Skip to content

Commit c2de732

Browse files
bmastbergenbmastbergen
committed
SMB3: Close deferred file handles in case of handle lease break
jira VULN-131073 cve-pre CVE-2025-38527 commit-author Bharath SM <bharathsm@microsoft.com> commit d906be3 We should not cache deferred file handles if we dont have handle lease on a file. And we should immediately close all deferred handles in case of handle lease break. Fixes: 9e31678 ("SMB3: fix lease break timeout when multiple deferred close handles for the same file.") Signed-off-by: Bharath SM <bharathsm@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit d906be3) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
1 parent bfbc31b commit c2de732

File tree

2 files changed

+17
-1
lines changed

2 files changed

+17
-1
lines changed

fs/cifs/file.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5053,6 +5053,8 @@ void cifs_oplock_break(struct work_struct *work)
50535053
struct TCP_Server_Info *server = tcon->ses->server;
50545054
int rc = 0;
50555055
bool purge_cache = false;
5056+
struct cifs_deferred_close *dclose;
5057+
bool is_deferred = false;
50565058

50575059
wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS,
50585060
TASK_UNINTERRUPTIBLE);
@@ -5088,6 +5090,20 @@ void cifs_oplock_break(struct work_struct *work)
50885090
cifs_dbg(VFS, "Push locks rc = %d\n", rc);
50895091

50905092
oplock_break_ack:
5093+
/*
5094+
* When oplock break is received and there are no active
5095+
* file handles but cached, then schedule deferred close immediately.
5096+
* So, new open will not use cached handle.
5097+
*/
5098+
spin_lock(&CIFS_I(inode)->deferred_lock);
5099+
is_deferred = cifs_is_deferred_close(cfile, &dclose);
5100+
spin_unlock(&CIFS_I(inode)->deferred_lock);
5101+
5102+
if (!CIFS_CACHE_HANDLE(cinode) && is_deferred &&
5103+
cfile->deferred_close_scheduled && delayed_work_pending(&cfile->deferred)) {
5104+
cifs_close_deferred_file(cinode);
5105+
}
5106+
50915107
/*
50925108
* releasing stale oplock after recent reconnect of smb session using
50935109
* a now incorrect file handle is not a data integrity issue but do

fs/cifs/misc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -752,7 +752,7 @@ cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
752752
spin_unlock(&cifs_inode->open_file_lock);
753753

754754
list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
755-
_cifsFileInfo_put(tmp_list->cfile, true, false);
755+
_cifsFileInfo_put(tmp_list->cfile, false, false);
756756
list_del(&tmp_list->list);
757757
kfree(tmp_list);
758758
}

0 commit comments

Comments
 (0)