| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJnrk1bjxyUw58WyiwsyBcJ0CcsBJZKNkcm_U+A+2KSmNqvjyQ@mail.gmail.com>
Date: Wed, 14 Jan 2026 10:41:07 -0800
From: Joanne Koong <joannelkoong@...il.com>
To: Jingbo Xu <jefflexu@...ux.alibaba.com>
Cc: miklos@...redi.hu, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, horst@...thelmer.de,
joseph.qi@...ux.alibaba.com
Subject: Re: [PATCH v2] fuse: fix premature writetrhough request for large folio
On Wed, Jan 14, 2026 at 4:45 AM Jingbo Xu <jefflexu@...ux.alibaba.com> wrote:
>
> When large folio is enabled and the initial folio offset exceeds
> PAGE_SIZE, e.g. the position resides in the second page of a large
> folio, after the folio copying the offset (in the page) won't be updated
> to 0 even though the expected range is successfully copied until the end
> of the folio. In this case fuse_fill_write_pages() exits prematurelly
> before the request has reached the max_write/max_pages limit.
>
> Fix this by eliminating page offset entirely and use folio offset
> instead.
>
> Fixes: d60a6015e1a2 ("fuse: support large folios for writethrough writes")
> Cc: stable@...r.kernel.org
This should not need the stable tag or any backports. The bug cannot
trigger until the future patch for turning on large folios lands.
> Reviewed-by: Horst Birthelmer <hbirthelmer@....com>
> Signed-off-by: Jingbo Xu <jefflexu@...ux.alibaba.com>
This LGTM, thanks for spotting this.
Reviewed-by: Joanne Koong <joannelkoong@...il.com>
Btw, are your prod systems running fuse with large folios enabled? If
so, are your servers using writeback caching too?
Thanks,
Joanne
> ---
> changes since v1:
> - add Reviewed-by tag (Horst)
>
> v1: https://yhbt.net/lore/all/20260114055615.17903-1-jefflexu@linux.alibaba.com/
> ---
> fs/fuse/file.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 625d236b881b..6aafb32338b6 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -1272,7 +1272,6 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
> {
> struct fuse_args_pages *ap = &ia->ap;
> struct fuse_conn *fc = get_fuse_conn(mapping->host);
> - unsigned offset = pos & (PAGE_SIZE - 1);
> size_t count = 0;
> unsigned int num;
> int err = 0;
> @@ -1299,7 +1298,7 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
> if (mapping_writably_mapped(mapping))
> flush_dcache_folio(folio);
>
> - folio_offset = ((index - folio->index) << PAGE_SHIFT) + offset;
> + folio_offset = offset_in_folio(folio, pos);
> bytes = min(folio_size(folio) - folio_offset, num);
>
> tmp = copy_folio_from_iter_atomic(folio, folio_offset, bytes, ii);
> @@ -1329,9 +1328,6 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
> count += tmp;
> pos += tmp;
> num -= tmp;
> - offset += tmp;
> - if (offset == folio_size(folio))
> - offset = 0;
>
> /* If we copied full folio, mark it uptodate */
> if (tmp == folio_size(folio))
> @@ -1343,7 +1339,9 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
> ia->write.folio_locked = true;
> break;
> }
> - if (!fc->big_writes || offset != 0)
> + if (!fc->big_writes)
> + break;
> + if (folio_offset + tmp != folio_size(folio))
> break;
> }
>
> --
> 2.19.1.6.gb485710b
>
Powered by blists - more mailing lists