lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <03d69c33-e7c9-4160-890f-3b7f65de37d5@linux.alibaba.com>
Date: Wed, 14 Jan 2026 17:05:51 +0800
From: Jingbo Xu <jefflexu@...ux.alibaba.com>
To: Horst Birthelmer <horst@...thelmer.de>
Cc: miklos@...redi.hu, joannelkoong@...il.com, linux-fsdevel@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ak: fuse: fix premature writetrhough request for large
 folio



On 1/14/26 4:58 PM, Horst Birthelmer wrote:
> 
> Hi Jingbo,
> 
> On Wed, Jan 14, 2026 at 01:56:15PM +0800, Jingbo Xu wrote:
>> When large folio is enabled and the initial folio offset exceeds
>> PAGE_SIZE, e.g. the position resides in the second page of a large
>> folio, after the folio copying the offset (in the page) won't be updated
>> to 0 even though the expected range is successfully copied until the end
>> of the folio.  In this case fuse_fill_write_pages() exits prematurelly
>> before the request has reached the max_write/max_pages limit.
>>
>> Fix this by eliminating page offset entirely and use folio offset
>> instead.
>>
>> Fixes: d60a6015e1a2 ("fuse: support large folios for writethrough writes")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Jingbo Xu <jefflexu@...ux.alibaba.com>
>> ---
>>  fs/fuse/file.c | 10 ++++------
>>  1 file changed, 4 insertions(+), 6 deletions(-)
>>
>> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
>> index 625d236b881b..6aafb32338b6 100644
>> --- a/fs/fuse/file.c
>> +++ b/fs/fuse/file.c
>> @@ -1272,7 +1272,6 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
>>  {
>>  	struct fuse_args_pages *ap = &ia->ap;
>>  	struct fuse_conn *fc = get_fuse_conn(mapping->host);
>> -	unsigned offset = pos & (PAGE_SIZE - 1);
>>  	size_t count = 0;
>>  	unsigned int num;
>>  	int err = 0;
>> @@ -1299,7 +1298,7 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
>>  		if (mapping_writably_mapped(mapping))
>>  			flush_dcache_folio(folio);
>>  
>> -		folio_offset = ((index - folio->index) << PAGE_SHIFT) + offset;
>> +		folio_offset = offset_in_folio(folio, pos);
>>  		bytes = min(folio_size(folio) - folio_offset, num);
>>  
>>  		tmp = copy_folio_from_iter_atomic(folio, folio_offset, bytes, ii);
>> @@ -1329,9 +1328,6 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
>>  		count += tmp;
>>  		pos += tmp;
>>  		num -= tmp;
>> -		offset += tmp;
>> -		if (offset == folio_size(folio))
>> -			offset = 0;
>>  
>>  		/* If we copied full folio, mark it uptodate */
>>  		if (tmp == folio_size(folio))
>> @@ -1343,7 +1339,9 @@ static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,
>>  			ia->write.folio_locked = true;
>>  			break;
>>  		}
>> -		if (!fc->big_writes || offset != 0)
>> +		if (!fc->big_writes)
>> +			break;
>> +		if (folio_offset + tmp != folio_size(folio))
>>  			break;
>>  	}
>>  
>> -- 
>> 2.19.1.6.gb485710b
>>
>>
> 
> 
> I think this might have been an oversight when moving from pages to folios.
> 
> Reviewed-by: Horst Birthelmer <hbirthelmer@....com>

Right, it's not triggered until large folio is enabled.

Thanks for the review :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ