[Devel] [PATCH RHEL7 COMMIT] fs/fuse kio_pcs: fix double free of synchronous requests
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Oct 9 19:27:11 MSK 2018
The commit is pushed to "branch-rh7-3.10.0-862.14.4.vz7.72.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.14.4.vz7.72.5
------>
commit 73476a41a6547ac828b1c2a55567a85e57603059
Author: Pavel Butsykin <pbutsykin at virtuozzo.com>
Date: Tue Oct 9 19:27:09 2018 +0300
fs/fuse kio_pcs: fix double free of synchronous requests
Missed increment of req->count for synchronous requests.
Signed-off-by: Pavel Butsykin <pbutsykin at virtuozzo.com>
Acked-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
fs/fuse/kio/pcs/pcs_fuse_kdirect.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
index d3a038e9921f..f602b93ea574 100644
--- a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
+++ b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
@@ -1098,8 +1098,6 @@ static int pcs_kio_classify_req(struct fuse_conn *fc, struct fuse_req *req)
fail:
WARN_ONCE(1, "Fuse kio: req cannot be processed w/o inode\n");
- req->out.h.error = -EINVAL;
- request_end(fc, req);
return -EINVAL;
}
@@ -1121,8 +1119,17 @@ static int kpcs_req_send(struct fuse_conn* fc, struct fuse_req *req, bool bg, bo
TRACE(" Enter req:%p op:%d end:%p bg:%d lk:%d\n", req, req->in.h.opcode, req->end, bg, lk);
ret = pcs_kio_classify_req(fc, req);
- if (ret)
- return ret < 0 ? 0 : 1;
+ if (ret) {
+ if (ret < 0) {
+ if (!bg)
+ atomic_inc(&req->count);
+ __clear_bit(FR_PENDING, &req->flags);
+ req->out.h.error = ret;
+ request_end(fc, req);
+ return 0;
+ }
+ return 1;
+ }
/* request_end below will do fuse_put_request() */
if (!bg)
More information about the Devel
mailing list