• Miklos Szeredi's avatar
    fuse: fix leaked notify reply · d180feed
    Miklos Szeredi authored
    commit 7fabaf303458fcabb694999d6fa772cc13d4e217 upstream.
    
    fuse_request_send_notify_reply() may fail if the connection was reset for
    some reason (e.g. fs was unmounted).  Don't leak request reference in this
    case.  Besides leaking memory, this resulted in fc->num_waiting not being
    decremented and hence fuse_wait_aborted() left in a hanging and unkillable
    state.
    
    Fixes: 2d45ba38 ("fuse: add retrieve request")
    Fixes: b8f95e5d13f5 ("fuse: umount should wait for all requests")
    Reported-and-tested-by: syzbot+6339eda9cb4ebbc4c37b@syzkaller.appspotmail.com
    Signed-off-by: 's avatarMiklos Szeredi <mszeredi@redhat.com>
    Cc: <stable@vger.kernel.org> #v2.6.36
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    d180feed
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
acl.c Loading commit data...
control.c Loading commit data...
cuse.c Loading commit data...
dev.c Loading commit data...
dir.c Loading commit data...
file.c Loading commit data...
fuse_i.h Loading commit data...
inode.c Loading commit data...
xattr.c Loading commit data...