smb: server: fix max_connections off-by-one in tcp accept path

The global max_connections check in ksmbd's TCP accept path counts
the newly accepted connection with atomic_inc_return(), but then
rejects the connection when the result is greater than or equal to
server_conf.max_connections.

That makes the effective limit one smaller than configured. For
example:

- max_connections=1 rejects the first connection
- max_connections=2 allows only one connection

The per-IP limit in the same function uses <= correctly because it
counts only pre-existing connections. The global limit instead checks
the post-increment total, so it should reject only when that total
exceeds the configured maximum.

Fix this by changing the comparison from >= to >, so exactly
max_connections simultaneous connections are allowed and the next one
is rejected. This matches the documented meaning of max_connections
in fs/smb/server/ksmbd_netlink.h as the "Number of maximum simultaneous
connections".

Fixes: 0d0d4680db22 ("ksmbd: add max connections parameter")
Cc: stable@vger.kernel.org
Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c
index 8d7fe71f525ca263ae640596f837466151f2296d..13b711ea575d8ee07e564099f5aab5f6669ea451 100644 (file)
--- a/fs/smb/server/transport_tcp.c
+++ b/fs/smb/server/transport_tcp.c
@@ -281,7 +281,7 @@ static int ksmbd_kthread_fn(void *p)
 
 skip_max_ip_conns_limit:
                if (server_conf.max_connections &&
-                   atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
+                   atomic_inc_return(&active_num_conn) > server_conf.max_connections) {
                        pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
                                            atomic_read(&active_num_conn));
                        atomic_dec(&active_num_conn);