peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0112-virtiofsd-fix-lo_destroy-resource-leaks.patch

1d442b
From: Stefan Hajnoczi <stefanha@redhat.com>
1d442b
Date: Mon, 27 Jan 2020 19:02:21 +0000
1d442b
Subject: [PATCH] virtiofsd: fix lo_destroy() resource leaks
1d442b
MIME-Version: 1.0
1d442b
Content-Type: text/plain; charset=UTF-8
1d442b
Content-Transfer-Encoding: 8bit
1d442b
1d442b
Now that lo_destroy() is serialized we can call unref_inode() so that
1d442b
all inode resources are freed.
1d442b
1d442b
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
1d442b
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
1d442b
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
1d442b
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
1d442b
(cherry picked from commit 28f7a3b026f231bfe8de5fed6a18a8d27b1dfcee)
1d442b
---
1d442b
 tools/virtiofsd/passthrough_ll.c | 41 ++++++++++++++++----------------
1d442b
 1 file changed, 20 insertions(+), 21 deletions(-)
1d442b
1d442b
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
1d442b
index 79b8b71a4f..eb001b9d1e 100644
1d442b
--- a/tools/virtiofsd/passthrough_ll.c
1d442b
+++ b/tools/virtiofsd/passthrough_ll.c
1d442b
@@ -1371,26 +1371,6 @@ static void unref_inode_lolocked(struct lo_data *lo, struct lo_inode *inode,
1d442b
     }
1d442b
 }
1d442b
 
1d442b
-static int unref_all_inodes_cb(gpointer key, gpointer value, gpointer user_data)
1d442b
-{
1d442b
-    struct lo_inode *inode = value;
1d442b
-    struct lo_data *lo = user_data;
1d442b
-
1d442b
-    inode->nlookup = 0;
1d442b
-    lo_map_remove(&lo->ino_map, inode->fuse_ino);
1d442b
-    close(inode->fd);
1d442b
-    lo_inode_put(lo, &inode;; /* Drop our refcount from lo_do_lookup() */
1d442b
-
1d442b
-    return TRUE;
1d442b
-}
1d442b
-
1d442b
-static void unref_all_inodes(struct lo_data *lo)
1d442b
-{
1d442b
-    pthread_mutex_lock(&lo->mutex);
1d442b
-    g_hash_table_foreach_remove(lo->inodes, unref_all_inodes_cb, lo);
1d442b
-    pthread_mutex_unlock(&lo->mutex);
1d442b
-}
1d442b
-
1d442b
 static void lo_forget_one(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
1d442b
 {
1d442b
     struct lo_data *lo = lo_data(req);
1d442b
@@ -2477,7 +2457,26 @@ static void lo_lseek(fuse_req_t req, fuse_ino_t ino, off_t off, int whence,
1d442b
 static void lo_destroy(void *userdata)
1d442b
 {
1d442b
     struct lo_data *lo = (struct lo_data *)userdata;
1d442b
-    unref_all_inodes(lo);
1d442b
+
1d442b
+    /*
1d442b
+     * Normally lo->mutex must be taken when traversing lo->inodes but
1d442b
+     * lo_destroy() is a serialized request so no races are possible here.
1d442b
+     *
1d442b
+     * In addition, we cannot acquire lo->mutex since unref_inode() takes it
1d442b
+     * too and this would result in a recursive lock.
1d442b
+     */
1d442b
+    while (true) {
1d442b
+        GHashTableIter iter;
1d442b
+        gpointer key, value;
1d442b
+
1d442b
+        g_hash_table_iter_init(&iter, lo->inodes);
1d442b
+        if (!g_hash_table_iter_next(&iter, &key, &value)) {
1d442b
+            break;
1d442b
+        }
1d442b
+
1d442b
+        struct lo_inode *inode = value;
1d442b
+        unref_inode_lolocked(lo, inode, inode->nlookup);
1d442b
+    }
1d442b
 }
1d442b
 
1d442b
 static struct fuse_lowlevel_ops lo_oper = {