2018-03-14 4:40 GMT-07:00 Aurélien Aptel <aaptel@xxxxxxxx>: > Hi Pavel, > > Pavel Shilovskiy <pshilov@xxxxxxxxxxxxx> writes: >> Do we skip only last sess setup response or every response with SIGNED flag? In the latter case the comment should reflect it. > > We want to skip the last sess setup response, and it happens to also be > signed which is how I detect it. > > I guess the proper way would be to add a session/tcon > update_preauth_hash flag and set it to 0 once the final sess setup > request is sent. Do you think we should change this? > >>> +#ifdef CONFIG_CIFS_SMB311 >>> + if (ses->status == CifsNew) >>> + smb311_update_preauth_hash(ses, rqst->rq_iov+1, >>> + rqst->rq_nvec-1); >>> +#endif >> >> Is there a race here? Can it be a situation where ses->server->secmech.sdescsha512 is being updated by multiple threads calling cifs_send_recv()? E.g. we are trying to establish two smb connections over the same TCP connection in the same time. It seems that ses->server->secmech.sdescsha512 may be corrupted which will result in signing errors. > > I'm not sure what happens if we issue 2 mount calls //server/A and > //server/B using the same credentials in parallel. Depending on which > step the first mount call is no tcp or sess can be reused. Isn't cifs.ko > waiting for session to be established (ie. after preauth) before trying > to reuse them? Once a TCP session is created it is also added to the list of TCP sessions (servers). When the 2nd mount is initiated the client is trying to match a remote server to the existing one from the TCP session list (see match_server() in function in connect.c). If such a match is found, the client continues with the existing TCP session and doesn't create a new one. The same sharing logic applies for SMB sessions and Tree connects establishing. -- Best regards, Pavel Shilovsky -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
