From a98af7723085e245da0a6bbda41f993a37d7e40e Mon Sep 17 00:00:00 2001 From: Alessio Balsini Date: Fri, 5 Feb 2021 10:58:49 +0000 Subject: [PATCH] FROMLIST: fuse: Fix crediantials leak in passthrough read_iter If the system doesn't have enough memory when fuse_passthrough_read_iter is requested in asynchronous IO, an error is directly returned without restoring the caller's credentials. Fix by always ensuring credentials are restored. Fixes: aa29f32988c1f84c96e2457b049dea437601f2cc ("FROMLIST: fuse: Use daemon creds in passthrough mode") Link: https://lore.kernel.org/lkml/YB0qPHVORq7bJy6G@google.com/ Reported-by: Peng Tao Signed-off-by: Alessio Balsini Signed-off-by: Alessio Balsini Change-Id: I4aff43f5dd8ddab2cc8871cd9f81438963ead5b6 --- fs/fuse/passthrough.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/fuse/passthrough.c b/fs/fuse/passthrough.c index e55aa8d02317..2190332082ec 100644 --- a/fs/fuse/passthrough.c +++ b/fs/fuse/passthrough.c @@ -81,8 +81,10 @@ ssize_t fuse_passthrough_read_iter(struct kiocb *iocb_fuse, struct fuse_aio_req *aio_req; aio_req = kmalloc(sizeof(struct fuse_aio_req), GFP_KERNEL); - if (!aio_req) - return -ENOMEM; + if (!aio_req) { + ret = -ENOMEM; + goto out; + } aio_req->iocb_fuse = iocb_fuse; kiocb_clone(&aio_req->iocb, iocb_fuse, passthrough_filp); @@ -91,6 +93,7 @@ ssize_t fuse_passthrough_read_iter(struct kiocb *iocb_fuse, if (ret != -EIOCBQUEUED) fuse_aio_cleanup_handler(aio_req); } +out: revert_creds(old_cred); return ret;