Date: Fri, 08 Mar 2019 01:57:45 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236381] [FUSE] EFAULT and possible data corruption with short writes Message-ID: <bug-236381-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236381 Bug ID: 236381 Summary: [FUSE] EFAULT and possible data corruption with short writes Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org Normally fuse filesystems are required to always write the exact amount of = data requested by a FUSE_WRITE operation. However, if the filesystem sets FOPEN_DIRECT_IO in the response to a FUSE_OPEN request, then it is allowed = to write less data than was requested. In that case, the client will likely w= ant to write the remainder of the data. The problem is that fuse_write_directbackend doesn't correctly account for = the short write. It correctly detects a short write, and tries to "rewind" the= uio by adjusting its uio_resid and uio_offset fields. However, it neglects to rewind the uio_iov field. In fact, it will not always be possible to rewind the uio_iov, because uiomove may have incremented the uio_iov pointer. I s= ee two possible solutions: 1) Add a second inner loop to fuse_write_directbackend. The inner loop will handle short writes, and will get its data from the fdi buffer. uiomove wi= ll not be called again. In addition to fixing the bug, this method will also = be more efficient than current code, because it won't copy data across the user-kernel boundary multiple times. 2) Don't try to make up for short writes. Simply return to userland. This would probably be more in the spirit of direct_io. However, fuse_write_directbackend can have many different callers, and it might not = be appropriate for all of them. In particular, fuse(4) currently doesn't accurately track whether the filesystem requested FOPEN_DIRECT_IO. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236381-227>