lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20230615040131.13444-1-islituo@gmail.com>
Date:   Thu, 15 Jun 2023 12:01:31 +0800
From:   Tuo Li <islituo@...il.com>
To:     sfrench@...ba.org, pc@...guebit.com, lsahlber@...hat.com,
        sprasad@...rosoft.com, tom@...pey.com
Cc:     linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org,
        linux-kernel@...r.kernel.org, baijiaju1990@...look.com,
        Tuo Li <islituo@...il.com>, BassCheck <bass@...a.edu.cn>
Subject: [PATCH] smb: fix a possible data race in cifs_can_echo()

The struct field TCP_Server_Info.tcpStatus is often protected by the lock 
srv_lock when is accessed. Here is an example in __cifs_reconnect():

  spin_lock(&server->srv_lock);
  if (server->tcpStatus != CifsExiting)
    server->tcpStatus = CifsNeedNegotiate;
  spin_unlock(&server->srv_lock);

However, the variable server->tcpStatus is accessed without holding the 
lock server->srv_lock in cifs_can_echo():

  if (server->tcpStatus == CifsGood)
    return true;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable server->tcpStatus.

Reported-by: BassCheck <bass@...a.edu.cn>
Signed-off-by: Tuo Li <islituo@...il.com>
---
 fs/smb/client/smb1ops.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/smb/client/smb1ops.c b/fs/smb/client/smb1ops.c
index 7d1b3fc014d9..b258af1a75fe 100644
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -1049,8 +1049,11 @@ cifs_dir_needs_close(struct cifsFileInfo *cfile)
 static bool
 cifs_can_echo(struct TCP_Server_Info *server)
 {
-	if (server->tcpStatus == CifsGood)
+	spin_lock(&server->srv_lock);
+	if (server->tcpStatus == CifsGood) {
+		spin_unlock(&server->srv_lock);
 		return true;
+	}
 
 	return false;
 }
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ