3.16.52-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Shu Wang shuwang@redhat.com
commit f5c4ba816315d3b813af16f5571f86c8d4e897bd upstream.
There is a race that cause cifs reconnect in cifs_mount, - cifs_mount - cifs_get_tcp_session - [ start thread cifs_demultiplex_thread - cifs_read_from_socket: -ECONNABORTED - DELAY_WORK smb2_reconnect_server ] - cifs_setup_session - [ smb2_reconnect_server ]
auth_key.response was allocated in cifs_setup_session, and will release when the session destoried. So when session re- connect, auth_key.response should be check and released.
Tested with my system: CIFS VFS: Free previous auth_key.response = ffff8800320bbf80
A simple auth_key.response allocation call trace: - cifs_setup_session - SMB2_sess_setup - SMB2_sess_auth_rawntlmssp_authenticate - build_ntlmssp_auth_blob - setup_ntlmv2_rsp
Signed-off-by: Shu Wang shuwang@redhat.com Signed-off-by: Steve French smfrench@gmail.com Reviewed-by: Ronnie Sahlberg lsahlber@redhat.com Signed-off-by: Ben Hutchings ben@decadent.org.uk --- fs/cifs/connect.c | 8 ++++++++ 1 file changed, 8 insertions(+)
--- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3956,6 +3956,14 @@ cifs_setup_session(const unsigned int xi cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n", server->sec_mode, server->capabilities, server->timeAdj);
+ if (ses->auth_key.response) { + cifs_dbg(VFS, "Free previous auth_key.response = %p\n", + ses->auth_key.response); + kfree(ses->auth_key.response); + ses->auth_key.response = NULL; + ses->auth_key.len = 0; + } + if (server->ops->sess_setup) rc = server->ops->sess_setup(xid, ses, nls_info);