Re: [PATCH v4 experimental-tests] erofs-utils: tests: test FUSE error handling on corrupted inodes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gao Xiang <hsiangkao@linux.alibaba.com>
To: Nithurshen <nithurshen.dev@gmail.com>
Cc: linux-erofs@lists.ozlabs.org, newajay.11r@gmail.com, xiang@kernel.org
Subject: Re: [PATCH v4 experimental-tests] erofs-utils: tests: test FUSE error handling on corrupted inodes
Date: Wed, 1 Apr 2026 16:05:58 +0800	[thread overview]
Message-ID: <eedeb2dd-4ee0-4ef9-a672-e0f8758faa2c@linux.alibaba.com> (raw)
In-Reply-To: <20260401075504.88389-1-nithurshen.dev@gmail.com>



On 2026/4/1 15:55, Nithurshen wrote:
> This patch introduces a regression test (erofs/099) to verify that
> the FUSE daemon gracefully handles corrupted inodes without crashing
> or violating the FUSE protocol.
> 
> Recently, a bug was identified where erofs_read_inode_from_disk()
> would fail, but erofsfuse_getattr() lacked a return statement
> after sending an error reply. This caused a fall-through, sending
> a second reply via fuse_reply_attr() and triggering a libfuse
> segmentation fault.
> 
> To prevent future regressions, this test:
> 1. Creates a valid EROFS image.
> 2. Surgically corrupts the root inode (injecting random data at
>     offset 1152) while leaving the superblock intact so it mounts.
> 3. Mounts the image in the foreground to capture daemon stderr.
> 4. Runs 'stat' to trigger the inode read failure.
> 5. Evaluates the stderr log to ensure no segfaults, aborts, or
>     "multiple replies" warnings are emitted by libfuse.
> 
> Signed-off-by: Nithurshen <nithurshen.dev@gmail.com>
> ---
> Changes in v4:
> - Corrected the commit message and notes to accurately match the
>    code submitted (v3 accidentally included a draft message that
>    did not match the diff).
> 
> Changes in v3:
> - Disabled superblock checksums using `-Enosbcrc` in _scratch_mkfs.
> - Used `_scratch_unmount` instead of standard `umount`.
> 
> Note regarding the corruption method:
> My apologies for the confusion in v3. The email described
> using `dump.erofs` and `0xFF`, but the patch contained my code
> using the hardcoded offset 1152 and `/dev/urandom`. I am resending
> the patch as v4 so the commit message accurately reflects the code.
> 
> I originally kept the hardcoded root offset (1152) because targeting
> `/testfile` dynamically with `/dev/urandom` was slightly flaky. If
> the random bytes happened to form a valid-looking layout, the bug
> was bypassed. Wiping 1024 bytes at offset 1152 reliably destroys the
> root metadata and guarantees the bug triggers 100% of the time.
> 
> Is this hardcoded offset approach acceptable for this specific test?
> If you strictly prefer the `dump.erofs` approach (using 0xFF instead
> of urandom to guarantee the error), please let me know and I will
> gladly send those updates in a v5 patch.

Are we still miscommunicating? I asked using `dump.erofs` for many
many times but you still send those useless patches?

Is it hard to understand? No hardcode offset please.

Thanks,
Gao Xiang

next prev parent reply	other threads:[~2026-04-01  8:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-30  4:28 [PATCH experimental-tests] erofs-utils: tests: test FUSE error handling on corrupted inodes Nithurshen
2026-03-30  5:43 ` Gao Xiang
2026-03-30 10:30 ` [PATCH v2 " Nithurshen
2026-03-31  2:33   ` Gao Xiang
2026-04-01  7:10   ` [PATCH v3 " Nithurshen
2026-04-01  7:19     ` Gao Xiang
2026-04-01  7:55     ` [PATCH v4 " Nithurshen
2026-04-01  8:05       ` Gao Xiang [this message]
2026-04-01  8:09         ` Gao Xiang
2026-04-03  0:34       ` [PATCH v5 " Nithurshen
2026-04-07  3:01         ` [PATCH v6 " Gao Xiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=eedeb2dd-4ee0-4ef9-a672-e0f8758faa2c@linux.alibaba.com \
    --to=hsiangkao@linux.alibaba.com \
    --cc=linux-erofs@lists.ozlabs.org \
    --cc=newajay.11r@gmail.com \
    --cc=nithurshen.dev@gmail.com \
    --cc=xiang@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.