This is a note to let you know that I've just added the patch titled ksmbd: fix potential circular locking issue in smb2_set_ea() to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ksmbd-fix-potential-circular-locking-issue-in-smb2_set_ea.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From stable+bounces-15500-greg=kroah.com@xxxxxxxxxxxxxxx Tue Jan 23 03:39:52 2024 From: Namjae Jeon <linkinjeon@xxxxxxxxxx> Date: Tue, 23 Jan 2024 20:38:51 +0900 Subject: ksmbd: fix potential circular locking issue in smb2_set_ea() To: gregkh@xxxxxxxxxxxxxxxxxxx, sashal@xxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx, Namjae Jeon <linkinjeon@xxxxxxxxxx>, Steve French <stfrench@xxxxxxxxxxxxx> Message-ID: <20240123113854.194887-3-linkinjeon@xxxxxxxxxx> From: Namjae Jeon <linkinjeon@xxxxxxxxxx> [ Upstream commit 6fc0a265e1b932e5e97a038f99e29400a93baad0 ] smb2_set_ea() can be called in parent inode lock range. So add get_write argument to smb2_set_ea() not to call nested mnt_want_write(). Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/smb/server/smb2pdu.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2321,11 +2321,12 @@ out: * @eabuf: set info command buffer * @buf_len: set info command buffer length * @path: dentry path for get ea + * @get_write: get write access to a mount * * Return: 0 on success, otherwise error */ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, - const struct path *path) + const struct path *path, bool get_write) { struct user_namespace *user_ns = mnt_user_ns(path->mnt); char *attr_name = NULL, *value; @@ -3013,7 +3014,7 @@ int smb2_open(struct ksmbd_work *work) rc = smb2_set_ea(&ea_buf->ea, le32_to_cpu(ea_buf->ccontext.DataLength), - &path); + &path, false); if (rc == -EOPNOTSUPP) rc = 0; else if (rc) @@ -5990,7 +5991,7 @@ static int smb2_set_info_file(struct ksm return -EINVAL; return smb2_set_ea((struct smb2_ea_info *)req->Buffer, - buf_len, &fp->filp->f_path); + buf_len, &fp->filp->f_path, true); } case FILE_POSITION_INFORMATION: { Patches currently in stable-queue which might be from kroah.com@xxxxxxxxxxxxxxx are queue-6.1/ksmbd-send-lease-break-notification-on-file_rename_information.patch queue-6.1/ksmbd-fix-potential-circular-locking-issue-in-smb2_set_ea.patch queue-6.1/ksmbd-add-missing-set_freezable-for-freezable-kthread.patch queue-6.1/ksmbd-set-v2-lease-version-on-lease-upgrade.patch queue-6.1/ksmbd-don-t-increment-epoch-if-current-state-and-request-state-are-same.patch