Fix a race in fusefs that can corrupt a file's size.
ClosedPublic
Actions

Authored by asomers on Nov 29 2021, 2:18 AM.

Details

Reviewers

Commits

rGc85846ea3ea5: Fix a race in fusefs that can corrupt a file's size.
rG36ba360558a7: Fix a race in fusefs that can corrupt a file's size.
rG13d593a5b060: Fix a race in fusefs that can corrupt a file's size.

Summary

VOPs like VOP_SETATTR can change a file's size, with the vnode
exclusively locked. But VOPs like VOP_LOOKUP look up the file size from
the server without the vnode locked. So a race is possible. For
example:

One thread calls VOP_SETATTR to truncate a file. It locks the vnode and sends FUSE_SETATTR to the server.
A second thread calls VOP_LOOKUP and fetches the file's attributes from the server. Then it blocks trying to acquire the vnode lock.
FUSE_SETATTR returns and the first thread releases the vnode lock.
The second thread acquires the vnode lock and caches the file's attributes, which are now out-of-date.

Fix this race by recording a timestamp in the vnode of the last time
that its filesize was modified. Check that timestamp during VOP_LOOKUP
and VFS_VGET. If it's newer than the time at which FUSE_LOOKUP was
issued to the server, ignore the attributes returned by FUSE_LOOKUP.

PR: 259071
Reported by: Agata <chogata@moosefs.pro>

Test Plan

tests added

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

asomers created this revision.Nov 29 2021, 2:18 AM

Herald added a subscriber: imp. · View Herald TranscriptNov 29 2021, 2:18 AM

asomers requested review of this revision.Nov 29 2021, 2:18 AM

Harbormaster completed remote builds in B43017: Diff 99127.Nov 29 2021, 2:18 AM

piotr.konopelko_moosefs.com added a subscriber: piotr.konopelko_moosefs.com.Nov 29 2021, 2:23 AM

Just fyi, when I was testing the patch I did for NFS
and was using getnanouptime(), I did have a failure
that I was not able to reproduce after switching
to nanouptime().

I'll admit I know little about the clocks, although
nanouptime() is supposed to return a more
accurate time. I did not figure out why the
less accurate time caused a failure, since a lower
resolution clock should still work. All that should
happen is attributes won't be updated because the
times are equal, more often.

pfg accepted this revision.Jan 1 2022, 12:14 AM

This revision is now accepted and ready to land.Jan 1 2022, 12:14 AM

Closed by commit rG13d593a5b060: Fix a race in fusefs that can corrupt a file's size. (authored by asomers). · Explain WhyJan 1 2022, 12:41 AM

This revision was automatically updated to reflect the committed changes.

asomers added a commit: rG13d593a5b060: Fix a race in fusefs that can corrupt a file's size..

asomers added a commit: rG36ba360558a7: Fix a race in fusefs that can corrupt a file's size..Jan 18 2022, 1:03 AM

asomers added a commit: rGc85846ea3ea5: Fix a race in fusefs that can corrupt a file's size..Jan 18 2022, 1:43 AM