diff options
author | Rohith Surabattula <rohiths@microsoft.com> | 2020-10-29 06:07:56 +0000 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2020-11-15 23:05:33 -0600 |
commit | 1254100030b3377e8302f9c75090ab191d73ee7c (patch) | |
tree | 3bfdd0d58a3026cdb5d39d37db087b1d759f85f7 /fs | |
parent | ac873aa3dc21707c47db5db6608b38981c731afe (diff) |
smb3: Handle error case during offload read path
Mid callback needs to be called only when valid data is
read into pages.
These patches address a problem found during decryption offload:
CIFS: VFS: trying to dequeue a deleted mid
that could cause a refcount use after free:
Workqueue: smb3decryptd smb2_decrypt_offload [cifs]
Signed-off-by: Rohith Surabattula <rohiths@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
CC: Stable <stable@vger.kernel.org> #5.4+
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/smb2ops.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index b3b2abbb49b9..dab94f67c988 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -4559,7 +4559,25 @@ static void smb2_decrypt_offload(struct work_struct *work) dw->server->vals->read_rsp_size, dw->ppages, dw->npages, dw->len, true); - mid->callback(mid); + if (rc >= 0) { +#ifdef CONFIG_CIFS_STATS2 + mid->when_received = jiffies; +#endif + mid->callback(mid); + } else { + spin_lock(&GlobalMid_Lock); + if (dw->server->tcpStatus == CifsNeedReconnect) { + mid->mid_state = MID_RETRY_NEEDED; + spin_unlock(&GlobalMid_Lock); + mid->callback(mid); + } else { + mid->mid_state = MID_REQUEST_SUBMITTED; + mid->mid_flags &= ~(MID_DELETED); + list_add_tail(&mid->qhead, + &dw->server->pending_mid_q); + spin_unlock(&GlobalMid_Lock); + } + } cifs_mid_q_entry_release(mid); } |