projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a6d0b6) | patch
cifs: Fix use-after-free on mid_q_entry
authorChristopher Oo <t-chriso@microsoft.com>
Thu, 25 Jun 2015 23:10:48 +0000 (16:10 -0700)
committerSteve French <smfrench@gmail.com>
Thu, 20 Aug 2015 15:19:25 +0000 (10:19 -0500)
commit5fb4e288a025af1abc5c67ecebf30fbf6b3edad1
tree751d20a93eb2f92415213fc068e6daa95e839119tree | snapshot
parent0a6d0b64120759df8b9291af92d998ed1cbefc9dcommit | diff
cifs: Fix use-after-free on mid_q_entry

With CIFS_DEBUG_2 enabled, additional debug information is tracked inside each
mid_q_entry struct, however cifs_save_when_sent may use the mid_q_entry after it
has been freed from the appropriate callback if the transport layer has very low
latency. Holding the srv_mutex fixes this use-after-free, as cifs_save_when_sent
is called while the srv_mutex is held while the request is sent.

Signed-off-by: Christopher Oo <t-chriso@microsoft.com>
fs/cifs/cifssmb.c diff | blob | blame | history
fs/cifs/smb2pdu.c diff | blob | blame | history
fs/cifs/transport.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)