aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-01-26 12:49:22 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-26 12:49:22 -0500
commit2d07d4d1bba3b141941682fa36cacbe12bbb143b (patch)
tree7f64f9870c60382e3df33ba795098b5142c9d7d1
parent3386c05bdbd3e60ca7158253442f0a00133db28e (diff)
parentf6d47a1761896dcd89e3184399a8962dff17267d (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix poll notify fuse: destroy bdi on umount fuse: fuse_fill_super error handling cleanup fuse: fix missing fput on error fuse: fix NULL deref in fuse_file_alloc()
-rw-r--r--fs/fuse/dev.c16
-rw-r--r--fs/fuse/file.c2
-rw-r--r--fs/fuse/inode.c30
3 files changed, 30 insertions, 18 deletions
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index e0c7ada08a1f..ba76b68c52ff 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -281,7 +281,8 @@ __releases(&fc->lock)
281 fc->blocked = 0; 281 fc->blocked = 0;
282 wake_up_all(&fc->blocked_waitq); 282 wake_up_all(&fc->blocked_waitq);
283 } 283 }
284 if (fc->num_background == FUSE_CONGESTION_THRESHOLD) { 284 if (fc->num_background == FUSE_CONGESTION_THRESHOLD &&
285 fc->connected) {
285 clear_bdi_congested(&fc->bdi, READ); 286 clear_bdi_congested(&fc->bdi, READ);
286 clear_bdi_congested(&fc->bdi, WRITE); 287 clear_bdi_congested(&fc->bdi, WRITE);
287 } 288 }
@@ -825,16 +826,21 @@ static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
825 struct fuse_copy_state *cs) 826 struct fuse_copy_state *cs)
826{ 827{
827 struct fuse_notify_poll_wakeup_out outarg; 828 struct fuse_notify_poll_wakeup_out outarg;
828 int err; 829 int err = -EINVAL;
829 830
830 if (size != sizeof(outarg)) 831 if (size != sizeof(outarg))
831 return -EINVAL; 832 goto err;
832 833
833 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 834 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
834 if (err) 835 if (err)
835 return err; 836 goto err;
836 837
838 fuse_copy_finish(cs);
837 return fuse_notify_poll_wakeup(fc, &outarg); 839 return fuse_notify_poll_wakeup(fc, &outarg);
840
841err:
842 fuse_copy_finish(cs);
843 return err;
838} 844}
839 845
840static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code, 846static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
@@ -845,6 +851,7 @@ static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
845 return fuse_notify_poll(fc, size, cs); 851 return fuse_notify_poll(fc, size, cs);
846 852
847 default: 853 default:
854 fuse_copy_finish(cs);
848 return -EINVAL; 855 return -EINVAL;
849 } 856 }
850} 857}
@@ -923,7 +930,6 @@ static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
923 */ 930 */
924 if (!oh.unique) { 931 if (!oh.unique) {
925 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs); 932 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs);
926 fuse_copy_finish(&cs);
927 return err ? err : nbytes; 933 return err ? err : nbytes;
928 } 934 }
929 935
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index e8162646a9b5..d9fdb7cec538 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(struct fuse_conn *fc)
54 ff->reserved_req = fuse_request_alloc(); 54 ff->reserved_req = fuse_request_alloc();
55 if (!ff->reserved_req) { 55 if (!ff->reserved_req) {
56 kfree(ff); 56 kfree(ff);
57 ff = NULL; 57 return NULL;
58 } else { 58 } else {
59 INIT_LIST_HEAD(&ff->write_entry); 59 INIT_LIST_HEAD(&ff->write_entry);
60 atomic_set(&ff->count, 0); 60 atomic_set(&ff->count, 0);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 47c96fdca1ac..459b73dd45e1 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_block *sb)
292 list_del(&fc->entry); 292 list_del(&fc->entry);
293 fuse_ctl_remove_conn(fc); 293 fuse_ctl_remove_conn(fc);
294 mutex_unlock(&fuse_mutex); 294 mutex_unlock(&fuse_mutex);
295 bdi_destroy(&fc->bdi);
295 fuse_conn_put(fc); 296 fuse_conn_put(fc);
296} 297}
297 298
@@ -532,7 +533,6 @@ void fuse_conn_put(struct fuse_conn *fc)
532 if (fc->destroy_req) 533 if (fc->destroy_req)
533 fuse_request_free(fc->destroy_req); 534 fuse_request_free(fc->destroy_req);
534 mutex_destroy(&fc->inst_mutex); 535 mutex_destroy(&fc->inst_mutex);
535 bdi_destroy(&fc->bdi);
536 fc->release(fc); 536 fc->release(fc);
537 } 537 }
538} 538}
@@ -805,16 +805,18 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
805 int err; 805 int err;
806 int is_bdev = sb->s_bdev != NULL; 806 int is_bdev = sb->s_bdev != NULL;
807 807
808 err = -EINVAL;
808 if (sb->s_flags & MS_MANDLOCK) 809 if (sb->s_flags & MS_MANDLOCK)
809 return -EINVAL; 810 goto err;
810 811
811 if (!parse_fuse_opt((char *) data, &d, is_bdev)) 812 if (!parse_fuse_opt((char *) data, &d, is_bdev))
812 return -EINVAL; 813 goto err;
813 814
814 if (is_bdev) { 815 if (is_bdev) {
815#ifdef CONFIG_BLOCK 816#ifdef CONFIG_BLOCK
817 err = -EINVAL;
816 if (!sb_set_blocksize(sb, d.blksize)) 818 if (!sb_set_blocksize(sb, d.blksize))
817 return -EINVAL; 819 goto err;
818#endif 820#endif
819 } else { 821 } else {
820 sb->s_blocksize = PAGE_CACHE_SIZE; 822 sb->s_blocksize = PAGE_CACHE_SIZE;
@@ -826,20 +828,22 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
826 sb->s_export_op = &fuse_export_operations; 828 sb->s_export_op = &fuse_export_operations;
827 829
828 file = fget(d.fd); 830 file = fget(d.fd);
831 err = -EINVAL;
829 if (!file) 832 if (!file)
830 return -EINVAL; 833 goto err;
831 834
832 if (file->f_op != &fuse_dev_operations) 835 if (file->f_op != &fuse_dev_operations)
833 return -EINVAL; 836 goto err_fput;
834 837
835 fc = kmalloc(sizeof(*fc), GFP_KERNEL); 838 fc = kmalloc(sizeof(*fc), GFP_KERNEL);
839 err = -ENOMEM;
836 if (!fc) 840 if (!fc)
837 return -ENOMEM; 841 goto err_fput;
838 842
839 err = fuse_conn_init(fc, sb); 843 err = fuse_conn_init(fc, sb);
840 if (err) { 844 if (err) {
841 kfree(fc); 845 kfree(fc);
842 return err; 846 goto err_fput;
843 } 847 }
844 848
845 fc->release = fuse_free_conn; 849 fc->release = fuse_free_conn;
@@ -854,12 +858,12 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
854 err = -ENOMEM; 858 err = -ENOMEM;
855 root = fuse_get_root_inode(sb, d.rootmode); 859 root = fuse_get_root_inode(sb, d.rootmode);
856 if (!root) 860 if (!root)
857 goto err; 861 goto err_put_conn;
858 862
859 root_dentry = d_alloc_root(root); 863 root_dentry = d_alloc_root(root);
860 if (!root_dentry) { 864 if (!root_dentry) {
861 iput(root); 865 iput(root);
862 goto err; 866 goto err_put_conn;
863 } 867 }
864 868
865 init_req = fuse_request_alloc(); 869 init_req = fuse_request_alloc();
@@ -903,9 +907,11 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
903 fuse_request_free(init_req); 907 fuse_request_free(init_req);
904 err_put_root: 908 err_put_root:
905 dput(root_dentry); 909 dput(root_dentry);
906 err: 910 err_put_conn:
907 fput(file);
908 fuse_conn_put(fc); 911 fuse_conn_put(fc);
912 err_fput:
913 fput(file);
914 err:
909 return err; 915 return err;
910} 916}
911 917