On Mon, Oct 14, 2019 at 7:01 PM Roberto Bergantinos Corpas <rbergant@xxxxxxxxxx> wrote: > > According to MS-CIFS specification MID 0xFFFF should not be used by the > CIFS client, but we actually do. Besides, this has proven to cause races > leading to oops between SendReceive2/cifs_demultiplex_thread. On SMB1, > MID is a 2 byte value easy to reach in CurrentMid which may conflict with > an oplock break notification request coming from server > > Signed-off-by: Roberto Bergantinos Corpas <rbergant@xxxxxxxxxx> > --- > fs/cifs/smb1ops.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c > index c4e75afa3258..c8d96230cbd2 100644 > --- a/fs/cifs/smb1ops.c > +++ b/fs/cifs/smb1ops.c > @@ -183,6 +183,9 @@ cifs_get_next_mid(struct TCP_Server_Info *server) > /* we do not want to loop forever */ > last_mid = cur_mid; > cur_mid++; > + /* avoid 0xFFFF MID */ > + if (cur_mid == 0xffff) > + cur_mid++; > > /* > * This nested loop looks more expensive than it is. > -- Reviewed-by: lsahlber@xxxxxxxxxx> Steve, can we get this pushed to linus soonish? It is a bad issue.
