* [PATCH] cifs: Use after free in debug code
@ 2022-11-18 11:48 Dan Carpenter
2022-11-18 14:48 ` Paulo Alcantara
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2022-11-18 11:48 UTC (permalink / raw)
To: Steve French
Cc: Paulo Alcantara, Ronnie Sahlberg, Shyam Prasad N, Tom Talpey,
linux-cifs, samba-technical, kernel-janitors
This debug code dereferences "old_iface" after it was already freed by
the call to release_iface(). Re-order the debugging to avoid this
issue.
Fixes: b54034a73baf ("cifs: during reconnect, update interface if necessary")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
fs/cifs/sess.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 92e4278ec35d..9e7d9f0baa18 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -302,14 +302,14 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
/* now drop the ref to the current iface */
if (old_iface && iface) {
- kref_put(&old_iface->refcount, release_iface);
cifs_dbg(FYI, "replacing iface: %pIS with %pIS\n",
&old_iface->sockaddr,
&iface->sockaddr);
- } else if (old_iface) {
kref_put(&old_iface->refcount, release_iface);
+ } else if (old_iface) {
cifs_dbg(FYI, "releasing ref to iface: %pIS\n",
&old_iface->sockaddr);
+ kref_put(&old_iface->refcount, release_iface);
} else {
WARN_ON(!iface);
cifs_dbg(FYI, "adding new iface: %pIS\n", &iface->sockaddr);
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] cifs: Use after free in debug code
2022-11-18 11:48 [PATCH] cifs: Use after free in debug code Dan Carpenter
@ 2022-11-18 14:48 ` Paulo Alcantara
2022-11-19 19:59 ` Steve French
0 siblings, 1 reply; 3+ messages in thread
From: Paulo Alcantara @ 2022-11-18 14:48 UTC (permalink / raw)
To: Dan Carpenter, Steve French
Cc: Ronnie Sahlberg, Shyam Prasad N, Tom Talpey, linux-cifs,
samba-technical, kernel-janitors
Dan Carpenter <error27@gmail.com> writes:
> This debug code dereferences "old_iface" after it was already freed by
> the call to release_iface(). Re-order the debugging to avoid this
> issue.
>
> Fixes: b54034a73baf ("cifs: during reconnect, update interface if necessary")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> fs/cifs/sess.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] cifs: Use after free in debug code
2022-11-18 14:48 ` Paulo Alcantara
@ 2022-11-19 19:59 ` Steve French
0 siblings, 0 replies; 3+ messages in thread
From: Steve French @ 2022-11-19 19:59 UTC (permalink / raw)
To: Paulo Alcantara
Cc: Dan Carpenter, Steve French, linux-cifs, Shyam Prasad N,
samba-technical, kernel-janitors, Ronnie Sahlberg, Tom Talpey
merged into cifs-2.6.git for-next
On Fri, Nov 18, 2022 at 8:48 AM Paulo Alcantara via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Dan Carpenter <error27@gmail.com> writes:
>
> > This debug code dereferences "old_iface" after it was already freed by
> > the call to release_iface(). Re-order the debugging to avoid this
> > issue.
> >
> > Fixes: b54034a73baf ("cifs: during reconnect, update interface if necessary")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > fs/cifs/sess.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-19 19:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-18 11:48 [PATCH] cifs: Use after free in debug code Dan Carpenter
2022-11-18 14:48 ` Paulo Alcantara
2022-11-19 19:59 ` Steve French
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.