lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1186058486.2289.17.camel@elijah.suse.cz>
Date:	Thu, 02 Aug 2007 14:41:26 +0200
From:	Petr Tesarik <ptesarik@...e.cz>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: mmap behavior on out-of-space conditions

Hello,

while solving a different issue, my colleague Libor Pechacek found a
problem with handling mmapped sparse files. If you mmap the hole insidea
sparse file and write to it, the data gets silently lost if there is not
enough space left on the underlying device.

I found a thread which touched this topic in December 2001 (sic!). I'd
like to quote an email by Andrea Arcangeli:

> On Sun, Dec 30, 2001 at 01:33:24AM -0500, Alexander Viro wrote:
> > 
> > 
> > On Sat, 29 Dec 2001, Andrew Morton wrote:
> > 
> > > Would it be necessary to preallocate the holes at mmap() time?  Mad
> > > hand-waving: Could we not perform the instantiation at pagefault time,
> > > and give the caller SIGBUS if we cannot allocate the blocks?  Or if
> > > there's an IO error, or quota exceeded.
> > 
> > Allocation at mmap() Is Not Going To Happen.  Consider it vetoed.
> > There are applications that use mmap() on large and very sparse
> > files.
> 
> it's exactly this kind of apps that will be screwed up by silent data
> corruption. the point of the holes is to optimize performance and save
> space, but they shouldn't introduce the possibilty of data corruption.
> 
> Note: I'm fine to introduce another way to notify the app about -ENOSPC,
> -ENOSPC on mmap is the most obvious one, but we could still allow the
> current "overcommit" behaviour with a kind of sigbus mentioned by
> Andrew (possibly not sigbus though, since it has just well defined
> semantics for MAP_SHARED, maybe they could be extended, anyways as said
> this is only a matter of API). My point is only that some API should be
> added because your mmap on sparse files are unreliable at the moment.

(see http://marc.info/?l=linux-kernel&m=100975730421590&w=2)

However, this is still not fixed - I am attaching a simple test case,
run it like:

$ make
$ # become root
# make check

IMO we should go with the SIGBUS solution, but I want to discuss it here
before making a patch.

Kind regards,
Petr Tesarik
SUSE LINUX, L3 Prague


Download attachment "mmap-nospc.tar.gz" of type "application/x-compressed-tar" (1242 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ