From: Val Packett <val@packett.cool>
To: NeilBrown <neil@brown.name>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
Chris Mason <clm@fb.com>, David Sterba <dsterba@suse.com>,
David Howells <dhowells@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Danilo Krummrich <dakr@kernel.org>,
Tyler Hicks <code@tyhicks.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Chuck Lever <chuck.lever@oracle.com>,
Olga Kornievskaia <okorniev@redhat.com>,
Dai Ngo <Dai.Ngo@oracle.com>, Namjae Jeon <linkinjeon@kernel.org>,
Steve French <smfrench@gmail.com>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Carlos Maiolino <cem@kernel.org>,
John Johansen <john.johansen@canonical.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
Mateusz Guzik <mjguzik@gmail.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Stefan Berger <stefanb@linux.ibm.com>,
"Darrick J. Wong" <djwong@kernel.org>,
linux-kernel@vger.kernel.org, netfs@lists.linux.dev,
ecryptfs@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-unionfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-xfs@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@vger.kernel.org
Subject: Re: [PATCH v6 06/15] VFS: introduce start_creating_noperm() and start_removing_noperm()
Date: Sat, 29 Nov 2025 21:01:05 -0300 [thread overview]
Message-ID: <6713ea38-b583-4c86-b74a-bea55652851d@packett.cool> (raw)
In-Reply-To: <20251113002050.676694-7-neilb@ownmail.net>
Hi,
On 11/12/25 9:18 PM, NeilBrown wrote:
> From: NeilBrown <neil@brown.name>
>
> xfs, fuse, ipc/mqueue need variants of start_creating or start_removing
> which do not check permissions.
> This patch adds _noperm versions of these functions.
> [..]
> diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
> index 316922d5dd13..a0d5b302bcc2 100644
> --- a/fs/fuse/dir.c
> +++ b/fs/fuse/dir.c
> @@ -1397,27 +1397,25 @@ int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
> if (!parent)
> return -ENOENT;
>
> - inode_lock_nested(parent, I_MUTEX_PARENT);
> if (!S_ISDIR(parent->i_mode))
> - goto unlock;
> + goto put_parent;
>
> err = -ENOENT;
> dir = d_find_alias(parent);
> if (!dir)
> - goto unlock;
> + goto put_parent;
>
> - name->hash = full_name_hash(dir, name->name, name->len);
> - entry = d_lookup(dir, name);
> + entry = start_removing_noperm(dir, name);
> dput(dir);
> - if (!entry)
> - goto unlock;
> + if (IS_ERR(entry))
> + goto put_parent;
This broke xdg-document-portal (and potentially other FUSE filesystems)
by introducing a massive deadlock.
❯ doas cat /proc/40751/stack # main thread
[<0>] __fuse_simple_request+0x37c/0x5c0 [fuse]
[<0>] fuse_lookup_name+0x12c/0x2a0 [fuse]
[<0>] fuse_lookup+0x9c/0x1e8 [fuse]
[<0>] lookup_one_qstr_excl+0xd4/0x160
[<0>] start_removing_noperm+0x5c/0x90
[<0>] fuse_reverse_inval_entry+0x64/0x1e0 [fuse]
[<0>] fuse_dev_do_write+0x13a8/0x16a8 [fuse]
[<0>] fuse_dev_write+0x64/0xa8 [fuse]
[<0>] do_iter_readv_writev+0x170/0x1d0
[<0>] vfs_writev+0x100/0x2d0
[<0>] do_writev+0x88/0x130
d_lookup which was previously used here —from what I could understand by
reading it— is cache-only and does not call into the FS's lookup at all.
This new start_removing_noperm calls start_dirop which calls
lookup_one_qstr_excl which according to its own comment is the "one and
only case when ->lookup() gets called on non in-lookup dentries". Well,
->lookup() is the request back to the userspace FUSE server.. but the
FUSE server is waiting for the write() to the FUSE device that invokes
this operation to return! We cannot reenter the FUSE server
from fuse_reverse_inval_entry.
x-d-p issue link: https://github.com/flatpak/xdg-desktop-portal/issues/1871
Reverting the fuse/dir.c changes has fixed that for me.
Thanks,
~val
next prev parent reply other threads:[~2025-11-30 0:01 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 0:18 [PATCH v6 00/15] Create and use APIs to centralise locking for directory ops NeilBrown
2025-11-13 0:18 ` [PATCH v6 01/15] debugfs: rename end_creating() to debugfs_end_creating() NeilBrown
2025-11-13 0:18 ` [PATCH v6 02/15] VFS: introduce start_dirop() and end_dirop() NeilBrown
2025-11-13 0:18 ` [PATCH v6 03/15] VFS: tidy up do_unlinkat() NeilBrown
2025-11-13 0:18 ` [PATCH v6 04/15] VFS/nfsd/cachefiles/ovl: add start_creating() and end_creating() NeilBrown
2025-11-13 0:18 ` [PATCH v6 05/15] VFS/nfsd/cachefiles/ovl: introduce start_removing() and end_removing() NeilBrown
2025-11-13 0:18 ` [PATCH v6 06/15] VFS: introduce start_creating_noperm() and start_removing_noperm() NeilBrown
2025-11-30 0:01 ` Val Packett [this message]
2025-11-30 0:19 ` Al Viro
2025-11-30 22:06 ` [PATCH] fuse: fix conversion of fuse_reverse_inval_entry() to start_removing() NeilBrown
2025-12-01 8:22 ` Amir Goldstein
2025-12-01 8:33 ` Al Viro
2025-12-01 14:03 ` Miklos Szeredi
2025-12-01 17:08 ` Al Viro
2025-12-02 8:46 ` Miklos Szeredi
2025-12-05 13:09 ` Christian Brauner
2025-12-15 14:19 ` Christian Brauner
2025-12-01 8:50 ` NeilBrown
2025-12-01 8:56 ` Al Viro
2026-01-12 9:45 ` Christian Brauner
2025-11-13 0:18 ` [PATCH v6 07/15] smb/server: use end_removing_noperm for for target of smb2_create_link() NeilBrown
2025-11-13 0:18 ` [PATCH v6 08/15] VFS: introduce start_removing_dentry() NeilBrown
2025-11-13 0:18 ` [PATCH v6 09/15] VFS: add start_creating_killable() and start_removing_killable() NeilBrown
2025-11-13 0:18 ` [PATCH v6 10/15] VFS/nfsd/ovl: introduce start_renaming() and end_renaming() NeilBrown
2025-11-13 0:18 ` [PATCH v6 11/15] VFS/ovl/smb: introduce start_renaming_dentry() NeilBrown
2025-11-13 0:18 ` [PATCH v6 12/15] Add start_renaming_two_dentries() NeilBrown
2025-11-17 23:04 ` Paul Moore
2025-11-13 0:18 ` [PATCH v6 13/15] ecryptfs: use new start_creating/start_removing APIs NeilBrown
2025-11-13 0:18 ` [PATCH v6 14/15] VFS: change vfs_mkdir() to unlock on failure NeilBrown
2025-11-13 0:18 ` [PATCH v6 15/15] VFS: introduce end_creating_keep() NeilBrown
2025-11-14 12:24 ` [PATCH v6 00/15] Create and use APIs to centralise locking for directory ops Christian Brauner
2025-11-14 14:05 ` Jeff Layton
2025-11-14 14:23 ` Christian Brauner
2025-11-14 14:52 ` Jeff Layton
2025-11-14 22:00 ` Christian Brauner
2025-11-27 11:11 ` NeilBrown
2025-11-27 11:06 ` NeilBrown
2025-11-14 12:27 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6713ea38-b583-4c86-b74a-bea55652851d@packett.cool \
--to=val@packett.cool \
--cc=Dai.Ngo@oracle.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=cem@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=clm@fb.com \
--cc=code@tyhicks.com \
--cc=dakr@kernel.org \
--cc=dhowells@redhat.com \
--cc=djwong@kernel.org \
--cc=dsterba@suse.com \
--cc=ecryptfs@vger.kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=miklos@szeredi.hu \
--cc=mjguzik@gmail.com \
--cc=neil@brown.name \
--cc=netfs@lists.linux.dev \
--cc=okorniev@redhat.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=rafael@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=senozhatsky@chromium.org \
--cc=serge@hallyn.com \
--cc=smfrench@gmail.com \
--cc=stefanb@linux.ibm.com \
--cc=stephen.smalley.work@gmail.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox