From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: virtio-fs@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Virtio-fs] [PATCH 2/4] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races
Date: Mon, 5 Aug 2019 13:26:52 +0100 [thread overview]
Message-ID: <20190805122652.GM13734@work-vm> (raw)
In-Reply-To: <20190801165409.20121-3-stefanha@redhat.com>
* Stefan Hajnoczi (stefanha@redhat.com) wrote:
> When running with multiple threads it can be tricky to handle
> FUSE_INIT/FUSE_DESTROY in parallel with other request types or in
> parallel with themselves. Serialize FUSE_INIT and FUSE_DESTROY so that
> malicious clients cannot trigger race conditions.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(It took me a few minutes getting my head around the different _destroy
functions)
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> ---
> contrib/virtiofsd/fuse_i.h | 1 +
> contrib/virtiofsd/fuse_lowlevel.c | 17 +++++++++++++++++
> 2 files changed, 18 insertions(+)
>
> diff --git a/contrib/virtiofsd/fuse_i.h b/contrib/virtiofsd/fuse_i.h
> index ff6e1b75ba..dcde9feb97 100644
> --- a/contrib/virtiofsd/fuse_i.h
> +++ b/contrib/virtiofsd/fuse_i.h
> @@ -63,6 +63,7 @@ struct fuse_session {
> struct fuse_req list;
> struct fuse_req interrupts;
> pthread_mutex_t lock;
> + pthread_rwlock_t init_rwlock;
> int got_destroy;
> int broken_splice_nonblock;
> uint64_t notify_ctr;
> diff --git a/contrib/virtiofsd/fuse_lowlevel.c b/contrib/virtiofsd/fuse_lowlevel.c
> index 6ebf237baa..483a1bc9be 100644
> --- a/contrib/virtiofsd/fuse_lowlevel.c
> +++ b/contrib/virtiofsd/fuse_lowlevel.c
> @@ -2473,6 +2473,18 @@ void fuse_session_process_buf_int(struct fuse_session *se,
> req->ctx.pid = in->pid;
> req->ch = ch ? fuse_chan_get(ch) : NULL;
>
> + /* INIT and DESTROY requests are serialized, all other request types
> + * run in parallel. This prevents races between FUSE_INIT and ordinary
> + * requests, FUSE_INIT and FUSE_INIT, FUSE_INIT and FUSE_DESTROY, and
> + * FUSE_DESTROY and FUSE_DESTROY.
> + */
> + if (in->opcode == FUSE_INIT || in->opcode == CUSE_INIT ||
> + in->opcode == FUSE_DESTROY) {
> + pthread_rwlock_wrlock(&se->init_rwlock);
> + } else {
> + pthread_rwlock_rdlock(&se->init_rwlock);
> + }
> +
> err = EIO;
> if (!se->got_init) {
> enum fuse_opcode expected;
> @@ -2524,10 +2536,13 @@ void fuse_session_process_buf_int(struct fuse_session *se,
> do_write_buf(req, in->nodeid, &iter, bufv);
> else
> fuse_ll_ops[in->opcode].func(req, in->nodeid, &iter);
> +
> + pthread_rwlock_unlock(&se->init_rwlock);
> return;
>
> reply_err:
> fuse_reply_err(req, err);
> + pthread_rwlock_unlock(&se->init_rwlock);
> }
>
> #define LL_OPTION(n,o,v) \
> @@ -2569,6 +2584,7 @@ void fuse_session_destroy(struct fuse_session *se)
> if (se->op.destroy)
> se->op.destroy(se->userdata, se);
> }
> + pthread_rwlock_destroy(&se->init_rwlock);
> pthread_mutex_destroy(&se->lock);
> free(se->cuse_data);
> if (se->fd != -1)
> @@ -2656,6 +2672,7 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
> list_init_req(&se->list);
> list_init_req(&se->interrupts);
> fuse_mutex_init(&se->lock);
> + pthread_rwlock_init(&se->init_rwlock, NULL);
>
> memcpy(&se->op, op, op_size);
> se->owner = getuid();
> --
> 2.21.0
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: virtio-fs@redhat.com, Liu Bo <bo.liu@linux.alibaba.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/4] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races
Date: Mon, 5 Aug 2019 13:26:52 +0100 [thread overview]
Message-ID: <20190805122652.GM13734@work-vm> (raw)
In-Reply-To: <20190801165409.20121-3-stefanha@redhat.com>
* Stefan Hajnoczi (stefanha@redhat.com) wrote:
> When running with multiple threads it can be tricky to handle
> FUSE_INIT/FUSE_DESTROY in parallel with other request types or in
> parallel with themselves. Serialize FUSE_INIT and FUSE_DESTROY so that
> malicious clients cannot trigger race conditions.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(It took me a few minutes getting my head around the different _destroy
functions)
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> ---
> contrib/virtiofsd/fuse_i.h | 1 +
> contrib/virtiofsd/fuse_lowlevel.c | 17 +++++++++++++++++
> 2 files changed, 18 insertions(+)
>
> diff --git a/contrib/virtiofsd/fuse_i.h b/contrib/virtiofsd/fuse_i.h
> index ff6e1b75ba..dcde9feb97 100644
> --- a/contrib/virtiofsd/fuse_i.h
> +++ b/contrib/virtiofsd/fuse_i.h
> @@ -63,6 +63,7 @@ struct fuse_session {
> struct fuse_req list;
> struct fuse_req interrupts;
> pthread_mutex_t lock;
> + pthread_rwlock_t init_rwlock;
> int got_destroy;
> int broken_splice_nonblock;
> uint64_t notify_ctr;
> diff --git a/contrib/virtiofsd/fuse_lowlevel.c b/contrib/virtiofsd/fuse_lowlevel.c
> index 6ebf237baa..483a1bc9be 100644
> --- a/contrib/virtiofsd/fuse_lowlevel.c
> +++ b/contrib/virtiofsd/fuse_lowlevel.c
> @@ -2473,6 +2473,18 @@ void fuse_session_process_buf_int(struct fuse_session *se,
> req->ctx.pid = in->pid;
> req->ch = ch ? fuse_chan_get(ch) : NULL;
>
> + /* INIT and DESTROY requests are serialized, all other request types
> + * run in parallel. This prevents races between FUSE_INIT and ordinary
> + * requests, FUSE_INIT and FUSE_INIT, FUSE_INIT and FUSE_DESTROY, and
> + * FUSE_DESTROY and FUSE_DESTROY.
> + */
> + if (in->opcode == FUSE_INIT || in->opcode == CUSE_INIT ||
> + in->opcode == FUSE_DESTROY) {
> + pthread_rwlock_wrlock(&se->init_rwlock);
> + } else {
> + pthread_rwlock_rdlock(&se->init_rwlock);
> + }
> +
> err = EIO;
> if (!se->got_init) {
> enum fuse_opcode expected;
> @@ -2524,10 +2536,13 @@ void fuse_session_process_buf_int(struct fuse_session *se,
> do_write_buf(req, in->nodeid, &iter, bufv);
> else
> fuse_ll_ops[in->opcode].func(req, in->nodeid, &iter);
> +
> + pthread_rwlock_unlock(&se->init_rwlock);
> return;
>
> reply_err:
> fuse_reply_err(req, err);
> + pthread_rwlock_unlock(&se->init_rwlock);
> }
>
> #define LL_OPTION(n,o,v) \
> @@ -2569,6 +2584,7 @@ void fuse_session_destroy(struct fuse_session *se)
> if (se->op.destroy)
> se->op.destroy(se->userdata, se);
> }
> + pthread_rwlock_destroy(&se->init_rwlock);
> pthread_mutex_destroy(&se->lock);
> free(se->cuse_data);
> if (se->fd != -1)
> @@ -2656,6 +2672,7 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
> list_init_req(&se->list);
> list_init_req(&se->interrupts);
> fuse_mutex_init(&se->lock);
> + pthread_rwlock_init(&se->init_rwlock, NULL);
>
> memcpy(&se->op, op, op_size);
> se->owner = getuid();
> --
> 2.21.0
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2019-08-05 12:26 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-01 16:54 [Virtio-fs] [PATCH 0/4] virtiofsd: multithreading preparation part 3 Stefan Hajnoczi
2019-08-01 16:54 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-01 16:54 ` [Virtio-fs] [PATCH 1/4] virtiofsd: process requests in a thread pool Stefan Hajnoczi
2019-08-01 16:54 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-05 12:02 ` [Virtio-fs] " Dr. David Alan Gilbert
2019-08-05 12:02 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-07 9:35 ` [Virtio-fs] " Stefan Hajnoczi
2019-08-07 9:35 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-01 16:54 ` [Virtio-fs] [PATCH 2/4] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races Stefan Hajnoczi
2019-08-01 16:54 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-05 12:26 ` Dr. David Alan Gilbert [this message]
2019-08-05 12:26 ` Dr. David Alan Gilbert
2019-08-01 16:54 ` [Virtio-fs] [PATCH 3/4] virtiofsd: fix lo_destroy() resource leaks Stefan Hajnoczi
2019-08-01 16:54 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-05 15:17 ` [Virtio-fs] " Dr. David Alan Gilbert
2019-08-05 15:17 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-05 18:57 ` [Virtio-fs] " Dr. David Alan Gilbert
2019-08-05 18:57 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-06 18:58 ` [Virtio-fs] " Dr. David Alan Gilbert
2019-08-06 18:58 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-07 9:41 ` [Virtio-fs] " Stefan Hajnoczi
2019-08-07 9:41 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-01 16:54 ` [Virtio-fs] [PATCH 4/4] virtiofsd: add --thread-pool-size=NUM option Stefan Hajnoczi
2019-08-01 16:54 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-05 2:52 ` [Virtio-fs] [PATCH 0/4] virtiofsd: multithreading preparation part 3 piaojun
2019-08-05 2:52 ` [Qemu-devel] " piaojun
2019-08-05 8:01 ` [Virtio-fs] [Qemu-devel] " Stefan Hajnoczi
2019-08-05 8:01 ` [Qemu-devel] [Virtio-fs] " Stefan Hajnoczi
2019-08-05 9:40 ` [Virtio-fs] [Qemu-devel] " piaojun
2019-08-05 9:40 ` [Qemu-devel] [Virtio-fs] " piaojun
2019-08-07 18:03 ` Stefan Hajnoczi
2019-08-07 18:03 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-07 20:57 ` [Virtio-fs] " Vivek Goyal
2019-08-07 20:57 ` [Qemu-devel] " Vivek Goyal
2019-08-08 9:02 ` Stefan Hajnoczi
2019-08-08 9:02 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-08 9:53 ` Dr. David Alan Gilbert
2019-08-08 9:53 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-08 12:53 ` Vivek Goyal
2019-08-08 12:53 ` [Qemu-devel] " Vivek Goyal
2019-08-09 8:23 ` Stefan Hajnoczi
2019-08-09 8:23 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-10 21:35 ` Liu Bo
2019-08-10 21:35 ` [Qemu-devel] " Liu Bo
2019-08-09 8:21 ` Stefan Hajnoczi
2019-08-09 8:21 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-10 21:34 ` Liu Bo
2019-08-10 21:34 ` [Qemu-devel] " Liu Bo
2019-08-11 2:26 ` piaojun
2019-08-11 2:26 ` [Qemu-devel] " piaojun
2019-08-12 10:05 ` Stefan Hajnoczi
2019-08-12 10:05 ` [Qemu-devel] " Stefan Hajnoczi
2019-08-12 11:58 ` piaojun
2019-08-12 11:58 ` [Qemu-devel] " piaojun
2019-08-12 12:51 ` Dr. David Alan Gilbert
2019-08-12 12:51 ` [Qemu-devel] " Dr. David Alan Gilbert
2019-08-08 8:10 ` piaojun
2019-08-08 8:10 ` [Qemu-devel] " piaojun
2019-08-08 9:53 ` Stefan Hajnoczi
2019-08-08 9:53 ` [Qemu-devel] " Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190805122652.GM13734@work-vm \
--to=dgilbert@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.