[PATCH 5.16 0040/1039] ksmbd: limits exceeding the maximum allowable outstanding requests

From: Greg Kroah-Hartman
Date: Mon Jan 24 2022 - 16:27:34 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.16 0067/1039] ARM: dts: at91: update alternate function of signal PD20"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 327/563] crypto: jitter - consider 32 LSB for APT"
In reply to: Greg Kroah-Hartman: "[PATCH 5.16 0007/1039] HID: wacom: Avoid using stale array indicies to read contact count"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.16 0067/1039] ARM: dts: at91: update alternate function of signal PD20"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namjae Jeon <linkinjeon@xxxxxxxxxx>

commit b589f5db6d4af8f14d70e31e1276b4c017668a26 upstream.

If the client ignores the CreditResponse received from the server and
continues to send the request, ksmbd limits the requests if it exceeds
smb2 max credits.

Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/ksmbd/connection.c | 1 +
fs/ksmbd/connection.h | 3 ++-
fs/ksmbd/smb2misc.c | 9 +++++++++
fs/ksmbd/smb2pdu.c | 1 +
4 files changed, 13 insertions(+), 1 deletion(-)

--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -62,6 +62,7 @@ struct ksmbd_conn *ksmbd_conn_alloc(void
atomic_set(&conn->req_running, 0);
atomic_set(&conn->r_count, 0);
conn->total_credits = 1;
+ conn->outstanding_credits = 1;

init_waitqueue_head(&conn->req_running_q);
INIT_LIST_HEAD(&conn->conns_list);
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -61,7 +61,8 @@ struct ksmbd_conn {
atomic_t req_running;
/* References which are made for this Server object*/
atomic_t r_count;
- unsigned short total_credits;
+ unsigned int total_credits;
+ unsigned int outstanding_credits;
spinlock_t credits_lock;
wait_queue_head_t req_running_q;
/* Lock to protect requests list*/
--- a/fs/ksmbd/smb2misc.c
+++ b/fs/ksmbd/smb2misc.c
@@ -337,7 +337,16 @@ static int smb2_validate_credit_charge(s
credit_charge, conn->total_credits);
ret = 1;
}
+
+ if ((u64)conn->outstanding_credits + credit_charge > conn->vals->max_credits) {
+ ksmbd_debug(SMB, "Limits exceeding the maximum allowable outstanding requests, given : %u, pending : %u\n",
+ credit_charge, conn->outstanding_credits);
+ ret = 1;
+ } else
+ conn->outstanding_credits += credit_charge;
+
spin_unlock(&conn->credits_lock);
+
return ret;
}

--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -322,6 +322,7 @@ int smb2_set_rsp_credits(struct ksmbd_wo
}

conn->total_credits -= credit_charge;
+ conn->outstanding_credits -= credit_charge;
credits_requested = max_t(unsigned short,
le16_to_cpu(req_hdr->CreditRequest), 1);

Next message: Greg Kroah-Hartman: "[PATCH 5.16 0067/1039] ARM: dts: at91: update alternate function of signal PD20"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 327/563] crypto: jitter - consider 32 LSB for APT"
In reply to: Greg Kroah-Hartman: "[PATCH 5.16 0007/1039] HID: wacom: Avoid using stale array indicies to read contact count"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.16 0067/1039] ARM: dts: at91: update alternate function of signal PD20"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]