fuse: Fix oops at process_init_reply() - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Miklos Szeredi <mszeredi@redhat.com>	2018-07-26 17:13:11 +0300
committer	Miklos Szeredi <mszeredi@redhat.com>	2018-07-26 17:13:11 +0300
commit	e8f3bd773d22f488724dffb886a1618da85c2966 (patch)
tree	5edce11e41e1a089911ccfc18c1a3d941c5b3b39 /fs/fuse/fuse_i.h
parent	b8f95e5d13f5f0191dcb4b9113113d241636e7cb (diff)
download	linux-e8f3bd773d22f488724dffb886a1618da85c2966.tar.xz

fuse: Fix oops at process_init_reply()

syzbot is hitting NULL pointer dereference at process_init_reply(). This is because deactivate_locked_super() is called before response for initial request is processed. Fix this by aborting and waiting for all requests (including FUSE_INIT) before resetting fc->sb. Original patch by Tetsuo Handa <penguin-kernel@I-love.SKAURA.ne.jp>. Reported-by: syzbot <syzbot+b62f08f4d5857755e3bc@syzkaller.appspotmail.com> Fixes: e27c9d3877a0 ("fuse: fuse: add time_gran to INIT_OUT") Cc: <stable@vger.kernel.org> # v3.19 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Diffstat (limited to 'fs/fuse/fuse_i.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: