Bug 92721 - possible FAT corruption on persistently mounted EFI system partitions
Summary: possible FAT corruption on persistently mounted EFI system partitions
Alias: None
Product: File System
Classification: Unclassified
Component: FAT/VFAT/MSDOS (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: OGAWA Hirofumi
Depends on:
Reported: 2015-02-04 21:50 UTC by Chris Murphy
Modified: 2015-02-05 10:31 UTC (History)
0 users

See Also:
Kernel Version: 3.19.0-0.rc7.git0.1.fc22.x86_64
Tree: Fedora
Regression: No


Description Chris Murphy 2015-02-04 21:50:24 UTC
Summary: EFI System partitions are formatted FAT12/16/32, and typically are persistently write mounted at boot time at /boot/efi. If a system crash occurs, at next boot a warning appears. This is not a regression.

Reproduce steps:
1. Boot UEFI system
2. Crash or system hang (while absolute certainty /boot/efi has no open files)

Results on next boot:

[    4.178757] FAT-fs (sda2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.

Running dosfsck -a shows:

0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt.
 Automatically removing dirty bit.

So the questions are: Is this expected behavior? Is persistently write mounting FAT volumes an acceptable risk? i.e. this is just a scary warning and should always be easily fixable if an fsck is run at next boot. Or is it better to encourage a change in behavior where this volume isn't persistently mounted?

I note that on Windows and OS X UEFI systems, the ESP is never mounted at boot time by the OS. It's only mounted on demand if something on it needs modification, which is quite rare. This sounds safer.
Comment 1 OGAWA Hirofumi 2015-02-05 10:29:46 UTC
It is expected behavior. FAT marks as dirty mount if it was mounted as writable. If crashed and seen dirty mark, FAT can't know the system was crashed on what state, so it warns. 

If you didn't access FAT volumes at all with writable mount, it is safe. (Once you accessed the volume, even read, FAT have chance of corruption more or less (depending on device property).

Well, read-only mount is safer way. But you have to remount when modify volume.
This is user policy thing.

Note You need to log in before you can comment on or make changes to this bug.