Details

Reviewers

markj
emaste
asomers
jah

Commits

rG8bdb2695d697: tmpfs: truncate write if it would exceed the fs max file size or RLIMIT_FSIZE
rGa9c439ba104d: msdosfs: truncate write if it would exceed the fs max file size or RLIMIT_FSIZE
rG87525ef94007: FFS: truncate write if it would exceed the fs max file size or RLIMIT_FSIZE
rG1b4b75171ee3: Add vn_rlimit_fsizex() and vn_rlimit_fsizex_res()
rGb5b16659c5ac: tmpfs: disallow truncation to set file size past RLIMIT_FSIZE
rG701b73858e3a: msdosfs: disallow truncation to set file size past RLIMIT_FSIZE
rG70385088cafa: UFS: disallow truncation to set file size past RLIMIT_FSIZE
rG2ac083f60f8c: Add vn_rlimit_trunc()
rGcc65a412ae22: filesystems: return error from vn_rlimit_fsize() instead of EFBIG
rG0f01fb01c2de: tmpfs_subr.c: some style

Summary

When there are some bytes to write in case write overflows the limit, truncate the write instead of sending SIGXFSZ outright.
Send SIGXFSZ when truncating.

Only UFS, msdosfs, tmpfs are handled.

Per-commit view https://kib.kiev.ua/git/gitweb.cgi?p=deviant3.git;a=shortlog;h=refs/heads/ufs

PR: 164793

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Sep 18 2022, 8:12 PM

Herald added subscribers: asomers, imp. · View Herald TranscriptSep 18 2022, 8:12 PM

kib requested review of this revision.Sep 18 2022, 8:12 PM

Thanks for fixing this. As for what the correct behavior should be when the file doesn't yet exceed the limit but a write would cross that threshold, I'm agnostic. I think the old behavior of aborting the write entirely was fine. But the new behavior is fine too. I can fix truncate with fusefs after you merge this change.

This revision is now accepted and ready to land.Sep 18 2022, 8:42 PM

In D36625#831484, @asomers wrote:

As for what the correct behavior should be when the file doesn't yet exceed the limit but a write would cross that threshold, I'm agnostic. I think the old behavior of aborting the write entirely was fine. But the new behavior is fine too.

If the request would cause the file size to exceed the soft file size limit for the process and there
is no room for any bytes to be written, the request shall fail and the implementation shall
generate the SIGXFSZ signal for the thread.

From the decription of write() in IEEE Std 1003.1™-2017

kib edited the summary of this revision. (Show Details)Sep 19 2022, 1:48 PM

kib added a reviewer: jah.Sep 20 2022, 3:26 PM

jah accepted this revision.Sep 21 2022, 5:00 PM

markj added inline comments.Sep 21 2022, 6:22 PM

sys/fs/tmpfs/tmpfs_vnops.c
660
663	I think `VFS_TO_TMPFS(vp->v_mount)->tm_maxfilesize` deserves a local variable.
sys/ufs/ffs/ffs_vnops.c
895	In dofilewrite(), we compare resid before and after the operation to determine whether to return to userspace, and to determine the return value for write(). Won't this clamping break it?

kib marked 3 inline comments as done.Sep 21 2022, 10:45 PM

Fix the issue with uio_resid:

move both limit check and max file size check into new helper vn_rlimit_fsizex(), and clamps uio_resid
the helper returns original uio_resid, which must be passed to vn_rlimit_fsizex_res() on return
_res() adjusts uio_resid back to the original value minus processed bytes

vn_rlimit_fsize() is kept around for unconverted filesystems, but is implemented by using compat mode in vn_rlimit_fsizex()

This revision now requires review to proceed.Sep 21 2022, 10:49 PM

markj added inline comments.Sep 22 2022, 12:14 PM

sys/kern/vfs_vnops.c
2393	A comment or some other kind of documentation is needed to know when to use this variant.
2458	or maybe "... can handle writes truncated to the file size limit".
2482	Why not simply drop the const qualifier from the function?

kib marked 3 inline comments as done.Sep 22 2022, 2:34 PM

kib added inline comments.

sys/kern/vfs_vnops.c
2482	Because I think it would be wrong, the function does not modify *uio. DECONST there is an implementation detail. Also, after all filesystems are converted, vn_rlimit_fsize() should be removed.

Update comments

kib added a subscriber: pho.Sep 22 2022, 2:35 PM

After Peter testing; fixed bugs.

Always update *orig_resid, since vn_rlimit_fsizex_res() is called unconditionally.
Interpret maxfsz == 0 as no file size limit.
Do not exclude file size limit check for td == NULL case (kernel write).
Improve comments.

markj accepted this revision.Sep 24 2022, 4:24 PM

markj added inline comments.

sys/kern/vfs_vnops.c
2434	Is there some specific reason putpages does not set uio_td? Other kernel writers (e.g., md thread) do set it.

This revision is now accepted and ready to land.Sep 24 2022, 4:24 PM

kib added inline comments.Sep 24 2022, 4:40 PM

sys/kern/vfs_vnops.c
2434	I suspect it comes down to the question of the ownership of the writes. vnode_pager is executed in context which is, generally, different from the thread that dirtied the pages. In particular, this was a bug I have in the intermediate version of vn_rlimit_fsizex(). Current nfs client forcibly set uio_td to curthread in nfs_putpages(), I did not checked what did the old client. Perhaps other network filesystems could be affected too. Note that e.g. md(4) worker thread is the owner of writes, so setting uio_td to md thread is correct.