Date: Thu, 28 Mar 2019 01:59:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236844] [FUSEFS] fusefs should send FUSE_OPEN for every open(2) Message-ID: <bug-236844-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236844 Bug ID: 236844 Summary: [FUSEFS] fusefs should send FUSE_OPEN for every open(2) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org The design of the fuse protocol requires the client to send FUSE_OPEN every time that a file is opened. That's necessary for two reasons: 1) Permission checks are handled by the server 2) The server may need to know what open(2) flags were used with each open = and with subsequent operations associated with that file descriptor. It uses t= he fh parameter to track that. However, FreeBSD's fuse module takes a shortcut: it tries to reuse the same= fh for multiple files, as long as their open flags were the same. But this approach has multiple problems: 1) It only checks the first 2 bits of the open flags. To do otherwise would take a prohibitive amount of RAM (bug 236340). 2) It will reuse file handles between multiple different processes as long = as their open flags are the same, defeating the ability of the daemon to valid= ate permissions. 3) It isn't even ok to reuse filehandles within the same process for opens = that have the exact same flags. The daemon might be doing something weird like treating each file descriptor as a socket or something. It's allowed to do that. This bug may be very hard to solve. The problem is that our vnode ops are = all file-agnostic. VOP_WRITE, for example, doesn't know what file descriptor w= as used to initiate a write. We could solve the problem by implementing a cus= tom fileops structure for fuse. However, that may require re-implementing most= of kern/vfs_vnops.c just for fuse. Or, we could add a struct file* argument to most VOPs, but that would probably meet with some justified resistance. Or= , we could always operate as if the default_permissions mount option were used a= nd do all privilege checking in the kernel. Then we could get away with only sending FUSE_OPEN the first time that a file is opened. Of course, we would need to actually make default_permissions work first, but that's another bu= g... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236844-227>