On 12/12/19 5:38 PM, Dr. David Alan Gilbert (git) wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
>
> This reference counter plays a specific role in the FUSE protocol. It's
> not a generic object reference counter and the FUSE kernel code calls it
> "nlookup".
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> tools/virtiofsd/passthrough_ll.c | 37 +++++++++++++++++++++-----------
> 1 file changed, 25 insertions(+), 12 deletions(-)
>
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index 7663e574d8..b19c9ee328 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -101,7 +101,20 @@ struct lo_inode {
> int fd;
> bool is_symlink;
> struct lo_key key;
> - uint64_t refcount; /* protected by lo->mutex */
> +
> + /*
> + * This counter keeps the inode alive during the FUSE session.
> + * Incremented when the FUSE inode number is sent in a reply
> + * (FUSE_LOOKUP, FUSE_READDIRPLUS, etc). Decremented when an inode is
> + * released by requests like FUSE_FORGET, FUSE_RMDIR, FUSE_RENAME, etc.
> + *
> + * Note that this value is untrusted because the client can manipulate
> + * it arbitrarily using FUSE_FORGET requests.
> + *
> + * Protected by lo->mutex.
> + */
> + uint64_t nlookup;
> +
> fuse_ino_t fuse_ino;
> pthread_mutex_t plock_mutex;
> GHashTable *posix_locks; /* protected by lo_inode->plock_mutex */
> @@ -570,7 +583,7 @@ retry:
> if (last == path) {
> p = &lo->root;
> pthread_mutex_lock(&lo->mutex);
> - p->refcount++;
> + p->nlookup++;
> pthread_mutex_unlock(&lo->mutex);
> } else {
> *last = '\0';
> @@ -788,8 +801,8 @@ static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st)
> pthread_mutex_lock(&lo->mutex);
> p = g_hash_table_lookup(lo->inodes, &key);
> if (p) {
> - assert(p->refcount > 0);
> - p->refcount++;
> + assert(p->nlookup > 0);
> + p->nlookup++;
> }
> pthread_mutex_unlock(&lo->mutex);
>
> @@ -857,7 +870,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
> }
>
> inode->is_symlink = S_ISLNK(e->attr.st_mode);
> - inode->refcount = 1;
> + inode->nlookup = 1;
> inode->fd = newfd;
> newfd = -1;
> inode->key.ino = e->attr.st_ino;
> @@ -1097,7 +1110,7 @@ static void lo_link(fuse_req_t req, fuse_ino_t ino, fuse_ino_t parent,
> }
>
> pthread_mutex_lock(&lo->mutex);
> - inode->refcount++;
> + inode->nlookup++;
> pthread_mutex_unlock(&lo->mutex);
> e.ino = inode->fuse_ino;
>
> @@ -1226,9 +1239,9 @@ static void unref_inode_lolocked(struct lo_data *lo, struct lo_inode *inode,
> }
>
> pthread_mutex_lock(&lo->mutex);
> - assert(inode->refcount >= n);
> - inode->refcount -= n;
> - if (!inode->refcount) {
> + assert(inode->nlookup >= n);
> + inode->nlookup -= n;
> + if (!inode->nlookup) {
> lo_map_remove(&lo->ino_map, inode->fuse_ino);
> g_hash_table_remove(lo->inodes, &inode->key);
> if (g_hash_table_size(inode->posix_locks)) {
> @@ -1249,7 +1262,7 @@ static int unref_all_inodes_cb(gpointer key, gpointer value, gpointer user_data)
> struct lo_inode *inode = value;
> struct lo_data *lo = user_data;
>
> - inode->refcount = 0;
> + inode->nlookup = 0;
> lo_map_remove(&lo->ino_map, inode->fuse_ino);
> close(inode->fd);
>
> @@ -1274,7 +1287,7 @@ static void lo_forget_one(fuse_req_t req, fuse_ino_t ino, uint64_t nlookup)
> }
>
> fuse_log(FUSE_LOG_DEBUG, " forget %lli %lli -%lli\n",
> - (unsigned long long)ino, (unsigned long long)inode->refcount,
> + (unsigned long long)ino, (unsigned long long)inode->nlookup,
> (unsigned long long)nlookup);
>
> unref_inode_lolocked(lo, inode, nlookup);
> @@ -2642,7 +2655,7 @@ static void setup_root(struct lo_data *lo, struct lo_inode *root)
> root->fd = fd;
> root->key.ino = stat.st_ino;
> root->key.dev = stat.st_dev;
> - root->refcount = 2;
> + root->nlookup = 2;
> }
>
> static guint lo_key_hash(gconstpointer key)
>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>