fuse: fix race between inode creation and invalidation #80
+31
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is a race condition between fuse_iget() and fuse_reverse_inval_inode() where an invalidation request can arrive while an inode is still being initialized. This can lead to the invalidation being lost, causing stale inode attributes to persist. The race occurs when: 1. fuse_iget() is called to create/initialize an inode 2. Before fuse_change_attributes_i() completes, fuse_reverse_inval_inode() is called for the same inode 3. The invalidation updates attr_version, but the subsequent fuse_change_attributes_i() overwrites it, losing the invalidation Fix this by introducing a delayed invalidation mechanism using attr_version as a state indicator: - attr_version == 0: inode initialization in progress (fuse_iget not done) - attr_version == 1: delayed invalidation marker - attr_version > 1: normal operation When fuse_reverse_inval_inode() encounters an inode with attr_version == 0, it marks it with attr_version = 1 instead of performing immediate invalidation. After fuse_iget() completes fuse_change_attributes_i(), it checks for the delayed invalidation marker (attr_version == 1) and performs the invalidation at that point. This ensures invalidation requests are not lost during inode initialization, maintaining cache coherency. Signed-off-by: Guang Yuan Wu <gwu@ddn.com> Applied-by: Horst Birthelmer <hbirthelmer@ddn.com>
bsbernd
reviewed
Jan 15, 2026
| fi = get_fuse_inode(inode); | ||
| spin_lock(&fi->lock); | ||
|
|
||
| if (fi->attr_version == 0) |
Collaborator
There was a problem hiding this comment.
Just return -EAGAIN and let userspace handle it?
Collaborator
There was a problem hiding this comment.
The alternative would be too add a waitq
bsbernd
reviewed
Jan 15, 2026
| evict_ctr); | ||
|
|
||
| spin_lock(&fi->lock); | ||
| if (fi->attr_version == 1) /* delayed inode invalidation */ |
Collaborator
There was a problem hiding this comment.
I must be missing something, somehow I think this is always true? fuse_change_attributes_common() increases to 1?
bsbernd
reviewed
Jan 15, 2026
| * evict_ctr == fuse_get_evict_ctr() -> no evicts while during request | ||
| */ | ||
| if (!evict_ctr || fi->attr_version || evict_ctr == fuse_get_evict_ctr(fc)) | ||
| if (!evict_ctr || fi->attr_version > 1 || evict_ctr == fuse_get_evict_ctr(fc)) |
Collaborator
There was a problem hiding this comment.
Why these changes >1, same as >0?
bsbernd
reviewed
Jan 15, 2026
|
|
||
| fi->attr_version = atomic64_inc_return(&fc->attr_version); | ||
| if (fi->attr_version != 1) /* fuse_iget() handle if attr_version == 1 */ | ||
| fi->attr_version = atomic64_inc_return(&fc->attr_version); |
Collaborator
There was a problem hiding this comment.
What is if this is later on called?
Collaborator
There was a problem hiding this comment.
Let's assume there is no invalidate, and just two times fuse_change_attributes_common() from two different calls.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note that for properly testing this we need multiple clients and mount points