Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-rolling-lts 2026-03-19T15:08:40Z 2026-03-19T15:08:40Z Namjae Jeon linkinjeon@kernel.org 2026-03-07T02:32:31Z urn:sha1:1d6abf145615dbfe267ce3b0a271f95e3780e18e commit 1dfd062caa165ec9d7ee0823087930f3ab8a6294 upstream. ksmbd currently frees oplock_info immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like opinfo_get() and proc_show_files(). Since there is no RCU grace period delay between nullifying the pointer and freeing the memory, a reader can still access oplock_info structure after it has been freed. This can leads to a use-after-free especially in opinfo_get() where atomic_inc_not_zero() is called on already freed memory. Fix this by switching to deferred freeing using call_rcu(). Fixes: 18b4fac5ef17 ("ksmbd: fix use-after-free in smb_break_all_levII_oplock()") Cc: stable@vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-04-15T03:21:26Z Namjae Jeon linkinjeon@kernel.org 2025-04-15T00:30:21Z urn:sha1:18b4fac5ef17f77fed9417d22210ceafd6525fc7 There is a room in smb_break_all_levII_oplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop. Cc: stable@vger.kernel.org Reported-by: Norbert Szetei <norbert@doyensec.com> Tested-by: Norbert Szetei <norbert@doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2025-03-10T17:54:28Z Namjae Jeon linkinjeon@kernel.org 2025-03-05T12:21:43Z urn:sha1:bb39ed47065455604729404729d9116868638d31 ->interim_entry of ksmbd_work could be deleted after oplock is freed. We don't need to manage it with linked list. The interim request could be immediately sent whenever a oplock break wait is needed. Cc: stable@vger.kernel.org Reported-by: Norbert Szetei <norbert@doyensec.com> Tested-by: Norbert Szetei <norbert@doyensec.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2024-07-14T23:00:35Z ChenXiaoSong chenxiaosong@kylinos.cn 2024-06-19T16:17:53Z urn:sha1:ac5399d48616644cb6ddfe39f8babe807d5f5cbd smb/common already have SMB2 Oplock levels definitions, remove duplicate definitions in server. Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2024-03-12T05:36:39Z Namjae Jeon linkinjeon@kernel.org 2024-03-12T05:05:57Z urn:sha1:c8efcc786146a951091588e5fa7e3c754850cb3c Durable file handles allow reopening a file preserved on a short network outage and transparent client reconnection within a timeout. i.e. Durable handles aren't necessarily cleaned up when the opening process terminates. This patch add support for durable handle version 1 and 2. To prove durable handles work on ksmbd, I have tested this patch with the following smbtorture tests: smb2.durable-open.open-oplock smb2.durable-open.open-lease smb2.durable-open.reopen1 smb2.durable-open.reopen1a smb2.durable-open.reopen1a-lease smb2.durable-open.reopen2 smb2.durable-open.reopen2a smb2.durable-open.reopen2-lease smb2.durable-open.reopen2-lease-v2 smb2.durable-open.reopen3 smb2.durable-open.reopen4 smb2.durable-open.delete_on_close2 smb2.durable-open.file-position smb2.durable-open.lease smb2.durable-open.alloc-size smb2.durable-open.read-only smb2.durable-v2-open.create-blob smb2.durable-v2-open.open-oplock smb2.durable-v2-open.open-lease smb2.durable-v2-open.reopen1 smb2.durable-v2-open.reopen1a smb2.durable-v2-open.reopen1a-lease smb2.durable-v2-open.reopen2 smb2.durable-v2-open.reopen2b Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2023-12-08T16:11:33Z Namjae Jeon linkinjeon@kernel.org 2023-12-08T05:37:56Z urn:sha1:c2a721eead71202a0d8ddd9b56ec8dce652c71d1 Don't immediately send directory lease break notification on smb2_write(). Instead, It postpones it until smb2_close(). Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2023-12-08T16:11:33Z Namjae Jeon linkinjeon@kernel.org 2023-12-08T05:33:41Z urn:sha1:d47d9886aeef79feba7adac701a510d65f3682b5 If client send different parent key, different client guid, or there is no parent lease key flags in create context v2 lease, ksmbd send lease break to client. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2023-12-06T02:43:23Z Namjae Jeon linkinjeon@kernel.org 2023-12-05T12:02:03Z urn:sha1:eb547407f3572d2110cb1194ecd8865b3371a7a4 RWH(Read + Write + Handle) caching state is not supported for directory. ksmbd downgrade it to RH for directory if client send RWH caching lease state. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2023-12-06T02:43:23Z Namjae Jeon linkinjeon@kernel.org 2023-12-04T13:07:03Z urn:sha1:d045850b628aaf931fc776c90feaf824dca5a1cf To support v2 lease(directory lease), ksmbd set epoch in create context v2 lease response. Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 2023-05-24T21:29:21Z Steve French stfrench@microsoft.com 2023-05-22T01:46:30Z urn:sha1:38c8a9a52082579090e34c033d439ed2cd1a462d Move CIFS/SMB3 related client and server files (cifs.ko and ksmbd.ko and helper modules) to new fs/smb subdirectory: fs/cifs --> fs/smb/client fs/ksmbd --> fs/smb/server fs/smbfs_common --> fs/smb/common Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>