Patch "cifs: prevent infinite recursion in CIFSGetDFSRefer()" has been added to the 5.15-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 03 Apr 2023 10:12:25 +0200

This is a note to let you know that I've just added the patch titled

    cifs: prevent infinite recursion in CIFSGetDFSRefer()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     cifs-prevent-infinite-recursion-in-cifsgetdfsrefer.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 09ba47b44d26b475bbdf9c80db9e0193d2b58956 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@xxxxxxxxxxxxx>
Date: Wed, 29 Mar 2023 17:14:22 -0300
Subject: cifs: prevent infinite recursion in CIFSGetDFSRefer()

From: Paulo Alcantara <pc@xxxxxxxxxxxxx>

commit 09ba47b44d26b475bbdf9c80db9e0193d2b58956 upstream.

We can't call smb_init() in CIFSGetDFSRefer() as cifs_reconnect_tcon()
may end up calling CIFSGetDFSRefer() again to get new DFS referrals
and thus causing an infinite recursion.

Signed-off-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx>
Reviewed-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx # 6.2
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/cifs/cifssmb.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -4751,8 +4751,13 @@ CIFSGetDFSRefer(const unsigned int xid,
 		return -ENODEV;
 
 getDFSRetry:
-	rc = smb_init(SMB_COM_TRANSACTION2, 15, ses->tcon_ipc, (void **) &pSMB,
-		      (void **) &pSMBr);
+	/*
+	 * Use smb_init_no_reconnect() instead of smb_init() as
+	 * CIFSGetDFSRefer() may be called from cifs_reconnect_tcon() and thus
+	 * causing an infinite recursion.
+	 */
+	rc = smb_init_no_reconnect(SMB_COM_TRANSACTION2, 15, ses->tcon_ipc,
+				   (void **)&pSMB, (void **)&pSMBr);
 	if (rc)
 		return rc;
 


Patches currently in stable-queue which might be from pc@xxxxxxxxxxxxx are

queue-5.15/cifs-prevent-infinite-recursion-in-cifsgetdfsrefer.patch
queue-5.15/cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch






