From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: fs corruption exposed by "xfs: increase prealloc size to double that of the previous extent" Date: Mon, 17 Mar 2014 00:29:18 +0000 Message-ID: <20140317002918.GT18016@ZenIV.linux.org.uk> References: <20140315210216.GP18016@ZenIV.linux.org.uk> <20140317001130.GA7072@dastard> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Brian Foster , linux-fsdevel@vger.kernel.org, Dave Chinner , xfs@oss.sgi.com To: Dave Chinner Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:57347 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932224AbaCQA3W (ORCPT ); Sun, 16 Mar 2014 20:29:22 -0400 Content-Disposition: inline In-Reply-To: <20140317001130.GA7072@dastard> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, Mar 17, 2014 at 11:11:30AM +1100, Dave Chinner wrote: > Yes, we've known about this since 2011. Right - that's a long > standing problem, and one I've never been able to isolate and so > reproduce with any luck. It can only be reproduced when you use mmap > and direct IO on the same file, and every time I've added debug to > find out where the tail block corruption was being introduced, the > data corruption goes away. It behaves just like a race condition.... See downthread. And I would be *very* surprised if it was a race - don't forget the msync() done before that write(). I think I know what's going on - O_DIRECT write starting a bit before EOF on a file with the last extent that can be grown. It fills a buffer_head with b_size extending quite a bit past the EOF; the blocks are really allocated. What causes the problem is that we have the flags set for the *first* block. IOW, buffer_new(bh) is false - the first block has already been allocated. And for direct-io.c it means "no zeroing the tail of the last block".