Bug 92721

Summary: possible FAT corruption on persistently mounted EFI system partitions
Product: File System Reporter: Chris Murphy (bugzilla)
Component: FAT/VFAT/MSDOSAssignee: OGAWA Hirofumi (hirofumi)
Status: RESOLVED INVALID    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.19.0-0.rc7.git0.1.fc22.x86_64 Subsystem:
Regression: No Bisected commit-id:

Description Chris Murphy 2015-02-04 21:50:24 UTC 
Summary: EFI System partitions are formatted FAT12/16/32, and typically are persistently write mounted at boot time at /boot/efi. If a system crash occurs, at next boot a warning appears. This is not a regression.

Reproduce steps:
1. Boot UEFI system
2. Crash or system hang (while absolute certainty /boot/efi has no open files)

Results on next boot:

[    4.178757] FAT-fs (sda2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.

Running dosfsck -a shows:

0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt.
 Automatically removing dirty bit.


So the questions are: Is this expected behavior? Is persistently write mounting FAT volumes an acceptable risk? i.e. this is just a scary warning and should always be easily fixable if an fsck is run at next boot. Or is it better to encourage a change in behavior where this volume isn't persistently mounted?

I note that on Windows and OS X UEFI systems, the ESP is never mounted at boot time by the OS. It's only mounted on demand if something on it needs modification, which is quite rare. This sounds safer.
Comment 1 OGAWA Hirofumi 2015-02-05 10:29:46 UTC 
It is expected behavior. FAT marks as dirty mount if it was mounted as writable. If crashed and seen dirty mark, FAT can't know the system was crashed on what state, so it warns. 

If you didn't access FAT volumes at all with writable mount, it is safe. (Once you accessed the volume, even read, FAT have chance of corruption more or less (depending on device property).

Well, read-only mount is safer way. But you have to remount when modify volume.
This is user policy thing.