Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4304455pxu; Tue, 1 Dec 2020 01:23:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJxvG3Z6BEHERzGraEtVbXZ2xLIBf1Nx91sXfDC+j7+f9Z9HyM0aXnC+ljUuUyLfYd0//wpZ X-Received: by 2002:a17:907:4153:: with SMTP id my3mr2049693ejb.69.1606814591007; Tue, 01 Dec 2020 01:23:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606814590; cv=none; d=google.com; s=arc-20160816; b=rHtWZC4uz4H74N+MY9mxOl/XKERaYFUpNH4h4Z4pN7/oXbjz3GPR6DIy5CL4bfl/1/ EihfnlWIc5wtEAMUD28GTQGF5q6LIjkLneeESP7Oz/bRknooZ2boIMp6UcN1JmjZ+LE/ VEWor86I5qeyANkX6R4cE6LAK+d1LIIT5I9KdFjPFJ01r33b5YDPW1L45cpefa2C7NNe pscGoYmOHrKwLEOZ/NCpo3R5En+fnOVsHiz7kub0MXdn/rmFzRXkK5IKK0+2zTh3NaCx gbe7P1wEMvlsY5K2YVDXS85/Uc4D3vSvuhEJF1Gb8n80lGm/IhMTeyewgS5MoTzjePCT 6bjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=duQgJw9JHkvh+pTMOwSNbL7QtMcSlzIJ9U1cwJk4Q8k=; b=TKYL9PkLYJlP7vDMxZXRLEFltMrjwKwQ0HJFpKpumaZ+iymsB8G5gBbo8prDUEiWZN FFzNDvmICeZq/lfKgWfRv0GKlxNgeaQvRIZaHeHyd7FtH8/+SKoEzki2dhcTv+RZNoY6 pSEtlTgG3hl59UN0LxTW4RWcVpkgQkUePDg071Z4JJHOS5aNovlGGrrTnUMCU3BmmOyX P2P0DMI6W/0FjZt4AX/sJoJIUHRWq4ts0g1vKYp33wExFG2wzSbQmqQqIRuwGbFC1jbE 9wRuy1syb2OUI/YQExh1ZKPDfWG/uSZOzpm0HIAHrxsKyQ/QdskQHtK6cxGcLwnHfUmb 6OEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=K7pTQW6w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id df12si757562edb.5.2020.12.01.01.22.46; Tue, 01 Dec 2020 01:23:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=K7pTQW6w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390211AbgLAJTt (ORCPT + 99 others); Tue, 1 Dec 2020 04:19:49 -0500 Received: from mail.kernel.org ([198.145.29.99]:47504 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389587AbgLAJJw (ORCPT ); Tue, 1 Dec 2020 04:09:52 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D2CFB2067D; Tue, 1 Dec 2020 09:09:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606813751; bh=1DfRXf9BYssmgm85lj3xv7Mys1IYXJC9ajufzMFz7UA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K7pTQW6wvUq9mb877KnWelFqSm1tVVwpb97GMtLmePXP4gHdeRlyLL9rq8YZ+hUKy qwtlv2R1GcLlNetwDbS983TPdWH4loquRK+vL93WbNSGThGSuaHtyIwYWebxOCsIwN e+gpXG5CVWQo+7J7T/yyWit2BoQFwVzUcVOuCP1o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Rohith Surabattula , Pavel Shilovsky , Steve French Subject: [PATCH 5.9 016/152] smb3: Call cifs reconnect from demultiplex thread Date: Tue, 1 Dec 2020 09:52:11 +0100 Message-Id: <20201201084713.994192252@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201201084711.707195422@linuxfoundation.org> References: <20201201084711.707195422@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Rohith Surabattula commit de9ac0a6e9efdffc8cde18781f48fb56ca4157b7 upstream. cifs_reconnect needs to be called only from demultiplex thread. skip cifs_reconnect in offload thread. So, cifs_reconnect will be called by demultiplex thread in subsequent request. These patches address a problem found during decryption offload: CIFS: VFS: trying to dequeue a deleted mid that can cause a refcount use after free: [ 1271.389453] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 1271.389456] RIP: 0010:refcount_warn_saturate+0xae/0xf0 [ 1271.389457] Code: fa 1d 6a 01 01 e8 c7 44 b1 ff 0f 0b 5d c3 80 3d e7 1d 6a 01 00 75 91 48 c7 c7 d8 be 1d a2 c6 05 d7 1d 6a 01 01 e8 a7 44 b1 ff <0f> 0b 5d c3 80 3d c5 1d 6a 01 00 0f 85 6d ff ff ff 48 c7 c7 30 bf [ 1271.389458] RSP: 0018:ffffa4cdc1f87e30 EFLAGS: 00010286 [ 1271.389458] RAX: 0000000000000000 RBX: ffff9974d2809f00 RCX: ffff9974df898cc8 [ 1271.389459] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9974df898cc0 [ 1271.389460] RBP: ffffa4cdc1f87e30 R08: 0000000000000004 R09: 00000000000002c0 [ 1271.389460] R10: 0000000000000000 R11: 0000000000000001 R12: ffff9974b7fdb5c0 [ 1271.389461] R13: ffff9974d2809f00 R14: ffff9974ccea0a80 R15: ffff99748e60db80 [ 1271.389462] FS: 0000000000000000(0000) GS:ffff9974df880000(0000) knlGS:0000000000000000 [ 1271.389462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1271.389463] CR2: 000055c60f344fe4 CR3: 0000001031a3c002 CR4: 00000000003706e0 [ 1271.389465] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1271.389465] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1271.389466] Call Trace: [ 1271.389483] cifs_mid_q_entry_release+0xce/0x110 [cifs] [ 1271.389499] smb2_decrypt_offload+0xa9/0x1c0 [cifs] [ 1271.389501] process_one_work+0x1e8/0x3b0 [ 1271.389503] worker_thread+0x50/0x370 [ 1271.389504] kthread+0x12f/0x150 [ 1271.389506] ? process_one_work+0x3b0/0x3b0 [ 1271.389507] ? __kthread_bind_mask+0x70/0x70 [ 1271.389509] ret_from_fork+0x22/0x30 Signed-off-by: Rohith Surabattula Reviewed-by: Pavel Shilovsky CC: Stable #5.4+ Signed-off-by: Steve French Signed-off-by: Greg Kroah-Hartman --- fs/cifs/smb2ops.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -4212,7 +4212,8 @@ init_read_bvec(struct page **pages, unsi static int handle_read_data(struct TCP_Server_Info *server, struct mid_q_entry *mid, char *buf, unsigned int buf_len, struct page **pages, - unsigned int npages, unsigned int page_data_size) + unsigned int npages, unsigned int page_data_size, + bool is_offloaded) { unsigned int data_offset; unsigned int data_len; @@ -4234,7 +4235,8 @@ handle_read_data(struct TCP_Server_Info if (server->ops->is_session_expired && server->ops->is_session_expired(buf)) { - cifs_reconnect(server); + if (!is_offloaded) + cifs_reconnect(server); return -1; } @@ -4374,7 +4376,8 @@ static void smb2_decrypt_offload(struct mid->decrypted = true; rc = handle_read_data(dw->server, mid, dw->buf, dw->server->vals->read_rsp_size, - dw->ppages, dw->npages, dw->len); + dw->ppages, dw->npages, dw->len, + true); mid->callback(mid); cifs_mid_q_entry_release(mid); } @@ -4478,7 +4481,7 @@ non_offloaded_decrypt: (*mid)->decrypted = true; rc = handle_read_data(server, *mid, buf, server->vals->read_rsp_size, - pages, npages, len); + pages, npages, len, false); } free_pages: @@ -4621,7 +4624,7 @@ smb3_handle_read_data(struct TCP_Server_ char *buf = server->large_buf ? server->bigbuf : server->smallbuf; return handle_read_data(server, mid, buf, server->pdu_size, - NULL, 0, 0); + NULL, 0, 0, false); } static int