Commit 277627b4 authored Jul 06, 2025 by Al Viro Committed by Steve French Jul 08, 2025

ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()



If the call of ksmbd_vfs_lock_parent() fails, we drop the parent_path
references and return an error.  We need to drop the write access we
just got on parent_path->mnt before we drop the mount reference - callers
assume that ksmbd_vfs_kern_path_locked() returns with mount write
access grabbed if and only if it has returned 0.

Fixes: 864fb5d3 ("ksmbd: fix possible deadlock in smb2_open")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

parent 0c2b5399

fs/smb/server/vfs.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1282,6 +1282,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work work, char name,

		err = ksmbd_vfs_lock_parent(parent_path->dentry, path->dentry);
		if (err) {
		mnt_drop_write(parent_path->mnt);
		path_put(path);
		path_put(parent_path);
		}