From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Namjae Jeon <linkinjeon@kernel.org>,
Steve French <stfrench@microsoft.com>,
Sasha Levin <sashal@kernel.org>,
sfrench@samba.org, linux-cifs@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 52/53] ksmbd: fix potential circular locking issue in smb2_set_ea()
Date: Mon, 22 Jan 2024 10:08:53 -0500 [thread overview]
Message-ID: <20240122150949.994249-52-sashal@kernel.org> (raw)
In-Reply-To: <20240122150949.994249-1-sashal@kernel.org>
From: Namjae Jeon <linkinjeon@kernel.org>
[ Upstream commit 6fc0a265e1b932e5e97a038f99e29400a93baad0 ]
smb2_set_ea() can be called in parent inode lock range.
So add get_write argument to smb2_set_ea() not to call nested
mnt_want_write().
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/server/smb2pdu.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 6e5ed0ac578a..8d4e2c666c34 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -2309,11 +2309,12 @@ static noinline int create_smb2_pipe(struct ksmbd_work *work)
* @eabuf: set info command buffer
* @buf_len: set info command buffer length
* @path: dentry path for get ea
+ * @get_write: get write access to a mount
*
* Return: 0 on success, otherwise error
*/
static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len,
- const struct path *path)
+ const struct path *path, bool get_write)
{
struct user_namespace *user_ns = mnt_user_ns(path->mnt);
char *attr_name = NULL, *value;
@@ -3001,7 +3002,7 @@ int smb2_open(struct ksmbd_work *work)
rc = smb2_set_ea(&ea_buf->ea,
le32_to_cpu(ea_buf->ccontext.DataLength),
- &path);
+ &path, false);
if (rc == -EOPNOTSUPP)
rc = 0;
else if (rc)
@@ -5990,7 +5991,7 @@ static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
return -EINVAL;
return smb2_set_ea((struct smb2_ea_info *)req->Buffer,
- buf_len, &fp->filp->f_path);
+ buf_len, &fp->filp->f_path, true);
}
case FILE_POSITION_INFORMATION:
{
--
2.43.0
next prev parent reply other threads:[~2024-01-22 15:12 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-22 15:08 [PATCH AUTOSEL 6.1 01/53] f2fs: fix to check return value of f2fs_reserve_new_block() Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 02/53] ALSA: hda: Refer to correct stream index at loops Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 03/53] ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 04/53] drm: Fix color LUT rounding Sasha Levin
2024-01-22 16:50 ` Ville Syrjälä
2024-01-30 23:00 ` Sasha Levin
2024-01-31 11:03 ` Ville Syrjälä
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 05/53] fast_dput(): handle underflows gracefully Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 06/53] RDMA/IPoIB: Fix error code return in ipoib_mcast_join Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 07/53] ASoC: SOF: icp3-dtrace: Fix wrong kfree() usage Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 08/53] drm/panel-edp: Add override_edid_mode quirk for generic edp Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 09/53] drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 10/53] drm/amd/display: Fix tiled display misalignment Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 11/53] media: renesas: vsp1: Fix references to pad config Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 12/53] f2fs: fix write pointers on zoned device after roll forward Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 13/53] ASoC: amd: Add new dmi entries for acp5x platform Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 14/53] drm/amd/display: Fix writeback_info never got updated Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 15/53] drm/amd/display: Fix writeback_info is not removed Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 16/53] drm/drm_file: fix use of uninitialized variable Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 17/53] drm/framebuffer: Fix " Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 18/53] drm/mipi-dsi: Fix detach call without attach Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 19/53] media: stk1160: Fixed high volume of stk1160_dbg messages Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 20/53] media: rockchip: rga: fix swizzling for RGB formats Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 21/53] PCI: add INTEL_HDA_ARL to pci_ids.h Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 22/53] ALSA: hda: Intel: add HDA_ARL PCI ID support Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 23/53] media: rkisp1: Drop IRQF_SHARED Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 24/53] media: rkisp1: Fix IRQ handler return values Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 25/53] media: rkisp1: Store IRQ lines Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 26/53] media: rkisp1: Fix IRQ disable race issue Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 27/53] hwmon: (nct6775) Fix fan speed set failure in automatic mode Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 28/53] hwmon: (pc87360) Bounds check data->innr usage Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 29/53] f2fs: fix to tag gcing flag on page during block migration Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 30/53] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 31/53] IB/ipoib: Fix mcast list locking Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 32/53] media: amphion: remove mutext lock in condition of wait_event Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 33/53] media: ddbridge: fix an error code problem in ddb_probe Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 34/53] media: i2c: imx335: Fix hblank min/max values Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 35/53] drm/amd/display: For prefetch mode > 0, extend prefetch if possible Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 36/53] drm/msm/dpu: Ratelimit framedone timeout msgs Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 37/53] drm/msm/dpu: fix writeback programming for YUV cases Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 38/53] drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 39/53] clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 40/53] clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 41/53] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 42/53] drm/amd/display: make flip_timestamp_in_us a 64-bit variable Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 43/53] clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 44/53] drm/amdgpu: Fix ecc irq enable/disable unpaired Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 45/53] drm/amdgpu: Let KFD sync with VM fences Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 46/53] drm/amd/display: Fixing stream allocation regression Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 47/53] drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 48/53] drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 49/53] drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 50/53] ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 Sasha Levin
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 51/53] ksmbd: set v2 lease version on lease upgrade Sasha Levin
2024-01-22 15:08 ` Sasha Levin [this message]
2024-01-22 15:08 ` [PATCH AUTOSEL 6.1 53/53] ksmbd: send lease break notification on FILE_RENAME_INFORMATION Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240122150949.994249-52-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sfrench@samba.org \
--cc=stable@vger.kernel.org \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox