cifsd: fix list_add double add BUG_ON trap in setup_async_work()
BUG_ON trap is coming when running xfstests generic/591 and
smb2 leases = yes in smb.conf.
[ 597.224978] list_add double add: new=ffff9110d292bb20,
prev=ffff9110d292bb20, next=ffff9110d6c389e8.
[ 597.225073] ------------[ cut here ]------------
[ 597.225077] kernel BUG at lib/list_debug.c:31!
[ 597.225090] invalid opcode: 0000 [#1] SMP PTI
[ 597.225095] CPU: 2 PID: 501 Comm: kworker/2:3 Tainted: G OE
5.13.0-rc1+ #2
[ 597.225099] Hardware name: SAMSUNG ELECTRONICS CO., LTD. Samsung
DeskTop System/SAMSUNG_DT1234567890, BIOS P04KBM.022.121023.SK
10/23/2012
[ 597.225102] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
[ 597.225125] RIP: 0010:__list_add_valid+0x66/0x70
[ 597.225132] Code: 0b 48 89 c1 4c 89 c6 48 c7 c7 c8 08 c0 95 e8 fd 54
66 00 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 20 09 c0 95 e8 e6 54 66
00 <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 8b 07 48 b9 00 01 00 00 00 00
[ 597.225136] RSP: 0018:ffffb9c9408dbac0 EFLAGS: 00010282
[ 597.225139] RAX: 0000000000000058 RBX: ffff9110d292ba40 RCX:
0000000000000000
[ 597.225142] RDX: 0000000000000000 RSI: ffff9111da328c30 RDI:
ffff9111da328c30
[ 597.225144] RBP: ffffb9c9408dbac0 R08: 0000000000000001 R09:
0000000000000001
[ 597.225147] R10: 0000000003dd35ed R11: ffffb9c9408db888 R12:
ffff9110d6c38998
[ 597.225149] R13: ffff9110d6c38800 R14: ffff9110d292bb20 R15:
ffff9110d292bb20
[ 597.225152] FS: 0000000000000000(0000) GS:ffff9111da300000(0000)
knlGS:0000000000000000
[ 597.225155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 597.225157] CR2: 00007fd1629f84d0 CR3: 00000000c9a12006 CR4:
00000000001706e0
[ 597.225160] Call Trace:
[ 597.225163] setup_async_work+0xa2/0x120 [ksmbd]
[ 597.225191] oplock_break+0x396/0x5d0 [ksmbd]
[ 597.225206] smb_grant_oplock+0x7a1/0x900 [ksmbd]
[ 597.225218] ? smb_grant_oplock+0x7a1/0x900 [ksmbd]
[ 597.225231] smb2_open+0xbbb/0x2960 [ksmbd]
[ 597.225243] ? smb2_open+0xbbb/0x2960 [ksmbd]
[ 597.225257] ? find_held_lock+0x35/0xa0
[ 597.225261] ? xa_load+0xaf/0x160
[ 597.225268] handle_ksmbd_work+0x2e0/0x420 [ksmbd]
[ 597.225280] ? handle_ksmbd_work+0x2e0/0x420 [ksmbd]
[ 597.225292] process_one_work+0x25a/0x5d0
[ 597.225298] worker_thread+0x3f/0x3a0
[ 597.225302] ? __kthread_parkme+0x6f/0xa0
[ 597.225306] ? process_one_work+0x5d0/0x5d0
[ 597.225309] kthread+0x142/0x160
[ 597.225313] ? kthread_park+0x90/0x90
[ 597.225316] ret_from_fork+0x22/0x30
same work struct can be add to list in smb_break_all_write_oplock() and
smb_grant_oplock(). If client send invalid lease break ack to server,
This issue can occur by calling both functions.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
diff --git a/fs/cifsd/smb2pdu.c b/fs/cifsd/smb2pdu.c
index 3e112fb..5b92e00 100644
--- a/fs/cifsd/smb2pdu.c
+++ b/fs/cifsd/smb2pdu.c
@@ -690,9 +690,11 @@ int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg)
work->cancel_fn = fn;
work->cancel_argv = arg;
- spin_lock(&conn->request_lock);
- list_add_tail(&work->async_request_entry, &conn->async_requests);
- spin_unlock(&conn->request_lock);
+ if (list_empty(&work->async_request_entry)) {
+ spin_lock(&conn->request_lock);
+ list_add_tail(&work->async_request_entry, &conn->async_requests);
+ spin_unlock(&conn->request_lock);
+ }
return 0;
}