1. 21 Oct, 2021 5 commits
    • Miklos Szeredi's avatar
      fuse: clean up error exits in fuse_fill_super() · 964d32e5
      Miklos Szeredi authored
      Instead of "goto err", return error directly, since there's no error
      cleanup to do now.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      964d32e5
    • Miklos Szeredi's avatar
      fuse: always initialize sb->s_fs_info · 80019f11
      Miklos Szeredi authored
      Syzkaller reports a null pointer dereference in fuse_test_super() that is
      caused by sb->s_fs_info being NULL.
      
      This is due to the fact that fuse_fill_super() is initializing s_fs_info,
      which is too late, it's already on the fs_supers list.  The initialization
      needs to be done in sget_fc() with the sb_lock held.
      
      Move allocation of fuse_mount and fuse_conn from fuse_fill_super() into
      fuse_get_tree().
      
      After this ->kill_sb() will always be called with non-NULL ->s_fs_info,
      hence fuse_mount_destroy() can drop the test for non-NULL "fm".
      
      Reported-by: syzbot+74a15f02ccb51f398601@syzkaller.appspotmail.com
      Fixes: 5d5b74aa ("fuse: allow sharing existing sb")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      80019f11
    • Miklos Szeredi's avatar
      fuse: clean up fuse_mount destruction · c191cd07
      Miklos Szeredi authored
      1. call fuse_mount_destroy() for open coded variants
      
      2. before deactivate_locked_super() don't need fuse_mount destruction since
      that will now be done (if ->s_fs_info is not cleared)
      
      3. rearrange fuse_mount setup in fuse_get_tree_submount() so that the
      regular pattern can be used
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      c191cd07
    • Miklos Szeredi's avatar
      fuse: get rid of fuse_put_super() · a27c061a
      Miklos Szeredi authored
      The ->put_super callback is called from generic_shutdown_super() in case of
      a fully initialized sb.  This is called from kill_***_super(), which is
      called from ->kill_sb instances.
      
      Fuse uses ->put_super to destroy the fs specific fuse_mount and drop the
      reference to the fuse_conn, while it does the same on each error case
      during sb setup.
      
      This patch moves the destruction from fuse_put_super() to
      fuse_mount_destroy(), called at the end of all ->kill_sb instances.  A
      follup patch will clean up the error paths.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      a27c061a
    • Miklos Szeredi's avatar
      fuse: check s_root when destroying sb · d534d31d
      Miklos Szeredi authored
      Checking "fm" works because currently sb->s_fs_info is cleared on error
      paths; however, sb->s_root is what generic_shutdown_super() checks to
      determine whether the sb was fully initialized or not.
      
      This change will allow cleanup of sb setup error paths.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      d534d31d
  2. 18 Oct, 2021 17 commits
  3. 17 Oct, 2021 3 commits
  4. 16 Oct, 2021 15 commits