render / rpms / qemu

Forked from rpms/qemu 9 months ago
Clone
Blob Blame History Raw
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon, 27 Jan 2020 19:02:08 +0000
Subject: [PATCH] virtiofsd: rename inode->refcount to inode->nlookup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reference counter plays a specific role in the FUSE protocol.  It's
not a generic object reference counter and the FUSE kernel code calls it
"nlookup".

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
(cherry picked from commit 1222f015558fc34cea02aa3a5a92de608c82cec8)
---
 tools/virtiofsd/passthrough_ll.c | 37 +++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 2d703b57e5..c819b5f782 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -99,7 +99,20 @@ struct lo_inode {
     int fd;
     bool is_symlink;
     struct lo_key key;
-    uint64_t refcount; /* protected by lo->mutex */
+
+    /*
+     * This counter keeps the inode alive during the FUSE session.
+     * Incremented when the FUSE inode number is sent in a reply
+     * (FUSE_LOOKUP, FUSE_READDIRPLUS, etc).  Decremented when an inode is
+     * released by requests like FUSE_FORGET, FUSE_RMDIR, FUSE_RENAME, etc.
+     *
+     * Note that this value is untrusted because the client can manipulate
+     * it arbitrarily using FUSE_FORGET requests.
+     *
+     * Protected by lo->mutex.
+     */
+    uint64_t nlookup;
+
     fuse_ino_t fuse_ino;
     pthread_mutex_t plock_mutex;
     GHashTable *posix_locks; /* protected by lo_inode->plock_mutex */
@@ -568,7 +581,7 @@ retry:
     if (last == path) {
         p = &lo->root;
         pthread_mutex_lock(&lo->mutex);
-        p->refcount++;
+        p->nlookup++;
         pthread_mutex_unlock(&lo->mutex);
     } else {
         *last = '\0';
@@ -786,8 +799,8 @@ static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st)
     pthread_mutex_lock(&lo->mutex);
     p = g_hash_table_lookup(lo->inodes, &key);
     if (p) {
-        assert(p->refcount > 0);
-        p->refcount++;
+        assert(p->nlookup > 0);
+        p->nlookup++;
     }
     pthread_mutex_unlock(&lo->mutex);
 
@@ -855,7 +868,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
         }
 
         inode->is_symlink = S_ISLNK(e->attr.st_mode);
-        inode->refcount = 1;
+        inode->nlookup = 1;
         inode->fd = newfd;
         newfd = -1;
         inode->key.ino = e->attr.st_ino;
@@ -1112,7 +1125,7 @@ static void lo_link(fuse_req_t req, fuse_ino_t ino, fuse_ino_t parent,
     }
 
     pthread_mutex_lock(&lo->mutex);
-    inode->refcount++;
+    inode->nlookup++;
     pthread_mutex_unlock(&lo->mutex);
     e.ino = inode->fuse_ino;
 
@@ -1193,9 +1206,9 @@ static void unref_inode_lolocked(struct lo_data *lo, struct lo_inode *inode,
     }
 
     pthread_mutex_lock(&lo->mutex);
-    assert(inode->refcount >= n);
-    inode->refcount -= n;
-    if (!inode->refcount) {
+    assert(inode->nlookup >= n);
+    inode->nlookup -= n;
+    if (!inode->nlookup) {
         lo_map_remove(&lo->ino_map, inode->fuse_ino);
         g_hash_table_remove(lo->inodes, &inode->key);
         if (g_hash_table_size(inode->posix_locks)) {
@@ -1216,7 +1229,7 @@ static int unref_all_inodes_cb(gpointer key, gpointer value, gpointer user_data)
     struct lo_inode *inode = value;
     struct lo_data *lo = user_data;
 
-    inode->refcount = 0;
+    inode->nlookup = 0;
     lo_map_remove(&lo->ino_map, inode->fuse_ino);
     close(inode->fd);
 
@@ -1241,7 +1254,7 @@ static void lo_forget_one(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
     }
 
     fuse_log(FUSE_LOG_DEBUG, "  forget %lli %lli -%lli\n",
-             (unsigned long long)ino, (unsigned long long)inode->refcount,
+             (unsigned long long)ino, (unsigned long long)inode->nlookup,
              (unsigned long long)nlookup);
 
     unref_inode_lolocked(lo, inode, nlookup);
@@ -2609,7 +2622,7 @@ static void setup_root(struct lo_data *lo, struct lo_inode *root)
     root->fd = fd;
     root->key.ino = stat.st_ino;
     root->key.dev = stat.st_dev;
-    root->refcount = 2;
+    root->nlookup = 2;
 }
 
 static guint lo_key_hash(gconstpointer key)