From: Darrick J. Wong <djwong@kernel.org>
Date: Wed, 9 Jul 2025 16:52:40 +0000 (-0700)
Subject: fuse2fs: fix races in statfs
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5aeeba417fd0a6598046cd59807235db00e99908;p=thirdparty%2Fe2fsprogs.git

fuse2fs: fix races in statfs

Take the BFL in statfs so that we don't expose a torn access to
userspace.  Found via code inspection.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20250709165240.GF2672022@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---

diff --git a/misc/fuse2fs.c b/misc/fuse2fs.c
index f0250bd1..bc9fed6f 100644
--- a/misc/fuse2fs.c
+++ b/misc/fuse2fs.c
@@ -2743,8 +2743,9 @@ static int op_statfs(const char *path EXT2FS_ATTR((unused)),
 	blk64_t overhead, reserved, free;
 
 	FUSE2FS_CHECK_CONTEXT(ff);
-	fs = ff->fs;
 	dbg_printf(ff, "%s: path=%s\n", __func__, path);
+	fs = ff->fs;
+	pthread_mutex_lock(&ff->bfl);
 	buf->f_bsize = fs->blocksize;
 	buf->f_frsize = 0;
 
@@ -2777,6 +2778,7 @@ static int op_statfs(const char *path EXT2FS_ATTR((unused)),
 	if (fs->flags & EXT2_FLAG_RW)
 		buf->f_flag |= ST_RDONLY;
 	buf->f_namemax = EXT2_NAME_LEN;
+	pthread_mutex_unlock(&ff->bfl);
 
 	return 0;
 }