This makes sense. Thanks for this patch.
Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
On Wed, Dec 11, 2019 at 5:53 AM Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote:
>
> пн, 9 дек. 2019 г. в 20:48, Steve French <smfrench@xxxxxxxxx>:
> >
> > Fix refcount underflow warning when unmounting to servers which didn't grant
> > directory leases.
> >
> > [ 301.680095] refcount_t: underflow; use-after-free.
> > [ 301.680192] WARNING: CPU: 1 PID: 3569 at lib/refcount.c:28
> > refcount_warn_saturate+0xb4/0xf3
> > ...
> > [ 301.682139] Call Trace:
> > [ 301.682240] close_shroot+0x97/0xda [cifs]
> > [ 301.682351] SMB2_tdis+0x7c/0x176 [cifs]
> > [ 301.682456] ? _get_xid+0x58/0x91 [cifs]
> > [ 301.682563] cifs_put_tcon.part.0+0x99/0x202 [cifs]
> > [ 301.682637] ? ida_free+0x99/0x10a
> > [ 301.682727] ? cifs_umount+0x3d/0x9d [cifs]
> > [ 301.682829] cifs_put_tlink+0x3a/0x50 [cifs]
> > [ 301.682929] cifs_umount+0x44/0x9d [cifs]
> >
> > Fixes: 72e73c78c446 ("cifs: close the shared root handle on tree disconnect")
> >
> > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > Acked-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
> > Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>
> > Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
> > Reported-and-tested-by: Arthur Marsh <arthur.marsh@xxxxxxxxxxxxxxxx>
> >
> > --
> > Thanks,
> >
> > Steve
>
> Looking at this more, I think that the fact that the handle is valid
> doesn't mean that it has a directory lease. So, I think we need to
> track that fact separately. I coded a quick follow-on fix (untested)
> to describe my idea - see the attached patch.
>
> Thoughts?
>
> --
> Best regards,
> Pavel Shilovsky
