git.ipfire.org Git - thirdparty/e2fsprogs.git/commit

author	Darrick J. Wong <djwong@kernel.org>
	Wed, 9 Jul 2025 16:51:52 +0000 (09:51 -0700)
committer	Theodore Ts'o <tytso@mit.edu>
	Thu, 31 Jul 2025 14:41:55 +0000 (10:41 -0400)
commit	dde5994fa0c314fb5b0f4020106937db4b12d68c
tree	6a2ec9d7deebf28bbc8e48637de9737a32e0f70f	tree
parent	9bdd3c20c1bb2b47fdd7bff59f75110b792bfc13	commit \| diff

fuse2fs: fix race condition in op_destroy

On a regular fuse server (i.e. one not running in fuseblk mode), libfuse
synthesizes and dispatches a FUSE_DESTROY command as soon as the event
dispatch loop terminates after the kernel disconnects /dev/fuse.
Unfortunately, this is done without coordinating with any other threads
that may have already received a real FUSE command from the kernel.

In other words, FUSE_DESTROY can run in parallel with other
fuse_operations. Therefore, we must guard the body of this function
with the BKL just like any other fuse operation or risk races within
libext2fs. If we're lucky, we trash the ext2_filsys state and
generic/488 will crash.

[23512.452451] [U] fuse: reading device: Software caused connection abort
[23512.453886] [U] fuse: reading device: Software caused connection abort

If we're not lucky, it corrupts the ondisk filesystem resulting in a
e2fsck complaining as well.

Cc: linux-ext4@vger.kernel.org # v1.43
Fixes: 81cbf1ef4f5dab ("misc: add fuse2fs, a FUSE server for e2fsprogs")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20250709165152.GE2672022@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>