From: Paulo Alcantara <pc@manguebit.com>
To: nspmangalore@gmail.com, smfrench@gmail.com,
bharathsm.hsk@gmail.com, linux-cifs@vger.kernel.org
Cc: Shyam Prasad N <sprasad@microsoft.com>
Subject: Re: [PATCH 09/14] cifs: add a back pointer to cifs_sb from tcon
Date: Fri, 03 Nov 2023 18:03:05 -0300 [thread overview]
Message-ID: <ffa541bac7417c9dea79c73e22de1eda.pc@manguebit.com> (raw)
In-Reply-To: <20231030110020.45627-9-sprasad@microsoft.com>
nspmangalore@gmail.com writes:
> From: Shyam Prasad N <sprasad@microsoft.com>
>
> Today, we have no way to access the cifs_sb when we
> just have pointers to struct tcon. This is very
> limiting as many functions deal with cifs_sb, and
> these calls do not directly originate from VFS.
>
> This change introduces a new cifs_sb field in cifs_tcon
> that points to the cifs_sb for the tcon. The assumption
> here is that a tcon will always map to this cifs_sb and
> will never change.
>
> Also, refcounting should not be necessary, since cifs_sb
> will never be freed before tcon.
>
> Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
> ---
> fs/smb/client/cifsglob.h | 1 +
> fs/smb/client/connect.c | 2 ++
> 2 files changed, 3 insertions(+)
This is wrong as a single tcon may be shared among different
superblocks. You can, however, map those superblocks to a tcon by using
the cifs_sb_master_tcon() helper.
If you do something like this
mount.cifs //srv/share /mnt/1 -o ...
mount.cifs //srv/share /mnt/1 -o ... -> -EBUSY
tcon->cifs_sb will end up with the already freed superblock pointer that
was compared to the existing one. So, you'll get an use-after-free when
you dereference tcon->cifs_sb as in patch 11/14.
next prev parent reply other threads:[~2023-11-03 21:03 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-30 11:00 [PATCH 01/14] cifs: print server capabilities in DebugData nspmangalore
2023-10-30 11:00 ` [PATCH 02/14] cifs: add xid to query server interface call nspmangalore
2023-10-31 5:35 ` Bharath SM
2023-10-30 11:00 ` [PATCH 03/14] cifs: reconnect helper should set reconnect for the right channel nspmangalore
2023-10-31 15:27 ` Paulo Alcantara
2023-10-31 18:29 ` Steve French
2023-10-30 11:00 ` [PATCH 04/14] cifs: do not reset chan_max if multichannel is not supported at mount nspmangalore
2023-11-01 2:57 ` Steve French
2023-11-01 3:14 ` Steve French
2023-10-30 11:00 ` [PATCH 05/14] cifs: force interface update before a fresh session setup nspmangalore
2023-11-01 3:14 ` Steve French
2023-10-30 11:00 ` [PATCH 06/14] cifs: handle cases where a channel is closed nspmangalore
2023-11-01 3:09 ` Steve French
2023-11-02 12:26 ` Shyam Prasad N
2023-10-30 11:00 ` [PATCH 07/14] cifs: distribute channels across interfaces based on speed nspmangalore
2023-10-30 11:00 ` [PATCH 08/14] cifs: account for primary channel in the interface list nspmangalore
2023-11-08 15:44 ` Paulo Alcantara
2023-11-08 18:16 ` Steve French
2023-11-08 19:03 ` Paulo Alcantara
2023-10-30 11:00 ` [PATCH 09/14] cifs: add a back pointer to cifs_sb from tcon nspmangalore
2023-11-01 3:30 ` Steve French
2023-11-03 21:03 ` Paulo Alcantara [this message]
2023-11-06 16:12 ` Shyam Prasad N
2023-11-06 17:04 ` Shyam Prasad N
[not found] ` <CAH2r5msQLTcdiHBrOKd+q6LPPHW_Jj3QbpFZyZ48CJbrtDqC5w@mail.gmail.com>
[not found] ` <CAH2r5mt4hC5x2w2D46y13j_OtjkJk9_ZaeGXbb7YKukffBk2LQ@mail.gmail.com>
2023-11-06 19:36 ` Fwd: " Steve French
2023-11-08 15:24 ` Paulo Alcantara
2023-11-08 16:11 ` Steve French
2023-10-30 11:00 ` [PATCH 10/14] cifs: reconnect work should have reference on server struct nspmangalore
2023-11-16 17:10 ` Paulo Alcantara
[not found] ` <CAH2r5mtDeP323Z8=9WjCCYVVb9B2AmO5Q4PDtcMz8wxVUCVRBA@mail.gmail.com>
2023-11-16 19:35 ` Paulo Alcantara
2023-10-30 11:00 ` [PATCH 11/14] cifs: handle when server starts supporting multichannel nspmangalore
2023-11-01 3:30 ` Steve French
2023-11-01 15:52 ` Paulo Alcantara
2023-11-04 7:50 ` Shyam Prasad N
2023-11-02 20:28 ` Paulo Alcantara
2023-11-03 0:43 ` Steve French
2023-11-03 20:32 ` Paulo Alcantara
[not found] ` <notmuch-sha1-c3bfa7f4ae0bb24c5ee7cfddb408c2fbeca5d8f7>
2023-11-08 16:02 ` Paulo Alcantara
2023-11-08 19:25 ` Steve French
2023-11-08 19:31 ` Paulo Alcantara
2023-10-30 11:00 ` [PATCH 12/14] cifs: handle when server stops " nspmangalore
2023-11-08 16:35 ` Paulo Alcantara
[not found] ` <notmuch-sha1-9ed0289358ca5c90903408ad9c0ac0310afee598>
2023-11-08 19:13 ` Paulo Alcantara
2023-11-08 19:41 ` Paulo Alcantara
2023-11-09 11:44 ` Shyam Prasad N
2023-11-09 13:28 ` Paulo Alcantara
2023-11-09 13:49 ` Shyam Prasad N
2023-11-10 4:09 ` Shyam Prasad N
2023-11-11 17:23 ` Paulo Alcantara
2023-11-12 18:52 ` Steve French
[not found] ` <CAH2r5mvG3zLBxknPOuaz9=GarZO6n6bhcduiZHHfiqVYZYJiVQ@mail.gmail.com>
2023-11-12 19:32 ` Paulo Alcantara
2023-10-30 11:00 ` [PATCH 13/14] cifs: display the endpoint IP details in DebugData nspmangalore
2023-10-31 15:18 ` Paulo Alcantara
[not found] ` <notmuch-sha1-260ef7fe7af7face0e1486229c0fda5149fe14e2>
2023-11-01 14:12 ` Paulo Alcantara
2023-11-01 14:19 ` Steve French
2023-11-04 7:44 ` Shyam Prasad N
2023-11-04 19:00 ` Paulo Alcantara
2023-10-30 12:34 ` [PATCH 01/14] cifs: print server capabilities " Bharath SM
2023-10-30 12:40 ` Shyam Prasad N
2023-10-30 12:51 ` Shyam Prasad N
2023-10-30 14:54 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ffa541bac7417c9dea79c73e22de1eda.pc@manguebit.com \
--to=pc@manguebit.com \
--cc=bharathsm.hsk@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=nspmangalore@gmail.com \
--cc=smfrench@gmail.com \
--cc=sprasad@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox