Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
fuse: fuse_dev_ioctl_clone() should wait for device file to be initialized
Use fuse_get_dev() not __fuse_get_dev() on the old fd, since in the case of
synchronous INIT the caller will want to wait for the device file to be
available for cloning, just like I/O wants to wait instead of returning an
error.
Fixes: dfb84c330794 ("fuse: allow synchronous FUSE_INIT")
Cc: stable@vger.kernel.org # v6.18
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+8
-11
+8
-11
fs/fuse/dev.c
+8
-11
fs/fuse/dev.c
···
2597
2597
2598
2598
static long fuse_dev_ioctl_clone(struct file *file, __u32 __user *argp)
2599
2599
{
2600
-
int res;
2601
2600
int oldfd;
2602
-
struct fuse_dev *fud = NULL;
2601
+
struct fuse_dev *fud;
2603
2602
2604
2603
if (get_user(oldfd, argp))
2605
2604
return -EFAULT;
···
2611
2612
* Check against file->f_op because CUSE
2612
2613
* uses the same ioctl handler.
2613
2614
*/
2614
-
if (fd_file(f)->f_op == file->f_op)
2615
-
fud = __fuse_get_dev(fd_file(f));
2615
+
if (fd_file(f)->f_op != file->f_op)
2616
+
return -EINVAL;
2616
2617
2617
-
res = -EINVAL;
2618
-
if (fud) {
2619
-
mutex_lock(&fuse_mutex);
2620
-
res = fuse_device_clone(fud->fc, file);
2621
-
mutex_unlock(&fuse_mutex);
2622
-
}
2618
+
fud = fuse_get_dev(fd_file(f));
2619
+
if (IS_ERR(fud))
2620
+
return PTR_ERR(fud);
2623
2621
2624
-
return res;
2622
+
guard(mutex)(&fuse_mutex);
2623
+
return fuse_device_clone(fud->fc, file);
2625
2624
}
2626
2625
2627
2626
static long fuse_dev_ioctl_backing_open(struct file *file,