diff options
author | Miklos Szeredi <mszeredi@redhat.com> | 2019-11-25 22:48:46 +0300 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2019-11-27 11:33:49 +0300 |
commit | f1ebdeffc6f325e30e0ddb9f7a70f1370fa4b851 (patch) | |
tree | a8d7d385f2201a03c01e17b9e088c1dd21b8680e /fs/fuse/file.c | |
parent | 724c15a43e2c7ac26e2d07abef99191162498fa9 (diff) | |
download | linux-f1ebdeffc6f325e30e0ddb9f7a70f1370fa4b851.tar.xz |
fuse: fix leak of fuse_io_priv
exit_aio() is sometimes stuck in wait_for_completion() after aio is issued
with direct IO and the task receives a signal.
The reason is failure to call ->ki_complete() due to a leaked reference to
fuse_io_priv. This happens in fuse_async_req_send() if
fuse_simple_background() returns an error (e.g. -EINTR).
In this case the error value is propagated via io->err, so return success
to not confuse callers.
This issue is tracked as a virtio-fs issue:
https://gitlab.com/virtio-fs/qemu/issues/14
Reported-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Fixes: 45ac96ed7c36 ("fuse: convert direct_io to simple api")
Cc: <stable@vger.kernel.org> # v5.4
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/fuse/file.c')
-rw-r--r-- | fs/fuse/file.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 795d0f24d8b4..a63d779eac10 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -713,8 +713,10 @@ static ssize_t fuse_async_req_send(struct fuse_conn *fc, ia->ap.args.end = fuse_aio_complete_req; err = fuse_simple_background(fc, &ia->ap.args, GFP_KERNEL); + if (err) + fuse_aio_complete_req(fc, &ia->ap.args, err); - return err ?: num_bytes; + return num_bytes; } static ssize_t fuse_send_read(struct fuse_io_args *ia, loff_t pos, size_t count, |