]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
ksmbd: track the connection owning a byte-range lock
authorNamjae Jeon <linkinjeon@kernel.org>
Mon, 15 Jun 2026 01:00:00 +0000 (10:00 +0900)
committerSteve French <stfrench@microsoft.com>
Tue, 23 Jun 2026 01:15:03 +0000 (20:15 -0500)
commitc1016dd1d8b2bcd1158bbaabe94a31bb7e7431fb
tree51c8c4228ec991cfe1787602475528bca0ffb400
parentdac3b26eae7bee261fa05f20c3fcc24988a7c233
ksmbd: track the connection owning a byte-range lock

SMB2_LOCK adds each granted byte-range lock to both the file lock list
and the lock list of the connection which handled the request.  The
final close and durable handle paths, however, remove the connection
list entry while holding fp->conn->llist_lock.

With SMB3 multichannel, the connection handling the LOCK request can be
different from the connection which opened the file.  The entry can
therefore be removed under a different spinlock from the one protecting
the list it belongs to.  A concurrent traversal can then access freed
struct ksmbd_lock and struct file_lock objects.

Record the connection owning each lock's clist entry and hold a
reference to it while the entry is linked.  Use that connection and its
llist_lock for unlock, rollback, close, and durable preserve.  Durable
reconnect assigns the new connection as the owner when publishing the
locks again.

Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel")
Cc: stable@vger.kernel.org
Reported-by: Musaab Khan <musaab.khan@protonmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/smb2pdu.c
fs/smb/server/vfs_cache.c
fs/smb/server/vfs_cache.h