On Tue, Apr 9, 2019 at 12:01 AM Antonio SJ Musumeci <trapexit@xxxxxxxxxx> wrote:
>
> I had a user of my FUSE based filesystem report corruption while using
> an app which used mmap for file IO on a Raspberry Pi 3B. Files would
> be corrupted only if greater than 4GB. I replicated the behavior with
> a simple test app[0] on a RPi2 using the latest Raspbian (Linux
> raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l
> GNU/Linux) and i686 Debian 9 in a VM (Linux debian 4.9.0-8-686 #1 SMP
> Debian 4.9.144-3.1 (2019-02-19) i686 GNU/Linux).
>
> What appears to happen is that after the offset reaches (st_size &
> 0xFFFFFFFF) bytes the FUSE server no longer receives write requests
> for modified pages. If the file size is exactly 4GB it won't ever
> receive a write. Reads still come in for all addresses and there are
> no errors on the client's side.
Hi,
Thanks for the report.
The attached patch almost certainly should fix this, but I've not
tested due to the extra effort needed for 32bit kernel testing.
If you can easily test it, than that would be good, otherwise I'll
just queue the patch as being obviously correct and likely fixing the
bug as well.
Thanks,
Miklos
From: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Subject: fuse: fix writepages on 32bit
Writepage requests were cropped to i_size & 0xffffffff, which meant that
mmaped writes to any file larger than 4G might be silently discarded.
Fix by storing the file size in a properly sized variable (loff_t instead
of size_t).
Reported-by: Antonio SJ Musumeci <trapexit@xxxxxxxxxx>
Fixes: 6eaf4782eb09 ("fuse: writepages: crop secondary requests")
Cc: <stable@xxxxxxxxxxxxxxx> # v3.13
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
---
fs/fuse/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1586,7 +1586,7 @@ __acquires(fi->lock)
{
struct fuse_conn *fc = get_fuse_conn(inode);
struct fuse_inode *fi = get_fuse_inode(inode);
- size_t crop = i_size_read(inode);
+ loff_t crop = i_size_read(inode);
struct fuse_req *req;
while (fi->writectr >= 0 && !list_empty(&fi->queued_writes)) {
