From nobody Sat Aug 20 01:00:22 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M8gK23Ms2z4YhCc; Sat, 20 Aug 2022 01:00:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M8gK22nnhz45k7; Sat, 20 Aug 2022 01:00:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660957222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BMHZnm/CWhdQVC2GvXoWjcgpijOKSgPauq9F8j0HPBU=; b=Lq2CWP3x5mMUpy8NQtGZAQ9jKz7gYMBQu9H9qkwHH5wFC4L81lG1rS/E/5ZR0yfbV8kXMK Lq+esRfnI9bTqIRkE4sGed2GUUpYd7mtNg4m7Guh4qTVTrTschJZAqJCOrYe3CYmZpIlZn l85YwLC7w7eIB+xqDQ0XleinFy+kC3rfgLS1jQGAUfHCqNxjDjW+j8tYkm4VLOymx+yyZy x2RWWfubVrZYFdhkn+wV6c2ftSCfOz8SC1+Suy9WDxc6cGEVC95D/KAXPZN86Ebq616VzW YbPUTEZThXsWAfkspXyVHKOynLyOAb4bx+LB9sL/ECtXbOQnO+ika6rX0mkUFw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M8gK21rN4z1CbD; Sat, 20 Aug 2022 01:00:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27K10MxF090628; Sat, 20 Aug 2022 01:00:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27K10MKG090627; Sat, 20 Aug 2022 01:00:22 GMT (envelope-from git) Date: Sat, 20 Aug 2022 01:00:22 GMT Message-Id: <202208200100.27K10MKG090627@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: 3a5ccf21b2aa - stable/12 - fusefs: correctly handle servers that report too much data written List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 3a5ccf21b2aa27f51451b40be7388f671595d36a Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660957222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BMHZnm/CWhdQVC2GvXoWjcgpijOKSgPauq9F8j0HPBU=; b=QXcFc/cWErEtP6NWRSnZnLfRWiPK2dSXTjYNmIqGEHJAAF9MKaeWe0ju3a/grmwWoNPwU5 UA4BA29ExR4sKhxPmHh2zE8NX41ND2MDko3s/6nAqj87M9QzsDMGt+LtWZEZQXbBUyrbw7 IjLqHp3caN1L/Vq6g/d/vPqtNVuDIf5RmnITZp3rwbdOYPTIXjOEhMvxiOJo8gdLFq6A02 53vaWHq7ie71/VIcZuYlBXnYcnqUmEt0vR95LaErN0Za6SSM8Z8muUbU04lcXBFNo8KC1d D092kxWfMjrpJC7PqoVTZ3/8F6WVYAnw7P9BtXeWy88/G2bQ6k4gz5T39F250A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660957222; a=rsa-sha256; cv=none; b=M+rO1s73JbCPJ8wcIGKQehep++xt3D+fzi+Po0rqadNc45y9lN1J5bfU/EQDxmT+FT6c/P Y5sG184YKOVTafPMjbHtzhIRf7YW/XwiBv8mGmOksPbRbB+ejx97T/Rmfw0ESiNfGisawI WpcfUDqSugM1UEy97wo7G9X6ATM52m8LQWlgKUWR/XRLfOWkCYcVfQQqI15y5GSsUXGIx3 kSd/tJc+U1xMmRlM+Cv07UIEE5OiIMt8B0vhflokXxwRDHEQ0chfuP4/OHrKBPGykTWc4X M5T/TIkv3cO68rwI5SwqSLQQo8kUdMZwZtXxmRLIZub23tbqlj4qH2t/Am/XaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=3a5ccf21b2aa27f51451b40be7388f671595d36a commit 3a5ccf21b2aa27f51451b40be7388f671595d36a Author: Alan Somers AuthorDate: 2022-04-18 23:03:53 +0000 Commit: Alan Somers CommitDate: 2022-08-20 00:55:25 +0000 fusefs: correctly handle servers that report too much data written During a FUSE_WRITE, the kernel requests the server to write a certain amount of data, and the server responds with the amount that it actually did write. It is obviously an error for the server to write more than it was provided, and we always treated it as such, but there were two problems: * If the server responded with a huge amount, greater than INT_MAX, it would trigger an integer overflow which would cause a panic. * When extending the file, we wrongly set the file's size before validing the amount written. PR: 263263 Reported by: Robert Morris Sponsored by: Axcient Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D34955 (cherry picked from commit 3a1b3c6a1e68063330e897a5a5c94518edae4a3b) --- sys/fs/fuse/fuse_io.c | 18 ++++++++----- tests/sys/fs/fusefs/write.cc | 61 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 6 deletions(-) diff --git a/sys/fs/fuse/fuse_io.c b/sys/fs/fuse/fuse_io.c index 8f1adac124c3..23a602df2345 100644 --- a/sys/fs/fuse/fuse_io.c +++ b/sys/fs/fuse/fuse_io.c @@ -606,8 +606,19 @@ retry: fwo = ((struct fuse_write_out *)fdi.answ); + if (fwo->size > fwi->size) { + fuse_warn(data, FSESS_WARN_WROTE_LONG, + "wrote more data than we provided it."); + /* This is bonkers. Clear attr cache. */ + fvdat->flag &= ~FN_SIZECHANGE; + fuse_vnode_clear_attr_cache(vp); + err = EINVAL; + break; + } + /* Adjust the uio in the case of short writes */ diff = fwi->size - fwo->size; + as_written_offset = uio->uio_offset - diff; if (as_written_offset - diff > filesize) { @@ -617,12 +628,7 @@ retry: if (as_written_offset - diff >= filesize) fvdat->flag &= ~FN_SIZECHANGE; - if (diff < 0) { - fuse_warn(data, FSESS_WARN_WROTE_LONG, - "wrote more data than we provided it."); - err = EINVAL; - break; - } else if (diff > 0) { + if (diff > 0) { /* Short write */ if (!direct_io) { fuse_warn(data, FSESS_WARN_SHORT_WRITE, diff --git a/tests/sys/fs/fusefs/write.cc b/tests/sys/fs/fusefs/write.cc index 3654a063b765..3cc7b5c1b41e 100644 --- a/tests/sys/fs/fusefs/write.cc +++ b/tests/sys/fs/fusefs/write.cc @@ -397,6 +397,67 @@ TEST_F(Write, indirect_io_short_write) leak(fd); } +/* It is an error if the daemon claims to have written more data than we sent */ +TEST_F(Write, indirect_io_long_write) +{ + const char FULLPATH[] = "mountpoint/some_file.txt"; + const char RELPATH[] = "some_file.txt"; + const char *CONTENTS = "abcdefghijklmnop"; + uint64_t ino = 42; + int fd; + ssize_t bufsize = strlen(CONTENTS); + ssize_t bufsize_out = 100; + off_t some_other_size = 25; + struct stat sb; + + expect_lookup(RELPATH, ino, 0); + expect_open(ino, 0, 1); + expect_write(ino, 0, bufsize, bufsize_out, CONTENTS); + expect_getattr(ino, some_other_size); + + fd = open(FULLPATH, O_WRONLY); + ASSERT_LE(0, fd) << strerror(errno); + + ASSERT_EQ(-1, write(fd, CONTENTS, bufsize)) << strerror(errno); + ASSERT_EQ(EINVAL, errno); + + /* + * Following such an error, we should requery the server for the file's + * size. + */ + fstat(fd, &sb); + ASSERT_EQ(sb.st_size, some_other_size); + + leak(fd); +} + +/* + * Don't crash if the server returns a write that can't be represented as a + * signed 32 bit number. Regression test for + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263263 + */ +TEST_F(Write, indirect_io_very_long_write) +{ + const char FULLPATH[] = "mountpoint/some_file.txt"; + const char RELPATH[] = "some_file.txt"; + const char *CONTENTS = "abcdefghijklmnop"; + uint64_t ino = 42; + int fd; + ssize_t bufsize = strlen(CONTENTS); + ssize_t bufsize_out = 3 << 30; + + expect_lookup(RELPATH, ino, 0); + expect_open(ino, 0, 1); + expect_write(ino, 0, bufsize, bufsize_out, CONTENTS); + + fd = open(FULLPATH, O_WRONLY); + ASSERT_LE(0, fd) << strerror(errno); + + ASSERT_EQ(-1, write(fd, CONTENTS, bufsize)) << strerror(errno); + ASSERT_EQ(EINVAL, errno); + leak(fd); +} + /* * When the direct_io option is used, filesystems are allowed to write less * data than requested. We should return the short write to userland.