linux/fs/smb/server/server.c at v4l2_streams

mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 10:29:52 +00:00

Files

Namjae Jeon 33b235a6e6 ksmbd: fix race condition between tree conn lookup and disconnect

if thread A in smb2_write is using work-tcon, other thread B use
smb2_tree_disconnect free the tcon, then thread A will use free'd tcon.

                            Time
                             +
 Thread A                    | Thread A
 smb2_write                  | smb2_tree_disconnect
                             |
                             |
                             |   kfree(tree_conn)
                             |
  // UAF!                    |
  work->tcon->share_conf     |
                             +

This patch add state, reference count and lock for tree conn to fix race
condition issue.

Reported-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

2023-10-04 21:56:28 -05:00

14 KiB

Raw Permalink Blame History

View Raw

14 KiB Raw Permalink Blame History

14 KiB

Raw Permalink Blame History