Re: [PATCH][SMB3 client] fix potential deadlock in cifs_sync_mid_result

Steve French <smfrench@xxxxxxxxx> · Thu, 25 Apr 2024 12:53:00 -0500

Minor update to patch (shrink slightly by using a goto)


On Thu, Apr 25, 2024 at 12:44 PM Shyam Prasad N <nspmangalore@xxxxxxxxx> wrote:
>
> On Wed, Apr 24, 2024 at 9:16 AM Steve French <smfrench@xxxxxxxxx> wrote:
> >
> > Coverity spotted that the cifs_sync_mid_result function could deadlock
> > since cifs_server_dbg graps the srv_lock while we are still holding
> > the mid_lock
> >
> > "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
> > lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"
> >
> > Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")
> >
> > See attached patch
> >
> >
> > --
> > Thanks,
> >
> > Steve
>
> Looks good to me.
>
> --
> Regards,
> Shyam



-- 
Thanks,

Steve
From 8861fd5180476f45f9e8853db154600469a0284f Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@xxxxxxxxxxxxx>
Date: Thu, 25 Apr 2024 12:49:50 -0500
Subject: [PATCH] smb3: fix lock ordering potential deadlock in
 cifs_sync_mid_result

Coverity spotted that the cifs_sync_mid_result function could deadlock

"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"

Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
---
 fs/smb/client/transport.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c
index e1a79e031b28..ddf1a3aafee5 100644
--- a/fs/smb/client/transport.c
+++ b/fs/smb/client/transport.c
@@ -909,12 +909,15 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
 			list_del_init(&mid->qhead);
 			mid->mid_flags |= MID_DELETED;
 		}
+		spin_unlock(&server->mid_lock);
 		cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
 			 __func__, mid->mid, mid->mid_state);
 		rc = -EIO;
+		goto sync_mid_done;
 	}
 	spin_unlock(&server->mid_lock);
 
+sync_mid_done:
 	release_mid(mid);
 	return rc;
 }
-- 
2.40.1





