Unverified Commit 2e485a96 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!15221 smb: client: Fix netns refcount imbalance causing leaks and use-after-free 

Merge Pull Request from: @ci-robot 
 
PR sync from: Wang Zhaolong <wangzhaolong1@huawei.com>
https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/NBZONPWBXZDGH5WY64WMG6U57TKLLV72/ 
 
https://gitee.com/openeuler/kernel/issues/IBNCLL 
 
Link:https://gitee.com/openeuler/kernel/pulls/15221

 

Reviewed-by: default avatarZhang Peng <zhangpeng362@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 0a80f4d9 b2af53e6

fs/smb/client/connect.c

+8 −8
Original line number Diff line number Diff line
@@ -316,6 +316,7 @@ cifs_abort_connection(struct TCP_Server_Info *server) 
			 server->ssocket->flags);

		sock_release(server->ssocket);

		server->ssocket = NULL;

		put_net(cifs_net_ns(server));

	}

	server->sequence_number = 0;

	server->session_estab = false;
@@ -3140,7 +3141,11 @@ generic_ip_connect(struct TCP_Server_Info *server) 
		/*

		 * Grab netns reference for the socket.

		 *

		 * It'll be released here, on error, or in clean_demultiplex_info() upon server

		 * This reference will be released in several situations:

		 * - In the failure path before the cifsd thread is started.

		 * - In the all place where server->socket is released, it is

		 *   also set to NULL.

		 * - Ultimately in clean_demultiplex_info(), during the final

		 *   teardown.

		 */

		get_net(net);
@@ -3157,10 +3162,8 @@ generic_ip_connect(struct TCP_Server_Info *server) 
	}



	rc = bind_socket(server);

	if (rc < 0) {

		put_net(cifs_net_ns(server));

	if (rc < 0)

		return rc;

	}



	/*

	 * Eventually check for other socket options to change from
@@ -3206,9 +3209,6 @@ generic_ip_connect(struct TCP_Server_Info *server) 
	if (sport == htons(RFC1001_PORT))

		rc = ip_rfc1001_connect(server);



	if (rc < 0)

		put_net(cifs_net_ns(server));



	return rc;

}