public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/fs/smb/client
History
Exact
Paulo Alcantara fa2f9906a7 smb: client: fix double free of TCP_Server_Info::hostname 
When shutting down the server in cifs_put_tcp_session(), cifsd thread
might be reconnecting to multiple DFS targets before it realizes it
should exit the loop, so @server->hostname can't be freed as long as
cifsd thread isn't done.  Otherwise the following can happen:

  RIP: 0010:__slab_free+0x223/0x3c0
  Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89
  1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff <0f>
  0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80
  RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246
  RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068
  RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400
  RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000
  R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500
  R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068
  FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)
  000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:
  PKRU: 55555554
  Call Trace:
   <TASK>
   ? show_trace_log_lvl+0x1c4/0x2df
   ? show_trace_log_lvl+0x1c4/0x2df
   ? __reconnect_target_unlocked+0x3e/0x160 [cifs]
   ? __die_body.cold+0x8/0xd
   ? die+0x2b/0x50
   ? do_trap+0xce/0x120
   ? __slab_free+0x223/0x3c0
   ? do_error_trap+0x65/0x80
   ? __slab_free+0x223/0x3c0
   ? exc_invalid_op+0x4e/0x70
   ? __slab_free+0x223/0x3c0
   ? asm_exc_invalid_op+0x16/0x20
   ? __slab_free+0x223/0x3c0
   ? extract_hostname+0x5c/0xa0 [cifs]
   ? extract_hostname+0x5c/0xa0 [cifs]
   ? __kmalloc+0x4b/0x140
   __reconnect_target_unlocked+0x3e/0x160 [cifs]
   reconnect_dfs_server+0x145/0x430 [cifs]
   cifs_handle_standard+0x1ad/0x1d0 [cifs]
   cifs_demultiplex_thread+0x592/0x730 [cifs]
   ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]
   kthread+0xdd/0x100
   ? __pfx_kthread+0x10/0x10
   ret_from_fork+0x29/0x50
   </TASK>

Fixes: 7be3248f31 ("cifs: To match file servers, make sure the server hostname matches")
Reported-by: Jay Shin <jaeshin@redhat.com>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2025-01-15 16:56:06 -06:00
..
compress move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
asn1.c
cached_dir.c smb: Initialize cfid->tcon before performing network ops 2024-11-26 23:35:34 -06:00
cached_dir.h smb: During unmount, ensure all cached dir instances drop their dentry 2024-11-26 18:47:08 -06:00
cifs_debug.c
cifs_debug.h
cifs_fs_sb.h
cifs_ioctl.h
cifs_spnego.c CIFS: New mount option for cifs.upcall namespace resolution 2024-11-21 10:44:03 -06:00
cifs_spnego.h
cifs_spnego_negtokeninit.asn1
cifs_swn.c
cifs_swn.h
cifs_unicode.c cifs: Fix creating native symlinks pointing to current or parent directory 2024-10-06 22:57:12 -05:00
cifs_unicode.h
cifsacl.c smb/client: Prevent error pointer dereference 2024-11-21 10:43:23 -06:00
cifsacl.h smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
cifsencrypt.c smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
cifsfs.c smb: use macros instead of constants for leasekey size and default cifsattrs value 2024-12-19 09:24:32 -06:00
cifsfs.h cifs: update internal version number 2024-11-28 09:51:14 -06:00
cifsglob.h smb: During unmount, ensure all cached dir instances drop their dentry 2024-11-26 18:47:08 -06:00
cifspdu.h nine smb3 client fixes 2024-10-04 09:56:05 -07:00
cifsproto.h cifs: Remove unused is_server_using_iface() 2024-12-23 08:06:05 -06:00
cifsroot.c
cifssmb.c cifs: support reconnect with alternate password for SMB1 2025-01-12 23:20:53 -06:00
compress.c smb/client: Fix logically dead code 2024-10-16 00:30:52 -05:00
compress.h
connect.c smb: client: fix double free of TCP_Server_Info::hostname 2025-01-15 16:56:06 -06:00
dfs.c smb: client: don't try following DFS links in cifs_tree_connect() 2024-11-26 18:46:35 -06:00
dfs.h smb: client: fix DFS interlink failover 2024-09-24 21:51:48 -05:00
dfs_cache.c smb: client: allow more DFS referrals to be cached 2024-11-26 18:46:15 -06:00
dfs_cache.h
dir.c
dns_resolve.c
dns_resolve.h
export.c
file.c smb: enable reuse of deferred file handles for write operations 2024-12-23 08:05:39 -06:00
fs_context.c cifs: unlock on error in smb3_reconfigure() 2024-11-28 09:51:11 -06:00
fs_context.h cifs: during remount, make sure passwords are in sync 2024-11-28 09:51:07 -06:00
fscache.c
fscache.h
inode.c cifs: Fix rmdir failure due to ongoing I/O on deleted file 2024-12-10 20:47:34 -06:00
ioctl.c convert cifs_ioctl_copychunk() 2024-11-03 01:28:07 -05:00
Kconfig smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig 2024-12-19 09:24:35 -06:00
link.c
Makefile
misc.c smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
namespace.c smb: client: sync the root session and superblock context passwords before automounting 2025-01-10 17:55:35 -06:00
netlink.c
netlink.h
netmisc.c smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
nterr.c
nterr.h
ntlmssp.h
readdir.c smb3.1.1: fix posix mounts to older servers 2024-12-06 09:13:00 -06:00
reparse.c smb3: fix compiler warning in reparse code 2024-12-09 15:20:58 -06:00
reparse.h cifs: Fix parsing native symlinks relative to the export 2024-11-25 14:50:32 -06:00
rfc1002pdu.h
sess.c cifs: Remove unused is_server_using_iface() 2024-12-23 08:06:05 -06:00
smb1ops.c cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session 2024-11-25 14:50:32 -06:00
smb2file.c cifs: Fix parsing native symlinks relative to the export 2024-11-25 14:50:32 -06:00
smb2glob.h
smb2inode.c fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX 2024-12-04 12:42:38 -06:00
smb2maperror.c
smb2misc.c Revert "smb: client: make SHA-512 TFM ephemeral" 2024-09-30 22:07:45 -05:00
smb2ops.c smb: client: fix noisy message when mounting shares 2024-11-26 18:46:40 -06:00
smb2pdu.c vfs-6.13-rc7.fixes 2025-01-06 10:26:39 -08:00
smb2pdu.h
smb2proto.h cifs: Fix parsing native symlinks relative to the export 2024-11-25 14:50:32 -06:00
smb2transport.c smb: client: fix use-after-free of signing key 2024-11-17 22:20:54 -06:00
smbdirect.c smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
smbdirect.h smb: client: Correct typos in multiple comments across various files 2024-10-02 17:52:24 -05:00
smbencrypt.c
smberr.h
trace.c
trace.h smb: During unmount, ensure all cached dir instances drop their dentry 2024-11-26 18:47:08 -06:00
transport.c smb: client: improve compound padding in encryption 2024-11-21 10:45:49 -06:00
unc.c
winucase.c
xattr.c