NetBSD Problem Report #33777

From simonb@thistledown.com.au  Tue Jun 20 16:29:02 2006
Return-Path: <simonb@thistledown.com.au>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 0809A63B888
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 20 Jun 2006 16:29:02 +0000 (UTC)
Message-Id: <20060620143845.7D44C23989@thoreau.thistledown.com.au>
Date: Wed, 21 Jun 2006 00:38:45 +1000 (EST)
From: Simon Burge <simonb@netbsd.org>
Reply-To: Simon Burge <simonb@netbsd.org>
To: gnats-bugs@NetBSD.org
Subject: ftruncate broken on extend on ffs with large page size
X-Send-Pr-Version: 3.95

>Number:         33777
>Category:       kern
>Synopsis:       ftruncate broken on extend on ffs with large page size
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    yamt
>State:          analyzed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 20 16:30:00 +0000 2006
>Closed-Date:    
>Last-Modified:  Tue Dec 12 06:27:14 +0000 2006
>Originator:     Simon Burge <simonb@netbsd.org>
>Release:        All?  Observerd on alpha with 1.6ZG and walnut with 3.99.21
>Organization:
>Environment:
>Description:
        ftruncate has a problem where it doesn't zero-fill data when a
        file is extended under some circumstances.  It appears to be if
        you extend a file to a page sized boundary on a filesystem where
        the ffs block size is half the page size.  I've observed this
        on a Walnut (16kB page size on ffs with 8kB block size) running
        NetBSD 3.99.21 and an Alpha (8kB page size on an ffs with 4kB
        block size) running NetBSD 1.6ZG.

>How-To-Repeat:

        Run the following program on a system where the pagesize is
        double the size of the ffs block size, and observe output of
        non-zeros.

	#include <err.h>
	#include <fcntl.h>
	#include <string.h>
	#include <unistd.h>

	#define	BUFLEN	0x10

	main(int argc, char **argv)
	{
		int fd, i, pgsize;
		char buf[BUFLEN];

		pgsize = getpagesize();

		if (argc < 2)
			errx(1, "usage");

		unlink(argv[1]);

		fd = open(argv[1], O_RDWR | O_CREAT | O_TRUNC, 0644);
		if (fd < 0)
			err(1, "open: %s", argv[1]);

		for (i = 0; i < sizeof(buf); i++)
			buf[i] = i + 'A';

		pwrite(fd, buf, sizeof(buf), pgsize - 0x10);
		ftruncate(fd, pgsize / 2);
		ftruncate(fd, pgsize);
		pread(fd, buf, sizeof(buf), pgsize - 0x10);
		printf("buf =");
		for (i = 0; i < BUFLEN; i++)
			printf(" %02x", buf[i]);
		printf("\n");

		close(fd);
		exit(0);
	}

>Fix:
        None given...

        ffs_truncate() calls ufs_balloc_range() then basically returns.

        The comment above ufs_balloc_range() says

 * after this function returns, any page entirely contained within the range
 * will map to invalid data and thus must be overwritten before it is made
 * accessible to others.

        which seems to indicate we should be zero'ing something
        somewhere.  I've no idea why this problem is showing up only
        with certain specific page size and block size combinations.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->yamt
Responsible-Changed-By: yamt@netbsd.org
Responsible-Changed-When: Mon, 16 Oct 2006 08:59:24 +0000
Responsible-Changed-Why:
i'll take a look.


From: YAMAMOTO Takashi <yamt@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/33777 CVS commit: src/sys/ufs/ffs
Date: Tue, 17 Oct 2006 11:39:18 +0000 (UTC)

 Module Name:	src
 Committed By:	yamt
 Date:		Tue Oct 17 11:39:18 UTC 2006

 Modified Files:
 	src/sys/ufs/ffs: ffs_inode.c

 Log Message:
 ffs_truncate: don't forget to zero the past eof in the case of
 blocksize < pagesize.  PR/33777 from Simon Burge.
 XXX check other filesystems, esp. lfs.


 To generate a diff of this commit:
 cvs rdiff -r1.84 -r1.85 src/sys/ufs/ffs/ffs_inode.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: yamt@netbsd.org
State-Changed-When: Tue, 17 Oct 2006 11:41:11 +0000
State-Changed-Why:
please try ffs_inode.c rev.1.85.


From: Simon Burge <simonb@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: yamt@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: PR/33777 CVS commit: src/sys/ufs/ffs 
Date: Sat, 21 Oct 2006 23:19:07 +1000

 YAMAMOTO Takashi wrote:

 > The following reply was made to PR kern/33777; it has been noted by GNATS.
 > 
 > From: YAMAMOTO Takashi <yamt@netbsd.org>
 > To: gnats-bugs@NetBSD.org
 > Cc: 
 > Subject: PR/33777 CVS commit: src/sys/ufs/ffs
 > Date: Tue, 17 Oct 2006 11:39:18 +0000 (UTC)
 > 
 >  Module Name:	src
 >  Committed By:	yamt
 >  Date:		Tue Oct 17 11:39:18 UTC 2006
 >  
 >  Modified Files:
 >  	src/sys/ufs/ffs: ffs_inode.c
 >  
 >  Log Message:
 >  ffs_truncate: don't forget to zero the past eof in the case of
 >  blocksize < pagesize.  PR/33777 from Simon Burge.
 >  XXX check other filesystems, esp. lfs.

 I can confirm that a -current kernel (with this change) doesn't have the
 problem on a Walnut.

 Should the PR be closed before other filesystems have been checked?

 Thanks,
 Simon.

State-Changed-From-To: feedback->analyzed
State-Changed-By: yamt@netbsd.org
State-Changed-When: Tue, 12 Dec 2006 06:27:14 +0000
State-Changed-Why:
have already gotten a feedback.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.