[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

nbd copy-on-write corruption



Hi,

I have a simple test case where nbd corrupts the date read back if
copyonwrite=true, and another one if sparse_cow=true.

I also have patches that I believe fix this.


For the first case, it's enough to read and write more than one
sequential block.  The second and subsequent blocks read will read into
the wrong offset of the buffer, and copy invalid data to the client.

I use a 4096 block size in this example, but I've used others.  I did
that to match the filesystem, but for the test I don't even need a
filesystem.

The test:

export OFFSET=0
export COUNT=3 # anything >= 1
dd if=/dev/urandom of=testdata bs=4096 count=$COUNT # random data
dd if=testdata of=/dev/nbd0 bs=4096 seek=$OFFSET count=$COUNT
dd if=/dev/nbd0 of=compdata bs=4096 skip=$OFFSET count=$COUNT
sum testdata compdata

The data will be different.

If the kernel does a partition check on /dev/nbd0 it will fail with
COUNT=1 as well.


For the second case, with sparse_cow=true, we need to repeat the test
with an offset > 0.  expwrite() calls write() instead of pwrite().

export OFFSET=100
export COUNT=3 # anything >= 1
dd if=/dev/urandom of=testdata bs=4096 count=$COUNT # random data
dd if=testdata of=/dev/nbd0 bs=4096 seek=$OFFSET count=$COUNT
dd if=/dev/nbd0 of=compdata bs=4096 skip=$OFFSET count=$COUNT
sum testdata compdata

The first time it's run, it will result in an Input/Output error.

The second time it's run, it will work.


First patch:

diff --git a/nbd-orig/nbd-server.c b/nbd-patched/nbd-server.c
index 92fd141..d1d45b2 100644
--- a/nbd-orig/nbd-server.c
+++ b/nbd-patched/nbd-server.c
@@ -1583,6 +1583,7 @@ int expread(READ_CTX *ctx, CLIENT *client) {
                                goto fail;
                        }
                        confirm_read(client, ctx, rdlen);
+                       ctx->current_offset += rdlen;
                } else { /* the block is not there */
                        if ((client->server->flags & F_WAIT) &&
(client->export == NULL)){
                                DEBUG("Page %llu is not here, and
waiting for file\n",


Second patch:

diff --git a/nbd-orig/nbd-server.c b/nbd-patched/nbd-server.c
index 92fd141..9a57ad5 100644
--- a/nbd-orig/nbd-server.c
+++ b/nbd-patched/nbd-server.c
@@ -1669,7 +1669,7 @@ int expwrite(off_t a, char *buf, size_t len,
CLIENT *client, int fua) {
                                if(ret < 0 ) goto fail;
                        }
                        memcpy(pagebuf+offset,buf,wrlen) ;
-                       if (write(client->difffile, pagebuf,
DIFFPAGESIZE) != DIFFPAGESIZE)
+                       if (pwrite(client->difffile, pagebuf,
DIFFPAGESIZE, client->difmap[mapcnt]*DIFFPAGESIZE) != DIFFPAGESIZE)
                                goto fail;
                }
                if (!(client->server->flags & F_COPYONWRITE))


Berend

Attachment: publickey - Berend De Schouwer - 0x128CD671.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: