Re: [PATCH] ksmbd: fix use-after-free in __ksmbd_close_fd() lock cleanup

Next message: Nicolin Chen: "[PATCH rc v5] iommu: Fix nested pci_dev_reset_iommu_prepare/done()"
Previous message: Matthew Wilcox: "Re: [PATCH v2] mm/percpu, memcontrol: Per-memcg-lruvec percpu accounting"
In reply to: Namjae Jeon: "Re: [PATCH] ksmbd: fix use-after-free in __ksmbd_close_fd() lock cleanup"
Next in thread: Namjae Jeon: "Re: [PATCH] ksmbd: fix use-after-free in __ksmbd_close_fd() lock cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: ChenXiaoSong

Date: Sat Apr 04 2026 - 01:03:11 EST

Hi Namjae and munan,

In `ksmbd_reopen_durable_fd()`, when -EBADF is returned, should `list_del(&smb_lock->clist)` be called?

If my understanding is incorrect, please let me know.

int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp)
{
...
fp->conn = conn;
...

list_for_each_entry(smb_lock, &fp->lock_list, flist) {
spin_lock(&conn->llist_lock);
list_add_tail(&smb_lock->clist, &conn->lock_list);
spin_unlock(&conn->llist_lock);
}
...
__open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID);
if (!has_file_id(fp->volatile_id)) {
fp->conn = NULL;
fp->tcon = NULL;
return -EBADF;
}
return 0;
}

Thanks,
ChenXiaoSong <chenxiaosong@xxxxxxxxxx>

On 4/4/26 10:28, Namjae Jeon wrote:

I will apply the following patch instead of your patch. Let me know if
I am missing something.
https://github.com/smfrench/smb3-kernel/ commit/319ca5432460b0749e420f7cff637dfbc7e16be3
Thanks.