aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2011-06-10 16:14:57 -0400
committerSteve French <sfrench@us.ibm.com>2011-06-13 16:34:33 -0400
commit7fdbaa1b8daa1009b705985b903e3d2ebccad456 (patch)
tree46097ff74b491655845753f8a09216822653c77d /fs/cifs
parentcd51875d53ae1459a2b09b4338166a218c0635a7 (diff)
cifs: don't allow cifs_reconnect to exit with NULL socket pointer
It's possible for the following set of events to happen: cifsd calls cifs_reconnect which reconnects the socket. A userspace process then calls cifs_negotiate_protocol to handle the NEGOTIATE and gets a reply. But, while processing the reply, cifsd calls cifs_reconnect again. Eventually the GlobalMid_Lock is dropped and the reply from the earlier NEGOTIATE completes and the tcpStatus is set to CifsGood. cifs_reconnect then goes through and closes the socket and sets the pointer to zero, but because the status is now CifsGood, the new socket is not created and cifs_reconnect exits with the socket pointer set to NULL. Fix this by only setting the tcpStatus to CifsGood if the tcpStatus is CifsNeedNegotiate, and by making sure that generic_ip_connect is always called at least once in cifs_reconnect. Note that this is not a perfect fix for this issue. It's still possible that the NEGOTIATE reply is handled after the socket has been closed and reconnected. In that case, the socket state will look correct but it no NEGOTIATE was performed on it be for the wrong socket. In that situation though the server should just shut down the socket on the next attempted send, rather than causing the oops that occurs today. Cc: <stable@kernel.org> # .38.x: fd88ce9: [CIFS] cifs: clarify the meaning of tcpStatus == CifsGood Reported-and-Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/connect.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 9190018f97e1..fa73e2a51cf2 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -152,7 +152,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
152 mid_entry->callback(mid_entry); 152 mid_entry->callback(mid_entry);
153 } 153 }
154 154
155 while (server->tcpStatus == CifsNeedReconnect) { 155 do {
156 try_to_freeze(); 156 try_to_freeze();
157 157
158 /* we should try only the port we connected to before */ 158 /* we should try only the port we connected to before */
@@ -167,7 +167,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
167 server->tcpStatus = CifsNeedNegotiate; 167 server->tcpStatus = CifsNeedNegotiate;
168 spin_unlock(&GlobalMid_Lock); 168 spin_unlock(&GlobalMid_Lock);
169 } 169 }
170 } 170 } while (server->tcpStatus == CifsNeedReconnect);
171 171
172 return rc; 172 return rc;
173} 173}
@@ -3374,7 +3374,7 @@ int cifs_negotiate_protocol(unsigned int xid, struct cifs_ses *ses)
3374 } 3374 }
3375 if (rc == 0) { 3375 if (rc == 0) {
3376 spin_lock(&GlobalMid_Lock); 3376 spin_lock(&GlobalMid_Lock);
3377 if (server->tcpStatus != CifsExiting) 3377 if (server->tcpStatus == CifsNeedNegotiate)
3378 server->tcpStatus = CifsGood; 3378 server->tcpStatus = CifsGood;
3379 else 3379 else
3380 rc = -EHOSTDOWN; 3380 rc = -EHOSTDOWN;