review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Pavel Shilovsky <pshilov@microsoft.com>
	Sat, 19 Jan 2019 01:25:36 +0000 (17:25 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 31 Jan 2019 07:14:37 +0000 (08:14 +0100)
commit	779c65bb77391b9e096a0cd1d22c039e9a133911
tree	749bca7edcb9bcd640c8710fb4f9cf0264b769e5	tree \| snapshot
parent	2ae6fedbd5cb4144f5cf40681b9a3ea5464d31bd	commit \| diff

CIFS: Do not reconnect TCP session in add_credits()

commit ef68e831840c40c7d01b328b3c0f5d8c4796c232 upstream.

When executing add_credits() we currently call cifs_reconnect()
if the number of credits is zero and there are no requests in
flight. In this case we may call cifs_reconnect() recursively
twice and cause memory corruption given the following sequence
of functions:

mid1.callback() -> add_credits() -> cifs_reconnect() ->
-> mid2.callback() -> add_credits() -> cifs_reconnect().

Fix this by avoiding to call cifs_reconnect() in add_credits()
and checking for zero credits in the demultiplex thread.

Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/cifs/connect.c		diff \| blob \| history
fs/cifs/smb2ops.c		diff \| blob \| history