From: bugzilla-daemon@bugzilla.kernel.org
To: linux-f2fs-devel@lists.sourceforge.net
Subject: [Bug 202889] New: fsync on file fails to persist its size, which is changed by pwrite
Date: Tue, 12 Mar 2019 20:58:37 +0000 [thread overview]
Message-ID: <bug-202889-202145@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=202889
Bug ID: 202889
Summary: fsync on file fails to persist its size, which is
changed by pwrite
Product: File System
Version: 2.5
Kernel Version: v5.0
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: seulbae@gatech.edu
Regression: No
Created attachment 281771
--> https://bugzilla.kernel.org/attachment.cgi?id=281771&action=edit
Proof of Concept
[Kernel version]
This bug can be reproduced on kernel v5.0.
[Reproduce]
* Use a VM, since our PoC simulates a crash by triggering a SysRq!
1. Download a base image (64 MB)
$ wget https://gts3.org/~seulbae/fsimg/f2fs-10.image
2. Mount the image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs
3. Compile and run PoC
$ gcc poc.c -o poc
$ sudo ./poc /tmp/f2fs
(System reboots)
[Check]
1. Re-mount the crashed image
$ mkdir /tmp/f2fs
$ sudo mount -o loop f2fs-10.image /tmp/f2fs
2. Check inconsistency
$ stat /tmp/f2fs/foo/bar/xattr
Size: 7860
[Description]
In the base image, 2 directories and 7 files exist.
0: 0755 (mount_point)
+--4: 0755 foo
+--5: 0755 bar
+--6 : 0644 baz (size: 12 bytes)
+--6 : 0644 hln (size: 12 bytes)
+--7 : 0644 xattr (size: 0 bytes)
+--8 : 0644 acl (size: 0 bytes)
+--9 : 0644 æøå (size: 4 bytes)
+--10: 0644 fifo (size: 0 bytes)
+--11: 0777 sln -> mnt/foo/bar/baz
Below is the breakdown of the PoC:
1. Open the existing, empty file "foo/bar/xattr" (inode #7),
(line 24) int fd = syscall(SYS_open, "foo/bar/xattr", O_RDWR, 0);
2. write some data on it (buf is a 8192-byte char array, all bytes initialized
as '\0'),
(line 25) syscall(SYS_write, fd, buf, 4110);
(line 26) syscall(SYS_write, fd, buf, 3750);
3. fdatasync the inode,
(line 27) syscall(SYS_fdatasync, fd);
4. pwrite on the same file to increase its size to 8192
(line 28) syscall(SYS_pwrite64, fd, buf, 1249, 6943);
5. fsync the inode to persist its new size and data, and
(line 29) syscall(SYS_fsync, fd);
7. simulate a crash by rebooting right away without un-mounting.
(line 30) system("echo b > /proc/sysrq-trigger");
Even though we fsync inode #7 ("foo/bar/xattr") after changing its size from
7860 to 8192, this metadata is somehow not persisted, and the size of
"foo/bar/xattr" is still 7860 after recovering from a crash.
Reported by Seulbae Kim (seulbae@gatech.edu) from SSLab, Gatech.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2019-03-12 20:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-12 20:58 bugzilla-daemon [this message]
2019-03-12 20:59 ` [Bug 202889] fsync on inode fails to persist its size, which is changed by pwrite bugzilla-daemon
2019-03-13 2:24 ` bugzilla-daemon
2019-03-13 2:40 ` bugzilla-daemon
2019-03-13 2:54 ` bugzilla-daemon
2019-03-13 3:09 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-202889-202145@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).