ksmbd: fix race condition between tree conn lookup and disconnect - kernel

diff options

author	Namjae Jeon <[email protected]>	2023-10-05 02:22:03 +0000
committer	Steve French <[email protected]>	2023-10-05 02:56:28 +0000
commit	33b235a6e6ebe0f05f3586a71e8d281d00f71e2e (patch)
tree	da5a5b5679aa447860e4581d4773b72fc04924e8 /drivers/gpu/drm/amd/amdgpu/amdgpu_object.h
parent	ksmbd: fix race condition from parallel smb2 lock requests (diff)
download	kernel-33b235a6e6ebe0f05f3586a71e8d281d00f71e2e.tar.gz kernel-33b235a6e6ebe0f05f3586a71e8d281d00f71e2e.zip

ksmbd: fix race condition between tree conn lookup and disconnect

if thread A in smb2_write is using work-tcon, other thread B use smb2_tree_disconnect free the tcon, then thread A will use free'd tcon. Time + Thread A | Thread A smb2_write | smb2_tree_disconnect | | | kfree(tree_conn) | // UAF! | work->tcon->share_conf | + This patch add state, reference count and lock for tree conn to fix race condition issue. Reported-by: luosili <[email protected]> Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]>

Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_object.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: