projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 21f7ce28 GKH |
1 | From e0e50401cc3921c9eaf1b0e667db174519ea939f Mon Sep 17 00:00:00 2001 |
| 2 | From: Paulo Alcantara <pc@manguebit.com> | |
| 3 | Date: Tue, 2 Apr 2024 16:34:04 -0300 | |
| 4 | Subject: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() | |
| 5 | ||
| 6 | From: Paulo Alcantara <pc@manguebit.com> | |
| 7 | ||
| 8 | commit e0e50401cc3921c9eaf1b0e667db174519ea939f upstream. | |
| 9 | ||
| 10 | Skip sessions that are being teared down (status == SES_EXITING) to | |
| 11 | avoid UAF. | |
| 12 | ||
| 13 | Cc: stable@vger.kernel.org | |
| 14 | Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com> | |
| 15 | Signed-off-by: Steve French <stfrench@microsoft.com> | |
| 16 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 17 | --- | |
| 18 | fs/smb/client/connect.c | 2 ++ | |
| 19 | 1 file changed, 2 insertions(+) | |
| 20 | ||
| 21 | --- a/fs/smb/client/connect.c | |
| 22 | +++ b/fs/smb/client/connect.c | |
| 23 | @@ -216,6 +216,8 @@ cifs_signal_cifsd_for_reconnect(struct T | |
| 24 | ||
| 25 | spin_lock(&cifs_tcp_ses_lock); | |
| 26 | list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { | |
| 27 | + if (cifs_ses_exiting(ses)) | |
| 28 | + continue; | |
| 29 | spin_lock(&ses->chan_lock); | |
| 30 | for (i = 0; i < ses->chan_count; i++) { | |
| 31 | spin_lock(&ses->chans[i].server->srv_lock); |