lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 29 Nov 2016 11:45:25 +0100
From:   Miklos Szeredi <miklos@...redi.hu>
To:     Miklos Szeredi <miklos@...redi.hu>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Miklos Szeredi <mszeredi@...hat.com>,
        fuse-devel <fuse-devel@...ts.sourceforge.net>
Subject: Re: [fuse-devel] fuse: feasible to distinguish between umount and abort?

On Fri, Nov 25, 2016 at 1:33 AM, Nikolaus Rath <Nikolaus@...h.org> wrote:
> On Nov 24 2016, Miklos Szeredi <miklos@...redi.hu> wrote:
>> On Thu, Nov 24, 2016 at 12:11 AM, Nikolaus Rath <Nikolaus@...h.org> wrote:
>>> Hello,
>>>
>>> Currently, both a call to umount(2) and writing "1" to
>>> /sys/fs/fuse/connections/NNN/abort will put the /dev/fuse fd into the
>>> same state: reading from it returns ENODEV, and polling on it returns
>>> POLLERR.
>>>
>>> This causes problems for filesystems that want to ensure that the
>>> mountpoint is free when they exit. If accessing the device fd gives the
>>> above errors, they have to do an additional check to determine if they
>>> still need to unmount the mountpoint. This is difficult to do without
>>> race conditions (think of someone unmounting and immediately re-starting
>>> a new filesystem instance).
>>>
>>> Would it be possible to change the behavior of the /dev/fuse fd so that
>>> userspace can distinguish between a regular umount and use of the
>>> /sys/fs/fuse abort)?
>>
>> Yes.  My proposal would be for the kernel to send FUSE_DESTROY
>> asynchronously and only return ENODEV once that request was read by
>> userspace.  Currently FUSE_DESTROY is sent synchronously for fuseblk
>> mounts, but not for plain fuse mounts.
>
> I trust that this is a good plan, but from the description I can't quite
> tell how the filesystem would make the distinction between umount/abort
> based on this. Would FUSE_DESTROY be send only for unmount, but not for
> abort?

Right.  The userspace implementation would need to be careful to
process the DESTROY message before ENODEV received in a different
thread.   Maybe instead userspace and kernel should negotiate in INIT
whether userspace wants a DESTROY or not.  If it does, then on umount
kernel sends DESTROY and does not return ENODEV.  If userspace does
not want DESTROY then it falls back to the old way of returning
ENODEV.  And on abort it would do that as well, regardless of the
negotiated DESTROY request.

>> Please file a bug somewhere.  I don't mind if kernel bugs are also
>> kept at the github project as long as they can easily be found.
>
> Already done at https://github.com/libfuse/libfuse/issues/122.

Great.

Thanks,
Miklos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ