From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ex13.tuxera.com ([178.16.184.72]:26166 "EHLO ex13.tuxera.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932247AbcHKSq5 (ORCPT ); Thu, 11 Aug 2016 14:46:57 -0400 Date: Thu, 11 Aug 2016 21:46:51 +0300 From: Tuomas Tynkkynen To: Subject: Weird writev() behaviour on EFAULT - also successfully modifying the file Message-ID: <20160811214651.74515950@duuni> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Greetings, I've noticed a corner case with writev() both modifying the file and returning -EFAULT at the same time. This happens on filesystems using generic_perform_write() (i.e. ext4, vfat) on 4.6.3 kernel and below, down to 3.16. Here's the reproducer: // 8<---- cut here ------------------------ >8 #include #include #include #include #include int main(int argc, char** argv) { int fd; ssize_t ret; struct iovec iov[] = { { .iov_base = NULL, .iov_len = 0, }, { .iov_base = NULL, .iov_len = 4096, }, }; system("dd if=/dev/zero bs=8k count=1 | tr '\\0' 'A' > foo"); fd = open("foo", O_RDWR); if (fd < 0) { perror("open()"); return 1; } ret = writev(fd, iov, 2); if (ret < 0) { perror("writev()"); return 1; } return 0; } // 8<---- cut here ------------------------ >8 Running that prints "writev(): Bad address" but also some NUL bytes have appeared at the beginning file, in addition to the 'A's by the dd. 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00001000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA| * 00002000 Is that intented behaviour?