• Seth Forshee's avatar
    UBUNTU: SAUCE: (noup) fuse: Add reference counting for fuse_io_priv · 5163592d
    Seth Forshee authored
    BugLink: http://bugs.launchpad.net/bugs/1505948
    
    The 'reqs' member of fuse_io_priv serves two purposes. First is to track
    the number of oustanding async requests to the server and to signal that
    the io request is completed. The second is to be a reference count on the
    structure to know when it can be freed.
    
    For sync io requests these purposes can be at odds.  fuse_direct_IO() wants
    to block until the request is done, and since the signal is sent when
    'reqs' reaches 0 it cannot keep a reference to the object. Yet it needs to
    use the object after the userspace server has completed processing
    requests. This leads to some handshaking and special casing that it
    needlessly complicated and responsible for at least one race condition.
    
    It's much cleaner and safer to maintain a separate reference count for the
    object lifecycle and to let 'reqs' just be a count of outstanding requests
    to the userspace server. Then we can know for sure when it is safe to free
    the object without any handshaking or special cases.
    
    The catch here is that most of the time these objects are stack allocated
    and should not be freed. Initializing these objects with a single reference
    that is never released prevents accidental attempts to free the objects.
    
    Fixes: 9d5722b7 ("fuse: handle synchronous iocbs internally")
    Cc: stable@vger.kernel.org # v4.1+
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    (backported from commit 744742d6
     git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git)
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
    5163592d
cuse.c 15.5 KB