Commit 9351590f authored by Enzo Matsumiya's avatar Enzo Matsumiya Committed by Steve French
Browse files

cifs: properly invalidate cached root handle when closing it 



Cached root file was not being completely invalidated sometimes.

Reproducing:
- With a DFS share with 2 targets, one disabled and one enabled
- start some I/O on the mount
  # while true; do ls /mnt/dfs; done
- at the same time, disable the enabled target and enable the disabled
  one
- wait for DFS cache to expire
- on reconnect, the previous cached root handle should be invalid, but
  open_cached_dir_by_dentry() will still try to use it, but throws a
  use-after-free warning (kref_get())

Make smb2_close_cached_fid() invalidate all fields every time, but only
send an SMB2_close() when the entry is still valid.

Signed-off-by: default avatarEnzo Matsumiya <ematsumiya@suse.de>
Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 8d014f5f

fs/cifs/smb2ops.c

+13 −7
Original line number Diff line number Diff line
@@ -689,6 +689,13 @@ smb2_close_cached_fid(struct kref *ref) 
		cifs_dbg(FYI, "clear cached root file handle\n");

		SMB2_close(0, cfid->tcon, cfid->fid->persistent_fid,

			   cfid->fid->volatile_fid);

	}



	/*

	 * We only check validity above to send SMB2_close,

	 * but we still need to invalidate these entries

	 * when this function is called

	 */

	cfid->is_valid = false;

	cfid->file_all_info_is_valid = false;

	cfid->has_lease = false;
@@ -697,7 +704,6 @@ smb2_close_cached_fid(struct kref *ref) 
		cfid->dentry = NULL;

	}

}

}



void close_cached_dir(struct cached_fid *cfid)

{