Commit 99f28070 authored by Winston Wen's avatar Winston Wen Committed by Steve French
Browse files

cifs: fix session state check in reconnect to avoid use-after-free issue 



Don't collect exiting session in smb2_reconnect_server(), because it
will be released soon.

Note that the exiting session will stay in server->smb_ses_list until
it complete the cifs_free_ipc() and logoff() and then delete itself
from the list.

Signed-off-by: default avatarWinston Wen <wentao@uniontech.com>
Reviewed-by: default avatarShyam Prasad N <sprasad@microsoft.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent 326a8d04

fs/smb/client/smb2pdu.c

+6 −0
Original line number Diff line number Diff line
@@ -3797,6 +3797,12 @@ void smb2_reconnect_server(struct work_struct *work) 


	spin_lock(&cifs_tcp_ses_lock);

	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {

		spin_lock(&ses->ses_lock);

		if (ses->ses_status == SES_EXITING) {

			spin_unlock(&ses->ses_lock);

			continue;

		}

		spin_unlock(&ses->ses_lock);



		tcon_selected = false;