2022-05-19 22:00 GMT+09:00, Hyunchul Lee hyc.lee@gmail.com:
outstanding credits must be initialized to 0, because it means the sum of credits consumed by in-flight requests. And outstanding credits must be compared with total credits in smb2_validate_credit_charge(), because total credits are the sum of credits granted by ksmbd.
This patch fix the following error, while frametest with Windows clients:
Limits exceeding the maximum allowable outstanding requests, given : 128, pending : 8065
Fixes: b589f5db6d4a ("ksmbd: limits exceeding the maximum allowable outstanding requests") Cc: stable@vger.kernel.org Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Reported-by: Yufan Chen wiz.chen@gmail.com Tested-by: Yufan Chen wiz.chen@gmail.com
changes from v1:
- Add "Fixes" and stable tags
fs/ksmbd/connection.c | 2 +- fs/ksmbd/smb2misc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c index 7db87771884a..e8f476c5f189 100644 --- a/fs/ksmbd/connection.c +++ b/fs/ksmbd/connection.c @@ -62,7 +62,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void) atomic_set(&conn->req_running, 0); atomic_set(&conn->r_count, 0); conn->total_credits = 1;
- conn->outstanding_credits = 1;
- conn->outstanding_credits = 0;
You need to consider auto negotiation from windows client connection. So it will cause integer underflow issue.
init_waitqueue_head(&conn->req_running_q); INIT_LIST_HEAD(&conn->conns_list); diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c index 4a9460153b59..f8f456377a51 100644 --- a/fs/ksmbd/smb2misc.c +++ b/fs/ksmbd/smb2misc.c @@ -338,7 +338,7 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn, ret = 1; }
- if ((u64)conn->outstanding_credits + credit_charge >
conn->vals->max_credits) {
- if ((u64)conn->outstanding_credits + credit_charge > conn->total_credits)
{ ksmbd_debug(SMB, "Limits exceeding the maximum allowable outstanding requests, given : %u, pending : %u\n", credit_charge, conn->outstanding_credits); ret = 1; -- 2.25.1