fuse: fix unlocked access to processing queue
fuse_dev_release() assumes that it's the only one referencing the
fpq->processing list, but that's not true, since fuse_abort_conn() can be
doing the same without any serialization between the two.
Fixes: c3696046be
("fuse: separate pqueue for clones")
Cc: <stable@vger.kernel.org> # v4.2
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
parent
87114373ea
commit
45ff350bbd
|
@ -2150,9 +2150,15 @@ int fuse_dev_release(struct inode *inode, struct file *file)
|
|||
if (fud) {
|
||||
struct fuse_conn *fc = fud->fc;
|
||||
struct fuse_pqueue *fpq = &fud->pq;
|
||||
LIST_HEAD(to_end);
|
||||
|
||||
spin_lock(&fpq->lock);
|
||||
WARN_ON(!list_empty(&fpq->io));
|
||||
end_requests(fc, &fpq->processing);
|
||||
list_splice_init(&fpq->processing, &to_end);
|
||||
spin_unlock(&fpq->lock);
|
||||
|
||||
end_requests(fc, &to_end);
|
||||
|
||||
/* Are we the last open device? */
|
||||
if (atomic_dec_and_test(&fc->dev_count)) {
|
||||
WARN_ON(fc->iq.fasync != NULL);
|
||||
|
|
Loading…
Reference in New Issue