CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE

This patch fixes a race condition that occurs when connecting
to a NT 3.51 host without specifying a NetBIOS name.
In that case a RFC1002_NEGATIVE_SESSION_RESPONSE is received
and the SMB negotiation is reattempted, but under some conditions
it leads SendReceive() to hang forever while waiting for srv_mutex.
This, in turn, sets the calling process to an uninterruptible sleep
state and makes it unkillable.

The solution is to unlock the srv_mutex acquired in the demux
thread *before* going to sleep (after the reconnect error) and
before reattempting the connection.

1 files changed, 2 insertions, 1 deletions

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index f3bfe08e177b..8383d5ea4202 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -386,6 +386,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
                 rc = generic_ip_connect(server);
                 if (rc) {
                         cifs_dbg(FYI, "reconnect error %d\n", rc);
+                        mutex_unlock(&server->srv_mutex);
                         msleep(3000);
                 } else {
                         atomic_inc(&tcpSesReconnectCount);
@@ -393,8 +394,8 @@ cifs_reconnect(struct TCP_Server_Info *server)
                         if (server->tcpStatus != CifsExiting)
                                 server->tcpStatus = CifsNeedNegotiate;
                         spin_unlock(&GlobalMid_Lock);
+                        mutex_unlock(&server->srv_mutex);
                 }
-                mutex_unlock(&server->srv_mutex);
         } while (server->tcpStatus == CifsNeedReconnect);
 
         return rc;