Linux/FUSE: tune FUSE 3 init config and fix error mapping#1675
Linux/FUSE: tune FUSE 3 init config and fix error mapping#1675abhinavagarwal07 wants to merge 2 commits intoveracrypt:masterfrom
Conversation
Set use_ino so the kernel honors the inode numbers already assigned by getattr/readdir instead of synthesizing its own. Set entry_timeout and negative_timeout to 86400 s because VeraCrypt exposes a fixed three-entry filesystem whose layout never changes for the lifetime of a mount. Keep attr_timeout conservative (1 s) since the control-file size may change once during initial setup. These settings eliminate redundant kernel-to-userspace round-trips on every stat/lookup without affecting correctness.
EINTR tells the kernel the operation was interrupted by a signal and should be retried, which causes callers to loop indefinitely on persistent errors. EIO correctly signals an unrecoverable I/O error.
|
Thank you for the PR. I reviewed the change and I don't think this can be merged as-is. The The The problematic part is: cfg->entry_timeout = 86400.0;VeraCrypt auxiliary FUSE mount uses allow_other on Linux and relies on per-request fuse_get_context()->uid checks in userspace. For this reason, please remove the long entry_timeout change or rework the mount to use default_permissions and provide evidence that the existing mode bits and access model remain correct for VeraCrypt auxiliary mount. I would also avoid changing permission-sensitive lookup caching unless we have a runtime test covering cross-user access behavior with allow_other. There is also a smaller issue: the commit/PR description still says negative_timeout is set to 86400 seconds, but the final code no longer sets negative_timeout. Please update the description/commit message so it matches the submitted code. |
| cfg->gid = FuseService::GetGroupId(); | ||
|
|
||
| cfg->use_ino = 1; | ||
| cfg->entry_timeout = 86400.0; |
There was a problem hiding this comment.
VeraCrypt auxiliary FUSE mount uses allow_other on Linux and relies on userspace fuse_get_context()->uid checks for access control. libfuse documents a known security issue with allow_other when default_permissions is not used: permission-check results for cached directory entries may be reused for later accesses, including accesses by another user, while the inode remains in kernel cache.
Setting entry_timeout to 24 hours expands that risk for a security-sensitive mount. Please either remove this entry_timeout change or rework the mount to use default_permissions and provide validation that cross-user access behavior remains correct.
2 participants
Two small fixes for the FUSE layer, building on cdc00dc.
VeraCrypt exposes a fixed three-entry filesystem (
/,/volume,/control) that never changes during a mount. With the default 1sentry_timeout, the kernel revalidates every dentry once per second — unnecessary round-trips to userspace that add up since the loop device and upper filesystem trigger frequent lookups.ExceptionToErrorCode()was returning EINTR for unknown exceptions. EINTR means "interrupted by signal, retry".