On 06/06, Steve French wrote:
Merged into cifs-2.6.git for-next. Is this an easy repro scenario?
Not really. I'm still assessing the actual root cause, but the whole superblock got corrupted (my assumption so far is probably because of an umount + mount + restart of autofs with a very specific timing).
Shouldn't we Cc: stable or tag Fixes for 24a9799aa8ef smb: client: fix UAF in smb2_reconnect_server()
Ok.
On Thu, Jun 6, 2024 at 11:14 AM Enzo Matsumiya <ematsumiya@xxxxxxx> wrote:Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock. Signed-off-by: Enzo Matsumiya <ematsumiya@xxxxxxx> --- fs/smb/client/smb2transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c index 02135a605305..1476c445cadc 100644 --- a/fs/smb/client/smb2transport.c +++ b/fs/smb/client/smb2transport.c @@ -216,8 +216,8 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) } tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); if (!tcon) { - cifs_put_smb_ses(ses); spin_unlock(&cifs_tcp_ses_lock); + cifs_put_smb_ses(ses); return NULL; } spin_unlock(&cifs_tcp_ses_lock); -- 2.45.1-- Thanks, Steve
