smb: Initialize cfid->tcon before performing network ops

darkrain42 · gregkh · commit 1b9ab6b648f8 · 2024-12-05T14:03:08.000+01:00
[ Upstream commit c353ee4 ] Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cached_dir_lease_break() and then fail to release the ref in cached_dir_offload_close, since cfid->tcon is still NULL. Fixes: ebe98f1 ("cifs: enable caching of directories for which a lease is held") Signed-off-by: Paul Aurich <paul@darkrain42.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
@@ -227,6 +227,7 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
 		}
 	}
 	cfid->dentry = dentry;
+	cfid->tcon = tcon;
 
 	/*
 	 * We do not hold the lock for the open because in case
@@ -298,7 +299,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
 		}
 		goto oshr_free;
 	}
-	cfid->tcon = tcon;
 	cfid->is_open = true;
 
 	spin_lock(&cfids->cfid_list_lock);

Original file line number	Diff line number	Diff line change
`@@ -227,6 +227,7 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,`
`227`	`227`	`}`
`228`	`228`	`}`
`229`	`229`	`cfid->dentry = dentry;`
	`230`	`+ cfid->tcon = tcon;`
`230`	`231`
`231`	`232`	`/*`
`232`	`233`	`* We do not hold the lock for the open because in case`
`@@ -298,7 +299,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,`
`298`	`299`	`}`
`299`	`300`	`goto oshr_free;`
`300`	`301`	`}`
`301`		`- cfid->tcon = tcon;`
`302`	`302`	`cfid->is_open = true;`
`303`	`303`
`304`	`304`	`spin_lock(&cfids->cfid_list_lock);`