FROMLIST: fuse: Fix crediantials leak in passthrough read_iter

If the system doesn't have enough memory when fuse_passthrough_read_iter is requested in asynchronous IO, an error is directly returned without restoring the caller's credentials. Fix by always ensuring credentials are restored. Fixes: aa29f32988c1f84c96e2457b049dea437601f2cc ("FROMLIST: fuse: Use daemon creds in passthrough mode") Link: https://lore.kernel.org/lkml/YB0qPHVORq7bJy6G@google.com/ Reported-by: Peng Tao <bergwolf@gmail.com> Signed-off-by: Alessio Balsini <balsini@android.com> Signed-off-by: Alessio Balsini <balsini@google.com> Change-Id: I4aff43f5dd8ddab2cc8871cd9f81438963ead5b6
3 years ago · a98af77230
parent b63e99e16b
commit a98af77230
1 changed files with 5 additions and 2 deletions
--- a/fs/fuse/passthrough.c
+++ b/fs/fuse/passthrough.c
@ -81,8 +81,10 @@ ssize_t fuse_passthrough_read_iter(struct kiocb *iocb_fuse,
 		struct fuse_aio_req *aio_req;

 		aio_req = kmalloc(sizeof(struct fuse_aio_req), GFP_KERNEL);
-		if (!aio_req)
-			return -ENOMEM;
+		if (!aio_req) {
+			ret = -ENOMEM;
+			goto out;
+		}

 		aio_req->iocb_fuse = iocb_fuse;
 		kiocb_clone(&aio_req->iocb, iocb_fuse, passthrough_filp);
@ -91,6 +93,7 @@ ssize_t fuse_passthrough_read_iter(struct kiocb *iocb_fuse,
 		if (ret != -EIOCBQUEUED)
 			fuse_aio_cleanup_handler(aio_req);
 	}
+out:
 	revert_creds(old_cred);

 	return ret;