ksmbd: fix race condition with fp - pm24.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Namjae Jeon <linkinjeon@kernel.org>	2023-10-04 18:28:39 +0900
committer	Steve French <stfrench@microsoft.com>	2023-10-04 20:21:48 -0500
commit	5a7ee91d1154f35418367a6eaae74046fd06ed89 (patch)
tree	4fe9ab46726de64bd927b559f0b6624a1e1278ec /scripts/gcc-plugins/gcc-common.h
parent	53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (diff)

ksmbd: fix race condition with fp

fp can used in each command. If smb2_close command is coming at the same time, UAF issue can happen by race condition. Time + Thread A | Thread B1 B2 .... B5 smb2_open | smb2_close | __open_id | insert fp to file_table | | | atomic_dec_and_test(&fp->refcount) | if fp->refcount == 0, free fp by kfree. // UAF! | use fp | + This patch add f_state not to use freed fp is used and not to free fp in use. Reported-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>

Diffstat (limited to 'scripts/gcc-plugins/gcc-common.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: