6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara pc@manguebit.com
commit 22863485a4626ec6ecf297f4cc0aef709bc862e4 upstream.
Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
Cc: stable@vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) pc@manguebit.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/smb/client/smb2misc.c | 2 ++ 1 file changed, 2 insertions(+)
--- a/fs/smb/client/smb2misc.c +++ b/fs/smb/client/smb2misc.c @@ -697,6 +697,8 @@ smb2_is_valid_oplock_break(char *buffer, /* look up tcon based on tid & uid */ spin_lock(&cifs_tcp_ses_lock); list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { + if (cifs_ses_exiting(ses)) + continue; list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
spin_lock(&tcon->open_file_lock);