| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2019 11:00:31 -0700
From: Pavel Shilovsky <piastryyy@...il.com>
To: Long Li <longli@...rosoft.com>
Cc: Steve French <sfrench@...ba.org>,
linux-cifs <linux-cifs@...r.kernel.org>,
samba-technical <samba-technical@...ts.samba.org>,
Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [Patch (resend) 5/5] cifs: Call MID callback before destroying transport
пт, 5 апр. 2019 г. в 14:39, Long Li <longli@...uxonhyperv.com>:
>
> From: Long Li <longli@...rosoft.com>
>
> When transport is being destroyed, it's possible that some processes may
> hold memory registrations that need to be deregistred.
>
> Call them first so nobody is using transport resources, and it can be
> destroyed.
>
> Signed-off-by: Long Li <longli@...rosoft.com>
> ---
> fs/cifs/connect.c | 36 +++++++++++++++++++-----------------
> 1 file changed, 19 insertions(+), 17 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 33e4d98..084756cf 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -528,22 +528,6 @@ cifs_reconnect(struct TCP_Server_Info *server)
> /* do not want to be sending data on a socket we are freeing */
> cifs_dbg(FYI, "%s: tearing down socket\n", __func__);
> mutex_lock(&server->srv_mutex);
> - if (server->ssocket) {
> - cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n",
> - server->ssocket->state, server->ssocket->flags);
> - kernel_sock_shutdown(server->ssocket, SHUT_WR);
> - cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n",
> - server->ssocket->state, server->ssocket->flags);
> - sock_release(server->ssocket);
> - server->ssocket = NULL;
> - } else if (cifs_rdma_enabled(server))
> - smbd_destroy(server);
> - server->sequence_number = 0;
> - server->session_estab = false;
> - kfree(server->session_key.response);
> - server->session_key.response = NULL;
> - server->session_key.len = 0;
> - server->lstrp = jiffies;
>
> /* mark submitted MIDs for retry and issue callback */
> INIT_LIST_HEAD(&retry_list);
> @@ -556,7 +540,6 @@ cifs_reconnect(struct TCP_Server_Info *server)
> list_move(&mid_entry->qhead, &retry_list);
> }
> spin_unlock(&GlobalMid_Lock);
> - mutex_unlock(&server->srv_mutex);
>
> cifs_dbg(FYI, "%s: issuing mid callbacks\n", __func__);
> list_for_each_safe(tmp, tmp2, &retry_list) {
> @@ -565,6 +548,25 @@ cifs_reconnect(struct TCP_Server_Info *server)
> mid_entry->callback(mid_entry);
> }
The original call was issuing callbacks without holding srv_mutex -
callbacks may take this mutex for its internal needs. With the
proposed patch the code will deadlock.
Also the idea of destroying the socket first is to allow possible
retries (from callbacks) to return a proper error instead of trying to
send anything through the reconnecting socket.
>
> + if (server->ssocket) {
> + cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n",
> + server->ssocket->state, server->ssocket->flags);
> + kernel_sock_shutdown(server->ssocket, SHUT_WR);
> + cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n",
> + server->ssocket->state, server->ssocket->flags);
> + sock_release(server->ssocket);
> + server->ssocket = NULL;
> + } else if (cifs_rdma_enabled(server))
> + smbd_destroy(server);
If we need to call smbd_destroy() *after* callbacks, let's just move
it alone without the rest of the code.
> + server->sequence_number = 0;
> + server->session_estab = false;
> + kfree(server->session_key.response);
> + server->session_key.response = NULL;
> + server->session_key.len = 0;
> + server->lstrp = jiffies;
> +
> + mutex_unlock(&server->srv_mutex);
> +
> do {
> try_to_freeze();
>
> --
> 2.7.4
>
--
Best regards,
Pavel Shilovsky
Powered by blists - more mailing lists