Commit 77ffbcac authored by Henrique Carvalho's avatar Henrique Carvalho Committed by Steve French
Browse files

smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() 



On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is
freed via free_transport(), which does not decrement active_num_conn,
leaking this counter.

Replace free_transport() with ksmbd_tcp_disconnect().

Fixes: 0d0d4680 ("ksmbd: add max connections parameter")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarHenrique Carvalho <henrique.carvalho@suse.com>
Acked-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent b38f99c1

fs/smb/server/transport_tcp.c

+2 −1
Original line number Diff line number Diff line
@@ -40,6 +40,7 @@ static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 


static void tcp_stop_kthread(struct task_struct *kthread);

static struct interface *alloc_iface(char *ifname);

static void ksmbd_tcp_disconnect(struct ksmbd_transport *t);



#define KSMBD_TRANS(t)	(&(t)->transport)

#define TCP_TRANS(t)	((struct tcp_transport *)container_of(t, \
@@ -202,7 +203,7 @@ static int ksmbd_tcp_new_connection(struct socket *client_sk) 
	if (IS_ERR(handler)) {

		pr_err("cannot start conn thread\n");

		rc = PTR_ERR(handler);

		free_transport(t);

		ksmbd_tcp_disconnect(KSMBD_TRANS(t));

	}

	return rc;

}