Re: [PATCH] cifs: fix use after free for iface while disabling secondary channels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tentatively merged into for-next pending testing

On Tue, Nov 21, 2023 at 7:44 AM Ritvik Budhiraja
<budhirajaritviksmb@xxxxxxxxx> wrote:
>
> We were deferencing iface after it has been released. Fix is to
> release after all dereference instances have been encountered.
>
> Signed-off-by: Ritvik Budhiraja <rbudhiraja@xxxxxxxxxxxxx>
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <error27@xxxxxxxxx>
> Closes: https://lore.kernel.org/r/202311110815.UJaeU3Tt-lkp@xxxxxxxxx/
> ---
>  fs/smb/client/sess.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
> index 8b2d7c1ca428..816e01c5589b 100644
> --- a/fs/smb/client/sess.c
> +++ b/fs/smb/client/sess.c
> @@ -332,10 +332,10 @@ cifs_disable_secondary_channels(struct cifs_ses *ses)
>
>                 if (iface) {
>                         spin_lock(&ses->iface_lock);
> -                       kref_put(&iface->refcount, release_iface);
>                         iface->num_channels--;
>                         if (iface->weight_fulfilled)
>                                 iface->weight_fulfilled--;
> +                       kref_put(&iface->refcount, release_iface);
>                         spin_unlock(&ses->iface_lock);
>                 }
>
> --
> 2.34.1
>


-- 
Thanks,

Steve
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux