ksmbd: fix uaf in smb20_oplock_break_ack

drop reference after use opinfo. Signed-off-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
author: luosili <rootlab@huawei.com> 2023-10-04 18:29:36 +0900
committer: Steve French <stfrench@microsoft.com> 2023-10-04 20:21:48 -0500
commit: c69813471a1ec081a0b9bf0c6bd7e8afd818afce (patch)
tree: 7252c94564e9c79e3f7a079ed1c9447883eea82a
parent: 5a7ee91d1154f35418367a6eaae74046fd06ed89 (diff)
download: vfs-c69813471a1ec081a0b9bf0c6bd7e8afd818afce.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 420e7691c8cfc..b9d6e8e451ba2 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -8038,10 +8038,10 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work)
 		goto err_out;
 	}
 
-	opinfo_put(opinfo);
-	ksmbd_fd_put(work, fp);
 	opinfo->op_state = OPLOCK_STATE_NONE;
 	wake_up_interruptible_all(&opinfo->oplock_q);
+	opinfo_put(opinfo);
+	ksmbd_fd_put(work, fp);
 
 	rsp->StructureSize = cpu_to_le16(24);
 	rsp->OplockLevel = rsp_oplevel;
author	luosili <rootlab@huawei.com>	2023-10-04 18:29:36 +0900
committer	Steve French <stfrench@microsoft.com>	2023-10-04 20:21:48 -0500
commit	c69813471a1ec081a0b9bf0c6bd7e8afd818afce (patch)
tree	7252c94564e9c79e3f7a079ed1c9447883eea82a
parent	5a7ee91d1154f35418367a6eaae74046fd06ed89 (diff)
download	vfs-c69813471a1ec081a0b9bf0c6bd7e8afd818afce.tar.gz