[RHEL7,COMMIT] fs/fuse kio: fix fuse_mutex leak in pcs_fuse_stat_fini()

Submitted by Konstantin Khorenko on July 4, 2019, 8:42 a.m.


Message ID 201907040842.x648g7ZI008070@finist-ce7.sw.ru
State New
Series "fs/fuse kio: fix fuse_mutex leak in pcs_fuse_stat_fini()"
Headers show

Commit Message

Konstantin Khorenko July 4, 2019, 8:42 a.m.
The commit is pushed to "branch-rh7-3.10.0-957.21.3.vz7.106.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.21.3.vz7.106.4
commit a01aa4b8ddbdb3c70adfdf23937896f2326f3bff
Author: Pavel Butsykin <pbutsykin@virtuozzo.com>
Date:   Wed Jul 3 15:09:01 2019 +0300

    fs/fuse kio: fix fuse_mutex leak in pcs_fuse_stat_fini()
    stat->kio_stat is checked for NULL in order to prevent freeing "stat" struct
    fields before they are initialized in pcs_fuse_stat_init() (or may be kio_stat
    is not initialized due to previous fails).
    A side note about removing dentries only in case fuse_control_sb exists:
    in pcs_fuse_stat_init() kio related dentries are initialized only in case
    fuse_control_sb != NULL, and in fuse_ctl_kill_sb() fuse_control_sb is set to
    NULL first and after that sb is killed along with all related dentries.
    And stat kio dentries pointers are not set to NULL after fuse_kio_rm_dentry()
    because it does not matter - it's a destroy time and whole pcs_fuse_cluster
    struct along with stat struct is freed.
    Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
    Acked-by: Konstantin Khorenko <khorenko@virtuozzo.com>
 fs/fuse/kio/pcs/fuse_stat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/fuse/kio/pcs/fuse_stat.c b/fs/fuse/kio/pcs/fuse_stat.c
index bc3879d33de9..25d5572d6061 100644
--- a/fs/fuse/kio/pcs/fuse_stat.c
+++ b/fs/fuse/kio/pcs/fuse_stat.c
@@ -848,8 +848,10 @@  void pcs_fuse_stat_init(struct pcs_fuse_stat *stat)
 void pcs_fuse_stat_fini(struct pcs_fuse_stat *stat)
-	if (!stat->kio_stat)
+	if (!stat->kio_stat) {
+		mutex_unlock(&fuse_mutex);
+	}
 	if (fuse_control_sb) {
 		if (stat->iostat)