From: Stefan Metzmacher metze@samba.org
[ Upstream commit 550a194c5998e4e77affc6235e80d3766dc2d27e ]
It is already called long before we may hit this cleanup code path.
Cc: Steve French smfrench@gmail.com Cc: Tom Talpey tom@talpey.com Cc: Long Li longli@microsoft.com Cc: linux-cifs@vger.kernel.org Cc: samba-technical@lists.samba.org Signed-off-by: Stefan Metzmacher metze@samba.org Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
Based on my analysis, I can now provide a comprehensive answer about whether this commit should be backported.
**Backport Status: YES**
This commit should be backported to stable kernel trees for the following reasons:
## Analysis of the Bug Fix
1. **Clear Bug Identification**: The commit fixes a redundant initialization bug where `init_waitqueue_head(&info->conn_wait)` is called twice in the error path: - First initialization at line 1630 (in the normal flow) - Second redundant initialization at line 1696 (in the `negotiation_failed` error path)
2. **Bug Impact**: While calling `init_waitqueue_head()` twice on the same wait queue is not catastrophic, it is incorrect and could potentially cause issues: - The wait queue is already initialized and potentially in use (via `wait_event()` at line 1639-1642) - Re-initializing a wait queue that might have waiters or be in an intermediate state could lead to subtle synchronization issues - This violates the kernel's initialization patterns and could mask other bugs
3. **Fix Characteristics**: - **Minimal and Contained**: The fix is a single-line removal of redundant code - **Low Risk**: Removing a redundant initialization cannot introduce new bugs - **Clear Intent**: The commit message clearly states the issue and the fix - **No Feature Changes**: This is purely a bug fix with no functional changes
4. **Code Flow Analysis**: - At line 1630, `info->conn_wait` is properly initialized before `rdma_connect()` - The wait queue is then used at line 1639-1642 with `wait_event_interruptible_timeout()` - If `smbd_negotiate()` fails (line 1672-1675), the code jumps to `negotiation_failed` - The redundant re-initialization at line 1696 happens AFTER the wait queue has already been used - This could potentially corrupt any pending waiters or internal state
5. **Historical Context**: - Both `init_waitqueue_head()` calls were present since the initial commit (f198186aa9bbd from 2017) - This appears to be an original coding error that has persisted - The error path likely wasn't thoroughly tested or reviewed
6. **Stable Tree Criteria Met**: - ✅ Fixes a real bug (redundant initialization that could cause issues) - ✅ Small change (single line removal) - ✅ Obviously correct (removing duplicate initialization) - ✅ No risk of regression (removing redundant code) - ✅ Already tested (merged into mainline)
The commit satisfies all stable kernel criteria for backporting: it's a simple, obvious fix for a real bug with minimal risk of introducing regressions.
fs/smb/client/smbdirect.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c index 754e94a0e07f..75142c391d0c 100644 --- a/fs/smb/client/smbdirect.c +++ b/fs/smb/client/smbdirect.c @@ -1735,7 +1735,6 @@ static struct smbd_connection *_smbd_get_connection( cancel_delayed_work_sync(&info->idle_timer_work); destroy_caches_and_workqueue(info); sc->status = SMBDIRECT_SOCKET_NEGOTIATE_FAILED; - init_waitqueue_head(&info->conn_wait); rdma_disconnect(sc->rdma.cm_id); wait_event(info->conn_wait, sc->status == SMBDIRECT_SOCKET_DISCONNECTED);