ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()

If the call of ksmbd_vfs_lock_parent() fails, we drop the parent_path references and return an error. We need to drop the write access we just got on parent_path->mnt before we drop the mount reference - callers assume that ksmbd_vfs_kern_path_locked() returns with mount write access grabbed if and only if it has returned 0. Fixes: 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com>
author: Al Viro <viro@zeniv.linux.org.uk> 2025-07-06 04:26:45 +0300
committer: Steve French <stfrench@microsoft.com> 2025-07-08 19:25:44 +0300
commit: 277627b431a0a6401635c416a21b2a0f77a77347 (patch)
tree: 994ae9df8c1f09f6ab86bc84f661e3a90cae6946
parent: 0c2b53997e8f5e2ec9e0fbd17ac0436466b65488 (diff)
download: linux-277627b431a0a6401635c416a21b2a0f77a77347.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 0f3aad12e495..d3437f6644e3 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -1282,6 +1282,7 @@ out1:
 
 		err = ksmbd_vfs_lock_parent(parent_path->dentry, path->dentry);
 		if (err) {
+			mnt_drop_write(parent_path->mnt);
 			path_put(path);
 			path_put(parent_path);
 		}
author	Al Viro <viro@zeniv.linux.org.uk>	2025-07-06 04:26:45 +0300
committer	Steve French <stfrench@microsoft.com>	2025-07-08 19:25:44 +0300
commit	277627b431a0a6401635c416a21b2a0f77a77347 (patch)
tree	994ae9df8c1f09f6ab86bc84f661e3a90cae6946
parent	0c2b53997e8f5e2ec9e0fbd17ac0436466b65488 (diff)
download	linux-277627b431a0a6401635c416a21b2a0f77a77347.tar.xz