From: Antonio SJ Musumeci <trapexit@spawn.link>
To: Miklos Szeredi <miklos@szeredi.hu>, The 8472 <kernel@infinite-source.de>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: EBADF returned from close() by FUSE
Date: Tue, 23 Apr 2024 13:24:22 +0000 [thread overview]
Message-ID: <9f991dcc-8921-434c-90f2-30dd0e5ec5bc@spawn.link> (raw)
In-Reply-To: <CAJfpegv1K-sF6rq-jXGJX12+K38PwvQNsGTP-H64K5a2tkxiPA@mail.gmail.com>
On 4/23/24 07:46, Miklos Szeredi wrote:
> On Sat, 20 Apr 2024 at 01:04, The 8472 <kernel@infinite-source.de> wrote:
>
>> If it is the official position that the whims of FUSE servers have
>> primacy over current kernel API guarantees then please update
>> the documentation of all affected syscalls and relax those
>> guarantees, similar to the note on the write(2) manpage.
> Which note are you referring to?
>
> I can see some merit to both sides.
>
> If it's an issue that can be fixed in the fuse server ("Doctor, it
> hurts when I do this." "Then don't do that!”) adding complexity to the
> fuse client is not warranted.
>
> Obviously most fuse servers don't want to actively confuse caller, but
> if such behavior can be used to exploit a weakness in an application,
> then it becomes more than just a correctness issue. If you came up
> with such a scenario, then this would turn into a serious bug.
>
> Thanks,
> Miklos
From the write(2) manpage (at least on Ubuntu):
"Other errors may occur, depending on the object connected to fd."
My argument has been that this note is defacto true generally.
The specifics of this thread stem from close() returning EBADF to the
client app while talking to a FUSE server after the open() succeeded
and, from the point of view of the client app, returned a valid file
descriptor. Sounds like a bug in the FUSE server rather than something
FUSE itself needs to worry about. Besides removing some classes of usage
of FUSE it would be rather complicated, if not impossible, to assume the
meaning of returned errors from the server and translate them into
"approved" values for the client. It will mask server bugs and/or
confuse server authors at best IMO. Error handling in FUSE is already a
bit difficult to manage.
This is not unlike a recent complaint that when link() is not
implemented libfuse returns ENOSYS rather than EPERM. As I pointed out
in that situation EPERM is not universally defined as meaning "not
implemented by filesystem" like used in Linux. Doesn't mean it isn't
used (I didn't check) but it isn't defined as such in docs.
next prev parent reply other threads:[~2024-04-23 13:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-18 22:10 EBADF returned from close() by FUSE The 8472
2024-04-19 3:30 ` Antonio SJ Musumeci
2024-04-19 6:55 ` The 8472
[not found] ` <8c7552b1-f371-4a75-98cc-f2c89816becb@spawn.link>
2024-04-19 18:18 ` The 8472
2024-04-19 20:07 ` Antonio SJ Musumeci
2024-04-19 20:45 ` The 8472
2024-04-19 21:29 ` Antonio SJ Musumeci
2024-04-19 22:04 ` The 8472
2024-04-19 22:47 ` Antonio SJ Musumeci
2024-04-19 23:04 ` The 8472
2024-04-23 12:46 ` Miklos Szeredi
2024-04-23 13:24 ` Antonio SJ Musumeci [this message]
2024-04-23 13:38 ` Miklos Szeredi
[not found] ` <692a9f0b-9c2b-4850-b8bc-48f09fe41762@infinite-source.de>
2024-04-23 21:38 ` The 8472
2024-04-26 8:52 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9f991dcc-8921-434c-90f2-30dd0e5ec5bc@spawn.link \
--to=trapexit@spawn.link \
--cc=kernel@infinite-source.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).