On Tue, Jan 15, 2019 at 11:19 AM Kirill Tkhai <ktkhai@xxxxxxxxxxxxx> wrote:
>
> fuse_dev_alloc() may be called after fc->connected
> is dropped (from ioctl), so here we add sanity check
> for that case.
AFAICS this is not fixing a bug; i.e. even if the fuse_dev is added to
the fuse_conn's list after disconnection there would be no leak.
In other words, it's irrelevant whether the connection reset comes
just before the ioctl completes or just after. Or am I missing
something?
Thanks,
Miklos
>
> Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
> ---
> fs/fuse/inode.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 336844d0eb3a..0361a3d62356 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1054,10 +1054,19 @@ struct fuse_dev *fuse_dev_alloc(struct fuse_conn *fc)
> fuse_pqueue_init(&fud->pq);
>
> spin_lock(&fc->lock);
> + if (!fc->connected) {
> + spin_unlock(&fc->lock);
> + goto out_put;
> + }
> list_add_tail(&fud->entry, &fc->devices);
> spin_unlock(&fc->lock);
>
> return fud;
> +out_put:
> + fuse_conn_put(fc);
> + kfree(pq);
> + kfree(fud);
> + return NULL;
> }
> EXPORT_SYMBOL_GPL(fuse_dev_alloc);
>
>
