Commit f5c4ba81 authored by Shu Wang's avatar Shu Wang Committed by Steve French
Browse files

cifs: release auth_key.response for reconnect. 



There is a race that cause cifs reconnect in cifs_mount,
- cifs_mount
  - cifs_get_tcp_session
    - [ start thread cifs_demultiplex_thread
      - cifs_read_from_socket: -ECONNABORTED
        - DELAY_WORK smb2_reconnect_server ]
  - cifs_setup_session
  - [ smb2_reconnect_server ]

auth_key.response was allocated in cifs_setup_session, and
will release when the session destoried. So when session re-
connect, auth_key.response should be check and released.

Tested with my system:
CIFS VFS: Free previous auth_key.response = ffff8800320bbf80

A simple auth_key.response allocation call trace:
- cifs_setup_session
- SMB2_sess_setup
- SMB2_sess_auth_rawntlmssp_authenticate
- build_ntlmssp_auth_blob
- setup_ntlmv2_rsp

Signed-off-by: default avatarShu Wang <shuwang@redhat.com>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
parent 94183331

fs/cifs/connect.c

+8 −0
Original line number Diff line number Diff line
@@ -4154,6 +4154,14 @@ cifs_setup_session(const unsigned int xid, struct cifs_ses *ses, 
	cifs_dbg(FYI, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d\n",

		 server->sec_mode, server->capabilities, server->timeAdj);



	if (ses->auth_key.response) {

		cifs_dbg(VFS, "Free previous auth_key.response = %p\n",

			 ses->auth_key.response);

		kfree(ses->auth_key.response);

		ses->auth_key.response = NULL;

		ses->auth_key.len = 0;

	}



	if (server->ops->sess_setup)

		rc = server->ops->sess_setup(xid, ses, nls_info);

CRA Git | Maintained and supported by SUSTech CRA and CCSE