[PATCH openEuler-1.0-LTS 0/2] cifs: Revert two patches to prevent statistics leakage on the lo device.
Wang Zhaolong (2): Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Revert "smb: client: fix TCP timers deadlock after rmmod" fs/cifs/connect.c | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) -- 2.39.2
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBWJP6 CVE: NA -------------------------------- This reverts commit 55dff61c5cd1d208f9cdcebef490097ecd5e729b. The patch fails to resolve the network layer counter leakage issue introduced by its prerequisite patch. This patch and its prerequisite patch are reverted together. Fixes: 55dff61c5cd1 ("smb: client: fix TCP timers deadlock after rmmod") Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> --- fs/cifs/connect.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index ceb9ad4be6f8..f6726a110c43 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -427,11 +427,10 @@ cifs_reconnect(struct TCP_Server_Info *server) kernel_sock_shutdown(server->ssocket, SHUT_WR); cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n", server->ssocket->state, server->ssocket->flags); sock_release(server->ssocket); server->ssocket = NULL; - put_net(cifs_net_ns(server)); } server->sequence_number = 0; server->session_estab = false; kfree(server->session_key.response); server->session_key.response = NULL; @@ -3650,16 +3649,12 @@ generic_ip_connect(struct TCP_Server_Info *server) } /* * Grab netns reference for the socket. * - * This reference will be released in several situations: - * - In the failure path before the cifsd is started - * - In the all place where server->socket is released, it is - * also set to NULL. - * - Ultimately in clean_demultiplex_info(), during the final - * teardown. + * It'll be released here, on error, or in clean_demultiplex_info() upon server + * teardown. */ get_net(net); /* BB other socket options to set KEEPALIVE, NODELAY? */ cifs_dbg(FYI, "Socket created\n"); @@ -3670,12 +3665,14 @@ generic_ip_connect(struct TCP_Server_Info *server) else cifs_reclassify_socket4(socket); } rc = bind_socket(server); - if (rc < 0) + if (rc < 0) { + put_net(cifs_net_ns(server)); return rc; + } /* * Eventually check for other socket options to change from * the default. sock_setsockopt not used because it expects * user space buffer @@ -3714,10 +3711,13 @@ generic_ip_connect(struct TCP_Server_Info *server) } if (sport == htons(RFC1001_PORT)) rc = ip_rfc1001_connect(server); + if (rc < 0) + put_net(cifs_net_ns(server)); + return rc; } static int ip_connect(struct TCP_Server_Info *server) -- 2.39.2
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBWJP6 CVE: NA -------------------------------- This reverts commit 47dfdf0608b3024a2c6947c6cfe48b7b1485cab6. The patch fails to resolve the network layer counter leakage issue introduced by its prerequisite patch. This patch and its prerequisite patch are reverted together. Fixes: 47dfdf0608b3 ("smb: client: fix TCP timers deadlock after rmmod") Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com> --- fs/cifs/connect.c | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index f6726a110c43..b6db874d19d5 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -809,13 +809,10 @@ static void clean_demultiplex_info(struct TCP_Server_Info *server) server->smbd_conn = NULL; } if (server->ssocket) { sock_release(server->ssocket); server->ssocket = NULL; - - /* Release netns reference for the socket. */ - put_net(cifs_net_ns(server)); } if (!list_empty(&server->pending_mid_q)) { struct list_head dispose_list; struct mid_q_entry *mid_entry; @@ -860,11 +857,10 @@ static void clean_demultiplex_info(struct TCP_Server_Info *server) * If threads still have not exited they are probably never * coming home not much else we can do but free the memory. */ } - /* Release netns reference for this server. */ put_net(cifs_net_ns(server)); kfree(server->hostname); kfree(server); length = atomic_dec_return(&tcpSesAllocCount); @@ -2529,12 +2525,10 @@ cifs_get_tcp_session(struct smb_vol *volume_info) goto out_err; } tcp_ses->ops = volume_info->ops; tcp_ses->vals = volume_info->vals; - - /* Grab netns reference for this server. */ cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns)); tcp_ses->hostname = extract_hostname(volume_info->UNC); if (IS_ERR(tcp_ses->hostname)) { rc = PTR_ERR(tcp_ses->hostname); goto out_err_crypto_release; @@ -2632,21 +2626,18 @@ cifs_get_tcp_session(struct smb_vol *volume_info) return tcp_ses; out_err_crypto_release: cifs_crypto_secmech_release(tcp_ses); - /* Release netns reference for this server. */ put_net(cifs_net_ns(tcp_ses)); out_err: if (tcp_ses) { if (!IS_ERR(tcp_ses->hostname)) kfree(tcp_ses->hostname); - if (tcp_ses->ssocket) { + if (tcp_ses->ssocket) sock_release(tcp_ses->ssocket); - put_net(cifs_net_ns(tcp_ses)); - } kfree(tcp_ses); } return ERR_PTR(rc); } @@ -3637,26 +3628,26 @@ generic_ip_connect(struct TCP_Server_Info *server) sfamily = AF_INET; } if (socket == NULL) { struct net *net = cifs_net_ns(server); + struct sock *sk; - rc = sock_create_kern(net, sfamily, SOCK_STREAM, - IPPROTO_TCP, &socket); + rc = __sock_create(net, sfamily, SOCK_STREAM, + IPPROTO_TCP, &socket, 1); if (rc < 0) { cifs_dbg(VFS, "Error %d creating socket\n", rc); server->ssocket = NULL; return rc; } - /* - * Grab netns reference for the socket. - * - * It'll be released here, on error, or in clean_demultiplex_info() upon server - * teardown. - */ + sk = socket->sk; + sk->sk_net_refcnt = 1; get_net(net); +#ifdef CONFIG_PROC_FS + this_cpu_add(*net->core.sock_inuse, 1); +#endif /* BB other socket options to set KEEPALIVE, NODELAY? */ cifs_dbg(FYI, "Socket created\n"); server->ssocket = socket; socket->sk->sk_allocation = GFP_NOFS; @@ -3665,14 +3656,12 @@ generic_ip_connect(struct TCP_Server_Info *server) else cifs_reclassify_socket4(socket); } rc = bind_socket(server); - if (rc < 0) { - put_net(cifs_net_ns(server)); + if (rc < 0) return rc; - } /* * Eventually check for other socket options to change from * the default. sock_setsockopt not used because it expects * user space buffer @@ -3702,22 +3691,18 @@ generic_ip_connect(struct TCP_Server_Info *server) socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo); rc = socket->ops->connect(socket, saddr, slen, 0); if (rc < 0) { cifs_dbg(FYI, "Error %d connecting to server\n", rc); - put_net(cifs_net_ns(server)); sock_release(socket); server->ssocket = NULL; return rc; } if (sport == htons(RFC1001_PORT)) rc = ip_rfc1001_connect(server); - if (rc < 0) - put_net(cifs_net_ns(server)); - return rc; } static int ip_connect(struct TCP_Server_Info *server) -- 2.39.2
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/15655 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/GKT... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/15655 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/GKT...
participants (2)
-
patchwork bot -
Wang Zhaolong