diff mbox series

[SRU,Jammy,1/3] ksmbd: add smb-direct shutdown

Message ID 20231127225004.615336-2-cengiz.can@canonical.com
State New
Headers show
Series CVE-2023-32252 | expand

Commit Message

Cengiz Can Nov. 27, 2023, 10:50 p.m. UTC
From: Yufan Chen <wiz.chen@gmail.com>

When killing ksmbd server after connecting rdma, ksmbd threads does not
terminate properly because the rdma connection is still alive.
This patch add shutdown operation to disconnect rdma connection while
ksmbd threads terminate.

Signed-off-by: Yufan Chen <wiz.chen@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
CVE-2023-32252
(backported from commit 136dff3a6b71dc16c30b35cc390feb0bfc32ed50)
[cengizcan: prerequisite commit]
[cengizcan: we don't have commit 64b39f4a2fd2 ("cifsd: clean-up codes using
chechpatch.pl --strict") however we have commit be6f42fad5f5 ("ksmbd: don't
terminate inactive sessions after a few seconds") so context is very different.
adjust context]
Signed-off-by: Cengiz Can <cengiz.can@canonical.com>
---
 fs/ksmbd/connection.c     |  9 ++++++++-
 fs/ksmbd/connection.h     |  1 +
 fs/ksmbd/transport_rdma.c | 10 ++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index cab274b77727..8e2500a5fa01 100644
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -400,17 +400,24 @@  int ksmbd_conn_transport_init(void)
 static void stop_sessions(void)
 {
 	struct ksmbd_conn *conn;
+	struct ksmbd_transport *t;
 
 again:
 	read_lock(&conn_list_lock);
 	list_for_each_entry(conn, &conn_list, conns_list) {
 		struct task_struct *task;
 
-		task = conn->transport->handler;
+		t = conn->transport;
+		task = t->handler;
 		if (task)
 			ksmbd_debug(CONN, "Stop session handler %s/%d\n",
 				    task->comm, task_pid_nr(task));
 		conn->status = KSMBD_SESS_EXITING;
+		if (t->ops->shutdown) {
+			read_unlock(&conn_list_lock);
+			t->ops->shutdown(t);
+			read_lock(&conn_list_lock);
+		}
 	}
 	read_unlock(&conn_list_lock);
 
diff --git a/fs/ksmbd/connection.h b/fs/ksmbd/connection.h
index 89eb41bbd160..fd243cdddb22 100644
--- a/fs/ksmbd/connection.h
+++ b/fs/ksmbd/connection.h
@@ -110,6 +110,7 @@  struct ksmbd_conn_ops {
 struct ksmbd_transport_ops {
 	int (*prepare)(struct ksmbd_transport *t);
 	void (*disconnect)(struct ksmbd_transport *t);
+	void (*shutdown)(struct ksmbd_transport *t);
 	int (*read)(struct ksmbd_transport *t, char *buf,
 		    unsigned int size, int max_retries);
 	int (*writev)(struct ksmbd_transport *t, struct kvec *iovs, int niov,
diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c
index 9ca29cdb7898..b64518a0cc58 100644
--- a/fs/ksmbd/transport_rdma.c
+++ b/fs/ksmbd/transport_rdma.c
@@ -1444,6 +1444,15 @@  static void smb_direct_disconnect(struct ksmbd_transport *t)
 	free_transport(st);
 }
 
+static void smb_direct_shutdown(struct ksmbd_transport *t)
+{
+	struct smb_direct_transport *st = smb_trans_direct_transfort(t);
+
+	ksmbd_debug(RDMA, "smb-direct shutdown cm_id=%p\n", st->cm_id);
+
+	smb_direct_disconnect_rdma_work(&st->disconnect_work);
+}
+
 static int smb_direct_cm_handler(struct rdma_cm_id *cm_id,
 				 struct rdma_cm_event *event)
 {
@@ -2073,6 +2082,7 @@  bool ksmbd_rdma_capable_netdev(struct net_device *netdev)
 static struct ksmbd_transport_ops ksmbd_smb_direct_transport_ops = {
 	.prepare	= smb_direct_prepare,
 	.disconnect	= smb_direct_disconnect,
+	.shutdown	= smb_direct_shutdown,
 	.writev		= smb_direct_writev,
 	.read		= smb_direct_read,
 	.rdma_read	= smb_direct_rdma_read,