From a02eb88b8a48f0a1176cb0a07b50eebfa9610b4e Mon Sep 17 00:00:00 2001
From: luosili <rootlab@huawei.com>
Date: Tue, 9 Apr 2024 16:16:47 +0800
Subject: [PATCH] ksmbd: fix uaf in smb20_oplock_break_ack

stable inclusion
from stable-v5.15.81
commit 694e13732e830cbbfedb562e57f28644927c33fd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I94P2I
CVE: CVE-2023-52479

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=694e13732e830cbbfedb562e57f28644927c33fd

--------------------------------

commit c69813471a1ec081a0b9bf0c6bd7e8afd818afce upstream.

drop reference after use opinfo.

Signed-off-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Long Li <leo.lilong@huawei.com>
(cherry picked from commit 2955d95752d943d56c5363dce457a272087ee0af)
---
 fs/ksmbd/smb2pdu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index b21ac851345f..d6980eae49b0 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -8034,10 +8034,10 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work)
 		goto err_out;
 	}
 
-	opinfo_put(opinfo);
-	ksmbd_fd_put(work, fp);
 	opinfo->op_state = OPLOCK_STATE_NONE;
 	wake_up_interruptible_all(&opinfo->oplock_q);
+	opinfo_put(opinfo);
+	ksmbd_fd_put(work, fp);
 
 	rsp->StructureSize = cpu_to_le16(24);
 	rsp->OplockLevel = rsp_oplevel;
-- 
Gitee