[1/5] cifs: fix potential deadlock in cache_refresh_path()

Message ID	20230117000952.9965-2-pc@cjr.nz (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-cifs-owner@vger.kernel.org> sender: pc) by mx.cjr.nz (Postfix) with ESMTPSA id D6FC980268; Tue, 17 Jan 2023 00:10:55 +0000 (UTC) From: Paulo Alcantara <pc@cjr.nz> To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Paulo Alcantara <pc@cjr.nz> Subject: [PATCH 1/5] cifs: fix potential deadlock in cache_refresh_path() Date: Mon, 16 Jan 2023 21:09:48 -0300 Message-Id: <20230117000952.9965-2-pc@cjr.nz> In-Reply-To: <20230117000952.9965-1-pc@cjr.nz> References: <20230117000952.9965-1-pc@cjr.nz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	dfs fixes \| expand [0/5] dfs fixes [1/5] cifs: fix potential deadlock in cache_refresh_path() [2/5] cifs: avoid re-lookups in dfs_cache_find() [3/5] cifs: don't take exclusive lock for updating target hints [4/5] cifs: remove duplicate code in __refresh_tcon() [5/5] cifs: handle cache lookup errors different than -ENOENT

Message ID

20230117000952.9965-2-pc@cjr.nz (mailing list archive)

State

New, archived

Headers

From: Paulo Alcantara <pc@cjr.nz>
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org, Paulo Alcantara <pc@cjr.nz>
Subject: [PATCH 1/5] cifs: fix potential deadlock in cache_refresh_path()
Date: Mon, 16 Jan 2023 21:09:48 -0300
Message-Id: <20230117000952.9965-2-pc@cjr.nz>
In-Reply-To: <20230117000952.9965-1-pc@cjr.nz>
References: <20230117000952.9965-1-pc@cjr.nz>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

dfs fixes | expand

Commit Message

Paulo Alcantara Jan. 17, 2023, 12:09 a.m. UTC

Avoid getting DFS referral from an exclusive lock in
cache_refresh_path() because the tcon IPC used for getting the
referral could be disconnected and thus causing a deadlock as shown
below:

task A
------
cifs_demultiplex_thread()
 cifs_handle_standard()
  reconnect_dfs_server()
   dfs_cache_noreq_find()
    down_read()

task B
------
dfs_cache_find()
 cache_refresh_path()
  down_write()
   get_dfs_referral()
    smb2_get_dfs_refer()
     SMB2_ioctl()
      cifs_send_recv()
       compound_send_recv()
        wait_for_response()

where task A cannot wake up task B because it is blocked due to the
exclusive lock held in cache_refresh_path().

Fixes: c9f711039905 ("cifs: keep referral server sessions alive")
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
---
 fs/cifs/dfs_cache.c | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

Comments

Aurélien Aptel Jan. 17, 2023, 5:07 p.m. UTC | #1

On Tue, Jan 17, 2023 at 1:35 AM Paulo Alcantara <pc@cjr.nz> wrote:
> -       down_write(&htable_rw_lock);
> +       down_read(&htable_rw_lock);
>
>         ce = lookup_cache_entry(path);
> -       if (!IS_ERR(ce)) {
> -               if (!cache_entry_expired(ce)) {
> -                       dump_ce(ce);
> -                       up_write(&htable_rw_lock);
> -                       return 0;
> -               }
> -       } else {
> -               newent = true;
> +       if (!IS_ERR(ce) && !cache_entry_expired(ce)) {
> +               up_read(&htable_rw_lock);
> +               return 0;
>         }
>
> +       up_read(&htable_rw_lock);

Please add a comment before the up_read() to say why you do it here
and where is the dead lock.

Otherwise looks good

Paulo Alcantara Jan. 17, 2023, 6:03 p.m. UTC | #2

Aurélien Aptel <aurelien.aptel@gmail.com> writes:

> On Tue, Jan 17, 2023 at 1:35 AM Paulo Alcantara <pc@cjr.nz> wrote:
>> -       down_write(&htable_rw_lock);
>> +       down_read(&htable_rw_lock);
>>
>>         ce = lookup_cache_entry(path);
>> -       if (!IS_ERR(ce)) {
>> -               if (!cache_entry_expired(ce)) {
>> -                       dump_ce(ce);
>> -                       up_write(&htable_rw_lock);
>> -                       return 0;
>> -               }
>> -       } else {
>> -               newent = true;
>> +       if (!IS_ERR(ce) && !cache_entry_expired(ce)) {
>> +               up_read(&htable_rw_lock);
>> +               return 0;
>>         }
>>
>> +       up_read(&htable_rw_lock);
>
> Please add a comment before the up_read() to say why you do it here
> and where is the dead lock.

Ok, thanks.  Will send v2 with your suggestions.

diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
index e20f8880363f..a8ddac1c054c 100644
--- a/fs/cifs/dfs_cache.c
+++ b/fs/cifs/dfs_cache.c
@@ -770,46 +770,45 @@  static int get_dfs_referral(const unsigned int xid, struct cifs_ses *ses, const
  */
 static int cache_refresh_path(const unsigned int xid, struct cifs_ses *ses, const char *path)
 {
-	int rc;
-	struct cache_entry *ce;
 	struct dfs_info3_param *refs = NULL;
+	struct cache_entry *ce;
 	int numrefs = 0;
-	bool newent = false;
+	int rc;
 
 	cifs_dbg(FYI, "%s: search path: %s\n", __func__, path);
 
-	down_write(&htable_rw_lock);
+	down_read(&htable_rw_lock);
 
 	ce = lookup_cache_entry(path);
-	if (!IS_ERR(ce)) {
-		if (!cache_entry_expired(ce)) {
-			dump_ce(ce);
-			up_write(&htable_rw_lock);
-			return 0;
-		}
-	} else {
-		newent = true;
+	if (!IS_ERR(ce) && !cache_entry_expired(ce)) {
+		up_read(&htable_rw_lock);
+		return 0;
 	}
 
+	up_read(&htable_rw_lock);
+
 	/*
 	 * Either the entry was not found, or it is expired.
 	 * Request a new DFS referral in order to create or update a cache entry.
 	 */
 	rc = get_dfs_referral(xid, ses, path, &refs, &numrefs);
 	if (rc)
-		goto out_unlock;
+		goto out;
 
 	dump_refs(refs, numrefs);
 
-	if (!newent) {
-		rc = update_cache_entry_locked(ce, refs, numrefs);
-		goto out_unlock;
+	down_write(&htable_rw_lock);
+	/* Re-check as another task might have it added or refreshed already */
+	ce = lookup_cache_entry(path);
+	if (!IS_ERR(ce)) {
+		if (cache_entry_expired(ce))
+			rc = update_cache_entry_locked(ce, refs, numrefs);
+	} else {
+		rc = add_cache_entry_locked(refs, numrefs);
 	}
 
-	rc = add_cache_entry_locked(refs, numrefs);
-
-out_unlock:
 	up_write(&htable_rw_lock);
+out:
 	free_dfs_info_array(refs, numrefs);
 	return rc;
 }

[1/5] cifs: fix potential deadlock in cache_refresh_path()

Commit Message

Comments

Patch