Skip to content

sync_file_range

Intro

sync_file_range - synchronizes a file range with the underlying hardware

Description

The sync_file_range system call causes all modified data and metadata stored in a file range of the provided file descriptor to be transferred to the underlying hardware associated with the file descriptor. This system call is capable of both flushing and fsyncing the given file range. It allows for more precise control over which blocks of a file are flushed to the underlying hardware, allowing certain operations to be asynchronous, without incurring the overhead of the fdatasync or fsync system calls. It also allows operations to bypass the page cache and touch a range of blocks directly.

There are some drawbacks to taking advantage of this syscall, one of which is the potential race conditions due to TOCTOU (time of check, time of use). It is important for the caller to be aware of the possibility of race conditions, and to properly use the O_SYNC flag or the SYNC_FILE_RANGE_WRITE flag if they wish to mitigate race conditions.

Arguments

  • fd:int[U] - File descriptor of the file to synchronize.
  • offset:off_t[U] - Offset within the file to the start of the region to sync.
  • nbytes:off_t[U] - Number of bytes in the range to sync.
  • flags:unsigned int[U] - Bitmask indicating what action should be taken for the range.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user-space (for example, pointer to user-space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

vfs_sync_file_range

Type

Kprobe

Purpose

Hooks the vfs_sync_file_range function, which is the kernel entry point for the sync_file_range syscall.

Example Use Case

sync_file_range can be used to synchronize certain parts of files without fsyncing the entire file. An example would be a database that updates small parts of a database file in a single operation. The database might use sync_file_range to synchronize the relevant blocks, rather than fsyncing the entire database file.

Issues

Some filesystems may not support all options of the flags parameter, while others may support additional flags. This can lead to unexpected behaviour, and should be carefully considered by the caller. Additionally, sync_file_range is vulnerable to TOCTOU and race conditions, so be careful when using it.

The fdatasync system call is similar to sync_file_range, in that it flushes modified data and metadata to the underlying hardware. However, fdatasync flushes the entire file, while sync_file_range only flushes a portion of the file. Additionally, fsync can be used to synchronize both the metadata and data of a file, while sync_file_range only synchronizes the data.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.