!77 [sync] PR-74: fix loading of modules

From: @openeuler-sync-bot 
Reviewed-by: @swf504 
Signed-off-by: @swf504

0003-Fix-fd-leak-with-clone_fd.patch

@@ -0,0 +1,55 @@
+From 2da64ec9a37d684b73882574f391f9ad366b3c0d Mon Sep 17 00:00:00 2001
+From: Frank Dinoff <fdinoff@google.com>
+Date: Mon, 21 Mar 2022 13:13:21 -0400
+Subject: [PATCH] Fix fd leak with clone_fd
+
+do_interrupt would destroy_req on the request without decrementing the
+channel's refcount. With clone_fd this could leak file descriptors if
+the worker thread holding the cloned fd was destroyed. (Only
+max_idle_threads are kept).
+---
+ lib/fuse_lowlevel.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
+index b5638fc..3a1e7d8 100644
+--- a/lib/fuse_lowlevel.c
++++ b/lib/fuse_lowlevel.c
+@@ -123,6 +123,7 @@ static void list_add_req(struct fuse_req *req, struct fuse_req *next)
+ 
+ static void destroy_req(fuse_req_t req)
+ {
++	assert(req->ch == NULL);
+ 	pthread_mutex_destroy(&req->lock);
+ 	free(req);
+ }
+@@ -1712,8 +1713,11 @@ static int find_interrupted(struct fuse_session *se, struct fuse_req *req)
+ 
+ 			pthread_mutex_lock(&se->lock);
+ 			curr->ctr--;
+-			if (!curr->ctr)
++			if (!curr->ctr) {
++				fuse_chan_put(req->ch);
++				req->ch = NULL;
+ 				destroy_req(curr);
++			}
+ 
+ 			return 1;
+ 		}
+@@ -1739,9 +1743,11 @@ static void do_interrupt(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+ 	req->u.i.unique = arg->unique;
+ 
+ 	pthread_mutex_lock(&se->lock);
+-	if (find_interrupted(se, req))
++	if (find_interrupted(se, req)) {
++		fuse_chan_put(req->ch);
++		req->ch = NULL;
+ 		destroy_req(req);
+-	else
++	} else
+ 		list_add_req(req, &se->interrupts);
+ 	pthread_mutex_unlock(&se->lock);
+ }
+-- 
+2.24.0.windows.2
+

0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch

@@ -0,0 +1,30 @@
+From 9e1601add411511c94527f6f7f6f071729b0c52c Mon Sep 17 00:00:00 2001
+From: Frank Dinoff <fdinoff@google.com>
+Date: Tue, 26 Jul 2022 15:49:01 -0400
+Subject: [PATCH] Use destroy_req instead of free to destroy fuse_req
+
+If we get the interrupt before the fuse op, the fuse_req is deleted without
+decrementing the refcount on the cloned file descriptor. This leads to a
+leak of the cloned /dev/fuse file descriptor.
+---
+ lib/fuse_lowlevel.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
+index e5de2a5..e82cd9e 100644
+--- a/lib/fuse_lowlevel.c
++++ b/lib/fuse_lowlevel.c
+@@ -1762,7 +1762,9 @@ static struct fuse_req *check_interrupt(struct fuse_session *se,
+ 		if (curr->u.i.unique == req->unique) {
+ 			req->interrupted = 1;
+ 			list_del_req(curr);
+-			free(curr);
++			fuse_chan_put(curr->ch);
++			curr->ch = NULL;
++			destroy_req(curr);
+ 			return NULL;
+ 		}
+ 	}
+-- 
+2.33.0
+

0005-Fix-use-after-free-warning.patch

@@ -0,0 +1,51 @@
+From f2144c6c3a0d4eda5f8384b56cdeb5193a3c06ef Mon Sep 17 00:00:00 2001
+From: Matthias Goergens <matthias.goergens@gmail.com>
+Date: Tue, 28 Mar 2023 13:35:56 +0800
+Subject: [PATCH] Fix use-after-free warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When building, I get the following warning:
+
+```bash
+$ ninja
+[18/71] Compiling C object lib/libfuse3.so.3.14.1.p/modules_iconv.c.o
+../lib/modules/iconv.c: In function ‘iconv_convpath’:
+../lib/modules/iconv.c:85:38: warning: pointer ‘newpath’ may be used after ‘realloc’ [-Wuse-after-free]
+   85 |                         p = tmp + (p - newpath);
+      |                                   ~~~^~~~~~~~~~
+../lib/modules/iconv.c:80:31: note: call to ‘realloc’ here
+   80 |                         tmp = realloc(newpath, newpathlen + 1);
+      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+[71/71] Linking target example/passthrough_hp
+```
+
+It's a false positive,  I thinks.  But it's also easy to silence this
+warning with a small refactor.
+---
+ lib/modules/iconv.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/modules/iconv.c b/lib/modules/iconv.c
+index 3d18a36..a0bf72b 100644
+--- a/lib/modules/iconv.c
++++ b/lib/modules/iconv.c
+@@ -77,12 +77,13 @@ static int iconv_convpath(struct iconv *ic, const char *path, char **newpathp,
+ 
+ 			inc = (pathlen + 1) * 4;
+ 			newpathlen += inc;
++			int dp = p - newpath;
+ 			tmp = realloc(newpath, newpathlen + 1);
+ 			err = -ENOMEM;
+ 			if (!tmp)
+ 				goto err;
+ 
+-			p = tmp + (p - newpath);
++			p = tmp + dp;
+ 			plen += inc;
+ 			newpath = tmp;
+ 		}
+-- 
+2.33.0
+

0006-Disable-leak-suppression-773.patch

@@ -0,0 +1,28 @@
+From 34d9d2abf1da37961d4f0a2ad55dcf11ed46a33e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matthias=20G=C3=B6rgens?= <matthias.goergens@gmail.com>
+Date: Wed, 12 Apr 2023 15:40:18 +0800
+Subject: [PATCH] Disable leak suppression (#773)
+
+---
+ test/lsan_suppress.txt | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/test/lsan_suppress.txt b/test/lsan_suppress.txt
+index e054e7c..44703fc 100644
+--- a/test/lsan_suppress.txt
++++ b/test/lsan_suppress.txt
+@@ -1,11 +1 @@
+ # Suppression file for address sanitizer.
+-
+-# There are some leaks in command line option parsing. They should be
+-# fixed at some point, but are harmless since the consume just a small,
+-# constant amount of memory and do not grow.
+-leak:fuse_opt_parse
+-
+-
+-# Leaks in fusermount3 are harmless as well (it's a short-lived
+-# process) - but patches are welcome!
+-leak:fusermount.c
+-- 
+2.33.0
+

0007-Fix-memory-leak-in-high-level-API-781.patch

@@ -0,0 +1,69 @@
+From 2ecbbb7e091c8fefe099ac9df4a90fc6d6e07a7a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matthias=20G=C3=B6rgens?= <matthias.goergens@gmail.com>
+Date: Fri, 14 Apr 2023 19:19:03 +0800
+Subject: [PATCH] Fix memory leak in high level API (#781)
+
+Previously, in the high level API if we received a signal between
+setting up signal handlers and processing INIT, we would leak
+
+```
+$ ./example/hello -s -d -f mountpoint/
+[9/9] Linking target example/hello_ll
+FUSE library version: 3.14.1
+nullpath_ok: 0
+
+=================================================================
+==178330==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 352 byte(s) in 1 object(s) allocated from:
+    #0 0x7fbb19abf411 in __interceptor_calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:77
+    #1 0x7fbb1a0efd3b in fuse_fs_new ../lib/fuse.c:4814
+    #2 0x7fbb1a0f02b5 in fuse_new_31 ../lib/fuse.c:4913
+    #3 0x7fbb1a10ec5e in fuse_main_real ../lib/helper.c:345
+    #4 0x5625db8ab418 in main ../example/hello.c:176
+    #5 0x7fbb1983c78f  (/usr/lib/libc.so.6+0x2378f)
+
+SUMMARY: AddressSanitizer: 352 byte(s) leaked in 1 allocation(s).
+```
+
+That's because `fuse_lowlevel.c`s `fuse_session_destroy` would only call
+the user supplied `op.destroy`, if INIT had been processed, but the high
+level API relied on `op.destroy` to free `f->fs`.
+
+This patch moves the freeing into `fuse_destroy` that will always be
+called by our high-level API.
+---
+ lib/fuse.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/fuse.c b/lib/fuse.c
+index a95d7c1..ff5d91b 100644
+--- a/lib/fuse.c
++++ b/lib/fuse.c
+@@ -2670,7 +2670,6 @@ void fuse_fs_destroy(struct fuse_fs *fs)
+ 		fs->op.destroy(fs->user_data);
+ 	if (fs->m)
+ 		fuse_put_module(fs->m);
+-	free(fs);
+ }
+ 
+ static void fuse_lib_destroy(void *data)
+@@ -2679,7 +2678,6 @@ static void fuse_lib_destroy(void *data)
+ 
+ 	fuse_create_context(f);
+ 	fuse_fs_destroy(f->fs);
+-	f->fs = NULL;
+ }
+ 
+ static void fuse_lib_lookup(fuse_req_t req, fuse_ino_t parent,
+@@ -5100,6 +5098,7 @@ void fuse_destroy(struct fuse *f)
+ 	free(f->name_table.array);
+ 	pthread_mutex_destroy(&f->lock);
+ 	fuse_session_destroy(f->se);
++	free(f->fs);
+ 	free(f->conf.modules);
+ 	free(f);
+ 	fuse_delete_context_key();
+-- 
+2.33.0
+

0008-Fix-file-leak-in-high-level-API.patch

@@ -0,0 +1,43 @@
+From f1e373d9af5b50a0f9a279eb8d8d3a327c9d5ef3 Mon Sep 17 00:00:00 2001
+From: Peri <peri@srdi.org>
+Date: Thu, 11 May 2023 02:38:46 +0100
+Subject: [PATCH] Fix file leak in high level API
+
+Added a secondary check in fuse_lib_unlink() after hide_node()
+to check again under a lock if the (now hidden) file is still open.
+If not then delete it.
+
+This should synchronise fuse_lib_unlink() with fuse_lib_release(),
+when nullpath_ok is set.
+---
+ lib/fuse.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/lib/fuse.c b/lib/fuse.c
+index ff5d91b..5099601 100644
+--- a/lib/fuse.c
++++ b/lib/fuse.c
+@@ -3014,6 +3014,20 @@ static void fuse_lib_unlink(fuse_req_t req, fuse_ino_t parent,
+ 		fuse_prepare_interrupt(f, req, &d);
+ 		if (!f->conf.hard_remove && is_open(f, parent, name)) {
+ 			err = hide_node(f, path, parent, name);
++			if (!err) {
++				/* we have hidden the node so now check again under a lock in case it is not used any more */
++				if (!is_open(f, parent, wnode->name)) {
++					char *unlinkpath;
++
++					/* get the hidden file path, to unlink it */
++					if (try_get_path(f, wnode->nodeid, NULL, &unlinkpath, NULL, false) == 0) {
++						err = fuse_fs_unlink(f->fs, unlinkpath);
++						if (!err)
++							remove_node(f, parent, wnode->name);
++						free(unlinkpath);
++					}
++				}
++			}
+ 		} else {
+ 			err = fuse_fs_unlink(f->fs, path);
+ 			if (!err)
+-- 
+2.33.0
+

0009-Fix-loading-of-FUSE-modules.patch

@@ -0,0 +1,52 @@
+From d1097c2bdb45e9f40fbc8c5887e61df4897274ff Mon Sep 17 00:00:00 2001
+From: Goswin von Brederlow <goswin-v-b@web.de>
+Date: Fri, 13 Jan 2023 10:36:52 +0100
+Subject: [PATCH] Fix loading of FUSE modules
+
+dlsym returns the address of the module factory symbol, not the actual function (#722)
+pointer. Change the type of `factory` to `fuse_module_factory_t*` to reflect
+this and then dereference it when registering the module.
+
+This is a followup to d92bf83, which introduced a NULL pointer dereference
+when dlsym returns NULL, and 8ec7fd9, which reverted it back to not
+dereferencing the symbol at all.
+
+Fixes: #721
+
+Co-authored-by: Goswin von Brederlow <brederlo@q-leap.de>
+---
+ lib/fuse.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/fuse.c b/lib/fuse.c
+index 5099601..31d5c58 100644
+--- a/lib/fuse.c
++++ b/lib/fuse.c
+@@ -252,7 +252,7 @@ static int fuse_load_so_module(const char *module)
+ 	int ret = -1;
+ 	char *tmp;
+ 	struct fusemod_so *so;
+-	fuse_module_factory_t factory;
++	fuse_module_factory_t *factory;
+ 
+ 	tmp = malloc(strlen(module) + 64);
+ 	if (!tmp) {
+@@ -274,13 +274,13 @@ static int fuse_load_so_module(const char *module)
+ 	}
+ 
+ 	sprintf(tmp, "fuse_module_%s_factory", module);
+-	*(void**)(&factory) = dlsym(so->handle, tmp);
++	factory = (fuse_module_factory_t*)dlsym(so->handle, tmp);
+ 	if (factory == NULL) {
+ 		fuse_log(FUSE_LOG_ERR, "fuse: symbol <%s> not found in module: %s\n",
+ 			tmp, dlerror());
+ 		goto out_dlclose;
+ 	}
+-	ret = fuse_register_module(module, factory, so);
++	ret = fuse_register_module(module, *factory, so);
+ 	if (ret)
+ 		goto out_dlclose;
+ 
+-- 
+2.33.0
+

fuse3.spec

@@ -2,7 +2,7 @@
 
 Name:    fuse3
 Version: %{fuse3ver}
-Release: 4
+Release: 9
 Summary: User space File System of fuse3
 License: GPL+ and LGPLv2+
 URL:     http://fuse.sf.net
@@ -11,6 +11,13 @@ Source1: fuse.conf
 
 Patch1:        0001-fix-chown-and-mknod-failed.patch
 Patch2:        0002-revert-fuse_daemonize-chdir-to-even-if-not-run.patch
+Patch3:        0003-Fix-fd-leak-with-clone_fd.patch
+Patch4:        0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch
+Patch5:        0005-Fix-use-after-free-warning.patch
+Patch6:        0006-Disable-leak-suppression-773.patch
+Patch7:        0007-Fix-memory-leak-in-high-level-API-781.patch
+Patch8:	       0008-Fix-file-leak-in-high-level-API.patch
+Patch9:	       0009-Fix-loading-of-FUSE-modules.patch
 
 BuildRequires: libselinux-devel, pkgconfig, systemd-udev, meson, fdupes
 BuildRequires: autoconf, automake, libtool, gettext-devel, ninja-build
@@ -101,6 +108,21 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}
 %{_mandir}/man8/*
 
 %changelog
+* Mon Apr 1 2024 yangyun <yangyun50@huawei.com> -3.10.5-9
+- fix loading of modules
+
+* Sat Mar 30 2024 yangyun <yangyun50@huawei.com> -3.10.5-8
+- fix file leak in high level API
+
+* Thu Feb 8 2024 yangyun <yangyun50@huawei.com> -3.10.5-7
+- fix memory leak in high level API
+
+* Thu Jun 8 2023 volcanodragon <linfeilong@huawei.com> -3.10.5-6
+- Sync fome patches
+
+* Wed Dec 7 2022 Zhiqiang Liu <liuzhiqiang26@huawei.com> -3.10.5-5
+- fix fd leak with clone_fd
+
 * Fri Nov 4 2022 zhanchengbin <zhanchengbin1@huawei.com> -3.10.5-4
 - Synchronize Version