9/5intNsxS1+4sY2dHW9UdL2yuRPjwHzN2x0hsgWLIE6CrBr eJU3hrlFXmSURwTfYCgdhI7RqIe20JzohQgN6Ej0tz6GU3EnoMeCx0oXX+AyuC4E1Knk 4nhSONWS9C4l9sxScXXzyHlYQhZ7aK9WPmTSo5B/iQAevqAUE8rI0U4pAlGIk5Tc2T9o KRL9woairHQ+71DVbrTJFcWJHOBkGd8+tjSCsnCBg2/bs57HknM3vHkbvdLyk0DlsJK+ hFOniqsNyRd0x6IA5eb0OWr3T2PeUpPp+mianYKfYLbHWTUxGJ+gv371BDoebGu+61Qk eZ4w== X-Gm-Message-State: AOAM532hZ7a4BQy78hEQYlyk9ty233t3va67Ulcd/mYMh6A82n+MFU3k fIP4kmGWUj6V+WI+2cTW5VoZivchysvy0mCAlI2W75Ia6FS6PphoQqWgO3t/rIzMRdjD36qEOis D49Ty4kOLe+W3ZyaOcldOoDu13XzAO20UnE2DmVyanA== X-Received: by 2002:a17:902:edc6:b029:e4:6dba:415e with SMTP id q6-20020a170902edc6b02900e46dba415emr13586308plk.65.1615559212285; Fri, 12 Mar 2021 06:26:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwRSFLhl3n7gmWuwiWKEI43c2JQQdUwD1rIms0bfZDUmI9svah1WbSNIvt/QVNBlKFaLGCyMA== X-Received: by 2002:a17:902:edc6:b029:e4:6dba:415e with SMTP id q6-20020a170902edc6b02900e46dba415emr13586289plk.65.1615559212085; Fri, 12 Mar 2021 06:26:52 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id e1sm5765995pfi.175.2021.03.12.06.26.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Mar 2021 06:26:51 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/3] CIFS: Do not miss cancelled OPEN responses Date: Fri, 12 Mar 2021 07:26:45 -0700 Message-Id: <20210312142646.32579-3-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210312142646.32579-1-tim.gardner@canonical.com> References: <20210312142646.32579-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pavel Shilovsky BugLink: https://bugs.launchpad.net/bugs/1918714 When an OPEN command is cancelled we mark a mid as cancelled and let the demultiplex thread process it by closing an open handle. The problem is there is a race between a system call thread and the demultiplex thread and there may be a situation when the mid has been already processed before it is set as cancelled. Fix this by processing cancelled requests when mids are being destroyed which means that there is only one thread referencing a particular mid. Also set mids as cancelled unconditionally on their state. Cc: Stable Tested-by: Frank Sorenson Reviewed-by: Ronnie Sahlberg Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French (backported from commit 7b71843fa7028475b052107664cbe120156a2cfc) [ fs/cifs/transport.c has changed significantly, I pieced in the intended changes to the old function DeleteMidQEntry() ] Signed-off-by: Tim Gardner --- v2 - ran scripts/checkpatch.pl and corrected formatting errors. fs/cifs/connect.c | 7 ------- fs/cifs/transport.c | 9 ++++++++- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c96b9d60f625..7f8a65d325b8 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -996,13 +996,6 @@ cifs_demultiplex_thread(void *p) server->lstrp = jiffies; if (mid_entry != NULL) { - if ((mid_entry->mid_flags & MID_WAIT_CANCELLED) && - mid_entry->mid_state == MID_RESPONSE_RECEIVED && - server->ops->handle_cancelled_mid) - server->ops->handle_cancelled_mid( - mid_entry->resp_buf, - server); - if (!mid_entry->multiRsp || mid_entry->multiEnd) mid_entry->callback(mid_entry); diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 22d421054303..764301881608 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -100,6 +100,13 @@ DeleteMidQEntry(struct mid_q_entry *midEntry) __le16 command = midEntry->server->vals->lock_cmd; unsigned long now; #endif + struct TCP_Server_Info *server = midEntry->server; + + if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && + midEntry->mid_state == MID_RESPONSE_RECEIVED && + server->ops->handle_cancelled_mid) + server->ops->handle_cancelled_mid(midEntry->resp_buf, server); + midEntry->mid_state = MID_FREE; atomic_dec(&midCount); if (midEntry->large_buf) @@ -768,8 +775,8 @@ cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, cifs_dbg(FYI, "Cancelling wait for mid %llu\n", midQ->mid); send_cancel(ses->server, rqst, midQ); spin_lock(&GlobalMid_Lock); + midQ->mid_flags |= MID_WAIT_CANCELLED; if (midQ->mid_state == MID_REQUEST_SUBMITTED) { - midQ->mid_flags |= MID_WAIT_CANCELLED; midQ->callback = DeleteMidQEntry; spin_unlock(&GlobalMid_Lock); add_credits(ses->server, 1, optype); From patchwork Fri Mar 12 14:26:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1452118 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dxp6d6QzCz9sXN; Sat, 13 Mar 2021 01:27:05 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lKiko-0007X7-Gl; Fri, 12 Mar 2021 14:27:02 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKikm-0007V3-6x for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:27:00 +0000 Received: from mail-pl1-f198.google.com ([209.85.214.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lKikl-0004Gr-LS for kernel-team@lists.ubuntu.com; Fri, 12 Mar 2021 14:26:59 +0000 Received: by mail-pl1-f198.google.com with SMTP id b9so4962024plh.9 for ; Fri, 12 Mar 2021 06:26:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tNLLaJ2K32A06pM/f/3CGTu2MiHS4ItPn1/8Pbb/U0s=; b=MLf0LpA2UOQ3Ax5GC+zqow8qkkFOkw6Ia1b6kKjab2gt6G9DLACeIBr1swNpoJoUms VbmGWbyHFH6jjoHgU1nF53rgg8X2B80cIOPfB5ucOE/t/MOhFpF0vaY3qBeBMXKOsdnj 3o30NQnKzZb50Ercgsu5+HVnF4wUo3FskbxCRRxG05VzksUN87gYK6zgKKvNzllMx5Yq X9+7w5/8BNxyGRe47gINngF2NGws6ecGhz6HonKpzijpt/eNBDv2gvHTHRj+YKC5EfxS XGfpTnhX5bZ5D+G0jjcjEshbelD2rr3AVQeuGZDEgPpGdZPf2ZQziua+E5z5CepdBbq2 kKrg== X-Gm-Message-State: AOAM532SWM60+K9k1lw6KN4PMsiQ603ZwtbPY/b8Hp/4kTMxdz/Q/Z/M 5NPt46oF/b1S1n+2k4fqVcH0baQgIp8wPYauyP+PApRBOnnb4z0NOOJJkXqziYERCRApxccFNLY HhXuQhS1g63V/d/YuMO4+ABNRv89Qu0f89U/IfeW6nA== X-Received: by 2002:a17:902:da91:b029:e5:e7cf:d737 with SMTP id j17-20020a170902da91b02900e5e7cfd737mr13726461plx.24.1615559217881; Fri, 12 Mar 2021 06:26:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJxtHxo37Z++dpYO30IS6h63ieKFrfOsornDLACNWTHKfWjA5iu2A3B6+gAdZRUnLbAzLqqktg== X-Received: by 2002:a17:902:da91:b029:e5:e7cf:d737 with SMTP id j17-20020a170902da91b02900e5e7cfd737mr13726147plx.24.1615559213099; Fri, 12 Mar 2021 06:26:53 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id e1sm5765995pfi.175.2021.03.12.06.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Mar 2021 06:26:52 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/3] cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() Date: Fri, 12 Mar 2021 07:26:46 -0700 Message-Id: <20210312142646.32579-4-tim.gardner@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210312142646.32579-1-tim.gardner@canonical.com> References: <20210312142646.32579-1-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: "Paulo Alcantara (SUSE)" BugLink: https://bugs.launchpad.net/bugs/1918714 __smb2_handle_cancelled_cmd() is called under a spin lock held in cifs_mid_q_entry_release(), so make its memory allocation GFP_ATOMIC. This issue was observed when running xfstests generic/028: [ 1722.589204] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72064 cmd: 5 [ 1722.590687] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72065 cmd: 17 [ 1722.593529] CIFS VFS: \\192.168.30.26 Cancelling wait for mid 72066 cmd: 6 [ 1723.039014] BUG: sleeping function called from invalid context at mm/slab.h:565 [ 1723.040710] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 30877, name: cifsd [ 1723.045098] CPU: 3 PID: 30877 Comm: cifsd Not tainted 5.5.0-rc4+ #313 [ 1723.046256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014 [ 1723.048221] Call Trace: [ 1723.048689] dump_stack+0x97/0xe0 [ 1723.049268] ___might_sleep.cold+0xd1/0xe1 [ 1723.050069] kmem_cache_alloc_trace+0x204/0x2b0 [ 1723.051051] __smb2_handle_cancelled_cmd+0x40/0x140 [cifs] [ 1723.052137] smb2_handle_cancelled_mid+0xf6/0x120 [cifs] [ 1723.053247] cifs_mid_q_entry_release+0x44d/0x630 [cifs] [ 1723.054351] ? cifs_reconnect+0x26a/0x1620 [cifs] [ 1723.055325] cifs_demultiplex_thread+0xad4/0x14a0 [cifs] [ 1723.056458] ? cifs_handle_standard+0x2c0/0x2c0 [cifs] [ 1723.057365] ? kvm_sched_clock_read+0x14/0x30 [ 1723.058197] ? sched_clock+0x5/0x10 [ 1723.058838] ? sched_clock_cpu+0x18/0x110 [ 1723.059629] ? lockdep_hardirqs_on+0x17d/0x250 [ 1723.060456] kthread+0x1ab/0x200 [ 1723.061149] ? cifs_handle_standard+0x2c0/0x2c0 [cifs] [ 1723.062078] ? kthread_create_on_node+0xd0/0xd0 [ 1723.062897] ret_from_fork+0x3a/0x50 Signed-off-by: Paulo Alcantara (SUSE) Fixes: 9150c3adbf24 ("CIFS: Close open handle after interrupted close") Cc: Stable Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky (cherry picked from commit 0a5a98863c9debc02387b3d23c46d187756f5e2b) Signed-off-by: Tim Gardner v2 - formatting in fs/cifs/smb2misc.c --- fs/cifs/smb2misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index d15ace6151d9..c3a6125ff9cc 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -681,7 +681,7 @@ __smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid, { struct close_cancelled_open *cancelled; - cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); + cancelled = kzalloc(sizeof(*cancelled), GFP_ATOMIC); if (!cancelled) return -ENOMEM;