From baf4f666cebbd08929832626073b2c3c507212d8 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 22 Apr 2025 12:29:37 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
---
 queue-5.10/series                             |  1 +
 ...otential-uaf-in-cifs_stats_proc_show.patch | 38 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 queue-5.10/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch

diff --git a/queue-5.10/series b/queue-5.10/series
index 32fd358329..e195712bf0 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -160,3 +160,4 @@ smb-client-fix-potential-uaf-in-cifs_debug_files_proc_show.patch
 smb-client-fix-use-after-free-bug-in-cifs_debug_data_proc_show.patch
 cifs-fix-uaf-in-cifs_demultiplex_thread.patch
 smb-client-fix-potential-deadlock-when-releasing-mids.patch
+smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
diff --git a/queue-5.10/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch b/queue-5.10/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
new file mode 100644
index 0000000000..748fba7614
--- /dev/null
+++ b/queue-5.10/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
@@ -0,0 +1,38 @@
+From 0865ffefea197b437ba78b5dd8d8e256253efd65 Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <pc@manguebit.com>
+Date: Tue, 2 Apr 2024 16:33:56 -0300
+Subject: smb: client: fix potential UAF in cifs_stats_proc_show()
+
+From: Paulo Alcantara <pc@manguebit.com>
+
+commit 0865ffefea197b437ba78b5dd8d8e256253efd65 upstream.
+
+Skip sessions that are being teared down (status == SES_EXITING) to
+avoid UAF.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+[ cifs_debug.c was moved from fs/cifs to fs/smb/client since
+  38c8a9a52082 ("smb: move client and server files to common directory fs/smb").
+  The cifs_ses_exiting() was introduced to cifs_debug.c since
+  ca545b7f0823 ("smb: client: fix potential UAF in cifs_debug_files_proc_show()")
+  which has been sent to upstream already. ]
+Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/cifs_debug.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/cifs/cifs_debug.c
++++ b/fs/cifs/cifs_debug.c
+@@ -595,6 +595,8 @@ static int cifs_stats_proc_show(struct s
+ 		list_for_each(tmp2, &server->smb_ses_list) {
+ 			ses = list_entry(tmp2, struct cifs_ses,
+ 					 smb_ses_list);
++			if (cifs_ses_exiting(ses))
++				continue;
+ 			list_for_each(tmp3, &ses->tcon_list) {
+ 				tcon = list_entry(tmp3,
+ 						  struct cifs_tcon,
-- 
2.47.3