Commit 75ac9a3
ksmbd: fix race condition from parallel smb2 lock requests
There is a race condition issue between parallel smb2 lock request.
Time
+
Thread A | Thread A
smb2_lock | smb2_lock
|
insert smb_lock to lock_list |
spin_unlock(&work->conn->llist_lock) |
|
| spin_lock(&conn->llist_lock);
| kfree(cmp_lock);
|
// UAF! |
list_add(&smb_lock->llist, &rollback_list) +
This patch swaps the line for adding the smb lock to the rollback list and
adding the lock list of connection to fix the race issue.
Reported-by: luosili <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
Signed-off-by: Steve French <[email protected]>1 parent 7ca9da7 commit 75ac9a3
1 file changed
+1
-11
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7038 | 7038 | | |
7039 | 7039 | | |
7040 | 7040 | | |
7041 | | - | |
7042 | | - | |
7043 | | - | |
7044 | | - | |
7045 | 7041 | | |
7046 | 7042 | | |
7047 | 7043 | | |
| |||
7072 | 7068 | | |
7073 | 7069 | | |
7074 | 7070 | | |
7075 | | - | |
7076 | | - | |
7077 | | - | |
7078 | 7071 | | |
7079 | 7072 | | |
7080 | 7073 | | |
| |||
7094 | 7087 | | |
7095 | 7088 | | |
7096 | 7089 | | |
7097 | | - | |
7098 | | - | |
7099 | | - | |
7100 | 7090 | | |
7101 | 7091 | | |
7102 | 7092 | | |
| 7093 | + | |
7103 | 7094 | | |
7104 | 7095 | | |
7105 | 7096 | | |
7106 | 7097 | | |
7107 | 7098 | | |
7108 | 7099 | | |
7109 | | - | |
7110 | 7100 | | |
7111 | 7101 | | |
7112 | 7102 | | |
| |||
0 commit comments