[PATCH 5.15.y] ksmbd: Fix refcount leak when invalid session is found on session lookup

Next message: Will Deacon: "Re: [PATCH v4 0/2] arm64: Fixes for __READ_ONCE() with CONFIG_LTO=y"
Previous message: Qi Zheng: "Re: [PATCH v5 29/32] mm: memcontrol: prepare for reparenting non-hierarchical stats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Li hongliang

Date: Thu Feb 26 2026 - 22:16:22 EST

From: Namjae Jeon <linkinjeon@xxxxxxxxxx>

[ Upstream commit cafb57f7bdd57abba87725eb4e82bbdca4959644 ]

When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.

Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Alexandre <roger.andersen@xxxxxxxxxxxxxx>
Reported-by: Stanislas Polu <spolu@xxxxxxx>
Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Li hongliang <1468888505@xxxxxxx>
---
fs/ksmbd/mgmt/user_session.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ksmbd/mgmt/user_session.c b/fs/ksmbd/mgmt/user_session.c
index f59714bfc819..8bd18610547d 100644
--- a/fs/ksmbd/mgmt/user_session.c
+++ b/fs/ksmbd/mgmt/user_session.c
@@ -302,8 +302,10 @@ struct ksmbd_session *ksmbd_session_lookup_all(struct ksmbd_conn *conn,
sess = ksmbd_session_lookup(conn, id);
if (!sess && conn->binding)
sess = ksmbd_session_lookup_slowpath(id);
- if (sess && sess->state != SMB2_SESSION_VALID)
+ if (sess && sess->state != SMB2_SESSION_VALID) {
+ ksmbd_user_session_put(sess);
sess = NULL;
+ }
return sess;
}

--
2.34.1