Bug 838609 - guestmount + fusermount allows a race condition when unmounting and immediately using the disk image
Summary: guestmount + fusermount allows a race condition when unmounting and immediate...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs
Version: 6.3
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 838592
Blocks: 835466
TreeView+ depends on / blocked
 
Reported: 2012-07-09 15:17 UTC by Richard W.M. Jones
Modified: 2013-02-21 08:38 UTC (History)
8 users (show)

Fixed In Version: libguestfs-1.16.30-2.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 838592
Environment:
Last Closed: 2013-02-21 08:38:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0324 normal SHIPPED_LIVE libguestfs bug fix and enhancement update 2013-02-20 20:54:42 UTC

Description Richard W.M. Jones 2012-07-09 15:17:54 UTC
+++ This bug was initially created as a clone of Bug #838592 +++

The current design of guestmount allows a race condition when
unmounting a disk image:

  guestmount -a disk.img -i /mnt
  # copy things into /mnt
  fusermount -u /mnt
  # immediately try to use 'disk.img' <-- UNSAFE

The problem is that guestmount cleanup happens asynchronously
after fusermount has returned.  It is not safe to use 'disk.img'
until guestmount has exited, but there is no simple way to tell
when it has exited.

Suggest adding 'guestmount --pid-file=...' option so that a
PID file can be written, and then programs can wait for the PID
to exit after the fusermount.

Also we should document this.

--- Additional comment from pbrady@redhat.com on 2012-07-09 10:44:37 EDT ---

The same issue is referenced here:
http://code.google.com/p/s3ql/issues/detail?id=159
which in turn references this thread on the subject from 2006:
http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/3903
And another case from 2008:
http://permalink.gmane.org/gmane.comp.file-systems.fuse.devel/6502

So it's been on the TODO list for 6 years.

--- Additional comment from rjones@redhat.com on 2012-07-09 11:14:46 EDT ---

Patches posted:

https://www.redhat.com/archives/libguestfs/2012-July/msg00027.html

Only patches 1, 3 and 4 are really relevant to this bug.
Patch 2 is a doc fix in a related part of the man page.

Comment 2 Mohua Li 2012-11-08 08:50:47 UTC
the time might quite short, after fusermount return, and before guestmount finished cleanup, so not quite easy to reproduce, any suggestion for this, Rich?

Comment 3 Richard W.M. Jones 2012-11-08 08:58:52 UTC
I think you just need to check that RHEL 6.4 guestmount
has the --pid-file option.

The race condition has *not* been fixed (and cannot be fixed).
The fix is for callers -- OpenStack in this case -- to use
the guestmount --pid-file option.

$ guestmount --version
guestmount 1.16.32rhel=6,release=3.el6
$ guestmount --pid-file
guestmount: option '--pid-file' requires an argument
Try `guestmount --help' for more information.

Comment 4 Richard W.M. Jones 2012-11-08 09:01:25 UTC
.. and check that --pid-file actually writes a PID file!

Comment 5 Mohua Li 2012-11-08 11:48:56 UTC
[root@station2 tmp]# guestmount --version
guestmount 1.16.32rhel=6,release=3.el6


the solution is "Suggest adding 'guestmount --pid-file=...' option so that a
PID file can be written, and then programs can wait for the PID
to exit after the fusermount."

[root@station2 tmp]# guestmount --pid-file pid  -a RHEL-Server-5.9-32-pv.raw -i test 
[root@station2 tmp]# cat pid
6043

so other program could get the pid from file, and wait for the $pid process to exit, to avoid the race condition,

Comment 7 errata-xmlrpc 2013-02-21 08:38:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0324.html


Note You need to log in before you can comment on or make changes to this bug.