On 1/25/25 01:37, Joanne Koong wrote:
> On Fri, Jan 24, 2025 at 8:47 AM Bernd Schubert <bschubert@xxxxxxx> wrote:
>>
>> This ensures that ent->cmd and ent->fuse_req are accessed in
>> fuse_uring_entry_teardown while holding the queue lock.
>>
>> Fixes: a4bdb3d786c0 ("fuse: enable fuse-over-io-uring")
>> Signed-off-by: Bernd Schubert <bschubert@xxxxxxx>
>> ---
>> fs/fuse/dev_uring.c | 27 +++++++++++++++++++--------
>> 1 file changed, 19 insertions(+), 8 deletions(-)
>>
>> diff --git a/fs/fuse/dev_uring.c b/fs/fuse/dev_uring.c
>> index 1834c1933d2bbab0342257fde4b030f06506c55d..87bb89994c311f435c370f78984be060fcb8036f 100644
>> --- a/fs/fuse/dev_uring.c
>> +++ b/fs/fuse/dev_uring.c
>> @@ -315,14 +315,20 @@ static void fuse_uring_stop_fuse_req_end(struct fuse_ring_ent *ent)
>> */
>> static void fuse_uring_entry_teardown(struct fuse_ring_ent *ent)
>> {
>> - struct fuse_ring_queue *queue = ent->queue;
>> - if (ent->cmd) {
>> - io_uring_cmd_done(ent->cmd, -ENOTCONN, 0, IO_URING_F_UNLOCKED);
>> - ent->cmd = NULL;
>> - }
>> + struct fuse_req *req;
>> + struct io_uring_cmd *cmd;
>>
>> - if (ent->fuse_req)
>> - fuse_uring_stop_fuse_req_end(ent);
>> + struct fuse_ring_queue *queue = ent->queue;
>> +
>> + spin_lock(&queue->lock);
>> + ent->fuse_req = NULL;
>> +
>> + req = ent->fuse_req;
>
> I think you meant here to switch these two lines? otherwise i think
> req will alwyas be null here.
>
Ah yes, thanks for spotting it, it is for extra safety, so bypassed my
basic testing.
Thanks,
Bernd
