]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e2bb41)
ksmbd: fix broken transfers when exceeding max simultaneous operations
authorMarios Makassikis <mmakassikis@freebox.fr>
Sat, 14 Dec 2024 03:17:23 +0000 (12:17 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 27 Dec 2024 13:02:03 +0000 (14:02 +0100)
[ Upstream commit 43fb7bce8866e793275c4f9f25af6a37745f3416 ]

Since commit 0a77d947f599 ("ksmbd: check outstanding simultaneous SMB
operations"), ksmbd enforces a maximum number of simultaneous operations
for a connection. The problem is that reaching the limit causes ksmbd to
close the socket, and the client has no indication that it should have
slowed down.

This behaviour can be reproduced by setting "smb2 max credits = 128" (or
lower), and transferring a large file (25GB).

smbclient fails as below:

  $ smbclient //192.168.1.254/testshare -U user%pass
  smb: \> put file.bin
  cli_push returned NT_STATUS_USER_SESSION_DELETED
  putting file file.bin as \file.bin smb2cli_req_compound_submit:
  Insufficient credits. 0 available, 1 needed
  NT_STATUS_INTERNAL_ERROR closing remote file \file.bin
  smb: \> smb2cli_req_compound_submit: Insufficient credits. 0 available,
  1 needed

Windows clients fail with 0x8007003b (with smaller files even).

Fix this by delaying reading from the socket until there's room to
allocate a request. This effectively applies backpressure on the client,
so the transfer completes, albeit at a slower rate.

Fixes: 0a77d947f599 ("ksmbd: check outstanding simultaneous SMB operations")
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/smb/server/connection.c patch | blob | blame | history
fs/smb/server/connection.h patch | blob | blame | history
fs/smb/server/server.c patch | blob | blame | history
fs/smb/server/server.h patch | blob | blame | history
fs/smb/server/transport_ipc.c patch | blob | blame | history

diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c
index 3980645085ed0364c3e895cf57d4ec89b37cecd4..bf45822db5d589742d81c2d2c5d913593c2a1c02 100644 (file)
--- a/fs/smb/server/connection.c
+++ b/fs/smb/server/connection.c
@@ -70,7 +70,6 @@ struct ksmbd_conn *ksmbd_conn_alloc(void)
        atomic_set(&conn->req_running, 0);
        atomic_set(&conn->r_count, 0);
        atomic_set(&conn->refcnt, 1);
-       atomic_set(&conn->mux_smb_requests, 0);
        conn->total_credits = 1;
        conn->outstanding_credits = 0;
 
@@ -133,6 +132,8 @@ void ksmbd_conn_try_dequeue_request(struct ksmbd_work *work)
        struct ksmbd_conn *conn = work->conn;
 
        atomic_dec(&conn->req_running);
+       if (waitqueue_active(&conn->req_running_q))
+               wake_up(&conn->req_running_q);
 
        if (list_empty(&work->request_entry) &&
            list_empty(&work->async_request_entry))
@@ -309,7 +310,7 @@ int ksmbd_conn_handler_loop(void *p)
 {
        struct ksmbd_conn *conn = (struct ksmbd_conn *)p;
        struct ksmbd_transport *t = conn->transport;
-       unsigned int pdu_size, max_allowed_pdu_size;
+       unsigned int pdu_size, max_allowed_pdu_size, max_req;
        char hdr_buf[4] = {0,};
        int size;
 
@@ -319,6 +320,7 @@ int ksmbd_conn_handler_loop(void *p)
        if (t->ops->prepare && t->ops->prepare(t))
                goto out;
 
+       max_req = server_conf.max_inflight_req;
        conn->last_active = jiffies;
        set_freezable();
        while (ksmbd_conn_alive(conn)) {
@@ -328,6 +330,13 @@ int ksmbd_conn_handler_loop(void *p)
                kvfree(conn->request_buf);
                conn->request_buf = NULL;
 
+recheck:
+               if (atomic_read(&conn->req_running) + 1 > max_req) {
+                       wait_event_interruptible(conn->req_running_q,
+                               atomic_read(&conn->req_running) < max_req);
+                       goto recheck;
+               }
+
                size = t->ops->read(t, hdr_buf, sizeof(hdr_buf), -1);
                if (size != sizeof(hdr_buf))
                        break;
diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h
index 8ddd5a3c7bafb669c10aeebb5ae43401a3f1fb1d..b379ae4fdcdffa98bfe854b77c64423ad943c3b0 100644 (file)
--- a/fs/smb/server/connection.h
+++ b/fs/smb/server/connection.h
@@ -107,7 +107,6 @@ struct ksmbd_conn {
        __le16                          signing_algorithm;
        bool                            binding;
        atomic_t                        refcnt;
-       atomic_t                        mux_smb_requests;
 };
 
 struct ksmbd_conn_ops {
diff --git a/fs/smb/server/server.c b/fs/smb/server/server.c
index 698af37e988d7bf8c666510af07f78844c552df5..d146b0e7c3a9ddfc45836667bd483550d4c0e7a0 100644 (file)
--- a/fs/smb/server/server.c
+++ b/fs/smb/server/server.c
@@ -270,7 +270,6 @@ static void handle_ksmbd_work(struct work_struct *wk)
 
        ksmbd_conn_try_dequeue_request(work);
        ksmbd_free_work_struct(work);
-       atomic_dec(&conn->mux_smb_requests);
        /*
         * Checking waitqueue to dropping pending requests on
         * disconnection. waitqueue_active is safe because it
@@ -300,11 +299,6 @@ static int queue_ksmbd_work(struct ksmbd_conn *conn)
        if (err)
                return 0;
 
-       if (atomic_inc_return(&conn->mux_smb_requests) >= conn->vals->max_credits) {
-               atomic_dec_return(&conn->mux_smb_requests);
-               return -ENOSPC;
-       }
-
        work = ksmbd_alloc_work_struct();
        if (!work) {
                pr_err("allocation for work failed\n");
@@ -367,6 +361,7 @@ static int server_conf_init(void)
        server_conf.auth_mechs |= KSMBD_AUTH_KRB5 |
                                KSMBD_AUTH_MSKRB5;
 #endif
+       server_conf.max_inflight_req = SMB2_MAX_CREDITS;
        return 0;
 }
 
diff --git a/fs/smb/server/server.h b/fs/smb/server/server.h
index 4fc529335271f7eac52c93e3978e9e259b9e6d82..94187628ff089fe3b272db72077c51f4bdac64f6 100644 (file)
--- a/fs/smb/server/server.h
+++ b/fs/smb/server/server.h
@@ -42,6 +42,7 @@ struct ksmbd_server_config {
        struct smb_sid          domain_sid;
        unsigned int            auth_mechs;
        unsigned int            max_connections;
+       unsigned int            max_inflight_req;
 
        char                    *conf[SERVER_CONF_WORK_GROUP + 1];
        struct task_struct      *dh_task;
diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c
index 2f27afb695f62e5f081356139fb9968a73648dc0..6de351cc2b60e01d14910b252cce1d327ab1ec9f 100644 (file)
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -319,8 +319,11 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req)
                init_smb2_max_write_size(req->smb2_max_write);
        if (req->smb2_max_trans)
                init_smb2_max_trans_size(req->smb2_max_trans);
-       if (req->smb2_max_credits)
+       if (req->smb2_max_credits) {
                init_smb2_max_credits(req->smb2_max_credits);
+               server_conf.max_inflight_req =
+                       req->smb2_max_credits;
+       }
        if (req->smbd_max_io_size)
                init_smbd_max_io_size(req->smbd_max_io_size);
 
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git