From patchwork Wed Apr 24 03:46:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 13641169 Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 795B885C59 for ; Wed, 24 Apr 2024 03:46:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713930395; cv=none; b=SuQ4hI41BVi6S5O2OhFCh8T+2569rG3BrhGG6xrraTNlyn1cGbCFgvx49t58GWTGjerwJTRbB4LeyeUoWv6uQYXKyCAje/IZ3zfZrRm6L2MxaItA7le4pH7NrkbL/EtcJr5DEyiGrSngy3Pq4iYYLVsNZh18gq3eOYULYHwP05E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713930395; c=relaxed/simple; bh=DMEhOrp81XbyR/nTLsFewEZnGGDbmvoNKPIyvByOpJQ=; h=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Content-Type; b=Q9NReZL7Lwn7dRwtntYNwgzns93DA5nNkFE0/puFHeWSbACZKJY5wQy7Jm0PRAtP2XNOCSti2Nu1kXcIlZ8KCsXG+gDTpqfjL3rhHqu0mHM86Pcc4Nnno+HXI2sWWu5FNGRtIgU4y8W7JKs7j9fjPYkivgt8GeSYGV+CN2Pe+nE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ezZpYj+l; arc=none smtp.client-ip=209.85.208.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ezZpYj+l" Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2db101c11feso3676771fa.0 for ; Tue, 23 Apr 2024 20:46:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713930391; x=1714535191; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=hZ05oNx3eb/gRKmx+Ygj5KdjCTaVIcBe9+0X/4/rao8=; b=ezZpYj+lW1xICIMD9vUZryLZJ/tkngwTl2uEYVfrcqxCPO6XjnWhl/owPIfF8ZIpwr pttzCJrtFop2/l3ImkXMUITospKZPWHdESzmWbxiVAuAE0bOUBp1q9OsSHdshB55fTiR 2GdAh40lrnxQLIc2SBgrrXZS4IIKyM7AeCA/lGx9KpYgvoewAo/e09fO/4z9NOy15rrh qt72NMHVlmilNXzwZjuG2W7xpH+vWxGYdzD1e80pmoEr56Ye8lpRLhvckkPadw36xEka fewpuIB6+kmdzzsLdr6kMf5Ruu7TujST5qrFZ24EkFwwFO+EiY/847uU6w/eNi1tp9uC c0WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713930391; x=1714535191; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hZ05oNx3eb/gRKmx+Ygj5KdjCTaVIcBe9+0X/4/rao8=; b=aHuFqP3TS5MNUhFztjVz+z7UPzg1sZp5s8hqwG64iNnzdRwHvQlE21eqGSOBU5VQxh i1ZdDBpUIJbk9XPHdGLIq9N1ePX54TF96IGyuvNO5sZExYDaFYVkASb9zWLi7FMbI64a baJxx9amCfAiIc8CVguB6ejarryZX/efues48EuS52IXVi9agFV1XD9qhXeSCJ3UadwS EvhMyl635ZNTKDs0oWJMw9z992DP3rozgLWM8kE5aH5w0UWNO3lwTT2aD3RbbB2hb/XS 7OPl/ye+i2sG7qYhHjIf/EO8mJiec3tGP8AnU74MXSJHL2mCisgFtlr+GOXFUzShuSZ/ d87A== X-Gm-Message-State: AOJu0YyWXg6xX7x3ztnOXMoLP9xvD0xOu8RN8MwkKxoiCPmMD1RF5A3G RnaI90/NcdtnUTxR/Sml+mjADr4CkffE6DBiAngYxQR+ogCbSZxhe2efjxeOBsek34vd3YEHtmw 4/vVneqRZImE4CGWLzw6jP9JXT8gfMZWT X-Google-Smtp-Source: AGHT+IFm1uLv/onewmC32uo6n1UbUt6bcUaJQrOCxqo0uOVh+fdu+Isf/FQq+8f0bzL1Q8ba0zzm2oBqpdsxFp0T+wo= X-Received: by 2002:a2e:900d:0:b0:2dd:c015:b67b with SMTP id h13-20020a2e900d000000b002ddc015b67bmr395571ljg.16.1713930390925; Tue, 23 Apr 2024 20:46:30 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-cifs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Steve French Date: Tue, 23 Apr 2024 22:46:18 -0500 Message-ID: Subject: [PATCH][SMB3 client] fix potential deadlock in cifs_sync_mid_result To: CIFS , Shyam Prasad N Cc: Enzo Matsumiya , Pavel Shilovsky Coverity spotted that the cifs_sync_mid_result function could deadlock since cifs_server_dbg graps the srv_lock while we are still holding the mid_lock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") See attached patch From 9b42329261067a500f2452f131c88c8cb0b62aa5 Mon Sep 17 00:00:00 2001 From: Steve French Date: Tue, 23 Apr 2024 22:35:28 -0500 Subject: [PATCH] smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") Cc: stable@vger.kernel.org Signed-off-by: Steve French --- fs/smb/client/transport.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 994d70193432..443b4b89431d 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -909,9 +909,11 @@ cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) list_del_init(&mid->qhead); mid->mid_flags |= MID_DELETED; } + spin_unlock(&server->mid_lock); cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", __func__, mid->mid, mid->mid_state); - rc = -EIO; + release_mid(mid); + return -EIO; } spin_unlock(&server->mid_lock); -- 2.40.1