[5.13,014/151] cifs: Handle race conditions during rename

Message ID	20210816125444.542906568@linuxfoundation.org
State	New
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Rohith Surabattula <rohiths@microsoft.com>, Shyam Prasad N <sprasad@microsoft.com>, Steve French <stfrench@microsoft.com> Subject: [PATCH 5.13 014/151] cifs: Handle race conditions during rename Date: Mon, 16 Aug 2021 15:00:44 +0200 Message-Id: <20210816125444.542906568@linuxfoundation.org> In-Reply-To: <20210816125444.082226187@linuxfoundation.org> References: <20210816125444.082226187@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.13,002/151] Revert "usb: dwc3: gadget: Use list_replace_init() before traversing lists" [5.13,003/151] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels [5.13,004/151] iio: adis: set GPIO reset pin direction [5.13,005/151] iio: humidity: hdc100x: Add margin to the conversion time [5.13,006/151] iio: adc: Fix incorrect exit of for-loop [5.13,007/151] ASoC: amd: Fix reference to PCM buffer address [5.13,008/151] ASoC: xilinx: Fix reference to PCM buffer address [5.13,009/151] ASoC: uniphier: Fix reference to PCM buffer address [5.13,010/151] ASoC: tlv320aic31xx: Fix jack detection after suspend [5.13,011/151] ASoC: kirkwood: Fix reference to PCM buffer address [5.13,012/151] ASoC: intel: atom: Fix reference to PCM buffer address [5.13,013/151] i2c: dev: zero out array used for i2c reads from userspace [5.13,014/151] cifs: Handle race conditions during rename [5.13,015/151] cifs: create sd context must be a multiple of 8 [5.13,016/151] cifs: Call close synchronously during unlink/rename/lease break. [5.13,017/151] cifs: use the correct max-length for dentry_path_raw() [5.13,018/151] io_uring: drop ctx->uring_lock before flushing work item [5.13,019/151] io_uring: fix ctx-exit io_rsrc_put_work() deadlock [5.13,020/151] scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash [5.13,021/151] cgroup: rstat: fix A-A deadlock on 32bit around u64_stats_sync [5.13,022/151] seccomp: Fix setting loaded filter count during TSYNC [5.13,023/151] net: wwan: mhi_wwan_ctrl: Fix possible deadlock [5.13,024/151] net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases [5.13,025/151] ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch [5.13,026/151] ceph: reduce contention in ceph_check_delayed_caps() [5.13,027/151] pinctrl: k210: Fix k210_fpioa_probe() [5.13,028/151] ACPI: NFIT: Fix support for virtual SPA ranges [5.13,029/151] libnvdimm/region: Fix label activation vs errors [5.13,030/151] riscv: kexec: do not add -mno-relax flag if compiler doesnt support it [5.13,031/151] vmlinux.lds.h: Handle clangs module.{c,d}tor sections [5.13,032/151] drm/i915/gvt: Fix cached atomics setting for Windows VM [5.13,033/151] drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg [5.13,034/151] drm/amd/display: Remove invalid assert for ODM + MPC case [5.13,035/151] drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work [5.13,036/151] drm/amdgpu: Add preferred mode in modeset when freesync video modes enabled. [5.13,037/151] drm/amdgpu: dont enable baco on boco platforms in runpm [5.13,038/151] drm/amdgpu: handle VCN instances when harvesting (v2) [5.13,039/151] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi [5.13,040/151] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl [5.13,041/151] drm/mediatek: Fix cursor plane no update [5.13,042/151] pinctrl: mediatek: Fix fallback behavior for bias_set_combo [5.13,043/151] ASoC: cs42l42: Correct definition of ADC Volume control [5.13,044/151] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J [5.13,045/151] ASoC: cs42l42: Fix bclk calculation for mono [5.13,046/151] interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate [5.13,047/151] selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c [5.13,048/151] ASoC: SOF: Intel: Kconfig: fix SoundWire dependencies [5.13,049/151] ASoC: SOF: Intel: hda-ipc: fix reply size checking [5.13,050/151] ASoC: cs42l42: Fix inversion of ADC Notch Switch control [5.13,051/151] ASoC: cs42l42: Remove duplicate control for WNF filter frequency [5.13,052/151] netfilter: nf_conntrack_bridge: Fix memory leak when error [5.13,053/151] pinctrl: tigerlake: Fix GPIO mapping for newer version of software [5.13,054/151] ASoC: cs42l42: PLL must be running when changing MCLK_SRC_SEL [5.13,055/151] ASoC: cs42l42: Fix LRCLK frame start edge [5.13,056/151] ASoC: cs42l42: Fix mono playback [5.13,057/151] net: dsa: mt7530: add the missing RxUnicast MIB counter [5.13,058/151] net: mvvp2: fix short frame size on s390 [5.13,059/151] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables [5.13,060/151] perf/x86/intel: Apply mid ACK for small core [5.13,061/151] drm/amd/pm: Fix a memory leak in an error handling path in vangogh_tables_init() [5.13,062/151] libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT [5.13,063/151] libbpf: Do not close un-owned FD 0 on errors [5.13,064/151] bpf: Fix integer overflow involving bucket_size [5.13,065/151] net: dsa: qca: ar9331: make proper initial port defaults [5.13,066/151] net: phy: micrel: Fix link detection on ksz87xx switch" [5.13,067/151] ppp: Fix generating ifname when empty IFLA_IFNAME is specified [5.13,068/151] io_uring: clear TIF_NOTIFY_SIGNAL when running task work [5.13,069/151] net/smc: fix wait on already cleared link [5.13,070/151] net/smc: Correct smc link connection counter in case of smc client [5.13,071/151] net: sched: act_mirred: Reset ct info when mirror/redirect skb [5.13,072/151] ice: Prevent probing virtual functions [5.13,073/151] ice: Stop processing VF messages during teardown [5.13,074/151] ice: dont remove netdev->dev_addr from uc sync list [5.13,075/151] iavf: Set RSS LUT and key in reset handle path [5.13,076/151] psample: Add a fwd declaration for skbuff [5.13,077/151] bareudp: Fix invalid read beyond skbs linear data [5.13,078/151] io-wq: fix bug of creating io-wokers unconditionally [5.13,079/151] io-wq: fix IO_WORKER_F_FIXED issue in create_io_worker() [5.13,080/151] net/mlx5: Dont skip subfunction cleanup in case of error in module init [5.13,081/151] net/mlx5: DR, Add fail on error check on decap [5.13,082/151] net/mlx5e: Avoid creating tunnel headers for local route [5.13,083/151] net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free [5.13,084/151] net/mlx5: Block switchdev mode while devlink traps are active [5.13,085/151] net/mlx5e: TC, Fix error handling memory leak [5.13,086/151] net/mlx5: Synchronize correct IRQ when destroying CQ [5.13,087/151] net/mlx5: Fix return value from tracer initialization [5.13,088/151] drm/meson: fix colour distortion from HDR set during vendor u-boot [5.13,089/151] ovl: fix deadlock in splice write [5.13,090/151] bpf: Fix potentially incorrect results with bpf_get_local_storage() [5.13,091/151] net: dsa: microchip: Fix ksz_read64() [5.13,092/151] net: dsa: microchip: ksz8795: Fix PVID tag insertion [5.13,093/151] net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration [5.13,094/151] net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion [5.13,095/151] net: dsa: microchip: ksz8795: Use software untagging on CPU port [5.13,096/151] net: dsa: microchip: ksz8795: Fix VLAN filtering [5.13,097/151] net: dsa: microchip: ksz8795: Dont use phy_port_cnt in VLAN table lookup [5.13,098/151] net: Fix memory leak in ieee802154_raw_deliver [5.13,099/151] net: igmp: fix data-race in igmp_ifc_timer_expire() [5.13,100/151] net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump [5.13,101/151] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump [5.13,102/151] net: dsa: lantiq: fix broken backpressure in .port_fdb_dump [5.13,103/151] net: dsa: sja1105: fix broken backpressure in .port_fdb_dump [5.13,104/151] pinctrl: sunxi: Dont underestimate number of functions [5.13,105/151] net: bridge: fix flags interpretation for extern learn fdb entries [5.13,106/151] net: bridge: fix memleak in br_add_if() [5.13,107/151] net: linkwatch: fix failure to restore device state across suspend/resume [5.13,108/151] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets [5.13,109/151] net: igmp: increase size of mr_ifc_count [5.13,110/151] drm/i915: Only access SFC_DONE when media domain is not fused off [5.13,111/151] xen/events: Fix race in set_evtchn_to_irq [5.13,112/151] vsock/virtio: avoid potential deadlock when vsock device remove [5.13,113/151] nbd: Aovid double completion of a request [5.13,114/151] arm64: efi: kaslr: Fix occasional random alloc (and boot) failure [5.13,115/151] KVM: arm64: Fix off-by-one in range_is_memory [5.13,116/151] efi/libstub: arm64: Force Image reallocation if BSS was not reserved [5.13,117/151] efi/libstub: arm64: Relax 2M alignment again for relocatable kernels [5.13,118/151] powerpc/kprobes: Fix kprobe Oops happens in booke [5.13,119/151] i2c: iproc: fix race between client unreg and tasklet [5.13,120/151] x86/tools: Fix objdump version check again [5.13,121/151] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP [5.13,122/151] x86/msi: Force affinity setup before startup [5.13,123/151] x86/ioapic: Force affinity setup before startup [5.13,124/151] x86/resctrl: Fix default monitoring groups reporting [5.13,125/151] genirq/msi: Ensure deactivation on teardown [5.13,126/151] genirq/timings: Prevent potential array overflow in __irq_timings_store() [5.13,127/151] powerpc/interrupt: Fix OOPS by not calling do_IRQ() from timer_interrupt() [5.13,128/151] PCI/MSI: Enable and mask MSI-X early [5.13,129/151] PCI/MSI: Mask all unused MSI-X entries [5.13,130/151] PCI/MSI: Enforce that MSI-X table entry is masked for update [5.13,131/151] PCI/MSI: Enforce MSI[X] entry updates to be visible [5.13,132/151] PCI/MSI: Do not set invalid bits in MSI mask [5.13,133/151] PCI/MSI: Correct misleading comments [5.13,134/151] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() [5.13,135/151] PCI/MSI: Protect msi_desc::masked for multi-MSI [5.13,136/151] powerpc/interrupt: Do not call single_step_exception() from other exceptions [5.13,137/151] powerpc/pseries: Fix update of LPAR security flavor after LPM [5.13,138/151] powerpc/32s: Fix napping restore in data storage interrupt (DSI) [5.13,139/151] powerpc/smp: Fix OOPS in topology_init() [5.13,140/151] powerpc/xive: Do not skip CPU-less nodes when creating the IPIs [5.13,141/151] powerpc/32: Fix critical and debug interrupts on BOOKE [5.13,142/151] efi/libstub: arm64: Double check image alignment at entry [5.13,143/151] locking/rtmutex: Use the correct rtmutex debugging config option [5.13,144/151] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation [5.13,145/151] KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF [5.13,146/151] KVM: x86/mmu: Dont leak non-leaf SPTEs when zapping all SPTEs [5.13,147/151] KVM: x86/mmu: Protect marking SPs unsync when using TDP MMU with spinlock [5.13,148/151] ceph: add some lockdep assertions around snaprealm handling [5.13,149/151] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm [5.13,150/151] ceph: take snap_empty_lock atomically with snaprealm refcount change [5.13,151/151] kasan, slub: reset tag when printing address

Message ID

20210816125444.542906568@linuxfoundation.org

State

New

Headers

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Rohith Surabattula <rohiths@microsoft.com>,
	Shyam Prasad N <sprasad@microsoft.com>,
	Steve French <stfrench@microsoft.com>
Subject: [PATCH 5.13 014/151] cifs: Handle race conditions during rename
Date: Mon, 16 Aug 2021 15:00:44 +0200
Message-Id: <20210816125444.542906568@linuxfoundation.org>
In-Reply-To: <20210816125444.082226187@linuxfoundation.org>
References: <20210816125444.082226187@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

None | expand

Commit Message

Greg KH Aug. 16, 2021, 1 p.m. UTC

From: Rohith Surabattula <rohiths@microsoft.com>

commit 41535701da3324b80029cabb501e86c4fafe339d upstream.

When rename is executed on directory which has files for which
close is deferred, then rename will fail with EACCES.

This patch will try to close all deferred files when EACCES is received
and retry rename on a directory.

Signed-off-by: Rohith Surabattula <rohiths@microsoft.com>
Cc: stable@vger.kernel.org # 5.13
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/cifs/inode.c |   19 +++++++++++++++++--
 fs/cifs/misc.c  |   16 +++++++++++-----
 2 files changed, 28 insertions(+), 7 deletions(-)

--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1637,7 +1637,7 @@  int cifs_unlink(struct inode *dir, struc
 		goto unlink_out;
 	}
 
-	cifs_close_all_deferred_files(tcon);
+	cifs_close_deferred_file(CIFS_I(inode));
 	if (cap_unix(tcon->ses) && (CIFS_UNIX_POSIX_PATH_OPS_CAP &
 				le64_to_cpu(tcon->fsUnixInfo.Capability))) {
 		rc = CIFSPOSIXDelFile(xid, tcon, full_path,
@@ -2096,6 +2096,7 @@  cifs_rename2(struct user_namespace *mnt_
 	FILE_UNIX_BASIC_INFO *info_buf_target;
 	unsigned int xid;
 	int rc, tmprc;
+	int retry_count = 0;
 
 	if (flags & ~RENAME_NOREPLACE)
 		return -EINVAL;
@@ -2125,10 +2126,24 @@  cifs_rename2(struct user_namespace *mnt_
 		goto cifs_rename_exit;
 	}
 
-	cifs_close_all_deferred_files(tcon);
+	cifs_close_deferred_file(CIFS_I(d_inode(source_dentry)));
+	if (d_inode(target_dentry) != NULL)
+		cifs_close_deferred_file(CIFS_I(d_inode(target_dentry)));
+
 	rc = cifs_do_rename(xid, source_dentry, from_name, target_dentry,
 			    to_name);
 
+	if (rc == -EACCES) {
+		while (retry_count < 3) {
+			cifs_close_all_deferred_files(tcon);
+			rc = cifs_do_rename(xid, source_dentry, from_name, target_dentry,
+					    to_name);
+			if (rc != -EACCES)
+				break;
+			retry_count++;
+		}
+	}
+
 	/*
 	 * No-replace is the natural behavior for CIFS, so skip unlink hacks.
 	 */
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -735,13 +735,19 @@  void
 cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
 {
 	struct cifsFileInfo *cfile = NULL;
-	struct cifs_deferred_close *dclose;
+
+	if (cifs_inode == NULL)
+		return;
 
 	list_for_each_entry(cfile, &cifs_inode->openFileList, flist) {
-		spin_lock(&cifs_inode->deferred_lock);
-		if (cifs_is_deferred_close(cfile, &dclose))
-			mod_delayed_work(deferredclose_wq, &cfile->deferred, 0);
-		spin_unlock(&cifs_inode->deferred_lock);
+		if (delayed_work_pending(&cfile->deferred)) {
+			/*
+			 * If there is no pending work, mod_delayed_work queues new work.
+			 * So, Increase the ref count to avoid use-after-free.
+			 */
+			if (!mod_delayed_work(deferredclose_wq, &cfile->deferred, 0))
+				cifsFileInfo_get(cfile);
+		}
 	}
 }

[5.13,014/151] cifs: Handle race conditions during rename

Commit Message

Patch