ksmbd: add max ip connections parameter

[ Upstream commit d8b6dc9256762293048bf122fc11c4e612d0ef5d ]

This parameter set the maximum number of connections per ip address.
The default is 8.

Cc: stable@vger.kernel.org
Fixes: c0d41112f1a5 ("ksmbd: extend the connection limiting mechanism to support IPv6")
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
[ adjust reserved room ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/smb/server/ksmbd_netlink.h b/fs/smb/server/ksmbd_netlink.h
index 4464a62228cf335855fd733aebd7e47ea5266f4d..d3c0b985eb8c15f2b133aaa33b6f3edfc6574d7c 100644 (file)
--- a/fs/smb/server/ksmbd_netlink.h
+++ b/fs/smb/server/ksmbd_netlink.h
@@ -107,10 +107,11 @@ struct ksmbd_startup_request {
        __u32   smb2_max_credits;       /* MAX credits */
        __u32   smbd_max_io_size;       /* smbd read write size */
        __u32   max_connections;        /* Number of maximum simultaneous connections */
-       __u32   reserved[126];          /* Reserved room */
+       __u32   max_ip_connections;     /* Number of maximum connection per ip address */
+       __u32   reserved[125];          /* Reserved room */
        __u32   ifc_list_sz;            /* interfaces list size */
        __s8    ____payload[];
-};
+} __packed;
 
 #define KSMBD_STARTUP_CONFIG_INTERFACES(s)     ((s)->____payload)
 

diff --git a/fs/smb/server/server.h b/fs/smb/server/server.h
index db727818176038e23d8e1ed8025606501feabc64..2cb1b855a39e2ee7a9884ecba1746149ba7f1225 100644 (file)
--- a/fs/smb/server/server.h
+++ b/fs/smb/server/server.h
@@ -42,6 +42,7 @@ struct ksmbd_server_config {
        struct smb_sid          domain_sid;
        unsigned int            auth_mechs;
        unsigned int            max_connections;
+       unsigned int            max_ip_connections;
 
        char                    *conf[SERVER_CONF_WORK_GROUP + 1];
 };

diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c
index 7fc4b33b89e360cbf34e41c2149b3d6b11360b5e..3ca820d0b8d62ce7b500bbf9f9a0e72a5f624ef0 100644 (file)
--- a/fs/smb/server/transport_ipc.c
+++ b/fs/smb/server/transport_ipc.c
@@ -318,6 +318,9 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req)
        if (req->max_connections)
                server_conf.max_connections = req->max_connections;
 
+       if (req->max_ip_connections)
+               server_conf.max_ip_connections = req->max_ip_connections;
+
        ret = ksmbd_set_netbios_name(req->netbios_name);
        ret |= ksmbd_set_server_string(req->server_string);
        ret |= ksmbd_set_work_group(req->work_group);

diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c
index a4e7d1a5d64d73acc487fa686d3689c66ef26220..4ef032e737f37cfcfa2b1118c7d99eab9c7fbaa5 100644 (file)
--- a/fs/smb/server/transport_tcp.c
+++ b/fs/smb/server/transport_tcp.c
@@ -236,6 +236,7 @@ static int ksmbd_kthread_fn(void *p)
        struct interface *iface = (struct interface *)p;
        struct ksmbd_conn *conn;
        int ret;
+       unsigned int max_ip_conns;
 
        while (!kthread_should_stop()) {
                mutex_lock(&iface->sock_release_lock);
@@ -253,34 +254,38 @@ static int ksmbd_kthread_fn(void *p)
                        continue;
                }
 
+               if (!server_conf.max_ip_connections)
+                       goto skip_max_ip_conns_limit;
+
                /*
                 * Limits repeated connections from clients with the same IP.
                 */
+               max_ip_conns = 0;
                down_read(&conn_list_lock);
-               list_for_each_entry(conn, &conn_list, conns_list)
+               list_for_each_entry(conn, &conn_list, conns_list) {
 #if IS_ENABLED(CONFIG_IPV6)
                        if (client_sk->sk->sk_family == AF_INET6) {
                                if (memcmp(&client_sk->sk->sk_v6_daddr,
-                                          &conn->inet6_addr, 16) == 0) {
-                                       ret = -EAGAIN;
-                                       break;
-                               }
+                                          &conn->inet6_addr, 16) == 0)
+                                       max_ip_conns++;
                        } else if (inet_sk(client_sk->sk)->inet_daddr ==
-                                conn->inet_addr) {
-                               ret = -EAGAIN;
-                               break;
-                       }
+                                conn->inet_addr)
+                               max_ip_conns++;
 #else
                        if (inet_sk(client_sk->sk)->inet_daddr ==
-                           conn->inet_addr) {
+                           conn->inet_addr)
+                               max_ip_conns++;
+#endif
+                       if (server_conf.max_ip_connections <= max_ip_conns) {
                                ret = -EAGAIN;
                                break;
                        }
-#endif
+               }
                up_read(&conn_list_lock);
                if (ret == -EAGAIN)
                        continue;
 
+skip_max_ip_conns_limit:
                if (server_conf.max_connections &&
                    atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
                        pr_info_ratelimited("Limit the maximum number of connections(%u)\n",