Page MenuHomeFreeBSD

fusefs: correctly handle servers that report too much data written
ClosedPublic

Authored by asomers on Apr 18 2022, 11:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jan 9, 8:23 PM
Unknown Object (File)
Thu, Jan 9, 8:22 PM
Unknown Object (File)
Thu, Jan 9, 8:22 PM
Unknown Object (File)
Thu, Jan 9, 2:33 PM
Unknown Object (File)
Oct 30 2024, 5:37 AM
Unknown Object (File)
Oct 30 2024, 5:37 AM
Unknown Object (File)
Oct 30 2024, 5:37 AM
Unknown Object (File)
Oct 30 2024, 5:16 AM
Subscribers

Details

Summary

During a FUSE_WRITE, the kernel requests the server to write a certain
amount of data, and the server responds with the amount that it actually
did write. It is obviously an error for the server to write more than
it was provided, and we always treated it as such, but there were two
problems:

  • If the server responded with a huge amount, greater than INT_MAX, it would trigger an integer overflow which would cause a panic.
  • When extending the file, we wrongly set the file's size before validing the amount written.

PR: 263263
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 2 weeks
Sponsored by: Axcient

Test Plan

test cases added

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45218
Build 42106: arc lint + arc unit