Hi bugs@,
I am new to OpenBSD. I've been trying to port a Go program
to OpenBSD and I had to mess with FUSE and mount(2) with root
privileges.
During testing I've managed to make the program hang and become
unkillable (SIG{TERM,ABORT,KILL} do not work), when I passed fd=0,
instead of the opened file descriptor of /dev/fuse0. After some more
testing I've rendered the system unusable, it hanged and the CPU fan
ramped up.
I've managed to make a small PoC in C to demonstrate the issue.
> #include <stdio.h>
> #include <sys/mount.h>
>
> int main() {
> struct fusefs_args fargs = {0};
> int mnt_flags = 0;
>
> fargs.fd = 0; // the culprit
> fargs.max_read = (4096*1024);
> fargs.allow_other = 0;
> if (mount(MOUNT_FUSEFS, "./mount", mnt_flags, &fargs)) {
> perror(__func__);
> return 1;
> }
>
> return 0;
> }
I have to run the PoC three times with root privileges (doas) before the
system hangs. I have 2 cores (+ 2 unused threads). There is a "./mount"
directory in PoC development directory.
The kernel I am running:
> $ uname -mprsv
> OpenBSD 7.6 GENERIC.MP#338 amd64 amd64
Kind regards,
Marin Ivanov
