[PATCH 10/8] fuse2fs: fix lockfile creation, again

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: "Darrick J. Wong" <djwong@kernel.org>
To: tytso@mit.edu
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 10/8] fuse2fs: fix lockfile creation, again
Date: Tue, 8 Jul 2025 10:33:33 -0700	[thread overview]
Message-ID: <20250708173333.GD2672022@frogsfrogsfrogs> (raw)
In-Reply-To: <175182662934.1984706.3737778061161342509.stgit@frogsfrogsfrogs>

From: Darrick J. Wong <djwong@kernel.org>

On closer examination of the lockfile code, there is still a fatal flaw
in the locking logic.  This is born out by the fact that you can run:

# truncate -s 300m /tmp/a
# mkfs.ext2 /tmp/a
# fuse2fs -o kernel /tmp/a /mnt -o lockfile=/tmp/fuselock
# fuse2fs -o kernel /tmp/a /mnt -o lockfile=/tmp/fuselock

and the second mount attempt succeeds where it really shouldn't.  This
is due to the use of fopen(..., "w"), because "w" means "truncate or
create".  It does /not/ imply O_CREAT | O_EXCL, which fails if the file
already exists.  Theoretically that could have been done with mode
string "wx", but that's a glibc extension.

Fix this by calling open() directly with the O_ modes that we want.

Cc: <linux-ext4@vger.kernel.org> # v1.47.3-rc3
Fixes: e50fbaa4d156a6 ("fuse2fs: clean up the lockfile handling")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
---
 misc/fuse2fs.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/misc/fuse2fs.c b/misc/fuse2fs.c
index b7201f7c8ed185..ff8d4668cee217 100644
--- a/misc/fuse2fs.c
+++ b/misc/fuse2fs.c
@@ -4473,11 +4473,15 @@ int main(int argc, char *argv[])
 	}

 	if (fctx.lockfile) {
-		FILE *lockfile = fopen(fctx.lockfile, "w");
 		char *resolved;
+		int lockfd;

-		if (!lockfile) {
-			err = errno;
+		lockfd = open(fctx.lockfile, O_RDWR | O_CREAT | O_EXCL, 0400);
+		if (lockfd < 0) {
+			if (errno == EEXIST)
+				err = EWOULDBLOCK;
+			else
+				err = errno;
 			err_printf(&fctx, "%s: %s: %s\n", fctx.lockfile,
 				   _("opening lockfile failed"),
 				   strerror(err));
@@ -4485,7 +4489,7 @@ int main(int argc, char *argv[])
 			ret |= 32;
 			goto out;
 		}
-		fclose(lockfile);
+		close(lockfd);

 		resolved = realpath(fctx.lockfile, NULL);
 		if (!resolved) {

next prev parent reply	other threads:[~2025-07-08 17:33 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-06 18:30 [PATCHSET] fuse2fs: more bug fixes Darrick J. Wong
2025-07-06 18:31 ` [PATCH 1/8] libext2fs: fix off-by-one bug in punch_extent_blocks Darrick J. Wong
2025-07-06 18:31 ` [PATCH 2/8] libext2fs: fix arguments passed to ->block_alloc_stats_range Darrick J. Wong
2025-07-06 18:31 ` [PATCH 3/8] fuse2fs: refactor uid/gid setting Darrick J. Wong
2025-07-06 18:31 ` [PATCH 4/8] fuse2fs: fix gid inheritance on sgid parent directories Darrick J. Wong
2025-07-06 18:32 ` [PATCH 5/8] fuse2fs: don't truncate when creating a new file Darrick J. Wong
2025-07-06 18:32 ` [PATCH 6/8] fuse2fs: fix incorrect EOFS input handling in FITRIM Darrick J. Wong
2025-07-06 18:32 ` [PATCH 7/8] fuse2fs: fix incorrect unit conversion at the end of FITRIM Darrick J. Wong
2025-07-06 18:32 ` [PATCH 8/8] fuse2fs: don't try to mount after option parsing errors Darrick J. Wong
2025-07-07 16:05 ` [PATCH 9/8] fuse2fs: fix relatime comparisons Darrick J. Wong
2025-07-08 17:33 ` Darrick J. Wong [this message]
2025-07-09 16:51 ` [PATCH 11/8] fuse2fs: fix race condition in op_destroy Darrick J. Wong
2025-07-09 16:52 ` [PATCH 12/8] fuse2fs: fix races in statfs Darrick J. Wong
2025-07-17 14:59 ` [PATCH 13/8] fuse2fs: fix ST_RDONLY setting Darrick J. Wong
2025-07-17 14:59 ` [PATCH 14/8] libext2fs: fix data read corruption in ext2fs_file_read_inline_data Darrick J. Wong
2025-07-17 14:59 ` [PATCH 15/8] libext2fs: fix data corruption when writing to inline data files Darrick J. Wong
2025-07-17 22:01 ` [PATCH 16/8] fuse2fs: fix clean_block_middle when punching byte 0 of a block Darrick J. Wong
2025-07-17 22:01 ` [PATCH 17/8] fuse2fs: fix punch-out range calculation in fuse2fs_punch_range Darrick J. Wong
2025-07-22 19:40 ` [PATCH 18/8] fuse2fs: fix logging redirection Darrick J. Wong
2025-07-25 15:56 ` [PATCH 19/8] fuse2fs: don't record every errno in the superblock as an fs failure Darrick J. Wong
2025-07-26 16:28 ` [PATCH 20/8] fuse2fs: fix punching post-EOF blocks during truncate Darrick J. Wong
2025-07-30 17:23 ` [PATCH 21/8] fuse2fs: fix block parameter truncation on 32-bit Darrick J. Wong
2025-07-31 14:47 ` [PATCHSET] fuse2fs: more bug fixes Theodore Ts'o

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b7201f7c8ed18 dfblob:ff8d4668cee21 )
 OR (
bs:"[PATCH 10/8] fuse2fs: fix lockfile creation, again" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250708173333.GD2672022@frogsfrogsfrogs \
    --to=djwong@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox