[{"id":3679061,"web_url":"http://patchwork.ozlabs.org/comment/3679061/","msgid":"","list_archive_url":null,"date":"2026-04-19T07:30:20","subject":"Re: [PATCH 1/2] ksmbd: fix active_num_conn leak when\n alloc_transport() fails","submitter":{"id":79386,"url":"http://patchwork.ozlabs.org/api/people/79386/","name":"Namjae Jeon","email":"linkinjeon@kernel.org"},"content":"On Sun, Apr 19, 2026 at 2:30 AM DaeMyung Kang wrote:\n>\n> ksmbd_kthread_fn() increments active_num_conn right after accept(),\n> before calling ksmbd_tcp_new_connection(). The decrement normally\n> happens in ksmbd_tcp_disconnect() at the end of the connection's\n> lifetime.\n>\n> If alloc_transport() fails in ksmbd_tcp_new_connection(), the function\n> releases the socket and returns -ENOMEM without going through\n> ksmbd_tcp_disconnect(), so active_num_conn never gets decremented.\n> Under memory pressure, repeated failures monotonically inflate the\n> counter until max_connections is reached and new clients are refused\n> indefinitely.\n>\n> Decrement active_num_conn on this error path, matching the accounting\n> rule used by ksmbd_kthread_fn() and ksmbd_tcp_disconnect().\n>\n> Commit 77ffbcac4e56 (\"smb: server: fix leak of active_num_conn in\n> ksmbd_tcp_new_connection()\") fixed the sibling leak on the kthread_run()\n> failure path; this patch closes the remaining one.\n>\n> Reproduced with a debug build that adds a temporary module parameter\n> guarding an early return at the top of alloc_transport(), forcing\n> the first N accept-time transport allocations to fail:\n>\n> * Configure ksmbd with \"max connections = 3\".\n> * Force 5 successive alloc_transport() failures at the accept path.\n> * Without the fix: active_num_conn drifts up to max_connections and\n> subsequent legitimate mount.cifs attempts are refused with\n> \"ksmbd: Limit the maximum number of connections(3)\" in dmesg.\n> * With the fix: the counter is correctly decremented on each\n> failure and legitimate mounts continue to succeed.\n>\n> Tested by injecting 5 alloc_transport() failures with\n> max_connections=3 and verifying that subsequent mount.cifs attempts\n> still succeed on the patched kernel while the unpatched kernel\n> refuses them.\n>\n> Fixes: 0d0d4680db22 (\"ksmbd: add max connections parameter\")\n> Cc: stable@vger.kernel.org\n> Signed-off-by: DaeMyung Kang \nLooks good, but Michael Bommarito has already submitted the same patch\nto the list, and it has been merged into the ksmbd-for-next branch as\nshown below.\nhttps://github.com/smfrench/smb3-kernel/commit/6551300dc452ac16a855a83dbd1e74899542d3b3\n\nThanks!","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=q9QCQs0W;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10911-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"q9QCQs0W\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fz0dx4SDMz1yGs\n\tfor ; Sun, 19 Apr 2026 17:30:45 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 521C2301A3B1\n\tfor ; Sun, 19 Apr 2026 07:30:36 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 0E2BD3783D4;\n\tSun, 19 Apr 2026 07:30:35 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id DEAFC32FA3C\n\tfor ; Sun, 19 Apr 2026 07:30:34 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 9DF3BC2BCAF\n\tfor ; Sun, 19 Apr 2026 07:30:34 +0000 (UTC)","by mail-ed1-f48.google.com with SMTP id\n 4fb4d7f45d1cf-67389cf78b0so3367048a12.2\n for ;\n Sun, 19 Apr 2026 00:30:34 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776583834; cv=none;\n b=MRZFBdsxSjdm/RzFVQ3HX29iMO0bqs6+yS3qDIKunDnQAHcGNWphTpFkFYTDkiPB6H77WnOHA18IF5GcBFyD0GD/JaQBI4yD0Dak1Knh2AhRWm9mpI+6IHFHgP5wqVMy972liN/LdSfpmZUqL91d/c3xxdRpJgNkUlwqvMt53x8=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776583834; c=relaxed/simple;\n\tbh=wfUrrQBCkecgTuBu9NhgoRwwZHhreWaGejevzpekHV0=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=MMq4iw44pXHX1ps3IWgYrCvQc6My78CWi+Xtx0KSz/jjJEXtE9c0AN7qMUO1/gdyGPKL2/zT8KvlxEuBiPP4P4IpAN03mTZ+F4AmbeVyFPvioYdXUkjxV5+IT/79eBa73z8EATPpRzFfog9+PfCKi07VZL2MCqfH5g4VR91M2hk=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=q9QCQs0W; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776583834;\n\tbh=wfUrrQBCkecgTuBu9NhgoRwwZHhreWaGejevzpekHV0=;\n\th=References:In-Reply-To:From:Date:Subject:To:Cc:From;\n\tb=q9QCQs0W1wQHHNT29hVD1QBiQLjImjS7lbViJ+v3WRJXVw8ZpSccCoTT4h6E0CIEi\n\t 0DFoLPc9ggeTjZJR0z8bProuDBdEK9773UHaMC2OKC4s48h8w9lqLdhi1caTfZCGtx\n\t sGB46WgbZrNo84ThqPpNqhrcPMgsVFFtWi9iUlaeiWQDUt49nJCNvwqfTO8I46rlDZ\n\t 72m4DoJGy8697JlxQZb6qJfPBcB2HDxSQQbioaSTw03MCHU0Ciy4br1gwfWsmAxqg2\n\t /2qde9C8p6znyZGF2kx3rruEho2gZkUt6jUI6P1HVdbaPQc0YcY5YHvnz8cBXFQqAi\n\t C5oBcA1/7O4Jw==","X-Forwarded-Encrypted":"i=1;\n AFNElJ9Kb50vFX2hgQVPCGq4dswIIOfvn5Kei3whWsz849HvvqZgXs5J3UKmY+aWnb9l63r94ZCP3BrwTz5h@vger.kernel.org","X-Gm-Message-State":"AOJu0YzxAHxp7E/iiryAFsNRK16+b4FutW2r2CgPBjDJ52MJnY2LYPeW\n\tWApAA+JXM8z8Ahai5+ayOk4koytTgcMxY8x5TE9u8Tlhqu/lBprxkHzXxaMuIx59y4+wVJ10u98\n\t6+MZzECyBRMR+pMjva3ughpR/SXWXqzI=","X-Received":"by 2002:a05:6402:26d2:b0:66e:8ce7:5461 with SMTP id\n 4fb4d7f45d1cf-672bfdc947cmr4231892a12.16.1776583833220; Sun, 19 Apr 2026\n 00:30:33 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","References":"<20260418172844.1333378-1-charsyam@gmail.com>\n <20260418172844.1333378-2-charsyam@gmail.com>","In-Reply-To":"<20260418172844.1333378-2-charsyam@gmail.com>","From":"Namjae Jeon ","Date":"Sun, 19 Apr 2026 16:30:20 +0900","X-Gmail-Original-Message-ID":"\n ","X-Gm-Features":"AQROBzBZ6N8P1_138HmLsN8SXaSKKLbOnBVKn-zYmzcS-gbAK7Pzb7AQE19FL6U","Message-ID":"\n ","Subject":"Re: [PATCH 1/2] ksmbd: fix active_num_conn leak when\n alloc_transport() fails","To":"DaeMyung Kang ","Cc":"smfrench@gmail.com, senozhatsky@chromium.org, tom@talpey.com,\n\tlinux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org,\n\tstable@vger.kernel.org, Henrique Carvalho ","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable"}}]