Hi, I've first discovered this on my debian unstable laptop running "Linux glados 5.18.0-3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.14-1 (2022-07-23) x86_64 GNU/Linux" while implementing a policy for xdg-desktop-portal which uses a fusefs. The issue was reproducible in a VM using sshfs. I am not sure if this is user error or an oversight. Steps to reproduce: 1. Install sshfs (or another fusefs) 2. Ensure the policy has a `(fsuse xattr "fuse" mycontext)` statement 3. Attempt to Mount a sshfs 4. Attempt to run sync The sshfs program will hang forever in the mount syscall, while the sync program will hang forever in the sync syscall. My theory on what is happening: 1. fusermount calls the mount syscall 2. The filesystem superblock is inserted into the global list, however it isn't mounted anywhere and the lock is held. 3. The SELinux mount hook is called. 4. As per policy the sb_check_xattr_support function is called. 5. sb_check_xattr_support will issue a getxattr request on the root inode of the fuse filesystem 6. The getxattr operation is transmitted (I don't know how) to the userspace program fusermount This leads to a deadlock, since fusermount is inside the mount syscall it won't respond to the getxattr operation required to finish mounting. At the same time the filesystem super block has already been inserted into a global list, meaning that the sync syscall will now hang (forever). Terminating the sshfs program will interrupt the syscall. SELinux will print an error, the filesystem is removed from the global list and the sync syscall can continue. A few logs from my laptop during shutdown that match my observations:
Aug 11 00:46:01 glados systemd[1]: session-1.scope: Stopping timed out. Killing.
PID 1 starts killing my normal user process, including the stuck xdg-desktop-portal / fusermount.
Aug 11 00:46:01 glados kernel: SELinux: (dev fuse, type fuse) getxattr errno 4
This is a warning from the sb_check_xattr_support function, because the getxattr request was interrupted (EINTR: 4)
Aug 11 00:44:31 glados audit[105683]: SYSCALL arch=c000003e syscall=165 success=no exit=-4 a0=55d5501f22d0 a1=55d55018b7bb a2=55d5501f2240 a3=6 items=0 ppid=1947 pid=105683 auid=1001 uid=1001 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4 comm="fusermount3" exe="/usr/bin/fusermount3" subj=user.user:user.role:xdg.document_portal.type:s0-s0:c0.c1023 key=(null) Aug 11 00:44:31 glados audit: PROCTITLE proctitle="(null)"
These are the audit logs, indicating the the mount syscall from xdg-desktop-portal has returned with EINTR.
Aug 11 00:46:01 glados xdg-document-portal[1947]: error: fuse init failed: Can't mount path /run/user/1001/doc
And finally xdg-document-portal complains about being unable to actually mount the filesystem. And the logs showing where sync hangs:
Aug 09 11:11:51 glados kernel: INFO: task sync:44108 blocked for more than 1208 seconds. Aug 09 11:11:51 glados kernel: Not tainted 5.18.0-3-amd64 #1 Debian 5.18.14-1 Aug 09 11:11:51 glados kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Aug 09 11:11:51 glados kernel: task:sync state:D stack: 0 pid:44108 ppid: 37268 flags:0x00004004 Aug 09 11:11:51 glados kernel: Call Trace: Aug 09 11:11:51 glados kernel: <TASK> Aug 09 11:11:51 glados kernel: __schedule+0x30b/0x9f0 Aug 09 11:11:51 glados kernel: schedule+0x4e/0xb0 Aug 09 11:11:51 glados kernel: rwsem_down_read_slowpath+0x33b/0x380 Aug 09 11:11:51 glados kernel: ? __x64_sys_tee+0xd0/0xd0 Aug 09 11:11:51 glados kernel: iterate_supers+0x6f/0xf0 Aug 09 11:11:51 glados kernel: ksys_sync+0x40/0xa0 Aug 09 11:11:51 glados kernel: __do_sys_sync+0xa/0x20 Aug 09 11:11:51 glados kernel: do_syscall_64+0x38/0xc0 Aug 09 11:11:51 glados kernel: entry_SYSCALL_64_after_hwframe+0x61/0xcb Aug 09 11:11:51 glados kernel: RIP: 0033:0x7ff78490b347 Aug 09 11:11:51 glados kernel: RSP: 002b:00007fff979d3958 EFLAGS: 00000202 ORIG_RAX: 00000000000000a2 Aug 09 11:11:51 glados kernel: RAX: ffffffffffffffda RBX: 00007fff979d3a98 RCX: 00007ff78490b347 Aug 09 11:11:51 glados kernel: RDX: 00007ff7849eb801 RSI: 0000000000000000 RDI: 00007ff7849afde5 Aug 09 11:11:51 glados kernel: RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 Aug 09 11:11:51 glados kernel: R10: fffffffffffffb7d R11: 0000000000000202 R12: 0000000000000000 Aug 09 11:11:51 glados kernel: R13: 0000000000000000 R14: 000055ad930da0fb R15: 000055ad930dcd00 Aug 09 11:11:51 glados kernel: </TASK>
Thanks, Jonathan Hettwer -- bauen1
