[PATCH 1/7] fuse: Check for fc->connected in fuse_dev_alloc()

Kirill Tkhai <ktkhai@xxxxxxxxxxxxx> · Tue, 15 Jan 2019 13:19:19 +0300

fuse_dev_alloc() may be called after fc->connected
is dropped (from ioctl), so here we add sanity check
for that case.

Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
---
 fs/fuse/inode.c |    9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 336844d0eb3a..0361a3d62356 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1054,10 +1054,19 @@ struct fuse_dev *fuse_dev_alloc(struct fuse_conn *fc)
 	fuse_pqueue_init(&fud->pq);
 
 	spin_lock(&fc->lock);
+	if (!fc->connected) {
+		spin_unlock(&fc->lock);
+		goto out_put;
+	}
 	list_add_tail(&fud->entry, &fc->devices);
 	spin_unlock(&fc->lock);
 
 	return fud;
+out_put:
+	fuse_conn_put(fc);
+	kfree(pq);
+	kfree(fud);
+	return NULL;
 }
 EXPORT_SYMBOL_GPL(fuse_dev_alloc);
 







