Fix statfs(2) for 32-bit user space

When handling a 32-bit statfs() system call the returned fields, though 64-bit in the kernel, must be limited to 32-bits or an EOVERFLOW error will be returned. This is less of an issue for block counts since the default reported block size in 128KiB. But since it is possible to set a smaller block size, these values will be scaled when needed to fit in a 32-bit unsigned long. Unlike most other filesystems the total possible files count is more likely to overflow because it is calculated based on the available free space in the pool. In order to prevent this the reported value must be capped at 2^32-1. This is only for statfs() reporting, internally to ZFS the limits remain unchanged. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
openzfs · Sep 20, 2018 · c3adb47 · c3adb47
1 parent 145c88f
commit c3adb47
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/include/linux/vfs_compat.h b/include/linux/vfs_compat.h
@@ -30,6 +30,7 @@
 #include <sys/taskq.h>
 #include <sys/cred.h>
 #include <linux/backing-dev.h>
+#include <linux/compat.h>
 
 /*
  * 2.6.28 API change,
@@ -626,4 +627,17 @@ inode_set_iversion(struct inode *ip, u64 val)
 }
 #endif
 
+/*
+ * Returns true when called in the context of a 32-bit system call.
+ */
+static inline int
+zpl_is_32bit_api(void)
+{
+#ifdef CONFIG_COMPAT
+	return (in_compat_syscall());
+#else
+	return (BITS_PER_LONG == 32);
+#endif
+}
+
 #endif /* _ZFS_VFS_H */
diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c
@@ -1422,16 +1422,14 @@ zfs_statvfs(struct dentry *dentry, struct kstatfs *statp)
 {
 	zfsvfs_t *zfsvfs = dentry->d_sb->s_fs_info;
 	uint64_t refdbytes, availbytes, usedobjs, availobjs;
-	uint64_t fsid;
-	uint32_t bshift;
 	int err = 0;
 
 	ZFS_ENTER(zfsvfs);
 
 	dmu_objset_space(zfsvfs->z_os,
 	    &refdbytes, &availbytes, &usedobjs, &availobjs);
 
-	fsid = dmu_objset_fsid_guid(zfsvfs->z_os);
+	uint64_t fsid = dmu_objset_fsid_guid(zfsvfs->z_os);
 	/*
 	 * The underlying storage pool actually uses multiple block
 	 * size.  Under Solaris frsize (fragment size) is reported as
@@ -1443,7 +1441,7 @@ zfs_statvfs(struct dentry *dentry, struct kstatfs *statp)
 	 */
 	statp->f_frsize = zfsvfs->z_max_blksz;
 	statp->f_bsize = zfsvfs->z_max_blksz;
-	bshift = fls(statp->f_bsize) - 1;
+	uint32_t bshift = fls(statp->f_bsize) - 1;
 
 	/*
 	 * The following report "total" blocks of various kinds in
@@ -1460,7 +1458,7 @@ zfs_statvfs(struct dentry *dentry, struct kstatfs *statp)
 	 * static metadata.  ZFS doesn't preallocate files, so the best
 	 * we can do is report the max that could possibly fit in f_files,
 	 * and that minus the number actually used in f_ffree.
-	 * For f_ffree, report the smaller of the number of object available
+	 * For f_ffree, report the smaller of the number of objects available
 	 * and the number of blocks (each object will take at least a block).
 	 */
 	statp->f_ffree = MIN(availobjs, availbytes >> DNODE_SHIFT);

diff --git a/module/zfs/zpl_super.c b/module/zfs/zpl_super.c
@@ -181,6 +181,28 @@ zpl_statfs(struct dentry *dentry, struct kstatfs *statp)
 	spl_fstrans_unmark(cookie);
 	ASSERT3S(error, <=, 0);
 
+	/*
+	 * If required by a 32-bit system call, dynamically scale the
+	 * block size up to 16MiB and decrease the block counts.  This
+	 * allows for a maximum size of 64EiB to be reported.  The file
+	 * counts must be artificially capped at 2^32-1.
+	 */
+	if (unlikely(zpl_is_32bit_api())) {
+		while (statp->f_blocks > UINT32_MAX &&
+		    statp->f_bsize < SPA_MAXBLOCKSIZE) {
+			statp->f_frsize <<= 1;
+			statp->f_bsize <<= 1;
+
+			statp->f_blocks >>= 1;
+			statp->f_bfree >>= 1;
+			statp->f_bavail >>= 1;
+		}
+
+		uint64_t usedobjs = statp->f_files - statp->f_ffree;
+		statp->f_ffree = MIN(statp->f_ffree, UINT32_MAX - usedobjs);
+		statp->f_files = statp->f_ffree + usedobjs;
+	}
+
 	return (error);
 }