Lock on fi->nlookup is missed in fuse_fill_super_submount(). Add lock
on it to prevent race conditions.
Fixes: 1866d779d5d2 ("fuse: Allow fuse_fill_super_common() for submounts")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: yangyun <yangyun50@xxxxxxxxxx>
---
fs/fuse/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 99e44ea7d875..2e220f245ceb 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1593,7 +1593,9 @@ static int fuse_fill_super_submount(struct super_block *sb,
* that, though, so undo it here.
*/
fi = get_fuse_inode(root);
+ spin_lock(&fi->lock);
fi->nlookup--;
+ spin_unlock(&fi->lock);
sb->s_d_op = &fuse_dentry_operations;
sb->s_root = d_make_root(root);
--
2.33.0
