The ksmbd_free_work_struct() frees "work" so we need to swap the order
of these two function calls to avoid a use after free.
Fixes: cabcebc31de4 ("cifsd: introduce SMB3 kernel server")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/cifsd/oplock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifsd/oplock.c b/fs/cifsd/oplock.c
index 6c3dbc71134e..f694c14be0df 100644
--- a/fs/cifsd/oplock.c
+++ b/fs/cifsd/oplock.c
@@ -638,8 +638,8 @@ static void __smb2_oplock_break_noti(struct work_struct *wk)
if (allocate_oplock_break_buf(work)) {
ksmbd_err("smb2_allocate_rsp_buf failed! ");
atomic_dec(&conn->r_count);
- ksmbd_free_work_struct(work);
ksmbd_fd_put(work, fp);
+ ksmbd_free_work_struct(work);
return;
}
--
2.30.2
