summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-01-26 09:49:22 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-26 09:49:22 -0800
commit2d07d4d1bba3b141941682fa36cacbe12bbb143b (patch)
tree7f64f9870c60382e3df33ba795098b5142c9d7d1
parent3386c05bdbd3e60ca7158253442f0a00133db28e (diff)
parentf6d47a1761896dcd89e3184399a8962dff17267d (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix poll notify fuse: destroy bdi on umount fuse: fuse_fill_super error handling cleanup fuse: fix missing fput on error fuse: fix NULL deref in fuse_file_alloc()
-rw-r--r--fs/fuse/dev.c16
-rw-r--r--fs/fuse/file.c2
-rw-r--r--fs/fuse/inode.c30
3 files changed, 30 insertions, 18 deletions
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index e0c7ada08a1f..ba76b68c52ff 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -281,7 +281,8 @@ __releases(&fc->lock)
fc->blocked = 0;
wake_up_all(&fc->blocked_waitq);
}
- if (fc->num_background == FUSE_CONGESTION_THRESHOLD) {
+ if (fc->num_background == FUSE_CONGESTION_THRESHOLD &&
+ fc->connected) {
clear_bdi_congested(&fc->bdi, READ);
clear_bdi_congested(&fc->bdi, WRITE);
}
@@ -825,16 +826,21 @@ static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
struct fuse_copy_state *cs)
{
struct fuse_notify_poll_wakeup_out outarg;
- int err;
+ int err = -EINVAL;
if (size != sizeof(outarg))
- return -EINVAL;
+ goto err;
err = fuse_copy_one(cs, &outarg, sizeof(outarg));
if (err)
- return err;
+ goto err;
+ fuse_copy_finish(cs);
return fuse_notify_poll_wakeup(fc, &outarg);
+
+err:
+ fuse_copy_finish(cs);
+ return err;
}
static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
@@ -845,6 +851,7 @@ static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
return fuse_notify_poll(fc, size, cs);
default:
+ fuse_copy_finish(cs);
return -EINVAL;
}
}
@@ -923,7 +930,6 @@ static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
*/
if (!oh.unique) {
err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs);
- fuse_copy_finish(&cs);
return err ? err : nbytes;
}
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index e8162646a9b5..d9fdb7cec538 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -54,7 +54,7 @@ struct fuse_file *fuse_file_alloc(struct fuse_conn *fc)
ff->reserved_req = fuse_request_alloc();
if (!ff->reserved_req) {
kfree(ff);
- ff = NULL;
+ return NULL;
} else {
INIT_LIST_HEAD(&ff->write_entry);
atomic_set(&ff->count, 0);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 47c96fdca1ac..459b73dd45e1 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -292,6 +292,7 @@ static void fuse_put_super(struct super_block *sb)
list_del(&fc->entry);
fuse_ctl_remove_conn(fc);
mutex_unlock(&fuse_mutex);
+ bdi_destroy(&fc->bdi);
fuse_conn_put(fc);
}
@@ -532,7 +533,6 @@ void fuse_conn_put(struct fuse_conn *fc)
if (fc->destroy_req)
fuse_request_free(fc->destroy_req);
mutex_destroy(&fc->inst_mutex);
- bdi_destroy(&fc->bdi);
fc->release(fc);
}
}
@@ -805,16 +805,18 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
int err;
int is_bdev = sb->s_bdev != NULL;
+ err = -EINVAL;
if (sb->s_flags & MS_MANDLOCK)
- return -EINVAL;
+ goto err;
if (!parse_fuse_opt((char *) data, &d, is_bdev))
- return -EINVAL;
+ goto err;
if (is_bdev) {
#ifdef CONFIG_BLOCK
+ err = -EINVAL;
if (!sb_set_blocksize(sb, d.blksize))
- return -EINVAL;
+ goto err;
#endif
} else {
sb->s_blocksize = PAGE_CACHE_SIZE;
@@ -826,20 +828,22 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
sb->s_export_op = &fuse_export_operations;
file = fget(d.fd);
+ err = -EINVAL;
if (!file)
- return -EINVAL;
+ goto err;
if (file->f_op != &fuse_dev_operations)
- return -EINVAL;
+ goto err_fput;
fc = kmalloc(sizeof(*fc), GFP_KERNEL);
+ err = -ENOMEM;
if (!fc)
- return -ENOMEM;
+ goto err_fput;
err = fuse_conn_init(fc, sb);
if (err) {
kfree(fc);
- return err;
+ goto err_fput;
}
fc->release = fuse_free_conn;
@@ -854,12 +858,12 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
err = -ENOMEM;
root = fuse_get_root_inode(sb, d.rootmode);
if (!root)
- goto err;
+ goto err_put_conn;
root_dentry = d_alloc_root(root);
if (!root_dentry) {
iput(root);
- goto err;
+ goto err_put_conn;
}
init_req = fuse_request_alloc();
@@ -903,9 +907,11 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
fuse_request_free(init_req);
err_put_root:
dput(root_dentry);
- err:
- fput(file);
+ err_put_conn:
fuse_conn_put(fc);
+ err_fput:
+ fput(file);
+ err:
return err;
}