1 From ca545b7f0823f19db0f1148d59bc5e1a56634502 Mon Sep 17 00:00:00 2001
2 From: Paulo Alcantara <pc@manguebit.com>
3 Date: Tue, 2 Apr 2024 16:33:53 -0300
4 Subject: smb: client: fix potential UAF in cifs_debug_files_proc_show()
6 From: Paulo Alcantara <pc@manguebit.com>
8 commit ca545b7f0823f19db0f1148d59bc5e1a56634502 upstream.
10 Skip sessions that are being teared down (status == SES_EXITING) to
13 Cc: stable@vger.kernel.org
14 Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
15 Signed-off-by: Steve French <stfrench@microsoft.com>
16 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
18 fs/smb/client/cifs_debug.c | 2 ++
19 fs/smb/client/cifsglob.h | 10 ++++++++++
20 2 files changed, 12 insertions(+)
22 --- a/fs/smb/client/cifs_debug.c
23 +++ b/fs/smb/client/cifs_debug.c
24 @@ -250,6 +250,8 @@ static int cifs_debug_files_proc_show(st
25 spin_lock(&cifs_tcp_ses_lock);
26 list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
27 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
28 + if (cifs_ses_exiting(ses))
30 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
31 spin_lock(&tcon->open_file_lock);
32 list_for_each_entry(cfile, &tcon->openFileList, tlist) {
33 --- a/fs/smb/client/cifsglob.h
34 +++ b/fs/smb/client/cifsglob.h
35 @@ -2281,4 +2281,14 @@ struct smb2_compound_vars {
36 struct smb2_file_link_info link_info;
39 +static inline bool cifs_ses_exiting(struct cifs_ses *ses)
43 + spin_lock(&ses->ses_lock);
44 + ret = ses->ses_status == SES_EXITING;
45 + spin_unlock(&ses->ses_lock);
49 #endif /* _CIFS_GLOB_H */
projects / thirdparty / kernel / stable-queue.git / blob