• Namjae Jeon's avatar
    ksmbd: fix race condition between destroy_previous_session() and smb2 operations() · 76e98a15
    Namjae Jeon authored
    If there is ->PreviousSessionId field in the session setup request,
    The session of the previous connection should be destroyed.
    During this, if the smb2 operation requests in the previous session are
    being processed, a racy issue could happen with ksmbd_destroy_file_table().
    This patch sets conn->status to KSMBD_SESS_NEED_RECONNECT to block
    incoming  operations and waits until on-going operations are complete
    (i.e. idle) before desctorying the previous session.
    
    Fixes: c8efcc78 ("ksmbd: add support for durable handles v1/v2")
    Cc: stable@vger.kernel.org # v6.6+
    Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-25040
    Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
    Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
    76e98a15
smb2pdu.c 237 KB