ksmbd: fix uaf in smb20_oplock_break_ack

drop reference after use opinfo.

Signed-off-by: luosili <rootlab@huawei.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 420e7691c8cfc92f19725a95ba3f1933fbc8dca5..b9d6e8e451ba215b6bb9c4692fd59f2714954e44 100644 (file)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -8038,10 +8038,10 @@ static void smb20_oplock_break_ack(struct ksmbd_work *work)
                goto err_out;
        }
 
-       opinfo_put(opinfo);
-       ksmbd_fd_put(work, fp);
        opinfo->op_state = OPLOCK_STATE_NONE;
        wake_up_interruptible_all(&opinfo->oplock_q);
+       opinfo_put(opinfo);
+       ksmbd_fd_put(work, fp);
 
        rsp->StructureSize = cpu_to_le16(24);
        rsp->OplockLevel = rsp_oplevel;