Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ksmbd: fix recursive locking in RPC handle list access[EOL][EOL]Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list[EOL]access"), ksmbd_session_rpc_method() attempts to lock sess->rpc_lock.[EOL][EOL]This causes hung connections / tasks when a client attempts to open[EOL]a named pipe. Using Samba's rpcclient tool:[EOL][EOL] $ rpcclient //192.168.1.254 -U user%password[EOL] $ rpcclient $> srvinfo[EOL] <connection hung here>[EOL][EOL]Kernel side:[EOL]  "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.[EOL]  task:kworker/0:0 state:D stack:0 pid:5021 tgid:5021 ppid:2 flags:0x00200000[EOL]  Workqueue: ksmbd-io handle_ksmbd_work[EOL]  Call trace:[EOL]  __schedule from schedule+0x3c/0x58[EOL]  schedule from schedule_preempt_disabled+0xc/0x10[EOL]  schedule_preempt_disabled from rwsem_down_read_slowpath+0x1b0/0x1d8[EOL]  rwsem_down_read_slowpath from down_read+0x28/0x30[EOL]  down_read from ksmbd_session_rpc_method+0x18/0x3c[EOL]  ksmbd_session_rpc_method from ksmbd_rpc_open+0x34/0x68[EOL]  ksmbd_rpc_open from ksmbd_session_rpc_open+0x194/0x228[EOL]  ksmbd_session_rpc_open from create_smb2_pipe+0x8c/0x2c8[EOL]  create_smb2_pipe from smb2_open+0x10c/0x27ac[EOL]  smb2_open from handle_ksmbd_work+0x238/0x3dc[EOL]  handle_ksmbd_work from process_scheduled_works+0x160/0x25c[EOL]  process_scheduled_works from worker_thread+0x16c/0x1e8[EOL]  worker_thread from kthread+0xa8/0xb8[EOL]  kthread from ret_from_fork+0x14/0x38[EOL]  Exception stack(0x8529ffb0 to 0x8529fff8)[EOL][EOL]The task deadlocks because the lock is already held:[EOL]  ksmbd_session_rpc_open[EOL]    down_write(&sess->rpc_lock)[EOL]    ksmbd_rpc_open[EOL]      ksmbd_session_rpc_method[EOL]        down_read(&sess->rpc_lock)   <-- deadlock[EOL][EOL]Adjust ksmbd_session_rpc_method() callers to take the lock when necessary.