projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3353ab2) | patch
ksmbd: fix racy issue from smb2 close and logoff with multichannel
authorNamjae Jeon <linkinjeon@kernel.org>
Wed, 3 May 2023 05:03:40 +0000 (14:03 +0900)
committerSteve French <stfrench@microsoft.com>
Thu, 4 May 2023 04:03:02 +0000 (23:03 -0500)
commitabcc506a9a71976a8b4c9bf3ee6efd13229c1e19
treeb1eeedae592e61357661f5dccc4c1c53c10ce58atree | snapshot
parent3353ab2df5f68dab7da8d5ebb427a2d265a1f2b2commit | diff
ksmbd: fix racy issue from smb2 close and logoff with multichannel

When smb client send concurrent smb2 close and logoff request
with multichannel connection, It can cause racy issue. logoff request
free tcon and can cause UAF issues in smb2 close. When receiving logoff
request with multichannel, ksmbd should wait until all remaning requests
complete as well as ones in the current connection, and then make
session expired.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20796 ZDI-CAN-20595
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/ksmbd/connection.c diff | blob | history
fs/ksmbd/connection.h diff | blob | history
fs/ksmbd/mgmt/tree_connect.c diff | blob | history
fs/ksmbd/mgmt/user_session.c diff | blob | history
fs/ksmbd/smb2pdu.c diff | blob | history
MicroBlaze GIT Repository