BKL does not protect against races if the task may sleep between
checking and setting a value. So move checking of file->private_data
near to setting it in fuse_fill_super().
Found by Al Viro.
Signed-off-by: Miklos Szeredi <[email protected]>
---
fs/fuse/inode.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
2e6c033a9b3a0e8b191b8d916364562a442c3955
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index fd34037..7627022 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -500,11 +500,6 @@ static int fuse_fill_super(struct super_
if (file->f_op != &fuse_dev_operations)
return -EINVAL;
- /* Setting file->private_data can't race with other mount()
- instances, since BKL is held for ->get_sb() */
- if (file->private_data)
- return -EINVAL;
-
fc = new_conn();
if (!fc)
return -ENOMEM;
@@ -540,6 +535,12 @@ static int fuse_fill_super(struct super_
if (err)
goto err_free_req;
+ /* Setting file->private_data can't race with other mount()
+ instances, since BKL is held for ->get_sb() */
+ err = -EINVAL;
+ if (file->private_data)
+ goto err_kobject_del;
+
sb->s_root = root_dentry;
fc->mounted = 1;
fc->connected = 1;
@@ -556,6 +557,8 @@ static int fuse_fill_super(struct super_
return 0;
+ err_kobject_del:
+ kobject_del(&fc->kobj);
err_free_req:
fuse_request_free(init_req);
err_put_root:
--
1.2.4
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
