[PATCH 5.10.y] cifs: Fix connections leak when tlink setup failed

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Vasiliy Kovalev <kovalev@altlinux.org>
To: stable@vger.kernel.org
Cc: Steve French <sfrench@samba.org>,
	linux-cifs@vger.kernel.org, samba-technical@lists.samba.org,
	lvc-project@linuxtesting.org, kovalev@altlinux.org
Subject: [PATCH 5.10.y] cifs: Fix connections leak when tlink setup failed
Date: Tue, 21 Apr 2026 16:26:12 +0300	[thread overview]
Message-ID: <20260421132612.38517-1-kovalev@altlinux.org> (raw)

From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>

commit 1dcdf5f5b2137185cbdd5385f29949ab3da4f00c upstream.

If the tlink setup failed, lost to put the connections, then
the module refcnt leak since the cifsd kthread not exit.

Also leak the fscache info, and for next mount with fsc, it will
print the follow errors:
  CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)

Let's check the result of tlink setup, and do some cleanup.

Fixes: 56c762eb9bee ("cifs: Refactor out cifs_mount()")
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[ kovalev: bp to fix CVE-2022-49822; adapted to use direct xid/ses/tcon
  variables instead of mnt_ctx struct fields due to the older kernel not
  having the corresponding cifs_mount() refactoring (see upstream commit
  c88f7dcd6d64) ]
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---
 fs/cifs/connect.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 769c7759601d..3161155fd069 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -4786,9 +4786,13 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *vol)
 	vol->prepath = NULL;
 
 out:
-	free_xid(xid);
 	cifs_try_adding_channels(ses);
-	return mount_setup_tlink(cifs_sb, ses, tcon);
+	rc = mount_setup_tlink(cifs_sb, ses, tcon);
+	if (rc)
+		goto error;
+
+	free_xid(xid);
+	return rc;
 
 error:
 	kfree(ref_path);
@@ -4820,9 +4824,12 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *vol)
 			goto error;
 	}
 
-	free_xid(xid);
+	rc = mount_setup_tlink(cifs_sb, ses, tcon);
+	if (rc)
+		goto error;
 
-	return mount_setup_tlink(cifs_sb, ses, tcon);
+	free_xid(xid);
+	return rc;
 
 error:
 	mount_put_conns(cifs_sb, xid, server, ses, tcon);
-- 
2.50.1

                 reply	other threads:[~2026-04-21 13:26 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:769c7759601 dfblob:3161155fd06 )
 OR (
bs:"[PATCH 5.10.y] cifs: Fix connections leak when tlink setup failed" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260421132612.38517-1-kovalev@altlinux.org \
    --to=kovalev@altlinux.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=lvc-project@linuxtesting.org \
    --cc=samba-technical@lists.samba.org \
    --cc=sfrench@samba.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox