ksmbd: limit repeated connections from clients with the same IP

commit e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 upstream.

Repeated connections from clients with the same IP address may exhaust
the max connections and prevent other normal client connections.
This patch limit repeated connections from clients with the same IP.

Reported-by: tianshuo han <hantianshuo233@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h
index 0e04cf8b1d896ab346834b94dd912c53c86c2b0f..0e72be594e910bf94d6a6338d65409180a8f94d6 100644 (file)
--- a/fs/smb/server/connection.h
+++ b/fs/smb/server/connection.h
@@ -45,6 +45,7 @@ struct ksmbd_conn {
        struct mutex                    srv_mutex;
        int                             status;
        unsigned int                    cli_cap;
+       __be32                          inet_addr;
        char                            *request_buf;
        struct ksmbd_transport          *transport;
        struct nls_table                *local_nls;

diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c
index 25f7c86ba9b984ab0f7215c315971d7c5e27ed1e..1222cf6be5efab04733daa9fb676ce056e0f169d 100644 (file)
--- a/fs/smb/server/transport_tcp.c
+++ b/fs/smb/server/transport_tcp.c
@@ -87,6 +87,7 @@ static struct tcp_transport *alloc_transport(struct socket *client_sk)
                return NULL;
        }
 
+       conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr;
        conn->transport = KSMBD_TRANS(t);
        KSMBD_TRANS(t)->conn = conn;
        KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
@@ -226,6 +227,8 @@ static int ksmbd_kthread_fn(void *p)
 {
        struct socket *client_sk = NULL;
        struct interface *iface = (struct interface *)p;
+       struct inet_sock *csk_inet;
+       struct ksmbd_conn *conn;
        int ret;
 
        while (!kthread_should_stop()) {
@@ -244,6 +247,20 @@ static int ksmbd_kthread_fn(void *p)
                        continue;
                }
 
+               /*
+                * Limits repeated connections from clients with the same IP.
+                */
+               csk_inet = inet_sk(client_sk->sk);
+               down_read(&conn_list_lock);
+               list_for_each_entry(conn, &conn_list, conns_list)
+                       if (csk_inet->inet_daddr == conn->inet_addr) {
+                               ret = -EAGAIN;
+                               break;
+                       }
+               up_read(&conn_list_lock);
+               if (ret == -EAGAIN)
+                       continue;
+
                if (server_conf.max_connections &&
                    atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
                        pr_info_ratelimited("Limit the maximum number of connections(%u)\n",