ksmbd: fix uaf in smb20_oplock_break_ack

commit c69813471a1ec081a0b9bf0c6bd7e8afd818afce upstream. drop reference after use opinfo. Signed-off-by: luosili <rootlab@huawei.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: luosili <rootlab@huawei.com> 2023-10-04 18:29:36 +0900
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-10-10 22:00:45 +0200
commit: 8226ffc759ea59f10067b9acdf7f94bae1c69930 (patch)
tree: f44d098d6f04233a9abf9433d4c35d6fff64069f
parent: a2ca5fd3dbcc665e1169044fa0c9e3eba779202b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index f6fd5cf976a50..683152007566c 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -8128,10 +8128,10 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work)
 		goto err_out;
 	}
 
-	opinfo_put(opinfo);
-	ksmbd_fd_put(work, fp);
 	opinfo->op_state = OPLOCK_STATE_NONE;
 	wake_up_interruptible_all(&opinfo->oplock_q);
+	opinfo_put(opinfo);
+	ksmbd_fd_put(work, fp);
 
 	rsp->StructureSize = cpu_to_le16(24);
 	rsp->OplockLevel = rsp_oplevel;
author	luosili <rootlab@huawei.com>	2023-10-04 18:29:36 +0900
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-10-10 22:00:45 +0200
commit	8226ffc759ea59f10067b9acdf7f94bae1c69930 (patch)
tree	f44d098d6f04233a9abf9433d4c35d6fff64069f
parent	a2ca5fd3dbcc665e1169044fa0c9e3eba779202b (diff)