From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAE1616423; Tue, 27 Feb 2024 14:11:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709043115; cv=none; b=jtv6daQIIKx8w7UlaWdWYSByq9Kb25KY3oilEa/dfglCvRJZp2k/um+C9C51m5CMCmfghR7KDt3EVvcV0SM70mwb2g017dODPI7zQCjiBGYtfR0TYvPe6CJZJqjPZ+6miVQe4UWF2YIhIVf74QpacVxEudd93z2djVSjrvBXdUQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709043115; c=relaxed/simple; bh=GLv/lFnpGlYlLGD9MthVPv3wy0g54A1xRhCLLT5XjiU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=geMi2k8VmvQ2nHnB6ycJnyyemzrhR2qAm5krXnvD6Tflxq1TCpQX9OfA9N+MAcdy9d4pvwMAsR23e4TloN7z2XihAjNF9U30mT9jyIFBHSrBfzHk9Or6a+uah74+MFo6/lC2vVUvfcdNKt7c5ajHjbVrw9XThZ1gblNT+L39VgE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=k+2QszRQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="k+2QszRQ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 56164C433F1; Tue, 27 Feb 2024 14:11:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1709043115; bh=GLv/lFnpGlYlLGD9MthVPv3wy0g54A1xRhCLLT5XjiU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k+2QszRQ069kFcM/5pWYnO+kwEso2PVamYyq2tylXO3aTQHVfHKZpthN7pyJpDojY XcDg/FuchWTm2CIBoldfkb+T1rPj3aZwrgmdVFamLEBG3A9JJoIKvxwP8vxVl8OCev pBw9JJwCCVghDvWNQt1BTnv/nIt89p1YT/EzsHv8= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Shyam Prasad N , Steve French , Harshit Mogalapalli Subject: [PATCH 5.15 239/245] cifs: fix mid leak during reconnection after timeout threshold Date: Tue, 27 Feb 2024 14:27:07 +0100 Message-ID: <20240227131622.931990338@linuxfoundation.org> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240227131615.098467438@linuxfoundation.org> References: <20240227131615.098467438@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Shyam Prasad N commit 69cba9d3c1284e0838ae408830a02c4a063104bc upstream. When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect the connection. But we do not return the mid, or the credits returned for the mid, or reduce the number of in-flight requests. This bug could result in the server->in_flight count to go bad, and also cause a leak in the mids. This change moves the check to a few lines below where the response is decrypted, even of the response is read from the transform header. This way, the code for returning the mids can be reused. Also, the cifs_reconnect was reconnecting just the transport connection before. In case of multi-channel, this may not be what we want to do after several timeouts. Changed that to reconnect the session and the tree too. Also renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name MAX_STATUS_IO_TIMEOUT. Fixes: 8e670f77c4a5 ("Handle STATUS_IO_TIMEOUT gracefully") Signed-off-by: Shyam Prasad N Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman [Harshit: Backport to 5.15.y] Signed-off-by: Harshit Mogalapalli Reviewed-by: Shyam Prasad N Signed-off-by: Greg Kroah-Hartman --- fs/cifs/connect.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -59,7 +59,7 @@ extern bool disable_legacy_dialects; #define TLINK_IDLE_EXPIRE (600 * HZ) /* Drop the connection to not overload the server */ -#define NUM_STATUS_IO_TIMEOUT 5 +#define MAX_STATUS_IO_TIMEOUT 5 struct mount_ctx { struct cifs_sb_info *cifs_sb; @@ -965,6 +965,7 @@ cifs_demultiplex_thread(void *p) struct mid_q_entry *mids[MAX_COMPOUND]; char *bufs[MAX_COMPOUND]; unsigned int noreclaim_flag, num_io_timeout = 0; + bool pending_reconnect = false; noreclaim_flag = memalloc_noreclaim_save(); cifs_dbg(FYI, "Demultiplex PID: %d\n", task_pid_nr(current)); @@ -1004,6 +1005,8 @@ cifs_demultiplex_thread(void *p) cifs_dbg(FYI, "RFC1002 header 0x%x\n", pdu_length); if (!is_smb_response(server, buf[0])) continue; + + pending_reconnect = false; next_pdu: server->pdu_size = pdu_length; @@ -1063,10 +1066,13 @@ next_pdu: if (server->ops->is_status_io_timeout && server->ops->is_status_io_timeout(buf)) { num_io_timeout++; - if (num_io_timeout > NUM_STATUS_IO_TIMEOUT) { - cifs_reconnect(server); + if (num_io_timeout > MAX_STATUS_IO_TIMEOUT) { + cifs_server_dbg(VFS, + "Number of request timeouts exceeded %d. Reconnecting", + MAX_STATUS_IO_TIMEOUT); + + pending_reconnect = true; num_io_timeout = 0; - continue; } } @@ -1113,6 +1119,11 @@ next_pdu: buf = server->smallbuf; goto next_pdu; } + + /* do this reconnect at the very end after processing all MIDs */ + if (pending_reconnect) + cifs_reconnect(server); + } /* end while !EXITING */ /* buffer usually freed in free_mid - need to free it here on exit */