From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02AE2239E8B; Tue, 26 Aug 2025 13:46:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756215985; cv=none; b=b6vH2VhH0VJT1zo+jPaDYx7UZHTDdhWY7pjNX4EG7L36bmGyL8UYDvbE1h/ig7U7BFBN9vAl7re/XeXCfqP9nOrh/qbWd11U4HHrlK7ZreFa5Qk41IYDP8hqRzaAIPDQRD702yEzhCcC1CZxyD8BEBj7o8Wy3Ykzn4jy4Pi5Mpg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756215985; c=relaxed/simple; bh=os4wKW3VrbBEnRUyupPVmC8OoN5XAXSGzAzAbqKyWLY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=emAW1V19Q7HebYndxiZQdLL/Gi71N/Jp1xinhXQazO3y5JVs35TVe/tnDhS5j5PbC/saJiOe7hZMjwpBpzetPSGwi1RECEv5MS5HOBMwUnrsnVMwjmxCUm66UVZM9AeN5gKrmxU59E9EzHxu5wJFqZOdOganrHWtvIISEwq9IXU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=M5O5IxSr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="M5O5IxSr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E36EC4CEF1; Tue, 26 Aug 2025 13:46:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1756215984; bh=os4wKW3VrbBEnRUyupPVmC8OoN5XAXSGzAzAbqKyWLY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M5O5IxSrR3sDlC2gmyorGRtFoTZw0PNJGAlpPiW4z+dB1n+3EALAcSVITwDzbrNI3 bvwQjYGAnawEoriRMSewiMryt/NIvyEHk+ZcQYOshqNitUVSvDKf0iumd6lFZlVOA+ DUWcX2NisxoAcvNO+DabmYJ9Fsp92uZqJEP2yYbE= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Namjae Jeon , Steve French , Tom Talpey , linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, Stefan Metzmacher , Steve French , Sasha Levin Subject: [PATCH 5.15 241/644] smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection Date: Tue, 26 Aug 2025 13:05:32 +0200 Message-ID: <20250826110952.372254783@linuxfoundation.org> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250826110946.507083938@linuxfoundation.org> References: <20250826110946.507083938@linuxfoundation.org> User-Agent: quilt/0.68 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: linux-cifs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stefan Metzmacher [ Upstream commit cfe76fdbb9729c650f3505d9cfb2f70ddda2dbdc ] We should call put_recvmsg() before smb_direct_disconnect_rdma_connection() in order to call it before waking up the callers. In all error cases we should call smb_direct_disconnect_rdma_connection() in order to avoid stale connections. Cc: Namjae Jeon Cc: Steve French Cc: Tom Talpey Cc: linux-cifs@vger.kernel.org Cc: samba-technical@lists.samba.org Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Signed-off-by: Stefan Metzmacher Acked-by: Namjae Jeon Signed-off-by: Steve French Signed-off-by: Sasha Levin --- fs/ksmbd/transport_rdma.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index dd37cabe8cbc..07e1e6bbdd54 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -515,13 +515,13 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) t = recvmsg->transport; if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_RECV) { + put_recvmsg(t, recvmsg); if (wc->status != IB_WC_WR_FLUSH_ERR) { pr_err("Recv error. status='%s (%d)' opcode=%d\n", ib_wc_status_msg(wc->status), wc->status, wc->opcode); smb_direct_disconnect_rdma_connection(t); } - put_recvmsg(t, recvmsg); return; } @@ -536,6 +536,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) case SMB_DIRECT_MSG_NEGOTIATE_REQ: if (wc->byte_len < sizeof(struct smb_direct_negotiate_req)) { put_recvmsg(t, recvmsg); + smb_direct_disconnect_rdma_connection(t); return; } t->negotiation_requested = true; @@ -543,7 +544,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) t->status = SMB_DIRECT_CS_CONNECTED; enqueue_reassembly(t, recvmsg, 0); wake_up_interruptible(&t->wait_status); - break; + return; case SMB_DIRECT_MSG_DATA_TRANSFER: { struct smb_direct_data_transfer *data_transfer = (struct smb_direct_data_transfer *)recvmsg->packet; @@ -553,6 +554,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) if (wc->byte_len < offsetof(struct smb_direct_data_transfer, padding)) { put_recvmsg(t, recvmsg); + smb_direct_disconnect_rdma_connection(t); return; } @@ -561,6 +563,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) if (wc->byte_len < sizeof(struct smb_direct_data_transfer) + (u64)data_length) { put_recvmsg(t, recvmsg); + smb_direct_disconnect_rdma_connection(t); return; } @@ -603,11 +606,16 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc) if (is_receive_credit_post_required(receive_credits, avail_recvmsg_count)) mod_delayed_work(smb_direct_wq, &t->post_recv_credits_work, 0); - break; + return; } - default: - break; } + + /* + * This is an internal error! + */ + WARN_ON_ONCE(recvmsg->type != SMB_DIRECT_MSG_DATA_TRANSFER); + put_recvmsg(t, recvmsg); + smb_direct_disconnect_rdma_connection(t); } static int smb_direct_post_recv(struct smb_direct_transport *t, -- 2.39.5