[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250902121134.486-1-anmuxixixi@gmail.com>
Date: Tue, 2 Sep 2025 20:11:34 +0800
From: YangWen <anmuxixixi@...il.com>
To: hirofumi@...l.parknet.co.jp
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fat: fix data-race between fat12_ent_put() and fat_mirror_bhs()
Hi,
On Tue, 02 Sep 2025 23:13:42 +0900, OGAWA Hirofumi wrote:
> Hm, what is wrong with temporary inconsistent?
>
> If it had the race with future modification, it can be temporary
> inconsistent. However, future modification will fix it by updating with
> latest blocks, right?
>
> Or did you actually get the inconsistent state after clean unmount?
Thanks for your comment.
This is not only a temporary in-memory inconsistency. KCSAN detected a
race where fat12_ent_put() updates two bytes of a 12-bit FAT entry while
fat_mirror_bhs() concurrently memcpy()’s the entire sector. The mirror
FAT may therefore receive a torn entry.
Since fat_mirror_bhs() marks those buffers dirty, the corrupted mirror
content can be flushed to disk. In our syzkaller testing, this already
resulted in runtime errors such as:
FAT-fs (loop4): error, clusters badly computed (421 != 418)
FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 2075)
These errors occurred even after a clean unmount, which suggests that the
inconsistent FAT entries were actually written to disk and not corrected
later by "future modification".
FAT16/32 do not suffer from this problem because their entries are
naturally aligned 16/32-bit accesses, which are atomic on supported
architectures. FAT12 is special because of the 12-bit packing across
two bytes.
So I think it is necessary to protect memcpy() in fat_mirror_bhs() with
fat12_entry_lock to avoid copying a torn FAT12 entry.
Thanks.
Powered by blists - more mailing lists