fuse: Add LRU dentry pruning

Implement an on-demand dentry pruning mechanism triggered by inode
count limits. When the number of inodes exceeds the configured
max_inodes limit, a delayed worker walks the dentry LRU and
invalidates dentries to reduce both dentry and inode counts.

The prune context is embedded in struct fuse_mount

The worker is initialized during FUSE_INIT if the server provides
a max_inodes value, and is properly cancelled during mount teardown
to prevent use-after-free.

This provides a unified approach to managing both inode and dentry
memory usage through a single limit

Signed-off-by: Horst Birthelmer <hbirthelmer@ddn.com>

Author: hbirth

fs/fuse/dir.c

@@ -22,6 +22,9 @@
 #include <linux/security.h>
 #include <linux/types.h>
 #include <linux/kernel.h>
+#include <linux/dcache.h>
+#include <linux/list_lru.h>
+#include <linux/workqueue.h>
 
 static bool __read_mostly allow_sys_admin_access;
 module_param(allow_sys_admin_access, bool, 0644);
@@ -2233,3 +2236,140 @@ void fuse_init_symlink(struct inode *inode)
 	inode->i_data.a_ops = &fuse_symlink_aops;
 	inode_nohighmem(inode);
 }
+
+struct fuse_prune_ctx {
+	struct dentry **dentries;
+	unsigned long count;
+	unsigned long max;
+};
+
+static enum lru_status fuse_lru_isolate(struct list_head *item,
+					 struct list_lru_one *lru,
+					 spinlock_t *lru_lock,
+					 void *arg)
+{
+	struct dentry *dentry = container_of(item, struct dentry, d_lru);
+	struct fuse_prune_ctx *ctx = arg;
+
+	if (!spin_trylock(&dentry->d_lock))
+		return LRU_SKIP;
+
+	/* Skip dentries that are in use or already unhashed */
+	if (dentry->d_lockref.count > 0 || d_unhashed(dentry)) {
+		spin_unlock(&dentry->d_lock);
+		return LRU_SKIP;
+	}
+
+	/* Skip dentries that were recently referenced - give them another chance */
+	if (dentry->d_flags & DCACHE_REFERENCED) {
+		dentry->d_flags &= ~DCACHE_REFERENCED;
+		spin_unlock(&dentry->d_lock);
+		return LRU_ROTATE;
+	}
+
+	/* Skip negative dentries - they don't have inodes to forget */
+	if (!d_inode(dentry)) {
+		spin_unlock(&dentry->d_lock);
+		return LRU_ROTATE;
+	}
+
+	/* Skip directories - d_invalidate() would recursively shrink children */
+	if (d_is_dir(dentry)) {
+		spin_unlock(&dentry->d_lock);
+		return LRU_ROTATE;
+	}
+
+	/* Check if we've collected enough dentries */
+	if (ctx->count >= ctx->max) {
+		spin_unlock(&dentry->d_lock);
+		return LRU_SKIP;
+	}
+
+	/* Grab a reference and collect this dentry for pruning */
+	dget_dlock(dentry);
+	spin_unlock(&dentry->d_lock);
+
+	ctx->dentries[ctx->count++] = dentry;
+	return LRU_ROTATE;
+}
+
+static void fuse_lru_prune_worker(struct work_struct *work)
+{
+	struct fuse_mount *fm = container_of(work, struct fuse_mount,
+					     lru_prune_work.work);
+	struct super_block *sb;
+	unsigned long i;
+
+	down_read(&fm->fc->killsb);
+	sb = fm->sb;
+	if (!sb) {
+		up_read(&fm->fc->killsb);
+		return;
+	}
+
+	fm->prune_ctx.count = 0;
+	fm->prune_ctx.max = ARRAY_SIZE(fm->prune_ctx.dentries);
+
+	if (fm->max_inodes && atomic64_read(&fm->fc->num_inodes) > fm->max_inodes) {
+		unsigned long to_scan = atomic64_read(&fm->fc->num_inodes) - fm->max_inodes;
+		list_lru_walk(&sb->s_dentry_lru, fuse_lru_isolate, &fm->prune_ctx,
+			      min(to_scan, (unsigned long)ARRAY_SIZE(fm->prune_ctx.dentries)));
+	}
+
+	up_read(&fm->fc->killsb);
+
+	/*
+	 * Invalidate dentries to free them and send FORGET to server.
+	 * We only collected non-directory dentries, so d_invalidate()
+	 * won't recursively shrink children.
+	 *
+	 * Since we're only collecting the exact excess (not being aggressive),
+	 * this should be safe and won't flood the server with FORGET requests.
+	 */
+	for (i = 0; i < fm->prune_ctx.count; i++) {
+		d_invalidate(fm->prune_ctx.dentries[i]);
+		dput(fm->prune_ctx.dentries[i]);
+	}
+
+}
+
+void fuse_lru_prune_init(struct fuse_mount *fm, unsigned long max_inodes)
+{
+	INIT_DELAYED_WORK(&fm->lru_prune_work, fuse_lru_prune_worker);
+	fm->max_inodes = max_inodes;
+}
+
+void fuse_lru_prune_stop(struct fuse_mount *fm)
+{
+	if (fm->max_inodes == 0)
+		return;
+
+	fm->max_inodes = 0;
+	cancel_delayed_work_sync(&fm->lru_prune_work);
+}
+
+void fuse_lru_prune_set_inode_limit(struct fuse_mount *fm,
+				    unsigned long max_inodes)
+{
+	WRITE_ONCE(fm->max_inodes, max_inodes);
+}
+
+bool fuse_lru_prune_trigger(struct fuse_mount *fm)
+{
+	struct super_block *sb;
+
+	if (fm->max_inodes == 0)
+		return false;
+
+	sb = READ_ONCE(fm->sb);
+	if (!sb)
+		return false;
+
+	if (fm->max_inodes > 0 &&
+	    atomic64_read(&fm->fc->num_inodes) > fm->max_inodes) {
+		mod_delayed_work(system_wq, &fm->lru_prune_work, 0);
+		return true;
+	}
+
+	return false;
+}

fs/fuse/fuse_i.h

@@ -940,6 +940,8 @@ struct fuse_conn {
 
 };
 
+#define FUSE_PRUNE_DENTRY_BATCH 512
+
 /*
  * Represents a mounted filesystem, potentially a submount.
  *
@@ -960,6 +962,17 @@ struct fuse_mount {
 	/* Entry on fc->mounts */
 	struct list_head fc_entry;
 	struct rcu_head rcu;
+
+	/* LRU pruning worker */
+	struct delayed_work lru_prune_work;
+	unsigned long max_inodes;
+
+	/* Prune context - used by the worker to collect dentries */
+	struct {
+		struct dentry *dentries[FUSE_PRUNE_DENTRY_BATCH];
+		unsigned long count;
+		unsigned long max;
+	} prune_ctx;
 };
 
 /*
@@ -1496,4 +1509,10 @@ extern void fuse_sysctl_unregister(void);
 #define fuse_sysctl_unregister()	do { } while (0)
 #endif /* CONFIG_SYSCTL */
 
+/* Unified LRU pruning for dentries and inodes (on-demand only) */
+void fuse_lru_prune_init(struct fuse_mount *fm, unsigned long max_inodes);
+void fuse_lru_prune_stop(struct fuse_mount *fm);
+void fuse_lru_prune_set_inode_limit(struct fuse_mount *fm, unsigned long max_inodes);
+bool fuse_lru_prune_trigger(struct fuse_mount *fm);
+
 #endif /* _FS_FUSE_I_H */

fs/fuse/inode.c

@@ -522,6 +522,9 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid,
 done:
 	fuse_change_attributes_i(inode, attr, NULL, attr_valid, attr_version,
 				 evict_ctr);
+
+	fuse_lru_prune_trigger(get_fuse_mount_super(sb));
+
 	return inode;
 }
 
@@ -1458,6 +1461,10 @@ static void process_init_reply(struct fuse_mount *fm, struct fuse_args *args,
 		fc->max_write = arg->minor < 5 ? 4096 : arg->max_write;
 		fc->max_write = max_t(unsigned, 4096, fc->max_write);
 		fc->conn_init = 1;
+
+		/* Initialize unified LRU pruning if inode limit is set */
+		if (arg->max_inodes > 0)
+			fuse_lru_prune_init(fm, arg->max_inodes);
 	}
 	kfree(ia);
 
@@ -2103,6 +2110,7 @@ static void fuse_sb_destroy(struct super_block *sb)
 
 void fuse_mount_destroy(struct fuse_mount *fm)
 {
+	fuse_lru_prune_stop(fm);
 	fuse_conn_put(fm->fc);
 	kfree_rcu(fm, rcu);
 }

include/uapi/linux/fuse.h

@@ -923,7 +923,8 @@ struct fuse_init_out {
 	uint32_t	max_stack_depth;
 	uint8_t		align_page_order;
 	uint8_t		padding[3];
-	uint32_t	unused[5];
+	uint32_t	max_inodes;
+	uint32_t	unused[4];
 };
 
 #define CUSE_INIT_INFO_MAX 4096