[Bug 202889] New: fsync on file fails to persist its size, which is changed by pwrite

[bugzilla-daemon@bugzilla.kernel.org]

https://bugzilla.kernel.org/show_bug.cgi?id=202889

            Bug ID: 202889
           Summary: fsync on file fails to persist its size, which is
                    changed by pwrite
           Product: File System
           Version: 2.5
    Kernel Version: v5.0
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: f2fs
          Assignee: filesystem_f2fs@kernel-bugs.kernel.org
          Reporter: seulbae@gatech.edu
        Regression: No

Created attachment 281771
  --> https://bugzilla.kernel.org/attachment.cgi?id=281771&action=edit
Proof of Concept

[Kernel version]
This bug can be reproduced on kernel v5.0.


[Reproduce]
* Use a VM, since our PoC simulates a crash by triggering a SysRq!
1. Download a base image (64 MB)
$ wget https://gts3.org/~seulbae/fsimg/f2fs-10.image

2. Mount the image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs

3. Compile and run PoC
$ gcc poc.c -o poc
$ sudo ./poc /tmp/f2fs
(System reboots)


[Check]
1. Re-mount the crashed image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs

2. Check inconsistency
$ stat /tmp/f2fs/foo/bar/xattr
Size: 7860


[Description]
In the base image, 2 directories and 7 files exist.

0: 0755 (mount_point)
+--4: 0755 foo
   +--5: 0755 bar
      +--6 : 0644 baz   (size: 12 bytes)
      +--6 : 0644 hln   (size: 12 bytes)
      +--7 : 0644 xattr (size: 0 bytes)
      +--8 : 0644 acl   (size: 0 bytes)
      +--9 : 0644 æøå   (size: 4 bytes)
      +--10: 0644 fifo  (size: 0 bytes)
      +--11: 0777 sln -> mnt/foo/bar/baz

Below is the breakdown of the PoC:
1. Open the existing, empty file "foo/bar/xattr" (inode #7),
(line 24) int fd = syscall(SYS_open, "foo/bar/xattr", O_RDWR, 0);

2. write some data on it (buf is a 8192-byte char array, all bytes initialized
as '\0'),
(line 25) syscall(SYS_write, fd, buf, 4110);
(line 26) syscall(SYS_write, fd, buf, 3750);

3. fdatasync the inode,
(line 27) syscall(SYS_fdatasync, fd);

4. pwrite on the same file to increase its size to 8192
(line 28) syscall(SYS_pwrite64, fd, buf, 1249, 6943);

5. fsync the inode to persist its new size and data, and
(line 29) syscall(SYS_fsync, fd);

7. simulate a crash by rebooting right away without un-mounting.
(line 30) system("echo b > /proc/sysrq-trigger");

Even though we fsync inode #7 ("foo/bar/xattr") after changing its size from
7860 to 8192, this metadata is somehow not persisted, and the size of
"foo/bar/xattr" is still 7860 after recovering from a crash.


Reported by Seulbae Kim (seulbae@gatech.edu) from SSLab, Gatech.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel