* [PATCH 0/2] cifs: Fix resource leak when MR allocate failed
@ 2022-11-18 8:42 Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 1/2] cifs: Fix lost destroy smbd connection " Zhang Xiaoxu
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Zhang Xiaoxu @ 2022-11-18 8:42 UTC (permalink / raw)
To: linux-cifs, zhangxiaoxu5, sfrench, smfrench, pc, lsahlber,
sprasad, tom, longli
Zhang Xiaoxu (2):
cifs: Fix lost destroy smbd connection when MR allocate failed
cifs: Fix warning and UAF when destroy the MR list
fs/cifs/smbdirect.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
2.31.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] cifs: Fix lost destroy smbd connection when MR allocate failed
2022-11-18 8:42 [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Zhang Xiaoxu
@ 2022-11-18 8:42 ` Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list Zhang Xiaoxu
2023-02-17 18:13 ` [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Steve French
2 siblings, 0 replies; 6+ messages in thread
From: Zhang Xiaoxu @ 2022-11-18 8:42 UTC (permalink / raw)
To: linux-cifs, zhangxiaoxu5, sfrench, smfrench, pc, lsahlber,
sprasad, tom, longli
If the MR allocate failed, the smb direct connection info is NULL,
then smbd_destroy() will directly return, then the connection info
will be leaked.
Let's set the smb direct connection info to the server before call
smbd_destroy().
Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
---
fs/cifs/smbdirect.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
index 90789aaa6567..a874c2e1ae41 100644
--- a/fs/cifs/smbdirect.c
+++ b/fs/cifs/smbdirect.c
@@ -1699,6 +1699,7 @@ static struct smbd_connection *_smbd_get_connection(
allocate_mr_failed:
/* At this point, need to a full transport shutdown */
+ server->smbd_conn = info;
smbd_destroy(server);
return NULL;
--
2.31.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list
2022-11-18 8:42 [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 1/2] cifs: Fix lost destroy smbd connection " Zhang Xiaoxu
@ 2022-11-18 8:42 ` Zhang Xiaoxu
2023-02-17 21:15 ` Steve French
2023-02-17 18:13 ` [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Steve French
2 siblings, 1 reply; 6+ messages in thread
From: Zhang Xiaoxu @ 2022-11-18 8:42 UTC (permalink / raw)
To: linux-cifs, zhangxiaoxu5, sfrench, smfrench, pc, lsahlber,
sprasad, tom, longli
If the MR allocate failed, the MR recovery work not initialized
and list not cleared. Then will be warning and UAF when release
the MR:
WARNING: CPU: 4 PID: 824 at kernel/workqueue.c:3066 __flush_work.isra.0+0xf7/0x110
CPU: 4 PID: 824 Comm: mount.cifs Not tainted 6.1.0-rc5+ #82
RIP: 0010:__flush_work.isra.0+0xf7/0x110
Call Trace:
<TASK>
__cancel_work_timer+0x2ba/0x2e0
smbd_destroy+0x4e1/0x990
_smbd_get_connection+0x1cbd/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
BUG: KASAN: use-after-free in smbd_destroy+0x4fc/0x990
Read of size 8 at addr ffff88810b156a08 by task mount.cifs/824
CPU: 4 PID: 824 Comm: mount.cifs Tainted: G W 6.1.0-rc5+ #82
Call Trace:
dump_stack_lvl+0x34/0x44
print_report+0x171/0x472
kasan_report+0xad/0x130
smbd_destroy+0x4fc/0x990
_smbd_get_connection+0x1cbd/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Allocated by task 824:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x7a/0x90
_smbd_get_connection+0x1b6f/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Freed by task 824:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x40
____kasan_slab_free+0x143/0x1b0
__kmem_cache_free+0xc8/0x330
_smbd_get_connection+0x1c6a/0x2110
smbd_get_connection+0x21/0x40
cifs_get_tcp_session+0x8ef/0xda0
mount_get_conns+0x60/0x750
cifs_mount+0x103/0xd00
cifs_smb3_do_mount+0x1dd/0xcb0
smb3_get_tree+0x1d5/0x300
vfs_get_tree+0x41/0xf0
path_mount+0x9b3/0xdd0
__x64_sys_mount+0x190/0x1d0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Let's initialize the MR recovery work before MR allocate to prevent
the warning, remove the MRs from the list to prevent the UAF.
Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
---
fs/cifs/smbdirect.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
index a874c2e1ae41..7013fdb4ea51 100644
--- a/fs/cifs/smbdirect.c
+++ b/fs/cifs/smbdirect.c
@@ -2217,6 +2217,7 @@ static int allocate_mr_list(struct smbd_connection *info)
atomic_set(&info->mr_ready_count, 0);
atomic_set(&info->mr_used_count, 0);
init_waitqueue_head(&info->wait_for_mr_cleanup);
+ INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
/* Allocate more MRs (2x) than hardware responder_resources */
for (i = 0; i < info->responder_resources * 2; i++) {
smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL);
@@ -2244,13 +2245,13 @@ static int allocate_mr_list(struct smbd_connection *info)
list_add_tail(&smbdirect_mr->list, &info->mr_list);
atomic_inc(&info->mr_ready_count);
}
- INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
return 0;
out:
kfree(smbdirect_mr);
list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) {
+ list_del(&smbdirect_mr->list);
ib_dereg_mr(smbdirect_mr->mr);
kfree(smbdirect_mr->sgl);
kfree(smbdirect_mr);
--
2.31.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] cifs: Fix resource leak when MR allocate failed
2022-11-18 8:42 [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 1/2] cifs: Fix lost destroy smbd connection " Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list Zhang Xiaoxu
@ 2023-02-17 18:13 ` Steve French
2 siblings, 0 replies; 6+ messages in thread
From: Steve French @ 2023-02-17 18:13 UTC (permalink / raw)
To: Zhang Xiaoxu, CIFS; +Cc: Paulo Alcantara
I had missed these - let me know if any updates/changes or reviewed by
for these (I added Paulo's Acked-by)
On Fri, Nov 18, 2022 at 1:37 AM Zhang Xiaoxu <zhangxiaoxu5@huawei.com> wrote:
>
>
> Zhang Xiaoxu (2):
> cifs: Fix lost destroy smbd connection when MR allocate failed
> cifs: Fix warning and UAF when destroy the MR list
>
> fs/cifs/smbdirect.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> --
> 2.31.1
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list
2022-11-18 8:42 ` [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list Zhang Xiaoxu
@ 2023-02-17 21:15 ` Steve French
2023-02-17 21:25 ` Tom Talpey
0 siblings, 1 reply; 6+ messages in thread
From: Steve French @ 2023-02-17 21:15 UTC (permalink / raw)
To: Zhang Xiaoxu
Cc: linux-cifs, sfrench, pc, lsahlber, sprasad, tom, longli, David Howells
Dave Howells pointed out that around this line (2246 of fs/cifs/smbdirect.c)
list_add_tail(&smbdirect_mr->list, &info->mr_list);
shouldn't there be locking on that?
On Fri, Nov 18, 2022 at 1:37 AM Zhang Xiaoxu <zhangxiaoxu5@huawei.com> wrote:
>
> If the MR allocate failed, the MR recovery work not initialized
> and list not cleared. Then will be warning and UAF when release
> the MR:
>
> WARNING: CPU: 4 PID: 824 at kernel/workqueue.c:3066 __flush_work.isra.0+0xf7/0x110
> CPU: 4 PID: 824 Comm: mount.cifs Not tainted 6.1.0-rc5+ #82
> RIP: 0010:__flush_work.isra.0+0xf7/0x110
> Call Trace:
> <TASK>
> __cancel_work_timer+0x2ba/0x2e0
> smbd_destroy+0x4e1/0x990
> _smbd_get_connection+0x1cbd/0x2110
> smbd_get_connection+0x21/0x40
> cifs_get_tcp_session+0x8ef/0xda0
> mount_get_conns+0x60/0x750
> cifs_mount+0x103/0xd00
> cifs_smb3_do_mount+0x1dd/0xcb0
> smb3_get_tree+0x1d5/0x300
> vfs_get_tree+0x41/0xf0
> path_mount+0x9b3/0xdd0
> __x64_sys_mount+0x190/0x1d0
> do_syscall_64+0x35/0x80
> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> BUG: KASAN: use-after-free in smbd_destroy+0x4fc/0x990
> Read of size 8 at addr ffff88810b156a08 by task mount.cifs/824
> CPU: 4 PID: 824 Comm: mount.cifs Tainted: G W 6.1.0-rc5+ #82
> Call Trace:
> dump_stack_lvl+0x34/0x44
> print_report+0x171/0x472
> kasan_report+0xad/0x130
> smbd_destroy+0x4fc/0x990
> _smbd_get_connection+0x1cbd/0x2110
> smbd_get_connection+0x21/0x40
> cifs_get_tcp_session+0x8ef/0xda0
> mount_get_conns+0x60/0x750
> cifs_mount+0x103/0xd00
> cifs_smb3_do_mount+0x1dd/0xcb0
> smb3_get_tree+0x1d5/0x300
> vfs_get_tree+0x41/0xf0
> path_mount+0x9b3/0xdd0
> __x64_sys_mount+0x190/0x1d0
> do_syscall_64+0x35/0x80
> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> Allocated by task 824:
> kasan_save_stack+0x1e/0x40
> kasan_set_track+0x21/0x30
> __kasan_kmalloc+0x7a/0x90
> _smbd_get_connection+0x1b6f/0x2110
> smbd_get_connection+0x21/0x40
> cifs_get_tcp_session+0x8ef/0xda0
> mount_get_conns+0x60/0x750
> cifs_mount+0x103/0xd00
> cifs_smb3_do_mount+0x1dd/0xcb0
> smb3_get_tree+0x1d5/0x300
> vfs_get_tree+0x41/0xf0
> path_mount+0x9b3/0xdd0
> __x64_sys_mount+0x190/0x1d0
> do_syscall_64+0x35/0x80
> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> Freed by task 824:
> kasan_save_stack+0x1e/0x40
> kasan_set_track+0x21/0x30
> kasan_save_free_info+0x2a/0x40
> ____kasan_slab_free+0x143/0x1b0
> __kmem_cache_free+0xc8/0x330
> _smbd_get_connection+0x1c6a/0x2110
> smbd_get_connection+0x21/0x40
> cifs_get_tcp_session+0x8ef/0xda0
> mount_get_conns+0x60/0x750
> cifs_mount+0x103/0xd00
> cifs_smb3_do_mount+0x1dd/0xcb0
> smb3_get_tree+0x1d5/0x300
> vfs_get_tree+0x41/0xf0
> path_mount+0x9b3/0xdd0
> __x64_sys_mount+0x190/0x1d0
> do_syscall_64+0x35/0x80
> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> Let's initialize the MR recovery work before MR allocate to prevent
> the warning, remove the MRs from the list to prevent the UAF.
>
> Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
> ---
> fs/cifs/smbdirect.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
> index a874c2e1ae41..7013fdb4ea51 100644
> --- a/fs/cifs/smbdirect.c
> +++ b/fs/cifs/smbdirect.c
> @@ -2217,6 +2217,7 @@ static int allocate_mr_list(struct smbd_connection *info)
> atomic_set(&info->mr_ready_count, 0);
> atomic_set(&info->mr_used_count, 0);
> init_waitqueue_head(&info->wait_for_mr_cleanup);
> + INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
> /* Allocate more MRs (2x) than hardware responder_resources */
> for (i = 0; i < info->responder_resources * 2; i++) {
> smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL);
> @@ -2244,13 +2245,13 @@ static int allocate_mr_list(struct smbd_connection *info)
> list_add_tail(&smbdirect_mr->list, &info->mr_list);
> atomic_inc(&info->mr_ready_count);
> }
> - INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
> return 0;
>
> out:
> kfree(smbdirect_mr);
>
> list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) {
> + list_del(&smbdirect_mr->list);
> ib_dereg_mr(smbdirect_mr->mr);
> kfree(smbdirect_mr->sgl);
> kfree(smbdirect_mr);
> --
> 2.31.1
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list
2023-02-17 21:15 ` Steve French
@ 2023-02-17 21:25 ` Tom Talpey
0 siblings, 0 replies; 6+ messages in thread
From: Tom Talpey @ 2023-02-17 21:25 UTC (permalink / raw)
To: Steve French, Zhang Xiaoxu
Cc: linux-cifs, sfrench, pc, lsahlber, sprasad, longli, David Howells
On 2/17/2023 4:15 PM, Steve French wrote:
> Dave Howells pointed out that around this line (2246 of fs/cifs/smbdirect.c)
>
> list_add_tail(&smbdirect_mr->list, &info->mr_list);
>
> shouldn't there be locking on that?
I don't think it's necessary, because neither the smbdirect_mr
nor the smbd_connection ("info") have been linked anywhere yet.
Regarding the proposed patch:
> On Fri, Nov 18, 2022 at 1:37 AM Zhang Xiaoxu <zhangxiaoxu5@huawei.com> wrote:
>>
>> If the MR allocate failed, the MR recovery work not initialized
>> and list not cleared. Then will be warning and UAF when release
>> the MR:
Reviewed-by: Tom Talpey <tom@talpey.com>
>>
>> WARNING: CPU: 4 PID: 824 at kernel/workqueue.c:3066 __flush_work.isra.0+0xf7/0x110
>> CPU: 4 PID: 824 Comm: mount.cifs Not tainted 6.1.0-rc5+ #82
>> RIP: 0010:__flush_work.isra.0+0xf7/0x110
>> Call Trace:
>> <TASK>
>> __cancel_work_timer+0x2ba/0x2e0
>> smbd_destroy+0x4e1/0x990
>> _smbd_get_connection+0x1cbd/0x2110
>> smbd_get_connection+0x21/0x40
>> cifs_get_tcp_session+0x8ef/0xda0
>> mount_get_conns+0x60/0x750
>> cifs_mount+0x103/0xd00
>> cifs_smb3_do_mount+0x1dd/0xcb0
>> smb3_get_tree+0x1d5/0x300
>> vfs_get_tree+0x41/0xf0
>> path_mount+0x9b3/0xdd0
>> __x64_sys_mount+0x190/0x1d0
>> do_syscall_64+0x35/0x80
>> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>>
>> BUG: KASAN: use-after-free in smbd_destroy+0x4fc/0x990
>> Read of size 8 at addr ffff88810b156a08 by task mount.cifs/824
>> CPU: 4 PID: 824 Comm: mount.cifs Tainted: G W 6.1.0-rc5+ #82
>> Call Trace:
>> dump_stack_lvl+0x34/0x44
>> print_report+0x171/0x472
>> kasan_report+0xad/0x130
>> smbd_destroy+0x4fc/0x990
>> _smbd_get_connection+0x1cbd/0x2110
>> smbd_get_connection+0x21/0x40
>> cifs_get_tcp_session+0x8ef/0xda0
>> mount_get_conns+0x60/0x750
>> cifs_mount+0x103/0xd00
>> cifs_smb3_do_mount+0x1dd/0xcb0
>> smb3_get_tree+0x1d5/0x300
>> vfs_get_tree+0x41/0xf0
>> path_mount+0x9b3/0xdd0
>> __x64_sys_mount+0x190/0x1d0
>> do_syscall_64+0x35/0x80
>> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>>
>> Allocated by task 824:
>> kasan_save_stack+0x1e/0x40
>> kasan_set_track+0x21/0x30
>> __kasan_kmalloc+0x7a/0x90
>> _smbd_get_connection+0x1b6f/0x2110
>> smbd_get_connection+0x21/0x40
>> cifs_get_tcp_session+0x8ef/0xda0
>> mount_get_conns+0x60/0x750
>> cifs_mount+0x103/0xd00
>> cifs_smb3_do_mount+0x1dd/0xcb0
>> smb3_get_tree+0x1d5/0x300
>> vfs_get_tree+0x41/0xf0
>> path_mount+0x9b3/0xdd0
>> __x64_sys_mount+0x190/0x1d0
>> do_syscall_64+0x35/0x80
>> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>>
>> Freed by task 824:
>> kasan_save_stack+0x1e/0x40
>> kasan_set_track+0x21/0x30
>> kasan_save_free_info+0x2a/0x40
>> ____kasan_slab_free+0x143/0x1b0
>> __kmem_cache_free+0xc8/0x330
>> _smbd_get_connection+0x1c6a/0x2110
>> smbd_get_connection+0x21/0x40
>> cifs_get_tcp_session+0x8ef/0xda0
>> mount_get_conns+0x60/0x750
>> cifs_mount+0x103/0xd00
>> cifs_smb3_do_mount+0x1dd/0xcb0
>> smb3_get_tree+0x1d5/0x300
>> vfs_get_tree+0x41/0xf0
>> path_mount+0x9b3/0xdd0
>> __x64_sys_mount+0x190/0x1d0
>> do_syscall_64+0x35/0x80
>> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>>
>> Let's initialize the MR recovery work before MR allocate to prevent
>> the warning, remove the MRs from the list to prevent the UAF.
>>
>> Fixes: c7398583340a ("CIFS: SMBD: Implement RDMA memory registration")
>> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
>> ---
>> fs/cifs/smbdirect.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
>> index a874c2e1ae41..7013fdb4ea51 100644
>> --- a/fs/cifs/smbdirect.c
>> +++ b/fs/cifs/smbdirect.c
>> @@ -2217,6 +2217,7 @@ static int allocate_mr_list(struct smbd_connection *info)
>> atomic_set(&info->mr_ready_count, 0);
>> atomic_set(&info->mr_used_count, 0);
>> init_waitqueue_head(&info->wait_for_mr_cleanup);
>> + INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
>> /* Allocate more MRs (2x) than hardware responder_resources */
>> for (i = 0; i < info->responder_resources * 2; i++) {
>> smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL);
>> @@ -2244,13 +2245,13 @@ static int allocate_mr_list(struct smbd_connection *info)
>> list_add_tail(&smbdirect_mr->list, &info->mr_list);
>> atomic_inc(&info->mr_ready_count);
>> }
>> - INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work);
>> return 0;
>>
>> out:
>> kfree(smbdirect_mr);
>>
>> list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) {
>> + list_del(&smbdirect_mr->list);
>> ib_dereg_mr(smbdirect_mr->mr);
>> kfree(smbdirect_mr->sgl);
>> kfree(smbdirect_mr);
>> --
>> 2.31.1
>>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-02-17 21:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-18 8:42 [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 1/2] cifs: Fix lost destroy smbd connection " Zhang Xiaoxu
2022-11-18 8:42 ` [PATCH 2/2] cifs: Fix warning and UAF when destroy the MR list Zhang Xiaoxu
2023-02-17 21:15 ` Steve French
2023-02-17 21:25 ` Tom Talpey
2023-02-17 18:13 ` [PATCH 0/2] cifs: Fix resource leak when MR allocate failed Steve French
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.