Fix block-boundary truncate issues #800
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When truncation is done on a file to the block size, there seems to be an error where it points to an incorrect block. Perform a write / truncate / readback operation to verify this issue. Signed-off-by: Colin Foster <colin.foster@in-advantage.com>
Removed the weird alignment requirement from the general truncate tests. This explicitly hid off-by-one truncation errors. These tests now reveal the same issue as the block-sized truncation test while also testing for other potential off-by-one errors.
There has been a bug in the filesystem for a while where truncating to a
block boundary suffers from an off-by-one mistake that corrupts the
internal representation of the CTZ skip-list.
This mostly appears when the file_size == block_size, as file_size >
block_size includes CTZ skip-list metadata, so the underlying block
boundaries appear at slightly different offsets.
---
The reason for off-by-one issue is a nuance in lfs_ctz_find that we sort
of abuse to get two different behaviors.
Consider the situation where this bug occurs:
block 0 block 1
.--------. .--------.
| abcdef |<-| {ptr0} |
| ghijkl | | yzabcd |
| mnopqr | | |
| stuvwx | | |
'--------' '--------'
With these 24-byte blocks, there's an ambiguity if we wanted to point to
offset 24. We could point before the block boundary, or we could point
after the block boundary
Before:
block 0 block 1
.--------. .--------.
| abcdef |<-| {ptr0} |
| ghijkl | | yzabcd |
| mnopqr | | |
| stuvwx | | |
'-------^' '--------'
'-- off=24 is here
After:
block 0 block 1
.--------. .--------.
| abcdef |<-| {ptr0} |
| ghijkl | | yzabcd |
| mnopqr | | ^ |
| stuvwx | | | |
'--------' '-|------'
'-- off=24 is here
When we want these two offsets depends on the context. We want the
offset to be conservative if it represents a size, but eager if it is
being used to prepare a block for writing.
The workaround/hack is to prefer the eager offset, after the block boundary,
but use `size-1` as the argument if we need the conservative offset.
This finds the correct block, but is off-by-one in the calculated
block-offset. Fortunately we happen to not use the block-offset in the
places we need this workaround/hack.
---
To get back to the bug, the wrong mode of lfs_ctz_find was used in
lfs_file_truncate, leading to internal corruption of the CTZ skip-list.
The correct behavior is size-1, with care to avoid underflow.
Also I've tweaked the code to make it clear the calculated block-offset
goes unused in these situations.
Thanks to ghost, ajaybhargav, and others for reporting the issue,
colin-foster-advantage for a reproducible test case, and rvanschoren,
hgspbs for the initial solution.
Before, once converted to a CTZ skip-list, a file would remain a CTZ skip-list even if truncated back to a size that could be inlined. This was just a shortcut in implementation. And since the fix for boundary truncates needed special handling for size==0, it made sense to extend this special condition to allow reverting to inline files. --- The only case I can think of, where reverting to an inline file would be detrimental, is if it's a readonly file that you would otherwise not need to pay the metadata overhead for. But as a tradeoff, inlining the file would free up the block it was on, so it's unclear if this really is a net loss. If the truncate is followed by a write, reverting to an inline file will always be beneficial. We assume writes will change the data, so in the non-inlined case there's no way to avoid copying the underlying block. Even if we assume padding issues are solved.
|
Normally I would separate out the "revert-to-inline" feature to a separate PR, but the next release will be a minor one anyways. If that ends up taking to long I'll separate the commits to bring this in on a patch release. |
This was referenced Apr 17, 2023
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Building on the work from @colin-foster-in-advantage, @rvanschoren, and @hgspbs, I believe this fixes #732, #268, and likely others.
Long story short,
lfs_file_truncatehas had a bug for a while where truncates to block boundaries (after adjusting for CTZ skip-list metadata) would corrupt the internal state of the CTZ skip-list.This fix started with @colin-foster-in-advantage's test case that made it easy to reproduce the issue, but I've taken the idea and expanded the existing truncate tests to cover both this and other possible off-by-one issues.
A deeper explanation for this bug follows.
There has been a bug in the filesystem for a while where truncating to a block boundary suffers from an off-by-one mistake that corrupts the internal representation of the CTZ skip-list.
This mostly appears when the
file_size == block_size, asfile_size > block_sizeincludes CTZ skip-list metadata, so the underlying block boundaries appear at slightly different offsets.The reason for off-by-one issue is a nuance in lfs_ctz_find that we sort of abuse to get two different behaviors.
Consider the situation where this bug occurs:
With these 24-byte blocks, there's an ambiguity if we wanted to point to offset 24. We could point before the block boundary, or we could point after the block boundary.
Before:
After:
When we want these two offsets depends on the context. We want the offset to be conservative if it represents a size, but eager if it is being used to prepare a block for writing.
The workaround/hack is to prefer the eager offset, after the block boundary, but use
size-1as the argument if we need the conservative offset.This finds the correct block, but is off-by-one in the calculated block-offset. Fortunately we happen to not use the block-offset in the places we need this workaround/hack.
To get back to the bug, the wrong mode of
lfs_ctz_findwas used inlfs_file_truncate, leading to internal corruption of the CTZ skip-list.The correct behavior is
size-1, with care to avoid underflow.Also I've tweaked the code to make it clear the calculated block-offset goes unused in these situations.
Thanks to @ghost, @ajaybhargav, and others for reporting the issue, @colin-foster-in-advantage for a reproducible test case, and @rvanschoren, @hgspbs for the initial solution.
Let me know if anyone sees issues with the fix proposed here. Otherwise I'll bring it in on the next release.