Bug 9364

Summary: BFS: Deleting an empty file erroneously increases the number of free blocks reported by statfs().
Product: File System Reporter: Dmitri Vorobiev (dmitri.vorobiev)
Component: OtherAssignee: Dmitri Vorobiev (dmitri.vorobiev)
Status: RESOLVED CODE_FIX    
Severity: high CC: dmitri.vorobiev
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.24-rc2 Subsystem:
Regression: --- Bisected commit-id:

Description Dmitri Vorobiev 2007-11-13 06:45:04 UTC 
Most recent kernel where this bug did not occur: N/A
Distribution: this bug does not depend on distribution.
Hardware Environment: x86
Software Environment:

>>>

# lsmod
Module                  Size  Used by
bfs                    14008  1
#

<<<

Problem Description:

When deleting an inode, the BFS driver adds a free disk block even when the inode did not use any disk blocks.

Steps to reproduce:

1. Mount a BFS partition.

2. Create an empty file on this partition, delete this file, repeat:

>>>

root@codedot:/mnt# mount | grep mnt
/dev/loop0 on /mnt type bfs (rw)
root@codedot:/mnt# df -B 512 | grep loop
/dev/loop0               65536        81     65455   1% /mnt
root@codedot:/mnt# touch file
root@codedot:/mnt# rm file
root@codedot:/mnt# df -B 512 | grep loop
/dev/loop0               65536        80     65456   1% /mnt
root@codedot:/mnt# for i in `seq 1 100`; do touch file; rm file; done
root@codedot:/mnt# df -B 512 | grep loop
/dev/loop0               65536       -20     65556   0% /mnt
root@codedot:/mnt# 

<<<

The number of occupied blocks reported by statfs() becomes negative if an empty file gets created and subsequently removed sufficient number of times.
Comment 1 Dmitri Vorobiev 2007-11-13 06:46:07 UTC 
The bfs_get_block() function located in `fs/bfs/file.c' does not compare the number of the physical block, which it tries to access when extending the file, against the size of the block device. Checks against the block device size need to be introduced into the filesystem driver, and -ENOSPC error should be returned every time the partition runs out of free space when writing a growing file.

I am working on a fix for the BFS driver, that's why I am assigning this bug to myself now.
Comment 2 Dmitri Vorobiev 2007-11-13 08:47:02 UTC 
The patch proposed in the following LKML message

http://lkml.org/lkml/2007/11/13/185

fixes the error reported in the context of this bug. What follows is a console session, which proves that the error is gone:

>>>

debian:~# mount -t bfs /dev/loop0 /mnt
debian:~# cd /mnt/
debian:/mnt# df -B 512 | grep loop
/dev/loop0               65536        81     65455   1% /mnt
debian:/mnt# for i in `seq 1 100`; do touch file; rm file; done
debian:/mnt# df -B 512 | grep loop
/dev/loop0               65536        81     65455   1% /mnt
debian:/mnt#

<<<
Comment 3 Andrew Morton 2007-11-13 11:53:28 UTC 
I merged Dmitry's fix