leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1952fa424d
linux/fs/cifs
History
Rohith Surabattula 9687c85dfb Fix KASAN identified use-after-free issue. 
[  612.157429] ==================================================================
[  612.158275] BUG: KASAN: use-after-free in process_one_work+0x90/0x9b0
[  612.158801] Read of size 8 at addr ffff88810a31ca60 by task kworker/2:9/2382

[  612.159611] CPU: 2 PID: 2382 Comm: kworker/2:9 Tainted: G
OE     5.13.0-rc2+ #98
[  612.159623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-1.fc33 04/01/2014
[  612.159640] Workqueue:  0x0 (deferredclose)
[  612.159669] Call Trace:
[  612.159685]  dump_stack+0xbb/0x107
[  612.159711]  print_address_description.constprop.0+0x18/0x140
[  612.159733]  ? process_one_work+0x90/0x9b0
[  612.159743]  ? process_one_work+0x90/0x9b0
[  612.159754]  kasan_report.cold+0x7c/0xd8
[  612.159778]  ? lock_is_held_type+0x80/0x130
[  612.159789]  ? process_one_work+0x90/0x9b0
[  612.159812]  kasan_check_range+0x145/0x1a0
[  612.159834]  process_one_work+0x90/0x9b0
[  612.159877]  ? pwq_dec_nr_in_flight+0x110/0x110
[  612.159914]  ? spin_bug+0x90/0x90
[  612.159967]  worker_thread+0x3b6/0x6c0
[  612.160023]  ? process_one_work+0x9b0/0x9b0
[  612.160038]  kthread+0x1dc/0x200
[  612.160051]  ? kthread_create_worker_on_cpu+0xd0/0xd0
[  612.160092]  ret_from_fork+0x1f/0x30

[  612.160399] Allocated by task 2358:
[  612.160757]  kasan_save_stack+0x1b/0x40
[  612.160768]  __kasan_kmalloc+0x9b/0xd0
[  612.160778]  cifs_new_fileinfo+0xb0/0x960 [cifs]
[  612.161170]  cifs_open+0xadf/0xf20 [cifs]
[  612.161421]  do_dentry_open+0x2aa/0x6b0
[  612.161432]  path_openat+0xbd9/0xfa0
[  612.161441]  do_filp_open+0x11d/0x230
[  612.161450]  do_sys_openat2+0x115/0x240
[  612.161460]  __x64_sys_openat+0xce/0x140

When mod_delayed_work is called to modify the delay of pending work,
it might return false and queue a new work when pending work is
already scheduled or when try to grab pending work failed.

So, Increase the reference count when new work is scheduled to
avoid use-after-free.

Signed-off-by: Rohith Surabattula <rohiths@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2021-05-20 12:20:42 -05:00
..
asn1.c cifs: remove bogus debug code 2020-10-22 12:17:52 -05:00
cache.c cifs: Make extract_sharename function public 2020-12-14 09:16:22 -06:00
cifs_debug.c cifs: export supported mount options via new mount_params /proc file 2021-04-25 16:28:24 -05:00
cifs_debug.h cifs: Standardize logging output 2020-06-01 00:10:18 -05:00
cifs_dfs_ref.c cifs: allocate buffer in the caller of build_path_from_dentry() 2021-04-25 16:28:23 -05:00
cifs_fs_sb.h cifs: add shutdown support 2021-05-03 11:21:22 -05:00
cifs_ioctl.h smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares 2021-05-03 11:43:37 -05:00
cifs_spnego.c cifs: switch servers depending on binding state 2019-11-25 01:16:30 -06:00
cifs_spnego.h
cifs_swn.c fs/cifs/: fix misspellings using codespell tool 2021-03-19 00:37:51 -05:00
cifs_swn.h cifs: simplify SWN code with dummy funcs instead of ifdefs 2021-04-25 16:28:22 -05:00
cifs_unicode.c Convert trailing spaces and periods in path components 2020-10-11 23:57:18 -05:00
cifs_unicode.h
cifs_uniupr.h
cifsacl.c cifs: Remove useless variable 2021-04-25 16:28:22 -05:00
cifsacl.h cifs: Fix cifsacl ACE mask for group and others. 2021-02-22 21:20:44 -06:00
cifsencrypt.c cifs: change confusing field serverName (to ip_addr) 2021-02-22 21:20:43 -06:00
cifsfs.c Fix kernel oops when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. 2021-05-19 21:11:26 -05:00
cifsfs.h cifs: update internal version number 2021-04-25 23:59:27 -05:00
cifsglob.h Defer close only when lease is enabled. 2021-05-19 21:11:28 -05:00
cifspdu.h cifs: cifspdu.h: Replace one-element array with flexible-array member 2021-04-25 16:28:22 -05:00
cifsproto.h 10 CIFS/SMB3 changesets including some important multichannel fixes, as well as support for handle leases (deferred close) and shutdown support 2021-05-05 13:37:07 -07:00
cifsroot.c cifs: Standardize logging output 2020-06-01 00:10:18 -05:00
cifssmb.c cifs: rename the *_shroot* functions to *_cached_dir* 2021-04-25 16:28:23 -05:00
connect.c cifs: fix regression when mounting shares with prefix paths 2021-05-04 11:52:56 -05:00
dfs_cache.c cifs: constify get_normalized_path() properly 2021-04-25 16:28:23 -05:00
dfs_cache.h cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h 2020-12-13 19:12:07 -06:00
dir.c 10 CIFS/SMB3 changesets including some important multichannel fixes, as well as support for handle leases (deferred close) and shutdown support 2021-05-05 13:37:07 -07:00
dns_resolve.c
dns_resolve.h
export.c
file.c Fix KASAN identified use-after-free issue. 2021-05-20 12:20:42 -05:00
fs_context.c cifs: Fix inconsistent indenting 2021-05-19 21:11:09 -05:00
fs_context.h smb3: add rasize mount parameter to improve readahead performance 2021-04-25 23:59:08 -05:00
fscache.c cifs: Make extract_sharename function public 2020-12-14 09:16:22 -06:00
fscache.h cifs: Make extract_sharename function public 2020-12-14 09:16:22 -06:00
inode.c 10 CIFS/SMB3 changesets including some important multichannel fixes, as well as support for handle leases (deferred close) and shutdown support 2021-05-05 13:37:07 -07:00
ioctl.c smb3.1.1: allow dumping keys for multiuser mounts 2021-05-03 11:45:36 -05:00
Kconfig cifs: On cifs_reconnect, resolve the hostname again. 2021-04-07 21:29:36 -05:00
link.c fs/cifs: Fix resource leak 2021-05-04 11:53:15 -05:00
Makefile cifs: On cifs_reconnect, resolve the hostname again. 2021-04-07 21:29:36 -05:00
misc.c Fix KASAN identified use-after-free issue. 2021-05-20 12:20:42 -05:00
netlink.c cifs: Set witness notification handler for messages from userspace daemon 2020-12-14 09:16:22 -06:00
netlink.h cifs: Register generic netlink family 2020-12-14 09:16:22 -06:00
netmisc.c cifs`: handle ERRBaduid for SMB1 2020-08-02 18:00:25 -05:00
nterr.c
nterr.h
ntlmssp.h
readdir.c Merge branch 'work.inode-type-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-04-27 10:57:42 -07:00
rfc1002pdu.h
sess.c smb3: do not attempt multichannel to server which does not support it 2021-05-08 10:50:53 -05:00
smb1ops.c cifs: constify path argument of ->make_node() 2021-04-25 16:28:23 -05:00
smb2file.c cifs: allow unlock flock and OFD lock across fork 2020-03-22 22:49:09 -05:00
smb2glob.h cifs: Adjust key sizes and key generation routines for AES256 encryption 2021-03-26 07:49:39 -05:00
smb2inode.c cifs: rename the *_shroot* functions to *_cached_dir* 2021-04-25 16:28:23 -05:00
smb2maperror.c cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES 2020-10-15 23:58:14 -05:00
smb2misc.c cifs: add a timestamp to track when the lease of the cached dir was taken 2021-04-25 16:28:23 -05:00
smb2ops.c Defer close only when lease is enabled. 2021-05-19 21:11:28 -05:00
smb2pdu.c SMB3: incorrect file id in requests compounded with open 2021-05-19 10:10:58 -05:00
smb2pdu.h SMB3: update structures for new compression protocol definitions 2021-04-25 16:28:23 -05:00
smb2proto.h cifs: add a function to get a cached dir based on its dentry 2021-04-25 16:28:23 -05:00
smb2status.h
smb2transport.c cifs: Adjust key sizes and key generation routines for AES256 encryption 2021-03-26 07:49:39 -05:00
smbdirect.c cifs: Fix fall-through warnings for Clang 2020-12-13 19:12:07 -06:00
smbdirect.h cifs: smbd: Do not schedule work to send immediate packet on every receive 2020-04-07 12:41:16 -05:00
smbencrypt.c
smberr.h
smbfsctl.h smb3: add some missing definitions from MS-FSCC 2020-10-23 15:38:10 -05:00
trace.c
trace.h cifs: Identify a connection by a conn_id. 2021-02-16 15:48:02 -06:00
transport.c cifs: Fix preauth hash corruption 2021-03-14 18:14:32 -05:00
unc.c cifs: don't cargo-cult strndup() 2021-04-25 16:28:23 -05:00
winucase.c Replace HTTP links with HTTPS ones: CIFS 2020-07-05 14:23:38 -06:00
xattr.c cifs: add shutdown support 2021-05-03 11:21:22 -05:00