On Fri, Sep 20, 2019 at 02:23:00PM -0700, Pavel Shilovsky wrote:
> Fri, Sep 20, 2019 at 14:08, Pavel Shilovsky <piastryyy@xxxxxxxxx>:
> >
> > From: Aurelien Aptel <aaptel@xxxxxxxx>
> >
> > Commit 7e5a70ad88b1 ("CIFS: fix deadlock in cached root handling") upstream.
> >
> > Prevent deadlock between open_shroot() and
> > cifs_mark_open_files_invalid() by releasing the lock before entering
> > SMB2_open, taking it again after and checking if we still need to use
> > the result.
> >
> > CC: <stable@xxxxxxxxxxxxxxx> # v4.19+
> > Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@xxxxxxxxxxxxxxxxxxxxxxxxx/T/#u
> > Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
> > Signed-off-by: Aurelien Aptel <aaptel@xxxxxxxx>
> > Signed-off-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx>
> > ---
> > fs/cifs/smb2ops.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 44 insertions(+)
> >
> > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> > index cc9e846a3865..094be406cde4 100644
> > --- a/fs/cifs/smb2ops.c
> > +++ b/fs/cifs/smb2ops.c
> > @@ -553,7 +553,50 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
> > oparams.fid = pfid;
> > oparams.reconnect = false;
> >
> > + /*
> > + * We do not hold the lock for the open because in case
> > + * SMB2_open needs to reconnect, it will end up calling
> > + * cifs_mark_open_files_invalid() which takes the lock again
> > + * thus causing a deadlock
> > + */
> > + mutex_unlock(&tcon->crfid.fid_mutex);
> > rc = SMB2_open(xid, &oparams, &srch_path, &oplock, NULL, NULL, NULL);
> > + mutex_lock(&tcon->crfid.fid_mutex);
> > +
> > + /*
> > + * Now we need to check again as the cached root might have
> > + * been successfully re-opened from a concurrent process
> > + */
> > +
> > + if (tcon->crfid.is_valid) {
> > + /* work was already done */
> > +
> > + /* stash fids for close() later */
> > + struct cifs_fid fid = {
> > + .persistent_fid = pfid->persistent_fid,
> > + .volatile_fid = pfid->volatile_fid,
> > + };
> > +
> > + /*
> > + * Caller expects this func to set pfid to a valid
> > + * cached root, so we copy the existing one and get a
> > + * reference
> > + */
> > + memcpy(pfid, tcon->crfid.fid, sizeof(*pfid));
> > + kref_get(&tcon->crfid.refcount);
> > +
> > + mutex_unlock(&tcon->crfid.fid_mutex);
> > +
> > + if (rc == 0) {
> > + /* close extra handle outside of critical section */
> > + SMB2_close(xid, tcon, fid.persistent_fid,
> > + fid.volatile_fid);
> > + }
> > + return 0;
> > + }
> > +
> > + /* Cached root is still invalid, continue normaly */
> > +
> > if (rc == 0) {
> > memcpy(tcon->crfid.fid, pfid, sizeof(struct cifs_fid));
> > tcon->crfid.tcon = tcon;
> > @@ -561,6 +604,7 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
> > kref_init(&tcon->crfid.refcount);
> > kref_get(&tcon->crfid.refcount);
> > }
> > +
> > mutex_unlock(&tcon->crfid.fid_mutex);
> > return rc;
> > }
> > --
> > 2.17.1
> >
>
> Forgot to mention that kernels 5.1.y and above already have the
> appropriate patch. This is a backport for 4.19.
Now queued up, thanks!
greg k-h
