From owner-cvs-all Wed Jun 19 21: 3:16 2002 Delivered-To: cvs-all@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id A7E5137B400; Wed, 19 Jun 2002 21:03:09 -0700 (PDT) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id OAA27366; Thu, 20 Jun 2002 14:03:05 +1000 Date: Thu, 20 Jun 2002 14:07:57 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Matt Dillon Cc: cvs-committers@FreeBSD.org, Subject: Re: cvs commit: src/sys/ufs/ufs ufs_readwrite.c In-Reply-To: <200206190939.g5J9dfc51512@freefall.freebsd.org> Message-ID: <20020620135555.R11071-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 19 Jun 2002, Matt Dillon wrote: > dillon 2002/06/19 02:39:41 PDT > > Modified files: > sys/ufs/ufs ufs_readwrite.c > Log: > In rev 1.72 a situation related to write/mmap was fixed which could result > in a user process gaining visibility into the 'old' contents of a filesystem > block. There were two cases: (1) when uiomove() fails (user process issues > illegal write), and (2) when uiomove() overlaps a mmap() of the same file at > the same offset (fault -> recursive buffer I/O reads contents of old block). I fixed (1) in FreeBSD-1 by always backing out the write in the EFAULT case: %%% Index: ufs_vnops.c =================================================================== RCS file: /home/ncvs/src1/sys/ufs/ufs_vnops.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -2 -r1.2 -r1.3 --- ufs_vnops.c 22 Jul 1993 16:58:16 -0000 1.2 +++ ufs_vnops.c 27 Jul 1993 10:53:29 -0000 1.3 @@ -607,5 +607,5 @@ ip->i_mode &= ~(ISUID|ISGID); } while (error == 0 && uio->uio_resid > 0 && n != 0); - if (error && (ioflag & IO_UNIT)) { + if (error == EFAULT || error && (ioflag & IO_UNIT)) { (void) itrunc(ip, osize, ioflag & IO_SYNC); uio->uio_offset -= resid - uio->uio_resid; %%% but this is barely needed in FreeBSD-2 because IO_UNIT is set for regular in vn_write(). (IO_UNIT is a rather bogus flag. I haven't found any cases where not setting it is correct. It's main function was apparently to give atomic writes, but that function has been broken by splitting up the writes external (e.g., to break atomic writing of ktrace records), leaving only its secondary function of (completely) backing out of failed write(2)'s to regular files so that broken writers aren't confused by short writes.) At least some of these these bugs are still present in at least some filesysterms that were cloned from ffs. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message