{"id":"CVE-2024-53176","summary":"smb: During unmount, ensure all cached dir instances drop their dentry","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/}  still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n  removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.","modified":"2026-04-02T12:22:58.579566Z","published":"2024-12-27T13:49:20.518Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:0847-1","SUSE-SU-2025:0856-1","SUSE-SU-2025:0955-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53176.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3fa640d035e5ae526769615c35cb9ed4be6e3662"},{"type":"WEB","url":"https://git.kernel.org/stable/c/548812afd96982a76a93ba76c0582ea670c40d9e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/73934e535cffbda1490fa97d82690a0f9aa73e94"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff4528bbc82d0d90073751f7b49e7b9e9c7e5638"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53176.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53176"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ebe98f1447bbccf8228335c62d86af02a0ed23f7"},{"fixed":"73934e535cffbda1490fa97d82690a0f9aa73e94"},{"fixed":"ff4528bbc82d0d90073751f7b49e7b9e9c7e5638"},{"fixed":"548812afd96982a76a93ba76c0582ea670c40d9e"},{"fixed":"3fa640d035e5ae526769615c35cb9ed4be6e3662"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53176.json"}}],"schema_version":"1.7.5"}