aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/connect.c
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2010-09-14 11:38:24 -0400
committerSteve French <sfrench@us.ibm.com>2010-09-14 19:21:03 -0400
commit460cf3411b858ad509d5255e0dfaf862a83c0299 (patch)
tree3ff261b74c1751b9b0edd904f8d2d7f09f7440f6 /fs/cifs/connect.c
parentbfa88ea7ee9e6b4fd673e45a8cc0a8e0b7ef4761 (diff)
cifs: fix potential double put of TCP session reference
cifs_get_smb_ses must be called on a server pointer on which it holds an active reference. It first does a search for an existing SMB session. If it finds one, it'll put the server reference and then try to ensure that the negprot is done, etc. If it encounters an error at that point then it'll return an error. There's a potential problem here though. When cifs_get_smb_ses returns an error, the caller will also put the TCP server reference leading to a double-put. Fix this by having cifs_get_smb_ses only put the server reference if it found an existing session that it could use and isn't returning an error. Cc: stable@kernel.org Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/connect.c')
-rw-r--r--fs/cifs/connect.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 67dad54fbfa1..88c84a38bccb 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1706,9 +1706,6 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1706 if (ses) { 1706 if (ses) {
1707 cFYI(1, "Existing smb sess found (status=%d)", ses->status); 1707 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1708 1708
1709 /* existing SMB ses has a server reference already */
1710 cifs_put_tcp_session(server);
1711
1712 mutex_lock(&ses->session_mutex); 1709 mutex_lock(&ses->session_mutex);
1713 rc = cifs_negotiate_protocol(xid, ses); 1710 rc = cifs_negotiate_protocol(xid, ses);
1714 if (rc) { 1711 if (rc) {
@@ -1731,6 +1728,9 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1731 } 1728 }
1732 } 1729 }
1733 mutex_unlock(&ses->session_mutex); 1730 mutex_unlock(&ses->session_mutex);
1731
1732 /* existing SMB ses has a server reference already */
1733 cifs_put_tcp_session(server);
1734 FreeXid(xid); 1734 FreeXid(xid);
1735 return ses; 1735 return ses;
1736 } 1736 }