diff options
| author |   Namjae Jeon <linkinjeon@kernel.org> | 2025-03-25 00:00:24 +0900 |
|---|---|---|
| committer |   Steve French <stfrench@microsoft.com> | 2025-03-27 19:12:00 -0500 |
| commit | ddb7ea36ba7129c2ed107e2186591128618864e1 (patch) | |
| tree | d046824c360248ae39aaf159c5581a7dbb1fe7a3 | |
| parent | ksmbd: fix multichannel connection failure (diff) | |
| download | wireguard-linux-ddb7ea36ba7129c2ed107e2186591128618864e1.tar.xz wireguard-linux-ddb7ea36ba7129c2ed107e2186591128618864e1.zip | |
ksmbd: fix r_count dec/increment mismatch
r_count is only increased when there is an oplock break wait,
so r_count inc/decrement are not paired. This can cause r_count
to become negative, which can lead to a problem where the ksmbd
thread does not terminate.
Fixes: 3aa660c05924 ("ksmbd: prevent connection release during oplock break notification")
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to '')
| -rw-r--r-- | fs/smb/server/oplock.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 894b53b0cf8c..f103b1bd0400 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -724,8 +724,8 @@ static int smb2_oplock_break_noti(struct oplock_info *opinfo) work->conn = conn; work->sess = opinfo->sess; + ksmbd_conn_r_count_inc(conn); if (opinfo->op_state == OPLOCK_ACK_WAIT) { - ksmbd_conn_r_count_inc(conn); INIT_WORK(&work->work, __smb2_oplock_break_noti); ksmbd_queue_work(work); @@ -833,8 +833,8 @@ static int smb2_lease_break_noti(struct oplock_info *opinfo) work->conn = conn; work->sess = opinfo->sess; + ksmbd_conn_r_count_inc(conn); if (opinfo->op_state == OPLOCK_ACK_WAIT) { - ksmbd_conn_r_count_inc(conn); INIT_WORK(&work->work, __smb2_lease_break_noti); ksmbd_queue_work(work); wait_for_break_ack(opinfo); |