fstests.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Matthew Wilcox <willy@infradead.org>
To: Andreas Dilger <adilger@dilger.ca>
Cc: linux-fsdevel@vger.kernel.org, linux-afs@lists.infradead.org,
	linux-btrfs@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-mm@kvack.org, Hugh Dickins <hughd@google.com>,
	linux-kernel@vger.kernel.org, fstests@vger.kernel.org
Subject: Re: [PATCH 0/5] Fix a minor POSIX conformance problem
Date: Fri, 3 Feb 2023 13:21:17 +0000	[thread overview]
Message-ID: <Y90KTSXCKGd8Gaqc@casper.infradead.org> (raw)
In-Reply-To: <DCEDB8BB-8D10-4E17-9C27-AE48718CB82F@dilger.ca>

On Thu, Feb 02, 2023 at 04:08:49PM -0700, Andreas Dilger wrote:
> On Feb 2, 2023, at 1:44 PM, Matthew Wilcox (Oracle) <willy@infradead.org> wrote:
> > 
> > POSIX requires that on ftruncate() expansion, the new bytes must read
> > as zeroes.  If someone's mmap()ed the file and stored past EOF, for
> > most filesystems the bytes in that page will be not-zero.  It's a
> > pretty minor violation; someone could race you and write to the file
> > between the ftruncate() call and you reading from it, but it's a bit
> > of a QOI violation.
> 
> Is it possible to have mmap return SIGBUS for the writes beyond EOF?

Well, no.  The hardware only tells us about accesses on a per-page
basis.  We could SIGBUS on writes that _start_ after EOF, but this
test doesn't do that (it starts before EOF and extends past EOF).
And once the page is mapped writable, there's no page fault taken
for subsequent writes.

> On the one hand, that might indicate incorrect behavior of the application,
> and on the other hand, it seems possible that the application doesn't
> know it is writing beyond EOF and expects that data to be read back OK?

POSIX says:

"The system shall always zero-fill any partial page at the end of an
object. Further, the system shall never write out any modified portions
of the last page of an object which are beyond its end. References
within the address range starting at pa and continuing for len bytes to
whole pages following the end of an object shall result in delivery of
a SIGBUS signal."

https://pubs.opengroup.org/onlinepubs/9699919799/functions/mmap.html

So the application can't expect to read back anything it's written
(and if you look at page writeback, we currently zero beyond EOF at
writeback time).

> IMHO, this seems better to stop the root of the problem (mmap() allowing
> bad writes), rather than trying to fix it after the fact.

That would be nice, but we're rather stuck with the hardware that exists.
IIUC Cray-1 had byte-granularity range registers, but page-granularity
is what we have.


  reply	other threads:[~2023-02-03 13:21 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-02 20:44 [PATCH 0/5] Fix a minor POSIX conformance problem Matthew Wilcox (Oracle)
2023-02-02 20:44 ` [PATCH 1/5] truncate: Zero bytes after 'oldsize' if we're expanding the file Matthew Wilcox (Oracle)
2023-02-03 13:00   ` Brian Foster
2023-02-03 15:07     ` Matthew Wilcox
2023-02-02 20:44 ` [PATCH 2/5] ext4: " Matthew Wilcox (Oracle)
2023-02-02 20:44 ` [PATCH 3/5] tmpfs: " Matthew Wilcox (Oracle)
2023-02-02 20:44 ` [PATCH 4/5] afs: " Matthew Wilcox (Oracle)
2023-02-02 20:44 ` [PATCH 5/5] btrfs: " Matthew Wilcox (Oracle)
2023-02-02 20:44 ` [PATCH 6/5] generic: test ftruncate zeroes bytes after EOF Matthew Wilcox (Oracle)
2023-02-03 11:57   ` Johannes Thumshirn
2023-02-03 13:13     ` Matthew Wilcox
2023-02-03 16:35   ` Darrick J. Wong
2023-02-02 23:08 ` [PATCH 0/5] Fix a minor POSIX conformance problem Andreas Dilger
2023-02-03 13:21   ` Matthew Wilcox [this message]
2023-02-03 16:23     ` David Laight
2023-02-03 16:29       ` Matthew Wilcox
2023-02-27 13:49 ` [PATCH 4/5] afs: Zero bytes after 'oldsize' if we're expanding the file David Howells
2023-02-27 14:09   ` Matthew Wilcox
2023-02-27 14:20   ` David Howells
2023-02-27 14:49   ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y90KTSXCKGd8Gaqc@casper.infradead.org \
    --to=willy@infradead.org \
    --cc=adilger@dilger.ca \
    --cc=fstests@vger.kernel.org \
    --cc=hughd@google.com \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).