From: Anand V. Avati <avati@gluster.com>
Date: Thu, 22 Oct 2009 13:24:52 +0000 (-0700)
Subject: fuse: prevent fuse_put_request on invalid pointer
X-Git-Tag: v2.6.27.40~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c2d3f19ba21524e0445a2e217e852bc4010d9b3;p=thirdparty%2Fkernel%2Fstable.git

fuse: prevent fuse_put_request on invalid pointer

commit f60311d5f7670d9539b424e4ed8b5c0872fc9e83 upstream.

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.

Signed-off-by: Anand V. Avati <avati@gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 0c92f15b9d520..afdde6093f512 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1005,7 +1005,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf,
 				break;
 		}
 	}
-	fuse_put_request(fc, req);
+	if (!IS_ERR(req))
+		fuse_put_request(fc, req);
 	if (res > 0) {
 		if (write)
 			fuse_write_update_size(inode, pos);