[Devel] [PATCH rh7 v2] fs/fuse kio: fix fuse_mutex leak in pcs_fuse_stat_fini()

Konstantin Khorenko khorenko at virtuozzo.com
Thu Jul 4 11:41:06 MSK 2019


From: Pavel Butsykin <pbutsykin at virtuozzo.com>

stat->kio_stat is checked for NULL in order to prevent freeing "stat" struct
fields before they are initialized in pcs_fuse_stat_init() (or may be kio_stat
is not initialized due to previous fails).

A side note about removing dentries only in case fuse_control_sb exists:
in pcs_fuse_stat_init() kio related dentries are initialized only in case
fuse_control_sb != NULL, and in fuse_ctl_kill_sb() fuse_control_sb is set to
NULL first and after that sb is killed along with all related dentries.

And stat kio dentries pointers are not set to NULL after fuse_kio_rm_dentry()
because it does not matter - it's a destroy time and whole pcs_fuse_cluster
struct along with stat struct is freed.

Signed-off-by: Pavel Butsykin <pbutsykin at virtuozzo.com>
Acked-by: Konstantin Khorenko <khorenko at virtuozzo.com>

--
v2: skip stat->kio_stat NULL-ify because stat struct is going to be freed right
now.
---
 fs/fuse/kio/pcs/fuse_stat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/kio/pcs/fuse_stat.c b/fs/fuse/kio/pcs/fuse_stat.c
index bc3879d33de9..25d5572d6061 100644
--- a/fs/fuse/kio/pcs/fuse_stat.c
+++ b/fs/fuse/kio/pcs/fuse_stat.c
@@ -848,8 +848,10 @@ void pcs_fuse_stat_init(struct pcs_fuse_stat *stat)
 void pcs_fuse_stat_fini(struct pcs_fuse_stat *stat)
 {
 	mutex_lock(&fuse_mutex);
-	if (!stat->kio_stat)
+	if (!stat->kio_stat) {
+		mutex_unlock(&fuse_mutex);
 		return;
+	}
 
 	if (fuse_control_sb) {
 		if (stat->iostat)
-- 
2.15.1



More information about the Devel mailing list