> +/* queue a fuse request and send it if a ring entry is available */
> +void fuse_uring_queue_fuse_req(struct fuse_iqueue *fiq, struct fuse_req *req)
> +{
> + struct fuse_conn *fc = req->fm->fc;
> + struct fuse_ring *ring = fc->ring;
> + struct fuse_ring_queue *queue;
> + struct fuse_ring_ent *ent = NULL;
> + int err;
> +
> + err = -EINVAL;
> + queue = fuse_uring_task_to_queue(ring);
> + if (!queue)
> + goto err;
> +
> + if (req->in.h.opcode != FUSE_NOTIFY_REPLY)
> + req->in.h.unique = fuse_get_unique(fiq);
> +
> + spin_lock(&queue->lock);
> + err = -ENOTCONN;
> + if (unlikely(queue->stopped))
> + goto err_unlock;
> +
> + ent = list_first_entry_or_null(&queue->ent_avail_queue,
> + struct fuse_ring_ent, list);
> + if (ent)
> + fuse_uring_add_req_to_ring_ent(ent, req);
> + else
> + list_add_tail(&req->list, &queue->fuse_req_queue);
> + spin_unlock(&queue->lock);
> +
> + if (ent) {
> + struct io_uring_cmd *cmd = ent->cmd;
> +
> + err = -EIO;
> + if (WARN_ON_ONCE(ent->state != FRRS_FUSE_REQ))
> + goto err;
I noticed this - this is wrong, as ent would be in nirvana state if
this condition would ever happen.
