git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Mon, 2 Feb 2026 03:15:50 +0000 (11:15 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 6 Feb 2026 15:44:24 +0000 (16:44 +0100)
commit	a4348710a7267705b75692dc1a000920481d1d92
tree	8da667c6174c01e38ffdd34a9532c432e80639c7	tree \| snapshot
parent	4506bcaabe004d07be8ff09116a3024fbd6aa965	commit \| diff

ksmbd: fix use-after-free in ksmbd_session_rpc_open

[ Upstream commit a1f46c99d9ea411f9bf30025b912d881d36fc709 ]

A UAF issue can occur due to a race condition between
ksmbd_session_rpc_open() and __session_rpc_close().
Add rpc_lock to the session to protect it.

Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
[ KSMBD_DEFAULT_GFP is introduced by commit 0066f623bce8 ("ksmbd: use __GFP_RETRY_MAYFAIL")
after linux-6.13. Here we still use GFP_KERNEL. ]
Signed-off-by: Li hongliang <1468888505@139.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/server/mgmt/user_session.c		diff \| blob \| blame \| history
fs/smb/server/mgmt/user_session.h		diff \| blob \| blame \| history