Commit ddb7ea36 authored by Namjae Jeon's avatar Namjae Jeon Committed by Steve French
Browse files

ksmbd: fix r_count dec/increment mismatch 



r_count is only increased when there is an oplock break wait,
so r_count inc/decrement are not paired. This can cause r_count
to become negative, which can lead to a problem where the ksmbd
thread does not terminate.

Fixes: 3aa660c0 ("ksmbd: prevent connection release during oplock break notification")
Reported-by: default avatarNorbert Szetei <norbert@doyensec.com>
Tested-by: default avatarNorbert Szetei <norbert@doyensec.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent c1883049

fs/smb/server/oplock.c

+2 −2
Original line number Diff line number Diff line
@@ -724,8 +724,8 @@ static int smb2_oplock_break_noti(struct oplock_info *opinfo) 
	work->conn = conn;

	work->sess = opinfo->sess;



	if (opinfo->op_state == OPLOCK_ACK_WAIT) {

	ksmbd_conn_r_count_inc(conn);

	if (opinfo->op_state == OPLOCK_ACK_WAIT) {

		INIT_WORK(&work->work, __smb2_oplock_break_noti);

		ksmbd_queue_work(work);
@@ -833,8 +833,8 @@ static int smb2_lease_break_noti(struct oplock_info *opinfo) 
	work->conn = conn;

	work->sess = opinfo->sess;



	if (opinfo->op_state == OPLOCK_ACK_WAIT) {

	ksmbd_conn_r_count_inc(conn);

	if (opinfo->op_state == OPLOCK_ACK_WAIT) {

		INIT_WORK(&work->work, __smb2_lease_break_noti);

		ksmbd_queue_work(work);

		wait_for_break_ack(opinfo);