Skip to content

Commit

Permalink
cuse: fix memory leak
Browse files Browse the repository at this point in the history 
The problem is that fuse_dev_alloc() acquires an extra reference to cc.fc,
and the original ref count is never dropped.

Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Fixes: cc080e9 ("fuse: introduce per-instance fuse_dev structure")
Cc: <stable@vger.kernel.org> # v4.2+
  • Loading branch information
Miklos Szeredi committed Nov 10, 2015
1 parent 6a13feb commit 2c5816b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions fs/fuse/cuse.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,8 @@ static int cuse_channel_release(struct inode *inode, struct file *file)
unregister_chrdev_region(cc->cdev->dev, 1);
cdev_del(cc->cdev);
}
/* Base reference is now owned by "fud" */
fuse_conn_put(&cc->fc);

rc = fuse_dev_release(inode, file); /* puts the base reference */

Expand Down

0 comments on commit 2c5816b

Please sign in to comment.