This is a note to let you know that I've just added the patch titled
cifs: fix use after free for iface while disabling secondary channels
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
cifs-fix-use-after-free-for-iface-while-disabling-se.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit b898e3355dbd14d9a30fd87f0c85ae0bba789dca
Author: Ritvik Budhiraja <rbudhiraja@xxxxxxxxxxxxx>
Date: Tue Nov 21 19:13:47 2023 +0530
cifs: fix use after free for iface while disabling secondary channels
[ Upstream commit a15ccef82d3de9a37dc25898c60a394209368dc8 ]
We were deferencing iface after it has been released. Fix is to
release after all dereference instances have been encountered.
Signed-off-by: Ritvik Budhiraja <rbudhiraja@xxxxxxxxxxxxx>
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Closes: https://lore.kernel.org/r/202311110815.UJaeU3Tt-lkp@xxxxxxxxx/
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 09bb30610a901..f3d25395d0d3c 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -337,10 +337,10 @@ cifs_disable_secondary_channels(struct cifs_ses *ses)
if (iface) {
spin_lock(&ses->iface_lock);
- kref_put(&iface->refcount, release_iface);
iface->num_channels--;
if (iface->weight_fulfilled)
iface->weight_fulfilled--;
+ kref_put(&iface->refcount, release_iface);
spin_unlock(&ses->iface_lock);
}
