On Thu, May 16, 2013 at 05:56:51AM +0200, Andras Korn wrote:
> On Thu, May 16, 2013 at 07:41:05AM +1000, Dave Chinner wrote:
> > > OK, thinking about it I realise there doesn't appear to be a good way of
> > > preventing the problem, but I'm still not sure some heuristic couldn't be
> > > invented to detect and partially remedy it after the fact.
> > Trying to remedy it in xfs_repair does more harm than good. What
> > happens now allows recovery of data if the inode size was wrong. If
> > we remove the blocks beyond EOF, we lose that ability and hence make
> > unrecoverable data loss more likely in common failure scenarios.
> That's clear (xfs_repair not freeing up the space is what allowed me to
> recover the data). I meant "remedy" as in _either_ increase the inode size
> OR free up the extra space. Perhaps xfs_db could be extended to do this?
You can already change the inode size with xfs_db by writing the
> Of course, increasing the size as stored in the inode can add garbage (at
> the very least, binary zeroes) to the end of files, but if the data would
> otherwise have been lost, this is probably still preferable.
No, it's not preferable, because if data wasn't written after the
extents are allocated, extending the file size exposes stale data
that is already on disk that the owner of the file should not have
You are free to do this yourself, but we are not going to add
potential stale data exposure holes into repair/db if this situation
> I can even
> imagine an xfs_db command that increases file size up to the last non-zero
> data byte in the allocated space.
Stale data regions rarely contain zero.