[patch 03/12] fuse: locking fix for nlookup

[Miklos Szeredi]

An inode could be returned by independent parallel lookups, in this
case an update of the lookup counter could be lost resulting in a
memory leak in userspace.

Signed-off-by: Miklos Szeredi <miklos@xxxxxxxxxx>

---
Index: linux/fs/fuse/dir.c
===================================================================
--- linux.orig/fs/fuse/dir.c	2006-10-16 16:06:11.000000000 +0200
+++ linux/fs/fuse/dir.c	2006-10-16 16:08:00.000000000 +0200
@@ -163,7 +163,9 @@ static int fuse_dentry_revalidate(struct
 				fuse_send_forget(fc, req, outarg.nodeid, 1);
 				return 0;
 			}
+			spin_lock(&fc->lock);
 			fi->nlookup ++;
+			spin_unlock(&fc->lock);
 		}
 		fuse_put_request(fc, req);
 		if (err || (outarg.attr.mode ^ inode->i_mode) & S_IFMT)
Index: linux/fs/fuse/inode.c
===================================================================
--- linux.orig/fs/fuse/inode.c	2006-10-16 15:57:12.000000000 +0200
+++ linux/fs/fuse/inode.c	2006-10-16 16:08:00.000000000 +0200
@@ -195,7 +195,9 @@ struct inode *fuse_iget(struct super_blo
 	}
 
 	fi = get_fuse_inode(inode);
+	spin_lock(&fc->lock);
 	fi->nlookup ++;
+	spin_unlock(&fc->lock);
 	fuse_change_attributes(inode, attr);
 	return inode;
 }

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/