Dr. David Alan Gilbert (git) <dgilbert@redhat.com> writes:

> From: Stefan Hajnoczi <stefanha@redhat.com>
>
> If thread A is using an inode it must not be deleted by thread B when
> processing a FUSE_FORGET request.
>
> The FUSE protocol itself already has a counter called nlookup that is
> used in FUSE_FORGET messages.  We cannot trust this counter since the
> untrusted client can manipulate it via FUSE_FORGET messages.
>
> Introduce a new refcount to keep inodes alive for the required lifespan.
> lo_inode_put() must be called to release a reference.  FUSE's nlookup
> counter holds exactly one reference so that the inode stays alive as
> long as the client still wants to remember it.
>
> Note that the lo_inode->is_symlink field is moved to avoid creating a
> hole in the struct due to struct field alignment.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  tools/virtiofsd/passthrough_ll.c | 168 ++++++++++++++++++++++++++-----
>  1 file changed, 145 insertions(+), 23 deletions(-)

Reviewed-by: Sergio Lopez <slp@redhat.com>