On Thu, 24 Jul 2025, Stefan Metzmacher wrote:
> Hi Neil,
>
> for me this reliable generates the following problem, just doing a simple:
> mount -t cifs -ousername=root,password=test,noperm,vers=3.1.1,mfsymlinks,actimeo=0 //172.31.9.167/test /mnt/test/
>
> [ 2213.234061] [ T1972] ==================================================================
> [ 2213.234607] [ T1972] BUG: KASAN: slab-use-after-free in lookup_noperm_common+0x237/0x2b0
Hi,
thanks for testing and reporting. Sorry about this obvious bug...
I called putname() too early. The following should fix it. Please test
and support.
Namjae: it would be good to squash this into the offending patch before
submitting upstream. Can you do that? Do you want me to resend the
whole patch?
Thanks,
NeilBrown
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -53,7 +53,7 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_config *share_conf,
struct path *path, bool do_lock)
{
struct qstr last;
- struct filename *filename;
+ struct filename *filename __free(putname) = NULL;
struct path *root_share_path = &share_conf->vfs_path;
int err, type;
struct dentry *d;
@@ -72,7 +72,6 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_config *share_conf,
err = vfs_path_parent_lookup(filename, flags,
path, &last, &type,
root_share_path);
- putname(filename);
if (err)
return err;
