Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2197750/?format=api
{ "id": 2197750, "url": "http://patchwork.ozlabs.org/api/patches/2197750/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218132633.29748-15-hreitz@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260218132633.29748-15-hreitz@redhat.com>", "list_archive_url": null, "date": "2026-02-18T13:26:23", "name": "[v4,14/24] fuse: Explicitly handle non-grow post-EOF accesses", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "1bf702ab197a0b6bc32569c338c7bf5027f93bab", "submitter": { "id": 82279, "url": "http://patchwork.ozlabs.org/api/people/82279/?format=api", "name": "Hanna Czenczek", "email": "hreitz@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218132633.29748-15-hreitz@redhat.com/mbox/", "series": [ { "id": 492547, "url": "http://patchwork.ozlabs.org/api/series/492547/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=492547", "date": "2026-02-18T13:26:09", "name": "export/fuse: Use coroutines and multi-threading", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/492547/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2197750/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2197750/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=TkoyQ7MM;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=TRm1va/O;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGHYy3NzYz1xvq\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 19 Feb 2026 00:35:02 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vshfk-0004NE-VH; Wed, 18 Feb 2026 08:32:56 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <hreitz@redhat.com>) id 1vshfc-0004An-C1\n for qemu-devel@nongnu.org; Wed, 18 Feb 2026 08:32:48 -0500", "from us-smtp-delivery-124.mimecast.com ([170.10.129.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <hreitz@redhat.com>) id 1vshfT-0005lZ-7j\n for qemu-devel@nongnu.org; Wed, 18 Feb 2026 08:32:48 -0500", "from mail-wm1-f72.google.com (mail-wm1-f72.google.com\n [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-212-TaHz-W2QOxa_4eWltVvVwA-1; Wed, 18 Feb 2026 08:27:20 -0500", "by mail-wm1-f72.google.com with SMTP id\n 5b1f17b1804b1-4836cc0b38eso37897185e9.2\n for <qemu-devel@nongnu.org>; Wed, 18 Feb 2026 05:27:20 -0800 (PST)", "from localhost\n (p200300cfd737d029edef7b8da7441ac2.dip0.t-ipconnect.de.\n [2003:cf:d737:d029:edef:7b8d:a744:1ac2])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43796abc85csm41619785f8f.22.2026.02.18.05.27.16\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 18 Feb 2026 05:27:17 -0800 (PST)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1771421555;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=/6wY9hvfJ1eIlvKpdImFzHfK6DZcwfCljnWmU410eEo=;\n b=TkoyQ7MMKMc/Z8Hth3a5ilkp5LOmV+g0A/ob7ghqovZ70/D6+xO6oCUJXvIeY4MC812B35\n YgERPkVokdMW4AHsBUBraE99uGDakbVsg2WbIOKk7SPqZHGss2qS5fY7I5xwJWjI56azJs\n 1ZSxdZu5T6pP40ArTIVTElIT87CVrQE=", "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1771421239; x=1772026039; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=/6wY9hvfJ1eIlvKpdImFzHfK6DZcwfCljnWmU410eEo=;\n b=TRm1va/OQyke6Olh1Wym7Cpp1wftOdbNXLiYHk1/qVuwzxBCGqV3Gy15N8nhqkUHXA\n WvscdX2vXzyR0KWasuYxjtnOzQlasO+YLhUeY4wLlCMIcwRyoqbg6TAQAMThZCxmyprW\n gq0oB+xc8lWYNA/wes9GUQmIhfIAXDYvIQp5WX1h8pD3Rs1x9CCoU3xcGZjKt2Xr7/Ld\n Wc6Gg/V2DQfRzXyRs6lco8AL3EfJKPnYw07O6DSSSTTA6s79eRP8TdkSkHZPqF2GrYTS\n Zrcwsz1qtcjJeTM1WlzvrcXvkDkM/wEr0CNFsjoSJXrelI/hUyw8IfhzDndxUIQeoE6K\n fXSw==" ], "X-MC-Unique": "TaHz-W2QOxa_4eWltVvVwA-1", "X-Mimecast-MFC-AGG-ID": "TaHz-W2QOxa_4eWltVvVwA_1771421239", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1771421239; x=1772026039;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=/6wY9hvfJ1eIlvKpdImFzHfK6DZcwfCljnWmU410eEo=;\n b=CWGk3P8SQQbiIoBY1laUwH9TFGDl8Q8vloBrvvR5DwVj4zhtjybkwzzl8iSCt8fCoD\n Y9wL26ajUQTkko3B7IPztBmNmdUYkuLYhqC5Z5tqS2rlT6i3rhxLyNCozMBCd/5OxAbw\n pbRxLlee7IXu97nvdL6Sw+riFJ+sNtgjXh2R8gLDrASwIPq0YtO8PhNm//7t25e8TN60\n f1JxU/W6LyftwzNEcDkymPBifsFChiOwJzVPE9+eBT/3E9wh5v8empzvEsa5L4xRlSHC\n 9csPtoFFMKaLNzSkPRmA15fvQn/ogH3IUyxkLlBSCo08so/59+osvVEmnDkB4yDXnb+i\n pUQg==", "X-Gm-Message-State": "AOJu0Ywbzb9rssK2ZNtvwEe1rSgifg/Qw3l5ttSjG4/eyY5XW5YuY9ST\n moKq4v6WZVdcEykXyiXI9wkhKs9I7fFv+MB5DdcF6i9PIRt4u0JmC1Rn3OIxpIlISkJDbEIboRb\n cu4L7p/OHhU1RQ+NhTmQyvPp+jx33KiucDZ+dBzBJKVgFr8R0Se319mAo", "X-Gm-Gg": "AZuq6aJWPIBL2B/YrlMHD7O1INdu2ychNmHRht5mfBjrr72HTC9sC14m/I5FtGgNK/r\n izWmoKs602XkU27E5j0263JB4ORPsSIZz03fMzsbC/dBFfeu2vx+RRiAjGCfuAJiDqD6koiUGya\n ryTmvef6wxAEYILVw24+LYh643vQZhg/t5k8aJI+v8+DzKX+PKQ0K4QmQnxISSRiaFtVgEIJ+Xy\n RyBd0SQJTpz/WEP89lzZ5DfhLQ9cH/J4r3vKCBXh2ZpU2tDTX9vK/T86XZS25TfzW0UlKCCWYtN\n pXp05ig4ZY395gxQCOkPiqDynFzid2NBOegSbWCCqqcnNs/h6udLAoJxLSJ1La+HdmKx9/WxXAP\n EbiGGQMLRQ4hlYRVHucuqKHoeUAb1f8qfytYzosaZcdsGvH1JkCBjeeihAyRDYKtsP6MyTL1M6C\n EaDJ+j", "X-Received": [ "by 2002:a05:600c:871b:b0:483:7783:5382 with SMTP id\n 5b1f17b1804b1-48398ae5e18mr33799315e9.27.1771421239358;\n Wed, 18 Feb 2026 05:27:19 -0800 (PST)", "by 2002:a05:600c:871b:b0:483:7783:5382 with SMTP id\n 5b1f17b1804b1-48398ae5e18mr33798785e9.27.1771421238797;\n Wed, 18 Feb 2026 05:27:18 -0800 (PST)" ], "From": "Hanna Czenczek <hreitz@redhat.com>", "To": "qemu-block@nongnu.org", "Cc": "qemu-devel@nongnu.org, Hanna Czenczek <hreitz@redhat.com>,\n Kevin Wolf <kwolf@redhat.com>, Brian Song <hibriansong@gmail.com>", "Subject": "[PATCH v4 14/24] fuse: Explicitly handle non-grow post-EOF accesses", "Date": "Wed, 18 Feb 2026 14:26:23 +0100", "Message-ID": "<20260218132633.29748-15-hreitz@redhat.com>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260218132633.29748-1-hreitz@redhat.com>", "References": "<20260218132633.29748-1-hreitz@redhat.com>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=170.10.129.124; envelope-from=hreitz@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "When reading to / writing from non-growable exports, we cap the I/O size\nby `offset - blk_len`. This will underflow for accesses that are\ncompletely past the disk end.\n\nCheck and handle that case explicitly.\n\nThis is also enough to ensure that `offset + size` will not overflow;\nblk_len is int64_t, offset is uint32_t, `offset < blk_len`, so from\n`INT64_MAX + UINT32_MAX < UINT64_MAX` it follows that `offset + size`\ncannot overflow.\n\nJust one catch: We have to allow write accesses to growable exports past\nthe EOF, so then we cannot rely on `offset < blk_len`, but have to\nverify explicitly that `offset + size` does not overflow.\n\nThe negative consequences of not having this commit are luckily limited\nbecause blk_pread() and blk_pwrite() will reject post-EOF requests\nanyway, so a `size` underflow post-EOF will just result in an I/O error.\nSo:\n- Post-EOF reads will incorrectly result in I/O errors instead of just\n 0-length reads. We will also attempt to allocate a very large buffer,\n which is wrong and not good, but not terrible.\n- Post-EOF writes on non-growable exports will result in I/O errors\n instead of 0-length writes (which generally indicate ENOSPC).\n- Post-EOF writes on growable exports can theoretically overflow on EOF\n and truncate the export down to a much too small size, but in\n practice, FUSE will never send an offset greater than signed INT_MAX,\n preventing a uint64_t overflow. (fuse_write_args_fill() in the kernel\n uses loff_t for the offset, which is signed.)\n\nSigned-off-by: Hanna Czenczek <hreitz@redhat.com>\n---\n block/export/fuse.c | 20 +++++++++++++++++++-\n tests/qemu-iotests/308 | 35 ++++++++++++++++++++++++++++++-----\n tests/qemu-iotests/308.out | 10 ++++++++++\n 3 files changed, 59 insertions(+), 6 deletions(-)", "diff": "diff --git a/block/export/fuse.c b/block/export/fuse.c\nindex d45c6b814f..af0a8de17b 100644\n--- a/block/export/fuse.c\n+++ b/block/export/fuse.c\n@@ -657,6 +657,16 @@ static void fuse_read(fuse_req_t req, fuse_ino_t inode,\n return;\n }\n \n+ if (offset >= blk_len) {\n+ /*\n+ * Technically libfuse does not allow returning a zero error code for\n+ * read requests, but in practice this is a 0-length read (and a future\n+ * commit will change this code anyway)\n+ */\n+ fuse_reply_err(req, 0);\n+ return;\n+ }\n+\n if (offset + size > blk_len) {\n size = blk_len - offset;\n }\n@@ -717,7 +727,15 @@ static void fuse_write(fuse_req_t req, fuse_ino_t inode, const char *buf,\n return;\n }\n \n- if (offset + size > blk_len) {\n+ if (offset >= blk_len && !exp->growable) {\n+ fuse_reply_write(req, 0);\n+ return;\n+ }\n+\n+ if (offset + size < offset) {\n+ fuse_reply_err(req, EINVAL);\n+ return;\n+ } else if (offset + size > blk_len) {\n if (exp->growable) {\n ret = fuse_do_truncate(exp, offset + size, true, PREALLOC_MODE_OFF);\n if (ret < 0) {\ndiff --git a/tests/qemu-iotests/308 b/tests/qemu-iotests/308\nindex 6ecb275555..a83c6fc01f 100755\n--- a/tests/qemu-iotests/308\n+++ b/tests/qemu-iotests/308\n@@ -300,16 +300,34 @@ dd if=/dev/zero of=\"$EXT_MP\" bs=1 count=64k seek=$orig_len \\\n conv=notrunc 2>&1 \\\n | _filter_testdir | _filter_imgfmt\n \n+# And one really squarely post-EOF write\n+dd if=/dev/zero of=\"$EXT_MP\" bs=1 count=1 seek=$((orig_len + 32 * 1024)) \\\n+ conv=notrunc 2>&1 \\\n+ | _filter_testdir | _filter_imgfmt\n+\n+# Half-post-EOF reads\n+dd if=\"$EXT_MP\" of=/dev/null bs=1 count=64k skip=$((orig_len - 32 * 1024)) \\\n+ 2>&1 | _filter_testdir | _filter_imgfmt\n+\n+# And one really squarely post-EOF read\n+dd if=\"$EXT_MP\" of=/dev/null bs=1 count=1 skip=$((orig_len + 32 * 1024)) \\\n+ 2>&1 | _filter_testdir | _filter_imgfmt\n+\n echo\n echo '--- Resize export ---'\n \n # But we can truncate it explicitly; even with fallocate\n-fallocate -o \"$orig_len\" -l 64k \"$EXT_MP\"\n+# (Make sure we extend it to a length not divisible by 128k, we need that below)\n+bs=$((128 * 1024))\n+extend_to=$(((orig_len + bs - 1) / bs * bs + bs / 2))\n+extend_by=$((extend_to - orig_len))\n+\n+fallocate -o \"$orig_len\" -l $extend_by \"$EXT_MP\"\n \n new_len=$(get_proto_len \"$EXT_MP\" \"$TEST_IMG\")\n-if [ \"$new_len\" != \"$((orig_len + 65536))\" ]; then\n+if [ \"$new_len\" != \"$extend_to\" ]; then\n echo 'ERROR: Unexpected post-truncate image size:'\n- echo \"$new_len != $((orig_len + 65536))\"\n+ echo \"$new_len != $extend_to\"\n else\n echo 'OK: Post-truncate image size is as expected'\n fi\n@@ -322,6 +340,13 @@ else\n echo \"$orig_disk_usage => $new_disk_usage\"\n fi\n \n+# Use this opportunity to test a read access across the (now no longer so much\n+# aligned) EOF. dd can only do requests with a length of its block size, and\n+# all of its seek/skip values are in bs units, so it is hard to do a request\n+# across the EOF if the EOF is at a power of two (64M).\n+dd if=\"$EXT_MP\" of=/dev/null bs=$bs count=2 skip=$((extend_to / bs)) \\\n+ 2>&1 | _filter_testdir | _filter_imgfmt\n+\n echo\n echo '--- Try growing growable export ---'\n \n@@ -338,9 +363,9 @@ dd if=/dev/zero of=\"$EXT_MP\" bs=1 count=64k seek=$new_len conv=notrunc 2>&1 \\\n | _filter_testdir | _filter_imgfmt\n \n new_len=$(get_proto_len \"$EXT_MP\" \"$TEST_IMG\")\n-if [ \"$new_len\" != \"$((orig_len + 131072))\" ]; then\n+if [ \"$new_len\" != \"$((extend_to + 65536))\" ]; then\n echo 'ERROR: Unexpected post-grow image size:'\n- echo \"$new_len != $((orig_len + 131072))\"\n+ echo \"$new_len != $((extend_to + 65536))\"\n else\n echo 'OK: Post-grow image size is as expected'\n fi\ndiff --git a/tests/qemu-iotests/308.out b/tests/qemu-iotests/308.out\nindex 2d7a38d63d..ebeaf64b48 100644\n--- a/tests/qemu-iotests/308.out\n+++ b/tests/qemu-iotests/308.out\n@@ -134,11 +134,21 @@ wrote 65536/65536 bytes at offset 1048576\n dd: error writing 'TEST_DIR/t.IMGFMT.fuse': No space left on device\n 1+0 records in\n 0+0 records out\n+dd: error writing 'TEST_DIR/t.IMGFMT.fuse': No space left on device\n+1+0 records in\n+0+0 records out\n+32768+0 records in\n+32768+0 records out\n+dd: TEST_DIR/t.IMGFMT.fuse: cannot skip to specified offset\n+0+0 records in\n+0+0 records out\n \n --- Resize export ---\n (OK: Lengths of export and original are the same)\n OK: Post-truncate image size is as expected\n OK: Disk usage grew with fallocate\n+0+1 records in\n+0+1 records out\n \n --- Try growing growable export ---\n {'execute': 'block-export-del',\n", "prefixes": [ "v4", "14/24" ] }