This is a note to let you know that I've just added the patch titled
smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
smb-client-serialise-cifs_construct_tcon-with-cifs_mount_mutex.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 93cee45ccfebc62a3bb4cd622b89e00c8c7d8493 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@xxxxxxxxxxxxx>
Date: Mon, 1 Apr 2024 22:44:09 -0300
Subject: smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex
From: Paulo Alcantara <pc@xxxxxxxxxxxxx>
commit 93cee45ccfebc62a3bb4cd622b89e00c8c7d8493 upstream.
Serialise cifs_construct_tcon() with cifs_mount_mutex to handle
parallel mounts that may end up reusing the session and tcon created
by it.
Cc: stable@xxxxxxxxxxxxxxx # 6.4+
Signed-off-by: Paulo Alcantara (Red Hat) <pc@xxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/smb/client/connect.c | 13 ++++++++++++-
fs/smb/client/fs_context.c | 6 +++---
fs/smb/client/fs_context.h | 12 ++++++++++++
3 files changed, 27 insertions(+), 4 deletions(-)
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -3981,7 +3981,7 @@ cifs_set_vol_auth(struct smb3_fs_context
}
static struct cifs_tcon *
-cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
+__cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
{
int rc;
struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb);
@@ -4079,6 +4079,17 @@ out:
return tcon;
}
+static struct cifs_tcon *
+cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
+{
+ struct cifs_tcon *ret;
+
+ cifs_mount_lock();
+ ret = __cifs_construct_tcon(cifs_sb, fsuid);
+ cifs_mount_unlock();
+ return ret;
+}
+
struct cifs_tcon *
cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
{
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -37,7 +37,7 @@
#include "rfc1002pdu.h"
#include "fs_context.h"
-static DEFINE_MUTEX(cifs_mount_mutex);
+DEFINE_MUTEX(cifs_mount_mutex);
static const match_table_t cifs_smb_version_tokens = {
{ Smb_1, SMB1_VERSION_STRING },
@@ -752,9 +752,9 @@ static int smb3_get_tree(struct fs_conte
if (err)
return err;
- mutex_lock(&cifs_mount_mutex);
+ cifs_mount_lock();
ret = smb3_get_tree_common(fc);
- mutex_unlock(&cifs_mount_mutex);
+ cifs_mount_unlock();
return ret;
}
--- a/fs/smb/client/fs_context.h
+++ b/fs/smb/client/fs_context.h
@@ -293,4 +293,16 @@ extern void smb3_update_mnt_flags(struct
#define MAX_CACHED_FIDS 16
extern char *cifs_sanitize_prepath(char *prepath, gfp_t gfp);
+extern struct mutex cifs_mount_mutex;
+
+static inline void cifs_mount_lock(void)
+{
+ mutex_lock(&cifs_mount_mutex);
+}
+
+static inline void cifs_mount_unlock(void)
+{
+ mutex_unlock(&cifs_mount_mutex);
+}
+
#endif
Patches currently in stable-queue which might be from pc@xxxxxxxxxxxxx are
queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_write.patch
queue-6.6/smb-client-fix-potential-uaf-in-is_valid_oplock_break.patch
queue-6.6/smb-client-serialise-cifs_construct_tcon-with-cifs_mount_mutex.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_dump_full_key.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_network_name_deleted.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_debug_files_proc_show.patch
queue-6.6/smb-client-handle-dfs-tcons-in-cifs_construct_tcon.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_lease_break.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_signal_cifsd_for_reconnect.patch
queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch
queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_oplock_break.patch
