The bug occurs when a filesystem client reads a directory until the end,
seeks using seekdir() to some valid non-zero position and calls
readdir(). A valid 'struct dirent *' is expected, but NULL is returned
instead. Pseudocode demonstrating the bug:
DIR *dp = opendir("some_dir");
struct dirent *de = readdir(dp);
/* Get offset of the second entry */
long offset = telldir(dp);
/* Read directory until the end */
while (de)
de = readdir(de);
seekdir(dp, offset);
de = readdir(dp);
/* de must contain the second entry, but NULL is returned instead */
The reason of the bug is that when the end of directory is reached, the
kernel calls FUSE_READDIR op with an offset at the end of directory, so
the filesystem's .readdir callback never calls the filler function, and
we end up with dh->filled set to 1. After seekdir(), FUSE_READDIR is
called again with a new offset, but this time the filesystem's .readdir
callback is never called, and an empty reply is returned.
Fix by setting dh->filled to 1 only when zero offsets are given to
filler function.
This commit is backported from the following commit in 'master' branch:
commit 5f125c5e6b
Author: Rostislav <rostislav@users.noreply.github.com>
Date: Sat Jul 21 12:57:09 2018 +0300
Fix readdir() bug when a non-zero offset is specified in filler (#269)
Linux performs the dir loop check (rename(a, a/b/c)
or rename(a/b/c, a), etc.) in kernel. Unfortunately
other systems do not perform this check (e.g. FreeBSD).
This results in a deadlock in get_path2, because libfuse
did not expect to handle such cases.
We add a check_dir_loop function that performs the dir
loop check in user mode and enable it on systems that
need it.
Mounting a FUSE file system remotely using SSH in combination with
pseudo-terminal allocation (-t), results in "Transport endpoint is
not connected" errors when trying to access the file system contents.
For example:
# ssh -t root@localhost "cmsfs-fuse /dev/disk/by-path/ccw-0.0.0190 /CMSFS"
Connection to localhost closed.
# ls /CMSFS
ls: cannot access '/CMSFS': Transport endpoint is not connected
The cmsfs-fuse main program (which can also be any other FUSE file
system) calls into the fuse_main() libfuse library function.
The fuse_main() function later calls fuse_daemonize() to fork the
daemon process to handle the FUSE file system I/O.
The fuse_daemonize() function calls fork() as usual. The child
proceeds with setsid() and then redirecting its file descriptors
to /dev/null etc. The parent process, simply exits.
The child's functions and the parent's exit creates a subtle race.
This is seen with an SSH connection. The SSH command above calls
cmsfs-fuse on an allocated pseudo-terminal device (-t option).
If the parent exits, SSH receives the command completion and closes
the connection, that means, it closes the master side of the
pseudo-terminal. This causes a HUP signal being sent to the process
group on the pseudo-terminal. At this point in time, the child might
not have completed the setsid() call and, hence, becomes terminated.
Note that fuse daemon sets up its signal handlers after fuse_daemonize()
has completed.
Even if the child has the chance to disassociate from its parent process
group to become it's own process group with setsid(), the child still
has the pseudo-terminal opened as stdin, stdout, and stderr. So the
pseudo-terminal still behave as controlling terminal and might cause a
SIGHUP at closing the the master side.
To solve the problem, the parent has to wait until the child (the fuse
daemon process) has completed its processing, that means, has become
its own process group with setsid() and closed any file descriptors
pointing to the pseudo-terminal.
Closes: #27
Reported-by: Ofer Baruch <oferba@il.ibm.com>
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Mount can be used with an "-o context=" option in order to specify a
mountpoint-wide SELinux security context different from the default context
provided by the active SELinux policy.
This is useful in order to enable users to mount multiple sshfs targets under
distinct contexts, which is my main motivation for getting this patch mainlined.
Closes: #36
Up to now, the Changelog has essentially been a (manually maintained)
copy of the git commit history. This doesn't seem to have any point
other than following the GNU coding standards. I believe it's much
better to use the Changelog to summarize the release-to-release
changes that are most important for users, so this is what we'll do
from now on.
- fuse_kern_unmount closes handle (e.g. 19)
- a thread in my process opens a file - the OS assigns newly freed
handle (i.e. 19)
- fuse_kern_chan_destroy closes the same handle (i.e. 19)
- a thread in my process opens another file - the OS assigns newly
freed handle (i.e. 19)
- * MAYHEM *
Reported by Dan Greenfield
Apparently new versions of util-linux umount return with an exit status of 1
even if the "--fake" option is recognised (despite being documented otherwise).
Check this condition and don't complain about util-linux version.
The lru list was not initialized for the "/" path. This resulted in
remove_node_lru() crashing on LOOKUP-DOTDOT.
Patch by Madan Valluri.
--
ChangeLog | 4 ++++
lib/fuse.c | 4 ++++
2 files changed, 8 insertions(+)
Patch by Ratna Manoj.
queue_element_unlock() should set ->first_locked and ->second_locked to false.
Discovered with 'fs_racer'. The assert(wnode->treelock == TREELOCK_WRITE) in
unlock_path() was hit within minutes.
Miklos: simplified patch
Due to an oversight, splice will never actually be used for i/o. Someone forgot
to #include "config.h" in lib/buffer.c (in fact almost no files include that
header). As a result, even though configure detects splice support and puts
HAVE_SPLICE in config.h, buffer.c is always compiled as if there is no splice
support.
Also add #include "config.h" to fuse.c and fuse_lowlevel.c. These currently
include it indirectly through fuse_misc.h, but we don't want to depend on that.
Reported by Matthew Gabeler-Lee
Commit 4dc7e675bb (Don't unhash name in FORGET) broke the forget logic in a
subtle way, resulting in "fuse internal error: node NNN not found" and causing
the filesystem daemon to abort.
Fix by incrementing the node refcount if nlookup goes from zero to one.
Reported by Kyle Lippincott
The failure path of try_get_path2() erronously tried to free the "path1" value
(an address on the stack) instead of the allocated string pointed to by "path1".
This caused the library to crash.
Reported by Itay Perl
mkdir_p is deprecated since automake 1.12.1 (see automake commit
7a1eb9ff9027929687f12905e131f6fda3fa6d0c).
MKDIR_P should be used instead of mkdir_p.
This is available since autoconf 2.59d (2006-06-05), by calling
AC_PROG_MKDIR_P.
The mkdir_p workaround was not working anyway for out-of-tree builds,
since the ../mkinstalldirs path would be incorrect.
When building out-of-tree, install fails since it tries to copy
mount.fuse binary from source directory.
Patch initially from Damien Thébault (SoftAtHome)
fallocate filesystem operation preallocates media space for the given file.
If fallocate returns success then any subsequent write to the given range
never fails with 'not enough space' error.
Linking to a library that uses threads requires the application to be linked
with -pthreads otherwise some pthread functions will be linked to stubs in
glibc. So move -pthread from Libs.private to Libs in fuse.pc.
Reported by Werner Fink
