Page MenuHomeFreeBSD
Differential D52255

fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon
ClosedPublic
Actions

Authored by olce on Aug 29 2025, 11:02 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 10, 12:19 PM
Unknown Object (File)
Fri, Oct 10, 12:19 PM
Unknown Object (File)
Fri, Oct 10, 12:19 PM
Unknown Object (File)
Fri, Oct 10, 5:34 AM
Unknown Object (File)
Wed, Sep 24, 3:54 AM
Unknown Object (File)
Sun, Sep 21, 4:59 PM
Unknown Object (File)
Fri, Sep 19, 2:16 AM
Unknown Object (File)
Sep 13 2025, 7:54 PM
View All 15 Files
Subscribers
asomers
emaste
imp

Details

Reviewers
kevans
Commits
rG97e7c06af75e: fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon
rGd22592cd6fd2: fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon
Summary

Due to the partial-only changes of commit 46c07316f906 ("kern: adopt the
cr_gid macro for cr_groups[0] more widely"), subsequent commit
be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
caused a mismatch between filling cr_groups[0] in 'reused_creds' in
fuse_interrupt_send() and reading 'cr_gid' from it in
fuse_setup_ihead(), with the consequence that the kernel would send
a FUSE_INTERRUPT message to the FUSE deamon with an uninitialized GID in
its header (which, besides being wrong, would disclose 4 bytes from its
stack).

Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce created this revision.Aug 29 2025, 11:02 PM
Herald added subscribers: asomers, imp. · View Herald TranscriptAug 29 2025, 11:02 PM
olce requested review of this revision.Aug 29 2025, 11:02 PM
Harbormaster completed remote builds in B66658: Diff 161221.Aug 29 2025, 11:02 PM
asomers added a comment.Sep 7 2025, 5:52 PM

What bug exactly does this "fix"? Did you encounter a bug in your work, or did you just discover this problem by inspection? If the former, we should add a test case to tests/sys/fs/fusefs.

olce added a comment.EditedSep 8 2025, 8:35 AM
In D52255#1196962, @asomers wrote:

What bug exactly does this "fix"? Did you encounter a bug in your work, or did you just discover this problem by inspection? If the former, we should add a test case to tests/sys/fs/fusefs.

By inspection. Filling of reused_creds here is paired with reading it in fuse_setup_ihead(), and the two have been in mismatch since commit 46c07316f906 ("kern: adopt the cr_gid macro for cr_groups[0] more widely"). IIUC, this has the consequence that a header with a non-initialized GID value will be sent to the FUSE daemon when sending an interrupt. Which consequences this can have in the daemon itself, I don't know. Could you tell which consequences you foresee (out of curiosity)? In any case, the code is logically wrong, so has to be fixed.

olce edited the summary of this revision. (Show Details)Sep 8 2025, 8:35 AM
olce edited the summary of this revision. (Show Details)
olce edited the summary of this revision. (Show Details)Sep 8 2025, 8:49 AM
olce retitled this revision from fuse: Fix GID when sending an interrupt to the daemon to fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon.Sep 8 2025, 9:16 AM
olce edited the summary of this revision. (Show Details)

4th take to get the commit message accurate enough (I hope), sorry... I definitely need more caffeine this morning.

This revision was not accepted when it landed; it landed in state Needs Review.Wed, Sep 17, 12:20 PM
Closed by commit rGd22592cd6fd2: fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon (authored by olce). · Explain Why
This revision was automatically updated to reflect the committed changes.
olce added a commit: rGd22592cd6fd2: fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon.
olce added a commit: rG97e7c06af75e: fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon.Tue, Sep 23, 12:03 PM

Revision Contents
Changeset List

PathSize
sys/
fs/
fuse/
4 lines

Diff 162232

View Options

sys/fs/fuse/fuse_ipc.c

Loading...