On Wed, Aug 28, 2024 at 02:15:33PM -0400, Brian Foster wrote:
> File ranges that are newly exposed via size changing operations are
> expected to return zeroes until written to. This behavior tends to
> be difficult to regression test as failures can be racy and
> transient. fsx is probably the best tool for this type of test
> coverage, but uncovering issues can require running for a
> significantly longer period of time than is typically invoked
> through fstests tests. As a result, these types of regressions tend
> to go unnoticed for an unfortunate amount of time.
>
> To facilitate uncovering these problems more quickly, implement an
> eof pollution mode in fsx that opportunistically injects post-eof
> data prior to operations that change file size. Since data injection
> occurs immediately before the size changing operation, it can be
> used to detect problems in partial eof page/block zeroing associated
> with each relevant operation.
>
> The implementation takes advantage of the fact that mapped writes
> can place data beyond eof so long as the page starts within eof. The
> main reason for the isolated per-operation approach (vs. something
> like allowing mapped writes to write beyond eof, for example) is to
> accommodate the fact that writeback zeroes post-eof data on the eof
> page. The current approach is therefore not necessarily guaranteed
> to detect all problems, but provides more generic and broad test
> coverage than the alternative of testing explicit command sequences
> and doesn't require significant changes to how fsx works. If this
> proves useful long term, further enhancements can be considered that
> might facilitate the presence of post-eof data across operations.
>
> Enable the feature with the -e command line option. It is disabled
> by default because zeroing behavior is inconsistent across
> filesystems. This can also be revisited in the future if zeroing
> behavior is refined for the major filesystems that rely on fstests
> for regression testing.
>
> Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx>
I wonder what insanity this is going to shake loose, so thanks for doing
putting this in a stressor program. :)
Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
--D
> ---
> ltp/fsx.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 77 insertions(+), 2 deletions(-)
>
> diff --git a/ltp/fsx.c b/ltp/fsx.c
> index 4a9be0e1..1ba1bf65 100644
> --- a/ltp/fsx.c
> +++ b/ltp/fsx.c
> @@ -178,6 +178,7 @@ int dedupe_range_calls = 1; /* -B flag disables */
> int copy_range_calls = 1; /* -E flag disables */
> int exchange_range_calls = 1; /* -0 flag disables */
> int integrity = 0; /* -i flag */
> +int pollute_eof = 0; /* -e flag */
> int fsxgoodfd = 0;
> int o_direct; /* -Z */
> int aio = 0;
> @@ -983,6 +984,63 @@ gendata(char *original_buf, char *good_buf, unsigned offset, unsigned size)
> }
> }
>
> +/*
> + * Pollute the EOF page with data beyond EOF prior to size change operations.
> + * This provides additional test coverage for partial EOF block/page zeroing.
> + * If the upcoming operation does not correctly zero, incorrect file data will
> + * be detected.
> + */
> +void
> +pollute_eofpage(unsigned int maxoff)
> +{
> + unsigned offset = file_size;
> + unsigned pg_offset;
> + unsigned write_size;
> + char *p;
> +
> + /*
> + * Nothing to do if pollution disabled or we're simulating. Simulation
> + * only tracks file size updates and skips syscalls, so we don't want to
> + * inject file data that won't be zeroed.
> + */
> + if (!pollute_eof || testcalls <= simulatedopcount)
> + return;
> +
> + /* write up to specified max or the end of the eof page */
> + pg_offset = offset & mmap_mask;
> + write_size = MIN(PAGE_SIZE - pg_offset, maxoff - offset);
> +
> + if (!pg_offset)
> + return;
> +
> + if (!quiet &&
> + ((progressinterval && testcalls % progressinterval == 0) ||
> + (debug &&
> + (monitorstart == -1 ||
> + (offset + write_size > monitorstart &&
> + (monitorend == -1 || offset <= monitorend)))))) {
> + prt("%lld pollute_eof\t0x%x thru\t0x%x\t(0x%x bytes)\n",
> + testcalls, offset, offset + write_size - 1, write_size);
> + }
> +
> + if ((p = (char *)mmap(0, PAGE_SIZE, PROT_READ | PROT_WRITE,
> + MAP_FILE | MAP_SHARED, fd,
> + (off_t)(offset - pg_offset))) == MAP_FAILED) {
> + prterr("pollute_eofpage: mmap");
> + return;
> + }
> +
> + /*
> + * Write to a range just past EOF of the test file. Do not update the
> + * good buffer because the upcoming operation is expected to zero this
> + * range of the file.
> + */
> + gendata(original_buf, p, pg_offset, write_size);
> +
> + if (munmap(p, PAGE_SIZE) != 0)
> + prterr("pollute_eofpage: munmap");
> +}
> +
> /*
> * Helper to update the tracked file size. If the offset begins beyond current
> * EOF, zero the range from EOF to offset in the good buffer.
> @@ -990,8 +1048,10 @@ gendata(char *original_buf, char *good_buf, unsigned offset, unsigned size)
> void
> update_file_size(unsigned offset, unsigned size)
> {
> - if (offset > file_size)
> + if (offset > file_size) {
> + pollute_eofpage(offset + size);
> memset(good_buf + file_size, '\0', offset - file_size);
> + }
> file_size = offset + size;
> }
>
> @@ -1143,6 +1203,9 @@ dotruncate(unsigned size)
>
> log4(OP_TRUNCATE, 0, size, FL_NONE);
>
> + /* pollute the current EOF before a truncate down */
> + if (size < file_size)
> + pollute_eofpage(maxfilelen);
> update_file_size(size, 0);
>
> if (testcalls <= simulatedopcount)
> @@ -1305,6 +1368,9 @@ do_collapse_range(unsigned offset, unsigned length)
>
> log4(OP_COLLAPSE_RANGE, offset, length, FL_NONE);
>
> + /* pollute current eof before collapse truncates down */
> + pollute_eofpage(maxfilelen);
> +
> if (testcalls <= simulatedopcount)
> return;
>
> @@ -1356,6 +1422,9 @@ do_insert_range(unsigned offset, unsigned length)
>
> log4(OP_INSERT_RANGE, offset, length, FL_NONE);
>
> + /* pollute current eof before insert truncates up */
> + pollute_eofpage(maxfilelen);
> +
> if (testcalls <= simulatedopcount)
> return;
>
> @@ -2385,6 +2454,7 @@ usage(void)
> -b opnum: beginning operation number (default 1)\n\
> -c P: 1 in P chance of file close+open at each op (default infinity)\n\
> -d: debug output for all operations\n\
> + -e: pollute post-eof on size changes (default 0)\n\
> -f: flush and invalidate cache after I/O\n\
> -g X: write character X instead of random generated data\n\
> -i logdev: do integrity testing, logdev is the dm log writes device\n\
> @@ -2783,7 +2853,7 @@ main(int argc, char **argv)
> setvbuf(stdout, (char *)0, _IOLBF, 0); /* line buffered stdout */
>
> while ((ch = getopt_long(argc, argv,
> - "0b:c:dfg:i:j:kl:m:no:p:qr:s:t:w:xyABD:EFJKHzCILN:OP:RS:UWXZ",
> + "0b:c:de:fg:i:j:kl:m:no:p:qr:s:t:w:xyABD:EFJKHzCILN:OP:RS:UWXZ",
> longopts, NULL)) != EOF)
> switch (ch) {
> case 'b':
> @@ -2805,6 +2875,11 @@ main(int argc, char **argv)
> case 'd':
> debug = 1;
> break;
> + case 'e':
> + pollute_eof = getnum(optarg, &endp);
> + if (pollute_eof < 0 || pollute_eof > 1)
> + usage();
> + break;
> case 'f':
> flush = 1;
> break;
> --
> 2.45.0
>
>
