ksmbd: limits exceeding the maximum allowable outstanding requests

BugLink: https://bugs.launchpad.net/bugs/1959376
commit b589f5db6d4af8f14d70e31e1276b4c017668a26 upstream.

If the client ignores the CreditResponse received from the server and
continues to send the request, ksmbd limits the requests if it exceeds
smb2 max credits.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index b57a0d8a392ff5c8a388e042be4811edcd0a7d9f..f7d5e8b7bef77e89f7d75db4207497621119f468 100644 (file)
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -62,6 +62,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void)
        atomic_set(&conn->req_running, 0);
        atomic_set(&conn->r_count, 0);
        conn->total_credits = 1;
+       conn->outstanding_credits = 1;
 
        init_waitqueue_head(&conn->req_running_q);
        INIT_LIST_HEAD(&conn->conns_list);

diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h
index 08e85568ccd63e7bea161f68d45251da7e1ece11..8694aef482c1a7725910cba809176da44af8a222 100644 (file)
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -61,7 +61,8 @@ struct ksmbd_conn {
        atomic_t                        req_running;
        /* References which are made for this Server object*/
        atomic_t                        r_count;
-       unsigned short                  total_credits;
+       unsigned int                    total_credits;
+       unsigned int                    outstanding_credits;
        spinlock_t                      credits_lock;
        wait_queue_head_t               req_running_q;
        /* Lock to protect requests list*/

diff --git a/fs/ksmbd/smb2misc.c b/fs/ksmbd/smb2misc.c
index e4a28eae51b25d3820a8e663cee3533567b73fc0..cc1c38686ecd70955aafb3d18291e3b67d793595 100644 (file)
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -338,7 +338,16 @@ static int smb2_validate_credit_charge(struct ksmbd_conn *conn,
                            credit_charge, conn->total_credits);
                ret = 1;
        }
+
+       if ((u64)conn->outstanding_credits + credit_charge > conn->vals->max_credits) {
+               ksmbd_debug(SMB, "Limits exceeding the maximum allowable outstanding requests, given : %u, pending : %u\n",
+                           credit_charge, conn->outstanding_credits);
+               ret = 1;
+       } else
+               conn->outstanding_credits += credit_charge;
+
        spin_unlock(&conn->credits_lock);
+
        return ret;
 }
 

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 1d9eb78734526e075dbeb2605c32c9a26a9ee7ac..f694ee10a0bc8fa0579139feaab453c8abd03480 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -324,6 +324,7 @@ int smb2_set_rsp_credits(struct ksmbd_work *work)
        }
 
        conn->total_credits -= credit_charge;
+       conn->outstanding_credits -= credit_charge;
        credits_requested = max_t(unsigned short,
                                  le16_to_cpu(req_hdr->CreditRequest), 1);