On 18.01.2019 15:07, Miklos Szeredi wrote:
> On Tue, Jan 15, 2019 at 11:19 AM Kirill Tkhai <ktkhai@xxxxxxxxxxxxx> wrote:
>>
>> fuse_dev_alloc() may be called after fc->connected
>> is dropped (from ioctl), so here we add sanity check
>> for that case.
>
> AFAICS this is not fixing a bug; i.e. even if the fuse_dev is added to
> the fuse_conn's list after disconnection there would be no leak.
>
> In other words, it's irrelevant whether the connection reset comes
> just before the ioctl completes or just after. Or am I missing
> something?
Yeah, there won't be a leak. The only problem I see, userspace daemon
may become waiting in fuse_dev_do_read() after abort is finished.
This means fc->count won't be put, and manual killing signal will be
needed.
I.e., umount -f will wait till the daemon is killed manually.
Not so big a problem, but not very pleasant...
Kirill
>>
>> Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
>> ---
>> fs/fuse/inode.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
>> index 336844d0eb3a..0361a3d62356 100644
>> --- a/fs/fuse/inode.c
>> +++ b/fs/fuse/inode.c
>> @@ -1054,10 +1054,19 @@ struct fuse_dev *fuse_dev_alloc(struct fuse_conn *fc)
>> fuse_pqueue_init(&fud->pq);
>>
>> spin_lock(&fc->lock);
>> + if (!fc->connected) {
>> + spin_unlock(&fc->lock);
>> + goto out_put;
>> + }
>> list_add_tail(&fud->entry, &fc->devices);
>> spin_unlock(&fc->lock);
>>
>> return fud;
>> +out_put:
>> + fuse_conn_put(fc);
>> + kfree(pq);
>> + kfree(fud);
>> + return NULL;
>> }
>> EXPORT_SYMBOL_GPL(fuse_dev_alloc);
>>
>>
