[linux-cifs-client] [PATCH 0/2] cifs: fix deadlocks, oopses and mem corruption with concurrent mount/umount

[Jeff Layton]

We had a bug report recently from a user who saw some deadlocks due to
racing concurrent mounts and unmounts to the same servers:

https://bugzilla.samba.org/show_bug.cgi?id=5720

The reporter for that bug helpfully posted a couple of scripts that when
run concurrently, reproduce the problem.

A month or so ago, I posted a patch to get eliminate kthread_stop usage
with cifsd. While this works around the deadlock, it exposes some really
nasty race conditions in the way that sockets, servers, session and tcon
structs are shared between mounts.

I've spent the last few days going over the code to see if the races can
be fixed. I've come away convinced however that it's going to require
some a fairly major overhaul of the code that manages the sharing of
these data structures, plus the code that handles reconnections.

I've added some details about the races to the BZ above. For now, I
think the best thing is to apply the following two patches that
eliminate the sharing of these data structures. This does mean that each
mount will be completely independent of the others. A little more memory
and socket usage for mounts to the same servers, but I think that's a
worthwhile tradeoff to avoid oopses and potential memory corruption.

Once the sharing of these structures is disabled, we can consider
putting the sharing code back in piecemeal and make sure that it's race
free.

With the two patches below, I was able to run the reproducer from
that BZ overnight and not see any oopses. Without these patches, I can
make the kernel oops within a few minutes, particularly if memory
poisoning is enabled.

Signed-off-by: Jeff Layton <jlayton at redhat.com>

Jeff Layton (2):
  cifs: disable sharing of server, session and tcon
  cifs: eliminate usage of kthread_stop for cifsd

 fs/cifs/connect.c |   56 ++++++++++++++++++++++++----------------------------
 1 files changed, 26 insertions(+), 30 deletions(-)