Re: [PATCH 4/6] fuse: enable close_wait synchronous release

From: Maxim Patlasov
Date: Mon Aug 25 2014 - 11:27:37 EST


On 08/22/2014 06:04 PM, Miklos Szeredi wrote:
On Thu, Aug 21, 2014 at 6:09 PM, Maxim Patlasov <MPatlasov@xxxxxxxxxxxxx> wrote:
The patch enables the feature by passing 'true' to fuse_file_put in
fuse_release_common.

Previously, this was safe only in special cases when we sure that
multi-threaded userspace won't deadlock if we'll synchronously send
FUSE_RELEASE in the context of read-ahead or write-back callback. Now, it's
always safe because callbacks don't send requests to userspace anymore.
But we do want to make this privileged, as there are unlikely but
possible DoS scenarios with a sync release.

The latest patch of the set implements DISABLE_SYNC_RELEASE mount option. We can instrument fusermount to use the option by default for unprivileged mounts (allowing system administrator to configure it like "user_allow_other"). Do you have a better way to implement DoS protection in mind?

Thanks,
Maxim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/