From af57c73304b8a23c6ca0e1aebf4ce49071ac784a Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Thu, 20 Jun 2013 11:43:02 +0200 Subject: libfuse: fix multiple close of device fd - fuse_kern_unmount closes handle (e.g. 19) - a thread in my process opens a file - the OS assigns newly freed handle (i.e. 19) - fuse_kern_chan_destroy closes the same handle (i.e. 19) - a thread in my process opens another file - the OS assigns newly freed handle (i.e. 19) - * MAYHEM * Reported by Dan Greenfield --- lib/mount.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'lib/mount.c') diff --git a/lib/mount.c b/lib/mount.c index 4f74841..d7ba571 100644 --- a/lib/mount.c +++ b/lib/mount.c @@ -294,23 +294,24 @@ void fuse_kern_unmount(const char *mountpoint, int fd) int res; int pid; - if (!mountpoint) - return; - if (fd != -1) { struct pollfd pfd; pfd.fd = fd; pfd.events = 0; res = poll(&pfd, 1, 0); + + /* Need to close file descriptor, otherwise synchronous umount + would recurse into filesystem, and deadlock. + + Caller expects fuse_kern_unmount to close the fd, so close it + anyway. */ + close(fd); + /* If file poll returns POLLERR on the device file descriptor, then the filesystem is already unmounted */ if (res == 1 && (pfd.revents & POLLERR)) return; - - /* Need to close file descriptor, otherwise synchronous umount - would recurse into filesystem, and deadlock */ - close(fd); } if (geteuid() == 0) { -- cgit v1.2.3