The 48-bit chunk format flag was being set inside
erofs_blob_write_chunked_file right after erofs_blob_getchunk returns.
At that point chunk->blkaddr is the chunk's offset in the temporary
blob buffer, not the final image address. The real address is only
known after erofs_mkfs_dump_blobs applies remapped_base.
This means the detection was unreliable in both directions: a chunk
whose blob offset looks large but fits in 32-bits after remapping gets
flagged unnecessarily, and worse, a chunk that lands above UINT32_MAX
after remapping may not get flagged at all, producing a corrupt image.
Fix this by introducing erofs_inode_fixup_chunkformat() which walks
the chunk array after remapped_base is finalized and sets the 48-bit
flag if any chunk address exceeds UINT32_MAX. The fixup is called from
erofs_bh_flush_write_inode before erofs_iflush so that the correct
chunkformat is written into the on-disk inode header. Both blob chunks
(remapped_base + chunk->blkaddr) and device chunks (chunk->blkaddr
directly) are handled.
---
include/erofs/blobchunk.h | 1 +
lib/blobchunk.c | 40 +++++++++++++++++++++++++++++++++++----
lib/inode.c | 3 +++
3 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/include/erofs/blobchunk.h b/include/erofs/blobchunk.h
index ef06773..48fca63 100644
--- a/include/erofs/blobchunk.h
+++ b/include/erofs/blobchunk.h
@@ -16,6 +16,7 @@ extern "C"
struct erofs_blobchunk *erofs_get_unhashed_chunk(unsigned int device_id,
erofs_blk_t blkaddr, erofs_off_t sourceoffset);
+void erofs_inode_fixup_chunkformat(struct erofs_inode *inode);
int erofs_write_chunk_indexes(struct erofs_inode *inode, struct erofs_vfile
*vf,
erofs_off_t off);
int erofs_blob_write_chunked_file(struct erofs_inode *inode, int fd,
diff --git a/lib/blobchunk.c b/lib/blobchunk.c
index a051904..96c161b 100644
--- a/lib/blobchunk.c
+++ b/lib/blobchunk.c
@@ -136,6 +136,42 @@ static int erofs_blob_hashmap_cmp(const void *a, const
void *b,
sizeof(ec1->sha256));
}
+void erofs_inode_fixup_chunkformat(struct erofs_inode *inode)
+{
+ unsigned int unit, src;
+ u64 extent_count;
+ bool _48bit;
+
+ if (inode->u.chunkformat & EROFS_CHUNK_FORMAT_INDEXES)
+ unit = sizeof(struct erofs_inode_chunk_index);
+ else
+ unit = EROFS_BLOCK_MAP_ENTRY_SIZE;
+
+ _48bit = inode->u.chunkformat & EROFS_CHUNK_FORMAT_48BIT;
+ if (_48bit)
+ return;
+
+ extent_count = inode->extent_isize / unit;
+ for (src = 0; src < extent_count; ++src) {
+ struct erofs_blobchunk *chunk =
+ *(void **)(inode->chunkindexes + src * sizeof(void *));
+
+ if (chunk->blkaddr == EROFS_NULL_ADDR)
+ continue;
+ if (chunk->device_id) {
+ if (chunk->blkaddr > UINT32_MAX) {
+ _48bit = true;
+ break;
+ }
+ } else if (remapped_base + chunk->blkaddr > UINT32_MAX) {
+ _48bit = true;
+ break;
+ }
+ }
+ if (_48bit)
+ inode->u.chunkformat |= EROFS_CHUNK_FORMAT_48BIT;
+}
+
int erofs_write_chunk_indexes(struct erofs_inode *inode, struct erofs_vfile
*vf,
erofs_off_t off)
{
@@ -380,10 +416,6 @@ int erofs_blob_write_chunked_file(struct erofs_inode
*inode, int fd,
goto err;
}
- /* FIXME! `chunk->blkaddr` is not the final blkaddr here */
- if (chunk->blkaddr != EROFS_NULL_ADDR &&
- chunk->blkaddr >= UINT32_MAX)
- inode->u.chunkformat |= EROFS_CHUNK_FORMAT_48BIT;
if (!erofs_blob_can_merge(sbi, lastch, chunk)) {
erofs_update_minextblks(sbi, interval_start, pos,
&minextblks);
diff --git a/lib/inode.c b/lib/inode.c
index 4a214f9..7a1d982 100644
--- a/lib/inode.c
+++ b/lib/inode.c
@@ -908,6 +908,9 @@ static int erofs_bh_flush_write_inode(struct
erofs_buffer_head *bh, bool abort)
DBG_BUGON(inode->bh != bh);
if (!abort) {
+ if (inode->datalayout == EROFS_INODE_CHUNK_BASED &&
+ inode->chunkindexes)
+ erofs_inode_fixup_chunkformat(inode);
ret = erofs_iflush(inode);
if (ret)
return ret;
--
2.52.0
