hulk inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9214 CVE: NA -------------------------------- When a user of MFS triggers an IO miss event for the first time, an fd is created to associate with the corresponding file. When the userspace daemon process closes the fd with a value of 0, this newly created fd may start from 0. This leads to a situation where, when the IO miss event for the same file is triggered again, an improper handling of the judgment condition causes a new fd to be created again (resulting in the original fd with a value of 0 being retained). When the daemon process exits, this causes the inode resource with fd 0 to not be properly released. Fixes: 4c5fcceb5f6b ("mfs: Add communication devie and event acquisition operations") Signed-off-by: Hongbo Li <lihongbo22@huawei.com> --- fs/mfs/cache.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/mfs/cache.c b/fs/mfs/cache.c index 83d3863de5e4..3aa7147acb93 100644 --- a/fs/mfs/cache.c +++ b/fs/mfs/cache.c @@ -21,7 +21,7 @@ static int fd_release(struct inode *inode, struct file *file) struct mfs_cache_object *object = file->private_data; down_write(&object->rwsem); - if (object->fd > 0) { + if (object->fd >= 0) { object->fd = -1; up_write(&object->rwsem); iput(object->mfs_inode); @@ -437,13 +437,13 @@ int try_hook_fd(struct mfs_event *event) int fd; down_read(&object->rwsem); - if (object->fd > 0) { + if (object->fd >= 0) { up_read(&object->rwsem); return object->fd; } up_read(&object->rwsem); down_write(&object->rwsem); - if (object->fd > 0) { + if (object->fd >= 0) { up_write(&object->rwsem); return object->fd; } -- 2.34.1