[PATCH] FUSE: use after free fix

From: Miklos Szeredi
Date: Fri Mar 04 2005 - 19:44:15 EST

Next message: Andrew Morton: "Re: [PATCH] 2.6.11-mm1 ext3 writepages support for writeback mode"
Previous message: Greg KH: "Re: [ patch 4/7] drivers/serial/jsm: new serial device driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andrew!

I should have known that bragging about the stability of FUSE will get
me into trouble.

This patch fixes a use after free bug, which could in theory cause
memory corruption. It was actually found with DEBUG_PAGEALLOC by
Magnus Johansson.

Please apply.

Thanks,
Miklos

Signed-off-by: Miklos Szeredi <miklos@xxxxxxxxxx>

diff -rup linux-2.6.11-mm1/fs/fuse/dev.c linux-fuse/fs/fuse/dev.c
--- linux-2.6.11-mm1/fs/fuse/dev.c 2005-03-04 23:26:59.000000000 +0100
+++ linux-fuse/fs/fuse/dev.c 2005-03-04 23:32:36.000000000 +0100
@@ -121,12 +121,11 @@ struct fuse_req *fuse_get_request_nonint

static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
{
- if (!req->preallocated)
- fuse_request_free(req);
-
spin_lock(&fuse_lock);
if (req->preallocated)
list_add(&req->list, &fc->unused_list);
+ else
+ fuse_request_free(req);

if (fc->outstanding_debt)
fc->outstanding_debt--;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] 2.6.11-mm1 ext3 writepages support for writeback mode"
Previous message: Greg KH: "Re: [ patch 4/7] drivers/serial/jsm: new serial device driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]