Re: [PATCH 1/7] fuse: Check for fc->connected in fuse_dev_alloc()

[Kirill Tkhai <ktkhai@virtuozzo.com>]

On 18.01.2019 15:07, Miklos Szeredi wrote:
> On Tue, Jan 15, 2019 at 11:19 AM Kirill Tkhai <ktkhai@virtuozzo.com> wrote:
>>
>> fuse_dev_alloc() may be called after fc->connected
>> is dropped (from ioctl), so here we add sanity check
>> for that case.
> 
> AFAICS this is not fixing a bug; i.e. even if the fuse_dev is added to
> the fuse_conn's list after disconnection there would be no leak.
> 
> In other words, it's irrelevant whether the connection reset comes
> just before the ioctl completes or just after.   Or am I missing
> something?

Yeah, there won't be a leak. The only problem I see, userspace daemon
may become waiting in fuse_dev_do_read() after abort is finished.
This means fc->count won't be put, and manual killing signal will be
needed.

I.e., umount -f will wait till the daemon is killed manually.
Not so big a problem, but not very pleasant...

Kirill

>>
>> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
>> ---
>>  fs/fuse/inode.c |    9 +++++++++
>>  1 file changed, 9 insertions(+)
>>
>> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
>> index 336844d0eb3a..0361a3d62356 100644
>> --- a/fs/fuse/inode.c
>> +++ b/fs/fuse/inode.c
>> @@ -1054,10 +1054,19 @@ struct fuse_dev *fuse_dev_alloc(struct fuse_conn *fc)
>>         fuse_pqueue_init(&fud->pq);
>>
>>         spin_lock(&fc->lock);
>> +       if (!fc->connected) {
>> +               spin_unlock(&fc->lock);
>> +               goto out_put;
>> +       }
>>         list_add_tail(&fud->entry, &fc->devices);
>>         spin_unlock(&fc->lock);
>>
>>         return fud;
>> +out_put:
>> +       fuse_conn_put(fc);
>> +       kfree(pq);
>> +       kfree(fud);
>> +       return NULL;
>>  }
>>  EXPORT_SYMBOL_GPL(fuse_dev_alloc);
>>
>>