From nobody Sun Oct 5 03:41:01 2025 Received: from lgeamrelo11.lge.com (lgeamrelo12.lge.com [156.147.23.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A7C523371F for ; Mon, 11 Aug 2025 10:17:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=156.147.23.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754907436; cv=none; b=CAqJvuTlo8I6rDZcD/YUz1vKNr/uG6AZuJj1oMPTPJav3xWddapqZ0x0t7iJ+KGtlwet63U6gXy/mUtQptBaXIDLor6z3WmNKikWMd+o3uwgXIfT6mLSepc62lhqbIp1VJZd7xd1lIzkY5B3u6TzQH+bf8223HB9uPGY73VHhl4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754907436; c=relaxed/simple; bh=r9tXkFCKd3yPOLffy2yeY3OwJMYq9y0SXOXHLnhdWFQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References; b=GUt5u9kO+wrijKy3+VstONfhYsrnn5fH5/Bs0sQ7Ko8Vm4OAu7nRK0qeqzY67vTk5i0Fxdasp3H9NtyCBGHvl19v5juwcpls1UD7TF5ZecfKMCu6RTXOt9oYGYjBb+/ew01SnMyWCOfHNyr1ZQUnmQy3VeNkU95r1mlu8cYTM2c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=lge.com; spf=pass smtp.mailfrom=lge.com; arc=none smtp.client-ip=156.147.23.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=lge.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=lge.com Received: from unknown (HELO lgemrelse6q.lge.com) (156.147.1.121) by 156.147.23.52 with ESMTP; 11 Aug 2025 18:47:13 +0900 X-Original-SENDERIP: 156.147.1.121 X-Original-MAILFROM: chanho.min@lge.com Received: from unknown (HELO localhost.localdomain) (10.178.31.96) by 156.147.1.121 with ESMTP; 11 Aug 2025 18:47:13 +0900 X-Original-SENDERIP: 10.178.31.96 X-Original-MAILFROM: chanho.min@lge.com From: Chanho Min To: Steve French , linux-cifs@vger.kernel.org Cc: samba-technical@lists.samba.org, linux-kernel@vger.kernel.org, gunho.lee@lge.com, gregkh@linuxfoundation.org, sashal@kernel.org, Paulo Alcantara , stable@vger.kernel.org, Steve French , Chanho Min Subject: [PATCH 4/4] smb: client: fix potential UAF in cifs_stats_proc_write() Date: Mon, 11 Aug 2025 18:46:39 +0900 Message-Id: <20250811094639.37446-5-chanho.min@lge.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20250811094639.37446-1-chanho.min@lge.com> References: <20250811094639.37446-1-chanho.min@lge.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Paulo Alcantara commit d3da25c5ac84430f89875ca7485a3828150a7e0a upstream. Skip sessions that are being teared down (status =3D=3D SES_EXITING) to avoid UAF. Cc: stable@vger.kernel.org # 5.4 Signed-off-by: Paulo Alcantara (Red Hat) Signed-off-by: Steve French [ chanho: Backported to v5.4.y, cifs_debug.c was moved from fs/cifs to fs/s= mb/client ] Signed-off-by: Chanho Min Signed-off-by: Greg Kroah-Hartman --- fs/cifs/cifs_debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index df3dfa611c352..47190e676aa25 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -470,6 +470,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, } #endif /* CONFIG_CIFS_STATS2 */ list_for_each(tmp2, &server->smb_ses_list) { + if (cifs_ses_exiting(ses)) + continue; ses =3D list_entry(tmp2, struct cifs_ses, smb_ses_list); list_for_each(tmp3, &ses->tcon_list) {