437430 – [PATCH][NFS]Fix a potential file corruption issue when writing

Bug 437430 - [PATCH][NFS]Fix a potential file corruption issue when writing

Summary: [PATCH][NFS]Fix a potential file corruption issue when writing

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-14 03:50 UTC by jiangguiqing
Modified:	2008-03-14 20:21 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-03-14 20:21:49 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Patch for fix this problem. (1.39 KB, patch) 2008-03-14 03:50 UTC, jiangguiqing	no flags	Details \| Diff
View All

Description jiangguiqing 2008-03-14 03:50:30 UTC

Description of problem:
If the inode is flagged as having an invalid mapping, then we can't rely on
the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
write optimisation in nfs_updatepage(), since that will cause NFS to write
out areas of the page that are no longer guaranteed to be up to date.
(Refer to what Trond Myklebust said)

Version-Release number of selected component (if applicable):
Fedora8 (2.6.23.1-42.fc8)

How reproducible:
Use the following program.
--------------------------------------------------------------
//Test.c
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
int main()
{
    int fd,rn;
    char buf[256];
    // Open 
    fd= open("/mnt/testfile",
             O_CREAT | O_RDWR | O_APPEND | O_TRUNC, 00666);
    if (fd <= 0)  {
        perror("open");
        exit(-1);
    }

    // Write 1
    write(fd,"Client1",7);

    // Sleep 5s. During sleeping,write the file on the server.
    printf("Sleep 5 seconds. During sleeping,write the file on server.\n");
    sleep(5);

    // Lseek to file end. 
    lseek(fd,0L,SEEK_END);

    // Write 2
    write(fd,"Client2",7);

    // Read
    lseek(fd,0,SEEK_SET);
    rn = read(fd,buf,128);
    buf[rn]=(char)NULL;
    printf("File read (%d): %s\n",rn,buf);
    close(fd);

    // Unlink file
    unlink("/mnt/testfile");    
    return(0);
}
--------------------------------------------------------------

Steps to Reproduce:
1. On Client :
    mount -t nfs -o sync server:/tmp /mnt
2. On Client :
    run above program    (During sleeping, do step 3)
3. On Server :
    echo -n Server >>/tmp/testfile
4. On Client :
   See the C program execute result

Actual results:
Client1

Expected results:
Client1ServerClient2

Additional info:
The bug may lead to the file "/mnt/testfile" reading 'Client1\0\0\0\0\0Client2' 
because client does not update the cached page after the file writed by server. 
Instead it keeps it marked as PageUptodate() until someone calls 
invaldate_inode_pages2(). 

Refer to 2.6.25-rc3 kernel,i make the patch for fix this problem.
After the patch is applied, the problem can be resolved.

Comment 1 jiangguiqing 2008-03-14 03:50:30 UTC

Created attachment 298011 [details]
Patch for fix this problem.

Comment 2 Chuck Ebbert 2008-03-14 20:21:49 UTC

Patch is already in 2.6.24.3

Note You need to log in before you can comment on or make changes to this bug.