| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250729233854.GV2672029@frogsfrogsfrogs> Date: Tue, 29 Jul 2025 16:38:54 -0700 From: "Darrick J. Wong" <djwong@...nel.org> To: Luis Henriques <luis@...lia.com> Cc: Miklos Szeredi <miklos@...redi.hu>, Bernd Schubert <bschubert@....com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC] Another take at restarting FUSE servers On Tue, Jul 29, 2025 at 02:56:02PM +0100, Luis Henriques wrote: > Hi! > > I know this has been discussed several times in several places, and the > recent(ish) addition of NOTIFY_RESEND is an important step towards being > able to restart a user-space FUSE server. > > While looking at how to restart a server that uses the libfuse lowlevel > API, I've created an RFC pull request [1] to understand whether adding > support for this operation would be something acceptable in the project. Just speaking for fuse2fs here -- that would be kinda nifty if libfuse could restart itself. It's unclear if doing so will actually enable us to clear the condition that caused the failure in the first place, but I suppose fuse2fs /does/ have e2fsck -fy at hand. So maybe restarts aren't totally crazy. > The PR doesn't do anything sophisticated, it simply hacks into the opaque > libfuse data structures so that a server could set some of the sessions' > fields. > > So, a FUSE server simply has to save the /dev/fuse file descriptor and > pass it to libfuse while recovering, after a restart or a crash. The > mentioned NOTIFY_RESEND should be used so that no requests are lost, of > course. And there are probably other data structures that user-space file > systems will have to keep track as well, so that everything can be > restored. (The parameters set in the INIT phase, for example.) Yeah, I don't know how that would work in practice. Would the kernel send back the old connection flags and whatnot via some sort of FUSE_REINIT request, and the fuse server can either decide that it will try to recover, or just bail out? > But, from the discussion with Bernd in the PR, one of the things that > would be good to have is for the kernel to send back to user-space the > information about the inodes it already knows about. > > I have been playing with this idea with a patch that simply sends out > LOOKUPs for each of these inodes. This could be done through a new > NOTIFY_RESEND_INODES, or maybe it could be an extra operation added to the > already existing NOTIFY_RESEND. I have no idea if NOTIFY_RESEND already does this, but you'd probably want to purge all the unreferenced dentries/inodes to reduce the amount of re-querying. I gather that any fuse server that wants to reboot itself would either have to persist what the nodeids map to, or otherwise stabilize them? For example, fuse2fs could set the nodeid to match the ext2 inode numbers. Then reconnecting them wouldn't be too hard. > Anyway, before spending any more time with this, I wanted to ask whether > this is something that could be acceptable in the kernel, if people think > a different approach should be followed, or if I'm simply trying to solve > the wrong problem. > > Thanks in advance for any feedback on this. > > [1] https://github.com/libfuse/libfuse/pull/1219 Who calls fuse_session_reinitialize() ? --D > Cheers, > -- > Luís >
Powered by blists - more mailing lists