Commit 77aae7c0 authored Jun 29, 2024 by Enzo Matsumiya Committed by Wang Zhaolong Jun 29, 2024

smb: client: fix deadlock in smb2_find_smb_tcon()

mainline inclusion
from mainline-v6.10-rc3
commit 02c418774f76a0a36a6195c9dbf8971eb4130a15
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA8AFZ
CVE: CVE-2024-39468

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02c418774f76a0a36a6195c9dbf8971eb4130a15



--------------------------------

Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such
deadlock.

Cc: stable@vger.kernel.org
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Wang Zhaolong <wangzhaolong1@huawei.com>

parent 634f6ac2

fs/smb/client/smb2transport.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -216,8 +216,8 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
		}
		tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
		if (!tcon) {
		cifs_put_smb_ses(ses);
		spin_unlock(&cifs_tcp_ses_lock);
		cifs_put_smb_ses(ses);
		return NULL;
		}
		spin_unlock(&cifs_tcp_ses_lock);