[Bug 233783] [fusefs] returns cached truncated data
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Dec 4 17:50:47 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233783
Bug ID: 233783
Summary: [fusefs] returns cached truncated data
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: asomers at FreeBSD.org
fuse(4) caches data in the kernel, even when mounted with "-o direct_io".
After a truncation, it may return cached data from past the truncation point.
This data is invalid and should've been dropped during the truncation. I've
reproduced this behavior with libfuse's "passthrough" example program using
both CURRENT @r340987 and 12.0-BETA4. Steps to reproduce:
$ cd /path/to/freebsd/sources/tools/regression/fsx
$ make
$ sudo pkg install pkgconf fusefs-libs3
$ git clone git at github.com:libfuse/libfuse.git
$ cd libfuse/example
$ cc -Wall -I/usr/local/include/fuse3 -L/usr/local/lib -lfuse3 -lpthread
passthrough.c -o passthrough
$ sudo kldload fuse
$ mkdir /tmp/mnt
$ sudo ./passthrough -f -sd -o allow_other /tmp/mnt
Then, run fsx in a separate session:
$ cd /tmp/mnt/tmp
$ /usr/obj/whatever/amd64.amd64/tools/regression/fsx/fsx -WR -P /tmp -S10
fsx.bin
fsx will terminate with this output. It's reproducible since we specified the
seed:
mapped writes DISABLED
Seed set to 10
skipping zero size read
skipping zero size read
skipping zero size read
skipping zero size read
skipping zero size read
skipping zero size read
skipping zero size read
truncating to largest ever: 0x10016
READ BAD DATA: offset = 0xe1e6, size = 0xe229
OFFSET GOOD BAD RANGE
0x1b8df 0x0000 0xb708 0x b2b
operation# (mod 256) for the bad data may be 8
LOG DUMP (11 total operations):
1(1 mod 256): SKIPPED (no operation)
2(2 mod 256): SKIPPED (no operation)
3(3 mod 256): SKIPPED (no operation)
4(4 mod 256): SKIPPED (no operation)
5(5 mod 256): SKIPPED (no operation)
6(6 mod 256): SKIPPED (no operation)
7(7 mod 256): SKIPPED (no operation)
8(8 mod 256): WRITE 0x1b8df thru 0x21ac6 (0x61e8 bytes) HOLE ***WWWW
9(9 mod 256): TRUNCATE DOWN from 0x21ac7 to 0x10016 ******WWWW
10(10 mod 256): WRITE 0x3e90a thru 0x3ffff (0x16f6 bytes) HOLE ***WWWW
11(11 mod 256): READ 0xe1e6 thru 0x1c40e (0xe229 bytes) ***RRRR***
Correct content saved for comparison
(maybe hexdump "fsx.bin" vs "fsx.bin.fsxgood")
By comparing FSX's output to passthrough's, we can deduce where fuse.ko
serviced a read from its cache:
fsx's log passthrough's log
--------- -----------------
write 0x1b8df 0x61e8 write 112863 18209
write 131072 6855
trunc 137927
trunc 0x10016 trunc 65558
write 0x3d90a 0x16f6 read 196608 65536
write 256266 5878
trunc 262144
read 0xe1e6 0x1c40e read 0 65536 (services 57830 - 65536)
<read from cache> (services 65536 - 173556)
The miscompare happened at address 0x1b8df, which was in the part of the read
serviced from the cache, and it's the first part of that cached read that ever
contained non-zero data in the lifetime of this test.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list