From 8da5ff23ce0a84d9845b01e6fe5047e17836bf5a Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Tue, 17 Oct 2006 00:10:08 -0700
Subject: [PATCH] fuse: locking fix for nlookup

An inode could be returned by independent parallel lookups, in this case an
update of the lookup counter could be lost resulting in a memory leak in
userspace.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
 fs/fuse/dir.c   | 2 ++
 fs/fuse/inode.c | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'fs/fuse')

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index a8f65c11aa2..7ecfe95795c 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -163,7 +163,9 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
 				fuse_send_forget(fc, req, outarg.nodeid, 1);
 				return 0;
 			}
+			spin_lock(&fc->lock);
 			fi->nlookup ++;
+			spin_unlock(&fc->lock);
 		}
 		fuse_put_request(fc, req);
 		if (err || (outarg.attr.mode ^ inode->i_mode) & S_IFMT)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 8e106163aae..e9114237f31 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -195,7 +195,9 @@ struct inode *fuse_iget(struct super_block *sb, unsigned long nodeid,
 	}
 
 	fi = get_fuse_inode(inode);
+	spin_lock(&fc->lock);
 	fi->nlookup ++;
+	spin_unlock(&fc->lock);
 	fuse_change_attributes(inode, attr);
 	return inode;
 }
-- 
cgit v1.2.3