• Sargun Dhillon's avatar
    ovl: implement volatile-specific fsync error behaviour · 335d3fc5
    Sargun Dhillon authored
    Overlayfs's volatile option allows the user to bypass all forced sync calls
    to the upperdir filesystem. This comes at the cost of safety. We can never
    ensure that the user's data is intact, but we can make a best effort to
    expose whether or not the data is likely to be in a bad state.
    
    The best way to handle this in the time being is that if an overlayfs's
    upperdir experiences an error after a volatile mount occurs, that error
    will be returned on fsync, fdatasync, sync, and syncfs. This is
    contradictory to the traditional behaviour of VFS which fails the call
    once, and only raises an error if a subsequent fsync error has occurred,
    and been raised by the filesystem.
    
    One awkward aspect of the patch is that we have to manually set the
    superblock's errseq_t after the sync_fs callback as opposed to just
    returning an error from syncfs. This is because the call chain looks
    something like this:
    
    sys_syncfs ->
    	sync_filesystem ->
    		__sync_filesystem ->
    			/* The return value is ignored here
    			sb->s_op->sync_fs(sb)
    			_sync_blockdev
    		/* Where the VFS fetches the error to raise to userspace */
    		errseq_check_and_advance
    
    Because of this we call errseq_set every time the sync_fs callback occurs.
    Due to the nature of this seen / unseen dichotomy, if the upperdir is an
    inconsistent state at the initial mount time, overlayfs will refuse to
    mount, as overlayfs cannot get a snapshot of the upperdir's errseq that
    will increment on error until the user calls syncfs.
    Signed-off-by: default avatarSargun Dhillon <sargun@sargun.me>
    Suggested-by: default avatarAmir Goldstein <amir73il@gmail.com>
    Reviewed-by: default avatarAmir Goldstein <amir73il@gmail.com>
    Fixes: c86243b0 ("ovl: provide a mount option "volatile"")
    Cc: stable@vger.kernel.org
    Reviewed-by: default avatarVivek Goyal <vgoyal@redhat.com>
    Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
    335d3fc5
readdir.c 27.8 KB