On Mon, Aug 16, 2021 at 07:03:21PM -0700, Eric Biggers wrote: > Freeing preallocated blocks on error would be better than nothing, although note > that the preallocated blocks may have filled an arbitrary sequence of holes -- > so simply truncating past EOF would *not* be sufficient. > > But really filesystems need to be designed to never expose uninitialized data, > even if I/O errors or a sudden power failure occurs. It is unfortunate that > f2fs apparently wasn't designed with that goal in mind. > > In any case, I don't think we can proceed with any other f2fs direct I/O > improvements until this data leakage bug can be solved one way or another. If > my patch to remove support for allocating writes isn't acceptable and the > desired solution is going to require some more invasive f2fs surgery, are you or > Chao going to work on it? I'm not sure there's much I can do here. Btw, this is generally a problem for buffered I/O as well, although the window for exposing uninitialized blocks on a crash tends to be smaller.
