Skip to content

Commit 7e6d869

Browse files
torvaldstorvalds
committed
Merge tag 'fuse-fixes-5.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse fix from Miklos Szeredi: "Fix an Oops introduced in v5.4" * tag 'fuse-fixes-5.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix stack use after return
2 parents 2af8217 + 3e8cb8b commit 7e6d869

File tree

2 files changed

+5
-3
lines changed

2 files changed

+5
-3
lines changed

fs/fuse/dev.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -276,12 +276,10 @@ static void flush_bg_queue(struct fuse_conn *fc)
276276
void fuse_request_end(struct fuse_conn *fc, struct fuse_req *req)
277277
{
278278
struct fuse_iqueue *fiq = &fc->iq;
279-
bool async;
280279

281280
if (test_and_set_bit(FR_FINISHED, &req->flags))
282281
goto put_request;
283282

284-
async = req->args->end;
285283
/*
286284
* test_and_set_bit() implies smp_mb() between bit
287285
* changing and below intr_entry check. Pairs with
@@ -324,7 +322,7 @@ void fuse_request_end(struct fuse_conn *fc, struct fuse_req *req)
324322
wake_up(&req->waitq);
325323
}
326324

327-
if (async)
325+
if (test_bit(FR_ASYNC, &req->flags))
328326
req->args->end(fc, req->args, req->out.h.error);
329327
put_request:
330328
fuse_put_request(fc, req);
@@ -471,6 +469,8 @@ static void fuse_args_to_req(struct fuse_req *req, struct fuse_args *args)
471469
req->in.h.opcode = args->opcode;
472470
req->in.h.nodeid = args->nodeid;
473471
req->args = args;
472+
if (args->end)
473+
__set_bit(FR_ASYNC, &req->flags);
474474
}
475475

476476
ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args)

fs/fuse/fuse_i.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,7 @@ struct fuse_io_priv {
301301
* FR_SENT: request is in userspace, waiting for an answer
302302
* FR_FINISHED: request is finished
303303
* FR_PRIVATE: request is on private list
304+
* FR_ASYNC: request is asynchronous
304305
*/
305306
enum fuse_req_flag {
306307
FR_ISREPLY,
@@ -314,6 +315,7 @@ enum fuse_req_flag {
314315
FR_SENT,
315316
FR_FINISHED,
316317
FR_PRIVATE,
318+
FR_ASYNC,
317319
};
318320

319321
/**

0 commit comments

Comments
 (0)