Hi Xiang, After further investgate, this bug will not reveal in any released version of mkfs.erofs. Previous patch v5 [1] will map all allocated bb when erofs_mapbh() is called on an already mapped bb, which triggers this bug. before that patch, under the same condition, __erofs_battach() will only be called on bb which is not mapped, thus no need to update `tail_blkaddr'.
[1]: https://lore.kernel.org/linux-erofs/[email protected]/ Hu Weiwen On Mon, Jan 18, 2021 at 09:59:16PM +0800, Gao Xiang wrote: > Hi Weiwen, > > On Mon, Jan 18, 2021 at 08:39:45PM +0800, Hu Weiwen wrote: > > When __erofs_battach() is called on an buffer block of which > > (bb->buffers.off % EROFS_BLKSIZ == 0), `tail_blkaddr' will not be > > updated correctly. This bug can be reproduced by: > > > > mkdir bug-repo > > head -c 4032 /dev/urandom > bug-repo/1 > > head -c 4095 /dev/urandom > bug-repo/2 > > head -c 12345 /dev/urandom > bug-repo/3 # arbitrary size > > mkfs.erofs -Eforce-inode-compact bug-repo.erofs.img bug-repo > > > > Then mount this image and see that file `3' in the image is different > > from `bug-repo/3'. > > > > This patch fix this by: > > > > * Don't inline tail-end data in this case, since the tail-end data will > > be in a different block from inode. > > * Correctly handle `battach' in this case. > > > > I will evaluate this condition later, yet if you have some interest > and extra time, could you also help on writing a regression testcase > for this, so we can look after such regression in case of the future > code changes? > > This is also an ongoing work for the next erofs-utils release, see: > https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/ > > Thanks, > Gao Xiang
