lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260116142845.422-1-luochunsheng@ustc.edu>
Date: Fri, 16 Jan 2026 22:28:43 +0800
From: Chunsheng Luo <luochunsheng@...c.edu>
To: miklos@...redi.hu
Cc: amir73il@...il.com,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Chunsheng Luo <luochunsheng@...c.edu>
Subject: [PATCH v2 0/2] fuse/passthrough: simplify daemon crash recovery

Hello maintainers and community,

This patch series addresses crash recovery issues for FUSE daemons
with passthrough support, following up on the previous RFC
discussion [1].

Problem Summary
===============
To simplify FUSE daemon crash recovery and reduce performance
overhead, passthrough backing_id information is not persisted.
However, this design choice introduces two issues when the daemon
restarts:

1. Non-persistent backing_ids prevent proper resource cleanup during
   daemon restart, potentially causing resource leaks.

2. New backing_ids allocated for the same backing file trigger -EIO
   errors due to strict pointer validation in
   fuse_inode_uncached_io_start(), even though the backing inodes
   are identical.

Changes from RFC v1
===================
Based on Amir Goldstein's suggestion, this v2 series implements:

Patch 1/2: "fuse: introduce close-all ioctl for passthrough backing
           cleanup"
  - Replaces the magic -1 value with a dedicated
    FUSE_DEV_IOC_BACKING_CLOSE_ALL ioctl for comprehensive cleanup
    during daemon restart.

Patch 2/2: "fuse: relax backing inode validation for crash recovery"
  - Drops the FOPEN_PASSTHROUGH_INODE_CACHE flag approach.
  - Modifies fuse_inode_uncached_io_start() to compare backing
    inodes instead of fuse_backing pointers, allowing safe reuse
    of identical backing files after recovery.

Testing
=======
The patches have been tested with FUSE daemon crash and recovery
scenarios on kernel 6.19-rc4, successfully resolving the -EIO
errors and backing file resource leaks.

This approach maintains the simplicity of non-persistent backing_ids
while ensuring proper recovery semantics.

Thank you for your review and previous guidance.

[1] https://lore.kernel.org/linux-fsdevel/20260115072032.402-1-luochunsheng@ustc.edu/
---
Chunsheng Luo (2):
  fuse: add ioctl to cleanup all backing files
  fuse: Relax backing file validation to compare backing inodes

 fs/fuse/backing.c         | 19 +++++++++++++++++++
 fs/fuse/dev.c             | 16 ++++++++++++++++
 fs/fuse/fuse_i.h          |  1 +
 fs/fuse/iomode.c          |  2 +-
 include/uapi/linux/fuse.h |  1 +
 5 files changed, 38 insertions(+), 1 deletion(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ