Merged into cifs-2.6.git for-next. Is this an easy repro scenario?
Shouldn't we Cc: stable or tag Fixes for 24a9799aa8ef smb: client: fix
UAF in smb2_reconnect_server()
On Thu, Jun 6, 2024 at 11:14 AM Enzo Matsumiya <ematsumiya@xxxxxxx> wrote:
>
> Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such
> deadlock.
>
> Signed-off-by: Enzo Matsumiya <ematsumiya@xxxxxxx>
> ---
> fs/smb/client/smb2transport.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
> index 02135a605305..1476c445cadc 100644
> --- a/fs/smb/client/smb2transport.c
> +++ b/fs/smb/client/smb2transport.c
> @@ -216,8 +216,8 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
> }
> tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
> if (!tcon) {
> - cifs_put_smb_ses(ses);
> spin_unlock(&cifs_tcp_ses_lock);
> + cifs_put_smb_ses(ses);
> return NULL;
> }
> spin_unlock(&cifs_tcp_ses_lock);
> --
> 2.45.1
>
--
Thanks,
Steve
