* [PATCH 2/6] cifs: protect cfid accesses with fid_lock
@ 2025-06-13 14:56 nspmangalore
2025-06-13 14:56 ` [PATCH 4/6] cifs: serialize initialization and cleanup of cfid nspmangalore
0 siblings, 1 reply; 4+ messages in thread
From: nspmangalore @ 2025-06-13 14:56 UTC (permalink / raw)
To: linux-cifs, smfrench, bharathsm.hsk, meetakshisetiyaoss, pc,
henrique.carvalho, ematsumiya
Cc: Shyam Prasad N
From: Shyam Prasad N <sprasad@microsoft.com>
There are several accesses to cfid structure today without
locking fid_lock. This can lead to race conditions that are
hard to debug.
With this change, I'm trying to make sure that accesses to cfid
struct members happen with fid_lock held.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
---
fs/smb/client/cached_dir.c | 130 +++++++++++++++++++++----------------
1 file changed, 75 insertions(+), 55 deletions(-)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 373e6b688fe3..5cfad05d9cbf 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -31,6 +31,7 @@ static struct cached_fid *find_or_create_cached_dir(struct cached_fids *cfids,
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry(cfid, &cfids->entries, entry) {
+ spin_lock(&cfid->fid_lock);
if (!strcmp(cfid->path, path)) {
/*
* If it doesn't have a lease it is either not yet
@@ -38,13 +39,16 @@ static struct cached_fid *find_or_create_cached_dir(struct cached_fids *cfids,
* being deleted due to a lease break.
*/
if (!cfid->time || !cfid->has_lease) {
+ spin_unlock(&cfid->fid_lock);
spin_unlock(&cfids->cfid_list_lock);
return NULL;
}
kref_get(&cfid->refcount);
+ spin_unlock(&cfid->fid_lock);
spin_unlock(&cfids->cfid_list_lock);
return cfid;
}
+ spin_unlock(&cfid->fid_lock);
}
if (lookup_only) {
spin_unlock(&cfids->cfid_list_lock);
@@ -194,19 +198,20 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
kfree(utf16_path);
return -ENOENT;
}
+
/*
* Return cached fid if it is valid (has a lease and has a time).
* Otherwise, it is either a new entry or laundromat worker removed it
* from @cfids->entries. Caller will put last reference if the latter.
*/
- spin_lock(&cfids->cfid_list_lock);
+ spin_lock(&cfid->fid_lock);
if (cfid->has_lease && cfid->time) {
- spin_unlock(&cfids->cfid_list_lock);
+ spin_unlock(&cfid->fid_lock);
*ret_cfid = cfid;
kfree(utf16_path);
return 0;
}
- spin_unlock(&cfids->cfid_list_lock);
+ spin_unlock(&cfid->fid_lock);
pfid = &cfid->fid;
@@ -223,36 +228,9 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
goto out;
}
- if (!npath[0]) {
- dentry = dget(cifs_sb->root);
- } else {
- dentry = path_to_dentry(cifs_sb, npath);
- if (IS_ERR(dentry)) {
- rc = -ENOENT;
- goto out;
- }
- if (dentry->d_parent && server->dialect >= SMB30_PROT_ID) {
- struct cached_fid *parent_cfid;
-
- spin_lock(&cfids->cfid_list_lock);
- list_for_each_entry(parent_cfid, &cfids->entries, entry) {
- if (parent_cfid->dentry == dentry->d_parent) {
- cifs_dbg(FYI, "found a parent cached file handle\n");
- if (parent_cfid->has_lease && parent_cfid->time) {
- lease_flags
- |= SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET_LE;
- memcpy(pfid->parent_lease_key,
- parent_cfid->fid.lease_key,
- SMB2_LEASE_KEY_SIZE);
- }
- break;
- }
- }
- spin_unlock(&cfids->cfid_list_lock);
- }
- }
- cfid->dentry = dentry;
+ spin_lock(&cfid->fid_lock);
cfid->tcon = tcon;
+ spin_unlock(&cfid->fid_lock);
/*
* We do not hold the lock for the open because in case
@@ -324,9 +302,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
}
goto oshr_free;
}
- cfid->is_open = true;
-
- spin_lock(&cfids->cfid_list_lock);
o_rsp = (struct smb2_create_rsp *)rsp_iov[0].iov_base;
oparms.fid->persistent_fid = o_rsp->PersistentFileId;
@@ -335,9 +310,15 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
oparms.fid->mid = le64_to_cpu(o_rsp->hdr.MessageId);
#endif /* CIFS_DEBUG2 */
+ /*
+ * regardless of what failures happen from this point, we should close
+ * the handle.
+ */
+ spin_lock(&cfid->fid_lock);
+ cfid->is_open = true;
+ spin_unlock(&cfid->fid_lock);
if (o_rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) {
- spin_unlock(&cfids->cfid_list_lock);
rc = -EINVAL;
goto oshr_free;
}
@@ -346,21 +327,15 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
&oparms.fid->epoch,
oparms.fid->lease_key,
&oplock, NULL, NULL);
- if (rc) {
- spin_unlock(&cfids->cfid_list_lock);
+ if (rc)
goto oshr_free;
- }
rc = -EINVAL;
- if (!(oplock & SMB2_LEASE_READ_CACHING_HE)) {
- spin_unlock(&cfids->cfid_list_lock);
+ if (!(oplock & SMB2_LEASE_READ_CACHING_HE))
goto oshr_free;
- }
qi_rsp = (struct smb2_query_info_rsp *)rsp_iov[1].iov_base;
- if (le32_to_cpu(qi_rsp->OutputBufferLength) < sizeof(struct smb2_file_all_info)) {
- spin_unlock(&cfids->cfid_list_lock);
+ if (le32_to_cpu(qi_rsp->OutputBufferLength) < sizeof(struct smb2_file_all_info))
goto oshr_free;
- }
if (!smb2_validate_and_copy_iov(
le16_to_cpu(qi_rsp->OutputBufferOffset),
sizeof(struct smb2_file_all_info),
@@ -368,10 +343,42 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
(char *)&cfid->file_all_info))
cfid->file_all_info_is_valid = true;
- cfid->time = jiffies;
- spin_unlock(&cfids->cfid_list_lock);
/* At this point the directory handle is fully cached */
rc = 0;
+ if (!cfid->dentry) {
+ if (!npath[0]) {
+ dentry = dget(cifs_sb->root);
+ } else {
+ dentry = path_to_dentry(cifs_sb, npath);
+ if (IS_ERR(dentry)) {
+ rc = -ENOENT;
+ goto out;
+ }
+ if (dentry->d_parent && server->dialect >= SMB30_PROT_ID) {
+ struct cached_fid *parent_cfid;
+
+ spin_lock(&cfids->cfid_list_lock);
+ list_for_each_entry(parent_cfid, &cfids->entries, entry) {
+ if (parent_cfid->dentry == dentry->d_parent) {
+ cifs_dbg(FYI, "found a parent cached file handle\n");
+ if (parent_cfid->has_lease && parent_cfid->time) {
+ lease_flags
+ |= SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET_LE;
+ memcpy(pfid->parent_lease_key,
+ parent_cfid->fid.lease_key,
+ SMB2_LEASE_KEY_SIZE);
+ }
+ break;
+ }
+ }
+ spin_unlock(&cfids->cfid_list_lock);
+ }
+ }
+ }
+ spin_lock(&cfid->fid_lock);
+ cfid->dentry = dentry;
+ cfid->time = jiffies;
+ spin_unlock(&cfid->fid_lock);
oshr_free:
SMB2_open_free(&rqst[0]);
@@ -386,6 +393,7 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
cfid->on_list = false;
cfids->num_entries--;
}
+ spin_lock(&cfid->fid_lock);
if (cfid->has_lease) {
/*
* We are guaranteed to have two references at this
@@ -395,6 +403,7 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
cfid->has_lease = false;
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
+ spin_unlock(&cfid->fid_lock);
spin_unlock(&cfids->cfid_list_lock);
kref_put(&cfid->refcount, smb2_close_cached_fid);
@@ -423,13 +432,16 @@ int open_cached_dir_by_dentry(struct cifs_tcon *tcon,
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry(cfid, &cfids->entries, entry) {
+ spin_lock(&cfid->fid_lock);
if (dentry && cfid->dentry == dentry) {
cifs_dbg(FYI, "found a cached file handle by dentry\n");
kref_get(&cfid->refcount);
+ spin_unlock(&cfid->fid_lock);
*ret_cfid = cfid;
spin_unlock(&cfids->cfid_list_lock);
return 0;
}
+ spin_unlock(&cfid->fid_lock);
}
spin_unlock(&cfids->cfid_list_lock);
return -ENOENT;
@@ -450,8 +462,11 @@ smb2_close_cached_fid(struct kref *ref)
}
spin_unlock(&cfid->cfids->cfid_list_lock);
- dput(cfid->dentry);
- cfid->dentry = NULL;
+ /* no locking necessary as we're the last user of this cfid */
+ if (cfid->dentry) {
+ dput(cfid->dentry);
+ cfid->dentry = NULL;
+ }
if (cfid->is_open) {
rc = SMB2_close(0, cfid->tcon, cfid->fid.persistent_fid,
@@ -474,12 +489,13 @@ void drop_cached_dir_by_name(const unsigned int xid, struct cifs_tcon *tcon,
cifs_dbg(FYI, "no cached dir found for rmdir(%s)\n", name);
return;
}
- spin_lock(&cfid->cfids->cfid_list_lock);
+ spin_lock(&cfid->fid_lock);
if (cfid->has_lease) {
+ /* mark as invalid */
cfid->has_lease = false;
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
- spin_unlock(&cfid->cfids->cfid_list_lock);
+ spin_unlock(&cfid->fid_lock);
close_cached_dir(cfid);
}
@@ -561,6 +577,7 @@ void invalidate_all_cached_dirs(struct cifs_tcon *tcon)
cfids->num_entries--;
cfid->is_open = false;
cfid->on_list = false;
+ spin_lock(&cfid->fid_lock);
if (cfid->has_lease) {
/*
* The lease was never cancelled from the server,
@@ -569,6 +586,7 @@ void invalidate_all_cached_dirs(struct cifs_tcon *tcon)
cfid->has_lease = false;
} else
kref_get(&cfid->refcount);
+ spin_unlock(&cfid->fid_lock);
}
/*
* Queue dropping of the dentries once locks have been dropped
@@ -623,6 +641,7 @@ int cached_dir_lease_break(struct cifs_tcon *tcon, __u8 lease_key[16])
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry(cfid, &cfids->entries, entry) {
+ spin_lock(&cfid->fid_lock);
if (cfid->has_lease &&
!memcmp(lease_key,
cfid->fid.lease_key,
@@ -635,6 +654,7 @@ int cached_dir_lease_break(struct cifs_tcon *tcon, __u8 lease_key[16])
*/
list_del(&cfid->entry);
cfid->on_list = false;
+ spin_unlock(&cfid->fid_lock);
cfids->num_entries--;
++tcon->tc_count;
@@ -644,6 +664,7 @@ int cached_dir_lease_break(struct cifs_tcon *tcon, __u8 lease_key[16])
spin_unlock(&cfids->cfid_list_lock);
return true;
}
+ spin_unlock(&cfid->fid_lock);
}
spin_unlock(&cfids->cfid_list_lock);
return false;
@@ -679,9 +700,6 @@ static void free_cached_dir(struct cached_fid *cfid)
WARN_ON(work_pending(&cfid->close_work));
WARN_ON(work_pending(&cfid->put_work));
- dput(cfid->dentry);
- cfid->dentry = NULL;
-
/*
* Delete all cached dirent names
*/
@@ -726,6 +744,7 @@ static void cfids_laundromat_worker(struct work_struct *work)
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {
+ spin_lock(&cfid->fid_lock);
if (cfid->time &&
time_after(jiffies, cfid->time + HZ * dir_cache_timeout)) {
cfid->on_list = false;
@@ -740,6 +759,7 @@ static void cfids_laundromat_worker(struct work_struct *work)
} else
kref_get(&cfid->refcount);
}
+ spin_unlock(&cfid->fid_lock);
}
spin_unlock(&cfids->cfid_list_lock);
@@ -750,8 +770,8 @@ static void cfids_laundromat_worker(struct work_struct *work)
dentry = cfid->dentry;
cfid->dentry = NULL;
spin_unlock(&cfid->fid_lock);
-
dput(dentry);
+
if (cfid->is_open) {
spin_lock(&cifs_tcp_ses_lock);
++cfid->tcon->tc_count;
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 4/6] cifs: serialize initialization and cleanup of cfid
2025-06-13 14:56 [PATCH 2/6] cifs: protect cfid accesses with fid_lock nspmangalore
@ 2025-06-13 14:56 ` nspmangalore
0 siblings, 0 replies; 4+ messages in thread
From: nspmangalore @ 2025-06-13 14:56 UTC (permalink / raw)
To: linux-cifs, smfrench, bharathsm.hsk, meetakshisetiyaoss, pc,
henrique.carvalho, ematsumiya
Cc: Shyam Prasad N
From: Shyam Prasad N <sprasad@microsoft.com>
Today we can have multiple processes calling open_cached_dir
and other workers freeing the cached dir all in parallel.
Although small sections of this code is locked to protect
individual fields, there can be races between these threads
which can be hard to debug.
This patch serializes all initialization and cleanup of
the cfid struct and the associated resources: dentry and
the server handle.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
---
fs/smb/client/cached_dir.c | 15 +++++++++++++++
fs/smb/client/cached_dir.h | 1 +
2 files changed, 16 insertions(+)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 9b5bbb7b6e4b..d26a06cdde64 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -199,6 +199,12 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
return -ENOENT;
}
+ /*
+ * the following is a critical section. We need to make sure that the
+ * callers are serialized per-cfid
+ */
+ mutex_lock(&cfid->cfid_mutex);
+
/*
* check again that the cfid is valid (with mutex held this time).
* Return cached fid if it is valid (has a lease and has a time).
@@ -209,11 +215,13 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
spin_lock(&cfid->fid_lock);
if (cfid->has_lease && cfid->time) {
spin_unlock(&cfid->fid_lock);
+ mutex_unlock(&cfid->cfid_mutex);
*ret_cfid = cfid;
kfree(utf16_path);
return 0;
} else if (!cfid->has_lease) {
spin_unlock(&cfid->fid_lock);
+ mutex_unlock(&cfid->cfid_mutex);
/* drop the ref that we have */
kref_put(&cfid->refcount, smb2_close_cached_fid);
kfree(utf16_path);
@@ -419,6 +427,8 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
*ret_cfid = cfid;
atomic_inc(&tcon->num_remote_opens);
}
+ mutex_unlock(&cfid->cfid_mutex);
+
kfree(utf16_path);
if (is_replayable_error(rc) &&
@@ -462,6 +472,9 @@ smb2_close_cached_fid(struct kref *ref)
refcount);
int rc;
+ /* make sure not to race with server open */
+ mutex_lock(&cfid->cfid_mutex);
+
spin_lock(&cfid->cfids->cfid_list_lock);
if (cfid->on_list) {
list_del(&cfid->entry);
@@ -482,6 +495,7 @@ smb2_close_cached_fid(struct kref *ref)
if (rc) /* should we retry on -EBUSY or -EAGAIN? */
cifs_dbg(VFS, "close cached dir rc %d\n", rc);
}
+ mutex_unlock(&cfid->cfid_mutex);
free_cached_dir(cfid);
}
@@ -696,6 +710,7 @@ static struct cached_fid *init_cached_dir(const char *path)
INIT_LIST_HEAD(&cfid->entry);
INIT_LIST_HEAD(&cfid->dirents.entries);
mutex_init(&cfid->dirents.de_mutex);
+ mutex_init(&cfid->cfid_mutex);
spin_lock_init(&cfid->fid_lock);
kref_init(&cfid->refcount);
return cfid;
diff --git a/fs/smb/client/cached_dir.h b/fs/smb/client/cached_dir.h
index 1dfe79d947a6..93c936af2253 100644
--- a/fs/smb/client/cached_dir.h
+++ b/fs/smb/client/cached_dir.h
@@ -42,6 +42,7 @@ struct cached_fid {
struct kref refcount;
struct cifs_fid fid;
spinlock_t fid_lock;
+ struct mutex cfid_mutex;
struct cifs_tcon *tcon;
struct dentry *dentry;
struct work_struct put_work;
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 4/6] cifs: serialize initialization and cleanup of cfid
@ 2025-06-19 10:12 nspmangalore
2025-06-19 10:15 ` Shyam Prasad N
0 siblings, 1 reply; 4+ messages in thread
From: nspmangalore @ 2025-06-19 10:12 UTC (permalink / raw)
To: linux-cifs, smfrench, bharathsm.hsk, meetakshisetiyaoss, pc,
henrique.carvalho, ematsumiya
Cc: Shyam Prasad N
From: Shyam Prasad N <sprasad@microsoft.com>
Today we can have multiple processes calling open_cached_dir
and other workers freeing the cached dir all in parallel.
Although small sections of this code is locked to protect
individual fields, there can be races between these threads
which can be hard to debug.
This patch serializes all initialization and cleanup of
the cfid struct and the associated resources: dentry and
the server handle.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
---
fs/smb/client/cached_dir.c | 16 ++++++++++++++++
fs/smb/client/cached_dir.h | 1 +
2 files changed, 17 insertions(+)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 9b5bbb7b6e4b..9c9a348062d3 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -199,6 +199,12 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
return -ENOENT;
}
+ /*
+ * the following is a critical section. We need to make sure that the
+ * callers are serialized per-cfid
+ */
+ mutex_lock(&cfid->cfid_mutex);
+
/*
* check again that the cfid is valid (with mutex held this time).
* Return cached fid if it is valid (has a lease and has a time).
@@ -209,11 +215,13 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
spin_lock(&cfid->fid_lock);
if (cfid->has_lease && cfid->time) {
spin_unlock(&cfid->fid_lock);
+ mutex_unlock(&cfid->cfid_mutex);
*ret_cfid = cfid;
kfree(utf16_path);
return 0;
} else if (!cfid->has_lease) {
spin_unlock(&cfid->fid_lock);
+ mutex_unlock(&cfid->cfid_mutex);
/* drop the ref that we have */
kref_put(&cfid->refcount, smb2_close_cached_fid);
kfree(utf16_path);
@@ -413,12 +421,15 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
}
spin_unlock(&cfid->fid_lock);
spin_unlock(&cfids->cfid_list_lock);
+ mutex_unlock(&cfid->cfid_mutex);
kref_put(&cfid->refcount, smb2_close_cached_fid);
} else {
+ mutex_unlock(&cfid->cfid_mutex);
*ret_cfid = cfid;
atomic_inc(&tcon->num_remote_opens);
}
+
kfree(utf16_path);
if (is_replayable_error(rc) &&
@@ -462,6 +473,9 @@ smb2_close_cached_fid(struct kref *ref)
refcount);
int rc;
+ /* make sure not to race with server open */
+ mutex_lock(&cfid->cfid_mutex);
+
spin_lock(&cfid->cfids->cfid_list_lock);
if (cfid->on_list) {
list_del(&cfid->entry);
@@ -482,6 +496,7 @@ smb2_close_cached_fid(struct kref *ref)
if (rc) /* should we retry on -EBUSY or -EAGAIN? */
cifs_dbg(VFS, "close cached dir rc %d\n", rc);
}
+ mutex_unlock(&cfid->cfid_mutex);
free_cached_dir(cfid);
}
@@ -696,6 +711,7 @@ static struct cached_fid *init_cached_dir(const char *path)
INIT_LIST_HEAD(&cfid->entry);
INIT_LIST_HEAD(&cfid->dirents.entries);
mutex_init(&cfid->dirents.de_mutex);
+ mutex_init(&cfid->cfid_mutex);
spin_lock_init(&cfid->fid_lock);
kref_init(&cfid->refcount);
return cfid;
diff --git a/fs/smb/client/cached_dir.h b/fs/smb/client/cached_dir.h
index bc8a812ff95f..b6642b65c752 100644
--- a/fs/smb/client/cached_dir.h
+++ b/fs/smb/client/cached_dir.h
@@ -42,6 +42,7 @@ struct cached_fid {
struct kref refcount;
struct cifs_fid fid;
spinlock_t fid_lock;
+ struct mutex cfid_mutex;
struct cifs_tcon *tcon;
struct dentry *dentry;
struct work_struct put_work;
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 4/6] cifs: serialize initialization and cleanup of cfid
2025-06-19 10:12 nspmangalore
@ 2025-06-19 10:15 ` Shyam Prasad N
0 siblings, 0 replies; 4+ messages in thread
From: Shyam Prasad N @ 2025-06-19 10:15 UTC (permalink / raw)
To: linux-cifs, smfrench, bharathsm.hsk, meetakshisetiyaoss, pc,
henrique.carvalho, ematsumiya
Cc: Shyam Prasad N
On Thu, Jun 19, 2025 at 3:43 PM <nspmangalore@gmail.com> wrote:
>
> From: Shyam Prasad N <sprasad@microsoft.com>
>
> Today we can have multiple processes calling open_cached_dir
> and other workers freeing the cached dir all in parallel.
> Although small sections of this code is locked to protect
> individual fields, there can be races between these threads
> which can be hard to debug.
>
> This patch serializes all initialization and cleanup of
> the cfid struct and the associated resources: dentry and
> the server handle.
>
> Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
> ---
> fs/smb/client/cached_dir.c | 16 ++++++++++++++++
> fs/smb/client/cached_dir.h | 1 +
> 2 files changed, 17 insertions(+)
>
> diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
> index 9b5bbb7b6e4b..9c9a348062d3 100644
> --- a/fs/smb/client/cached_dir.c
> +++ b/fs/smb/client/cached_dir.c
> @@ -199,6 +199,12 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
> return -ENOENT;
> }
>
> + /*
> + * the following is a critical section. We need to make sure that the
> + * callers are serialized per-cfid
> + */
> + mutex_lock(&cfid->cfid_mutex);
> +
> /*
> * check again that the cfid is valid (with mutex held this time).
> * Return cached fid if it is valid (has a lease and has a time).
> @@ -209,11 +215,13 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
> spin_lock(&cfid->fid_lock);
> if (cfid->has_lease && cfid->time) {
> spin_unlock(&cfid->fid_lock);
> + mutex_unlock(&cfid->cfid_mutex);
> *ret_cfid = cfid;
> kfree(utf16_path);
> return 0;
> } else if (!cfid->has_lease) {
> spin_unlock(&cfid->fid_lock);
> + mutex_unlock(&cfid->cfid_mutex);
> /* drop the ref that we have */
> kref_put(&cfid->refcount, smb2_close_cached_fid);
> kfree(utf16_path);
> @@ -413,12 +421,15 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
> }
> spin_unlock(&cfid->fid_lock);
> spin_unlock(&cfids->cfid_list_lock);
> + mutex_unlock(&cfid->cfid_mutex);
>
> kref_put(&cfid->refcount, smb2_close_cached_fid);
> } else {
> + mutex_unlock(&cfid->cfid_mutex);
> *ret_cfid = cfid;
> atomic_inc(&tcon->num_remote_opens);
> }
> +
> kfree(utf16_path);
>
> if (is_replayable_error(rc) &&
> @@ -462,6 +473,9 @@ smb2_close_cached_fid(struct kref *ref)
> refcount);
> int rc;
>
> + /* make sure not to race with server open */
> + mutex_lock(&cfid->cfid_mutex);
> +
> spin_lock(&cfid->cfids->cfid_list_lock);
> if (cfid->on_list) {
> list_del(&cfid->entry);
> @@ -482,6 +496,7 @@ smb2_close_cached_fid(struct kref *ref)
> if (rc) /* should we retry on -EBUSY or -EAGAIN? */
> cifs_dbg(VFS, "close cached dir rc %d\n", rc);
> }
> + mutex_unlock(&cfid->cfid_mutex);
>
> free_cached_dir(cfid);
> }
> @@ -696,6 +711,7 @@ static struct cached_fid *init_cached_dir(const char *path)
> INIT_LIST_HEAD(&cfid->entry);
> INIT_LIST_HEAD(&cfid->dirents.entries);
> mutex_init(&cfid->dirents.de_mutex);
> + mutex_init(&cfid->cfid_mutex);
> spin_lock_init(&cfid->fid_lock);
> kref_init(&cfid->refcount);
> return cfid;
> diff --git a/fs/smb/client/cached_dir.h b/fs/smb/client/cached_dir.h
> index bc8a812ff95f..b6642b65c752 100644
> --- a/fs/smb/client/cached_dir.h
> +++ b/fs/smb/client/cached_dir.h
> @@ -42,6 +42,7 @@ struct cached_fid {
> struct kref refcount;
> struct cifs_fid fid;
> spinlock_t fid_lock;
> + struct mutex cfid_mutex;
> struct cifs_tcon *tcon;
> struct dentry *dentry;
> struct work_struct put_work;
> --
> 2.43.0
>
Hi Steve,
This is an updated version of the patch with an additional fix of an
issue that I found during testing. cfid_mutex was held while rolling
back the cache in failure of open_cached_dir.
Please add a CC stable on this one as well.
--
Regards,
Shyam
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-06-19 10:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-13 14:56 [PATCH 2/6] cifs: protect cfid accesses with fid_lock nspmangalore
2025-06-13 14:56 ` [PATCH 4/6] cifs: serialize initialization and cleanup of cfid nspmangalore
-- strict thread matches above, loose matches on Subject: below --
2025-06-19 10:12 nspmangalore
2025-06-19 10:15 ` Shyam Prasad N
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox