Re: [PATCH 1/2] ksmbd: destroy tree_conn_ida in ksmbd_session_destroy()

Next message: Namjae Jeon: "Re: [PATCH 2/2] ksmbd: destroy async_ida in ksmbd_conn_free()"
Previous message: Daniel Golle: "[PATCH v2 9/9] ARM: dts: mediatek: mt7623n-bananapi-bpi-r2: add HDMI audio machine node"
In reply to: DaeMyung Kang: "[PATCH 1/2] ksmbd: destroy tree_conn_ida in ksmbd_session_destroy()"
Next in thread: DaeMyung Kang: "[PATCH 2/2] ksmbd: destroy async_ida in ksmbd_conn_free()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namjae Jeon

Date: Sun Apr 19 2026 - 21:28:21 EST

On Sun, Apr 19, 2026 at 8:03 PM DaeMyung Kang <charsyam@xxxxxxxxx> wrote:
>
> When per-session tree_conn_ida was converted from a dynamically
> allocated ksmbd_ida to an embedded struct ida, ksmbd_ida_free() was
> removed from ksmbd_session_destroy() but no matching ida_destroy()
> was added. The session is therefore freed with the IDA's backing
> xarray still intact.
>
> The kernel IDA API expects ida_init() and ida_destroy() to be paired
> over an object's lifetime, so add the missing cleanup before the
> enclosing session is freed.
>
> Also move ida_init() to right after the session is allocated so that
> it is always paired with the destroy call even on the early error
> paths of __session_create() (ksmbd_init_file_table() or
> __init_smb2_session() failures), both of which jump to the error
> label and invoke ksmbd_session_destroy() on a partially initialised
> session.
>
> No leak has been observed in testing; this is a pairing fix to match
> the IDA lifetime rules, not a response to a reproduced regression.
>
> Fixes: d40012a83f87 ("cifsd: declare ida statically")
> Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>
Applied it to #ksmbd-for-next-next.
Thanks!