Commit 8565bdf8 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag '6.6-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 

Pull smb client fixes from Steve French:
 "Six smb3 client fixes, including three for stable, from the SMB
  plugfest (testing event) this week:

   - Reparse point handling fix (found when investigating dir
     enumeration when fifo in dir)

   - Fix excessive thread creation for dir lease cleanup

   - UAF fix in negotiate path

   - remove duplicate error message mapping and fix confusing warning
     message

   - add dynamic trace point to improve debugging RDMA connection
     attempts"

* tag '6.6-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smb3: fix confusing debug message
  smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED
  smb3: remove duplicate error mapping
  cifs: Fix UAF in cifs_demultiplex_thread()
  smb3: do not start laundromat thread when dir leases  disabled
  smb3: Add dynamic trace points for RDMA (smbdirect) reconnect
parents 5a4de7dc c8ebf077

fs/smb/client/cached_dir.c

+6 −0
Original line number Diff line number Diff line
@@ -452,6 +452,9 @@ void invalidate_all_cached_dirs(struct cifs_tcon *tcon) 
	struct cached_fid *cfid, *q;

	LIST_HEAD(entry);



	if (cfids == NULL)

		return;



	spin_lock(&cfids->cfid_list_lock);

	list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {

		list_move(&cfid->entry, &entry);
@@ -651,6 +654,9 @@ void free_cached_dirs(struct cached_fids *cfids) 
	struct cached_fid *cfid, *q;

	LIST_HEAD(entry);



	if (cfids == NULL)

		return;



	if (cfids->laundromat) {

		kthread_stop(cfids->laundromat);

		cfids->laundromat = NULL;

fs/smb/client/cifsglob.h

+2 −1
Original line number Diff line number Diff line
@@ -1807,6 +1807,7 @@ static inline bool is_retryable_error(int error) 
#define   MID_RETRY_NEEDED      8 /* session closed while this request out */

#define   MID_RESPONSE_MALFORMED 0x10

#define   MID_SHUTDOWN		 0x20

#define   MID_RESPONSE_READY 0x40 /* ready for other process handle the rsp */



/* Flags */

#define   MID_WAIT_CANCELLED	 1 /* Cancelled while waiting for response */
@@ -1943,7 +1944,7 @@ require use of the stronger protocol */ 
 * cifsInodeInfo->lock_sem	cifsInodeInfo->llist		cifs_init_once

 *				->can_cache_brlcks

 * cifsInodeInfo->deferred_lock	cifsInodeInfo->deferred_closes	cifsInodeInfo_alloc

 * cached_fid->fid_mutex		cifs_tcon->crfid		tconInfoAlloc

 * cached_fid->fid_mutex		cifs_tcon->crfid		tcon_info_alloc

 * cifsFileInfo->fh_mutex		cifsFileInfo			cifs_new_fileinfo

 * cifsFileInfo->file_info_lock	cifsFileInfo->count		cifs_new_fileinfo

 *				->invalidHandle			initiate_cifs_search

fs/smb/client/cifsproto.h

+1 −1
Original line number Diff line number Diff line
@@ -512,7 +512,7 @@ extern int CIFSSMBLogoff(const unsigned int xid, struct cifs_ses *ses); 


extern struct cifs_ses *sesInfoAlloc(void);

extern void sesInfoFree(struct cifs_ses *);

extern struct cifs_tcon *tconInfoAlloc(void);

extern struct cifs_tcon *tcon_info_alloc(bool dir_leases_enabled);

extern void tconInfoFree(struct cifs_tcon *);



extern int cifs_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server,

fs/smb/client/connect.c

+6 −2
Original line number Diff line number Diff line
@@ -1882,7 +1882,8 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) 
		}

	}



	tcon = tconInfoAlloc();

	/* no need to setup directory caching on IPC share, so pass in false */

	tcon = tcon_info_alloc(false);

	if (tcon == NULL)

		return -ENOMEM;
@@ -2492,7 +2493,10 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx) 
		goto out_fail;

	}



	tcon = tconInfoAlloc();

	if (ses->server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING)

		tcon = tcon_info_alloc(true);

	else

		tcon = tcon_info_alloc(false);

	if (tcon == NULL) {

		rc = -ENOMEM;

		goto out_fail;

fs/smb/client/misc.c

+9 −5
Original line number Diff line number Diff line
@@ -113,18 +113,22 @@ sesInfoFree(struct cifs_ses *buf_to_free) 
}



struct cifs_tcon *

tconInfoAlloc(void)

tcon_info_alloc(bool dir_leases_enabled)

{

	struct cifs_tcon *ret_buf;



	ret_buf = kzalloc(sizeof(*ret_buf), GFP_KERNEL);

	if (!ret_buf)

		return NULL;



	if (dir_leases_enabled == true) {

		ret_buf->cfids = init_cached_dirs();

		if (!ret_buf->cfids) {

			kfree(ret_buf);

			return NULL;

		}

	}

	/* else ret_buf->cfids is already set to NULL above */



	atomic_inc(&tconInfoAllocCount);

	ret_buf->status = TID_NEW;