git.itanic.dy.fi Git - linux-stable/commit

author	Paulo Alcantara <pc@manguebit.com>
	Tue, 2 Apr 2024 03:37:42 +0000 (22:37 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Apr 2024 14:38:20 +0000 (16:38 +0200)
commit	e1db9ae87b7148c021daee1fcc4bc71b2ac58a79
tree	ca01b4223a148c3e01c0ee5d55b9039353e6f2f1	tree \| snapshot
parent	45f2beda1f1bc3d962ec07db1ccc3197c25499a5	commit \| diff

smb: client: guarantee refcounted children from parent session

commit 062a7f0ff46eb57aff526897bd2bebfdb1d3046a upstream.

Avoid potential use-after-free bugs when walking DFS referrals,
mounting and performing DFS failover by ensuring that all children
from parent @tcon->ses are also refcounted. They're all needed across
the entire DFS mount. Get rid of @tcon->dfs_ses_list while we're at
it, too.

Cc: stable@vger.kernel.org # 6.4+
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202404021527.ZlRkIxgv-lkp@intel.com/
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/smb/client/cifsglob.h		diff \| blob \| history
fs/smb/client/cifsproto.h		diff \| blob \| history
fs/smb/client/connect.c		diff \| blob \| history
fs/smb/client/dfs.c		diff \| blob \| history
fs/smb/client/dfs.h		diff \| blob \| history
fs/smb/client/dfs_cache.c		diff \| blob \| history
fs/smb/client/misc.c		diff \| blob \| history