]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - fs/fuse/dev.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fuse: Fix use-after-free in fuse_dev_do_read()
[mirror_ubuntu-bionic-kernel.git] / fs / fuse / dev.c
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index d925d81e15259b93cfe5993542600cfafeb156d7..8ce3f1bead24c59295ba9595bf30a4c7e0698b8f 100644 (file)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1316,12 +1316,14 @@ static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
                goto out_end;
        }
        list_move_tail(&req->list, &fpq->processing);
+       __fuse_get_request(req);
        spin_unlock(&fpq->lock);
        set_bit(FR_SENT, &req->flags);
        /* matches barrier in request_wait_answer() */
        smp_mb__after_atomic();
        if (test_bit(FR_INTERRUPTED, &req->flags))
                queue_interrupt(fiq, req);
+       fuse_put_request(fc, req);
 
        return reqsize;
 
ubuntu-bionic-kernel mirror