diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2025-07-06 02:26:45 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-07-17 18:43:54 +0200 |
| commit | 4b1ed88677ea231f734cd36104dd3d2e6e17a4d8 (patch) | |
| tree | 64c75040dd308496271b50dec67ca24eeaa7a61d | |
| parent | 40be22f42e269aed486058c59e664ac94367e640 (diff) | |
ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
commit 277627b431a0a6401635c416a21b2a0f77a77347 upstream.
If the call of ksmbd_vfs_lock_parent() fails, we drop the parent_path
references and return an error. We need to drop the write access we
just got on parent_path->mnt before we drop the mount reference - callers
assume that ksmbd_vfs_kern_path_locked() returns with mount write
access grabbed if and only if it has returned 0.
Fixes: 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/smb/server/vfs.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index baf0d3031a44..134cabdd60eb 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1280,6 +1280,7 @@ out1: err = ksmbd_vfs_lock_parent(parent_path->dentry, path->dentry); if (err) { + mnt_drop_write(parent_path->mnt); path_put(path); path_put(parent_path); } |