2022-05-19 22:00 GMT+09:00, Hyunchul Lee <hyc.lee@xxxxxxxxx>:
> outstanding credits must be initialized to 0,
> because it means the sum of credits consumed by
> in-flight requests.
> And outstanding credits must be compared with
> total credits in smb2_validate_credit_charge(),
> because total credits are the sum of credits
> granted by ksmbd.
>
> This patch fix the following error,
> while frametest with Windows clients:
>
> Limits exceeding the maximum allowable outstanding requests,
> given : 128, pending : 8065
>
> Fixes: b589f5db6d4a ("ksmbd: limits exceeding the maximum allowable
> outstanding requests")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Hyunchul Lee <hyc.lee@xxxxxxxxx>
> Reported-by: Yufan Chen <wiz.chen@xxxxxxxxx>
> Tested-by: Yufan Chen <wiz.chen@xxxxxxxxx>
> ---
> changes from v1:
> - Add "Fixes" and stable tags
>
> fs/ksmbd/connection.c | 2 +-
> fs/ksmbd/smb2misc.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
> index 7db87771884a..e8f476c5f189 100644
> --- a/fs/ksmbd/connection.c
> +++ b/fs/ksmbd/connection.c
> @@ -62,7 +62,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void)
> atomic_set(&conn->req_running, 0);
> atomic_set(&conn->r_count, 0);
> conn->total_credits = 1;
> - conn->outstanding_credits = 1;
> + conn->outstanding_credits = 0;
You need to consider auto negotiation from windows client connection.
So it will cause integer underflow issue.
>
> init_waitqueue_head(&conn->req_running_q);
> INIT_LIST_HEAD(&conn->conns_list);
> diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
> index 4a9460153b59..f8f456377a51 100644
> --- a/fs/ksmbd/smb2misc.c
> +++ b/fs/ksmbd/smb2misc.c
> @@ -338,7 +338,7 @@ static int smb2_validate_credit_charge(struct ksmbd_conn
> *conn,
> ret = 1;
> }
>
> - if ((u64)conn->outstanding_credits + credit_charge >
> conn->vals->max_credits) {
> + if ((u64)conn->outstanding_credits + credit_charge > conn->total_credits)
> {
> ksmbd_debug(SMB, "Limits exceeding the maximum allowable outstanding
> requests, given : %u, pending : %u\n",
> credit_charge, conn->outstanding_credits);
> ret = 1;
> --
> 2.25.1
>
>
