* [PATCH] FUSE: use after free fix
@ 2005-03-04 23:08 Miklos Szeredi
0 siblings, 0 replies; only message in thread
From: Miklos Szeredi @ 2005-03-04 23:08 UTC (permalink / raw)
To: akpm; +Cc: linux-kernel
Hi Andrew!
I should have known that bragging about the stability of FUSE will get
me into trouble.
This patch fixes a use after free bug, which could in theory cause
memory corruption. It was actually found with DEBUG_PAGEALLOC by
Magnus Johansson.
Please apply.
Thanks,
Miklos
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
diff -rup linux-2.6.11-mm1/fs/fuse/dev.c linux-fuse/fs/fuse/dev.c
--- linux-2.6.11-mm1/fs/fuse/dev.c 2005-03-04 23:26:59.000000000 +0100
+++ linux-fuse/fs/fuse/dev.c 2005-03-04 23:32:36.000000000 +0100
@@ -121,12 +121,11 @@ struct fuse_req *fuse_get_request_nonint
static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
{
- if (!req->preallocated)
- fuse_request_free(req);
-
spin_lock(&fuse_lock);
if (req->preallocated)
list_add(&req->list, &fc->unused_list);
+ else
+ fuse_request_free(req);
if (fc->outstanding_debt)
fc->outstanding_debt--;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-03-05 0:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-03-04 23:08 [PATCH] FUSE: use after free fix Miklos Szeredi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).