From 77cd9d488b32d19be852ad4d310ef13701557d61 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@suse.cz>
Date: Wed, 1 Jul 2015 16:26:06 +0200
Subject: [PATCH] fuse: add req flag for private list

When an unlocked request is aborted, it is moved from fpq->io to a private
list.  Then, after unlocking fpq->lock, the private list is processed and
the requests are finished off.

To protect the private list, we need to mark the request with a flag, so if
in the meantime the request is unlocked the list is not corrupted.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Reviewed-by: Ashish Samant <ashish.samant@oracle.com>
---
 fs/fuse/dev.c    | 10 +++++++---
 fs/fuse/fuse_i.h |  2 ++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 32e0e74e8f4d..7f37e55edc0e 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1328,7 +1328,8 @@ static ssize_t fuse_dev_do_read(struct fuse_conn *fc, struct file *file,
 	return reqsize;
 
 out_end:
-	list_del_init(&req->list);
+	if (!test_bit(FR_PRIVATE, &req->flags))
+		list_del_init(&req->list);
 	spin_unlock(&fpq->lock);
 	request_end(fc, req);
 	return err;
@@ -1945,7 +1946,8 @@ static ssize_t fuse_dev_do_write(struct fuse_conn *fc,
 		err = -ENOENT;
 	else if (err)
 		req->out.h.error = -EIO;
-	list_del_init(&req->list);
+	if (!test_bit(FR_PRIVATE, &req->flags))
+		list_del_init(&req->list);
 	spin_unlock(&fpq->lock);
 	request_end(fc, req);
 
@@ -2149,8 +2151,10 @@ void fuse_abort_conn(struct fuse_conn *fc)
 			req->out.h.error = -ECONNABORTED;
 			spin_lock(&req->waitq.lock);
 			set_bit(FR_ABORTED, &req->flags);
-			if (!test_bit(FR_LOCKED, &req->flags))
+			if (!test_bit(FR_LOCKED, &req->flags)) {
+				set_bit(FR_PRIVATE, &req->flags);
 				list_move(&req->list, &to_end1);
+			}
 			spin_unlock(&req->waitq.lock);
 		}
 		list_splice_init(&fpq->processing, &to_end2);
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index ad3799e57efd..a9507fd97d5e 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -269,6 +269,7 @@ struct fuse_io_priv {
  * FR_PENDING:		request is not yet in userspace
  * FR_SENT:		request is in userspace, waiting for an answer
  * FR_FINISHED:		request is finished
+ * FR_PRIVATE:		request is on private list
  */
 enum fuse_req_flag {
 	FR_ISREPLY,
@@ -281,6 +282,7 @@ enum fuse_req_flag {
 	FR_PENDING,
 	FR_SENT,
 	FR_FINISHED,
+	FR_PRIVATE,
 };
 
 /**
-- 
2.20.1