Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Mar 2019 01:57:45 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 236381] [FUSE] EFAULT and possible data corruption with short writes
Message-ID:  <bug-236381-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236381

            Bug ID: 236381
           Summary: [FUSE] EFAULT and possible data corruption with short
                    writes
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

Normally fuse filesystems are required to always write the exact amount of =
data
requested by a FUSE_WRITE operation.  However, if the filesystem sets
FOPEN_DIRECT_IO in the response to a FUSE_OPEN request, then it is allowed =
to
write less data than was requested.  In that case, the client will likely w=
ant
to write the remainder of the data.

The problem is that fuse_write_directbackend doesn't correctly account for =
the
short write.  It correctly detects a short write, and tries to "rewind" the=
 uio
by adjusting its uio_resid and uio_offset fields.  However, it neglects to
rewind the uio_iov field.  In fact, it will not always be possible to rewind
the uio_iov, because uiomove may have incremented the uio_iov pointer.  I s=
ee
two possible solutions:

1) Add a second inner loop to fuse_write_directbackend.  The inner loop will
handle short writes, and will get its data from the fdi buffer.  uiomove wi=
ll
not be called again.  In addition to fixing the bug, this method will also =
be
more efficient than current code, because it won't copy data across the
user-kernel boundary multiple times.

2) Don't try to make up for short writes.  Simply return to userland.  This
would probably be more in the spirit of direct_io.  However,
fuse_write_directbackend can have many different callers, and it might not =
be
appropriate for all of them.  In particular, fuse(4) currently doesn't
accurately track whether the filesystem requested FOPEN_DIRECT_IO.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236381-227>