This is a note to let you know that I've just added the patch titled smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: smb-client-serialise-cifs_construct_tcon-with-cifs_mount_mutex.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 93cee45ccfebc62a3bb4cd622b89e00c8c7d8493 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc@xxxxxxxxxxxxx> Date: Mon, 1 Apr 2024 22:44:09 -0300 Subject: smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex From: Paulo Alcantara <pc@xxxxxxxxxxxxx> commit 93cee45ccfebc62a3bb4cd622b89e00c8c7d8493 upstream. Serialise cifs_construct_tcon() with cifs_mount_mutex to handle parallel mounts that may end up reusing the session and tcon created by it. Cc: stable@xxxxxxxxxxxxxxx # 6.4+ Signed-off-by: Paulo Alcantara (Red Hat) <pc@xxxxxxxxxxxxx> Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/smb/client/connect.c | 13 ++++++++++++- fs/smb/client/fs_context.c | 6 +++--- fs/smb/client/fs_context.h | 12 ++++++++++++ 3 files changed, 27 insertions(+), 4 deletions(-) --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -3981,7 +3981,7 @@ cifs_set_vol_auth(struct smb3_fs_context } static struct cifs_tcon * -cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid) +__cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid) { int rc; struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb); @@ -4079,6 +4079,17 @@ out: return tcon; } +static struct cifs_tcon * +cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid) +{ + struct cifs_tcon *ret; + + cifs_mount_lock(); + ret = __cifs_construct_tcon(cifs_sb, fsuid); + cifs_mount_unlock(); + return ret; +} + struct cifs_tcon * cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb) { --- a/fs/smb/client/fs_context.c +++ b/fs/smb/client/fs_context.c @@ -37,7 +37,7 @@ #include "rfc1002pdu.h" #include "fs_context.h" -static DEFINE_MUTEX(cifs_mount_mutex); +DEFINE_MUTEX(cifs_mount_mutex); static const match_table_t cifs_smb_version_tokens = { { Smb_1, SMB1_VERSION_STRING }, @@ -752,9 +752,9 @@ static int smb3_get_tree(struct fs_conte if (err) return err; - mutex_lock(&cifs_mount_mutex); + cifs_mount_lock(); ret = smb3_get_tree_common(fc); - mutex_unlock(&cifs_mount_mutex); + cifs_mount_unlock(); return ret; } --- a/fs/smb/client/fs_context.h +++ b/fs/smb/client/fs_context.h @@ -293,4 +293,16 @@ extern void smb3_update_mnt_flags(struct #define MAX_CACHED_FIDS 16 extern char *cifs_sanitize_prepath(char *prepath, gfp_t gfp); +extern struct mutex cifs_mount_mutex; + +static inline void cifs_mount_lock(void) +{ + mutex_lock(&cifs_mount_mutex); +} + +static inline void cifs_mount_unlock(void) +{ + mutex_unlock(&cifs_mount_mutex); +} + #endif Patches currently in stable-queue which might be from pc@xxxxxxxxxxxxx are queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_write.patch queue-6.6/smb-client-fix-potential-uaf-in-is_valid_oplock_break.patch queue-6.6/smb-client-serialise-cifs_construct_tcon-with-cifs_mount_mutex.patch queue-6.6/smb-client-fix-potential-uaf-in-cifs_dump_full_key.patch queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_network_name_deleted.patch queue-6.6/smb-client-fix-potential-uaf-in-cifs_debug_files_proc_show.patch queue-6.6/smb-client-handle-dfs-tcons-in-cifs_construct_tcon.patch queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_lease_break.patch queue-6.6/smb-client-fix-potential-uaf-in-cifs_signal_cifsd_for_reconnect.patch queue-6.6/smb-client-fix-potential-uaf-in-cifs_stats_proc_show.patch queue-6.6/smb-client-fix-potential-uaf-in-smb2_is_valid_oplock_break.patch