pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix bug in WriteStringToFileAtomic 

According to https://www.slideshare.net/nan1nan1/eat-my-data ,
rename() without an fsync() is not safe, and cannot guarantee data
integrity in case of powerloss of OS failure.

Test: partner verification, th
Bug: 238702018
Change-Id: I5809770062ed7bfa47df81de418a2d8f7cbc6620
This commit is contained in:
Kelvin Zhang 2022-10-12 10:08:03 -07:00
parent cf10e2097d
commit 7e05c04432
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
fs_mgr/libsnapshot/utility.cpp
View File

@ -153,9 +153,23 @@ AutoUnmountDevice::~AutoUnmountDevice() {
}
bool WriteStringToFileAtomic(const std::string& content, const std::string& path) {
std::string tmp_path = path + ".tmp";
if (!android::base::WriteStringToFile(content, tmp_path)) {
return false;
const std::string tmp_path = path + ".tmp";
{
const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_BINARY;
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(tmp_path.c_str(), flags, 0666)));
if (fd == -1) {
PLOG(ERROR) << "Failed to open " << path;
return false;
}
if (!android::base::WriteStringToFd(content, fd)) {
PLOG(ERROR) << "Failed to write to fd " << fd;
return false;
}
// rename() without fsync() is not safe. Data could still be living on page cache. To ensure
// atomiticity, call fsync()
if (fsync(fd) != 0) {
PLOG(ERROR) << "Failed to fsync " << tmp_path;
}
}
if (rename(tmp_path.c_str(), path.c_str()) == -1) {
PLOG(ERROR) << "rename failed from " << tmp_path << " to " << path;