On 7/26/24 1:53 AM, Joanne Koong wrote:
> There is a race condition where inflight requests will not be aborted if
> they are in the middle of being re-sent when the connection is aborted.
>
> If fuse_resend has already moved all the requests in the fpq->processing
> lists to its private queue ("to_queue") and then the connection starts
> and finishes aborting, these requests will be added to the pending queue
> and remain on it indefinitely.
>
> Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests")
> Signed-off-by: Joanne Koong <joannelkoong@xxxxxxxxx>
> ---
> fs/fuse/dev.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
> index 9eb191b5c4de..a11461ef6022 100644
> --- a/fs/fuse/dev.c
> +++ b/fs/fuse/dev.c
> @@ -31,6 +31,8 @@ MODULE_ALIAS("devname:fuse");
>
> static struct kmem_cache *fuse_req_cachep;
>
> +static void end_requests(struct list_head *head);
> +
> static struct fuse_dev *fuse_get_dev(struct file *file)
> {
> /*
> @@ -1820,6 +1822,13 @@ static void fuse_resend(struct fuse_conn *fc)
> }
>
> spin_lock(&fiq->lock);
> + if (!fiq->connected) {
> + spin_unlock(&fiq->lock);
> + list_for_each_entry(req, &to_queue, list)
> + clear_bit(FR_PENDING, &req->flags);
> + end_requests(&to_queue);
> + return;
> + }
> /* iq and pq requests are both oldest to newest */
> list_splice(&to_queue, &fiq->pending);
> fiq->ops->wake_pending_and_unlock(fiq);
LGTM.
Reviewed-by: Jingbo Xu <jefflexu@xxxxxxxxxxxxxxxxx>
--
Thanks,
Jingbo
