diff options
| author | Namjae Jeon <linkinjeon@kernel.org> | 2023-10-04 11:31:03 +0200 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2023-10-05 03:21:48 +0200 |
| commit | 75ac9a3dd65f7eab4d12b0a0f744234b5300a491 (patch) | |
| tree | c54b6fd1e2697dbfd7917749fceb433e9bf4ae9f /fs/nilfs2 | |
| parent | ksmbd: fix race condition from parallel smb2 logoff requests (diff) | |
| download | linux-75ac9a3dd65f7eab4d12b0a0f744234b5300a491.tar.xz linux-75ac9a3dd65f7eab4d12b0a0f744234b5300a491.zip | |
ksmbd: fix race condition from parallel smb2 lock requests
There is a race condition issue between parallel smb2 lock request.
Time
+
Thread A | Thread A
smb2_lock | smb2_lock
|
insert smb_lock to lock_list |
spin_unlock(&work->conn->llist_lock) |
|
| spin_lock(&conn->llist_lock);
| kfree(cmp_lock);
|
// UAF! |
list_add(&smb_lock->llist, &rollback_list) +
This patch swaps the line for adding the smb lock to the rollback list and
adding the lock list of connection to fix the race issue.
Reported-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/nilfs2')
0 files changed, 0 insertions, 0 deletions