[Bug 259071] Read past EoF in NFS client and fusefs

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 21 Oct 2021 21:24:07 UTC

--- Comment #3 from Rick Macklem <rmacklem@FreeBSD.org> ---
Well, I think I've figured out what the breakage is for the
NFS client. I'll leave it to asomers@ to decide if fuse
suffers from the same problem.

To be honest, I think this bug has existed in the BSD NFS
client *forever* (as in, since I first wrote NFS client code
for 4.3BSD in 1986, believe it or not;-).

Here's what seems to happen:
Child                                 Parent
- does stat()
  - does VOP_LOOKUP(), which
    does the Lookup RPC with
    the directory vnode locked        - does ftruncate(), acquiring
  --> acquires file handle and          exclusive vnode lock on file vnode
    attributes, including Size,
    valid at this point in time
  - blocks waiting for locked file
    vnode                             - does VOP_SETATTR() of Size, changing
                                        the file's size
                                      - releases the file vnode
  - acquires file vnode and fills
    in now stale attributes including
    the old wrong Size
                                      - does a read() which returns wrong
                                        data size

I am working on a patch, which I plan to discuss with asomers@ off list.
I will put a patch here as an attachment if/when I have one.

You are receiving this mail because:
You are the assignee for the bug.