пн, 9 дек. 2019 г. в 20:48, Steve French <smfrench@xxxxxxxxx>:
>
> Fix refcount underflow warning when unmounting to servers which didn't grant
> directory leases.
>
> [ 301.680095] refcount_t: underflow; use-after-free.
> [ 301.680192] WARNING: CPU: 1 PID: 3569 at lib/refcount.c:28
> refcount_warn_saturate+0xb4/0xf3
> ...
> [ 301.682139] Call Trace:
> [ 301.682240] close_shroot+0x97/0xda [cifs]
> [ 301.682351] SMB2_tdis+0x7c/0x176 [cifs]
> [ 301.682456] ? _get_xid+0x58/0x91 [cifs]
> [ 301.682563] cifs_put_tcon.part.0+0x99/0x202 [cifs]
> [ 301.682637] ? ida_free+0x99/0x10a
> [ 301.682727] ? cifs_umount+0x3d/0x9d [cifs]
> [ 301.682829] cifs_put_tlink+0x3a/0x50 [cifs]
> [ 301.682929] cifs_umount+0x44/0x9d [cifs]
>
> Fixes: 72e73c78c446 ("cifs: close the shared root handle on tree disconnect")
>
> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> Acked-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
> Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>
> Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
> Reported-and-tested-by: Arthur Marsh <arthur.marsh@xxxxxxxxxxxxxxxx>
>
> --
> Thanks,
>
> Steve
Looking at this more, I think that the fact that the handle is valid
doesn't mean that it has a directory lease. So, I think we need to
track that fact separately. I coded a quick follow-on fix (untested)
to describe my idea - see the attached patch.
Thoughts?
--
Best regards,
Pavel Shilovsky
Attachment:
0001-CIFS-Close-cached-root-handle-only-if-it-has-a-lease.patch
Description: Binary data
