• Paulo Alcantara's avatar
    cifs: Fix infinite loop when using hard mount option · 7ffbe655
    Paulo Alcantara authored
    For every request we send, whether it is SMB1 or SMB2+, we attempt to
    reconnect tcon (cifs_reconnect_tcon or smb2_reconnect) before carrying
    out the request.
    
    So, while server->tcpStatus != CifsNeedReconnect, we wait for the
    reconnection to succeed on wait_event_interruptible_timeout(). If it
    returns, that means that either the condition was evaluated to true, or
    timeout elapsed, or it was interrupted by a signal.
    
    Since we're not handling the case where the process woke up due to a
    received signal (-ERESTARTSYS), the next call to
    wait_event_interruptible_timeout() will _always_ fail and we end up
    looping forever inside either cifs_reconnect_tcon() or smb2_reconnect().
    
    Here's an example of how to trigger that:
    
    $ mount.cifs //foo/share /mnt/test -o
    username=foo,password=foo,vers=1.0,hard
    
    (break connection to server before executing bellow cmd)
    $ stat -f /mnt/test & sleep 140
    [1] 2511
    
    $ ps -aux -q 2511
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root      2511  0.0  0.0  12892  1008 pts/0    S    12:24   0:00 stat -f
    /mnt/test
    
    $ kill -9 2511
    
    (wait for a while; process is stuck in the kernel)
    $ ps -aux -q 2511
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root      2511 83.2  0.0  12892  1008 pts/0    R    12:24  30:01 stat -f
    /mnt/test
    
    By using 'hard' mount point means that cifs.ko will keep retrying
    indefinitely, however we must allow the process to be killed otherwise
    it would hang the system.
    Signed-off-by: default avatarPaulo Alcantara <palcantara@suse.de>
    Cc: stable@vger.kernel.org
    Reviewed-by: default avatarAurelien Aptel <aaptel@suse.com>
    Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
    7ffbe655
cifssmb.c 191 KB