fs/fuse/backing.c | 14 ++++++++++++++ fs/fuse/dev.c | 5 +++++ fs/fuse/fuse_i.h | 1 + fs/fuse/iomode.c | 2 +- fs/fuse/passthrough.c | 11 +++++++++++ include/uapi/linux/fuse.h | 2 ++ 6 files changed, 34 insertions(+), 1 deletion(-)
To simplify FUSE daemon crash recovery and reduce performance overhead,
passthrough backing_id information is not persisted. However, this
approach introduces two challenges after daemon restart:
1. Non-persistent backing_ids prevent proper resource cleanup, leading
to resource leaks.
2. New backing_ids allocated for the same FUSE file cause -EIO errors
due to strict fuse_backing validation in
fuse_inode_uncached_io_start(), even when accessing the same
backing file. This persists until all previously opened files are
closed.
There are common scenarios where reusing the cached fuse_inode->fb is
safe:
Scenario 1: The same backing file (with identical inode) is
re-registered after recovery.
Scenario 2: In a read-only FUSE filesystem, the backing file may be
cleaned up and re-downloaded (resulting in a different
inode, but identical content).
Proposed Solution:
1. Enhance fuse_dev_ioctl_backing_close() to support closing all
backing_ids at once, enabling comprehensive resource cleanup after
restart.
2. Introduce the FOPEN_PASSTHROUGH_INODE_CACHE flag. When set during
fuse_open(), the kernel prioritizes reusing the existing
fuse_backing cached in fuse_inode, falling back to the
backing_id-associated fb only if the cache is empty.
I'd appreciate any feedback on whether there are better approaches or
potential improvements to this solution.
Thanks.
---
Chunsheng Luo (2):
fuse: add close all in passthrough backing close for crash recovery
fuse: Add new flag to reuse the backing file of fuse_inode
fs/fuse/backing.c | 14 ++++++++++++++
fs/fuse/dev.c | 5 +++++
fs/fuse/fuse_i.h | 1 +
fs/fuse/iomode.c | 2 +-
fs/fuse/passthrough.c | 11 +++++++++++
include/uapi/linux/fuse.h | 2 ++
6 files changed, 34 insertions(+), 1 deletion(-)
--
2.43.0
On Thu, Jan 15, 2026 at 03:20:29PM +0800, Chunsheng Luo wrote: > To simplify FUSE daemon crash recovery and reduce performance overhead, > passthrough backing_id information is not persisted. However, this > approach introduces two challenges after daemon restart: > > 1. Non-persistent backing_ids prevent proper resource cleanup, leading > to resource leaks. > 2. New backing_ids allocated for the same FUSE file cause -EIO errors > due to strict fuse_backing validation in > fuse_inode_uncached_io_start(), even when accessing the same > backing file. This persists until all previously opened files are > closed. > > There are common scenarios where reusing the cached fuse_inode->fb is > safe: > > Scenario 1: The same backing file (with identical inode) is > re-registered after recovery. > Scenario 2: In a read-only FUSE filesystem, the backing file may be > cleaned up and re-downloaded (resulting in a different > inode, but identical content). That is just not acceptable by design, regardless of server restart. fuse passthrough may be configured per individual file open, but all fd referring to the same fuse inode need to passthrough to the same backing inode. If your server want to serve different fd of same fuse inode from different backing files (no matter if they claim to have the same content), server needs to do that with FOPEN_DIRECT_IO, it cannot do that with FOPEN_PASSTHROUGH. Thanks, Amir. > > Proposed Solution: > > 1. Enhance fuse_dev_ioctl_backing_close() to support closing all > backing_ids at once, enabling comprehensive resource cleanup after > restart. > > 2. Introduce the FOPEN_PASSTHROUGH_INODE_CACHE flag. When set during > fuse_open(), the kernel prioritizes reusing the existing > fuse_backing cached in fuse_inode, falling back to the > backing_id-associated fb only if the cache is empty. > > I'd appreciate any feedback on whether there are better approaches or > potential improvements to this solution. > > Thanks. > --- > Chunsheng Luo (2): > fuse: add close all in passthrough backing close for crash recovery > fuse: Add new flag to reuse the backing file of fuse_inode > > fs/fuse/backing.c | 14 ++++++++++++++ > fs/fuse/dev.c | 5 +++++ > fs/fuse/fuse_i.h | 1 + > fs/fuse/iomode.c | 2 +- > fs/fuse/passthrough.c | 11 +++++++++++ > include/uapi/linux/fuse.h | 2 ++ > 6 files changed, 34 insertions(+), 1 deletion(-) > > -- > 2.43.0 >
On 1/15/26 11:43 PM, Amir Goldstein wrote: > On Thu, Jan 15, 2026 at 03:20:29PM +0800, Chunsheng Luo wrote: >> To simplify FUSE daemon crash recovery and reduce performance overhead, >> passthrough backing_id information is not persisted. However, this >> approach introduces two challenges after daemon restart: >> >> 1. Non-persistent backing_ids prevent proper resource cleanup, leading >> to resource leaks. >> 2. New backing_ids allocated for the same FUSE file cause -EIO errors >> due to strict fuse_backing validation in >> fuse_inode_uncached_io_start(), even when accessing the same >> backing file. This persists until all previously opened files are >> closed. >> >> There are common scenarios where reusing the cached fuse_inode->fb is >> safe: >> >> Scenario 1: The same backing file (with identical inode) is >> re-registered after recovery. >> Scenario 2: In a read-only FUSE filesystem, the backing file may be >> cleaned up and re-downloaded (resulting in a different >> inode, but identical content). > > That is just not acceptable by design, regardless of server restart. > > fuse passthrough may be configured per individual file open, but > all fd referring to the same fuse inode need to passthrough to the > same backing inode. > > If your server want to serve different fd of same fuse inode from > different backing files (no matter if they claim to have the same content), > server needs to do that with FOPEN_DIRECT_IO, it cannot do that with > FOPEN_PASSTHROUGH. > > Thanks, > Amir. > That's correct. A reference count for the backing files is certainly maintained before crash to prevent them from being garbage collected and to avoid different opens of the same fuse_inode from using different backing files. However, this count does not survive the crash recovery process. Consequently, the disk's garbage collection mechanism could subsequently delete these files. In this situation, we should consider how to prevent these files from being mistakenly garbage collected after a crash recovery. Thanks. Chunsheng Luo >> >> Proposed Solution: >> >> 1. Enhance fuse_dev_ioctl_backing_close() to support closing all >> backing_ids at once, enabling comprehensive resource cleanup after >> restart. >> >> 2. Introduce the FOPEN_PASSTHROUGH_INODE_CACHE flag. When set during >> fuse_open(), the kernel prioritizes reusing the existing >> fuse_backing cached in fuse_inode, falling back to the >> backing_id-associated fb only if the cache is empty. >> >> I'd appreciate any feedback on whether there are better approaches or >> potential improvements to this solution. >> >> Thanks. >> --- >> Chunsheng Luo (2): >> fuse: add close all in passthrough backing close for crash recovery >> fuse: Add new flag to reuse the backing file of fuse_inode >> >> fs/fuse/backing.c | 14 ++++++++++++++ >> fs/fuse/dev.c | 5 +++++ >> fs/fuse/fuse_i.h | 1 + >> fs/fuse/iomode.c | 2 +- >> fs/fuse/passthrough.c | 11 +++++++++++ >> include/uapi/linux/fuse.h | 2 ++ >> 6 files changed, 34 insertions(+), 1 deletion(-) >> >> -- >> 2.43.0 >> > >
© 2016 - 2026 Red Hat, Inc.