From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sw.ru ([185.231.240.75]:58920 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729160AbeKFSuH (ORCPT ); Tue, 6 Nov 2018 13:50:07 -0500 Subject: Re: [PATCH] fuse: Put leaked request on error path of fuse_retrieve() To: Miklos Szeredi Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <154149557692.17196.12607896696117775780.stgit@localhost.localdomain> From: Kirill Tkhai Message-ID: Date: Tue, 6 Nov 2018 12:25:47 +0300 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On 06.11.2018 12:23, Miklos Szeredi wrote: > On Tue, Nov 6, 2018 at 10:13 AM, Kirill Tkhai wrote: >> fuse_request_send_notify_reply() may fail, and this case >> it remains leaked (fuse_retrieve_end(), which is called >> on error path, does not do that). Also, fc->num_waiting, >> will never be decremented, and fuse_wait_aborted() will >> never finish. So, put the request patently. >> >> Signed-off-by: Kirill Tkhai > > Posted same patch yesterday for a syzbot report. How did you notice this? I've found this by code review. I did this last week and I have 10 patches more on different theme. I was waiting for when the merge window opens. > >> --- >> fs/fuse/dev.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c >> index ae813e609932..6fe330cc9709 100644 >> --- a/fs/fuse/dev.c >> +++ b/fs/fuse/dev.c >> @@ -1768,8 +1768,10 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode, >> req->in.args[1].size = total_len; >> >> err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique); >> - if (err) >> + if (err) { >> fuse_retrieve_end(fc, req); >> + fuse_put_request(fc, req); >> + } >> >> return err; >> } >>