Commit d8b6dc92 authored by Namjae Jeon's avatar Namjae Jeon Committed by Steve French
Browse files

ksmbd: add max ip connections parameter 



This parameter set the maximum number of connections per ip address.
The default is 8.

Cc: stable@vger.kernel.org
Fixes: c0d41112 ("ksmbd: extend the connection limiting mechanism to support IPv6")
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 88daf2f4

fs/smb/server/ksmbd_netlink.h

+3 −2
Original line number Diff line number Diff line
@@ -112,10 +112,11 @@ struct ksmbd_startup_request { 
	__u32	smbd_max_io_size;	/* smbd read write size */

	__u32	max_connections;	/* Number of maximum simultaneous connections */

	__s8	bind_interfaces_only;

	__s8	reserved[503];		/* Reserved room */

	__u32	max_ip_connections;	/* Number of maximum connection per ip address */

	__s8	reserved[499];		/* Reserved room */

	__u32	ifc_list_sz;		/* interfaces list size */

	__s8	____payload[];

};

} __packed;



#define KSMBD_STARTUP_CONFIG_INTERFACES(s)	((s)->____payload)

fs/smb/server/server.h

+1 −0
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ struct ksmbd_server_config { 
	unsigned int		auth_mechs;

	unsigned int		max_connections;

	unsigned int		max_inflight_req;

	unsigned int		max_ip_connections;



	char			*conf[SERVER_CONF_WORK_GROUP + 1];

	struct task_struct	*dh_task;

fs/smb/server/transport_ipc.c

+3 −0
Original line number Diff line number Diff line
@@ -335,6 +335,9 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) 
	if (req->max_connections)

		server_conf.max_connections = req->max_connections;



	if (req->max_ip_connections)

		server_conf.max_ip_connections = req->max_ip_connections;



	ret = ksmbd_set_netbios_name(req->netbios_name);

	ret |= ksmbd_set_server_string(req->server_string);

	ret |= ksmbd_set_work_group(req->work_group);

fs/smb/server/transport_tcp.c

+16 −11
Original line number Diff line number Diff line
@@ -225,6 +225,7 @@ static int ksmbd_kthread_fn(void *p) 
	struct interface *iface = (struct interface *)p;

	struct ksmbd_conn *conn;

	int ret;

	unsigned int max_ip_conns;



	while (!kthread_should_stop()) {

		mutex_lock(&iface->sock_release_lock);
@@ -242,34 +243,38 @@ static int ksmbd_kthread_fn(void *p) 
			continue;

		}



		if (!server_conf.max_ip_connections)

			goto skip_max_ip_conns_limit;



		/*

		 * Limits repeated connections from clients with the same IP.

		 */

		max_ip_conns = 0;

		down_read(&conn_list_lock);

		list_for_each_entry(conn, &conn_list, conns_list)

		list_for_each_entry(conn, &conn_list, conns_list) {

#if IS_ENABLED(CONFIG_IPV6)

			if (client_sk->sk->sk_family == AF_INET6) {

				if (memcmp(&client_sk->sk->sk_v6_daddr,

					   &conn->inet6_addr, 16) == 0) {

					ret = -EAGAIN;

					break;

				}

					   &conn->inet6_addr, 16) == 0)

					max_ip_conns++;

			} else if (inet_sk(client_sk->sk)->inet_daddr ==

				 conn->inet_addr) {

				ret = -EAGAIN;

				break;

			}

				 conn->inet_addr)

				max_ip_conns++;

#else

			if (inet_sk(client_sk->sk)->inet_daddr ==

			    conn->inet_addr) {

			    conn->inet_addr)

				max_ip_conns++;

#endif

			if (server_conf.max_ip_connections <= max_ip_conns) {

				ret = -EAGAIN;

				break;

			}

#endif

		}

		up_read(&conn_list_lock);

		if (ret == -EAGAIN)

			continue;



skip_max_ip_conns_limit:

		if (server_conf.max_connections &&

		    atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {

			pr_info_ratelimited("Limit the maximum number of connections(%u)\n",