diff options
author | Linus Torvalds | 2009-01-26 09:49:22 -0800 |
---|---|---|
committer | Linus Torvalds | 2009-01-26 09:49:22 -0800 |
commit | 2d07d4d1bba3b141941682fa36cacbe12bbb143b (patch) | |
tree | 7f64f9870c60382e3df33ba795098b5142c9d7d1 | |
parent | 3386c05bdbd3e60ca7158253442f0a00133db28e (diff) | |
parent | f6d47a1761896dcd89e3184399a8962dff17267d (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: fix poll notify
fuse: destroy bdi on umount
fuse: fuse_fill_super error handling cleanup
fuse: fix missing fput on error
fuse: fix NULL deref in fuse_file_alloc()
-rw-r--r-- | fs/fuse/dev.c | 16 | ||||
-rw-r--r-- | fs/fuse/file.c | 2 | ||||
-rw-r--r-- | fs/fuse/inode.c | 30 |
3 files changed, 30 insertions, 18 deletions
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index e0c7ada08a1f..ba76b68c52ff 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -281,7 +281,8 @@ __releases(&fc->lock) fc->blocked = 0; wake_up_all(&fc->blocked_waitq); } - if (fc->num_background == FUSE_CONGESTION_THRESHOLD) { + if (fc->num_background == FUSE_CONGESTION_THRESHOLD && + fc->connected) { clear_bdi_congested(&fc->bdi, READ); clear_bdi_congested(&fc->bdi, WRITE); } @@ -825,16 +826,21 @@ static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size, struct fuse_copy_state *cs) { struct fuse_notify_poll_wakeup_out outarg; - int err; + int err = -EINVAL; if (size != sizeof(outarg)) - return -EINVAL; + goto err; err = fuse_copy_one(cs, &outarg, sizeof(outarg)); if (err) - return err; + goto err; + fuse_copy_finish(cs); return fuse_notify_poll_wakeup(fc, &outarg); + +err: + fuse_copy_finish(cs); + return err; } static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code, @@ -845,6 +851,7 @@ static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code, return fuse_notify_poll(fc, size, cs); default: + fuse_copy_finish(cs); return -EINVAL; } } @@ -923,7 +930,6 @@ static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, */ if (!oh.unique) { err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs); - fuse_copy_finish(&cs); return err ? err : nbytes; } diff --git a/fs/fuse/file.c b/fs/fuse/file.c index e8162646a9b5..d9fdb7cec538 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(struct fuse_conn *fc) ff->reserved_req = fuse_request_alloc(); if (!ff->reserved_req) { kfree(ff); - ff = NULL; + return NULL; } else { INIT_LIST_HEAD(&ff->write_entry); atomic_set(&ff->count, 0); diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 47c96fdca1ac..459b73dd45e1 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -292,6 +292,7 @@ static void fuse_put_super(struct super_block *sb) list_del(&fc->entry); fuse_ctl_remove_conn(fc); mutex_unlock(&fuse_mutex); + bdi_destroy(&fc->bdi); fuse_conn_put(fc); } @@ -532,7 +533,6 @@ void fuse_conn_put(struct fuse_conn *fc) if (fc->destroy_req) fuse_request_free(fc->destroy_req); mutex_destroy(&fc->inst_mutex); - bdi_destroy(&fc->bdi); fc->release(fc); } } @@ -805,16 +805,18 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) int err; int is_bdev = sb->s_bdev != NULL; + err = -EINVAL; if (sb->s_flags & MS_MANDLOCK) - return -EINVAL; + goto err; if (!parse_fuse_opt((char *) data, &d, is_bdev)) - return -EINVAL; + goto err; if (is_bdev) { #ifdef CONFIG_BLOCK + err = -EINVAL; if (!sb_set_blocksize(sb, d.blksize)) - return -EINVAL; + goto err; #endif } else { sb->s_blocksize = PAGE_CACHE_SIZE; @@ -826,20 +828,22 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) sb->s_export_op = &fuse_export_operations; file = fget(d.fd); + err = -EINVAL; if (!file) - return -EINVAL; + goto err; if (file->f_op != &fuse_dev_operations) - return -EINVAL; + goto err_fput; fc = kmalloc(sizeof(*fc), GFP_KERNEL); + err = -ENOMEM; if (!fc) - return -ENOMEM; + goto err_fput; err = fuse_conn_init(fc, sb); if (err) { kfree(fc); - return err; + goto err_fput; } fc->release = fuse_free_conn; @@ -854,12 +858,12 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) err = -ENOMEM; root = fuse_get_root_inode(sb, d.rootmode); if (!root) - goto err; + goto err_put_conn; root_dentry = d_alloc_root(root); if (!root_dentry) { iput(root); - goto err; + goto err_put_conn; } init_req = fuse_request_alloc(); @@ -903,9 +907,11 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) fuse_request_free(init_req); err_put_root: dput(root_dentry); - err: - fput(file); + err_put_conn: fuse_conn_put(fc); + err_fput: + fput(file); + err: return err; } |