* bug#20595: 24.4; Data lost when modifying file on filesystem with no space left on device / disc full
@ 2015-05-17 11:52 Matthew Blissett
2015-05-30 6:24 ` Paul Eggert
0 siblings, 1 reply; 2+ messages in thread
From: Matthew Blissett @ 2015-05-17 11:52 UTC (permalink / raw)
To: 20595
I attempted to edit a file on the filesystem containing $HOME, with no
space left (for non-root users).
Filesystem 1B-blocks Used Available Use% Mounted on
/dev/sdb1 105,559,908,352 104,591,810,560 0 100% /home
When I saved the file (C-x C-s) Emacs gave the error "Write error: no
space left on device, /home", so I quit (C-x C-c), pressed "n" to not
save the file, and "yes" to exit with a modified buffer. I expected the
original file to exist, but instead I have three zero-byte files:
-rwx------ 1 matt users 0 2015-05-17 11:57 script~
-rwxr-xr-x 1 matt users 0 2015-05-17 11:57 script
-rwxr-xr-x 1 matt users 0 2015-05-17 11:58 #script#
Example steps to reproduce:
dd if=/dev/zero of=small bs=1M count=10
mkfs.ext4 small
sudo mount -o loop small /mnt
sudo dd if=/dev/zero of=/mnt/85pc bs=1k count=8500
man man | sudo tee /mnt/man > /dev/null
sudo mkdir /mnt/.emacs.d
sudo chown -R $USER /mnt
HOME=/mnt emacs /mnt/man
(Edit the file, attempt to save, then exit discarding changes.)
ls -lAr /mnt
/mnt:
total 8,718,336
-rw-r--r-- 1 matt root 8,704,000 2015-05-17 11:31 85pc
drwxr-xr-x 2 matt root 1,024 2015-05-17 11:31 .emacs.d
drwx------ 2 matt root 12,288 2015-05-17 11:31 lost+found
-rw-r--r-- 1 matt root 0 2015-05-17 11:31 man
-rw-r--r-- 1 matt users 0 2015-05-17 11:31 #man#
-rw------- 1 matt users 0 2015-05-17 11:31 man~
/mnt/.emacs.d:
total 0
-rw------- 1 matt users 0 2015-05-17 11:31 %backup%~
I'd expect /mnt/man to be unchanged, or at minimum one of /mnt/man~ or
~/.emacs.d/%backup%~ to contain the original file's contents.
Cheers,
Matt
In GNU Emacs 24.4.1 (arm-unknown-linux-gnueabihf)
of 2014-12-19 on henze, modified by Debian
System Description: Debian GNU/Linux 8.0 (jessie)
Configured using:
`configure --build arm-linux-gnueabihf --prefix=/usr
--sharedstatedir=/var/lib --libexecdir=/usr/lib
--localstatedir=/var/lib --infodir=/usr/share/info
--mandir=/usr/share/man --with-pop=yes
--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.4/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.4/site-lisp:/usr/share/emacs/site-lisp
--build arm-linux-gnueabihf --prefix=/usr --sharedstatedir=/var/lib
--libexecdir=/usr/lib --localstatedir=/var/lib
--infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes
--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.4/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.4/site-lisp:/usr/share/emacs/site-lisp
--with-x=no --without-gconf --without-gsettings 'CFLAGS=-g -O2
-fstack-protector-strong -Wformat -Werror=format-security -Wall'
CPPFLAGS=-D_FORTIFY_SOURCE=2 LDFLAGS=-Wl,-z,relro'
Important settings:
value of $LANG: en_GB.UTF-8
locale-coding-system: utf-8-unix
Major mode: Fundamental
Minor modes in effect:
tooltip-mode: t
electric-indent-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
ESC [ > 0 ; 1 1 5 ; 0 c C-x C-f DEL DEL / t m p / x
DEL TAB TAB y RET C-x b RET RET C-x C-s C-x C-k RET
n C-x k RET y e s RET ESC x r e p - e - b TAB RET
Recent messages:
Loading 00debian-vars...done
Loading /etc/emacs/site-start.d/50puppet-el.el (source)...done
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list...
Saving file /mnt/man...
Cannot write backup file; backing up in ~/.emacs.d/%backup%~
basic-save-buffer-2: Write error: no space left on device, /mnt/man
No keyboard macro defined. Create one? (y or n) n
Quit
Load-path shadows:
/usr/share/emacs/24.4/site-lisp/debian-startup hides /usr/share/emacs/site-lisp/debian-startup
/usr/share/emacs/24.4/site-lisp/puppet-el/puppet-mode hides /usr/share/emacs/site-lisp/puppet-mode
Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev
gmm-utils mailheader sendmail regexp-opt rfc2047 rfc2045 ietf-drums
mm-util help-fns mail-prsvr mail-utils edmacro cl-loaddefs cl-lib kmacro
help-mode easymenu image xterm time-date tooltip electric uniquify
ediff-hook vc-hooks lisp-float-type tabulated-list newcomment lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
gfilenotify multi-tty emacs)
Memory information:
((conses 8 76608 7488)
(symbols 24 17393 0)
(miscs 20 35 135)
(strings 16 10778 7177)
(string-bytes 1 311082)
(vectors 8 14096)
(vector-slots 4 1145426 57182)
(floats 8 65 408)
(intervals 28 226 29)
(buffers 512 13)
(heap 1024 7950 543))
^ permalink raw reply [flat|nested] 2+ messages in thread
* bug#20595: 24.4; Data lost when modifying file on filesystem with no space left on device / disc full
2015-05-17 11:52 bug#20595: 24.4; Data lost when modifying file on filesystem with no space left on device / disc full Matthew Blissett
@ 2015-05-30 6:24 ` Paul Eggert
0 siblings, 0 replies; 2+ messages in thread
From: Paul Eggert @ 2015-05-30 6:24 UTC (permalink / raw)
To: Matthew Blissett; +Cc: 20595-done
[-- Attachment #1: Type: text/plain, Size: 541 bytes --]
Thank you for reporting this, and for the recipe for reproducing this important
bug in Emacs. I installed the attached patches into the GNU Emacs master to fix
the problem. The 1st patch doesn't actually fix the bug, but it fixes some
related ones. The 2nd patch fixes the bug -- at least, it worked for me on your
test case. I generated the 2nd patch with "diff -b" so its indenting won't
match the source code; you can pick up the full gory details in savannah git
master, around commit ab27722721afca4647a7eec0933ac9209e0eac30.
[-- Attachment #2: 0001-copy-file-now-truncates-output-after-writing.patch --]
[-- Type: text/x-patch, Size: 2297 bytes --]
From 2b51de993a5444177f537f22a5de926e056b6add Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 29 May 2015 22:55:25 -0700
Subject: [PATCH 1/2] copy-file now truncates output after writing
* src/fileio.c (Fcopy_file): Truncate output after writing rather
than before. This is more likely to work than truncation before
writing, if the file system is out of space or the user is over
disk quota (Bug#20595). Also, check for read errors.
---
src/fileio.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/fileio.c b/src/fileio.c
index 796f08d..a969d3b 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -1871,8 +1871,6 @@ permissions. */)
bool already_exists = false;
mode_t new_mask;
int ifd, ofd;
- int n;
- char buf[16 * 1024];
struct stat st;
#endif
@@ -1974,6 +1972,8 @@ permissions. */)
record_unwind_protect_int (close_file_unwind, ofd);
+ off_t oldsize = 0, newsize = 0;
+
if (already_exists)
{
struct stat out_st;
@@ -1982,15 +1982,31 @@ permissions. */)
if (st.st_dev == out_st.st_dev && st.st_ino == out_st.st_ino)
report_file_errno ("Input and output files are the same",
list2 (file, newname), 0);
- if (ftruncate (ofd, 0) != 0)
- report_file_error ("Truncating output file", newname);
+ if (S_ISREG (out_st.st_mode))
+ oldsize = out_st.st_size;
}
immediate_quit = 1;
QUIT;
- while ((n = emacs_read (ifd, buf, sizeof buf)) > 0)
- if (emacs_write_sig (ofd, buf, n) != n)
- report_file_error ("Write error", newname);
+ while (true)
+ {
+ char buf[MAX_ALLOCA];
+ ptrdiff_t n = emacs_read (ifd, buf, sizeof buf);
+ if (n < 0)
+ report_file_error ("Read error", file);
+ if (n == 0)
+ break;
+ if (emacs_write_sig (ofd, buf, n) != n)
+ report_file_error ("Write error", newname);
+ newsize += n;
+ }
+
+ /* Truncate any existing output file after writing the data. This
+ is more likely to work than truncation before writing, if the
+ file system is out of space or the user is over disk quota. */
+ if (newsize < oldsize && ftruncate (ofd, newsize) != 0)
+ report_file_error ("Truncating output file", newname);
+
immediate_quit = 0;
#ifndef MSDOS
--
2.1.0
[-- Attachment #3: bugfix.patch --]
[-- Type: text/x-patch, Size: 5470 bytes --]
diff --git a/lisp/files.el b/lisp/files.el
index 16ac956..6939f2b 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -4077,80 +4077,75 @@ on the original file; this means that the caller, after saving
the buffer, should change the extended attributes of the new file
to agree with the old attributes.
BACKUPNAME is the backup file name, which is the old file renamed."
- (if (and make-backup-files (not backup-inhibited)
- (not buffer-backed-up)
- (file-exists-p buffer-file-name)
- (memq (aref (elt (file-attributes buffer-file-name) 8) 0)
- '(?- ?l)))
- (let ((real-file-name buffer-file-name)
- backup-info backupname targets setmodes)
+ (when (and make-backup-files (not backup-inhibited) (not buffer-backed-up))
+ (let ((attributes (file-attributes buffer-file-name)))
+ (when (and attributes (memq (aref (elt attributes 8) 0) '(?- ?l)))
;; If specified name is a symbolic link, chase it to the target.
- ;; Thus we make the backups in the directory where the real file is.
- (setq real-file-name (file-chase-links real-file-name))
- (setq backup-info (find-backup-file-name real-file-name)
- backupname (car backup-info)
- targets (cdr backup-info))
- ;; (if (file-directory-p buffer-file-name)
- ;; (error "Cannot save buffer in directory %s" buffer-file-name))
- (if backup-info
- (condition-case ()
- (let ((delete-old-versions
+ ;; This makes backups in the directory where the real file is.
+ (let* ((real-file-name (file-chase-links buffer-file-name))
+ (backup-info (find-backup-file-name real-file-name)))
+ (when backup-info
+ (let* ((backupname (car backup-info))
+ (targets (cdr backup-info))
+ (old-versions
;; If have old versions to maybe delete,
;; ask the user to confirm now, before doing anything.
;; But don't actually delete til later.
(and targets
- (or (eq delete-old-versions t) (eq delete-old-versions nil))
+ (booleanp delete-old-versions)
(or delete-old-versions
- (y-or-n-p (format "Delete excess backup versions of %s? "
- real-file-name)))))
+ (y-or-n-p
+ (format "Delete excess backup versions of %s? "
+ real-file-name)))
+ targets))
(modes (file-modes buffer-file-name))
(extended-attributes
- (file-extended-attributes buffer-file-name)))
- ;; Actually write the back up file.
- (condition-case ()
- (if (or file-precious-flag
- ; (file-symlink-p buffer-file-name)
- backup-by-copying
+ (file-extended-attributes buffer-file-name))
+ (copy-when-priv-mismatch
+ backup-by-copying-when-privileged-mismatch)
+ (make-copy
+ (or file-precious-flag backup-by-copying
;; Don't rename a suid or sgid file.
(and modes (< 0 (logand modes #o6000)))
- (not (file-writable-p (file-name-directory real-file-name)))
+ (not (file-writable-p
+ (file-name-directory real-file-name)))
(and backup-by-copying-when-linked
- (> (file-nlinks real-file-name) 1))
- (and (or backup-by-copying-when-mismatch
- (integerp backup-by-copying-when-privileged-mismatch))
- (let ((attr (file-attributes real-file-name)))
+ (< 1 (file-nlinks real-file-name)))
(and (or backup-by-copying-when-mismatch
- (and (integerp (nth 2 attr))
- (integerp backup-by-copying-when-privileged-mismatch)
- (<= (nth 2 attr) backup-by-copying-when-privileged-mismatch)))
- (not (file-ownership-preserved-p
- real-file-name t))))))
- (backup-buffer-copy real-file-name
- backupname modes
- extended-attributes)
+ (and (integerp copy-when-priv-mismatch)
+ (let ((attr (file-attributes
+ real-file-name
+ 'integer)))
+ (<= (nth 2 attr)
+ copy-when-priv-mismatch))))
+ (not (file-ownership-preserved-p real-file-name
+ t)))))
+ setmodes)
+ (condition-case ()
+ (progn
+ ;; Actually make the backup file.
+ (if make-copy
+ (backup-buffer-copy real-file-name backupname
+ modes extended-attributes)
;; rename-file should delete old backup.
(rename-file real-file-name backupname t)
(setq setmodes (list modes extended-attributes
backupname)))
- (file-error
- ;; If trouble writing the backup, write it in
- ;; .emacs.d/%backup%.
+ (setq buffer-backed-up t)
+ ;; Now delete the old versions, if desired.
+ (dolist (old-version old-versions)
+ (delete-file old-version)))
+ (file-error nil))
+ ;; If trouble writing the backup, write it in .emacs.d/%backup%.
+ (when (not buffer-backed-up)
(setq backupname (locate-user-emacs-file "%backup%~"))
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
(backup-buffer-copy real-file-name backupname
- modes extended-attributes)))
- (setq buffer-backed-up t)
- ;; Now delete the old versions, if desired.
- (if delete-old-versions
- (while targets
- (condition-case ()
- (delete-file (car targets))
- (file-error nil))
- (setq targets (cdr targets))))
- setmodes)
- (file-error nil))))))
+ modes extended-attributes)
+ (setq buffer-backed-up t))
+ setmodes)))))))
(defun backup-buffer-copy (from-name to-name modes extended-attributes)
;; Create temp files with strict access rights. It's easy to
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-30 6:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-17 11:52 bug#20595: 24.4; Data lost when modifying file on filesystem with no space left on device / disc full Matthew Blissett
2015-05-30 6:24 ` Paul Eggert
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).