c241aa9457
If thread A is using an inode it must not be deleted by thread B when processing a FUSE_FORGET request. The FUSE protocol itself already has a counter called nlookup that is used in FUSE_FORGET messages. We cannot trust this counter since the untrusted client can manipulate it via FUSE_FORGET messages. Introduce a new refcount to keep inodes alive for the required lifespan. lo_inode_put() must be called to release a reference. FUSE's nlookup counter holds exactly one reference so that the inode stays alive as long as the client still wants to remember it. Note that the lo_inode->is_symlink field is moved to avoid creating a hole in the struct due to struct field alignment. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> |
||
---|---|---|
.. | ||
50-qemu-virtiofsd.json.in | ||
buffer.c | ||
fuse_common.h | ||
fuse_i.h | ||
fuse_log.c | ||
fuse_log.h | ||
fuse_lowlevel.c | ||
fuse_lowlevel.h | ||
fuse_misc.h | ||
fuse_opt.c | ||
fuse_opt.h | ||
fuse_signals.c | ||
fuse_virtio.c | ||
fuse_virtio.h | ||
fuse.h | ||
helper.c | ||
Makefile.objs | ||
passthrough_helpers.h | ||
passthrough_ll.c | ||
seccomp.c | ||
seccomp.h |