From 069745b21b90709a863ae5f62fb746667768f989 Mon Sep 17 00:00:00 2001 From: Bernd Schubert Date: Tue, 15 Jul 2025 20:09:17 +0200 Subject: Avoid double unmount on FUSE_DESTROY This is a long standing issue, a system could have unmounted /path/to/mnt and then fuse-client/kernel would send FUSE_DESTROY, which would then again try a umount. Given that FUSE_DESTROY is async, that umount might arrive any time later and might possibly unmount a wrong mount point. A warning as in issue #1286 is just minor to that. Code wise this uses atomics to free the char *, as FUSE_DESTROY might race with a signal and a double free might be possible without proctection. A lock might run into the same issue, if the signal would arrive at the wrong time a double lock would be possible. Additionally, fuse_session_mount() is updated, to first duplicatate the pointer and to then do the kernel mount - reverting the kernel mount in case of strdup() failure is much harder. Closes: https://github.com/libfuse/libfuse/issues/1286 Signed-off-by: Bernd Schubert (cherry picked from commit d8253770ac2cf4b8769e8cf41eb3c629f30ee80f) --- lib/fuse_i.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/fuse_i.h') diff --git a/lib/fuse_i.h b/lib/fuse_i.h index 718fa14..acf9d5a 100644 --- a/lib/fuse_i.h +++ b/lib/fuse_i.h @@ -13,6 +13,7 @@ #include #include #include +#include #define MIN(a, b) \ ({ \ @@ -54,7 +55,7 @@ struct fuse_notify_req { }; struct fuse_session { - char *mountpoint; + _Atomic(char *)mountpoint; volatile int exited; int fd; struct fuse_custom_io *io; -- cgit v1.2.3