6 files changed, 78 insertions, 36 deletions
diff --git a/kernel/dev.c b/kernel/dev.c
index d5fb2b6..4f1e8c0 100644
--- a/kernel/dev.c
+++ b/kernel/dev.c
@@ -188,6 +188,37 @@ void fuse_release_background(struct fuse_req *req)
 	spin_unlock(&fuse_lock);
 }
 
+static void process_init_reply(struct fuse_conn *fc, struct fuse_req *req)
+{
+	int i;
+	struct fuse_init_out *arg = &req->misc.init_out;
+
+	if (arg->major != FUSE_KERNEL_VERSION)
+		fc->conn_error = 1;
+	else {
+		fc->minor = arg->minor;
+		if (fc->minor >= 5) {
+			fc->name_max = arg->name_max;
+			fc->symlink_max = arg->symlink_max;
+			fc->xattr_size_max = arg->xattr_size_max;
+			fc->max_write = arg->max_write;
+		} else {
+			/* Old fix values */
+			fc->name_max = 1024;
+			fc->symlink_max = 4096;
+			fc->xattr_size_max = 4096;
+			fc->max_write = 4096;
+		}
+	}
+
+	/* After INIT reply is received other requests can go
+	   out.  So do (FUSE_MAX_OUTSTANDING - 1) number of
+	   up()s on outstanding_sem.  The last up() is done in
+	   fuse_putback_request() */
+	for (i = 1; i < FUSE_MAX_OUTSTANDING; i++)
+		up(&fc->outstanding_sem);
+}
+
 /*
  * This function is called when a request is finished.  Either a reply
  * has arrived or it was interrupted (and not yet sent) or some error
@@ -212,21 +243,9 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req)
 		up_read(&fc->sbput_sem);
 	}
 	wake_up(&req->waitq);
-	if (req->in.h.opcode == FUSE_INIT) {
-		int i;
-
-		if (req->misc.init_in_out.major != FUSE_KERNEL_VERSION)
-			fc->conn_error = 1;
-
-		fc->minor = req->misc.init_in_out.minor;
-
-		/* After INIT reply is received other requests can go
-		   out.  So do (FUSE_MAX_OUTSTANDING - 1) number of
-		   up()s on outstanding_sem.  The last up() is done in
-		   fuse_putback_request() */
-		for (i = 1; i < FUSE_MAX_OUTSTANDING; i++)
-			up(&fc->outstanding_sem);
-	} else if (req->in.h.opcode == FUSE_RELEASE && req->inode == NULL) {
+	if (req->in.h.opcode == FUSE_INIT)
+		process_init_reply(fc, req);
+	else if (req->in.h.opcode == FUSE_RELEASE && req->inode == NULL) {
 		/* Special case for failed iget in CREATE */
 		u64 nodeid = req->in.h.nodeid;
 		__fuse_get_request(req);
@@ -399,7 +418,7 @@ void fuse_send_init(struct fuse_conn *fc)
 	/* This is called from fuse_read_super() so there's guaranteed
 	   to be a request available */
 	struct fuse_req *req = do_get_request(fc);
-	struct fuse_init_in_out *arg = &req->misc.init_in_out;
+	struct fuse_init_in *arg = &req->misc.init_in;
 	arg->major = FUSE_KERNEL_VERSION;
 	arg->minor = FUSE_KERNEL_MINOR_VERSION;
 	req->in.h.opcode = FUSE_INIT;
@@ -407,8 +426,12 @@ void fuse_send_init(struct fuse_conn *fc)
 	req->in.args[0].size = sizeof(*arg);
 	req->in.args[0].value = arg;
 	req->out.numargs = 1;
-	req->out.args[0].size = sizeof(*arg);
-	req->out.args[0].value = arg;
+	/* Variable length arguement used for backward compatibility
+	   with interface version < 7.5.  Rest of init_out is zeroed
+	   by do_get_request(), so a short reply is not a problem */
+	req->out.argvar = 1;
+	req->out.args[0].size = sizeof(struct fuse_init_out);
+	req->out.args[0].value = &req->misc.init_out;
 	request_send_background(fc, req);
 }
 
diff --git a/kernel/dir.c b/kernel/dir.c
index 991edcf..3258d42 100644
--- a/kernel/dir.c
+++ b/kernel/dir.c
@@ -202,7 +202,7 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
 	struct dentry *newent;
 #endif
 
-	if (entry->d_name.len > FUSE_NAME_MAX)
+	if (entry->d_name.len > fc->name_max)
 		return ERR_PTR(-ENAMETOOLONG);
 
 	req = fuse_get_request(fc);
@@ -274,7 +274,7 @@ static int fuse_create_open(struct inode *dir, struct dentry *entry, int mode,
 		goto out;
 
 	err = -ENAMETOOLONG;
-	if (entry->d_name.len > FUSE_NAME_MAX)
+	if (entry->d_name.len > fc->name_max)
 		goto out;
 
 	err = -EINTR;
@@ -455,7 +455,7 @@ static int fuse_symlink(struct inode *dir, struct dentry *entry,
 	unsigned len = strlen(link) + 1;
 	struct fuse_req *req;
 
-	if (len > FUSE_SYMLINK_MAX)
+	if (len > fc->symlink_max)
 		return -ENAMETOOLONG;
 
 	req = fuse_get_request(fc);
@@ -561,7 +561,8 @@ static int fuse_rename(struct inode *olddir, struct dentry *oldent,
 			fuse_invalidate_attr(newdir);
 
 		/* newent will end up negative */
-		fuse_invalidate_entry_cache(newent);
+		if (newent->d_inode)
+			fuse_invalidate_entry_cache(newent);
 	} else if (err == -EINTR) {
 		/* If request was interrupted, DEITY only knows if the
 		   rename actually took place.  If the invalidation
@@ -798,11 +799,13 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
 static int parse_dirfile(char *buf, size_t nbytes, struct file *file,
 			 void *dstbuf, filldir_t filldir)
 {
+	struct fuse_conn *fc = get_fuse_conn(file->f_dentry->d_inode);
+
 	while (nbytes >= FUSE_NAME_OFFSET) {
 		struct fuse_dirent *dirent = (struct fuse_dirent *) buf;
 		size_t reclen = FUSE_DIRENT_SIZE(dirent);
 		int over;
-		if (!dirent->namelen || dirent->namelen > FUSE_NAME_MAX)
+		if (!dirent->namelen || dirent->namelen > fc->name_max)
 			return -EIO;
 		if (reclen > nbytes)
 			break;
@@ -1125,7 +1128,7 @@ static int fuse_setxattr(struct dentry *entry, const char *name,
 	struct fuse_setxattr_in inarg;
 	int err;
 
-	if (size > FUSE_XATTR_SIZE_MAX)
+	if (size > fc->xattr_size_max)
 		return -E2BIG;
 
 	if (fc->no_setxattr)
diff --git a/kernel/file.c b/kernel/file.c
index a4cc04d..2365d2e 100644
--- a/kernel/file.c
+++ b/kernel/file.c
@@ -516,7 +516,12 @@ static int fuse_commit_write(struct file *file, struct page *page,
 	struct inode *inode = page->mapping->host;
 	struct fuse_conn *fc = get_fuse_conn(inode);
 	loff_t pos = page_offset(page) + offset;
-	struct fuse_req *req = fuse_get_request(fc);
+	struct fuse_req *req;
+
+	if (count > fc->max_write)
+		return -EIO;
+
+	req = fuse_get_request(fc);
 	if (!req)
 		return -EINTR;
 
diff --git a/kernel/fuse_i.h b/kernel/fuse_i.h
index 9ae1eec..7f26b65 100644
--- a/kernel/fuse_i.h
+++ b/kernel/fuse_i.h
@@ -236,7 +236,8 @@ struct fuse_req {
 	union {
 		struct fuse_forget_in forget_in;
 		struct fuse_release_in release_in;
-		struct fuse_init_in_out init_in_out;
+		struct fuse_init_in init_in;
+		struct fuse_init_out init_out;
 	} misc;
 
 	/** page vector */
@@ -284,6 +285,15 @@ struct fuse_conn {
 	/** Maximum write size */
 	unsigned max_write;
 
+	/** Maximum path segment length */
+	unsigned name_max;
+
+	/** Maximum symbolic link size */
+	unsigned symlink_max;
+
+	/** Maximum size of xattr data */
+	unsigned xattr_size_max;
+
 	/** Readers of the connection are waiting on this */
 	wait_queue_head_t waitq;
 
diff --git a/kernel/fuse_kernel.h b/kernel/fuse_kernel.h
index e43153e..26fff13 100644
--- a/kernel/fuse_kernel.h
+++ b/kernel/fuse_kernel.h
@@ -49,7 +49,7 @@
 #define FUSE_KERNEL_VERSION 7
 
 /** Minor version number of this interface */
-#define FUSE_KERNEL_MINOR_VERSION 4
+#define FUSE_KERNEL_MINOR_VERSION 5
 
 /** The node ID of the root inode */
 #define FUSE_ROOT_ID 1
@@ -143,13 +143,6 @@ enum fuse_opcode {
 	FUSE_CREATE        = 35
 };
 
-/* Conservative buffer size for the client */
-#define FUSE_MAX_IN 8192
-
-#define FUSE_NAME_MAX 1024
-#define FUSE_SYMLINK_MAX 4096
-#define FUSE_XATTR_SIZE_MAX 4096
-
 struct fuse_entry_out {
 	__u64	nodeid;		/* Inode ID */
 	__u64	generation;	/* Inode generation: nodeid:gen must
@@ -283,9 +276,18 @@ struct fuse_access_in {
 	__u32	padding;
 };
 
-struct fuse_init_in_out {
+struct fuse_init_in {
+	__u32	major;
+	__u32	minor;
+};
+
+struct fuse_init_out {
 	__u32	major;
 	__u32	minor;
+	__u32	name_max;
+	__u32	symlink_max;
+	__u32	xattr_size_max;
+	__u32	max_write;
 };
 
 struct fuse_in_header {
diff --git a/kernel/inode.c b/kernel/inode.c
index 1d56566..8c7c7d6 100644
--- a/kernel/inode.c
+++ b/kernel/inode.c
@@ -647,7 +647,6 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
 	if (fc->max_read / PAGE_CACHE_SIZE < fc->bdi.ra_pages)
 		fc->bdi.ra_pages = fc->max_read / PAGE_CACHE_SIZE;
 #endif
-	fc->max_write = FUSE_MAX_IN / 2;
 
 	err = -ENOMEM;
 	root = get_root_inode(sb, d.rootmode);