Bug 244686 - fusefs: fuse ops header's unique values aren't always unique
Summary: fusefs: fuse ops header's unique values aren't always unique
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Alan Somers
URL: https://reviews.freebsd.org/D30810
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-09 01:52 UTC by Alan Somers
Modified: 2021-07-27 17:40 UTC (History)
1 user (show)

See Also:
asomers: mfc-stable13?
asomers: mfc-stable12?
asomers: mfc-stable11-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Somers freebsd_committer 2020-03-09 01:52:00 UTC
Every FUSE operation has a unique value in its header.  As the name implies, these values are supposed to be unique among all outstanding operations.  And sine FUSE_INTERRUPT is asynchronous and racy, it is desirable that the unique values be unique among all operations that are "close in time".  But in our module, they aren't always unique.  We inadvertently reuse them during fsync, readdir, LISTXATTR, and WRITE.  The problem can be easily demonstrated like this:

cd /usr/tests/sys/fs/fusefs
> ./xattr --gtest_filter=Listxattr.user -vv
Note: Google Test filter = Listxattr.user
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from Listxattr
[ RUN      ] Listxattr.user
ACCESS      ino= 1 uid= 1000 gid= 1000 pid=  848 unique=2 len=48 buflen=48 mask=0x1
LOOKUP      ino= 1 uid= 1000 gid= 1000 pid=  848 unique=3 len=54 buflen=54 some_file.txt
LISTXATTR   ino=42 uid= 1000 gid= 1000 pid=  848 unique=4 len=48 buflen=48 size=0
LISTXATTR   ino=42 uid= 1000 gid= 1000 pid=  848 unique=4 len=48 buflen=48 size=28
[       OK ] Listxattr.user (3 ms)
[----------] 1 test from Listxattr (3 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (3 ms total)
[  PASSED  ] 1 test.


We should ensure that the value is regenerated during fdisp_refresh_vp().
Comment 1 commit-hook freebsd_committer 2020-03-09 18:47:38 UTC
A commit references this bug:

Author: tcberner
Date: Mon Mar  9 18:47:27 UTC 2020
New revision: 528119
URL: https://svnweb.freebsd.org/changeset/ports/528119

Log:
  security/amavisd-milter: Update to 1.7.0

  PR:		244686
  Submitted by:	Petr Rehor <rx@rx.cz>  (maintainer)

Changes:
  head/security/amavisd-milter/Makefile
  head/security/amavisd-milter/distinfo
  head/security/amavisd-milter/pkg-message
Comment 2 commit-hook freebsd_committer 2021-06-19 20:47:49 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5403f2c163f7e3d1adb9431d216f88d57cf9d74b

commit 5403f2c163f7e3d1adb9431d216f88d57cf9d74b
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-06-18 00:04:59 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2021-06-19 20:45:29 +0000

    fusefs: ensure that FUSE ops' headers' unique values are actually unique

    Every FUSE operation has a unique value in its header.  As the name
    implies, these values are supposed to be unique among all outstanding
    operations.  And since FUSE_INTERRUPT is asynchronous and racy, it is
    desirable that the unique values be unique among all operations that are
    "close in time".

    Ensure that they are actually unique by incrementing them whenever we
    reuse a fuse_dispatcher object, for example during fsync, write, and
    listextattr.

    PR:             244686
    MFC after:      2 weeks
    Reviewed by:    pfg
    Differential Revision: https://reviews.freebsd.org/D30810

 sys/fs/fuse/fuse_ipc.c        | 34 ++++++++++++++--------------------
 tests/sys/fs/fusefs/mockfs.cc |  9 +++++++++
 tests/sys/fs/fusefs/mockfs.hh |  3 +++
 3 files changed, 26 insertions(+), 20 deletions(-)
Comment 3 commit-hook freebsd_committer 2021-07-04 00:05:48 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=27d55441668afdab219c1f464df3ff035ff5d96c

commit 27d55441668afdab219c1f464df3ff035ff5d96c
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-06-18 00:04:59 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2021-07-04 00:05:13 +0000

    fusefs: ensure that FUSE ops' headers' unique values are actually unique

    Every FUSE operation has a unique value in its header.  As the name
    implies, these values are supposed to be unique among all outstanding
    operations.  And since FUSE_INTERRUPT is asynchronous and racy, it is
    desirable that the unique values be unique among all operations that are
    "close in time".

    Ensure that they are actually unique by incrementing them whenever we
    reuse a fuse_dispatcher object, for example during fsync, write, and
    listextattr.

    PR:             244686
    Reviewed by:    pfg
    Differential Revision: https://reviews.freebsd.org/D30810

    (cherry picked from commit 5403f2c163f7e3d1adb9431d216f88d57cf9d74b)

 sys/fs/fuse/fuse_ipc.c        | 34 ++++++++++++++--------------------
 tests/sys/fs/fusefs/mockfs.cc |  9 +++++++++
 tests/sys/fs/fusefs/mockfs.hh |  3 +++
 3 files changed, 26 insertions(+), 20 deletions(-)
Comment 4 commit-hook freebsd_committer 2021-07-27 17:34:33 UTC
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=46138f337bd803f6546d0eae8b9b0f3879ca3224

commit 46138f337bd803f6546d0eae8b9b0f3879ca3224
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-06-18 00:04:59 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2021-07-27 17:15:40 +0000

    fusefs: ensure that FUSE ops' headers' unique values are actually unique

    Every FUSE operation has a unique value in its header.  As the name
    implies, these values are supposed to be unique among all outstanding
    operations.  And since FUSE_INTERRUPT is asynchronous and racy, it is
    desirable that the unique values be unique among all operations that are
    "close in time".

    Ensure that they are actually unique by incrementing them whenever we
    reuse a fuse_dispatcher object, for example during fsync, write, and
    listextattr.

    PR:             244686
    Reviewed by:    pfg
    Differential Revision: https://reviews.freebsd.org/D30810

    (cherry picked from commit 5403f2c163f7e3d1adb9431d216f88d57cf9d74b)

 sys/fs/fuse/fuse_ipc.c        | 34 ++++++++++++++--------------------
 tests/sys/fs/fusefs/mockfs.cc |  9 +++++++++
 tests/sys/fs/fusefs/mockfs.hh |  3 +++
 3 files changed, 26 insertions(+), 20 deletions(-)