freebsd-src icon indicating copy to clipboard operation
freebsd-src copied to clipboard
verified publisher icon freebsd

fusefs: only search for FREAD fufh in readdir

Open CismonX opened this issue 6 months ago • 5 comments

The extra search for an FEXEC fufh shall be removed, since readdir is only supposed to be called on a directory opened with FREAD.

Also remove the fuse_filehandle_get_dir() function, since it's not used anywhere else.

CismonX avatar Jun 20 '25 11:06 CismonX

More background on this patch:

The fuse_filehandle_get_dir() function was introduced in commit f8d4af104b7d. This commit (unintentionally?) added an extra search for an FEXEC file handle in fuse_vnop_readdir(), which is not a valid access mode for getdirentries(), but should be harmless, since such syscalls fail with EBADF before VOP_READDIR().

fuse_filehandle_get_dir() was also called in fuse_vnop_close(), however, this usage was removed in commit 35cf0e7e56ca. Thus it should be okay to remove the function completely, since there's no longer any legitimate usage for getting a "FREAD or FEXEC" directory file handle.

CismonX avatar Jul 05 '25 12:07 CismonX

@asomers

Please review this patch, thanks!

CismonX avatar Jul 05 '25 12:07 CismonX

@asomers can you look at this please?

bsdimp avatar Jul 25 '25 16:07 bsdimp

kern_getdirentries does indeed require that the file be opened with FREAD. But that's not the only caller of VOP_READDIR. NFS calls it. So does autofs, and a few other places. I don't think we can assume that FREAD will always be set in fuse_vnop_readdir.

asomers avatar Jul 26 '25 02:07 asomers

kern_getdirentries does indeed require that the file be opened with FREAD. But that's not the only caller of VOP_READDIR. NFS calls it. So does autofs, and a few other places. I don't think we can assume that FREAD will always be set in fuse_vnop_readdir.

  • For those who call VOP_READDIR() without VOP_OPEN(), it fails, with or without this patch.
    • This includes autofs and a few others, notably mount with MNT_EMPTYDIR.
    • For NFS, there's already an implicit open in fuse_vnop_readdir(). Perhaps this could be applied beyond NFS? (provided that the server does not implement FUSE_OPENDIR)
  • For (potential) callers who call VOP_READDIR() on a directory explicitly opened with FEXEC, failing with EBADF should be the correct thing to do.
    • Actually, I'm yet to find an example for this case. The only remaining callers to VOP_READDIR() that may call it on a fusefs are unionfs and vop_stdvptocnp(). They both properly open the directory with FREAD before doing so.

CismonX avatar Jul 27 '25 21:07 CismonX