[PATCH 5.15.y] smb: client: fix potential UAF in smb2_is_valid_oplock

public inbox for linux-cifs@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 5.15.y] smb: client: fix potential UAF in smb2_is_valid_oplock_break()
@ 2026-04-17  6:34 Robert Garcia
  2026-04-20 13:21 ` Sasha Levin
  0 siblings, 1 reply; 2+ messages in thread
From: Robert Garcia @ 2026-04-17  6:34 UTC (permalink / raw)
  To: stable, Paulo Alcantara
  Cc: Steve French, linux-cifs, samba-technical, Robert Garcia,
	linux-kernel

From: Paulo Alcantara <pc@manguebit.com>

[ Upstream commit 22863485a4626ec6ecf297f4cc0aef709bc862e4 ]

Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.

Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[ Appropriate path used. ]
Signed-off-by: Robert Garcia <rob_garcia@163.com>
---
 fs/cifs/smb2misc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
index b84e682b4cae..da32b3f6686b 100644
--- a/fs/cifs/smb2misc.c
+++ b/fs/cifs/smb2misc.c
@@ -679,6 +679,8 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
 	/* look up tcon based on tid & uid */
 	spin_lock(&cifs_tcp_ses_lock);
 	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
+		if (cifs_ses_exiting(ses))
+			continue;
 		list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
 
 			spin_lock(&tcon->open_file_lock);
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 5.15.y] smb: client: fix potential UAF in smb2_is_valid_oplock_break()
  2026-04-17  6:34 [PATCH 5.15.y] smb: client: fix potential UAF in smb2_is_valid_oplock_break() Robert Garcia
@ 2026-04-20 13:21 ` Sasha Levin
  0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2026-04-20 13:21 UTC (permalink / raw)
  To: Robert Garcia
  Cc: Sasha Levin, stable, linux-cifs, Steve French, Paulo Alcantara

On Fri, Apr 17, 2026, Robert Garcia wrote:
> Backport of 22863485a462 ("smb: client: fix potential UAF in
> smb2_is_valid_oplock_break()") to 5.15.y.

Queued for 5.15, thanks.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-04-20 13:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-17  6:34 [PATCH 5.15.y] smb: client: fix potential UAF in smb2_is_valid_oplock_break() Robert Garcia
2026-04-20 13:21 ` Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox