Opening a file with O_EXEC | O_CLOEXEC triggers Kernel Panic #1130
Description
Hi,
We've found a reliable way to trigger a Kernel Panic with macFUSE 5.1.2 on macOS 14.6.1 (Apple M3 Pro).
It’s not a regression, though — the problem also reproduces with macFUSE versions 4.6.0, 4.7.2, 4.8.0, 4.9.1, and 5.0.6.
To reproduce, it’s enough to open a file with the flags O_EXEC | O_CLOEXEC.
Stack trace
panic(cpu 2 caller 0xfffffe002d35b060): fuse: What kind of a flag is this (41000000)?
Debugger message: panic
Memory ID: 0xff
OS release type: User
OS version: 23G93
Kernel version: Darwin Kernel Version 23.6.0: Mon Jul 29 21:14:30 PDT 2024; root:xnu-10063.141.2~1/RELEASE_ARM64_T6030
Fileset Kernelcache UUID: 7A75AB37BBCA71CC5E90FA0EC90FCB46
Kernel UUID: DF5E3A0A-B57A-3C8E-B38F-4262F03E4D1C
Boot session UUID: 2606CA0E-C212-42F1-9A0E-11AB8C313DDF
iBoot version: iBoot-10151.140.19
secure boot?: YES
roots installed: 0
Paniclog version: 14
KernelCache slide: 0x0000000026448000
KernelCache base: 0xfffffe002d44c000
Kernel slide: 0x0000000026450000
Kernel text base: 0xfffffe002d454000
Kernel text exec slide: 0x000000002799c000
Kernel text exec base: 0xfffffe002e9a0000
mach_absolute_time: 0x15dddfff02
Epoch Time: sec usec
Boot : 0x6932c9c7 0x0009e626
Sleep : 0x00000000 0x00000000
Wake : 0x00000000 0x00000000
Calendar: 0x6932d908 0x000341d7
Zone info:
Zone map: 0xfffffe19ec5c0000 - 0xfffffe39ec5c0000
. VM : 0xfffffe19ec5c0000 - 0xfffffe1eb928c000
. RO : 0xfffffe1eb928c000 - 0xfffffe2052c24000
. GEN0 : 0xfffffe2052c24000 - 0xfffffe251f8f0000
. GEN1 : 0xfffffe251f8f0000 - 0xfffffe29ec5bc000
. GEN2 : 0xfffffe29ec5bc000 - 0xfffffe2eb9288000
. GEN3 : 0xfffffe2eb9288000 - 0xfffffe3385f54000
. DATA : 0xfffffe3385f54000 - 0xfffffe39ec5c0000
Metadata: 0xfffffe43dbbd0000 - 0xfffffe43e3bd0000
Bitmaps : 0xfffffe43e3bd0000 - 0xfffffe43ea4e8000
Extra : 0 - 0
CORE 0 recently retired instr at 0xfffffe002eb4b32c
CORE 1 recently retired instr at 0xfffffe002eb4b32c
CORE 2 recently retired instr at 0xfffffe002eb49bf8
CORE 3 recently retired instr at 0xfffffe002eb4b32c
CORE 4 recently retired instr at 0xfffffe002eb4b32c
CORE 5 recently retired instr at 0xfffffe002eb4b32c
CORE 6 recently retired instr at 0xfffffe002eb4b32c
CORE 7 recently retired instr at 0xfffffe002eb4b324
CORE 8 recently retired instr at 0xfffffe002eb4b32c
CORE 9 recently retired instr at 0xfffffe002eb4b32c
CORE 10 recently retired instr at 0xfffffe002eb4b32c
CORE 11 recently retired instr at 0xfffffe002eb4b32c
TPIDRx_ELy = {1: 0xfffffe251dbd2ff0 0: 0x0000000000000002 0ro: 0x00000001eada5020 }
CORE 0 PVH locks held: None
CORE 1 PVH locks held: None
CORE 2 PVH locks held: None
CORE 3 PVH locks held: None
CORE 4 PVH locks held: None
CORE 5 PVH locks held: None
CORE 6 PVH locks held: None
CORE 7 PVH locks held: None
CORE 8 PVH locks held: None
CORE 9 PVH locks held: None
CORE 10 PVH locks held: None
CORE 11 PVH locks held: None
CORE 0: PC=0x0000000182d71464, LR=0x0000000182d71494, FP=0x000000016f48e370
CORE 1: PC=0xfffffe002ea321b8, LR=0xfffffe002ea321b8, FP=0xfffffe43ebe07ef0
CORE 2 is the one that panicked. Check the full backtrace for details.
CORE 3: PC=0x000000018b2cfa24, LR=0x000000018b2cfaa0, FP=0x000000016d73e160
CORE 4: PC=0xfffffe002ea321b8, LR=0xfffffe002ea321b8, FP=0xfffffe43ec6bbef0
CORE 5: PC=0xfffffe002ea321b8, LR=0xfffffe002ea321b8, FP=0xfffffe43ea85fef0
CORE 6: PC=0xfffffe002eb46064, LR=0xfffffe002eb46060, FP=0xfffffe43ec643e80
CORE 7: PC=0xfffffe002eb46064, LR=0xfffffe002eb46060, FP=0xfffffe43ec547e80
CORE 8: PC=0xfffffe002ea321bc, LR=0xfffffe002ea321b8, FP=0xfffffe43eaf97ef0
CORE 9: PC=0xfffffe002eb46064, LR=0xfffffe002eb46060, FP=0xfffffe43ec393e80
CORE 10: PC=0xfffffe002ea321bc, LR=0xfffffe002ea321b8, FP=0xfffffe43ec167ef0
CORE 11: PC=0xfffffe002ea321b8, LR=0xfffffe002ea321b8, FP=0xfffffe43ec303ef0
Compressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space
Panicked task 0xfffffe20571473c8: 60 pages, 1 threads: pid 13891: b.out
Panicked thread: 0xfffffe251dbd2ff0, backtrace: 0xfffffe43ec5e3390, tid: 90020
lr: 0xfffffe002e9f8124 fp: 0xfffffe43ec5e3420
lr: 0xfffffe002eb42358 fp: 0xfffffe43ec5e3490
lr: 0xfffffe002eb4076c fp: 0xfffffe43ec5e3550
lr: 0xfffffe002e9a78cc fp: 0xfffffe43ec5e3560
lr: 0xfffffe002e9f7a18 fp: 0xfffffe43ec5e3910
lr: 0xfffffe002f1fc414 fp: 0xfffffe43ec5e3930
lr: 0xfffffe002d35b060 fp: 0xfffffe43ec5e3a00
lr: 0xfffffe002d356f18 fp: 0xfffffe43ec5e3a30
lr: 0xfffffe002ec0fc58 fp: 0xfffffe43ec5e3b20
lr: 0xfffffe002ebf7efc fp: 0xfffffe43ec5e3da0
lr: 0xfffffe002ebf8d60 fp: 0xfffffe43ec5e3df0
lr: 0xfffffe002f0180e8 fp: 0xfffffe43ec5e3e50
lr: 0xfffffe002eb408c4 fp: 0xfffffe43ec5e3f10
lr: 0xfffffe002e9a78cc fp: 0xfffffe43ec5e3f20
lr: 0xfffffe002e9a7894 fp: 0x0000000000000000
Kernel Extensions in backtrace:
io.macfuse.filesystems.macfuse.23(5.1.1)[7BC1969E-F7C0-3011-8FA8-9835A5C24519]@0xfffffe002d350000->0xfffffe002d3625ff
last started kext at 82725974636: io.macfuse.filesystems.macfuse.23 5.1.1 (addr 0xfffffe002d348000, size 6208)
loaded kexts:
io.macfuse.filesystems.macfuse.23 5.1.1
com.apple.filesystems.autofs 3.0
com.apple.driver.AppleTopCaseHIDEventDriver 7440.8
com.apple.driver.usb.AppleUSBHostBillboardDevice 1.0
com.apple.driver.CoreKDL 1
com.apple.driver.AppleBiometricServices 1
com.apple.driver.DiskImages.ReadWriteDiskImage 493.0.0
com.apple.driver.DiskImages.UDIFDiskImage 493.0.0
com.apple.driver.DiskImages.RAMBackingStore 493.0.0
com.apple.driver.DiskImages.FileBackingStore 493.0.0
com.apple.driver.BCMWLANFirmware4388.Hashstore 1
com.apple.driver.BCMWLANFirmware4387.Hashstore 1
com.apple.driver.BCMWLANFirmware4378.Hashstore 1
com.apple.driver.AppleUSBDeviceNCM 5.0.0
com.apple.driver.AppleThunderboltIP 4.0.3
com.apple.driver.AppleALSColorSensor 1.0.0d1
com.apple.driver.AppleAOPVoiceTrigger 340.42
com.apple.driver.AppleFileSystemDriver 3.0.1
com.apple.filesystems.hfs.kext 650.140.2
com.apple.security.BootPolicy 1
com.apple.BootCache 40
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.nke.l2tp 1.9
com.apple.filesystems.tmpfs 1
com.apple.filesystems.nfs 1
com.apple.filesystems.lifs 1
com.apple.filesystems.apfs 2236.141.1
com.apple.IOTextEncryptionFamily 1.0.0
com.apple.driver.AppleAVE2 760.31.1
com.apple.driver.AppleJPEGDriver 6.6.2
com.apple.driver.AppleProResHW 350.47.0
com.apple.driver.AudioDMAController-T6030 350.2
com.apple.driver.AppleSmartBatteryManager 161.0.0
com.apple.driver.AppleMobileDispT603S-DCP 140.0
com.apple.driver.SEPHibernation 1
com.apple.driver.AppleAVD 743
com.apple.AGXG15S 282.14
com.apple.driver.AppleCS42L84Audio 740.41
com.apple.driver.AppleSN012776Amp 740.41
com.apple.driver.AppleTypeCRetimer 1.0.0
com.apple.driver.ApplePMP 1
com.apple.driver.AppleSmartIO2 1
com.apple.AppleEmbeddedSimpleSPINORFlasher 1
com.apple.driver.AppleSerialShim 1
com.apple.driver.AppleT6030SOCTuner 1
com.apple.driver.AppleT6030CLPC 1
com.apple.driver.usb.AppleSynopsysUSB40XHCI 1
com.apple.driver.ApplePMPFirmware 1
com.apple.driver.AppleDPDisplayTCON 1
com.apple.driver.AppleEventLogHandler 1
com.apple.driver.AppleS5L8960XNCO 1
com.apple.driver.AppleT6030PMGR 1
com.apple.driver.AppleS8000AES 1
com.apple.driver.AppleS8000DWI 1.0.0d1
com.apple.driver.AppleInterruptControllerV3 1.0.0d1
com.apple.driver.AppleBluetoothModule 1
com.apple.driver.AppleSamsungSerial 1.0.0d1
com.apple.driver.AppleBCMWLANBusInterfacePCIe 1
com.apple.driver.AppleT8110DART 1
com.apple.driver.AppleS5L8920XPWM 1.0.0d1
com.apple.driver.AppleS5L8940XI2C 1.0.0d2
com.apple.driver.AppleSPIMC 1
com.apple.driver.AppleT6030 1
com.apple.driver.AppleSDXC 3.5.2
com.apple.driver.AppleM68Buttons 1.0.0d1
com.apple.iokit.IOUserEthernet 1.0.1
com.apple.driver.usb.AppleUSBUserHCI 1
com.apple.iokit.IOKitRegistryCompatibility 1
com.apple.iokit.EndpointSecurity 1
com.apple.driver.AppleUIO 1
com.apple.driver.AppleDiskImages2 276.120.7
com.apple.AppleSystemPolicy 2.0.0
com.apple.nke.applicationfirewall 405
com.apple.kec.InvalidateHmac 1
com.apple.kec.AppleEncryptedArchive 1
com.apple.driver.driverkit.serial 6.0.0
com.apple.iokit.IOAVBFamily 1220.1
com.apple.driver.AppleHSBluetoothDriver 7440.8
com.apple.driver.IOBluetoothHIDDriver 9.0.0
com.apple.driver.AppleActuatorDriver 7440.9
com.apple.driver.AppleMultitouchDriver 7440.9
com.apple.driver.AppleHIDKeyboard 7440.3
com.apple.driver.usb.IOUSBHostHIDDevice 1.2
com.apple.driver.usb.cdc 5.0.0
com.apple.driver.AppleUSBAudio 640.12
com.apple.iokit.IOAudioFamily 540.3
com.apple.vecLib.kext 1.2.0
com.apple.driver.AppleMesaSEPDriver 100.99
com.apple.iokit.IOBiometricFamily 1
com.apple.driver.DiskImages.KernelBacked 493.0.0
com.apple.driver.AppleXsanScheme 3
com.apple.driver.AppleUVDMDriver 1.0.0
com.apple.driver.AppleUVDM 1.0.0
com.apple.driver.usb.networking 5.0.0
com.apple.driver.AppleThunderboltPCIDownAdapter 4.1.1
com.apple.driver.AppleThunderboltUSBDownAdapter 1.0.4
com.apple.driver.AppleThunderboltDPInAdapter 8.5.1
com.apple.driver.AppleThunderboltDPAdapterFamily 8.5.1
com.apple.driver.AppleAOPAudio 340.4
com.apple.driver.AppleDCPDPTXProxy 1.0.0
com.apple.driver.DCPDPFamilyProxy 1
com.apple.filesystems.hfs.encodings.kext 1
com.apple.driver.AppleSyntheticGameController 11.6.1
com.apple.nke.ppp 1.9
com.apple.AGXFirmwareKextG15SRTBuddy 1
com.apple.AGXFirmwareKextRTBuddy64 282.14
com.apple.driver.AppleBSDKextStarter 3
com.apple.kext.triggers 1.0
com.apple.driver.AppleConvergedIPCOLYBTControl 1
com.apple.driver.AppleConvergedPCI 1
com.apple.driver.AppleBluetoothDebug 1
com.apple.driver.AppleBTM 1.0.1
com.apple.driver.IOHIDPowerSource 1
com.apple.driver.AppleCallbackPowerSource 1
com.apple.plugin.IOgPTPPlugin 1240.15
com.apple.driver.AppleStockholmControl 1.0.0
com.apple.driver.DCPAVFamilyProxy 1
com.apple.driver.AppleHPM 3.4.4
com.apple.driver.AppleH13CameraInterface 8.701.0
com.apple.driver.AppleH11ANEInterface 7.453.0
com.apple.driver.AppleSEPHDCPManager 1.0.1
com.apple.iokit.IOMobileGraphicsFamily-DCP 343.0.0
com.apple.iokit.IOMobileGraphicsFamily 343.0.0
com.apple.driver.AppleM2ScalerCSCDriver 265.0.0
com.apple.driver.AppleDCP 1
com.apple.iokit.IOGPUFamily 93.40.3
com.apple.driver.AppleTrustedAccessory 1
com.apple.iokit.AppleSEPGenericTransfer 1
com.apple.driver.AppleCSEmbeddedAudio 740.41
com.apple.driver.AppleEmbeddedAudio 740.41
com.apple.iokit.AppleARMIISAudio 340.16
com.apple.driver.IISAudioIsolatedStreamECProxy 340.16
com.apple.driver.ExclavesAudioKext 1
com.apple.driver.AppleDiagnosticDataAccessReadOnly 1.0.0
com.apple.driver.ApplePassthroughPPM 3.0
com.apple.driver.AppleUSBXDCIARM 1.0
com.apple.driver.AppleUSBXDCI 1.0
com.apple.iokit.IOUSBDeviceFamily 2.0.0
com.apple.driver.usb.AppleSynopsysUSBXHCI 1
com.apple.driver.usb.AppleUSBXHCI 1.2
com.apple.driver.AppleEmbeddedUSBHost 1
com.apple.driver.usb.AppleUSBHub 1.2
com.apple.driver.usb.AppleUSBHostCompositeDevice 1.2
com.apple.driver.AppleT8122TypeCPhy 1
com.apple.driver.AppleSPMIPMU 1.0.1
com.apple.driver.AppleDialogPMU 1.0.1
com.apple.driver.AppleSPMI 1.0.1
com.apple.driver.AppleFirmwareKit 1
com.apple.iokit.IONVMeFamily 2.1.0
com.apple.driver.AppleNANDConfigAccess 1.0.0
com.apple.driver.AppleHIDTransportFIFO 7440.1
com.apple.driver.AppleHIDTransport 7440.1
com.apple.driver.AppleSPU 1
com.apple.driver.AppleInputDeviceSupport 7440.1
com.apple.driver.AppleDockChannel 1
com.apple.driver.AppleSART 1
com.apple.driver.ApplePMGR 1
com.apple.driver.AppleA7IOP-ASCWrap-v6 1.0.2
com.apple.driver.AppleARMWatchdogTimer 1
com.apple.driver.AppleMobileApNonce 1
com.apple.driver.AppleDisplayCrossbar 1.0.0
com.apple.iokit.IODisplayPortFamily 1.0.0
com.apple.driver.AppleTypeCPhy 1
com.apple.driver.AppleThunderboltNHI 7.2.81
com.apple.driver.AppleT8122PCIeC 1
com.apple.iokit.IOThunderboltFamily 9.3.3
com.apple.iokit.IOPortFamily 1.0
com.apple.driver.ApplePIODMA 1
com.apple.driver.AppleA7IOP-MXWrap-v1 1.0.2
com.apple.driver.AppleT6030PCIe 1
com.apple.driver.AppleMultiFunctionManager 1
com.apple.driver.AppleBluetoothDebugService 1
com.apple.driver.AppleBCMWLANCore 1.0.0
com.apple.iokit.IO80211Family 1200.13.0
com.apple.driver.IOImageLoader 1.0.0
com.apple.driver.AppleOLYHAL 1
com.apple.driver.corecapture 1.0.4
com.apple.driver.AppleMCA2-T6030 840.3
com.apple.driver.AppleEmbeddedAudioLibs 340.8
com.apple.driver.AppleFirmwareUpdateKext 1
com.apple.driver.AppleGPIOICController 1.0.2
com.apple.driver.AppleEverestErrorHandler 1
com.apple.driver.AppleEmbeddedPCIE 1
com.apple.driver.usb.AppleUSBHostPacketFilter 1.0
com.apple.iokit.IOTimeSyncFamily 1240.15
com.apple.driver.DiskImages 493.0.0
com.apple.iokit.IOGraphicsFamily 598
com.apple.iokit.IOBluetoothFamily 9.0.0
com.apple.driver.AppleT6030ANEHAL 7.453.0
com.apple.driver.AppleSSE 1.0
com.apple.driver.AppleSEPKeyStore 2
com.apple.driver.AppleUSBTDM 556
com.apple.iokit.IOUSBMassStorageDriver 245
com.apple.iokit.IOPCIFamily 2.9
com.apple.iokit.IOUSBHostFamily 1.2
com.apple.driver.AppleUSBHostMergeProperties 1.2
com.apple.driver.usb.AppleUSBCommon 1.0
com.apple.driver.AppleSMC 3.1.9
com.apple.driver.RTBuddy 1.0.0
com.apple.driver.AppleEmbeddedTempSensor 1.0.0
com.apple.driver.AppleARMPMU 1.0
com.apple.iokit.IOAccessoryManager 1.0.0
com.apple.driver.AppleOnboardSerial 1.0
com.apple.iokit.IOSerialFamily 11
com.apple.iokit.IOSCSIBlockCommandsDevice 495
com.apple.iokit.IOSCSIArchitectureModelFamily 495
com.apple.driver.AppleRSMChannel 1
com.apple.iokit.IORSMFamily 1
com.apple.driver.AppleLockdownMode 1
com.apple.driver.AppleIPAppender 1.0
com.apple.iokit.IOSkywalkFamily 1.0
com.apple.driver.mDNSOffloadUserClient 1.0.1b8
com.apple.iokit.IONetworkingFamily 3.4
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleEffaceableStorage 1.0
com.apple.driver.AppleCredentialManager 1.0
com.apple.driver.AppleSEPManager 1.0.1
com.apple.driver.IODARTFamily 1
com.apple.driver.AppleA7IOP 1.0.2
com.apple.driver.IOSlaveProcessor 1
com.apple.driver.AppleBiometricSensor 2
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.AUC 1.0
com.apple.iokit.IOSurface 352.50.1
com.apple.iokit.IOAVFamily 1.0.0
com.apple.iokit.IOHDCPFamily 1.0.0
com.apple.iokit.IOCECFamily 1
com.apple.iokit.IOAudio2Family 1.0
com.apple.driver.AppleIISController 340.1
com.apple.driver.AppleAudioClockLibs 340.8
com.apple.driver.FairPlayIOKit 71.10.0
com.apple.driver.AppleARMPlatform 1.0.2
com.apple.iokit.IOSlowAdaptiveClockingFamily 1.0.0
com.apple.iokit.IOReportFamily 47
com.apple.security.quarantine 4
com.apple.security.sandbox 300.0
com.apple.iokit.IOStorageFamily 2.1
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.AppleMobileFileIntegrity 1.0.5
com.apple.iokit.CoreAnalyticsFamily 1
com.apple.security.AppleImage4 6.3.0
com.apple.kext.CoreTrust 1
com.apple.iokit.IOCryptoAcceleratorFamily 1.0.1
com.apple.kec.pthread 1
com.apple.kec.Libm 1
com.apple.kec.Compression 1.0
com.apple.kec.corecrypto 14.0
** Stackshot Succeeded ** Bytes Traced 500769 (Uncompressed 1288800) **
Steps to reproduce:
- Compile a dummy in-memory FUSE implementation:
clang -o memfs main.c -lfuse -D_FILE_OFFSET_BITS=64
main.c
#define FUSE_USE_VERSION 31
#include <fuse.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#define MAX_FILES 100
#define MAX_FILENAME 256
#define MAX_CONTENT 65536
struct file_entry {
char name[MAX_FILENAME];
char content[MAX_CONTENT];
int size;
};
struct file_entry files[MAX_FILES];
int file_count = 0;
static int memfs_getattr(const char *path, struct stat *stbuf) {
memset(stbuf, 0, sizeof(struct stat));
if (strcmp(path, "/") == 0) {
stbuf->st_mode = S_IFDIR | 0755;
stbuf->st_nlink = 2;
} else {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0) {
stbuf->st_mode = S_IFREG | 0666;
stbuf->st_nlink = 1;
stbuf->st_size = files[i].size;
return 0;
}
}
return -ENOENT;
}
return 0;
}
static int memfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
off_t offset, struct fuse_file_info *fi) {
if (strcmp(path, "/") != 0)
return -ENOENT;
filler(buf, ".", NULL, 0);
filler(buf, "..", NULL, 0);
for (int i = 0; i < file_count; i++) {
filler(buf, files[i].name, NULL, 0);
}
return 0;
}
static int memfs_open(const char *path, struct fuse_file_info *fi) {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0)
return 0;
}
return -ENOENT;
}
static int memfs_read(const char *path, char *buf, size_t size, off_t offset,
struct fuse_file_info *fi) {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0) {
if (offset >= files[i].size)
return 0;
size_t len = files[i].size - offset;
if (size < len)
len = size;
memcpy(buf, files[i].content + offset, len);
return len;
}
}
return -ENOENT;
}
static int memfs_write(const char *path, const char *buf, size_t size,
off_t offset, struct fuse_file_info *fi) {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0) {
if (offset + size > MAX_CONTENT)
return -EFBIG;
memcpy(files[i].content + offset, buf, size);
files[i].size = offset + size;
return size;
}
}
return -ENOENT;
}
static int memfs_create(const char *path, mode_t mode, struct fuse_file_info *fi) {
if (file_count >= MAX_FILES)
return -ENOSPC;
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0)
return 0; // already exists
}
strcpy(files[file_count].name, path + 1);
files[file_count].size = 0;
file_count++;
return 0;
}
static int memfs_unlink(const char *path) {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0) {
for (int j = i; j < file_count - 1; j++)
files[j] = files[j + 1];
file_count--;
return 0;
}
}
return -ENOENT;
}
static int memfs_truncate(const char *path, off_t size) {
int i;
for (i = 0; i < file_count; i++) {
if (strcmp(files[i].name, path + 1) == 0) {
if (size > MAX_CONTENT)
return -EFBIG;
files[i].size = size;
return 0;
}
}
return -ENOENT;
}
static int memfs_ftruncate(const char *path, off_t size, struct fuse_file_info *fi) {
return memfs_truncate(path, size);
}
static struct fuse_operations memfs_oper = {
.getattr = memfs_getattr,
.readdir = memfs_readdir,
.open = memfs_open,
.read = memfs_read,
.write = memfs_write,
.create = memfs_create,
.unlink = memfs_unlink,
.truncate = memfs_truncate,
.ftruncate = memfs_ftruncate,
};
int main(int argc, char *argv[]) {
return fuse_main(argc, argv, &memfs_oper, NULL);
}
-
Mount it:
./memfs panic-mount -o allow_other -o umask=000 -
Compile the test program:
clang panic.cpp -o panic-mount/panic.out
panic.cpp
#include <cstdio>
#include <fcntl.h>
#include <unistd.h>
int main(int argc, char* argv[]) {
if (argc < 2) {
fprintf(stderr, "Usage: %s <file_path>\n", argv[0]);
return 1;
}
const char* path = argv[1];
int fd = open(path, O_EXEC | O_CLOEXEC, 0);
if (fd == -1) {
perror("Error opening file");
return 1;
}
close(fd);
return 0;
}
- Trigger the Kernel Panic:
cd panic-mount && ./panic.out panic.out
Thanks for your help
Metadata
Metadata
Assignees
Labels
No labels