git: 25927e068fcb - main - fusefs: correctly handle an inode that changes file types
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 07 Dec 2021 04:37:36 UTC
The branch main has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=25927e068fcbcac0a5111a881de723bd984b04b3 commit 25927e068fcbcac0a5111a881de723bd984b04b3 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2021-12-06 05:43:17 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2021-12-07 04:36:46 +0000 fusefs: correctly handle an inode that changes file types Correctly handle the situation where a FUSE server unlinks a file, then creates a new file of a different type but with the same inode number. Previously fuse_vnop_lookup in this situation would return EAGAIN. But since it didn't call vgone(), the vnode couldn't be reused right away. Fix this by immediately calling vgone() and reallocating a new vnode. This problem can occur in three code paths, during VOP_LOOKUP, VOP_SETATTR, or following FUSE_GETATTR, which usually happens during VOP_GETATTR but can occur during other vops, too. Note that the correct response actually doesn't depend on whether the entry cache has expired. In fact, during VOP_LOOKUP, we can't even tell. Either it has expired already, or else the vnode got reclaimed by vnlru. Also, correct the error code during the VOP_SETATTR path. PR: 258022 Reported by: chogata@moosefs.pro MFC after: 2 weeks Reviewed by: pfg Differential Revision: https://reviews.freebsd.org/D33283 --- sys/fs/fuse/fuse_internal.c | 9 +++++--- sys/fs/fuse/fuse_node.c | 25 +++++++++++---------- tests/sys/fs/fusefs/getattr.cc | 50 ++++++++++++++++++++++++++++++++++++++++++ tests/sys/fs/fusefs/lookup.cc | 32 +++++++++++++++++++++------ tests/sys/fs/fusefs/setattr.cc | 47 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 142 insertions(+), 21 deletions(-) diff --git a/sys/fs/fuse/fuse_internal.c b/sys/fs/fuse/fuse_internal.c index d57de19038dd..4a09bc9394cf 100644 --- a/sys/fs/fuse/fuse_internal.c +++ b/sys/fs/fuse/fuse_internal.c @@ -1255,12 +1255,15 @@ int fuse_internal_setattr(struct vnode *vp, struct vattr *vap, * STALE vnode, ditch * * The vnode has changed its type "behind our back". + * This probably means that the file got deleted and + * recreated on the server, with the same inode. * There's nothing really we can do, so let us just - * force an internal revocation and tell the caller to - * try again, if interested. + * return ENOENT. After all, the entry must not have + * existed in the recent past. If the user tries + * again, it will work. */ fuse_internal_vnode_disappear(vp); - err = EAGAIN; + err = ENOENT; } } if (err == 0) { diff --git a/sys/fs/fuse/fuse_node.c b/sys/fs/fuse/fuse_node.c index 1d485b6a0b46..6d8f826cef85 100644 --- a/sys/fs/fuse/fuse_node.c +++ b/sys/fs/fuse/fuse_node.c @@ -213,24 +213,27 @@ fuse_vnode_alloc(struct mount *mp, return (err); if (*vpp) { - if ((*vpp)->v_type != vtyp) { + if ((*vpp)->v_type == vtyp) { + /* Reuse a vnode that hasn't yet been reclaimed */ + MPASS((*vpp)->v_data != NULL); + MPASS(VTOFUD(*vpp)->nid == nodeid); + SDT_PROBE2(fusefs, , node, trace, 1, + "vnode taken from hash"); + return (0); + } else { /* - * STALE vnode! This probably indicates a buggy - * server, but it could also be the result of a race - * between FUSE_LOOKUP and another client's - * FUSE_UNLINK/FUSE_CREATE + * The inode changed types! If we get here, we can't + * tell whether the inode's entry cache had expired + * yet. So this could be the result of a buggy server, + * but more likely the server just reused an inode + * number following an entry cache expiration. */ SDT_PROBE3(fusefs, , node, stale_vnode, *vpp, vtyp, nodeid); fuse_internal_vnode_disappear(*vpp); + vgone(*vpp); lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); - *vpp = NULL; - return (EAGAIN); } - MPASS((*vpp)->v_data != NULL); - MPASS(VTOFUD(*vpp)->nid == nodeid); - SDT_PROBE2(fusefs, , node, trace, 1, "vnode taken from hash"); - return (0); } fvdat = malloc(sizeof(*fvdat), M_FUSEVN, M_WAITOK | M_ZERO); switch (vtyp) { diff --git a/tests/sys/fs/fusefs/getattr.cc b/tests/sys/fs/fusefs/getattr.cc index fb91f8c049d0..6bca7e0af7c7 100644 --- a/tests/sys/fs/fusefs/getattr.cc +++ b/tests/sys/fs/fusefs/getattr.cc @@ -256,6 +256,56 @@ TEST_F(Getattr, ok) //FUSE can't set st_blksize until protocol 7.9 } +/* + * FUSE_GETATTR returns a different file type, even though the entry cache + * hasn't expired. This is a server bug! It probably means that the server + * removed the file and recreated it with the same inode but a different vtyp. + * The best thing fusefs can do is return ENOENT to the caller. After all, the + * entry must not have existed recently. + */ +TEST_F(Getattr, vtyp_conflict) +{ + const char FULLPATH[] = "mountpoint/some_file.txt"; + const char RELPATH[] = "some_file.txt"; + const uint64_t ino = 42; + struct stat sb; + sem_t sem; + + ASSERT_EQ(0, sem_init(&sem, 0, 0)) << strerror(errno); + + EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH) + .WillOnce(Invoke( + ReturnImmediate([=](auto in __unused, auto& out) { + SET_OUT_HEADER_LEN(out, entry); + out.body.entry.attr.mode = S_IFREG | 0644; + out.body.entry.nodeid = ino; + out.body.entry.attr.nlink = 1; + out.body.entry.attr_valid = 0; + out.body.entry.entry_valid = UINT64_MAX; + }))); + EXPECT_CALL(*m_mock, process( + ResultOf([](auto in) { + return (in.header.opcode == FUSE_GETATTR && + in.body.getattr.getattr_flags == 0 && + in.header.nodeid == ino); + }, Eq(true)), + _) + ).WillOnce(Invoke(ReturnImmediate([](auto i __unused, auto& out) { + SET_OUT_HEADER_LEN(out, attr); + out.body.attr.attr.ino = ino; // Must match nodeid + out.body.attr.attr.mode = S_IFDIR | 0755; // Changed! + out.body.attr.attr.nlink = 2; + }))); + // We should reclaim stale vnodes + expect_forget(ino, 1, &sem); + + ASSERT_NE(0, stat(FULLPATH, &sb)); + EXPECT_EQ(errno, ENOENT); + + sem_wait(&sem); + sem_destroy(&sem); +} + TEST_F(Getattr_7_8, ok) { const char FULLPATH[] = "mountpoint/some_file.txt"; diff --git a/tests/sys/fs/fusefs/lookup.cc b/tests/sys/fs/fusefs/lookup.cc index cb9d0bb27527..d301990c2048 100644 --- a/tests/sys/fs/fusefs/lookup.cc +++ b/tests/sys/fs/fusefs/lookup.cc @@ -342,9 +342,10 @@ TEST_F(Lookup, subdir) ASSERT_EQ(0, access(FULLPATH, F_OK)) << strerror(errno); } -/* - * The server returns two different vtypes for the same nodeid. This is a bad - * server! But we shouldn't crash. +/* + * The server returns two different vtypes for the same nodeid. This is + * technically allowed if the entry's cache has already expired. + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258022 */ TEST_F(Lookup, vtype_conflict) { @@ -354,12 +355,29 @@ TEST_F(Lookup, vtype_conflict) const char SECONDRELPATH[] = "bar"; uint64_t ino = 42; - expect_lookup(FIRSTRELPATH, ino, S_IFREG | 0644, 0, 1, UINT64_MAX); - expect_lookup(SECONDRELPATH, ino, S_IFDIR | 0755, 0, 1, UINT64_MAX); + EXPECT_LOOKUP(FUSE_ROOT_ID, FIRSTRELPATH) + .WillOnce(Invoke( + ReturnImmediate([=](auto in __unused, auto& out) { + SET_OUT_HEADER_LEN(out, entry); + out.body.entry.attr.mode = S_IFDIR | 0644; + out.body.entry.nodeid = ino; + out.body.entry.attr.nlink = 1; + }))); + expect_lookup(SECONDRELPATH, ino, S_IFREG | 0755, 0, 1, UINT64_MAX); + // VOP_FORGET happens asynchronously, so it may or may not arrive + // before the test completes. + EXPECT_CALL(*m_mock, process( + ResultOf([=](auto in) { + return (in.header.opcode == FUSE_FORGET && + in.header.nodeid == ino && + in.body.forget.nlookup == 1); + }, Eq(true)), + _) + ).Times(AtMost(1)) + .WillOnce(Invoke([=](auto in __unused, auto &out __unused) { })); ASSERT_EQ(0, access(FIRSTFULLPATH, F_OK)) << strerror(errno); - ASSERT_EQ(-1, access(SECONDFULLPATH, F_OK)); - ASSERT_EQ(EAGAIN, errno); + EXPECT_EQ(0, access(SECONDFULLPATH, F_OK)) << strerror(errno); } TEST_F(Lookup_7_8, ok) diff --git a/tests/sys/fs/fusefs/setattr.cc b/tests/sys/fs/fusefs/setattr.cc index 48aa8385517f..e4458db9f8ee 100644 --- a/tests/sys/fs/fusefs/setattr.cc +++ b/tests/sys/fs/fusefs/setattr.cc @@ -724,6 +724,53 @@ TEST_F(Setattr, utimensat_utime_now) { EXPECT_EQ(now[1].tv_nsec, sb.st_mtim.tv_nsec); } +/* + * FUSE_SETATTR returns a different file type, even though the entry cache + * hasn't expired. This is a server bug! It probably means that the server + * removed the file and recreated it with the same inode but a different vtyp. + * The best thing fusefs can do is return ENOENT to the caller. After all, the + * entry must not have existed recently. + */ +TEST_F(Setattr, vtyp_conflict) +{ + const char FULLPATH[] = "mountpoint/some_file.txt"; + const char RELPATH[] = "some_file.txt"; + const uint64_t ino = 42; + uid_t newuser = 12345; + sem_t sem; + + ASSERT_EQ(0, sem_init(&sem, 0, 0)) << strerror(errno); + + EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH) + .WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { + SET_OUT_HEADER_LEN(out, entry); + out.body.entry.attr.mode = S_IFREG | 0777; + out.body.entry.nodeid = ino; + out.body.entry.entry_valid = UINT64_MAX; + }))); + + EXPECT_CALL(*m_mock, process( + ResultOf([](auto in) { + return (in.header.opcode == FUSE_SETATTR && + in.header.nodeid == ino); + }, Eq(true)), + _) + ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { + SET_OUT_HEADER_LEN(out, attr); + out.body.attr.attr.ino = ino; + out.body.attr.attr.mode = S_IFDIR | 0777; // Changed! + out.body.attr.attr.uid = newuser; + }))); + // We should reclaim stale vnodes + expect_forget(ino, 1, &sem); + + EXPECT_NE(0, chown(FULLPATH, newuser, -1)); + EXPECT_EQ(ENOENT, errno); + + sem_wait(&sem); + sem_destroy(&sem); +} + /* On a read-only mount, no attributes may be changed */ TEST_F(RofsSetattr, erofs) {