On Thu, Jul 24, 2025 at 8:04 AM NeilBrown <neil@xxxxxxxxxx> wrote:
>
> On Thu, 24 Jul 2025, Stefan Metzmacher wrote:
> > Hi Neil,
> >
> > for me this reliable generates the following problem, just doing a simple:
> > mount -t cifs -ousername=root,password=test,noperm,vers=3.1.1,mfsymlinks,actimeo=0 //172.31.9.167/test /mnt/test/
> >
> > [ 2213.234061] [ T1972] ==================================================================
> > [ 2213.234607] [ T1972] BUG: KASAN: slab-use-after-free in lookup_noperm_common+0x237/0x2b0
>
> Hi,
> thanks for testing and reporting. Sorry about this obvious bug...
>
> I called putname() too early. The following should fix it. Please test
> and support.
> Namjae: it would be good to squash this into the offending patch before
> submitting upstream. Can you do that? Do you want me to resend the
> whole patch?
You don't need to resend the patch. I will directly update and test it.
Thanks!
>
> Thanks,
> NeilBrown
>
> --- a/fs/smb/server/vfs.c
> +++ b/fs/smb/server/vfs.c
> @@ -53,7 +53,7 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_config *share_conf,
> struct path *path, bool do_lock)
> {
> struct qstr last;
> - struct filename *filename;
> + struct filename *filename __free(putname) = NULL;
> struct path *root_share_path = &share_conf->vfs_path;
> int err, type;
> struct dentry *d;
> @@ -72,7 +72,6 @@ static int ksmbd_vfs_path_lookup(struct ksmbd_share_config *share_conf,
> err = vfs_path_parent_lookup(filename, flags,
> path, &last, &type,
> root_share_path);
> - putname(filename);
> if (err)
> return err;
>
>
