diff mbox series

[3/3] cifs: fix session state check in smb2_find_smb_ses

Message ID 20230626034257.2078391-4-wentao@uniontech.com (mailing list archive)
State New, archived
Headers show
Series cifs: fix session state checks to avoid use-after-free issues | expand

Commit Message

Winston Wen June 26, 2023, 3:42 a.m. UTC 
Chech the session state and skip it if it's exiting.

Signed-off-by: Winston Wen <wentao@uniontech.com>
---
 fs/smb/client/smb2transport.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Shyam Prasad N June 26, 2023, 5:17 a.m. UTC | #1 
On Mon, Jun 26, 2023 at 9:24 AM Winston Wen <wentao@uniontech.com> wrote:
>
> Chech the session state and skip it if it's exiting.
>
> Signed-off-by: Winston Wen <wentao@uniontech.com>
> ---
>  fs/smb/client/smb2transport.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
> index 790acf65a092..22954a9c7a6c 100644
> --- a/fs/smb/client/smb2transport.c
> +++ b/fs/smb/client/smb2transport.c
> @@ -153,7 +153,14 @@ smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
>         list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
>                 if (ses->Suid != ses_id)
>                         continue;
> +
> +               spin_lock(&ses->ses_lock);
> +               if (ses->ses_status == SES_EXITING) {
> +                       spin_unlock(&ses->ses_lock);
> +                       continue;
> +               }
>                 ++ses->ses_count;
> +               spin_unlock(&ses->ses_lock);
>                 return ses;
>         }
>
> --
> 2.40.1
>

Thanks for the change.
Looks good to me.
CC stable for this one too.
Steve French June 27, 2023, 4:23 a.m. UTC | #2 
added RB and merged into cifs-2.6.git for-next

On Mon, Jun 26, 2023 at 12:34 AM Shyam Prasad N <nspmangalore@gmail.com> wrote:
>
> On Mon, Jun 26, 2023 at 9:24 AM Winston Wen <wentao@uniontech.com> wrote:
> >
> > Chech the session state and skip it if it's exiting.
> >
> > Signed-off-by: Winston Wen <wentao@uniontech.com>
> > ---
> >  fs/smb/client/smb2transport.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
> > index 790acf65a092..22954a9c7a6c 100644
> > --- a/fs/smb/client/smb2transport.c
> > +++ b/fs/smb/client/smb2transport.c
> > @@ -153,7 +153,14 @@ smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
> >         list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
> >                 if (ses->Suid != ses_id)
> >                         continue;
> > +
> > +               spin_lock(&ses->ses_lock);
> > +               if (ses->ses_status == SES_EXITING) {
> > +                       spin_unlock(&ses->ses_lock);
> > +                       continue;
> > +               }
> >                 ++ses->ses_count;
> > +               spin_unlock(&ses->ses_lock);
> >                 return ses;
> >         }
> >
> > --
> > 2.40.1
> >
>
> Thanks for the change.
> Looks good to me.
> CC stable for this one too.
>
> --
> Regards,
> Shyam
Steve French June 27, 2023, 4:29 a.m. UTC | #3 
merged into cifs-2.6.git for-next, added cc: stable and RB

On Mon, Jun 26, 2023 at 12:34 AM Shyam Prasad N <nspmangalore@gmail.com> wrote:
>
> On Mon, Jun 26, 2023 at 9:24 AM Winston Wen <wentao@uniontech.com> wrote:
> >
> > Chech the session state and skip it if it's exiting.
> >
> > Signed-off-by: Winston Wen <wentao@uniontech.com>
> > ---
> >  fs/smb/client/smb2transport.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
> > index 790acf65a092..22954a9c7a6c 100644
> > --- a/fs/smb/client/smb2transport.c
> > +++ b/fs/smb/client/smb2transport.c
> > @@ -153,7 +153,14 @@ smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
> >         list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
> >                 if (ses->Suid != ses_id)
> >                         continue;
> > +
> > +               spin_lock(&ses->ses_lock);
> > +               if (ses->ses_status == SES_EXITING) {
> > +                       spin_unlock(&ses->ses_lock);
> > +                       continue;
> > +               }
> >                 ++ses->ses_count;
> > +               spin_unlock(&ses->ses_lock);
> >                 return ses;
> >         }
> >
> > --
> > 2.40.1
> >
>
> Thanks for the change.
> Looks good to me.
> CC stable for this one too.
>
> --
> Regards,
> Shyam
diff mbox series

Patch

diff --git a/fs/smb/client/smb2transport.c b/fs/smb/client/smb2transport.c
index 790acf65a092..22954a9c7a6c 100644
--- a/fs/smb/client/smb2transport.c
+++ b/fs/smb/client/smb2transport.c
@@ -153,7 +153,14 @@  smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
 	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
 		if (ses->Suid != ses_id)
 			continue;
+
+		spin_lock(&ses->ses_lock);
+		if (ses->ses_status == SES_EXITING) {
+			spin_unlock(&ses->ses_lock);
+			continue;
+		}
 		++ses->ses_count;
+		spin_unlock(&ses->ses_lock);
 		return ses;
 	}