From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E27E3290D3
	for <linux-kernel@vger.kernel.org>; Sat, 18 Apr 2026 17:28:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776533332; cv=none; b=MSb9CJhRIkaB9wkFZ1NAUK1p2Qhr8b73otht/Uv4CM8q5logl4V/eFVpy2iWm7BOgBEr9Pfi1LxmxLvq11usOuPCaGuLdc5g4p4gqO5MFsMpSmECV7zTTy7tijVRkBspgOTeqIn7x3S2Uw+Xn8m+XIrlN0vt4BMFg88iTgLPWf4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776533332; c=relaxed/simple;
	bh=oodzrY0vvZIZe8xiTS/m05LLTN+vBoFyUaBlwdynK+g=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=OmVbo5k1AHaHzjXFQCGQ5dZq4SY6Mq35X6osl4IQ1lKQc0PM8Sc7nPYjy6pDTKyaYpLF9eSYt23XcX12tnPju3pdkzwXHx7SKzllgid8gFz5/jfb+WQ0GQN9qpSAUhF0NJChElgYz3JqocC6Xc9WLknaCtxwUqRde3t5lfvYhro=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VEfXjr5D; arc=none smtp.client-ip=209.85.214.178
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VEfXjr5D"
Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2ad2b375e58so1348125ad.3
        for <linux-kernel@vger.kernel.org>; Sat, 18 Apr 2026 10:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1776533330; x=1777138130; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=UKnYTxLMq3it/33zgMBz+MbkLOEWdzF/N2ceulBhKMs=;
        b=VEfXjr5DAq8PV7JdtFABrctkWQfBW7dDQJQv5sKcht44MjxFJoJOfw1CZPtePDYTvn
         msJ8yAkoNBpdnyvAKnJz86PbmhrNzLsLLQzi17x6lWVUWMPWYpSMaleA/1ucO2OKMw87
         2dtvA13sOv2IrCm5OXx0hM2JBU5JXT05fi7r4LQLWmtmozLSLQrXVuCRU3YCvo8FXjuN
         ao1cbQnjCEgTFX46jzvZEYRUS8d2ITLEwPX6sw2E7iJFcfFwDm3Rcwllw6bzcGs+ydAz
         NVZ0SAB62I9kfyjoDSqwHAgBcQvs1nfEmMrB61qecAFu9sUqs8gwMPWVOwpAxofK7vCD
         CssA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1776533330; x=1777138130;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=UKnYTxLMq3it/33zgMBz+MbkLOEWdzF/N2ceulBhKMs=;
        b=U5Fg17oXVzJn3Eyx5XaG2/CKxQgAN43m1xkCny1F88AfA4W/IlNQU+oUKwge5m6ow8
         AIPRVcy+BRyyvlsDhK5md5z7Ugc0pNXIQXscqwOgIRS8rVdbiLkNcBT3gt0uIPQSNYwE
         mnOcn/m/CCFcQoPQ0CIvYqxizwuvc4t7leuXYf9oexxZetDVjMA19nn9j+kWUDpLfEHt
         /GPLmHcI4qz6qkW37oaEL9by6rpIVdNrTHo/5U8MmJ5tvEPIFnf+zmgutRJeowU1rwFe
         XHS5WGY6nJILLjkWtdkh4yjISfw6/AUDP0KVdL02uruiLVc/D9BbETIxmaOZYTCN9OAd
         n7EA==
X-Forwarded-Encrypted: i=1; AFNElJ/qRXwMVFI1skATo1aNOcmzk9QrX9zQIvMj0bK9exI4W85nBUeNGFnzUlltmcfPz7TBiHthHrH5bfhlA7M=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyflwiq49TLNuPba+SEDWSDBWWLp4PvQWzd2DDCYyY0y05SkBMf
	+9kl7S+Dcn+ju6q6cgC1d9y7CwalHd/CxiqIVC4//Dy/r04QN7Ohyv1x3z44h44Q
X-Gm-Gg: AeBDieuminIMMEQm3945+tuKETKe/oSB6RXPDJ3T4vBHe/Ns5+JUqbbQIjyg4xKZpqU
	r23ULnvjQFW1taqVBSRmPFLfaZfJm8ebz/9jurL8f1FYCw6DOBKfkKWkqhbHnFbu1TqZtI+DpvU
	i+sezrTqsAfhdW42o0YmNEJYGHj0ke+47MVeP56eeWBo1Sn5pDgorH9whP79PNee1ncKaYIWbp9
	teKLQpqV4d9+35PKgbP4PWoU+wBvE3xFqsL6wyEAuFiiB6rZHDT+qs/L2w2O8GNBCjxBT69m2Jw
	DVsfzntcHTj4cr+zkI4zxy+VOnFZpiA/PadQNPwfOb5h7y1gmDTUD1LKvkZwT6Inp6VfnBldgJK
	r6MVWzHPSA07kuFN1FbjYE7kFzeHfcqiWGRvgQD0Wqfh/gZwAM43msvTfCSmEcnKkBxLbT3RImj
	sLQf7LLDqXe7bd1p2K7kGNKr1T3x8=
X-Received: by 2002:a17:903:110c:b0:2b2:4194:952a with SMTP id d9443c01a7336-2b5f9f816femr39399565ad.6.1776533329786;
        Sat, 18 Apr 2026 10:28:49 -0700 (PDT)
Received: from ser8.. ([221.156.231.192])
        by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b5fa9ff3bfsm69694965ad.7.2026.04.18.10.28.47
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 18 Apr 2026 10:28:49 -0700 (PDT)
From: DaeMyung Kang <charsyam@gmail.com>
To: linkinjeon@kernel.org,
	smfrench@gmail.com
Cc: senozhatsky@chromium.org,
	tom@talpey.com,
	linux-cifs@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	stable@vger.kernel.org,
	Henrique Carvalho <henrique.carvalho@suse.com>,
	DaeMyung Kang <charsyam@gmail.com>
Subject: [PATCH 0/2] ksmbd: connection accounting and session teardown fixes
Date: Sun, 19 Apr 2026 02:28:42 +0900
Message-ID: <20260418172844.1333378-1-charsyam@gmail.com>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Two independent correctness fixes in the ksmbd server.

 1/2 ksmbd_tcp_new_connection() does not decrement active_num_conn on
     the alloc_transport() failure path, so repeated allocation
     failures monotonically inflate the counter until max_connections
     is reached and new clients are refused indefinitely.  This is
     the remaining half of the same family of accounting bugs
     addressed by 77ffbcac4e56 ("smb: server: fix leak of
     active_num_conn in ksmbd_tcp_new_connection()"), which only
     closed the kthread_run() failure path.  Reproduced under a debug
     build that forces alloc_transport() to return NULL for a bounded
     number of calls; details in the commit log.

 2/2 ksmbd_conn_wait_idle_sess_id() stores its per-connection
     threshold (rcount) in cross-iteration state, so whether a given
     sibling connection is compared against the loose (< 2) or the
     strict (< 1) threshold is decided by hash iteration order
     relative to curr_conn.  Connections visited after curr_conn can
     slip through the idle check while still processing requests
     against the same session, reopening the teardown race
     destroy_previous_session() was meant to close.  This is a
     code-inspection fix; the iteration-order dependency makes a
     targeted reproducer impractical.

The two patches are independent; the series order is not significant.

DaeMyung Kang (2):
  ksmbd: fix active_num_conn leak when alloc_transport() fails
  ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id()

 fs/smb/server/connection.c    | 5 ++---
 fs/smb/server/transport_tcp.c | 2 ++
 2 files changed, 4 insertions(+), 3 deletions(-)

--
2.43.0