lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 May 2024 23:59:02 +0100
From: David Howells <dhowells@...hat.com>
To: Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.com>
cc: dhowells@...hat.com, Shyam Prasad N <nspmangalore@...il.com>,
    Rohith Surabattula <rohiths.msft@...il.com>,
    Jeff Layton <jlayton@...nel.org>, linux-cifs@...r.kernel.org,
    netfs@...ts.linux.dev, linux-fsdevel@...r.kernel.org,
    linux-kernel@...r.kernel.org
Subject: [RFC PATCH] cifs: Fix credit handling in cifs_io_subrequest cleanup

    
When a cifs_io_subrequest (wrapping a netfs_io_subrequest) is cleaned up in
cifs_free_subrequest(), it releases any credits that are left in
rdata->credits.  However, this is a problem because smb2_writev_callback()
calls add_credits() to add the new credits from the response header
CreditRequest to the available pool.

This can cause a warning to be emitted in smb2_add_credits() as
server->in_flight gets doubly decremented and a later operation sees it
having prematurely reached 0.

Fix this by clearing the credit count after actually issuing the request on
the assumption that we've given the credits back to the server (it will
give us new credits in the reply).

Signed-off-by: David Howells <dhowells@...hat.com>
cc: Steve French <sfrench@...ba.org>
cc: Paulo Alcantara <pc@...guebit.com>
cc: Shyam Prasad N <nspmangalore@...il.com>
cc: Rohith Surabattula <rohiths.msft@...il.com>
cc: Jeff Layton <jlayton@...nel.org>
cc: linux-cifs@...r.kernel.org
cc: netfs@...ts.linux.dev
cc: linux-fsdevel@...r.kernel.org
---
 fs/smb/client/file.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
index 9d5c2440abfc..73e2765c4d2f 100644
--- a/fs/smb/client/file.c
+++ b/fs/smb/client/file.c
@@ -110,6 +110,7 @@ static void cifs_issue_write(struct netfs_io_subrequest *subreq)
 		goto fail;
 
 	wdata->server->ops->async_writev(wdata);
+	wdata->credits.value = 0;
 out:
 	return;
 
@@ -205,10 +206,12 @@ static void cifs_req_issue_read(struct netfs_io_subrequest *subreq)
 
 	rc = adjust_credits(rdata->server, &rdata->credits, rdata->subreq.len);
 	if (!rc) {
-		if (rdata->req->cfile->invalidHandle)
+		if (rdata->req->cfile->invalidHandle) {
 			rc = -EAGAIN;
-		else
+		} else {
 			rc = rdata->server->ops->async_readv(rdata);
+			rdata->credits.value = 0;
+		}
 	}
 
 out:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ