tentatively merged into cifs-2.6.git for-next pending more testing
On Thu, Dec 12, 2019 at 1:36 PM ronnie sahlberg
<ronniesahlberg@xxxxxxxxx> wrote:
>
> This makes sense. Thanks for this patch.
>
> Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
>
> On Wed, Dec 11, 2019 at 5:53 AM Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote:
> >
> > пн, 9 дек. 2019 г. в 20:48, Steve French <smfrench@xxxxxxxxx>:
> > >
> > > Fix refcount underflow warning when unmounting to servers which didn't grant
> > > directory leases.
> > >
> > > [ 301.680095] refcount_t: underflow; use-after-free.
> > > [ 301.680192] WARNING: CPU: 1 PID: 3569 at lib/refcount.c:28
> > > refcount_warn_saturate+0xb4/0xf3
> > > ...
> > > [ 301.682139] Call Trace:
> > > [ 301.682240] close_shroot+0x97/0xda [cifs]
> > > [ 301.682351] SMB2_tdis+0x7c/0x176 [cifs]
> > > [ 301.682456] ? _get_xid+0x58/0x91 [cifs]
> > > [ 301.682563] cifs_put_tcon.part.0+0x99/0x202 [cifs]
> > > [ 301.682637] ? ida_free+0x99/0x10a
> > > [ 301.682727] ? cifs_umount+0x3d/0x9d [cifs]
> > > [ 301.682829] cifs_put_tlink+0x3a/0x50 [cifs]
> > > [ 301.682929] cifs_umount+0x44/0x9d [cifs]
> > >
> > > Fixes: 72e73c78c446 ("cifs: close the shared root handle on tree disconnect")
> > >
> > > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
> > > Acked-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
> > > Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx>
> > > Reviewed-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
> > > Reported-and-tested-by: Arthur Marsh <arthur.marsh@xxxxxxxxxxxxxxxx>
> > >
> > > --
> > > Thanks,
> > >
> > > Steve
> >
> > Looking at this more, I think that the fact that the handle is valid
> > doesn't mean that it has a directory lease. So, I think we need to
> > track that fact separately. I coded a quick follow-on fix (untested)
> > to describe my idea - see the attached patch.
> >
> > Thoughts?
> >
> > --
> > Best regards,
> > Pavel Shilovsky
--
Thanks,
Steve
