Skip to content

Commit

Permalink
ksmbd: fix use-after-free in handle_smb_work()
Browse files Browse the repository at this point in the history 
Signed-off-by: Namjae Jeon <[email protected]>
  • Loading branch information
@namjaejeon
namjaejeon committed Nov 22, 2024
1 parent b03ede4 commit 40fc9cf
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions server.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,8 +276,11 @@ static void handle_ksmbd_work(struct work_struct *wk)
* disconnection. waitqueue_active is safe because it
* uses atomic operation for condition.
*/
atomic_inc(&conn->refcnt);
if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q))
wake_up(&conn->r_count_q);
if (atomic_dec_and_test(&conn->refcnt))
kfree(conn);
}

/**
Expand Down

0 comments on commit 40fc9cf

Please sign in to comment.