Linux-CIFS Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v1] CIFS: fix deadlock in cached root handling
@ 2019-07-17 10:46 Aurelien Aptel
  2019-07-17 18:37 ` Pavel Shilovsky
  0 siblings, 1 reply; 3+ messages in thread
From: Aurelien Aptel @ 2019-07-17 10:46 UTC (permalink / raw)
  To: linux-cifs; +Cc: piastryyy, Aurelien Aptel

Prevent deadlock between open_shroot() and
cifs_mark_open_files_invalid() by releasing the lock before entering
SMB2_open, taking it again after and checking if we still need to use
the result.

Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
---

this is the for-next version of the patch I sent in the thread
https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u


 fs/cifs/smb2ops.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 6cb4def11ebe..8202c996b55e 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -694,8 +694,51 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
 
 	smb2_set_related(&rqst[1]);
 
+	/*
+	 * We do not hold the lock for the open because in case
+	 * SMB2_open needs to reconnect, it will end up calling
+	 * cifs_mark_open_files_invalid() which takes the lock again
+	 * thus causing a deadlock
+	 */
+
+	mutex_unlock(&tcon->crfid.fid_mutex);
 	rc = compound_send_recv(xid, ses, flags, 2, rqst,
 				resp_buftype, rsp_iov);
+	mutex_lock(&tcon->crfid.fid_mutex);
+
+	/*
+	 * Now we need to check again as the cached root might have
+	 * been successfully re-opened from a concurrent process
+	 */
+
+	if (tcon->crfid.is_valid) {
+		/* work was already done */
+
+		/* stash fids for close() later */
+		struct cifs_fid fid = {
+			.persistent_fid = pfid->persistent_fid,
+			.volatile_fid = pfid->volatile_fid,
+		};
+
+		/*
+		 * caller expects this func to set pfid to a valid
+		 * cached root, so we copy the existing one and get a
+		 * reference.
+		 */
+		memcpy(pfid, tcon->crfid.fid, sizeof(*pfid));
+		kref_get(&tcon->crfid.refcount);
+
+		mutex_unlock(&tcon->crfid.fid_mutex);
+
+		if (rc == 0) {
+			/* close extra handle outside of crit sec */
+			SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
+		}
+	       goto oshr_free;
+	}
+
+	/* Cached root is still invalid, continue normaly */
+
 	if (rc)
 		goto oshr_exit;
 
@@ -729,8 +772,9 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
 				(char *)&tcon->crfid.file_all_info))
 		tcon->crfid.file_all_info_is_valid = 1;
 
- oshr_exit:
+oshr_exit:
 	mutex_unlock(&tcon->crfid.fid_mutex);
+oshr_free:
 	SMB2_open_free(&rqst[0]);
 	SMB2_query_info_free(&rqst[1]);
 	free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base);
-- 
2.16.4


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] CIFS: fix deadlock in cached root handling
  2019-07-17 10:46 [PATCH v1] CIFS: fix deadlock in cached root handling Aurelien Aptel
@ 2019-07-17 18:37 ` Pavel Shilovsky
  2019-07-18  7:55   ` Steve French
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Shilovsky @ 2019-07-17 18:37 UTC (permalink / raw)
  To: Aurelien Aptel; +Cc: linux-cifs

Looks good.

Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>

--
Best regards,
Pavel Shilovsky

ср, 17 июл. 2019 г. в 03:46, Aurelien Aptel <aaptel@suse.com>:
>
> Prevent deadlock between open_shroot() and
> cifs_mark_open_files_invalid() by releasing the lock before entering
> SMB2_open, taking it again after and checking if we still need to use
> the result.
>
> Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
> Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
> Signed-off-by: Aurelien Aptel <aaptel@suse.com>
> ---
>
> this is the for-next version of the patch I sent in the thread
> https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
>
>
>  fs/cifs/smb2ops.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 45 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> index 6cb4def11ebe..8202c996b55e 100644
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -694,8 +694,51 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
>
>         smb2_set_related(&rqst[1]);
>
> +       /*
> +        * We do not hold the lock for the open because in case
> +        * SMB2_open needs to reconnect, it will end up calling
> +        * cifs_mark_open_files_invalid() which takes the lock again
> +        * thus causing a deadlock
> +        */
> +
> +       mutex_unlock(&tcon->crfid.fid_mutex);
>         rc = compound_send_recv(xid, ses, flags, 2, rqst,
>                                 resp_buftype, rsp_iov);
> +       mutex_lock(&tcon->crfid.fid_mutex);
> +
> +       /*
> +        * Now we need to check again as the cached root might have
> +        * been successfully re-opened from a concurrent process
> +        */
> +
> +       if (tcon->crfid.is_valid) {
> +               /* work was already done */
> +
> +               /* stash fids for close() later */
> +               struct cifs_fid fid = {
> +                       .persistent_fid = pfid->persistent_fid,
> +                       .volatile_fid = pfid->volatile_fid,
> +               };
> +
> +               /*
> +                * caller expects this func to set pfid to a valid
> +                * cached root, so we copy the existing one and get a
> +                * reference.
> +                */
> +               memcpy(pfid, tcon->crfid.fid, sizeof(*pfid));
> +               kref_get(&tcon->crfid.refcount);
> +
> +               mutex_unlock(&tcon->crfid.fid_mutex);
> +
> +               if (rc == 0) {
> +                       /* close extra handle outside of crit sec */
> +                       SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
> +               }
> +              goto oshr_free;
> +       }
> +
> +       /* Cached root is still invalid, continue normaly */
> +
>         if (rc)
>                 goto oshr_exit;
>
> @@ -729,8 +772,9 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
>                                 (char *)&tcon->crfid.file_all_info))
>                 tcon->crfid.file_all_info_is_valid = 1;
>
> - oshr_exit:
> +oshr_exit:
>         mutex_unlock(&tcon->crfid.fid_mutex);
> +oshr_free:
>         SMB2_open_free(&rqst[0]);
>         SMB2_query_info_free(&rqst[1]);
>         free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base);
> --
> 2.16.4
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] CIFS: fix deadlock in cached root handling
  2019-07-17 18:37 ` Pavel Shilovsky
@ 2019-07-18  7:55   ` Steve French
  0 siblings, 0 replies; 3+ messages in thread
From: Steve French @ 2019-07-18  7:55 UTC (permalink / raw)
  To: Pavel Shilovsky; +Cc: Aurelien Aptel, linux-cifs

added cc: stable and made minor cleanup of missing tab

On Wed, Jul 17, 2019 at 1:38 PM Pavel Shilovsky <piastryyy@gmail.com> wrote:
>
> Looks good.
>
> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
>
> --
> Best regards,
> Pavel Shilovsky
>
> ср, 17 июл. 2019 г. в 03:46, Aurelien Aptel <aaptel@suse.com>:
> >
> > Prevent deadlock between open_shroot() and
> > cifs_mark_open_files_invalid() by releasing the lock before entering
> > SMB2_open, taking it again after and checking if we still need to use
> > the result.
> >
> > Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
> > Fixes: 3d4ef9a15343 ("smb3: fix redundant opens on root")
> > Signed-off-by: Aurelien Aptel <aaptel@suse.com>
> > ---
> >
> > this is the for-next version of the patch I sent in the thread
> > https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
> >
> >
> >  fs/cifs/smb2ops.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
> >  1 file changed, 45 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
> > index 6cb4def11ebe..8202c996b55e 100644
> > --- a/fs/cifs/smb2ops.c
> > +++ b/fs/cifs/smb2ops.c
> > @@ -694,8 +694,51 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
> >
> >         smb2_set_related(&rqst[1]);
> >
> > +       /*
> > +        * We do not hold the lock for the open because in case
> > +        * SMB2_open needs to reconnect, it will end up calling
> > +        * cifs_mark_open_files_invalid() which takes the lock again
> > +        * thus causing a deadlock
> > +        */
> > +
> > +       mutex_unlock(&tcon->crfid.fid_mutex);
> >         rc = compound_send_recv(xid, ses, flags, 2, rqst,
> >                                 resp_buftype, rsp_iov);
> > +       mutex_lock(&tcon->crfid.fid_mutex);
> > +
> > +       /*
> > +        * Now we need to check again as the cached root might have
> > +        * been successfully re-opened from a concurrent process
> > +        */
> > +
> > +       if (tcon->crfid.is_valid) {
> > +               /* work was already done */
> > +
> > +               /* stash fids for close() later */
> > +               struct cifs_fid fid = {
> > +                       .persistent_fid = pfid->persistent_fid,
> > +                       .volatile_fid = pfid->volatile_fid,
> > +               };
> > +
> > +               /*
> > +                * caller expects this func to set pfid to a valid
> > +                * cached root, so we copy the existing one and get a
> > +                * reference.
> > +                */
> > +               memcpy(pfid, tcon->crfid.fid, sizeof(*pfid));
> > +               kref_get(&tcon->crfid.refcount);
> > +
> > +               mutex_unlock(&tcon->crfid.fid_mutex);
> > +
> > +               if (rc == 0) {
> > +                       /* close extra handle outside of crit sec */
> > +                       SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid);
> > +               }
> > +              goto oshr_free;
> > +       }
> > +
> > +       /* Cached root is still invalid, continue normaly */
> > +
> >         if (rc)
> >                 goto oshr_exit;
> >
> > @@ -729,8 +772,9 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid)
> >                                 (char *)&tcon->crfid.file_all_info))
> >                 tcon->crfid.file_all_info_is_valid = 1;
> >
> > - oshr_exit:
> > +oshr_exit:
> >         mutex_unlock(&tcon->crfid.fid_mutex);
> > +oshr_free:
> >         SMB2_open_free(&rqst[0]);
> >         SMB2_query_info_free(&rqst[1]);
> >         free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base);
> > --
> > 2.16.4
> >



-- 
Thanks,

Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-17 10:46 [PATCH v1] CIFS: fix deadlock in cached root handling Aurelien Aptel
2019-07-17 18:37 ` Pavel Shilovsky
2019-07-18  7:55   ` Steve French

Linux-CIFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-cifs/0 linux-cifs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-cifs linux-cifs/ https://lore.kernel.org/linux-cifs \
		linux-cifs@vger.kernel.org linux-cifs@archiver.kernel.org
	public-inbox-index linux-cifs


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-cifs


AGPL code for this site: git clone https://public-inbox.org/ public-inbox