Searched hist:"75 ac9a3d" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/fs/smb/server/ |
| H A D | smb2pdu.c | 75ac9a3d Wed Oct 04 04:31:03 CDT 2023 Namjae Jeon <linkinjeon@kernel.org> ksmbd: fix race condition from parallel smb2 lock requests
There is a race condition issue between parallel smb2 lock request.
Time
+
Thread A | Thread A
smb2_lock | smb2_lock
|
insert smb_lock to lock_list |
spin_unlock(&work->conn->llist_lock) |
|
| spin_lock(&conn->llist_lock);
| kfree(cmp_lock);
|
// UAF! |
list_add(&smb_lock->llist, &rollback_list) +
This patch swaps the line for adding the smb lock to the rollback list and
adding the lock list of connection to fix the race issue.
Reported-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
|