diff options
| author | Miklos Szeredi <miklos@szeredi.hu> | 2006-04-11 01:54:59 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-04-11 09:18:49 -0400 |
| commit | 08a53cdce62d37d918530bbbf726cc01b21dc3d1 (patch) | |
| tree | 2db5e37737da91f1b2b32136e4e10ad540d8dc09 /fs/fuse/inode.c | |
| parent | ce1d5a491f0ee50560416a73faa5e4ddbab074bd (diff) | |
[PATCH] fuse: account background requests
The previous patch removed limiting the number of outstanding requests. This
patch adds a much simpler limiting, that is also compatible with file locking
operations.
A task may have at most one synchronous request allocated. So these requests
need not be otherwise limited.
However the number of background requests (release, forget, asynchronous
reads, interrupted requests) can grow indefinitely. This can be used by a
malicous user to cause FUSE to allocate arbitrary amounts of unswappable
kernel memory, denying service.
For this reason add a limit for the number of background requests, and block
allocations of new requests until the number goes bellow the limit.
Also use this mechanism to block all requests until the INIT reply is
received.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/fuse/inode.c')
| -rw-r--r-- | fs/fuse/inode.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 824ebbc428ed..fd34037b0588 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c | |||
| @@ -381,6 +381,7 @@ static struct fuse_conn *new_conn(void) | |||
| 381 | if (fc) { | 381 | if (fc) { |
| 382 | spin_lock_init(&fc->lock); | 382 | spin_lock_init(&fc->lock); |
| 383 | init_waitqueue_head(&fc->waitq); | 383 | init_waitqueue_head(&fc->waitq); |
| 384 | init_waitqueue_head(&fc->blocked_waitq); | ||
| 384 | INIT_LIST_HEAD(&fc->pending); | 385 | INIT_LIST_HEAD(&fc->pending); |
| 385 | INIT_LIST_HEAD(&fc->processing); | 386 | INIT_LIST_HEAD(&fc->processing); |
| 386 | INIT_LIST_HEAD(&fc->io); | 387 | INIT_LIST_HEAD(&fc->io); |
| @@ -392,6 +393,7 @@ static struct fuse_conn *new_conn(void) | |||
| 392 | fc->bdi.ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE; | 393 | fc->bdi.ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE; |
| 393 | fc->bdi.unplug_io_fn = default_unplug_io_fn; | 394 | fc->bdi.unplug_io_fn = default_unplug_io_fn; |
| 394 | fc->reqctr = 0; | 395 | fc->reqctr = 0; |
| 396 | fc->blocked = 1; | ||
| 395 | } | 397 | } |
| 396 | return fc; | 398 | return fc; |
| 397 | } | 399 | } |
| @@ -438,6 +440,8 @@ static void process_init_reply(struct fuse_conn *fc, struct fuse_req *req) | |||
| 438 | fc->max_write = arg->minor < 5 ? 4096 : arg->max_write; | 440 | fc->max_write = arg->minor < 5 ? 4096 : arg->max_write; |
| 439 | } | 441 | } |
| 440 | fuse_put_request(fc, req); | 442 | fuse_put_request(fc, req); |
| 443 | fc->blocked = 0; | ||
| 444 | wake_up_all(&fc->blocked_waitq); | ||
| 441 | } | 445 | } |
| 442 | 446 | ||
| 443 | static void fuse_send_init(struct fuse_conn *fc, struct fuse_req *req) | 447 | static void fuse_send_init(struct fuse_conn *fc, struct fuse_req *req) |