Skip to content

Commit

Permalink
ksmbd: fix race condition from parallel smb2 logoff requests
Browse files Browse the repository at this point in the history 
If parallel smb2 logoff requests come in before closing door, running
request count becomes more than 1 even though connection status is set to
KSMBD_SESS_NEED_RECONNECT. It can't get condition true, and sleep forever.
This patch fix race condition problem by returning error if connection
status was already set to KSMBD_SESS_NEED_RECONNECT.

Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@namjaejeon
namjaejeon committed Oct 4, 2023
1 parent 2dc0dc4 commit 235aa67
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions smb2pdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2181,17 +2181,17 @@ int smb2_session_logoff(struct ksmbd_work *work)

ksmbd_debug(SMB, "request\n");

sess_id = le64_to_cpu(req->hdr.SessionId);

rsp->StructureSize = cpu_to_le16(4);
err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_logoff_rsp));
if (err) {
rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
ksmbd_conn_lock(conn);
if (!ksmbd_conn_good(conn)) {
ksmbd_conn_unlock(conn);
rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
smb2_set_err_rsp(work);
return err;
return -ENOENT;
}

sess_id = le64_to_cpu(req->hdr.SessionId);
ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_RECONNECT);
ksmbd_conn_unlock(conn);

ksmbd_close_session_fds(work);
ksmbd_conn_wait_idle(conn, sess_id);

Expand All @@ -2213,6 +2213,14 @@ int smb2_session_logoff(struct ksmbd_work *work)
ksmbd_free_user(sess->user);
sess->user = NULL;
ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_NEGOTIATE);

rsp->StructureSize = cpu_to_le16(4);
err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_logoff_rsp));
if (err) {
rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
smb2_set_err_rsp(work);
return err;
}
return 0;
}

Expand Down

0 comments on commit 235aa67

Please sign in to comment.