Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e05c044 authored by Kelvin Zhang's avatar Kelvin Zhang
Browse files

Fix bug in WriteStringToFileAtomic 

According to https://www.slideshare.net/nan1nan1/eat-my-data ,
rename() without an fsync() is not safe, and cannot guarantee data
integrity in case of powerloss of OS failure.

Test: partner verification, th
Bug: 238702018
Change-Id: I5809770062ed7bfa47df81de418a2d8f7cbc6620
parent cf10e209

fs_mgr/libsnapshot/utility.cpp

+17 −3
Original line number Diff line number Diff line
@@ -153,10 +153,24 @@ AutoUnmountDevice::~AutoUnmountDevice() { 
}



bool WriteStringToFileAtomic(const std::string& content, const std::string& path) {

    std::string tmp_path = path + ".tmp";

    if (!android::base::WriteStringToFile(content, tmp_path)) {

    const std::string tmp_path = path + ".tmp";

    {

        const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_BINARY;

        android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(tmp_path.c_str(), flags, 0666)));

        if (fd == -1) {

            PLOG(ERROR) << "Failed to open " << path;

            return false;

        }

        if (!android::base::WriteStringToFd(content, fd)) {

            PLOG(ERROR) << "Failed to write to fd " << fd;

            return false;

        }

        // rename() without fsync() is not safe. Data could still be living on page cache. To ensure

        // atomiticity, call fsync()

        if (fsync(fd) != 0) {

            PLOG(ERROR) << "Failed to fsync " << tmp_path;

        }

    }

    if (rename(tmp_path.c_str(), path.c_str()) == -1) {

        PLOG(ERROR) << "rename failed from " << tmp_path << " to " << path;

        return false;