From 1dc10478d91b8b015aade54bac2e12c970a07c45 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Mon, 9 Dec 2024 22:45:33 +0900
Subject: [PATCH] ksmbd: conn lock to serialize smb2 negotiate

If client send parallel smb2 negotiate request on same connection,
ksmbd_conn can be racy. smb2 negotiate handling that are not
performance-related can be serialized with conn lock.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 smb2pdu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/smb2pdu.c b/smb2pdu.c
index 3e1c9307..0677cf72 100644
--- a/smb2pdu.c
+++ b/smb2pdu.c
@@ -1103,6 +1103,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
 		return rc;
 	}
 
+	ksmbd_conn_lock(conn);
 	smb2_buf_len = get_rfc1002_len(work->request_buf);
 	smb2_neg_size = offsetof(struct smb2_negotiate_req, Dialects);
 	if (smb2_neg_size > smb2_buf_len) {
@@ -1261,6 +1262,7 @@ int smb2_handle_negotiate(struct ksmbd_work *work)
 	ksmbd_conn_set_need_negotiate(conn);
 
 err_out:
+	ksmbd_conn_unlock(conn);
 	if (rc)
 		rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;