ksmbd: conn lock to serialize smb2 negotiate

If client send parallel smb2 negotiate request on same connection,
ksmbd_conn can be racy. smb2 negotiate handling that are not
performance-related can be serialized with conn lock.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 803b35b89513e3127329499eb3869f0582f17c67..23e21845f9286c7a6843a72c7f96e419b7a0b718 100644 (file)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -1097,6 +1097,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
                return rc;
        }
 
+       ksmbd_conn_lock(conn);
        smb2_buf_len = get_rfc1002_len(work->request_buf);
        smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects);
        if (smb2_neg_size > smb2_buf_len) {
@@ -1247,6 +1248,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
        ksmbd_conn_set_need_negotiate(conn);
 
 err_out:
+       ksmbd_conn_unlock(conn);
        if (rc)
                rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;