mmap behavior on out-of-space conditions

From: Petr Tesarik
Date: Thu Aug 02 2007 - 08:41:40 EST


Hello,

while solving a different issue, my colleague Libor Pechacek found a
problem with handling mmapped sparse files. If you mmap the hole insidea
sparse file and write to it, the data gets silently lost if there is not
enough space left on the underlying device.

I found a thread which touched this topic in December 2001 (sic!). I'd
like to quote an email by Andrea Arcangeli:

> On Sun, Dec 30, 2001 at 01:33:24AM -0500, Alexander Viro wrote:
> >
> >
> > On Sat, 29 Dec 2001, Andrew Morton wrote:
> >
> > > Would it be necessary to preallocate the holes at mmap() time? Mad
> > > hand-waving: Could we not perform the instantiation at pagefault time,
> > > and give the caller SIGBUS if we cannot allocate the blocks? Or if
> > > there's an IO error, or quota exceeded.
> >
> > Allocation at mmap() Is Not Going To Happen. Consider it vetoed.
> > There are applications that use mmap() on large and very sparse
> > files.
>
> it's exactly this kind of apps that will be screwed up by silent data
> corruption. the point of the holes is to optimize performance and save
> space, but they shouldn't introduce the possibilty of data corruption.
>
> Note: I'm fine to introduce another way to notify the app about -ENOSPC,
> -ENOSPC on mmap is the most obvious one, but we could still allow the
> current "overcommit" behaviour with a kind of sigbus mentioned by
> Andrew (possibly not sigbus though, since it has just well defined
> semantics for MAP_SHARED, maybe they could be extended, anyways as said
> this is only a matter of API). My point is only that some API should be
> added because your mmap on sparse files are unreliable at the moment.

(see http://marc.info/?l=linux-kernel&m=100975730421590&w=2)

However, this is still not fixed - I am attaching a simple test case,
run it like:

$ make
$ # become root
# make check

IMO we should go with the SIGBUS solution, but I want to discuss it here
before making a patch.

Kind regards,
Petr Tesarik
SUSE LINUX, L3 Prague

Attachment: mmap-nospc.tar.gz
Description: application/compressed-tar

Attachment: signature.asc
Description: This is a digitally signed message part