git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Tue, 8 Oct 2024 13:42:57 +0000 (22:42 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 8 Nov 2024 15:25:51 +0000 (16:25 +0100)
commit	0f62358ce85b2d4c949ef1b648be01b29cec667a
tree	665587578a95531c3bcae28ef1d1ee12d02f7c1b	tree
parent	7bed977305af864fbfcf23f91ed716c353a144ef	commit \| diff

ksmbd: fix user-after-free from session log off

[ Upstream commit 7aa8804c0b67b3cb263a472d17f2cb50d7f1a930 ]

There is racy issue between smb2 session log off and smb2 session setup.
It will cause user-after-free from session log off.
This add session_lock when setting SMB2_SESSION_EXPIRED and referece
count to session struct not to free session while it is being used.

Cc: stable@vger.kernel.org # v5.15+
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-25282
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/ksmbd/mgmt/user_session.c		diff \| blob \| blame \| history
fs/ksmbd/mgmt/user_session.h		diff \| blob \| blame \| history
fs/ksmbd/server.c		diff \| blob \| blame \| history
fs/ksmbd/smb2pdu.c		diff \| blob \| blame \| history