This is a note to let you know that I've just added the patch titled
cifs: lock chan_lock outside match_session
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cifs-lock-chan_lock-outside-match_session.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2f4e429c846972c8405951a9ff7a82aceeca7461 Mon Sep 17 00:00:00 2001
From: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Date: Mon, 20 Feb 2023 13:02:11 +0000
Subject: cifs: lock chan_lock outside match_session
From: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
commit 2f4e429c846972c8405951a9ff7a82aceeca7461 upstream.
Coverity had rightly indicated a possible deadlock
due to chan_lock being done inside match_session.
All callers of match_* functions should pick up the
necessary locks and call them.
Signed-off-by: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Reviewed-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 724244cdb382 ("cifs: protect session channel fields with chan_lock")
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/cifs/connect.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1770,7 +1770,7 @@ out_err:
return ERR_PTR(rc);
}
-/* this function must be called with ses_lock held */
+/* this function must be called with ses_lock and chan_lock held */
static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx)
{
if (ctx->sectype != Unspecified &&
@@ -1781,12 +1781,8 @@ static int match_session(struct cifs_ses
* If an existing session is limited to less channels than
* requested, it should not be reused
*/
- spin_lock(&ses->chan_lock);
- if (ses->chan_max < ctx->max_channels) {
- spin_unlock(&ses->chan_lock);
+ if (ses->chan_max < ctx->max_channels)
return 0;
- }
- spin_unlock(&ses->chan_lock);
switch (ses->sectype) {
case Kerberos:
@@ -1914,10 +1910,13 @@ cifs_find_smb_ses(struct TCP_Server_Info
spin_unlock(&ses->ses_lock);
continue;
}
+ spin_lock(&ses->chan_lock);
if (!match_session(ses, ctx)) {
+ spin_unlock(&ses->chan_lock);
spin_unlock(&ses->ses_lock);
continue;
}
+ spin_unlock(&ses->chan_lock);
spin_unlock(&ses->ses_lock);
++ses->ses_count;
@@ -2743,6 +2742,7 @@ cifs_match_super(struct super_block *sb,
spin_lock(&tcp_srv->srv_lock);
spin_lock(&ses->ses_lock);
+ spin_lock(&ses->chan_lock);
spin_lock(&tcon->tc_lock);
if (!match_server(tcp_srv, ctx, dfs_super_cmp) ||
!match_session(ses, ctx) ||
@@ -2755,6 +2755,7 @@ cifs_match_super(struct super_block *sb,
rc = compare_mount_options(sb, mnt_data);
out:
spin_unlock(&tcon->tc_lock);
+ spin_unlock(&ses->chan_lock);
spin_unlock(&ses->ses_lock);
spin_unlock(&tcp_srv->srv_lock);
Patches currently in stable-queue which might be from sprasad@xxxxxxxxxxxxx are
queue-6.2/cifs-lock-chan_lock-outside-match_session.patch
queue-6.2/smb3-lower-default-deferred-close-timeout-to-address-perf-regression.patch
queue-6.2/cifs-do-not-poll-server-interfaces-too-regularly.patch
queue-6.2/cifs-dump-pending-mids-for-all-channels-in-debugdata.patch
queue-6.2/smb3-fix-unusable-share-after-force-unmount-failure.patch
queue-6.2/cifs-empty-interface-list-when-server-doesn-t-support-query-interfaces.patch
queue-6.2/cifs-print-session-id-while-listing-open-files.patch
queue-6.2/cifs-append-path-to-open_enter-trace-event.patch
